CCNA Quick Reference Sheets - Ebook download as PDF File .pdf), Text File . txt) or read book online. CCNA Quick Reference Sheets - Ebook download as PDF File .pdf), Text File . txt) or view presentation slides online. CCNA. CCNA Quick Reference Sheets (Digital Short Cut) Eric Rivard, Jim Doherty ISBN- ISBN As a final exam preparation.
|Language:||English, German, Hindi|
|ePub File Size:||29.49 MB|
|PDF File Size:||9.41 MB|
|Distribution:||Free* [*Sign up for free]|
VLANs breakup broadcast domains. Cisco 3-Layer Hierarchical Model. Core - Backbone, common to all users, needs to be as fast as possible and fault tolerant . CCNA Quick Reference Sheets (Digital Short Cut) Eric Rivard, Jim Doherty ISBN- Includes EPUB, MOBI, and PDF; About eBook Formats. This CCNA command 'cheat sheet' covers both ICND parts 1 & 2 and covers the CCNA exam (). . Switch(config)#spanning-tree mode rapid-pvst.
Show access-list — shows what tips are allowed inside address.
Trace-route relies on Time-to-live TTL packets not hops. The show IP interface interface-id command displays whether an access list is assigned to an interface. If a conflict is detected, the address is removed from the pool. This address will not be used until the administrator resolves the conflict.
RA messages are part of IPv6 stateless auto-configuration. Switches will never learn broadcast addresses because they will never be the source address of a frame and cannot be stored in the mac-address-table. An Ethernet frame maximum transmission unit MTU is bytes. Establishing VLANs increases the number of broadcast domains.
Micro-segmentation decreases the number of collisions on the network. Use the banner motd text global configuration command to configure the MOTD. In the previous command, the character is a delimiting character and can be any character. Warning only authorized users many access this switch. Telnet is unsecure, and all communication between the Cisco device and the host is sent in clear text.
Use the following steps to configure SSH access: Create a local username and password on the device. Assign a domain name to the device. Generate a security key. Enable SSH. Step 5. Configure vty ports to authenticate using SSH. The following commands demonstrate how to configure SSH access: Choosing a key modulus greater than may take a few minutes.
How many bits in the modulus : Recommended practice dictates restricting access to vty lines by IP address. This is done through standard access lists.
Standard access lists allow you to permit or deny traffic based on the source IP address. To restrict access to vty lines, you would create a standard access list that permits each authorized IP address to connect to vty and apply the access list to the vty lines.
So, if a host is not specifically permitted, it will be denied. Wildcard Masks Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network.
Wildcard masks work exactly the opposite of subnet masks. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address The command syntax to apply an access list to an interface is as follows: SwitchA config access list 10 permit ip Allowed MAC addresses can be manually configured or dynamically learned by the switch.
The interface command to configure port security is as follows: Manually configures the port to use a specific MAC address. Configures the switch to dynamically learn the MAC address of the device attached to the port. Configures the maximum number of MAC addresses allowed on the port. The default value is 1. Configures the action to be taken when the maximum number of MAC addresses is reached and when MAC addresses not associated with the port try to access the port.
The restrict keyword tells the switch to restrict access to learned MAC addresses that are above the maximum defined addresses. The shutdown keyword tells the switch to shut down all access to the port if a violation occurs. The following example demonstrates how to configure port security: A switch port is disabled by issuing the shutdown interface command.
VLANs Users of shared LANs are usually grouped based on where people are located rather than how they use the network physical rather than logical. Shared LANs have little embedded security, because all traffic can be seen by all end stations. It is also expensive to make moves or changes in the network setup. Virtual LANs solve these problems. The use of VLANs improves performance, security, and flexibility. The use of VLANs also decreases the cost of arranging users, because no extra cabling is required.
VLANs allow logically defined user groups rather than user groups defined by their physical locations. For example, you can arrange user groups such as accounting, engineering, and finance, rather than everyone on the first floor, everyone on the second floor, and so on.
VLANs are characterized as follows: Figure shows a typical VLAN design. The switch forwards packets including unicasts, multicasts, and broadcasts only to ports assigned to the same VLAN from which they originated. This drastically reduces network traffic. Each trunk can carry traffic for multiple VLANs.
