Cisco CCNA Short Notes (part ICND1)

Greetings

In this post I structured the notes created together with the students in the courses in the process of repeating the material studied. Initially, all this was done in a notebook. In the post there are no detailed descriptions, etc. Added a few graphs and designed in order. In general, consider information as short cheat sheets that can be read in the evening before passing the exam in order to quickly refresh everything in memory. If it is interesting, you can put ICND2, and a lot more is in the same spirit.

Network level: IP

Address length 32-bit
For recording, the notation Dotted-Decimal is used. We beat on octets on 8 bits, we write down in a decimal form, we separate a point: 10.1.1.1

Address classes and first octet rule:

Class	Address range (first octet)	The length of the network / host	First octet rule
A	1-127	8.24	0xxxxxxx
B	128-191	16.16	10xxxxxx
C	192-223	24.8	110xxxxx
D	224-239	Multicast	1110xxxx
E	240-255	Experimental	1111xxxx

The problem of lack of IP addresses and its solutions:
')
1. Private / Public Addresses
a. A 10.xxx
b. B 172.16.xx - 172.31.xx
c. C 192.168.xx
2. Subnet Mask / VLSM / CIDR
3. NAT
4. IPv6

Transport level: UDP / TCP

Protocol	Specifications
Tcp	Reliable	Forms a pre-connection (Connection-oriented)
UDP	Unreliable (Best-Effort)	Connection is not formed (Connectionless)

The process of forming a TCP connection (3-Way Handshake):

TCP Window:

The ability to send N-segment data and receive a single ACK.
Fixed (window size is fixed) & Scaling (exchange changes during the session) Window.

Work with Cisco IOS

Loading process:

BIOS> POST
BIOS> Bootstrap
Bootstrap> ios
IOS> Startup-config

Configuration methods:
1. CLI
a. Console
b. AUX (Routers)
c. VTY (Telnet / ssh)
2. GUI
a. Web Server (horror)
b. SDM
3. SNMP

Configuration Modes:

Title	Description	Invitation	Deep down	Up
USER EXEC	User mode Almost no rights.	>	enable	exit logout
PRI EXEC	Privileged mode. Admin rights. Logging, debag. Transition to configuration modes.	#	configure terminal	Exit Logout Disable
GLOBAL CONFIG	Global configuration mode. Configure settings that affect the device as a whole.	(config) #	Interface ... Vlan ... Router ... Controller ...	Exit CTRL-Z (immediately to PRI EXEC)
SUB CONFIG	We configure interfaces, vlana, routing protocols, etc.	(config-if) # (config-line) # And etc.		Exit CTRL-Z (immediately to PRI EXEC)

Getting help:

? - all mode commands
ab? - commands starting with ab
command? - command command arguments

Basic switch configuration

 !
 !  Set the device name and domain name.  FQDN is required to configure SSH.
 !
 hostname SW1
 ip domain-name CISCO.LOCAL
 !
 !  Create a virtual L3 interface.  Throw it in the first vlan.  Assign IP. 
 !  Turn on.
 !  For an interface to go up, at least 1 active interface is required in the specified Vlan.
 !
 interface vlan 1
  ip address 1.1.1.1 255.0.0.0
  no shutdown
 !
 !  Default Gateway in global mode.  To administer the switch from other 
 !  networks.
 !
 ip default-gateway 1.1.1.254
 !

Basic Security

 !
 !  Connection Protection (USER EXEC).
 !
 !  Console Port Security
 !
 line console 0
  login - enable password authentication
  password PASSWORD - password for authentication
 !
 !  Protection of network connections.  Virtual terminals (vty).
 !  We configure and allow only the SSH protocol.
 !
 !  Creating users
 !
 username ROOT secret CISCO
 username ADMIN secret OCSIC
 !
 !  Enable SSH and generate keys
 !
 crypto key genereate rsa
 !
 !  Configuring vty ports
 !
 line vty 0 15
  login local - user database and password authentication
  transport input ssh - allow only SSH connections
 !
 !  Privileged Transition Protection
 !
 enable password OCSIC - the password is stored in clear text
 enable secret CISCO - password is stored as a hash
 !
 !  Encrypt passwords stored in clear view
 !
 service password-encryption
 !
 !  Creating a banner
 !
 banner motd @
 -------------------------------------------------- ----
 Unauthorized access is blah-blah-blah
 -------------------------------------------------- - @
 !
 !  Port Security (Port-Security)
 !
 interface fa0 / 1
  switchport mode access
 !  We define safe (legal) addresses:
 !  - maximum number of legal addresses
  switchport port-security maximum 10	
 !  - static indication of legal address
  switchport port-security mac-address 0001.0002.0003 	
 !  - dynamic definition of legal addresses and their entry in the running-config
  switchport port-security mac-address sticky	
  switchport port-security violation shutdown - in case of violation, disable the port
  switchport port-security - enable port-security on the interface

