Académique Documents
Professionnel Documents
Culture Documents
OSI Model
LAN Design
Network Devices
Bridging/Switching
VLANs
Lan Protocols
TCP/IP
IPX/SPX
WAN Protocols
Frame Relay
ISDN
ATM
PPP
Cisco IOS
Security
Routing
RIP
OSPF
IGRP and EIGRP
Other Routing Info
Additional Links
OSI Model:
The OSI model is a layered model and a conceptual standard used for
defining standards to promote multi-vendor integration as well as maintain
constant interfaces and isolate changes of implementation to a single layer.
It is NOT application or protocol specific. In order to pass any Cisco exam,
you need to know the OSI model inside and out.
The table above mentions the term "MAC Address". A MAC address is a 48 bit
address for uniquely identifying devices on the network. Something likes 00-
00-12-33-FA-BC, we call this way of presenting the address a 12 hexadecimal
digits format. The first 6 digits specify the manufacture, while the remainders
are for the host itself. ARP Protocol is used to determine the IP to MAC
mapping. And of course, MAC addresses cannot be duplicated in the network
or problems will occur.
Data encapsulation takes place in the OSI model. It is the process in which
the information in a protocol is wrapped in the data section of another
protocol. The process can be broken down into the following steps:
User information -> data -> segments -> packets/datagrams -> frames ->
bits.
A session is guaranteed.
Acknowledgements are issued and received at the transport layer,
meaning if the sender does not receive an acknowledgement before the
timer expires, the packet is retransmitted.
Phrases in a connection-oriented service involves Call Setup, Data
transfer and Call termination.
All traffic must travel along the same static path.
A failure along the static communication path can fail the connection.
A guaranteed rate of throughput occupies resources without the flexibility
of dynamic allocation.
Reliable = SLOW (this is always the case in networking).
LAN Design:
Ethernet
When we talk about a LAN, Ethernet is the most popular physical layer LAN
technology today. Its standard is defined by the Institute for Electrical and
Electronic Engineers as IEEE Standard 802.3, but was originally created by
Digital Intel Xerox (DIX). According to IEEE, information for configuring an
Ethernet as well as specifying how elements in an Ethernet network interact
with one another is clearly defined in 802.3.
Fast Ethernet
For networks that need higher transmission speeds, there is the Fast
Ethernet standard called IEEE 802.3u that raises the Ethernet speed limit to
100 Mbps! Of course, we need new cabling to support this high speed. In
10BaseT network we use Cat3 cable, but in 100BaseT network we need Cat 5
cables. The three types of Fast Ethernet standards are 100BASE-TX for use
with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and
100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable.
Gigabit Ethernet
Gigabit Ethernet is an emerging technology that will provide transmission
speeds of 1000mbps. It is defined by the IEEE standard The 1000BASE-X
(IEEE 802.3z). Just like all other 802.3 transmission types, it uses Ethernet
frame format, full-duplex and media access control technology.
Token Ring
Token Ring is an older standard that isn't very widely used anymore as most
have migrated to some form of Ethernet or other advanced technology. Ring
topologies can have transmission rates of either 4 or 16mbps. Token passing
is the access method used by token ring networks, whereby, a 3bit packet
called a token is passed around the network. A computer that wishes to
transmit must wait until it can take control of the token, allowing only one
computer to transmit at a time. This method of communication aims to
prevent collisions. Token Ring networks use multistation access units
(MSAUs) instead of hubs on an Ethernet network. For extensive information
on Token Ring, visit Cisco's website.
Network Devices:
In a typical LAN, there are various types of network devices available as
outlined below.
• Hub Repeat signals received on each port by broadcasting to all the
other connected ports.
• Switch Can link up four, six, eight or even more networks. Cut-through
switches run faster because when a packet comes in, it forwards it
right after looking at the destination address only. A store-and-forward
switch inspects the entire packet before forwarding. Most switches
cannot stop broadcast traffic. Switches are layer 2 devices.
