Name 5 TCP/IP application protocols with their predefined port numbers.Name 3 TCP/IP transport protocols. Describe the differences and their applications.Discuss TCP and UDP differences. (minimum 3)Explain 3-way TCP connection establishment steps. Which flags are used in this process?Explain 4-way TCP connection termination steps. Which flags are used in this process?What is a window size? In which protocol do we have it?How error recovery is done in TCP?How source port numbers are chosen?Name and explain 4 most important fields in the IP header.How long is IP address (bits)? How network bits and host bits are defined?What is an IP network? How could you tell if 2 IP addresses are in the same or different IP networks?Name a few data-link layer protocols. What type of address do they use?What is MAC address? What parts does it have?What is a broadcast domain? How can we divide broadcast domains?What are unicast multicast and broadcast frame? what's Ethernet broadcast address?Discuss error detection with Ethernet protocol. Does it recover the error?What is ARP? When would we use it? How does it work?Which IP address do you ARP when:The destination IP is part of your IP networkThe destination IP is in another IP network

PDU & EncapsulationDesigned by:Nima JavidiPDU & EncapsulationDesigned by:Nima JavidiPDU & EncapsulationDesigned by:Nima JavidiEthernet PHYDesigned by:Nima JavidiEthernet PHYDesigned by:Nima Javidihttp://www.highteck.net/EN/Physical/OSI_Physical_Layer.htmlIP AddressDesigned by:Nima JavidiSubnettingDesigned by:Nima JavidiSubnettingDesigned by:Nima JavidiSubnettingDesigned by:Nima JavidiBroadcast domainDesigned by:Nima JavidiClient IP configurationDesigned by:Nima JavidiEthernetHeaderIPTCPHTTPEthernet tailerSMAC: ?DMAC: ?Protocol: ?SIP: ?DIP: ?TTL: ?Protocol: ?S-Port: ?D-Port: ?Message: ?EthernetHeaderARPRequestor replyEthernet tailerSMAC: ?DMAC: ?Protocol: ?S-IP: ?D-IP: ?EthernetHeaderIPTCP/UDPDNSEthernet tailerSMAC: ?DMAC: ?Protocol: ?SIP: ?DIP: ?TTL: ?Protocol: ?S-Port: ?D-Port: ?Message: ?Wireshark packet capture exercise Designed by:Nima JavidiEthernetHeaderIPICMPEthernet tailerSMAC: ?DMAC: ?Protocol: ?SIP: ?DIP: ?TTL: ?Protocol: ?ICMP type: ?HTTP PDUICMP PDUARP PDUDNS PDUFor each IP network write:A network addressA broadcast addressFor each client write:An IP addressSubnet maskDefault gateway(if needed)Write R1 routing tableWrite S1 MAC-Address tableHow many IP networks should we have?How many broadcast domains do we have?Write down the encapsulation process when we ping C2 from C1 (Topology A, Topology B)

R1S1C1F0/0F0/1F0/1F0/2Topology ATopology BC2C1C2R1C1:IP: 172.17.45.201MAC: C1-MACC2: IP 192.168.106.67MAC: C2-MACF0/0: 172.17.45.200 /25MAC: R1-MACF0/1:192.168.106.66 /26S1F0/2F0/1TypeNetwork AddressSubnet maskInterfaceC (connected - directly connected to the router)R1 - Routing tableMAC-AddressPort (interface number)S1 - MAC-Address tableF0/3C3: IP: 172.17.45.202MAC: C3-MAC

C1 - ARP Cache ("arp -a" from command prompt)IPMACR1C1C2F0/0F0/1S1F0/2F0/1F0/3C3R2S0/0 (serial interface)S0/1 (Serial interface is usually used for Wide Area Network connections)S2F0/4F0/3F0/1C4Broadcast domain: A (All the devices in this area are in the same broadcast domain and should be part of the same IP network)

IP network: ANetworkNumber of usable addressesA40B60C21D7To answer the questions consider all of the topology.To configure just configure the part in the box.How many broadcast domains do we have?How many IP networks do we require?Subnetting:Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write:Network addressBroadcast addressSubnet mask in (binary and decimal)Number of usable addressesFist usable address (The router address in this example)Last usable addressThis part of the network must be simulated in packet tracerNetwork BC1C2F0/0F0/1Broadcast domain: A (All the devices in this area are in the same broadcast domain and should be part of the same IP network)

