Ccna configuration lab hands on
Download
1 / 151

CCNA Configuration Lab Hands on - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

CCNA Configuration Lab Hands on. Natthapong Wannurat CCNA, CCDA, CSE, SMBAM, SMBSE Channel Account Manager South Region. Introduction to CCNA Exam. Cisco Icons and Symbols. Defining Components of the Network. Home Office. Mobile Users. Internet. Branch Office. Main Office.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CCNA Configuration Lab Hands on' - fritz-gaines


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ccna configuration lab hands on

CCNA ConfigurationLab Hands on

Natthapong WannuratCCNA, CCDA, CSE, SMBAM, SMBSEChannel Account ManagerSouth Region




Defining components of the network
Defining Components of the Network

Home Office

Mobile Users

Internet

Branch Office

Main Office


Defining the components of a network cont
Defining the Components of a Network (cont.)

Branch Office

Floor 2

Server Farm

ISDN

Floor 1

Telecommuter

Remote

Campus


Network structure defined by hierarchy
Network Structure Defined by Hierarchy

Core Layer

Distribution

Layer

Access

Layer



Osi model overview

Application

Application

(Upper)

Layers

Presentation

Session

OSI Model Overview

Transport Layer

Network Layer

Data Flow

Layers

Data Link

Physical


Role of application layers

Telnet

FTP

ASCII

EBCDIC

JPEG

Operating System/

Application Access

Scheduling

Role of Application Layers

EXAMPLES

User Interface

Application

  • How data is presented

  • Special processing such as encryption

Presentation

Keeping different applications’

data separate

Session

Transport Layer

Network Layer

Data Link

Physical


Role of data flow layers
Role of Data Flow Layers

Application

Presentation

EXAMPLES

Session

TCP

UDP

SPX

  • Reliable or unreliable delivery

  • Error correction before retransmit

Transport

Provide logical addressing which routers use for path determination

IP

IPX

Network

  • Combines bits into bytes and bytes into frames

  • Access to media using MAC address

  • Error detection not correction

802.3 / 802.2

HDLC

Data Link

  • Move bits between devices

  • Specifies voltage, wire speed and pin-out cables

EIA/TIA-232V.35

Physical


FCS

FCS

EncapsulatingData

Application

(Protocol Data Unit)

Presentation

PDU

Session

Upper Layer Data

Segment

Transport

TCP Header

Upper Layer Data

Network

Packet

IP Header

Data

LLC Header

Data

Data Link

Frame

MAC Header

Data

Physical

Bits

0101110101001000010



Introduction to tcp ip1
Introduction to TCP/IP

TCP (Transmission Control Protocol)is a set of rules (protocol) used along with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.

User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another. UDP is sometimes called the Universal Datagram Protocol or Unreliable Datagram Protocol.





1 agenda
1. (VLSM)Agenda

  • Explain basic IP Addressing

  • Review Subnetting concepts

  • How to Calculate Subnets, host Addresses and broadcast id's

  • Explain VLSM concepts and Route Summarization


Why ip addresses
Why IP Addresses? (VLSM)

  • Uniquely identifies each device on an IP network so that data can be sent correctly to those locations.

  • Real life analogies:

    • Address on a letter

    • Telephone number

  • Every host (computer, networking device, peripheral) must have a unique address.


Parts of the ip address
Parts of the IP Address (VLSM)

  • Each IP address consists of:

    • Network ID

      • Identifies the network to which the host belongs

      • Assigned by registry authority and cannot be changed

    • Host ID

      • Identifies the individual host

      • Assigned by organizations to individual devices


Ip address format dotted decimal notation
IP Address Format: Dotted Decimal Notation (VLSM)

Remember binary-to-decimal and decimal-to-binary conversion.



Ip address ranges
IP Address Ranges (VLSM)

  • *127 (011111111) is a Class A address reserved for loopback testing and cannot be assigned to a network.


Example class b network address reserved
Example Class B Network Address (Reserved) (VLSM)

Total number of host addresses available = 2h – 2

where h is the number of bits in the host field


Example class b broadcast address reserved
Example Class B Broadcast Address (Reserved) (VLSM)

Total number of host addresses available = 2h – 2

where h is the number of bits in the host field




Subnetworks
Subnetworks (VLSM)

  • Smaller networks are easier to manage.

  • Overall traffic is reduced.

  • You can more easily apply network security policies.


Number of subnets available
Number of Subnets Available (VLSM)

  • To identify subnets, you will “borrow” bits from the host ID portion of the IP address

    • Number of subnets available depends on the number of bits borrowed.

    • One address is still reserved as the network address.

    • One address is still reserved as broadcast address.

    • Available number of subnets = 2s where s is the number of bits borrowed.



What a subnet mask does
What a Subnet Mask Does (VLSM)

  • Tells the router the number of bits to look at when routing

  • Defines the number of bits that are significant

  • Used as a measuring tool, not to hide anything





What is a variable length subnet mask

Subnet 172.16.14.0/24 is divided into smaller subnets (VLSM)

Subnet with one mask (/27)

Then further subnet one of the unused /27 subnets into multiple /30 subnets

What Is a Variable-Length Subnet Mask?