• Routers Can filter out network traffic also. However, they filter based
on the protocol addresses defined in OSI layer 3(the network layer),
not based on the Ethernet packet addresses. Note that protocols must
be routable in order to pass through the routers. A router can
determine the most efficient path for a packet to take and send
packets around failed segments.
• Brouter Has the best features of both routers and bridges in that it
can be configured to pass the unroutable protocols by imitating a
bridge, while not passing broadcast storms by acting as a router for
other protocols.
Bridging/Switching:
Bridge - A layer 2 device used to connect different networks types or
networks of the same type. It maps the Ethernet addresses of the nodes
residing on each segment and allows only the necessary traffic to pass
through the bridge. Packet destined to the same segment is dropped. This
"store-and-forward" mechanism inspects the whole Ethernet packet before
making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it
introduces a 20 to 30 percent latency when processing the frame. Only 2
networks can be linked with a bridge.
Switch - Switches are layer 2 devices that can link up four, six, eight or
even more networks. Switches are the only devices that allow for
microsegmentation. Cut-through switches run faster because when a packet
comes in, it forwards it right after looking at the destination address only. A
store-and-forward switch inspects the entire packet before forwarding. Most
switches cannot stop broadcast traffic. Switches are considered dedicated
data link device because they are close to a 100 % of the bandwidth. While
bridging does most of its work by hardware, switches use fabric/software to
handle most of its work.
VLANs can be complicated to set up. VLANs use layer 2 addressing, meaning
that routers are required between separate VLANs. The advantage of
deploying layer 2 addresses is that layer 2 addressing is faster to process. It
is also quite common for administrators to set up multiple VLANs with
multiple access lists to control access. Layer 3 routing provides the ability for
multiple VLANs to communicate with each other, which means that users in
different locations can reside on the same VLAN. This is a flexible approach
to network design.
VLANs are configured on the switch three ways, port centric, static and
dynamically. In port-centric VLANs, all the nodes connected to ports in the
same VLAN are assigned the same VLAN ID. Packets do not ?leak? into other
domains, and are easily administered and provide great security between
VLANs. Some say that static configured VLANs are the same as port centric,
because static VLANs use the port centric method for assigning them to
switch ports. Dynamic VLANs are ports on a switch that can automatically
determine their VLAN assignments. Dynamic VLAN functions are based on
MAC addresses, logical addressing, or protocol type of the data packets.
When a station is initially connected to an unassigned switch port, the
appropriate switch checks the MAC entry in the management database and
dynamically configures the port with the corresponding VLAN configuration.
The major high points of this method are less administration overhead, of
course only after the first administration of the database within the VLAN
management software.
VLAN Switching
VLAN Considerations
Lan Protocols:
The following sections will introduce the core LAN protocols that you will
need to know for the exam.
TCP/IP:
Every IP address can be broken down into 2 parts, the Network ID(netid) and
the Host ID(hostid). All hosts on the same network must have the same
netid. Each of these hosts must have a hostid that is unique in relation to the
netid. IP addresses are divided into 4 octets with each having a maximum
value of 255. We view IP addresses in decimal notation such as
124.35.62.181, but it is actually utilized as binary data so one must be able
to convert addresses back and forth.
The following table explains how to convert binary into decimal and visa
versa:
Decimal Binary When converting binary data
128 10000000 to decimal, a "0" is equal to
64 01000000 0. "1" is equal to the number
that corresponds to the field
32 00100000
it is in. For example, the
16 00010000 number 213 would be
8 00001000 11010101 in binary notation.
4 00000100 This is calculated as follows:
2 00000010 128+64+0+16+0+4+0+1=
213. Remember that this
only represents 1 octet of 8
bits, while a full IP address is
32 bits made up of 4 octets.
1 00000001 This being true, the IP
address 213.128.68.130
would look like 11010101
10000000 01000100
10000010.
In the table above, the it shows the default subnet masks. What subnet mask
do you use when you want more that 1 subnet? Lets say, for example, that
you want 8 subnets and will be using a class C address. The first thing you
want to do is convert the number of subnets into binary, so our example
would be 00001000. Moving from left to right, drop all zeros until you get to
the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary
so we add a "1" to the first 4 high order bits of the 4th octet of the subnet
mask(since it is class C) as follows:
11111111.11111111.11111111.11110000 = 255.255.255.240. There is our
subnet mask.
