====== 1.0 Network Fundamentals (20%) ====== 1.1 Explain the role and function of network components \\ \\ 1.1.a Routers \\ 1.1.b L2 and L3 switches \\ 1.1.c Next-generation firewalls and IPS \\ 1.1.d Access points \\ 1.1.e Controllers (Cisco DNA Center and WLC) \\ 1.1.f Endpoints \\ 1.1.g Servers \\ \\ 1.2 Describe characteristics of network topology architectures \\ 1.2.a 2 tier \\ 1.2.b 3 tier \\ 1.2.c Spine-leaf \\ 1.2.d WAN \\ 1.2.e Small office/home office (SOHO) \\ 1.2.f On-premises and cloud \\ \\ 1.3 Compare physical interface and cabling types \\ 1.3.a Single-mode fiber, multimode fiber, copper \\ 1.3.b Connections (Ethernet shared media and point-to-point) \\ 1.3.c Concepts of PoE \\ \\ 1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed) \\ \\ 1.5 Compare TCP to UDP \\ \\ 1.6 Configure and verify IPv4 addressing and subnetting \\ \\ 1.7 Describe the need for private IPv4 addressing \\ \\ 1.8 Configure and verify IPv6 addressing and prefix \\ \\ 1.9 Compare IPv6 address types \\ 1.9.a Global unicast \\ 1.9.b Unique local \\ 1.9.c Link local \\ 1.9.d Anycast \\ 1.9.e Multicast \\ 1.9.f Modified EUI 64 \\ \\ 1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux) \\ \\ 1.11 Describe wireless principles \\ 1.11.a Nonoverlapping Wi-Fi channels \\ 1.11.b SSID \\ 1.11.c RF \\ 1.11.d Encryption \\ \\ 1.12 Explain virtualization fundamentals (virtual machines) \\ \\ 1.13 Describe switching concepts \\ 1.13.a MAC learning and aging \\ 1.13.b Frame switching \\ 1.13.c Frame flooding \\ 1.13.d MAC address table \\ ====== Network Topology Architectures ====== As a general rule, there is no typical computer network that fits all situations. Networks will be adapted for the place and purpose it is for. There are some general fundamentals that all networks have: * Star topology - All devices in a network connect to one central node (like a router or switch or wireless AP) * Partial mesh - some devices connect to each other, but not all * Full mesh - all devices connect to each other Three-tier and Two-tier LAN designs and Spine-Leaf will be tested on the CCNA. These designs combine elements of Star, Partial mesh and full mesh. ===== Campus LAN Design ===== Traditional campus network design involves splitting up a network into different "tiers" or layers.\\ * Access Layer - provides access to end user devices (typically made of L2 switches) * Distribution Layer - aggregates the access layer * Core layer - fast forwarding of traffic for the Distribution layer. Ideally don't have ACLs or QoS, just fast traffic. {{:cisco:three-tier-01fig06_alt.jpg?400|}}\\ //https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=4// \\ The three-tier design has all 3 of the hierarchical layers.\\ \\ {{:cisco:two-tier-01fig08_alt.jpg?400|}}\\ //https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=4// \\ The two-tier "collapses" the core and distribution layers into one for smaller networks. ===== Spine-Leaf LAN Design (aka Clos Architecture) ===== The traditional campus LAN design is intended for networks where there is "North-South" traffic, that meaning traffic going from the access layers to the core layers.\\ For a data center where traffic may be going from server to server, having to send data North-South begins to be inefficient as you may have to go through a core layer. Data centers may have more East-West traffic.\\ Spine-Leaf design is better for Data Centers.\\ Each spine connects to every leaf and each leaf connects to every spine.\\ Spines do not connect to each other. Leaves do not connect to each other.\\ Traffic can easily flow east-west as at most it will only require 3 hops to reach a device on another leaf. It is also more readily scalable as to make this bigger you only need to add on more spine and leaf switches. \\ {{:cisco:spine-leaf-16fig10_alt.jpg?400|}}\\ https://www.ciscopress.com/articles/article.asp?p=2995354&seqNum=3 ===== Further resources ===== {{youtube>PvyEcLhmNBk?medium}} ====== Basic commands ====== ===== Basic commands to get you started ===== show version show running-config ! requires Enable mode show interfaces show logging show tech-support ===== Set up IP address on router interface ===== ! enter 