What is route summarization
What Is Route Summarization? (VLSM)

  • Routing protocols can summarize addresses of several networks into one address.




Example
Example (VLSM)


Summary
Summary (VLSM)

  • Basic IP Addressing

  • Subnetting concepts

  • Calculate Subnets, host Addresses and broadcast id's

  • VLSM concepts and Route Summarization



Agenda
Agenda (VLSM)

  • Overview

  • Cisco IOS Software Features and Functions

  • Starting up Cisco Network Routers and Switches

  • Cisco IOS Command-Line Interface Functions

  • Entering the EXEC Modes

  • Entering Configuration Mode

  • Using the CLI to configure and test Routers and Switches

  • Summary


Cisco ios software cli a common interface for managing cisco devices
Cisco IOS Software CLI (VLSM)A common interface for managing Cisco devices.

  • Features to carry the chosen network protocols and functions

  • Connectivity for high-speed traffic between devices

  • Security to control access and prohibit unauthorized network use

  • Scalability to add interfaces and capability as needed for network growth

  • Reliability to ensure dependable access to networked resources


Initial startup of routers and switches

System startup routines initiate device software. (VLSM)

Switch: Initial startup uses default configuration parameters.

Initial Startup of Routers and Switches



Example initial bootup output from the router

Unconfigured (VLSM) vs. Configured Router

Example: Initial Bootup Output from the Router


Example initial bootup of a cisco router the setup facility
Example: Initial Bootup of a Cisco Router (VLSM)- The Setup facility -


Configuring network devices
Configuring Network Devices (VLSM)

  • Configuration sets up the device with the following:

    • Network policy of the functions required

    • Protocol addressing and parameter settings

    • Options for administration and management

  • A Catalyst switch memory has initial configuration with default settings.

  • A Cisco router will prompt for initial configuration if there is no configuration previously saved in memory.


Cisco ios user interface functions

A CLI is used to enter commands. (VLSM)

Specific Operations vary on different internetworking devices.

Users type or paste entries in the console command modes.

Command modes have distinctive prompts.

<Enter> key instructs device to parse and execute the command.

Two primary EXEC modes are User Mode and Privileged Mode.

Cisco IOS User Interface Functions


Cisco ios software exec mode user
Cisco IOS Software EXEC Mode (User) (VLSM)

  • There are two main EXEC modes for entering commands.


User mode
User-Mode (VLSM)


User mode command list

You can abbreviate a command to the fewest characters that make a unique character string.

User-Mode Command List


Cisco ios software exec mode privileged
Cisco IOS Software EXEC Mode (Privileged) make a unique character string.


Privileged mode
Privileged-Mode make a unique character string.


Privileged mode command list
Privileged-Mode Command List make a unique character string.

You can complete a command string by entering the unique character string, then pressing the Tab key.


Configuration mode
Configuration Mode make a unique character string.

Third Mode - Configuration mode:

  • Global configuration mode

    • wg_sw_a#configure terminal

    • wg_sw_a(config)#

  • Interface configuration mode

    • wg_sw_a(config)#interface e0/1

    • wg_sw_a(config-if)#

  • Other configuration modes also exist. (line configuration, routing configuration, etc…)


  • Overview of router switch modes
    Overview of Router & Switch Modes make a unique character string.


    Router context sensitive help
    Router Context-Sensitive Help make a unique character string.


    Router context sensitive help cont
    Router Context-Sensitive Help (Cont.) make a unique character string.


    Enhanced editing commands
    Enhanced Editing Commands make a unique character string.

    Router>Shape the future of internetworking by creating unpreced

    • Shape the future of internetworking by creating unprecedented value for customers, employees, and partners.


    Enhanced editing commands cont
    Enhanced Editing Commands (Cont.) make a unique character string.


    Router command history
    Router Command History make a unique character string.


    Show version command
    show version make a unique character string. Command


    Viewing the configuration
    Viewing the Configuration make a unique character string.


    Show running config and show startup config commands
    show running-config make a unique character string. and show startup-config Commands

    • Displays the current and saved configuration


    Summary1
    Summary make a unique character string.

    • The Cisco switch or router has considerable configuration and testing capabilities and can be configured using the Command Line Interface (CLI).

    • A switch or router can be configured from a local terminal connected to the console port or from a remote terminal connected via a modem connection to the auxiliary port.

    • The CLI is used by network administrators to monitor and to configure various Cisco IOS devices. CLI also offers a help facility to aid network administrators with the verification and configuration commands.

    • The CLI supports two EXEC modes: user and privileged. The privileged EXEC mode provides more functionality than the user EXEC mode.


    Summary cont
    Summary (Cont.) make a unique character string.

    • From the privileged EXEC mode, the global configuration mode can be entered, providing access to other configuration modes such as the interface configuration mode or line configuration mode.