Lets try another one...Lets say that you own a chain of stores that sell
spatulas in New York and you have stores in 20 different neighborhoods and
you want to have a separate subnet on your network for each neighborhood.
It will be a class B network. First, we convert 20 to binary - 00010100. We
drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to
make 20 in binary so we add a "1" to the first 5 high order bits which gives:
11111111.11111111.11111000.00000000 = 255.255.248.0. The following
table shows a comparison between the different subnet masks.
# of
Ma Class A Class B Class C
Subnet
sk Hosts Hosts Hosts
s
192 2 4,194,302 16,382 62
224 6 2,097,150 8,190 30
240 14 1,048,574 4,094 14
248 30 524,286 2,046 6
252 62 262,142 1,022 2
254 126 131,070 510 Invalid
255 254 65,534 254 Invalid
Note: 127.x.x.x is reserved for loopback testing on the local system and is
not used on live systems.
IPX/SPX:
IPX will also be an important issue to consider in network management given
the fact there many companies still use Netware servers. There are two parts
to every IPX Network address - the Network ID and the Host ID. The first 8
hex digits represent the network ID, while the remaining hex digits represent
the host ID, which is most likely the same as the MAC address, meaning we
do not need to manually assign node addresses. Note that valid hexadecimal
digits range from 0 through 9, and hexadecimal letters range from A through
F. FFFFFFFF in hexadecimal notation = 4292967295 in decimal.
WAN Protocols:
In general, there are three broad types of WAN access technology. With
Leased Lines, we have point-to-point dedicated connection that uses pre-
established WAN path provided by the ISP. With Circuit Switching such as
ISDN, a dedicated circuit path exist only for the duration of the call. Compare
to traditional phone service, ISDN is more reliable and is faster. With Packet
Switching, all network devices share a single point-to-point link to transport
packets across the carrier network - this is known as virtual circuits.
Frame Relay:
Frame Relay has the following characteristics:
successor to X.25
has less overhead than X.25 because it relies on upper layer protocols to
perform error checking.
Speed in between the range of 56 Kbps to 2.078 Mbps.
uses Data Link Connection Identifiers(DLCI) to identify virtual circuits,
with DLCI number between 16 and 1007.
uses Local Management Interfaces(LMI) to provide info on the DLCI values
as well as the status of virtual circuits. Cisco routers support Cisco(Default),
ANSI and Q933a.
to set up frame relay, we need to set the encapsulation to frame-relay in
either the Cisco(Default) mode or the IETF mode, although Cisco
encapsulation is required to connect two Cisco devices.
LMI type is configurable, but by default it is being auto-sensed.
generally transfer data with permanent virtual circuits (PVCs), although
we can use switched virtual circuits (SVCs) as well.
SVC is for transferring data intermittently.
PVC does not have overhead of establishing and terminating a circuit
each time communication is needed.
Committed Information Rate(CIR) is the guaranteed minimum transfer
rate of a connection
Cisco has a web page that describes the configuration and troubleshooting of
Frame relay at http://www.cisco.com/warp/public/125/13.html
ISDN:
ISDN has the following characteristics:
Works at the Physical, Data Link, and Network Layers.
Often used in backup DDR Dial on Demand Routing.
Makes use of existing telephone.
Supports simultaneous data and voice.
Max speed at 125 Kbps with PPP Multilink.
Call setup and data transfer is faster than typical modems.
BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for
control
PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel
and one D Channel in Europe.
E protocol specifies ISDN on existing telephone network
I protocol specifies Concepts, terminology, and Services
Q protocol specifies switching and signaling
ISDN Reference Points include R(between non ISDN equipment and TA),
S(between user terminals and NT2), T(between NTI and NT2 devices) and
U(between NTI devices and Line Termination Equipment in North America)
router always connected by the U interface into NT1
BRI interface is considered Terminal Equipment type 1 TE1
TE1 is built into the ISDN standards
Needs to have Terminal Adapter TA to use TE2
Cisco has a web page with links about the configuration and troubleshooting
of ISDN here
ATM:
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-
switching technique that uses short fixed length packets called cells which
are about 53 bits in length. ATM can transmit voice, video, and data over a
variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps
to as high as 622Mbps. I recently read that the new standard may be 2Gbps.
