My CCENT Notes

Hey, i am going to post some of my notes to see if it helps some of you guys.

OSI and TCP (DOD) Model
7) Application layer- Interface between actual application. User needs access to network resource. This layer makes sure that the necessary resource exists between nodes and authentication occurs here. Protocols: (DNS, HTTP, Firewall, SMTP, SNMP, POP3, Telnet).
6) Presentation layer- Deals with data formatting, encryption/decryption and compression.
5) Session layer- Creates, maintains and terminates sessions between host. Also, separates application data from another application data.
4) Transport layer- Creates a logical end to end connection (virtual circuit) between host and segments data. Makes sure that data gets to destination error free. (TCP, UDP)
3)Network layer- Deals with IP and routing. Determines best path in a networking and keeps track what devices are on the network. (IP, ARP, RARP, ICMP)
2) Datalink layer- Wireless access points, DSL, Cable Modem, HDLC, PPP, Ethernet, Frame Relay and mac address. Deals with the physical transmittion of data, network topology and flow control. Error notification. (This layer is actually two sub layers, 1) MAC 2) LLC).
1) Physical layer- binary (1,0) bits, cables, plugs, pins, voltage.

TCP/IP MOdel
1)Application layer - same as app, presentation and session layer
2)Transport layer- same as transport layer of OSI model.
3)Internet layer- same as network layer
4)Network access layer- same as data link and physical layer

Data is simply called data on the App, presentation and session layer.
Data is called segments on the transport layer.
Data is called Packets in the Network layer.
Data is called Frames on the data link layer.
Data is called Bits on the Physical layer.

TCP and UDP
TCP (transmission control protocol) is a reliable connection oriented protocol. Guarantee delivery of data. It uses a "three way handshake" to establish a connection:
Scenario: Host A wants to communicate with Host B via TCP.
Step 1) Host A sends a SYN (contains sequence number) bit to Host B
Step 2) Host B replies back wih a SYN/ACK bit
Step 3) Host A replies back with a ACK (contains sequence number it expects to get) bit.

UDP (user datagram protocol). No guarantee of data, connectionless, no windowing. Why do we use UDP for? For speed since it's header is much smaller than TCP header. We would use UDP for VOIP or Video conferencing.

Properties of TCP:
1) Windowing: The amount of data a host can send without having to wait for an ACK bit.
2) Flow control: The recipient of data decides the window size.
3) PAR (positive acknowledgment with re-transmission). If an ACK bit is lost the sending host involves a ACK timer and if it still doesn't receive the ACK before the time expires it retransmit the segment.
** TCP uses sequencing and acknowledgments (in TCP header) for error recovery. The sequence number in the SYN bit tells the receiving host how to assemble the data and the acknowledgement contains the sequence number it expects to get next. **

Device on the OSI layers
Application layer, Presentation layer and Session layer: Firewalls, IDS (Intrusion detection system), Hosts
Transport Layer: Firewalls, Hosts
Network Layer: Routers, Layer 3 switches (dont need to know this for the exam).
Datalink Layer: Layer 2 Switches, bridges, WAP, Cable modems, DSL
Physical Layer: Hubs, multiport repeaters, cables

Find more posts tagged with

Comments

SharkDiver

Good job.

I might add the following:
Physical Layer - Repeaters and Hubs
Data Link Layer - Switches and Bridges
Network Layer - Routers and Layer 3 Switches (Multi-Layer Switches)

GOZCU

after this beginner level of the notes it is also a good idea to take a look to the basic switch configurations

Lab-1 Basic Switch Configurations « studentCodes

craigaaron

Well done. very good read

IRJesus

Nice link and good notes from above. I just began studying for my CCENT this morning with the shipment of a couple of routers.

