CISCO CERTIFIED NETWORK ASSOCIATE

200-120

44-48 Exam Quest.

3-4 Labs Question.
82.5% Passing Scores.
3yrs. Validity.
Cisco Certificate Pyramid. v4
. 0
RS
350 La
-0 01
Wr b
itte CISCO CERTIFIED INTERNETWORK EXPERT
642-
83 2 T-
sh
n
CCIE
642-813 Switc oot
hing
642-902 Routing CCNP CISCO CERTIFIED NETWORK PROFESSIONAL

200-120 NA CCNA CISCO CERTIFIED NETWORK ASSOCIATE

 ADVANTAGES/BENEFITS OF GETTING CCNA CERTIFICATION.
All young lad looking to enter the field of computer networking should take the certification process very seriously. Yeah,
yeah I know that either you would be having a first-class or distinction of marks in your graduation, but now it is not sufficient
to sustain and advance in the ever changing advancements in the IT arena.
It is better to be certified and do networking, rather until one day you end up not-working.
Here is the list of ten advantages of getting CCNA certified.

A KNOWLEDGE
In the process of getting your CCNA certification you are sure to increase your knowledge and understanding of the concepts. Even if you have
years and years of experience in the field, you would definitely increase your knowledge and skills.
As they say, nothing can replace real world experience, but books are also equally important for keeping up-to-date with the new advancements
in the industry. In the process of getting certified you would be bombarded with many advancements of the industry thus increasing your overall
knowledge.

B ALPHABETS BEHIND YOUR NAME

After getting certified, you would be able to write those four magical letters which certainly do matter in these days.
So from the day you get certified till the next three years you would be legally and ethically right to use CCNA in your resume as well as in your
business card. Apart from this you will get a CCNA card, certificate and letter from Cisco validating your achievement.

C CAREER ADVANCEMENTS
CCNA Certification increases your chances of promotion. You could expect to move up in the hierarchy of your organization.

D SALARY INCREMENT
Your next salary increment could be just around the corner after getting your certification. One of my friend got as much
as 100% increase in his salary after getting his certification. You would tell that 100% increase is just unreal, yes it is
possible, if you have good track record and are willing to switch jobs.
Pay Scale - Salary Search: CCNA Certification
 E STEPPING STONE FOR MANY OTHER CERTIFICATIONS
CCNA certificate is a prerequisite for many other Cisco certification. CCNA concentration like CCNA Voice, CCNA Security, CCNA Wireless
and many other professional level certifications require a valid CCNA certificate. Also some of the colleges give as much as 6 credits if you hold
a valid CCNA certificate and want to do higher level studies.

F RESPECT
Getting a CCNA certificates commands a certain amount of respect from your colleagues and employer. Some of your colleagues would have also
tried to get certified, but could not get certified. So, this achievement of yours deserves a back-patting.

G EMPLOYER BENEFITS
Many employers like to employ certified people because it demands a well standing in the ever-increasing and competitive IT field. That is the reason
many employers bear the cost of certification. It's a kind of mutual give and take.

H ON TRACK
After getting certified you would be on the right track to go for many other professional level certifications. Getting the first certification is always hard
but once you take the first step, the journey to the thousand miles at least gets started.

I PERSONAL SATISFACTION
You always wanted to get certified, so after you receive your certification letter and other stuff, a sense of personal satisfaction, gratification, and relief
is felt.
 NETWORK FOUNDATIONS
Network
Are basically all the components hardware's and software's required in connecting your computers
over a short and large distance. The goal of a network is to establish communications throughout an
organization.

COMPONENTS
(1) Pc & Server-: Are end point devices responsible for sending and receiving of data over A
network.
(2) APPLICATIONS-: A set of programs written to perform certain operations. Network Aware and
Non- network Aware
Network aware app.-: is that application that can be use over a network e.g. Telnet, HTTP, IP.
Non-network aware-: Are 2 B installed before use e.g. Ms App.
(3) Network Connections-: Devices for connectivity's, this binding blocks include the network
interface card (NIC), cabling and connector.
(4) Hubs & Switches-: End devices point of attachment on the network.
(
5) Routers-: Connect multiple networks and find the best way to reach each network.
Qos
These allow management of priorities data crossing the network.
 TOPOLOGY
It’s how devices (computers of networking devices) are connected together on the network

TYPES OF TOPOLOGY
(1) Point-2-Point-: When two devices are connected side by side:AB

A B

(2) BUS-: When two or more devices are connected to a common device or median

A B C
(3) STAR-: When two or more devices are connected true a central device.AC
A C

B D
(4) RING TOPOLOGY-: Is a kind of topology where means for redundancy is provide.

(5) DUAL RING-: It’s a replicate of ring topology with double redundancy provided. It’s reliable in terms of service providing.

(6) MESH TOPOLOGY-: This is where each computer is directly connected to every other computer on the network.

D
B
 TYPES OF NETWORK
(1) Local Area Network (LAN)-: Is a kind of network connection covering a small
geographical area such as homes, offices or group of buildings.

(2) Wide Area Network (WAN)-: Is a kind of network covering a large geographical area
such as city, state, nation or globe.

(3) Metropolitan (MAN)-: Is use to connect two or more LAN within a metropolitan.
Connection by is very high.

(4) INTRANET-: Is an inter-network of autonomous system.2BABCD D

2 A
B

C
(5) EXTRANET-: Is an inter-connection of two network or more autonomous system. AllB
the users are not an insider.

(6) INTERNET-: Is an inter-connection of every network or one network. The users are
net known.

(7) Storage Area Network (SAN)-: Is a collection of storage areas to form one large
virtual memory.

(8) Virtual Private Network (VPN)-: Is an act of creating a secure network through an
unsecured network like the internet.
Internet

App. Dev.
 INTERPRETING A NETWORK DIAGRAM

The following figure shows the placement of each

of the core network components.

Internet
WAN

LAN
Router

Switch
Switch

LAN
WAN

Router
Router Switch PC

Server
PC
 CISCO HIERARCHICAL
DESIGN
SERVER

IN CHARGE OF
PROCESSING
6500
CORE

IN CHARGE OF
3650 SEGMENTING
DISTRIBUTION

2950
ACCESS
 OPEN STANDARD FOR INTERCONNECT (OSI).
OSI is a set of rules or guidelines set to guide software developers in writing
software's, to encourage inter-operability. It’s a model developed to allowed
different operating system i.e. different vendors working together.

OPEN STANDARD FOR INTERCONNECT LAYER

It has 7 layers. Acronym for OSI
APPLICATION
1 ALL
PRESENTATION
2 PEOPLE
SESSION SEEM
3

4 TRANSPORT TO

5 NETWORK NEED

6 DATA-LINK DATA

7 PHYSICAL PROCESSING

The direction of the layers is from the bottom to the top.

 APPLICATION LAYER
This layer handles the tools with which application use in running or it provides
an interface to interact with OS or other application e.g. Http, FtP, telnet-: it tells
you I want to use telnet. It provides two utilities on our application, they are
GUI, CLI.
PRESENTATION LAYER
This layer handles data conversion, formatting, and data encoding or
encryption, it presents data to be transferred in a format that will be
understood. It handles text as ASCII, BOLD, ITALIC, Images as JPEG, AUDIO
as MP3, WAU, VIDEO as MP4, MPEA
SESSION LAYER
This layer initiates connection between machines to another local machine; it
keeps record of session for each other. Remote procedure call (An IP session
proto), it also handle session termination, it provide 3 forms of data transfer.
They are-:
* Simplex mode-: In this mode of session layer, data flow is in one direction
e.g. computer to a printer, radio station to a transistor radio, in this mode B can
only receive from A it can’t send.
A B

Sender--------------------Receiver
* Half duplex mode-: In this mode, data flow is in two directions, but not simultaneously i.e. they can
inter change information or data, but not at the same time e.g. walkie talkie or mobile phone.
* Full duplex mode-: In this mode, data flow is in both directions simultaneously i.e. that means that
both can send and receive at the same time e.g. computer on the internet
A B

TRANSPORT LAYER
This layer is responsible for connection initiation; it’s responsible
for data transversion from one network to another. It uses flow
control, error detection, and connect you either reliable (TCP
connection oriented) or unreliable (UDP connection less oriented).
Transport layer uses flow control by creating a temporary memory
called “BUFFER” to handle data transversion. It uses the 3-way
Hand-shake also.
A TCP 3-way hand-shake is always the initial communication
between two devices.
Packet 1
CTL: SYN
SEQ: 1000

TCP client TCP Server

192.168.1.10 192.168.1.20
 Packet 2
CTL: SYN, ACK
TCP Client SEQ: 500
192.168.1.10 ACK: 1001
192.168.1.20

Packet 3
CTL: ACK
SEQ: 1001
ACK: 501

192.168.1.20
WELL KNOWN PORT NO
TCP UDP
Telnet – 23
FTP– 21 DNS - 53
HTTP – 80 TFTP =
69
HTTPS – 443
DNS – 53
Ping- 0
POP3-110
SNMT-161
IKE-500
 NETWORK LAYER
This layer is responsible for data routing and physical addressing.
Routing is movement of data from source to destination effectively, this entails on
time delivery and in good condition, to Route means to choose the part for which
a data will be taken or delivered to it destination. Routing can be Static or
Dynamic.
Static routing is a manual and it entails the routing table been updated manually
“Routing table is referred to a logical map built by a router to route data”.
Dynamic routing entails the routing table been updated automatically. Network
layer also have to do with physical addressing. It also has 2 components:
(1) Network Components-: its use to identify a network.
(2) Host components-: it is use to identify each member of a network e.g. IP,
IPX, APPLE TALK.
DATA-LINK LAYER
This layer handles the logical topologies and addressing. Logical topology is how
data flows through the cable in a network. Logical addressing in Data makes use
of the MAC addressing
OR
It defines the physical topology of your network using MAC, physical addressing
internet address. It performs error detection but leave error correction for upper
layer, it also form frame from bit receive from layer one i.e. 0101, there are a lot of
protocol for file encapsulation e.g. PPP-: Port to-Port Protocol, high level data link
control, frame relay, link access procedure balance.
 PHYSICAL LAYER
This layer handles the physical entity in cable connection types,
it forms bit from electrical signal it can also convert bits to electronic signs.

ENCAPSULATION & DE-ENCAPSULATION

Encapsulation-: is the means of tagging your data with the necessary information's.
De-Encapsulation-: it is the act of interpreting your tagging information and acting appropriately.

< Layer 7 > Layers 7 to 5 is referred to as upper

“ 6 Layer or upper layer data.
< “ 5 >
< Layer 4 > At layer 4 your data are known as segment
< > (MTU maximum Transport unit-: is the amount of data that can be
Send.
Segment is made up of source port no. & Destination port no.
< Layer 3 > A layer 3, you packet the Destination IP address and source IP
< > Address will be added.
< Layer 2 > at layer 2 a frame will add source. MAC address and
< > destination MAC address
< Layer 1 > it retrieve frame and turn it to bits.
< >
S.MAC Address D.MAC Ad S.IP Ad D.IP Ad S.PORT NO D.PORT NO DATA

Layer one uses hub, cable, fibers.