Network: ANetworkNumber of usable addressesA30B60C21D7Network DHow many broadcast domains do we have?How many IP networks do we require?Subnetting:Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write:Network addressBroadcast addressSubnet mask in (decimal)Number of usable addressesFist usable address (The router address in this example)Last usable addressR1C1C2F0/0F0/1S1F0/2F0/1Broadcast domain: A (All the devices in this area are in the same broadcast domain and should be part of the same IP network)

Network: ANetworkNumber of usable addressesA30B60C21D7Network DHow many broadcast domains do we have?How many IP networks do we require?Subnetting:Subnet 172.17.1.0 /24 and create subnets based on the given table and for Each IP network write:Network addressBroadcast addressSubnet mask in (decimal)Number of usable addressesFist usable address (The router address in this example)Last usable addressR1Flash memory: to store the router/switch operating systemDRAM: is memory being used for run the operating system and running-configRunning config: the the current configuration of the router (Will be removed when switched off)Stratup-config: Is the saved config which will be used when the router is booting up

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: NoWrite no and press enter. To get router promptYou are now connected to Router and are in user mode prompt. The prompt is broken down into two parts, the hostname and the mode. Router is the Router0's hostname and > means you are in user mode.Press RETURN to get startedRouter>User mode is indicated with the '>' next to the router name. in this mode you can look at settings but can not make changes. In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the keyword is enable.Next type the command enable to get to the privileged mode prompt.Router > enableRouter#To get back to the user mode, simply type disable. From the user mode type logout or exit to leave the router.Router#disableRouter>Router>exitRouter con0 is now availablePress RETURN to get startedpress enter to get back router promptRouter>You are now in User mode. Type ?to view all the available commands at this prompt.Router>?From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode type exit or +zRouter>enableRouter#config terminalRouter(config)#exitRouter#

Files and config Designed by:Nima JavidiCLI modes and configuration modesDesigned by:Nima JavidiConfigure:Set the hostname (global configuration mode)

Set a privilege password (global configuration mode)

After setting the password, you will be asked for the password, next time you go to privileged mode from user mode

Enable Telnet and set a telnet password:

Assign an IP address to an interface (interface configuration mode)

Write/set a description for an interface (interface configuration mode):

Banner (A message that users get when they login to the device(set it in global configuration mode)):

Switch configuration is similar to router configuration but the IP address configuration follows:The switch is a layer 2 device and has an IP address just for management reasons. It also needs to have a default gateway. So that it could send the traffic to users (in other networks) which are communicating the switch itself. LAYER 2 ETHERNET SWITCH DOES NOT HAVE A ROUTING TABLE AND REQUIRES A DEFAULT GATEWAYVerify (in privileged mode)Routing table: Show IP routeRunning config (current):Show runStartup config (saved)Show startInterface name/number Show IP interface brief15R1#configure terminalR1(config)# interface f0/0R1(config-if)# ip address 10.1.1.1 255.255.255.0R1(config-if)# no shutdown

R1(config-if)# description Connected_to_SW1

S1#configure terminalS1(config)# interface VLAN 1S1(config-if)# ip address 10.1.1.2 255.255.255.0S1(config-if)# no shutdownS1(config-if)# exitS1(config)# IP default-gateway 10.1.1.1Connect cablesRouter configurationHostnameSet passwordEnable telnet + passwordBannerInterfaceIP Address configurationEnable the interfaceLeave a descriptionSave config Switch configurationSet passwordEnable telnet + passwordBannerIP config (int vlan 1)Set a default gatewaySave config

ClientsIP AddressSubnet maskDefault gateway

Verification & testingPing your gatewaypingVerify routing tableshow ip routeVerify IP addressesVerify running configPing other computers within the same subnet and capture using wireshark)(write answers in page 2)Ping computers in different subnets and capture using wireshark)(write answers in page 2)Telnet to the routerTelnet to the switchConfiguration and verification checklist CCNA 1 questions (before starting CCNA 2)

What information do we have in a routing table?What steps does routing a packet include (at layer 2 and 3)?What is the connection between the necessity of ARP and the layer 2 protocol type being P2P (PPP, HDLC) or Multi access (Ethernet, Frame-relay)?What is ARP protocol and how it is used?What information do we have in ARP request and reply? Show information in the encapsulated PDU (headers and payload) (ARP req and reply)Would we use ARP when the layer 2 protocol is PPP? Why?What is different in the encapsulation process of the following:Two clients being in the same IP networkTwo clients being in different IP networksExplain the connection between broadcast domain at layer 2 and IP network at layer 3

