25B Network Fundamentals (Modules 1-11)

administrative distance

-AD represents the "trustworthiness" of the route -the lower the number, the more trustworthy the route -directly connected has an AD of 0 -static route has an AD of 1

purpose of an OS

-CLI-based network operating system enables a network technician to do the following: -to run CLI-based network programs -view output on a monitor

vlan identification with a tag

-IEEE 802.1Q header is 4 bytes -when the tag is created the FCS must be recalculated -end devices, this tag must be removed and the FCS recalculated back to its original number -VLAN ID (VID): 12-bit VLAN identifier supports up to 4096 VLANs

manual IP address configuration for end devices

-IPv4 address information can be entered into end devices manually or automatically using dynamic host configuration protocol (DHCP) -DHCP enables automatic IPv4 address configuration -note: IPv6 uses DHCPv6 and SLAAC (stateless address autoconfiguration) for dynamic address allocation

shielded twisted-pair (STP) cable

-STP cable is significantly more expensive and difficult to install -uses an RJ45 connector -counters EMI & RFI, and wire twisting to counter crosstalk

UTP connectors

-UTP cable terminated with an RJ45 connector -RJ45 connector is the male component, crimped at the end of the cable -socket is the female component of a network device, wall, cubicle partition outlet, or patch panel

unshielded twisted-pair (UTP) cable

-UTP cabling is the most common networking media -terminated with RJ45 connectors

fiber versus copper

-UTP cabling: 10 Mb/s - 10 Gb/s & relatively short (1-100 meters) -fiber-optic cabling: 10 Mb/s - 100 Gb/s & relatively long (1-100,000 meters)

type of vlans

-VLAN 1 -the default VLAN -the default native VLAN -cannot be deleted or renamed -note: recommend that we assign these default features to other VLANs -data VLAN -dedicated to user-generated traffic (email & web traffic) -VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN -native VLAN -this is used for trunk links only -all frames are tagged on an 802.1Q trunk link except for those on the native VLAN -management VLAN -used for SSH/Telnet VTY traffic; should not be carried with end user traffic -VLAN that is the SVI -voice VLAN -high QoS priority

missing vlans

-VLAN could be missing if it was not created, accidently deleted, or it is not allowed on the trunk link -when a VLAN is deleted, any port assigned to that VLAN becomes inactive, until you assign them to a new VLAN

module 4 summary

-VLANs are based on logical instead of physical connections -a trunk is a point-to-point link that carries more than one VLAN -normal range VLAN configurations are stored in the vlan.dat file in flash -a trunk is a layer 2 link between two switches that carries traffic for all VLANs -trunks will need tagging for the various VLANs, typically 802.1Q

GUI

-a GUI allows the user to interact with the system; graphical icons, menus, & windows -more user-friendly

inter-vlan routing on a layer 3 switch

-a layer 3 switch is also called a multilayer switch as it operates at layer 2 and layer 3 -advantages of using layer 3 switches for inter-VLAN routing: -much faster than router-on-a-stick -not limited to one link because layer 2 EtherChannels can be used as trunk links -latency is much lower -the only disadvantage is that layer 3 switches are more expensive

types of connections

-a physical connection can be a wired connection using a cable or a wireless connection using radio waves

reach remote networks

-a router learns about remote networks in two ways: statically & dynamically

R1 subinterface configuration

-a subinterface is created using the interface interface_id subinterface_id global configuration mode command -encapsulation dot1q vlan_id command configures the subinterface to respond to 802.1Q encapsulated traffic from the specified vlan-id -ip address ip-address subnet-mask command configures the IPv4 address of the subinterface -when all subinterfaces have been created enable the physical interface using the no shut interface configuration command

default gateway on a switch

-a switch must have a default gateway address configured to remotely manage the switch -to configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address command

defining vlan trunks

-a trunk is a point-to-point link between two network devices -Cisco trunk functions: -allow more than one VLAN -extend the VLAN across the entire network -supports all VLANs -supports 802.1Q trunking

routing table entries

-administrative distance: this identifies the trustworthiness of the route source (ex: AD of OSPF is 110) -next-hop: this identifies the IP address of the next router to which the packet would be forwarded

module 2 summary

-basic device configurations: hostname, password, encrypt passwords and banner -there are two system files that store the device configuration: startup-config and running-config -IP addresses enable devices to locate one another and establish end-to-end communication on the internets

