Cisco Articles

Cisco : CCNA Wireless Cram Sheet

CCNA Wireless Cram Sheet


Types of WLAN technology


Narrowband (unlicensed bands)

·         900 MHz – used by old cordless phones

·         2.4 GHz – used by cordless phones, WLAN, Bluetooth and microwaves

·         5G GHz – used by WLAN, new cordless phones

·         Uses spread spectrum – signalling over multiple frequencies.

·         Limited range



·         Lower bandwidth than narrow band

·         Wider coverage.

·         Personal Communication Services (PCS) – Sprint PCS is an example supplier of this technology.


Circuit and Packet Data

·         Lower data rate than both of the above.

·         Wider coverage (national).

·         High fee per megabit – although flat-rate contracts are common nowadays

·         3G is an example of this technology.


Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)

WLAN devices cannot send and receive at the same time. Devices use RTS (ready-to-send) and CTS (clear-to-send) signals.


Wireless AP’s are similar in function to Ethernet Hubs; each AP has a finite bandwidth therefore the more devices attached to the AP, the less bandwidth each device has available to it.


Signal Strength Issues

·         Absorption – walls, ceilings and floors absorb signals.

·         Scattering – rough walls and carpets scatter signals.

·         Reflection – metal and glass reflect signals.

·         (Interference – Microwaves, rouge AP’s and cordless phones can interfere)


Standards Bodies

·         FCC – Federal Communications Commission

·         ETSI – European Telecommunications Standards Institute

·         ITU-R – International Telecommunications Union-Radio Communications Sector

·         IEEE – Institute of Electrical and Electronic Engineers – defines mechanical process of how WLAN is implemented in 802.11

·         WiFi Alliance – Cisco is a founding member of this organisation. Ensures interoperability between manufacturers.


Wireless Standards















2.4/5 GHz




OFDM – Octagonal Frequency Division Multiplexing; uses spread spectrum.

DSSS – Direct-Sequence Spread Spectrum; One channel to send data across all frequencies in the channel

MIMO – Multiple Input Multiple Output; uses DSSS and OFD across 14 overlapping channels at 5MHz intervals.




·         802.11b and 802.11g can interpolate, 802.11g is backwards compatible.

·         802.11a is not compatible with 802.11b or 802.11g.

·         802.11n is compatible with 802.11a, 802.11b and 802.11g however is will be slower in interoperability mode. Also 802.11n has not been ratified, so there may be interoperability issues between vendor hardware. 802.11n requires multiple antennae for MIMO.




Potential Threats

·         War Driving – a potential hacker uses a laptop to find a wireless network and tries to break in.


Connection Process

·         Service Set Identifier (SSID) used to identify network to clients, this is broadcast.

·         Client Send AP MAC Address and required security information


802.11 Defined Security

The 802.11 standard defines two security methods, both of which are weak by today’s standards:

·         Open Authentication (no security!)

·         Shared Key Authentication – static encryption using WEP


A well-secured WLAN has the following security configurations:

·         Encryption

·         Authentication

·         IPS


SSID Cloaking and MAC Address Filtering


SSID Cloaking –Administrator would disable SSID broadcast. However, client can send AP a null string SSID value. Therefore MAC Address filtering was often enabled. Unfortunately it is also possible to spoof a MAC address.


Wireless Encryption Protocol (WEP)


Uses RC4 encryption and a static 64-bit key can easily be broken as only 40-bits are encrypted and 24 bits are clear-text IV(Initialization Vector). It was later upgraded to 128-bit, but the IV was still clear text meaning it took slightly longer (minutes) to break-in.


TKIP (Temporal Key Integrity Protocol)


Initially Cisco hardware specific, later became and open standard – beware no interop between Cisco original and now open TKIP. Per-packet keying and hashing using CMIC (Cisco Message Integrity Check) – each packet is digitally signed.


802.1 EAP


Extensible Authentication Protocol is a 2-layer process with 2 varieties:

·         EAP (WLAN)

·         EAPoLAN


EAP defines a standard way of encapsulating authentication information such as certificates/usernames/passwords that an AP can use for authentication.


EAP is an extension of PPP and has several extensions:

·         EAP-MD5 – CHAP authentication with static password

·         EAP-TCS – X.509v3 certificates

·         LEAP – Lightweight EAP, password and per-session WEP keys

·         PEAP – One Time Password OTP SSL secures communications and MS-CHAP used to encrypt username and password. Digital certificate required on server.

·         EAP-FAST – Shared secret key used to encrypt authentication information.

·         EAP-GTC – authentication by Generic Card Token.


