Académique Documents
Professionnel Documents
Culture Documents
Introduction to CCENT
1
• Your Instructor: Chris Bryant, CCIE #12933
• Earned my CCIE on February 26, 2004
• Founded The Bryant Advantage in June of
that year.
• My Video Boot Camps and other study
materials place an emphasis on clearly
explained theory and plenty of work on REAL
CISCO routers and switches.
• Visit the website:
www.thebryantadvantage.com
© Train Signal, Inc., 2002-2007
Video 1
Introduction to Networking
and the Networking Models
2
Intro to Networking
and the Networking
Models
• What is A Network
• The OSI Model
• The Data Transmission Process
• The TCP/IP Model
• Why Use Networking Models?
• TCP And UDP
• Ports, Sockets, and Port Numbers
© Train Signal, Inc., 2002-2007
3
• The thought of learning all of this can be
intimidating at first. Having worked my way
from entry-level certifications all the way to
the CCIE, and having taught thousands of
CCNAs and CCNPs worldwide, I can tell you
that the key to networking success in both
the exam room and working with real-world
networks can be summed up in five words:
Know And
Understand The
Fundamentals
4
• I can tell you from personal experience that you are
going to use the material in this chapter throughout
your networking career, so it's not just something
that you have to learn to pass the CCENT and CCNA
exams.
• I've personally found networking models to be
helpful in developing an effective troubleshooting
process, and I'll talk more about that in the
Troubleshooting section of this course. I just want
to let you know that this really is useful information,
not just something to memorize.
© Train Signal, Inc., 2002-2007
The Application
Layer
5
The Presentation
Layer
6
The Transport
Layer
• The switches that we'll spend so much time with later in the
course operate at Layer 2. Wireless Access Points (WAPs) also
operate at this layer - more on WAPs in the Wireless
section. Devices that you may well be using right now to
access the Internet, cable modems and DSL modems, also run
at L2.
• We've got four major specifications that run here, some of
which you may already be familiar with:
– Ethernet
– High Data Link Control (HDLC)
– Point-to-Point Protocol (PPP)
– Frame Relay
7
• A very important distinction: The data link layer
does perform error detection through something
called the Frame Check Sequence (more on that
later), but this layer does not perform error
recovery.
• The Data Link Layer is generally referred to as Layer
2, and MAC addresses as Layer 2 addresses. If
you're not familiar with MAC addresses, they will be
discussed in more detail in the Ethernet and LAN
Switching sections.
8
The Physical Layer
The Data
Transmission
Process
• When the end user sends data, that data will go
through all seven layers of the OSI model. The data
is broken up into smaller and smaller parts
beginning at Layer 4 (the Transport layer) until it's in
the form of electric signals that can be sent across
the physical media.
• As the data flows down the OSI model, it's referred
to by different terms. You really have to master
these and watch for them on your exams. There are
four different terms you need to know:
9
• Those are very important terms for
your career and especially for your
exams. If I mention "segments", you
should know I'm discussing the
Transport layer of the OSI model
without any other hints, because you
might not get any other hints!
10
• The term same-layer interaction describes
the process of a given OSI layer removing
the header placed on the data by the same
layer on the sending side. For example,
the Application layer on the receiving end
will remove only the header placed onto the
data by the Application layer on the sending
side, and so forth.
11
• The Internet layer of the TCP/IP model maps to the
Network layer of the OSI model. Both layers are
responsible for routing through the use of IP
addresses, static routes, and dynamic routing
protocols.
• (You will occasionally see some non-Cisco
documentation call this layer the Internetwork layer,
but "Internet" is the name used in Cisco
documentation.)
• Finally, the Network Access layer of the TCP/IP
model maps to the Data Link and Physical layers of
the OSI model.
© Train Signal, Inc., 2002-2007
So Why Do We Go
Through All Of
This, Anyway?
12
• Using the OSI model to structure your
troubleshooting approach is a real help,
too. I always tell students to "start
troubleshooting at the physical layer", and
you'll see what I mean in the Troubleshooting
section of the course. There are two kinds of
troubleshooters in the world:
– Those who have a structured approach
– Those who don't and are basically throwing stuff out
there and hoping something works
© Train Signal, Inc., 2002-2007
• TCP:
– Guaranteed delivery
– Error detection via sequence and ACK numbers
– Windowing
– "Connection-Oriented"
• UDP:
– "best-effort" delivery, but no guarantee of delivery
– No error detection
– No windowing
– "Connectionless"
© Train Signal, Inc., 2002-2007
TCP's "Three-Way
Handshake"
13
• Before the sender can start sending, there's
going to be a negotiation between the two
devices regarding rules for data
transmission. That negotiation is the three-
way handshake itself, which begins with the
sender transmitting a TCP segment with the
Synchronization ("SYN") bit set. The primary
value being negotiated here is the TCP
sequence number, which we'll discuss in
more detail in the next section. This is the
first part of the three-way handshake.
© Train Signal, Inc., 2002-2007
14
TCP's Error
Detection / Error
Recovery Feature
15
• This entire process revolves around two
things:
– The sender is waiting for a positive message from the
recipient that the data was received
– If that message isn't received, the data is
retransmitted
• That's why we call this entire process
Positive Acknowledgement with
Retransmission (PAR).
16
• All of the features we've looked at here - the
three-way handshake, windowing, sequence
numbering, error detection and recovery -
are all TCP features. UDP doesn't use any of
them. Two questions come to mind:
– Why doesn't UDP offer these features?
– Why in the world do we use UDP for anything?
• A look at the TCP and UDP headers will
answer both of those questions! Here's the
TCP header...
