r .� Pfssor Pfssor
I� Messer
James Jame s "Prof "Profess essor or Messe Me Messer sserr
!"#$%&&#" !"#$% !"#$%&&#" &&#" (%&&% (%&&%")& (%&&%")& ")& *+&,# *+&, *+&,# # **-./0**. **-./ **-./0**.1 **-./0** 0**.1 .1 1 2334235 23342 2334235 35 6*.72 *#8" *#8"&% &% .#9% .#9%&& Wrien by James “Professor” Messer Copyright Copyr ight © 2017 by Messer Studi Studios, os, LLC hp://www.ProfessorMesser.com All rights reserved. No part of this book may be reproduced or transmied in any form or by any means, means, electronic electr onic or mecha mechanical nical,, includ including ing photo photocopyin copying, g, recor recording, ding, or by any informaon informaon storag storage and retrieval system, without wrien permission from from the publisher. publisher. First Edion: March 2017 /":;%<:"= /":;% /":;%<:"= <:"= 1,=> 1,=>#?@%; 1,=># 1,=>#?@% #?@%;A%<% ?@%;A%<% ;A%<%>9& A%<%>9& >9& All product names and trademarks trademarks are the property property of their respecve owners, and are in no way associated associated or alia aliated ted with Messer Messer Stud Studios, ios, LLC. “Professor “Prof essor Messer Messer”” is a regist registered ered trademar trademark k of Messer Studi Studios os LLC. “Cisco”” and “IOS” are registered trademar “Cisco trademarks ks of Cisco Systems, Inc.
B:">+>A :>; 7+&,@:+<%" This book is designed to provide informaon about the Cisco CCENT/CCNA 100-105 ICND1 cercaon exam. However, there may be typographical and/or content errors. Therefore, Therefore, this book should serve serve only as a general general guide and not as the ulmate ulmate source of subject informaon. The author author shall have have no liability liabil ity or respon responsibilit sibility y to any person or enty regardi regarding ng any loss or dama damage ge incurred, incurred, or alleged to to have incurred, directly or indirectly indirectly,, by the informaon informaon contained in this book.
*#>9%>9& Introducon
+C
3D3 4 EC%"C+%?
2
The 100-105 Cisco ICND1 Exam Introducon to the Cisco CLI
2D3 4 .%9?#"= F8>;:<%>9:@& 1.1 - Introducon to Ethernet - The Ethernet Frame 1.1 - The OSI Model and TCP/IP Model 1.1 - Encapsulaon and decapsulaon 1.2 - Common Port Numbers 1.2 - TCP Header 1.2 - UDP Header 1.2 - TCP Communicaon 1.3 - Enterprise Infrastructure Components 1.4 - Network Architectures 1.5 - Network Topologies 1.6 - Network Cabling 1.7 - Troubleshoong Methodologies 1.8 - IPv4 Addressing 1.9 - IPv4 Address Types 1.10 - Private IPv4 Addressing 1.11 - IPv6 Addressing 1.12 - Conguring IPv6 Addressing 1.12 - Troubleshoong IPv6 Addressing 1.13 - IPv6 Neighbor Discovery Protocol 1.13 - IPv6 Addressing with DHCP and SLAAC 1.14 - IPv6 Address Types
GD3 4 H1. I?+9,J+>A F8>;:<%>9:@& 2.1 - LAN Swching Concepts 2.3 - Troubleshoong Cable and Interface Issues 2.4 - Introducon to VLANs 2.4 - Conguring VLANs 2.4 - Troubleshoong VLANs 2.5 - Conguring Interswitch Connecvity 2.5 - Troubleshoong Interswitch Connecvity 2.6 - Conguring CDP and LLDP 2.7 - Conguring Port Security 2.7 - Troubleshoong Port Security
3.0 - Roung Fundamentals Fundamentals 3.1 - Introducon to Roung 3.2 - Understanding Roung Tables 3.3 - Roung Metrics and Administrave Distances 3.4 - Router on a Sck and Layer 3 Switches 3.5 - Stac and Dynamic Roung 3.6 - IPv4 Stac Roung
1 1
2 1 2 ! ! ! " " "
5 # # $ $
9 10 11 11 12 13 14 14
2K 16 16 18 19 19 20 20 21 21 22
GL 24 25 26 27 28 29
3.6 - IPv6 Stac Roung 3.6 - TroubleshoongStac Roung 3.7 - An Overview of RIPv2 3.7 - Conguring RIPv2 3.7 - Oponal RIPv2 Features 3.7 - Troubleshoong RIPv2
LD3 4 6>$":&9"8,98"% 6>$":&9"8,98"% I%"C+,%& 4.1 - An Overview of DNS 4.2 - Troubleshoong DNS 4.3 - An Overview of DHCP 4.3 - Conguring DHCP 4.4 - Troubleshoong DHCP 4.5 - Conguring NTP 4.6 - An Overview of Access Lists 4.6 - Conguring Standard Numbered Access Lists 4.6 - Conguring Extended Numbered Access Lists 4.6 - Conguring Named Access Lists 4.6 - Troubleshoong Access Lists 4.7 - An Overview of Network Address Translaon 4.7 - Conguring Network Address Translaon 4.7 - Troubleshoong Network Address Translaon
5D3 4 6>$":&9"8,98"% (:+>9%>:>,%
5.1 - Conguring Syslog 5.2 - Conguraon Management 5.2 - Discovering Devices with CDP and LLDP 5.2 - Switch and Router Licensing 5.2 - Conguring Timezones 5.2 - Conguring Loopback Interfaces 5.3 - Inial Device Conguraon 5.4 - Conguring IOS Passwords 5.4 - Conguring Banners 5.4 - Device Hardening 5.5 - Upgrading and Recovering IOS 5.5 - IOS Password Recovery 5.5 - IOS File SystemManagement 5.6 - Troubleshoong with Ping 5.6 - Troubleshoong with Traceroute 5.6 - Logging at the Terminal
30 31 32 !! !"
