Amit CCNA Interview Notes

Created by – Amit Challelwar, 7588773030
BS 128 64 32 16 8 4 2 1 SM
0 0 0 0 0 0 0 0 = 0
1 0 0 0 0 0 0 0 = 128
1 1 0 0 0 0 0 0 = 192
1 1 1 0 0 0 0 0 = 224
1 1 1 1 0 0 0 0 = 240
1 1 1 1 1 0 0 0 = 248
1 1 1 1 1 1 0 0 = 252
1 1 1 1 1 1 1 0 = 254
1 1 1 1 1 1 1 1 = 255
 Private IP Address
Class A – 10.0.0.0 – 10.255.255.255
Class B – 172.16.0.0 – 172.31.255.255
Class C – 192.168.0.0 – 192.168.255.255
APIPA – 169.254.0.0 – 169.254.255.255 (65536)
LOOPBACK – 127.0.0.0 – 127.255.255.255
 Type of IP Addresses –
1) Unicast 2) Multicast 3) Broadcast 4) Loopback 5) APIPA
Class A –> 1 – 126, Class B –> 128 – 191, Class C –> 192 – 223, Class D –> 224 – 239, Class E–> 240 – 255
 VLSM –
No. of Host Required = 120
Minimum No. of Host Bits = 7
No. of Network Bits = 32 – 7 = 25
Subnet Bits = 1
Total Subnet = 21 = 2
Total No. of Host = 27 – 2 = 128 – 2 = 126
S. M = 255.255.255.128
Block Size = 128
Sub Network 1 = Ex. 192.168.10.0 /25
Sub Network 2 = Ex. 192.168.10.128 /25
 IEEE - Institute of Electrical Electronics Engineers,
 OUI – Organationally Unique Identifier (48 – Bit)
 IANA – Internet Assigned Numbers Authority
 Booting Sequence –
POST – Bootstrap – Check Configuration Register – For any Boot Command if found – Does what they say
– If no first file from flash – If no file – TFTP Boots – If No TFTP file – Goes to ROMMON. – After loading IOS – Check
Configuration – register 0x2142 then ignore startup, if 0x2102 load startup – If no startup found – TFTP Auto install
if No, Enter Setup Mode.
Status Protocol Causes

UP UP - Interface is functional & everything is ok
UP DOWN - 1) Clock Rate is missing
2) Encapsulation Protocol Mismatch
3) Keep Alive message not send properly
DOWN DOWN (ON DTE Side) - 1) Shut Down on DCE Side
2) Cable Disconnected (Physical Layer)
Administratively DOWN (ON DCE Side) - Interface has been made shut down by Administrator
DOWN
 Standard Delay –
1) Fast Ethernet - DLY 1000 µsec
2) Gigabit - DLY 1000 µsec
3) Serial - DLY 20000 µsec
 TCP Communication –
It is connection Oriented, Reliable & Send Acknowledgement
1
 TCP – 3 Way Handshake

Sync.  Sync. Acknowledgement  Established
 TCP Windowing
Seq. No. 1 - Ack. No. 2
Seq. No. 2 - Ack. No. 3
Seq. No. 3, 4, 5, 6 - Ack. No. 7
Seq. No. 7,8, 9, 10 - Ack. No. 11
 WAN LINK CABLE – 1) CAB - V.35 - MT (DB60 - DB60),

2) CAB – SS – V.35 – MT (Smart Serial)
 STATIC ROUTE – (AD – 1)
ROUTER(CONFIG)# IP ROUTE 10.0.0.0 255.255.255.0 (DESTINATION N/W) 100.100.100.2 (NEXT HOPE IP)
 DEFAULT ROUTE – (AD – 1)
ROUTER(CONFIG)# IP ROUTE 0.0.0.0 0.0.0.0 (ANY N/W) 100.100.100.2 (NEXT HOPE IP) OR
ROUTER(CONFIG)# IP ROUTE 0.0.0.0 0.0.0.0 (ANY N/W) int ser0/0/1 (Self Outgoing Interface)
 FLOATING DEFAULT ROUTE – (AD – 1) We Can change from 2 - 255
ROUTER(CONFIG)# IP ROUTE 10.0.0.0 255.255.255.0 (OUR N/W) 100.100.100.2 (NEXT HOPE IP) 5 (AD VALUE)
 Dynamic Routing Protocols –