sizeon

HUBS and CSMACD
Hubs are layer 1 devices. All a hub is a multi-port repeater. Hubs are 1 collision domain and 1 broadcast domain no matter how many host are connected to it. How does it work? When a host sends or receives information the hub will send that information to all host plugged into the hub except the port where the information came from. This is bad because every host gets the information so bandwidth becomes congested. Hubs are half duplex meaning you can only send or receive data one at a time. Hubs and Ethernet uses CSMACD to help with collisions. Collision is when two pieces of information collide. If this happens the data is unusable.
CSMACD: Carrier sense multiple access with collision domain (3 steps)
Step 1: A host listens on the wire (cat 5 cable, etc..) to see if another host is transmitting. If its not transmitting it sends data.
Step 2: When a collision occurs, the host sends out a JAM signal (broadcast that lets every host know that a collision occurred).
Step 3: The colliding host both summon a random back off timer (A.K.A random algorithm) which lets the host know when they can retransmit.
** All host have equal priority after timer expires **
Full duplex: can send and transmit data simultaneously (can be used on switch to switch, host to switch or host to host via cross over cablel). Uses auto-detect mechanism which checks to see if the devices can run 10 or 100 mbps and half or full duplex.
UDP vs TCP, Ports, Ethernet and Cabling
Similarities between UDP and TCP: They both have source and destination port on the header as well as checksomes.
Multiplexing: A mixture of data stream.
Socket: Combination of ip address and port. (e.g. 192.168.1.100:80 or 192.168.1.100, TCP, 80)
** All ports up to 1024 are known as "know ports".
Ports to memorize:
- FTP (file transport protocol): TCP, ports 20 and 21. Used to upload and download files. Supports admin and security settings.
- SSH (secure shell) : TCP, port 22. Used to establish a secure remote connection via encrypted keys.
- Telnet: TCP, port 23. Used to establish a non-secure remote connection via clear text keys.
- SMTP (simple mail transfer protocol): TCP, port 25. used to send mail.
- HTTP: (Hypertext transfer protocol):TCP port 80. Mainly used to transfer data in a formatted way.
- POP3( post office protocol version 3): TCP 110. Used to receive mail.
- SSL (secure socket layer):TCP port 443. Used to encrypt data.
** HTTPS (is http running over SSL) **
- DHCP (Dynamic host configuration protocol): UDP, ports 67 and 68. Used to assign host network settings automatically such as ip address, subnet mask, default gateway, dns, lease and more.
- TFTP (trivial file transport protocol): UDP port 69. Used for low amount of file transfer. Poor admin settings.
- SNMP (simple network management protocol): UDP port 161. Used to manage network.
- DNS (Domain name service/system/server): UDP and TCP port 53. Maps a hostname to an ip address.
*** port 24 is generally reserved for private mail systems ***
Ethernet: 802.3 technology that allows host to share bandwidth in the same link. Uses CSMACD. Logical bus topology.

10base-T: Specifies by IEEE 802.3. cat 3 UTP (untwisted pair) cable. max length 100 feet, 10 mbps
10base5: used by CSMACD, coaxial cable with capacity of 10 mbps and 500 meter long.
10base2: used by CSMACD, coaxial cable with capacity 10 mbps and 180 meters long.
100baseTX: fast ethernet. Specifies by IEEE 802.3u cat 5,6,7 UTP cable. 100 mpbs and 100 meters long.
1000baseT: Gigabyte ethernet. Specifies by IEEE 802.3ab. Cat 5 UTP (4 pins rather than the normal 8 pin RJ45). 1 Gigabyte per second and 100 meters long. Doesnt use copper wire.
100baseFX: used multi mode fibre wire. up to 412 meters.
1000baseLX: used single mode fiber cable. up to 10 kilometers long.
CATEGORY cable: UTP cable that uses 8 pin RJ45 connector. pins 1 and 2 transmit and 3,6 recieve.
*** Fiber cables are good against EMI (electrode magnetic interference)

Straightthrough cable: USed to connect host or router to switch or hub. Pins on the wire corresponds to the pins on the device.
Cross over cable: used to connect similar devices. Router to router, host to host, host to router, switch to switch, switch to hub, hub to hub.
Rolled cable: Used to connect a computer to the console port of a router or switch. All eight pins are in reverse order. (e.g. pins 1,2,3,4,5,6,7,8 connects to pins 8,7,6,5,4,3,2,1 on the network device).

MAC Address (Media Access Control)
MAC address are used to send data to the correct host on a LAN. MAC ADDRESS NEVER LEAVES THE LAN!!!!
Mac address are also know as ethernet address, NIC address, burned address, physical address, LAN address.
Mac address are 48 bits (hexidecimal) long and contain two parts. 1) OUI (organizational unique identifier) which is assigned to the hardware by the IEEE (24 bits) 2)value assigned by vendor.

*** aa:bb:cc: dd:ee:ff OUI part, vendor part ***

There are two types of mac address:
1) Broadcast: ff-ff-ff-ff-ff-ff case insensitive). Everybody gets it
2) Multicast: only a group of host gets it. (0100.5e 00-00-00 through 7f-ff-ff)

sizeon

Cisco's Three layer Hierarchy model
Why do we care about cisco's model? Because it is used to design, maintain scalability, reliable and cost effective networks.
Core Layer: The core of the network. Its job is to switch traffic as fast as possible with reliability.
Dont: Dont do anything to slow down the network such as access list, packet filtering and routing between VLANS. Don't support workgroup access and don't add devices.
Do: Utilize speed such as fast ethernet, ATM, etc... DO select routing protocols with fast convergence time (EIGRP, OSPF).
Distribution Layer: Communication point between the core and Access layer. Handles traffic for remote services (WAN, routing, filtering). Here you would implement routing, access list, security and network policies.
Access Layer (a.k.a Desktop layer): Controls user and Work group access to the network resource. Here you would implement work group connectivity and segmentation.