    • The CLI will be used to configure the router name, password, and other console commands.

    • Interface characteristics such as the IP address and bandwidth are configured using the interface configuration mode.

    • When the router configuration has been completed, it can be verified by using show commands.

    • Always remember to save your configuration!


    Part 1 routing protocols

    Part 1 make a unique character string.– Routing Protocols


    Router operations

    To route packets, a router needs to do the following: make a unique character string.

    Know the destination address

    Identify the sources from which the router can learn

    Discover possible routes to the intended destination

    Select the best route

    Maintain and verify routing information

    Router Operations


    Router operations cont
    Router Operations (Cont.) make a unique character string.

    • The Router knows only the networks it is directly connected to. It must learn all other destinations.


    Static routes vs dynamic routes

    Static make a unique character string. Routes

    A network administrator enters them into the router manually.

    Dynamic Routes

    Learned by Routing protocols and added to the routing table. Dynamic routes are adjusted automatically for topology or traffic changes.

    Static Routes vs. Dynamic Routes

    Two different ways of learning routes to remote networks:


    Static route configuration
    Static Route Configuration make a unique character string.

    Router(config)#ip route network [mask] {address | interface}[distance] [permanent]

    • Defines a path to an IP destination network or subnet or host by specifying the next hop router interface IP address.

    • Address = IP address of the next hop router

    • Interface = outbound interface of the local router


    Static route example
    Static Route Example make a unique character string.

    RouterX(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1

    or

    Router(config)#ip route 172.16.1.0 255.255.255.0 s0/0/0

    • This is a unidirectional route. You must have a route configured in the opposite direction.


    Verifying the static route configuration
    Verifying the Static route Configuration make a unique character string.

    RouterA(config)#ip route 172.16.1.0 255.255.255.0 Serial0/0 172.16.2.1

    RouterA#show ip route

    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

    E1 - OSPF external type 1, E2 - OSPF external type 2

    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

    ia - IS-IS inter area, * - candidate default, U - per-user static route

    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets

    S 172.16.1.0 [1/0] via 172.16.2.1, Serial0/0

    C 172.16.2.0 is directly connected, Serial0/0


    A special case default routes
    A special case: Default Routes make a unique character string.

    • This route allows the stub network to reach all known networks beyond router A.


    Static routes benefits and disadvantages
    Static Routes: Benefits and Disadvantages make a unique character string.

    Benefits:- No overhead on the router CPU - No bandwidth usage between routers - Security and controlDisadvantages:- Administrative burden. - Not practical in large networks.- By default it is not conveyed to other routers as part of an update process.


    Dynamic Routing Configuration make a unique character string.

    • Defines an IP routing protocol

    Router(config)#router protocol [keyword]

    Router(config-router)#network network-number

    • Mandatory configuration command for each IP routing process

    • Identifies the physically connected network to which routing updates are forwarded


    RIP Overview make a unique character string.

    19.2 kbps

    • Hop-count metric selects the path.

    • Routes update every 30 seconds.

    T1

    T1

    T1


    RIP Configuration make a unique character string.

    • Starts the RIP routing process.

    Router(config)#router rip

    Router(config-router)#network network-number

    • Selects participating attached networks.

    • Requires a major classful network number.


    router rip make a unique character string.

    network 172.16.0.0

    network 10.0.0.0

    router rip

    network 10.0.0.0

    router rip

    network 192.168.1.0

    network 10.0.0.0

    RIP Configuration Example

    e0

    s2

    s2

    s3

    s3

    e1

    192.168.1.0

    172.16.1.0

    A

    B

    C

    10.1.1.1

    172.16.1.1

    10.1.1.2

    10.2.2.2

    192.168.1.1

    10.2.2.3

    2.3.0.0

    2.3.0.0


    Configuring eigrp
    Configuring EIGRP make a unique character string.

    Router(config)#router eigrp autonomous-system

    • Defines EIGRP as the IP routing protocol

    Router(config-router)#network network-number

    • Selects participating attached networks


    Eigrp configuration example
    EIGRP Configuration Example make a unique character string.


    Configuring single area ospf
    Configuring Single-Area OSPF make a unique character string.

    RouterX(config)#

    router ospf process-id

    • Defines OSPF as the IP routing protocol

    RouterX(config-router)#

    network addresswildcard-mask area area-id

    • Assigns networks to a specific OSPF area


    Verifying the ospf configuration
    Verifying the OSPF Configuration make a unique character string.

    RouterX# show ip protocols

    • Verifies that OSPF is configured

    RouterX# show ip route

    • Displays all the routes learned by the router

    RouterX# show ip route

    Codes: I - IGRP derived, R - RIP derived, O - OSPF derived,

    C - connected, S - static, E - EGP derived, B - BGP derived,

    E2 - OSPF external type 2 route, N1 - OSPF NSSA external type 1 route,

    N2 - OSPF NSSA external type 2 route

    Gateway of last resort is 10.119.254.240 to network 10.140.0.0

    O 10.110.0.0 [110/5] via 10.119.254.6, 0:01:00, Ethernet2

    O IA 10.67.10.0 [110/10] via 10.119.254.244, 0:02:22, Ethernet2

    O 10.68.132.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2

    O 10.130.0.0 [110/5] via 10.119.254.6, 0:00:59, Ethernet2

    O E2 10.128.0.0 [170/10] via 10.119.254.244, 0:02:22, Ethernet2

    . . .


