Cisco CCNA Primer - Videos and Labs [Full 6+ Hour Course]

Welcome to the

ccna

manual. This is for anyone considering taking the

ccna

or even if you've started and wondered what you've gotten yourself into. What is the ccna? All of this will be basic. Hello, it's a guest order, my name is Paul Browning, this is me holding some of the books I wrote for various IT exams and there are a few more, in fact there are many, there are a few more on the shelf, just down here , But we. I'll talk about that later. I actually worked in the police in the UK for 12 years and then I got tired of it and decided to make a career out of it, so I moved to it in 2000 and it was actually a terrible time because that date can Te sounds familiar, if you've been around long enough, that's when the it.com bubble burst.

It was very unfortunate for me but I managed to get a job working at Cisco Attack or for Cisco Attack in 2002 and then again I was unlucky and everyone fired me but I started my own IT consulting company and then I planned to install, configure routers and Cisco switches around the same time I started teaching, I was doing all the in-person

course

s and wrote a study guide that later became an Amazon best-selling book. for the ccna which is in its 6th edition actually this is here so this is where my pen is yeah this is the day of the simplified cc currently in its 6th edition so it's now on amazon on systems Cisco, if you haven't heard of them.

It's another IT hardware and software company that they've been working on for quite some time, in fact they designed IT networking equipment manufacturing for cells which they started in 1984 and we think Cisco comes from the word San Fran

cisco

and they just took the last part of the word. They are a major force in the market and IT teams, obviously there are some competitors, but they are still a major player, there are a lot of things they do, so I recommend going to their website, looking at their sales pages and the updates and your entire team, only you know what they do and who you're getting certified with and it's a quote from the Cisco marketing team and if you're interested, basically the ccna is there to upskill you in every changing landscape.

It will have a wide range, so this is good about um ccna, let's say for example, Linux generally speaking, it will support small and medium-sized businesses and it focuses only on Linux commands for Cisco. You need to know a lot. of different things, for example, wireless security procedures, TCP, subnets, some basic design and a lot of other things, and one of the new things that will come later is network automation and programmability, so the exam It is updated based on everyone's feedback. and the IT clients that Cisco works with so this day is easier you don't need to know anything first so I know that for some certifications like Linux lp ic2 they force you to take the first one even if you are already at that level and then. for all three you need to have passed both, which basically means you have to pass these other exams.

If you want you can take the

cisco

ccmp which is an advanced exam and I don't recommend you take it even if you know it. The things that the ccna would be good preparation for you. I just mentioned that because it has changed, you used to have to take the ccna. The first exams can be taken at a testing center or you can take them online. You can be seen as many times as you want. I can check the policy. I didn't look in detail, but first you had to wait. I think it was maybe two weeks between sessions and it may depend on what school you go to, but prove it for yourself as the quickest way to get information. for ccna it's cisco.com forward slash, forward ccna and that will reach all marketing materials, exam information and syllabus.

Now many people say that it is correct. I tell you, in my humble opinion, that ccna is not for absolute beginners if you are looking to get your first job, I recommend that you do the network plus first and then approach the ccna. I do not recommend that you take cisco cct. I think he is a certified cisco technician, no one has heard of him. I don't think it will get you any jobs and people don't even know what it means if you put it on your resume, so I recommend that you take the red plus first, which lays the foundation on which we always build our career in IT. a solid foundation and then we go up to specializations if you want so um network plus first and then ccna here is my recommendation again this is just my opinion now there used to be a lot of certifications here there used to be ccna wireless security collaboration a lot of things uh I can't remember the rest to be honest I think the data center now has the ccna which is basically routing and switching and some network automation cyber ops is obviously the security version and then devnet is your devops stuff so you can do any of these and then jump to the ccmp or like I said you can jump straight to the ccmp so right now there's only associated level one, two, three options, there's some overlap between these, I won.

Don't go into ccmp stuff because I just want to talk about ccna, so the exam code, keep in mind that you take 200 301. I'm only telling you because some friends booked cisco exams before and they showed up and took it. the wrong test now, interestingly, my friend was so smart that he passed the test he hadn't studied for, but most of us can't do that. Cisco will tell you on the ccna um page. You can do it in person, so he goes. to a testing center or you can do it online. I have never taken an online exam so just follow the procedures and the documentation you will need so I mentioned you need the aplus and this

course

will give you a secure foundation and then you can make your own decision on where you want to go from there.

There are many jobs available for network engineers, so go for it. This is a working service. I just looked at a plaque. I searched for ccna. I didn't limit it. to particular areas, but what you can do is a

full

-time, part-time contract and all these types of things that you can put in salary levels, you can put in

hour

ly rates whatever you want and network engineers, the typical type of job that arises and Again, this is just an example, so they are asking for ccna or ccnps. Well what the ccna did for me I mentioned before, I basically got the ccna and went into a helpdesk.

I actually only spent six months there because I continued studying. It was supposed to say 12 months but I got promoted so I got a job doing Cisco network support for the tac. I brought my own IT training company and then I ended up writing books and then I do what I'm doing now, which is running. In online training, I have tons of case studies on howtonetwork.com. If you go to the home page, only people who got their first job got promotions or pay raises for passing the ccna, so it definitely works on everyone. true, and there are some charts that I put up for some reason, so using your rating at the beginning you can search for the junior network.

I have people mentioning unpaid jobs and interns, don't do that, don't go for any unpaid jobs, even if to get some experience on your resume you should look for paid work so you can get back the time and effort you've put in and there are jobs paid, so look for some large companies that will hope

full

y mentor you and guide you into more advanced roles. Don't learn to sell yourself again like I said, don't work for free, avoid wiring jobs or anything that has nothing to do with using your skills. You can also work as a freelancer when I pass my ccna.

I was setting it up. This is the icon for routers, I was also setting up Cisco switches and you can definitely do that once you have your ccna approved for small businesses to get jobs. I have a course on how to get your first job in IT and how to network, but soon. You can network with friends, pass them your business cards, and have them pass them on to their bosses and colleagues and anyone who works for big companies. you can network on facebook, linkedin etc, ok, that's just a friendly introduction, see you around. In the next lesson, welcome to the lesson on ccna exam formats, we'll see what the exam actually looks like.

If you book it on Pearson View, I think they sometimes change your domain or you can get it through vue.com. but the easiest way is to just google, uh Pearsonview. You will need to set up an account that will follow you throughout the life of your exams. It will tell you what you have. You can send credentials to employers with a secure link. and find out when you need to recertify. The cost varies. It's about three hundred dollars to do the ccna and certainly in the United States check the policies with Pearson Vue. You should be able to cancel up to 48

hour

s before taking the exam if there are any problems.

Now I sent you the link before you basically need to download the Cisco CCNA syllabus. You can do it in PDF format. I do it and then transfer it to a spreadsheet. These are the main titles that you will be evaluated on. If you are interested that is the weight they give to these topics but you need to know them anyway so I wouldn't worry too much about that as they can change over time so check before taking the exam, print the pdf and you can take notes on it obviously this is really important and I see so many people who are completely wrong about this so you have to keep this in mind so this is the exam description from the Cisco website and the following topics They are general guidelines. for the content that will probably be included, but related topics may also appear, um, it can change at any time without notice, okay, you've already seen the syllabus with one minus two six, this is something that I definitely you could expect them to evaluate you and then we add other things because they've basically said we can ask you any question about anything now obviously it's going to be related things.

Now I'm not going to tell you what additional things they have included, but for The Frame Relay example it is not mentioned in the syllabus, but you could take a test on that and I say that because they include one in one of the elements of your syllabus too, for example, and I'm not saying you're getting this e-i-e-i-g-r-p and because they cover routing protocols, so what they're going to say is under the umbrella of what we have in the syllabus, this kind of stuff is you might ask, so all I can tell you is that I took the exam and I passed. but then I came back and actually had to add some extra parts to my ccna simplified and um ccna in 60 days book.

I'm not going to say anything more than that, but that's what I have to do, so be careful when people who go to the forums tell you that you don't need to study other things and I will do my best to help you in any way I can. without breaking any rules. If you go to the exam testing center, read before booking. The confirmation will tell you that you need to take two forms of ID, one with a photo, so it will be your passport or driver's license. Usually take confirmation of your reservation. Now you don't have to take this, but I actually showed up at the testing center once and they had no idea I was coming, something went wrong, but I actually printed out my confirmation with the date and time of my uh oh, the other useful thing you really need is your test id, sorry test id and if they forget it or there's a problem you'll have that with you so I was telling you anyway I spoke up they weren't expecting me to come but like I had my reservation confirmation, I tried it and booked it, so I had to wait an hour. but they downloaded the test and I was able to take it.

Please arrive at least 15 minutes early. The other thing is that this is just personal advice. Well, if you go to the bathroom, it still counts as your countdown, so I'll go. for more details in one minute you have 120 minutes for the exam you need all this time if you spend five minutes in the bathroom because you have had too much coffee or something else then obviously you are going to increase your chances of failing they gave you a small white board this is pretty bad actually they gave you an a4 size whiteboard maybe a tissue and a marker just now people's experience is more rigid but you weren't they didn't allow me a glass of water you definitely aren't allowed a calculator in any way like that that you need to do all the things in your head that you need to solve at the end of the exam on the screen you will have the pass or fail, it will tell you that you will also get your score, for example, 908 or whatever your score is out of a thousand, so you will be told your score, you will be given your score and obviously you will know if your pastor fails, now the certificate used to come. get a nice little card that says ccna now, um if you want that kind of stuff you have to pay for it considering the fact that you paid 300.

I think it's very unfair but I don't make the rules. You will receive approximately 102 questions. get more or less 120minutes to take the exam, you might get all the theory, don't assume you will because you remember what I just told you. Cisco said they can change any hours they used to have and say three times the

labs

where you configure routers and switches and that kind of stuff now, the new version of the exam, people haven't received this, but that doesn't mean you won't, so you must have lab time, the other thing is that the questions assume that you have configured these commands because it will ask you for the result to show any show interface or debug a series, any series interface, so you need to do the

labs

lab to answer questions you can't go back to, so there's no turning back. button you can't mark them, I think in Microsoft you can do it.

If some questions appear and look weird, just keep in mind that some are unmarked or just testing questions from a new question bank and some have different weights, so don't worry too much, some will get more points than others. , you'll never know what they are so don't worry, these are the kind of questions that get something nice and easy for you to answer the question and have this multiple choice about which part uses telnet and obviously one of these is correct. Often what I find is that you can often exclude if you don't if you can.

I don't remember, you can say well that's definitely not it because that's ftp, you remember it's tftp, you remember it's dns and you say you can't remember of these two what it is, at least you've significantly increased your chances of knowing which one. one of the two there is a multiple choice so they are examples of distance vector protocols so normally it will be two or more correct answers now how do they score this if you get hot well you probably won't get half a score but if you get one plus one or you just get one if you do it right you will never know so don't worry this is where there is more than one answer there is dragon fall so you will take whatever this answer is and drag it up what it thinks is the correct box and then it will drag the next one to the correct box and so on, it will fill in the blank to show the IP interface and there will be some output um here or possibly I don't think it's in the last exam, you have to write what the command is, I don't think that will happen, but I've seen it in the past, so a lot of the program is shown below and you take or you'll have to write simulations.

I've mentioned this before, they haven't been tested for the new exam, but this could be added at any time, so basically you'll have a topology that you click on, there will be a little image of a PC here and the PC will have a connection console to something and you'll click on it and start configuring devices. You could have access to all of them or just one or two. You have to configure what they tell you to configure. Take a test. example, um ping from here, but then make sure that ping doesn't work or you might issue a command show show ip root whatever, so a test let this have about five questions, it will have a diagram with several outputs, something like this and it will basically say "You know you're going to have these questions that you're going to have to answer as you go through a simulation, it's part of a simulation so it has very limited functionality, you have limited access to the devices and for example you ".

You'll have this device that has a console cable and you'll have display commands that you have to look at and then answer questions about where the traffic would go. I already mentioned that Cisco can add anything else to the exam. I won't get any notice again, just prepare well. The other thing is that I see a lot of people who pass or fail and go to a forum and say, "Oh, what's the answer to this question?" and they will ask a question that was on the exam so if cisco sees you doing that and you passed it they could strip you of your ccna or if you fail they can stop you from retaking them so don't post real questions they have copyrights too author, so that's all for now.

See you at the next presentation, so I wanted to cover how to prepare. I actually have a second lesson on this that looks at it from a different perspective, but it's in the works, it's so important that I just wanted to do it in two. different ways for the exams to be part theory, part practical, remember what I said before, you could have a practice or you could have questions basically based on a practice, so like I said, they show commands, uh, debugging if you haven't done a lot hands. In the labs, then you will fail the exam because they assume that you have, depending on how smart you are, how much free time you have, how much experience you have, it will be between two and six months of studying and I recommend two. hours per day now I know that sounds like a lot, but Nielsen ratings say that people watch more than five hours of television per day and you can guess that people are spending more than two hours surfing the web, so it is possible to adapt it.

On so few things you definitely need, you can actually study for free, you can just browse Wikipedia and the articles, but it would take forever to figure out the good, the bad and the old stuff, so get a study guide, obviously, because I'm putting this together. I have written two that I wrote, which is ccna made simple and cisco ccna in 60 days. They are two different books that are difficult for 60 days. Well, basically you will study every day. two days, that's slower, but they both have different content, anyway, it talks about the same things in a different way, so obviously there's Cisco Press and some of the guides available, um, on Kindle, look to spend between 10 and 60 dollars, I recommend you get. two, the main one, so I'll write it here because mine are here, the main one, which you use in 90 of your studies and then if something doesn't seem clear or you want a different perspective, you dive into the other book for reference, you should have a quiz engine so I know these are the ones that exist.

This is one of the questions on howtonetwork.com. I don't see a way for you to pass the exam without taking a ton of practice exams test your knowledge uh use it as a study tool you have to do this daily so if you're studying for 60 days and we get to day 55 and your exams here people start to take practice tests here well, I guarantee that no matter how much hard work you've done, you'll only get 50 percent, so this is where everyone starts to panic. Panic stations. No, this is what you do. You go up to day one and take the practice exams you have.

Two options, if you can find the exams based on chapter, for example, ccna simplified has one exam for each chapter, then do it; otherwise just take the exams, even if you haven't studied yet, don't just take an exam and then do your best to answer the questions, it doesn't matter, you should do this every day, come before you take the exam, you should be getting 95+ because in the exam you might be nervous and miss a mark or two so you need to do it. To get more than enough, you need to have access to Cisco equipment, which is why a home network on eBay sells racks like this.

Cisco simulators. I'm not sure who makes them now. I won't mention any names, but basically someone has coded their own version of it. of a router and a switch, but only limited commands so don't use them, an emulator emulates the Cisco environment and actually runs IOS, so it runs the software that runs on Cisco routers and switches. I think I mentioned remote racks later. You must have access to a lab book. I think mine was the first to be marketed. It's in version four. Now it could be one or two on Amazon. I think Cisco might have some kind of lab book, but I don't.

I looked at it or any of the others, so check it out. You must have a laboratory box. You get a lot of hands-on practice. Well, your study plan. So what I recommend you do is the syllabus is in pdf so this is a hassle. actually you get a pdf but then you basically cut and paste it into a spreadsheet to get your main header here and then each header has a subheader and inside of it you'll have from a b c d and etc. you will have subtopics for you to put in. All of this is included so you can see, you can plan what you want to study every day, so it will be days one, two, three, then you will do revision day, that's how I do it anyway , then days five to six and then a review day. and this is how you go, you study, every topic needs to be analyzed, so the packet sniffer, which I will come to later, has some access points, it has some servers, this is a theory, so you can't do the lab .