35
MK !# !#
37 37 39 39 41 42 42 "! "" "#
47 49
53 50 51 51 52 53 53 54 54 55 55 56 58 59 60 60 60
Introduction
If you're in the Iomaon Tecology dusty, ten you kow that Csco cercaos ae some of the most accepted (and most diicut) cetfcatons to ear. Cisco certicatos rage om a fundamenta etwoing knowedge to te most advaced etworg tecooges today. Cisco certficaton exams test you o the specifcs o routers, switces ports protocos ad much moe 've created these Course Notes to help you throug te detais tat you eed to kow for te exam. Best of luc wth your studes! - Proesso Messe
The Cisco CCENT/CCNA Roung and Swtchng cerfcaon Eang the Csco Ceried Network Assocate Roug ad Switcng (CCNA R&S cetcaon equres ethe the completo of two sepaateexams (te CND 100105 ad ICND2 20005 o the completo of a sgle combied exam (the 200125 THE INERCONNE INERCONNECING CING CISCO NEORK DEVICES 1 (CNDl) 100-105 EXAM ese ICND 0005 Course Notes ocus on the contet equed to pass the st haf o te CCNA R&S. assing te CND 100105 exam eans you te Csco Cetfed Enty Netwoing echncia CCENT) cetcaton so you ca ear some cedetas as you move away towads acievg you CCNA R&S cetfcaon. Heres the breakdown o eac tecology secton and te percetage of each topic o te 100105 exam: Secto .0 Network Fudamentals 20% Secto 2.0 LAN Switcing undametas 26% Secto 3.0 Routng undametas 25% Secto 4.0 astucture Sevices 5% Secto 5.0 astucte Mainteance 4%
How to use ths book Oce you're comortabe wt a of the sectos i te oica Cisco 0005 exam objectves you ca use these otes as a cosoidated summay o the most mportat topcs. These Couse Notes folow the same format ad numbering sceme as te ofica exam obectves so t shoud be easy to coss referece these otes wth al of you oter study materials.
© 2017 Messer Studis, LLC
Professo Messer's Cisco CCENT/CCNA CCENT/CCNA 100-105 ICNDl Course Course Notes Notes vPage
http /wwPrfssoessecm /wwPrfssoessecm
p Pr
Professor Messer's
Cisco CCENT/CCNA 100-105 ICNDl Course Notes
hp://www.PoessoMesercom
The 100-105 Cisco ICNDl Exam
• Exa t 90 nut • 45t 55qutn
100-105 Exam Objectves
• • • •
10 - NtrkFundantal(20%) 20 - AN Siting Fundanta (26%) 30 Rutng Fundantal (25%) 40 Infatutu Srvi (15%)
• Sring ragbtn 300 and ,000 nt • Pang i givn at
• 50 - Infratrutu aintnan (4%)
t bgnnng t xa
Introducton to the Csco CU
a a g • ntrfa t OS tug a CU • ut at t ttng n t t dv • Cand in Inta • A iat rult in a n f abld txt ·I • Sial ab t a nl nta • Pt - T ya intfa • Ar t ntrk , . • Baud at T d f t data (9600 baud) • Tlnt,SSH • Parity Nn Serial cae to a consoe nterface • Data bit - 8 • Fr t utr • 9-in ia nnt r SB intrfa • St bit 1 • Fr t t ut • Flntl nn • 9in ria nnt,RJ45 nnt, SB ntra • Yu igt nd a SB t ria abl � - · Confgurat Confgurat i • And a t adatr Serial prt Po: Bud R: d ne • 960 • EXEC d l m Bi Stopbt Flowct ct • Exut ad a a nralu 8 • N guan angald . AAdva dva Co Couan ua n O Ons ns • Pivilgd EXEC d K • Enabl d • Inal gin t u d • " t nt vigd d • And t lav How to connect
noe
1.1 Introducion to Ethernet The Ethernet Frame
Field
Byes
Descrp Descrpt ton
e
7
enn one d zeo d o yncnon (000.)