sizeon

Layer 2 Switching
A switch is a layer 2 device that creates collision domains. Each port on a switch is its own collision domain.
Microsegmentation- 1 collision domain per port/interface.
A bridge is also a layer 2 device and is similar to a switch.
Differences: bridge is software base and contains less ports. A switch is hardware base and contains many ports.
Switches use ASIC (application specific integrated circuit) to switch frames. It is also much faster than a bridge.
A switch has three purpose:
1)Mac Address learning
2) Forward/Filter frames
3) Loop Avoidance

A switch uses a Mac address table (A.K.A switching table, CAM table, forward filter table) to determine the path of a frame. When the switch is first turned on it uses the source mac address of a frame to build the table. A switch does one of three things when it receives a frame:
1) Flood- The switch looks at the destination mac address of a frame and checks its mac address table. If the destination mac address is not on the mac table it will flood it out all ports except the one it came from.
2) Forward- The switch checks the destination mac address of a frame. If the destination mac address of the frame is on the table it will forward it out to its corresponding port.
3) Filter- If the incoming frame is on the same port of the source and destination mac address, it will drop it.

A switch has three methods on how to process a frame for forwarding:
1) Store and forward- The entire frame will be stored and check to see if it has no errors. If no errors forward the frame, else drop it. (Best error correction but slowest).
2) Cut through- The frame is not checked at all for errors and it will be forward out asap. (Best speed but no error correction).
3) Fragment free- The first 64 bytes of a frame will be checked for errors. If not errors it will be forward, else drop it. (Good speed and good reliability).

The switch will check the FCS(Frame check sequence) for errors. The FCS contains the cyclic redundancy check which houses a specific value. If the host doesn't match the CRC it is considered an error.

Switches use STP (Spanning Tree Protocol) to prevent loops. Loops are when frames travel through the same switch multiple times.
How does STP work: STP uses an algorithm to determine a loop free path. All ports that are not on the loop free path are placed into blocking mode.
STP is considered converged when ports are either on blocking or forwarding mode.
Switches uses link speed to determine loop free paths.

Basic Switch security and commands
To show the mac address table on a switch type: "show mac-address-table" on user exec mode.
Switches by default want to trunk (trunking is connecting two switches together). To disable trunking type: "switchport mode access" on the on interface config mode.
** To get to interface config mode type 1) enable 2) config t 3) int <interface> (e.g.. int f0/1) **
Broadcast are a killer on switches. Broadcast storms are when there are too many broadcast on a switch. To combat this segment your network into a smaller one or place ports on VLANs (Virtual local area network).
VLAN- When you take ports on a switch and create a separate LAN.
To put ports on VLANs type the following command: "switchport vlan <vlan name>" on interface config mode.
Hosts that are on VLANS are treated as a separate network and CANNOT COMMUNICATE WITH OTHER HOST. You must use a router to do so.
All ports on a switch are open by default. You can either put then on a separate vlan or close then using the "shutdown" command on interface config mode.
To enable security on ports you must use the command "switchport mode access".

"S1(config-if)#switchport port-security violation <option>" will specify what to do when a non-secure mac address is detected.

There are three ways (options) to handle an non-secure mac address:
1) Shutdown- The frame will be dropped and will be reported to the log. The port will also be shut down.
2) Protect- The frame will be dropped and reported to the log.
3) Restrict- The frame will be dropped.

"S1(config-if)#switchport port-security mac-address sticky" command lets the switch retain the first mac address that is received.
"S1>show port-security interface <int>" shows you port security of a particular interface.
Note: If you type show port-security interface <int> and it shows you an "err-disable" message the LED of the port will go off and you have to manually bring it back up with the "no shutdown" command on interface config mode.
"S1(config-if)#switchport port-security maximum <#>" allows you to set the maximum number of mac address can be accepted.
*** In-order to remote log-in into a switch you must define a default gateway on the switch with the "S1(config)#ip default-gateway <ip>" command. ***

The following LEDS are explained:
SYST- (system).
RPS- redundant power supply.
Duplex- LED on means full duplex, off means half duplex.
Speed- LED on means 100 mbps, off means 10 mbps, blinking means 1 GIG per sec.
STAT- means status

** On a switch interface VLAN 1 is considered the management interface **
** If you see an amber light on a switch that means that the P.O.S.T failed **

sizeon

Routers and CISCO IOS (Internetwork operating system)

A router is a layer 3 device that connects different networks and determine the best path of a packet through the network. A router goes through the following phases when turned on:
1) The bootstrap loads the router and starts a P.O.S.T (power on self test) tets. This test makes sure that the basic functions of the router is working (e.g.. interfaces, cpu, ram).
2) If the post is successful, it will look into flash memory to load a valid IOS image. The IOS image is the operating system of the router. If no valid IOS image is found it will broadcast to a TFTP server and finally look for one in ROM.
3) After loading a IOS imagae successfully, the bootstrap will look for a valid Startup configuration file. It is stored in NVRAM. The startup configuration file contains all your configurations. After it loads the startup config file it will place it into RAM and it will now be called the running configuration.