Layer two uses switches. Layer 2-: FRAME PACKET SEGMENT DATA
Layer three uses router, multi layer switches.
Layer four uses multi layer switches.
Layer 3-: PACKET SEGMENT DATA
Layer five, six and seven handle computers

Layer 4-: SEGMENT DATA

 COMPARING THE OSI MODEL AND TCP/IP MODEL
The OSI and TCP/IP protocol suits was developed around the same time, and both of them had
a model describing network communication. The OSI model is primary used because of the
amount of detail it provides; however , you should be prepared to encounter both. The graph
below compares both network models. Notice that the TCP/IP model groups the top three layers
into a single “Application” layer. This is because these functions typically occur before the data
leaves the application itself. Also, because the Data-Link and Physical layers of the OSI model
are closely related together, the TCP/IP model group them into a single “Network Interface”
layer.
APPLICATION

PRESENTATION
Telnet, SMTP, POP3,
APPLICATION FTP, NNTP, HTTP,
SESSION SNMP, DNS, SSH….

TRANSPORT TRANSPORT TCP, UDP

NETWORK INTERNETWORK IP, ICMP, ARP

DATA-LINK
NETWORK INTERFACE Ethernet , PPP, ADSL
PHYSICAL

Understanding TCP/IP Foundations

TCP/IP has become the “fabric of networks” in modern times. This is primarily because the internet
has become such a key part of corporate operations(and day to day life for many people).
Nowadays, it is extremely rare to find a network in operation that is not running TCP/IP. With that
in mind, having a thorough and deep understanding of TCP/IP should be of utmost importance to
anyone wanting to properly manage Cisco network operations. Just like Microsoft Office is just
one application but, rather, a suit of applications, TCP/IP is not just one protocol but a suit of
protocols. Only by combining the function of a variety of protocols in the package are we able to
have successful network communication. The figure above shows the most common TCP/IP
protocols used today along with the functioning OSI and TCP/IP model layer.
 Ethernet Foundations
APPLICATION

PRESENTATION

SESSION

TRANSPORT

NETWORK

LLC(sub-layer 2)
DATA-LINK
MAC(sub-layer 1)
Category 5, RJ-45,
PHYSICAL 10base2,etc….

Developed in the 1970s, Ethernet has become the fabric of LANs around the world. Ethernet is a physical and Data-
Link layer standard, when matched to the OSI model. Ethernet was designed to use a method of transmission
known as Carrier Sense, Multiple Access with Collision Detection(CSMA/CD) . This standard defines the rules
Ethernet must live by when communicating. Based on the Ethernet standard, only one device connected to an
Ethernet segment is able to send or receive at a time, otherwise a collision occurs and the data must re-sent. The
rules of CSMA/CD follow this flow:
1. Send the network device package’s data into a frame to be sent.
2. The network device listens to the Ethernet wire to see if another device is already transmitting.
3. If a device is transmitting, wait until it finishes. If the line is idle, send the data.

Ethernet Network Equipment

From the network client side, anything with an Ethernet-capable NIC is obviously part of the Ethernet network
equipment realm; however, as Cisco engineers, we are mostly interested in the network infrastructure realm. In
this realm, there are two network devices of concern : the HUB and the SWITCH.
 COMMON CLIENT TOOLS
While much of the cisco configuration work involves interacting with routers and switches in the IOS, the majority of your
troubleshooting will be done from a network client. Because of this, it’s absolutely critical that you understand a few of the
common command line tools.

1. ipcopnfig
The ipconfig command line utility allows you to verify a clients MAC address, IP address, subnet mask, default gateway
and DNS server information. To run this utility, simply open a command line and type ipconfig.
The following are common arguments attached to the ipconfig command:
. ipconfig /all – using this argument, you will be able to see additional information ( such as MAC address and DNS
Servers) about the device’s TCP/IP configuration.
. ipconfig / release – this argument allows you to release an IP address the PC has obtained via DHCP.
. ipconfig /renew - this argument allows you to request a new IP address from a DHCP server.

2. ping
If there were a flathead screwdriver in network word, the ping command would be it. The ping command tests network
connectivity to a remote device. To execute the ping command, simply type ping<hostname or IP address>
The are three common arguments used with the ping command:
. ping –t < hostname or IP address> - by using the –t flag, the ping will repeat continuously until stopped by using the
^c (ctrl + c ) break string.
. ping –a <IP address> -the –a flag causes ping to perform a reverse DNS lookup on an IP address. For example,
issuing the command ping –a 74.125.19.104 would return the google.com DNS name associated with the IP address.
. ping –l <size in byte> <hostname or IP address)- by default, a ping packet is very small. You can increase the size by
using the –I argument for example, you could type ping –l 1200 www.google.com to send packet 1200 bytes in size to
google.com. This is useful when stress-testing connections or servers.

3. tracert
The traceroute command (implemented as tracert in Microsoft Windows) is an enhanced version of a ping that shows
every router you are passing through on the way to your destination. The syntax is as simple as typing tracert<hostname
or IP address>.
There is only one common argument for the tracert command:

. Tracert –d <hostname or IP address>- the –d argument prevents traceroute from resolving IP addresses to
hostnames. For example, ip68-2-2-29.ph.ph.cox.net is a hostname, 68.2.2.29 is the IP address. This speeds up the
traceroute command considerably.
4. Nslookup
The nslookup command allows you to send multiple queries to a DNS server. There are many cases in network
troubleshooting where problems originate because a DNS server has incorrect name-to-IP-address mapping in it
database. nslookup can help diagnose these issues. The following is an example of using nslookup to query a local
DNS server: >nslookup google.com
When you enter a domain name to resolve, nslookup will provide the name and IP address of the DNS server resolving
the name (adtec.home.local/172.30.100.100 in this case) and the IP address(es) of the domain name you are resolving.
Notice that the DNS server provided four IP addresses for www.google.com. This because google has a large enough
web presence to have redundant servers supporting its domain name. There are many options that can be used with the
nslookup command; two of them have common relevance to cisco technicians. Keep in mind that both of these
commands are entered after you have entered the base nslookup command:
. Server <DNS server name or IP address> - the server selection option allows you to change DNS servers used for
the DNS lookups. For example, in the nslookup output above, I was using the server “adtec.home.local”. Perhaps I
suspected that the adtec server was returning incorrect information. Using the server command, I could redirect my DNS
requests to a different server.
Tip: the DNS server 4.2.2.2 is a well-known public DNS server.
. ls <domain name> - There may be times where you want to see all the DNS records associated with a certain domain.
For example, google.com contains DNS records for www, mail, images and so on. Typing ls google.com can display all
these DNS records. Please keep in mind that many DNS server restrict this command because of the secure information
it can display.

5. arp
Whenever a network device attempts to communicate, it will need to have both the Layer 3 (IP address) and Layer 2
(MAC address) of it destination. The ARP command allows you to verify all of the Layer 2 to Layer 3 address mappings
( known as Address Resolution Protocol or ARP mappings) a network client has stored in it cache (memory). For
example, if the network client 192.168.150.21 attempt ed to communicate with 192.168.150.1, it would need to send an
ARP broadcast to determine the MAC address for 192.168.150.1. Using the arp command-line utility, you are able to
verify these mappings: >arp –a
The following are common arguments for use with the arp command:
. arp –a – the –a argument displays all entries currently in the arp table.
.arp –d- the –d argument manually deletes entries out of the arp table. By default, Windows will remember IP to MAC
address mappings for 10 minutes. In a network where IP addresses are changing (usually due to network maintenance
or upgrades), it may be beneficial to flush the arp cache and allow it to dynamically rebuild. Use the arp –d* syntax to
remove all entries from the arp cache.
 CABLES These are medians for networking.
CATEGORIES
Management Cable(s)-: The management cable is use to you device console,
it’s basically use for configuring, verifying and troubleshooting.
TYPES OF MANAGEMENT
(1) OUT-OF-BAND MANAGEMENT-: It requires cable e.g. ROLLOVER cable,
is when you are managing cable devices through the console cable.
(2) IN-BAND MANAGEMENT-: When managing devices through the network
e.g. straight and cross over cable.
TYPES OF CABLES
(1) SERIAL CABLE-: It’s use to connect from one establishment to another. It
has two pins.
(2) CROSS-OVER CABLE-: Use to connect like devices e.g. Switch 2 Switch,
Pc 2 Pc, Pc 2 Router, Router 2 Router, and Switch 2 Hub.
(3) CONSOLE/ROLLOVER CABLE-: This cable is exclusive to Cisco devices
i.e. Cisco Routers, Switches and PCS. It is use to connect a pc to the console
port of the router or switch.
(4) STRAIGHT-THROUGH-: It is use to connect unlike devices e.g. PC 2
Switch, Router 2 Switch, Printer 2 Hub, PC 2 Hub, Server 2 Switch.
 CABLE TERMINATION
The twisted pair cable has 4 twists of 8 cables i.e. the 8 cables are twisted in two’s.
4 of the cables are meant for most important data transfer while the other 4 cables are
meant for cross talk i.e. they handle interference of the most important cables, 2 are
meant for sending data, while the other 2 are meant for receiving data.

HOW TO TERMINATE CABLES

STRAIGHT CABLES
The cable has 4 colours with white each colours twisted with it. Each of the colours has
white of it colour. These are Green-White of green, Blue-White of blue, Brown-White of
brown, Orange-White of orange.
On a straight line you‘ll have
A B
Green 1 Green 1

White of green 2 White of Green 2

Blue 3 Blue 3
White of blue 4 White of Blue 4

Brown 5 Brown 5

White of Brown 6 White of Brown 6

Orange 7 Orange 7

White of Orange 8 White of Orange 8

Note: Active pins are P1, P4, P3 and P6.

 CROSS-OVER CABLES
Choose any two colours of your choice and arrange it in the order of 1,2,3,6 at
one end and 3,6,1,2 at the other end. That is inter change the nos. of your chosen
colours at end A to the nos. of end B.

On a CROSS-OVER line you‘ll have

A B
Green 1 Blue 3
White of Green 2 White of Blue 6
Blue 3 Green 1
White of Brown 4 White of Brown 4
Brown 5 Brown 5
White of Blue 6 White of Green 2
Orange 7 Orange 7
White of Orange 8 White of Orange 8
Note: Active pins are (1-3) and (2-6).
SERIAL
It’s use to connect from one establishment to another. It has two pins.
HOW TO KNOW WHICH CABLE TO USE
DCE-: Data Communication Equipment
DTE-: Data Terminal Equipment
DCE-: Switches, Hubs, Bridges.
DTE-: PCS, Servers, Routers.
ROUTING AND SWITCHES
(1) PC NIC Port to Switch Port -: STRAIGHT
(2) PC Comport to Switch console port -: Rolled (console)
(3) PC NIC Port to PC NIC Port -: Cross
(4) PC NIC Port to Hub ethernet Port -: Straight
(5) PC NIC Port to Router ethernet Port -: Cross
(6) Router Serial Port to Router Serial Port -: Serial
(7) Hub ethernet Port to Switch ethernet Port -: Cross
(8) Servers NIC Port to Router ethernet Port -: Cross
TYPES OF NETWORK TO BE DESIGN
FLATE NETWORK-: Is that network that can’t grow
SCALABLE NETWORK-: Is that network that can grow with IP address design
IPV4 ADDRESSING TYPES
UNICAST-: Is that IPV4 address use to access one device on a network, machine
is use e.g. 192.168.1.1/24
MULTICAST-: Is an IPV4 to access group of devices on a network. It uses more
than one machine e.g. 224.0.1.1
BROADCAST-: Is use to access all the devices on a network e.g.
192.168.1.255/24
COLLISION DOMAIN-: Is a domain where only one device can speak at a time. 1
switch port is a collision domain. The no of ports determine the no of domain 24P-
24cd-: 1 broadcasting domain.
BROADCASTING DOMAIN-: It’s a domain where if one machine speaks all other
machine on the network or domain here it.
Hub is one collision domain and broadcast domain.