ATM's speed is derived from the use of short fixed length cells, which reduce
delays, and the variance of delay for delay-sensitive services such as voice
and video. ATM is capable of supporting a wide range of traffic types such as
voice, video, image and data.
PPP:
As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point
Protocol (PPP) was mainly for the transfer of data over slower serial
interfaces. It is better than SLIP because it provides multiprotocol support,
error correction as well as password protection. It is a Data Link Layer
protocol used to encapsulate higher protocols to pass over synchronous or
asynchronous communication lines. PPP is capable of operating across any
DTE/DCE device, most commonly modems, as long as they support duplex
circuits. There are 3 components to PPP:
PPP communication occurs in the following manner: PPP sends LCP frames to
test and configure the data link. Next, authentication protocols are
negotiated to determine what sort of validation is used for security. Below
are 2 common authentication protocols:
PAP is similar to a network login but passwords are sent as clear text. It is
normally only used on FTP sites.
CHAP uses encryption and is a more secure way of sending passwords.
Then NCP frames are used to setup the network layer protocols to be used.
Finally, HDLC is used to encapsulate the data stream as it passes through
the PPP connection.
2. PPTP creates a control connection between the client and remote PPTP
server
There is a very helpful web site with detailed tutorials on ISDN, Frame Relay,
X.25, ATM and other serial WAN technologies located here.
Cisco IOS:
Cisco routers use the Internetworking Operating System(IOS) which stores
the configuration information in Non-Volatile RAM(NVRAM) and the IOS itself
is stored in flash. The IOS can be accessed via Telnet, console
connection(such as hyperterminal) or dialin connection. You can also
configure the router as a web server and then access a web-based
configuration panel via http.
There are a variety of sources for booting include Flash memory, TFTP and
ROM. It is always recommended that new image of IOS be loaded on a TFTP
server first, and then copy the image from the TFTP server to the flash
memory as a backup mechanism. The copy command such as "copy tftp
flash" allows us to copy the IOS image from TFTP server to the Flash
memory. And of course, we can always do the reverse. Now, we need to
inform the router to boot from the correct source. The following commands
are examples of what we should type in depending on the situation.
Typically, it is a good idea to specify multiple boot options as a fall back
mechanism.
After the boot up process we can prepare to login. The User EXEC is the first
mode we encounter. It gives us a prompt of "Router>". To exit this mode
means to log out completely, this can be done with the logout command. If
we want to proceed to the Privileged EXEC, we need to use the enable EXEC
command. Once entered, the prompt will be changed to ?Router#". To go
back to user EXEC mode, we need to use the disable command. Note that all
the configuration works requires the administrator to be in the Privileged
mode first. Put it this way, Privileged EXEC mode includes support for all
commands in user mode plus those that provide access to global and system
settings.
The setup command facility is for making major changes to the existing
configurations, such as adding a protocol suite, modifying a major
addressing scheme changes, or configuring a newly installed interface.
If you aren't big on reading manuals, finding out the way to access help
information is a MUST. To display a list of commands available for each
command mode, we can type in a ? mark. IOS also provides context-
sensitive help feature to make life easier. In order to pass this exam, you will
need to be able to find your away around the IOS. We will list some the
information here, but there is too much to list all of it. You will definitely need
access to a router or get the software listed at the beginning of this study
guide so that you can practice.
You will find most of the IOS commands at the following 2 links:
Router and Switch Commands
http://www.cisco.com/warp/cpropub/45/tutorial.htm
Security:
Access Lists allow us to implement some level of security on the network by
inspecting and filtering traffic as it enters or exits an interface. Each router
can have many access lists of the same or different types. However, only one
can be applied in each direction of an interface at a time (keep in mind that
inbound and outbound traffic is determined from the router's perspective).