802.1x and RADIUS defines how to packetize the EAP information and move it across the network. In the RADIUS model:

·         Client is the Supplicant

·         AP is the Authenticator

·         RADIUS Server is the Authentication Server


WiFi Protected Access (WPA)

Designed as an interim solution, until 802.11i (WPA2) was ratified, for wireless security by the WiFi Alliance.

Authentication handled by 802.1x and TKIP used with WEP. The TKIP flavour used by WPA is non-proprietary and is NOT compatible with the Cisco TKIP implementation.


Personal Mode – Pre-shared Key (PSK) used to authenticate, key stored on client and server -designed for SOHO use.


Enterprise Mode – allows for large organisations to have a centralised credential server. Uses 802.1x for authentication.


WPA2 (802.11i)


Doesn’t use WEP, using AES (Advanced Encryption Standard) alongside CBC-MAC protocol (CCMP)


AES-CCMP incorporates AES 128-bit encryption with 2 cryptographic technologies:

·         Counter mode makes eavesdropping more difficult by stopping patterns in WLAN traffic

·         CBC-MAC ensures frames have not been tampered


WLAN Access Modes


Ad-Hoc (IBSS – Independent Basic Service Set) – peer-to-peer – presents security and scalability issues

Infrastructure (BSSBasic Service Set or ESSExtended Service Set) – via an AP


Infrastructure modes:

·         BSS – Basic Service Set – provides per-device BSSID. Used for non-roaming devices.

·         ESS – Extended Service Set – provides a single SSID for all devices. Only each AP has its own BSSID.



·         BSA – Basic Service Area – single AP (cell)

·         ESA – Extended Service Area – multi-APs (cells) on different channels, but the same frequency (i.e 2.4GHz/5GHz) on non-VOIP networks overlap should be 10-15%, on VOIP it should be 15-50%.


An AP is a layer 3 device and in larger organisations ‘IP helper’/DHCP forwarding may be required on the AP.


Configuring APs/Troubleshooting WLAN


Cisco recommends using the SDM (Security Device Manager) to configure APs.


Common troubleshooting tasks:

·         Check signal strength, check device placement and either adjust aerial or replace it with a more powerful one

·         Check encryption settings, do the device and AP support the same encryption standards

·         WLAN NIC firmware update may resolve connectivity issues.

Cisco Articles

Cisco Enabling & Disabling SSH

Enabling SSH on Cisco Devices

Firstly, why enable SSH? By default, all Cisco devices will use telnet for network access (once a password has been configured.) Telnet is a cleartext protocol, all credentials are passed in clear text and can easily be ‘snooped.’ SSH is an encrypted protocol, therefore usenames and passwords cannot be snooped. Please note that SSH support requires an IPSEC (3DES/DES) IOS image to be installed on your Cisco device.

Step 1: Set Hostname and Domain Name for RSA generation:
(config)# hostname 3620-1
(config)# ip domain-name test.local

NOTE: Replace 3620-1 with the hostname of your router, and test.local with the correct domain name for your environment.

Step 2: Generate the RSA key pair for your routerand enable SSH support using the following commands:
(config)# crypto key generate rsa

Step 3: Set vty protocol to allow SSH only:
(config)# line vty 0 4
(config-line)# transport input ssh

Step 4: Set an SSH session timeout of 120 seconds:
(config)# ip ssh time-out 120

Step 5: Set the number of authentication attempts before the vty is reset to 3:
(config) ip ssh authentication-retries 3

Step 6: Save your configuration!
# copy run start


Disabling SSH Access

Step 1: Delete the RSA key:
(config)# crypto key zeroise rsa

Step 2: Reset VTY’s to use telnet:
(config)# line vty 0 4
(config-line)# transport input telnet

Step 3: Save your configuration!
# copy run start

Cisco Articles

CCNA – Cisco Router Cram Sheet

2500 Routers

Layer 2 is MAC Address Based; data is in frames.

Layer 3 is IP Based; data is in packets.


NAT; three versions:

·         1:1 NAT – SNAT

·         Many: Several – Queue based  for several Links

·         Many:1 – Port based


NAT changes source MAC address on NAT’d traffic.


Sometimes called ‘PAT’.


Data flow:

·         Host > ARP >  MAC Address > Finds router’s MAC as dest. is out of subnet.

·         Router stores Source IP, Source Port, Destination IP and Destination Port in NAT Table and removes MAC Addressing.

·         Router  > ARP > MAC Address destination

·         Frame is delivered with source MAC address set as router, but IP set as the original source.


Source port is random number generated by host.



Routes & Routing Protocols

You can use either Static Routes or Dynamic Routes.


