Contents

 Points To Remember ........................................................................................................... 2

 Basic Notes ......................................................................................................................... 2
 Basic IOS Notes ................................................................................................................... 5
 Top 10 'Show' Commands ................................................................................................... 6
 Security Notes ..................................................................................................................... 7
 Cisco Discovery Protocol (CDP) ............................................................................................ 7
 DHCP Notes ........................................................................................................................ 8
 STP Notes ........................................................................................................................... 8
 Vlan Notes .......................................................................................................................... 9
 Trunking Notes: ................................................................................................................ 10
 ACL Notes......................................................................................................................... 10
 Access List Notes: Numbered And Named ACL .................................................................. 11
 IP Routing Notes ............................................................................................................... 15
 Quick Reminder About HSRP ............................................................................................. 16
 Basic Notes On BGP (Border Gateway Protocol) ................................................................... 17
 Ospf Notes ....................................................................................................................... 19
 Configuring Basic Ospf...................................................................................................... 20
 EIGRP Notes. ..................................................................................................................... 21
 EIGRP Configuration And Troubleshooting Commands ....................................................... 22
 IPv6 Notes ........................................................................................................................ 24
 NAT Notes ........................................................................................................................ 25
 Frame Relay Notes ............................................................................................................ 25
 Short Note On Etherchannel .............................................................................................. 26
 Netflow ............................................................................................................................. 27

BY EMAD AL-Atoum
CCNA (200-120) QUICK NOTES
Points To Remember
 By default router can break up broadcast domains. You need vlans in switches to break
broadcast domains

 Both router and switch can break up collision domains

 Routing occur in internet layer in DOD TCP/IP reference model

 PPP perform in layer 2

 FTP belongs to Application layer

 When Global command that is set once and affects the entire router

 LCP PPP sub protocol negotiates authentication options

 PPP and DSL are valid WAN connectivity methods

 Rapid Spanning Tree Protocol, an enhancement to Spanning Tree Protocol is used to

prevent loops

 When using the term “frame” we can easily recognize it belongs to the Data Link layer

 When using the term “Packet” we can easily recognize it belongs to the Network layer

 Show version command reveals the last method used to powercycle a router

 show ip interface command is used to verify which interfaces are affected by the ACL

 Both routers must use the same password for CHAP to authentication

Basic Notes
To check the connectivity between a host and a destination (through some networks) we
can use both “tracert” and “ping” commands. But the difference between these 2
commands is the “tracert” command can display a list of near-side router interfaces in the
path between the source and the destination. The “traceroute” command has the same
function of the “tracert” command but it is used on Cisco routers only, not on a PC

When powered on, the router first checks its hardware via Power-On SelfTest (POST).
Then it checks the configuration register to identify where to load the IOS image from. In the
output above we learn that the Configuration register value is 0×2102 so the router will try to
boot the system image from Flash memory first.

pg. 2
The last known good router will try to inform you that the destination cannot be
reached (with a Destination Unreachable message type) so from that information you
can learn how far your packets can travel to and where the problem is.

Each interface on a router must be in a different network. If two interfaces are in the same
network, the router will not accept it and show error when the administrator assigns it.

When no startup configuration file is found in NVRAM, the System Configuration Dialog
will appear to ask if we want to enter the initial configuration dialog or not.

Ping command can be used from a PC to verify the connectivity between hosts that connect
through a switch in the same LAN

Organizational Unique Identifier (OUI) is the first 24 bits of a MAC address for a network
device, which indicates the specific vendor for that device as assigned by the Institute of
Electrical and Electronics Engineers, Incorporated (IEEE). This identifier uniquely identifies a
vendor, manufacturer, or an organization.

The Maximum Transmission Unit (MTU) defines the maximum Layer 3 packet (in bytes) that
the layer can pass onwards.

Modern Ethernet networks built with switches and full-duplex connections no longer utilize
CSMA/CD. CSMA/CD is only used in old switches

The Network layer is responsible for network addressing and routing through the
internetwork. So a ping fails, you may have an issue with the Network layer. Packets are
created when the network layer adds Layer 3 addresses and control information to a segment.

The transport layer divides a data stream into segments and may add reliability and flow
control information.

Application layer in the OSI reference model is responsible for determining the availability of
the receiving program and checking to see if enough resources exist for that communication

When upgrading new version of the IOS we need to copy the IOS to the Flash so first we
have to check if the Flash has enough memory or not. Also running the new IOS may require
more RAM than the older one so we should check the available RAM too. We can check both
with the “show version” command.

When will devices transmit in a Ethernet network ?

Ethernet network is a shared environment so all devices have the right to access to the
medium. If more than one device transmits simultaneously, the signals collide and cannot
reach the destination. If a device detects another device is sending, it will wait for a specified
amount of time before attempting to transmit. When there is no traffic detected, a device will
transmit its message. While this transmission is occurring, the device continues to listen for
traffic or collisions on the LAN. After the message is sent, the device returns to its default
listening mode.

pg. 3
Two purposes does the Ethernet protocol use physical addresses

1. Physical addresses or MAC addresses are used to identify devices at layer 2

2. To allow communication between different devices on the same network

The following locations can be configured as a source for the IOS image:

1. Flash (the default location)

2. TFTP server
3. ROM (used if no other source is found)

What is the difference between a CSU/DSU and a modem?

A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital
signals from a router to a phone line.

Router boot process:

The Power-On SelfTest (POST) checks the router’s hardware. When the POST completes
successfully, the System OK LED indicator comes on.

The router checks the configuration register to identify where to load the IOS image from. A
setting of 0×2102 means that the router will use information in the startup-config file to
locate the IOS image. If the startup-config file is missing or does not specify a location, it will
check the following locations for the IOS image:

1. Flash (the default location)

2. TFTP server

3. ROM (used if no other source is found)

pg. 4
Basic IOS Notes
service password-encryption command, all the (current and future) passwords are
encrypted. This command is primarily useful for keeping unauthorized individuals from
viewing your password in your configuration file.

How to secure the virtual terminal interfaces on a router?

1. Configure a virtual terminal password and login process.

2. Enter an access list and apply it to the virtual terminal interfaces using the access-class
command.

Commands
Router(config)# service password-encryption command encrypts all plaintext passwords.

Router (config-if)# ppp authentication chap pap command is used to enable CHAP
authentication with PAP as the fallback method on a serial interface

Router#show vlan command only displays access ports, the trunk ports are not showed in
this command

"Show frame-relay lmi” command allows you to verify the encapsulation type (CISCO or IETF)
for a frame relay link

show ip ospf database - command is used to display the collection of OSPF link states

Below lists popular modes in Cisco switch/router:

Router> User mode

Router# Privileged mode

Router(config)# Configuration mode

Router(config-if)# Interface level (within configuration mode)

Router(config-
Routing engine level (within configuration mode)
router)#

Router(config-line)# Line level (vty, tty, async) within configuration mode

pg. 5
 Top 10 'Show' Commands
One of the most important abilities a network administrator is the know-how to get
information out of his network devices so he can find out what's going on with the network.
In most networks, the staple of information gathering has been the "show" commands. Here
are the list of top ten commands you must know.

 show version: Start simple; this command gives uptime, info about your software and
hardware and a few other details.

 show ip interface brief: This command is great for showing up/down status of your IP
interfaces, as well as what the IP address is of each interface. It's mostly useful for
displaying critical info about a lot of interfaces on one easy to read page.

 show interface: This is the more popular version of the command that shows detailed
output of each interface. You'll usually want to specify a single interface or you'll have to
hit 'page down' a lot. This command is useful because it shows traffic counters and also
detailed info about duplex and other link-specific goodies.

 show ip interface: This often overlooked command is great for all the configuration
options that are set. These include the switching mode, ACLs, header compression, ICMP
redirection, accounting, NAT, policy routing, security level, etc. Basically, this command
tells you how the interface is behaving.

 show ip route: This indispensable command shows your routing table, which is usually the
primary purpose of the box. Get to know the options on this command.

 show arp: Can't ping a neighbor? Make sure you're getting an arp entry.

 show running-config: This is an easy one. It tells you how the box is configured right now.
Also, "show startup-config" will tell you how the router will be configured after the next
reboot.

 show port: Similar to the show interface command on routers, this command gives you the
status of ports on a switch.

 show vlan: With the trend toward having lots of VLANs, check this command to make sure
your ports are in the VLANs you think they are. Its output is very well designed.

 show tech-support: This command is great for collecting a lot of info. It basically runs a
whole bunch of other show commands, and spits out dozens of pages of detailed output,
designed to be sent to technical support. But, it's also useful for other purposes.

pg. 6
Security Notes
 We only enable PortFast feature on access ports (ports connected to end stations). But if
someone does not know he can accidentally plug that port to another switch and a loop
may occur when BPDUs are being transmitted and received on these ports.
 With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop
 We can verify whether port security has been configured by using the “show running-
config” or “show port-security interface” for more detail
 Port security is only used on access port (which connects to hosts) so we need to set that
port to “access” mode, then we need to specify the maximum number of hosts which are
allowed to connect to this port.
 Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security
mac-address ” command.
 One of the most widely deployed network security technologies today is IPsec over VPNs. It
provides high levels of security through encryption and authentication, protecting data
from unauthorized access.

Cisco Discovery Protocol (CDP)

CISCO Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help
administrators collect information about both locally attached and remote devices. By using
CDP, you can gather hardware and protocol information about neighbor devices, which is
useful info for troubleshooting the network. CDP messages are generated every 60 seconds
as multicast messages on each of its active interfaces.

The information shared in a CDP packet about a Cisco device includes the following:

 Name of the device configured with the hostname command

 IOS software version

 Hardware capabilities, such as routing, switching, and/or bridging

 Hardware platform, such as 2600, 2950, or 1900

 The layer-3 address(es) of the device

 The interface the CDP update was generated on

CDP allows devices to share basic configuration information without even configuring any
protocol specific information and is enabled by default on all interfaces. CDP is a Datalink
Protocol occurring at Layer 2 of the OSI model. CDP is not routable and can only go over to
directly connected devices.

pg. 7
CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts
every 60 seconds with a hold-down period of 180 seconds for a missing neighbor.
#cdp run This command enables cdp globally

#no cdp run turns off CDP for entire router (global config)

#no cdp enable turns off CDP on specific interface

#sh cdp neighbor shows directly connected neighbors

#sh cdp int shows which interfaces are running CDP

#sh cdp int eth 0/0 show CDP info for specific interface

#sh cdp entry <cdp neighbor here> shows CDP neighbor detail

#cdp timer 120 change how often CDP info is sent (default cdp timer is 60)

how long to wait before removing a CDP neighbor (default CDP

#cdp holdtime 240
holdtime is 180)

#sh cdp run shows if CDP turned on

DHCP Notes
Network or sub network IP address and broadcast address should never be assignable to
hosts. When try to assign these addresses to hosts, you will receive an error message saying
that they can’t be assignable.

An address conflict occurs when two hosts use the same IP address. During address
assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected,
the address is removed from the pool. The address will not be assigned until the
administrator resolves the conflict.

STP Notes
Only non-root bridge can have root port.

The path cost to the root bridge is the most important value to determine which port will
become the root port on each non-root switch. In particular, the port with lowest cost to the
root bridge will become root port (on non-root switch).

Per VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN
configured in the network. It means a switch can be the root bridge of a VLAN while another
switch can be the root bridge of other VLANs in a common topology. For example, Switch 1
can be the root bridge for Voice data while Switch 2 can be the root bridge for Video data. If
designed correctly, it can optimize the network traffic.

pg. 8
If we connect two switches via 2 or more links and do not enable STP on these switches then
a loop (which creates multiple copies of the same unicast frame) will occur. It is an example
of an improperly implemented redundant topology.

PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states
(discarding, learning and forwarding) while STP has 5 port states (blocking, listening,
learning, forwarding and disabled). So discarding is a new port state in PVST+.

RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has
converged there are only 2 port states left: discarding and forwarding

A BPDU is superior than another if it has:

1. A lower Root Bridge ID

2. A lower path cost to the Root

3. A lower Sending Bridge ID

4. A lower Sending Port ID

Vlan Notes
A “Native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an
802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.

VLANs allow to group users by function, not by location or geography

VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the
network

VLANs increase the number of broadcast domains while decreasing the size of the broadcast
domains which increase the utilization of the links. It is also a big advantage of VLAN

Advantages of VLANs

VLANs establish broadcast domains in switched networks.

VLANs allow access to network services based on department, not physical location.

VLANs can greatly simplify adding, moving, or changing hosts on the network.

For 802.1q encapsulation, the native VLAN must matched at both side; otherwise the link will
not work.

VLAN 1 is the default VLAN on Cisco switch. It always exists and cannot be added, modified
or removed.

VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used
for Ethernet.

pg. 9
Trunking Notes:
Valid Vlan Trunk Modes

 Desirable
 Auto
 ON

Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol for negotiating trunking on a
link between two devices and for negotiating the type of trunking encapsulation (802.1Q) to
be used.

IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet
network. It is a protocol that allows VLANs to communicate with one another using a router.
802.1Q trunks support tagged and untagged frames. If a switch receives untagged frames on
a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native
VLAN are not tagged when exiting the switch via a trunk port.

Three elements must be used when you configure a router interface for vlan trunking?

1. one IP network or subnetwork for each subinterface

2. subinterface encapsulation identifiers that match vlan tags
3. one subinterface per vlan

Cisco switches support two trunking protocols 802.1q & ISL. 802.1q is an open standard and
is thus compatible between most vendors’ equipment while Inter-Switch Link (ISL) is Cisco
proprietary.

ACL Notes
The standard access lists are ranged from 1 to 99 and from 1300 to 1999

We can have only 1 access list per protocol, per direction and per interface. It means:

We cannot have 2 inbound access lists on an interface

We can have 1 inbound and 1 outbound access list on an interface

We can use a dynamic access list to authenticate a remote user with a specific username and
password. The authentication process is done by the router or a central access server such as
a TACACS+ or RADIUS server.

pg. 10
Access List Notes: Numbered And Named ACL
Explanation of Access Control Lists (ACLs)

Access control lists (ACLs) are set of rules which allows you to permit or deny packets based
on source and destination IP address, IP protocol information, or TCP or UDP protocol
information. You can configure the following types of ACLs:

1. Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs
are 1 – 99
2. Extended – Permits or denies packets based on source and destination IP address and also
based on IP protocol information. Valid extended ACL IDs are a number from 100 – 199

Access-lists use wildcard masks to match traffic. Access control lists (ACLs) can be used for
two purposes on Cisco devices:
- To filter traffic
- To identify traffic

When filtering traffic, access lists are applied on interfaces. As a packet passes through a
router, the top line of the rule list is checked first, and the router continues to go down the
list until a match is made. Once a match is made, the packet is either permitted or denied.

NOTE : There is an implicit ‘deny all’ at the end of all access lists. We can’t delete it. So an
access lists that contain only deny statements will prevent all traffic. If you want ACL to allow
traffic there must be a permit statement

Access lists are applied either inbound (packets received on an interface, before routing), or
outbound (packets leaving an interface, after routing). Only one access list per interface,
per protocol, per direction is allowed.

Even filtering traffic is the primary use of access lists, there are several instances when it is
necessary to identify traffic using ACLs, including:
• Identifying interesting traffic to bring up an ISDN link or VPN tunnel
• Identifying routes to filter or allow in routing updates
• Identifying traffic for QoS purposes

Types of Access List

There are two categories of access lists:

Numbered ACL .it is the basic one. You cannot remove individual lines from a numbered
access list. The entire access list must be deleted and recreated. All new entries to a
numbered access list are added to the bottom. Best practice is to use a text editor to manage
your access-lists.
There are two common types of numbered access lists:

1. IP standard access lists

2. IP extended access lists

pg. 11
Named ACL provide more flexibility than Numbered access list. We can give names to
identify your access-lists. individual lines can be removed from a named access-list. All new
entries are added to the bottom of the access list like numbered ACL
There are two common types of named access lists:

1. IP standard named access lists

2. IP extended named access lists

How to permit or deny a specific host in Access list ?

we can use an example of 172.16.10.1 .As we want to block a specific address(host) in a
network, we can use wildcard mask "0.0.0.0" .all octet in wildcard mask set to "0" means
every octet must be matched.

There are actually two ways we can match a host:

• Using a wildcard mask "0.0.0.0" – 172.16.10.1 0.0.0.0
• Using the keyword “host” – host 172.16.10.1
Above method is use to match exactly a host. So how what we do to match the all
address ?

There are actually two ways we can match all addresses:

• Using a wildcard mask "255.255.255.255" - 0.0.0.0 255.255.255.255
• Using the keyword “any” – any source or destination

Standard IP Access List

Syntax

access-list [1-99] [permit | deny] [source address] [wildcard mask]

Standard IP access-lists are based upon the source host or network IP address, and should be
placed closest to the destination network. Range of standard access list is from 1-99

Example

Qn : Block network 172.20.0.0 from accessing the 172.19.0.0 network

 Router(config)# access-list 20 deny 172.20.0.0 0.0.255.255

 Router(config)# access-list 20 permit any

Note : Access list must be created on the router which is close to destination

First line deny all hosts on the 172.20.x.x network.

 The second line uses a keyword of "any", which will match (permit) any other address.

Always remember that you must have at last one permit statement in your access list.
Otherwise all traffic will be blocked because of implicit deny at the end

pg. 12
Creating a access-list won’t do anything it the network. It must be applied on an interface. To
apply this access list, we would configure the following on Router:

 Router(config)# int s0

 Router(config-if)# ip access-group 20 in

To view all IP access lists configured on the router:

Router# show ip access-list

To view what interface an access-list is configured on:

 Router# show ip interface

 Router# show running-config

Extended IP Access List

Syntax

access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask]

[destination address] [wildcard mask] [operator] [port]

Extended IP access-lists block based upon the source IP address, destination IP address, and
TCP or UDP port number. Extended access-lists should be placed closest to the source
network.

Example :

access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23

 access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80

 access-list 100 permit ip any any

1. The first line deny host 1.1.1.1 from accessing host 2.2.2.2 via telnet (port 23)

2. The second line deny http (eq port 80)access of 3.3.3.0 network

3. The third line allows all other traffic

Like our earlier example this ACL also be applied on interface to take effect. To apply this
access list, we would configure the following command

 int fa 0/0

 ip access-group 100 in

In the above example we used eq port 80 to block http

pg. 13
We can use several other operators for port numbers:

1. eq Matches a specific port

2. gt Matches all ports greater than the port specified

3. lt Matches all ports less than the port specified

4. neq Matches all ports except for the port specified

5. range Match a specific inclusive range of ports

The following will match all ports greater than 100:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 gt 100

The following will match all ports less than 1024:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 lt 1024

The following will match all ports that do not equal 443:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 neq 443

The following will match all ports between 80 and 88:

Router(config)# access-list 101 permit tcp any host 172.16.10.10 range 80 88

Named Access Lists

Named access lists provide us with two advantages over numbered access lists. First, we can
apply an identifiable name to an access list, for documentation purposes. Second, we can
remove individual lines in a named access-list, which is not possible with numbered access
lists.
Please note, though we can remove individual lines in a named access list, we cannot insert individual lines into that
named access list. New entries are always placed at the bottom of a named access list

To create a standard named access list, the syntax would be as follows:

 Router(config)# ip access-list standard NAME

 Router(config-std-nacl)# deny 172.18.0.0 0.0.255.255

 Router(config-std-nacl)# permit any

To create an extended named access list, the syntax would be as follows:

 Router(config)# ip access-list extended NAME

 Router(config-ext-nacl)# permit tcp 172.18.0.0 0.0.255.255 host 172.16.10.10 eq 80

 Router(config-ext-nacl)# deny ip 172.18.0.0 0.0.255.255 172.16.0.0 0.0.255.255

pg. 14
 Router(config-ext-nacl)# permit ip any any

Troubleshooting

 show access-lists [<number> | <name>]

 show ip access-lists [<number> | <name>]

 show ip access-lists interface <interface>

 show ip access-lists dynamic

 show ip interface [<interface>]

IP Routing Notes
When one route is advertised by more than one routing protocol, the router will choose to use
the routing protocol which has lowest Administrative Distance.

Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the
TTL to 0, it throws away the packet. This prevents packets from rotating forever

Remember these rules:

The IP addresses (of source and destination) of a packet never change during the
transportation through the network.

For example if PC-A wants to send a packet to PC-Z then the source and destination IP
addresses of the packet will be the IP addresses of PC-A and PC-Z no matter how many
devices they go through.

The MAC addresses, conversely, will change while passing the devices. The source MAC
address is the address of the last sender and the destination MAC address is the address of
the next device.

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}

Explanation

destination-network-address: destination network address of the remote network

subnet mask: subnet mask of the destination network

next-hop-IP-address: the IP address of the receiving interface on the next-hop router

exit-interface: the local interface of this router where the packets will go out

pg. 15
Quick Reminder About HSRP
In this article we will discuss about brief about HSRP

Quick reminder about HSRP

 Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol.

 With HSRP, two or more devices support a virtual router with a fictitious MAC address and
unique IP address

 Hosts use this IP address as their default gateway and the MAC address for the Layer 2
header

 The virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group.
Multiple groups (virtual routers) are allowed.

 The Active router forwards traffic. The Standby router is backup and monitors periodic
hellos (multicast to 224.0.0.2,

 UDP port 1985) to detect a failure of the active router.

 The active router is chosen because it has the highest HSRP priority (default priority is
100). In case of a tie, the router

 with the highest configured IP address wins the election

 A new router with a higher priority does not cause an election unless it is configured to
preempt.

HSRP States

 Initial: HSRP is not running.

 Learn: The router does not know the virtual IP address and is waiting to hear from the
active router.

 Listen: The router knows the IP and MAC of the virtual router, but it is not the active or
standby router.

 Speak: Router sends periodic HSRP hellos and participates in the election of the active
router.

 Standby: Router monitors hellos from active router and assumes responsibility if active
router fails.

 Active: Router forwards packets on behalf of the virtual router.

pg. 16
Basic Notes On BGP (Border Gateway Protocol)
BGP

RIP, OSPF and EIGRP are all different but they have one thing in common…they want to find
the shortest path to the destination. But when coming to Internet being able to manipulate
traffic paths is far more important than finding the shortest path. There is only one routing
protocol we currently use on the Internet which is BGP.

Within an autonomous system we use an IGP like OSPF or EIGRP. For routing between the
different autonomous systems we use an EGP(external gateway protocol). The only EGP we
use nowadays is BGP. We can say internet as a bunch of autonomous system that are
connected to each other. We need to register AS number for BGP just like public IP address.
Autonomous system numbers are 16-bit which means we have AS from 1 up to 65535.
There’s also a private range (64512 – 65535) which we can use for non-internet usage

There are two types of BGP:

1. External BGP: Used for routing between autonomous systems

2. Internal BGP: Used for routing within the autonomous system.

Points to Remember

 BGP is the routing protocol we use to route between autonomous systems:

 BGP guarantees loop-free routing information.

 BGP is completely different than IGPs.

 BGP avoids loops by using path vector routing protocol [BGP saves path when they enter
inside a AS]

 BGP doesn't use metrics but a rich set of BGP attributes.

 BGP uses TCP port 179

 Administrative distance of EBGP is 20

 Administrative distance of IBGP is 200

 Authentication used in BGP is MD5

 Currently using BGP v4

 BGP saves paths to all destination in a table called forwarding table.Best path from
forwarding table is saved in routing table

 Routers running BGP is termed as BGP speakers

 BGP neighbors are called Peers. Peers must be configured statically

 BGP was built for reliability and Control but not for speed.

pg. 17
 Once BGP peers form a neighbor relationship, they share their full routing table.
Afterwards, only changes to the routing table are forwarded to peers.

CISCO recommendation on BGP

Use BGP
- When AS is multi-homed
- When AS is a transit AS

Do not use BGP

- In a single homed AS
- With a router that does not have sufficent resources to handle it
- With a staff who does not have a good understanding of BGP path selection and
manipulation

Neighbor States

 Idle : Neighbor is not responding

 Active : Attempting to connect

 Connect : TCP session established

 Open Sent : Open message sent

 Open Confirm : Response received

 Established : Adjacency established

Packet Types:
 Open : After a neighbour is confirmed manually, BGP sends an open message to establish
peering with that neighbour

 Update : Used to transfer routing information between peers

 Keep Alive : BGP peers exchange keep-alive messages in every 60 seconds by default. It
keeps the peering session alive

 Notification : Notification is a warning message send before closing connection with a BGP
Peer.

pg. 18
Ospf Notes
The highest IP address of all loopback interfaces will be chosen as Router-ID

110 is the default administrative distance of OSPF

The default number of equal-cost paths that can be placed into the routing of a Cisco OSPF
router is 4. We can change this default value by using “maximum-paths” command:

Router(config-router)#maximum-paths 2

Note: Cisco routers support up to 6 equal-cost paths

Characteristics of a link-state routing protocol

Provides common view of entire topology

Calculates shortest path

Utilizes event-triggered updates

Describe the routing protocol OSPF

It supports VLSM.

It confines network instability to one area of the network.

It allows extensive control of routing updates

Hierarchical design of OSPF (basically means that you can separate the larger internetwork
into smaller internetworks called areas) helps us create a network with all features listed like
(decrease routing overhead, speed up convergence; confine network instability to single areas
of the network).

Hello packets and LSAs from other routers are used by router running a link-state protocol to
build and maintain its topological database

To form an adjacency (become neighbour), router A & B must have the same Hello interval,
Dead interval and AREA number.

pg. 19
Configuring Basic Ospf
Routing protocol configuration occurs in Global Configuration mode. On Router, to configure
OSPF:

Router(config)# router ospf 1

Router(config-router)# router-id 1.1.1.1
Router(config-router)# network 172.16.0.0 0.0.255.255 area 1
Router(config-router)# network 172.17.0.0 0.0.255.255 area 0

Explanation

 The first command, router ospf 1, enables the OSPF process. The “1” indicates the OSPF
process ID, and can be unique on each router. The process ID allows multiple OSPF
processes to run on the same router.

 The router-id command assigns a unique OSPF ID of 1.1.1.1 for this router.

 Here in OSPF we use wild card mask along with network statement to assign an interface
to a specific area

To change OSPF bandwidth

Router(config)# interface s0
Router(config-if)# bandwidth 64

To change OSPF Cost

Router(config)# interface fa 0/0

Router(config-if)# ip ospf cost 10

Changing the cost of an interface can alter which path OSPF selected as “shortest,” and thus
should be used with great care.

To alter how OSPF calculates its default metrics for interfaces:

Router(config)# router ospf 1

Router(config-router)# ospf auto-cost reference-bandwidth 100

The above ospf auto-cost command has a value of 100 configured, which is actually the
default. This indicates that a 100Mbps link will have a cost of 1 (because 100/100 is

1).Lowest cost is better

pg. 20
OSPF passive interface
As in EIGRP,OSPF will not form neighbor ship, If the Passive interface command is configured

Router(config)# router ospf 1

Router(config-router)# network 10.4.0.0 0.0.255.255 area 0

Router(config-router)# passive-interface default

Router(config-router)# no passive-interface fa 0/0

"Passive-interface default" command make all interface passive and "no passive-interface fa
0/0" command will remove passive interface from fa 0/0 interface

EIGRP Notes
Make sure you know how to configure and troubleshoot EIGRP.

 AD of EIGRP Internal Route is 90

 AD of EIGRP external Route is 170

 AD of EIGRP summary Route is 5

Passive Interface: In EIGRP (and OSPF) the passive interface command stops sending
outgoing hello packets, hence the router cannot form any neighbor relationship via the
passive interface. This behavior stops both outgoing and incoming routing updates

Feasible successor is a route whose Advertised Distance is less than the Feasible Distance of
the current best path. A feasible successor is a backup route, which is not stored in the
routing table but stored in the topology table.

EIGRP stub advertises summary and directly connected routes. EIGRP stub routing feature
improves network stability, reduce resources utilization and simplifies stub router
configuration. Any neighbor that receives a packet informing it of the stub status will not
query the stub router for any routes. EIGRP stub configuration command increases scalability
by limiting the
EIGRP query range

Active State: When a route (current successor) goes down, the router first checks its topology
table for a feasible successor but it can’t find one. So it goes active on the that route to find a
new successor by sending queries out to its neighbors requesting a path to the lost route.

pg. 21
EIGRP Configuration And Troubleshooting
Commands
Syntax
Router(config)#router eigrp <Autonomous-system-number>
Router(config-router)#network <network address>[wild card-mask] (wild card mask is
optional)
Router(config-router)#no auto-summary
Router(config-router)#variance <multiplier> (Optional)

To influence the metric, it is possible to configure bandwidth on the interfaces:

Router(config)#Interface<interface>
Router(config-if)#bandwidth<BW in kbps>

Configure Default paths in EIGRP

Method 1: Specify a default network:

Router(config)# ip default-network < network_address >

Method 2: Create a static default route and then include network 0.0.0.0 in EIGRP:

Router(config)# ip route 0.0.0.0 0.0.0.0 < next_hop_ip >

Router(config)# router eigrp < as_no >
Router(config-router)# network 0.0.0.0

To view exchange process

Router#debug eigrp packets

To view update process

Router#debug ip eigrp

To view the neighbor table:

Router#show ip eigrp neighbors

To view the EIGRP Topology Table, containing all EIGRP route information:

Router# show ip eigrp topology

To view information on EIGRP traffic sent and received on a router:

Router# show ip eigrp traffic

To view the bandwidth, delay, load, reliability and MTU values of an interface:

Router# show interface s0

To view information specific to the EIGRP protocol:

pg. 22
Router# show ip protocols

This command provides us with information on EIGRP timers, EIGRP metrics and
summarization

To view the IP routing table:

Router# show ip route

To view a specific route within the IP routing table:

Router# show ip route 10.3.0.0

To debug EIGRP in realtime:

Router# debug eigrp neighbors

Router# debug eigrp packet
Router# debug eigrp route
Router# debug eigrp summary

pg. 23
 IPv6 Notes
Features of the IPv6 protocol

 Autoconfiguration
 No broadcasts
 Plug-and-play
 A single interface may be assigned multiple IPV6 addresses of any type.
 Every IPV6 interface contains at least one loopback address.

With IPv6, devices can build a link-local address automatically. But notice this address is only
used for communications within the local subnetwork, routers do not forward these
addresses.

Below is the list of common kinds of IPv6 addresses:

Loopback address ::1

Link-local address FE80::/10

Site-local address FEC0::/10

Global address 2000::/3

Multicast address FF00::/8

SNMP protocol can cause overload on a CPU of a managed device

TRAP and INFORM are the alert message generated by SNMP agents

In a GLBP network, AVG is responsible for the arp request

Components of SNMP

1. MIB
2. SNMP Manager
3. SNMP Agent

3 features are added in SNMPv3 over SNMPv2

1. Message Integrity
2. Authentication
3. Encryption

Popular destinations for syslog messages to be saved

1. The logging buffer .RAM

2. The console terminal
3. Syslog server
pg. 24
The benefit of using Netflow

1. Network, Application & User Monitoring

2. Security Analysis
3. Accounting/Billing

3 things that the Netflow uses to consider the traffic to be in a same flow

1. IP address
2. Port numbers
3. L3 protocol type

NAT Notes
With static NAT, translations exist in the NAT translation table as soon as you configure static
NAT command(s), and they remain in the translation table until you delete the static NAT
command(s).Because static NAT translations are always present in the NAT table so outside
hosts can initiate the connection without being dropped

With dynamic NAT, translations do not exist in the NAT table until the router receives traffic
that requires translation. Dynamic translations have a timeout period after which they are
purged from the translation table.

By not reveal the internal Ip addresses, NAT adds some security to the inside network

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-
address the inside hosts

Frame Relay Notes

To configure subinterface for Frame Relay, first we have to remove the IP address from the
physical interface and choose a Frame Relay encapsulation.

The PVC STATUS displays the status of the PVC. The DCE device creates and sends the report
to the DTE devices. There are 4 statuses:

ACTIVE: the PVC is operational and can transmit data

INACTIVE: the connection from the local router to the switch is working, but the connection
to the remote router is not available

DELETED: the PVC is not present and no LMI information is being received from the Frame
Relay switch

STATIC: the Local Management Interface (LMI) mechanism on the interface is disabled (by
using the “no keepalive” command). This status is rarely seen so it is ignored in some books.

pg. 25
DLCI: DLCI stands for Data Link Connection Identifier. DLCI values are used on Frame Relay
interfaces to distinguish between different virtual circuits. DLCIs have local significance
because the identifier references the point between the local router and the local Frame Relay
switch to which the DLCI is connected.

Committed information rate (CIR): The minimum guaranteed data transfer rate agreed to by
the Frame Relay switch. Frames that are sent in excess of the CIR are marked as discard
eligible (DE) which means they can be dropped if the congestion occurs within the Frame
Relay network.

Note: In the Frame Relay frame format, there is a bit called Discard eligible (DE) bit that is
used to identify frames that are first to be dropped when the CIR is exceeded.

Local Management Interface (LMI) is a signalling standard protocol used between your
router (DTE) and the first Frame Relay switch

Inverse ARP is a technique by which dynamic mappings are constructed in a network,

allowing a device such as a router to locate the logical network address and associate it with
a permanent virtual circuit (PVC).

Short Note On Etherchannel

Etherchannel is a technology that lets you bundle multiple physical links into a single logical
link.

We know if we connect two switches via one cable there will not be any loop and no need of
STP.But if we connect two or more cables between two switches there will be chance for
loops. In normal case STP will run and prevent formation of loops. But the problem is we can’t
add redundancy between switches.

Etherchannel can bundle all physical links into a logical link with the combined bandwidth.For
example if there are 4 fast Ethernet cables between switch A and Switch B, by combining 4x
100 Mbit I now have a 400 Mbit link. Spanning tree sees this link as one logical link so there
are no loops!

Etherchannel will do load balancing among the different links that we have and it takes care
of redundancy. Once one of the links fails it will keep working and use the links that we have
left.we can use up to 8 physical interface in one bundle

pg. 26
We can configure Etherchannel using two protocols

 PAgP(Cisco proprietary)
 LACP (IEEE standard)

These protocols can dynamically configure an etherchannel. It’s also possible to configure a
static etherchannel without these protocols doing the negotiation of the link for you.

PAgP and LACP will check if the configuration of the interfaces that you use are the same. If
you are going to create an etherchannel you need to make sure that all ports have the same
configuration:

 Duplex has to be the same.

 Speed has to be same.
 Same native AND allowed VLANs.
 Same switchport mode (access or trunk).

Netflow
What is NetFlow?

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and
monitoring network traffic Flow.

It can also used to determine where traffic is coming from, where it is going to, and how
much traffic is being generated.

NetFlow-enabled routers export traffic statistics as NetFlow records which are then collected
by a NetFlow collector.

What is a NetFlow Collector?

Routers that have the NetFlow feature enabled generate NetFlow records. These records are
exported from the router and collected using a NetFlow collector.

The NetFlow collector then processes the data to perform the traffic analysis and presentation
in a user-friendly format.

NetFlow collectors can take the form of hardware-based collectors (probes) or software-based
collectors.

pg. 27