Routing tableDesigned by:Nima JavidiF0/1: B /27

F0/0: A /26R1F1/0R2F0/0R3F0/1F0/0Loopback 0: E /30Network C /28Network D /29

Draw a diagram including: Router name, interface name and number and interface IP addressesCome up with 5 separate IP networks according to the given subnet mask: A, B , C, D and EChoose usable IP addresses for router interfaces and add them to the diagramWrite static routes needed on R1, R2 and R3 separatelyWrite R1, R2 and R3 routing table separatelyStatic route concept, configuration and verification guideConceptConfigured to tell a router how to reach an IP networkIt is configured in global configuration modeIf an IP network is directly connected we would not need to configure a static route for itNext_hop address is the address of a directly connected router (facing us)Next_hop address must be reachable using one of the connected routesConfiguration:R1(config)# IP route destination_IP_network Subnet_mask Next_hop_addressMust be a network address not an IP address In decimal format The IP Address of the next router towards the final destinationVerification:R1#show ip routeStatic Route LABDesigned by:Nima JavidiUse Loopback interfaces if Fastethernet is not availableF0/1: B /27

F0/0: A /26R1F1/0R2F0/010.1.1.10R3F0/1F0/0Loopback 0 192.168.10.21 /24 Network C /28Network D /29

Draw a diagram including: Router name, interface name and number and interface IP addressesCome up with 5 separate IP networks according to the given subnet mask: A, B , C, D and EChoose usable IP addresses for router interfaces and add them to the diagramWrite static routes needed on R1, R2 and R3 separatelyWrite R1, R2 and R3 routing table separatelyStatic route concept, configuration and verification guideConceptConfigured to tell a router how to reach an IP networkIt is configured in global configuration modeIf an IP network is directly connected we would not need to configure a static route for itNext_hop address is the address of a directly connected router (facing us)Next_hop address must be reachable using one of the connected routesConfiguration:R1(config)# IP route destination_IP_network Subnet_mask Next_hop_addressMust be a network address not an IP address In decimal format The IP Address of the next router towards the final destinationVerification:R1#show ip routeStatic Route LABDesigned by:Nima JavidiUse Loopback interfaces if Fastethernet is not availableIP ROUTE 192.168.10.0 255.255.255.0 10.1.1.10IO BOXStatic routing vs. Dynamic routingDesigned by:Nima JavidiWhat is a connected route? When would you have a connected route?What is a static route and for which networks you must configure it? *GWhat is dynamic routing?What protocols can enable dynamic routing? *GWhat is administrative distance and what is it used for? *GWhat is the difference between routing update path and actual traffic flow path? *GRouting protocols and subnet mask:When do categorize a routing protocol as classful?Which routing protocols are always classful?Which routing protocols are classful by default but could be (configured to become) classless?When would we call a network discontiguous? *GWhat the result would be if using classful routing protocols when we have discontiguous networks? *GWhen using a classful routing protocol for classless networks and having a subnet from the same major network on the receiving interface, what subnet mask will be used for the advertised network? *GAuto Summarization:What is auto summarization?Which routing protocols do automatic route summarization?On which routing protocols auto-summary can be turned/switched off?

What is manual route summarization? *GHow is it done with static route? *GHow is it done with routing protocols? *G

*G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configuredCCNA 2 Questions "Page 1"Designed by:Nima JavidiWhat is an autonomous system (AS)?Which category of routing protocols could be used to manage routing within an AS? Name a fewWhich category of routing protocols could be used to manage routing between autonomous systems? Name oneWhen would we say routing is converged?What is convergence time?How interior routing protocols (Interior Gateway Protocols (IGPs)) are categorized?What the differences between Distance vector and Link state routing protocols are? ListList and explain RIP timers? For each and every timer:When does each timer start counting? What happens while the timer is counting?What happens is the timer is expired?How does BellmanFord algorithm works?What issues could BellmanFord algorithm cause?Which additional features added to rectify the BellmanFord algorithm issues?Explain the counting to infinity process *GWhat does split horizon mean?What is a poison route? When would it be generated? *GWhat is metric? what information could be used in metric calculation? Give exampleWhen metric will be compared? When administrative distance will be compared?*GWhat is equal cost load balancing? When would it happen?What is unequal cost load balancing is? When would it happen?What is a default route? How is it configured? In which scenarios is it common to have one?*GShould the default route be advertised? How do we advertise it (config)? On which route do we usually advertise it? *G