The two major types of access lists that deserve special attention are the IP
Access Lists and the IPX Access Lists.
1-99 Standard IP
100- Extended IP
199
300- DECnet
399
600- Appletalk
699
When dealing with Access Control Lists or preparing for your CCNA exam,
you have to deal with a 32-bit wild card address in dotted-decimal form,
known as your inverse mask. By Cisco?s definition it is called inverse, but
you can think of it as the ?reverse? of your subnet mask in most cases. When
dealing with your wild card mask, you have two values that you are working
with. Like subnetting you have a 0 as "off" and a 1 as the "on" value. Wild
cards deal with the 0 value as ?match? and the 1 value as "ignore". What do
I mean by ignore or match? If you have studied ACLs you should know that
your goal is to set criteria to deny or permit and that is where your Inverse
mask comes into play. It tells the router which values to seek out when
trying to deny or permit in your definition. If you have dealt with subnetting
you know that most of your address ended with an even number. With your
inverse mask you will end up with an odd number. There are several
different ways to come up with your inverse mask; the easiest is to subtract
your subnet mask from the all routers broadcast address of
255.255.255.255.
Example: You have a subnet mask of 255.255.255.0. To get your wild card
mask all you have to do is:
255.255.255.255.
-255.255.255.0
0.0.0.255
Then you can apply it to the definition, whether using a standard or extended
ACL.
Standard example:
Router(config)# access-list 3 deny 170.10.1.0 0.0.0.255
How you would read this list. With this wild card you told the router to ?
match? the first three octets and you don?t care what?s going on in the last
octet.
Extended example:
Router(config)# access-list 103 permit 178.10.2.0 0.0.0.255 170.10.1.0
0.0.0.255 eq 80
How you would read this list? With this wild card you have told the router to
match The first three octets and you don?t care what?s going on in the last
octet.
Thank of it this way. If you had broken the decimal form down to binary. The
wild card mask would look like this.
00000000.00000000.00000000.11111111 As you know the ?1? means
ignore and ?0? means match. So in that last octet it could have been any
value on that subnet line ranging from 0-255.
Routing:
There are 2 main types of routing, which are static and dynamic, the third
type of routing is called Hybrid. Static routing involves the cumbersome
process of manually configuring and maintaining route tables by an
administrator. Dynamic routing enables routers to "talk" to each other and
automatically update their routing tables. This process occurs through the
use of broadcasts. Next is an explanation of the various routing protocols.
RIP:
Routing Information Protocol(RIP) is a distance vector dynamic routing
protocol. RIP measures the distance from source to destination by counting
the number of hops(routers or gateways) that the packets must travel over.
RIP sets a maximum of 15 hops and considers any larger number of hops
unreachable. RIP's real advantage is that if there are multiple possible paths
to a particular destination and the appropriate entries exist in the routing
table, it will choose the shortest route. Routers can talk to each other,
however, in the real routing world, there are so many different routing
technologies available, that it is not as simple as just enabling Routing
Information Protocol (RIP).
OSPF:
Open Shortest Path First (OSPF) is a link-state routing protocol that
converges faster than a distance vector protocol such as RIP. What is
convergence? This is the time required for all routers to complete building
the routing tables. RIP uses ticks and hop counts as measurement, while
OSPF also uses metrics that takes bandwidth and network congestion into
making routing decisions. RIP transmits updates every 30 seconds, while
OSPF transmits updates only when there is a topology change. OSPF builds a
complete topology of the whole network, while RIP uses second handed
information from the neighboring routers. To summarize, RIP is easier to
configure, and is suitable for smaller networks. In contrast, OSPF requires
high processing power, and is suitable if scalability is the main concern.
We can tune the network by adjusting various timers. Areas that are tunable
include: the rate at which routing updates are sent, the interval of time after
which a route is declared invalid, the interval during which routing
information regarding better paths is suppressed, the amount of time that
must pass before a route is removed from the routing table, and the amount
of time for which routing updates will be postponed. Of course, different
setting is needed in different situation. In any case, we can use the "show ip
route" command to display the contents of routing table as well as how the
route was discovered.