1) IGP (Interior Gateway Routing Protocol)
Used in Single Autonomous System (Under Single Administrative Control)
Distance Vector Routing Protocol Linkstate Routing Protocols Hybrid Protocol (DVR + LR)
Ex. IGRP, RIP Ex. OSPF, IS-IS Ex. EIGRP
2) EGP (Exterior Gateway Routing Protocol)
Used in different Autonomous System, Internet (Different ISP’s are connected to each other)
Ex. BGP (Border Gateway Protocol)
 DHCP POOL
ROUTER(CONFIG)# IP DHCP POOL AMIT
ROUTER(DHCP-CONFIG)# NETWORK 10.0.0.0 255.255.255.0
ROUTER(DHCP-CONFIG)# DEFAULT-ROUTER 10.0.0.1
ROUTER(DHCP-CONFIG)# DNS-SERVER 75.75.75.10
ROUTER(DHCP-CONFIG)# LEASE 0 0 10 (OPTIONAL – TO ASSIGNING THE LEASE PERIOD DD HH MM)
ROUTER(DHCP-CONFIG)#EXIT
ROUTER(CONFIG)# IP DHCP EXCLUDED-ADDRESS 10.0.0.19 10.0.0.30
 RIP (v1/2) – Routing Information Protocol (AD – 120, 15 Hop count Reachable, Uses Bellman Ford Algorithm)
- V1 Uses Broadcasting
- It supports VLSM, Authentication, It uses Multicasting, Load Balancing – Equal cost with same bandwidth.
- RIP has one issue i.e. Routing Loops
- To avoid Routing Loops (Techniques)
o Maximum Hop Count 15 (16th Hop Unreachable)
o Split Horizon Rule (Already Run) – Don’t send same update back from the same interface
o Triggered Updates – Reset timers & set the updates if any n/w add or goes down
o Route Poisoning – As any n/w goes down kill it or poison it. Set it 16th Hop Unreachable)
 RIP V1 (ROUTING INFORMAITON PROTOCOL)
- ROUTER(CONFIG)# ROUTER RIP
- ROUTER(CONFIG-ROUTER)# NETWORK 10.0.0.0 (LAN N/W)
- ROUTER(CONFIG-ROUTER)# NETWORK 100.100.100.0 (WAN N/W)
- ROUTER(CONFIG-ROUTER)# EXIT OR ^Z
 RIP V2 (ROUTING INFORMAITON PROTOCOL)
- ROUTER(CONFIG)# ROUTER RIP
- ROUTER(CONFIG)# VERSION 2
- ROUTER(CONFIG-ROUTER)# NETWORK 10.0.0.0 (LAN N/W)
2
- ROUTER(CONFIG-ROUTER)# NETWORK 100.100.100.0 (WAN N/W)

- ROUTER(CONFIG-ROUTER)# NO AUTO-SUMMARY
 EIGRP –Enhanced Interior Gateway Routing Protocol
(AD – 90/Ext. – 170, Hop Count – 224, Multicast-224.0.0.10)
- It keeps Backup Route Ready (Fast Conversion)
o R1 – R3 – X N/W (Lower Metric ) – Primary Route
o R1 – R4 – X N/W (Higher Metric ) – Secondary Route
- It uses Dual (Diffusing Update) Algorithm to choose best path
- It supports unequal cost load balancing (By default equal cost load balancing)
- By default 4 paths supported
- Max. 6 – 16 paths supported (For that we want to configure router)
- Flexibility in summarization (Support Supernating) 172.16.10.0/26 & 172.16.10.64/26  172.16.0.0./25
- It supports multiple Routed Protocols (IP, IPX, APPLE Talk, DDP)
- It contains Routing, Neighbor & Topology Table
- EIGRP Metric Depends on K values mainly {Bandwidth-1 (K1), Delay-1 (K3) }
 EIGRP Terminology –
- Feasible Distance (FD) – This is total Distance(Metric) from Source to Destination
- Advertised Distance (AD) – How far away from my neighbor
- Successor (Lower Metric) – Primary Path
- Feasible Successor (FS) – Backup Route (Convert in one second only)
- Active Routes – Bad Routes – A
- Passive Routes – Good Routes – P
 For Neighbouship –
- Protocol EIGRP must
- K values should be same on both side
- IP Address in same n/w
- Autonomous No. system same (1-65535)
a) Hello Packets – Use to form neighbourship send the information of K values. Send periodically by
multicast Address 224.0.0.10, no any acknowledgement for Hello
b) Update Packet – Any information about Routes (Up/Down)
c) Query Packet – Ask about Routes (When any Route goes Active – A)
d) Reply Packet – It is response for query
e) Acknowledgement Packet – Ack. To Update, Query & Reply
Hello Timer 5 Sec (LAN) 60 Sec (WAN)
Hold Down Timer 15 Sec(LAN) 180 Sec (WAN)
To Avoid Query Madness (Routing Loop)
1) Route Summarization (/26 & /26 = /25)
2) Stub Configuration
 EIGRP (ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL)
- ROUTER(CONFIG)# ROUTER EIGRP 100 (VALUE 100 MUST BE SAME ON BOTH SIDE/ROUTERS)
- ROUTER(CONFIG-ROUTER)# NETWORK 10.0.0.0 0.0.0.255 (LAN N/W) OR NETWORK 10.0.0.0
- ROUTER(CONFIG-ROUTER)# NETWORK 100.100.100.0 0.0.0.3 (WAN N/W) OR NETWORK 100.100.100.0
- ROUTER(CONFIG-ROUTER)# NO AUTO-SUMMARY
- ROUTER(CONFIG)# IP ROUTE 192.168.10.0 255.255.255.224 Null 0

Path close to 192.168.10.0 (Send to Dustbin)
- ROUTER(CONFIG)# ROUTER EIGRP 100

- ROUTER(CONFIG-ROUTER)# Redistribute Static (It shows 170 AD)
To Change Bandwidth –
- ROUTER(CONFIG)# Int ser 0/0
- ROUTER(CONFIG-If)# Bandwidth 1000
3
To Publish All Network At a Time –

- ROUTER(CONFIG)# Network 0.0.0.0
 OSPF (Open Shortest Path First)

