Icnd1 Cram

In 60 Days CCENT ICND 1
(100-101)
The Ultimate Cram Guide
www.in60days.net Copyright Paul Browing 2013
You can print these slides if you have joined the

program at www.in60days.net
Warning
You need to know everything on this video before you attempt the exam.
This cram guide is NOT a replacement for studying and doing lots of labs.
How to...
Stop the video as required
Print the slides (members only)
OSI/TCP Model
Layer
Purpose
Data
Applications
TCP
7. Application
Establishes resources.
Data
E-mail
Application
6. Presentation De/Encryption & data

compression.
Data
MP3, MP4
Application
5. Session
Establishes sessions.
Data
SQL, NFS
Application
4. Transport
Data delivery.
Segment TCP/UDP
Host-to-host
3. Network
Best path to destination.
Packet
IP/RIP
Internetwork
2. Data Link
MAC address/error
detection.
Frame
Frame relay Network

Interface
1. Physical
Data onto wire.
Bits
Cables &
devices
Network
Interface
OSI & TCP Model comparison

OSI
Application
TCP (updated)
Application
Presentation
Session
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Physical
www.in60days.net
Copyright Paul
Browing
2013 Some People Fry Bacon
All People Seem To Need Data
Processing
Dont
Common Ports
Port
Service
Port
Service
20
21
22
23
25
53
69
FTP Data
FTP Control
SSH
Telnet
SMTP
DNS
TFTP
80
110
119
123
143
161/162
443
HTTP
POP3
NNTP
NTP
IMAP
SNMP
HTTPS
TCP/IP
TCP
Protocol 6
Reliable delivery of data. 20 byte header
UDP
Protocol 17
Connectionless, no delivery guarantee, 8

byte header
FTP
TCP 20/21
Used to send large files reliably
TFTP
UDP 69
Sends small files across network
SNMP
UDP 161/162
Remotely manages network devices
ICMP
Protocol 1
Sends query and error messages. Used by

PING
ARP
Network
protocol
Maps a known IP address to a MAC

address
DNS
UDP 53
Resolves hostnames to IP addresses
DHCP
UDP 67/68
Sends network configuration parameters
Configure DHCP
Router(config)#ip dhcp pool NAME_DHCP_Pool
Router(dhcp-config)#network 10.10.10.0 255.255.255.0
Router(dhcp-config)#dns-server 24.196.64.39 24.196.64.40
Router(dhcp-config)#domain-name mydomain.com
Router(dhcp-config)#default-router 10.10.10.254
Router(dhcp-config)#lease 1
Router Modes
Mode
User exec
Privileged exec
Global config
ROM monitor
Set Up
Prompt
Router>
Router#
Router(config)#
rommon>
[series of questions]
RXBoot
Router<boot>
Keyboard Shortcuts
Ctrl+W
Erases a word
Ctrl+P (up
arrow)
Recall last
command
Ctrl+U
Erases a line
Ctrl+N
Recall next
command
Ctrl+A
Curser to line start
Esc+B
Move back one

word
Ctrl+E
Curser to end of
line
Esc+F
Forward one
word
Ctrl+F (right
arrow)
Forward one
character
Tab
Finish the
command
Ctrl+B (left
arrow)
Back one character

Router Elements Internal components

DRAM
Buffers, routing tables,

running config
ROM
Mini OS
Flash
Compressed IOS
NVRAM
IOS expanded
Config-register Defines booting process
Wiped on power
down
Rommon mode
Start up config
Default value
0x2102 (0x2142
skips startup
config)
Cabling
Hub
Switch
Router
PC
Hub
Crossover
Crossover
Straight
Straight
Switch
Crossover
Crossover
Straight
Straight
Router
Straight
Straight
Crossover
Crossover
Like to like is usually a crossover apart from PC to Router
PC
Straight
Straight
Crossover
Crossover
Crossover pin 1 to 3 , pin 2 to 6