    Verifying the ospf configuration cont
    Verifying the OSPF Configuration (Cont.) make a unique character string.

    RouterX#show ip ospf

    • Displays the OSPF router ID, timers, and statistics

    RouterX# showip ospf

    Routing Process "ospf 50" with ID 10.64.0.2

    <output omitted>

    Number of areas in this router is 1. 1 normal 0 stub 0 nssa

    Number of areas transit capable is 0

    External flood list length 0

    Area BACKBONE(0)

    Area BACKBONE(0)

    Area has no authentication

    SPF algorithm last executed 00:01:25.028 ago

    SPF algorithm executed 7 times

    <output omitted>


    Verifying the ospf configuration cont1
    Verifying the OSPF Configuration (Cont.) make a unique character string.

    RouterX# show ip ospf interface

    • Displays the area ID and adjacency information

    RouterX#show ip ospf interface ethernet 0

    Ethernet 0 is up, line protocol is up

    Internet Address 192.168.254.202, Mask 255.255.255.0, Area 0.0.0.0

    AS 201, Router ID 192.168.99.1, Network Type BROADCAST, Cost: 10

    Transmit Delay is 1 sec, State OTHER, Priority 1

    Designated Router id 192.168.254.10, Interface address 192.168.254.10

    Backup Designated router id 192.168.254.28, Interface addr 192.168.254.28

    Timer intervals configured, Hello 10, Dead 60, Wait 40, Retransmit 5

    Hello due in 0:00:05

    Neighbor Count is 8, Adjacent neighbor count is 2

      Adjacent with neighbor 192.168.254.28 (Backup Designated Router)

      Adjacent with neighbor 192.168.254.10 (Designated Router)


    Verifying the ospf configuration cont2
    Verifying the OSPF Configuration (Cont.) make a unique character string.

    RouterX# show ip ospf neighbor

    • Displays the OSPF neighbor information on a per-interface basis

    RouterX#show ip ospf neighbor

    ID Pri State Dead Time Address Interface

    10.199.199.137   1 FULL/DR 0:00:31 192.168.80.37 FastEthernet0/0

    172.16.48.1 1 FULL/DROTHER 0:00:33 172.16.48.1   FastEthernet0/1

    172.16.48.200 1 FULL/DROTHER 0:00:33 172.16.48.200  FastEthernet0/1

    10.199.199.137   5 FULL/DR 0:00:33 172.16.48.189  FastEthernet0/1


    Verifying the ospf configuration cont3
    Verifying the OSPF Configuration (Cont.) make a unique character string.

    RouterX# show ip ospf neighbor 10.199.199.137

    Neighbor 10.199.199.137, interface address 192.168.80.37

    In the area 0.0.0.0 via interface Ethernet0

    Neighbor priority is 1, State is FULL

    Options 2

    Dead timer due in 0:00:32

    Link State retransmission due in 0:00:04

    Neighbor 10.199.199.137, interface address 172.16.48.189

    In the area 0.0.0.0 via interface Fddi0

    Neighbor priority is 5, State is FULL

    Options 2

    Dead timer due in 0:00:32

    Link State retransmission due in 0:00:03


    Ospf debug commands
    OSPF debug Commands make a unique character string.

    RouterX# debug ip ospf events

    OSPF:hello with invalid timers on interface Ethernet0

    hello interval received 10 configured 10

    net mask received 255.255.255.0 configured 255.255.255.0

    dead interval received 40 configured 30

    OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117

    aid:0.0.0.0 chk:6AB2 aut:0 auk:

    RouterX# debug ip ospf packet

    OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116

    aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0


    Routing protocols vs routed protocols
    Routing make a unique character string. Protocols vs. Routed Protocols

    • Routing protocols exchange messages between routers to determine paths, build and maintain routing tables.

    • Examples: RIP, IGRP, OSPF

    • After the path is determined, a router can route or forward packets defined by a routed protocol.

    • Examples: IP, IPX


    Selecting the most trustworthy routing protocol using administrative distance
    Selecting the most “trustworthy” routing protocol using make a unique character string.Administrative Distance:

    • The lowest Administrative Distance is preferred

    • The Administrative distance is locally configured and are not exchanged between routers


    Selecting the best route using metrics
    Selecting the Best Route using make a unique character string.Metrics

    • The route with the lowest metric is selected and added to the routing table.

    • If the best route becomes unavailable, the next lowest metric route is selected to replace it.


    Examination of the ip routing table
    Examination of the IP Routing Table make a unique character string.

