Free Study Guide Materials for the CCNA Examination. Copyright 2001-2003 Boson Software, Inc.

Visit http://www.boson.com for updates. Send errata to: [email protected]

This study guide and/or material is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco, Cisco
Systems, CCDA , CCNA , CCDP, CCIE, CCSI, the Cisco Systems log and CCIE logo are trademarks or registered
trademarks of Cisco Systems, Inc. in the United States and certain other countries. All other trademarks are trademarks of their
respective owners.

Basic Router Operations
To get to Priveledge mode Enable
To get to User mode Disable
To Exit router Exit or logoff
Previous Command Up arrow or Ctrl-P
Next Command Down arrow or Ctrl-N
Move forward one character Right arrow or Ctrl-F
Move backward one character Left arrow or Ctrl-B
Break Key <shft>+<ctl>+6 x
Auto complete command <tab>



Configuring the Router
From the terminal session (keyboard) to running (RAM) Configure terminal
From tftp (file server) to running (RAM) Copy tftp running-config
From saved config (NVRAM) to running (RAM) Copy startup-config running-config
Upgrade the IOS from file server Copy tftp flash
Save backup copy of IOS to file server Copy flash tftp
Save your configuration (from RAM) to non-volatile
(NVRAM)
Copy running-config startup-config
Tell the router which IOS file in Flash to boot from Boot system flash {filename}
Tell the router which IOS file to request from
TFTP(fallback)
Boot system tftp {filename}






Viewing Router Information
IOS version info Show version
Current config (RAM) Show running-config
Saved config (NVRAM) Show startup-config
IOS file and free space Show flash
Processor utilization Show processes cpu


Passwords
Set password for Console port Line console 0
Login
Password cisco
Set Password for Telnet Line vty 04
Login
Password sanjose
Set password for Priveledge mode Enable password cisco
Set Encrypted password for Priveledge mode Enable secret cisco


Configuring a Serial Interface
Is it DCE or DTE? Show controller serial 1
From global config Interface serial 1
Set clock rate on DCE Clock rate 64000
Set the bandwidth Bandwidth 64
Enable the interface No shutdown
Check interface status Show interface serial 1
Show ip interface brief


Cisco Discovery Protocol
See directly connect neighbors (add detail for more info Show cdp neighbor
See which interface are running CDP Show cdp interface
See one neighbors detail Show cdp entry P1R1
Turn off CDP for whole router (from global config) No cdp run
Turn off CDP on an interface No cdp enable
Change how often you send CDP info Cdp timer 120
Change how long you will till you remove a CDP neighbor Cdp holdtime 120


TCP/IP
Disable IP routing on the router (enabled by default) No ip routing
To put an IP address on an interface Interface serial 0
IP address 157.89.1.3 255.255.0.0
Interface Ethernet 0
IP address 208.1.1.4 255.255.255.0
Configure RIP Router rip
Network 157.89.0.0
Network 208.1.1.0
View IP routing table Show ip route
View RIP debug stuff Debug ip rip
View IGRP debug stuff Debug ip igrp events
Debug ip igrp transactions







Access-Lists
All Access-List numbered ranges (some not covered in ICRC)
<1-99> IP standard access list
<100-199> Ip extended access list
<200-299> Protocol type-code access list
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended SAP access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299>
<1300-1999>
IPX summary address access list
IP standard access list (expanded range)
View Which Access-lists are applied to which
interface
Show ip interface serial 0
Show ipx interface serial 0
Show appletalk serial 0
View the access-lists Show access-lists
Show ip access-list
Show ipx access-lists
Show appletalk access-lists

Access-Lists, IP Standard=1-99, filter on Source address
Goal- stop subnet 200.1.1.0 255.255.255.0 from sending packets into Ethernet 0
A. Deny the subnet Access-list 1 deny 200.1.1.0 0.0.0.255
B. Implicit deny all, so must permit others Access-list 1 permit any
C. Doesnt do anything until we bind it to an interface Interface Ethernet 0
Ip access-group 1 in

Access-List, IP Extended = 100-199, filter on Source + Dest, Port, etc
Goal- stop host 1.1.1.1 from telneting out e0 going to host 2.2.2.2 and stop subnet 3.3.3.0 from web surfing
anywhere
A. Remember access-list # source destination
options
Access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23
B. Stop that web surfing Access-list 100 deny tcp host 3.3.3.0 0.0.0.255 any eq 80
C. Implicit deny, allow all other Access-list 100 permit ip any any
D. Doesnt do anything, until you bind it to an
interface
Interface Ethernet 0
Ip access-group 100 out

Named IP/IPX Access-Lists
Allows editing of lines instead of deleting entire list Ip access-list standard cool_list
Supports standard and extended Deny 1.1.1.1
(Named IP requires 11.2 or later) Permit any
(Named IPX requires 11.3 or later) Interface Ethernet 0
Ip access-group cool_list in



Access-Lists, IPX Standard = 800-899, filter Source & Dest
Stop network 7A from getting to network 8000 Access-list 800 deny 7a 8000
Implicit deny all, allow all other networks Access-list 800 permit -1
Doesnt do anything until you bind it to an
interface
Interface Ethernet 0
Ipx access-group 800 out

Access-Lists, IPX Extended = 900-999, filter on Source & Dest + Socket, etc
Stop SAPs on socket 3378 from all network 8000 Access-list 800 deny 7a 8000
Implicit deny all, allow all other SAPs Access-list 900 permit sap any all -1
Doesnt do anything until you bind it to an
interface
Interface Ethernet 0
Ipx access-group 900 out