To add a static route:

# ip route

(The last address is the next hop)

To set the default gateway:

# ip route

(The last address is the next hop)

Routing Protocols; three types:


·         Distance Vector Algorithm – both the distance (hops) and direction to take is given to other routers. RIP, IGRP

·         Links State – provides information about the topology of the network in its immediate vicinity. Link State Advertisements. Other routers decide the best route. OSPF

·         Hybrid EIGRP


Linkstate has a much greater overhead as routers have to work out the best route. It is faster in the event of a failure because they work out the SPF, but also the next shortest path. Passes only updates when changes are made. Metric is the path cost.


Distance Vector protocols like RIP send out the entire routing table at regular intervals, even if no changes have taken place. Metric is the number of hops. RIP is broadcast.


Path cost is established upon manually set bandwidth variables on the interfaces.

Routing Protocols Continued – RIP / EIGRP

Autonomous Systems (AS)- groups of routers used with EIGRP and OSPF to define where updates are sent to. This way updates are multicast not broadcast.


Administrative distance: trustworthiness of a routing table entry:

·         EIGRP – 90

·         IGRP – 100

·         OSPF – 110

·         RIP – 120

·         Static – 1



RIP – Count to Infinity



Separate Horizons – advertised on the interface from where it was received.

Poison Reverse – Set infinity to a low variable, i.e. 16


To enable RIP:

# router rip

# network only class full portion of network


To enable EIGRP:

# router eigrp 100 – 100 is  AS group

# network – again only class full portion of network


For classless addressing:

# network mask

Routing Protocols

RIP – Metric is number of hops.


OSPF is a Link State Routing Protocol that is cross-vendor compliant. Uses AS.


EIGRP – Cisco Proprietary, fast in large network environments. Replaces IGRP. Uses multicast, only sends updates when things change. Based on configured bandwidth value. Also supports AppleTalk and IP IPX. Uses AS.


Passive interfaces can be setup in order to prevent routing protocol data being sent out.


RIP does not support Variable Length Subnet Masks (VLSM) – EIGRP / OSPF / RIPv2 do.


Use sh ip protocols to view metric calc. for EIGRP.

ISDN – In the UK the ISDN switch type is basic-net3

Two types of ISDN:

BRI – Basic Rate Interface – 64K B Channel, 16K D Channel

PRI – Primary Rate Interface – Multiple B Channels, 64K D Channel


NO modulation / demodulation needed – digital connection from end-to-end.


Call setup is almost instant, expensive to run but cheap to own. A good backup line.


Line is divided into channels, a signalling channel known as ‘D’ and a data channel known as ‘B.’


PRI uses 30 ‘B’ channels in the UK and 23 in the US.


ACL’s are used to define ‘interesting traffic’ so that traffic such as RIP packets will not active a costly dial-up interface such as ISDN. This type of ACL is called a dialer-list.

ISDN Continued

ISDN Configuration:

Direct Interface Mapping:

#isdn switch-type basic-net3

#interface bri0/0:

#ip address

#encapsulation ppp

#ppp auth chap

#dialer remote-name router2

#dialer string 222

#dialer idle-timeout 30

#dialer group 1

#no shut


#dialer-list 1 protocol ip permit


Dialler Profile:

#isdn switch-type basic-net3

#interface bri0/0

#encaps ppp

#ppp auth chap

#dialer pool-member 1


#interface dialer1

#ip address

#encaps ppp

#ppp auth chap

#dialer remote-name router2

#dialer pool 1

# dialer string 222

#dialer group 1


# dialer list 1 protocol ip permit


Access Lists

Two types:

·         Standard1 – 99. Uses only Source IP Address For Filtering

·         Extended100 – 199. Uses Source or Destination IP and Port


Used to:

·         Filtering and Security

·         Define interesting traffic for use in dialup connections.

·         Used for QOS


A single interface can have two ACL’s, one inbound and one outbound.


Inbound: the ACL is processed prior to inspection of the routing table. If a match is found it is either dropped if deny is in use, or sent to be routed.


Outbound: the ACL is processed after the packet has been routed and is passed out of an interface.


Implicit Deny All exists at the end of all ACL’s and is not visible when viewed on the device.


Keywords such as ‘any’ and ‘telnet’ can be used in extended ACl’s

Access Lists cont.

As well as numbered ACL’s it is possible to have named ACL’s.


Two approaches:

·         Permit with Implicit Deny All

·         Deny with Permit All


Numbered ACL’s cannot be modified, named ACL’s can be modified. In order to modify a numbered ACL it must be recreated from scratch.