    RouterA#show ip route

    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

    E1 - OSPF external type 1, E2 - OSPF external type 2

    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

    ia - IS-IS inter area, * - candidate default, U - per-user static route

    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets

    R 172.16.1.0 [120/1] via 172.16.2.1, 00:00:09, Serial0/0

    C 172.16.2.0 is directly connected, Serial0/0

    10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks

    C 10.1.14.0/24 is directly connected, FastEthernet0/0

    C 10.1.13.0/29 is directly connected, FastEthernet0/1

    S 10.1.2.0/24 [1/0] via 172.16.2.1, Serial0/0

    O 10.1.4.4/32 [110/2] via 10.1.14.4, 15:02:19, FastEthernet0/0

    O 10.1.3.3/32 [110/2] via 10.1.13.3, 15:02:20, FastEthernet0/1

    C 10.1.1.1/32 is directly connected, Loopback0

    O 10.1.34.0/28 [110/2] via 10.1.13.3, 15:02:20, FastEthernet0/1

    [110/2] via 10.1.14.4, 15:02:20, FastEthernet0/0


    Classful routing overview
    Classful Routing Overview make a unique character string.

    • Classful routing protocols do not include the subnet mask with the route advertisement.

    • Within the same network, consistency of the subnet masks is assumed (all subnet masks must be off the same length).

    • Summary routes are exchanged between foreign networks.

    • Examples of classful routing protocols:

      • RIP version 1 (RIPv1)

      • IGRP


    Classless routing overview
    Classless Routing Overview make a unique character string.

    • Classless routing protocols include the subnet mask with the route advertisement.

    • Classless routing protocols support variable-length subnet mask (VLSM).

    • Summary routes can be manually controlled within the network.

    • These are examples of classless routing protocols:

      • RIP version 2 (RIPv2)

      • EIGRP

      • OSPF

      • IS-IS


    Routing protocol comparison chart
    Routing Protocol Comparison Chart make a unique character string.


    Cisco lan switching

    Cisco LAN Switching make a unique character string.


    L2 devices
    L2 Devices make a unique character string.

    • Bridge

    • Software-based L2 Device

    • Learn MAC addresses

    • Segment LANs

    • Floods broadcasts

    • Filters Frames

    • Usually less than 16 ports

    • Switch

    • Hardware-based L2 device

    • Learns MAC addresses

    • Builds a CAM Table

    • Single station or LAN segment on

    • each port

    • Floods broadcasts

    • Can have 100 or more ports


    Layer 2 switching logic
    Layer 2 Switching Logic make a unique character string.

    • A frame is received:

      • Destination – Multicast or Broadcast Flood

    Frame

    Frame

    Frame

    Frame

    Frame

    Frame

    Frame


    Layer 2 switching logic1
    Layer 2 Switching Logic make a unique character string.

    • A frame is received:

      • Destination – Unknown Unicast Flood

    Frame

    Frame

    Frame

    Frame

    Frame

    Frame

    Frame


    Layer 2 switching logic2
    Layer 2 Switching Logic make a unique character string.

    • A frame is received:

      • Destination – Unicast in MAC Table Forward

    Different Port

    Frame

    Frame


    Layer 2 switching logic3
    Layer 2 Switching Logic make a unique character string.

    • A frame is received:

      • Destination – Unicast – Same Port Filter

    X

    Frame


    Layer 2 switching logic4
    Layer 2 Switching Logic make a unique character string.

    • A frame is received:

      • Destination – Multicast or Broadcast Flood

      • Destination – Unknown Unicast Flood

      • Destination – Unicast in MAC Table Forward

      • Destination – Unicast – Same Port Filter


    Ethernet switches and bridges

    Address learning make a unique character string.

    Forward/filter decision

    Loop avoidance

    Ethernet Switches and Bridges


    Transmitting Frames make a unique character string.

    Cut-Through

    • Switch checks destination address and immediately begins forwarding frame.

    Store and Forward

    • Complete frame is received and checked before forwarding.

    Fragment-Free

    • Switch checks the first 64 bytes, then immediately begins forwarding frame.


    Mac address table
    MAC Address Table make a unique character string.

    • Initial MAC address table is empty.


    Learning addresses
    Learning Addresses make a unique character string.

    • Station A sends a frame to station C.

    • Switch caches the MAC address of station A to port E0 by learning the source address of data frames.

    • The frame from station A to station C is flooded out to all ports except port E0 (unknown unicasts are flooded).


    Learning addresses cont
    Learning Addresses (Cont.) make a unique character string.

    • Station D sends a frame to station C.

    • Switch caches the MAC address of station D to port E3 by learning the source address of data frames.

    • The frame from station D to station C is flooded out to all ports except port E3 (unknown unicasts are flooded).


    Filtering frames
    Filtering Frames make a unique character string.

    • Station A sends a frame to station C.

    • Destination is known; frame is not flooded.


    Broadcast and multicast frames
    Broadcast and Multicast Frames make a unique character string.

    • Station D sends a broadcast or multicast frame.