IOS command syntax check

-boldface text indicates commands and keywords that are entered as shown -italic text indicates an argument for which the user provides the value -ping ip-address: the command is ping; user-defined argument is the ip-address traceroute ip-address: traceroute; argument is the ip-address

vlan port assignment example

-config t -int fa0/18 -switchport mode access -switchport access vlan 20 -end

trunk configuration commands

-config t -int interface-id -set the port to permanent trunking mode: switchport mode trunk -sets the native VLAN to something other than VLAN 1: switchport trunk native vlan vlan-id -specify the list of VLANs to be allowed on the trunk link: switchport trunk allowed vlan vlan-list

hot keys and shortcuts

-configure command can be shortened to conf because configure is the only command that begins with conf -tab: completes a partial command name entry -backspace: erases the character to the left of the cursor -up arrow: recalls the commands in the history buffer, beginning with the most recent commands -ctrl-c: ends the configuration mode and returns to privileged EXEC mode -ctrl-z: returns to privileged exec mode -ctrl-shift-6: all-purpose break sequence used to abort DNS lookups, traceroutes, & pings

console cable - rollover cable - serial cable

-console cables: also known as Cisco cables, rollover cables and serial or management cables; they connect Cisco networking devices to terminals or PCs for configuration -it is a terminal connection, and its purpose is to enable the connected computer to configure the networking device

access methods

-console: a physical management port used to access a device -secure shell (SSH): establishes a secure remote CLI connection to a device, through a virtual interface, over a network (note: recommended method for remotely connecting to a device) telnet: establishes an insecure remote CLI connection to a device over the network (note: passwords and commands are sent over the network in plaintext)

default static route

-default static route uses 0.0.0.0/0 as the destination IPv4 address (uses ip route command; ip route 0.0.0.0 0.0.0.0) -creates a gateway of last resort -default route is used when no other routes in the routing table match the destination IP

Cisco AutoSecure

-default usernames and passwords should be changed immediately -any unnecessary services and applications should be turned off and uninstalled when possible -it is important to update any software and install any security patches prior to implementation

physical layer media

-electrical signals: copper cable -light pulse: fiber-optic cable -microwave signals: wireless

encoding

-encoding converts the stream of bits into a format recognizable by the next device in the network path

vlan port assignment commands

-enter global configuration mode: config t -enter interface configuration mode: interface interface-id -set the port to access mode: switchport mode access -assign the port to VLAN: switch port access vlan vlan-id -return to the privileged exec mode: end

vlan creation commands

-enter global configuration mode: configure terminals -create a VLAN with a valid ID number: vlan vlan-id -specify a unique name to identify the VLAN: name vlan-name -return to the privileged EXEC mode: end -enter global configuration mode: config t

fiber-optic cabling usage

-enterprise networks: used for backbone cabling applications -fiber-to-the-home (FTTH): used to provide always-on broadband services to homes and small businesses -long-haul networks: used by service providers to connect countries and cities -submarine cable networks: capable of surviving in harsh undersea environments

configuration mode and subconfiguration modes

-global configuration mode: used to access configuration options; identified by (config)# -line configuration mode: used to configure console, SSH, Telnet, or AUX access; identified by (config-line)# -interface configuration mode: used to configure a switch port or router interface; identified by (config-if)#

route sources

-identified by a code, common codes in include: -L: identifies the address assigned to a router interface -C: identifies a directly connected network -S: identifies a static route created to reach a specific network -O: identifies a dynamically learned network from another router using the OSPF routing protocol *: this route is a candidate for a default route

what is inter-vlan routing?

-inter-vlan routing is the process of forwarding network traffic from one VLAN to another VLAN -there are three inter-VLAN routing options: -legacy inter-VLAN routing: a legacy solution, it does not scale well -router-on-a-stick: acceptable solution for a small to medium-sized network -layer 3 switch using switched virtual interfaces (SVIs): this is the most scalable solution for medium to large organizations

configure router interfaces

-it is a good practice to use the description command to add information about the network connected to the interface -no shut

bandwidth terminology

-latency: amount of time, including delays, for data to travel from one given point to another -throughput: measure of transfer of bits across media over given period of time -goodput: measure of usable data transferred over given period of time

