CCNA – Cisco Router Cram Sheet

2500 Routers

Layer 2 is MAC Address Based; data is in frames.

Layer 3 is IP Based; data is in packets.

 

NAT; three versions:

·         1:1 NAT – SNAT

·         Many: Several – Queue based  for several Links

·         Many:1 – Port based

 

NAT changes source MAC address on NAT’d traffic.

 

Sometimes called ‘PAT’.

 

Data flow:

·         Host > ARP >  MAC Address > Finds router’s MAC as dest. is out of subnet.

·         Router stores Source IP, Source Port, Destination IP and Destination Port in NAT Table and removes MAC Addressing.

·         Router  > ARP > MAC Address destination

·         Frame is delivered with source MAC address set as router, but IP set as the original source.

 

Source port is random number generated by host.

 

 

Routes & Routing Protocols

You can use either Static Routes or Dynamic Routes.

 

To add a static route:

# ip route 172.22.10.0 255.255.255.0 172.22.1.1

(The last address is the next hop)

To set the default gateway:

# ip route 0.0.0.0 0.0.0.0 10.0.0.3

(The last address is the next hop)

Routing Protocols; three types:

 

·         Distance Vector Algorithm – both the distance (hops) and direction to take is given to other routers. RIP, IGRP

·         Links State – provides information about the topology of the network in its immediate vicinity. Link State Advertisements. Other routers decide the best route. OSPF

·         Hybrid EIGRP

 

Linkstate has a much greater overhead as routers have to work out the best route. It is faster in the event of a failure because they work out the SPF, but also the next shortest path. Passes only updates when changes are made. Metric is the path cost.

 

Distance Vector protocols like RIP send out the entire routing table at regular intervals, even if no changes have taken place. Metric is the number of hops. RIP is broadcast.

 

Path cost is established upon manually set bandwidth variables on the interfaces.

Routing Protocols Continued – RIP / EIGRP

Autonomous Systems (AS)- groups of routers used with EIGRP and OSPF to define where updates are sent to. This way updates are multicast not broadcast.

 

Administrative distance: trustworthiness of a routing table entry:

·         EIGRP – 90

·         IGRP – 100

·         OSPF – 110

·         RIP – 120

·         Static – 1

 

Problems:

RIP – Count to Infinity

 

Solutions:

Separate Horizons – advertised on the interface from where it was received.

Poison Reverse – Set infinity to a low variable, i.e. 16

 

To enable RIP:

# router rip

# network 172.22.0.0 only class full portion of network

 

To enable EIGRP:

# router eigrp 100 – 100 is  AS group

# network 172.22.0.0 – again only class full portion of network

 

For classless addressing:

# network 172.22.0.0 mask 0.0.0.255

Routing Protocols

RIP – Metric is number of hops.

 

OSPF is a Link State Routing Protocol that is cross-vendor compliant. Uses AS.

 

EIGRP – Cisco Proprietary, fast in large network environments. Replaces IGRP. Uses multicast, only sends updates when things change. Based on configured bandwidth value. Also supports AppleTalk and IP IPX. Uses AS.

 

Passive interfaces can be setup in order to prevent routing protocol data being sent out.

 

RIP does not support Variable Length Subnet Masks (VLSM) – EIGRP / OSPF / RIPv2 do.

 

Use sh ip protocols to view metric calc. for EIGRP.

ISDN – In the UK the ISDN switch type is basic-net3

Two types of ISDN:

BRI – Basic Rate Interface – 64K B Channel, 16K D Channel

PRI – Primary Rate Interface – Multiple B Channels, 64K D Channel

 

NO modulation / demodulation needed – digital connection from end-to-end.

 

Call setup is almost instant, expensive to run but cheap to own. A good backup line.

 

Line is divided into channels, a signalling channel known as ‘D’ and a data channel known as ‘B.’

 

PRI uses 30 ‘B’ channels in the UK and 23 in the US.

 

ACL’s are used to define ‘interesting traffic’ so that traffic such as RIP packets will not active a costly dial-up interface such as ISDN. This type of ACL is called a dialer-list.

ISDN Continued

ISDN Configuration:

Direct Interface Mapping:

#isdn switch-type basic-net3

#interface bri0/0:

#ip address 10.0.0.1 255.255.255.252

#encapsulation ppp

#ppp auth chap

#dialer remote-name router2

#dialer string 222

#dialer idle-timeout 30

#dialer group 1

#no shut

#exit

#dialer-list 1 protocol ip permit

 

Dialler Profile:

#isdn switch-type basic-net3

#interface bri0/0

#encaps ppp

#ppp auth chap

#dialer pool-member 1

#exit

#interface dialer1

#ip address 10.0.0.1 255.255.255.252

#encaps ppp

#ppp auth chap

#dialer remote-name router2

#dialer pool 1

# dialer string 222

#dialer group 1

#exit

# dialer list 1 protocol ip permit

 

Access Lists

Two types:

·         Standard1 – 99. Uses only Source IP Address For Filtering

·         Extended100 – 199. Uses Source or Destination IP and Port

 

Used to:

·         Filtering and Security

·         Define interesting traffic for use in dialup connections.

·         Used for QOS

 

A single interface can have two ACL’s, one inbound and one outbound.

 

Inbound: the ACL is processed prior to inspection of the routing table. If a match is found it is either dropped if deny is in use, or sent to be routed.

 

Outbound: the ACL is processed after the packet has been routed and is passed out of an interface.

 

Implicit Deny All exists at the end of all ACL’s and is not visible when viewed on the device.

