Appendix A – ICND1 Cram Guide

The complete contents of this guide MUST be committed to memory before attempting the exam.
This cram guide is NOT a brain dump, so there is no way of knowing what exactly you are going to be
asked about in the exam. We have done our best to condense down everything you need to know in
the CCNA syllabus.

OSI Model
Layer Encapsulation Function Services Device

7. Application Data Establishes availability FTP, SMTP,

of resources Telnet,
POP3

6. Presentation Data Compression, JPEG, GIF,

encryption, and MPEG, ASCII
decryption

5. Session Data Establishes, maintains, NFS, SQL,

and terminates sessions RPC

4. Transport Segment Establishes end-to-end TCP, UDP,

connection; uses virtual SPX
circuits, buffering,
windowing, and flow
control

3. Network Packet Determines best path IP, IPX Router

for packets to take

2. Data Link Frame Transports data across a Frame Switch/Bridge

physical connection; Relay, PPP,
(LLC,
error detection HDLC
MAC)

1. Physical Bits Puts data onto the wire Hub/Repeater/

Concentrator/MAU

Layers: All People Seem To Need Data Processing. Data formats: Don’t Some People Fry Bacon.

7. Application Layer
Provides services to lower layers. Enables program-to-program communication and determines
whether sufficient resources exist for communication. Examples are e-mail gateways (SMTP), TFTP,
FTP, and SNMP.

6. Presentation Layer

© Paul Browning 2014 – [Link] – [Link]

Presents information to the Application Layer. Compression, data conversion, encryption, and
standard formatting occur here. Contains data formats JPEG, MPEG, MIDI, and TIFF.

5. Session Layer
Establishes and maintains communication ‘sessions’ between applications (dialogue control). Sessions
can be simplex (one direction only), half duplex (one direction at a time), or full duplex (both ways
simultaneously). Session Layer keeps different applications data separate from other applications.
Protocols include NFS, SQL, X Window, RPC, ASP, and NetBios Names.

4. Transport Layer
Responsible for end-to-end integrity of data transmissions and establishes a logical connection
between sending and receiving hosts via ‘virtual circuits.’ Windowing works at this level to control
how much information is transferred before acknowledgement is required. Data is segmented and
reassembled at this layer. Port numbers are used to keep track of different conversations crossing the
network at the same time. Supports TCP, UDP, SPX, and NBP. Segmentation works here (Segments)
and error correction (not detection).

3. Network Layer
Routes data from one node to another and determines the best path to take. Routers operate at this
level. Network addresses are used here, which are used for routing (Packets). Routing tables,
subnetting, and control of network congestion occur here. Routing protocols, regardless of which
protocol they run over, reside here: IP, IPX, ARP, IGRP, and Appletalk.

2. Data Link Layer

Sometimes referred to as the LAN layer. Responsible for the physical transmission of data from one
node to another. Error detection occurs here. Packets are translated into frames here and hardware
address is added. Bridges and switches operate at this layer.

Logical Link Control sublayer (LLC) 802.2: Manages communications between devices over a single link
on a network. Uses Service Access Points (SAPs) to help lower layers talk to the Network Layer.

Media Access Control sublayer (MAC) 802.3: Builds frames from the 1s and 0s that the Physical Layer
(address = 6 byte/48 bit) picks up from the wire as a digital signal and runs a Cyclic Redundancy Check
(CRC) to assure no bits were lost or corrupted.

1. Physical Layer
Puts data onto the wire and takes it off. Physical Layer specifications, such as the connectors, voltage,
physical data rates, and DTE/DCE interfaces. Some common implementations include Ethernet/IEEE
802.3, FastEthernet, and Token Ring/IEEE 802.5.

Cisco Hierarchical Model

Core Layer – Purpose is to switch traffic as quickly as possible. Fast transport to enterprise services
(Internet, etc.). No packet manipulation, VLANs, access-lists. High-speed access required, such as FDDI
and ATM.

Distribution Layer – Time-sensitive manipulation, such as routing, filtering, and WAN access.
Broadcast/multicast, media translations, security.

© Paul Browning 2014 – [Link] – [Link]

Access Layer – Switches and routers; segmentation occurs here, as well as workgroup access. Static
(not dynamic) routing.

TCP/IP

Port Numbers
These are used to connect to various services and applications, and piggyback onto IP addresses.
Common port numbers are as follows:

20 - File Transfer Protocol – Data (TCP)

21 - File Transfer Protocol – Control (TCP) (Listens on this port)

22 - SSH (TCP)

23 - Telnet (TCP)

25 - Simple Mail Transfer Protocol (TCP)

53 - Domain Name Service (TCP/UDP)

69 - Trivial File Transfer Protocol (UDP)

80 - HTTP/WWW (TCP)

110 - Post Office Protocol 3 (TCP)

119 - Network News Transfer Protocol (TCP)

123 - Network Time Protocol (UDP)

161/162 - Simple Network Management Protocol (UDP)

443 - HTTP over Secure Sockets Layer (HTTPS) (TCP)

TCP – (Protocol 6) Reliable, sequenced, connection-oriented delivery, 20-byte header.

UDP – (Protocol 17) Connectionless, unsequenced, best-effort delivery, 8-byte header. Sends data but
does not check to see whether it is received.

Telnet – Used to connect to a remote device (TCP). A password and username is required to connect.
Telnet tests all seven layers of the OSI model.

FTP – Connection-orientated (TCP) protocol used to transfer large files.

TFTP – Connectionless (UDP) protocol used for file transfer.

SNMP – Allows remote management of network devices.

ICMP – Supports packets containing error, control, and informational messages. Ping uses ICMP to
test network connectivity.

© Paul Browning 2014 – [Link] – [Link]

ARP – Used to map an IP address to a physical (MAC) address. A host wishing to obtain a physical
address broadcasts an ARP request onto the TCP/IP network. The host replies with its physical address.

DNS – Resolves hostnames to IP addresses (not the other way around). To configure the router to use
a host on the network, use the command ROUTER(config)#ip name-server [Link], and
to configure DNS, use the command ip name-server (usually already turned on for the router
configuration by default). If you want hosts on the network to use the router as a proxy DNS server,
put the command Router(config)#ip dns server onto the router.

DHCP – Involves a central server, or devices, which relays TCP information to hosts on a network. You
can configure a router to be a DHCP server with the configuration below. You must have hosts on the
same LAN as the router interface:

Router(config)#ip dhcp pool E00_DHCP_Pool

Router(dhcp-config)#network [Link] [Link]
Router(dhcp-config)#dns-server [Link] [Link]
Router(dhcp-config)#domain-name [Link]
Router(dhcp-config)#default-router [Link]
Router(dhcp-config)#lease 1

Cisco IOS

Six Modes
User EXEC: Router>

Privileged EXEC: Router#

Global Configuration: Router(config)#

ROM Monitor: > or rommon>

Setup: series of questions

RXBoot: Router<boot>

Editing Commands
Ctrl+W – Erases a word

Ctrl+U – Erases a line

Ctrl+A – Moves cursor to beginning of line

Ctrl+E – Moves cursor to end of line

Ctrl+F (or right arrow) – Moves forward one character

Ctrl+B (or left arrow) – Moves back one character

Ctrl+P (or up arrow) – Recalls previous commands from buffer

Ctrl+N (or down arrow) – Returns to more recent commands in buffer

© Paul Browning 2014 – [Link] – [Link]

Esc+B – Moves back one word

Esc+F – Moves forward one word

Tab – Completes a command you have started

Router# copy ru  press Tab key after the ‘u’

Router# copy running-configuration

‘?’ gives you the command options:

Router#copy ?

flash: Copy from flash: file system

ftp: Copy from ftp: file system

nvram: Copy from nvram: file system

running-config Copy from current system configuration

startup-config Copy from startup configuration

system: Copy from system: file system

tftp: Copy from tftp: file system

[truncated]

…or the commands beginning with the letters you have typed:

Router#a?

access-enable access-profile access-template

Router Elements
DRAM – Working area for router. Contains routing tables, ARP cache, packet buffers, IOS, and running
configuration. Some routers run the IOS from DRAM.

show version – Shows information about IOS in RAM and displays how much physical memory is
installed. Also shows the configuration register setting.

show process – Shows information about programs running in DRAM.

show running-configuration – Shows active configuration in DRAM.

show memory/stacks/buffers – Command used to view tables and buffers.

NVRAM – Stores router’s startup configuration. Does not lose data when powered off due to a battery
power source:

show startup-configuration

© Paul Browning 2014 – [Link] – [Link]

erase startup-configuration

copy running-configuration startup-configuration (copy run start)

Configuration register 0x2142 skips startup configuration file in NVRAM (for password recovery).

Configuration register 0x2102 loads startup configuration files from NVRAM.

Flash – EEPROM or PCMCIA card holds the compressed operating system image (IOS). This is where
software upgrades are stored:

show flash

dir flash:

ROM – Contains power on diagnostics, a bootstrap program, and a mini-IOS (rommon). You can specify
which file the routers boots from if you have more than one in flash memory:

Router(config)#boot system flash {IOS filename}

Or you can specify that it boots from a TFTP server if, for example, the image is too large to fit in flash:

Router(config)#boot system tftp {IOS filename}{tftp address}

You can also backup the flash image for emergency use:

Router(config)#copy flash tftp

Cabling
Hub Switch Router Workstation

Hub Crossover Crossover Straight Straight

Switch Crossover Crossover Straight Straight

Router Straight Straight Crossover Crossover

Workstation Straight Straight Crossover Crossover

Pinouts
Crossover Straight Console

1 3 1 1 1 8

2 6 2 2 2 7

3 1 3 3 3 6

4 4 4 4 4 5

© Paul Browning 2014 – [Link] – [Link]

 5 5 5 5 5 4

6 2 6 6 6 3

7 7 7 7 7 2

8 8 8 8 8 1

Two types of crosstalk can occur on twisted-pair cables:

Near-end Crosstalk (NEXT) and Far-end Crosstalk (FEXT)

Router Management
Console port – A PC connected to the console port via a rollover cable. Used for initial configuration
or disaster recovery.

Virtual terminals – Normally accessed by telnetting to the router. Five lines available, numbered 0 to
4 (more lines possible, depending on the Router/Switch model).

Auxiliary port – Normally a modem connected to this port.

TFTP server – The router can get its configurations or IOS from a server (a PC, for example) running
TFTP software and holding the necessary files.

NMS – Network management station. Uses SNMP to manage the router normally via a web-style
interface.

CDP
Cisco Discovery Protocol (proprietary) runs only on Cisco devices; it allows you to gather information
about other routers and switches. It is enabled by default. It can also be a very useful command to use
while troubleshooting to see which devices are directly connected to the device you are connected
to.

Router#show cdp neighbors (NOTE: Cisco uses US spelling conventions)

This command displays the neighbouring router or switch’s hostname, hardware platform, port
identifier, and capabilities list:

Router#show cdp neighbors detail

This command displays more detail than the previous one. You can view the IP address, the IOS
release, and the duplex setting.

To turn off CDP on an interface, use the following command:

Router(config-if)#no cdp enable

To turn off CDP on your entire router or switch, use the following command:

Router(config)#no cdp run

© Paul Browning 2014 – [Link] – [Link]

LAN Switching
A LAN switch has three primary functions:

1. Address learning – Maintains a table (CAM – Content Addressable Memory) of addresses and
on which port they can be reached.
2. Forward/filter decision – Forwards frames only out of the relevant port.
3. Loop avoidance – STP.

Broadcast frames are forwarded out of all ports. Because all Ethernet hosts can transmit at the same
time, this can lead to collisions, thus slowing down the network considerably.

Transmitting Frames through a Switch

Store-and-Forward – The switch copies the entire frame into its buffer and computes the CRC. The
frame is discarded if there is an error. High latency.

Cut-through – Reads only the destination address (first 6 bytes after preamble), looks up address, and
forwards frame. Lower latency.

Fragment-free – The switch reads the first 64 bytes before forwarding the frame. Collisions normally
occur within the first 64 bytes.

Bridging/Switching
Bridges are primarily software-based and have one Spanning Tree instance per bridge. Normally 16
ports per bridge. LAN switches are primarily hardware-based. There are many Spanning Tree instances
per switch and up to 100 ports.

Common Switching Commands

This is not a sample configuration but, rather, a demonstration of commands you need to know:

Switch(config)#ip default-gateway [Link]  switch default gateway

Switch#show mac-address-table dynamic  shows MAC table (dynamic)

Switch(config)#interface fast 0/1

Switch(config-if)#switchport port-security  enable port security

Switch(config-if)#switchport port-security violation shutdown

Switch(config-if)#switchport port-security maximum 4  only 4 MACs

Switch(config-if)#switchport port-security mac-address xxx  hard

codes

Switch #show port-security  you can add ‘interface fast 0/1’

Please visit the free IOS commands page at [Link]/public/[Link] for

further explanation of the commands and more context.

The switch must be in transparent mode to add higher numbered VLANs (1006 to 4096).

© Paul Browning 2014 – [Link] – [Link]

IP Addressing and Subnetting
Network
Format/Default Leading Bit Max Max
Class Address
Mask Pattern Networks Hosts/Nodes
Range

N.H.H.H
A 0 0 to 126 126 16,777,214
[Link]

N.N.H.H
B 10 128 to 191 16,384 65,534
[Link]

N.N.N.H
C 110 192 to 223 2,097,152 254
[Link]

D N/A 1110 224 to 239 Multicast N/A

E N/A 11110 240 to 255 Experimental N/A

Network number 127 is reserved for Loopback testing ([Link] local Loopback)

Subnetting
Max # of Subnets = 2(to the power of masked bits)

Max # of Hosts (per subnet) = 2(to the power of unmasked bits) – 2

Easy Subnetting
What network is host [Link] [Link] in?

256 - 240 = 16, so you have the subnets going up in increments of 16, starting with zero (if subnet zero
is permitted in the exam). Each subnet will need to have a subnet and a broadcast number, so this
leaves 14 hosts per subnet. The subnets start at 0,16,32,48, 64, 80…224, 240 (the 0 and 240 are valid
only if subnet zero is allowed).

Subnet First Host Last Host Broadcast

[Link] 1 14 15

[Link] 17 30 31

[Link] 33 62 63

[Link]* 65 78 79

Looking at the [Link] host address, you are clearly looking to find the host on the fourth octet
because this is where the non-zero mask is ([Link]). Just keep adding 16 until you find the
range that the host number 68 is in. In this case, [Link], as indicated by the asterisk (*).

© Paul Browning 2014 – [Link] – [Link]

The Super Subnetting Chart™ will also provide the answers for you very quickly. To get to the 240
mask, tick down four subnet numbers on the left column and then tick four along the top row to get
the subnet increment (i.e., 16).

Bits 128 64 32 16 8 4 2 1

Subnets √ √ √ √

128 √

192 √

224 √

240 √

248

252

254

255

Powers Subnets Hosts

of Two
-2

16

32

64

128

256
Super Subnetting Chart™ © Paul Browning 2005-2012

If you see a slash address, such as [Link]/26, then you simply have to convert that 26 into a
subnet mask. Using the Super Subnetting Chart™ is the easiest way, or you can simply count up in
octets, remembering that 255 is 8 in binary bits. To reach 26 binary bits, you know that [Link]
is 8 + 8 + 8 binary bits, giving you 24. To get to 26, you need to add another 2 binary bits, which is a
tick in the 128 and 192 (128 + 64 = 192) boxes in the left column.

© Paul Browning 2014 – [Link] – [Link]

To work out the subnet increment, simply tick two along the top row (or take 192 away from 256).

Bits 128 64 32 16 8 4 2 1

Subnets √ √

128 √

192 √

224

240

248

252

254

255

Powers of Subnets Hosts

Two
-2

16

32

64

128
Super Subnetting Chart™ © Paul Browning 2005-2012

128 + 64 gives you 192, so the /26 mask gives you [Link], which is 26 binary bits. You can
tick two across the top row to reveal the subnet increments (i.e., multiples of 64).

Working out how many subnets is also a simple process. If you have the IP address [Link] with
the default /24 mask ,and the client wants five subnets created out of that, you simply tick down the
Powers of Two numbers until you get to the required amount of subnets.

© Paul Browning 2014 – [Link] – [Link]

In the exam, you should be permitted to use subnet zero, so you will not have to take two away from
the subnets, but you still need to take two away from the hosts.

Bits 128 64 32 16 8 4 2 1

Subnets

128 √

192 √

224 √

240

248

252

254

255

Powers of Subnets Hosts

Two
-2

2 √ √

4 √ √

8 √ √

16 √

32 √

64

128
Super Subnetting Chart™ © Paul Browning 2005-2012

Ticking down three rows gives you 8. I know that the requirement is five subnets, but this is the closest
you can get for the client. Taking 3 bits from the hosts leaves 5 remaining host bits (8 - 3 = 5). Tick
down five boxes in the Hosts-2 column and take two away (for the subnet and broadcast) to give you
30 hosts per subnet. Voila!

© Paul Browning 2014 – [Link] – [Link]

If you want to know the subnet mask, tick down three (for the subnet bits stolen) in the left column
in the top of the chart, giving you 224, or in full, [Link], which is 8 + 8 + 8 + 3, or /27 masked
bits.

To view several free subnetting videos on YouTube, visit the link below:

[Link]/user/paulwbrowning

IP Routing
Routers must have some means of learning networks to which they are not directly connected.

Static routing:

Router(config)#ip route {destination network}{mask}{next hop

address}

e.g. ip route [Link] [Link] [Link]

Dynamic addressing uses a routing protocol:

for RIP v2

Router(config)#router rip

Router(config-router)#version 2

Router(config-router)#network [Link]

Router(config-router)#no auto-summary  optional

Facts
RIP v2
 Uses UDP port 520
 Classless
 Max hop count is 15
 Multicasts route updates to [Link]
 Supports authentication
 Update timer, 30 seconds
 Invalid, 90 seconds
 Hold down, 180 seconds
 Flush, 270 seconds

Distance Vector
Distance Vector protocols understand the direction and distance to any given network connections.
Algorithms calculate the cost to reach the connection and pass this information to every neighbour
router. Examples are RIP and IGRP. Problems with Distance Vector protocols include routing loops and
counting to infinity. To overcome these problems, the following can be implemented:

 Define a maximum number of hops – 15 for RIP and 255 for IGRP.

© Paul Browning 2014 – [Link] – [Link]

  Split horizon – If the router learns a route on an interface, do not advertise it out of the same
interface.
 Route poisoning – Information passed out of an interface is marked as unreachable by setting
the hop count to 16 (for RIP).
 Hold Down timers – Ignores new routing updates until a determined time has passed.
 Triggered updates – Instead of routing updates being sent at the default intervals, a triggered
update is sent every time to indicate a change in the routing table.

Link State
These have a picture of the entire network from Link State Advertisements (LSAs) and Link State
Packets (LSPs). Once these have all been passed, only changes to the network are sent out, reducing
network traffic.

Link State protocols do require a lot of CPU time and bandwidth when LSAs are flooded out. Examples
are OSPF and ISIS.

Routers use administrative distances to determine how believable the route learned is depending
upon the protocol it learns from the router.

Default
Source
Distance

Directly Connected Interface 0

Static Hop to Next Router 1

EIGRP Summary 5

External BGP 20

EIGRP (Internal) 90

OSPF 110

IS-IS 115

RIP 120

Exterior Gateway Protocol (EGP) 140

External EIGRP 170

Internal BGP 200

Unknown 255

An administrative distance of 0 is most preferred. For example, a router running RIP and OSPF will
prefer the OSPF routes most and install these in the routing table.

© Paul Browning 2014 – [Link] – [Link]

Routing protocols maintain a table of hosts and which interface they can be reached by. Examples
include RIP and OSPF.

BGP is an exterior gateway protocol. It is used to connect autonomous systems together.

Routed protocols are used to transport traffic from source to destination. Examples: IP, IPX, and
Appletalk.

When a packet traverses the network from device to device (hop to hop), the IP address remains
constant, but the hardware (MAC) address changes.

NAT
Network Address Translation will convert an address from the inside of your network to another
address on the outside of your network, and vice versa. It is most commonly used to convert a non-
routable address to a routable address.

For all configurations, you must specify which interfaces are internal for NAT and which are external:

Router(config-if)#ip nat inside/outside

Static NAT – Maps one address to one address, such as [Link] to [Link]:

Router(config)#ip nat inside source static [Link] [Link]

Dynamic NAT – Maps a number of internal addresses to a pool of external addresses. The
configuration below creates a pool of 10 addresses with a mask (prefix length) of [Link] and
the name ‘ad_team.’ The hosts that will go through NAT are on the [Link] network. The access
list (source list) tells the router which addresses to translate:

Router(config)#ip nat pool ad_team [Link] [Link] prefix-length

24
Router(config)#ip nat inside source list 1 pool ad_team out
Router(config)#access-list 1 permit [Link] [Link]

Overload NAT (or PAT) – Maps private internal addresses to one or more external addresses using port
numbers. The configuration below creates a pool of 10 addresses (more are possible), and the
command overload tells the router to use port address translation (PAT):

Router(config)#ip nat pool ad_team [Link] [Link] prefix-length

24
Router(config)#ip nat inside source list 1 pool ad_team out overload

Router(config)#access-list 1 permit [Link] [Link]

Wireless Networking

Wireless Basics
Wireless clients connect to access points. The two wireless modes are ad-hoc and infrastructure. Ad
hoc is similar to peer-to-peer networking, where nodes connect directly to each other. They must have
the same SSID and channel for this to work. In infrastructure mode, the clients connect to the access

© Paul Browning 2014 – [Link] – [Link]

point via basic service set (BSS – one access point and multiple clients) or extended service set (ESS –
two or more BSSs).

Wireless Security
The two methods for wireless authentication are open system and shared key. In the open-system
method, the host sends an association request to the wireless access point and it will be sent a success
or failure message. With the shared-key method, a key or pass phrase is configured on both the host
and the access point. There are three types of shared-key authentication – WEP, WPA, and WPA2.

WEP is an encryption algorithm built in the 802.11 standard. It uses RC4 40-bit or 104-bit keys and a
24-bit initialisation vector.

WPA uses dynamic key management, adds a stronger encryption cipher, and is built on the
EAP/802.1X mechanism. It uses Temporal Key Integrity Protocol (TKIP), and the Initialization Vector is
increased to 48-bit (more than 500 trillion key combinations). It is used with RADIUS in the enterprise.

WPA2 is the next generation in wireless security. It uses even stronger encryption than WPA and this
is achieved by using the Advanced Encryption Standard (AES). In addition, WPA2 creates a new key for
every new association. This is a benefit over WPA in that the client’s keys are unique and specific to
that client.