common inter-vlan issues

-missing VLANs: show vlan [brief], show interfaces switchport, & ping -switch trunk port issues: show interface trunk & show running-config -router configuration issues: show up interface brief

technicians toolkit

-multimeter: measures AC/DC voltage, electric current, and other electrical characteristics to test the integrity of circuits -cable tester: checks for wiring shorts, faults, or wires connected to the wrong pins

network interface cards

-network interface cards (NICs) connect to a device to a network -used for a wired connection -wireless local area network (WLAN) NICs are used for wireless connections

delete vlans

-no vlan vlan-id command -delete flash:vlan.dat >>> delete vlan.dat -reload

vlan ranges on catalyst switches

-normal range VLAN 1-1005: -used in small to medium sized businesses -1002-1005 are reserved for legacy VLANs -1, 1002-1005 auto created & cannot be deleted -stored in the vlan.dat file in flash -extended range VLAN 1006-4095 -used by service providers -are in running-config -supports fewer VLAN features

properties of fiber-optic cabling

-not as common as UTP because of the expense involved -transmits data over longer distances at higher bandwidth -less susceptible to attenuation, and completely immune to EMI/RFI -made of flexible, extremely thin strands of very pure glass -uses a laser or LED to encode bits as pulses of light

vlan definitions

-placing devices into various VLANs have the following characteristics: -provides segmentation -provide organization that is more manageable -broadcasts, multicasts, & unicasts are isolated in the individual VLAN -its own unique range of IP addressing -smaller broadcast domains

enable port security

-port security is enabled with the switchport port-security interface configuration command -use the show port-security interface command to display the current port security settings for f0/1

navigation between IOS modes

-privileged exec mode: use the enabled command -global configuration mode: use the config t command -line configuration mode: use the line command; to return to global configuration mode, use the exit command subconfiguration modes: to return to privilege exec mode, use the end command or key combination Ctrl+Z

TFOCA - tactical fiber optic cable assembly

-providing the user with the highest possible security against loss of connection -designed for military tactical field use -crush-resistant -easy installation and survivability -legacy TFOCA connectors featured a 2 fiber design deployed with multimode optical fiber while TFOCA-II (second generation) connectors are used with single mode, multimode, & hybrid combinations of up to 12 fibers

router-on-a-stick inter-vlan routing

-requires one physical Ethernet interface to route traffic between multiple VLANs -a Cisco IOS router Ethernet interface is configured as an 802.1Q trunk and connected to a trunk port on a layer 2 switch; the router interface is configured using subinterfaces -the configured subinterfaces are software-based virtual interfaces; each subinterface is independently configured with an IP address and VLAN assignment; facilitates logical routing -when VLAN-tagged traffic enters the router interface, it is forwarded to the VLAN subinterface; routing decision is made based on the destination IP; the data frames are VLAN-tagged with the new VLAN and sent back out the physical interface -note: router-on-a-stick method does not scale beyond 50 VLANs

verify connectivity between PC1 and PC2

-router-on-a-stick configuration is complete after the switch trunk and the router subinterfaces have been configured -verify connectivity to a host in another VLAN using the ping command

router configuration issues

-router-on-a-stick configuration problems are usually related to subinterface misconfigurations -verify the subinterface status using the show ip interface brief command -verify which VLANs each of the subinterfaces is on

module 3 summary

-secure remote Telnet/SSH access -secure all passwords in the config file -save the configuration -using the no shut command activates the interface; show ip interface brief, show ip route, & show ip interface -a switch must have a default gateway address configured to remotely manage the switch from another network -use the ip default-gateway ip-address global configuration command

configure passwords

-securing user exec mode access: -line console 0 -password -login -securing privileged exec mode access: -enable secret password command -securing VTY line access: -line vty 0 15 -VTY password; password password command -enable VTY access; login command -note: many cisco switches support up to 16 VTY lines numbered 0 to 15

additional password security

-set a minimum acceptable password length: security passwords min-length -deter brute-force password guessing attacks: login block-for # attempts # within # -disable an inactive privileged exec mode access after a specified amount of time: exec-timeout

operating systems

-shell: the user interface that allows users to request specific tasks from the computer -kernel: communicates between the hardware and software; manages how hardware resources are used to meet software requirements -hardware: the physical part of a computer