'Enable' mode R2>enable ! show interfaces R2#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down ! enter config mode R2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. ! specify interface port FastEthernet 0/0 R2(config)#interface fastethernet 0/0 ! assign ip address and activate port R2(config-if)#ip address 10.0.0.2 255.255.255.0 R2(config-if)#no shutdown \\ R2(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up \\ %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up ! specify another ethernet interface to configure, assign IP, activate port, come out of configure and privileged exec mode and check interfaces R2(config-if)#interface fastethernet 0/1 R2(config-if)#ip address 10.1.0.2 255.255.255.0 R2(config-if)#no shutdown ! R2(config-if)# %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up ! R2(config-if)#exit R2(config)#exit R2# %SYS-5-CONFIG_I: Configured from console by console ! R2#disable R2>show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.0.0.2 YES manual up up FastEthernet0/1 10.1.0.2 YES manual up down FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down ===== Routes (IGPs, RIP etc) ===== show ip route ===== Commands reference ===== {{:cisco:iostree.png?600|}} https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/02_cisco_ios_hierarchy.htm \\ https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/07_basic_commands_tasks.htm \\ https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/mod_frameset.htm \\ \\ Using ROM Monitor (rommon) https://www.cisco.com/c/en/us/td/docs/routers/access/1900/software/configuration/guide/Software_Configuration/appendixCrommon.html \\ \\ https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/configuration/15mt/fundamentals-15-mt-book.html\\ https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/configuration/15-s/fundamentals-15-s-book.pdf \\ https://packetpushers.net/raspberry-pi-cisco-configuration-device/ \\ ==== Keyboard Shortcuts ==== * https://etherealmind.com/cisco-ios-cli-shortcuts/ | Ctrl+Shift+6 | Abort (if you spelled command wrong and IOS is looking for a DNS name it won't find) | ====== Subnetting ====== In the Cisco CCNA exam you will be asked various types of questions on subnetting: * What is Network ID, Broadcast ID and number of usable hosts on a subnet with the following IP address X.X.X.X/[prefix] e.g. 8.8.8.8/8 * Subnet the following range X.X.X.X/[prefix] to give you X number of subnets * Cisco may ask you specifically not to use Subnet Zero * A trick to watch out for, you might be tested on blocks of 16, /28 or 255.255.255.240, because apparently Cisco realised people can't count in 16's very well Given a range of IP addresses, these can be subdivided to give you additional but smaller ranges of addresses, hence a subdivided network, or subnet. Subdividing or subnetting is needed to make more efficient use of limited IPv4 address space. ===== The old Classful addresses ===== Historically, entire classes of address space ranges used to be given out by IANA [[https://www.iana.org/numbers|link]]. For instance if an organisation had 300 hosts, a Class C that supports 254 hosts would not be suitable, so a Class B would be assigned instead. However a Class B (using 16 bits for the network address and the final 16 bits for the host address) supports 65,534 hosts, which means thousands of wasted IP address. This did not matter until the growth of the internet accelerated and it was realised that the addresses would run out soon. \\ Classless Inter-domain Routing (CIDR) was introduced to allow further breaking-up of ranges. ^Class A ^ Subnet mask ^ Cidr ^ Whole Range ^ Private Range ^ No. of Networks ^ No. of hosts ^ |Very large networks |255.0.0.0 |/8 |1.0.0.0 to 126.255.255.255 |10.0.0.0 to 10.255.255.255 |126 | 16,777,214 | ^Class A Reserved - Loopback ^ ^ ^ ^ ^ ^ ^ |Used for network diagnostics, not publicly routable |255.0.0.0 |/8 | 127.0.0.1 to 127.255.255.255 | ^Class B ^ ^ ^ ^ ^ ^ ^ |Medium to large sized networks |255.255.0.0 |/16 |128.0.0.0 to 191.255.255.255 |172.16.0.0 to 172.31.255.255 | 16,384 | 65,534 | ^Class C ^ ^ ^ ^ ^ ^ ^ |Small networks |255.255.255.0 |/24 |192.0.0.0 to 223.255.255.255 |192.168.0.0 to 192.168.255.255 |2,097,152 |254 | ^Class D ^ ^ ^ ^ ^ ^ ^ |Multicast - not for assigning to hosts | | | 224.0.0.0 to 239.255.255 | | ^Class E ^ ^ ^ ^ ^ ^ ^ |Experimental and future applications | | | 240.0.0.0 to 255.255.255.255 | | ^Class E Reserved - "This network" ^ ^ ^ ^ ^ ^ ^ |Broadcast address for "every host on my subnet" | | | 255.255.255.255 | | ===== How to subnet ===== (this is gonna take a while...!)