*G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configuredCCNA 2 Questions "Page 2"Designed by:Nima JavidiWhat does EIGRP stand for?What are the main characteristics of EIGRP?What tables does EIGRP create? what are they used for?What packet types does EIGRP have?In EIGRP which packet types are acknowledged?What is the DUAL algorithm?In EIGRP what a successor is? *G In EIGRP what a feasible successor is? In which table can you see it? Would it be in routing table?What Reported distance(RD)/Advertised distance(AD) is?What is feasible distance(FD)?Explain the feasible condition. give two examples when we do have the feasible condition and we don't *G What is unequal cost load balancing? How is it done and configured in EIGRP? *G What is variance in EIGRP?What are K values? What is the default value of different K values?How metric is calculated in EIGRP? What information can be added to the metric calculation process?What are EIGRP timers? What are they for?

*G = Give an example (scenario with diagram) with at least two routers and explain the way it functions/works or configuredCCNA 2 Questions "Page 3"Designed by:Nima JavidiF1/1: B /SCCNA 2 Manual Route summarizationDesigned by:Nima JavidiFor Given IP networks calculate and answer the following questions:A /R: 195.143.8.0 /24B /S: 195.143.11.0 /24A /R: 51.1.192.0 /23B /S: 51.1.194.0 /23C /T: 51.1.198.0 /23A /R: 210.1.128.0 /18B /S: 210.1.194.0 /23C /T: 210.1.200.0 /23

Discuss differences between: Manual route summarization using static routesManual route summarization using classless routing protocolsWhat is the summary route and subet mask of given IP networks?What is the range of the calculated summary route? What IP addresses will be routed according to the given subnet mask?Does the summary route include all given subnets?Does the summary route include any additional IP networks that we do not use/have?On which router should we configure the static summary route? Write the summarized static routeOn which router should we configure the summary route using routing protocols?Write the command to make the routing protocol advertise the manually summarized route

F0/1: A /RR1F0/0: 1.1.1.1 /24R2F0/0: 1.1.1.2 /24F1/2: C /TF1/3: D /UIP packets travelling to IP addresses in network A, B, C and DRouting updates regarding A, B ,C, Dor A summary route including all fourCCNA 2 Manual Route summarizationDesigned by:Nima JavidiManual route summarizarion:Using static routes:

R(config)# IP route destination_IP_network Subnet_mask Next_hop_address[or outgoing interface]Must be a network address not an IP address In decimal format The IP Address of the next router towards the final destinationor outgoing interface name and numberUsing classless routing protocols [RIP/EIGRP]:

R(config-if)#IP summary-address RIP/EIGRP manually_summarized_routeSubnet_maskMust be configured on the routing protocol namethe network address In decimal formatoutgoing interface Include the AS number of the manually summarized routeThe subnet mask of the where the update is sentif EIGRPmanually summarized routeF1/1: B /SF0/1: A /RR1F0/0R2F0/0F1/2: C /TF1/3: D /UWhere summarized static route should be configured "we have no routing updates when using static routes"Where we configure the manually summarized route using routing protocols.In this case we make the router advertise the manually summarized route that we calculatedWe manually calculate and configure the summary route

with a range including all subnetsManual route summarizationusing static routes

Manual route summarization using classless routing protocolsWe manually tell the router how to reach a range

For IP networks which are not directly connected

No routing update is sentWe make the routing protocol advertise the manually calculated and configured routeRIP v1Advertise connected networksStop updated on interfaces not having a router onAdvertise a default routeCapture updatesRIP v2Make RIP version 2Disable the auto summaryChange timersCapture updatesEIGRPConfigure an ASAdvertise connected networksStop updated on interfaces not having a router onAdvertise a default routeChange timersCapture hello, query, reply and updateOSPFAdvertise connected networksStop updated on interfaces not having a router onAdvertise a default routeChange timersCapture hello and LSA Make a router DR (priority)

CCNA dumps: http://tiny.cc/fdszmw using Visual CertExam SuiteCCNA Routing tasks you should practiceDesigned by:Nima Javidi#Enable OSPF (Global Configuration mode)router ospf 1

#Advertise directly connected networks (OSPF Configuration mode)network net_add wild_card_mask area 0

#Passive-interface (don't send update - because there is no router there) (OSPF Configuration mode)passive-interface loop 0