1Cd 1Bd 2Bd 2Cd

IANA-: Internet Assigned Number Authority: They give IP addresses or are
responsible for IP address management.

IPV4 ADDRESSING
Ipv4 addressing is a 32-bit system of addressing. Address like the one below is an IPV4 address.
00000000 00000000 00000000 00000000

The 32 bits is divided into 4 octets, each octet contain 8-bits. Also each octet is separated by a period
(s)
The chains of zeros up can be written AS: 00000000.00000000.00000000.00000000

Another operation that can be performed on the IPV4 address to make it easier to manage is
conversion from binary to decimal.

0.0.0.0 (IPV4 dotted decimal format)

BINARY TO DECIMAL CONVERSION
(0.0.0.0 255.255.255) IPV4 address range
In order to convert between decimal and binary,
Every byte of information can be you must understand the power of 2:
broken down into eight bits, where 2^ 0 = 1
2^ 7 2^ 5 2^ 3
each bit represents a power of two 2^ 1 = 2 0=
2^ 1
2^ 6 2 ^ 4 2 ^ 2 2^ 0
by flipping a bit from a zero to one; 2^ 2 = 4 Decimal

you enable that power of two: 2^ 3 = 8

192 224 240 248 252 254 255 2^ 4 = 16
2^ 5 = 32
Convert 216.77.133.249 to binary
216 =
Decimal
128 64 32 16 8 4 2 1 2^ 6 = 64 Solution

1 1 0 1 1 0 0 0
2^ 7 = 128 11011000.01001101.10000101.11111001 (32 bits)
 IPV4 ADDRESSING CLASSIFICATION
The creator of TCP/IP divided the protocol into three major classes of
addresses that we can use on our network today.
Subnet First Octet Number of
Mask Value Host per
Network

Class A 255.0.0.0 1-126 16,777,214

Class B 255.255.0.0 128-191 65,534

Class C 255.255.255.0 192-223 254

Class D 224-239 Multicast

Send message group

Class E 240-254 Reserve for Research

If we were to use only these default subnet masks in addressing our

network, we would be using a classful network design.
The following figures give an example of using classful addressing:
 CLASSFUL ADDRESSING
192.168.1.50 10.0.1.10

172.16.0.2
192.168.1.1

10.0.1.0
172.16.0.1

192.168.1.51 10.0.1.11

192.168.1.0 10.0.0.0
172.16.0.0 255.0.0.0
255.255.255.0
255.255.0.0

Please keep in mind that this network diagram is horrific for many reasons but is
primarily used to demonstrate the limitation of classful addressing. If you look, the
network on the right, the 10.0.0.0 class A subnet is in use. This subnet provides
more than 16m address and yet a few of them are being used. Since the 10.0.0.0
network has been used behind R2, it cannot be used any where else in the
network.
Today, just about every network in existence uses classless addressing. In this form
of addressing, the original class of addressing is only used as a guide. You can take
the original subnet Mask attached to the address and subnet it further down to a
more manageable size. For example I could take the class A 10.0.0.0 network and
apply a class C subnet mask to it. This basic form subnetting would provide 65,536
subnets (networks) that I could apply to my organization with 254 host per. Subnet.
 The following figure gives an example of using this of classless addressing.
Classless routing protocol advertise the subnet mask with the advertisement

10.0.1.10 10.0.3.10

10.0.2.2
10.0.1.1

10.0.3.1
10.0.2.1

10.0.1.11 10.0.3.11

10.0.1.0 10.0.2.0 10.0.3.0

255.255.255.0
255.255.255.0 255.255.255.0

While “easy” subnetting like that show in the previous example is used most often in the real world
corporate environments, all Cisco Certificate example expect you to know how to handle different
subnetting.
(1) Classification by the number of Octets used for network/Host portion.
It employed Network.Host.Host.Host
It employed Network.Network.Host.Host
It employed Network.Network.Network.Host
(2) Classification by numerical value of the first and last value of the Octet.
1-126 0-: Is all network address i.e. 0.0.0.0
128-191 127-: Reserved for troubleshooting internally(loop back address)
192-223 255-: All host address, it’s a broadcast address.
(3) PUBLIC and PRIVATE IPV4 ADDRESS.
Private IPV4 address is that address that can’t route packet through the internet successfully while
public is that address that can route packet
Private IPV4 Addresses

Class Address Range Network(s)

(1) A 10.0.0.0- 10.255.255.255 1 Network
(2) B 172.16.0.0- 172.31.255.255 16 Network
(3) C 192.168.0.0- 192.168.255.255 256 Network

Class work
192.172.3.10 Public
202.10.10.10 Public
172.16.200.199 Private
166.17.1.1 Public
192.168.250.11 Private
11.11.11.11 Public
10.255.255.10 Private
80.28.0.116 Public
172.31.0.250 Public
10.1.1.1 Private

127.0.0.1-: Is a default host address. packet internet grouper (ping)-: use to pin address
ping 127.0.0.1
 SUB-NETTING
Subnetting is the act of dividing one large network into smaller sub-networks.

TERMS
1. Network Address-: You have your network address when all the bits in the host portion switch off.
2. Broadcast Address-: You have your broadcast address when the entire host is switch ON.
3. Sub-net Mask-: A subnet mask allows IP networks to be subdivided for security and performance purposes or
Is the boundary between the network portion and Host of IPV4 address.

CONVERTING BETWEEN DECIMAL AND BINARY

The first topic you must master on your way to successful subnetting is converting between decimal and binary. We
are used to looking at numbers in decimal form (m Bits of information). Take for example the IP address
216.77.133.249 in its dotted-decimal form (4 bytes) which can be represented in binary form as
11011000.01001101.10000101.11111001 (32 bits).
In order to convert between decimal and binary, you must understand the power of 2:
2^0=1
2^1=2
BLOCK SIZE
2^2=4 Prefix Mask Hosts Block Size
2^3=8 /25 128 126 128
2^4=16
2^5=32
/26 192 62 64
2^6=64 /27 224 30 32
2^7=128 /28 240 14 16
/29 248 6 8
/30 252 2 4

216 = 1 10 1 1000
Decimal
77 = 01001101
CLASS C SUB-NETTING

Network scenario #1
This organization has purchased the class c address
192.168.1.0 and would like to use it to address the
network.
 192.168.1.0 NETWORK 50 USERS
LA DC

50
20
NY

30

(1) DETERMINE THE NUMBER OF SUBNETS AND CONVERT TO BINARY

1 1 1 0 0 0 0 0
128 64 32 16 8 4 2 1
0 0 0 0 0 1 0 1
50 = 00110010
6 Bits
(2) RESERVE REQUIRED BITS IN A SUBNET MASK AND FIND INCREMENTAL VALUE

255.255.255.0=11111111.11111111.11111111.00000000
11
64 /26
(3) USE INCREMENT TO FIND NETWORK RANGES

255. 255. 2555. 192.

NK. RANGE NK. ID BC. ID USABLE ADDRESS

192.168.1.0-63 192.168.1.0 .63 192.168.1.1-62
192.168.1.64-127 192.168.1.64 .127 192.168.1.65-126
 class B sub netting
Practice Example:1 255.255.128.0(/17)
172.16.0.0 Network address
255.255.128.0 Subnet mask

subnet 0.0 128.0

First host 0.1 128.1
Last host 127.254 255.254
Broadcast 127.255 255.255

Practice Example: 2
255.255.192.0(18)
172.16.0.0 Network address
255.255.192.0 Subnet mask

subnet 0.0 64.0 128.0 192.0

First host 0.1 64.1 128.1 192.1
Last host 63.254 127.254 191.254 255.254
Broadcast 63.255 127.255 191.255 255.255
1. Your company would like to break the class B private IP Address range 172.16.0.0
into 10 sub-net.
172.16.0.1-172.16.15.255
172.16.16.0-172.16.31.255
172.16.32.0-172.16.47.255
172.16.48.0-172.16.63.255
172.16.64.0-172.16.79.255

class A sub-netting
Practice Example 1: 255.255.240.0 (/20)

subnet: 10.0.0.0 10.0.16.0 10.0.32.0

First host: 10.0.0.1 10.0.16.1 10.0.32.1
Last host: 10.0.15.254 10.0.31.254 10.0.47.254
Broadcast: 10.0.15.255 10.0.31.255 10.0.47.255.
 TROUBLE SHOOTING IP ADDRESS ON A MACHINE OR PC
IP Address: 192.168.1.58
Subnet Mask: 255.255.240.0

Identify D Original range of address (D Subnet) that this IP address belongs.

(1) When reverse engineering a problem, all you need to do is break the subnet
Mask back into binary and find the increment that was used.

255.255.255.240=11111111.11111111.11111111.11110000

(2) As before, the last possible network is your increment. In this case, the increment is 16.
(3) Use the increment to find the network ranges until you pass the given IP address:
192.168.1.0
192.168.1.16
192.168.1.32
192.168.1.48
192.168.1.64 (Passed given IP address 192.168.1.58)
(4) Now, fill in the end ranges to find the answer to the scenario:
192.168.1.0-192.168.1.15
192.168.1.16-192.168.1.31
192.168.1.32-192.168.1.47
192.168.1.48-192.168.1.63 (IP address 192.168.1.58 belongs to the range).
 OTHER FACTS ON SUB-NETTING
(1) Subnet mask can be represented in decimal notation or bits notation. Example:
255.255.255.240=11111111.11111111.11111111.11110000
There are 28 network bits in this subnet Mask, so we can write it as /28
Bits notation is usually combined with 4 addresses, so writing 192.168.1.0/28 tells
you what the network is and what the current subnet Mask use is in.

(2) There may be times where you are required to know how many hosts can exist
on a network when given a certain subnet Mask. Example: 255.255.0.0 to a custom
subnet Mask of 255.255.254.0. You can find this by using the formula (2^x)-2, where
x represent the number of host bits:
255.255.254.0=11111111.11111111.11111110.00000000
As you can see, there are 9 host bits in this subnet Mask, so you can use the
formula (2^9)-2 to find that there are 510 valid host IP address per network.