Check:

 show running-config - current configuration file
 show startup-config - boot configuration file
	
 show int - information on interfaces
 show int vlan 1
 show int fa0 / 1
 show ip int brie

 show port-security - port security check	
 show port-security int fa0 / 1
 show port-security address

 show version - device information

Saving configuration file:

 copy running-config startup-config

Routing

Metric — select a route within the protocol.

Administrative distance (AD) - choice of route between protocols. From 0 to 255. Less = better.

Protocol	Metrics	AD
Connected	-	0
Static	-	one
EIGRP	Metric = 256 * (BW + Delay)	90
Ospf	Cost = 100 / BW Mbps	110
Rip	Hop count	120

Classes of protocols:

Distance Vector (RIP, IGRP, EIGRP)
Link-State (OSPF, IS-IS)

Masking

Example 1:

192.168.2.0/24

11000000.10101000.00000010. 00000000 192.168.2.0 / 24 network

11111111.11111111.11111111. 00000000 255.255.255.0 mask

11000000.10101000.00000010. 00000001 192.168.2.1 1 host

11000000.10101000.00000010. 11111110 192.168.2.254 Last host

11000000.10101000.00000010. 11111111 192.168.2.255 Broadcast

Example 2:

This range 195.1.1.0 / 24 divided by visit:

2 networks of 30 hosts
4 networks of 6 hosts
2 transport networks

 1. 30 hosts 2 ^ n-2> = 30 n = 5
                            ---------
 11000011.00000001.00000001.000 00000 195.1.1.0 / 27 Subnet Zero
 11111111.11111111.11111111.111 00000 255.255.255.224
 11000011.00000001.00000001.000 00001 195.1.1.1 / 27 1 host
 11000011.00000001.00000001.000 11110 195.1.1.30 / 27 last host
 11000011.00000001.00000001.000 11111 195.1.1.31 / 27 broadcast

 11000011.00000001.00000001.001 00000 195.1.1.32 / 27 The second network
 11000011.00000001.00000001.001 00001 195.1.1.33 / 27
 11000011.00000001.00000001.001 11110 195.1.1.62 / 27
 11000011.00000001.00000001.001 11111 195.1.1.63 / 27

 11000011.00000001.00000001.010 00000 195.1.1.64 / 27 The third ...
 11000011.00000001.00000001.010 00001 195.1.1.65 / 27
 11000011.00000001.00000001.010 11110 195.1.1.94 / 27
 11000011.00000001.00000001.010 11111 195.1.1.95 / 27

 11000011.00000001.00000001.011 00000 195.1.1.96 / 27
 11000011.00000001.00000001.011 00001 195.1.1.97 / 27
 11000011.00000001.00000001.011 11110 195.1.1.126 / 27
 11000011.00000001.00000001.011 11111 195.1.1.127 / 27

 ...