Access-Lists, IPX SAP Filters = 1000-1099, filter on Source, Port, Service Name
Stop SAPs from server 1 from coming in Ethernet 0 Access-list 1000 deny 7A.0000.0000.0001 4
Permit all others Access-list 1000 permit -1
Bind it to an interface Interface Ethernet 0
Stop it coming in Ipx input-sap filter 1000
Or stop it going out Ipx output-sap filter 1000


Access-Lists, AppleTalk = 600-699, filter on Cable-Range & Zone
Deny cable range 1000-1999 Access-list 600 deny cable-range 1000-1099
Permit all other cable ranges Access-list 600 permit other-access
Deny the zone WorkGroup1 Access-list 600 deny zone Workgroup1
Permit all other zones Access-list 600 permit additional-zones
Bind it to an interface Interface Ethernet 0
Appletalk access-group 600


PPP
Interface Commands
Enable PPP on the interface Encapsulation ppp
Enable authentication (chap or pap) Ppp authentication chap
Specify chap hostname ( defaults to router name) Ppp chap hostname MyRouter
Specify chap password (defaults to enable
password)
Ppp chap password Clearwater
Specify pap username Ppp pap sent-username ArnoldZiffle
Global Commands
Create a username and password for logging in Username OtherRouter password Skywalker
Show Commands
See encapsulation, open LCPs and more Show interface serial 0
Debug Commands
View the authentication process Debug ppp authentication


X.25
Interface commands
Enable X.25 on an interface and specify encap type Encapsulation x.25 letf
Specify YOUR Local x121 address X25 address 301222333444
Map the OTHER x121 address (global)
Enable broadcasts for RIP and such X25 map ip 200.1.1.1 301999888777 broadcast
OPTIONAL interface commands
Adjust Incoming Packet Size, must match on both sides X25 ips 512
Adjust Outgoing Packet Size, must match on both sides X25 ops 512
Adjust Incoming Windows Size, must match on both sides X25 win 7
Adjust Outgoing Windows Size, must match on both sides X25 wout 7
Show Commands
View Encapsulation, LAPB Status, & more Show interface serial 0
Back-to-Back x25 routers (for lab testing)
Note, x25 does not care about which ONE router has DCE cable
Enable x.25 on interface and specify encap type + ONE
side is DCE
Encapsulation x25 dce ietf
Set DCE-side to transmit clocking frequency in Kbits/Sec Clockrate 9600


Frame-Relay
Interface commands
Enable Frame-Relay on an interface and specify
encap type
Encapsulation frame-relay ietf
Specify LMI Type (11.2+ will autosense LMI
type)
Frame-relay lmi-type ansi
If Inverse ARP wont work, Map OTHER IP to
YOUR DLCI# (local)
Frame-relay map ip 3.3.3. 100 broadcast
Can also allow broadcast and specify encap type
Define local DLCI (in LMI not working) Frame-relay local-dlci 100
Adjust keepalive period Keepalive 10
Show commands
View DLCI & LMI Info Show interface serial 0
View PVC traffic statistics Show frame-relay pvc
View route maps (static or dynamic) Show frame-relay map
View LMI info Show frame-relay lmi
Back-to-Back frame-relay routers ( for lab testing)
Note, must match DCE-side router commands with DCE cable
Enable Frame-Relay switching on DCE-side router Frame-relay switching
Tell DCE-side to support DCE frame-relay
functions on what interface
Frame-relay intf-type dce
Tell DCE-side which interface & DLCI to switch
current interface to
Frame-relay route {dlci} interface {int} {dlci}
Set DCE-side to transmit clocking frequency in
Kbits/Sec
Clockrate 64000




Config-Reg
RXBOOT (diagnostics mode, use b to continue booting Config-reg 0x2000
Boot to ROM, use NVRAM (upgrade flash in run-from
flash routers)
Config-reg 0x2101
Boot to ROM, skip NVRAM (disaster recovery) Config-reg 0x2141
Boot to Flash, use NVRAM (normal operation) Config-reg 0x2102
Boot to Flash, skip NVRAM (password recovery) Config-reg 0x2142


Auto-Install
Router broadcasts to get its own TCP/IP address using BOOTP
Router broadcasts again to locate the file server IP address using TFTP
Router attempts TFTP to get the IP-to-Hostname mapping file Network-confg
If above fails, fallback to 8.3 DOS compatible filename convention Cisconet.cfg
Router attempts TFTP to get its specific Hostname running-config {Hostname}-confg
If above fails, fallback to 8.3 DOS compatible filename convention {Hostname}-cfg
Note:{hostname} is determined by parsing network-confg file and checking all Hostnames listed against own IP
address


Password Recovery
Step 1, halt router bootup on console port (requires physical access) CTRL-BREAK
Step 2, enter RXBOOT command to set config-reg bits & stop
NVRAM
o/r 0x2142
Step 3, bypassing NVRAM startup allows Enable mode without pwd Enable
Step 4, once in Enable mode, copy NVRAM startup to RAM Copy startup-config running-config
Step 5, change Enable and all other password as desired Enable password whatever
Step 6, save RAM back into NVRAM, but now with new password Copy running-config startup-config
Step 7, change config-reg bits back, so router boots normally Config-reg 0x2102