(3) There may be times where you are required to know how many subnets exist
when given a certain subnet Mask. Example: 255.255.0.0 to a custom subnet Mask
of 255.255.254.0. You can find this by using the formula (2^x), where x is the
number of subnet bits.
255.255.254.0=11111111.11111111.11111110.00000000
As you can see, there are 7 subnet bits (1s added to the original Class B subnet
Mask), so you can use the formula (2^7) to find that there are 128 subnets.
(4) Because the Cisco exam does not allow you to use a calculator, finding the
power of two can be time consuming. So, you already know the first 8 powers of two
off the top of your head, to find anything larger, just start from 2^7 and keep
multiplying by 2 (i.e. 2^8=256, 2^9=512 and so on).
 VARIABLE LENGTH SUBNET MASKING (VLSM)
VLSM is use to combined multiples subnet problems into one. With VLSM, you can
change subnet masks where ever you want in your organization. You must use a
routing protocol that support VLSM

Classful Routing Classless Routing

Protocol (No VLSM) Protocols (Support VLSM)
RIPVI RIPV2

IGRP OSPF
IS-IS

EIGRP

BGP
 SUMMARIZATION
breaking down a large network

Steps to summarized IP address

• Convert from decimal to binary
• And your result /24
• Convert back to decimal 172.16.72.0
172.16.73.0
10101100.00010000.01001000.00000000
172.16.74.0
10101100.00010000.01001001.00000000
172.16.75.0
10101100.00010000.01001010.00000000
172.16.76.0
10101100.00010000.01001011.00000000
172.16.77.0
10101100.00010000.01001100.00000000
172.16.78.0
10101100.00010000.01001101.00000000
172.16.79.0
10101100.00010000.01001110.00000000
10101100.00010000.01001111.00000000
172. 16. 72. 0/21
 BOOT SEQUENCE
T
OFF ON POST I Boot Start up L
= N C Room Monitor O Cfile
D F RX Boot A Y
RING
I Flash D
N I N
G N
G 1 Setup Mode

NVRAM RAM

ROM FLASH
IOS (Internet work o/s

FLASH
By default, the Cisco IOS is stored in a compressed bin format in the flash

RAM
During the boot process, the switch decompressed and copies the entries IOS into RAM, this enable the IOS to operate much
faster.
NVRAM
Non-Volatile RAM-: information are copy from RAM to NVRAM, Ram is like buffer while the NVRAM permanent those
information. Basically start up config. Or copy run start.
 IOS FOUNDATION
The Cisco internetwork Operating System (IOS) is the operating system that power the vast
majority of Cisco routers and switches. Learning the operation of this command-line interface is
critical to your survival in the Cisco realm. Cisco has designed this command-line interface to be
easy to use and navigate once you have learned the foundations. This section is focused on just
that: learning the foundations of working with the Cisco IOS. Think of this as being similar to
getting a training course on how to work with Microsoft words.

Understanding the Cisco IOS Modes

When working with the Cisco IOS, understanding the relevance of the mode you are in is almost
as important as understanding the command you should type. There are hundreds of different
modes, each of which allows you to configure a different aspect of a Cisco device. The modes
are always accessed through this general flow:

User Mode
Router>enable

Privileged Mode
Router#configure terminal

Global Configuration Mode Router(config)#

Interface Line Router Other

Config Mode Config Mode Config Mode Config Mode
 INTIAL SWITCH CONFIGURATION
Initial boot sequence
Assigning password
Configuring host name and logon banner
Enabling Secure Shell (SSH)
Configuring Port Security
Optimizing Switch Ports
Assigning a switch IP address
Verifying and saving the configuration
ASSIGNING PASSWORD
There are two modes to protocol-: User Mode (initial access to the device) and privilege mode (full administrative access to
the device).
On a Cisco switch, there are only two ways to reach user mode; through the console port and through Telnet/SSH remote
access session. Use the following syntax to secure both these portals:
Switch > enable
Switch# Configure terminal
Switch (config.)# Line console o
Switch (config-line) # Password Cisco
Switch (config-line) # login
Switch (config-line) # exit
Switch (config) # line vty 0 4
Switch (config-line) # password Cisco
Switch (config-line) # login
Switch (config-line) # end LINE CONSOLE 0 – moves from global configuration modes into line configuration for the
console port.
LINE VTY 0 4 – Moves from global configuration into line configuration for the virtual
terminal (vty) lines. These vty lines receive Telnet and SSH connection. Most Cisco devices
allow up to five simultaneous Telnet/SSH connections. Typing lines vty 0 4 configures all
five of these port at the same time.
PASSWORD < password> - Sets the password for the console or VTY
LOGIN- Required login to the console or port. If you enter the password command without
entering the login command, the user will never be prompted for the password, even though
you have one set, since login are not required.
ENABLE SECRETE
Switch (config) # enable secret Cisco
Switch (config) # enable password Cisco 123
Type show run to view or configuration
Switch # show run
CONFIGURING A HOSTNAME AND LOGIN BANNER
Every Cisco IOS device has a hostname that is used uniquely identify it from other devices in the network.
Switch > conf +
Switch (config) # hostname oral boss
Oral boss (config) #
Oral boss (config) # no hostname oral boss
BANNER
For legal purposes, it’s always good to have a login banner on all Cisco devices. Motd-message of the day.
Switch (config) # banner motd &
Pls. don’t log in
ENABLING SECURE SHELL (SSH)
SSH performs strong encryption on all the data sent or received
Switched # config t
Switch (config) # username oralboss password Cisco
Switch (config) # IP domain name preplogic.com
Switch (config) # crypto key generate rsa
The name after the keys will be: Switch.Preplogic.com
B+ 360 to 2048
How many bits in the modules {512}:1024
Switch#
Switch (config) # line vty 0 4
Switch (config) # login local
Switch (config) transport input SSH
 KEY COMMANDS ON SSH
(1) USER NAME: While Telnet requires just a password; SSH connection requires both a user account and password.
Using this syntax creates a user account on your Cisco switch for SSH access.
(2) IP DOMAIN-NAME: The domain names generate keys encryption.
(3) CRYPTO KEY GENERATE RSA: This command actually generates the encryption keys. The larger the module no,
the stronger the encryption
(4) LOGIN LOCAL: Entering this command kind or the VTY lines instruct them to use the local user database to
authenticate incoming connections, rather than the simple password we typed under the VTY lines previously.
(5) TRANSPORT INPUT: This command instructs the switch as to the protocols allowed to access the VTY lines. If you
only wanted to allow SSH (there disallowing telnet), you could enter transport input ssh.

BASIC CONFIGURATION OF CISCO ROUTER

192.168.1.2

ORALBOSS ORALBOSS
192.168.2.1
192.168.3.3
192.168.1.4
192.168.1.1 192.168.1.3 192.168.3.1 192.168.3.3

192.168.1.1 192.168.2.2

R1 192.168.2.1 R2 192.168.3.1

192.168.1.4 192.168.3.4
 CONFIGURING INTERFACES
Oralb (config) # interface f0/0
Oralb (config)if) # IP address 192.168.1.1 225.255.255.0
Oralb (config-if) # no shutdown
Oralb (config-if) # exit
Oralb (config) # interface solo
Oralb (config-if) # IP address 192.168.2.1 225.255.255.252
Oralb (config-if) # clock rate 64000
Oralb (config-if) # no shutdown
Oralb (config-if) #end
Oralb #copy run start
TO VIEW THE INTERFACE CONFIGURATION
Oralb# show interfaces fastethernet 0/0

To view all configuration on a Cisco router

Oralb# show running-config

UNDERSTANDING AND CONFIGURING ROUTING

We have put a base configuration on our routers. This, our routers have passwords, login banners and
IP address; But they are not “routing”.
Routing-: Is the act of sending and receiving data specifically to where its needed.

UNDERSTANDING THE ROUTING OPERATION OF ROUTERS

The goal of routers is to move uni-cast packets through the network to their destination. The router with a base
configuration immediately encounters a problem with this purpose since it only knows about networks to which it is
directly connected. Check out this network
After you placed a base configuration (password, IP address, etc) on R1, it would be able to successfully
reach only directly-connected networks (192.168.1.0/24 and 192.168.2.1/24, assuming class C subnet
masks). R1 can not reach the 192.168.1.0/24 network behind R1. In order to fix this dilemma, we have used
some form of routing.
Syntax
Router (config) # IP route < destination net> < Subnet Mask> < next hop>
Using the previous network.
R1>en
R1#config t
R1 (config) # IP route 10.1.3.0 255.255.255.0 10.1.2.0
R1 (config) #end
R1#copy run start

R2>en
R2#config t
R2 (config) # IP route 10.1.1.0 255.255.255.0 10.1.2.0
R2 (config) #end
R2#copy run start

Notice first that we are adding two separate routes on two separate routers. We tell R1
“to reach 192.168.3.0 /24 network, go to IP address 192.168.2.1 (which is R2). “We tell
R2, “to reach the 192.168.1.0 network, go to the IP address 192.168.1.1 (which is R1)”
Statistic routing is one of the simplest methods you can use to configure routing on small
networks but inefficient when the network grow.
 DEFAULT ROUTE CONFIGURATION

200.5.1.1/30 Interne
t
ISP

200.5.2/30
R1
Your router R1 on the left needs to be able to route traffic to the internet. To accomplish this, you can enter the
following config.

R1(config)# IP route 0.0.0.0 0.0.0.0 200.5.1.1

This statement tells R1 to send all traffic that does not have a more specific destination in the routing table off
to the ISP router.
 DYNAMIC ROUTING: A form of routing that allows the routers to communicate and exchange network
information.
SOME FACTS TO NOTE
Dynamic Routing uses interior gateway protocol (IGP) which work inside the network of an organization & Exterior
routing protocols (EGPS) which works on the internet, connecting organization together.
LINK STATE ROUTING POROTOCOL-: Send route updates only when changes occur to the routing table. In a
well design network update are constrained to where the network changes occurred.
DISTANCE VECTOR ROUTING PROTOCOL-: Send the entire routing table on a specific time interval. In the
case of RIP, the interval is once every 30 seconds. Changes to the routing table replicate to routers in the
network.
HYBRID ROUTING PROTOCOL-: It combines the best features of distance vector and link state routing
protocols into a single routing protocol, unfortunately, they are PROPRIETARY.
CLASSFUL ROUTING-: Do not send subnet mask information in routing updates. If R1 were running a classful
routing update about the 10.1.1.0/24 network to R2, it will only send an update containing “10.1.1.0” (no/24 mask
allach). Because of this all routers must use the same subnet mask for the network.
CLASSLESS ROUTING-: It sends subnet mask information in routing updates. Using the same scenario, R1 would
advertise the 10.1.1.0/24 network to R2, so R2 is not left to guess on the subnet mask.

(config)# int f0/0

Oralb(config)# IP address 192.168.1.1 255.255.255.0
Oralb(config)# no shutdown
To know your router routing: (config)# show IP route
 ADMINISTRATIVE DISTANCE
It’s trust worthiness in a route or a believability of a routing protocol. Each routing
protocol is assigned an AD number; the lower that number, the more believable the
routing protocol becomes.