*** If a startup config file can't be found, it will enter "setup" mode which is a mode that prompts you with numerous questions that helps you config a router ****

Key Terms
ROM- Read Only Memory. Stores the Bootstrap and P.O.S.T. Can only read and not write or modify.
Flash Memory- Contains the Routers IOS image.
RAM- Random Access Memory. Cantains the running config file and operational information such as routing tables. Loses information when router is powered off.
NVRAM- Non volatile RAM. It retains it's content even if the router is turned off (similar to a hard drive). Contains the startup config file.

You can enter the setup mode by using the following command "setup" in privilege mode.
You can choose what file to boot from flash by using the following command in global exec mode: "boot system flash <file name>".
To erase the contents from NVRAM you can use the command "write erase" in privilege exec mode.
To copy a IOS image from a TFTP server into flash you use "copy tftp flash" command in privilege exec mode.
To copy a IOS image from a flash into a TFTP server you use "copy flash tftp" command in privilege exec mode.
To copy the startup config file to a TFTP server you use "copy start tftp" command in privilege exec mode.
To view the contents of flash memory use: "show flash". It will show you the files inside flash memory and its size.
The "show version" command tells you information about the router hardware and IOS. It also shows you the config-register.
The config register tells the router how to boot. There are three config-register you must know:
1) 0x2102 (The router boots up normally and loads the startup config from nvram.
2) 0x2142 (The router bypasses the content in nvram and goes into setup mode).
3) 0x2100 (The router goes into ROM monitor mode which is use from diagnostic and troubleshooting. Here is where you would do password recovery).

To change the config-register use: "config-register <register>" in global exec mode.
*** When you change the config register you must restart the router in order for the changes to take effect.***
To restart a router you use the "reload" command in privilege exec mode.
To view the running config you use the "show run" command in privilege exec mode.
To view the startup config you use the "show start" command in privilege exec mode.
To copy the running config over the start config you use the "copy run start" command in privilege exec mode.
To copy the startup config over the running config you use the "copy start run" command in privilege exec mode.

Cisco Discovery Protocol (CDP)
The CDP is a proprietary protocol that shows you information about connected devices.
"show cdp" shows you the CDP timer and CDP holdtimes. CDP timers determine how often to send CDP packets and CDP holdtime determines how long can you retain those packets.
"CDP timer <timer in sec>" command in global exec mode sets the CDP timer.
"CDP holdtime <timer in sec>" command in global exec mode sets the CDP holdtime.
*** To turn off CDP on a router use the following command in global config mode "no cdp run" ***
*** To turn off CDP on a particular interface or port use "no cdp enable" on interface config mode ***
The "show cdp neighbor" command shows you the connected devices.
The "show cdp neighbor details" or "show cdp entry *" shows you IP address, Hostname and IOS version of attached devices.
The "show cdp entry * protocol" shows you the IP address of attached devices.
The "show cdp entry * version" shows you the IOS version of attached devices.
The "show cdp traffic" command shows you the cdp timer and holdtime packets sent and recevied as well as cdp errors.
The "show cdp interface" command shows you the sent and received cdp packets as well as the encapsulation method and the layer 1 and 2 status of an interface.

Remote Connections
You can return to the console without terminating your telnet connection by using the following key strokes: "ctrl + shift + 6" and then press "x".
The "show sessions" command shows you connections made from your router to remote devices.
*** The "*" next to a connection means it was your last connection made ***
The "show users" command shows all active console and vty ports.
"disconnect <connection>" command lets you disconnect from a particular telent connection.
To allow a router to use a DNS server use the following command:
1) "ip domain-lookup" global exec mode
2) "ip name-server <ip of dns server>"
3) "ip domain-name <domain name>" appends domain name to host name

The "show hosts" command shows you the DNS cache.

*** When telnetting you need to use the "terminal monitor" command in order to see debugging info. ***

fredmoogie

thank you very much for this....very good overview!

Ltat42a

sizeon wrote: »

1) 0x2101 (The router boots up normally and loads the startup config from nvram.

Shouldn't this be 0x2102???

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(2

, RELEASE SOFTWARE (fc5)

--snip---

Configuration register is 0x2102

OpenSource

Thanks for the notes. I'm always looking for straight forward and direct note style information. Look forward to seeing more.

sizeon

It could be 0x2101 or 0x2102. It works either way but i edit it to 0x2102 since that will be on the test.

sizeon

Routing
Routing protocol- Determines the best path of a packet in a network. (e.g. RIp, EIGRP, OSP).
Routed protocol- Method of delivery of a packet. (e.g. IP and IPv6, apple talk, IPX). **Dont need to know**
All a router cares about is the network itself. A router learns about networks 3 ways:
1) Directly connected networks
2) static network- A static network is a network that a person manually configures.
3) Dynamically- Learned via a routing protocol. In our case, RIP (Routing information protocol).
When a router receives a packet, there are three possibilities regarding it's destination:
1) Destined for a directly connected network
2) Destined for a non-directly connected network that the router has an entry for in it's routing table.
3) Destined for a non-directly connected network that the router does not have an entry for.