#default route (on ASBR - connecting us to ISP) (Global Configuration mode)ip route 0.0.0.0 0.0.0.0 s0/0/0

#Advertise the default route (OSPF Configuration mode)default-information originate

#Interface priority (Change the DR - increase the priority to make it DR) (Interface Configuration mode)ip ospf priority 2

#Make the router advertise the accurate subnet mask of a loopback interface (Interface Configuration mode)ip ospf network point-to-point

#Hello and dead interval (Interface Configuration mode)ip ospf hello-interval 5ip ospf dead-interval 15

#Manual route summarization on ABR - (OSPF Configuration mode)area 1 range manually_summarized_routeSubnet_maskMust bethe network address In decimal formatconfigured on ABR of the manually summarized routeThe subnet mask of the (Calculated by you)manually summarized routeCCNA 2 OSPF ConfigurationDesigned by:Nima JavidiCCNA 2 OSPF Sample scenario Designed by:Nima JavidiBasic Ethernet switching concepts and configuration + LABDesigned by:Nima JavidiWhat information do we have in Ethernet header?What information do we have in Ethernet trailer?What type of address does Ethernet use? How long is the address? What parts does it have?What is the difference between a hub and a switch?What is MAC-Address table? What information is included in it?How MAC-Address table is formed?What is port-security on Cisco Catalyst switches? At what level of the campus network should it be enabled?What information should be configured for port-security?What violation modes can be selected for port-security? Name differences between different violation modes?What is sticky MAC address feature? How does it work? Why and when does config must be saved when using sticky MAC address?

Switch configuration LAB: write commands to:Set hostname:Set password:Enable telnet:Enable SSH(2.4.3.2):Assign IP-address:Set default gateway:Disable a port:Enable port security:Set violation mode for port security:Set maximum number of MAC addresses for port security:Copy the config file to TFTP(2.3.8.2):Copy the IOS to TFTP:

C1:IP: 10.1.1.5MAC: C1-MACF0/1S1Erase configurationRestart the switchSet HostnameSet PasswordSet IP addressSet Default gatewayDisable unused portsEnable Port securityMAX MAC=1Violation = shutdownSave configBackup config file & IOS via TFTPS1- IP address: 10.1.1.1VLAN & Trunk study checklistDesigned by:Nima JavidiWhat is a VLAN?Why would we need VLANs in Local Area Networks?How do you relate broadcast domains and IP networks?How do you relate VLANs and IP networks?What is a trunk link?Name trunk encapsulations and compareWhat is a native VLAN? On which devices should it match?What is DTP?

VLAN & Trunk configuration/verificationDesigned by:Nima JavidiCreate VLANs Switch(config)#vlan 2#Create VLAN 2Switch(config-vlan)#name sales#Name VLAN 2 "sales"VLAN verification:Switch#show vlan#Verify VLAN numbers + Names + ports in that VLAN

Assign a port to a VLANSwitch(config)#interface fastEthernet 0/4Switch(config)#interface range fastEthernet 0/1 - 10#Config port 1 upto 10 at the same timeSwitch(config-if)#switchport mode access#Stop trunk negotiation using DTP on a linkSwitch(config-if)#switchport access vlan 2#Put the interface(s) in VLAN 2VLAN verification:Switch#show vlan#Verify VLAN numbers + Names + ports in that VLANTrunk Configuration:Switch(config-if)#switchport trunk encapsulation dot1q #Set the trunk encapsulation to 802.1QIt also could be ISL on some Cisco SwitchesSwitch(config-if)#switchport trunk allowed vlan 1,2#Only frames part of VLAN 1 & 2 will be allowed on this linkSwitch(config-if)#switchport trunk native vlan 2#Frames from/for VLAN 2 will be sent untagged (Native VLAN must be the same on both ends)Trunk verification:Switch#show interfaces gigabitEthernet 0/1 switchport #Verifies: Trunk encapsulation + native VLAN + allowed VLANAssign IP address to a switch in vlan 10: #You can not have more than 1 functional interface VLAN on layer 2 switchesSwitch(config)#int vlan 10#Interface VLAN on the switch: Just one and only for management (example:telnet) #On Multi-layer switches you can have multiple interface VLANs for inter-VLAN routingSwitch(config-if)#IP address 10.1.1.5 255.255.255.0Switch(config-if)#exitSwitch(config)#IP default-gateway 10.1.1.1#Set default gateway IP addressRemove interface VLAN:Switch(config)#no interface vlan 10#Removes the interface VLAN from the switchInter-VLAN routing - configurationDesigned by:Nima JavidiInter-VLAN routing on RoutersInret-VLAN routing on routers: Create sub interfaces, one sub-interface per VLANRouter(config)#interface f0/0#Trunk link connected to the router Router(config-if)#no shut#We do not assign an IP address on the physical interface Router(config-if)#exitRouter(config)#interface f0/0.10#.10 is the sub-interface number and does not have to match the VLAN number Router(config-subif)#encapsulation dot1q 10#This sub-interface is part of VLAN 10 Router(config-subif)#exitRouter(config)#interface f0/0.20#.20 is the sub-interface number and does not have to match the VLAN number Router(config-subif)#encapsulation dot1q 20 native#This sub-interface is part of VLAN 20 and VLAN 20 is the native VLAN Router(config-subif)#exitInter-VLAN routing verification: Switch(config)#show ip int brief