DEFAULT ADMIN. DISTANCE ON CISCO ROUTER

0
Connected Interface

Static Route to next Hop Address 1

EIGRP Classless 90

OSPF Classless 110

RIPV1 classful, RIPV2 classless 120

IS-IS 115

IGRP 100
 DYNAMIC ROUTING RIPV2 CONFIGURATION
By default, R1 is able to reach the 192.168.1.0/24 & 192.168.2.0/24
networks since they are directly connected; it is not able to reach the
192.168.3.0/24 network. Likewise, R2 is not able to reach the
192.168.1.0/24 network. If you were to configure RIPV2 to solve this
scenario, you could use the following syntax:
R1(config)# router rip
R1(config)# version 2
R1(config)# network 192.168.1.0
R1(config)# network 192.168.2.0
R2(config)# router rip
R2(config-router)# version 2
R2(config-router)# network 192.168.3.0
R2(config-router)# network 192.168.2.0
STEPS TO FOLLOW
Enables RIP to advertise these network
Enables RIP to run on any interface belonging to that network
VERIFYING COMMAND
(1) Show IP route – verifies the current entries in
the routing table.
Show IP Protocols – verifies the status of all routing protocols active
On the router.
(3)Debug IP rip – allows you to see RIP updates they are
Sent and received.
 DYNAMIC ROUTING WITH EIGRP
Enhance Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary protocol that was designed to
provide the simplistic configuration of distance vector routing protocols along with the advanced features of
the link state routing protocols.

UNIQUE FEATURES
1) FAST, EFFICIENT ROUTING ALGORITHM
EIGRP uses the Diffusing Updates Algorithm (DUAL), which allows it to quickly identify backup paths in the
network, should a primary route fail. DUAL is far more processor and memory efficient than the (SPF)
algorithm, which powers the OSPF, and IS-IS link state routing protocols.
2) ROUTING FOR MULTIPLE NETWORK-LAYER-PROTOCOLS
EIGRP can route for other network layer protocols such as IPX, IPV6 and AppleTalk.
3) AUTO OR MANUAL ROUTE SUMMARIZATION
EIGRP can increase routing table efficiency by summarizing multiple,
more specific routing table entries into a breader, summarized route
entry. Through the auto-summarization feature or manually at any paths
in the network.
4) UNEQUAL LOAD BALANCING
While other routing protocols can only load balance over equal Cost links,
EIGRP can load balance accurately over unequal cost links. For example if
an organization had a 3mbps and 1.5 mbps link connecting between offices,
EIGRP could accurately use both link at the same time, sending double the
amount of data over the 3mbps links.
5) MULTICAST SUPPORT
All EIGRP routing information is exchange between Neighbors using multicast,
This is more efficient than using broadcast or multiple uni-cast messages.
6) SOPHISTICATED METRIC
EIGRP uses configured band width and delay on interfaces to find the best
way around the network. Other routing protocols only use a single metric, such
as Hop count (RIP) or Cost (OSPF).
 EIGRPSUPPORTS THREE MEMORY-RESIDENT TABLES
(1) NEIGHBOR TABLE
Contains a list of all Neighbors relationship an EIGRP router has formed with other routers
(2) TOPOLOGY TABLE
Contains a list of all routes that exist in the network. The primary routes are identified as successor
routes, the backup routes are identify as feasible successor routes.
(3) ROUTING TABLE
Contains the list of the best routes in the network, these route were identified as successor routes in
the topology table.
EIGRP CONFIGURATION
192.168.2.0/24
.1 .2

192.168.1.0/24 192.168.3.0/24
R1
R2
INITIAL CONFIGURATION
R1(config)# router eigrp 90
R1(config-router)# network 192.168.1.0
R1(config-router)# network 192.168.2.0
R2(config)# router eigrp 90
R2(config-router)# network 192.168.3.0
R2(config-router)# network 172.168.2.0
This number represents the autonomous system. In order for routers to exchange
routing information, they must be a part of the same autonomous system.
In order to support some of the advanced features of other routing protocols, Cisco also
gives you the opportunity to support or use wild card masks (also known as inverse mask)
with your network statements.
Wild card mask gives you the ability to specify exactly what interfaces you would like to use
with the EIGRP routing protocol.
Example
R1(config-router)# network 192.168.1.0 0.0.0.255
R2(config-router)# network 192.168.1.0 0.0.0.255
This instructs R1 and R2 to run EIGRP on any interface that starts with 192.168.1 rather just
any interface that start with 192.16. This allows us to be more specific.
In general, where ever you see zero in a wild card mask, it means “look this numbers.”
Where ever you see 255(or binary 1s) in a wild card mask, it means “ignore this no.” for
example: “Look at these”

Network 192.168.1 .0 0.0.0.255

“Ignore these”

R1(config-router)# network 192.168.1.1 0.0.0.0

R2(config-router)# network 192.168.1.2 0.0.0.0
These types of wild card mask are commonly used to identify exactly the interface you would
like to run EIGRP. Finally, we could have been extremely bread:
R1(config-router)# network 192.0.0.0 0.255.255.255
R2(config-router)# network 192.0.0.0 0.255.255.255
R1# show IP route
This command is use to verify EIGRP operation in it routing table.
The auto-summary/summarization features enable its self any time one class of
network is advertised over a different classful network. In our example, the
10.1.1.0/24 network (by default, a class A network) was advertised over the
172.16.1.0/24 network (a different class of network), so EIGRP summarized it
back to the classful boundary of 10.0.0.0/8. If the link between R1 and R2
would have been a subnet of the 10.0.0.0/8 network, auto-summarization would
not have engaged.
Anytime you see something with “auto” in its name on a Cisco device, you
should immediately think “1 auto-not use this”. It is generally considered a good
practice to disable auto-summarization and put manual summary routes where
necessary. To disable auto-summary simply do:
R1(config-router)# no auto-summary
R2(config-router)# no auto-summary
Once you do this, you can verify the routing table again:
R1# show IP route

OTHER EIGRP SHOWS COMMAND

(1) Show IP protocols- verifies the configured parameters and current state of EIGRP

(2) Show IP eigrp neighbors- verifies the currently formed neighbors also running EIGRP & their status

(3) Show IP eigrp topology- displays the contents of the EIGRP topology table.
Finally, EIGRP supports secure authentication of all neighbors. This prevents a rogue (intrusive,
typically configured by a hacker) or invalid router from forming a neighbor relationship and infecting
your routing table with invalid routes. To configure authentication, you must first create a key chain
in global configuration mode:
R1(config)# key chain EIGRP-Au
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string & up3
R1(config-keychain-key)# accept-lifetime 8:00:00: Jan 1 2011
8:00:00 Jun 1 2011
R1(config-keychain-key) # send-lifetime 8:00:00 Jan 1 2011
8:00:00 Jun 1 2011
R1(config-keychain-key)# exit
R1(config-keychain)# key 2
R1(config-keychain-key)# key-string mds
R1(config-keychain-key)# accept-lifetime 8:00:00 Jun 1 2011
8:00:00 Dec. 31 2011
R1(config-keychain-key)# send-lifetime 8:00:00 Jun 1 2011
8:00:00 Dec. 31 2011
The previous key chain configuration would need to be replicated on R2. After you have created the
key chain with any number of keys, you need to apply it on the interface where the EIGRP
neighbors are located:
R1(config)# Int S1
R1(config-if)# IP authentication mode eigrp 90 mds
R1(config-if)# IP authentication key-chain eigrp 90 Eigrp-Au
The first command applied above enables EIGRP authentication MDS hashing (a very secure way of exchanging password). The
second command links in the EIGRP-AU key chain we created in global configuration mode. This configuration would need to be
mirrored on R2 in order for the authentication to work successfully. Keep in mind that EIGRP neighbor relationship will stop between
R1 and R2.
 OSPF DYNAMIC ROUTING
OSPF is a link-state routing protocol and uses Dijkstra’s shortest path first
(SPF) algorithm to determine its best path to each network. It’s open-
standard, classless routing protocol that converges quickly and uses cost
as a metric. It has administrative distance of 110. OSPF network must
contain an area 0 (Backbone area), and may contain other areas, area 0 is
designed as a transit area, and other areas should be attached directly to
area 0 and only to area 0. The SPF algorithm runs within areas, and inter-
areas are passed between areas. OSPF areas typically contain a maximum
of 50-100 routers depending on network volubility.
The first responsibility of a link-state router is to create a database that
reflects the structure of the network.

0
Area 0 EIGR
OSPF AREAS P
R 5
ASBR
Area Border Router

R 4 Area 2
R 3
Area 1

R 2 R 1
 OSPF ROUTER ROLES/AREAS
1. BACKBONE ROUTERS have at least one interface assigned to area 0. R3, R4, and R5 are backbone routers.
2. INTERNAL ROUTERS has all interfaces in one area. R1,R2 and R5 are all internal area routers.
3. AREA BOARDER ROUTER (ABR) has interfaces in two or more areas. R3 and R4 are ABR.
4. AUTONOMOUS SYSTEM BOUNDARY ROUTER (ASBR) has interfaces inside and outside the OSPF routing
domain. R3 also functions as an ASBR because it has an interface in an EIGRP routing domain.
DIVIDING AN OSPF NETWORK INTO AREAS DOES THE FOLLOWING
Minimizes the number of routing table entries.
Enforces the concepts of hierarchical network designed.
Minimizes the impact of a topology change.
Contains LSA flooding to a reasonable area.
TERMS
ADJACENCY-: It’s where neighbor ship is form. Information are kept like router id and cost. Also routes changing of
routes.
NEIGHBOR-: Associate routers, they send periodic multicast packets to introduce them-self to other routers. They
become neighbors when they see their own router id included in the neighbor field of the hellos from another router.
TOPOLOGY TABLE-: Contains the information of all the routers in OSPF network.
NEIGHBOR TABLE-: Contains neighbor information.
DESIGNATED ROUTER-: Is responsible for creating and flooding a network LSA (type 2) advertising the multi-
access link.
Non DR (DR OTHER) routers communicate with DRs using the IP address 224.0.0.6. The DRs use IP address
224.0.0.5 to pass information to another routers.
BACKUP DESIGNATED ROUTER-: It takes over the network as DR when DR is down.
DR AND BDR ELECTION PROCESS
1. A router starting the OSPF process listens for hellos. If none are head within the dead time (10 seconds/40 with
p2p) (30/120 non broadcast multi-access int.), it will declares itself the DR.
2. If hellos from any other routers are heard, the router with the highest OSPF priority is elected DR, and the
election process starts again for BDR. A priority of zero removes a router from the election.
3. If two or more routers have the same OSPF priority, the router with the highest RID is elected DR, and the
election process starts again for BDR.
LINK STATE ADVERTISEMENT (LSA)
Is constructed by the router to include the information such as RIDs of, Cost to each neighbors. Each router in the routing domain shares it’s LSAs with
all other routers. Each router keeps the complete set of LSAs in a table-the link state database (LSDB).
 OSPF CONFIGURATION (INTIAL CONFIG.)
192.168.2.0/30
.1 .2

192.168.1.0/24 192.168.3.0/24
R1
R2
Area 0 (Backbone)
R1(config)# router OSPF 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 192.168.2.0 0.0.0.255 area 0
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0

R2(config)# router OSPF 1

R2(config-router)# router-id 2.2.2.2
R2(config-router)# 192.168.2.0 0.0.0.255 area 0
R2(config-router)# 192.168.3.0 0.0.0.255 area 0

ENABLING AUTENTICATION IN OSPF

R1(config)# interface s2/0
R1(config-if)# IP OSPF authentication message-digest
R1(config-if)# IP OSPF authentication-key password

R2(config)# interface s/0

R2(config-if)IP OSPF authentication message-digest
R2(config-if) IP OSPF authentication-key password

VERIFIES COMMAND
R2# show IP Protocols
R2# show IP route
R2# Show IP ospf neighbor
 ACCESS CONTROL LIST (ACL) IP
It’s a list of permit and denies statements that identify traffic.
TYPES OF ACCESS CONTROL LIST
1. STANDARD ACL {1-99}
Standard access control list are able to permit or deny traffic based on
Source IP address information only.
f0/0 S0/0
Interne
t

f0/0
S0/0 f0/0
S0/0
R1 R2

192.168.1.0/24 192.168.2.0/24 192.168.3.0/24

Network 1 Network 2 Network 3

R1(config)# access-list 90 permit 10.1.2.5

R1(config)# access-list 90 deny any
The above syntax creates access list #1, which is a standard aCL(1-99)
R1(config)# int f0/0
R1(config)# IP access-group 90 out
R1(config)# end
R1#copy run start
REMOVING ACL
R1(config-if)# No IP access-group 1 out
 EXTENDED ACL {100-199}
Extended ACLs are far more flexible than standard ACL since they provide a
number of additional filtering criteria.

s0/0
F0/0 s0/0 F0/0

R1 R2

Network 1 Network 2
192.168.1.0/24 192.168.1.128/24

FOLLOWING REQUIREMENT MUST BE MEET.

 The host on network 2 is able to access the server on network 1 using http, ftp.
 The host on network 2 should not have any access to the server on network 1.
 The host on network 2 should be allowed access to any other destination
 Access list statement should be as specific as possible.
 THE ACCESS LIST SHOULD SATISFY THE ABOVE SCENARIO
R2(config)# access-list 100 permit tcp host 192.168.1.150 host
192.168.1.100 eq 80
R2(config)# access-list 100 permit tcp host 192.168.1.150 host
192.168.1.100 eq 443
R2(config)# access-list 100 permit tcp host 192.168.1.150 host
192.168.1.100 eq 21
R2(config)# access-list deny ip host 192.168.1.100 host 192.168.1.100
R2(config)# access-list 100 permit ip 192.168.1.128 0.0.0.127 any

The first 3 lines of access list 100 is focused on permitting the host on network 2 to access the
server on network 1 using HTTP(TCP Port 80), HTTPS(TCP Port 443) and FTP(TCP Port 21).
These ports are placed at the end of the access list command since they are destination port
numbers.
NOW, THE ACCESS LIST NEEDS TO BE APPLIED
R2(config)# interface fa 0/0
R2(config-if)# IP access-group 100 in
NAMED ACLS
These ACLS can be standard or extended in nature, but they have the advantages of using a
logical name and being editable by sequence numbers.

R1(config)# IP access-list standard INTERNET-FILTER

R1(cofig)# 10 permit host 10.5.9.2
R1(config-std-necl)# 20 permit host 192.168.1.59
R1(config-std-necl)# 30 permit host 172.30.100.100
R1(config-std-necl)# 40 permit 192.168.1.0 0.0.0.255
VERIFYING ACLS
Router # show access-list INTERNET-FILTER
Router # show run 1 include access-list.
 SWITCHING
Is the act forwarding frame at layer 2 using MAC address.

LEARNING MAC ADDRESS TABLE

1) FORWARDING Mac address Port
2) LAYER-2 REMOVAL 0000.a.a.a.a.a.1111 F0/6
0000.c.c.c.c.3333 F0/20

0000.aaaa.1111 0000.bbbb.2222 0000.cccc.3333

 SPANING TREE PROTOCOL (STP)
STP is designed solely to stop or prevent loops in a switched network. It’s
designed to allow only one active path at a time.
REDUNDANCY CHAOS!!
Switches forward broadcast packets Out all Ports by designed
Redundancy connections are necessary in business network.
The place of spanning tree: Drop tree
On redundant links (until they are needed).

STP

FACTS ABOUT STP

 Original stp (802.1d) was created to prevent loops in a switch network.
 Switches send “PROBE” into the network called BRIDGE PROTCOL DATA
UNIT (BPDU) to discover loops.
 The BPDU probe also help elect the core switch of the network, called the
ROOT BRIDGE.
 The simplistic view of STP: All switches find the best way to reach the root
bridge then block all redundant links.
 SPANNING TREE PORT STATES
When a port is first activated, it transition through the following state or stages shown below:
Port state Timer Actions
Blocking Max Age(20 sec) Discard frames does not learn
MAC addresses, receives BPDUs
Listening forwarded age(15 sec) Discard frames, does not learn
MAC addresses, receives BPDUs
to determine it’s role in the
network.

Learning forwarded age(15 sec) Discard frames, does not learn

MAC addresses, receives and
tranmits BPDUs.

Forwarding Accepts frames, learn MAC

address, receives and transmits
BPDUs.

Disable Not active

PORT RULES
Root Port-: is the port that leads back to the root or connect with root bridge

Designated Port-: port that lead away from the root.

Alternate Port-: is neither a RP nor a DP.

 Root Bridge
B Priority Mac
32768.aaa.aaa.aaa is the root bridge b/c it has the lowest
DP DP

A RP RP C

AP AP 32768.ccc.ccc.ccc
32768. bbb.bbb.bbb

SPANNING TREE MUST ELECT:

One root bridge
One root port per nor root bridge
One designated port per network segment.

CONFIGURING STP
S(config)# spanning-tree Vlan 1 priority 32768
Your second step in configuring STP is to enable Port fast on ports connected to end
devices.
S(config)# interface range fa 0/1-22
S(config-if range)# spanning-tree portfast

TO VERIFIES
S# Show Spanning-tree or # Sh SP

VIRTUAL LAN (VLAN) IMPLEMENTATION

VLAN are used to break a large campus networks into smaller pieces, so as to minimize
the amount of broadcast traffic on a logical segment. It’s a logical LAN or logical subnet.
It defines a broadcast domain. A physical subnet is a group of devices that shares the
same physical wire. A logical subnet is a group of switch ports assigned to the same
VLAN, regardless to their physical location in a switched network. VLAN membership
can be assigned either statistically by port or dynamically by MAC address using a
VLAN membership policy server (VMPS).
 TYPES OF VLAN
1. END TO END VLAN- VLAN members are assigned by function and can reside
on different switches. they are used when hosts are assigned to VLANs based on
function or workgroups rather than physical location.

HR IT
3rd floor

2nd floor

1st floor

2. LOCAL VLAN- host are assigned to VLAN, based on their

location such as a floor in a building.

HR IT
 CREATING A VLAN
Switch > config t
Switch (config)# Vlan 10
Switch (config-Vlan)# name SALES
Switch (config-Vlan)# exit
Switch (config)# Vlan 20
Switch (config-Vlan)# name MARKETING
Switch (config-Vlan)# exit
Switch (config)# 30
Witch (config-Vlan)# ENGINEERING

ASSIGNING PORT TO VALN

Switch (config)# interface range fa 0/1-5
Switch (config-if-range)# Switchport access Vlan 10
Switch (config-if-range)# exit
Switch (config)# interface range fa 0/6-10
Switch (config-if-range)# Switchport access Vlan 20
Switch (config-if-range)# exit
Switch (config)# exit
Switch (config)# interface range fa 0/11-15
Switch (config-if-range)# Switchport access Vlan 30
VERIFYING VLAN
Switch # Show vlan brief
 CONFIGURING TRUNK PORT
A trunk is a link that carries traffic for more than one VLAN. Trunks multiplex traffic
from multiple VLANs. Trunks connect switches and allow ports on multiple on
switches to be assigned to the same VLAN.

TWO METHODS OF IDENTIFYING VLANs OVER TRUNK LINK

1. INTER-SWITCH LINK (ISL) - A Cisco proprietary method that encapsulates the
original frame in a header, which contain VLAN info. It’s a protocol independent &
can identify Cisco Discovery Protocol (CDP) and bridge protocol data unit (BPDU)
frames.
2. 802.1Q-Standard-Based, tags the frames (inserts a field into the original frame
immediately after the source MAC address field), and support Ethernet & token
ring networks.

A SWITCHPORT DYNAMIC TRUNKING PROTCOL (DTP) MODE

1. ACCESS- the port is a user in single VLAN.
2. TRUNK- the port negotiates trunking with the port on the other of the link.
3. NON-NEGOTIATE- the port is a trunk and does not do DTP negotiation
with the other side of the link.
4. DYNAMIC DESIRABLE- actively negotiates trunking with the other side of
the link. It becomes a trunk if the port on the other switch is set to trunk,
dynamic desirable, or dynamic aut mode.
5. DYNAMIC AUT- passively waits to be contacted by the other switch. It
becomes a trunk if the other end is set to trunk or DYNAMIC DESIRABLE
mode.
 THESE PORT WILL BECOME TRUNK
Switch (config)# interface range fa 0/23-24
Switch (config-if-range)# Switchport trunk encapsulation dot1q
Switch (config-if-range)# Switchport mode trunk

SHOW COMMAND
Switch# Show interface fa 0/23 Switchport

INTER-VLAN ROUTING
VLANs divide the network into smaller broadcast domains, but also prohibit
communication between domains. To enable communication between these
groups-without also passing broadcasts-routing is used.
Trunk fa/0

VLAN 10 Router on a Stick

Fa%.10
VLAN 20
172.16.10.1/24
Fa%.20
172.16.20.1/24
The following would be a router on a stick configuration for the VLANs use
previously created (10, 20, 30).
Router (config) interface fa0/0.10
Router (config-sub if)# encapsulation dot1q 10
Router (config-sub if)# IP address 172.16.10.1 255.255.255.0
Router (config-sub if)# exit
Router (config)# interface fa0/0.20
Router (config-sub if)# encapsulation dot1q 20
Router (config-sub if)# IP address 172.16.20.1 255.255.255.0
Router (config-sub if)# exit
Router (config)# interface fa0/0.30
Router (config-sub if)# encapsulation dot1q 30
Router (config-sub if)# IP address 172.16.30.1 255.255.255.0
Router (config)# exit
The command ENCAPSULATION DOT 1Q (VLAN) applied to each sub-interface assigns a VLAN member to
each sub-interface.

PORT SECURITY ON SWITCH

Switch (config)# Int. fo/1
Switch (config-if)# Switchport mode access
Switch (config-if)# Switchport port-security
Switch (config-if)# Switchport port-security Max 1
Switch (config-if)# Switchport port-security Mac-address H.H.H .000.fa.4.4 sticky
Switch (config-if)# Switchport port-security violation shutdown
Try by adding another laptops (ROEG)
And then enter
(config)# show IP Int. brief
 NAT (Network Address Translation)
Nat is use to translate internal IP address to external IP address on the internet.
TERMS
Inside
Outside
Local
Global
Inside Local
Inside Global
Outside Local
Outside Global
TYPES OF NAT
1. STATIC NAT
Defines single static translations from one IP address to another. It allows you to use a
private IP address for your internet sever and yet make them available on the internet. In
the network diagram below, the internet server 192.168.1.100 is mapped to the IP
address 200.50.63.122. Anytime the server accesses the internet, it’s is seen as this
public IP address:

F0/0 S0/0
Internet

R1
192.168.1.100/24 ----------------- 200.50.63.122
R1 (config)# IP nat inside source static 192.168.1.100 202.50.63.122
R1 (config)# interface fa 0/0
R1 (config)# IP address 192.168.1.1 255.255.255.0
R1 (config)# IP nat inside
R1 (config)# exit
R1 (config)# interface S0/0
R1 (config-if)# IP address 192.168.1.221 255.255.255.252
R1 (config-if)# IP nat outside

2. DYNAMIC NAT
Defines a translation of one pool of IP address to another. It allows you to
translate a pool of IP addresses, in the diagram below; the group of internal
(private) IP addresses is being translated to external (public) IP addresses.