17
• If you're not familiar with MAC or IP
addressing, we're going to cover that in
another section, but for now it's
enough to know that when two hosts
communicate on a network, they're
using these MAC and IP addresses as
the destination when the data is sent.
18
• We need a way for the recipient to
differentiate one data flow from the other,
and since the source and destination MAC
and IP addresses will be the same for all
three flows, that won't do. What will do is the
TCP or UDP port number. While these three
data flows will have the same Layer 2 (MAC)
and Layer 3 (IP) source and destination
addresses, they'll have different, pre-
assigned port numbers.
19
• The port number system works beautifully, but
naturally the hosts need to agree on what port is
used for a given protocol. In the previous example,
if 10.1.1.1 used TCP port 45 for Telnet and 10.1.1.2
used TCP port 55, we'd have some serious
problems.
• That's why most protocols use the same port
number at all times, and these port numbers are
referred to as well-known port numbers. All port
numbers below 1024 are reserved, well-known port
numbers -- but you don't have to memorize 1024
numbers for the exams!
20
• Some Common UDP Ports:
– DHCP - Dynamic Host Control Protocol - uses UDP ports 67 and
68
– TFTP - Trivial File Transfer Protocol - uses UDP port 69
– SNMP - Simple Network Management Protocol - uses UDP port
161
• Protocols Using Both TCP And UDP Ports
– DNS - Domain Name Service - uses UDP and TCP port 53
– The port number 24 is reserved in both UDP and TCP for private
mail systems
Video 2
Ethernet Standards
And Cable Types
21
Ethernet
Standards and
Cable Types
22
• In the previous illustrations, we looked at a network
with a single coaxial cable and multiple hosts
connected to that coax cable. That topology was
used by the first Ethernet standards, 10Base5 and
10Base2.
• The sole physical components were the Ethernet
cards in the computers and coaxial cable, which is
the topology we looked at in the previous
example. The cable made up a bus that all the
connected devices would use. (This type of bus is
referred to as a shared bus.)
© Train Signal, Inc., 2002-2007
23
• Defined by IEEE 802.3z, Gigabit
Ethernet has a maximum capacity of
1000 MBPS, also expressed as 1 GBPS
(GigaBits Per Second). The maximum
cable length is 100 meters here as well,
but we cannot use a regular copper
cable for Gigabit Ethernet.
24
• The cable will contain separate wires inside,
and the endpoints of these wires are referred
to as pins. While you now know that bits are
sent over these wires, it’s important to know
that the same set of pins is always used to
transmit, and a separate set of pins is always
used to receive.
– Pins 1 and 2 Transmit
– Pins 3 and 6 Receive
25
• In the following exhibit, we've got three
separate physical connections:
– A laptop connected to a switch (Cable 3)
– Two switches connected to each
other (Cable 2)
– A PC connected to a switch (Cable 1)
26
• What we need is a crossover
cable. The wire connected to Pin 1 on
one side will no longer be connected to
Pin 1 on the other, as it was in a
straight-through cable. Four wires will
"cross over" in a crossover cable:
27
• The cable we need is a rollover
cable. All eight wires in the cable will
"roll over" to another pin at the remote
end, with the wire on Pin 1 at one end
rolling over to Pin 8 at the other end,
the wire on Pin 2 at one end rolling over
to Pin 7 at the remote end, and so forth.
28
Ethernet / NIC /
Physical / LAN /
BIA Addressing
• You may be thinking "oh, man, that's a lot of
addressing!" Actually, it's not, because these are all
different names for the same thing. The fifth name is
the term you hear most often -- MAC address, short
for Media Access Control.
• The MAC address is used by switches to send
frames to the proper destination, as you'll see in the
LAN Switching section. Before you get to that
section, let's take a look at the format of the MAC
address.
aa-bb-cc-11-22-33
29
• The second half of the MAC address is a
value not yet used by that particular
vendor. Looking at the MAC address
example given earlier, we now know that:
– The OUI is aa-bb-cc
– The vendor has not yet used 11-22-33 with that
particular OUI, so the vendor is doing so now
30
WAN Cabling
Video 3
Switching
31
Switching
32
• To prevent this, a host on a shared Ethernet
segment will use CSMA/CD (Carrier Sense
Multiple Access with Collision Detection). To
review, here's the CSMA/CD process:
– A host that wants to send data will first "listen to the
wire", meaning that it checks the shared media to see
if it's in use.
– If the media is in use, the host backs off for a few
milliseconds before checking again.
– If the media is not in use, the host sends the data.
© Train Signal, Inc., 2002-2007
• If two PCs happen to send data at the exact same time, the
voltage on the wire will actually change, indicating to the hosts
that there has been a data collision.
• The two PCs that sent the data will generate a "jam signal",
which indicates to the other hosts on the shared media that
they should not send data due to a collision.
• Those two PCs both invoke a backoff timer, also in
milliseconds. When each host's random timer expires, they will
each begin the entire process again by listening to the
wire. Since the backoff timer value is totally random, it's
unlikely the two hosts will have the same problem again.
33
• Let's review the key concepts of hubs vs. switches.
– With hubs, we've got one big collision domain consisting of all
connected hosts. When hosts are connected to their own switch
ports, they each have their own individual collision domain.
– Hubs only allow one device to transmit at a time, resulting in
shared bandwidth. Switches allow hosts to transmit
simultaneously.
– When one host connected to a hub sends a broadcast, every
other host receives that broadcast and there's nothing we can do
about it. When a host connected to a switch sends a broadcast,
every other host receives it by default - but there is something
we can do about that, as you'll see in the VLAN section of this
course.