VLAN membership can be either static or dynamic: The VLAN port is statically configured by an administrator. A port can belong to only one VLAN at a time. This method offers flexibility but increases switching overhead computer processing require- ments. Displays information about a specific VLAN n show vlan brief: Displays information on all configured VLANs Maximizing the Benefits of Switching Microsegmentation Microsegmentation is a network design functionality where each workstation or device on a network gets its own dedi- cated segment collision domain to the switch.
Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. Microsegmentation reduces and can even eliminate collisions because each segment is its own collision domain.
Microsegmentation is implemented by installing LAN switches. Benefits of microsegmentation are as follows: With full-duplex, bidirec- tional communication can occur at the same time. Half-duplex is also bidirectional communication, but signals can flow in only one direction at a time. Simplex runs in a single direction only. Table provides a comparative summary of full- duplex, half-duplex, and simplex communication.
Multipoint attachments. Satellite TV downlink is an example. Uses a dedicated switched port with Can connect with both — separate circuits. Efficiency is rated at percent in Efficiency is typically percent efficiency both directions. Both ends must be configured to run in The duplex setting must Not used very often in full-duplex mode. Configuring and Verifying Port Duplex The default port settings on a Catalyst switch are as follows: Redundancy ensures that a single point of failure does not cause the entire switched network to fail.
Layer 2 redundancy, however, can cause problems in a network, including broadcast storms, multiple copies of frames, and MAC address table instability. Figure depicts a redundant topology. STP is a Layer 2 protocol that prevents looping traffic in a redundant switched network by blocking traffic on the redundant links. If the main link goes down, STP activates the standby path.
STP operation is transparent to end stations. Troubleshooting Switch Issues When troubleshooting switch issues, remember the following: Bad wiring and EMI commonly show up as excessive collisions and noise. This is displayed by excessive collisions and runts when issuing the show interface command, as follows: Media issues should be isolated and resolved as indicated in the previous topic.
Duplex Issues The following items can create duplex issues: Unlike wired LANs, wireless devices transmit and receive data using radio frequencies RF or infrared signals. These frequencies or signals are sent through an access point AP. The AP is like a hub or switch on a wired LAN and is the connectivity point for all wireless devices to access the network. They are often mobile and battery powered. Radio Frequency Transmission Radio frequencies are radiated into the air through an antenna, creating radio waves.
Higher frequencies allow higher data rates but also have a shorter distance. Outside objects can affect radio waves, resulting in the following: Occurs when RF waves bounce off objects like metal or glass n Scattering: Occurs when RF waves strike uneven surfaces n Absorption: EIRP is calculated using the following formula: TABLE It has four data rates: It has eight data rates: It uses DSSS to provide 1-, 2-, 5.
It uses OFDM to provide the following rates: Most hackers start by war driving. When an access point is identified, hackers try to exploit weak security keys and passwords to gain access to the network. Access points installed on a WLAN that can be used to interfere with day-to-day network operation. Rogue APs are also unauthorized APs installed on the network by employees. Wireless security methods, listed from weakest to strongest, include the following: Uses basic encryption, weak authentication, and static keys and is not scalable.
Uses dynamic keys, stronger encryption, and user authentication. Created by the Wi-Fi Alliance as a standard. The client scans all changes and sends out probe requests. The AP sends a probe response, and the client listens for the response from the APs. The client associates to the AP with the strongest signal. Authentication and other security information is sent to the AP.
The AP accepts the association. The client becomes active on the medium and associates to the access point. It forces the port into an unauthorized state, so only Wireless clients connect directly to each other without an access point. Wireless clients connect through an access point. The following two modes of infrastructure mode exist: Wireless clients connect to each other and the wireless network through one access point. In other words, it is the area that is covered by the access point.
WLAN clients can shift data rates while moving. The closer a client is to an AP, the higher the data rate; the farther the client is from the AP, the lower the data rate. Rate shifting occurs on a transmission-by-transmission basis. Clients will always try to communicate with the highest possible data rate.
Figure shows the data rates for APs should be configured with the following parameters: Install the AP. Configure the AP with no security. Install and configure a wireless client with no security. Verify wireless connectivity. Step 6. Configure security on the AP and client. Step 7. Verify wireless operation.
CCNA Quick Reference Sheets (CCNA Exam 640-802)
Wireless Troubleshooting Most wireless problems are due to incorrect configuration. Steps to troubleshoot configurations are as follows: Other common wireless problems are due to RF installation. You should verify the following: Connecting LANs Section 8 Exploring the Functions of Routing Router Overview Routing is the act of finding a path to a destination and moving data across this path from source to destination.
The routing process uses network routing tables, protocols, and algorithms to determine the most efficient path for forwarding the IP packet. Router Function Routers have the following two key functions: Routing tables and network addresses transmit packets through the network.
The process of routing includes determining the optimum path through the network. After the path is determined, a router forwards the packets through its network interface toward the destination. The destination typically an IP address of the information being sent n Sources of information: Where the information came from typically an IP address n Possible routes: The likely routes to get from source to destination n Best route: The best path to the intended destination n Status of routes: IP Routing Protocol: These are defined as follows: Path Determination Routing tables and network addresses transmit packets through the network.
The process of routing includes determining the optimum path through the network and then moving the packets along the path. A router can use the following types of entries in the routing table to select the best path: Manually entered routes in the routing table n Dynamic routes: Routes dynamically learned from a routing protocol n Default routes: The router uses its table to make forwarding decisions.
The router learns about routes in one of three ways: Dynamic Routing Protocols Routing protocols use their own rules and metrics to build and update routing tables automatically. Routing metrics are measures of path desirability. Different protocols use different metrics. Some common metrics are as follows: The time required to move the packet from the current router to the destination.
This depends on the band- width of intermediate links, port delays at each router, congestion, and distance. The amount of activity on the network. The error rate of each network link. The number of routers the packet must travel through before reaching the destination. An arbitrary value based on bandwidth, expense, and other metrics assigned by the administrator.
Routers using distance vector—based routing share routing table information with each other. Router C shares routing information with Routers B and D. In this case, the routing information is distance vector metrics such as the number of hops.
Each router increments the metrics as they are passed on incrementing hop count, for example. Distance accumulation keeps track of the routing distance between any two points in the network, but the routers do not know the exact topology of an internetwork.
RIP is an example of a distance vector routing protocol. The link-state—based routing algorithm also known as shortest path first [SPF] maintains a database of topology information. Distance—How Far? Network information is shared in the form of link-state advertisements LSA.
Link-state routing provides better scaling than distance vector routing for the following reasons: Distance vector sends complete routing tables. Combines aspects of both distance vector and link-state protocols. Balanced hybrid routing uses distance vectors with more accurate metrics, but unlike distance vector routing protocols, it updates only when there is a topology change. Balanced hybrid routing provides faster convergence while limiting the use of resources such as bandwidth, memory, and processor overhead.
Understanding Binary Basics Computers use a numbering system based on only 1s and 0s. This type of system is called binary or base 2. This number- ing system might seem awkward at first glance, but it uses the same logic as the base 10 system we use every day. For example, base 10 has ten numbers 0 through 9. This contin- ues with successive powers 1, 10 1 , 10 2 , 10 3. Table shows the values for the first seven places. They are the basis of IP addressing.
To convert between decimal and binary, it is best to build a simple table like the one just shown. In the preceding example, the placeholders for 1, 2, 4, 8, and 32 all contain 1s. Adding those values yields To convert from decimal to binary, again build a table.
Put a 1 in the highest place value. In this example, a 1 is placed in the column representing 32; 64 cannot be used, because it is greater than The next value 16 is too large, so a 0 is placed in that column. Repeat the process until the value of the subtraction equals 0. Constructing a Network Addressing Scheme Without subnets, an organization operates as a single network. These flat topologies result in short routing tables, but as the network grows, the use of bandwidth becomes very inefficient all systems on the network receive all the broadcasts on the network.
Figure shows a flat network with all hosts in the same broadcast domain. Subnetting provides additional structure to an addressing scheme without altering the addresses. In Figure , the network address If traffic were evenly distributed to each end station, the use of subnetting would reduce the overall traffic seen by each end station by 75 percent.
Subnet Mask As shown in Figure , a subnet mask is a bit value written as four octets. The subnet mask bits are coded as follows: Network Host 16 0 0 Network Host 0 0 Network Host 0 Dotted-decimal is the default.