- Used in Single Administrative Control/Single Entity, it is linkstate protocol
- It maintains Routing, Neighbor & Database (Topology) Table
- It uses Dijkstra’s SPF Algorithm
- OSPF uses cost (Bandwidth) as Metric = 100/B.W. in Mpbs
56 Kbps – 1785
64 Kbps – 1562
T1(1.544 Mbps) – 65
E1 (2.048 Mbps) – 18
Ethernet (10 – Mbps) – 10
FastEthernet, Gigabit, Fiber Optic or Other – 1
- It sends triggered & Periodic Updates (Conversion is fast)
 Design –
- Total Area divided into small logical parts c/as Area
- All area must connected with Area 0 (Backbone)
- All routers have same topology
- It requires Hierarchical Design
- By default support equal load balance, we can manage unequal load balance but it shows (2mb-1mb)
- Summarization is possible on ABR/ASBR
- ABR – Area Boundary Router
- ASBR – Autonomous System Boundary Router
o (Router contains Rip/Eigrp/etc protocol of another company we acquire)
 Neighbor Relationship –
- Each Router having Router ID
o Hardcoded Router ID (First Preference – Manually) in the form of IP Address but not IP, - 1.1.1.1
o Highest Loopback Address (Second Preference)
o Highest IP Address (Third Preference)
- Sends Hello messages on chosen interface
Hello Dead (HoldDown)
o Fa0/0 10 Sec. 40 Sec. (Ethernet, FE, GE, Point-to-Point – BMA)
o Ser0/0 30 Sec. 120 Sec. (FR, ATM, X.25 - NBMA)
- Hello message contains
o Router ID, Neighbor, Hello & Dead Timers, Subnet Mask Compulsory Same (Same N/w),
Area ID Compulsory, Authentication Password
- Receives Hello – INIT State
- Reply to Hello – 2-Way State
- If No neighbor – Ex-Start State, Loading State, Neighbor Synchronized (Full State)
- It uses 2 Multicast IP’s for Broadcasting 224.0.0.5 & 224.0.0.6
- Ethernet BMA - DR & BDR Elected (Designated Router & Backup Designated Router)
o Having greater Router ID Selected as DR & BDR
- If any n/w goes up or down then first DR get active & send to all Routers using Multicast IP 224.0.0.6 to
avoid Madness. And if DR will be down then BDR does the same as DR.
 OSPF (OPEN SHORTEST PATH FIRST)
- ROUTER(CONFIG)# ROUTER OSPF 1 (VALUE 1 CAN BE CHANGE ON OTHER SIDE/ROUTERS)
- ROUTER(CONFIG-ROUTER)# ROUTER ID 1.1.1.1
- ROUTER(CONFIG-ROUTER)# NETWORK 10.0.0.0 0.0.0.255 AREA 0 (LAN N/W – AREA VALUE SHOULD BE CHANGE)
- ROUTER(CONFIG-ROUTER)# NETWORK 100.100.100.0 0.0.0.3 AREA 0 (WAN N/W - AREA VALUE SHOULD BE CHANGE)
4
 CDP (CISCO DISCOVERY PROTOCOL)

- To Discover the neighbor which connected to me (Runs Only on Cisco Devices)
- It shows the Devices which connected, IP Address, Local Interface & Remote Interface
SW1(Config)#CDP Run – To Enable Globally
SW1(Config-if)#Enable CDP – For particular Interface
SW1#show cdp neighbor
SW1#show cdp neighbor details
SW1#show cdp entry *
 ACL (ACCESS CONTROL LIST)
- ACL is an ordered list of more than one permit or deny statement
- Router read from Top Down Format
- In every ACL there is an implicit deny statement (Deny any / Deny IP any any)
- We have to Apply ACL as inbound or outbound on the interface as per use.
USES –
- Controlling the various users in Network
- For NAT (PAT, Dynamic NAT, Static NAT)
- Router Filtering
- Policy Base Routing (PBR)
- Quality of Service (QOS) - Priority to Voice then Data)
- Virtual Private Network (VPN)
- Dial on Demand Routing (DDR)
Types
- Numbered
- Named
- Reflexive (Established) – Please allow return traffic
- Dynamic (Auto Generated & Applied)
- Content Based
Standard (1-99) – Apply as closes to the Destination, Match is only on Source IP
Extended (100-199) – Apply as closes to the Source, Match is on Source, Destination IP, Protocol,
Source & Destination Port. No.
 Standard ACL – (Numbered )
R(Config)#Access-list 50 permit host 192.168.10.2
R(Config)#Access-list 50 Deny 192.168.10.0 0.0.0.31
 Extended ACL – (Numbered)
R(Config)#Access-list 100 permit tcp host 192.168.10.2 (S) host 192.168.20.2 (D) eq www /80
R(Config)#Access-list 100 deny icmp 192.168.10.0 0.0.0.31 (S) 192.168.20.0 0.0.0.31 (D)
To Apply –
R(Config)#line vty 0 4
R(Config-line)#Access-class 50 in/out
R(Config)#int ser 0/0
R(Config-if)#IP Access-group 100 in/out
R#show access-list
R#show access-list 50
R#show ip access-list
R#clear access-list counters 50
 Reflexive –
R(Config)#Access-list 110 permit tcp any host 172.16.20.29 eq 80
R(Config)#Access-list 110 permit tcp any any established
NOTE – We can give the IP before Access-list in standard, Explicit & Reflexive also. With this we can edit the ACL,
line by line.
5
 NAT (Network Address Translation)