That's because it is a design concept and connections that you can definitely put together in your team when you finally master it, you will set the theme. I'll talk about that in more detail, in fact, in a little more detail, so you have the syllabus you have transferred it to an xls format, so I put mine in Google sheets and then you have two columns, one for your theoretical knowledge and another for your practices. Now some of this won't be applicable like I said if it's the osi model then you can just put a not applicable and what you do is rate it out of 10 so there's between 1 and 10 rubbish here and then expert is obviously not ccie level but expert for ccna and you have to continue working on these topics. until you get to nine at least, so keep working and you'll get to six seven eight nine and so on and so on and eventually you'll score, you'll get to nine or ten and then you'll stop studying that.

You can review it later and eventually you will have it right, eventually you will have no topics because you will have mastered everything well if you can find a post from a study partner on a forum or a Reddit group or something like that and find a study partner or someone local should Find someone highly motivated. There's nothing worse than trying to drag someone to the finish line who isn't interested. Okay, obviously there are zooms and skypes and that kind of stuff. Get an intensive guide. There is one free. With my books that you can download, I recommend that you write your own so that every day you add some notes to your guide, your main commands and show the outputs and port numbers, read them on an mp3 on your personal computer and then listen to them as you travel or do whatever you do, sorry, the last thing is that you have to be able to write the entire guide from memory before you take the exam, and this is what we do, so in theory you will read your book and watch. in your

videos

, you take some notes, you do labs, you set up the ios, you take some practice tests, so whatever you want to do, do a review and then go around and around again, this goes around and around again during such time 60 days to 90 days, so how do you apply this, let's say for example access list, read your theory book on access lists, make some notes, for example the syntax, write down what is the syntax for the access lists and then it connects to a router or two routers and you do some of the syntax so you can have a PC here on a PC here and what you want to do is have a ping going and then you want to write an access list that blocks a ping, so take your lessons from what Did you learn what broke again?

Take more notes and then take an access list exam. If you have access to one for that topic and then start from the top and work down over and over for each topic, you should have a date to work from. I recommend that you book the exam for the 60th or 90th day and remember that you can change the exam date if you give them enough notice, so that's all for now. See you in the next lesson building a ccna home lab, a really important part of preparing for your exam used to be that you could just read a book, maybe back in 1999 2000, it was all theory, which Cisco had no way to test your practical skills, however, this has now changed and at least 50 of your exam.

The marks will be related to some way of setting up the full labs or the simulation permissions or the testing permissions, the sort of practical stuff I mentioned earlier, so test your practical skills, your current options are gns3, which you can google with that term, remote rental. rack time, which is live Cisco equipment, build your own lab at home, which a lot of people do, or buy a router simulator or use a packet sniffer. A gns3 is a free network emulator, it's a program that will run, I think it works best on Linux to be honest. although just check the documentation yourself it is also resource intensive but basically you will run a router network environment but the only problem is you need to add your own Cisco iOS code so you need to legally get some kind of Cisco version iOS. which runs on routers now, it costs a few thousand dollars to buy, the other way to get it there are obviously illegal copies on the web, but I don't recommend it.

It is illegal andMany people hide viruses inside these compressed copies. Cisco IOS, so you have to be very careful. You can get a copy if you have a router. You can use Cisco IOS for home use. I'm sure you won't mind if you do as long as I don't share it. I have a virtual machine version of gns3 which is on howtonetwork.com. You can go there and download a free virtual machine that will run the gns3 program. You can rent remote time to rack, which is live Cisco equipment. Every hour Cisco systems have some kind of live rack, it's actually a virtual racket running from their servers, but it's real Cisco code.

If you go to howtonetwork.com the live rack has two racks it's actually free for our irony.com members they have a lot of racks they are a bit high level racks they are for cisco ccies nothing stopping you from using it obviously you will have to pay for This and it is much more equipment than you would need for the CCNA but it is another option, those are the CCIE rack rental companies that exist. There was one that used to do ccna and ccmp iraq, however it seems they have closed. There are people who give free access to their home Cisco equipment racks, as you can imagine, it was the new year. reserved, even if you build a rack for home, there are kits on eBay, so if you're really not sure what you want to buy, you just want to buy everything together, then there are companies that will put together Cisco ccna home labs for you that include the system operating, cables, power and all the equipment you need 2950 or preferably a model 2960 switch because this is what is tested on the ccna the 2960.

To be honest, most router modules will do the job you need at the less cisco ios. 12.2 or higher you are now tested on version 15 in the exam, but in reality that version does nothing or very little, from 12.2 onwards, there are some small things missing, but I don't think there is anything that will make or break your attempt review and consider purchasing a mini rack to hold equipment in. This is a frame that you can screw your routers and switches into. Now router simulator there used to be a few of these available. It is just a software that runs on your PC and is a simulated version of the code.

Somehow it allows you to configure some of the commands but it doesn't really work very well it doesn't use very limited cisco ios commands in my professional opinion it's not suitable for ccna there are some semsim companies that offer a writer simulator bosun.com also offers one for ccna and ccmp I really don't think it is suitable at all, to be honest Packet Tracer is a free program but it is only available for Cisco academy students so you need to go to a Cisco academy somewhere in your locality . You will get a login, username, and password to enter the cisco academy support website where you can download this software.

There are cloned copies. There are pirated copies circulating on the Internet if you search for packet sniffer. However, as I said before, that's obviously illegal, much like real equipment. It does 95% of everything you'll need your switches and routers to do, it doesn't act the same, but it does for ccna levels. I certainly don't think it's as good for ccmp or beyond, but it will get the job done and you can create pretty complex apologies just by dragging and dropping cisco router and switch icons. There are many other functions that it performs there. It's not the full Cisco IOS, as you'll see when you do some live labs that it doesn't have. all show commands and it doesn't do everything you need, but it does almost everything you need.

This is a type of topology that you will look for to do the ccna. It covers all your switching and hot standby routing protocols. Your switch security framework. relay mats absolutely everything, you can't get away with two switches, if you really want it you need three, preferably four routers, because you can have one in the middle as a frame relay switch, so there are the models a right and the type of equipment you need. You would be looking to get your hands on this is the topology of the live racks from howtonetwork.com, by the way, cards and cables, you need an access card, this is your wide area network card, you will need one.

I will cover this later in for labs you need a dte to dce cable which you can search for on ebay or if you buy a home rack all ready for you it will come with the necessary cables ethernet cables a console cable which is plugs into the port on your routers and switches you can configure them this is your wic one t card that inserts into your router you will often buy a router with one already installed but it just screws on just make sure the power is off when you screw it on this is the your console cable on the nivea was blue your dte to dce cable so you will plug your wic cards into two different routers this is the rack i mentioned earlier on ebay check ebay for ccna racks there are some really big ones o just some small ones.

Find out who actually makes the racks make sure you get all the brackets you need because you need a bracket to attach the switch router to the side of the rack and you also need the right size screws just keep in mind that the different types of um the router and Cisco switches have different size holes, to be honest it's a bit annoying, so you need different brackets and different screws. Also consider getting an access server. You can do a Google search for Cisco 2509 and 250 2511 access servers and there are some samples. settings, you will find that this allows you to connect to multiple devices without having to plug and unplug the console cable repeatedly because it is a bit annoying.

Well, that's the end of the conference. See you at the next. I wanted to talk about the preparation materials. I know I mentioned them briefly before, but I just wanted to give this a dedicated space, so this is the kind of thing you're looking for. Obviously, at the very least you need a study guide. I prefer to print it personally. I mentioned getting two before, so maybe you can do one in print and then if you get a deal for one on your Kindle that would be ideal, so it's non-negotiable, you should have a study guide.

I don't see how. I'm going to go without that lab access so this could be your own lab that you bought and the gns3 uh package tracker is pretty cool. I will help you read most of the exam lab book again, personally I think it is non-negotiable. I need to do a ton of labs obviously you can create your own and you have a lot of books and this book has about um it has about 45 labs so there are mini labs and then some big labs now

videos

obviously this is an option if you're the type of person that there are different types of learning, there's kinesthetic, which is auditory hands-on, which is probably less applicable and then visual, so if you're a visual learner and you prefer someone to show you how things are. done and then do it yourself then videos can be a good way to go the other thing is exams again this is another non negotiable that I mentioned earlier in the right study guides so you have to match the number of current exam that I mentioned at the beginning. what is the exam number, check to make sure it has a lot of comments, it should have labs and solutions.

I think I read it briefly, but I don't remember it. I don't think Cisco Press has labs, it may have some command snippets. but not for labs, but see for yourself, look for downloadable extras, so bonuses are the kind of things you're looking for, they're exams, a bonus video that shows you how to set up a lot of cool stuff, so make sure your book comes with that. and there are no hidden things like you have to pay and look for support on the forum if you can and obviously it will be written in an understandable way.

I'm not going to mention names because it will sound like sour grapes, but the truth is that some are written in a very difficult to digest way, so you have to do it. I think Amazon allows you to read the first five or ten percent of each book, so make sure you read it and understand what it means. They're saying okay, so get access to the lab. The home shelf will cost you around 200. You could get them off eBay. Note that you spend 200 and then when you're done you can sell it for 200 if you finish studying remotely. access to the rack there are different websites I know for example I'm pretty sure they still have it they have access to the rack online but the only problem is they are cci racks.

I don't think they have ccna racks. gns is free, but you need the code you need. an iOS code, obviously you can download it from various websites officially, Cisco will not give you a copy right. Packet Tracer is a free download, so do a Google search for Cisco Packet Tracer. Now it's free. It used to be for academy members only. It covers about 90 of what you need. I'm talking about iOS commands and functions, so you might be able to get over it, but I recommend using this to study hard and then back up with something that actually runs Cisco code.

The other ten percent of the lab guide time that I've mentioned should cover all the main syllabus topics and have solutions so you can look at what you've set up and see if you did it right and it should cover all the different elements of the syllabus. Okay, and like I said, version 4 of my books on Amazon, video training, sorry, that's not essential, it's good to have if you have the money and the good thing is that I used to teach face-to-face courses, but at the end. from the in-person course, everyone went home, they could still email me, but when you're watching the video, you can go back and watch it many times and then usually they have the forum, um, under the effect of here, it keeps losing my pen under the members menu there is also a forum so make sure you get a lot of benefits from any training videos you get and know this course is on udemy.

There's uh howtonetwork.com is my website that's twenty dollars a month. No, if they have any offers, it's 1999, pluralsight 49. I haven't actually checked, so check it out for yourself. CBT took it and CBT Nuggets was 99 a month. I'm not sure if that's pretty much it now, so take a look. are you on a budget uh get some used books on kindle oh sorry buy them on kindle buy a used print book or on ebay also students pass exams just like they do in college and then sell their books get some used lab books ​​sometimes you can find coupons for udemy and gns3 courses if you can't afford your own racks um if you have a little more money then buy the books with your lab guides get access to remote racks which might be free depending on the site web get some video training if you're just doing the ccna and I don't know why but if you're just doing the ccna you only need three months access or so anyway, if you have a little more money then obviously you do everything se they add other things in the training video and anything else you want the sky is the limit as they say what I don't recommend is buying too much so would you like it I said two books a lamb guide and a shelf for the home that I do not recommend. get multiple video training courses because you have to watch a three hour lecture on rip on that website and then a three hour lecture that tells you the exact same thing, probably on the other side and so on and like I said, some people buy five more books, it will take you from three months to, you know, six to nine months, so don't go overboard, just a very quick speech, if you have time, there is a coupon below in the description to get access for a dollar. at howtonetwork.com we have the ccna if you have to call if you click on the courses link we actually have 35 ccna ccmp complete courses that was done by a ccie called cci instructor I have an additional subnet on ipv6 training that is in the syllabus thousands and thousands of ccna exam questions.

I have a training program to motivate you and also lots of video labs with solutions. Oh, and sorry, live Cisco racks are available 24/7. If you go to the racks here, you'll see the racks, so it's just a quick presentation for my website. Thanks for listening, I'll see you at the next lesson after the ccna, so lots of options and lots of people. I found out that they take the ccna and pass the exam and convince themselves not to do anything with it and run off to take another certification. Now, obviously, it is a lifelong commitment to learn and qualify in new areas and improve current areas and recertify. but you know, just think about what you want to do with your career.

You can continue at Cisco. Move to another supplier certificate. Perform a specialization or move to the project management area. Obviously, there are other areas as well, like virtualization or whatever. Too manyto analyze them, but consider if you like studying Cisco. Did you find it fun or was it routine? If it's something you're not really enjoying, obviously consider what route you want to take if you want to pursue it. go down to technical or go to design or project management or technical project management What did you like? Do you feel it was worth the effort? It was one part in particular that he enjoyed the most.

Wireless technology is gone now but there is still some security. There is a reference to the voice, but. very little about the quality of the service, but think about what you enjoyed and make the most of all parts of the study program and then look for the support and design of the professional network that you could participate in, you could even dedicate yourself to project management, there are many qualifications that are linked to the technical aspect or not, if you have already had enough for technical sales when entering management, it is also quite easy to access the help desk with the ccna qualification and even as a trainer , I did not consider becoming such a trainer.

It happened by accident and I really found that I enjoyed it a lot, so the core network in Korea, if you just want to stay on the network then obviously you have ccna ccmp and ccie routing and switching, there are a bunch of other qualifications if I just want to be good in everything you know at a reasonable level. You can consider Microsoft Cisco virtualization projects under vendors and specializations. I don't cover them all here because there are too many, but start routing once you have a good foundation. I recommend doing ccna and ccmp, you can go to voice security wireless service provider data center and many other careers, so don't wait, I started talking about this at the beginning, don't wait 12 to 18 months to start.

Apply for a job, start applying right away and you'll start receiving feedback. Obviously, you're going to get some disappointments. Some people don't respond, but you should also get feedback and watch, and you'll get something positive. of qualification don't fall into wish list jobs, so if you ever go online or see a job ad, most of them are posted by HR people who don't understand how they work, so They include all possible providers and qualifications. goes and obviously that's not the case, you're not going to get any candidate who can do everything at an expert level, so don't sell yourself short.

Cisco says that when it passes the ccna it will be able to support a small to medium network, so it is not like that. You don't say it. Cisco said that you have reached that level of ability and have demonstrated it by passing the exam. Don't jump into another certificate directly. Take a couple of days off and think about what you want to do with your career and where you want to go with your qualifications and don't let them go to waste, so the suggested path is what I recommend. to the ccna, to the ccmp and then you can look to specialize, you don't have to do this ecie next because it's 18 months to two years or more of hard study, four or five hours a day, you can look to specialize from there because I built a foundation really solid.

Moonlighting at this is what I started doing. Consider freelancing as a supplement. Look at elance.com or guru.com to learn about the type of freelancing work available, and as long as it matches your skill set, look for weekend or evening jobs. I did both when I started running my IT consultancy while still working a full-time job. I also looked for teaching work if possible. There are many academies for Cisco and other vendors and universities looking for people who have passed. exams so I hope that gave you some ideas thanks for listening alright welcome to our lab connecting to our router that I mentioned in the video you need your console cable and the USB converter cable you will connect the console cable to your console. ports and the USB cable on your laptop or PC.

I recommend that you use PuTTY for your terminal program, which you can download from PuTTY.org and then however you can access it if you open device manager once you have plugged in your console cable and installed any drivers and then you should be able to go to the common ltp ports and see what port the driver is mapped to, what com port when you've done that, if you go to your PuTTY that you've installed you'll have a few different options. here we're not going to telnet into our login or ssh, so we're going to click on serial and we're just going to delete the number one and replace it with the number seven in my case, which is the one I was assigned, so there's no configuration. . this router and in fact the configuration was 0x 2142, what that means is that the router will boot up and ignore the configuration.