F
r g
Don A Ad
n d f do di
orc A Ade
en A ddre e oc dece
Ety
2
i t data nai t ayad
Pod
4
Lr nd hh
CS
C S CRCks
Preamble © 27 Mesr Sdi di os, LC
SFD estnao MAC
Souce C Type
ayoad
Prfss Mss's Prfss Mss's s s ENT/NA 1-5 IND s Nos Pg
FCS htp /wv.P /wv.P fesessecm
- - · ·
•
.
Unlock the enre book at hp://www.profesormesse hp://www.profesormesse.com/icnd .com/icnd 1
J Jt t
•
t
-
.
1
�
•
.
. •
,.
..
'
'
.
,
1
•
'
.
·-
View every page: htp://www.professormesse.com/icndl
.7 - Troubleshootng Methodologies Fault isoaion and documentaon • Idenfy Idenfy where the problem migt be • And where where itit s not • Lmt Lmt the scop scopee and andsave sa ve tme tme • Randomguessesaren Randomg uessesaren 'tefc efcen entt • Docme Docmenta ntato ton n • We We dont dont do document cument enoug • Someone Someone may have done ths ths b before efore • Capture Capture yor nque local loc al persp perspectve ectve
Veify and monto • Does your proposed x work? • Test T est aand nd con conrm rm
• Some xes xes reqr reqre e ongongmonto ongong montorng rng • nterm ntermt tent ent sse ssess • Confrm Conf rmte te resolu re soluon on • May take take mnutes, ours ours or day dayss • Don't Don't for forget get to docment • t wl wl save save yo yo
Resove or escaate • The clock clock s s tckin tcking g • And Andtme tme is almost aways aways drectl drectlyy relatabe tto o money • Yo're Yo're lookn lookng g for te root roo t cause • Address Address te root cause cau se and solve te sse sse • Wat a appens ppens if te root roo t cause cant b bee fond? fond? • Escalate Escalate to the next person/organ person/ organizat izaton onn n te lst • Yor organzaton organzaton may ave an escala onprocess on process • Balances Balances tme tme with with money
next tme
.8 1Pv4 Addessng ·Is
Number Number of etos
Hosts pe eto
Delt S n ntt Ms
24
4
2..
Q 8-9
6
,8
6
0
lOX (192-223)
8
0715
5
555555.
(439
Not defn
Not e
Not e
Not ene
Not ne
Not
t
Nt
Nt
Not
Css
. Ladig . 8,ts
Nwk 8is
ea eang
Class A
Ox (1-26)
B ass Cass D (mu Icat)
E (reseved) (reseved)
1 24
255
Class A
0
Ne tw ork (8) I ____H m ___ m 2( 244 ____ 255
0
0
11111111 11111111 00000000 00000000
N 6 I .__s 6 {6 N e w ( 1 6 255
Class C
0
11111111 00000000 00000000 00000000
255
Class B
0
255
255
0
11111111 11111111 11111111 00000000
The constucton of an 1Pv4 subnet • Network Network address address • The rst P P addr address ess of a s sbnet bnet • Set all ost bits tto o O (0 deci decimal) mal)
• First usabe usabe hos hostt ad address dress • ne number number high higher er than thante te net network work address • Network broadcast broadcast addre address ss • he a ast st P address of a sbnet s bnet • Set all host bts tto o 1 (255 decim decimal) al) • Last sabe ost aaddres ddresss • ne nmber lower than te broadcast address
N w w r (4 I H . N _ © 07 MS MSudi,, LCLC Pf r' r' c c ET/A-5 ET/A-5Dl Dl r r Pag
hp
See all of these great notes: hp://www.professormesse.com/icnd
'
-
1
,1 . 1
1
.
•
.
-
.
.
.
.
.
.
.
.
'
M
•
� �
•
t
'.
+
.
.
.
1.14 - 1Pv6 Address Types {contnud} nk ocal •Commuicate o the oca subet • Evey 1Pv6 terace gets a oca addess •fS0::/0 • f80 + 54 zero bits 64 bt teace ID • Eectvey becomesf80::/6 • Routers wo't orward these pacets • Everytg stays o the oca etwo •Used mosty or admstave purposes •Roug, Neigbo Dscovey Protocoetc.