- With this we can translate Private into Public IP Address & vice-versa
- If we want to connect to internet we want at least one public IP Address.
- Because, Shortage of IPv4 Public Address we use the NAT.
TYPES –
 PAT (Port Address Translation)
- All private IP’s convert into single Public IP Address using different Port No.
R(Config)#Access-list 10 permit 192.168.10.0 0.0.0.31
R(Config)#IP NAT inside source list 10 interface serial 0/0 overload
 STATIC NAT
- Single Private IP map with single Public IP
R(Config)#IP NAT inside source static 192.168.10.5 75.75.75.22
 DYNAMIC NAT WITH OVERLOAD
- Like PAT. In here we assign a pool & when one user (with private IP) want to go to internet then that user
take one public IP with one port number. Like that many user’s can go to the internet taking same Public
IP but different Port Number. When that Public IP will be reached limit (more than 64000 users) then next
user will be gone to the internet taking the another Public IP address from the pool with port number.
R(Config)#IP NAT Pool mypool 50.50.50.2 50.50.50.5 netmask 255.255.255.248
R(Config)#Access-list 10 permit host 192.168.10.52 or full n/w
R(Config)#IP NAT inside source list 10 pool mypool overload
 DYNAMIC NAT WITHOUT OVERLOAD
- In here we also provided a pool. But In here when one user (with private IP) is gone to the internet, that
take a Public IP without taking any Port Address. And when another user want to go to internet, that
another user take the another public IP from the pool.
R(Config)#IP NAT Pool mypool 50.50.50.2 50.50.50.5 netmask 255.255.255.248
R(Config)#Access-list 10 permit host 192.168.10.52 or full n/w
R(Config)#IP NAT inside source list 10 pool mypool
NAT Terms –
- Inside Local Address (Our Private IP Address)
- Inside Global Address (Our Public IP Address)
- Outside Local Address (Others Private IP Address)
- Outside Global Address (Others Public IP Address)
While doing the practical of NAT Default Route is necessary through the ISP from our Router.
 WIDE AREA NETWORK CONNECTION –
- WAN connections tie together geographically distant location (N/w’s or sites) enabling than to
communicate as if they directly connected.
- WAN works on Physically & Data Link Layer
- Layer 2 Encapsulation Protocols – HDLC, PPP with PAP, PPP with CHAP, Frame Relay, X.25, ATM
 TYPES OF WAN CONNECTIONS –
- Leased Lines (Protocols :- HDLC, PPP –> E1, T1)
- Circuit-Switched Network (Protocols :- HDLC, PPP -> ISDN Line)
- Packet-Switched Network (Frame Relay:- Virtual Circuit 512 Kbps)
1) HDLC (High Level Data Link Control) –
- Layer 2 Data encapsulation protocol used in WAN connection
- Used in Leased line/circuit-switched WAN networks
- It is Cisco proprietary protocol
- It is default encapsulation protocol
- Very low overhead on routers, simple & faster
Disadvantages –
- It is proprietary protocol (cisco)
- Having very less features as compare to PPP
6
2) PPP (Point – To – Point Protocol)

- It is a layer 2 data encapsulation protocol
- It is a open standard/industry standard protocol
- Having very high features as compared to HDLC
- More features than HDLC
- Supports authentication
- It supports data compression
- Compression make WAN connection more efficient by minimizing the amount of data send
- Compression Types – Stacker, Predictor, MPPC (Microsoft Point-To-Point Compression), LZS
- Call back supports
- Multilink (It bundles multiple WAN connection or (WAN channels in case of ISDN) into a single logical
connection
CONFIGURING THE PPP
- ROUTER(CONFIG)# INTERFACE SERIAL 0/0/0
- ROUTER(CONFIG-IF)# IP ADD 100.100.100.1 255.255.255.252
- ROUTER(CONFIG-IF)# ENCAPSULATION PPP
 PPP with PAP (Point – To – Point Protocol)
- It is password authentication protocol
- Sends username & password once in clear text format when authenticating .
- It sends own & another routers username & passwords.
CONFIGURING THE PPP WITH PAP
- ROUTER(CONFIG-IF)# PPP AUTHENTICATION PAP
- ROUTER(CONFIG-IF)# PPP PAP SENT-USERNAME PUNE PASSWORD CISCO123 (OWN ROUTER’S USERNAME & PASS)
- ROUTER(CONFIG-IF)# EXIT
- ROUTER(CONFIG)# USERNAME MUMBAI PASSWORD CISCO123 (ANOTHER ROUTER’S USERNAME & PASSWORD)
 PPP with CHAP (Point – To – Point Protocol)

- Challenge handshake authentication protocol
- Sends username & passwords in encrypted format
- It sends only another router’s username & passwords
CONFIGURING THE PPP WITH CHAP
- ROUTER(CONFIG-IF)# ENCAPSULATION PPP
- ROUTER(CONFIG-IF)# PPP AUTHENTICATION CHAP
- ROUTER(CONFIG-IF)# EXIT
- ROUTER(CONFIG)# USERNAME MUMBAI PASSWORD CISCO123 (ANOTHER ROUTER’S USERNAME & PASSWORD ONLY)
3) FRAME RELAY
- It is a layer 2 protocol (Data Link Layer encapsulation protocol) used in WAN connections.
- It’s a WAN connection technology it comes in Packet Switch type network (Type of WAN connection)
(Service Provider Technology)
- It offers the high speed demanded by the network’s of today at cut-rate prices.
- It is a shared bandwidth network
- It is the NBMA (Non Broadcast Multi-access Network)
- Inverse ARP (Automatic)
- Static mapping (Manually mapping of DLCI No. with IP Address)
- Because of Split-Horizon it doesn’t support more than two routers. For that two methods are available
o Single Neighbor (2 sites connection)
ROUTER(CONFIG)# INTERFACE SERIAL 0/0/0.1
ROUTER(CONFIG-IF)# ENCAPSULATION FRAME-RELAY IETF
ROUTER(CONFIG-IF)# IP ADD 100.100.100.1 255.255.255.252
ROUTER(CONFIG-IF)# FRAME-RELAY LMI-TYPE ANSI/CISCO/Q93A (TO SET THE LANGUAGE)
7
o Multipoint Sub interface