You must press the Enter key several times to ensure you receive a message. Make sure the router is turned on. I'm just going to go to my settings from the menu, just right click on the menu and go to appearance 10 points a little bit small for me so I like to bold and go to 14. You can also change the background colors if you want. you want and then We can have a better view of our screen here, so above the router, the biggest message that uses your mode appears. I've pressed question mark and you can see all the commands that have it available.

Enable the command we normally use in this message. I have the plus sign at the bottom and I just hit the space bar, which gave me access to the next set of commands or outputs on the screen, so I just hit show and then the question mark. If you use the question mark, you will get all the available commands you have 95 percent of all the available commands that you won't actually see now I was looking for show run or show start which you can't see because enable mode is a pretty restricted version instead from typing enable, I can type em, press question mark and it will complete the rest of the command for you or tell you what is available, so for e I have four commands, if I type en and then press tab, it will complete the command for me because there is only one command available that starts with the letters e and ends so I typed in to press Enter briefly and now I am in privileged mode and you can see that the greater arrow that has been replaced by the pound key now I have issued the show v and you can see that there are several commands available, now type show version which is the full command, but the router is quite smart and if there is only one command available and you have the first few letters available, then you can press Enter to display those letters. show version is a really useful command that shows your ios your exact flash image that you have installed on the router or change the last type of reload is right below and it tells me that I have a cryptographic image on this router k9 means it is secure image I press the space bar showing me the rest of the screen just scrolls to the next output how much dram have I installed how many fast ethernets my serial interfaces type of a vpn module how much dram sorry for the drone setup how much non-volatile ram and then how much flash memory I have installed, you can see the chassis serial number if you are ever asked if you need a Cisco support case or any configuration log you can see is 0x 2142, so always the router boots, will boot and ignore the startup configuration show ip interface brief is a very useful command that can shorten it show ipintsbury is a shortened version of that command and will tell you how many interfaces you have here if it is up or down and what the IP address is, it won't show you subnet mask or other information such as interface resets or errors, you can see that it is not assigned at this time, nothing has been configured on this router, which is why everything is blank, just issue a few show commands now show clock will show you the current clock settings on the router show and then mark space question mark many more show commands available in privileged mode because you have gone from the very basic user mode you can keep pressing the space bar obviously just scroll through all commands If you've had enough, just press the letter q and you'll exit scrolling and go back to where you were before you entered the show command.

I'm just going to show you a couple of different commands. show CPU processes sometimes they ask you to send it to Cisco if your router is dying and they may know what is taking up CPU processing time show memory space question mark I'll just take a look at the summary I'll play with these commands when it has logged into your own router show diags a troubleshooting command that you may be prompted to enter just tells you how many slots you have mac addresses what is the status of the slots and modules you have on your router i will just press q To get out of that again, I don't want to see all the different outputs.

Show history. Displays the last 10 commands that were entered. It is useful if someone else has been using the device. In fact, it can increase the buffer size. The history buffer. okay, show serial interfaces zero zero zero, take a look at your router in the ip interface summary to see what your available interfaces are. You can see the administratively low maximum traffic transmission units of mine, the bandwidth on the interface encapsulation type, also see the interface resets, the resets you indicate and it could be a problem dcd below means no There is carrier detection, it cannot detect a signal on the interface.

I don't actually have anything connected to this, so the show drivers command is very useful for the series it tells you. if there is a cable connected and what type of cable it is, dte dce cable, very useful for troubleshooting at home and in the real exam below I will add the configuration. Now configure the space terminal by hand or configuration space, safe for the short version. To be honest, there's really nothing to be gained by doing all the long commands, so now you can see we're in router configuration mode. This is where we can start doing our configuration commands.

I am going to change the hostname of the router from the router. to r1 and you can see that it has now dropped to r1 where it previously said router. I can type exit now and it will return me to a mode, so whatever mode you are in will take you to the previous mode. I can also hold down the button. control key and press set, that will take me back to privilege mode so I can go down one mode at a time with exit or all the way down. I typed the line space question mark and it showed me the different main line types available. the ones you will be interested in are vty and the console, vty for telnet sessions, terminal sessions, console is what I have my cable connected to.

I'm going to use the logging synchronous command which basically prevents any message information from being interrupted while I'm typing, it can be very annoying, so it will wait until I'm done typing to show me the informational message, like interface up interface down, things like that , it comes out, it lets me fall into a mode and then leaving it has left me in privileges again. You could have just held down control and zed dir flash and I use the tab key, press tab and it will finish the command for you and you can see what version of iOS I have actually installed on the flash, you can do it there and the files inside of the flash.

Next was the show run short for show running dash config show startup or show start shows you the startup configuration which I don't have any on this router and that's the end of the lab welcome thanks for looking at common network devices, so let's look at On a few different devices, obviously, there are hundreds, possibly even thousands, of different types of advisory devices that are available for you to add to your network. Some suppliers offer some really specialist equipment that most of us won't have heard of or own. It's no use and then obviously you have vendors like IBM, Hewlett Packard and Riverstone and many others that have a wide range of equipment and Juniper is another great company so we're not going to cover everything here but we're going to cover some equipment. very common use and, as we progress in the course, we will see specialized devices, for example, in security and notes.

We have some presentations on security, so routers work at layer 3 of the osi we will cover what the osi is in another presentation, so there will be some cross references between what you see now and it will make more sense as you go through the course, change layer 2 and above, so layer 3 is concerned with the network address and for tcp, this is the ip address which I'm sure you've heard of switches work at the layer 2 and above layer 2 addressing is your mac address, to be honest it is rarely used now because switches are very cheap hubs.

They work at layer 1, so you can really think of them as taking a signal froma network cable, they will push it if necessary and then they will pass it and they have no intelligence whatsoever. Now there are some Vizio icons if you use Microsoft Physio, which a lot of people do to create network diagrams and topology diagrams that show us what their network looks like. These are the three most common: a router, a switch, and a hub. Do a Google search for Cisco Vizio icons or PowerPoint icons if you like. create your own diagrams network terminology a domain is a specific part of the network bandwidth is the amount of data that a given link can carry in x milliseconds, which is abbreviated to msec unicast is data sent to a device a packet of multicast is data sent to a group of devices and a broadcast is data sent to all devices a collision domain simply means that all devices share the same bandwidth a broadcast domain is devices that receive the same broadcast message and In fact, we can divide the devices into different broadcast domains with a router which I will cover later, the classic layer one device is a network interface card that is inserted into our servers or into our PC, this connects us to the grid.

You can see that most are standardized for RJ45 connections, which is the connector you see on the right. On the side many are built into the motherboard, so if they break for any reason you can't take them out and swap them, you'll probably have to put in another card. They have been burned into Mac addresses, as you can see to the left of the motherboard. Port The RJ45 port is an old port called a BNC connector which, to be honest, is rarely used nowadays, so the picture is probably a bit old. a wireless network card can have an internal or sternal antenna that can be integrated or dedicated Same as the nik we saw earlier, layer one hub, this is a picture of a Netgear hub, basically it just allows you to connect your servers, your PC , a router or even a switch to the ports and all devices share the same bandwidth, without intelligence.

Anyway, there is no built-in circuitry here to allow storage of which devices are connected where there are no tables, so every time a device connects to one and wants to output to a device connected to port number seven, all the Other devices connect to all other ports. You will also receive a copy of the frame, so this is an example of four devices connected to one hub um. You can see that a packet left PC one and the recipient is PC3; however, computers two and four have to receive the frame in the network process. Look in it to see if it is the intended recipient and then throw it away so you can see that it is not very efficient at all Mac addresses.

They are physical and are known as hardwired and biased addresses, so they use 48-bit addresses. a hexadecimal numbering system 16 hexadecimal bits now an address is actually divided into 48 bits binary bits the first 24 bits are the unique identification of the organization so this is what is given to the manufacturer its number the second 24 bits are unique, they have to be unique because every mac address on the network, in fact across the entire Internet must be unique layer 2 switches, they send frames to the relevant device, it's just that they are known for splitting your local area network into smaller versions.

In small local area networks, each port on a switch is now known as a collision domain, what that means is that if there is a collision on the cable, for any reason, that collided frame will not go beyond the port it goes to. the device is connected on a hook if there is a collision with frames on the cable, every device on the network receives the collision, can handle multiple streams or conversations across the network and is intelligent, has integrated circuits or at least software that allows them allows you to build a map of which mac address is connected to which port, so fill in the mac address table that you can see on the left pc1 which has all the mac addresses of a is trying to find uh send to is sending a packet through the switch your recipient is pc3 when pc3 responds the switch create a table of which device and mac address all a and all c are connected to and this will continue until the switch has created a table of each device it is connected to domain collision of transmission again using the same diagram that you can see each The port on that switch is its own collision domain;

However, switches do not filter broadcast traffic, so if there is a broadcast on this particular part of the network, this segment, each device connected to each port of the switch will receive a copy of this broadcast frame. There is a trick question in the exam switches increase the number of collision domains and this is good, most networks know layer 3 addressing now as IP addressing, where there are vendor standards available, however, they are all now have become obsolete now that layer two addresses give no network information or the location of the node, all they do is give an address, so the network address is made up of the network parts and the node.

You can see we have networks one nine two one six eight ten dot whatever on the bottom left and this designates the 102.168.10 designates the network and then the next number designates the host on the network. I have done it with ipv version 6 on the right routers they only consider the network part of the address and then pass the packet onwards, if the address is not in the router's routing table the packet is dropped, this is an advantage of having a router because if they forward transmissions, your network and Internet would stop, we will go into more detail when we cover IP addresses and subnets, but an IP4 address is 32 binary bits or 4 octets, which is 8 bits, each octet is separated by a point.

Now routers don't care about dots, they only read ones and zeros, but we. Since humans find it easier to read numbers with spaces in the middle, this long number here in binary is converted to this number and finally converted to this number so that we can read it ipv version 6 going to ipv version 4. I'm going to I will cover this in more detail later, ipv version 4 ran out of available dresses quite some time ago, in fact ip version 6 is designed to address that problem, among others, the address is 128 bits long, they are written in hexadecimal, they are separated by 16 bits. for two points, so here is an example of an ipv address version 6 layer 3 routers examine the ip address and make direct decisions for packets they block multicast and broadcast by default.

You can change that behavior, although it is not recommended to do so unless you have had a professional. routing advice audio routing is choosing the best route for the traffic, this is the routing part, sending the traffic is known as switching, so routing is just the algorithms, the mathematics that the routers used to determine the best route to follow to the destination and You can see that the routers below here in the diagram are creating a network table how far apart these networks are and this metric looks like we're using hop count. A hop is another layer 3 device and is creating which interfaces to pass through the router Encapsulated packet with the correct header for the media type, for example if it goes from the sent to the receiver, the packet would be encapsulated for Ethernet for wide area and for local area networks, then you would get to the router and change that. for a wide area network header so it can traverse your serial link you can learn what the best route is from the manager or from another router if you are using a routing protocol okay so we've only scratched the surface here we come in throughout.

These concepts in more detail as we go through the course, network cables and connectors we need to have a good working knowledge of them if we want to be network engineers and have meaningful conversations with our suppliers and colleagues and also know what to look for. when we're in the communications room, you know you look at our network equipment, so the fiber media will start with pulses of light to pass signals, so one of the advantages and certainly one of the questions that They could ask you more questions about the network than Cisco i. Let's say when hacking, you've been in a secure environment and you want to minimize a person accessing a signal because you can put devices on the cable if it has metal inside of it and actually pick up the signal going through the cable, which which we don't.

I don't want it to be so difficult in secure environments to hack the signal if it is a high speed fiber medium, more than 10 gigabits per second, works over long distances and up to 100 kilometers, immune to interference in the cable, so that there is no signal. When passing along a small strand of metal cable, it should be immune to interference from cellular devices. Radio, air waves, and microwaves can work with multimode or single-mode fiber. The light rays travel through multiple paths used over shorter distances and certainly under two kilometers it is less expensive than single mode and uses LED technologies.

In fact, I've seen questions about fiber on Cisco exams. I think it's a little unfair because it's not really a cabling exam, it's a Cisco exam, but sometimes they'll list different types of cables and we'll ask you what they are for fiber and other types of cabling questions singlemode fiber the fire the light follows the direct path if you saw in our last diagram the light bounces between the walls of the cable long distances therefore up to 100 kilometers it uses laser beams, it is more expensive there, that is the drawback of the copper medium that is still widely used today.

Twisted pair or coaxial character cable. You will rarely see it today, you rarely see it. You will certainly see it on the networks. in cable devices for cable television, it is a thick copper conductor and runs through the middle of the cable called 10 base 5, which is thick, net, 10 megabits per second, the base for baseband 5 is short for 500 meters, I highly doubt they would ask me about this, but just because it's excellent, of course, I wanted to cover it. 10 base 2 is very thin, same net specs, but only works up to 200 meters, like I said, you rarely doubt, if you will see it crooked.

The pair uses four pairs of full color twisted wires twisted with one part of that color but white then blue and then the other wires blue and white brown brown and white and so on it can be unshielded twisted pair or shielded twisted pair le gives a more reliable cable and less prone to interference, but costs much more. These are the common categories you'll see, if anything, I guess you should really remember what speed and what type of data transfer they can support. You may never get those speeds, but. These are the manufacturer's specifications and the shielded twisted pair, so we have a straight-through cable.

The specifications are regulated by the tia eia specification and it is assigned the number 568a so this type of cable will connect your PC or server to your switch and it is quite common cable and you will hear people say that if you have a straight cable yes you're in the server room, a crossover cable basically eliminates the need to have a switch, it crosses over certain ports or pins on the switch and what happens inside the switch, among other things, it allows you to connect one PC to another or a PC directly to a router without using a switch.

Common exam question. This is how you can see that pin one on one side goes to pin three on the other and pin two goes to pin six, two different cable types or specs of five six eight a and five six eight b i really doubt that you ask what colors go and where that would be too much to expect you to see. many coil cables as a cisco engineer, a coil cable is also known as a console cable or ribbon cable, sometimes people call it a ribbon cable, almost always light blue in color and you can see that it has a db9 connector and an rj45 connector on the that connects. on the router or switch into the console port, which in the diagram on the right always has a blue circle around it in light blue to match the color of the cable and this is where you will directly connect your actual switch to your device and will do some initial operations. configurations, especially if you first bought it new or even on eBay fiber connectors, there are several to choose from, so check your documentation and these are the specifications.

I would say yes, he will participate in the exam, but I have seen the exam. write questions asking you they will give you a big list of specifications and two of them will be in this range here st sc lc so it is worth remembering them for the exams so these are the connectors you will terminate your fiber cables with and You can see there are many different ones. shapes depending on your supplier's manufacturing specifications, all the correct copper connectors, you will see many more. The most common is the registered RJ45 connector number 45. Eight pins and eight wiresinside the cable and, as you know, inside the cable they are twisted in pairs.

There is an rj11 that I'm sure you've seen. If you have a broadband modem at home, you'll also see this type of connector on your phone jack. Four pins and two cables are used. There are many different permutations for this. so I really don't want to get into those bncs again. This is for your thick and thin network. Quite outdated to be honest, but I just wanted you to see a photo, if anything the db9 is a serial connection. It's quite rare to find that you used to have them on PCs all the time and some laptops are no longer used for um, let's say models, they're actually printers, modems, printers and industrial devices, so I'll say model if you go.