Inter-VLAN routing on Multilayer switchesYou can not have more than 1 functional interface VLAN on layer 2 switchesInterface VLAN on layer 2 switches: Just one and only for management (example:telnet), NOT FOR IP ROUTINGSVI (switch virtual interface) : The logical interface on multi-layer switches used for Inter-VLAN routing (the SVI IP_Address is used as default-gateway address on devices in that VLAN

Inter-VLAN routing on a switch (only : Assign IP address to a switch in vlan 10:You can not have more than 1 functional interface VLAN on layer 2 switchesInterface VLAN on the switch: Just one and only for management (example:telnet)On Multi-layer switches you can have multiple interface VLANs (SVI) used for inter-VLAN routing:Switch(config)#int vlan 10Switch(config-if)#IP address 10.1.10.5 255.255.255.0Switch(config-if)#exitSwitch(config)#int vlan 20Switch(config-if)#IP address 10.1.20.2 255.255.255.0Switch(config-if)#exit

Remove interface VLAN:Switch(config)#no interface vlan 10#Removes the interface VLAN from the switchVerify SVI (switch virtual interface) : The logical interface on multi-layer switches used for Inter-VLAN routing (the SVI IP_Address is used as default-gateway address on devices in that VLANSwitch(config)#show ip int briefClear startup configClear VLAN databaseTrunkAllowed VLAN =10, 20, 100Native VLAN = 10Trunk encapsulation = 802.1Q

VTPVTP modeVTP password: ciscoVTP pruningVTP domain: CCNA3.com

Create VLANsVLAN 10 = Sales10.1.10.0/24Client 1VLAN 20 = IT10.1.20.0/24Client 2VLAN 100 = Access_Switches 10.1.100.0/24

Inter VLAN routingSet encapsulation and IP address on Router sub-interfacesAssign IP & default gateway to the switch and clients:Use the first usable address for default gateway

Access portsMake the port accessAccess port would not negotiate a trunk using DTPVLAN membership: Put users in their own VLANSTP portfastPort securityMaximum number of MAC addresses: 1Sticky MAC featureSticky featureViolation: shutdownSTP:Set priorityS2 is the root for VLAN 10S1 is the root for all other VLANVLAN, Trunk and inter-VLAN routingDesigned by:Nima JavidiF0/2F0/1F0/0F0/3R1Trunk LinkS2C1: VLAN 10IP: 10.1.10.10 /24C2: VLAN 20IP: 10.1.20.5 /24S1:

-VTP Server-IP in VLAN 100: 10.1.100.2 /24S1F0/1F0/2Trunk LinkS2:

-VTP Client-IP in VLAN 100: 10.1.100.3 /24Verify each bullet-point right after configuring itVTP ConceptDesigned by:Nima JavidiSW2>enableSW2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW2(config)#vtp mode transparent #also server or client could be usedSW2(config)#vtp version 2#VTP Version is 2SW2(config)#vtp domain cisco.com#Domain name = cisco.comSW2(config)#vtp password cisco#VTP password is ciscoSetting device to VTP TRANSPARENT mode.SW2(config)#endSW2#show vtp statusSW2#show vtp statusVTP Version : running VTP2Configuration Revision : 0Maximum VLANs supported locally : 1005Number of existing VLANs : 8VTP Operating Mode : TransparentVTP Domain Name : VTP Pruning Mode : DisabledVTP V2 Mode : EnabledVTP Traps Generation : DisabledMD5 digest : 0x06 0x97 0x82 0xDA 0x39 0x52 0x1E 0xF2 Configuration last modified by 192.168.255.252 at 0-0-00 00:00:00VTP configutationDesigned by:Nima JavidiPPP configuration + CHAPDesigned by:Nima JavidiOn each router a username must be created. The username on each router must be hostname of the other router.Frame-relay configuration (without sub-interface)Designed by:Nima JavidiService provider router (Frame-relay switch)Frame-relay configuration (with sub-interface)Designed by:Nima JavidiAll-in-one LAB (PPP, Frame-relay, 802.1Q, VLAN, VTP, STP, RIP v2)Designed by:Nima JavidiTrunk Links Native VLAN: 40Allowed VLAN: 10, 20, 30Encapsulation: 802.1QClient 1:VLAN 10IP Add: 10.1.10.5Client 2:VLAN 20IP Add: 10.1.20.5ALS: VTP clientUplinks are trunkUnused ports must be disabledF0/1 in VLAN 10F0/2 in VLAN 20IP Address VLAN 30 10.1.30.2 /24F0/1 - 2: Enable STP portfastEnable port-securityMaximum number of MAC-addresses: 1Port-security sticky featurePort-security violation: shutdownF0/0

Trunk Link

F0/1R1:R1 => R2 sub-interfaceDLCI 102IP Address: 192.168.12.1 /24R1 => R3 sub-interfaceDLCI 103IP Address: 192.168.13.1 /24Inter VLAN routingVLAN 10: 10.1.10.1 /24VLAN 20: 10.1.20.1 /24VLAN 30: 10.1.30.1 /24R2R3R4R1R2:R2 => R1 sub-interface DLCI 201 IP Address: 192.168.12.2 /24R3:R3 => R1 sub-interface DLCI 301 IP Address: 192.168.13.2 /24R3 s0/1/0 (172.16.1.3/24) R4 s0/1/0 (172.16.1.4 /24)PPPAuthentication CHAPCompression: predictorServer1:61.1.1.2 /24RIP V2 must be enabled on R1, R2, R3, R4Auto- summary must be turned offDLS1: Root bridge for VLAN 10, 30IP Address: VLAN 30: 10.1.30.3 /24DLS2: Root bridge for VLAN 20IP Address: VLAN 30: 10.1.30.4 /24PVC between R1 - R2PVC between R2 - R3Frame-relayS0/0/0S0/0/0S0/0/0S0/1/0S0/1/0F0/3F0/3F0/4F0/4F0/3F0/4F0/1F0/2F0/061.1.1.1 /24Verify each part right after configuring itExtra steps on next pageVerification on page 48 - 49All-in-one LAB (ACL, NAT, DHCP, DNS)Designed by:Nima JavidiEnable the following on the LAB on previous page:NAT on R1:Traffic that must be translated Inside Local: 10.1.10.0 + 10.1.20.0Protocols allowed: HTTP, ICMP, FTP, SMTP, POP3, TELNET, DNSACL on R1 s0/0/0 out :Packets coming from and/or going to private IP addresses must be dropped.DHCPR1 must be DHCP server for:First 10 IP Addresses must be excluded from all poolsFirst Pool: 10.1.10.0 /24 Gateway: 10.1.10.1 DNS: 61.1.1.2First Pool: 10.1.20.0 /24 Gateway: 10.1.20.1 DNS: 61.1.1.2C1 and C2 must obtain IP address from DHCP Server (R1)DNS ServerAdd all router/switch names with their corresponding IP addresses on DNS server

All-in-one LAB verificationDesigned by:Nima JavidiLayer 2 connectivity: Interfaces must be: up, up (SHOW IP INT BRI)CDP must be exchanged: if it's exchanged routers are connected at layer2 (SHOW CDP NEIGHBOUR)PPPL2 protocol must be PPP on both routersAuthentication method must be the same on both routersCompression method must be the same on both routersEach router must have a local user with the username being the same as hostname of the other routerFrame-relay:Sub-interfaces must be configuredPoint-to-point sub interface must be configured with (Frame-relay interface-dlci DLCI)Multipoint sub interface must be configured with (Frame-relay map IP IP DLCI broadcast)IP addressesDirectly connected routers must be in the same network: (SHOW IP INT BRI)Directly connected routers must ping each other (PING IP)Routing:Same routing protocol must be configured on routersAuto-summary must be switched off if classless networks are usedOn ALL routers, ALL connected networks should be advertised using NETWORK commandAfter configuring routing protocol ALL networks (routes) must appear in ALL routing tables. (SHOW IP ROUTE)VTP: VTP domain name and password must be same on ALL switchesVTP configuration revision must be the same on ALL switches ( SHOW VTP STATUS)Trunk (SHOW INT f0/0 switchport) (SHOW TRUNK) (SHOW RUN INT f0/0)Trunk encapsulation must be the same on both ends of a trunk link Native VLAN must be the same on both ends of a trunk link