ROUTER(CONFIG)# INTERFACE SERIAL 0/0/0
ROUTER(CONFIG-IF)# FRAME-RELAY MAP IP 100.100.100.2 101 BROADCAST (ANOTHER’S IP SELF DLCI NO)
ROUTER(CONFIG-IF)# FRAME-RELAY MAP IP 100.100.100.3 102 BROADCAST (ANOTHER’S IP SELF DLCI NO)
ROUTER-2(CONFIG)# INTERFACE SERIAL 0/0/1
ROUTER-2(CONFIG-IF)# ENCAPSULATION FRAME-RELAY IETF
ROUTER-2(CONFIG-IF)# IP ADD 100.100.100.2 255.255.255.248
ROUTER-2(CONFIG-IF)# FRAME-RELAY MAP IP 100.100.100.1 201 BROADCAST (ANOTHER’S IP SELF DLCI)
ROUTER-3(CONFIG)# INTERFACE SERIAL 0/0/1
ROUTER-3(CONFIG-IF)# ENCAPSULATION FRAME-RELAY IETF
ROUTER-3(CONFIG-IF)# IP ADD 100.100.100.3 255.255.255.248
o Point -To-Point Sub interface
ROUTER(CONFIG)# INTERFACE SERIAL 0/0/0.1
ROUTER(CONFIG-IF)# FRAME-RELAY LMI-TYPE ANSI/CISCO/Q93A (TO SET THE LANGUAGE)
 FRAME RELAY NETWORK DESIGN TYPES / TOPOLOGIES –

- Hub & Spoke
- Partial Mesh
- Full Mesh
FRAME RELAY TERMINOLOGY –
- PVC – Permanent Virtual Circuit
- SVC – Switched Virtual Circuit
- LMI – Local Management Interface
- LAR – Local Access Rate
- CIR – Committed Information Rate
- BECN – Backward explicit congestion notification
- FECN – Forward explicit congestion notification
- DE – Discard Eligible
- DLCI NO. (No. Address) – Data Link Connection Identifier.
 VPN (VIRTUAL PRIVATE NETWORK)

- It is a technology use to connect two or more than two private n/w’s with the help of public backbone
n/w i.e. internet
- Main type Site-to-site (Hub & Spoke, Partial & Full Mesh) and Remote Access (Client-Based and SSL/Web)
- It uses IPSec Protocol (It is a protocol suite). It have four sub protocols
o Negotiation
 It is main engine protocol which operates VPN. It contains two protocols
 AH Protocol – Authentication Header Protocol
 ESP Protocol – Encapsulating Security Payload. Second IPSec engine. It supports all
authentication, Data Integrity, Data Encryption.
o Encryption
 Used to Data Encryption
 DES – Data Encryption Standard (Algorithm) 56-bit key
 BDES – (Triple DES)
 AES – Advanced Encryption standard (128, 192, 256 bit)
 It also k/as symmetric encryption. It uses only one common key to encrypt.
8
o Authentication (Data Integrity)