    • Broadcast and multicast frames are flooded to all ports other than the originating port.


    Forward filter decisions
    Forward/Filter Decisions make a unique character string.


    Port security
    Port Security make a unique character string.

    Switch(config)#interface fastEthernet 0/1

    Switch(config-if)#switchport port-security ?

    mac-address Secure mac address

    maximum Max secure addresses

    violation Security violation mode

    <cr>

    Switch(config-if)#switchport port-security maximum 1

    Switch(config-if)#switchport port-security violation shutdown


    Spanning tree protocol
    Spanning-Tree Protocol make a unique character string.

    • Provides a loop-free redundant network topology by placing certain ports in the blocking state.


    Spanning-Tree Operation make a unique character string.

    • One root bridge per network

    • One root port per nonroot bridge

    • One designated port per segment

    • Nondesignated ports are unused


    Spanning-Tree Protocol make a unique character string.Root Bridge Selection

    • Bpdu = Bridge Protocol Data Unit (default = sent every two seconds)

    • Root bridge = Bridge with the lowest bridge ID

    • Bridge ID =

    • In the example, which switch has the lowest bridge ID?


    Spanning-Tree Path Cost make a unique character string.


    Spanning tree
    Spanning-Tree make a unique character string.

    Switch#show spanning-tree vlan 1

    VLAN0001

    Spanning tree enabled protocol ieee

    Root ID Priority 32769

    Address 0001.96DC.1A62

    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32769 (priority 32770 sys-id-ext 1)

    Address 0010.1116.A3A4

    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type

    ---------------- ---- --- --------- -------- --------------------------------

    Fa0/1 Desg FWD 19128.3 Shr

    Fa0/2 Root FWD 19128.3 Shr

    Switch(config)#spanning-tree vlan 1 priority 4096


    Vtp modes
    VTP Modes make a unique character string.

    • Creates VLANs

    • Modifies VLANs

    • Deletes VLANs

    • Sends/forwards advertisements

    • Synchronizes

    • Saved in NVRAM

    • Creates VLANs

    • Modifies VLANs

    • Deletes VLANs

    • Forwards advertisements

    • Does not synchronize

    • Saved in NVRAM

    • Forwards advertisements

    • Synchronizes

    • Not saved in NVRAM


    VTP Operation make a unique character string.

    • VTP advertisements are sent as multicast frames.

    • VTP servers and clients are synchronized to the latest revision number.

    • VTP advertisements are sent every 5 minutes or when there is a change.


    Scaling the network with nat and pat

    Scaling the Network with NAT and PAT make a unique character string.


    Objectives
    Objectives make a unique character string.

    • Explain the difference between public and private IP addresses

    • Summarize three problems with IP addressing that NAT and PAT solve

    • Describe the basic functionality of NAT and NAT Overloading (PAT)

    • Identify the differences between Static and Dynamic Translations

    • Configure Static and Dynamic NAT

    • Configure NAT Overloading (PAT)

    • Verify NAT and PAT Operation


    Ip addressing review

    Network ID make a unique character string.

    0

    7 bits

    Node ID (24 bits)

    Network ID

    1

    0

    14 bits

    Node ID (16 bits)

    Network ID

    1

    1

    0

    21 bits

    Node ID (8 bits)

    1

    1

    1

    0

    Multicast Group ID (28 bits)

    1

    1

    1

    1

    0

    Reserved for Future Use (27 bits)

    IP Addressing Review

    Class A

    1.0.0.0 - 127.255.255.255

    Class B

    128.0.0.0 - 191.255.255.255

    Class C

    192.0.0.0 - 223.255.255.255

    Multicasts

    Class D

    224.0.0.0 - 239.255.255.255

    Experimental Use

    Class E

    240.0.0.0 - 254.255.255.255


    Ip addressing private addresses

    Network ID make a unique character string.

    0

    7 bits

    Node ID (24 bits)

    Network ID

    1

    0

    14 bits

    Node ID (16 bits)

    Network ID

    1

    1

    0

    21 bits

    Node ID (8 bits)

    IP Addressing – Private Addresses

    “Reserved/Private” Addresses exist in the first three classes of IP Addresses.

    Class A

    10.0.0.0 – 10.255.255.255

    Class B

    172.16.0.0 – 172.31.255.255

    Class C

    192.168.0.0 – 192.168.255.255

    These addresses are not globally routable through the public Internet.


    Not enough ip addresses
    Not Enough IP Addresses make a unique character string.

    • Public IP address space (non-reserved/private) is limited and obtaining a large block of registered addresses is difficult and expensive.

    Your Home Network

    ISP Rtr

    Internet

    Hey, I need some IP Addresses for my network. How about something in the Class-B range so I can grow in the future?

    Are you crazy?? All I can give you is a little subnet of a Class-C network. Be happy with that!


    I can see you
    I Can See You!! make a unique character string.

    • Internal network (layout/addressing/design) shouldn’t be visible to external (ex. Internet) users.

    I can see your IP Address! I’ve got you now! Time to attack!!