Straight all pins match each side
Rollover all pins reversed so 1-8, 2-7, etc.
Crossover Cable
1
2
3
4
5
6
7
8
Straight Cable
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
Rollover Cable
1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
8
7
6
5
4
3
2
1
Connection to the Router

Console
Aux port
Rollover cable. Initial config/disaster recovery

Usually modem connections
VTY
TFTP
NMS
Telnet ports. Usually 0-4 inclusive on routers

Send small files to and from router
SNMP to report on router usage/interfaces
Cisco Discovery Protocol (CDP)

Gathers info about nearby connected devices
Turn off cdp on entire router (config)#no cdp run
Turn off cdp on interface (config-if)#no cdp enable
show cdp neighbor [detail]
Can be used for troubleshooting to discover neighbour details

Please try the show commands as you may be asked what they tell
you
LAN Switch
1.
2.
3.
Learns addresses show mac-address-table

Filters and forwards frames out of correct port
Avoids network/switching loops with STP (spanning tree
protocol).
Transmitting Frames
Store-and-Forward Copies entire frame into buffer, checks CRC.
High latency
Cut-Through
Reads only destination address and
forwards frame. Lowest latency.
Fragment-Free
Switch reads first 64 bytes of frame.
Spanning Tree Protocol (STP)

Provides redundant paths for traffic
Prevents loops on those paths
Uses Bridge Protocol Data Units (BPDU)
Force switch to become root:
Switch(config)#spanning-tree vlan 2010 priority 8192
(Or)
Switch(config)#spanning-tree vlan 2010 root primary
Port Security
Protects switch ports
Can permit static mac address(es)
Violation action is shutdown/protect/restrict
Restrict interface so only expected devices can be connected
Port security identifies devices based on MAC address
Port security is enabled on switch ports with different settings
available per port
Each port can be defined with maximum allowed MAC address
Mode
Port Action
Traffic
Syslog
Violation
Counter
Protect
Protected
Unknown MACs discarded
No
No
Shutdown
Errdisabled
Disabled
Yes & SNMP
Incremented
Restrict
Open
# of excess MAC traffic denied
Yes & SNMP
Incremented
Port Security features

MAC address limitation.
Sticky MAC address.
Static and Dynamic MAC address entry.
Violation modes:
Error disable
shutdown
Protect restrict
Shutdown unused ports

Assign all unused ports to unused VLAN.
Configure Port Security

Sw(config)#interface fast 0/1
Sw(config-if)#switchport port-security enable port security
Sw(config-if)# switchport port-security mac-address sticky Sticky MACs
(or)
Sw(config-if)#switchport port-security violation [shutdown/protect/restrict]
violations modes
(or)
Sw(config-if)#switchport port-security maximum 4 Limiting access to only 4 MACs
(or)
Sw(config-if)#switchport port-security mac-address xxx hard codes mac address
Sw#show port-security you can add [interface fast 0/1]
VLANs
Logically divide your LAN
Cuts down broadcast domains
Improves security
Easier admin
VLAN info goes over trunk links
Configure a VLAN
F0/0
F1/0
F2/0
F3/0
Switch(config)#vlan 2
Switch(config)#interface fast1/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#interface fast3/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Types of ports on Switch

Access port: Endpoints are usually connected on access ports.
Trunk port: Other switch/non-edge devices connect to this port.
Access ports
Trunk ports
Configure a Trunk/Access
port
Trunk link required to pass VLAN info across
switches
Encapsulation either ISL or 802.1q (default on
2950 switch)
Link usually needs to be at least 100Mbps but
usually 1000Mbps (can be 10Mbps!!)
Access port
Trunk port
Switch1(config)#vlan 5
Switch1(config)#interface fast0/1
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 5
Switch1(config-if)#interface fast0/15
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#switchport
trunk encapsulation isl
VLAN Trunking Protocol (VTP)