 MD5 – Message Digit 5 (In year 1991 – 128 bit algorithm)
 SHA-1 – Secure Hash Algorithm Type -1 (160 bit algorithm)
 It take care that data shouldn’t change during transmission
o Data Protection
 Diffie Hellman (DF Algorithm)
 DH-1, DH-2, DH-5, DH-7
 It is also k/as Asymmetric Encryption. It uses two keys to encrypt data.
Advantages -
- Cost savings over private line connections
- Remote Access Connections for mobile or telecommuting users.
Disadvantages -
- Higher overhead on router
- Varying Service level (b/w)
- Additional Security consideration
Configuration -
Pune(config)# int ser 0/0/0
Pune(config-if)#ip address 100.100.100.2 255.255.255.252
Pune(Config)# ip route 0.0.0.0 0.0.0.0 100.100.100.1
Pune(Config)# crypto isakmp policy 1
Pune(Config-isakmp)# encryption 3des
Pune(Config-isakmp)# hash md5
Pune(Config-isakmp)# authentication pre-share
Pune(Config-isakmp)# exit
Pune(Config)# crypto isakmp key cisco123 address 200.200.200.2
Pune(Config)# crypto ipsec transform-set amit-set esp-3des esp-sha-hmac
Pune(Config)# access-list 100 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
Pune(Config)# crypto map vpnmap 1 ipsec-isakmp
Pune(Config-crypto-map)# set peer 200.200.200.2
Pune(Config-crypto-map)# set transform-set amit-set
Pune(Config-crypto-map)# match address 100
Pune(Config-crypto-map)# exit
Pune(Config)# int ser 0/0/0
Pune(Config-if)# crypto map vpnmap
 SSH (Secure Shell)
- Change default name of Cisco device (Hostname)
- Configure a domain name with the “ip domain-name cisco.com”
- Generate the “RSA” key with at least “1024 bit” with the command “crypto key generate RSA”
o RSA key for encryption.
- Create username & password with command
o R(config)#username amit password(secret) aaa
Configuration-
- Pune(Config)# ip domain-name cisco.com
- Pune(Config)#crypto key generate rsa
- Pune(Config)#1024
- Pune(Config)# Username amit secret aaa
- Pune(Config)# Line vty 0 4
- Pune(Config-line)# Login local
Whether to Allow SSH or Telnet -
- Pune(Config)# line vty 0 4
- Pune(Config-line)# transport input SSH/TELNET
9
WIRELESS NETWORKING -
 Type – According to Area Coverage
WLAN (Wireless Local Area N/W)
o Coverage Distance (100 mtr)
o We use wireless Access Point (Wireless AP)
o Data rate 11Mbps/54Mbps
o Speed >100Mbps
o Max. Speed 540 Mbps in today
WPAN (Wireless Personal/Private Area N/W) Ex. Bluetooth, Infrared
o Low power requires
o Low distance coverage (10mtr)
o Speed 1 Mbps
WMAN (Wireless MAN N/W)
o Citywide wireless coverage
o Speed 10-20 Mbps
o Required large Antennas/Towers
o Requires More Power for Transmission
WWAN (Wireless WAN N/W)
o Cellular’s N/W
o GPRS, GPS, 3G
o Speed some Kbps to Some Mbps
 Wireless Topologies (Type of N/w) –
Ad-Hoc N/w (Peer-to-Peer N/w) (IBSS-Independent Basic Service Set)-
o It work’s without Access Point
o Wireless NIC required
o Full Mesh Topology
Basic Service Set (BSS) -
o Only one Access Point is used
o Like Star Topology
o W-AP Acts like a Hub
E xtended Service Set (ESS) -
o More than one Access Point is used
o For roaming 10-15% overlapping is must
o 1, 6, 11 Non-Overlapping Channels.
 Wireless Facts –
Wireless AP works like a hub but
o Hub – CSMA/CD, Half Duplex
o Wireless AP – CSMA/CA
o It remove’s collision before
Single collision domain & works in Half duplex mode
It uses unlicensed band of Radio frequencies (RF works)
3 Major Organizations
o IEEE – Institute of Electrical & Electronics Engineers
o Wi-Fi Alliace – Wireless fidelity – All wireless vendors come together & organization is formed
o ITU-R – International Telecommunication Union – Radio Frequency Division
 All 3 (IEEE, Wi-Fi & ITU-R) Plays an important role in wireless N/w
Unlicensed Band of Radio Frequencies -
o 900 MHz -> 902 - 928 MHz
o 2.4 GHz -> 2.400 - 2.483 GHz
o 5 GHz -> 5.150 - 5.300 GHz
5.725 – 5.825 GHz
10
 Wireless Standards (IEEE 802.11) –

IEEE 802.11a -
o RF Band - 5 GHz
o Data Rate - 54 Mbps
o Channels - 23 Nos.
o Outdoor Range - 75 Mtr
o Indoor Range - 25 Mtr
IEEE 802.11b -
o RF Band - 2.4 GHz
o Channels - 11/13 Nos. (3-Non-Overlapping Channels) 1, 6, 11
IEEE 802.11g -
o RF Band - 2.4 GHz
IEEE 802.11n -
o RF Band - 2.4 OR 5 GHz
 Wireless Data Rate –
IEEE 802.11a/g (54 Mbps) –
Step 1 - 54 Mbps
Step 2 - 48 Mbps
Step 3 - 36 Mbps
Step 4 - 24 Mbps
Step 5 - 18 Mbps
Step 6 - 12 Mbps
Step 7 - 9 Mbps
Step 8 - 6 Mbps
IEEE 802.11b (11 Mbps) –
Step 1 - 11 Mbps
Step 2 - 5.5 Mbps
Step 3 - 2 Mbps
Step 4 - 1 Mbps
11
SWITCHING -
 Foundation Switching Operations
Switch having three modes
- Listening Mode
- Learning Mode
- Forwarding Mode
Layer 2 Switch –
- It understands MAC Address
- It maintains MAC Address Table/CAM Table
- Broadcast Address is FFF:FFFF:FFFF (12 Hexa. i.e. 12x4 bits = 48 bits)
- Multicast Address Range – 0100:5E00:0000 – 0100:5EFF:FFFF
Layer 3 Switch –
- It understands IP Address & used to connect two or more different n/w’s
Frame Transmission Methods/Techniques (Types of Switches) –
- Store-And-Forward
o Slower in speed (Frame Transfer)
o Frame stored in buffer (Memory) – It checks total frame – It corrects the frame & then forward
to destination using parity bits (CRC – Cyclic Redundancy Check) – 100% Reliable communication
– High processing power utilize
- Cut-Through
o Faster in speed (Frame Transfer)
o It doesn’t performs CRC (So doesn’t require buffer)
o Not Reliable as compared to Store-And-forward
o Processing power low utilize
- Fragment Free
o Medium in speed (Frame Transfer)
o It buffers 64 byte of a frame (all collision occurs within the first 64 bytes) & check this data
o Medium processing power utilize
o Reliability is medium, more reliable compared to Cut-Through & less reliable compared to Store-
And-Forward
 SOME COMMANDS -
SW#show mac-address-table
SW#show dhcp lease
SW(config)#int vlan 1
SW(config-if)#ip add dhcp (To get ip from DHCP Server Automatically)
SW(config-if)#ip add 10.10.10.1 255.255.255.224
SW(config-if)#no shut
SW(config)#int range fa 0/0
SW(config-if-range)#shut / no shut
SW(config-if-range)#duplex ? (Auto/Half/Full)
SW(config-if-range)#Speed ? (10/100/Auto)
SW(config)#ip default-gateway 192.168.10.1 (To assign Gateway to the Switch)
 Spanning Tree Protocol (IEEE 802.1d)
- To avoid the loop between switches we use STP
- By default STP is running
- Smaller Bridge ID switch is selected as Root Bridge all ports of root Bridge is DP
- Bridge ID/Root ID – Bridge priority.MAC Address
- Switches connected to DP ports of Root bridge that become RP and another ports become DP or NDP (by
relation). Every switch contains at least one DP port. Whose bridge ID is higher in that n/w one port
become NDP(non designated port).
- Now other switches try to find the best path having low link cost to reach root bridge.
- It is also Farwarding Port (Data Send/Receive)
- It also send/receives Hello’s
- NDP (BLK) – It stop send/receive of the data. But does not stop Hellos.
12
- Packet Dropping k/as Network Outage.

