Cisco CCNA Routing and Switching Training Notes.pdf


Loading.... (view fulltext now)





Full text


Andrew Crouthamel Cisco CCNA Training Notes 1


CCNA Routing and Switching

Training Notes

100-101 ICND1, 100-102 ICND2

200-120 CCNA

Andrew Crouthamel



Andrew Crouthamel Cisco CCNA Training Notes 2

Table of Contents

Table of Contents

About ShrikeCast and Andrew Crouthamel About Cisco Certification and CCNA

Useful Networking Tools and Learning Resources When do I use a Network?

What are Networks? The History of the Internet How the Internet is Designed How to Communicate

Sizes of Networks Protocols

OSI and TCP/IP Models All About Applications Common Protocols

Roles of the Transport Layer TCP and UDP Protocols Internet Protocol and IPv4 Networks and Subnets Introduction to Routing IPv4 Basics

IPv4 Address Types IPv4 Subnetting

IPv6 Addressing Basics IPv6 Unicast and Multicast IPv6 Testing Connections Data Link Layer Basics Physical Layer Basics Network Media

Topology Basics Ethernet Basics

Address Resolution Protocol (ARP) Switch Basics

IOS Device Basics IOS Command Basics Switch Configuration Basics Switch Security Basics Switch Port Security VLAN Basics


Andrew Crouthamel Cisco CCNA Training Notes 3 Creating VLANs VLAN Trunks VLAN Security Layer 3 Switching Routing Basics Routing Table Basics

Router-on-a-stick Configuration Static Routing Basics

Static Routing Configuration

Dynamic Routing Protocols Basics Distance Vector Routing Protocols RIP Configuration

Open Shortest Path First (OSPF) OSPFv2 Single-Area Configuration OSPF Multi-Area Basics

OSPF Multi-Area Configuration EIGRP Basics

EIGRP Configuration EIGRP Metrics and DUAL EIGRP Tuning and Security Access Control Lists (ACLs) Standard IPv4 ACL Configuration Extended IPv4 ACL Configuration

Dynamic Host Configuration Protocol (DHCP) DHCP Configuration

Network Address Translation (NAT) NAT Configuration

Spanning Tree Protocol (STP) Spanning Tree Configuration Redundancy Protocols Link Aggregation Basics Wireless Basics and Security IOS Naming Scheme

IOS Licensing WAN Basics

Serial Point-to-Point WAN Encapsulation PPP Configuration Frame Relay Basics Frame Relay Configuration PPPoE Configuration VPN Basics


Andrew Crouthamel Cisco CCNA Training Notes 4

Syslog Basics SNMP Basics NetFlow Basics Credits

About ShrikeCast and Andrew Crouthamel

● Started in 2011 to share IT knowledge

● Shrike comes from the bird

○ Impales insect and small mammals on spikes to help it rip apart and preserve for later

● Andrew has been in IT for 10 years now ○ CCNA ○ CCNA Security ○ CCAI ○ VCP5 ○ CompTIA Security+ ○ CompTIA Network+ ○ CompTIA A+

● Majority has been involved in networking and security ● LinkedIn:

About Cisco Certification and CCNA

● Current Cisco Certification Levels ○ Entry

○ Associate ○ Professional ○ Expert ○ Architect

● Cisco Certification Tree ● Recertification policy

○ Pass one test from same level or above, all certifications update ● CCNA

○ 100-101 ICND1 (CCENT)

■ Modules 1 & 2 of Cisco Networking Academy ■ AND

○ 200-101 ICND2 (CCNA)

■ Modules 3 & 4 of Cisco Networking Academy ■ OR

○ 200-120 CCNA (ICND1 & ICND2)


Andrew Crouthamel Cisco CCNA Training Notes 5

Useful Networking Tools and Learning Resources

● Wireshark - ● Packet Tracer - ● GNS3 - ● PuTTY - ● KiTTY - ● TFTP32 -

● Angry IP Scanner -

● Cisco Learning Network - ● GNS Labs -

When do I use a Network?

● World economies going global

● Instant communications across the world ○ Facebook

○ Twitter

● TV, Phone, Internet, everything uses networks ○ Smartphones ● Communications ○ Social Networks ○ News ○ Blogs ○ Internet Radio ○ Podcasts ○ Instant Messaging ○ Wikis ○ VoIP

○ eBooks (rise of Kindle and self-publishing) ● Banking

● Shopping

○ Mail order catalogs ○ Traditional stores ○ Auction sites ■ eBay ● Education revolution ○ Online classes ○ Online colleges


Andrew Crouthamel Cisco CCNA Training Notes 6

○ Coursera & Udacity ● Business needs

○ Remote access ■ IPsec ■ SSL-VPN

○ Connections between locations ■ Site-to-site IPsec VPN ● Gaming

○ Online game matches ■ Xbox Live ■ PSN ○ Online distribution

■ Steam

○ Rise of independent developers and publishing ● Internet of Things

○ No longer PCs, everything getting connected ■ QoS important

What are Networks?

● Communication needs

○ Sender and receiver ○ Method

○ Language ○ Speed ○ Confirmation ● Quality

○ Acceptable quality needs to be determined

○ More times data is transmitted, greater chance of corruption ○ Size of data packages needs to be determined

○ Reliability is key now ● Network elements ○ Rules (Protocols) ■ HTTP/HTTPS ■ SMTP ■ POP ■ XMPP ■ OSCAR ■ SIP ■ FTP ■ Telnet ■ SSH


Andrew Crouthamel Cisco CCNA Training Notes 7 ○ Medium ■ Wired ■ Wireless ○ Messages ■ Segments ■ Packets ■ Frames ○ Devices ■ Switches ■ Routers ● Network symbols ● Converged Networks

The History of the Internet

● Victorian Internet

○ Telegraph (1830-40s)

○ Submarine cables (1850s-60s) ○ Gave rise to phone networks ● Began in 1950s

○ Mainframe computer connections ● Late 1960s into 1980s

○ ARPANET (Advanced Research Projects Agency Network) ■ 1969-1985 (latest 1989)

■ Project of DARPA (Defense Advanced Research Projects Agency) ■ Connected universities at first, military later

■ Military split off with MILNET in 1983 ■ E-mail, FTP, TCP/IP protocols

■ Shut down around 1985 with NSFNET introduction ● 1980s

○ CSNET (Computer Science Network) ■ 1981-1984

■ Project of National Science Foundation

■ Used to connect institutions that could not get funding or authorization to connect directly into ARPANET

■ Rose awareness for the national network ○ NSFNET (National Science Foundation Network)

■ 1985-1995

■ Project of National Science Foundation

■ Provide connections for researchers to supercomputers funded by NSF ■ Started with a 56Kbps backbone, upgraded to 1.5Mbps T1, then to a


Andrew Crouthamel Cisco CCNA Training Notes 8

■ BGP protocol

■ Commercial ISPs started around this time, using the NSFNET to route traffic

● 1990s

○ Internet

■ April 30, 1995 the original NSFNET Backbone Service was

decommissioned, transitioning traffic to several commercial backbone networks

● MCI ● Sprint

How the Internet is Designed

● Circuit Switching

● Packet Switching ● Tiered ISP structure

○ T1 - Tier 1 - Backbone ISPs ■ Own the cable ■ Verizon ■ Sprint ■ AT&T

○ T2 - Regional - Common ISPs ■ Lease from T1

○ T3 - Local - More common with dial-up ■ Lease from T2

● Convergence

○ QoS (Quality of Service) ■ Classification ■ Priorities

■ Based on traffic type, protocol ● UDP - more sensitive

○ VoIP ○ Video ● TCP - less sensitive ○ HTTP ○ FTP ● Network Security ○ Confidentiality ○ Integrity ○ Availability ● Future of Networking ○ Convergence


Andrew Crouthamel Cisco CCNA Training Notes 9

○ Mobility ○ Security

How to Communicate

● Parts needed for communicating

○ Source ○ Encoder ○ Transmitter ○ Medium ○ Receiver ○ Decoder ○ Destination ● Segmentation