(Note: RIPv2, OSPF and EIGRP include the subnet mask in routing updates
which allows for VLSM (Variable Length Subnet Mask), hence VLSM is not
supported by RIP-1 or IGRP.)
Split horizon simply prevents a packet from going out the same router
interface that it entered. Poison Reverse overrides split horizon by informing
the sending router that the destination is inaccessible, while Triggered
Updates send out updates whenever a change in the routing table occurs
without waiting for the preset time to expire.
This reference guide provides router and switch commands to help you
prepare for Cisco's CCNA certification exam. This guide covers IOS version 11
and higher. We will try to get VLSM and Supernetting commands added for
the new 640-801 CCNA exam.
ROUTER COMMANDS
Router Commands
Show Commands
Catalyst Commands
TERMINAL CONTROLS:
Config# terminal editing - allows for enhanced editing commands
Config# terminal monitor - shows output on telnet session
Config# terminal ip netmask-format hexadecimal|bit-count|decimal -
changes the format of subnet masks
HOST NAME:
Config# hostname ROUTER_NAME
BANNER:
Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for
any character, must start and finish the message
DESCRIPTIONS:
Config# description THIS IS THE SOUTH ROUTER - can be entered at the
Config-if level
CLOCK:
Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25
August 2003
BOOT SYSTEM:
Config# boot system tftp FILENAME SERVER_IP - Example: boot system
tftp 2600_ios.bin 192.168.14.2
Config# boot system ROM
Config# boot system flash - Then - Config# reload
CDP:
Config# cdp run - Turns CDP on
Config# cdp holdtime 180 - Sets the time that a device remains. Default
is 180
Config# cdp timer 30 - Sets the update timer.The default is 60
Config# int Ethernet 0
Config-if# cdp enable - Enables cdp on the interface
Config-if# no cdp enable - Disables CDP on the interface
Config# no cdp run - Turns CDP off
HOST TABLE:
Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a
192.168.5.1
-or-
Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip
host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)
CLEARING COUNTERS:
# clear interface Ethernet 0 - Clears counters on the specified interface
# clear counters - Clears all interface counters
# clear cdp counters - Clears CDP counters
STATIC ROUTES:
Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route
192.168.15.0 255.255.255.0 205.5.5.2
Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
Config# ip default-network Net_Add - Gateway LAN network
IP ROUTING:
Config# ip routing - Enabled by default
Config# router rip
-or-
Config# router igrp 100
Config# interface Ethernet 0
Config-if# ip address 122.2.3.2 255.255.255.0
Config-if# no shutdown
IPX ROUTING:
Config# ipx routing
Config# interface Ethernet 0
Config# ipx maximum-paths 2 - Maximum equal metric paths used
Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP,
ARPA on Ethernet. Encapsulation HDLC on serial
Config-if# no shutdown
ACCESS LISTS:
IP
1-99
Standard
IP 100-
Extended 199
IPX 800-
Standard 899
IPX 900-
Extended 999
IPX SAP 1000-
Filters 1099
IP STANDARD:
Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip?s on
network 133.2.2.0
-or-
Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
Config# access-list 10 permit any - allows any address
IP EXTENDED:
Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0
0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
Config# access-list 101 permit ip any any
IPX STANDARD:
Config# access-list 801 permit 233 AA3 - source network/host then
destination network/host
-or-
Config# access-list 801 permit -1 -1 - ?-1? is the same as ?any? with
network/host addresses
IPX EXTENDED:
Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-?all? includes all sockets, or can use socket numbers
-or-
Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere
PPP SETUP:
Config-if# encapsulation ppp
Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
Config-if# exit
Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