Port Cost
- 10 Mbps 100
- 100 Mbps 19
- 1 Gbps 4
- 10 Gbps 2
STP PORT STATES –

STATE FUNCTION TIME
DISABLE Interface is administratively shutdown for security purpose N/A
LISTENING Begin to transition to a farwarding state by listening & sending 15 SEC.
Hello’s (BPDU-Bridge Protocol Data Unit) (No data send)
LEARNING Begins to build the MAC Address learn on the interface (No Data send) 15 SEC.
BLOCKING Does not forward (send/receive) any user data. 0-20 SEC
But doesn’t block any BPDU Wait Timer
Commands-
SW(config)# Show spanning-tree
SW# show version
SW# show spanning-tree <specified VLAN name or Number>
To change bridge priority
SW(config)#spanning-tree vlan 10 priority 4096 (4096, 8192, 16384…)
 VLAN-
- Virtual LAN (VLAN) is a logical LAN or logical subnet. It defines a broadcast domain. Each VLAN having
separate broadcast domain (BD).
- VLAN’S logically devides a switch into multiple broadcast domains at layer2
- By default in switch, there is only on BD because all 24 ports are in VLAN 1
- VLAN 1 is already present which we called the management vlan. We can configure IP add to vlan1. We
can’t delete or rename it.
- A logical subnet is a group of switch ports assigned to the same VLAN, regardless of their physical location
in switch network.
- After creating VLAN, the VLAN.dat file creates in the flash memory.
Benefits of VLAN -
- VLAN’s are used to break large campus network into smaller pieces.
- To minimize the broadcast traffic
- It separate VLAN logically (By using ports[In which VLAN])
- VLAN separate the broadcast at layer 2, so performance is more
- VLAN also maintain security
- Logically groups users (Different department)
Commands— (in Privilege MODE)
SW# show vlan
SW# show vlan brief
SW#vlan database
SW (vlan)# show vlan 2 , SW(vlan)#vlan3
SW(vlan)#vlan 2 Name HR
SW(vlan)#no vlan2
(in config mode )
SW(config)#vlan3, SW(config)# vlan 4
How to assign port to vlan ?
SW(config) # interface rang fast-Ethernet 0/1-12
SW(config-if-range) # switch-port Access Vlan3
 How to delete VLAN.dat in flash? (To make switch as factory default)
SW #delete flash: vlan.dat
SW#erase startup-config
SW#reload
13
 VLAN Trunking – 802.1q

- VLAN Trunking we use for carry the multiple traffic from one switch to another switch.
- By default all vlans traffic carries from the trunking links
- It is possible to configure a trunk link to allow traffic only from certain VLAN’s
Types
- ISL Trunk (inter Switch Link Trunk) it’s a cisco proprietary
o It is the cisco proprietory protocol but not used today
o Passes multiple VLAN traffic between the switches
o Places VLAN information into each frame k/as tagging.
o Works on layer 2
o It requires a direct point-to-point link, No intermidiate device between switches.
Drawbacks –
o This trunking exceeds the ethernet frame size. Frame encapsulation
30 bytes (26 byte header + 4 byte CRC)
o Slower in operation
- IEEE 802.1q Trunk – Open standards we use any vendor device
o It is an open standard/industry standard
o Standard based VLAN tagging that inserts 4-byte tag in the original frame
o Traffic originating from the native VLAN (Default VLAN1) is not tagged over the trunk.
o If native VLAN configuration did not match on both sides this could cause VLAN lickage.
Command
SW(config)#interface gigabit-Ethernet 1/1
SW(config-if)#switch-port mode trunk
SW(config)#switch native vlan 2 (with this only vlan2 traffic will carry)
SW#show interfaces trunk
 VTP- VLAN TRUNKING PROTOCAL (VLAN Replication Protocol)
It used to all switches connected to each other
- It is a Cisco proprietary protocol
- It is used to change the vtp mode (For example Server, Client, Transparent)
Server Mode -
- It is default vtp mode
- It acts as a master role
- We can add, remove, modify, rename VLAN’s
- VTP revision ID is 0. It increases by 1 while creating & renaming VLAN.
- These VLAN’s are advertising to other switches. (VTP advertisement/updates)
Client Mode -
- We can't add, remove, modify, rename VLAN’s
- It listen VTP advertisement & participate in that (Try to synch with server)
- VTP advertisement through it is to other switch, which connected to it.
- It does not save any VLAN configuration in VLAN Database. (Does not create any VLAN.dat file)
Transparent Mode -
- We can add, remove, modify, rename VLAN’s
- They are only local to himself
- VTP revision ID is always 0. It does not change
- Does not participate in VTP advertisement but passes through it to other switch.
- It creates VLAN.dat file
Command for changing a mode
SW(config)# inter face Gigabit-Ethernet 1/1
SW(config-if)# switch-port mode trunk
SW(config)# vtp mode <server/client/transparent>
SW(config)#vtp domain domain-name <Ri.com>
Trunk port must be in same vlan of all switches, by default vlan1
14
 PVSTP-Per Vlan Spanning Tree Protocal