© Train Signal, Inc., 2002-2007
• Microsegmentation is a term
sometimes used in Cisco
documentation to describe the "one
host, one collision domain" effect of
that last bullet point. It's not a term I
hear a great deal in the field, and you
might not either, but it's a good term to
know for Cisco exams.
© Train Signal, Inc., 2002-2007
34
SW1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0008.7de9.9800 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 aaaa.aaaa.aaaa DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 5
35
SW1#show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 aaaa.aaaa.aaaa DYNAMIC Fa0/1
1 bbbb.bbbb.bbbb DYNAMIC Fa0/1
1 cccc.cccc.cccc DYNAMIC Fa0/2
1 dddd.dddd.dddd DYNAMIC Fa0/3
36
• There's one other frame type that is
sent out every port on the switch
except the one that received it, and
that's a broadcast frame. Broadcast
frames are intended for all hosts, and
the MAC broadcast address is ff-ff-ff-ff-
ff-ff (or FF-FF-FF-FF-FF-FF, as a MAC
address's case does not matter).
© Train Signal, Inc., 2002-2007
37
• This continual generation of new
broadcasts is called a broadcast storm,
and this is one storm that can sink your
switch for good.
• A broadcast storm can overwhelm a
switch's memory and CPU capabilities,
rendering the switch virtually useless.
© Train Signal, Inc., 2002-2007
38
• The first time you hear the term "campus network"
or "campus LAN", the word "campus" may suggest
a university or a school of some kind. While such a
school may well have a campus LAN, that term is
used to describe any network that connects multiple
buildings that are physically close to each other.
• The Cisco switching model consists of three layers:
– Access
– Distribution
– Core
39
• Unused VLANs - An Often Overlooked Security
Feature
• We spoke about VLANs at length earlier in this
section, but you can also use an unused VLAN as a
security feature.
• Cisco switch ports on many models have some
undesirable defaults:
– They're open, where router interfaces are shut by default
– They're actively attempting to trunk, meaning they are available
for connection to another switch
– All ports are in VLAN 1, and everyone knows that
40
• aging allows you to set aging options
for secure MAC addresses.
• mac-address allows you to specify
secure MAC addresses.
• maximum allows you to specify how
many secure MAC addresses there will
be. The default is one.
© Train Signal, Inc., 2002-2007
SW2(config-if)#switchport port-security
violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
41
• To configure the port to shut down if a frame is
received with any source MAC address other than
bb-bb-bb-bb-bb-bb, we'd use the following config:
42
SW2#show port-security int fast 0/3
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address : 00d0.58ad.4d51
Security Violation Count : 0
interface FastEthernet0/3
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky
00d0.58ad.4d51
43
• An err-disabled port! When you see
err-disabled next to the line protocol
message, that means that an error of
some kind has shut that port down. In
this case, that's the result of a non-
secure MAC address hitting a port that
had already learned another address as
secure.
© Train Signal, Inc., 2002-2007
44
SW2#show port-security int fast 0/3
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address : 0010.7b39.c5e9
Security Violation Count : 1
45
• Verify the interface is indeed back up
with show interface:
SW2#show int fast 0/3
FastEthernet0/3 is up, line
protocol is up (connected)
Video 4
Common Router and Switch
Commands
46
Common Router
and Switch
Commands
• Physical Connections and Passwords
• Telnet And SSH
• User, Enable and Privilege Modes
• Enable Password vs. Enable Secret
• “privilege level 15”
• Physical Side of Cisco Switches
• Assigning an IP Address and Default Gateway To The Switch
• Speed, Duplex, and “Interface Range”
• Banners, “logging synch”, and “exec-timeout”
• Keystroke Shortcuts and Manipulating History
line con 0
line vty 0 4
login
line vty 5 15
login
• This small, seemingly insignificant portion of the switch
configuration actually determines what passwords a user must
enter in order to connect to the switch successfully. When you
do connect to a Cisco switch, you're going to do so in one of
two ways:
– By physically connecting a laptop to the switch
– By logically connecting from a remote location via Telnet or SSH
47
• For a physical connection, you're going to
need a rollover cable. This is typically a blue
cable with an RJ-45 connector on one end
and a DB-9 connector on the other end. The
RJ-45 connector snaps into the Console port
of the switch or router, and the DB-9
connector connects to your laptop -- maybe!
line con 0
line vty 0 4
login
line vty 5 15
login
48
• To review the methods available to
connect to a Cisco router:
– Physically connecting a laptop to the Console
port
– Connecting from a remote location via Telnet
or SSH
R1>
© Train Signal, Inc., 2002-2007
49
• To configure the router, we need to go to the
next level, privileged EXEC mode (generally
called "enable mode"). To get there, we need
to enter the enable command in user exec
mode. The prompt should change slightly...
R1>enable
R1#
• To recap
– No password is required for connecting to the router
via the Console port, but it's recommended that you
configure one.
– A password on the VTY lines is required to allow
Telnet or SSH users to connect.
– For Telnet and SSH users to access enable mode,
either an enable password must be configured OR
the following command must be configured on the
VTY lines.
50
• You may want incoming Telnet users to
be placed directly into privileged exec
mode without being prompted for
an enable password To do so,
configure the privilege level 15
command on the VTY lines of the router
or switch allowing the connections.
What's So Secure
About Secure
Shell?
51
• We could use the username/password command to
create a database strictly for Telnet if we wanted to,
and the login local command would have the same
effect. Where the Telnet and SSH configuration
differ is that the SSH config requires the following
where Telnet does not:
– A domain name must be specified with the ip domain-name
command
– A crypto key must be created with the crypto key generate rsa
command
52
• RPS (Redundant Power Supply). Green
indicates that the RPS is functioning
correctly.