For decision #1, the router looks at it's routing table and forwards the packet to it's destination since it knows how to get there. (It knows how to get there because the destination is directly connected to the same router the packet came in.)
For decision#2, the router checks it's routing table and sees if it has an entry. If it has an entry on its routing table it will be sent to the next hop router. The net hop router will do the exact same thing.
For decision#3, If there is no entry on it's routing table, the packet will be discarded unless you specify and static or default network.

the "show ip route" command shows you the routing table.

Key Terms
C- means a directly connected network
D - EIGRP
R- RIP
I - IGRP (extinct)
S- Static Route
S*- Default Router

To implement a static route use the following command in global exec mode: "ip route <remote network> <remote network subnet mask> <next hop router IP>"

remote network- is the remote network you want the router to learn
remote network subnet mask- is the subnet mask of the remote network
next hop router ip- is the IP address of the next hop router.
*** Note: You can use the local exit interface instead of the IP of the next hop router (e.g.. s0/0) ***

A default route is used to send packets to the next hop router. Ideally you want to use it on a stub router (a router that has only one way out to reach networks).
To implement a default route you use the following command in global exec mode: "ip route 0.0.0.0 0.0.0.0 <Ip of next hop router>"
When implementing a default route you must use the command "ip classless" in global exec mode.
You can also set a default route with the following command in global exec mode: "ip default-network <network address of next hop router>"

Types of Routing Protocols
Distance Vector- This type of protocol determines the best path in a network via Hops. Distance vector routing protocol send their entire routing table to their neighbor routers. RIP, IGRP
Link State- This type of routing protocol determines the best path to a network via it's link status (bandwidth and current state). LS routing protocols send three tables to their neighbor routers; A table that contains the network topology, A table that contains its routing table and a table that keeps track of directly connected routers. OSPF (Open Shortest Path First).
Hybrid- Utilizes features from both Distance and link state protocols. EIGRP (Enhanced Interior Gateway Routing Protocol).

The administrative distance is the "believability" of a path. The paths with low AD gets first priority.
The metric is how far away is the router to its destination. Lower is better.

Routing Source | Default Administrative Distance
=====================================
Directly conencted | 0
Static Route | 1
EGIRP | 90
IGRP | 100
OSPF | 110
RIP | 120

*** admin distance. Here you can tell the protocol used is RIP because of the 120 AD ***
*** metric. Looks like it is 2 router away. ***

RIPv1 and RIPv2
Both distance vector protocols with a maximum hop count of 15.
RIP sends route updates every 30 seconds by default.
To configure RIP on a router use "router rip" in global exec mode and then use the command "network <network address>".
network address will be all addresses on the router because those are the networks you want to advertise.
To use RIPv2 type "version 2" after you are in the router prompt (after you issue the "router rip" command).
The router prompt looks like this "R1(config-router)#".
RIP updates are sent every 30 secs through out the network. A caveat is that you dont want to advertise these updates to the public. You can use the following command to prevent updates from being sent out an interface: "passive interface <interface>".
*** Note: Even though the passive interface command prevents updates from being sent out, you can still receive them ***.
By default RIPv1 can send version 1 updates but can receive both version1 and 2 updates.
Differences betweem RIPv1 and RIPv2:
1) RIPv2 uses multicast (224.0.0.9) instead of broadcast
2) Supports VLSM
3) Supports MD5 Hash authentication

The "show ip protocols" command shows various information regarding the routing protocol that is currently running.
The "debug ip rip" command in privilege exec mode shows you real time info about sent and receive route updates.
The "debug all" commands turns on all debugging. NOT RECCOMMENDED!!!
To turn off debuggign use" u all" in privlege exec mode.
The command in privilege exec mode clears dynamically leaned routes "clear ip routes <* or network>"
** Uses " * " to clear all route **
It is recommanded to use the "no auto summary" command in router config mode.

Routing Loops In Distance vector
Routing loops occur because convergence time is slow. A router is considered converged when all the routing tables are the same in the network. There are three methods to deal with routing loop:
1) Split Horizon- Route information can't be sent back from where it was received.
2) Route Poisoning- If a device goes bad, the device will be advertised as a 16 hop count.
3) Hold downs- These are used to allow time for a bad connection to recover or for the network to stabilize.

Capture.JPG

rip.JPG

mrfreeze574

Awesome notes! I will review with these. Thanks!

veritas_libertas

Thanks guys!

4_lom

Great notes! Could have used these when I was studying for CCENT

sizeon

NAT and PAT
NAT- Network Address Translation. Translates a private address to an address that can be routed.
PAT- Port Address Translation. Overloaded-NAT.

The purpose of NAT is to allow multiple devices to share an IP address. Here are the benefits:
- Decreases the required number of IP Address needed
- Can merge two intranets with duplicate addresses.
- Saves IP address space.

There are three types of NAT's:
1) Static NAT- allows a one to one mapping between local and global IP address. Requires at least one real IP address for each host on the network.
2) Dynamic NAT- allows you to map an unregistered IP address to a registered one from a pool. Requires you to have enough ip addresses in the pool.
3) Overloading- A.K.A PAT. Allows mapping of multiple unregistered IP address to a single registered IP address. Ports are used to help the router identify which hosts should receive and return traffic.
*** NAT overloading is the most popular***

KEY TERMS
Inside local address- Private IP address of actual host inside a network (e.g. 192.168.1.20).
Inside global address- IP address of the inside host after NAT translation.
Outside local address- IP address of the destination host inside of a network.
Outside global address- IP address of the destination host inside of a network after NAT translation.

How does NAT Work?
In the picture about two host want to communicate with each other. The host on the left side sends a packet destined for the host on the right side. When the packet gets to the router, the router says "hey this is a private address". The router then translates that address to a random address. This address will be called the inside global address.

How does PAT work?

In the picture above, four host on the left wants to communicate with four host on the right. Now, the four host on the left are going to have the same inside global IP address (remember PAT = NAT overloading which maps many IPs to one IP). So if all host on the left are going to have the same IP address after NAT translation, then how does the receiving host knows who's who? Well port numbers are randomly assigned to these host.

The "show ip nat translations" command shows you the NAT table.

my_nat.JPG

PAT.JPG

Roguetadhg

You've cleared up the NAT for me. Thanks.

Been drilling over different websites for explanation of "Outside/Inside Local/Global"

OpenSource

Outstanding. I'm using these to help me study for my CCENT/CCNA. Really good to "drive home the point" when I'm lost in the long and convoluted chapters of my books... Look forward to more (if you're posting more). Thanks.

sizeon

WLAN (Wireless)
WAP (wireless access points) are used to create wireless networks. WAP's are half duplex and act like hubs. Layer 2 devices.
There are two main types of WLAN:
1) Ad-hoc- No AP is needed. Devices communicate directly together. (IBSS A.K.A independent basic service set).
2) Infrastructure- WAPs are used to provide internet to devices. (most commonly used WLAN).
There are two types of infrastructure WLAN:
1) BSS- Bassic Service Set. One access point is used to provide internet.
2) ESS- Extended Service Set. Multiple access points are used to provide internet.
** In ESS to allow users to roam around and maintain connectivity, you need an overlap of at least 10% between access points, and they must be in different channels with the same SSID. **

Key Terms
Cells- Coverage area.
IEEE- Institute of Electrical and Electronic Engineers. They define standards.
FCC - Federal Communication Commission. They regulate the use of radio waves in the US.
ITU-R - Same as FCC but regulates radio waves internationally.
Wi-Fi alliance- Makes sure wireless devices can interoperate with each other.
Spread Spectrum- spreading of signal over a range of frequencies.
FHSS- Frequency Hopping Spread Spectrum. The signal hops from channel to channel. Sending and receiving devices agree on the range to be used.
DSSS- Direct Sequence Spread Spectrum. Spreads the signal over the entire range of frequencies at once.
OFDM- Orthogonal Frequency Division Multiplexing. The signal is fragmented and spread to different frequencies.

Standards
802.11a- 25 mbps - 54 mbps. Indoor effective range of 75 feet. Frequency = 5 GHZ. Uses OFDM.
802.11b- 5.5 mbps - 11 mbps. Indoor effective range of 150 feet. Frequency = 2.4GHZ. Uses DSSS.
802.11g- 25 mbps - 54 mbps. Indoor efective range of 100 feet. Frequency = 2.4GHZ. Uses DSSS and OFDM.
802.11n- 150+ mbps. Indoor effective range of 160 feet. Frequency = 2.4GHZ and 5GHZ. Uses DSSS and OFDM.

*** 802.11 b/g has 11 channels with 3 non-overlapping channels (1, 6, 11). ***
*** 802.11 a has 23 channels with 12 non-overlapping channels. ***
*** The spreading of a signal listens noise, allows sharing of frequency bands and it is more difficult to intercept. ***

More Key Terms
Yagi Attenna- Sends a signal in a specific direction. Communicating devices must face with each other.
Omni Attenna- Sends signal all around.
SSID- Service Set Identifier. The name of the WAP. It is case sensitive and has a max length of 32 characters. The clients SSID and AP's SSID must match for communication to take place.
ISM band- Industrial, Scientific, Medical. Band used in 900 MHZ and 2.4GHZ frequencies.
UNII band- National Information Infrastructure band used in 5GHZ frequency.
** ISM and UNII are unlicensed meaning you can freely use them legally**

Since WAP acts like hubs, they use CSMACA (Carrier sense multiple access with collision avoidance). Three steps:
1) Host listens to see if another host is transmitting.
2) If channel is idle, then host summons a random timer.
3) Host listen again, and if clear it transmits.
*** If channel is busy devices cant transmit. ***

Wireless Security
WEP- Wired Equivalency Privacy. Low level wi-fi security with the following characteristics:
- Clear-text keys
- Static keys
- One way authentication (Only the AP authenticates the client).
Wep supports two forms of authentication:
1) Open Authentication- Access to AP is open to anyone.
2) Shared Key- WAP sends the client a challenge-text package that must encrypted with the correct wep key.

WAP- Wi-fi Protected Access. Higher level of security with the following characteristics:
- Dynamic Keys
- Encrypted keys using TKIP
- TKIP- Temporal Key Integrity protocol.
- Uses a 8 byte MIC (message integrity check) to protect against replay attacks, spoofing and man in the middle attacks.
- Uses 802.1x A.K.A Pre-Shared keys (PSK) authentication.
- PSK- verifys users via passpharses on the AP and client.
- Two way Authetication; Both AP and client must authenticate each other.
*** TKIP made it possible to use legacy devices. TKIP and WEP uses RC$ encryption ***
*** WPA requires the use of pass-phrases. ***
PSK can be easily hacked by using dictionary attacks if the passphrase is too short.

WPAv2- Wi-fi Protected Access version 2 A.K.A 802.11i. Latest wi-fi security and much more difficult to hack. Uses AES-CCMP encryption.

wweboy

Awesome notes thanks for sharing!

babloos

great job. really helpful

Roguetadhg

Are you sure this isn't CCNA notes? Because the NAT stuff isn't included for CCENT...

sizeon

NAT is definitely included in the CCENT. Look at the objectives at the cisco web site.

Roguetadhg

Beyond sdm, i couldn't remember. But yeah, I see here there's NAT for 5 pages in the ICND1 book.

converse70

Great notes thanks alot i will use them for the studies thanks

tr1x

Thanks a lot for sharing those notes. I've pasted them into a word doc and am going to read through it all.

dcren21

Thanks for those notes. I do appreciate it.

sizeon

Basic Security
Cisco's Adaptive Security Appliance (ASA)- Security device that provides many features.
Firewall- A device that filters packets based on a security policy.
Proxy Servers- Servers that cache web document for faster access and it also blocks access to certain web pages.

Intrusion Detection System (IDS)- A device that monitors the network for security threats.
Intrusion Protection System (IPS)- A device that blocks unauthorized actions based on a security policy.
Demilitarized Zone (DMZ)- A network that sits in between the internet and a trusted network that provides limited access to network resource.
Application Layer Attacks- People exploit bad coding or bugs to manipulate programs.
Autorooters- The use of rootkits to gather data and important information about the network and system within.
DOS (Denial of service) Attacks- A flood of packets that request a TCP connection.

*** There are two major types of DOS attacks***
1) TCP/SYN Flood- A flood of packets is sent to a node that creates "have open connections". Basically a host ends a connection before an ACK is receive and reopens the connection.
2) Ping of Death- A flood of oversize packets that overwhelm a host or device.
IP Spoofing- This is when you disguise your ip address to a trusted one.
Man in the middle attacks- This is when you use a device such of a packet sniffer to intercept data between nodes.
Brute Force Attacks- Someone uses a program that utilizes a combination of words and numbers to try to log in to an account or crack a password.
Dictionary Attack- A program with a database of words are used to crack a password or login.
Back Doors- Malicious programs create open ports to your computer which will allow hackers to compromise your system.
Remote Access VPN (Virtual Private Network)- Allows a user to log in remotely to a corporate network anytime, anywhere.
Site to Site VPN- A link is created between a remote site and the corporate network using the internet to allow access to the network remotely.

There are two ways to secure a VPN:
1) IPsec- Utilizes authentication and encryption services between end points.
2) Tunneling- A virtual connection is created between end points (network to network).

Some protocols that are used in VPN:
1) Layer 2 forwarding (L2F)- cisco proprietary. Allows the user to use dial-up to secure a connection.
2) Point-to-point tunneling protocol (PPTP)- Made by microsoft. Allows data transfer securely between virtual links.
3) Layer 2 tunneling protocol (L2TP)- Made by microsoft and cisco. Same as PPTP.
4) Generic Routing Encapsulation (GRE)- Cisco Proprietary. Forms virtual point to point links using many protocols.

sizeon

WAN (Wide Area Networks)
WANs connects multiple networks that span a large radius. In a nut shell the easiest way to differentiate a WAN from a WLAN or LAN is that you typically lease a WAN.

KEY TERMS
CPE (Customer Premise Equipment)- Equipment owned and located by the subscriber's side.
Demarcation Point (A.K.A Demarc point)- The point where the service provider's responsibility ends and the cpe starts.
Central Office (CO)- Connects the customer to the service provider's network.
Toll Network- A trunk line inside the service provider's network.
CSU/DSU- Channel Service Unit/Data Service Unit. A device that plugs into the dmarc point and tels the router what clock rate to use. Typically you use a V.35 DB60 Serial cable to connect to this unit.
DTE/DCE- Data Terminal Equipment/Data Communication Equipment. A serial cable used for WAN connections or router to router.
Bandwidth- amount of data that a line can carry.
Clock Rate- How fast a device can send data.
T1- Digital Signal 1. Provides bandwidth of 1.544 mbps for both upload and download.
T3- DS3. Provides bandwidth of about 45 mbps for both upload and download.
HDLC- High-level Data Link Control. Encapsulation method used on WAN links. Cisco Proprietary.
PPP- Point to point protocol. Cendor neutral encapsulation method that is used on wan links.
Frame Relay- Operates on both data link and physical link layer. Doesn't use error correction on physical layer. Runs at 64 kbps to 45 mbps. Provides dynamic bandwidth allocation and congestion control. Used on serial links.
ISDN- Integrated Services Digital Network. Digital service that provides transfer of voice and data over a single phone line. Good for remote users and backup links.
HDLC- High-Level Data Link Control. Data link layer protocol. Cisco proprietary. Has low overhead because it doesn't carry the type of protocol in the header used in the header. Used on serial links.
PPP- Point to point protocol. Industrial standard protocol used to create point to point links between different vendor equipment. Uses NCP on header to identify the layer 3 protocol being used. Allows authentication and multilink connections. Used on both synchronous and asynchronous links.
NCP- Network Control Protocol. Allows multiple layer 3 routed protocols to be used on point to point links.
LCP- Link control protocol. Builds and maintians data link connections.
ATM- Asynchronous Transfer Mode. Provides simultaneous transmission of voice, video and data. Uses 53 byte cells and isochronous clocking (external clocking) to move data faster.

*** NOTE: HDLC is actually a vendor proprietary meaning that every router manufacturer uses a HDLC that is only compatible with itself. So a cisco HDLC is not compatible with a juniper HDLC. Since as CCENT techs, we are only concern with cisco products therefore, it is cisco proprietary. ***
There are three type of WANS:
1) Leased line- Dedicated point-to-point connection which is always on. Best speed but most expensive. Uses synchronous serial lines from T1 to T3. HDLC and PPP are used here.
2) Circuit Switch- On demand bandwidth. least expensive but slowest speed. You pay only for the bandwidth you use. Uses dial-up modems or ISDN.
3) Packet Switch- Shared bandwidth with other companies. Good speed and most cost effective (pound for pound). Good when you need data transfer at high speeds once a while. Frame Relay and X.25 are used here. Speeds range from 45 mbps to 45 mbps.

*** NOTE: You can not use token ring or ethernet on serial links because they are LAN protocols. Keep this in mind for the test.***
Routers by default act as DTE and plug into a DCE connection type such as a CSU/DSU. If you use two routers you need one router to provide the clock rate.
You can specify a router to provide a clock rate by using the following command on a serial interface: "R1(conf-if)#clock rate <rate>".

HDLC uses frame characters and checksomes for encapsulation. It doesn't use authentication.
PPP uses LCP to build and maintian links and NCP to allow multiple routed protocols on point to point links.
PPP goes through three stages to establish a link:
1) link establishment- LCP packets are sent by ppp devices to test the link.
2) Authentication link (optional)- Can use CHAP or PAP to authenticate a link. Does this before layer 3 protocols are read.
3) Network layer protocol- layer 3 routed protocols establish a service with NCP.

There are two ways to autehticate a PPP link:
1) PAP- (Password Authetiation Protocol). Less secure. Passwords are sent in clear text and PAP is performed on the link establishment phase. Once the line is established, the remote host sends the username and password to the router and waits for acknowledgment.
2) CHAP- (Challenge Handshake Authethentication Method). Used at the startup of the link and in periodic checkups. Once the ppp finish the initial link establishment phase, it sends a challenge request to the remote device. The remote device replies back with a mD5 hash and if the hash doesn't match the challenge the link is terminated.

Configuring encapsulation, authentication on a router
To set the encapsulation type on a cisco router use the "R1(config-if)#encapsualation <type>" command on a serial interface where type is an encapsulation type such as HDLC or ppp.

To set authentication:
Set the hostname of your local router using the following command in global exec mode: "R1(config)#hostname <name>" .
Set a username and password in global exec mode: "R1(config)#username <hostname of remote router> password <password>"
Use the following command on serial interface mode: "R1(config-if)#ppp authentication <chap or pap>"
A neat trick you can use is use "R1(config-if)#pp authentication chap pap". This uses chap as authentication and if chap fails it will use pap.
*** NOTE: the username must be the hostname of the remote router and the password on both communicating router must be the same. Also, remember that both the username and passwords are case sensitive!***

Verifying PPP encapsulation
The "R1> show interface <int serial>" command shows you the the layer 1 and 2 status, ip address and encapsulation method.