○ Breaking up data into smaller pieces ● Multiplexing

○ Having several communications on the same medium ● Components

○ Devices

■ End devices

● Generate and receive the data ■ Intermediary devices

● Help determine where data needs to go based on addresses in data

○ Media

■ Copper ■ Fiber ■ Radio

■ Each has its own encoding method ○ Services ■ Web (HTTP) ■ Files (FTP) ■ Video (H.264) ■ VoIP (SIP)

Sizes of Networks

● Terminology varies

● PAN (Personal Area Network) ● LAN (Local Area Network)


Andrew Crouthamel Cisco CCNA Training Notes 10

○ Businesses ○ Buildings

● MAN (Metropolitan Area Network) ● WAN (Wide Area Network)

○ Connects LANs together

● Internet is a network of networks on a global scale ○ Called an Internetwork

○ ISP (Internet Service Provider)

● Intranet is a network of networks in a single organization ● NIC (Network Interface Card)

○ Adapter in a host device to connect to network ● Physical Port

○ Also known as a jack, where cable plugs into on wall ● Interface

○ Name of a NIC on an intermediary device ● Network symbols


● Protocols are rules on how to communicate ● Format of message

● How to share information ● Error handling

● Setup and termination of sessions

● Most are ratified by organizations such as

○ IEEE (Institute of Electrical and Electronics Engineers) ■ Usually media specifications and standards ○ IETF (Internet Engineering Task Force)

■ Usually protocols

■ RFC (Requests For Comments) ● Sometimes they are grouped into suites or stacks ● Examples

○ HTTP (Hypertext Transfer Protocol) ■ Application Protocol

○ TCP (Transmission Control Protocol) ■ Transport Protocol

○ IP (Internet Protocol) ■ Network Protocol


Andrew Crouthamel Cisco CCNA Training Notes 11

OSI and TCP/IP Models

● Layered approach helps protocols work together ● Protocol Models

○ TCP/IP Model ● Reference Models

○ OSI Model ● TCP/IP Model

○ IETF (Internet Engineering Task Force) ○ Application

○ Transport ○ Internet

○ Network Access

● Data goes down the model to the media, then back up the model at the receiver ● At each layer data is called a PDU (Protocol Data Unit)

● Specific layer terminology ○ Application Layer - Data ○ Transport Layer - Segment ○ Network Layer - Packet ○ Data Link - Frame ○ Physical - Bits

● Most layers encapsulate the previous layer with more data ● OSI Model

○ ISO (International Organization for Standardization) ○ 7 - Application ○ 6 - Presentation ○ 5 - Session ○ 4 - Transport ○ 3 - Network ○ 2 - Data Link ○ 1 - Physical

○ OSI Model layers are often referred to by their number ● Most layers have an addressing method

○ Transport - Ports

○ Network - Logical Addresses (IP Addresses) ○ Data Link - Physical Addresses (MAC Addresses)

● As data goes down the layers, it is encapsulated and new addresses specific to that layer are added on

● Intermediary devices read the destination addresses to determine where to send the data


Andrew Crouthamel Cisco CCNA Training Notes 12

read and the data is decapsulated from that layer ○ Decapsulated - Rip off the header

● Then data is sent to the next layer up

All About Applications

● Applications are the software and services on a computer

○ Often includes Presentation and Session layers as the TCP/IP model has ● Presentation Layer

○ Conversion of data to make it useful for layers below ○ Compression of data

○ Encryption/decryption

○ File formats are good examples of the Presentation Layer ● Session Layer

○ Creates and tears down sessions, connections from one device to another ● Application examples ○ DNS ○ HTTP ○ SMTP ○ FTP ○ Telnet

● Protocols, Applications, and Services can all be the same name ○ Telnet


● Processes on your computer are applications ○ Some use network connections

■ taskmgr ■ netstat -an ● Protocols

○ Message types ○ Message syntax

○ Message transit methods ● Client-server model

○ Client is the one making the request

■ Good example is a personal PC running a client such as a web browser ○ Server is the one responding to requests

■ Running the services

● Also called daemons

■ Good example is a server PC running Apache ○ Servers can have client software on them


Andrew Crouthamel Cisco CCNA Training Notes 13

■ One of, if not both end up running as a server and a client. ■ Can create a network Peer-to-Peer with a crossover cable

Common Protocols

● Protocols to know

○ DNS (Domain Name System) - TCP/UDP Port 53 ○ HTTP (Hypertext Transfer Protocol) - TCP Port 80

○ HTTPS (Hypertext Transfer Protocol over SSL or Hypertext Transfer Protocol Secure) - TCP port 443

○ SMTP (Simple Mail Transfer Protocol) - TCP Port 25 ○ POP (Post Office Protocol) - TCP Port 110

○ Telnet - TCP Port 23 ○ SSH - TCP Port 22

○ FTP (File Transfer Protocol) - TCP Ports 20 and 21, or 21 and random port ○ DHCP (Dynamic Host Configuration Protocol) - UDP Ports 67 and 68

○ SMB (Server Message Block)/CIFS (Common Internet File System) - TCP Port 445 or UDP Ports 137 and 138, and TCP Ports 137 and 139

○ TFTP (Trivial File Transfer Protocol) - UDP Port 69

○ SNMP (Simple Network Management Protocol - UDP Ports 161 and 162 ● DNS

○ Very old protocol but one of the most important protocols in use today ○ Modern technologies such as VMware rely heavily on it

○ Resolves domain names to IP addresses

○ DNS resolution is done before data connection to server for a service is initiated ○ Required for the World Wide Web to work

○ nslookup ○ Record types

■ A (IPv4) or AAAA (for IPv6) - Generic record, device IP address ■ NS - Name server record

■ CNAME - Canonical name, also known as an alias

● Often used for web servers so multiple websites can be hosted on the same IP

■ MX - Mail exchange record, only for E-mail servers

○ Client and servers will check their host files first, then DNS cache, only then checking network servers

○ ipconfig /displaydns ○ ipconfig /flushdns ○ Hierarchy system

■ Root servers - Records of top-level domain servers ● Also known as the Root Hint servers


Andrew Crouthamel Cisco CCNA Training Notes 14

■ Top-level domain servers - Records of second-level domain servers ● .com, .org, .net,, etc.

■ Second-level domain servers

●,, etc. ● HTTP

○ Also very old protocol

○ The World Wide Web (which runs on the Internet) is mostly run by HTTP

○ Web browsers download and interpret HTTP and other protocols and languages to display web pages

○ Transmits HTML or similar files (index.html is often hidden from the URL) ○ GET, POST, PUT message types

○ Secure version HTTPS ● SMTP/POP

○ Also very old protocols

○ Used for sending/receiving E-mail

○ Clients are known as MUA (Mail User Agent)

○ MDA (Mail Delivery Agent) is the server that actually sends the data back to the client and often stores the mailbox data

○ MTA (Mail Transfer Agent) is a mail routing server to get mail to the correct MDA ○ SMTP Commands

■ HELO - Creates connection to mail server ■ EHLO - Newer version of HELO

■ MAIL FROM - Sender address ■ RCPT TO - Recipient address ■ DATA - Message body

○ SMTP is for sending mail from a client and inter-MTA transfers ○ POP is for receiving mail to a client from a MDA

○ Secure options now, runs on other ports ● Telnet

○ Allows for CLI (Command-Line Interface) access ■ Also known as “terminal access”

■ Used to access routers, switches, servers, etc. ○ Commands and data are plaintext

○ Secure version is SSH ● SSH

○ Secure Shell

○ Provides encryption for CLI access ● FTP

○ Also very old protocol

○ Designed for sending and receiving files, HTTP later had that capability added ○ FTP is often the fastest method of transferring a file