 

Keywords such as ‘any’ and ‘telnet’ can be used in extended ACl’s

Access Lists cont.

As well as numbered ACL’s it is possible to have named ACL’s.

 

Two approaches:

·         Permit with Implicit Deny All

·         Deny with Permit All

 

Numbered ACL’s cannot be modified, named ACL’s can be modified. In order to modify a numbered ACL it must be recreated from scratch.

 

A standard ACL:

# access-list 10 permit 172.22.10.0 0.0.0.255

(implicit deny all)

 

An extended ACL:

# access-list 101  permit tcp 172.22.10.0 0.0.0.0 any eq 23

# access-lists 101 permit tcp any any eq 80

(implicit deny all)

 

It is possible to assign ACL’s to VTY’s:

 

# access-list 12 permit 172.22.10.0 0.0.0.255

# line vty 0 4

# access-class 12 in

 

To view an ACL:

# show access-lists 101 – will display hits on ACL

Troubleshooting:

Telnet – Try to telnet device and view configuration.

 

Ping – See if the device is active and functioning.

 

Trace – Find where traffic is stopping.

 

Debug – Very usefully, heavy overhead if too much debug is enabled.

# debug dialer – will debug dialler-events

# debug ppp authentication – debug ppp-authentication issues

# debug ppp negotiation – debug ppp encapsulation negotation

# debug idsn q921 – debug layer2 ISDN

# debug isdn q931 – debug layer3 ISDN

 

To enable correct vty output of debug use terminal monitor

 

Inband / outband access

 

UP / UP – Interface is working

UP / DOWN – Interface is up but the other end is not connected / no clock pulse / no helo pulse

DOWN / DOWN – Not connected / configured

Administratively Down – Shut by ADMIN

IP Addressing / Subnetting

IP Address Range Class:

·         Class A: 1.0.0.0 – 127.255.255.255

·         Class B: 128.0.0.0 – 191.255.255.255

·         Class C: 192.0.0.0 – 223.255.255.255

 

An IP Address is comprised of 32 Bits, or 4 octets.

 

 

HEX / DEC / BIN

Notes of conversion form HEX > DEC, DEC > BIN, BIN > HEX

CDP

Cisco Discovery Protocol; will Find any directly attached Cisco Devices and tell you

·         IP

·         Device Model

·         Connecting Port

 

NOT routed, will only see directly attached devices.

 

Both devices need CDP to be running:

 

To enable CDP:

# run cdp

 

To view connected devices:

# show cdp neigbors

 

 

Serial Links & WAN Protocols

Three types of WAN:

·         Point to Point Leased Line

·         Dialup / Switched

·         Packet Switching

 

One end is DCE end, the other is DTE. AT the DCE end there is a clock rate, at the DTE end no clock is set.

 

To see which end is DCE / DTE end:

# show controllers s0

 

Supports multiple encapsulation:

·         PPP – Industry Standard, all manufacturers

·         HDLC – Cisco Proprietary

·         Framerelay – Used in packet switching

 

 

WAN Protocols

PPP has two elements:

·         LCP – Link Control Protocol – establishes connection – ie authentication, compression.

·         NCP – Network Control Protocol – establishes protocol and physical connection.

 

LCP allows for Authentication, Compression and Multilink (the use of multiple lines as a single virtual line)

 

PAP

!Clear text passwords

!No Challenge

!One time only authentication

 

CHAP

Encrypted Passwords

Challenge Response

Regular Authentication

Password challenge varies each time (uses random number)

PPP Configuration

PPP is commonly used on WAN connections and is manufacturer wide compatible whereas hdlc is Cisco proprietary.

 

To enable ppp:

# encapsulation ppp

 

To enable PAP authentication:

# ppp authentication pap

 

To enable CHAP authentication:

# ppp authentication chap

 

It is necessary to set usernames and passwords within global configuration like so:

(config)#  username router2 password cisco

 

Where ‘router2’ is the remote router to which you want to connect to.

Frame-Relay

Uses Virtual Connections (VC) to link sites, therefore low cost. FR uses Packet Switching for data transmission.

 

Two Types of VC:

Permanent (PVC) – fixed cost

Switched (SWC) – Pay As You Go

 

Committed Information Rate (CIR) – user purchases a guaranteed bandwidth level but can transfer data at higher speed if capacity exists within FR network. If the network is under heavy load this data is discarded. Data sent over the CIR is marked Discharge Eligible (DE)

 

Router is connected to a frame switch which uses LMI Protocol:

·         Used to send configuration data and status information

·         LMI is local. It only runs between the local router and FR Switch, it does not traverse the cloud.

 

LMI is used for reverse ARP to find the DLCI number of the next hop.

 

Data is encapsulated over the FR network.

 

Three speeds in FR:

Delivery to cloud

Time to cross cloud

Delivery to destination

 

Frame Relay – Contd.

DLCI – data-link connection identifiersAddressing system is given to source for delivery to destination, the destination address is not associated with the destination itself rather the connection used to reach the destination.

 

Congestion-Control Mechanisms:

·         Forward-explicit congestion notification (FECN)

·         Backward-explicit congestion notification (BECN)

 

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/frame.htm

 

 

Data flow:

Local router only knows DLCI of remote router:

DLCI is used to find IP using LMI reverse ARP

 

Security

 

To use an ACL to filter access to the router via telnet use the following commands:

# access-list 12 permit 192.168.1.0 0.0.0.255

(config)#line vty 0 4

(config)#access-class 12 in

 

To set a password for enable mode:

 

To set an encrypted password for enable mode: