Tài liệu Cramsession for Cisco Certified Internetwork Expert ppt

• Enable – used to restrict access to the privileged EXEC mode where changes to the router configuration can be made.. For example, if in the diagram above Devices B and C were bridges,

BrainBuzz

Cramsession

Notice: While every precaution has been taken in the preparation of this material, neither the author nor BrainBuzz.com

assumes any liability in the event of loss or damage directly or indirectly caused by any inaccuracies or incompleteness of

the material contained in this document The information in this document is provided and distributed “as-is”, without any

expressed or implied warranty Your use of the information in this document is solely at your own risk, and Brainbuzz.com

cannot be held liable for any damages incurred through the use of this material The use of product names in this work is

for information purposes only, and does not constitute an endorsement by, or affiliation with BrainBuzz.com Product

names used in this work may be registered trademarks of their manufacturers This document is protected under US and

Last updated November, 2000

Click here for updates

Click here to see additional

documents related to this study

guide

Contents

Contents 1

Cisco Device Operation 2

General Networking Theory 5

Bridging & LAN Switching 8

IP Routing Protocols 17

Desktop Protocols 26

Performance Management 28

WAN 29

LAN 33

Security 35

TACACS (Terminal Access Controller Access Control System) 35

Multiservice 36

Cramsession™ for Cisco Certified Internetwork Expert Abstract: This Cramsession will help you to prepare for Cisco exam #350-001, the CCIE written exam Exam topics include, Cisco Device Operation, General Networking Theory, Bridging & LAN Switching, Internet Protocol, IP Routing Protocols, Desktop Protocols, Performance Management, WAN, LAN, Security, and Multiservice

Cisco Device Operation

Router Components

ROM (Read-Only Memory) – Hosts the basic commands of the router and

sometimes a limited version of the IOS (Internet Operating System) ROM is volatile, meaning it is hard-coded and does not change Contains power-on

non-diagnostics, a bootstrap program, and operating system software

RAM (Random Access Memory) – Contains the running version of the IOS and the

current running configuration This is extremely volatile; when the router is

shutdown, anything in RAM is lost Stores routing tables, ARP cache, fast-switching cache, packet buffering (shared RAM), and packet hold queues

NVRAM (Non-Volatile Random Access Memory) - As the name implies, files can

be written to this memory and will not be lost when the system is powered down This is where the startup version of the router configuration is stored

Flash memory (EEPROM – Electronic Erasable Programmable Read Only

Memory) – This is where the IOS version for the router is stored It is important

when determining what version of IOS to load on a router, that you ascertain how much flash is installed Different versions of IOS require more flash to be loaded Flash memory holds the operating system image and microcode

Ways to Configure a New Router

• By connecting to the console port and using TFTP to download a configuration file that has been created ahead of time

• By connecting to the console port and running the Setup dialog

• By connecting to the console port and directly typing in configuration

commands

• Using bootp in conjunction with SLARP/RARP to download a configuration file that has been created ahead of time

Determine Hardware Configuration

The EXEC commands that will show hardware configuration of a Cisco router are

“show hardware” and “show version”

Mode Prompts

Monitor mode rommon 1 >

User mode router>

Privileged mode router#

Global configuration mode router(config)#

Interface configuration mode router(config-if)#

Sub-interface configuration mode router(config-subif)#

Line configuration mode router(config-line)#

Router configuration mode router(config-router)#

IPX router configuration mode router(config-ipx-router)#

Really Delete Files from Flash

When you delete a file from flash, it is not removed from flash, and you will not regain the space - it is simply marked for deletion Once a file is marked for

deletion, issuing the “squeeze” command will perform a function similar to a hard drive defrag and move the files on flash to reclaim the space occupied by the

• All passwords can be encrypted

• A password can be set for individual lines

• If no password is set on the vty lines there is no telnet access into this router

• Router(config)# service password-encryption – encrypts all passwords in the

configuration file

Procedure to Recover a Lost Password:

• Reboot the router

• Issue the break command in the first 60 seconds (CTRL-Break)

• Enter the appropriate register value (0x2142)

• Reboot the router again

• Avoid the startup script

• Copy startup to running configuration

• Change the passwords

• Copy running to startup configuration

Types of passwords:

• Exec – used to restrict access to the EXEC mode, the basic console on the

router

• Enable – used to restrict access to the privileged EXEC mode where changes

to the router configuration can be made

• Enable Secret – Similar to the Enable password, but they are encrypted so

they cannot be read

Setting different types of passwords:

• Console password – used with the routers console port

router(config)# line con 0

router(config-line)# password {password}

• Auxiliary password - used for the router’s auxiliary port

router(config)# line aux 0

router(config-line)# password {password}

• Virtual terminal password – used for telnet sessions to router

router(config)# line vty 0 4

router(config-line)# password {password}

• Enable password – used when enable secret is not configured or software revision is too old

router(config)# enable password {password}

• Enable secret password – encrypted password that provides enable privileges

router(config)# enable secret {password}

Router# debug serial interface - monitors keepalives on an interface

To reduce the impact of a debug command on the CPU of the router, use the

scheduler-interval command and be sure to use the debug command as specifically

as possible

SNMP (Simple Network Management Protocol)

SNMP is a standard method for Network Management Stations (such as CiscoWorks)

to gather information about networked devices This UDP-based protocol uses MIBs (Management Information DataBases) defined for each type of device to interpret the information provided by the SNMP enabled equipment

To enable SNMP on a router the command is "snmp-server community"

General Networking Theory

OSI Model

The OSI is a common tool for conceptualizing how network traffic is handled In the CCIE track, we will be interested primarily in the lower three levels Just a reminder,

that you can use the old mnemonic “All People Seem To Need Data Processing” as a

way to help remember the sequence

7 Application – User interface tools (such as Telnet, SMTP, FTP, etc.)

6 Presentation – Encoding/Decoding (such as ASCII, MPEG, GIF, JPEG, etc.)

5 Session – Creating, managing and terminating Presentation layer

4 Transport – Error checking and recovery, flow control and multiplexing (TCP,

SPX, etc.)

3 Network – Routing (IP, IPX, etc.)

2 Data Link (LLC/MAC)

• LLC – Manages communications

• MAC – Manages addressing and access to the physical layer

1 Physical – Establish and maintain physical connectivity

Cisco Hierarchical Internetworking Model

• Core – Concentrates all traffic traversing the network The focus in on speed

and fast switching Gigabit Ethernet and ATM are seen here

• Distribution – Control layer; Aggregation of traffic, access lists, compression,

encryption and other services that provide the glue between Access and Core layers

• Access – The point at which users join the network VLANs, WAN

connections, RAS services are all at this layer

Connection-oriented vs Connectionless Service

Connection-oriented: Similar to HDLC

• Connection establishment and termination required

• Sequenced, acknowledged data delivery

• Built-in error recovery

• Sliding window flow control

Connectionless: Data transfer without virtual circuit

• No message sequencing

• No delivery guarantee

• Higher layer is responsible for error recovery, flow control, and reliability

Routing / Switching

• Routing is defined as a Layer-3 activity

• Bridging is defined as a Layer-2 activity

• Switching is defined as a Layer-2 activity Switching is often called segmentation, in that each switched port is basically its own bridged domain

micro-Routing and Routed Protocols

A routing protocol, such as BGP or OSPF communicates between routers which paths

to follow in order to get data delivered to desired destinations

A routed protocol, such as IP or IPX is the method for passing data, and travels the paths defined by the routing protocol

802.2 Link Layer Control (LLC)

802.3 CSMA/CD Access Method (Ethernet)

802.4 Token Ring Bus

Passive Interface

When enabled on an interface this command allows the interface to hear routing

updates, but not repeat them This helps to control routing updates

Example: Router(config-router)# passive-interface s0

Connectivity

(Diagram A-1)

Bridged Environment (Refer to Diagram A-1)

In a bridged environment, a Cisco router will not modify the layer-2 MAC address of

a frame when bridging In other words, a packet retains the true source and

destination MAC addresses when crossing a bridge

For example, if in the diagram above Devices B and C were bridges, packets sent from Host A to Host B would have the Source MAC Address of Host A’s Ethernet adapter and the Destination MAC Address of Host B’s Ethernet adapter, regardless of what segment they were passing through

If a packet were to be lost anywhere between Host A and Host D, the originator would rebroadcast

Routed Environment (Refer to diagram A-1)

In a routed environment, when a host sends a packet it has the Source MAC Address

of either the originating host (if on the first segment) or the last router port it was processed by It would have the Destination MAC Address of the next hop router port

or the destination host, if on the final segment

In other words, a host sending a packet to a router for processing to a remote

destination will have the routers local port as a destination address; a host receiving

a packet from the router will see a source address of the local router port

For example, if in the devices in diagram A-1 were routers:

• Packet from Host A to Host D will have source MAC address of Host A and destination MAC address of Router B’s local Ethernet port on Segment 1

• Packet from Host A to Host D will have source MAC address of Router B’s Serial port and destination MAC address of Router C’s local Serial port on Segment 2

• Packet from Host A to Host D will have source MAC address of Router C’s Ethernet port and a destination MAC address of Host D on Segment 3

If a packet sent from Host A to Host D were to be lost:

• On segment 1, Host A would rebroadcast

• On segment 2, Router B would rebroadcast

• On segment 3, Router C would rebroadcast

Bridging & LAN Switching

By default, bridging is disabled on all Cisco routers However, these services are still

an important component of the real-world networks you will be asked to deal with in your professional life For the purposes of the current discussion, you will also need

to know them for the CCIE certification exams, both written and lab

Keep in mind that many non-routable protocols, most importantly SNA, are very time sensitive, and delays can cause loss of data or session connectivity It is also important to understand that bridging techniques are broadcast intensive, and that this can flood slower WAN links

Bridging techniques

Transparent Bridging (TB) – As the name implies, this type of bridging is

transparent to the end devices The end devices are unaware that when they

communicate they are not local to one another This functionality is not enabled by default on Cisco routers, but can be turned on when needed

When a device wishes to communicate, it will send out a broadcast to search for the requested destination address When a Transparent Bridge sees the first broadcast from a device, it extracts the MAC address from the packet and enters it into its forwarding table, the list of devices on each interface This process of determining

what devices exist on each of the bridge’s ports is called learning

If the bridge receives a broadcast with a destination address that is in its forwarding table it forwards the broadcast only to that one interface If it is not in the table, it repeats the broadcast out of all of its interfaces (except the one on which it was

received) This process is called flooding

Source-Route Bridging (SRB) – Source routing is called that because

instead of an intermediate device determining a path, the originating device creates its own

Routing Information Fields (RIF) are used to define paths for SRB frames to traverse

a network They are easy to read if you understand their function For the current discussion it’s important that you understand how to understand how a RIF works Later we’ll come back to how to rip ‘um up and read ‘um

When an SNA device needs to access a remote unit, it sends out a test frame that attempts to find the destination You can think of this as a broadcast in the IP

world; it isn’t, but that will help you to conceptualize

If the destination is not found, the source device sends out a single-route or routes explorer frame Any bridges that the frame comes across in its travels add their local bridge and ring numbers to the RIF Eventually the frame either finds its target or dies on the vine IBM bridges support 8 rings and 7 bridges; IEEE 802.5 bridges support 14 bridges and 13 rings

all-Once one of the explorer frames finds the destination, it returns to its creator to announce its success If multiple frames return, the source device takes the route of the first frame to return, assuming this is the best path Think of it as a race in a maze; the first one to grab the cheese and get home first, wins

Ripping up a RIF

This will seem complicated, but once you understand how RIFs are defined, simple practice will drive home the necessary techniques

The first bit of the first byte of the source address is the Routing Information

Indicator (RII), which is exactly what it sounds like; it indicates that what follows is a RIF If this bit is a 1, the frame is a RIF; if the bit is a 0, it is not

Here are the component parts of the first 2 bytes of a RIF, called the RCF (Routing Control Field):

1 The first 3 bits define what kind of RIF is being examined:

• 0xx – single route frame

• 10x – all-routes explorer frame

• 11x – spanning explorer frame

2 The next 5 bits show the length of the RIF This indicates how many bytes of bridge/ring numbers follow

3 The next single bit shows direction:

• 0 – read from left-to-right

• 1 – read from right-to-left

4 The last 3 bits indicate the maximum frame length

5 The last four bits are not relevant They are reserved for future use

Here’s an example of a RIF: 0810.0011.0023.0040

Translating the first two bytes (0810) to binary gives us: 0000.1000.0001.0000

Rip it up to define:

Type RIF Length Direction Frame Length Not used

From this we know:

• The RIF type is: single route frame

• The RIF Length: 8 bytes (01000 binary = 8 decimal)

• Direction to read the RIF: right-to-left

• The maximum frame length: up to 512 bytes

The rest of the RIF is called the RDF (Route Descriptor Field) and reading it is easy The first three digits of each two-byte grouping are the ring number (in

hexadecimal) The last digit is the bridge number (again, in hex) A zero in the bridge number designation indicates that the destination ring has been reached Notice that since only four bits are used for the ring number, and zero is already taken, the only bridge numbers available are hex 1 through F (1 to 15 in decimal)

Looking at our example again (0810.0011.0023.0040), (remember that the 0x

indicates that the number that follows is in Hex) we find that the path is:

• Ring 0x1 to bridge 0x1

• Ring 0x2 to bridge 0x3

• Ring 0x4 to the destination

Taking another example: 0A10.0021.00B1.0101.0020

Translating the first two bytes (0A10) to binary gives us: 0000.1010.0001.0000

Rip it up to define:

Type RIF Length Direction Frame Length Not used

From this we know:

• The RIF type is: single-route

• The RIF Length: 10 bytes (01010 binary = 10 decimal)

• Direction to read the RIF: right-to-left

• The maximum frame length: up to 512 bytes

Following the rest of the RIF

• Ring 0x2 to bridge 0x1

• Ring 0xB to bridge 0x1

• Ring 0x10 to bridge 0x1

• Ring 0x2 to the destination

Tricky RIF (Common errors when reviewing RIFs)

The Apples-to-Oranges rule: If you see 0x before a number, remember that

what follows is a hexadecimal For example, what’s the difference between ring 0x14 and ring 14? Since decimal 14 is 0xE, they’re obviously not the same ring designation

The Nice-try rule: SRB only runs on Token Ring networks, so Ethernet devices

do not use RIFs If you are looking at a network diagram and see that one of the hosts is on an Ethernet segment, remember that RIFs are irrelevant

The Roadblock rule: In a DLSw environment the RIF is terminated at the DLSw

router (the definition of DLSw occurs later in this document)

Source-Route Transparent Bridging (SRT)

Since you now have an understanding of both TB and SRB, this next technique will come easy An SRT bridge looks at each frame to see if it finds a RIF (looking for the RII) If there’s an RII, the frame is processed like SRB; if not, like TB Some

devices, such as Windows 95 workstations do not support RIFs SRT allows them to communicate through bridges between LAN segments This all takes place on Token Ring devices The next technique will address Ethernet translations

Source-Route Translational Bridging (SR/TLB)

This Cisco proprietary bridging technique allows bridging to take place between Ethernet domains and Token Ring domains Ethernet frames are not capable of supporting RIFs This bridging method, when enabled on Cisco routers, handles the

conversion from Ethernet frames to Token Ring frames (bit ordering); adjusts the MTU sizes (default for Token Ring is 4,464 bytes, Ethernet 1.500 bytes); and adds and removes RIFs, as necessary To the Token Ring devices the Ethernet segment

looks like an SRB domain using a pseudo ring

Remote-Source Route Bridging (RSRB)

An advanced bridging technique that allows legacy protocols, predominantly SNA, to communicate over large bridged environments using IP tunnels as a transport

mechanism

Frames from Token Ring networks are encapsulated and sent over the IP network The methods of encapsulation are:

• Direct Encapsulation – This method uses HDLC (High-Level Data Link Control)

and adds little overhead, but lacks reliability This is usually used over a single network connection between two routers attached to Token Ring

networks

• Fast-Sequenced Transport (FST) – This method uses IP encapsulation, which

adds some overhead, but is still connectionless

• Transport Control Protocol (TCP) – This method uses TCP connection, which

adds significant overhead, but ensures reliable transport

The IP network being traversed is considered one hop, using the concept of a virtual

ring Though RIFs pass through the network, they are calculated as if the entire IP

network is one hop using this concept, and all acknowledgements are local,

conserving valuable WAN bandwidth

Ethernet networks can be traversed as long as the local router is running SR/TLB

Data-Link Switching Plus (DLSw+)

DLSw was developed as an advanced tool for the transport of SNA and other routable protocols over IP backbones DLSw+ is Cisco’s enhanced version of DLSw, and provides additional functionality over previous versions DLSw+ has more

non-options and greater functionality then RSRB

The methods of encapsulation include:

• Direct Encapsulation – This method uses HDLC (High-Level Data Link Control)

and adds little overhead, but lacks reliability This is usually used over a single network connection between two routers attached to Token Ring

networks (Same as RSRB)

• Fast-Sequenced Transport (FTS) – This method uses IP encapsulation, which

adds some overhead, but is still connectionless (Same as RSRB)

• Transport Control Protocol (TCP) – This method uses TCP connection, which

adds significant overhead, but ensures reliable transport (Same as RSRB)

• Frame Relay

RIFs are generally terminated at the DLSw router DLSw+ can support Ethernet without SR/TLB being loaded

Additional tools available with DLSw+ include: Dynamic peers, peers on demand, backup peers and the ability to load balance connections

Encapsulated Bridging

Used to bridge over an IP Backbone or FDDI Backbone

IRB (Integrated Routing and Bridging)

A BVI (Bridged Virtual Interface) is created that acts as a member of a bridge-group

to allow traffic to be routed The BVI number must match the bridge-group number

CRB (Concurrent Routing and Bridging)

Concurrent routing of one group of interfaces, while bridging another

LAN Switching

All nodes on an Ethernet network can transmit at the same time, so the more nodes you have the greater the possibility of collisions happening, which can slow the network down

LAN Segmentation: breaking up the collision domains by decreasing the number of

workstations per segment

Switching – examines MAC address Works like a massive multiport bridge Switching

types:

• Store-and-Forward – copies entire frame into buffer, checks for CRC errors

Higher latency Used by Catalyst 5000 switches

• Cut-Through – reads only the destination address into buffer, and forwards

immediately Low latency

Spanning Tree and Root Bridge

Developed to prevent routing loops The STA (Spanning-Tree Algorithm) is used by the STP (Spanning Tree Protocol) to calculate a loop-free network topology

• There is one root bridge for Ethernet and switching environments

• There is one root bridge per VLAN, with 1 for all VLANs

• Route bridge calculation is determined by lowest MAC address

VLAN (Virtual LAN)

Broadcast domains defined on Cisco switches Since each VLAN is a separate

domain, routing must be enabled between them if data is to be passed If multiple VLANs exist on a switch, a trunk can be setup on a Fast or Gigabit Ethernet port to pass the separated data between network devices A trunk passes data from device

to device; it does not route data between VLANs Trunking encapsulations include:

• ISL – Used with Ethernet, and is Cisco Proprietary

• 802.1Q – Used with Ethernet and is IEEE standard

VTP (VLAN Transport Protocol)

VLANs definitions can span switches VTP is the method for communicating these definitions Switches can be defined as:

• Server – Listens to, stores and broadcasts VLAN configurations Can create

and delete VLANs

• Client – Listens to configurations Can assign ports to participating VLANs

• Transparent – Forwards VTP traffic, but doesn’t participate in the VLANs

CDP (Cisco Discovery Protocol)

A proprietary Data Link layer protocol used between Cisco devices to pass

information about local conditions CDP uses a data-link, multicast address with no protocol ID or network layer field, and cannot be filtered

The only way to prevent their being passed is to configure “no cdp enable” on those interfaces on which you do not want to run CDP You can configure a MAC-layer filter

to deny a multicast address as an alternative method to block these packets

Internet Protocol (IP)

IP is a layer-3 routed protocol that provides addressing, fragmentation and

reassembly The minimum and maximum packet headers are 20 and 24 bytes, respectively

An IP address is 32 bits long, and the network and host sections are defined by the subnet mast associate with the address

An IP address can be bound to a host name on a router using the “ip host” command Example: Router(config)# ip host my-example 10.10.10.1 10.10.10.2 – binds name

DHCP (Dynamic Host Configuration Protocol)

To get away from statically configuring workstations addresses (which is a royal pain

in the tuchis), a DHCP server can be configured which will allocate addresses

dynamically

To configure a router to pass bootp packets (DHCP requests) you can use the “ip helper-address x.x.x.x” command

NAT (Network Address Translation)

Used to translate one set of IP network numbers to another The primary use for NATing is to translate external valid IP addresses to internal private addresses when connecting a network to the Internet It can also be used to temporarily merge two networks that have different addressing schemes

Access Lists

Used to permit or deny traffic based on the source network/subnet/host address Things to know:

• The wildcard mask, which looks like a reversed subnet mask, defines which bits of the address are used for the access list decision-making process

• Lists are processed top-down In other words, the first matching rule

preempts further processing

• Only one access list is allowed per port/per direction/per protocol

• Remember that there is an implicit deny at the end of all access lists

• The last configured line should always be a permit statement

• Standard lists will most likely be placed close to the destination

• Extended lists will most likely be placed close to the source

• If the access-group command is configured on an interface and there is no

corresponding access-list created, the command will be executed and permit all traffic in and out

• An Access Class limits VTY (telnet) access

• A Distribution List filters incoming or outgoing routing updates

Access Lists Numbers

HSRP (Hot Standby Routing Protocol)

Provides a means of having two default gateways to protect against an equipment failure locking out a group of users from the wider internetwork

The default priority for each router is 100, but can be change to give one priority as the most likely default gateway (if say, one unit were faster than another)

IP Routing Protocols

Methods for avoiding routing loops

Holddowns – Learned routes are held incommunicado for a period of time to

prevent updates advertising networks that are misbehaving

Triggered updates – Configuring routing updates to occur after a triggering

event, such as a topology change This allows quicker convergence

Split horizon – If a router has received a route advertisement from another

router, it will not re-advertise it back to the sending router Think of this as a

sphincter - things are not sent back to where they came from (gross, but you won’t forget it, and that’s the point)

Poison reverse – Similar to split horizon, but instead of ignoring the update, the

route is advertised back to the originating interface as a poisoned reverse update The originating router gets its own route back, but with the time-to-live field

exceeded, so the route is removed from the table When the routers re-converge, the holddown timers have expired This helps to more quickly clear bad routes from the list being passed back and forth between the routers

RIP requires neither an AS or Process ID number

Example: Router(config)# router rip

Configuring a default route in RIP:

Example: Router(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1

OSPF (Open Shortest Path First)

OSPF Areas Types:

• Backbone (transit area) - Always labeled area “0”, it accepts all LSAs and is

used to connect multiple areas All other areas must connect to this area in order to exchange and route information When interconnecting multiple areas, the backbone area is the central entity to which all other areas must connect

• Standard - Accepts internal and external LSAs and also summary information

• Stub - Refers to an area that does not accept Type-5 LSAs to learn of external

ASs If routers need to route to networks outside the autonomous system, they use a default route (0.0.0.0)

• Totally Stub - Further reduces routing tables by blocking external Type-5 LSAs and summary (Type-3-and-4) LSAs Intra-area routes and the default of 0.0.0.0 are the only routes known to this area Cisco proprietary

• Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in

the same area They have identical link-state databases and run single copies

of the routing algorithm

• Backbone Routers (LSA Type 1 or 2) – Routers that have at least one

interface connected to area 0

• Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached

to multiple areas They maintain separate link-state databases for each area