configure verification commands

-show ip interface brief: display all interfaces, IP addresses, & current status -show ip route: displays the contents of the IP routing tables stored in RAM -show interfaces: displays statistics for all interfaces; only displays the IPv4 addressing information -show ip interfaces: displays the IPv4 statistics for all interfaces on a router

verify vlan information

-show vlan command -show vlan [brief | id vlan-id | name vlan-name | summary] -display VLAN name, status, and its ports: brief -display information about the identified VLAN ID number: id vlan-id -display information about the identified VLAN name: name vlan-name -display VLAN summary information: summary

port security violation modes

-shutdown (default): port transitions to the error-disabled state immediately, turns off the port LED -restrict: this mode causes the security violation counter to increment and generates a syslog message -protect: the least secure of the security violation modes

types of fiber media

-single-mode fiber: very small core, uses expensive lasers, & long-distance applications -multimode fiber: larger core, uses less expensive LEDs, LEDs transmit at different angles, & up to 10 Gbps over 550 meters

benefits of a vlan design

-smaller broadcast domains: reduces the number of broadcast domains -improved security: users in the same VLAN can communicate together -improved IT efficiency: VLANs can group devices with similar requirements -reduced cost: one switch can support multiple groups or VLANs -better performance: broadcast domains reduce traffic, improving bandwidth

interfaces and ports

-some of the differences between various types of media include: -distance the media can successfully carry a signal -environment in which the media is to be installed -note: the terms interfaces and ports are used interchangeably

properties of wireless media

-some of the limitations of wireless: -coverage area: effective coverage can be significantly impacted by the physical characteristics of the deployment location -interference: wireless is susceptible to interference and can be disrupted by many common devices -security: wireless communication coverage requires no access to a physical strand of media, so anyone can gain access to the transmission -shared medium: WLANs operate in half-duplex, which means only one device can send or receive at a time

configuration files

-startup-config: stored in NVRAM -running-config: stored in random access memory (RAM); RAM is volatile memory, it loses all of its content when the device is powered off or restarted -to save changes made to the running configuration to the startup configuration, use the copy running-config startup-config

fiber-optic connectors

-straight-tip (ST) connectors: locks securely with a "twist-on/twist-off" -subscriber connector (SC) connectors: uses a push-pull mechanism to ensure positive insertion -lucent connector (LC) simplex connectors: smaller version of SC and popular due to size -duplex multimode LC connectors: similar to LC but using a duplex connector -fiber patch cords are required for interconnecting infrastructure devices -yellow jacket is for single-mode fiber cables -orange (or aqua) for multimode fiber cables

change vlan port membership

-switchport access vlan command -no switchport access vlan command to place interface back in VLAN 1 -show vlan brief command or show interface fa0/18 switchport command to verify the correct VLAN association

types of wireless media

-the IEEE and telecommunications industry standards for wireless data communications cover both the data link and physical layers -wireless standards: -Wi-Fi (IEEE 802.11): wireless LAN (WLAN) technology -bluetooth (IEEE 802.15): wireless personal area network (WPAN) standard -WiMAX (IEEE 802.16): uses a point-to-multipoint topology -Zigbee (IEEE 802.15.4): low data-rate, low power-consumption, & primarily for Internet of Things (IoT)

default gateway on a host

-the default gateway address is generally the router interface address attached to the local network of the host -note: the IP address of the host and the router interface must be in the same network

module 1 summary

-the physical layer standards address three functional areas: physical components, encoding, and signaling -three types of copper cabling are: UTP, STP, and coaxial cable (coax) -optical fiber cable transmits data over longer distances and at higher bandwidths than any other networking media -wireless standards include the following: Wi-Fi (IEEE 802.11), bluetooth (IEEE 802.15), WiMAX (IEEE 802.16), & Zigbee (IEEE 802.15.4)

legacy inter-vlan routing

-the router interfaces served as the default gateways to the local hosts on the VLAN subnet -it is not reasonable scalable because routers have a limited number of physical interfaces

signaling

-the signaling method is how the bit values, "1" and "0" are represented on the physical medium -electrical signals over copper cable -light pulses over fiber-optic cable -microwave signals over wireless

IP addresses

-the structure of an IPv4 address is called dotted decimal notation, represented by four decimal numbers, 0 and 225 -an IPv4 subnet mask is a 32-bit value; differentiates the network portion of the address from the host portion; the subnet mask determines to which subnet the device is a member -the default gateway address is the IP address of the router that the host will use to access remote networks, including the internet -IPv6 addresses are 128 bits in length; every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values; digits are separated by a colon ":"

router-on-a-stick scenario

-these are trunk links that are required to forward traffic within the between VLANs

the physical connection

-this connection could be wired or wireless -a network interface card (NIC) connects a device to the network -some devices may have just one NIC, while others may have multiple NICs (wired and/or wireless)

testing fiber cables

-three common types of fiber-optic termination and splicing errors are: -misalignment: media are not precisely aligned -end gap: does not completely touch at the splice or connection -end finish: dirt is present at termination -can be field tested by shining a bright flashlight into one end of the fiber while observing the other end -optical time domain reflectometer (OTDR) can be used to test each fiber-optic cable segment

switch virtual interface configuration

-to access the switch remotely, an IP address and a subnet mask must be configured on the SVI -to configure an SVI on a switch: -enter the interface vlan 1 command in global configuration mode -next assign an IPv4 address using the ip address ip-address subnet-mask command -finally, enable the virtual interface using the no shut command

banner messages

-to create a banner message of the day on a network device; banner motd " " -note: the " in the command syntax is called the delimited character

encrypt passwords

-to encrypt all plaintext passwords; service password-encryption global config command -use show running-config to verify passwords on the device are now encrypted

mitigate mac address table attacks

-to prevent MAC address table overflow attacks is to enable port security -port security limits the number of valid MAC addresses allowed on a port

limit and learn mac addresses

-to set the maximum number of MAC addresses allowed on a port, use switchport port-security maximum value command -the default port security value is 1 -dynamically learned-sticky: enable the switch to dynamically learn the MAC address and "stick" them to the running configuration -switchport port-security mac-address sticky

the physical layer

-transports bits across the network media

device names

-unique hostname -be less than 64 characters in length -note: to return the switch to the default prompt, use the no hostname global config command

passwords

-use a password length of at least eight characters -include a mix of uppercase and lowercase letters, numbers, symbols, & spaces, if allowed -deliberately misspell a password (ex: Smith = Smyth = 5mYth) -change passwords often

password guidelines

-use passwords that are more than eight characters in length -use a combination of upper and lowercase letters, numbers, & special characters

terminal emulation programs

-used to connect to a network device by either a console port or by an SSH/Telnet connection -PuTTY

primary command modes

-user exec mode: allows access to only a limited number of basic monitoring commands; identified by the > symbol -privileged exec mode: allows access to all commands and features; identified by the # symbol

switch trunk port issues

-verify that the port connecting to the router is correctly configured as a trunk link using show interface trunk command -show vlan brief, show interface X switchport, or show running-config interface X command to verify the int VLAN assignment

wireless LAN

-wireless access point (AP): concentrate wireless signals from users and connect to the existing copper-based network infrastructure -wireless NIC adapters: provide wireless communications

alter the running configurations

-you can restore the device to its previous configuration: -reload the device using the reload command in privilege exec mode -to clear all the configurations; erase startup-config command -after erasing the startup-config, reload the device

enable ssh

1. configure a unique device hostname 2. configure the IP domain name 3. generate a key to encrypt SSH traffic: crypto key generate rsa general-keys modulus 4. verify or create a local database entry 5. authenticate against the local database: login local 6. enable vty inbound SSH sessions: transport input [ssh | telnet]

S1 vlan and trunking configuration

1. create and name the VLANs 2. create the management interface 3. configure access ports 4. configure trunking ports

properties of UTP cabling

UTP cable does not use shielding to counter the effects of EMI and RFI

bandwidth

bandwidth is the capacity at which medium can carry data

native vlans and 802.1Q tagging

both ends of a trunk link must be configured with the same native VLAN

static route applications

create a backup route in case a primary route link fails

an administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disable state; after verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operations?

issue the shutdown command followed by the no shutdown command on the interface

basic IOS command structure

keyword: specific parameter defined in the operating system argument: not predefined; a value or variable defined by the user (ex: 192.168.10.5)

voice vlan tagging

no cdp enable

reset the trunk to the default state

reset the trunk to an access mode with the switchport mode access command

verify interface configuration

to verify interface configuration use the show ip interface brief command

networks without vlans

without VLANs, all devices connected to the switches will receive all multicast, & broadcast traffic