Config-if# ppp chap hostname ROUTER
Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration
ISDN SETUP:
Config# isdn switch-type basic-5ess - determined by telecom
Config# interface serial 0
Config-if# isdn spid1 2705554564 - isdn ?phonenumber? of line 1
Config-if# isdn spid2 2705554565 - isdn ?phonenumber? of line 2
Config-if# encapsulation PPP - or HDLC, LAPD
3. Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting
traffic
can also use ?dialer string 5551212? instead if there is only one
router to connect to
5. Other Options
Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-?125? is any number 1-255, where % load is x/255 (ie 125/255 is
about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
Config# interface serial 0
Config-if# encapsulation frame-relay - cisco by default, can change to ietf
Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
Config-if# bandwidth 56
SHOW COMMANDS
CATALYST COMMANDS
For Native IOS - Not CatOS
SWITCH ADDRESS:
Config# ip address 192.168.10.2 255.255.255.0
Config# ip default-gateway 192.168.10.1
DUPLEX MODE:
Config# interface Ethernet 0/5 - ?fastethernet? for 100 Mbps ports
Config-if# duplex full - also, half | auto | full-flow-control
SWITCHING MODE:
Config# switching-mode store-and-forward - also, fragment-free
VLANS:
Config# vlan 10 name FINANCE
Config# interface Ethernet 0/3
Config-if# vlan-membership static 10
TRUNK LINKS:
Config-if# trunk on - also, off | auto | desirable | nonegotiate
Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port
CONFIGURING VTP:
Config# delete vtp - should be done prior to adding to a network
Config# vtp server - the default is server, also client and transparent
Config# vtp domain Camp - name doesn?t matter, just so all switches use
the same
Config# vtp password 1234 - limited security
Config# vtp pruning enable - limits vtp broadcasts to only switches
affected
Config# vtp pruning disable
FLASH UPGRADE:
Config# copy tftp://192.5.5.5/configname.ios opcode - ?opcode? for ios
upgrade, ?nvram? for startup config
Abstract
Cisco IOS CLI offers context sensitive help. This is a useful tool
for a new user because at any time during an EXEC session, a
user can type a question mark (?) to get help. Two types of
context sensitive help are available - word help and command
syntax help.
For many editing functions, the IOS CLI editor provides hot keys.
The following table lists some editing shortcuts that are
available.
Entering Configurations
Saving Configurations
Router#write memory
IMPORTANT: When editing a configuration, SAVE the
configuration often!
Router Management
troubleshooting document.
Displaying Configurations
Router#show running-config
Router#show startup-config
gems_hcl>en
gems_hcl#sh int ser0
Serial0 is up, line protocol is up
Hardware is PowerQUICC Serial
Description: LL link to HCL infinet,Chennai
Internet address is 10.194.2.78/30
Backup interface BRI0, failure delay 5 sec, secondary disable delay 5 sec,
kickin load not set, kickout load not set
MTU 1500 bytes, BW 832 Kbit, DLY 20000 usec,
reliability 255/255, txload 75/255, rxload 28/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/11/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 624 kilobits/sec
5 minute input rate 92000 bits/sec, 44 packets/sec
5 minute output rate 246000 bits/sec, 54 packets/sec
75769 packets input, 27930029 bytes, 0 no buffer
Received 290 broadcasts, 0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort
88311 packets output, 42938899 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
camsindia#sh run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname camsindia
!
enable secret 5 $1$IpjB$rmQoorXaA8uJN35k2ULZF1
!
username camsindia password 7 1322121F0509107E6D757E6275
username gokulnath password 7 135743405B5B547D
username mvk password 7 0023160B0A5E1F5249701A1F
!
!
!
!
memory-size iomem 25
ip subnet-zero
ip name-server 202.71.144.67
ip name-server 202.71.128.225
ip name-server 202.71.128.33
ip name-server 202.71.136.167
!
isdn switch-type basic-net3
!
!