Carries VLAN update between switches
All must be configured in the same VTP domain
VTP modes are client/server/transparent
Never connect a new switch while it is in server
mode
SwitchA(config)#vtp mode server
[this is the default]
SwitchA(config)#vtp domain Cisco
SwitchA(config)#vtp password ccna

Switch Commands
Switch(config)#vlan 2 (creates VLAN 2)
Switch(config-vlan)#name SALES (names VLAN)
Switch(config)#interface fast 0/1
Switch(config-if)#switchport access vlan 2 (puts interface into VLAN 2)
Switch(config-if)#switchport mode trunk (sets interface to trunk)
Switch(config)#vtp mode transparent/client/server (sets switch mode)
Switch(config)#vtp domain howtonetwork.net (sets VTP domain name)
Switch(config)#spanning-tree portfast (sets portfast) Switch(config)#ip defaultgateway 192.168.1.1 (switch default gateway)
Switch Show Commands

Switch#show
Switch#show
Switch#show
Switch#show
vlan brief shows summary of VLAN info

vtp status shows various VTP info including mode/version
interfaces trunk shows trunk interfaces
mac-address-table[dynamic] shows mac table (dynamic)
*Learn all of these by heart

plus the info they give you.
DTP
Tries to negotiate the port to become a trunk
Always on unless you manually turn off
Switch1(config)#intf0/2
Switch1(config-if)#switchportnonegotiate
Command rejected: Conflict between 'nonegotiate' and 'dynamic'
status.
Switch1(config-if)#switchportmode trunk
Switch1(config-if)#switchport nonegotiate
Switch1(config-if)#
Auto = become a trunk if the other end is a trunk or set to desirable (passive)
Desirable = attempt to become a trunk (active)
Auto/Auto = no trunk. Must at least have one end as desirable or manually set to trunk
IP Addressing
Class
Leading Networks Networks Hosts

Bits
255.0.0.0
0
1-126
126
16,777,
214
*127.0.0.0 reserved for loopback testing
255.255.0.0
10
128-191 16,384
65,534
255.255.255.0 110
192-223
NA
1110
224-239
NA
11110
240-255
Mask
2,097152 254
Subnets
BITS
128
64
32
16
128
192
224
240
248
For working out which subnet a

host is in
252
254
255
2-2
4
8
16
32
For working out how many subnets and hosts

per subnet
Easy Subnetting
1. Change the slash number to subnet mask
2. Tick down and across the chart
3. Count up increments to get correct subnet
Which subnet is 172.16.100.11 /19 in?

To get to /19 we steal 3 bits (from /16)
Tick 3 down and 3 across the top
Count up in 32 until you get to 100.11 subnet
BITS
128
64
32
16
Subne
ts
128
The top ticks reveal the subnet increments
192
224
240
248
252
So we can see that stealing 3 bits gives us a

mask of 255.255.224.0
254
255
Next Steps
172.16.100.11
172.16.0.0
Our subnet host

address
Our first subnet
172.16.32.0
Our second subnet
172.16.64.0
Our third subnet
172.16.96.0*
Our fourth subnet (100.11 in

