Cisco CCNA ICND2 Exam Notes

Page 1

Page 2

Page 3

Debug commands are useful to observe the switch responses in real time. To disable a debug command use “no debug” command. Using “no debug all” or “undebug all” command can disable all currently running debug commands.

During password recovery, the config register and NVRAM are modified. ROM holds the bootstrap code to start up the router and Flash contains the IO image.

During the process of Spanning-Tree Algorithm execution, redundant ports need to be blocked. This is required to avoid bridging loops. To choose which port to use for forwarding frames, and which port to block, the following three components are used by the Spanning-Tree Protocol: 

1. Path Cost: The port with lowest path cost is placed in the forwarding mode. Other ports are placed in blocking mode. 
2. Bridge ID: If the path costs are equal, then the bridge ID is used to determine which port should forward. The port with the lowest Bridge ID is elected to forward, and all other ports are blocked. 
3. Port ID: If the path cost and bridge ID are equal, the Port ID is used to elect the forwarding port. The lowest port ID is chosen to forward. This type of situation may arise when there are parallel links, used for redundancy.

During the process of Spanning-Tree Protocol execution, Root switch (say, switch A) is elected first. Next, the switch closest to the root switch is selected. This switch is known as Designated switch or Parent switch (say switch B). The frames are forwarded to the root switch(A) through the designated switch(B). Now the lowest cost port on a switch (say switch C) is selected. This is known as the Root port. A Root Port is the port on a switch that has the lowest cost path to the Root Bridge. All Non-Root Switches will have one Root Port. Here, switch B is the designated switch for switch C and switch A is known as the root switch for switch C. Note that switch C is connected to the root switch (A) through its designated switch (B).

Each Telnet port is known as a virtual terminal. Usually, Cisco routers support up to five virtual terminal (VTY) ports, allowing five concurrent Telnet sessions. Please note that the communication server provides more VTY ports. The virtual terminal ports are numbered from 0 through 4. The console and auxiliary ports on Cisco IOS routers and switches are asynchronous serial ports and use asynchronous protocols such as PPP, SLIP, and ARA.

EIGRP, by default, uses bandwidth and delay as metrics fro taking routing decisions.

EIGRP uses auto summarization of routes at major network boundaries.

Enable dynamic NAT on an interface include the following: 

1. Defining a standard IP access-list using the command: access-list <access-list-number> {permit | deny} <local-ip-address> 
2. Defining an IP NAT pool for the inside network using the command: ip nat pool <pool-name> <start-ip> <end-ip> {netmask <net-mask> | prefix-length <prefix-length>} [type-rotary] Note that type-rotary is optional command. It indicates that the IP address range in the address pool identifies hosts among which TCP load is distributed. 
3. Mapping the access-list to the IP NAT pool by using the command: ip nat inside source list <access-list-number> pool <pool-name> 
4. Enabling NAT on at least one inside and one outside interface using the command: ip nat {inside | outside}

Frame Relay offers NBMA (Non Broadcast Multi Access) connectivity to various destinations. There might be several PVCs residing on one serial interface. A result of this would be, no broadcasts are forwarded among these PVCs due to implementation of split horizon rule Split horizon rule prevents a route from being advertised onto the same interface (through which the router was learned). One way to allow broadcasts to propagate among these PVCs is to disable split horizon. But, this may again result in routing loops. The recommended solution to this problem is sub-interfaces. A sub-interfaces are logical subdivisions of a physical interface. Routing updates received on one sub interface can be sent to another sub interface. This enables the FR network administrator to implement the split horizon, and at the same time use multiple PVCs on one physical interface.

Frame Relay supports two type of virtual circuits (VCs): 

1. Permanent Virtual Circuits (PVCs) _ these are permanently established connection that are used for frequent and consistent data transfers between DTEs across a Frame Relay cloud. 
2. Switched Virtual Circuits (SVCs) _ these are temporary connections used in situations requiring only occassional data transfers between DTEs across Frame Relay cloud. The terms "Call Setup", "Data Transfer", "Idle", and "Call Termination" are associated with SVCs. Frame Relay SVCs are not widely supported by manufacturers.

Frame-Relay supports point-point and multipoint connection types. In point-to-point connection type, a single sub interface establishes a PVC connection to another physical interface or sub-interface. In multipoint connection type, a single sub-interface is used to establish multiple PVC connections to several physical interfaces or sub-interfaces. In multipoint Frame-Relay network, split horizon rule is applicable to broadcast traffic. Another important thing to note when configuring Frame-Relay using sub-interfaces: The physical interface on which sub-interfaces are configured would not be assigned any IP address. Even if one is assigned, it should be removed prior to configuring Frame-Relay. Note that if an IP address is assigned to a physical interface, the sub-interfaces defined within the physical interface will not receive any frames.

Given below are salient features of Frame Relay DLCIs: 

1. DLCIs (Data Link Connection Identifier) have only local significance It means, the end devices over FR network can have different DLCI numbers. 
2. DLCI number is provided by the FR service provider. DLCI number is mapped to Layer 3 protocol address using 'frame-relay map' statement. 
3. DLCI numbers must be unique on a router.

Given below are some important features of classful and classless routing protocols: Classfull routing protocols: RIP v1, IGRP are examples of classful routing protocols. It is important to know that classful routing protocols do not exchange subnet information during routing information exchanges. The summarization is always done automatically at major network boundaries. Classless routing protocols: RIP v2, EIGRP, OSPF, BGP v4, and IS-IS are examples of classless routing protocols. In classless routing protocols, subnet information is exchanged during routing updates. This results in more efficient utilization of IP addresses. The summarization in classless networks is manually controlled.