○ Two modes


Andrew Crouthamel Cisco CCNA Training Notes 15

● Control on 21 ● Data on 20

■ Passive - Ports 21 and random ● Control on 21

● Data on random ○ Secure version is SFTP or FTPS ● DHCP

○ Originally BOOTP

○ Allows a client to automatically get an IP address and other information ○ Messages ■ Discover ■ Offer ■ Request ■ Acknowledge ● SMB/CIFS

○ Originally SMB, now CIFS ○ Microsoft protocol

○ Linux can speak it with Samba for SMB, or CIFS natively ○ Often used for file transfers and printer sharing

○ Default file transfer protocol for Windows ○ Usually slow and considered bloated

■ FTP is almost always many times faster ● TFTP

○ Commonly used for router or switch maintenance, transferring files or configurations to or from devices


○ Used for retrieving and setting values on computers, networking equipment, anything

○ Writing values via SNMP is commonly considered insecure and a bad idea ○ Reading values via SNMP is very common on a timed interval for retrieving health

information from a device (CPU usage, memory usage, disk usage, etc.) ○ MRTG and Zenoss

Roles of the Transport Layer

● Provides segmentation and control of data ● Reassembles data at receiving end

● Identifies applications and services based on port number

● After being sent from above layers, data is broken up into PDUs called segments ○ This is done to enable multiplexing and increase transmission reliability ● Establishes sessions using stateful communication protocols such as TCP


Andrew Crouthamel Cisco CCNA Training Notes 16

● Provides reliable delivery using protocols such as TCP ● Can re arrange data into proper order if received out of order ● Flow control

● TCP good for reliability, but slower data transmissions (HTTP, FTP, etc.) ● UDP good for unreliable, but faster data transmissions (VoIP, DNS, etc.)

● With TCP, it can track incoming data, keep note on what it received, acknowledge those receipts and force retransmission of missed segments

● Clients often generate a random port number per application when communicating to a server, so returning data can be routed to the correct application

○ Web browsers are a good example, each window or tab has its own randomly generated port number

● Port Numbers

○ Assigned by IANA (Internet Assigned Numbers Authority) ○ Well Known Ports - 0-1023

■ Most common applications and services are in here ■ Doom 666

○ Registered Ports - 1024-49151

■ Other common services and games

■ Sometimes used as dynamic ports on a client ○ Dynamic/Private Ports - 49152-65535

■ Also known as ephemeral ports ■ Free-for-all

■ Commonly used as dynamic ports on a client ● DNS uses UDP and TCP

○ UDP for requests and responses

○ TCP for zone transfers between servers

TCP and UDP Protocols

● Connection oriented communications

● TCP provides reliability to communications with an added overhead ● Options field

○ URG - Urgent

○ ACK - Acknowledgement ○ PSH - Push

○ RST - Reset connection

○ SYN - Synchronize sequence numbers ○ FIN - Finish connection

● Three-way handshake ○ SYN



Andrew Crouthamel Cisco CCNA Training Notes 17

● Four-way session teardown ○ FIN

○ ACK ○ FIN ○ ACK ● Reassembly

○ Packets can take various routes to get to destination ○ Sometimes they arrive out of order

○ Acknowledgement numbers during data transmission reflect how many bytes were sent

○ Acknowledgements usually happen after several packets are sent

○ If segment never received, will often harass the sender for missing segment, called FRR (Fast Retransmit and Recovery)

■ Otherwise, it waits until a timeout for the acknowledgement to determine that a segment was missed

● Flow control

○ Window size is the amount of bytes sent before and Acknowledgement is sent ○ Window size can be adjusted on the fly if there are bottlenecks at one side ○ If both sides support SACK (Selective Acknowledgements), which is common,

only the missing segment is retransmitted

■ Otherwise, the entire window size will be retransmitted ● UDP

○ Connectionless communications

○ UDP provides unreliable communications without much overhead

○ No reassembly if received out of order, segments are passed up the layers as-is ○ Lost or damaged segments are not re sent

○ Sometimes the above two are handled via software to provide pseudo-TCP functionality with UDP

Internet Protocol and IPv4

● Layer 3 provides ○ Addressing ○ Encapsulation ○ Routing ○ Decapsulation ● Layer 3 Protocols

○ IPv4 (Internet Protocol version 4) ○ IPv6 (Internet Protocol version 6)

○ IPX (Novell Internetwork Packet Exchange) ○ AppleTalk


Andrew Crouthamel Cisco CCNA Training Notes 18

○ Connectionless - Relies on Layer 4 ○ Best Effort - Relies on Layer 4

○ Media Independent - Relies on Layer 2

● MTU is a Layer 2 setting which gets passed up to Layer 3 so it can determine how large packets need to be

○ If a router or other device receives a packet that is too large it usually will fragment ● Takes Layer 4 segment and header, then encapsulates IP header onto it

● IPv4 Header

○ Source Address

■ 32-bit binary number assigned to source NIC ○ Destination Address

■ 32-bit binary number assigned to destination NIC ○ TTL (Time-to-Live)

■ 8-bit binary value that defines how many “hops” the packet can take before being dropped

● Starts high, counts down to 0 ○ ToS (Type-of-Service)

■ 8-bit binary value used for Quality of Service ○ Protocol

■ 8-bit binary value used to define the Layer 4 protocol in use ● 01 - ICMP

● 06 - TCP ● 17 - UDP ○ Fragment Offset

■ If a packet is fragmented, the offset is used to determine how to reconstruct the data

Networks and Subnets

● Many sizes and design options to choose from for your networks ● Networks can be broken down by

○ Location ○ Department ○ Collaboration

● Reasons for networks and subnetting ○ Logical separation

○ Security

○ Broadcast traffic reduction ○ Address management

● IP addresses are broken into Network and Host portions

○ The subnet mask (also known as bit mask) determines where the separation occurs


Andrew Crouthamel Cisco CCNA Training Notes 19

Introduction to Routing

● Gateways and routing are required to communicate between networks

○ Any devices on the same network can communicate without the need for a router ● Routers read the IP addresses in the header to determine where traffic needs to go when

routing between networks

● Default gateways are the escape point for a network, each device should have only one configured

○ ipconfig or ipconfig /all

● Routes determine who to send traffic to for a certain network ○ End devices can have static routes added

■ route print, route add, route delete

○ Intermediary devices such as routers have either static or dynamic routes in them ○ Routes have three basic parts

■ Destination network ■ Next-hop or Exit interface ■ Metric

○ Many routers have a Default Route, which is the same as a Default Gateway, also known as the Gateway of Last Resort

■ Often shows for destiantion network

○ If there is no route match and no Default Route, packets are discarded ● Routing process (for every packet)

○ Decapsulate (rip off) Layer 2

○ Read the destination IP in the Layer 3 header ○ Check routing table

○ Encapsulate Layer 2

● Routing protocols allow routers to share route information ○ They add dynamic routes into the routing table ○ Routing protocols learned in CCNA

■ RIP (Routing Information Protocol)

■ EIGRP (Enhanced Interior Gateway Routing Protocol) ■ OSPF (Open Shortest Path First)

● Routes that are manually entered by an administrator are known as static routes

IPv4 Basics

● 32-bit address

● Notated in dotted decimal format

○ Four groups of 8 bits, converted to decimal, with a dot between each ○ 11000000101010000000000100000001 turns into


Andrew Crouthamel Cisco CCNA Training Notes 20

11000000.10101000.00000001.00000001 which turns into ○ Each 8-bit group is called an octet

● Often the network and host separation happens as one of the end of an octet ● Every 8 bits is also called a byte

● Binary to Decimal Conversion ○ Uses positional notation

■ 128 64 32 16 8 4 2 1 ■ 1 1 0 0 0 0 0 0 ■ = 192; add up the positions

■ Binary is a base 2 numbering system so bits can only be on or off, 1 or 0 ○ Do binary to decimal conversion for each octet of an IP address to get dotted

decimal notation ● Decimal to Binary Conversion

○ Same positional notation system as above but in reverse ○ Similar to long division from grade school

■ Does 128 fit into 192? Yes, 1 ■ Does 64 fit into 64? Yes, 1 ■ Does 0 fit into 0? No, 0

○ Do decimal to binary conversion for each octet of an IP address to get binary notation

IPv4 Address Types

● Network Address

○ First IP of a network, reserved and cannot be used by a host ○ Common way to refer to a network by “name”

● Broadcast Address

○ Last IP of a network, reserved and cannot be used by a host ○ All hosts respond to traffic on this IP

● Host Address ● Network Prefixes

○ Prefix length is the number of bits in the network portion of the address ○ When converted to decimal, it gives you a subnet mask.