!
interface Serial0
backup delay 10 5
backup interface BRI0
ip address 202.71.149.50 255.255.255.252
!
interface BRI0
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
dialer idle-timeout 3000
dialer string 52197877
dialer-group 1
isdn switch-type basic-net3
ppp pap sent-username camsisdn password 7
121A041A010509107E28252520
ppp multilink
!
interface FastEthernet0
ip address 202.71.148.161 255.255.255.240
ip nat inside
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.71.149.49
ip route 0.0.0.0 0.0.0.0 BRI0
ip route 192.168.0.0 255.255.255.0 202.71.148.162
ip route 202.71.148.163 255.255.255.255 202.71.148.162
ip route 202.71.148.164 255.255.255.255 202.71.148.162
ip route 202.71.148.165 255.255.255.255 202.71.148.162
no ip http server
!
access-list 1 permit any
access-list 101 permit icmp any any
access-list 101 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 101 deny ip any host 202.71.149.50
access-list 101 permit ip any any
access-list 101 permit tcp host 202.71.148.162 any eq www
access-list 101 permit tcp any any
access-list 102 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq
telnet
access-list 105 permit icmp any any
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq smtp
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq pop3
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq www
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq domain
access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq 443
access-list 105 permit udp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
1604
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
1494
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq
8080
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
256
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
900
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
259
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
18208
access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq
18181
access-list 110 deny icmp any host 202.71.148.163 echo-reply
access-list 110 deny icmp any host 202.71.148.162 echo-reply
access-list 110 permit ip any any
access-list 130 deny ip 10.0.0.0 0.255.255.255 any
access-list 130 deny ip 172.16.0.0 0.15.255.255 any
access-list 130 deny ip 192.168.0.0 0.0.255.255 any
access-list 130 deny udp any host 202.71.148.162 eq 18264
access-list 130 deny tcp any host 202.71.148.162 eq 18264
access-list 130 permit tcp any host 202.71.148.162 eq domain
access-list 130 permit udp any host 202.71.148.162 eq domain
access-list 130 permit tcp any host 202.71.148.162 eq 18208
access-list 130 permit tcp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18208
access-list 130 permit udp any host 202.71.148.162 eq 18181
access-list 130 permit udp any host 202.71.148.162 eq 18234
access-list 130 permit udp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18234
access-list 130 permit tcp any host 202.71.148.162 eq 18233
access-list 130 permit tcp any host 202.71.148.162 eq 18211
access-list 130 permit tcp any host 202.71.148.162 eq 18191
access-list 130 permit udp any host 202.71.148.162 eq 18211
access-list 130 permit udp any host 202.71.148.162 eq 18191
access-list 130 permit tcp any host 202.71.148.162 eq 500
access-list 130 permit tcp any host 202.71.148.162 eq 256
access-list 130 permit tcp any host 202.71.148.162 eq 900
access-list 130 permit tcp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 257
access-list 130 permit tcp any host 202.71.148.162 eq 258
access-list 130 permit tcp any host 202.71.148.162 eq 1494
access-list 130 permit tcp any host 202.71.148.162 eq 9999
access-list 130 permit udp any host 202.71.148.162 eq 1604
access-list 130 permit tcp any host 202.71.148.162 eq 264
access-list 130 permit tcp any host 202.71.148.162 eq 265
access-list 130 permit tcp any host 202.71.148.162 eq 18231
access-list 130 permit udp any host 202.71.148.162 eq isakmp
access-list 130 permit udp any host 202.71.148.162 eq 259
access-list 130 permit tcp any host 202.71.148.162 eq 18263
access-list 130 permit tcp any host 202.71.148.162 eq 18262
access-list 130 permit udp any host 202.71.148.162 eq 18263
access-list 130 permit udp any host 202.71.148.162 eq 18262
access-list 130 permit tcp any host 202.71.148.162 eq smtp
access-list 130 permit tcp any host 202.71.148.163 eq smtp
access-list 130 permit tcp any host 202.71.148.162 eq pop3
access-list 130 permit tcp any host 202.71.148.162 eq www
access-list 130 permit tcp any host 202.71.148.162 eq 443
access-list 130 permit tcp any host 202.71.148.163 eq 443
access-list 130 permit tcp any host 202.71.148.162 eq 8443
access-list 130 permit tcp any host 202.71.148.163 eq 8443
access-list 130 permit icmp any any
access-list 130 permit ip any any
access-list 150 deny tcp any host 202.71.148.162 eq 165
access-list 150 permit tcp any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 3 0
transport input none
line aux 0
line vty 0 4
exec-timeout 3 0
password 7 1322121F0509107E6A046B626373
login
!
end