 11000011.00000001.00000001.111 00000 195.1.1.224 / 27
 11000011.00000001.00000001.111 00001 195.1.1.225 / 27
 11000011.00000001.00000001.111 11110 195.1.1.254 / 27
 11000011.00000001.00000001.111 11111 195.1.1.255 / 27

 2. 6 hosts 2 ^ n-2> = 6 n = 3

 11000011.00000001.00000001.010 00 000 195.1.1.64 / 29
 11111111.11111111.11111111.111 11 000 255.255.255.248
 11000011.00000001.00000001.010 00 001 195.1.1.65 / 29
 11000011.00000001.00000001.010 00 110 195.1.1.70 / 29
 11000011.00000001.00000001.010 00 111 195.1.1.71 / 29

 11000011.00000001.00000001.010 01 000 195.1.1.72 / 29
 11000011.00000001.00000001.010 01 001 195.1.1.73 / 29
 11000011.00000001.00000001.010 01 110 195.1.1.78 / 29
 11000011.00000001.00000001.010 01 111 195.1.1.79 / 29

 11000011.00000001.00000001.010 10 000 195.1.1.80 / 29
 11000011.00000001.00000001.010 10 001 195.1.1.81 / 29
 11000011.00000001.00000001.010 10 110 195.1.1.86 / 29
 11000011.00000001.00000001.010 10 111 195.1.1.87 / 29

 11000011.00000001.00000001.010 11 000 195.1.1.88 / 29
 11000011.00000001.00000001.010 11 001 195.1.1.89 / 29
 11000011.00000001.00000001.010 11 110 195.1.1.94 / 29
 11000011.00000001.00000001.010 11 111 195.1.1.95 / 29

 3. 2 hosts n = 2

 11000011.00000001.00000001.010 10 0 00 195.1.1.80 / 30
 11111111.11111111.11111111.111 11 1 00 255.255.255.252
 11000011.00000001.00000001.010 10 0 01 195.1.1.81 / 30
 11000011.00000001.00000001.010 10 0 10 195.1.1.82 / 30
 11000011.00000001.00000001.010 10 0 01 195.1.1.83 / 30

 11000011.00000001.00000001.010 10 1 00 195.1.1.84 / 30
 11000011.00000001.00000001.010 10 1 01 195.1.1.85 / 30
 11000011.00000001.00000001.010 10 1 10 195.1.1.86 / 30
 11000011.00000001.00000001.010 10 1 11 195.1.1.87 / 30

Terminology:

  195.1.1.0 / 24 Network (Mask = class)
 195.1.0.0 / 16 Summary (Mask <Class)
 195.1.1.0 / 30 Subnet (Mask> Class)
 195.1.1.1 / 32 Host (Mask = 32)
 0.0.0.0 / 0 Default Route

Using a router as a DHCP server

Configure RTR-DHCP:

 !  Exclusive range (router addresses)
 !
 ip dhcp excluded-address 1.1.1.1 
 ip dhcp excluded-address 2.1.1.2 2.1.1.20
 !
 !  Creating a pool of addresses for the network 1.1.1.0 (connected)
 !
 ip dhcp pool NET1
  network 1.1.1.0 255.255.255.0 - address pool
  default-router 1.1.1.1 - default gateway
  dns-server 1.1.1.1 8.8.8.8 - DNS server
 !
 !
 !  Creating a pool of addresses for the network 2.2.2.0 (remote, via relay)
 !
 ip dhcp pool net2
  network 2.2.2.0 255.255.255.0 - address pool
  default-router 2.2.2.1 - default gateway
  dns-server 1.1.1.1 8.8.8.8.  - DNS server

 Check:
 Sh ip dhcp bindings
 Sh ip dhcp conflicts
 Sh ip dhcp s

Configure RTR-RELAY:

 !  Forwarding broadcast packets to the specified address

 int fa0 / 1
  ip address 2.2.2.1 255.255.255.0 - interface in a remote network 2.2.2.0	
  ip helper-address 1.1.1.1 - where to forward (DHCP address)
 !
 !  Only forward UDP67 Broadcast
 Ip forward-protocol udp 67

Remote Access (telnet / ssh)

Customer commands	Description
1.1.1.1 HOSTNAME telnet 1.1.1.1 ssh -l USERNAME 1.1.1.1	Open connection
CTRL + SHIFT + 6 - X	return to local session
show sessions	view connections
ENTER-ENTER	return to the last active session (*)
2 Resume 2	return to connection # 2
disconnect 2	close connection # 2
Server commands	Description
Show users	who is connected
Send	Chat
Clear line vty 1	disable vty 1
Show ssh	view ssh connections

Wan

PPP:

      1. LCP = Link Control Protocol
                 a.  Compession
                 b.  Error Detection
                 c.  Authentication

      2. NCP = Network Control Protocol
                 a.  IPCP
                 b.  IPV6CP
                 c.  CDPCP

Configuring Serial Interfaces:

 show controllers - defined by DCE or DTE
 !
 interface serial 1/0		 
  clock rate 64000 - speed in bps (on the DCE interface)
  bandwidth 64 - used to calculate metrics (kbps)
  encapsulation ppp - set encapsulation
  ip address 4.4.4.1 255.255.255.252
  no shutdown	
 !