To connect a cable like a console cable that has a db9 end, you now need to purchase a db90 USB converter. When you have the converter cable, many times you will need to use the controllers with it, this can be a bit weird, sometimes the controllers are actually loaded with the cable, so there is the console cable and db90 USB converter and you can buy them on eBay. Well, that's just a summary of the cables. Thank you for viewing the osi model. What is the osi model? I used to hate learning about the osi model when I first learned I was learning about networking it seemed to be everywhere it was covered in every book but I never understood the meaning because it couldn't be applied to anything but as I went along . throughout my networking career as a help desk and then as a network engineer and finally taught what I found really helps put the entire working infrastructure of the Internet into some sort of order in our heads so we can have a conversation with another engineer in person. or by phone or even by email or whatever and we can start talking in a clearer way and get to our point much faster and also when we get to the troubleshooting as you will see as we go through the other labs and let's teach it.

It just helps us do things a lot faster because we can segment the problem and we can discount different parts of the network, so it's a conceptual model that you can't actually see, you can't point to it, you can't see, what is it? happening at certain layers, you can actually look at something, for example, a network sniffer and you can look at the outputs and identify which layers, but you can't physically see the osi and it describes how information moves in our network from a to b. over our local area network or from one end of the world to the other, it was actually developed by ISO in 1984, so it is divided into seven distinct layers and each layer has its own function or job to do, the other thing is that each layer can only communicate with the layers that are directly next to it, so layer one can only communicate with layer two, layer seven can only communicate with layer six, layer six with level seven layers and five, so unlike some books, the osi starts at layer seven at the top. and then down to layer one if you number it another way and a is wrong and b will cause confusion.

OSI is used by all engineers, from network designers to vendor engineers and manufacturers, and it also applies to networking software and hardware, including cables. so the concepts that each layer, like I said, talks to its neighbor, just the data in each layer actually refers to a different term, don't get too hung up on this because we usually or almost always talk about data as packets and although we are talking about a layer 2 switch that technically deals with frames, usually in a conversation we will all talk only about packets, so some people don't get a bit retentive about it and there is no need, really, the higher the level , the higher the level is the closer it gets to the end user.

The lower levels are closer to the data pulses in the cable in the form of electrical signals, so encapsulation as the data is transmitted downwards, each layer adds a header as the data is transmitted upwards when it reaches the destination, each relevant layer removes its specific header or trailer, this is known as encapsulation and decapulation, so why do we use it so that you, me and all other engineers can use a common framework so that you can buy Hewlett-Packard switches and will they? Work with Cisco switches If they are both designed to work on the same OSI layer, you can focus on one layer specifically and ignore the others.

Say, for example, you're designing a hub, switch, or firewall of some kind that you'll focus on. at the specific layer that that device works on is also very useful for troubleshooting and you will do a lot of that as a network engineer I'm sure, so start at the top and work your way down to layer 7, the application is closest to We the end user, for example to send emails and browse the internet we use the application layer. The services that use the protocols depend on the information being sent, for example pop3 is used For email, SNMT, a simple mail transfer protocol, FTP is for transferring files, and Telnet is used to connect remotely to a device.

Now we will cover all these protocols and ports. later on in the presentation layer or presentation layer, if you're British, it makes the data understandable for layer seven. Here we are dealing with format compression and character formats in general, it is ascii, how our characters are formatted, so we can send emails and browse the web. take care of the presentation and you can also associate it with videos, audio, video, compression, here are the formats mpeg, avi, I think it's supposed to say jpeg, sorry, it interacts directly with the application layer and the session layer, like this which I said before that only each layer only talks to the layers, it borders on layer five, session layer, it establishes sessions or dialogues between devices, it ends sessions and manages them, so it is a communication between devices, it tracks conversations using numbers of port, ensures end devices are available, passes to the transport layer, this splits the data. two segments remember I said data is called differently in each layer so date is data and then we cut it into segments for transport layout ensuring data arrives in correct sequence for integrity of the data.

Layer 4 uses both tcp and udp for flow control. error checking, not detection or correction, that takes care of somewhere else, data retransmission, sequencing and reliability, layer 3 is the network layer, this identifies the network path for our routing, it sends data which is known as addressing packet switching logic, which is almost always IP addressing data. packets are referred to here as packets here and the routed protocols actually send the packets to the routing protocols which we will get to later in these fine paths and create tables as a directory of which networks are where the routers operate in the Layer 3.

Data Link Layer 2 defines a data format that encapsulates data based on the type of media, for example, Ethernet or PPP or Frame Relay, provides reliable transmission of data. The physical addressing happens here, which is almost like our mac addresses subdivided into llc and mac sublayers, so they are actually broken down. into two smaller layers and you can see them represented here in this diagram. You may be asked what is the top layer and what is the bottom layer. This is the physical medium used to transport the data. Specifies data and cable speeds. Pin Types Here are some specifications you may have seen.

I've certainly covered them in previous presentations and I'll cover Ethernet in more detail later. It covers the voltage required for the signal to go to the line bits in the cable. That's it for the osi I will refer to it in more detail as we move forward in later presentations the tcp model the rsi versus the tcp model the rsi is a reference model and was created by iso as I said before the tcp model was created by ietf or The Internet Engineering Task Force now, depending on which book you read, some will say that Cisco was left behind or that it left the osi model behind the TCP model, but you will read the opposite in other books and other online references, for which is difficult to say.

I see that both are referenced quite a bit, so it is necessary to know that really the TCP model is used for proper network communication, so if I could say something, it is more practical or it is used in a more practical way so that you can see how the TCP model is mapped. the osi model and again depending on what book you read the tcp model will either have four layers or five layers which causes even more confusion so some models will say it's four layers and put the physical data linker in a layer called network access, so cisco tends to treat it as a five-layer model, that's what we'll do: application transport, internet data link, and maps from the physical application layer to the osi session and presentation layers of the application, various protocols used in this layer, so we have http email services for web. browsing ftp used to transfer files which will cover this later snmp used to manage networks dhcp used to assign IP address information to devices and telnet which I also mentioned earlier the transport layer is tcp as a reliable connection oriented data transfer choose When reliability is required like ftp, which is used to transfer fairly large files over a network, udp is a reliable connectionless data transfer, it certainly has less overhead than tcp and problems for less important things protocols, such as trivial file transfer protocol typically used for fairly small files, e.g.

A router's configuration port numbers identify the type of traffic. More than 65,000 in total, numbers from 0 to 1023 are known as well-known ports used for common applications. Here are some examples that we will go over again as we progress through the course. the three-way handshake, and you may have heard it before, this is how a session is actually set up before data is transferred, a sync packet is sent from the host so that the destination then sends a sin and ack packs it again and finally a special packet is sent before and tcp window size negotiation takes place.

All of this happens before the data is transferred. In fact, if you know how to trace with packet capture software like Wireshark, you can see all of this happening and I've highlighted it there in the red box on the graph at the bottom Internet layer TCP maps to the network layer Layer 3 for the RSI model includes IP, which is a connectionless protocol used for AP version 4 and 6, includes ICMP, which is a message reporting service and you may have heard of ping. Ping is found within ICMP, the network access layer made up of the data link and physical layers, arp is used here, it requests the mac address of a host when it knows the ip address, this is just a case study of an ftp session, the ftp client it contacts the ftp server, we don't need to worry about the application layer for this example, so we have a client, you see the ip address and the mac address going to the ftp server and you can see the mac. address and the ip, the Wireshark packet capture is on the bottom line, one is for the physics, frame line, two is the data link information, line three is ipv4 internet, there we have the transport layer and then the physical layer of the application layer, you can see the packet. signaling and bits on the cable 567 bits total if you look at the packet analysis the data link you can see the destination mac address the source mac address ethernet framework the layout of the internet this is the IP and layer 3 information.

IP information and layer 3 overhead You will also see a time to live field within which we will talk later about source and destination IP and then the transport design is a TCP. In this case, we can see a random high port number which is a source port but the destination. The port number you received on the critical port is ftp, which is port 21. Sequence numbers, window size flags and checksums and finally we get to the application layer, which will be a file, in this case it will be you will see how comptia dot txt. So that's just an overview of TCP.

See you at the next conference. Well, welcome to the presentation on TCP ports and protocols. This is really important because a lot of network engineers and people miss it, they understand that there are ports and protocols that exist and maybe you understand some of them, like dhcp and up and so on, but it's worth digging deeper and certainly reading some books on tcp you can search on Amazon, let's take a look. in tcp ip port numbers common protocols bit in dns and let's look at some other thingsalso that I didn't put on that list, so port numbers are assigned to protocols and services and I mentioned in a previous lecture that there are over 65,000 and it allows users and devices to identify a specific application, so normally you get some sort of IP address communication and then a port number attached so that services can identify what has been accessed, so well known port numbers. and non-ephemeral, they do not change below 1024 and temporary port numbers above number 1024, these are ephemeral, they can change, so port numbers are not protocol numbers, so protocols include tcp udp icmp igmp, you can also call them services I guess, but then they are not actually port numbers, so it doesn't specify what service has been used, how the data is transferred, application layer protocols, these include http and the secure version, email services, file transfer, trivial file transfer protocol, sip, rtp, a quick look. in http, which is one of our favorites, I'm sure it's used to connect to web browsers so that websites listen on port 80 for requests.

A flow of traffic occurs. This is for all services or ports. A traffic flow is the source IP address, port, and destination. port and IP, so you'll often hear about flows being monitored on devices and, um, this is what the flow is the source port, the address and the destination bracket and the IP, so the http application layer 80, the source port is actually a random high port number, but the web service. appears on port 80 uses the transport layer, so it is the Internet layer TCP, IP, layer 2 frame type, usually Ethernet, eventually when it reaches the web server and layer 1, the bits are sent by the actual client.

Here's a Wireshark packet capture, but it looks like. a little bit and you can see that the destination port is http which is port 80, the source support is a random hypernumber and you can see that the host is cisco.com, https secure version which you will normally see when you join a site web or trying to obtain a monetary transaction of some kind encrypts the connection between the client and the server uses transport layer security and secure socket design and most browsers insert the actual http part for you in the request and for https obviously they will add the s en to that and here is a packet captcha, you can see the source port, a random high port, the destination port, double email protocols 443, common protocols for sending and receiving emails, smtp port 25 , the post office protocol is port 110, internet message access protocol or imap, uh it uses tcp port 143.

You can see the difference between imap, smtp and pop3, so smtp sends or sends emails between servers and offers security. and certainly to transport over the Internet or larger networks, we usually have some kind of ftp client software like Filezilla, a session request goes out on port 21 and then the data is transferred on port 20. And we can see a screenshot of packages here from our ftp. a file at the bottom called comptia.txt tftp uses udp port 69. I have referred to it before but it is for sending less important files, usually a cisco engineer will backup the routers startup configuration or it will download configuration files. authentication, so it is not suitable for production networks where you have sensitive data management protocols, these include dns dhcp telnet sssh network time protocol rdp snmp simple network management protocol icmp and igmp, we will cover some of these, I'm not sure if we're actually covering them all, but dns um said search, so we're matching an IP address of a server to a name.

This obviously happens quite quickly, but when we write our domain names, there obviously has to be a map or an entry. so it really knows which server we are connecting to, obviously we find names easier to remember than IP addresses. The clouds are configured with the IP address of the DNS server. It uses UDP port 53. Eventually, if there is no response, it will fall back to TCP, but initially. at least the first few requests so you're done using udp for zone transfers between dns servers, which I think we'll talk about later. He uses tcp and here is a packet capture and we can see that we have a query source port 53 and then a response comes back matching a domain name with an IP address.

DNS servers, so it is a collection of servers organized hierarchically. I distributed a database made up of multiple DNS servers, but obviously we don't just have one, we have the root server, which I'm sorry. I typed wrong, so we have tld servers, then under that authority, authorized servers and then resolver servers, so a client request on cisco.com is sent to a resolver server first, if there is no entry on the server resolution, that request is sent to the root. server and the route sent to the dot-com tld server. I think I have an image that appears here.

The resolver eventually caches the response, so here we have the hierarchical organization here, the root server at the top, obviously, and then we have different servers for coms.org.edus and all the um appendixes we might have, for example.nets, etc., and then we go down to the authorized servers under each of the names um, dns records that you'll see. I'm sure you've heard of this before and certainly if you have your own server that you're hosting somewhere, you'll need to be familiar with these AAA servers. A full version 4 standard IP address augmentation is for IPV addresses. and you can also store ipv8 in them. c names can name additional names associated with hosts.

The mx record is for mail exchange. The ns record is called server to designate the internal DNS servers. Ptr record points are the reverse of DNS. tickets so we can see the next dhcp. I think I would talk about this in more detail in another presentation, but the dhcp process uses the udp ports 67 and 68 used by the host to get the gateway IP address from the DNS server and a bunch of other IPs. information, it actually replaced an older boot speed protocol that you may have heard of if you've been around at any point so you can see what the server and the client are listening to, the port that the client uses.

The information server sends an offer, the client accepts that offer and then the server acknowledges it, so here is the process in more detail. The destination address l2 is a broadcast address. These are all that are completed in each of the fields. The layer 3 destination is udp port 67. the source is udp 68, see this, the dhcp server sends an offer once it receives that packet, the client accepts the offer with the dhcp request packet and there has to be a confirmation that the IP address information has been accepted. You may have seen an ipa ap. used by Windows before this is if no response has been received remote access protocols and I have a packet capture for telnet here allows us to connect remotely to devices over the network gives us command line access all traffic It is sent in clear text for Tilenet so it is not really recommended for production networks.

The secure shell encrypts data before sending it. We also have the ntp udp.123 network time protocol. I'll cover it. I think I'll cover this in more detail in another presentation, but it's basically used to synchronize time. network devices periodically poly ntp server there are other free ones on the internet if you need to use them remote desktop protocol rdp allows users to connect and manage their computer remotely is widely used in help desk environments or for people who are troubleshooting Problems remotely can request rdp access snmp the simple network management protocol uses udp. I cover this in more detail later and it is also used to share management information between devices and servers.

The snmp server is usually a workstation or dedicated server that sits somewhere with the network equipment on someone's desk. The version is SNMP version 3, which offers the latest in security and encryption again. I'll cover this later. icmp is assigned protocol number one. The icmp is used for messaging services. The main function is to send echo requests that we will recognize as ping packets and can see. a catch here icmp protocol 1 and it is an echo ping request just polling devices to check connectivity igmp is the internet's number two protocol for group management protocol used primarily for multicast so I would say the vast majority of network engineers don't actually have any Interacting with it, unless it is used on your network for any reason, allows your users to subscribe and connect from the broadcast, it must be enabled.

To get into networking protocols from time to time, we'll cover many of these in more detail later. I have tcp udp and up tcp is protocol number six and we know that it provides a connection oriented tran uh transmission where we get ax and cn and synthetic bits that ensure that the path is reliable. Each packet must be acknowledged. ftp uses tcp to uh, there are many. Of other services also udp is less reliable but more optimized. An example is tftp. The arp address resolution protocol allows hosts to know the layer 2 address. They already know the layer 3 address.

So don't get caught up in the exam. We already know the IP address. direction but for the packet to be sent over the network we need to have layer 2 mapping for this, the host transmits the art requests to the wire and the switch forwards it from all ports, a destination host sends a response with your layer 2 address. so that part of the field and the packet can be completed correctly you can check our cache on your PC if you have Windows with arp minus a proxy application, it is important to know that it allows rooters to be available to the hosts on the network, so the host sends an art request for another host, the router responds and fills it, it fills the field with its own mac address instead the host will have the same mac gateway for multiple IP addresses as the packet travels across the network only the mac address does not change the IP address so here is an example.

Host A wants to send a packet over the network and you can see that he wants to get to the house. I should have called it host d so apologies for that 4.4.4.4 the router responds saying put the field as destination my mac address and for now we'll map it to 4.4.4.4 ok so that packet can now be sent and be accepted by the router and the router will eventually process and send it. will take it out of its interface and change the destination mac address to all the ds source mac addresses and its own ethernet interface, so this basically allows the frame to be sent over the network without having to change the IP address of origin and destination.

So that's the end of the presentation we'll cover a lot of these in more detail later thanks for listening so look at the ground technologies, local area networks, some different land types and properties and again these will be covered in different lectures covering visualization of different aspects. also csmacd csmaca broadcast collision day domains it is very important to know the junction interfaces, we could actually look at that in other speed and time distance ethernet standards, so they are actually set by the IEEE and named normally reflects the technology, so 10 base t 10 is the speed 10 megabits per second base is baseband signaling, so it uses a single frequency and t is the type of media, such as twisted pair or fx for fiber, it is not as easy, it's not always that easy to understand and what each means, so a 10 base t is a Category 3 cable works up to a distance of 100 meters and is probably no longer easy to buy because cat5 cable is very economical. 100 base t is a fast cat5 ethernet cable and up to 100 meters 100 base fx works with two fiber strands. mil base t cable can work with cat 5 5v or cat six cables it uses the four pairs of the utp cable that comes uh covering, i have covered utp, i think in a previous lecture 100 base x fiber for a concert uh 10 base 10 g base Standards 10 g base srs are short range from 80 to 300 meters 10 g base lr has long range single mode fiber up to 25 kilometers 10 g base er is an extended range of up to 40 kilometers you have 10 g on one 10 g base sw different standards here fyi integrate the local area network with a wide area network using the same fiber and connectors 10g base t allows 10 gigs over copper cables cat6 runs up to 55 meters cat6a up to 100. csmacd is something that seems to pass the while in the exams, I know thatcould well be covered, it's one of the topics you need to know for the ccna exam, it's not really used in networks anymore, a carrier search sense means the device is listening on the cable for a signal, multiple accesses to more than one.

The device can communicate. Collision detection means that two signals could collide at the y and detects when this happens, which is why csma cd is required with hubs that operate in half duplex. You can send or receive, but not at the same time, not switches that operate in full duplex. uh just get familiar with this system um here, the flowchart, what happens at startup, it assembles a frame, there's another frame transmitting as well, what happens if there's a collision, a collision recovery algorithm is run and it tries again. send a frame again csm ac a is actually used in wireless networks where the end device cannot detect a signal, it carries a multi-access sensor to avoid collisions and here is the flow for csma c.

A duplicate configuration you need to know about half duplex is when an interface can only send or receive but not at the same time for full duplex, you can send and receive at the same time because it uses different cables, both sides must agree, so if you have one side configured for half duplex and the other for full duplex, then I'll have problems sending traffic to the Cisco devices. The duplex and speed settings are often left on auto and you can see the Fast Ethernet interface 0 1 and you can see the settings if I type the duplex space question mark.

I can choose between full or half automatic speed. I can choose between 10 100 or automatic, obviously if you have different interfaces you could have collisions with higher speeds than transmission domains. How far will the plot travel well? Each port on the switch I told you above is considered a collision domain. hub does not create collision domains routers do not forward broadcast traffic switches forward broadcast traffic now switches increase the number of collision domains I've told you this before it's just a small question people can get stuck in more domains collision domains are better so here is a collision domain, a broadcast domain is all the devices because the switch will forward the broadcast but every port on the switch is a collision domain, every port on the router is a broadcast domain because by default routers will not forward broadcasts and finally here you are putting some routers together switches hubs and you can see at the top a bridge and a bridge is basically the same thing as a switch although it tends to work in software on hardware place, so count how many you can see that work.

Check it out to confirm my estimate of how many broadcast and collision domains we have, uh, terrestrial switches, terrestrial switches move frames between network devices, learn the mac address of connected devices, and forward or filter frames based on the mac address. Broadcast frames are forwarded from all interfaces as our frames with an unknown destination are not in the Mac table. Switches use a spanning tree to prevent loops which we will see later in a switching presentation so you can see the frame forwarding. We have different devices here. The host is The sending destination of a frame is c sources a and it is forwarded from Fast Ethernet 0 3 and filtered so that it does not leave Fast Ethernet 0 2.

Now you can see that we have an interface and just for your information. You can see that the switch has more than one Mac address associated with an interface, so when you log into a device, this will tell you whether or not that interface will be a trunk or possibly connected to a hub, which is probably less. I'm probably honest, the frame switching options are cut through a switch which should read only the Mac address and then forwards the frame, so if there are errors in the frame the switch won't know, it stores and resends the entire frame and checks for errors. release the first fragments, only the first 64 bytes of the frames, check Cisco switches for errors and check the model and documentation, but now they generally store and forward by default.

Well that's the end of the presentation thanks for listening to network topologies so the design considerations are from a cisco certified design associate from the ccda guide that actually talks more about network design from design and the cisco design model. There are a lot of considerations to take into account when looking at designing a network and it really falls between what is optimal and what exactly you want. what to do and cost because almost all projects have a cost limit, so there must be some kind of compromise in the design of the subprojects, their technology options, the physical design that the network will have, addressing the scheme, including any network address translation that we are going to perform.

We will be using, we will talk about that later writing selection and design of any quality of service that is known as quas, which is voice and video, and how that will affect our design, security design, are you going to have people connected remotely from home workers or mobile or are they going to be internal to the organization any multicast, which is your video streaming provisioning for ipv6, what is happening right now, networks are using ipv version 4 and ipv6 point to point is a common topology that You will find, especially when you are doing practical labs, only a direct link between two devices, obviously used mainly in wide area networks, point to multipoint, you have several devices connected to an interface on a router used in wireless networks.

Obviously, networks, although the end devices cannot communicate directly, have to go through the wireless access point. Our ring topology was quite popular a couple of decades ago with a technology known as token ring, which is now obsolete topologies, all nodes connect to the ring if there is a link between the nodes and it breaks then there is still a way because can go in the opposite direction so I actually use lands now, if used for one it usually needs to have double rings in case one of the rings falls off, employed in metropolitan areas. access networks star topology used in most modern networks all nodes connect to a central device the central device passes data between the nodes usually using an ethernet network so you could probably have a switch in the middle of all of these Burst devices are rarely used Nowadays, in modern networks, you have seen the thickness and type of network cables in previous presentations.

This is what, uh, the topology they used, obviously, a break in the cable brings the entire network down. A specific technology is characterized by redundancies. What happens if one of the interfaces or connections goes through the hub and the spoke, you have the hub in the middle which is usually the head office and then the spoke is the smaller offices or the branches and you can calculate how many connections you need with the number n times n minus 1 divided by 2. Full mesh is when all devices are connected to each other, which will obviously cost you a lot of money.

Potentially partial mesh is when there is a connection between many of the devices, but they are not. all connected directly to each other, the client server is a local area network topology, you can have a client server here so it appears, obviously, client server, all the different devices that clients connect to a server as point to point, no There is only one device in charge of the network. devices we are only going to look at a few to be honest there are many others but we will mention them in different parts of the presentations in different areas so I just wanted to look at a few here load balancers proxies content filters vpn hubs so a Load balancer is usually present in large environments with multiple servers.

I supported them when I was inBy the way, for a while they distribute the users load to multiple servers, this will be transparent to the user, so they will probably think they are only connecting to one web server for example, when they could very well connect to multiple web servers in addition. It provides full fault tolerance so obviously depending on how many servers you are balancing if one fails you won't notice there may be a longer delay so you may notice a slightly longer delay but the service would still be available. load balancing algorithms around Robin, so each server takes a weighted turn so that different servers take on different loads, connection leasing, so if this particular server is quieter for whatever reason, it will receive more connection requests weighted lease, same as leasing, but with weights assigned to the load balancers.

They are implemented in router mode, bridge mode, or one or two armed modes, so the proxy server is placed between the user and the server intercepts the client's requests in the future. Provides caching to speed up web service. URL filtering. Content scanning. time is used to see what sites employees are visiting, obviously it can also be used as evidence against you, so be careful, a content filter filters traffic based on, um, let's go back again from the information within the package that guarantees corporate privacy and confidentiality and can also prevent viewing. Inappropriate content may have an antivirus that mounts malware.

It's also very useful for scanning incoming emails for viruses because firewalls, we'll cover them later, but they don't. The generic firewall does not scan for viruses, you can filter by URL, you can filter by category as well and lastly vpn hubs, we will talk about these later in the security section, I believe they maintain virtual private connections, uh, private network virtual, sorry, start and end vpn tunnels if you don't, if you don't know what this means in the moment we cover it later in the security section, all the encryption and decryption needed can be hardware or software , establishing a VPN tunnel, so this is a secure way for remote users to connect to the corporate network generally and access dedicated hardware or software resources.

Once the connection is established, the user can access all resources used by home or mobile workers, for example, sales teams and so on, all day long is encrypted. Well that's the end of the presentation, thanks for listening inside the Cisco router or if you live in the UK router, so you need a good working knowledge of the components of the router, both exterior and interior. Now any exam is unlikely to show you a picture of the circuit board and you would have to point out which bits are where, however if you have a router at home or at work and the memory needs to be upgraded, in At some point you may need to open the cover and expose some of the modules inside, so it's good to have an idea of ​​what you actually have working.

On the inside, obviously, sometimes things break too, like fans or memory, and you may or may not have a support contract with Cisco. You must verify the documentation. Every device Cisco sells or used to sell has documentation; It's the easiest way to find it. If you just type in Google Cisco and then the model number and then you can finish your search with the documentation, remove the screws if you are actually going to open the case and there are little slots that you can put a screwdriver in. and you can just gently remove it and the cover um comes off the actual chassis.

Weak slots for your wide area network cards. This all varies and can be a little confusing at times, but it depends if your router has a fixed setting or you can. I don't add any modules to it or it's modular, which means it has open slots and you can buy different modules and put them in different parts, so here you have a router. I think it's an 1841 that I have and you can see that I have a slot here it has a cover, a dust cover that unscrews very easily and then you can insert different types of cards, you just need to double check the documentation because some will accept voice cards, others They will only accept wide area network or fast Ethernet cards. cards, so check the documentation.

Here's the same router with one slot filled, this is slot zero, so you know that the serial interface when you're configuring it will probably be called something like serial interface zero zero and the one on the left could be either. zero slash one or one zero, all the external interfaces, they are actually connected to the motherboard and you can see the fast ethernet, we have fast ethernet zero zero and zero slash one, a console port that we will see another timealso. it is for our direct connection to do some initial configuration and troubleshooting auxiliary port for modem connections and a usb where we can put a usb memory to store a copy of the ios we can even boot from the usb port if we want and we can make a copy security any file we want to feed obviously depends on the country you are in, from an Australian router you can see a white label on the right with the serial number of the device here on the flash memory again, it depends, it may be internal external or a little bit of both this has a 64 meg pcmcia card that you can insert if you want to unlock it press the black button on the left and it will unlock it and I have issued a preview version on the router and they told me I have almost 63 megabytes from flash uh d-i-r-flash colon and I press enter and it will give you a directory of what files you have on your flash and how much memory it takes up you can have, you can make a backup and You're running config, for example, on your flash if you want it and you can have one more version of ios on your flash as long as there is space for it internally.

We have some dynamic RAM, which is a card, I believe. I upgraded everything that came with this router, I think it came with 128 and upgraded it to 256. it stores the running configuration, the model dependent ios expands so it is compressed and expands from flash to your dram . I wish you the version of the program. again and you can say we have the drink here, obviously there is something on the circuit board because it looks like um 358 plus 34 megs total, the router splits it up, uses some for buffering packets and other memory functions, however, you can change the values.

I wouldn't do it without getting advice from Cisco motherboards, I have several chips soldered and the capacitors and other things that you have booting from the CPU to do the calculations. Non-volatile RAM, there's a battery on my motherboard here so it doesn't lose settings and here are the different components that you're expected to know where it's stored. We have boot memory and flash mini ios ram rom so take note and you are expected to know what. all of these certainly serve the exam again, this is just a result for my version of the program, you can see how much nvram I have and the flash memory again, this is the system rom booted and what is the version of the code in it and I have actually , I've never flashed the system boot rom, but I guess it's something you can do if you need to show the version gives you other useful information about how long the path has been active when it came back, why it was last booted, e.g. here is a ignition.

The last reload was just a normal reload and the serial number of the system image file, if you need to know, especially if you are quoting a support contract for Cisco, it is actually on the device, if you don't remember, if you can't gain access physically. to the device, if it is in another location you can issue the show version and it will show you the chassis number or you can issue a show diag command which will give you much more information about all the modules that are connected and sometimes you will be asked to provide the router boot process just get familiar with it the router powers on it runs something called boot program which is a rom in rom monitor this runs a power on self test to check the interfaces and memory the program boot checks the configuration register value this is something you can configure as an administrator that tells the router to boot up and look for a configuration file so every time it reloads it will open the configuration or it can be told to skip the configuration file, for example.

If you forgot your password, find the ios and load it into ram, the ios tries to load the configuration file. I have issued the boot system question mark and you can see that you can tell the router to boot from flash memory from ftp or tftp as the router boots you will see some messages similar to this. This is the next system boot, as long as it works, it will locate the ios and extract it to dram. Load the ios on the router as the next step and then search. as if there is no configuration file here, then it asks you if you want to enter the initial configuration mode.

You would always write no at this point and then set it yourself at the end of the lecture. Thanks for listening, welcome to our arptelnet and ping lab. I'm done, I configured two routers on gns3. I just connected Fast Ethernet Zero Zero to Fast Ethernet Zero Zero router one and router two. I'm going to add an IP address to this side on router 1. Go more on how we get the IP address and subnet mask in a future lab, this will be 1.1 and this is 1.2 on this side, so I just need start the routers. You can see the green light comes on and I'll open it. a console window, okay, so we have router 1 and router 2, so this is router 1.

And we can see it in the command prompt here, so I'll do the show ip in a short interface and you can see that we have I have fast Ethernet zero zero and zero bar one. I have not added any other devices. I'm going to maximize this screen, actually, okay, so this router doesn't have any IP address on the screen, so there are no arp entries, we don't have any. The IP address to the Mac address is mapped so we need to go to confit so we need to configure something and the next thing we need to do is configure our interface so I can do the interface or sorry int f and then if I do the question mark i Actually, I know what I have, which is Fast Ethernet interface 0 0.

You can see we enter configuration mode. If I want to add IP, I'll just type add, which is short for address, if I hit tab and go. To use my numeric keypad on my PC, it doesn't matter if you have a laptop, just use the top numbers 102.168.1.1. I need to add a subnet mask which is explained in another video later, just copy with me. this is 30 bits, a 30 bit mask, 30 binary bits, the next thing I need to do is open the interface for traffic and I do this by typing shirtless, which is short for no shutdown.

Now you see, we have an informational message here. change to up change to up now you could go down at the moment because it is necessary send that guardian alive but if there is no guardian that I have seen from the other side of the connection then it usually turns it down now I'm not I'm going to do more settings on this router here so I can type control and I said and you can see I'm back at the router prompt, go to router 2 and it's the same thing, I'm just going to add another IP address. comp t int f 0 0 IP address 1.2 this time we can't use the same IP address twice don't close it, oops, I typed exit.

I should have written control and said, but it doesn't matter too much, so let's go back to the router. What I'm going to do now is ping. Now I can type the IP address. There is an extended pin that you can use that won't bother you here. I'm going to write IP address 1.2 now normally first. The ping will fail, the reason is that you have to do some art search, you have to find out where the Mac address is associated with this IP address, so often this is the reason why the first ping fails; however, if I press the up arrow now just to repeat the command. you can keep doing that, I'll actually press the down arrow, the five ping packets, uh, work, this is eighty percent, this is one hundred percent now, if your ping doesn't work, you've made a mistake with your IP address or your interfaces are not connected properly so if it used to appear now it has my mac address here and my mapping to 192.168.1.2 and this is the mac address this is the age of the arp entry here so that It's the arp part of the lab, you have the same thing happening on router 2. so we've covered ping, we've covered the next thing I want to do is telnet.

I would like to be able to telnet from router 1. to router 2 so conf t I need to enable telnet for line v t to work and it's our telnet line 0 will be our first number so this is the number of net lines we have depending on the device you have. be 0 to 4 or 0 to 15. In gns3 you have 903 for some reason, so I'll just hit line v2 i0s 0 space 903. I have a couple of options here. I can put a password and the vty line. or I could tell it to look for a local username and password, so I'll put in the cisco password.

I always like to keep it on cisco because if I ever forget a password I'll know it's going to be cisco so cisco password and then I need to say log in to allow someone to log in properly so I need to go back to router 1. Now I'll need to log in tile to the IP address 192.168.1.2 and it should say that the password does not prompt me for a username I will type cisco, which is not displayed as I type and I am on router 2. Now how do I log out of router 2? Obviously I can set it if I want there to be no enable password set, so I can't. go to enable mode, but that is not the goal of this lab.

I'm going to hold down control shift and the number six I'm going to release and press the x key control and shift and six all together I'm going to press the x key release and then press the x key after that now if I press um enter now we'll resume the connection which is something I don't want, it's a little annoying, so control shift six and x this time I'm going to telnet enable this router, but I'm going to do it with the username and password username paul password line cisco vty zero space 903 the yours may be different if it's a live device local login what it says is look up a username and password in the local list here actually go out of control and z together then router 2 I'm going to go high, net 1.1 is the device what is paul's username password cisco and am I on router 1?

So that has shown your arptilenet and ping, that's the end. from the laboratory thank you for observing the VLANs and the drugs. We'll do some labs on this as we go through the course, so don't worry, if it's not immediately understood, a VLAN is a virtual local area network, so it's not. something you can see by physically looking at the network, you would have to look at the switches configuration, it defines a broadcast domain on the layer 2 network, so just like a local area network using the switch, the switch will forward broadcasting, however, if you have two VLANs on a switch, for example the one shown in the top right diagram, broadcasting will stop as far as the VLAN goes.

The reason is that you need a Layer 3 device, which is usually a router, to send information from one network to another. Therefore, a virtual local area network for all intents and purposes follows the same rule as a normal network or subnet, so you can separate broadcast domains even though you are on the same physical switch by configuring layer 2. A VLAN is a division switch port logic so if you had 20 switch ports physically on the switch you could theoretically have 20 different um devices each on their own VLAN. You need a router to pass packets between VLANs. Some switches actually come with a writing module that you can insert, which is a bit. beyond the ccna level to be honest just FYI VLANs can span multiple physical switches so we have switch one two and three here and you can see we have a couple of different VLANs configured best to have all hosts on the same VLAN on the same subnet, that's all I really wanted to say on that particular topic, but it's just the best idea.

There is no need for a router to communicate if all devices are on the same VLAN, some of the benefits or why. You don't mind logical separation, it just gives you better security, it helps with streaming issues if you have better utilization of your bandwidth, a vlan flag obviously there has to be some way if you are splitting your network into vlans so that the vlan is identified. Now vendors use different approaches, for example Cisco created ISL on switch link, which is owned by Cisco devices. They've actually moved away from isl now, although many of their switches still support it, and then moved on to the ieee 802.1q standard called frame tagging frame.

Tagging inserts the 32-bit tag field into the original frame, so the concept of a native VLAN is something you should be familiar with as a Cisco engineer. A native VLAN on Cisco devices is certainly assigned to VLAN one by default, all devices in a VLAN will do so. it will be assigned to vlan one unless you configure and then it is on a different vlan, so traffic on a vlan in the native vlan is not tagged, it is not assigned 802.1 queue tagging, what is the reason why that we have it, it allows the switch to communicate with the device that does not understand 802.1 which is a security risk that we will cover later in the membership ofvlan, so you can assign vlan devices or ports to a vlan statically as a network administrator.

It can be dynamic based on the device's mac address switch ports. are assigned to VLANs and then devices connect to physical ports, access ports connect to network hosts, network hosts connect to access ports. It works both ways with that sentence, if you want to connect to another switch and you are using multiple VLANs then these and the connections are known as trunk ports, so trunk ports will connect more than one VLAN. Switches will connect more than one VLAN together, so a special port type carries data from multiple VLANs and can use isl, although that has depreciated quite a bit now so you shouldn't look.

For Cisco exams, at least the frame tagging is transparent to the end hosts, so the tag is attached by the switch sent to another switch and before it reaches the end host, the tag is removed. Trunk port modes with which we can manually configure the interface as trunk. The switch trunk port mode command includes trunk modes in which you manually configure the interface to shut down the trunk. You can tell it to never become a trunk. Automatically wait silently for a request to become a trunk. It is desirable, which means actively seeking to become a trunk or not to negotiate.

You will cover these commands in detail when you come to do the ccna. I probably won't. Covers these commands on how to configure them for the manual. To configure a VLAN you have to manually add the ports to the VLANs and you have to configure their ports to trunk, so here is a configuration that I just did on one side because the configuration is the same for both switches. I have created vlan 5 in configuration mode by typing vlan5. I have given it a name called rnd so that you can name your VLANs, it will probably make it easier for you to manage the Fast Ethernet interface 0 slash 1.

I have created the access vlan to switch port 5. So this tells the port that It is a layer 2 switch port and that it and the device belong. vlan fire that is connected to it, I connected to my fast ethernet zero slash 15 switchboard trunk encapsulation.1q to tell it what encapsulation to use, that will not work on a 2960 switch because 2960 will only recognize point one q and i' I have told it to become on a trunk port, so you'll practice some of this later, but that's the end of it from there. Thanks for listening to the Spanning Tree Protocol.

So what is spanning tree? It is defined by the IEEE 802.1d standard and basically allows switches to communicate to avoid loops in our switch network, runs a mathematical algorithm and discovers and blocks which ports would be the possible causes of layer two loops. Basically, a loop will occur in our switch network when there is more than one route. for a frame to be taken and this could obviously cause confusion as I'll illustrate in a moment so it's a really simple illustration here with our diagram so switch one for example will receive a frame on its fast ethernet 0 1 and it will flood it. off your next fast ethernet interface 0 2 and remember if there are 24 interfaces then you would flood them out of the 24. now switch 2 would receive this um and the address would be for host a and it would be received first by switch a switch 1 and recognize that host A was connected to Fast Ethernet 0-1, unfortunately that address would come out of the bottom of switch 1, go around, and arrive at the bottom of switch 2.

Switch 2 then thinks it knows the way to get there. host to and the direction to go is via Fast Ethernet Zero Slash One, it will send it from Fast Ethernet uh sorry, Fast Ethernet Zero Slash Two and it will send it to Zero Slash One. Now we have a problem because the ports on the All switches think they can actually reach host a and when that's not the case, now there's no time to live field in layer two frames, so they would circulate around the network until each switch thinks it knows how to get there. to host a and it would stop your network completely, so a mathematical algorithm was created and it is based on two key components, the bridge id for the bridge id, you can basically read the switch id, it is the same and the cost of the route, so these are contained within the frame, the bridge id is an 8-byte field consisting of the bridge priority and the mac address, the base mac address of the switch, the default bridge priority is 32 768 and then this is added to the mac address.

Now I have issued a sample version on a switch and it shows the base mac address among other information, and each one will be different, so the path cost is used to calculate the proximity to neighboring switches, the higher the bandwidth, the lower the default port cost will be so we can see the 10 The gigabit connection here has the lowest port cost assigned, so there is a four-step path selection process, so the identification of lowest path bridge, lowest path cost to the root bridge, lowest sender bridge id and lowest port id will go through this. four steps until you make a decision, this all happens after the exchange of bridging protocol data units called bpdus, so let's take a look at our diagram.

Here we have three switches and to keep things simple we have given them the mac addresses of all the a or b and all the c are all connected so we could possibly have a loop here unless something is done to close one or more of the ports, so first there is a root bridge election, then there is a root port election, and then there are designated ports. choice, the bridge with the lowest bridge ID is selected as the route. I remember that it is a combination between priority and mac address. In this case, the lowest mac address will be the one with all the a's because it is a lower number in hexadecimal. so rootport is the port closest to the route bridge.

Now the route bridge will not have any route ports because it is the route bridge, so all its ports will be known as designated ports. You can see that switch two and three have chosen their port closest to the route bridge. uh root bridge like fast ethernet bar zero one each bridge except the root bridge you have to choose the root ports and each interface adds a cost so as the frame progresses it goes through different interfaces the cost is added. You can see Fast Ethernet 0 1 is 19 as you get to Fast Ethernet 0 2, the port cost is added back and 19 plus 19 costs have been 19 each. 38 appears, so Fast Ethernet 0 slash 1 wins the choice of the designated port.

One designated port sends and receives traffic on the segment to the root bridge only one designated port per segment, you can see there is a segment at the bottom here, slash zero two on switch two and three, the tie goes to the lowest ID of the root bridge, the lowest root route cost, the lowest sender bridge ID and the lowest port ID, and you can see in switch two and three, the lower of the two would be the switch with the address number mac bb bb etc, port states for stp can only be one of the following five, it is forwarding, it is learning, it is listening blocking or disabled, all good, so we've covered quite a bit there, just wanted to give you a sample of stp and um, there might be a lab on this.

I haven't decided yet obviously they will go into a lot more detail when they get to the ccna thanks for listening cisco 2960 switch this is actually tested on the ccna exam right now obviously check the syllabus this is the right model for the exam ccna obviously cisco has a wide range of cisco switches available from small office models to large enterprise networks There are just a couple of things you really need to keep in mind. See the documentation on the cisco.com website for 2029.60. There is a system LED that can be off green and amber and now each LED can have different colors and can also flash, so each one could say for example that it has three colors, green and red.

This is just an example and then each of those modes could actually have a mode where it's on off or flashing, so this is where you need to read the documentation. the redundancy redundant power supply LED, if there is one connected, some have one and some don't, there is a port status LED, there is a duplex port mode. port speed LED uh power over Ethernet if supported, for example for IP phones, there is a port that has an LED and this will tell you if the cable is connected, if the port is blocked or if the port is sending traffic and it will flash quite quickly.

On the screen there is a mode button at the bottom, it's an actual physical button that you press that cycles through different modes and again you can read the documentation on cisco.com to see how it works. Several models. It has eight 248 fast ethernet ports. obviously a console port, there is a usb port available, uplink ports to connect two of the switches, some have poe ports for voice telephony and some are stackable which means you can connect several switches together and act as if they were a single switch. Service modules can prioritize voice and video traffic and support up to 4,000 VLANs.

Yes, you get all this from sales and product documentation. There are some dual purpose ports. Cisco and Cisco have something called small form factor pluggable sfp modules. I think it means ports. There may be 10,100 or a thousand rj45 or sfp. Just a quick look at the back of the 2960. You've got the exhaust fan, redundant power supply and AC power and obviously it's different depending on which countries you have, that's the end of it. Thanks for looking good, welcome to our switching lab, what I have here is a packet sniffer just to do a lab with this, I'm actually going to use a 2960 switch and I'm going to do some configuration, I think what I'll do Actually , what I'm going to do is add a rat here, click on the cables directly through the Fast Ethernet Zero Zero cable and Fast Ethernet Zero, slash one, so that's the switch connected to the router.

Now I'll just click the switch to maximize the screen. so just do some configuration really change it's in user mode as you can see enable mode to get to an enable I could have written it won't do anything I'm in enable mode it shows the version it's a bit of information you can actually see the version of your software how many interfaces you have gigabit and fast ethernet your base mac address which is used to determine the mac address for the switch in any spanning tree your switch model 2960 24t you can look at the cisco website for more information areThe main thing is that you actually have a configuration record on the switch that you won't see right now, so of course you're running Cisco IOS.

You can run most of the commands you can on a Cisco router. However, this is a layer 2. switch so that it is designed, you will have the commands that will not have typos and vice versa, so the first thing is the company hostname and I will call it s w one for switch one and you will be able to see the Hostnames changed. just get out of this, I'll just do a quick show vlan, what this will do is tell me what our vlan numbers are, if it's up you can shut down a vlan and what interface is assigned to vlan one by default, all interfaces on . the switch is on VLAN one, which we really don't want, it's a security issue and most switches have VLANs other than VLAN one for different devices to connect to, so let's first add a default gateway, here it is where our IP traffic is going to go, uh ipdf and then I hit tab because this basically because it's faster.

The dashboard default gateway is the command here is where to send an eip 1.1 102.168.1.1 traffic now that's not actually connected anywhere right now so we're going to have to configure it on the router, the next thing I'm going to do to do is put some interfaces in different VLANs, for example VLAN 2. If I press VLAN 2 and press Enter, it will create VLAN 2 and also go to config VLAN 2. Now I can do it. add an IP address to the VLAN if I want, sorry I need to write interface. There is one thing I want to explain while I'm here, if I'm in the wrong mode, I can type the command but it won't complete automatically.

For me I am waiting for some VLAN related configuration so I need to exit VLAN and then if I type interface it will end it for me interface VLAN 2 and I am in config if mode and I am configuring interface VLAN. I can put many commands in this including one I want 192.168.1.2 255.255.255.0. I also have to add don't close, don't shut down or just don't activate that VLAN interface, so I want you to havea VLAN, but I actually need to put interfaces in a VLAN or assign them, so I'm going to go to fast interface zero slash one now normally you would have to add the switch port command to indicate it to be a layer 2 interface, but they are all layer 2 interfaces by default, so change the port.

I put the access in switchboard mode, let me remove it and I'll show you the options you have to access the dynamic interface, so let it try to configure itself as what it will be or trunk. I'm going to configure it to access. I need to assign it to a VLAN, so change the port's access VLAN and then whatever VLAN I want it to be on. I want it to be on VLAN 2 and for good measure I'll add the no. close command here to bring up what I'm going to do now is just configure sorry I'm going to configure I want to find it right and I want to put an IP address on this interface comp t it's fast 0 0 i I think the one we're connected to our switch is 1.1.

Now I'm going to close it, so what I want to be able to do is connect from the router to the switch. The switch has a default gateway to send any traffic to our fast Ethernet interface and what I'm going to do next is ping 192.168.1.2, so this is our VLAN 2 interface. The first ping should not work. I need to do an art search many times, sometimes the interface does not appear. Right off the bat, it may also take 30 seconds for it to appear between the router and the switch, there we go, so first it failed because of an art, look for the other things that worked if I want, if now I was going to show you some of the commands, but I'm not going to do that for now just to avoid confusion, so I'm going to exit VLAN 2 here, the interface.

What I'm going to do is show you another interface that depends on this. It may not work depending on the version of our code you have in your switch interface range or price question mark. I want it fast and I'm going to save myself a lot of time and effort by adding a configuration to a variety of interfaces instead of just one at a time, let's say I have 20 interfaces, I need to add Ethernet as fast 0, slash 2 to 10 and this is a little complicated sometimes because sometimes you need to put a space or find it between interfaces or a hyphen, accepted is fine, but keep in mind that you have to use the question mark.

I'm going to set them all to switchboard mode, port access, vlan 10 access, so this will also create vlan 10. so the vlan doesn't exist, creating vlan 10, so this is creating it for me, I could do several things if you wanted, you could close them, you could close them all so they are not open to traffic or not close them, okay, show the VLAN summary and now we can see that we have our default vlan and we have these interfaces active, we have vlan 2 that we created plus ethernet 0 and we have all these other interfaces, the other thing I wanted to do is vlan 2, let's give them a name so that they don't In fact, ideally I would like to be in configuration mode to create air to name a VLAN, but what I can do is even though I'm in VLAN configuration mode, I can go to VLAN 10 from here and now I'm configuring VLAN 10 hours. for HR, something else I wanted to show you is the do command and this means I can issue a command that doesn't belong here, a privileged command, even though I'm in configuration mode, show the vlan summary and I can see it's much better for Now it says to me that he said in vlan 2 he has given me the name of the vlans.

I wanted to make a lab that covered trunking and a few more vlans. Now obviously I'm using a package tracker here if you have a home. lab, all you have to do is take your two switches and wire them up by copying the cable that I have here or do your own wiring, so I'm just going to use a PC with PC image here, so what I want to do is just connect the switches together and also have a switch on each side and again, I'm just doing this for convenience, to be honest, it's okay if you have your own equipment at home, fast ethernet, zero bar, one to zero, bar one is connecting my switches with each other. with a crossover cable and then I'm going to connect bar zero two on this switch to fast Ethernet and bar zero two on this switch to fast Ethernet now pieces I'm going to add a 1.1 IP address I'm going to add the default gateway just in case I have 1. 2. so that's all I have to worry about right now on that PC and the same on this side, it needs a different IP address obviously on the same subnet I'll have 1.1 as the default gateway.

So I know it's sending ipa traffic that way so I have two switches. What I want to do is put these interfaces on a different VLAN so that PC1 and PC zero on this side are on a different VLAN and then connect to a trunk. through the switch, so I'm going to go to the switch on the left, I'm going to enable the company hostname first and I'm going to call it switch one. Now my first Ethernet 0 2 was connected and I want to create a VLAN 2 so that the interface is fast 0 2. Change access to port mode, I probably should have done it by default but I personally want to code it as an access switch to access to VLAN 2.

So let's put that interface on VLAN 2. The next thing I want to do if I write I forgot. to exit I want to show the trunk interface to see if I have any trunk interface. I don't have any shown right now, so the trunk interface is one that can carry multiple VLANs, so comp t interface fast ethernet zero slash one switch port trunk mode, you see the interface has appeared here, it's probably not going to happening a lot right now because I need to configure the other side, so let me switch to the interfaces that appear two and one because it seemed like the guardian lives on the other. side hostname switch to zero interface class slash one I'm going to shorten the command switch access to control panel mode to access vlan 2 shirtless I think it's already active actually and fast interface zero slash one switch mode trunk port let's reboot it went down and up quickly it shows the trunk interface, okay, fast ethernet is a trunk mode, bus mode is on, which basically means I manually configured it to be on as an 802.1q type trunk encapsulation, which is all you get on a 2960 switch you don't get iso which is the other type an atv lan is one I really don't want to have but I'll leave it there for now so vlan trunks are allowed on the r1 trunk a 1005 vlans allowed and under active management and domain vlans. 1 is always there and we have created vlan 2 well, so that is our active trunk.

I'll just output a show vlan summary and you can see that vlan 2 is up. I don't have an interface on vlan 2 for some reason I thought. I would put it in VLAN 2. I will put the wrong interface in VLAN 2. That's right, it should be Fast Ethernet 0 2. But that's fine. Cop T interface. Quick zero bar. Two switches. Port mode. Access switch to access VLAN 2. No shirt. and then I should have hit oh, okay, so I hit finish there to show the VLAN summary and we can see that our demanding Ethernet is at zero, slash two. I'm just going to check that on switch one, sure VLAN brief and we.

I have fast Ethernet zero bar two, so I want to go back. It's a little bit more difficult when you have a lab at home because you have to connect your PCs and stuff or at least connect a router here with an Ethernet interface. So in theory you should be able to ping from PC0 here to PC1 and it's going through VLAN 2 here and VLAN 2 here. Now the first ping might not work. right away, which is good news, so set four and receive four and then if I just press the up arrow twice, we also have our pin tree here for our 1.2, so it's tested with the ping and it is tested with the VLAN and our trunk works in a really simple lab, very simple, obviously, you can add more internal complexity and complexity to it as you go. iep addressing.

I'm going to have a brief overview of iep version 4 because we're going to look at other aspects shortly in other presentations, so the types of IP addresses, a unicast is a single device, so the traffic is destined for one single machine multicast address, a group of devices is identified at that address and then a broadcast address is all hosts. on the network, that could be just a handful or a large number of thousands, it could be version 4, which consists of 32 binary bits, we group these binary bits into four sets of eight, the reason we do this is that we It makes it easier. it makes it easier for us to see that Cisco devices don't actually add decimals or anything, they just see it as a string of ones and zeros, so when converting binary to decimal we basically start with the number one and then move to the left eight times because We're writing version four, we're using octets, which is a set of eight characters one, two, four, eight, sixteen, and we keep doubling it until we get to 128.

Then if you want to create a number, just add one in the column that gives you . the number you want to get, so here we have ours in the column one, two, eight, 16, four, two and one, and all we have to do is add those numbers and it will tell us what our final number is. in this case it is 151. So if we add a 1 in each of these columns and add the numbers, we would get 255 address classes. This is kind of successful for historical purposes, only addresses initially because it was not seen that there will be a shortage, they were allocated based on the size of your organization.

Class d is reserved for multicast and is for experimental use only, so I would use it to be honest, so these are the five address classes and they start with the main ones. bits which we will come back to later, but for the network equipment to identify what class it is, the initial bits are reserved for class a zero, class b is a zero, class c is one one zero and those bits cannot can be changed, we have a size of the network part which again we will get to this later when we discuss the subnetting of the 32 bit network part, it is 8 for class a, 16 for class b and for class c is 24 and that leaves us. us with the best, the rest is for the hosts.

You can also see how many networks give us these addresses and how many addresses we can have per network. Alright, IP address types version 4, so the public addresses have to be paid for and you can use them over the Internet, you normally buy them from your ISP or your ISP assigns you the private addresses are free and can be used internally, They cannot be routed on the Internet, you are not allowed to use them on the Internet and you can see the address range below. You must remember them all, so write them down. I wish you the ipconfig on my Windows 7 PC here and you can see that I actually have a private address in use here. for my ethernet adapter and then I have a vmware adapter that uses a different range but is still a 192.168 private IP address.

So you'll see this quite often on your home routers. If you look at your network configuration, the special IP address range is 127 in the range and is used for loopback addresses, more specifically 127.0.0.1. I would ping to test the TCP stack on your machine. microsoft has its own special range for ap ipa which is basically if the device cannot receive an ip address via dhcp and a manual address is not added again it is worth remembering that address range and here is an example here on my command um ipconfig Classless IP address allows you to create smaller networks for the main ones, which we will get to in more detail later.

The smaller networks drawn from our main network are called subnets or subnets for short subnet masks used with network addresses if we have a binary zero in our subnet mask, as you can see below here, which indicates that it is a bit of host, if it is one, which indicates it is a network bit, now it doesn't, it never used to, but now it has to use a subnet mask. when you use an IP address, this is part of the address conservation scheme, Even if you're not creating subnets, you still have to use the subnet mask, so class a, the default mask is two five five and all zeros, class b is two five five points. two five five and then class c is three lots of two five five.

You can see our network and host octet parts in the table, so some examples are 192.168.100.2. You can see that two is the host of a network Ted. be the last three numbers and then we have a class b address here and 101.55 is the host number, so this is just a gentle introduction. We'll do a little more of this as we move into the other IP. This easy subnetting is covered in the lectures, so we will cover some basics of subnetting with a view to just laying the foundation, so if you choose to continue with the ccna later, you will understand just some of the concepts and It will probably make your subnet learning much faster, so justI wanted to see that I mentioned classless cidr in domain routing.

Most of the protocols, ports and services that we are going to learn originate from rfcs which stands for request for comments these are documents submitted by network engineers that propose how certain technologies, protocols and services work within tcp and that is why tcpip has become the dominant force in networking because people continue to contribute to it and it's all free, so cidr is based on The concept of variable length subnet masks means that you take the standard subnet mask that It usually allocates for classes a, b, and c, and you can manipulate it to include more digits.

You can also change the representation of the subnet mask to a number and the number represents. the number of network bits used, as we will see, here we have 255, which is obviously 8 binary bits. 255,255 is 16 binary bits and then we have 24, so classes a, b and c, so c rdr allows you to steal bits and more. The bits you steal, obviously the higher the number in the slash part, the subnet masks allow us to determine the network bits of the address versus the host bits. If we set a binary bit, it indicates the network bit. If we leave the binary bit off, then. points to the host bit, so here is a summary of what we have covered so far in this previous lesson, we have class a, class b and class c.

You can see which bits are allocated for the network and which are allocated for the hosts, so when iPad Dressing was first devised, home computers didn't exist, they were so expensive that only large companies used them, so they were devised classes a, b and c, class a addresses were given to large organizations, but the problem was that there were only 128 possible. networks because of the way addressing worked and each network would have up to 16 million hosts which is a ridiculously large number for a class b local area network was better but not much better 16,000 networks but each had more than 65,000 hosts per network address and class c there were 2 million of your possible networks in each with 256 hosts now some of these numbers are going to change slightly when you introduce some rules for subnetting.

You can see below here the starting addresses, the ending addresses and what the addresses are. useful, so here's one of the first subnetting rules: you can't alter the fixed bits that are used to identify the network class. a has to be a zero in the first bit of the first octet for class b one and class c one. one zero those three bits cannot change so that affects the numbers that we can use for the network so you can see the start and end numbers in the two columns on the right and I have put it in binary and in decimal , also the subnet and the rule that can.

Do not use network address to designate the network, for this reason it cannot be applied to a host or interface and cannot use broadcast address. The broadcast address is all host binary bits set. which indicates that it is a broadcast packet so you can see examples of addresses that we cannot use on the left and I have marked them in red and the parts are the ones that cannot be used so available hosts and networks So, Since we are reserving bits to identify what the number is, we are left with fewer usable bits, so for class a you have seven usable bits in the first octet because a bit reserved for class b has been used, you have 14 and for class c you have 21. now we use the powers to calculate and the numbers because it's just an easy way to convert the binary into a usable number, so seven possible network bits we use the powers of two to the power of seven, which is 2 times 7 and 2 times 2 7 times, that gives us 126 possible networks.

We have removed two because we cannot use zero and we cannot use one, two, seven for class b, it is 2 to the power of 14 14 The available bits give us 16,384 and then for class c it is 2 to the power of 21, which is 2 million zero nine seven one five two. You can see the possible host bits and I've removed two because you can't use them. the subnet address the network address and you are not allowed to use the broadcast address here is an example one nine two one six eight one dot zero network first usable address I just added one and then I continue counting two three four five six seven all the up to two five four two five five is the broadcast address so I can't use it and here are some of the addresses that we can't use that I have mentioned for class a that's just an example so what is the subnet basically? using host bits to create more networks, these networks are called mininet subnets or just subnets, obviously the more beats you steal the more subnets you will have and conversely the less hosts you will have because you are stealing the host bits so here's an example of network bits and host bits at the end and you can actually borrow up to eight host bits for a class c network address.

I've stolen, for example, two, two host bits, which leaves me in purple, six remaining bits, four hosts and two bits. I can use it for subnets now, if I were to do it by hand I would write it all in binary so the possible values ​​when you have two binary digits are 0 0 0 1 1 0 and 1 1 so we have four possible values ​​and in the Next column on the right, below the decimal values, you can see the possible values ​​for the subnet, so it increases in increments of 64. And then finally the binary column because those are the last two and the bits left. binary eight bits is in one two eight in column 64, so here is an example of the available subnets and they are 1.92168 1.0 1.0.64.128.192 available subnets.

I've actually worked it out a bit more now, so I actually showed you which hosts are available in the broadcast address for each subnet, you can calculate the broadcast address by going to the next subnet and removing one so that the next subnet for aza dot 192.168.1.64 remove one of the 64 and you get 63 and so on for the other subnets, so calculating subnets 2 to the power of 2 is 4 or 2 times 2. Calculating one host per subnet is 2 to the power of 6 and we remove two, one for the subnet address and one for the broadcast, so each host has 62 hosts and we have four subnets available, so the subnet table in secrets will make things much easier.

It's something that occurred to me when I was teaching subnets. We start with the number one and then we double it and we keep doubling it eight times, which gives us our octet for our subnet and then we go back to those numbers but we add them so that one two eight we add 64 gives us 192 we add 32 gives us two a four and we keep doing it until we add all these numbers together, which should come to 255, which is eight binary bits of everything. It is activated. There is now a lower section on the graph to calculate how many hosts and subnets we have. you have and how many hosts per subnet, so you just take the number two and double it.

Now I put minus two in red, that's for when we get to calculating the host, we always remove two, so to determine which subnet host is on and to calculate how many subnets on the host per subnet now, the top ticks reveal an increment and then on the left the markings are a little off. Sorry, I should dial one, two, two, eight and one, nine, two, we can see that steal. two bits give us a mask of one nine two because we have marked two, so we have to take the left and column two, for example, uh 192168 100.0 our mask is two to four at the end, so it looks like we have stolen three bits if you use the subnet on the graph, if you mark the top you will see the increment, so we have stolen three bits gives us a subnet increment of 32 and we can start at zero if If we are working in subnet bits, we have to start with the left and we have to mark on the right, it has to be contiguous, so we can mark in three places to reveal the subnet.

Mark three places to work. we take out the subnet increment, so here we go 102 168 100.00 and we go up in increments of 32 until we get to the actual subnet address that we have, which was 224 and then I also worked on the first host, the last host in the stream. for you, okay, always, uh, when you're in the exam, always focus on the octet that has been subnetted, otherwise it could take you hours to solve the problem, so some examples, if it's uh or this one is an example of crdr, sorry, slash 20 gives you 240, so that's 11,224 and slash 26,192.

That's right, you'll usually be asked to find a host on the subnet, not calculate all of them. subnets, it just depends on the type of exam you are doing, for example you will be prompted for 10172.161.100.100. to determine what subnet you are on if you have a 20 slash mask we normally have a 16 slash for a class b and we have a 20 slash which means we have stolen four bits so check four which will give you the full increment of the subnet mask and we mark the first four places, which gives us the increment for the subnet, so it increases in increments of 16 and we are subnetting the third octet, not the fourth octet, it is a class b address , Yeah. 0 0 16 0 32.0 you would actually go all the way to 240, but it doesn't make sense because we can find the answer pretty quickly and just from the question and looking at the subnets you can deduce that host 100.100 is at subnet point 96.0 and I've done all the I work for you.

I recommend that you do this yourself as well to confirm that you understand it. This was just an introduction to creating subnets. I just wanted to explain the concepts to you. Follow my instructions. examples and do the work yourself and then IPv version 6 will start to make sense, so we had some problems, as I'm sure you've imagined by now with IPv version 4 in the design before we had devices mobiles and certainly before the home PC was actually invented, there was a search, there were computers, but they just weren't affordable for the average person and there was no Internet, so it supports four billion addresses, but today there are more of 10 billion people online, so it is no longer fit for purpose.

The solutions that plugged a hole in the bucket but didn't really fix the problem long term were nat cidr and private ips and didn't have security built in so all of this had to be built around ipv4 obviously we have latency on devices mobiles. devices also because our mobile devices tend to use private IP addresses that require to be translated so there are many rfcs for ipv6 rfc two four six zero only one of them is a 128 bit address base so it is very large and supports hierarchical addressing, which I've briefly covered how to make our network addressing more efficient by automatically configuring devices to configure themselves with IP addresses.