Socted-node multcast address
• Evey devce ceates a Pv6 soicted-ode mucast addess •Commoy used NOP •Uses FF02:::FF /0
•Wi=M
oictdoe
F02:00000000:0000:0000:0001:F****** • Locasubet • Based o te Pv6 uicast addess
Mtcast • Commuicate to mupe devices simutaeousy • Witout commucag to eveyoe
ff :
• Commoy used o routg protocos •y routers ruig that potoco wi ste
ff8 :
• Mucast addresses sta with 111111 •FF00::/8
ff :
Prefx
Scop o A eve o e o eo
: te o A deve t t rgo o A e e m og
: Go IAA d ee o A m oop
Modifed EU64
Atoconguraton
•Use the MAC addess to create a statc Pv6 addess • You just eed te 1Pv6 pex
• tateu autocoguato •DHCPv6 • P addess segs are detemed by the DCP sever
•Add addoa bts to te 4-bt MAC addess to create a EU64 addess • p the 7t bt ad add FF F
• tateess addess autocoguao (AC) •Use NP to deteme the subet prex •Use the moded EU64 to compete te addess • No server eeded
• Easy to cogue •Taes secods • Aways the same 1Pv6 address
• More Pv6 Addessigwit DCP ad AAC
• ee moe Cogurg 1Pv6 Addresses nycast
•Cogue the same 1Pv6 aycast address o deret devces •oos ie ay othe ucast addess •Pacets set to a aycastaddess ae deiveed to the cosest iteace
# ipv6 address 2001:1:1:1:7/128 anycast
R 1 itc i G/ up, Un c I J • O, ·� F ll ll H(s) :17 Sb S !! V 88. 6 1
• Aouce te same route out o mutpe data ceters • Cets use te data ceter cosest to them •AycastDN
I
2 :2 2 8A G2 : ::2 ::2 f ff& f & U bytes C ro $g o ry 0 s e< u ' O n D ND a 3 D dve ech m pMe D dv a u e e 9
_.,• I
� "
© 2017 Mr S dio dio, LC
P ' c ENT/A -5 IDlu IDl u ag ag 5
-
hp p wv. wv. of om
�- _.
-
·
�- -
.-
.
�-
_
�
,.....
...•
•
2.5 - Confguring lnterswitch Connectvity 802.lQ trunking • Take a normal Ethernet frame Pream eamble
VN10- � · VN20_
FD Desnon Desnon MAC
Souce
Typ
od
FC
• Add a VLAN headerin the frame
Etherne Swich
a
FD Ds M
c MA
VN
Type
Payload
FC
• VAN IDs - 12 bits long, 4,094 VANs • "Normal range through 005, "Extended range 006 throgh 4094 • 0 and 4095 are reserved VLAN numbers
Ethere Swch
VN0. V20
• Before 802.lQ there was SL (InterSwitch nk) • SL s no longer sed; everyone now uses the 802lQ standard The natve VLN • Ths s dferent than the "default VLAN • The defat VAN s the VLAN assgned to an nterface by defaut
runk conguraon • Use #p • Congures a trnk to se all known VLANs
• Each trunk has a nave VAN • The nave VAN doesn't add an 802lQ header
• Dynamc Trnking Protoco (DTP) • Atomacaly congres trunkng arameters • Dene the tye of trunk •IEEE 802lQ S or negotate • Dene the admnstratve mode • Do not trunk always trunk or negotate a trunk
• The nave VLAN connects swtches without a tag • Some devces wont tak 802lQ • Just use the nave VAN ! • Natve VLAN should match between switches • You II get a message f the VLAN IDs dont match 1
Tr commads
Swtchport modes •access
•Switch(cong-if)# sp
• A nontrunked ort •trunk • A trunkort
•Switch(cong-if)# sp •Switch(cong-if)# s p
•dynamic desirable • nitates and resonds to trnk negotaon messages •dynamic auto • Does not iniate but does resond to trnk negoaon messages
•Switch(cong-if)# s p
•# •#
2.5 Toubeshoong lnteswitch Connecvity Troubeshootng VLN configurations
• Check VLAN assgnments on the swtch • This s one of the most common ssues yoll nd • Check VLAN assgnments between swtches • This issue usally aears drng inita conguraton • Very the list of trunked VLANs • Create good documentaton • Check the dynamic trunk assgnments • Another intal confg gone wrong
Checking VLN assgnments • ist all VLANs and their associated interfaces Switch# s Switch# s • ist all interaces associated with a secfc VAN Switch# s • View a secfc interface VLAN confgraton Switch# s O/ p • View a ist of MAC addresses and theirVLAN assgnments Switch# s
Dynamc trunking
• oth swtches have to be congred with the right trunking mode• Dont confgure dynamc trunkng on one sde and statc on the other • Dont confgre both sides as dynamic auto • oull end u with an access ort wth no trunkng • ts not as "auto as you mght like © 2017 2017 ti i , L L
f f ' E/-5 I · g
h w
Read more about this book: hp://www.professormesse.com/icndl
.,
.
.
-
-
· .
.
. �:•
.