    Your Home Network

    ISP Rtr

    160.1.1.1

    Internet


    Nat networks inside outside
    NAT Networks – Inside / Outside make a unique character string.

    • NAT translates the source and/or destination IP addresses from packets on the inside network to different IP addresses on the outside network.

    NAT Rtr

    Inside network

    Outside network


    Configuring static translations
    Configuring Static Translations make a unique character string.

    Router(config)# ip nat inside source static local-ipglobal-ip

    • Establishes static translation between an inside local address and an inside global address

    Router(config-if)# ip nat inside

    • Marks the interface as connected to the inside

    Router(config-if)# ip nat outside

    • Marks the interface as connected to the outside


    Enabling static nat address mapping example

    193.50.1.2 make a unique character string.

    SA

    Enabling Static NAT Address Mapping Example

    193.50.1.1

    interface serial0

    ip address 193.50.1.1 255.255.255.0

    ip nat outside

    !

    interface ethernet 0

    ip address 10.1.1.1 255.255.255.0

    ip nat inside

    !

    ip nat inside source static 10.1.1.2 193.50.1.2

    ip address 193.50.1.1 255.255.255.0

    193.50.1.2


    Dynamic translations pros and cons

    Switch make a unique character string.

    Dynamic Translations – Pros and Cons

    • Dynamic Translations – Pros and Cons

      • Pros – Conserves addresses. Outside Local addresses get aged out and can be reused after inactivity timer expires.

      • Cons – No ability for outside hosts to initiate conversations.

    Dynamic Translation Table

    IL IG

    10.0.0.1 = 80.0.0.3

    10.0.0.2 = 80.0.0.4

    Pool of addresses for NAT

    80.0.0.3 – 80.0.0.6

    Inside network

    10.0.0.1

    10.0.0.2

    NAT Rtr

    10.0.0.3

    80.0.0.2

    10.0.0.4

    10.0.0.6

    10.0.0.5

    Outside network


    Configuring dynamic translations
    Configuring Dynamic Translations make a unique character string.

    Router(config)# ip nat pool name start-ip end-ip{netmask netmask | prefix-length prefix-length}

    • Defines a pool of global addresses to be allocated as needed.

    Router(config)# access-list access-list-number permit source [source-wildcard]

    • Defines a standard IP ACL permitting those inside local addresses that are to be translated.

    Router(config)# ip nat inside source list access-list-number pool name

    • Establishes dynamic source translation, specifying the ACL that was defined in the prior step.


    Dynamic address translation example
    Dynamic Address Translation Example make a unique character string.

    ip nat pool net-208 171.69.233.209 171.69.233.222 netmask

    255.255.255.240

    ip nat inside source list 1 pool net-208

    !

    interface serial0

    ip address 172.69.232.182 255.255.255.240

    ip nat outside

    !

    interface ethernet 0

    ip address 192.168.1.94 255.255.255.0

    ip nat inside

    !

    access-list 1 permit 192.168.1.0 0.0.0.255


    How does pat nat overloading change all this

    How Does PAT (NAT Overloading) Change All This? make a unique character string.


    Nat overloading pat
    NAT Overloading - PAT make a unique character string.

    • NAT Overloading (PAT):

      All inside devices get translated to the SAME Inside Global address on NAT Router.

      Source Port number differentiates traffic.

    • How NAT Router chooses the source port number:

      NAT Router will attempt to preserve original source port number if not already in use.

      If Source Port number is already in use, another, unused source port number will be selected from the following ranges:

      • 0-511 , 512-1023, 1024-65535


    Configuring overloading
    Configuring Overloading make a unique character string.

    Router(config)# access-list access-list-number permit sourcesource-wildcard

    • Defines a standard IP ACL that will permit the inside local addresses that are to be translated

    Router(config)# ip nat inside source list access-list-numberinterface interface overload

    • IP address configured on interface (in command above) will be used as the Overloaded address.

    • Establishes dynamic source translation, specifying the ACL that was defined in the prior step


    Pat nat overload config example

    Switch make a unique character string.

    Switch

    PAT / NAT Overload Config Example

    192.168.3.7

    Interface Ethernet 0

    ip address 192.168.3.1 255.255.255.0

    ip nat inside

    !

    Interface Ethernet1

    ip address 192.168.4.1 255.255.255.0

    ip nat inside

    !

    Interface Serial0

    ip address 172.17.38.1 255.255.255.0

    ip nat outside

    !

    Ip nat inside source list 1 interface Serial0 overload

    !

    Access-list 1 permit 192.168.3.0 0.0.0.255

    Access-list 1 permit 192.168.4.0 0.0.0.255

    192.168.3.1

    E0

    E1

    192.168.4.1

    S0

    172.17.38.1

    192.168.4.12

    Internet


    Clearing the nat translation table
    Clearing the NAT Translation Table make a unique character string.