\\ With subnetting if you haven't done it in a while, you need to practice it regularly. It's a bit like keeping fit, you kinda have to keep doing it.\\ \\ Subnetting is the process of taking an existing subnet of IP addressses and further subdividing these to give you more subnets. \\ \\ An IP address is actually made up of 2 parts, a **Network Address** and a **Host Address** (sometimes known as **Network ID** and **Host ID**).\\ A **Subnet Mask** comes with all IP addresses to tell you what half of the address is the Network address half and the Host address half. \\ It's a 32 bit number matching the length of the IP address itself. It is usually expressed in the form of a dotted decimal.\\ e.g. 192.168.0.1 255.255.255.0\\ Because the bits in a subnet mask must strictly be turned on from the most significant bit (highest value bit) on the left first going right, the byte in a subnet mask can only be from 9 possible values: * No bits (00000000) * Any bytes containing one bit from 10000000, 11000000, 11100000 etc to 11111111 (8 combinations) * You can't have bytes where 1's and 0's are all mixed up, e.g. 10101010 This arrangement of bytes give you 9 possible combinations which makes it only possible to show a subnet mask in dotted decimal with the following decimal numbers: ^Bits ^Mask ^Decimal ^ |0 |00000000 |0 | |1 |10000000 |128 | |2 |11000000 |192 (128+64)| |3 |11100000 |224 (128+64+32)| |4 |11110000 |240 (128+64+32+16)| |5 |11111000 |248 (128+64+32+16+8)| |6 |11111100 |252 (128+64+32+16+8+4)| |7 |11111110 |254 (128+64+32+16+8+4+2)| |8 |11111111 |255 (128+64+32+16+8+4+2+1)| If you have any other numbers in your subnet mask, it's wrong! It's impossible to have a byte in a subnet mask 00110011. You can't have zeros as the most significant bit (unless it's all zeros) and you can't have zeros inbetween 1's. In other words no skipping allowed. \\ If you're subnetting in the 4th octet, you can only use 6 subnet masks (.128, .192, .224, .240, .248 and .252) \\ Subnetting using 255.255.255.254 would give you 7 bits for the network address and 1 bit for host address, with the 1 bit giving you 2 possible combinations (xxxxxxx0 and xxxxxxx1), but you need to leave 2 addresses for your network address and the broadcast address. You've nothing left for hosts.\\ Subnetting with 255.255.255.255 is not possible because you have no bits for host addresses. \\ \\ Effectively the subnet mask gives you this "partition" you can move around to give you more subnets at the expense of having less hosts per subnet.\\ Take for example the IP address 192.168.1.0 with subnet mask 255.255.255.0 If we turn this into binary we get: 192 . 168 . 1 . 0 11000000 . 10101000 . 00000001 . 00000000 255 . 255 . 255 . 0 11111111 . 11111111 . 11111111 . 00000000 The 1's in the subnet mask represent the Network address (or Network ID). In other words, what bits in the IP address to use as the network address. In the example the first 24 bits (the 3 sets of 1's in the subnet mask) are considered the network address, or 11000000.10101000.00000001.X, or 192.168.1.X in decimal. \\ \\ The zeros in the subnet mask represent what bits you can use for the hosts, which is 8 bits. This gives you a block of 00000000 to 11111111 (0-255). To illustrate further I've highlighted the network address and host address sections below: [------- NETWORK ADDRESS------] [-HOST-] 192 . 168 . 1 . 0 11000000 . 10101000 . 00000001 . 00000000 255 . 255 . 255 . 0 11111111 . 11111111 . 11111111 . 00000000 If we had a different subnet mask, say 255.255.0.0, this changes the purpose of the bits [ NETWORK ADDRESS ] [ HOST ADDRESS ---] 10 . 0 . 1 . 0 00001010 . 00000000 . 00000001 . 00000000 255 . 255 . 0 . 0 11111111 . 11111111 . 00000000 . 