here)
172.16.128.0
To Work Out All IPs

172.16.100.11
Our subnet host
172.16.96.0
Our subnet
172.16.96.1
Our first host
172.16.127.254
Our last host

Our broadcast
address
172.16.127.255
VLSM
Lets you chop your network into subnets
200.100.100.0 /24
Change mask from /24 to /25 Now you get:
Original mask (last octet) 00000000 1 Subnet 254 hosts
New mask (subnet 1) 00000000 200.100.100.0 - subnet 1 126 hosts
New mask (subnet 2) 10000000 200.100.100.128 - subnet 2 126 hosts
Route Summarization
Find the common bits and advertise this.
172.16.8.0 10101100.00010000.00001000.00000000
172.16.9.0 10101100.00010000.00001001.00000000
172.16.10.0 10101100.00010000.00001010.00000000
172.16.11.0 10101100.00010000.00001011.00000000
172.16.12.0 10101100.00010000.00001100.00000000
172.16.13.0 10101100.00010000.00001101.00000000
172.16.14.0 10101100.00010000.00001110.00000000
172.16.15.0 10101100.00010000.00001111.00000000
Matching Bits 10101100.00010000.00001 = 21 bits
Advertise - 172.16.8.0
255.255.248.0
Router
Packet forwarding on route lookup.
Maintaining routing table
Never forwards broadcast
Routes learned :
Connected routes
Static routes
Routing protocols (dynamic routing)
Routing Protocol
Types of protocol :
Routed protocol
It moves data from the best path like IP, IPX and appletalk.
Routing protocol
It finds the best route to the destination.
IP routing is intercommunication of two different networks.

It can be divided into :
IGP Interior gateway protocol
EGP Exterior gateway protocol
Administrative Distances
Directly Connected
Interface
Static Hop
EIGRP Summary
ISIS
1
5
RIP
120
Exterior Gateway Protocol (EGP) 140
External BGP
EIGRP (Internal)
OSPF
20
90
110
External EIGRP
Internal BGP
Unknown
115
170
200
255
Static Routing
Use if only a handful of routes
Useful for stub networks (only one way in and out)
Destination network/mask next hop/interface
ip route 172.16.5.0 255.255.255.0 172.16.12.8
ip route 172.16.5.0 255.255.255.0 serial 0/0
OSPF Open Shortest Path First
Uses IP protocol 89
Classless
Uses Dijkstras shortest path first algorithm (SPF)
Router ID is the highest IP address
But loopback address is used as ID if present
Backbone area is area 0
All non backbone areas must connect directly to area 0
Areas can be numbered from 0 to 65535
Multicasts on 224.0.0.5
OSPF uses cost as a metric (108/bandwidth)
OSPF basic terms

LSA OSPF uses Link Sate Advertisement (LSA) to organize the
topology information, it is a data structure with specific information
about the network.
LSDB Link State Database (LSDB) is the collection of LSAs known to
the router.
ABR In multiple area OSPF design some router sits at the border of
multiple OSPF area so they are known as Area Border router (ABR).
Router id - Every router in the OSPF network is identified by router id
which can be manually assigned or automatically based on highest IP
address of physical/loopback interface on the router.
Configure OSPF
R1(config)#router ospf 20
R1(config-router)#network 172.16.0.0 0.0.255.255 area 0
Uses wildcard masks with network address.

R1(config-router)#router-id 1.1.1.1 [manually sets router ID]
Inter-vlan routing
-Using a layer 3 switch or
-Router, with a VLAN trunk connecting switch.
Create sub-interface for each VLAN that is required to be routed.

Use 802.1Q and associate VLAN with sub-interface.
Configure IP address for each.
Also called router-on-a-stick
Example:
fa0/0.10
fa0/0.20
R1(config)#interface fast 0/0.10

encapsulation dot1q 10
ip address 1.1.1.1 255.255.255.0
!
interface fast 0/0.20
encapsulation dot1q 20
ip address 1.1.2.1 255.255.255.0
fa0/1
Trunk port
ACL Access Control List

ACL works on packet filtering method.
ACL filters packet based on below parameters:
Source IP
Destination IP
Source port
Destination port
ACL works under the concept of implicit deny property.

Types: Standard ACL & Extended ACL
ACL port range
1-99 IP standard
1300-1999 IP standard (expanded range)
100-199 IP extended
2000-2699 IP extended (expanded range)
Must be applied to an interface to work.