    Router# clear ip nat translation *

    • Clears all dynamic address translation entries

    Router# clear ip nat translation inside global-ip local-ip [outside local-ip global-ip]

    • Clears a simple dynamic translation entry that contains an inside translation or both an inside and outside translation

    Router# clear ip nat translation outside local-ip global-ip

    • Clears a simple dynamic translation entry that contains an outside translation

    Router# clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port]

    • Clears an extended dynamic translation entry


    Displaying information with show commands
    Displaying Information with ‘show’ Commands make a unique character string.

    Router# show ip nat translations

    • Displays active translations

    Router# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- ---

    Router# show ip nat statistics

    • Displays translation statistics

    Router# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1Hits: 5 Misses: 0 …


    Access Control Lists make a unique character string.


    Objectives1
    Objectives make a unique character string.

    • Upon completion, you will be able to:

    • Identify the Two Types of IP Access Control Lists.

    • Describe typical Uses for IP Access Lists.

    • Understand Access List related Terms and Concepts.

    • Configure a Standard IP ACL


    What are ip access control lists
    What Are IP Access Control Lists? make a unique character string.

    • A Cisco IOS feature

    • Sequential list of “permit” or “deny” statements, which block or allow routed traffic.

    • Block Unwanted Traffic – inbound or outbound

      • Basic network security

      • Bandwidth control

      • Enforce network policy

    Permit the Good Stuff

    • The good side of the list shown above


    Types of ip acls
    Types of IP ACLs make a unique character string.

    • Less Common:

    • Lock and Key (dynamic ACLs)

    • Reflexive ACLs

    • Time-based ACLs using time ranges

    • Commented IP ACL entries

    • Context-based ACL

    • Authentication proxy

    • Named ACLs

    • Turbo ACLs

    • Distributed time-based ACLs

    • Most Common (90%):

    • Standard ACLs

    • Extended ACLs


    Standard ip acl syntax
    Standard IP ACL Syntax make a unique character string.

    access-list access-list-number{permit|deny}{host | source source-wildcard | any}

    • Numbered 1 – 99

    • Only look at the IP Source Address

    • Easiest to configure

    • Good for blocking traffic close to the destination device

    Two Notes:

    • One cannot delete lines of a numbered access list. You must first remove the entire access list.

    • Every ACL has an implicit ‘Deny All’ statement as the last line of the ACL


    The infamous wildcard mask
    The ‘Infamous’ Wildcard Mask make a unique character string.

    • The Inverse of the Subnet Mask

    • 255.255.255.192 (SM) = 0.0.0.63 (WM)

    • Defines either the specific host or size of a subnet to be permitted or denied by the ACL

    • How to Calculate the Wildcard Mask?

      • Subtract the subnet mask from 255.255.255.255

      • Single Host – (SM) 255.255.255.255 (WM) 0.0.0.0

      • Subnet with 16 addresses – (SM) 255.255.255.240 (WM) 0.0.0.15

      • Subnet with 64 addresses – (SM) 255.255.255.192 (WM) 0.0.0.63

    access-list access-list-number{permit|deny}{host | source source-wildcard | any}


    The infamous wildcard mask1
    The ‘Infamous’ Wildcard Mask make a unique character string.

    • Subnet with 16 addresses – (SM) 255.255.255.240

      • 255.255.255.255

      • -255.255.255.240 (SM)

      • 0 . 0 . 0 . 15 (WM)

    access-list access-list-number{permit|deny}{host | source source-wildcard | any}


    Two basic steps
    Two Basic Steps make a unique character string.

    • Create the Access Control List, then…

    Router(config)# access-list 8 deny 131.108.7.0 0.0.0.3

    Router(config)# access-list 8 permit 131.108.2.0 0.0.0.255

    Router(config)# access-list 8 permit any

    (access-list 8 deny any)

    • Apply it to the Correct Interface

    Router(config)# interface serial0

    Router(config-if)# ip access-group 8 in


    Configuring an Extended IP ACL make a unique character string.


    Extended ip acl syntax
    Extended IP ACL Syntax make a unique character string.

    access-list access-list-number {permit|deny} protocol {host | source source-wildcard | any}{host | destination destination-wildcard | any} [precedence precedence name or #]

    • Numbered 100 – 199

    • Looks both the IPsource address and destination address

    • Checks many IP layer (L3) and upper layer (L4) header fields

    • Good for blocking traffic anywhere (near source)


    Applying access lists
    Applying Access Lists make a unique character string.

    • To a Specific Interface:

      • Router (config-if)# ip access-group {access-list-number}{in | out}


    Acl guidelines
    ACL Guidelines make a unique character string.

    • Use Standard IP Access Lists when filtering near Destination

    • Use Extended IP Access Lists when filtering using both the Source address and a Destination address and/or need to specify a Protocol, Ports, etc.

    • STEPS:

      • Create ACL first, then Apply to interface

    • Remember the implicit “deny all” at end of ACL

    • Carefully place your ACL…consider bandwidth, etc.

    • No editing or re-ordering of numbered ACLs (other than adding lines at end)


    Q and a
    Q and A make a unique character string.


    ad