Default Subnet Masks Each address class has a default subnet mask. The default subnet masks only the network portion of the address, the effect of which is no subnetting.
With each bit of subnetting beyond the default, you can create 2 n —2 subnets. Figure and Table show the effect of increasing the number of subnet bits. The mask includes only the network portion of the address and provides no additional subnets.
The result creates subnets. Recall that the host portion of the subnet mask is all 0s. The result of this operation is that the host portion of the address is removed, and the router bases its decision only on the network portion of the address.
In Figure , the host bits are removed, and the network portion of the address is revealed. In this case, a bit subnet address is used, and the network subnet number Two kinds of broadcasts exist: Identifying Subnet Addresses Given an IP address and subnet mask, you can identify the subnet address, broadcast address, first usable address, and last usable address using the following method, which is displayed in Figure Write the bit address, and write the subnet mask below that.
Draw a vertical line just after the last 1 bit in the subnet mask. Copy the portion of the IP address to the left of the line. Place all 0s for the remaining free spaces to the right.
This is the subnet number. Place all 1s for the remaining free spaces to the right.
Cheat sheet CCNA – Introduction
This is the broadcast address. Place all 0s in the remaining free spaces until you reach the last free space. Place a 1 in that free space.
This is your first usable address. Place all 1s in the remaining free spaces until you reach the last free space. Place a 0 in that free space. This is your last usable address. How to Implement Subnet Planning Subnetting decisions should always be based on growth estimates rather than current needs.
To plan a subnet, follow these steps: Determine the number of subnets and hosts per subnet required. The address class you are assigned, and the number of subnets required, determine the number of subnetting bits used.
For example, with a Class C address and a need for 20 subnets, you have a bit mask This allows the Class C default bit mask and 5 bits required for 20 subnets. The formula 2 n —2 yields only 14 subnets for 4 bits, so 5 bits must be used.
The remaining bits in the last octet are used for the host field. In this case, each subnet has 2 3 —2, or 6, hosts. In Figure , the hosts on the Configuring Static Routes To configure a static route on a Cisco router, enter the following global command: RouterB config ip route The distance parameter defines the administrative distance or the route. The value for distance is a number from 1 to 1 is the default if not defined that rates the distance in hops of the destination.
For example, a distance of 1 means that the destination is one hop away. If a router has two routes to the same destination, the route with the lowest distance is used.
CCNA Cheat Sheet
The permanent statement specifies that the route will not be removed even if the router interface shuts down. Default Route A default route is a special type of route with an all-0s network and network mask. The default route directs any packets for which a next hop is not specifically listed in the routing table.
By default, if a router receives a packet to a destination network that is not in its routing table, it drops the packet. When a default route is specified, the router does not drop the packet. Instead, it forwards the packet to the IP address specified in the default route. To configure a static default route on a Cisco router, enter the following global configuration command: RouterB config ip route 0. RouterA show ip route Codes: The router checks its hardware with a power-on self test POST.
The router loads a bootstrap code. The configuration is located and loaded. After this sequence completes, the router is ready for normal operation. When the router is started for the first time, it does not have an initial configuration. The IOS will execute a question- derived initial configuration routine called setup mode.
You can enter setup mode at any time by entering the setup privi- leged EXEC command. Setup mode configures the following: Valid IOS in Flash? Go to the EXEC prompt without saving the created configuration. Go back to the beginning of setup without saving the created configuration. Default answers appear in square brackets . Pressing Enter accepts the defaults. At the first setup prompt, you can enter No to discontinue the setup. The setup process can be aborted at any time by pressing Ctrl-C.
Router Components The major router components are as follows: Random-access memory contains key software IOS. Read-only memory contains startup microcode. Nonvolatile RAM stores the configuration. Controls the bootup method. The interface is the physical connection to the external devices. The EXEC interprets the commands that are entered and carries out the corresponding operations.
This level can be password- protected. The enable command allows access to this mode disable exits to user mode. Displaying Router Status Output from the following show commands provides valuable information about the router status: From global configuration mode, you can access these specific configuration modes: Configures operations on a per-interface basis n Subinterface: Configures multiple virtual interfaces n Controller: Supports commands that configure controllers such as E1 and T1 n Line: Configures the operation of a terminal line n Router: Commands that indicate a process or interface that will be configured are called major commands.