Named ACLs are case sensitive
You can only edit a named ACL (changed in later IOS)
Can apply to ports such as vty 0 4 (ip access-class)
172.16.1.1/26
EXTENDED ACL Router A
192.168.1.1/26
Web Server
interface serial 0/0

access-group 100 in
!
access-list 100 permit tcp host 192.168.1.1 host 172.16.1.1 eq 80
STANDARD ACL Router A

access-group 1 in
!
access-list 1 permit 192.168.1.1
192.168.1.1/26
Web Server
172.16.1.1/26
NAMED ACL Router A
ip access-list blockweb in
!
ip access-list extended blockweb
permit tcp host 192.168.1.1 host 172.16.1.1 eq 80
Wildcard Masks
Used for access lists and routing
Take the subnet away from 255
255
Subnet 255
Equals 0
255
255
0
255
224
31
255
0
255
Network Address Translation (NAT)

Translates internal addresses to external
Used for network security
Used for address preservation
Static NAT
192.168.1.1
200.1.1.1
interface fast ethernet 0

ip nat inside
!
ip nat outside
!
ip nat inside source static 192.168.1.1 200.1.1.1
Dynamic NAT/NAT Pool

192.168.1.0/26
200.1.1.1-10

ip nat inside
!
ip nat outside
!
ip nat pool internet_out 200.1.1.1 200.1.1.10 prefix-length 24
ip nat inside source list 1 pool internet_out
0.0.0.63
PAT
192.168.1.0/26
200.1.1.1-10

ip nat inside
!
ip nat outside
!
ip nat pool internet_out 200.1.1.1 200.1.1.10 prefix-length 24
ip nat inside source list 1 pool internet_out overload
0.0.0.63
www.in60days.net Copyright Paul
Browing 2013
Network Time Protocol

R2(config)#ntp server 10.0.0.1
R2#show ntp associations
address
ref clock
st when poll reach delay offset
*~10.0.0.1
127.127.7.1
5
44
64 377
3.2
2.39
* master (synced), # master (unsynced), + selected, - candidate, ~
configured
disp
1.2
R2#show ntp status

Clock is synchronized, stratum 6, reference is 10.0.0.1
nominal freq is 249.5901 Hz, actual freq is 249.5900 Hz, precision is 2**18
reference time is C02C38D2.950DA968 (05:53:22.582 UTC Sun Mar 3 2002)
clock offset is 4.6267 msec, root delay is 3.16 msec
root dispersion is 4.88 msec, peer dispersion is 0.23 msec
CEF Components
VTP-Server-1(config)#ip cef
VTP-Server-1(config)#exit
IPv6
128 bit address in 8 parts (each 16 hex bits)
EEDE:AC89:4323:5445:FE32:BB78:7856:2022
Uses multicast/anycast/unicast (no broadcasts)
Use with IPv4 using tunnelling or dual stack
Transition from IPv4 with Static, 6to4, Automatic, ISATAP, GRE
Compress IPv6 Address

1.
2.
Use double colon (only once per address)