All-in-one LAB verificationDesigned by:Nima JavidiInter VLAN routing on routersTrunk link must be configured on the router with appropriate Native VLANTrunk link must be configured on the router using multiple sub-interfaces (One sub-interface per VLAN)Router must have one IP Address assigned to appropriate sub-interface per VLAN(SHOW RUN INT F0/0)ALL VLAN Network addresses must be present in routing table (SHOW IP ROUTE)STPThe desired switch must be the root bridge (SHOW SPANNING-TREE)Portfast Must be enabled on user ports (SHOW RUN INTERFACE f0/1)NATAre NAT inside and outside interfaces configured? (SHOW RUN INT f0/0)Is INSIDE LOCAL addresses permitted in an access-list? (SHOW ACCESS-LIST)Is a NAT POOL created for INSIDE GLOBAL addresses?Is the NAT-ACL binded to the Interface? ORIs the NAT-ACL binded to the NAT-POOL?ACL:Generate the traffic which should be blocked Is the traffic blocked?Is the access-list matches increased? (SHOW ACCESS-LIST)Generate the traffic which should be forwardedIs the traffic forwarded (permitted)?

ACL (Access Control List)Designed by:Nima JavidiR1(config)#access-list 101 permit tcp anyany eq 80R1(config)#access-list 101 permit tcp any eq 80anyR1(config)#access-list 101 permit tcp any eq 80 any eq 81

AnyHost Single_IP_Address: Host 10.1.1.5Address Wildcard_mask:10.1.1.0 0.0.0.255You do not have to specify the port number but you can if you must. Instead of eq you can use any of the following: eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers

Cisco Password recovery Designed by:Nima JavidiIf you do not know the router password you can recover the password:Restart the router ==> power off and onBreak (Ctrl+C) before IOS loads ==> It would take you to ROM MONChange config register to 0x2142 ==> stops the router from loading the startup-config therefore passwordsrestart the router by typing "i" in ROM MONThis time the startup-config won't be loadedenable and go to privileged modeload the startup-config:copy start runSet the new passwordchange the config-register to 0x2102

ACL (Access Control List) & Wildcard maskDesigned by:Nima JavidiCondition (address)Wildcard maskAddress & wildcard maskRange CalculationsRange10.1.1.1290.0.0.25510.1.1.10000001 0.0.0.11111111

10.1.1.xxxxxxxxFrom: 10.1.1.0

To: 10.1.1.25510.1.1.10.0.0.210.1.1.00000001 0.0.0.0000001010.1.1.000000x110.1.1.110.1.1.310.1.1.10.0.0.25410.1.1.00000001 0.0.0.1111111010.1.1.xxxxxxx110.1.1.110.1.1.310.1.1.510.1.1.7...10.1.1.255

When a bit is "1" in wildcard mask it means we don't compare that bit and it could be anythingDHCP+NAT LABDesigned by:Nima JavidiR1F0/0: DHCP ClientR2F0/0: 192.168.1.1 /24Border router: connecting you to the ISPDHCP Server: Pool 192.168.1.0/24Excluded addresses: 192.168.1.1 - 4Default gateway: 192.168.1.1

R1: DHCP ClientInternal router: considered as a client in this scenario ISP54.1.1.2 /24F0/0Configure NAT & DHCP for the following network:R1: DHCP ClientR2: DHCP Server NAT (PAT) is done on out border router connecting us to Internet through ISPInternal network (192.168.1.0 /24) must be translated to the outside interface IP address (54.1.1.1)

Inside int:R1(config-if)#ip nat insideInside network:Create an ACL-Out int:R1(config-if)#ip nat outsideOut ip address:ip nat pool NAME START_IP END_IPIP NAT inside source list 1 pool NAME overload

Internal network (NAT inside interface)External network (NAT outside interface)54.1.1.1 /24F0/1