3.6 - 1Pv4 Stac Roung Host and etwork oues • Sac oue ex ex hop ca be a IP addess o ieface Routerl(confg)#ip route 10.10.20.0 255.255.255.0 1010.50.2 Routerl(confg)#ip route 101020.0 255.2552550 s0/3/0 • Desao s based o he mos specfc oue • A masof mas of "all oes oes is he mos specic • Roue Roue o a specc P add addess/h ess/hos os • Use a mas of of255. 255.255. 255.255. 255.255 255 Routerlconfg)#ip route 10.10.20.3 255.255.255255 10.10.502 outer#shw ip roue aic
S S
10.000/8 varaby ubnetted, 9 ubnet, 2 mak 00200/24 drecty connected, Sera0/3/0 00202/32 [l/0] va 00402
Net hop P addess vs erae • Sacoue Sac oueo o ex ex ho hop p IPadde IP addess ss • Foadig oue eeds eeds he L2 addess of he ex ho hop p P addess • ARP fo 10 10 5 0 , ee ee he 2 fame ad se sed d o he esoed MAC MAC • Sacoue Sac oue o ex ex hop eface • Foadig oue assumes he he desao P add addess ess s decly coeced • ARP is se o he desao desao IP IP addess hough he ex hop hop eface eface • Po-opo Po-opo coec coecos os • Use ex hop hop eace eace o ex hop IP add addess ess • Mulpo Mulpo coec coecos os • Use ex ex hop hop P add addess ess Routerlconfg)#ip route 1010.20.0 255.255.255.0 1010.502 Routerlconfg)#ip route 1010200 255255255.0 s0/3/0 Populang a stac rote
• Sacoue Sac oue h ex ex hop hop ie ieace ace • Ieface Ieface ha has s o be up/u up/up p • Sac Sa c oue oue hex h e x hop P addess • Mus hae hae a oue o he he IP addess addess • Wihou hese a oue does' does' appe appea a i he abe • Nee Nee sho shoss up • Foce a oue oue o appea appea h he pemae pemae eyod Routerlcong)#ip route 10.10.203 255255.255.255 S0/0/1 permanent • The eface o oue sll has o be aaiabe aaiabe • The paces paces aae e dopped dopped oheise Defat outes
• A oue oue he o ohe oue oue mac maches hes • he "gaea "gaeayof y of las las eso • A emoe sie may hae o oyy oe oue oue • Go ha ay ·> es ofhe of he od • Ca dama damaca caly ly smpy smpy he oug pocess • Wos coju cojuco co h al ohe oug mehods
©
7 Messr Stdio dios, LC LC
Router2# w Codes: L - loca - cnnectd, S satic, - P M - mbil 8 - BG? D , X extena I , p 2 SP NS type 1 N2-, OSF A· SS eKtena E - SP etenal p 1 E - OSPF exeal te 2 E • EP II, I v- v, * - cndae efaut, - pr-ser staic re - O P - priodi dnlde sac ue
I Gtea lst rert is 0 .00
to netrk 0
v , , 0.2.0/2 s dety conncted, Ggabtthenet00 10..21/32 is dietly conncted Ggabitterne00 44 , 10.2/32 i dietl conncted, Sril0/3 000.00 [J i 10. /wP wP ofo e ecom com Professor Messe's Cisc o CCENT/CCA10 CCENT/CCA100 0-05 ICDl Course o o tes· age 9 C
There's a lot more right here: hp://www.professormesser.com/icnd
3. 7 - An Overview of RI Pv2 Dynamic routng protocols • isten for subnet nformaton from other routers • Sent from router to rouer
IGP (Interior Gateway Protoco) • Used wihin a snge auonomous system (AS) • No ntended to route between AS • hat's why theres Exerior Gateway Protocos (EGPs)
• Provide subne nformaon to oter routers • Te other rouers wa you know • Deermine he best path based on te gathered nformaon • Every roung protocol as its own way of dong tis • Wen nework changes occur, update the avaiabe roues • Dferentconvergence process for every dynamc roung prooco
• 1Pv4 dynamic routng • OSPFv2 (Open Shortest Pa First • RIPv2 (Roung nformaon Protoco version 2) • EGRP (Enanced nerior Gateway RoutngProtoco) • 1Pv6 dynamicroung • OSPFv3 • EGRP for Pv6 • RIPng (RP next generaton)
Whic routng protoco to use? • Wat exacty is a route? • s it based on he stae of the ink? • s it based on ow far away it s?
nk state routng protocols • nrmaton passed between routers s reaed to e curren connectvty • f i's up you can gettere. • f i's down you can.
• How does the prooco deermne he bes path? • Some formua is apped to te criera o create a metrc • Rank te roues from bes o wors
• Consider the speed of e nk • aster is aways beer rig?