Switch and Router Security

Passwords (the service password-encryption command encrypts all passwords):

Enable – Used to get from User Exec mode to Privileged Exec mode. Not encrypted.

Router(config)#enable password {password}

Enable secret – Encrypts password (only use enable or enable secret, not both):

Router(config)#enable secret {password}

VTY – Needed if Telnet access is required:

Router(config)#line vty 0 4

Router(config-line)#password cisco

Router(config-line)#login

If you want to permit SSH into the router or switch Telnet lines, then you need to add the command
transport input ssh to the VTY lines.

Auxiliary – Allows modem access to the auxiliary port:

Router(config)#line aux 0

Router(config-line)#password cisco

Router(config-line)#login

Console – Used to allow console access:

© Paul Browning 2014 – [Link] – [Link]

Router(config)#line console 0

Router(config-line)#password cisco

Router(config-line)#login

Protect the Ports

Switch1(config)#int fast 0/1
Switch1(config-if)#switchport port-security
Switch1(config-if)#switchport port-security ?
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>

Violation action

Switch1(config-if)#switchport port-security violation ?

protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode

VTP Password:

Switch1(config)#vtp password cisco

Restrict VLANs passing on ports:

Switch1(config-if)#switchport trunk allowed vlan 7-12

Protecting the Network

Firewalls divide your network into three zones – trusted, semi-trusted, and un-trusted.

A VPN allows information to be sent securely over an insecure medium (e.g., the Internet). A VPN can
be site-to-site (e.g., WAN) or access (e.g., home worker).

Super Subnetting Chart™

Bits 128 64 32 16 8 4 2 1

Subnets

128

192

224

240

248

252

© Paul Browning 2014 – [Link] – [Link]

 254

255

Powers of Subnets Hosts

Two
-2

16

32

64

128

256

512

1024

2048

4096

8192

16384
Super Subnetting Chart™ © Paul Browning 2005-2012

Network Security

Access Lists
Access lists are a set of conditions that permit or deny access to or through a router’s interface.

Range Usage

1 to 99 IP Standard

1300 to 1999 IP Standard (Expanded Range)

100 to 199 IP Extended

© Paul Browning 2014 – [Link] – [Link]

 2000 to 2699 IP Extended (Expanded Range)

Standard Access Lists

Standard IP access lists check only the source address of the packet, and permit or deny the entire
TCP/IP suite. You cannot choose a particular port or application to block. Cisco recommends that they
are placed as close to the destination as possible:

Router(config)#access-list{number 1-99}{permit/deny}{source address}

access-list 10 permit [Link]  address can be a host or a network

Extended Access Lists

These allow for a lot more granularity when filtering IP traffic. They can filter packets based upon
source or destination, a particular IP protocol, and a port number. Cisco recommends that they are
placed as close to the source as possible:

Router(config)#access-list {number 100-99}{permit/deny}{protocol}

{source}{destination}{port}
access-list 112 permit tcp host [Link] host [Link] eq www

Named Access Lists

Router(config)#ip access-list {standard/extended} name
Router(config)#ip access-list extended no_ftp

Access lists applied to inbound interfaces save the router from having to process the packet; denied
packets will be dropped at the interface. Outbound access lists will be processed by the router and
then dropped at the outbound interface if they match the access list.

Access lists can be applied to multiple interfaces, but there can be only one access list per protocol
per direction per interface.

Use the term access-class if applying to console/auxiliary/VTY lines:

show ip access-lists
show access-list 1

Packets are processed by the access list and then routed.

Wildcard Masks
Wildcard masks tell the router which parts of the address to look at and which to disregard.

access-list 12 permit [Link] [Link]

The above would permit any host on network 172.16.5.x. In order to work out a wildcard mask, simply
write out the mask in full and then take that number away from 255.

Number 255 255 255 255

- Mask 255 255 192 0
Equals 0 0 63 255

Access lists are applied to interfaces:

© Paul Browning 2014 – [Link] – [Link]

Router(config)#access-list 1 permit [Link]
Router(config)#interface e0
Router(config-if)#ip access-group 1 in

Passwords (the service password-encryption command encrypts all passwords):

Enable – Used to get from User Exec mode to Privileged Exec mode. Not encrypted:

Router(config)#enable password {password}

Enable Secret – Encrypts password (use only enable or enable secret, not both):

Router(config)#enable secret {password}

VTY – Needed if Telnet access is required:

Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login

Auxiliary – Allows modem access to the auxiliary port:

Router(config)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login

Console – Used to allow console access:

Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login

© Paul Browning 2014 – [Link] – [Link]

Appendix B – VLSM
VLSM is the process whereby you take a major network address and then break it down into
different subnets, with different subnet masks at various points. In the exam, you may well be faced
with a scenario where you are required to design an IP addressing scheme to fit certain
requirements. It is best to illustrate with the following example, illustrated in Figure B.1 below:

FIG B.1 – ACME Company with No VLSM

You may have spotted a few problems with the addressing scheme above. The most important issue
is the breach of the conservation of IP addresses. If you are using RFC 1918 addresses (non-routable,
such as 10.x.x.x), then perhaps you may not be worried about address wastage, but this is very bad
practise, and for Cisco exams, you will be expected to conserve IP addresses.

With a /28 mask, or [Link], you have 14 hosts per subnet. This may be fine for your LAN
on either end but for your WAN connection, you only need two IP addresses, meaning you are
wasting 12 addresses! You could change the masks to /30, or [Link], but then for your
LANs, you will obviously need more than two hosts.

The first workaround is to buy a separate network address for each network (two LANs and one
WAN), but this would prove expensive and unnecessary. The other alternative is to break down your
subnet further using VLSM, which is actually what it was designed to do!

FIG B.2 – ACME Company with VLSM

© Paul Browning 2014 – [Link] – [Link]

In Figure B.2 above, you can see that the WAN link now has a /30 mask, which gives you two usable
hosts. In addition, you have a tighter addressing allocation. Should ACME expand (as companies do),
you can easily allocate further WAN links and LANs.

FIG B.3 – ACME with a New Office

In Figure B.3 above, you can see that ACME has now grown and has added a remote office. Because
you have taken the time to plan and allocate a carefully thought out VLSM scheme, you can simply
allocate the next block of IP addresses.

But won’t the IP addresses clash? This is a very common question and it’s very valid. Let’s say you
have address [Link]/28 for one of your LANs; you will not, therefore, be able to use the IP
address [Link] with any other subnet mask. The IP address can be used only once, no matter
which subnet mask is attached to it.

It is a bit of a head scratcher for people who are new to networking or subnetting, but it does work.
Feel free to think on it some more, or just accept that with VLSM (RFC 950), it is not possible to reuse
IP addresses.

VLSM in the Exam

You may be asked to address a network using VLSM and allocate the correct masks to the WAN and
LAN links. The following, as an example, is a network you have been asked to design an addressing
scheme for:

© Paul Browning 2014 – [Link] – [Link]

 FIG B.4 – ACME II Company

In Figure B.4, ACME II company has been allocated the network 200.100.100.x, with a default mask
of [Link]. If you keep the standard mask, you are left with one network with 254 usable
hosts. If you want to check this for yourself, please use the Subnetting Secrets Chart©. Visit the book
updates page to download.

If you use the bottom part of the Subnetting Secrets Chart©, you can tick down eight places in the
left column and see that you have one subnet with 256 - 2 hosts, giving you 254. I don’t want to
dwell on that part of the calculations because that is covered very well earlier in this book.

Your challenge is this then. You have three Serial connections and each requires only two usable
host addresses. You have four LANs that need anything from 20 to 100 hosts. If you just design a
mask to give you anything from 20 to 100 hosts, you are going to be wasting a lot of addresses. To
get 100 hosts (using the Subnetting Secrets Chart©), tick down seven places in the Hosts-2 column,
giving you a mask of [Link] (because you only have 1 bit left to tick down for the subnets
portion). This gives you 126 hosts (128 - 2). You would then have two networks, one starting
[Link] and one starting [Link]. Not great, to be honest. You need seven subnets
(three WAN and four LAN) and some only require 20 hosts, so why waste 108 addresses? What you
need to do is refer to the Subnetting Secrets Chart©.

© Paul Browning 2014 – [Link] – [Link]

If you use the bottom portion and tick down until you find a number close enough to give you the
100 hosts, the only number you can use is 128, which is seven ticks down. You are stealing 7 bits
from the host portion, leaving you 1 bit for subnetting.

Powers of 2 Subnets Hosts -2

2 √ √
4 √
8 √
16 √
32 √
64 √
128 √
256
512

If you use the upper portion of the Subnetting Secrets Chart©, then you will tick down one place to
reveal the subnet mask of 128.

Subnets
128 √
192
224
240
248
252
254
255

When we use the 128 subnet with ACME II company’s IP address, you get subnet [Link] and
subnet [Link], both with a mask of /25, or [Link]. For your network needing
100 hosts, you can use the [Link] subnet. For the first host, you will use [Link]
and so on, up to [Link]. So now you have the following:

Large LAN Hosts

[Link]/25 – LAN (hosts 129 to 254)
[Link]/25 – Available for use or for VLSM

You need to allocate hosts to three remaining LAN networks and three WANs. The other three LANs
all need anything from 20 to 30 hosts. If you tick down five in the Hosts-2 column, you will get to 32,
and taking 2 away gives you 30 hosts. If you steal 5 bits from the host portion, you are left with 3
bits for the subnet (because there are 8 bits in every octet).

© Paul Browning 2014 – [Link] – [Link]

 Powers of 2 Subnets Hosts -2
2 √ √
4 √ √
8 √ √
16 √
32 √
64
128
256
512

Tick down three places on the lower Subnet section to reveal a subnet mask of 224. This mask will
give you eight subnets (you only need three for the LANs), and each subnet will have up to 30
available host addresses. Can you see how this will fit ACME II’s requirements?

Subnets
128 √
192 √
224 √
240
248
252
254
255

If you tick across three places on the top row, you will see that your subnets go up in increments of
32. Your subnets will be 0, 32, 64, and 96, and you can’t use 128 because this is used for the large
LAN.

Bits 128 64 32 16 8 4 2 1
√ √ √

So now you have the following:

LAN Hosts
[Link]/27 – (Let’s reserve this for the WAN links)
[Link]/27 – LAN 1 (hosts 33 to 62)
[Link]/27 – LAN 2 (hosts 65 to 94)
[Link]/27 – LAN 3 (hosts 96 to 126)

© Paul Browning 2014 – [Link] – [Link]

Next, you need IP addresses for three WAN connections. WAN IP addressing is fairly easy because
you only ever need two IP addresses if it is a point-to-point link. On the Hosts-2 column, tick down
two places to get 4 and take 2 away to get 2 hosts. This leaves 6 bits for the subnet.

Powers of 2 Subnets Hosts -2

2 √ √
4 √ √
8 √
16 √
32 √
64 √
128
256
512

Tick down six places on the lower Subnets column to get 252 as your subnet mask.

Subnets
128 √
192 √
224 √
240 √
248 √
252 √
254
255

As a network administrator, you would keep a record of used IP addresses and subnets. So far, you
will have allocated the addresses as follows:

WAN Links
[Link] /30 – WAN link 1 (hosts 1 to 2)
[Link] /30 – WAN link 2 (hosts 5 to 6)
[Link]/30 – WAN link 3 (hosts 9 to 10)

LAN Hosts
[Link]/27 – LAN 1 (hosts 33 to 62)
[Link]/27 – LAN 2 (hosts 65 to 94)
[Link]/27 – LAN 3 (hosts 96 to 126)

Large LAN Hosts

[Link]/25 – LAN (hosts 129 to 254)

© Paul Browning 2014 – [Link] – [Link]

 VLSM principles will let you take a network and slice it down into smaller chunks. Those chunks
can then be sliced into smaller chunks, and so on. You will reach the limit only when you get to
the mask [Link], or /30, because this gives you two usable hosts, which is the minimum
you would need for any network.

Let’s take network [Link]/24, for example. If you change the mask from /24 to /25, the
following happens:

Original Mask (Last Octet) 00000000 1 Subnet 254 Hosts

New Mask (Subnet 1) 00000000 [Link] – Subnet 1 126 Hosts

New Mask (Subnet 2) 10000000 [Link] – Subnet 2 126 Hosts

Now you have two subnets. If you take the new Subnet 2 of [Link] and break it down
further by changing the mask from /25 to /26, you get the following:

Original Mask (Last Octet) 10000000 1 Subnet 126 Hosts

New Mask (Subnet 1) 10000000 [Link] – Subnet 1 62 Hosts

New Mask (Subnet 2) 11000000 [Link] – Subnet 2 62 Hosts

If you take the second subnet and break it down further by changing the mask from /26 to /28
(for example), you get the following:

Original Mask (Last

11000000 1 Subnet 62 hosts
Octet)

New Mask (Subnet 1) 11000000 [Link] (Subnet 1) 14 hosts

New Mask (Subnet 2) 11010000 [Link] (Subnet 2) 14 hosts

New Mask (Subnet 3) 11100000 [Link] (Subnet 3) 14 hosts

New Mask (Subnet 4) 11110000 [Link] (Subnet 4) 14 hosts

Summary
I hope this has helped you to understand a bit more about VLSM. It is no mystery really. Please
take time to go over the examples above again, and then have a go at the challenge illustrated in
Figure B.5 below:

© Paul Browning 2014 – [Link] – [Link]

 ACME Company II has been allocated the address below. It requires you to design an addressing
system so that hosts can be given IP addresses and the WAN links can be addressed with no
wastage.

FIG B.5 – ACME Company II

© Paul Browning 2014 – [Link] – [Link]

Appendix C – ICND2 Cram

LAN Switching

Spanning Tree Protocol (STP) IEEE 802.1d

STP is a link management protocol that provides path redundancy whilst preventing undesirable loops
in the network. For communication to work correctly on an Ethernet network, there can be only one
path between two destinations. STP uses Bridge Protocol Data Units (BPDUs) received by all switches
to determine the Spanning Tree topology. A port on a switch is either in Forwarding or Blocking state.
Forwarding ports provide the lowest path cost to the Root Bridge. A port will remain in Blocking state
from startup if the Spanning Tree determines there is a better path.

You can force a particular switch to become a Root Bridge by manually configuring the priority (in
increments of 4096) as follows:

Switch(config)#spanning-tree vlan 2010 priority 8192

Or
Switch(config)#spanning-tree vlan 2010 root primary

Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w

STP takes up to 50 seconds to converge to a stable network, whereas RSTP takes 2 seconds. RSTP port
roles are Root Port, Designated Port, Backup Port, Alternate Port, and Disabled. Most implementations
of RSTP use Per VLAN Spanning Tree+ (PVST+). Here, multiple instances of Spanning Tree are running
so the load on the CPU is higher, but you can load share over the links. To enable RSTP for each VLAN
in your switched network, use the following command:

Switch(config)#spanning-tree mode rapid-pvst

Bridging/Switching
Bridges are primarily software-based and have one Spanning Tree instance per bridge, normally, 16
ports per bridge. LAN switches are primarily hardware-based. There are many Spanning Tree instances
per switch and up to 100 ports.

Virtual LAN (VLAN)

A VLAN is a switched network that consists of logically segmented communities, without regard to
physical location. Each port on a switch can belong to a VLAN. VLAN ports share broadcasts. A router
is needed to route traffic between VLANs because Layer 2 devices do not use IP addresses. This
reduces administrative costs, and allows for tighter security and better control of broadcasts.

Common Switching Commands

This is not a sample configuration but, rather, a demonstration of commands you need to know:

Switch(config)#vlan 2  creates VLAN 2

Switch(config-vlan)#name SALES  names VLAN
Switch(config)#interface fast 0/1
Switch(config-if)#switchport access vlan 2  puts interface into VLAN 2
Switch(config-if)#switchport mode trunk  sets interface to trunk
Switch(config)#vtp mode transparent/client/server  sets switch mode

© Paul Browning 2014 – [Link] – [Link]

Switch(config)#vtp domain [Link]  sets VTP domain name
Switch(config)#spanning-tree portfast  sets Port Fast
Switch(config)#ip default-gateway [Link]  switch default gateway

Switch#show vlan brief  shows summary of VLAN info

Switch#show vtp status  shows various VTP information, including mode/version
Switch#show interfaces trunk  shows trunk interfaces
Switch#show mac-address-table dynamic  shows MAC table (dynamic)

Switch(config)#interface fast 0/1

Switch(config-if)#switchport port-security  enables port security
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#switchport port-security maximum 4  only 4 MACs
Switch(config-if)#switchport port-security mac-address xxx  hard codes
Switch #show port-security  you can add interface fast 0/1

The switch must be in transparent mode to add higher numbered VLANs (1006-4096).

IPv6
An IPv6 address consists of 128 bits represented in hexadecimal format and separated into eight parts
(e.g., EEDE:AC89:4323:5445:FE32:BB78:7856:2022). There are no broadcast packets, only anycast,
multicast, and unicast.

The two methods of migrating from IPv4 to IPv6 are dual stack and tunneling. Cisco IOS supports IPv6
commands in version 12.2(2)T and later.

Configure IPv6:
Router#config t
Router(config)#ipv6 unicast-routing
Router(config)#interface fast ethernet 0/0
Router(config-if)#ip address 192.1681.1 [Link]
Router(config-if)#ipv6 address 2eef:c001:b14:2::c12/125
Router(config-if)#exit
Router#show IPv6 interface

FastEthernet0/0 is up, line protocol is down

IPv6 is enabled, link-local address is FE80::20E:83FF:FEF5:FD4F
[TENTATIVE]
Global unicast address(es):
2EEF:C001:B14:2::C12, subnet is 2EEF:C001:B14:2::C10/125 [TENTATIVE]

Route Summarisation
You need to be able to work this out for the exam. It is basically advertising out on as few routes as
possible from your network. You can only work out a summary route by converting the IP address into
binary (sorry). If you don’t do this, then you have no way of knowing if you are advertising the correct
summary route, which will lead to problems on your network.

Firstly, write out all of the network addresses in full, and then the binary versions to the right of that:

© Paul Browning 2014 – [Link] – [Link]

[Link] 10101100.00010000.00001000.00000000
[Link] 10101100.00010000.00001001.00000000
[Link] 10101100.00010000.00001010.00000000
[Link] 10101100.00010000.00001011.00000000
[Link] 10101100.00010000.00001100.00000000
[Link] 10101100.00010000.00001101.00000000
[Link] 10101100.00010000.00001110.00000000
[Link] 10101100.00010000.00001111.00000000
Matching Bits 10101100.00010000.00001 = 21 bits

I have italicised the bits in each address which match. You can see that the first 19 bits match on every
address, so your summarised route can reflect these 21 bits:

[Link] [Link]

IP Routing
Routers must have some means of learning networks to which they are not directly connected.

Static routing:
Router(config)#ip route {destination network}{mask}{next hop
address}
(e.g., IP route [Link] [Link] [Link])

Dynamic addressing uses a routing protocol:

For EIGRP:
Router(config)# router eigrp 20
Router(config-router)#network [Link]
Router(config-router)#no auto-summary  optional

For OSPF:
Router(config)#router ospf 20
Router(config-router)#network [Link] [Link] area 0

Facts
EIGRP:
Uses IP protocol 88
Classless
Hybrid of Distance Vector and Link State
Multicasts updates to [Link]
Uses feasible successors to determine alternative routes to networks
The feasible successor is a backup route based upon the Topology Table

OSPF:
Uses IP protocol 89
Classless
Uses Dijkstra’s shortest path algorithm (SFP)

© Paul Browning 2014 – [Link] – [Link]

Router ID is the highest IP address, but Loopback address is used if present
Backbone area is Area 0
All non-backbone areas must connect directly to Area 0
Areas can be numbered from 0 to 65,535
Multicasts on [Link]
OSPF uses cost as a metric (see below: * indicates the most common)

Interface Cost (108/Bandwidth)

ATM, FastEthernet, GigabitEthernet, FDDI (> 100Mbps) 1

HSSI (45Mbps) 2

16Mbps Token Ring 6

10Mbps Ethernet 10

4Mbps Token Ring 25

T1 (1.544 Mbps)* 64

DS-0 (64k)* 1562

56k 1785

WAN Protocols and Services

HDLC – Cisco default on serial WAN connections. No authentication available.

PPP – Data link. Uses PAP (clear text) and CHAP (secure hash) authentication. Authentication is
optional. Use PPP if connecting a Cisco router to a non-Cisco router:

Router(config)#hostname paul password cisco  case sensitive

Router(config)#interface serial 0
Router(config-if)#encapsulation ppp
Router(config-if)# ppp authentication chap

Frame Relay
Based upon x.25 protocol, but with less error checking so it’s quicker. Normally 56k to 2Mb, so it’s
ideal for SMEs. Works at the Physical and Data Link Layers. DLCIs are used to identify the circuit. Each
router uses LMIs for keepalives on the line between the Router and Frame Relay switch. LMI type is
Cisco by default. You must use another type, such as ANSI, if connecting to a non-Cisco router.

Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay map ip [Link] 100

In the output above, the router is told to get to IP address [Link] (use DLCI 100).

Frame Relay problems include the following:

 Incorrect LMI setting

© Paul Browning 2014 – [Link] – [Link]

  Incorrect DLCI
 Split horizon preventing routing updates leaving interface

Use Frame Relay subinterfaces if point-to-point or multipoint connection is needed. IP address is

applied to subinterfaces for these, NOT the main interface.

Frame Relay uses backwards explicit congestion notification (BECN) on returning frames to warn of
congestion, and forward explicit congestion notification (FECN) is set by the DCE end to warn of
congestion from the sending end.

Troubleshooting
Always use a systematic and methodical approach to troubleshooting.

The first command to issue is show ip interface brief to establish whether the interfaces
are down or up. There are only a handful of ways to break any network in the exam.

Layer 1
Ensure that there is a clock rate on the DCE interface (use the show controllers serial X
command – where X is the Serial interface number – to see what type of cable is attached).

Ensure that the no shut command has been applied to the interface.

Layer 2
Ensure that the correct encapsulation type is on the interface (i.e., HDLC, PPP, etc.) (use the show
interface serial X command to check).

If it is not the correct encapsulation type, then go into Interface Configuration mode and change it.

Layer 3
Ensure that the correct IP address AND subnet mask is applied to the interface.

Ensure that the correct networks are being advertised by the routing protocol (show ip
protocols).

Always ensure that you can ping across directly connected router interfaces BEFORE applying routing
protocols and access lists. You have been warned.

© Paul Browning 2014 – [Link] – [Link]

I continually update this cram guide so please register at the below address for the free CCNA 60
Days training to keep up-to-date.

[Link]

© Paul Browning 2014 – [Link] – [Link]

© Paul Browning 2014 – [Link] – [Link]