For check:

 Sh interface s1 / 0
 Sh controllers s1 / 0

RIP protocol

Protocols at level 3:

Routing (RIP, OSPF, EIGRP)
Routed (IP, IPv6, IPX, AppleTalk)

Routing protocols:

IGP - Inside AS (RIP, OSPF, EIGRP)
EGP - Between AS (BGP)

Classes of routing protocols:

Distance-Vector: RIP, IGRP
Advanced Distance-Vector: EIGRP, BGP
Link-State: OSPF, IS-IS

VLSM / CIDR support:

Classfull (RIPv1, IGRP)
Classless (RIPv2, BGP, OSPF, EIGRP, IS-IS)

Setup steps:

1. Enable routing protocol
2. Select local interfaces. Selecting an interface means that:
a. The interface sends updates
b. The interface gets updates
c. Network interface will be included in the updates

RIP:

Ripv1	Ripv2
Class	Classless
UDP520	UDP520
Updates sends to 255.255.255.255	Updates sends on 224.0.0.9
	Supports authentication
	Supports manual summation

Rtr-a

 sh ip interface brief - looked interfaces
 !
 router rip - enabled RIP
  version 2 - enabled RIPv2
  network 1.0.0.0 - select local interfaces.  In the RIP - class networks
  network 2.0.0.0
  no auto-summary - disable auto-summing (the router will transmit 
 !  subnets, instead of class network addresses)

RTR-B:

 router rip			
  version 2			
  network 2.0.0.0
  no auto-summary

Check:

 show ip protocols
 show ip route rip 
 show ip rip?
 debug ip rip

Control

Search iOS in the boot process:

NVRAM: config-register
NVRAM: startup-config (boot system commands)
The first iOS file from Flash:
If not found, then 3 times trying to find IOS on tftp (Broadcast)
ROMMON

Configuration Register:

 • 16 bits
 • Every bit affects the loading process.
 • IOS search is answered by bits c 0 through 3: 
               o 0x0 ROMMON
               o 0x1 Boot IOS from ROM
               o 0x2-F Standard boot

View and edit:

 Show version
 Config-register 0x2100 - download to ROMMON (last 0)

 Ios update
 sh flash - make sure there is free space
 dir flash

If there is no free space to copy the new IOS:

 #copy flash: ios.old tftp: //1.1.1.1 - Backup old IOS (for everyone)
 !  Free up space: 
 !  Formatting flash (if not sorry)
 #erase flash:						
 !  Or delete individual files.
 #del flash: ios.old			
 !
 #copy tftp: //1.1.1.1/newios flash: - Copy the new IOS
 ! 
 #reload - Reboot

If there is free space:

 #copy tftp: //1.1.1.1/newios flash: - Copy the new IOS
 (config) #boot system flash: newios - We are instructing to boot into the new IOS
 #copy running startup - Save the config
 #reload - Reboot

IOS Recovery:

 ROMMON> tftpdnld

Password Recovery:

Reboot (turn off)
Click CTRL-Break
We fall into ROMMON

 !  In ROMMOM, we change the 6th bit (2142) in the configuration register.  Bit value - 
 !  ignore boot config
 ROMMON> confreg 0x2142		
 !  Reboot
 ROMMON> reset

 !  Startup-config will be ignored when booting.  Restoring it.
 #copy startup runn
 !  We return the configuration register
 (config) # config-register 0x2102
 !  Change password
 (config) #enable secret cisco
 !  Save the config
 #copy runn start

Additional commands related to monitoring and control

 show tech-support |  redirect tftp: //1.1.1.1/filename - show all
 show processes - CPU and RAM usage
 show processes cpu history

Source: https://habr.com/ru/post/155329/

All Articles