Major commands cause the CLI to enter a specific configuration mode. Major commands have no effect unless they are immediately followed by a subcommand that supplies the configuration entry, as follows: Router config interface serial 0 Router config-if shutdown Router config router rip Router config-router network Global Configuration Commands - Router config hostname enable secret ip route interface ethernet serial bri etc Routing Engine Commands - Router config-router network version auto-summary etc.
Line Commands - Router config-line password login modem commands etc Router configure terminal Router config interface s1 Router config-if clock rate Router config-if bandwidth 64 Router show interface serial 1 Router show controller displays the information about the physical interface and if it is a DTE or DCE. Enabling or Disabling an Interface Example By default, all interfaces on a router are initially disabled.
The following commands show you how to enable or disable a router interface: Abbreviations of delimiters are not allowed. For example, a clock rate of 64, cannot be abbreviated as The bandwidth command overrides the default bandwidth. Router configure terminal Router config interface s1 Router config ip address Figure shows the line and data-link status of a serial interface and describes how to interrupt the interface status.
Because the remote host is on a remote network, the router will respond with its local MAC address and the IP address of the remote host. In Figure , host A wants to communicate with host B. The IP information does not change. The ping command also tells you the minimum, average, and maximum times for packets that make the round trip to the target system and back. Router ping Router trace Tracing the route to Router Security Configuring Router Passwords: Console and Telnet The following example configures passwords on the console and vty lines of a router to homer and bart: Router config line console 0 Router config-line login Router config-line password homer Router config line vty 0 4 Router config-line login Router config-line password bart The numbers 0 through 4 in the line vty command specify the number of Telnet sessions allowed in the router.
You can also set up a different password for each line by using the line vty port number command. Enable and Secret Passwords The following configures an enable password of apu and an enable secret password of flanders: Router config enable password apu Router config enable secret flanders The no enable password command disables the privileged EXEC mode password.
The no enable secret command disables the encrypted password. To encrypt them, use the service password-encryp- tion global command, as follows: Router config service password-encryption Configuring Login Banner and MOTD The login banner is displayed before the username and password login prompts on a Cisco router. Router config t Enter configuration commands, one per line. It is displayed to anyone connecting to the router through Telnet, console port, or auxiliary port.
Use the banner motd text global configuration command to configure the MOTD, as follows: Telnet is unsecure, and all communication between the Cisco device and host is sent in clear text. Router config username eric password 0 ciscopress Router config ip domain-name cisco. You should restrict access to vty ports to only specific IP address.
To restrict access to vty ports, you would create a standard access list that permits each authorized IP address to connect to vty and apply the access list to the vty ports.
At the end of each access list is an implicit deny any statement. For example, if you have an IP address of SDM is supported on all Cisco routers and is a free tool that provides built-in wizards to help simply router configuration.
Router config ip http server Router config ip http secure-server Router config ip http authentication local Step 2. Create a user account with enable privileges: Router config username admin priviledge 15 password 0 password Step 3. Configure SSH and Telnet for local login and privilege level After being connected, change the IP address of your computer to Next, open your web browser, disable any pop-up blockers, and connected to SDM through web address http: The default username is cisco, and the password is cisco.
Some of these wizards are as follows: Configures WAN interfaces. Please see page for more details. The five types of access attacks are as follows: n Password attacks: Attacks that try to compromise passwords. These include brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers.
Mitigation of these attacks includes disabling accounts after a specific number of unsuccessful login attempts, having complex password requirements, and not using plain-text passwords. For example, if a trusted system on a network is compromised, it can lead to other systems being compromised on the same network. These attacks require access to the network media or devices between the source and destination.
Application Layer Attacks Application layer attacks try to exploit well-known vulnerabilities and passwords. They have the following characteristics: n Exploiting well-known weaknesses in software found on servers such as send mail, HTTP, and FTP to gain elevated access rights to the computer running the software. These programs then send the information to the attacker.
Application Layer Attacks and Mitigation Several ways to mitigate application layer attacks are as follows: n Read system and device logs.Routing Engine Commands - Router config-router network version auto-summary etc. Benefits of microsegmentation are as follows: It breaks otherwise complex network interaction into simple elements. The most common types of media are as follows: Some of these wizards are as follows: