CCNA Study Notes

Connecting to a Cisco Switch

Console ports are serial, so you will need to connect directly using a serial port (DB-9), or use a usb-Db9 Adapter to connect to the console cable.

• 9600 baud rate (frequency)
• 8 data bits
• 1 stop bit
• Parity > None   (Error detection)
• Flow control > None

CLI

This is incomplete

Switch> –> User EXEC mode

Switch# –> Privileged EXEC mode

Switch(config)# –> Global config mode

enable password ____

service password-encryption (not safe)

enable secret ______(preferred)

copy run start –> write memory –> wr

show arp

show mac address-table

clear mac address-table dynamic

desc ________

show interfaces

show ip interface brief

int range f0/# – #

Router# show ip route –> displays routing table

vlan vlan __ (create VLAN)

name _____ (name VLAN)

int __ OR int range __

switchport mode access (put interface in access mode)

switchport access vlan __ (assign port to VLAN)

Ethernet frame

Ethernet Header:

• Preamble: 10101010 * 7
  • 7 Bytes (56 bits) of alternating 1’s and 0’s to allow devices to synchronize their receiver clocks.
• Start frame delimiter (SFD): 10101011
  • This is 1 byte (8bits) of alternating 1’s and 0’s similar to the preamble but it ends with two consecutive 1’s to signal the end of the preamble and the beginning of the rest of the frame.
• Destination:
  • MAC address of receiving device.
• Source:
  • MAC address of sending device.
• Type/length:
  • 2 byte (16 bit) field containing a value that represents either the length or the type. A value of 1500 or less in this field indicated the length of the encapsulated packet (in bytes). A value of 1536 or greater in this field indicates the type of the encapsulated packet (usually IPv4 or IPv6) and the length is determined via other methods.
  • IPv4 = 0x0800 (hexadecimal) 2048 in decimal.
  • IPv6 = ox86DD (hexadecimal) 34525 in decimal.

Ethernet Trailer:

• Frame check sequence:
  • 4 bytes (32 bits) in length.
  • Detects corrupt data by running a CRC algorithm over the received data.
  • CRC = Cyclic redundancy check.

REMEMBER THE LENGTHS OF EACH:

  7             1           6               6            2            4

• The Preamble and SFD are usually not considered a part of the Ethernet header as they don’t really contain any data. Therefore, the size of the Ethernet header and trailer is 18 bytes (6 + 6 + 2 + 4).
• The minimum size for an Ethernet frame (header + payload + trailer) is 64 bytes.
• 64 bytes – 18 bytes = 46 bytes. Therefore the minimum payload (packet) size is 46 bytes.
• If the payload is less than 46 bytes, padding will be added in the form of 0s.

ARP

Address resolution protocol is use to discover Layer 2 addresses (MAC) of a known Layer 3 address (IP).

• ARP request (broadcast Ethernet frame)

Sent by the client that is trying to discover another clients MAC address on a LAN.

• ARP reply (unicast Ethernet frame)

Sent by a client that receives an ARP request for it’s own IP.

• FFFF.FFFF.FFFF is the Broadcast MAC address (which is the destination address for all ARP requests)
• ARP table holds information regarding Layer 3 addresses to Layer 2 addresses. When the requesting client receives an ARP reply, it will learn the other party’s MAC address and store it along side the known IP address for future use. You can view this with the arp -a command. Or show arp on Cisco IOS.

Ping

After ARP has been completed and each device knows each others MAC addresses, you can ping a

device by sending an ICMP echo request.

• ICMP Echo Request

After ARP has been completed and each device knows each others MAC addresses, you can ping a device by sending an ICMP echo request.

•  
• ICMP Echo Reply

IP addressing

• Maximum hosts = 2^n -2  where n = number of host bits.

When converting # of hosts to desired subnet, think, 2 to the power of ___ -2 is equal to or higher than the desired number of hosts. For example, if you would like to have 16 hosts, count your power of 2s.

2 4 8 16 32. (2 ^ 4 – 2 = 30) This means we need 4 host bits (11110000) (255.255.255.240).

Speed/Duplex If a switch is not able to perform auto-negotiation, it will try to sense its speed. If this fails it will default to the slowest capabilities of the port, usually 10Mbps Half-Duplex. If it senses the speed, but auto0negotiation still fails, it will set the speed to the speed of the client, but the duplex setting will depend on the speed of the client. For 10 and 100Mbps connections, it will default to Half-Duplex. For

connections of 1000Mbps, it will default to Full-Duplex. If there is a Duplex mismatch, collisions will occur resulting in poor network performance. Devises operating in the same collision domain,  they will need to use CSMA/CD to mitigate the affects of collisions. In this case, the devices will listen on the wire for transmissions and only send frames when they don’t detect other transmissions. If there happens to be a collision, the device will detect the collision, and send out a signal jammer. When this is done, all devices on the collision domain will stop transmitting for a random amount of time.

Interface statistics

Switch#show interface interface_id

• Runts: Frames smaller than 64 Bytes.
• Giants: Frames larger than 64 Bytes.
• CRC: Frames that failed their cyclic redundancy check in the Ethernet FCS trailer.
• Frame: Frames that have an incorrect format (due to an error)
• Input errors: Total of various counters, such as the above four.
• Output errors: Frames that the switch tried to send, but failed due to an error.

IPv4 Header

Just need to remember the purpose of each

Version – 4 bits –> identifies the version of IP used

• 0100 (IPv4)
• 0110 (IPv6)

IHL – 4 bits –> Internet header length.

• The final field (options) is variable, so this field specifying header length is necessary.
• This field identified the length in  4-byte increments.
• If value = 5 –> 5 x 4 = 20 –> Length = 20 bytes.
• 5 (20 bytes) is the minimum value  (empty options field)
• 15 (60 bytes) is the maximum value.

DSCP – 6 bits –> Differentiated services code point

• Used for QOS
• Used to prioritize delay-sensitive data (streaming, voice, video)

ECN – 2 bits –> Explicit congestion Notification

• provides end-to-end (between two endpoints) notification of network congestion without dropping packets.
• This field is optional and required both endpoints, as well as the underlying network infrastructure to support it.

Total length – 16 bits

• Indicates the total length of the packet (L3 header + L4 header + packet)
• Measured in bytes
• Minimum value of 20 (minimum header size with no encapsulated data)
• Maximum value of 65535 (Maximum 16 bit binary value)

Identification – 16 bits

• if a packet is fragmented (more than the MTU of 1500 bytes) this field will identify which packet the fragment belongs to.
• All fragments of a single packet will have the same number in this field.
• Packet MTU and Ethernet frame maximum payload are the same. As the payload of an Ethernet frame is the packet.

Flags – 3 bits – Used to control/identify fragments

• Bit 0: Reserved, always set to 0
• Bit 1: Don’t Fragment (DF bit). It is used to indicate a packet that should not be fragmented. If it is set to 1, the packet will not be fragmented.
• Bit 2: More fragments (MF bit). it is used to  indicate of there are more fragments belonging to this packet. If it is set to 1, there are more fragments. If it is set to 0, it is the last fragment.

Fragment offset

• Used to indicate the position of the fragment within the original, unfragmented IP packet.
• This allows the packet to be reassembled, even if the fragments arrive out of order.

TTL – Time to live

• Router drop packets when the TTL reaches 0.
• The recommended default TTL is 64.

Protocol – Indicates the protocol of the encapsulated L4PDU

• Value of 6 = TCP
• Value of 17 = UDP
• Value of 1 = ICMP
• Value of 89 = OSPF

Header Checksum – 16 bits

• Used to check for errors in the header.
• When a router receives a  packet it calculates the checksum and compares to the one in this field.
• If they do not match, the router drops the packet.
• IP relies on the encapsulated protocol to detect errors in the packet it’s self. This checksum is only or the header.

Source IP  – 32 bits in length (Sender IP address)

Destination IP – 32 bits in length (Recipient IP address)

Options – 0-320 bits

• If the IHL field is greater than 5, options are present.
• This is rarely used.

Routing fundamentals

Router# show ip route –> displays routing table

Connected (Code C) specifies devices connected to an interface

Local (Code L) specifies interfaces directly on the router it’s self.

/32 subnet mask specified that all characters are fixed. This would indicate an interface that is configured on the router.

Static routes are needed to speak to networks that are not local or connected. Each router needs 2 routes configured for 2-way communication. ie:

To configure the R1 router in the example above, type one of the following:

• ip route 192.168.4.0 255.255.255.0 192.168.13.3  (next hop)
• ip route  192.168.4.0 255.255.255.0 g0/0  (interface)
• ip route  192.168.4.0 255.255.255.0 g0/0 192.168.13.3 (interface, next hop)

If you only specify the interface, and not the next hop, it will display the route as directly connected.

Default route is a route to 0.0.0.0/0, this is the least specific route possible. A router will always choose the most specific matching route, and it will drop packets that do not have a matching route at all.

Default routes are most commonly used to route traffic to the internet via the default gateway.

Gateway of last resort is another name for default gateway. Set this with ip route 0.0.0.0 0.0.0.0 intended-default-route

IP addressing

/31 = Point to point

/32 = Single client

First octet is what determines the class of address, this will make classes easy to remember/identify/

Think of “borrowed bits” not network bits. Network bits > Borrowed bits > Host bits.

FLSM = Fixed length subnet mask

VLSM = Variable length subnet mask

VLANs

VLANs break up LANs at layer 2, whereas Subnetting breaks up LANs ONLY at layer 3.

• If a PC sends a broadcast frame, a switch only sees the destination MAC address of FFFF.FFFF.FFFF (layer 2) and it will forward it regardless of subnets (layer 3). This results in decreased performance and security

show vlan brief (br) – shows VLAN information

VLAN 1 is the default VLAN for traffic. VLANs 1002, 1003, 1004 & 1005 also exist by default and cannot be deleted. They are used for FDDI and token-ring which are legacy technologies.

conf t

vlan vlan __ (create VLAN)

name _____ (name VLAN)

int __ OR int range __

switchport mode access (put interface in access mode)

switchport access vlan __ (assign port to VLAN)

To access vlan config simply type vlan __ in config terminal.

LAN = 1 Broadcast domain

Trunks: Switches will tag all frames that they send over a trunk port, They do not need to do this with access ports as they are limited to 1 VLAN.

Trunk port = Tagged port

Access port = Untagged port

ISL ((Inter-Switch Link)-–> ISL is an old Cisco proprietary protocol created before the industry standard IEEE 802.1Q

802.1Q (dot1q) –> Is an industry standard protocol created by the IEEE (institute of electrical and electronics engineers)

TPID –> Always set to a value of ox8100. This just indicated that the frame is dot1q tagged. This ensures the frame is not processed as the length field.

(TCI) –> Consists of PCP, DEI, VID.

PCP –> Priority code point, it is used for Class of Service (CoS), which prioritizes important data on congested networks.

DEI –> The Drop Eligible Indicator. Indicates whether a frame can be dropped if necessary to ensure important traffic gets through.

VID –> Identifies the VLAN that the frame belongs to. This field is 12 bits in length 2^12 = 4096. This means there are 4096 possible VLANs (0-4095).

VLAN Ranges

VLANs 0 and 4095 are reserved, so the usable range is 1-4094.

Normal –> 1 – 1005

Extended –> 1006 – 4094

Some older devices cannot use the extended VLAN range, however, it is safe to expect that modern switches support the extended VLAN range.

Native VLAN

The Native VLAN is VLAN 1 by default on all trunk ports, however, this can be manually configures on each trunk port.

The switch does not add a dot1q tag to framed in the native VLAN. This means all switches in the network must have the same Native VLAN for this to work.

Configuring Trunks

SW1( config-if )#switchport trunk encapsulation dot1q

SW1( config-if )#switchport mode trunk

SW1#show interfaces trunk

By default, all VLANs can communicate over this trunk.

SW1( config-if )#switchport trunk allowed vlan 10,30              (10,30)

SW1( config-if )#switchport trunk allowed vlan add 20             (10,20,30)

SW1#show interfaces trunk

SW1( config-if )#switchport trunk allowed vlan remove 20       (10,30)

SW1( config-if )#switchport trunk allowed vlan all                     (all/default)

SW1( config-if )#switchport trunk allowed vlan except 1-5,10   (allows all except 1-5 and 10)

SW1( config-if )#switchport trunk allowed vlan none                  (no traffic)

Always changed the VLAN to an unused VLAN

SW1( config-if )#switchport trunk native VLAN 1001 (vlan_id)

Show interfaces vlan will not show trunk ports, use show interfaces trunk instead.

Router on a Stick (ROAS)

One interface connected from router to switch, separated into multiple sub interfaces. For example, G0/0.10, G0/0.20, G0/0.30.

This is needed when using VLAN trunking on a router.

On the switch, the interface must be configured as a regular trunk. On the router the steps are as follows:

R1( config )#int g0/0

R1( config-if )#no shut

R1( config-if )#int g0/0.10

R1( config-subif )#encapsulation dot1q 10

R1( config-subif )#ip address 192.168.1.62 255.255.255.192

R1( config-subif )#int g0/0.20

R1( config-subif )#encapsulation dot1q 20

R1( config-subif )#ip address 192.168.1.126 255.255.255.192

R1( config-subif )#int g0/0.30

R1( config-subif )#encapsulation dot1q 30

R1( config-subif )#ip address 192.168.1.190 255.255.255.192

You can also configure a sub interface to use the native VLAN with:

R1(config-subif)# encapsulation dot1q vlan-id native.

You can also set the IP address of the native VLAN on the regular interface if you don’t want to use sub interfaces.

Layer 3 switching

Instead of using router on a stick, many companies use Layer 3 switches because they are more efficient.

To do this, you must configure SVIs to assign IP addresses to.

SVI –> Switch Virtual Interface

First, you must run ‘ip routing’ in global config, you can then create SVIs with ‘interface vlan __’ and setting an IP address.

You must create a routed port for the next hop with the ‘no switchport command’.

SW1( config )#ip routing

SW1( config )#Int g0/0

SW1( config-if )#no switchport

SW1( config-if )#ip addr 10.0.0.60 255.255.255.192

SW1( config-if )#exit

SW1( config- )#ip route 0.0.0.0 0.0.0.0 10.0.0.70

You must configure the PC to use the SVI as the default gateway. NOT the router.

In interface configuration mode

For an SVI to be up/up it must:

1. The VLAN must exist on the switch
2. Must have at least one access or trunk port in the VLAN in an up/up state.
3. SVI must not be shutdown.

DTP: Dynamic Trunking Protocols

SW1( config-if )#switchport mode dynamic desirable (default on older switches)

SW1( config-if )#switchport mode dynamic auto (default on newer switches)

Should be disabled on all switchports as it can be easily abused by bad actors.

ISL will be favoured over 802.1q unless you issue this command:

SW1( config-if )# switchport trunk encapsulation dot1q

VTP: VLAN Trunking Protocol

VTP allows you to configure VLANs on a central VTP server, and VTP clients (switches) will synchronize their VLAN database to the server.

Switched operate in VTP server mode  by default.

VTP servers will store the VLAN database in NVRAM. They will increase the revision number every time a change is made. They will then propagate to any client/server with a lower revision number.

Setting VTP revision number to 0:

• Change the VTP domain to an unused domain (vtp domain ____)
• Change the VTP mode to transparent (vtp mode transparent)

Spanning Tree Protocol (STP+RSTP)

1. The switch with the lowest bridge ID will become the root bridge. All its ports will be designated ports (forwarding)

Each remaining switch will select one of it’s interfaces to be the root port. The interface with the lowest root cost will be the root port. Root ports are also in a forwarding state.

The root cost from a root bridge is always 0

BPDU – Bridge Protocol Data Unit

BPDUs are sent by the root bridge and forwarded by designated ports.

Root bridge is chosen by:

• Lowest bridge ID
• Lowest MAC

Root port is chosen by:

1. Lowest root cost
2. Lowest neighbour bridge ID
3. Lowest neighbour MAC address.
4. Lowest neighbour port ID

Bridge priority includes Extended System ID (VLAN ID) when using PVST

Bridge priority can be changed by intervals of 4096.

PVST = Per-VLAN Spanning-Tree

The default bridge priority will now be 32769 to include the default VLAN of VLAN1

Root ports (Active)

Designated ports (Active)

Non-designated ports (Blocking)

STP timers

1. Forward delay timer determined the length of the listening and learning states. This is 15s by default meaning 30s total.
2. Hello timer is how often the root bridge sends BPDUs. By default every 2s
3. Max age timer is how long an interface will wait after is stops receiving Hello BPDUs to change the STP topology.

Portfast should never be configured on a link between switches. This allows a port to skip the listening a learning state and go straight to active which can cause loops if a switch is connected to it.

SW1( config )#panning-tree portfast default

This configures portfast on all access ports.

BPDU Guard –> Shuts down a port if a BPDU is received. This should be used on any portfast switchport.

SW1( config )#spanning-tree bpduguard enable

SW1( config )#spanning-tree portfast bpduguard default

This enabled BPDU guard on all portfast enabled interfaces.

Configuring primary and secondary roots for RPVST+

SW1( config )#spanning-tree vlan 1 root primary

SW1( config )#spanning-tree vlan 2 root secondary

SW2( config )#spanning-tree vlan 2 root primary

SW2( config )#spanning-tree vlan 1 root secondary

802.1D uses long timers to make STP topology changes when a link goes down. RSTP uses a bridge-bridge handshake mechanism which allows ports to move directly to forwarding.

RSTP removes the use of the listening state. It combined the use of disabled and blocking states into one state known as discarding.

The non-designated port role was broken down into 2 new port roles.

• Alternate port – Discarding port that receives a superior BPDU from another switch.
• Backup port – Discarding port that receives a superior BPDU form the another interface on the same switch. This only happens via a hub.

UplinkFast – Allows a switch to open it’s alternate port as a root port immediately when it’s root port has failed.

BackboneFast —  Allows a switch to immediately expire it’s max age time and forward superior BPDUs to a switch that is forwarding BPDUs to a non designated port.

• With these two features, If a switch loses it’s root port, it can use uplink fast to immediately clear its mac address table open the alternate port as designated (assuming it is the new root bridge), and send BPDUs. The receiving switch can immediately forward BPDUs from the root bridge to establish a designated – root port connection with the fail over switch. The fail over switch (assuming it is now the root bridge) will receive the superior BPDUs from the original root bridge and it will accept that it is not the root bridge.

Protocol version identifier for STP = 0

Protocol version identifier for RSTP = 2

RSTP link types:

• Edge: a port that is connected to an end host. Moves directly to forwarding. (PortFast)
• Point-to-point: a direct connection between two switches.
• Shared: a connection to a hub. Must operate in half-duplex. (very uncommon)

SW1( config-if )# spanning-tree portfast

SW1( config-if )# spanning-tree link-type pont-to-point

SW1( config-if )# spanning-tree link-type shared

Point-point and shared do not need to be configured in RSTP as they are automatic and built in.

Etherchannel

• Etherchannel allows for multiple physical connections to be logically grouped as one connection. This results in higher BW as STP will not close the extra connection(s). This is represented as a circle around the link in a diagram.

• Etherchannel load balances based on flows. A flow is a communication between two nodes on the network. Frames in the same flow will be forwarded using the same physical interface.

• To see the load balance metod, use:

SW1#show etherchannel load-balance

• To configure the load balancing method use:

SW1(config)#port-channel load-balance src-dst-mac

PAGP is Cisco’s proprietary protocol. Dynamically negotiates creation/maintenance of etherchannel (like DTP for trunks)

LACP is not proprietary and can be used with all switches. Because of this, it is typically the preferred method for etherchannel.

Static Etherchannels are typically avoided to allow the etherchannel to self-manage.

SW1(config)# int range ___ – ____

SW1(config-if-range)#channel group 1 mode _____

• Desirable and auto are PaGP.
• Active and Passive are LACP.

These follow the methodology of DTP for trunks.

Channel groups numbers don’t need to match between switches (but probably should)

Useful commands for etherchannel include:

SW1(config-if)# show etherchannel summary

This will show the state of the etherchannel and all active interfaces within it.

SW1(config-if)#show etherchannel port-channel

This will show the channel group mode and number of ports in the etherchannel and what protocols are being used.