A standard ACL:

# access-list 10 permit

(implicit deny all)


An extended ACL:

# access-list 101  permit tcp any eq 23

# access-lists 101 permit tcp any any eq 80

(implicit deny all)


It is possible to assign ACL’s to VTY’s:


# access-list 12 permit

# line vty 0 4

# access-class 12 in


To view an ACL:

# show access-lists 101 – will display hits on ACL


Telnet – Try to telnet device and view configuration.


Ping – See if the device is active and functioning.


Trace – Find where traffic is stopping.


Debug – Very usefully, heavy overhead if too much debug is enabled.

# debug dialer – will debug dialler-events

# debug ppp authentication – debug ppp-authentication issues

# debug ppp negotiation – debug ppp encapsulation negotation

# debug idsn q921 – debug layer2 ISDN

# debug isdn q931 – debug layer3 ISDN


To enable correct vty output of debug use terminal monitor


Inband / outband access


UP / UP – Interface is working

UP / DOWN – Interface is up but the other end is not connected / no clock pulse / no helo pulse

DOWN / DOWN – Not connected / configured

Administratively Down – Shut by ADMIN

IP Addressing / Subnetting

IP Address Range Class:

·         Class A: –

·         Class B: –

·         Class C: –


An IP Address is comprised of 32 Bits, or 4 octets.




Notes of conversion form HEX > DEC, DEC > BIN, BIN > HEX


Cisco Discovery Protocol; will Find any directly attached Cisco Devices and tell you

·         IP

·         Device Model

·         Connecting Port


NOT routed, will only see directly attached devices.


Both devices need CDP to be running:


To enable CDP:

# run cdp


To view connected devices:

# show cdp neigbors



Serial Links & WAN Protocols

Three types of WAN:

·         Point to Point Leased Line

·         Dialup / Switched

·         Packet Switching


One end is DCE end, the other is DTE. AT the DCE end there is a clock rate, at the DTE end no clock is set.


To see which end is DCE / DTE end:

# show controllers s0


Supports multiple encapsulation:

·         PPP – Industry Standard, all manufacturers

·         HDLC – Cisco Proprietary

·         Framerelay – Used in packet switching



WAN Protocols

PPP has two elements:

·         LCP – Link Control Protocol – establishes connection – ie authentication, compression.

·         NCP – Network Control Protocol – establishes protocol and physical connection.


LCP allows for Authentication, Compression and Multilink (the use of multiple lines as a single virtual line)



!Clear text passwords

!No Challenge

!One time only authentication



Encrypted Passwords

Challenge Response

Regular Authentication

Password challenge varies each time (uses random number)

PPP Configuration

PPP is commonly used on WAN connections and is manufacturer wide compatible whereas hdlc is Cisco proprietary.


To enable ppp:

# encapsulation ppp


To enable PAP authentication:

# ppp authentication pap


To enable CHAP authentication:

# ppp authentication chap


It is necessary to set usernames and passwords within global configuration like so:

(config)#  username router2 password cisco


Where ‘router2’ is the remote router to which you want to connect to.


Uses Virtual Connections (VC) to link sites, therefore low cost. FR uses Packet Switching for data transmission.


Two Types of VC:

Permanent (PVC) – fixed cost

Switched (SWC) – Pay As You Go


Committed Information Rate (CIR) – user purchases a guaranteed bandwidth level but can transfer data at higher speed if capacity exists within FR network. If the network is under heavy load this data is discarded. Data sent over the CIR is marked Discharge Eligible (DE)


Router is connected to a frame switch which uses LMI Protocol:

·         Used to send configuration data and status information

·         LMI is local. It only runs between the local router and FR Switch, it does not traverse the cloud.


LMI is used for reverse ARP to find the DLCI number of the next hop.


Data is encapsulated over the FR network.


Three speeds in FR:

Delivery to cloud

Time to cross cloud

Delivery to destination


Frame Relay – Contd.

DLCI – data-link connection identifiersAddressing system is given to source for delivery to destination, the destination address is not associated with the destination itself rather the connection used to reach the destination.


Congestion-Control Mechanisms:

·         Forward-explicit congestion notification (FECN)

·         Backward-explicit congestion notification (BECN)



Data flow:

Local router only knows DLCI of remote router:

DLCI is used to find IP using LMI reverse ARP




To use an ACL to filter access to the router via telnet use the following commands:

# access-list 12 permit

(config)#line vty 0 4

(config)#access-class 12 in


To set a password for enable mode:


To set an encrypted password for enable mode:


Cisco Articles

CCNA – Cisco Switch Cram Sheet

2900 Switches

Separate machines into separate collision domains that would exist if they were connected via a hub / directly. This means multiple machines can transmit / receive.


Contain MAC table which is filled when data is sent from a new host. If a switch does not know the destination it sends data out of all ports.


Switches are transparent bridges; do not modify frames. Switches use Application Specific Integrated Circuits ASIC  (hardware) whereas bridges use software.


MAC table stored in Content Addressable Memory (CAM) which is a piece of hardware.


Auto at both ends will not work properly, unless a desirable mode is set. Default on switch is Auto. It is best to set 100MB F/d if that is what is needed.


A Switch only ever has a single IP in the native VLAN.


All ports are disabled by default; use no shutdown to enable them and shutdown to disable.

Spanning Tree

Used to eliminate loops and provide redundancy; without it:

·         Broadcast Storm

·         Unstable MAC Table Entries

·         Duplicate packets


Four rules:

·         Only one root bridge per network

·         All ports on root bridge are designated

·         Non-root bridges have a root port

·         Each Segment (collision domain) has a designated port


Each bridge has an ID, the switch with the lowest ID is root.


STP is running By Default on all switches


Spanning-tree blocks all ports by default.


RSTP is much faster, and if f/d assumes that port is an edge-port.

Spanning Tree cont.

Default switch priority is 8000, thus the switch with the lowest MAC address will be root.


Based on path cost:

·         10 Gb – 2

·         1 Gb – 4

·         100Mb – 19

·         10 Mb – 100


Bridge Protocol Data Units – BPDU’s:

Root bridge sends BPDU’s every 2 seconds. If 10 are missed spanning-tree re-evaluates the network; this can take 30-50 seconds.


BPDU data is sent on the default VLAN.


Contain ID of Root, ID of Source, Path Cost


Port cycle:

Blocking > Listening > Learning > Forwarding


It is possible to block different ports on different VLAN’s; spreading the load across switches.

Spanning Tree config.

To view current spanning-tree info:

# show spanning tree


This will display if the switch is the root bridge and what the spanning-tree status is for the active ports.


To view spanning-tree info per VLAN:

# show spanning-tree vlan 101


To show spanning-tree info per interface:

# show spanning-tree interface eth 0/1


To set a port as an edge-port:

(config)# int fastethernet 0/1

(config-if)# spanning-tree portfast


Port speed can be set for path cost using:

(config-if)# speed 100

(config-if)# duplex full


To view interface configuration:

# show interface fastethernet 0/1


Two types:

·         Static – assigned per port. One VLAN only per port.

·         Dynamic – sever controls membership database consisting of every MAC Address.


Cisco switches support two types of VLAN:

·         802.1q – industry standard, tags frames. Up to 4096 VLAN’s.

·         ISL – Cisco proprietary, encapsulates frame. Up to 1024 VLAN’s.


Default Native VLAN on Cisco hardware = 1


With ISAL all VLAN’s are tagged, with 802.1q the native VLAN is not tagged.


The native VLAN must be configured to be the same on all switches within a network.


Dynamic VLAN’s not commonly used due to administrative nightmare involved.

VLAN’s cont.

To create a VLAN:

# vlan database

# vlan 101


Will only apply VLAN’s when you exit VLAN d/b.


To assign a VLAN an IP:

# int vlan 101

# ip address


To assign a port to a vlan:

(config)# int fastethernet 0/1

# switchport access vlan 101


View VLAN information:

# show vlans / show vlan 100

# show ip interface brief


On newer switches it is possible to configure VLANS using:

(config)# vlan 100


The Configuration register specifies start-up mode:

·         2142 – Ignore startup-config

·         2102 – Boot normally

·         2101 – Boot ROM OS


Switches have several types of memory

·         Flash – where IOS / IOS Image is stored

·         ROM – where bootstrap / mini IOS is stored.

·         NVRAM – where startup-config is stored.



VTY’s will only work when a password is set:

# line vty 0 4 – sets p/w for first 4 vty’s

# login

# password password_here


Console – from global config:

# enable secret – encrypted

# enable password – clear text


Boot process: – Interrupt using Ctrl-C / Break

POST > Boot Strap > Config Register > IOS > NVRAM

Trunks – VLAN Trunking Protocol

VTP Modes:

·         Server – can edit VLAN d/b, will send / receive adverts.

·         Client – cannot edit d/b, will receive adverts.

·         Transparent – will not send / receive adverts, can edit d/b.


All switches by default are Servers. This must be changed!


Requires a trunk to be setup between switches. Trunk carries all VTP data.


# vtp domain name_here

# vtp password pass_here

# vtp mode server / client etc


(config)# interface fastethernet 0/24

(config-if)# switchport mode trunk