○ Important for subnetting and Classless Inter-Domain Routing (CIDR, pronounced see-dur)

○ Common to refer to a network combining the Network Address and Prefix, ex. “It’s the /26 network”

● Calculating Addresses

○ Number of prefix bits starts from the left and is called the network bits ○ The remaining bits on the right side are called the host bits

○ All 0’s on the host bits is the network address ○ All 1’s on the host bits is the broadcast address


Andrew Crouthamel Cisco CCNA Training Notes 21

○ All remaining bits in-between are the usable addresses

○ Show example of IP address in binary with network/host division ● Packet Types

○ Unicast - one to one ○ Multicast - one to many

■ Basic functionality is to be sent to all machines, works like a limited broadcast, but only certain machines listen and respond. If you need to send multicast over VLANS/subnets, you will need to specially retransmit the traffic in your router (Bonjour has this problem)

■ Some situations have multicast clients register with a server or switch, so traffic only goes to specific computers, like a bunch of unicasts

○ Broadcast - one to all

■ Limited broadcast - - Does not get forwarded by routers ■ Directed broadcast - - Gets forwarded by routers

● IP Ranges ○ Host Addresses - to ■ RFC - 790 ○ Multicast Addresses - to ■ RFC - 1700 ○ Experimental Addresses - to ■ RFC - 1700, 3330 ■ Not routable ○ Private Addresses -,, ■ RFC - 1918

■ Not routable on the Internet

■ NAT - Network Address Translation, allows you to “hide” many private IPs behind a public IP, as well as translate between different IP subnets if needed

○ Public Addresses - The remaining IPs from the Host Addresses, minus the Private Addresses

● Special IPv4 Addresses ○ Default route -

■ Catch-all for traffic, used as the route pointing to your “default gateway” or “gateway of last resort”

■ The reasoning for this will make more sense when we get into subnetting and the ANDing process

■ Not routable ○ Loopback -

■ Sends traffic to your own IP stack on the host you run it from, used to test the driver/NIC (Network Interface Card)

■ Not routable

○ Link-Local - to


Andrew Crouthamel Cisco CCNA Training Notes 22

Configuration Protocol) server is found

■ Also called the APIPA (Automatic Private IP Addressing) address ■ Not routable

○ TEST-NET Address - to ■ Set aside for teaching purposes

IPv4 Subnetting

● Used to have Classful Networking - Subnet was based on first octet and there was no Network Address Translation (NAT), everyone used “Public IPs”.

○ Class A

■ First octet 1-127 ■ /8 -

■ 128 nets, 16,777,214 hosts per net ○ Class B

■ First octet 128-191 ■ /16 -

■ 16,384 nets, 65,534 hosts per net ○ Class C

■ First octet 192-223 ■ /24 -

■ 2,097,150 nets, 254 hosts per net ○ Class D (multicast)

■ First octet 224-239 ○ Class E (reserved)

■ First octet 240-255

● Now use classless subnetting to make smaller networks, NAT, VLSM, etc

● Good for logical or physical dividing of a network to simplify management and security ○ Access Control Lists (ACLs)

● Router (or Layer 3 switching) needed to communicate between subnets ● You have network bits and host bits in an address

● Prefix and subnet mask are same thing ○ Prefix refers to number of network bits

○ Subnet mask is dotted decimal conversion of the prefix ● Subnets are created by “borrowing” from the host bits

● Based on powers of two, so one bit borrowed, two subnets created, 2 buts, four subnets, etc

● Parts of a subnet

○ Network address

■ All host bits set to 0 ○ First host address


Andrew Crouthamel Cisco CCNA Training Notes 23

○ Last host address

■ All host bits set to 1 except last host bit set to 0 ○ Broadcast address

■ All host bits set to 1 ● Formulas

○ Number of subnets - 2^n (n = number of network bits)

■ n can also be number of bits borrowed to determine number of subnets created from existing network

○ Number of hosts - 2^n (n = number of host bits) ■ Includes network and broadcast address ○ Number of valid hosts - 2^n-2 (n = number of host bits)

■ Hosts cannot use network and broadcast addresses ● Basic steps

○ Write binary placeholders down

○ Mark out the 1 and 0 bits for the network portion of an IP ○ Draw a vertical line after the last prefix bit

○ Count from 0 upwards by the placeholder to the left of the line

○ One can use these basic steps to either determine network address of an IP/prefix, or create properly sized subnets by counting up by the chosen placeholder

● Variable Length Subnet Masks (VLSM)

○ Same idea as classless subnetting, but you can subnet a subnet ○ Good for organization of IP schemes in large environments

○ Efficient, no wasting of IP space due to subnets that are too large and reduced broadcast issues

IPv6 Addressing Basics

● Designed to solve IPv4 exhaustion ● 128-bit addressing

● Hexadecimal notation

○ Hex digits are 0-9 and A-F for 16 possible bits ○ Sets of 4 hex digits in 8 places

■ Separated by colons : ○ 4 hex digits = 16 binary digits

○ Leading zeros 0000:0000:000 can be truncated

○ One section of zeros can be truncated with two colons ■ 1234:0000:0000:0000:4321

■ 1234::4321 ● Header simplified

● No dotted decimal subnet mask, only notated with prefix length ○ 1234:000:000:4321/64


Andrew Crouthamel Cisco CCNA Training Notes 24

● Unicast

○ Uniquely identifies an interface on an IPv6 device. ○ Global unicast

■ Globally unique, routable addresses ■ Static or DHCP

○ Link-local

■ Unique only on same subnet, not routable ■ Used to communicate on same subnet

■ Used for routing protocol communication and default gateway address ○ Loopback

■ Same as IPv4 loopback, to test the TCP/IP stack and NIC ■ Cannot be assigned to an interface

■ All zeros except last bit is 1 ● ::1/128 or ::1

○ Unspecified address

■ Used as a source address when device does not yet have a permanent address or the source is irrelevant

■ Cannot be assigned to an interface ■ All zeros

● ::/128 or :: ○ Unique local

■ Similar to IPv4 RFC 1918 addresses ■ Used for local addressing at a location ■ Not routable to the global IPv6

■ FC00::/7 to FDFF::/7

■ Not recommended by the IETF to be used like IPv4 NAT/PAT ○ IPv4 embedded

■ Used for transition from IPv4 to IPv6 ● Multicast

○ Send to multiple destinations ● Anycast

○ A unicast address assigned to multiple devices

○ Packets sent to the anycast address are routed to the nearest device ● IPv6 Subnetting

○ Not done to conserve IPs but only for logical organization reasons

○ Can look cleaner since you can just count up in hexadecimal in the Subnet ID ■ 2001:0DB8:ACAD:0000::/64

■ 2001:0DB8:ACAD:0001::/64 ■ 2001:0DB8:ACAD:0002::/64


Andrew Crouthamel Cisco CCNA Training Notes 25

IPv6 Unicast and Multicast

● Global Unicast Addresses

○ Has three parts:

■ Global routing prefix ■ Subnet ID

■ Interface ID ○ Global Routing Prefix

■ Network portion of the address assigned by the provider. ■ Currently /48s are assigned to all individuals and companies ○ Subnet ID