• STAT, short for status. When this is green,
the port status lights are operational.
• DUPLEX, where green indicates a full-duplex
port and an "off" light indicates a half-duplex
port
© Train Signal, Inc., 2002-2007
53
So What Are Those
"logging synchronous"
and "exec-timeout 0 0"
Commands, Anyway?
line con 0
exec-timeout 0 0
logging synchronous
R1(config)#int s0
R1(config-if)#no shut
R1(config-if)#^Z
R1#so here i am
4d04h: %SYS-5-CONFIG_I: Configured from
console by consoletyp
4d04h: %LINK-3-UPDOWN: Interface Serial0,
changed state to uping and
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Serial0, changed state to upi've
been interrupted quite badly!
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Serial0, changed state to down
© Train Signal, Inc., 2002-2007
54
• One of my favorites is the up arrow,
which will show you the last command you
entered. If you continue to hit the up arrow,
you'll continue to go through the command
history. <CTRL-P> does the same thing.
• As you might expect, the down arrow brings
you one command up in the command
history. It's a good key to use when you use
the up arrow too fast. :) < CTRL - N > does
the same thing.
55
Video 5
IP Addressing And The
Routing Process
IP Addressing and
the Routing
Process
56
• First, we'll convert the IP address
192.168.1.100 to a binary string. The
format that we're used to seeing IP
addresses take - like the 192.168.1.100
shown here - is often called a dotted
decimal address, since the values are
in decimal and there are dots
separating the decimals. (Clever, eh?)
© Train Signal, Inc., 2002-2007
57
• Way back in the ancient times of technology -
September 1981, to be exact - IP address classes
were defined in RFC 791. If you'd like to read the
actual RFC, you can find it quickly using that number
and your favorite search engine.
• RFCs are Requests For Comments, which are
technical proposals and/or documentation. Not
always exciting, but it's well worth reading the RFC
that deals with the subject you're
studying. Advanced technical exams occasionally
like to ask about RFC numbers for a particular
protocol or network service
58
• Class A:
– Default network mask: 255.0.0.0
– Default number of network bits: 8
– Default number of host bits: 24
• Class B:
– Default network mask: 255.255.0.0
– Default number of network bits: 16
– Default number of host bits: 16
• Class C:
– Default network mask: 255.255.255.0
– Default number of network bits: 24
– Default number of host bits: 8
© Train Signal, Inc., 2002-2007
59
• You should be ready to identify those ranges
in that format, or with the dotted decimal
masks, or with prefix notation. More about
prefix notation later in this section.
– Class A: 10.0.0.0 255.0.0.0, or 10.0.0.0 /8
– Class B: 172.16.0.0 255.240.0.0, or 172.16.0.0 /12
– Class C: 192.168.0.0 255.255.0.0, or 192.168.0.0 /16
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . :
192.168.1.100
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . . :
192.168.1.1
© Train Signal, Inc., 2002-2007
60
• If the destination is on the same subnet as
the host, the packet's destination IP address
will be that of the destination host. In the
following example, this PC is sending
packets to 192.168.1.15, a host on the same
subnet, so there is no need for the router to
get involved. In effect, those packets go
straight to 192.168.1.15.
61
R1#show ip route
Codes: C - connected, S - static
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Ethernet1
C 10.0.0.0/8 is directly connected, Ethernet0
255.0.0.0 =
binary string 11111111 00000000 00000000 00000000 = /8
R1#show ip route
Codes: C - connected, S - static
Gateway of last resort is not set
C 20.0.0.0/8 is directly connected, Ethernet1
C 10.0.0.0/8 is directly connected, Ethernet0
62
• Static routes are created with the ip
route command.
Video 6
ARP, DNS and DHCP
63
ARP, DNS and
DHCP
64
• Host A will know the computer name of Host
B - for this discussion we'll assume that
name to be "hostb". Now it needs an IP
address and a MAC address for that
hostname, and DNS will help it get that IP
address. The DNS process is very
simple. Each host will have the IP address of
a DNS server, and a host needing the IP
address of another host will send a DNS
Request to the DNS server.
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82562V 10/100 Network
Connection
Physical Address. . . . . . . . . :
00-17-31-F7-03-B2
Dhcp Enabled. . . . . . . . . . .
Yes :
Autoconfiguration Enabled . . . .
Yes :
IP Address. . . . . . . . . . . . :
192.168.1.100
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . . :
192.168.1.1
DHCP Server . . . . . . . . . . . :
192.168.1.1
DNS Servers . . . . . . . . . . . :
68.87.73.242
68.87.71.226
Lease Obtained. . . . . . . . . . : Monday, October 08, 7:23:17 AM
Lease Expires . . . . . . . . . . : Tuesday, October 09, 7:23:17 AM
65
• In our current network, we have a DNS
server that took care of the hostname-
IP address resolution, but now we need
the MAC address of Host B, and there
is no ARP server on the
network. Instead, the ARP process
uses a series of broadcasts and replies.
C:\>arp -a
66
• After learning Host B's IP and MAC
addresses (MAC addresses are also called
"physical addresses" because they
physically exist on the network card), Host A
would enter them into its ARP cache. The
next time Host A needs to send data to Host
B, the information needed to do so is right
there in the ARP cache and no ARP Request
needs to be sent.