- PVSTP is like STP
- By default is running on every switch.
- Per VLAN one STP instance (protocol) is running.
- Allow different root bridges per VLAN
- Here we can define the primary & secondary Root per vlan if Primary is down then secondary works [get
active] in almost 50 sec.
{note- manually do setting per vtp}
COMMAND -
SW1(config)# spanning-tree vlan 2-3 root primary
SW1(config)#spanning-tree Vlan 4-5 Root secondary
SW2(config)# spanning-tree vlan 2-3 root secondary
SW1#show spanning tree
(to see the root bride & various stp ports [DP, NDP, RP])
 RPVSTP - Rapid Per Vlan Spanning Tree Protocal
- RPVSTP is also like STP
- Pro – Active system
- IEEE 802.1w
- Redefined port roles
- More logical ports
- Port States – RP, DP, Discarding Port
- By default it is not running on every switch. We have to run it.
- Allow different root bridges per VLAN
- Here we can define the primary & secondary Root per vlan if Primary is down then secondary works [get
active] in almost 0 sec.
{note- manually do setting per vtp}
COMMAND -
SW1(config)# spanning-tree mode rapid-pvstp
SW1(config)#spanning-tree Vlan 4-5 Root secondary
SW2(config)# spanning-tree vlan 2-3 root secondary
SW1#show spanning tree
(to see the root bride & various stp ports [DP, NDP, RP])
 INTER VLAN ROUTING
- Routing between two or more than two different VLAN’s, we require Layer 3 device (Router/L3 Switch)
- There are two methods to inter VLAN Routing (1) Router on a Stick, (2) Switched Virtual Interface (SVI)
 ROUTER ON A STICK – (USING ROUTER)
ADVANTAGES –
o Easy to configure
o Low cost (with only one L3 port)
DISADVANTAGES –
o Single point-of failure
o Slow or low performance
o Router does software routing
o More CPU cycle, time wastage, slower speed
15
CONFIGURATION -
R1(config)# int fas 0/0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#int fas 0/0.10
R1(config-subif)#encapsulation dot1Q 10 (VLAN of switch)
R1(config-subif)#ip add 192.168.10.1 255.255.255.0
R1(config-subif)#exit
 SWITCHED VIRTUAL INTERFACE – (SVI METHOD USING L3 SWITCH)
ADVANTAGES –
o It does hardware routing (Packet switching)
o It is faster than software routing
o It is better than router on a stick method for redundancy
DISADVANTAGES –
o Cost is more
CONFIGURATION -
L3SW1(config)#ip routing
L3SW1(config)#vlan 10
L3SW1(config)#int vlan 10
L3SW1(config-if)#ip add 192.168.10.1 255.255.255.0
L3SW1(config)#exit
DTP – Dynamic Trunking Protocol

- It works on layer 2
- Cisco proprietary protocol used for Dynamic Trunking
- Possible Trunking Modes
o Access
 Doesn’t Trunk, Only related to single VLAN
o Trunk
 Associated to all VLAN’s present on switch & sends DTP packets so that another become
trunk
o Dynamic
 Auto
 The port negotiates to trunk if other side is trunk/desirable (only receives DTP
packets & then become trunk)
 Desirable
 The port negotiates to become trunk if other side is set to trunk, desirable or
dynamic auto
 Send DTP packets to become trunk
o No Negotiate
 Port permanently becomes but disable DTP negotiation
16
17

Amit CCNA Interview Notes

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Amit CCNA Interview Notes

Diunggah oleh

Hak Cipta:

Format Tersedia

Created by – Amit Challelwar, 7588773030

Status Protocol Causes

 TCP – 3 Way Handshake

 WAN LINK CABLE – 1) CAB - V.35 - MT (DB60 - DB60),

 Dynamic Routing Protocols –

- ROUTER(CONFIG-ROUTER)# NETWORK 100.100.100.0 (WAN N/W)

- ROUTER(CONFIG)# IP ROUTE 192.168.10.0 255.255.255.224 Null 0

- ROUTER(CONFIG)# ROUTER EIGRP 100

To Publish All Network At a Time –

 OSPF (Open Shortest Path First)

 CDP (CISCO DISCOVERY PROTOCOL)

 NAT (Network Address Translation)

2) PPP (Point – To – Point Protocol)

 PPP with CHAP (Point – To – Point Protocol)

o Multipoint Sub interface

 FRAME RELAY NETWORK DESIGN TYPES / TOPOLOGIES –

 VPN (VIRTUAL PRIVATE NETWORK)

o Authentication (Data Integrity)

 Wireless Standards (IEEE 802.11) –

- Packet Dropping k/as Network Outage.

STP PORT STATES –

 VLAN Trunking – 802.1q

 PVSTP-Per Vlan Spanning Tree Protocal

DTP – Dynamic Trunking Protocol

Anda mungkin juga menyukai