00000000 \\ Going back to 255.255.255.0 as the example, what you can do to subnet this is to "borrow" some of these to create more subnets.\\ For example you could do change the subnet mask to 255.255.255.240 like this: 192 . 168 . 1 | 0 11000000 . 10101000 . 00000001 | oooo0000 255 . 255 . 255 | 240 11111111 . 11111111 . 11111111 | 11110000 Now you have "borrowed" the first 4 bits in the 4th octet to use for extra subnets.\\ Borrowing 4 bits would give you 2^4 number of subnets, 16 subnets in this case. \\ You have 4 remaining host bits to use for hosts, so 2^4 host addresses per subnet. You'd get blocks of 16 address, but remember to subtract 2 addresses because you will need a Network address and a broadcast address in each block, so 14 usable addresses for hosts in each block. Original subnet with new subnetted mask: 192 . 168 . 1 . 0 11000000 . 10101000 . 00000001 . [oooo]0000 255 . 255 . 255 . 240 11111111 . 11111111 . 11111111 . [1111]0000 [] show the "borrowed bits" 11000000 . 10101000 . 00000001 . oooo|0000 192.168.1.0 11000000 . 10101000 . 00000001 . ooo1|0000 192.168.1.16 11000000 . 10101000 . 00000001 . oo1o|0000 192.168.1.32 11000000 . 10101000 . 00000001 . oo11|0000 192.168.1.48 11000000 . 10101000 . 00000001 . o1oo|0000 192.168.1.64 11000000 . 10101000 . 00000001 . o1o1|0000 192.168.1.80 11000000 . 10101000 . 00000001 . o11o|0000 192.168.1.96 11000000 . 10101000 . 00000001 . o111|0000 192.168.1.112 11000000 . 10101000 . 00000001 . 1ooo|0000 192.168.1.128 11000000 . 10101000 . 00000001 . 1oo1|0000 192.168.1.144 11000000 . 10101000 . 00000001 . 1o1o|0000 192.168.1.160 11000000 . 10101000 . 00000001 . 1o11|0000 192.168.1.176 11000000 . 10101000 . 00000001 . 11oo|0000 192.168.1.192 11000000 . 10101000 . 00000001 . 11o1|0000 192.168.1.208 11000000 . 10101000 . 00000001 . 111o|0000 192.168.1.224 11000000 . 10101000 . 00000001 . 1111|0000 192.168.1.240 You can use more borrowed bits or less depending on how many subnets you need. ===== Subnetting in the 4th Octet ===== You can subnet Class A, Class B and Class C addresses in the 4th octet.\\ You'll need to decide how many subnets you will need. If say you need 6 subnets, you will need to "borrow" at least 3 bits from the host portion of the IP address to give you a possible 8 subnets. You'll use the 6 subnets and have 2 left over either unused or for future network expansion. You obviously couldn't just use 2 bits as this would only give you 4 subnets to create, not enough for your requirement of 6. ===== Subnetting In Your Head ===== This is from Todd Lammle from his book. When doing subnetting, is to ask 5 questions: * How many subnets does the chosen mask produce? * How many valid hosts per subnet are available? * What are the valid subnets? * What is the broadcast address for each subnet? * What are the valid hosts for each subnet? ===== VLSM Variable Length Subnet Masking ===== (work in progress!) ===== CIDR - Classless Interdomain Routing ===== ===== Wildcard Masks ===== Wildcard masks are the inverse of a subnet mask. In Cisco IOS, they are used in a few different places. OSPF configuration and ACL configuration. ^ Subnet mask ^ Wildcard mask ^ ^ | 255.255.255.255 | 0.0.0.0 | one specific host | | 255.255.255.252 | 0.0.0.3 | | | 255.255.255.0 | 0.0.0.255 | | ===== Subnetting resources ===== * http://subnettingquestions.com * http://subnetting.org * https://subnetipv4.com/ * http://jodies.de/ipcalc?host=172.16.92.10&mask1=21&mask2= {{:cisco:ipv4cidrchart_2015.jpg?600|}}\\ \\ Finally understand subnetting https://www.reddit.com/r/ccna/comments/ju7un7/i_finally_understand_ipv4_subnetting/\\ Cisco - IP Addressing and Subnetting for New Users https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html \\ https://support.microsoft.com/en-gb/help/164015/understanding-tcp-ip-addressing-and-subnetting-basics \\ https://blogs.oracle.com/pshuff/subnets\\ Subnet Zero (Cisco's interpretation) - https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13711-40.html\\ https://www.ripe.net/about-us/press-centre/understanding-ip-addressing \\ https://www.keycdn.com/support/what-is-cidr\\ https://ipcisco.com/lesson/ip-subnetting-and-subnetting-examples/ ====== References ====== https://learningnetwork.cisco.com/s/ccna-exam-topics