67
• If Host A sends an ARP Request for Host B's
MAC address, we know the switch will
forward it, because switches forward
broadcasts. The problem comes in with the
router, because routers do not forward
broadcasts. Instead, the router will use
proxy ARP to answer the ARP Request with
the MAC address of the router interface that
received the original Request.
68
• A host's ability to send data to all the
required destinations requires quite a bit of
information. The host needs to know the
following at a minimum...
– What's my IP address?
– What's my network mask?
– What are the IP addresses of the DNS servers?
– What's my default gateway?
69
• There are four basic steps that allow a
host (the DHCP Client) to acquire all of
this information from a DHCP
Server. The Client begins the process
by sending a DHCP Discover message
out. This message is a broadcast, so it
will not be forwarded by routers.
70
• You can see the IP address a host has
been assigned, along with the lease
length and other information, with
ipconfig /all. You can verify that the
host is running DHCP with this
command as well.
C:\>ipconfig /all
Network Connection
Physical Address. . . . . . . . . :
00-17-31-F7-03-B2
Dhcp Enabled. . . . . . . . .Yes. . :
Autoconfiguration Enabled . .Yes. . :
IP Address. . . . . . . . . . . . :
192.168.1.100
Subnet Mask . . . . . . . . . . . :
255.255.255.0
Default Gateway . . . . . . . . .
192.168.1.1:
DHCP Server . . . . . . . . . . .
192.168.1.1:
DNS Servers . . . . . . . . . . .
68.87.73.24:
68.87.71.22
Lease Obtained. . . . . .. : Monday, October 08, 200x 7:23:17 AM
Lease Expires . . . .. . . : Tuesday, October 09, 200x 7:23:17 AM
71
Video 7
Memory Components And
Config Files
Memory
Components And
Config Files
72
• RAM: Random-Access Memory. Stores operational
information such as routing tables and the running
configuration file. RAM contents are lost when the
router is powered down or reloaded. By default,
routers look here first for an Internetwork Operating
System (IOS) file during boot.
• NVRAM: Non-volatile RAM. NVRAM holds the
router’s startup configuration file. NVRAM contents
are not lost when the router is powered down or
reloaded.
73
• POSTs are particularly effective at detecting
major problems early in the boot
process, such as a broken fan. If the POST
detects such a problem (usually called an
"environmental factor") that would cause the
router or switch to overheat after booting,
the POST will fail, give you a clear message
as to why the POST failed, and will then stop
the boot process.
• But let's speak positively here!
74
• If no valid startup configuration file is
found, the router enters setup mode,
where the router runs the system
configuration dialogue, a series of
questions involving basic router setup.
75
• As you go through your Cisco studies
and your Cisco career, you'll use the
copy command more often than you
might think. It's a good idea to
remember the command syntax:
– The first location is where you're copying from
– The second location is where you're copying
to
76
• On occasion, the trickiest part of changing a router's
IOS image is actually getting the image you
want! You can download new IOSes from Cisco's
website, but a Cisco Connection Online (CCO) login
is not enough. The rules change as to who can and
cannot download IOS images, so I won't list those
rules here, but you can find out quickly by searching
Cisco's site. Just keep in mind that you can't just go
out to Cisco's website to download the latest IOS
image for your router on a whim.
• Here's the warning I received, and I've bolded the very, very
important part:
BRYANT_AS_5#copy tftp flash
**** NOTICE ****
Flash load helper v1.0
This process will accept the copy options and then terminate
the current system image to use the ROM based image for the copy.
Routing functionality will not be available during that time.
If you are logged in via telnet, this connection will terminate.
Users with console access can see the results of the copy
operation.
---- ******** ----
[There are active users logged into the system]
Proceed? [confirm]
77
• As the new IOS is loaded, you'll see a
series of exclamation points. It looks
like a massive ping, as you can end up
with screens of "!". If those
exclamation points stop for a few
seconds, that's okay, but if they stop
and don't restart, there's a problem with
the copy.
© Train Signal, Inc., 2002-2007
78
• To review these common configuration
register settings:
– 0x2102: The default. Router looks for a
startup configuration file in NVRAM and for a
valid IOS image in Flash.
– 0x2142: NVRAM contents are bypassed,
startup configuration is ignored.
– 0x2100: Router boots into ROM Monitor
mode.
© Train Signal, Inc., 2002-2007
Video 8
Intro to Wireless Networks
(WLANs)
79
Intro to Wireless
Networks (WLANs)
80
• A much more common wireless configuration is an
infrastructure WLAN, where a WAP is used to allow
multiple devices to connect to the wired network. All
communications in an infrastructure WLAN must go
through a wireless access point (AP).
• There are two kinds of infrastructure WLANs, with
the most common being the following
topology. While a Basic Service Set (BSS) will have
a single AP, Extended Service Set WLANs
(ESS), have multiple access points.
81
• The standards listed here are all part of the 802.11x
standards developed by the IEEE. IEEE uses the
802.11 standard to define Wi-Fi overall, but it's a
good idea to know the stats for the following.
• 802.11a has a typical data rate of 25 MBPS, but can
reach speeds of 54 MBPS. Indoor range is 100
feet. Operating frequency is 5 GHz.
• 802.11b has a typical data rate of 6.5 MBPS, but can
reach speeds of 11 MBPS. Indoor range is 100
feet. Operating frequency is 2.4 GHz.
• Infrared Wireless
• Infrared wireless offers a high data rate,
but a very short range - generally too
short to be practical.
82
• It's a very good idea to have those maximum
speeds, ranges, and frequencies memorized
for the exam. For real-world wireless
networks, always keep in mind that
maximum speeds and ranges are theoretical
at best. That's particularly true with wireless
networks, which can suffer from unusual and
unexpected sources, such as weather, signal
attenuation, and popcorn.