• Recover aer a cange o he nework • Convergence me can vary widey between routng protocos
• Very scaabe • sed mostoften n arge networks
• Standard or proprieary protoco? • OSPF and RP are standards basc funcons of EGRP are standard (RFC 7868)
• OSPF S-S • Large scaabe roung proocos
Dstance-vector routng protocos • nformaon passed beween rouers contans roung tabes • Good for smaer neworks • Doesnt aways scae we to very arge neworks • How many ops" away is anoter nework? • e decidng vector" s he dstance" • RIP RIPv2 BGP • suay automac - very te configuraton
Routerl#d b g ip v I n s n P: c 2 a trom 172.62 n /3/ 9804 000 h 192.6830/24 via 00.0 n hops
Sam .10
Routerl Routerl
u# r et n # 2 2, n / 9800/4 000 h
Suet 726/4 Swltch3 Swltch3
bn 83
Teal'c .10
© Mr di di os, LL C
Pf ' c ENTNA -5 IND N N - Pg
hp hp w
-
,'
�
-
-
-
4.4 - Troubleshootng DHCP onrm you elay aget • If the DHCP s eve is't i or P sbet, o eed anip helper-ddress • te DHCP sever s oca, o ea s eqed • Roter-oa-stck • Separate sbets • Need a ip helper-ddress o eac sbteace • Use show ip iterfce • sef we o cat vew the cofgato
�outer2#shw ip interface g0/0 igabitEternet0/0 i up, line protocol i up (connected) Internet addre i 10.10.30.1/24 Broadcat addre i 255255255255 Addre determined by etup command MTU i 100 bte Helper addre i 172.6.1. Drecte roacat orarng i diabed Outgoing acce lit i not et nbound acce lit i not et Proxy ARP i enabled Security level i default Split orizon i enabled CMP redirect are alay ent
No DHCP ddss ssd
DHCP ddss s ssd wh bd o
• Te DHCP ea aget ses the ea iteface IP addess as the sorce P addess • The DHCP seve copaes te etwok cogao to the ea P address • The sbet as sets te rage
• ts eas to iscogre a DHCP poo • So a cofgato optos • Yo a ot ave te rigt address forato
• DHCP ea teface ad DHCP poo etwor age st atc • Wtot a atc, a P addess is ot oeed
• coect DNS vaes • No ae resoto bt P woks
• If o have coectvit te ae the copaiso • Check te ip helper-ddress iterface • Copae it to the etwork cofgato i te poo
• coect deat gatewa assged • Cocates to devces o te oca sbet o
• TP addess is corect assged • VoIP poe doest dow oad acograo fe
t lwys te wok • Cetrazed DHCP serves rel o a stable/vad etwo coecto • Yo cat get a P addess ess theres a ik • Use pig ad trceroute to vadate te coecto • The i betwee the DHCP ea terace ad the p heper-addess Bw h DHCP d h ly
• DHCP is al abot boadcasts • 2.255255.255 "a oes broadcast • Rotersdo ot orward DHCP boadc ast pacets • O a ote broadcast packets
D ouehoog • Cor the ip helper-ddress terfaces ad P addesses • Oe wrog teface o address s fatal • DHCP poo etwork cofgato sod atc ea iterface P • Ceca poos IP addesses ad sbet ass • Check te etwok betwee DHCP sever IP address ad DHCP rea P addess • Coecvt s cca
• Mae sre te DHCP clet s a VLAN with a ip helper-ddress • Check oca AN betwee the DHCP rea • Boadcasts ae ve liitg aget ad te DHCP ciet • Basic coectvt is rered • Eas to be paced i te wrog VLAN
45 - Confguring NTP NTP (Nwok me Poool)
• Swtces, roters, ewals seves, workstatos Eve devce as its ow cock • Scozg te cocks becoescrtca - Log les, atetcao forato, otage detais • Atoatc pdates - o fashg 12:00 ghts • Fexibe o coto ow cocks are pdated • Ve accate Accac s bette ta ilisecod o a oca etwok © 2017 Messer Studis, LLC
Professor Messe's Cisco CCENT/CCA 100-05 ICDl Course otes age 39
http/wwPrfssoessecm http /wwPrfssoessecm
4.6 - Confguring Standard Numbered Access Lsts
Standard numbered ACs
AC synt syntax ax
• Standard Standard ACL • Souce Souce IP address addre ss is the only citeria
• Standad numbered ACs use use access list numbes between 1-99 o o 1300-1999 • The gap s reserved for other protocols (Apple (AppleTalk, Talk, DECnet IPX IPX etc.)
• Numbered Numbered AC • ACs ACs ae efeenced by number instead o a name
g # {1-99 I 1300-1999} permit I deny} source [source wildcard]
I any}
g # 1 deny 10.10.1.77 g # 1 permit all
CConfiging onfiging standad standa d numbeed ACLs
VewingALC configaton configat on nformation
• Choose route interace and directon •R4# • Put a standad ACL ACL nea the destnat destnaton on IP - peven pevents ts nadvert nadvertent ent dscards • Vew al ACs • Use the the Source Source IP addess make sue to use tthe he corec corectt decton decton 4# / •R4 • Ceate the the ACs ACs using using global global conguraon commands commands • Interace nformaton nf ormaton shows shows wh whch ch • opdown matching deault s to deny f nothng else matches ngong and outgong ACLs are associated wth the the interface • Add the ACL to the nteace ip aooess-grup 1 in ip aooessgrup 2 ut
• Prevent Prevent Sam rom accessng Jack's Jack's sever
Routr4(config)#aess-ls 1 deny 10.00 Rout(ong)Uaessls prit a oog# g0/0 (#p aces-roup
• Pck a locaon c losest to the desnaon
0Su.bne0t4 g
n 7 6 0 g/ g4 Subnet3 \ m , - � _1 / .l swi,ch2l � S · g ! ( < 1- i O S2 HLadr ·2 Routerl gO/ O/ �g� .1 Rut3 Router
Danfel
s
t4
Jack
4.6 Co nfguring Extended Numbered Access Liss
Extended nmbeed access acce ss lists
• Simar to standard numbered ACLs • op-down irst-match logc ingess or egress iterng • Now youll have many more ilteng optons • Souce IP address desnaon P addess protocol
Extended nmbered 1Pv4 AC
!IP Heade
':�-------4b ys------------- Vrsio
T yp o Svic
Idti
Tm o -
tl Lgth
Flgs
Prol
rgm Ot
Hd Chksum •
P P Addrss
stiio IP Addrss • Syntax Synta x is smilar to the standard number ACs Os d Pddig • Adds addtona matching eywods • Uses number number anges 00-199 and 2000-2699 • protoco protoco - ip tcp udp icmp access l ist 101 deny iomp any any • souce_p souce_pot dest_ip dest_pot access list 1 01 deny top 10.10.10.0 000255 10.10200 0.00255 eq 80
©Mo
L C
Pf 'C CENTCNA 5ICNDC N P
hnp
o m
I
--
:
•
-
•
e
I, •
:
"
.
-
1
-
'
"
.
4.7 - Confguring Network Address Translaon (contnued) outerl#shw ip nat statistics Tota tranation: 3 (0 tatc, 3 dynamc, 3 extended) utide Interface: Sera0/3/0 Inde nterface: GgabitEternet0/ Hit: 68 Mie: 35 �xpred tranaton: Dync appng:
Monitoring NAT NAT oveload/P
Router#sw ip nat ro nide goba cp 92.1.1.1:024 cp 92.1.1.1:025 cp 92111:027
translations
nide oca 1.10.20.51027 1.10.20.71027 110201:1027
Outide oca 04.2.9.63:8 4.2.9.63:8 042963:8
Outde goba 104.20.1963:80 104.20.1963:80 104201963:80
4.7 Troubleshootng Network Address Translaton TToubleshootng oubleshootng best-pactces • U ACL • Ck •ip nat insideip nat outside • W AC NPA • AC NA • • AC NA • NA • • k • A k Statc NA toubleshootng • • ' nsd ba addss IS snd
outer(cog)# g0/0 outer(cog -f )#ip inside outer(cogf)#interface s0/3/0 outer(cogif)# nat outside outerl(cog-if )#exit outer(cog)# nat inside source outer(cog)# outer(cog)#
Dynamc NA ACL • AC k
• A ACL NA
Dynamc NA poo • v • NA
static 10.10.20.10 92.1.1.10
nat inide ource static 10.10.20.50 92.1.1.50 nat inside source static 10.10.2070 921170
outer(cong)# g0/0 Router(congf)# nat inside Router(cong-f)# s0/3/0 Router(cong-f)# nat outside Router(cong-f)# Router(cong)#sss 1 permit 10.10.20.0 0.0.0.255 Router(cong)# nat pool midway 94.1.1.1 94.1.1.2 netmask Router(cong)# nat inside source list pool midway
255.255.255.0
outer(cong)# g0/0 outer(cong-if)# nat inside outer(cong-if)# s0/3/0 outer(cong-if)# nat outside outer(congif)# outer(cong)#sss 1 peit 10.10.20.0 0.0.0.255 outer(cong)# nat pool midway 94.1.1.1 94.1.1.2 netmask
• show Ck outer(cong)# ip nat statistics
255.255.255.0
nat inside source list 1 pool midway
• Y' N ' k NAT NAT oveload / P toubleshootng • A N • v k • ' v • Y v qk © 2017 2017 Messer Messer Studis. Studis. LLC
outer(cong) interface g0 0 outer(cong-if)# nat inside outer(congif)# s0/3/0 outer(cong-if)# nat outside outer(cong-if)# outer(cong)#sss 1 permit outer(cong)# nat inside source
10.10.20.0 0.0.0.255 list interface s0/3/0 overloa
-
000
http /wwPrfssoessecm /wwPrfssoessecm
-
-
-
-
5.3 - Inital Device Confguraton Boong 1OS •Performs a PT •Power n elf est • asic hardwae check
What o need •Hostname
• oots from RM • ootstrap program s copied into RAM
•Enable password •A less-sece version o o the enable secret passwod • Remove t afte configrng the device
•Enable secet passwod •Potects privleged privleged EXEC and congaon congaon modes
• ootstap boots an I image o RM Monito (ROMMON} • ROMMON s used fo adminstratve and maintenance prposes • loads the statup-cong le
•Vrtual terminal password •TT e passwod sed sed when accessing te devce ove the network
• Loaded into RAM as running-confg na ece congaon •No configuaton le? No problem.
•Confige Confige NMP management management (yes (yes or no) •Physcal nterface o management •Need P address and subnet mas
•ystem Confgaon Diaog (etup Mode) •Men-drven configuraton on a new devce •Yo don't have to use etp Mode •Confgre Confgre the dvevice toug e temal
54 - Confguring 10S Passwords Authentcatng to 10S devces •Most organzaons wil se an extenal AAA serve •Authentcaton, Authorzaon, Authorzaon, and and Accoun Accounng ng •No No passwods on te I devce
User mode and and privieged mode passwods •Console password • Protects connecons trogh te console port
•You migt want a backup login
•vty passwod •Potects connectons trogh te
•Just in case •Potentals Potentalsecrty ecrty concern •toe te passwords secuely
vta teletype port (telnet o ) •Enable passwod •Prompts wen enteng enable mode
Teletype lies •Inbound connecons ae made made over TY TY line lines s •Many dieent TY lnes on an device •CTY - Consoe Consoe inte inteace ace
•TY Asynconos Asynconos seria interaces interaces •AUX Auxiliary Auxiliary pot pot •VTY - Virtual teletype/vtal teminal teminal •View wit shw le
• t no passwods configured no passwods ae reqred •A bad de dea a Atentatg to 10S deves • Most oganzaons wil use an externa AAA serve •Athencaton Atorizaton and Acconng •No passwords on the devce
•You mght want a bacp login login •st n case •Potenal security concern •tore te passwods securey �ou t er l # cg ina
Confgurg es •Consoe password
•elnet/ passwod
• Enabe/Privlege Enabe/Privlegedd EXEC mode passwod © 2017 Mr Studio, LLC
�nter confguration comands, one per line. ouer(cong)# cns 0 ouer(cong-line# sgc ouer(congline# Rouer# mna ner confguraion comands, one per line. ouer(cog)# vy O 4 ouer(congline# ouer(congline#
End with CNTL/Z.
End wih N/
ouer# na ner conguraion comands one per ne. End N/. outer(confg#b sc chynn
Pfess esse's sc ENT/NA -5 INDl se Nes Page 54
http wom
See the enre book: hp://www.professormesse.com/icndl
-
" I
-
5.6 - Logging at the Terminal (contnued) teinal monitor • M h gs SSH sss Houter4�1na monitor Router4# 000078: Mr 7 20:58:8303: %LIPROO-5UPOW: Lie protoco o Iterfce V2 chged stte to do 000079 ,r 7 20589,327 %LIEROTO5UDOW Lie protocol o Iterfce FstEtheret0/2 chged stte to do Router4# 000080 ,r 7 2058:20,342 %LI3UPDO: terfce FstEtheret0/2 chged stte to do Router4# 00008: ,r 7 20:58:28,562: %LIK3UPDO: terfce FstEtheret0/2 chged stte to p 000082 ,r 7 2058:29,569 %LIEROTO5UDOW Lie protocol o Iterfce FstEtheret0/2 chged stte to up Router4# 000083 ,r 7 20:58:56.656: %LIROTO5UDOW: Lie protoco o Iterfce V2 chged stte to p Router4# loggg oter4#w Syslog loggig ebed (0 messges dropped 0 messges rteimited 0 shes 0 overrus disbed terig disbled)
No Active Messge iscrimitor. No Ictive essge Discrimitor. Cosoe oggig: eve debggig 83 messges ogged disbed lterig disbed Mitor loggig eve debggig 6 messges ogged xm disbed lterig disbled Loggig to: vty(6) Buer oggig eve debggig 83 messges ogged l disbed lterig disbled Exceptio Loggig size 4096 bytes Cout d timestmp oggig messges: disbed File oggig disabled Persistet oggig: disbed No ctive lter modes Trp oggig level iormtio 87 messge ies ogged Loggig SourceIterce:
VR me
og Buer (4096 bytes 8,37 %LK3UOWN: Iterce stEtheret0/3 chged stte to p
Severity leels
• Lggg vsc b dvduy c gud • Ech svc chv's w vbsy • gs dspyd f h v d w ( sv) • Cs gs loin onole 7 0 • M gs 1 loin monitor 6 2 • I bu gs loin ere 4 3 • Sysg 4 loin tra 6
5
Dbuggg • M OS csss • My df dbug ps • bg dbug w usdd sucs • Mk su yu hv h vhd Roter4#o roe
I
W
N
f
If
• If yu' ccg v ssh, b su bggg Roter4#teinal monitor © 2017 Messer Studis, LLC
Professor Messe's Cisco CCENT/CCA 100-05 ICDl Course otes age 61
http/wwPrfssoessecm http /wwPrfssoessecm
Pfsr M�
Thank yyou Thank ou for viewing this sample of my ICND Course Notes. Good studies! hp://wwwprofessormessecom/icnd