■ Used by organizations ○ Interface ID

■ Same as the host portion of an IPv4 address ○ Configuration

■ Usually can use ipv6 instead of ip to configure ■ ex. ipv6 address 2001:db8:abcd:1::1/64 ○ Can be provided dynamically

■ Stateless Address Autoconfiguration (SLAAC) ■ DHCPv6

● Stateless Address Autoconfiguration (SLAAC)

○ Retrieve prefix, prefix length, and default gateway from an IPv6 router without DHCPv6

○ Uses Router Advertisement (RA) messages (ICMPv6) ○ RAs are periodically sent to all IPv6 devices from routers

■ Every 200 seconds by default to the all-nodes multicast group ○ IPv6 devices do not have to wait for the RA messages

■ Can send a Router Solicitation (RS) message using the all-routers multicast group address

■ Router will then respond with a router advertisement

○ To enable a router for IPv6 routing “ipv6 unicast-routing” must be entered in global configuration

○ RA message will describe how to configure ■ SLAAC only

● Device will use the prefix, prefix-length, and default gateway address from the RA

■ SLAAC and DHCPv6

● Device will use the prefix, prefix-length, and default gateway address from the RA and obtain other parameters such as DNS servers from DHCPv6


Andrew Crouthamel Cisco CCNA Training Notes 26

● Device will not use information in the RA message, but obtain all parameters from DHCPv6

● DHCPv6

○ Similar to DHCP in IPv4 ○ In the ICMPv6 RA

■ Option 1 specifies using SLAAC only

■ Option 2 specifies using SLAAC and DHCPv6 ■ Option 3 specifies using DHCPv6 only

○ With SLAAC only or SLAAC with DHCPv6, the client must determine its own Interface ID using EUI-64 or generating a random number

● EUI-64

○ Extended Unique Identifier (EUI)

○ Users the 48-bit Ethernet MAC address from the client and inserts 16 bits into the middle to create the Interface ID.

■ 16-bits = FFFE

■ 24-bit OUI + 16-bit FFFE + 24-bit Device Identifier ● Dynamic Link-Local Addresses

○ Created using FE80::/10 prefix and the Interface ID ● Static Link-Local Addresses

○ ex. ipv6 address link-local-address 2001:db8:abcd:1::1/64 ● Verifying IPv6 Configuration

○ show interface

○ show ipv6 interface brief ○ show ipv6 route

● Multicast Addresses

○ Have the prefix FF00::/8 ○ Assigned multicast

■ Reserved addresses for group of devices ■ Used with specific protocols

■ FF02::1 - All-nodes multicast group ● All IPv6 devices join this group ● Acts like broadcast for IPv4 ● RA messages go to this group ■ FF02::2 All-routers multicast group

● All IPv6 routers join this group ● Acts like broadcast for IPv4 ● RS messages go to this group ● Solicited Node Multicast

○ Matches only the last 24 bits of the IPv6 global unicast address


Andrew Crouthamel Cisco CCNA Training Notes 27

IPv6 Testing Connections


○ Often used for testing

○ ICMPv4 Destination Unreachable ■ 0 - network unreachable ■ 1 - host unreachable ■ 2 - protocol unreachable ■ 3 - port unreachable

○ ICMPv6 has similar Destination Unreachable messages ○ ICMPv4 Time Exceeded

■ Packet cannot be forwarded because TTL reached 0

■ When a router receives and decrements the TTL to 0, it discards and sends Time Exceeded to the source host

○ ICMPv6 is similar, it sends Time Exceeded but does not have TTL, it uses the hop limit field

○ ICMPv4 Redirect Message

■ Notifies the host that a better route is available for a destination ○ ICMPv6 has the same message

○ ICMPv6 has four new protocols

■ Part of the Neighbor Discovery Protocol (ND/NDP) ● Router Solicitation

● Router Advertisement ● Neighbor Solicitation ● Neighbor Advertisement ■ Router Solicitation

● When a host uses SLAAC, the host will send an RS message ■ Router Advertisement

● Sent by a router in response to an RS, providing parameters for a host

■ Neighbor Solicitation and Neighbor Advertisement

● Used for address resolution and Duplicate Address Detection (DAD)

● Similar to ARP, address resolution is used to determine MAC of a destination

○ NS will be sent to the solicited node address ○ NA will be sent in response with MAC address ● To perform DAD

○ A device will send an NS with its own IP as the targeted address


Andrew Crouthamel Cisco CCNA Training Notes 28

● Testing Commands ○ Ping

■ Local loopback to test TCP/IP stack of device ● IPv4 -

● IPv6 - ::1

■ Test connectivity to other devices

● Either local (LAN) or external (WAN) ○ Traceroute

■ Uses the TTL of IPv4 and the hop limit of IPv6 to map the route a packet will take

■ TTL/hop limit will start at 1

● First router will decrement and send a Time Exceeded ■ TTL/hop limit will then be set to 2

● First router will decrement to 1, pass it on

● Second router will decrement to 0, send a Time Exceeded ■ Process repeats until destination is reached

■ Traceroute application records this data and presents it as a printout to the user

Data Link Layer Basics

● TCP/IP network access layer is the same as OSI Layers 1 and 2 ● Packages packets into frames

● Does media access control and error detection ● Two sublayers

○ Logical Link Control (LLC)

■ Identifies which protocol is used for the frame ■ Places identifier into the frame

○ Media Access Control (MAC)

■ Provides data link layer addressing

■ Delimiting of data according to physical signaling needs of medium to be transmitted across

● Can change for each link between each device from source to destination ○ ex. Fiber -> Ethernet -> Frame Relay -> Wi-Fi

○ Encapsulates and de-encapsulates each hop

● Generally standardized and defined by a number of organizations, unlike higher level which is mostly by IETF

○ Institute of Electrical and Electronics Engineers (IEEE) ○ International Telecommunication Union (ITU)

○ International Organization for Standardization (ISO) ○ American National Standards Institute (ANSI) ● Header


Andrew Crouthamel Cisco CCNA Training Notes 29

○ Control information in beginning of PDU ○ Fields

■ Start Frame

● Indicates beginning of frame ■ Source and Destination Address

● Indicates source and destination devices ■ Type

● Indicates upper layer service ■ Priority/Quality of Service

● Indicates a particular service level ■ Logical connection control

■ Physical link control ■ Flow control

■ Congestion control ● Data

○ IP header, transport layer header, application data ● Trailer

○ Control information for error detection at end of PDU

○ Transmitting device creates a cyclic redundancy check (CRC) and places it in the Frame Check Sequence (FCS) field

○ Receiving device calculates its own CRC and checks the FCS field if configured to do so

■ Drops frame if CRC is different ● Media Access Control

○ Topology

■ How the connections between devices is to operate ○ Media Sharing

■ How the devices share the media, what rules to follow ● Address

○ Only used on media link between two communicating devices ○ Specific to one interface on one device

■ Has to be unique ● Common protocols

○ Ethernet

○ Point-to-Point Protocol (PPP) ○ 802.11 Wireless

○ High-Level Data Link Control (HDLC) ○ Frame Relay

● Ethernet Frame

○ Most common LAN protocol ○ IEEE 802.2 and 802.3

○ Supports 10Mbps, 100Mbps, 1Gbps, and 10Gbps ○ Uses CSMA/CD as the media access method


Andrew Crouthamel Cisco CCNA Training Notes 30

○ Uses Ethernet MAC address, 48 bit hexadecimal identifier ● Point-to-Point Protocol (PPP)

○ Used to deliver between two nodes ○ Used on many Serial WAN connections ○ Defined in RFCs, not IEEE standards

○ Uses logical connections between nodes to separate them from physical architecture

● 802.11 Wireless

○ Uses same 802.2 LLC and 48-bit addressing scheme as other 802 LANs ○ Uses CSMA/CA as the media access method

■ Slightly slower by design, than CSMA/CD for Ethernet

■ Uses a random backoff timer for all nodes wishing to transmit

● When airwaves become clear, nodes wait random amount of time before transmitting, hopefully preventing a collision

● This is because collision detection is not reliable on wireless

Physical Layer Basics

● All communications need some sort of physical connection

● Can be wired, using electrical pulses with a cable of various specifications ● Can be wireless, using radio waves of various of specifications

● Wired is the backbone of almost all networks

○ Requires switches to provide user connectivity ● Wireless is now very common

○ Requires Wireless Access Points (WAP) to support devices

● Many homes receive a home router from their ISP which will include wired and wireless functionality

● Network Interface Cards (NICs) connect a device to a network

○ Can be wired or wireless, supporting a variety of specifications

● Defines how to encode and transmit the bits of data from the upper layers over a specified media type

○ Data is segmented by the transport layer, placed into packets by the network layer, encapsulated as frames by the data link layer, then further encoded and transmitted in certain patterns by the physical layer

● Three basic network media ○ Copper cable

■ Electrical pulses ○ Fiber-optic cable

■ Patterns of light ○ Wireless

■ Patterns for radio waves


Andrew Crouthamel Cisco CCNA Training Notes 31

○ International Organization for Standardization (ISO)

○ Telecommunications Industry Association/Electronic Industries Association (TIA/EIA)

○ International Telecommunication Union (ITU) ○ American National Standards Institute (ANSI)

○ Institute of Electrical and Electronics Engineers (IEEE) ○ Federal Communication Commission (FCC)

○ European Telecommunications Standards Institute (ESTI) ○ Regional and local standards groups

● Comprised of physical components, hardware devices, media ● Data is taken and encoded into a defined pattern or code

○ Allows data to be more efficiently transmitted, less bits can be used to represent a larger amount of bits

■ Think compression, like ZIP files ○ Manchester encoding

■ A 0 is a high to low voltage transition ■ A 1 is a low to high voltage transition ■ Used by older versions of Ethernet ○ Non-Return to Zero (NRZ)

■ Either zero or one, no neutral position

■ A 0 and 1 represented by different specific voltages ■ Common encoding

○ Faster transmission methods use more advanced encoding methods, such as 4B/5B or 8B/10B

● Asynchronous transmission

○ Transmitted without an associated clock signal, time spacing may be arbitrary ○ Requires start and stop flags

● Synchronous transmission

○ Transmitted with an associated clock signal ● Modulation

○ Frequency Modulation (FM) ○ Amplitude Modulation (AM) ○ Pulse-Coded Modulation (PCM)

● Bandwidth is the capacity of a medium to transmit data ○ Measured in bits per second

■ Kbps, Mbps or kb/s, Mb/s

○ Maximum bandwidth differs based upon physical media type ● Throughput

○ Measure of the transfer of bits over a medium during a period of time ○ Factors such as amount of traffic, type of traffic, latency affect throughput ○ Different protocols will have different throughputs on the same medium (and

such, same bandwidth capability) ● Goodput


Andrew Crouthamel Cisco CCNA Training Notes 32

○ Throughput minus traffic overhead

Network Media

● Copper Cabling

○ Transmitted as electrical pulses ○ Interference

■ Electromagnetic Interference (EMI) ● Fluorescent lights

■ Radio Frequency Interference (RFI) ● Microwaves

■ Crosstalk

● Wires picking up electrical signals of adjacent neighbors ■ Use of twisted pairs and shielding combat interference

■ Separation of wires from EMI/RFI sources ○ Unshielded Twisted-Pair (UTP)

■ Four pairs of color-coded wires ○ Shielded Twisted-Pair (STP)

■ Same as UTP but with wire mesh or foil

● One option is to have foil or wire mesh surrounding the bundle of pairs

● Second option is to have foil or wire mesh surrounding each twisted pair and entire bundle of pairs

○ Coaxial Cable

■ Single copper conductor in center

■ Conductor surrounded by flexible plastic insulation ■ Plastic insulation surrounded by copper mesh ■ Copper mesh surrounded by a jacket

● UTP Cabling

○ Four pairs of color-coded wires twisted together and in a flexible plastic sheath ○ Cat 5 ○ Cat 5e ○ Cat 6 ○ Cat 6a ○ RJ-45 connection ○ Types of UTP ■ Straight-through

● Most common, used for connecting most devices, such as host to switch

■ Crossover

● Used to connect similar devices together, such as host to host or switch to switch


Andrew Crouthamel Cisco CCNA Training Notes 33

● Often no longer needed, with Auto-MDIX functionality ■ Rollover

● Cisco cable used for console connection ● Fiber Optic Cabling

○ Made of glass fiber

○ Flexible but fragile, cannot bend sharp corners ○ Immune to EMI and RFI

○ Uses

■ Backbone of larger networks ■ Fiber-to-the-home

■ Long distances ■ Underwater ○ Composition

■ Core - Glass fiber

■ Cladding - Glass surrounding core and acts as a mirror ■ Jacket - PVC protection

○ Light pulses generated by two devices ■ Lasers

■ Light Emitting Diodes (LEDs) ○ Single-Mode fiber (SMF)

■ Uses laser

■ Often used for long distance runs ○ Multi-Mode fiber (MMF)

■ Uses LED

■ More economical, used for shorter distances ○ Connectors

■ Straight-Tip (ST)

● Older connector used with multimode ■ Subscriber Connector (SC)

● Very popular, supports both fiber types ■ Lucent Connector (LC)

● Gaining popularity, supports both fiber types

■ Many other types that are falling out of favor or now obsolete ○ Troubleshooting

■ Misalignment ■ End gap ■ End finish ● Wireless Media

○ Coverage is highly dependant on frequency used and material of walls and floors ○ Interference can be an issue as many devices operate on 2.4 Ghz

○ Security is an issue due to all transmissions being out in the open, not restrained to a cable


Andrew Crouthamel Cisco CCNA Training Notes 34

○ IEEE Standards ■ 802.11

● WLAN technology, known as Wi-Fi, has many variants (a/b/g/n/ac) ■ 802.15

● WPAN technology, known as Bluetooth ■ 802.16

● Worldwide Interoperability for Microwave Access (WiMAX) ■ Each have their strengths and weaknesses

○ Wireless Access Points (APs)

■ Provides access for wireless devices, a pure AP does not provide DHCP, routing, firewall, or other features.

○ Wireless NIC adapters

■ Provides wireless functionality to devices ○ Wi-Fi Standards ■ IEEE 802.11a ● 5 GHz ● 54 Mb/s ■ IEEE 802.11b ● 2.4 GHz ● 11 Mb/s ■ IEEE 802.11g ● 2.4 GHz ● 54 Mb/s ■ IEEE 802.11n ● 2.4 or 5 GHz ● 100-600 Mb/s ■ IEEE 802.11ac ● 2.4 and 5 GHz ● 250 Mb/s and 1.3 Gb/s ■ IEEE 802.11ad (WiGig)

● 2.4 GHz, 5 GHz, and 60 GHz ● 7 Gb/s

Topology Basics

● Different Data Link protocols have different topologies ● Physical Topology

○ How devices physically are connected ● Logical Topology

○ How a network transfers frames from one device to the next ● WAN Topologies


Andrew Crouthamel Cisco CCNA Training Notes 35

■ Physical could be one cable interconnecting devices

■ Logical is similarly one connection between devices, but could span physical connections

○ Hub and Spoke ■

○ Mesh ● LAN Topologies

○ Star - Modern Ethernet

○ Extended Star - Modern Ethernet ○ Bus - Legacy Ethernet

○ Ring - Token Ring, Fiber Distributed Data Interface (FDDI) ● Duplex

○ Half - One side talks at a time as the other listens

○ Full - Both sides can talk at the same time and listen at the same time

○ 10/100 offered Half/Full, meaning when enabled for Full they were really 20/200 ○ Gigabit is Full only

● Media Access Control methods ○ Contention-based access

■ All nodes compete for the use but have a method in place to deal with collisions (most modern networks)

■ Carrier sense multiple access with collision detection (CSMA/CD)

● Monitors for signal on the wire, when clear transmit is acceptable. If a collision of multiple transmits is detected, all devices stop and wait a random amount of time to retransmit.