Popcorn?
Spread Spectrum
83
• DSSS (Direct Sequence Spread Spectrum)
doesn't have the signal hop around between
frequencies, but instead spreads the signal
over the entire range of frequencies at
once. 11.b, 11.g, and 11.n use DSSS.
• OFDM (Orthogonal Frequency Division
Multiplexing) splits the signal and sends the
signal fragments over different frequencies
at the same time. .11a uses OFDM.
Antenna Types
84
• Like some other topics we've covered
in this course, both of these are known
by several different names. Yagis are
also known as point-to-point and
directional antenna; Omni antennas are
also known as omnidirectional and
point-to-multipoint antenna.
85
• So what's the real difference between CSMA/CD and
CSMA/CA? CA is used on wireless networks, and
jam signals will not be sent over a wireless
network. Collisions are not detected on a wireless
network, they can only be avoided, so we use
CSMA/CA instead of CD.
• Another difference - while Ethernet is capable of full-
duplex (simultaneously sending and receiving data),
wireless clients are limited to half-duplex.
Service Set
Identifier (SSID)
86
MAC Address
Authentication
87
• WEP supports two forms of authentication,
open and shared key. Open authentication is
pretty much what it sounds like - the virtual
door to an AP is wide open. Any device can
authenticate and then open communication
with the AP. According to Cisco's website, if
both devices are using WEP but the key on
the client does not match that of the AP,
authentication will succeed but data cannot
be successfully passed.
• WPA's strengths:
– Two-way authentication - AP authenticates the client,
client authenticates the AP
– Dynamic keys and a stronger encryption scheme
through use of Temporal Key Integrity Protocol (TKIP,
"tee-kip")
– WPA uses an 8-byte Message Integrity Check (MIC),
sometimes called "Michael", to protect against replay
attacks, spoofing, and man-in-the-middle attacks.
– WPA uses 802.1x or pre-shared keys (PSK) for
authentication
88
• Some additional details regarding TKIP:
– The use of TKIP made it possible to use legacy ("old")
hardware that had originally been created with WEP
in mind.
– Both WEP and TKIP use the RC4 stream cipher for
encryption, but TKIP protects RC4 keys via per-
packet key mixing, which results in every packet
having a unique encryption key
89
• Another potential issue lies with the
use of pre-shared keys (PSK). If a
small passphrase is allowed and then
intercepted, a dictionary attack can be
run by an attacker, resulting in a
compromised passphrase.
90
Video 9
Binary Math and Subnetting
91
• Determining The Number Of Valid Subnets
– Number of subnets = (2 squared by the number of
subnet bits)
– Now here's the interesting part: You *may* need to
subtract 2 from that result to get the correct answer.
• You should subtract 2 from the result if:
– You see the no ip subnet-zero command in the
configuration. This command will appear near the top
of the router configuration.
– The routing protocol is classful, and that means
RIPv1 or IGRP.
© Train Signal, Inc., 2002-2007
Prefix Notation
92
• Review the rules for network, subnet, and
host bits:
A. The rules for Class A, Class B, and Class C
determine the network portion.
B. Compare the remaining bits of the default and
actual mask. The portion where the Default Mask and
Subnet Mask both have zeroes is the host bits portion
of the address.
C. The remaining bits – where the Default Mask has
zeroes but the Subnet Mask has one – are the subnet
bits. These are the bits that are being “borrowed” from
the host bits.
© Train Signal, Inc., 2002-2007
93
• Determining The Range Of Valid Host Addresses On
A Subnet
• To determine the range of valid host addresses on a
subnet, first determine how many overall host
addresses are on that subnet. The first address in
the range is the network number and is not a valid
host address; the final address in the range is the
broadcast address for that subnet and is not a valid
host address. All addresses between the two are
valid host addresses.
Meeting Stated
Design
Requirements
94
• 50-host network address
range: 10.1.1.65 - 10.1.1.126
• Range for 10.1.1.0 /25 network: 10.1.1.1
- 10.1.1.126 - Overlaps With Preexisting
Subnet!
• Range for 10.1.1.128 / 25
network: 10.1.1.129 - 10.1.1.254 - Does
Not Overlap With The 50-host network.
© Train Signal, Inc., 2002-2007
Video 10
Static Routing And RIP
95
• For this example and all others in this course, the
last octet of the IP address for any physical interface
will be the router number. That's a good habit to get
into for your home lab studies as well. For
loopbacks, we'll use the router number for each
octet.
– The networks used in this section:
– Frame Relay (Serial interfaces, all routers): 172.16.123.x /24
– R2's loopback interface: 2.2.2.2 /24
– R3's loopback interface: 3.3.3.3 /24
96
• Since we're in the static routing section of
the course, let's choose a static route! We
use the ip route command to create static
routes, and we actually have two more
choices when it comes to static routes. We
can create...
– A static route to a given host or destination network
– A default static route, which will be used when there
is no other match in the routing table for a destination
network
© Train Signal, Inc., 2002-2007
97
• The syntax for a default static route looks a bit odd,
so be ready to identify it on the exam:
R1#conf t
Enter configuration commands, one per line. End
with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2
• Both the destination network and the mask are all
zeroes in a default static route. As with a "regular"
static route, we have the option of configuring a
next-hop IP address or the local router's exit
interface.