F0/0 S0/0
Internet

R1

192.168.1.0/24 202.50.63.0/24

Keep in mind that this is a 1:1 mapping; this is not an example of many hosts sharing a
single IP address (known as NAT overload or PAT). This would keep you from creating
more than 200 static translation to map each private IP address to a public address.
R1 (config)# access-list 50 permit 192.168.1.0 0.0.0.255
R1 (config)# IP nat pool External 202.50.63.1 202.50.63.254
Net mask 255.255.255.0
R1 (config)# IP nat inside source list 50 pool External
R1 (config)# interface Fa 0/0
R1 (config)# IP address 192.168.1.1 255.255.255.0
R1 (config)# IP nat inside
R1 (config)# exit
R1 (config)# interface S0/0
R1 (config-if)# IP address 198.53.12.221 255.255.255.252
R1 (config-if)# IP nat Outside

NAT OVERLOAD (ALSO KNOWN AS PAT)

Defines a translation of multiple private IP addresses to one
or more public IP addresses. It allows you to translate a pool
of IP addresses. In the diagram below, the group of internal
(private) IP addresses is being translated to external (public)
IP addresses; the entire private network (192.168.1.0/24) is
sharing the public IP address 202.50.63.1 when accessing
the internet. Port Address Translation (PAT) it allow many
hosts to share a single public IP address.
F0/0 S0/0
Internet

R1
R1 (config)# access-list 50 permit 192.168.1.0 0.0.0.255
R1 (config)# IP nat pool External 202.50.63.1 Net mask 255.255.255.0
R1 (config)# IP nat inside source list 50 pool External overload
R1 (config)# interface fa 0/0
R1 (config-if)# IP address 192.168.1.1 255.255.255.0
R1 (config-if)# IP nat inside
R1 (config-if)# Exit
R1 (config)# interface S0/0
R1 (config-if)# IP address 198.168.12.221 255.255.255.252
R1 (config-if)# IP nat Outside

VERIFIES COMMAND
R1# Show IP nat translations
R1# Show IP nat Statistics
 VLAN TRUNKING PROTOCOL (VTP)
VTP is use or is a protocol that helps to advertise VLAN configuration to other
switch in the same domain.
VTP MODES
1. SERVER MODE- On this mode you will be able to create Vlan, modify and
deletes, it’s the default mode, it update it database.

2. CLIENT MODE- It can’t create nor modify it database but it can advertise

3. TRANSPARENT MODE- It can create, modify and delete but can’t update it
database but can relay i.e. give others
VTP Domain must have the same password & Domain name

VTP CONFIGURATION (SWITCH)

Switch (config)# vtp mode Server
Client
Trans.
Switch (config)# vtp Domain Cisco
Switch (config)# vtp Password Cisco
Switch (config)# int range f o/1-2
Switch (config-if-range)# Switchport mode trunk
TO VIEW VTP STATUS
Switch# Show vtp status
 DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)

DHCP SERVER
DHCP CONFIGURATION
Router1(config)# IP dhcp excluded-address 192.168.1.1 192.168.1.5
Router1(config)# IP dhcp pool Oralboss Server
Router1(dhcp-config)# network 192.168.1.0 255.255.255.0
Router1(config-if)# Default-router 192.168.1.1
Router1(config-if)# Dns-Server 4.2.2.2
Router1(config)# int f0/0
Router1(config)# IP address dhcp
Router1(config)# Int f0/0
Router1(config)# IP address 192.168.1.1 255.255.255.0
Router1(config)# no shu
Router1(config)# end
Router1# copy run start
Router2(config)# IP dhcp excluded-address 192.168.2.1 192.168.2.5
Router2(config)# IP dhcp pool Oralboss
Router2(dhcp-config)# network 192.168.2.0 255.255.255.0
Router2(config-if)# Default-router 192.168.2.1
Router2(config-if)# Dns-Server 5.3.3.3
Router2(config)# int f0/0
Router2(config)# IP address dhcp
Router2(config)# int f0/0
Router2(config)# IP address 192.168.2.1 255.255.255.0
Router2(config)# no shu
Router2(config)# end
Router2# copy run start
 WIRELESS LAN
Network connectivity without wires.
Wlan transmit and receive data using radio frequency or infrared signals, sent through an access point
(AP). WLAN uses an institute of Electrical and Electronic Engineers (IEEE) standard that defines the
physical and data link specification, including the use of Media Access control (MAC) address.

CHARACTERISTICS OF WIRELESS LANs

 WLANs use carrier Sense Multi-Access/Collision Avoidance (CSMA/CA). Wireless data is half-duplex.
CSMA/CA uses Request to send (RTS) and clear to send (CTS) message to avoid collision.

 WLANs use a different type of frames than Ethernet.

 Radio waves have unique potential issues. They are susceptible to interference, multipath distortion and
noise. Their coverage are can be blocked by building features, such as Elevators.

 WLAN shots have no physical network connection. They are often mobile and often battery-powered.

 WLANs must adhere to each country’s RF standards.

900MHZ: 902MHZ to 928MHZ
2.4GHZ: 2.400GHZ to 2.483GHZ
5GHZ: 5.150GHZ to 5.350 and 5725GHZ to 5.825GHZ

 It’s low, uses air, less security features.

SERVICE SET
Defines connection between two or more wireless devices
SERVICE SET ID
It’s a string of clear text used to identify service set.
 WIRELESS LAN MODELS
 INDEPENDENT BASIC SERVICE SET (IBSS)
It’s used to define wireless connection between two or more devices that are connected directly without the
assistance Access Point (AP).

A B

 BASIC SERVICE SET (BSS)

When two or more wireless devices are connected true (AP). It might require three things before you can join the organization
like SSID, Data channels and Authentication

 EXTENDED SERVICE SET

It defines the connections of wireless between two or more APs by using LAN Switch

AP2
AP1
000
000

D
C
A B
 UNDERSTANDING WLAN STANDARDS
Since WLANs represents network standards and RF usage, there are multiple standard organizations that manage
WLAN development.

 International Telecommunication Union-Radio Communication Sector (ITU-R): This organization handles the regulation
of the RF aspects of WLAN communication.

 Institute of Electrical and Electronic Engineering (IEEE): This organization handles the development of the 802:11
wireless standards

 WiFi Alliance: This organization certifies WLAN equipment to ensure interoperability between vendors.

There have been three major network standards that have been release since the original wireless
network implementations in the 1990s. The following table gives the “fast fact” on these standards

RF band has been discussed. The maximum data rate dictates the maximum speed that of these standards
is able to reach. As the signal becomes weaker (the client moves further away from the WAP), the data rate
will decrease. The number of non-overlapping channels represents the number of non-intering access
points you can have in class proximity to each other.

802.1Q TUNNELS
Tunneling is a way of sending 802.1Q-tagged frames accross a foreign network (such as a service provider’s network)
and still preserve the original 802.1Q tag

WAN
Wan is the connection of two or more network that is in a large distance
 HQ Branch Office

Internet
Tele Computer

Branch Office
Mobile User

Frequency
802.11b 802.11g 802.11a
2.4GHz 2.4Ghz 5GHz

Non-Overlapping 3 3 3
Channels

Maximum Date Rate 11 Mbps 5 Mbps 54 Mbps

 WAN TERMS
 Customer Precise Equipment- They are equipment like routers and system used for connection.

 Demarcation Port- It’s the Port at which the responsibility of the WAN is transferred to you (customer)

 Toll Network- The internal infrastructure put in place to carry your data.

 Local Loop- Define the connection between the demarcation port and the central office switch.

WAN RELATED TOPICS

 Virtual Private Network (VPN) connection
 Leased Line Connection
 Frame Relay Connection

UNDERSTANDING VPN
VPN transmit data between devices securely using a public network as a transport. How it accomplishes this
fact is actually quite complex.

VPN BENEFITS
LOW COST- it’s much cheaper to purchase an internet connection at each of your office location rather
than dedicated WAN links.

AVAILABILIITY AND SCALABILITY- Internet connections are widely available. Because of this, your
VPN is able to scale to encompass multiple offices. The topology above is actually VPN network design.
 TYPES OF CONNECTION
 Site-To-Site-VPN linking two offices together. Routers or firewall equipment handles VPN connections
rather than end users.
 Remote-Access-VPN linking remote user to the corporate network. The end user usually handles
the VPN connection through some installed softwares.

 Web-VPN- it allow you to tunnel traffic through an existing connection which is typically initiated through a web
browser.
LEASE LINE CONNECTION
A lease line connection is a private point –point link between offices. Leased lines are notorious for their
reliability, stability and price tag.
DATA LINK WAN PROTOCOLS
HIGH-LEVEL DATA LINK CONTROL (HDLC)- All Cisco routers uses the HDLC
protocol by default on serial interface. Cisco version of HDLC is proprietary, so
it is useful when connecting between two Cisco routers.
POINT-TO-POINT PROTOCOL (PPP)- PPP is the industry standard protocol
for many types of WAN connections including leased lines. It run on serial
interface, it can be use to connect a Cisco router to any other brand of router. It
supports many features like Authentication, Compression, Callback and
Multilink.

TWO TYPES OF PPP AUTHENTICATION

1 Password Authentication Protocol (PAP)- It was the initial PPP Auth. Method.
It sends the username and password in clear text, which is quite dangerous.
It’s rarely use now.
2. CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP)- It
uses a hashed password mechanism, which prevents passwords from being
easily discovered between end devices. Most PPP deployments will use CHAP
authentication
 PPP AUTHENTICATION CONFIGURATION
192.168.1.0/24
.1 .2

Abuja Lagos

CONFIGURING PPP ON ABUJA

Abuja(config)# int s2/0
Abuja(config-if)# ip address 192.168.1.1 255.255.255.252
Abuja(config-if)# no shutdown
Abuja(config-if)# clock rate 64000
Abuja(config-if)#encapsulation PPP
Abuja(config-if)# PPP authentication CHAP
Abuja(config-if)#exit
Abuja(config-if)# username Lagos password Cisco
CONFIGURING PPP ON LAGOS
Lagos(config)# int s2/0
Lagos(config-if)# ip address 192.168.1.2 255.255.255.252
Lagos(config-if)# no shutdown
Lagos(config-if)#encapsulation PPP
Lagos(config-if)# PPP authentication CHAP
Lagos(config-if)#exit
Lagos(config-if)# username Abuja password Cisco To verify PPP
Lagos# show int s2/0
Command for Authentication
Lagos#debug PPP authentication
 FRAME RELAY CONNECTION
Is a layer two protocol for WAN connection, it allows you to get a good amount of bandwidth for a decent price. This is
accomplished by creating a shared bandwidth cloud on the part of the service provider.