● Switching in modern networks eliminates the need for CSMA/CD due to the collision domain being limited between host and intermediary device

● Ethernet

■ Carrier sense multiple access with collision avoidance (CSMA/CA) ● Monitors for signal in the air, when clear transmit is acceptable. ● WiFi

○ Controlled access

■ Each node has a slot of time to use ● Token Ring

● Fiber Distributed Data Interface (FDDI)

Ethernet Basics

● Most common LAN technology now ● Operates on Data Link layer

● Supports many speeds ○ 10 Mb/s


Andrew Crouthamel Cisco CCNA Training Notes 36 ○ 100 Mb/s ○ 1000 Mb/s (1 Gb/s) ○ 10,000 Mb/s (10 Gb/s) ○ 40,000 Mb/s (40 Gb/s) ○ 100,000 Mb/s (100 Gb/s) ● Two sublayers ○ LLC

■ Handles communication between upper and lower layers ■ Takes IP packet and adds control information

■ Implemented in software ○ MAC

■ IEEE 802.3

■ Data encapsulation

● Frame delimiting in beginning ● Addressing with MAC address

○ 48 bits, 24 bit vendor code assigned by IEEE, 24 bit generated by vendor “burned into” NIC

○ Must be unique

○ Formatted with dashes, colons, or decimals ● Error detection with CRC in trailer

■ Media access control

● Placement and removal of frames onto the media ■ Implemented in hardware

● DIX Ethernet standard now referred to as Ethernet II, the most common frame ● Minimum frame size is 64 bytes

● Maximum frame size is 1518 bytes

● Less than 64 bytes is a collision fragment or runt frame and is discarded ● IEEE 802.3ac extended maximum size to 1522 bytes to allow for VLANs ● Ethernet frame fields

○ Preamble

○ Start Frame Delimiter ○ Destination MAC Address ○ Source MAC Address ○ Length

○ Data

○ Frame Check Sequence (FCS) ● Uses Hexadecimal system, base 16

● Cisco uses XXXX.XXXX.XXXX, many other operating systems use XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX

● Used on Layer 2

● Unicast address is the unique address of the destination or source NIC ● Broadcast address is all F’s


Andrew Crouthamel Cisco CCNA Training Notes 37

● Multicast addresses start with 01-00-5E

● Devices will have both MAC (Layer 2, physical) and IP (Layer 3, logical) addresses ○ IP can change, MAC does not (usually)

Address Resolution Protocol (ARP)

● Address Resolution Protocol (ARP) helps a node determine the MAC address of the next device it needs to send to on the Ethernet link.

● ARP has requests and replies

● Resolves IPv4 addresses to MAC addresses ● Maintains a table of mappings

● There is also a Reverse ARP ● Commands

○ On a Cisco router: show ip arp

○ On Windows 7: arp -a - Shows all ARP entries

○ On Windows 7: netsh interface ip delete arpcache - Deletes all ARP entries ● Causes some overhead due to broadcast functionality

○ Switches reduce broadcast traffic if configured for VLANs ● Can easily spoof ARP replies, called ARP poisoning

Switch Basics

● Most devices now are connected to a switch instead of a hub or in-line as was the case many years ago

● Ethernet is a logical bus topology usually deployed in a star or extended star physical topology

● Switch types ○ Fixed

■ Cannot add new features, boards, ports, etc. Only upgradable through software if managed

■ Unmanaged and managed versions

■ Some models are stackable with special cables, or fiber cables ○ Modular

■ Has a main chassis with board slots

■ Choice of management consoles, ports, firewall features, etc.

● Individual ports can be sometimes swapped out for different types ○ Called Switch Form-Factor Pluggable (SFP) Modules ● Operation

○ Use MAC addresses to decide what ports to send traffic to

○ Builds a MAC address table as it learns what traffic is coming from which ports ○ If no destination port is in MAC table, switch forwards the frame on all ports


Andrew Crouthamel Cisco CCNA Training Notes 38

except originating port

○ Responding device gets recorded into MAC table for future use

○ If there is another switch downstream on one port, all responding MAC addresses get recorded to the MAC table for that port

● Switches can automatically negotiate speed, duplex, and MDIX settings (on newer ones) ○ Can also manually set these values for each port on a managed switch

● Medium Dependent Interface (MDI/MDIX) ○ mdix auto

○ MDI/MDIX refers to how the transmit/receive wires are arranged on on a port of a internetworking device

■ Transmit on one side connects to receive on the other ○ MDI for hosts and routers, MDIX for switches

○ Auto-MDIX in newer switches now detects and swaps a port to MDI/MDIX as needed

● Forwarding methods ○ Store-and-forward

■ Switch receives the whole frame, runs a Cyclic Redundancy Check (CRC) and then forwards if valid

■ Slower ○ Cut-through

■ Reads the destination MAC and then forwards right away, no buffering of full frame or error checking

■ Faster ■ Variants

● Fast-forward

○ Reads the destination MAC and then forwards right away, no buffering of full frame or error checking

● Fragment-free

○ Stores the first 64 bytes of the frame before forwarding. ○ Faster than store-and-forward, slower than fast-forward,

but catches most errors and collisions without a CRC. ● Memory Buffering

○ Port-based

■ A queue for each port

■ Can cause delay for other frames on other ports ○ Shared

■ A common queue for all ports

■ Dynamically allocated memory per port ■ Allows for larger frames to be transmitted

IOS Device Basics


Andrew Crouthamel Cisco CCNA Training Notes 39

● Cisco’s Internetwork Operating System (IOS) is the term for the Operating System software installed on most Cisco products

● Stored on flash, non-volatile ● Loaded into RAM on boot ● Connecting to IOS

○ Console - Looks like an RJ-45 ethernet connection but blue ■ Bits per sec: 9600

■ Data bits: 8 ■ Parity: none ■ Stop bits: 1

■ Flow control: none ○ Telnet


○ AUX - Older modem connection method ● Privilege modes - Different looking prompt for each

○ User executive (User EXEC)

■ Limited, basic show commands ■ Router>

○ Privileged executive (Privileged EXEC)

■ Similar to “root” on Linux, can show anything and access global configuration mode

■ Use enable to enter mode ■ Use disable to leave mode ■ Router#

○ Global configuration mode

■ Needs do preceding commands from the executive modes, such as do show run

■ Can access submodes for configuration of interfaces and such ■ Use configure terminal or config t to enter mode

■ Command exit takes you out of a config submode one level, end takes you back to Privileged EXEC

■ Router(config)#

● Commands are similar to those in other OS ○ command arguments

○ show running-config

○ description ISP Connection

● You can use Tab key to auto-complete commands

○ show run<TAB> becomes show running-config

● You can use the question mark to get a list of compatible commands or arguments ○ sh? displays show

○ show? displays running-config, startup-config

● CLI will display problems with command, use of Tab and question mark help reduce problems


Andrew Crouthamel Cisco CCNA Training Notes 40

● Up and Down arrows cycle through last entered commands ● Simple command examples

○ show running-config ○ show startup-config ○ show interfaces

○ show ip interfaces brief ○ show version

● Spacebar or Enter can be used at the --More-- prompt. Enter will scroll one line, space bar a full page

IOS Command Basics

● Choose a naming convention for hostnames ● Hostname configuration commands

○ enable ○ config t

○ hostname MySwitch ● Passwords

○ Enable password

■ Access to privileged EXEC mode, non-encrypted or poorly encrypted in config

■ enable password MyPassword ■ service password-encryption

● Hides password from onlookers in config but can easily be decrypted

○ Enable secret

■ Access to privileged EXEC mode, encrypted in config ■ enable secret MyPassword

○ Console password ■ Access to console ■ line console 0 ■ password MyPassword ■ login ○ VTY password

■ Access over Telnet/SSH ■ line vty 0 15

■ password MyPassword ■ login

● Banners

○ banner motd # message # ■ Shown to all connections ○ banner login # message #


Andrew Crouthamel Cisco CCNA Training Notes 41

■ Shown to only services that have login defined ● Saving

○ copy running-config startup-config ○ write memory

● reload

● erase <ConfigName> ○ For NVRAM ● delete vlan.dat

○ For flash memory

● One can use TFTP to copy IOS files from flash to a server ● show flash

● copy flash: tftp:

● c1900-universalk9-mz.SPA.152-4.M3.bin ●

● Selecting a new IOS file to boot from

○ boot system flash0://c1900-universalk9-mz.SPA.152-4.M3.bin

Switch Configuration Basics

● Boot sequence

○ Power-On Self-Test (POST) from ROM ○ Loads boot loader from ROM

○ Starts the CPU ○ Initializes flash

○ Loads the IOS from flash and continues booting the OS

● Can recover from a forgotten password or system crash with boot loader ○ Connect a PC to the console port

○ Restart switch

○ Within 15 seconds press and hold the Mode button while the System LED is flashing green

○ Continue to hold Mode until the System LED turns amber and then solid green ○ Release the Mode button

○ The console will display “switch:” as the prompt ● LEDs

○ System LED - Power up/down

○ Redundant Power System (RPS) LED - Power up/down ○ Port Status LED - Link up/down, amber means blocked ○ Port Duplex LED - Green is full duplex, off is half

○ Port Speed LED - Green is 100 Mbps, blinking green is 1 Gigabit, off is 10 Mbps ○ Power of Ethernet (PoE) LED - Power up/down

● VLAN 1 is default management VLAN


Andrew Crouthamel Cisco CCNA Training Notes 42

● To manage a switch, a Switch Virtual Interface (SVI) must be configured ○ This is essentially an interface/IP for a specific VLAN

● SVI configuration ○ vlan 99

○ name Management ○ interface f0/1

○ switchport access vlan 99 ○ interface vlan 99

○ ip address ○ no shutdown

○ ip default-gateway ● Speed and duplex configuration

○ interface f0/1 ○ duplex auto ○ speed auto ● MDIX configuration ○ interface f0/1 ○ mdix auto

● show interfaces - Shows detailed information on interface configuration

Switch Security Basics

● Secure Shell (SSH)

○ Encrypts shell access ○ SSH uses TCP port 22 ○ Telnet uses TCP port 23

○ Recommended remote access method ● SSH Configuration

○ show ip ssh - Will display result if device has cryptographic features enabled ○ ip domain-name

○ crypto key generate rsa

○ username UserLogin password UserPassword ○ line vty 0 15

○ transport input ssh ○ login local

● Common Security Attacks ○ MAC Address Flooding

■ Generating thousands of MAC addresses and sending them out onto the wire, causing a switch to learn too many and causing a CAM table overflow

■ This crashes the switch or puts it into fail-open mode


Andrew Crouthamel Cisco CCNA Training Notes 43

frames everywhere, so attacker can capture whatever they want ■ Can be mitigated with port security options

○ DHCP Spoofing

■ Attacker floods DHCP server with requests, using up all available leases ■ Attacker then sets up their own DHCP server to provide leases to clients,

usually with a different DNS server, default gateway set to the attack computer, redirecting all traffic through it for capture

■ Can be mitigated with DHCP snooping and port security options ○ CDP

■ CDP is enabled on all ports by default

■ Provides useful information to an attacker capturing data on their access port

■ Can be mitigated by disabling CDP or disabling it on access ports ● Best Practices

○ Use secure communications methods ○ Encrypt passwords in configuration file ○ Control physical access to devices ○ Shut down unused ports

○ Use port security features

○ Use Access Control Lists (ACLs) ● Security Tools

○ nmap ○ Nessus ○ Metasploit

○ Brute force crackers

○ Kali (BackTrack) Linux distro

Switch Port Security

● Disable unused ports ○ shutdown

○ Can use interface-range command to apply to many ports at once ● DHCP snooping tells the switch what ports can respond to DHCP requests

○ ip dhcp snooping - Enables globally

○ ip dhcp snooping vlan - Enables specific VLAN ○ ip dhcp snooping trust - On specific interfaces ● Port security

○ switchport mode access - Remove it from a dynamic port status ○ Static MAC security - Only configured MAC address is allowed

■ switchport port-security mac-address

○ Dynamic MAC security - Learned during operation, stored in address table ○ Sticky MAC security - Learned during operation, stored in address table and


Andrew Crouthamel Cisco CCNA Training Notes 44

running config

■ switchport port-security mac-address sticky ■ switchport port-security maximum 2

○ Port Security Violation Modes

■ Protect - Once the limit of MAC addresses is reached, unknown source addresses are dropped until MACs are removed or limit is raised. No violation notification

■ Restrict - Same as Protect but with violation notification

■ Shutdown - This is the default mode. Immediately shuts down a port when an unknown MAC is seen. Violation notification

■ switchport port-security violation ○ show port-security

○ show interface - Displays err-disabled status

○ show port-security interface - Displays secure-shutdown status ● Network Time Protocol (NTP)

○ Retrieves time information from local or remote servers

○ Common to use domain controllers or other servers on a domain to ensure all are synchronized

○ or more specific sub-pools such as also commonly used

○ ntp server - Use specified server for time data ○ ntp master - Allow device to be queried for time data ○ show ntp associations - Display peers connected ○ show ntp status - Display NTP information

VLAN Basics

● Virtual LANs, or VLANs segment your network on the Layer 2 boundary ● Often used to segment based on logical business group or type of device ● ACLs can be used to limit access between VLANs improving security ● Performance is improved by reducing broadcast domains

● VLAN types

○ Data - Most common VLAN, for PCs, servers, and other data devices

○ Voice - Used for VoIP phones, often paired with a Data VLAN on an access port for a workstation

■ Often configured with a special command, different from defining a trunk, although operation is essentially the same

○ Management - Used for remote administration of internetwork devices ○ Default - All ports are member of VLAN 1, the default VLAN upon initialization ○ Native - On an 802.1Q trunk port, untagged traffic is put onto this VLAN, by default

this is VLAN 1


Andrew Crouthamel Cisco CCNA Training Notes 45

● show vlan or show vlan brief ● VLAN Trunks

○ Standard is IEEE 802.1Q

○ Trunks allow multiple VLANs to be transmitted across one link, usually between internetwork devices such as switches

○ Links with workstation PCs and VoIP phones are special trunks with a Data and Voice VLAN on them

○ Without VLANs each port would need to be a different LAN when connecting between switches and thus highly inefficient

● 802.1Q

○ New 4-byte VLAN tag is inserted into original Ethernet frame header ○ Fields

■ Type - 0x8100 for Ethernet ■ User priority - QoS value

■ Canonical Format Identifier (CFI) - 1-bit for Token Ring over Ethernet ■ VLAN ID (VID) - 12-bits which identifies the VLAN number, 4096 VLAN IDs

are supported

○ A new FCS is created after 802.1Q information is inserted

Creating VLANs

● Standard Range VLANs are numbered from 1 to 1005 ○ 1002 to 1005 reserved for Token Ring and FDDI ○ VLAN 1 and 1002 to 1005 are automatically created ○ VLANs are in vlan.dat on the flash memory card

■ Must be manually deleted when resetting device to factory defaults ● Extended Range VLANs are numbered from 1006 to 4094

○ Not written to vlan.dat ○ Not learned through VTP

● VLAN Trunking Protocol (VTP) helps with VLAN management ○ Cisco proprietary

○ GARP VLAN Registration Protocol (GVRP) is the standard alternative for other brands

● vlan <number> ○ name <name> ● interface f0/1

○ switchport mode access

○ switchport access vlan <number> ● Deleting VLANs

○ no vlan <number> ● show vlan brief



Related subjects :