© Train Signal, Inc., 2002-2007
98
• A better choice for routing is the use of
dynamic routing protocols. You've probably
heard of one or more of the following:
– RIP (Routing Information Protocol)
– IGRP (Integrated Gateway Routing Protocol)
– EIGRP (Enhanced Integrated Routing Protocol)
– OSPF (Open Shortest Path First)
99
• RIPv1: classful, no VLSM, no manual
route summarization
• RIPv2: classless, VLSM support,
manual route summarization support
– To force RIP to send and receive only v2
updates, use the version 2 command under
the RIP process.
Video 11
Wide Area Networks (WANs)
100
Wide Area
Networks (WANs)
101
• Theoretically, the demarc point is found at
the CSU/DSU. The cable leading from the
CSU/DSU to the router and the CSU/DSU
itself is considered to be the customer's
equipment and responsibility. That's us! All
cabling on the "other side" of the CSU/DSU,
along with the hardware in the WAN cloud, is
the service provider's equipment.
102
• We're going to discuss two common WAN
protocols in just a moment, and I want you to
see the show commands that verify these
protocols. To do so, we're going to use a
configuration that isn't common in real life,
but is very common in home labs. We're
going to use two Cisco routers that are
directly connected at their Serial0 interfaces,
which means that one must serve as the
DCE. We also need a special cable, the
aptly-named DTE/DCE cable.
© Train Signal, Inc., 2002-2007
103
• When you see the physical interface up and
the line protocol down, there's some kind of
logical problem with the interface. In this
case, the DTE side is not receiving the
required clockrate. Once we do configure
the clockrate on the DCE's Serial1 interface,
the line protocol comes up and stays up. No
reset or reload is needed.
104
• HDLC and PPP are the two data-link (Layer 2)
protocols to consider when choosing an
encapsulation method across a serial point-to-point
link.
• The version of HDLC that runs on Cisco routers is
Cisco-proprietary, making it unsuitable for
multivendor environments. If RouterA is a Cisco
router running HDLC, the only way the line protocol
can come up is if the remote router is also a Cisco
router running HDLC.
105
• To review:
– HDLC is the default encapsulation on a Cisco
router's Serial interface.
– PPP has features that allow the use of
authentication and data compression.
– PPP also allows multilink bundling, where
HDLC does not.
An Introduction To
Frame Relay
106
• Frame relay is a packet-switching protocol.
The packets may take different physical
paths to the remote devices, at which point
they will be reassembled and will take the
form of the original message. In contrast,
circuit-switching protocols have dedicated
paths for data to travel from one point to
another.
107
• You also learned that these addresses are
not routable - without any additional help,
hosts with these addresses will not be able
to communicate with any other hosts outside
their private network. That means no
internet access and no communication with
other hosts across the LAN!
108
• Outside global addresses are the addresses
that are configured on the outside
hosts. These are fully routable addresses
used by Internet-based hosts.
• Finally, outside local addresses are the
actual addresses of remote hosts. These can
be (and probably are) RFC 1918 addresses as
well.
109
• Some ATM documentation says that
ATM is a packet-switching service like
Frame Relay, and technically that's
true, but more commonly you'll hear
ATM referred to as cell-switching. After
all, that's what ATM switches!
110
• Asymmetrical DSL works under the assumption that
the user will download more information than they
send, and for the average Internet user, that's a safe
assumption. The connection speed from the provider
to the user is going to be 3 - 4 times faster than the
speed from the user to the provider. A typical ADSL
connection of 512 kbps will give the user 384 KBPS
download capabilities, but only 128 KBPS uploading
capability.
• ADSL allows a telephone call and internet access
simultaneously.
© Train Signal, Inc., 2002-2007
111
• Two less-common DSL flavors:
• Very High Bit-Rate DSL (VDSL) has the capability to
deliver speed up to 52 MBPS. That's am amazing
speed to deliver over copper wire, but there's a
drawback - VDSL over copper has a maximum
distance of 4000 feet. As more fiber-optic cable
is installed by the telephone companies, VDSL is
becoming available in more communities as the
distance issue is resolved by the use of fiber.
Video 12
Troubleshooting
112
Troubleshooting
• Where to Begin
• Cisco Discovery Protocol (CDP)
• L1 and L2 Troubleshooting
• LAN Troubleshooting
• WAN Troubleshooting
• Extended Ping and Traceroute
• Telnet and SSH Review and Maintenance Commands
• Administrative Distance
• The Real Key to Troubleshooting
113
• You can check a Cisco device's
physical connections with Cisco
Discovery Protocol, which runs by
default on Cisco routers and switches,
both globally and on a per-interface
level.
Router1#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
Router1#show cdp
% CDP is not enabled
Router1#
114
• Device ID is the remote device's hostname.
• Local Interface is the local switch's
interface connected to the remote host.
• Holdtime is the number of seconds the local
device will retain the contents of the last CDP
Advertisement received from the remote
host.
115
• Of course, if the interface looked like that, we
wouldn't be troubleshooting, would we? Let's
take a look at common show interface
outputs that do indicate a problem, along
with the solutions for these issues.
Router1(config)#int serial0
Router1(config-if)#no shut
© Train Signal, Inc., 2002-2007
116
• Success! Let's look at another
potential readout:
Router1#
20:14:47: %LINK-3-UPDOWN: Interface Serial0,
changed state to up
20:14:48: %LINEPROTO-5-UPDOWN: Line protocol
on Interface Serial0, changed state to up
117
• There's one more physical / line
protocol combination we have to be
ready to troubleshoot:
118
• Just with that simple network, we ran
into quite a few things that could have
been the cause of the issue:
– Ethernet interface not open
– Ethernet interface had no IP address
– Hosts in different VLANs
– Loose cable (show interface verified the
physical cable was fine)
© Train Signal, Inc., 2002-2007
119
• netstat -rn displays the host's routing
table. Yes, PCs have routing tables!
• It's my experience that ipconfig /all is
the best place to begin troubleshooting
at the PC level - but don't forget to
check the cables first!
120
• If you have multiple Telnet sessions
open, you can run show sessions to
get basic information about each one.
BRYANT_ADVANTAGE_2#show sessions
Conn Host Address Byte Idle Conn Name
1 blondie 100.1.1.1 0 1 blondie
2 angeleyes 110.1.1.1 4 1 angeleyes
* 3 tuco 120.1.1.1 0 0 tuco
BRYANT_ADVANTAGE_2#3
[Resuming connection 3 to tuco ... ]
121
• To disconnect any open session, use
the disconnect command followed by
the connection number. You will be
prompted to confirm this request.
BRYANT_ADVANTAGE_2#disconnect 2
Closing connection to angeleyes [confirm]
Ping And
Traceroute
122
• !!!!! -- IP connectivity to destination
exists
• ..... -- IP connectivity to destination
does not exist
• U.U.U -- The local router has a route to
the destination, but a downstream
router does not
© Train Signal, Inc., 2002-2007
Router1#traceroute 208.109.62.234
Type escape sequence to abort.
Tracing the route to 208.109.62.234
1 73.141.64.1 8 msec 8 msec 12 msec
2 68.86.174.161 12 msec 12 msec 12 msec
3 68.86.172.6 12 msec 12 msec 12 msec
4 68.86.172.85 12 msec 12 msec 12 msec
5 67.17.194.98 12 msec 12 msec 16 msec
6 67.17.194.97 24 msec 16 msec 16 msec
7 64.214.196.22 76 msec 76 msec 76 msec
8 66.235.224.6 80 msec 80 msec 76 msec
9 208.109.112.137 76 msec 80 msec 76 msec
10 208.109.112.161 80 msec 80 msec 76 msec
11 208.109.112.145 80 msec 76 msec 80 msec
12 208.109.112.173 80 msec 80 msec 76 msec
13 * * *
14 * * *
15 * * *
16 * * *
© Train Signal, Inc., 2002-2007
123
• At the beginning of the traceroute output, the router
says "Type escape sequence to abort." Did you also
notice that the router doesn't tell you what the
sequence is? ARRRGH!!!
• That can be pretty frustrating and/or embarrassing,
so I'll tell you what that sequence is. Don't tell
anybody else, it's our secret:
C:\>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w
timeout] target_name
Options:
-d Do not resolve addresses to
hostnames.
-h maximum_hops Maximum number of hops to search for
target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each
reply.
124
• What if the routes for a destination are all the
same? Consider the same table, but with
subnet masks of the same length for each
protocol.
Directly Connected 0
Static 1
EIGRP Summary 5
Internal EIGRP 90
IGRP 100
OSPF 110
ISIS 115
RIP 120
External EIGRP 170
iBGP 200
125
• The Real Keys To Becoming A World-Class
Troubleshooter
– Learning to troubleshoot networks is just that - a
learning experience. I've been in IT for well over a
decade and I learn something new every day. I have
always loved troubleshooting, and I can tell you this
from personal experience: Troubleshooting is all
about knowing the fundamentals *and* having a
structured approach. Learn the fundamentals,
develop your own approach, and you will be totally
unstoppable in both the exam room and dealing with
real-world networks.
© Train Signal, Inc., 2002-2007
Video 13
Introduction to Network
Security
Introduction to
Network Security
126
Firewalls
127
• Network attackers can have one or
more agendas:
– Financial gain, possibly blackmailing you for
access to your stolen and now inaccessible
data
– Simply seeing if they can gain access, just for
the fun of it
– Damaging the network for personal
satisfaction
© Train Signal, Inc., 2002-2007
128
• When a military patrol goes on a reconnaissance
mission, it's not looking for a fight with the enemy;
it's gathering information for a future attack, looking
for strengths and weaknesses. That's exactly what a
reconnaissance mission is in networking. The
intruder uses different techniques to gather
information about your network's strengths and
weaknesses, and the intruder will return later and
utilize that information to his advantage - and your
dismay.
129
• When reading white papers and sales documents
regarding the ASA, you'll come across an interesting
term - "anti-x". No, "x" isn't some new mysterious
virus or network security issue! "x" is simply used
by Cisco to encompass all of the "antis" the ASA
offers, such as "anti-virus" and "anti-spam". Instead
of listing all of the "antis" their product offers, Cisco
simply says "anti-x". Just wanted you to know so it
wouldn't make you wonder as it did me the first time
I saw it! ;)
130
• If there's one thing you must have
working at full capacity in your
network, it's the antivirus programs.
• If there's one thing that is commonly
overlooked when it comes to updates,
it's the antivirus programs.
131
• A worm is a type of virus, but a worm can
spread on its own without any "help" from
the infected host. Even worse, a worm can
replicate on its own, resulting in many more
worms attacking other hosts. A common
worm attack involves the worm sending a
copy of itself to every single user listed in
the infected host's email address book.
132
Choosing And
Configuring An
Antivirus Program
• I strongly recommend you choose an
antivirus program that offers automatic
updates. If you rely on manual updates - that
is, relying on remembering to go out and
check for updates yourself instead of having
them automatically downloaded when new
updates are available - I can practically
guarantee you're going to forget to do so,
and this can be a fatal mistake for both your
network and your career.
133
What Files Should
Be Scanned For
Viruses?
134
• And don't forget.... lock up your
hardware - literally!
"Hiding" A
Sensitive Network
135