S0/0 S0/0
R1 R2
102 PVC
201
103
DLCI
203 S0/0

FRAME RELAY
R3

FRAME RELAY TERMS

Permanent Virtual Circuit (PVC) - It’s a logical connection between frame relay connection devices. The dotted lines through
the frame relay cloud represent PVC.
Data Link Connection Identifier (DLCI)-These are the special number assign to PVC used to connect between offices. These are
the data link-layer addressing that frame relay uses.
Committed Information Rate (CIR) - The CIR is the lowest average speed the service provider commits to give you e.g
250k
Local Access Rate (LAR) - The maximum speed your connection supports to the frame relay service provider.

Local Management Interface (LMI) - The Protocol used between you and the service provider to manage the frame relay connections.

Committed Burst (BC) - Is the average data rate higher than CIR but experienced on a short rate.

Excessive Burst (BE)-Is the highest data rate that your virtual circuit will ever experienced
FRAME RELAY SUB-INTERFACE
Point –to- Point Are used, when each PVC are to be designated as a separate IP subnet.
Multipoint – Are used when all PVC share the same IP subnet. This design makes the frame relay cloud feel like
an Ethernet switch.
192.168.1.1/0 192.168.1.2/30

S0/0 S0/0
R1 R2
Lagos 102 201 PH
103
192.168.1.3/30
310 S0/0

FRAME RELAY
R3
Abuja
Multipoint Configuration
The previous figure illustrates a frame relay multiple point configuration. You can tell this because all routers are sharing
the same IP subnet.
Lagos(config)# int s2/0
Lagos(config-if)# IP address 192.168.1.1 255.255.255.252
Lagos(config-if)# encapsulation frame-relay
Lagos(config-if)# Frame-relay map ip 192.168.1.2 102 broadcast
Lagos(config-if)# Frame-relay map IP 192.168.1.3 103 broadcast
PortH(config)# int s2/0
PortH(config-if)# IP address 192.168.1.2 255.255.255.252
PortH(config-if)# encapsulation frame-relay
PortH(config-if)# Frame-relay map IP 192.168.1.1 201 broadcast
PortH(config-if)# Frame-relay map IP 192.168.1.3 102 broadcast
Abuja(config)# int s2/0
Abuja(config-if)# IP address 192.168.1.3 255.255.255.252
Abuja(config-if)# encapsulation frame-relay
Abuja(config-if)# Frame-relay map ip 192.168.1.1 103 broadcast
Abuja(config-if)# Frame-relay map IP 192.168.1.3 310 broadcast
The key command in the multipoint configuration is the Frame-Relay command. This commands map a remote IP address to the
local DLCI number used to reach the remote IP address. Take the following command on R1: Frame-Relay Map IP 192.168.1.2 102
broadcasts. This command “says” to reach the remote IP address 192.168.1.2, use DLCI 102 --- and allow broadcasts to be sent on
this circuit. The broadcast key word allows routing protocol updates to be sent by R1 and R2, in this case. If you left the broadcast
keyword off, routing protocols would not operate over the frame relay cloud.

VERIFY COMMAND
Show frame-relay map
Show frame-relay PVC
Show frame-relay lmi Lagos
PH
R1 R2

S0/0 S0/0
S0/0.12 102 201 S0/0.12
192.168.12.1/24 192.168.12.2/24
S0/0.13 103
192.168.13.1/24 Abuja
R3
310
S0/0
S0/0.13
POINT-TO-POINT CONFIGURATION 192.168.13.2/24
As you can see, each PVC is assigned its own IP subnet. The sub-interface numbers you choose can be anything you want.
Lagos(config)# int s0/0
Lagos(config-if)# encapsulation frame-relay
Lagos(config-if)# exit
Lagos(config-if)# interface serial 0/0.12 point-to-point
Lagos(config-if)# IP address 192.168.12.1 255.255.255.252
Lagos(config-if)# frame-relay interface-dlci 102
Lagos(config-if)# exit
Lagos(config-if)# interface serial 0/0.13 point-to-point
Lagos(config-if)# IP address 192.168.13.1 255.255.255.252
Lagos(config-if)# frame-relay interface-dlci 103
 PH(config)# int s0/0
PH(config-if)# encapsulation frame-relay
PH(config-if)# exit
PH(config-if)# interface serial 0/0.12 point-to-point
PH(config-if)# IP address 192.168.12.2 255.255.255.0
PH(config-if)# frame-relay interface-dlci 201
ABUJA(config)# int s0/0
ABUJA(config-if)# encapsulation frame-relay
ABUJA(config-if)# exit
ABUJA(config-if)# interface serial 0/0.12 point-to-point
ABUJA(config-if)# IP address 192.168.13.2 255.255.255.0
ABUJA(config-if)# frame-relay interface-dlci 301

IPV6
IPV6 was created dual to the rapid growth of the internet, it was a better version compare to IPV4.
Its 128bits (128) address provision.
IPV4 – 32 bits
IPV6 – 128 ?
ADVANTAGES
 More address spaces
 Better Quality of Service(QoS)
 It has a better routing features
 It has a security features
 It’s mobile. A device that does forwarding is called home agent.
TYPES OF IPV6
 UNICAST- It’s a host to host connection i.e 1-1 connection
 MULTICAST- It’s a connection between one device to many devices, it’s use for special purpose
e.g for routing protocol, it conserved bandwidth.
 ANYCAST- It’s use to give all system the same address, one to the closest communication.

PRESENTATION OF IPV6
There are two ways to shorten the representation of an IPV6 address. Take the example address.

4001:0000:0001:0002:0000:0000:0000:0000:ABCD
16bits 16bits 16bits
Leading zeros may be omitted. This makes the example
4001:0:1:2:0:0:0:0:ABCD
Sequential zeros may be shown as double colons once per address. This makes the example 4001:1:2::ABCD
2001:000F:0000:0000:0003:0000:0000:0000
2001:F:0:0:3:0:0:0
2001:F::3:0:0:0
2001:F::3::
The subnet mask is called Prefix/64
ENABLING IPV6 ON A ROUTER
IPV4
INTERNET

IPV4 Client S0/0

192.168.1.50/2
F0/0 IPV6
4 INTERNET
S0/1

R1
IPV6 Client Dual Stack
2001:50:300::ab4:1e2b:98aa/24 Router
The client has the address 2001:50:300::ab4:1c2b:98aa/64.
The /64 subnet mask means the first half of the address represents the network (remember, each octet in these new IPV6
addresses are 16 bits each ) and the second half of the address represents the host on the network. Since this is a shorten
address, here are the full representations:
IPV6 network Portion: 2001: 0050:0300:0000
IPV6 host position: 0000:0ab4:1e2b:98aa
R1(config)# IPV6 unicast-routing
R1(config)# interface fa0/0
R1(config)# ip address 192.168.1.1 255.255.255.0
R1(config)# IPV6 address 2001:0050:0300::1/64
The CCNA exam just requires you to know the foundations of IPV6.
VERIFY
R1# show ipv6 protocols
To view the routing protocol
R1# show ipv6 route
Here is an unofficial summary of the CCNA 2013 syllabus for the new 200-120 composite exam that is replacing the 640-802 from 1st October
2013.
With this change to the CCNA the barrier to entry into the networking world is becoming higher and more difficult to achieve.
If you want to give your studies a boost and reduce the time it takes you to get to CCNA level, enroll in our online CCNA video bootcamp.
 

CCNA Topics 2013 - Exam 200-120

 
IP Data Networks
Understand the operation of data networks.
Know the purpose and functions of network devices such as routers, switches, bridges and hubs.
Be able to select components to meet a specific network requirement.
Understand how certain applications can impact network performance.
Know the protocols, purpose and operation of both the OSI and TCP/IP models.
Describe the data flow between two hosts on a network
Be able to choose the most appropriate cables, media, ports and connectors to connect network devices and
hosts to a LAN.

LAN Switching
Understand the media access control method for Ethernet.
Describe the basic switching concepts and the operation of switches.
Configure and verify switch configuration including remote access management.
Verify a network and switch operation using basic utilities such as ping, telnet and SSH.
Describe VLANs and the need for routing between VLANs.
Understand network segmentation and traffic management.
Be able to configure and verify VLANs.
Configure and verify trunking on Cisco switches.
Understand advanced switching technologies:
RSTP
PVSTP
EtherChannel
Be able to configure and verify PVSTP operation.
Describe the process of root bridge election.
IP Addressing (IPv4 and IPv6 )
Describe the need for public and private addresses for IPv4.
Understand IPv6 addresses.
Describe the appropriate IPv6 addressing scheme for a LAN/WAN environment.
Describe the appropriate IPv4 addressing scheme for a LAN/WAN environment, including VLSM and summarization.
Describe the technologies required to run IPv6 and IPv4 concurrently such as dual stack.

IP Routing
Understand the basic routing concepts.
Understand the boot process of a Cisco router.
Configure and verify a basic router configuration using the command line interface.
Configure and verify both serial and Ethernet interfaces.
Be able to verify the network connectivity and configuration of a router.
Configure a static or default route given specific requirements, then verify.
Manage Cisco IOS files and image(s).
Understand Cisco IOS licensing.
Understand and distinguish different methods of routing and routing protocols.
Configure and verify EIGRP in a single autonomous system.
Configure and verify OSPF (v2 and v3) in a single area.
Configure and verify interVLAN routing using router-on-a-stick.
Be able to configure SVI interfaces.

IP Services
Configure and verify DHCP on a Cisco router.
Understand the features and applications of each type of ACL.
Be able to configure and verify ACLs.
Understand the basic operation of NAT.
Configure and verify NAT based on a set of network requirements.
Be able to configure and verify NTP as a client.
Recognize high availability FHRP.
Understand, configure and verify Syslog and utilize Syslog output.
Understand SNMP v2 and v3.
Network Device Security
Be able to configure and verify device security features.
Understand, configure and verify switch port security features.
Configure and verify ACLs for filtering network traffic.
Limit telnet and SSH access to a router by configuring ACLs.

Troubleshooting
Troubleshoot and correct common issues concerning IP addressing and host configurations.
Be able to utilize netflow and monitor data.
Troubleshoot and fix spanning tree operation.
Troubleshoot and resolve routing issues, including OSPF, and EIGRP.
Troubleshoot and correct VLAN problems.
Identify and resolve interVLAN problems.
Troubleshoot and resolve switch trunking issues.
Troubleshoot and fix ACL problems.
Troubleshoot and correct layer 1 problems.
Troubleshoot and correct WAN issues.
Troubleshoot EtherChannel issues.

WAN Technologies
Understand and identify different WAN technologies including:
Metro Ethernet
Frame Relay
VSAT
Cellular 3G and 4G
MPLS
T1/E1
ISDN
DSL
Cable
VPN
Configure and verify a serial WAN connection.
Configure Frame Relay on Cisco routers including verification.
Be able to configure and verify a PPP connection between two Cisco routers.
Configure and troubleshoot PPPoE