Holddown timers prevent regular update messages from reinstating a route that has gone bad. Here, if a route fails, the router waits a certain amount of time before accepting any other routing information about that route. Holddowns tell routers to hold any changes that might affect routes for some period of time. The holddown period is usually calculated to be just greater than the period of time necessary to update the entire network with a routing change.

In Frame Relay NBMA networks, if no sub-interfaces are defined, then the routers will not be able to communicate routing information due to split horizon rule. Split horizon is a method of preventing a routing loop in a network. The basic principle is simple: Information about the routing for a particular packet is never sent back in the direction from which it was received. To overcome the split horizon, sub-interfaces can be configured on NBMA networks. A sub interface is a logical way of defining an interface. The same physical interface can be split into multiple logical interfaces, with each sub interface being defined as point-to-point.

Internally, STP assigns to each bridge (or switch) port a specific role. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic. The different port roles are given below: 

1. Designated: One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state. The switch with the lowest cost to reach the root, among all switches connected to a segment, becomes a DP (Designated Port) on that switch. If the cost is tied (that is two or more switches have the same cost), the switch with the lowest bridge ID will have the DP (the switch on which DP is elected is called Designated Switch or Designated Bridge). Bridge ID: Priority + MAC address 
2. Root: A bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state. All bridges except the root bridge will have a root port. 
3. Alternate: Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state. 4. Backup: This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.

Inter-Switch Link (ISL) is one of the VLAN trunking protocols used for switched VLAN networks. It uses frame tagging to identify the VLAN. ISL encapsulates the original Ethernet frame, and a VLAN-ID is inserted into the ISL header

Inter-Switch Link and 802.1Q are two VLAN Trunking Protocols used with Fast Ethernet that Cisco supports. LANE is associated with ATM and 802.10 is associated with FDDI. Also, it is important to note that ISL, 802.1Q, and 802.10 use Frame Tagging to identify the VLANs.

IP access lists are a sequential list of permit and deny conditions that apply to IP addresses or upper-layer protocols. Access Control Lists are used in routers to identify and control traffic. There are two types of IP access lists:

A. Standard IP Access Lists: These have the format, access-list [number] [permit or deny] [source_address]

Keep in mind that: 

1. Place standard access lists as near the destination as possible and extended access lists as close to the source as possible. 
2. Access lists have an implicit deny at the end of them automatically. Because of this, an access list should have at least one permit statement in it; otherwise the access list will block all remaining traffic. 3. Access lists applied to interfaces default to outbound if no direction is specified.

B. Extended IP Access Lists: IP Extended Access lists have the format, access-list {number} {permit or deny} {protocol} {source} {destination} {port} With extended IP access lists, we can act on any of the following: -Source address - Destination address - IP protocol (TCP, ICMP, UDP, etc.) -Port information (WWW, DNS, FTP, etc.)

The permitted numbers for some important access-lists are: 1-99 : IP standard access list 100-199 :IP extended access list 800-899 : IPX standard access list 900-999 : IPX extended access list 1000-1099 : IPX SAP access list 1100-1199 : Extended 48-bit MAC address access list

Ip address: 192.168.1.1 255.255.255.240 Subnet ID: 191.168.1.0 Available Host IDs: 191.168.1.1 - 191.168.1.14 Broadcast address: 191.168.1.15

Ip address: 192.168.1.17 255.255.255.248 Subnet ID: 191.168.1.16 Available Host Ids: 191.168.1.17 - 191.168.1.22

IP address: 192.168.1.36 255.255.255.224 Subnet ID: 191.168.1.32 Available Host Ids: 191.168.1.33 - 191.168.1.62

IP helper addresses forward a client broadcast address (such as a DHCP or BOOTP requests) to a unicast or directed broadcast address. Helper-address is required due to the fact that routers do not forward broadcasts. By defining a helper-address, a router will be able to forward a broadcast from a client to the desired server or network. There can be more than one helper-address on a network. The helper-address must to be defined on the interface that receives the original client broadcast. Note that “ip unnumbered” command is used to enable IP processing on a serial interface without assigning a specific IP address to the interface.

ISL, 802.1Q are the VLAN trunking protocols associated with Fast Ethernet. The VLAN trunking protocol defined by 802.10 is associated with FDDI. LANE (LAN Emulation) is associated with ATM.

NAT (Network Address Translation) can be broadly classified as below: 

1. Static NAT: Static NAT maps an unregistered IP address to registered IP (globally unique) addresses on one-to-one basis. The command used for this purpose is: ip nat inside source static <local-ip> <global-ip>, where, <local-ip> is the local IP address assigned to a host on the inside network. <global-ip> is the globally unique IP address of an inside host as it appears to the outside world. 
2. Dynamic NAT: Maps an unregistered IP address to a registered (globally unique) IP address from a group of registered (globally unique) IP addresses. 
3. Overloading - A special case of dynamic NAT that maps multiple unregistered IP addresses to a single registered (globally unique) IP address by using different port numbers. Dynamic NAT with overloading is also known also as PAT (Port Address Translation). 
4. Overlapping - This occurs when your internal IP addresses belong to global IP address range that belong to another network. In such case, the internal IP addresses need to be hidden from the outside network to prevent duplication. NAT overlapping allows the use of internal global addresses by mapping them to globally unique IP addresses using static or dynamic NAT.

Page 1

Page 2

Page 3