Replaces leading double zeros
Complete Representation
Compressed Representation
0000:0000:0000:0000:0000:0000:0000:0001
::0001
2001:0000:0000:1234:0000:5678:af23:bcd5
2001::1234:0000:5678:af23:bcd5
3FFF:0000:0000:1010:1A2B:5000:0B00:DE0F
3FFF::1010:1A2B:5000:0B00:DE0F
FEC0:2004:AB10:00CD:1234:0000:0000:6789
FEC0:2004:AB10:00CD:1234::6789
0000:0000:0000:0000:0000:FFFF: 172.16.255.1
::FFFF: 172.16.255.1
0000:0000:0000:0000:0000:0000:172.16.255.1
::172.16.255.1
0000:0000:0000:0000:0000:0000:0000:0000
::
Compression Method 2
Omit leading zeros
Complete IPv6 Address Representation
Compressed IPv6 Address Representation
0000:0123:0abc:0000:04b0:0678:f000:0001
0:123:abc:0:4b0:678:f000:1
2001:0000:0000:1234:0000:5678:af23:bcd5
2001:0:0:1234:0:5678:af23:bcd5
3FFF:0000:0000:1010:1A2B:5000:0B00:DE0F
3FFF:0:0:1010:1A2B:5000:B00:DE0F
fec0:2004:ab10:00cd:1234:0000:0000:6789
fec0:2004:ab10:cd:1234:0:0:6789
0000:0000:0000:0000:0000:FFFF:172.16.255.1
0:0:0:0:0:FFFF: 172.16.255.1
0000:0000:0000:0000:0000:0000:172.16.255.1 0:0:0:0:0:0:172.16.255.1
0000:0000:0000:0000:0000:0000:0000:0000
0:0:0:0:0:0:0:0
IPv6 routing
Using Static routes
Router(config)# ipv6 route 2001:fa8:1231:1::/64 2001:cc8:1789:2::2
Using OSPF v3
ipv6 unicast-routing
!
ipv6 router ospf 2
router-id 1.1.1.1
!
interface serial0/0/1
ipv6 address 2001:fa8:1231:1::1
ipv6 ospf 2 area 0
!
interface GigabitEthernet0/0
ipv6 address 2001:cd8:1711:1::2
ipv6 ospf 2 area
IPv6 important commands to remember.

Router# show ipv6 route
Router# show ipv6 interface brief
Router# show ipv6 route static
Router# show ipv6 ospf
Router# show ipv6 ospf interface brief
Router# show ipv6 ospf neighbor

Icnd1 Cram

Uploaded by

Copyright:

Available Formats

Icnd1 Cram

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Icnd1 Cram

Uploaded by

Copyright:

Available Formats

In 60 Days CCENT ICND 1

www.in60days.net Copyright Paul Browing 2013

You can print these slides if you have joined the

www.in60days.net Copyright Paul Browing 2013

www.in60days.net Copyright Paul Browing 2013

www.in60days.net Copyright Paul Browing 2013

6. Presentation De/Encryption & data

Best path to destination.

Frame relay Network

Data onto wire.

www.in60days.net Copyright Paul Browing 2013

OSI & TCP Model comparison

www.in60days.net Copyright Paul Browing 2013

Reliable delivery of data. 20 byte header

Connectionless, no delivery guarantee, 8

Used to send large files reliably

Sends small files across network

Remotely manages network devices

Sends query and error messages. Used by

Maps a known IP address to a MAC

Resolves hostnames to IP addresses

Sends network configuration parameters

www.in60days.net Copyright Paul Browing 2013

www.in60days.net Copyright Paul Browing 2013

Curser to line start

Move back one

Back one character

Router Elements Internal components

Buffers, routing tables,

www.in60days.net Copyright Paul Browing 2013

Like to like is usually a crossover apart from PC to Router

www.in60days.net Copyright Paul Browing 2013

Crossover pin 1 to 3 , pin 2 to 6

www.in60days.net Copyright Paul Browing 2013

Connection to the Router

Rollover cable. Initial config/disaster recovery

Telnet ports. Usually 0-4 inclusive on routers

Cisco Discovery Protocol (CDP)

Can be used for troubleshooting to discover neighbour details

www.in60days.net Copyright Paul Browing 2013

Learns addresses show mac-address-table

www.in60days.net Copyright Paul Browing 2013

www.in60days.net Copyright Paul Browing 2013

Spanning Tree Protocol (STP)

Switch(config)#spanning-tree vlan 2010 priority 8192

www.in60days.net Copyright Paul Browing 2013

Unknown MACs discarded

Yes & SNMP

# of excess MAC traffic denied

Yes & SNMP

www.in60days.net Copyright Paul Browing 2013

Port Security features

Shutdown unused ports

Configure Port Security

www.in60days.net Copyright Paul Browing 2013

www.in60days.net Copyright Paul Browing 2013

Types of ports on Switch

VLAN Trunking Protocol (VTP)

[this is the default]

SwitchA(config)#vtp domain Cisco