Each house can have its own unique address. You do not have NAT and the host can have more than one address. built-in security, there are dedicated routes and protocols built to support almost everyone's ipv6 support, addresses actually available, uh, 340 and decillions of addresses, so there are a lot of zeros there, basically, you have more addresses per person than hairs on your head if you have a hair that has so many addresses per person, so we are not going to run out of them in our lives and probably in the long term in the future, the address format is 128 bits, as I mentioned, it is represented by eight Groups of 16 separated by colons are now actually notated in hexadecimal because doing so in binary would take a long time, so here's an example: Each part separated by colons is actually 16 bits, shortening the ipv6 address because they are so long that we can actually if we follow the rules, shorten them, so if you have a group of zeros inside one of the colon sets, we can actually just put two colons, we can only do it once per direction, we can also skip the leading zero so you can see we have two double zero one four three a a and then we have four sets of uh two two sets of four zeros and later on we have double zero three one so I have applied the first rule here so for the two sets of zeros I just applied the double colon that tells the device that all the zeros are contained in that section and then we went further, I removed some of the leading zeros. of the four that were there and I finally removed the leading zeros from 31, now obviously you do it all at once.

I only did it in three different sections just to illustrate the different mediums available, but I could have done it. I wrote the bottom of the three addresses to shorten it because it applies to an interface. Here are some types of IEP version addresses. Just read carefully, get familiar with them, what the names are, and obviously there's no big exam associated with this manual. We're not going to be tested on any of this so it's good for you to know that there is no transmitting ipv6 there is a loopback address if you want to apply it for testing it's a colon uh a forward slash one two eight link local addresses In fact, I've issuedan ipconfig here link local addresses are only important for nodes on a single link, so it's just a connection between um, a point to point link in the network, routers can forward packets using the link local address, these can be configured manually or automatically, the global unicast address, this is how you split the ipv6 address if you would like to know the registry, the isp prefix, the site prefix, the subnet prefix and then finally the last half is its interface ID.

Alright, rp version 6 mechanisms have icmp version 6, which does the same job as um icmp for version 4, but also a bit more naval discovery added that replaces arp name resolution quad registration a returns ipv6 addresses based on names new version of dhcp has ipv6 security and then the examples of routing protocols of which are rip ng er grp for ip version 6 and ospf version 3 because one day a button on the Internet will not be changed and suddenly, we are all using ipv6, there will be a transition period, now this will take a while, so in the meantime we have to have a few mechanisms to allow Hypervision 4 to coexist with version 6.

So static tunnels include gre, which You can investigate on your own if you want a generic routing encapsulation, version ip 6 over ip which includes auto tunneling, the 624 which incorporates the ipv4 address into an ipv. version 6. something called isotap introduction site automatic tunnel routing protocol you would need to know what your names are for the ccna exam. I don't really think you need to know how they work in detail, that's too much. like ccnp things than hexadecimal, just get familiar with the hexadecimal numbering system, the characters go from zero to nine and then b c d e f and get that gives you 16 um characters total to make i um make the numbers the device numbers and i' We also put the numbers in binary, so write them down so everyone is familiar with those numbers by comparing the two.

This obviously expands the IP address i i p space from 32 to 128 bits. We have a hexadecimal number in no nat. There is a fixed number. 40 bit header, so it doesn't slide in size, so switching is improved because the header will always be the same size. It also has automatic configuration, which is very useful for security. I mentioned that it uses neighbor discovery instead of arp. I also mentioned quad registers and we have different routing protocols, so this is really just a general introduction. I just want you to appreciate some of the terms and concepts and obviously you'll go into a lot more detail if you do ccna planning ip address.

I just wanted to talk about this because it's not really covered in ccna. Later I will cover what is discussed in terms of route summary, we have already talked about vlsm, but this is a part of the ccda cisco certified design associate course and I just wanted to introduce this because it is very useful to see a little bit of the process of design and just some of the ideas behind it. Now I'm not saying I'm not going to do it. Let's say you will be able to design a network addressing scheme and architecture after seeing this because there are only a few slides, but I just wanted to give you a little taste because design is a very interesting career available and quite an interesting aspect and quite a rewarding career. for people to consider and a lot of people don't so I just have a little diagram here, a major headquarters, a couple of big regional offices, a backend system running through isdn and then we have some home .

The users connected via a wired connection, so you could boil it down to one main location, a couple of regional headquarters locations, and four branch offices, so we looked at step one, which is actually looking at how many networks you have , and we have added here how. How big is each network? Think about how many devices will need addressing. You'll look at the network design plan to get the answer to that question. The final decision on where the company is headed in terms of growth and infrastructure. Obviously, up to step three of enterprise management, look at the addressing needs for each location, you'll need to determine which devices will need static IP addresses, meaning these addresses aren't going to change and you don't want which ones to change. addresses you can let dhcp assign them which areas will use public and private addresses what kinds of addresses we are going to use and this all depends on your internal policies and how you want to assign your addresses.

I'm planning for growth because most companies grow. I know there are probably a lot of layoffs if you read the papers, but the idea is that companies grow as they become more successful, so you also have to take growth into account and repeat the process for each location. So here's kind of an idea based on the diagram you can see on the top right, how many different router interfaces switch computers, phones, and growth capacity, and these are just numbers that I got from our ccda study guide. so two seven four zero IP addresses, including 20 for growth, when you assign them, you normally put the first host address for the subnet on the router interface and this usually becomes the gateway, so all the Traffic on that subnet would go through this gateway and the address would be one.

Now I just put a real basic example here so don't use this as my suggestion for how to approach networking but I wanted to make it easy to illustrate the point you can see on the left subnet 17216 2.0 a couple of hosts there is just an example of a couple of hosts on that subnet, there will be many more, but the only 2.1 that is on the router interface, the point-to-point link for 172 16 1-0, there are only two IP addresses, so you would probably never use one slash mask 24, typically you would use a slash 30 on a point to point link, so since you only need two hosts and then going down, you can see we have a point one. or a point one and a point two for the sub uh the IP addresses for our private or public router interfaces your servers for email web dns and ftp you may want routable addresses if they will need to be accessed over the Internet and quite They are often, to be honest, cost implications if money is a factor if you are a small business will you use network address translation?

Hierarchical addressing involves summarizing address summarization techniques and helps you scale your network and helps you reduce traffic. routes that you are advertising over your network, obviously less traffic goes through and it helps with stability, so if you have a group of routes that are advertised from a certain router and only as a route to a summarized route, then if one , if one is experiencing stability issues it won't cause any problems, so the idea is to add many networks in a single direction where possible, so here is an example again from the ccda guide; you can see the network is subnetted on the slash 16 24- 30 going to our users and at the top we're actually just advertising a 10 8 address so this is done first.

You can see that the addressing is hierarchical. We're using a very carefully thought out and planned scheme, so you can allocate addresses correctly without wasting them and without having too much network update traffic over the scalable network uh again, this is for the ccda. I really find it fascinating, so it's something to keep in mind. There is a simplified Cisco ccda book on Amazon if you want to take a look, I think it costs about ten dollars on your Kindle hierarchical addressing, so you should use continuous blocks when planning your addressing and sequentially number your network addresses, so here is an example 192.168.

Sorry, 192 100 168 169 170 and it will map each of these addresses into numbers for certain parts of your network that will allow you to summarize them. Now I have written the addresses in binary and you can see the long string of numbers. we have 8 16 17 18 19 20 21 um places with 21 bits in common, so this allows you to advertise a summary address from the router interface instead of advertising one two three four five six seven eight, you're just advertising a summary route This is the theory behind hierarchical addressing and the summary, so I hope you enjoyed that little sample and it gives you something to think about, and again, design is a pretty interesting career to look into if it's something you find interesting.

This is going to be a small sample of a route summary. It would take a little more time to go through many examples, but I just wanted to give you an overview, so you can see the correct summary in this example network. Here you have a lot of routers on the left that are internal routers to your network and then you have a router that is external and goes out to the ISP or the Internet or whatever you can see on the left, it has 192.168.1 all the way to 255. so you have 255 networks, imagine advertising all of them on the Internet, imagine if you had even more networks, then the principle behind route summarization is to make your addressing efficient enough that you can send a summarized address with more typing. tables equals more memory required, more CPU cycles, more bandwidth used, it's really bad news for your network, so if you could boil down hundreds of routes into a handful that would be a good thing.

I'm sure you agree. Here we have 255 routes summarized. up to one and the principle is that anything in this example that starts with 192.168 will go through that outside router anyway, so why bother sending 255 routes? This is kind of like ccna but also a little bit ccda, but you could ask. summarizing networks in the ccna exam this is an example of a bad idea you have your networks 1921681 up to two five five you are sending a summarized route but for a very stupid reason you have put a you have used that addressing scheme in a part of that addressing scheme on another network on a different side from your ISP or on your own network if you have a large corporate network, bad idea, you've used a non-continuous address pool scheme and just took one of the addresses and used the other side, you could have used a different set of addresses, you could have used 10 addresses or 172 addresses or whatever suits your needs, but don't do that, so do it carefully. plan and prepare your direction, our allocation and allow for potential growth, maybe this office off to the side here was added as a last minute acquisition or as an emergency, but it's still bad when it comes to addressing, so, how how to summarize? many matching bits, this is the secret, if there is a secret, so I put all the matching bits in red and you can see that there are 21 matching bits.

Our lowest subnet is 192 166 16.0, so we could advertise 192 168 16 0 21 and this. would match all subnets behind whatever router we are using to advertise this digest address. So in the last example, we have four satellite routers sending different networks out of those routers for different subnets or whatever, and each of those routers are sending a summary address to the central router um, the right full spokes routers and the central router, in turn, that central router is sending an outbound address for all those networks to the Internet again, just a small example just to give you an idea of ​​the concept, you could understand the principles.

I don't necessarily expect you to be able to figure it all out based on them, just a quick introduction, so there you go, thanks for watching. See you at the next conference. writing concepts, so now we get into more meteor stuff, the role of routers, we looked at switches, but the role of routing is to examine the destination of a packet and determine the path, the best path that can generally be taken, to Sometimes there is more than one route available once this has been done. It happened that the router chooses the interface to send the traffic.

This is the difference between routing and switching as far as the router is concerned. Routing determines the route and then changes the packet. Reference is made to commutation. Writers learn about other networks. It will be connected directly so the router knows that it is connected because it has an IP address configured on that interface, it can learn routes from other routers. This is dynamic routing or you as a network administrator can manually add a route for the router to basically build. tables that stores in the destination networks in routing tables different types of dynamic static connected networks or a combination of all these few examples of dynamic router protocols are rip eigrp ospf and bgp which are mainly used for internet service providers, so the routing table information includes how the route was learned, who learned the route, which is useful for us to know for troubleshooting the route.interface, the network can be accessed and through the metric, now this varies by protocol, each protocol has a different way of assigning a cost or a weight and uses these algorithms to determine the best path forward here is a hop count example, we have a router and router b Ferrari, it has zero hops as a metric because the two networks are connected to network 192 and 10, but if it needs to reach network 10.10.20, it needs to travel one hop in This particular example, it looks like the pull rooting information protocol is using hops and the hop count is each router or router static routing.

Here you can add it manually or do it manually. added by the network administrator, the good or bad thing depending on how you look at it is that it is never removed from the writing table, so even if the network goes down, for example on the far right, network 172 31, even if that goes down, your router 1 will continue to send traffic to that network, you can use it in conjunction with dynamic routing and also dynamic routing protocols. There is an interior gateway within your domain. There are autonomous systems. It is a term you should be familiar with.

They are a group of routers that are under your administrative control. If you have a large network, you may be responsible for 10 or 20 and another department for another 10 or 20. Exterior gateway protocols route between different autonomous systems. Examples of interior gateway dynamic routing protocols are ospf er grp and rip version 2. for ip version 6 we have rs pfv3 rip ng and er grp for ipv6 interior gateway types there is a distance vector and a state link and this is to make the algorithm they follow to calculate the best routes. It also has a combination known as a hybrid routing protocol and requires a little bit of each distance vector, it's known as route rumor routing, so it learns about routes from neighboring routers, not directly from that particular network, the full write table is sent periodically, it can take time to converge and convergence is when all devices agree on what the topology looks like.

Plenty of bandwidth, intensive detection, generally recommended for smaller networks. Again, it all comes down to what you want to achieve and the design of a link indicates that network devices exchange information about the state of their links and a link is a connection between two endpoints, each device creates an independent map of the entire network. network, so this means that the router does not depend on a map, since from a particular router each device sends all its link information and link updates to all other devices on the network and does a calculation using the first shortest path algorithm or spf.

There are no fixed timers here and if a route changes I have 100 routes, if one changes only one update is sent so it's quite efficient. A couple of examples. here the hybrid protocols ospf and isis, that is, I told you, a mixture of distance vector and link state, the example is eigrp uses a bit of both exterior routing protocols, these run between autonomous systems. The most common example you will find is bgp, usually, can you use? from isp to isp is something you should be familiar with and the administrative distance, this is the weight given or the credibility of a given, they are given numbers from scratch, I think the highest number is 255, which means that route is not created at all. is ignored, the best value is the lowest, so the next connected is static and points to the IP address, so this is something you would have configured as an administrator.

It is worth remembering the ones I have put here in this box. The metrics for each protocol are different. there are hops for example there is bandwidth divided by cost so spf bandwidth and delay are eigrp bgp uses route vectors protocol mechanisms these are some things to deal with write based issues of protocol invalidation timers this marks the route as unreachable if it is inactive there is a hop limit limit which is useful if also the route does not actually exist it actually expires after 15 hops this applies to pull triggered updates If there is an important update, allow it to be sent before an update is sent, the wait timer means routes are typically not updated for a certain period of time and are measured in seconds.

Route poisoning is there to mark a route as unreachable, so the rip example would mark it as 16 hops away. Split horizon prevents a route from leaving an interface that was learned on this actually makes sense if an interface has learned about a network 10 then it won't advertise that network because it doesn't actually own that network it won't advertise it on the same interface that would advertise. outside other interfaces, poisonous reverse split horizon announces a route as unreachable and then asynchronous updates. This is an amazing update, so you don't have two devices releasing an update at exactly the same time, which means they clash, so this is just a bit. introduction uh to give you a basic understanding of your writing protocols writing protocols, we're just going to have a high level overview of the different types of protocols that you'll find and some of the features that version one has been removed from. the ccna syllabus, but it's very useful to read it and b just do some really simple setup labs with it so we have some confidence and understanding about writing protocols.

It's full of classes. What class 4 means is that it does not recognize variable subnet masking n. so if you try to add a network with a subnet mask other than the default class a b or c, version 1 will not recognize it, it will simply advertise the default subnet mask, it will not send the subnet mask information with write updates and that is an important note to keep in mind and the reason is that when it was invented there was no such thing as vlsm, it broadcasts all updates so it requires quite a bit of bandwidth. Modern protocols actually transmit them via multicast, there is no built-in authentication, and there is a 15-hop limit. and a hop is a router in this particular case.

I have issued a common uh show command on the router to write protocols. shows ip protocols. You can see it's a copy, it gives you all the different times if you want to know what they are. sending version one and you can see there are two networks here one network ten on a network path one nine two one six eight five version two was an improvement of version one it has no class which means it sends mask information subnet so we can use vlsm. it has some authentication built in its md5 authentication sends multicast updates so it is more efficient it automatically summarizes networks sorting boundaries what this means is like in the diagram if you have a network 10 on the far left and a network 10 on the far right will automatically sum it up from, say, 16 or 20, whatever you have up to eight, you can turn off that behavior and if you have a network design like this, which is a pretty bad idea, there are actually discontinuous subnets and you should do that .

Otherwise it will cause you routing problems, the igrp so what I mentioned before uses some distance vector and link state elements only works on cisco routers it has no classes so it recognizes vlsm and summarizes automatically makes calculations, uses what is known as a dual broadcast update algorithm, puts the best route which it calls successor route into the write table, the second, the third and the fourth, if you have that many routes are called feasible successors, they are putting something called table topology, if the successor route leaves the writing table, it is very quickly replaced in the topology to the air table by the feasible successor, etc., you can also do load balancing with rgrp, which is really useful if you have high bandwidth links and some lower bandwidth links, but you want to share the traffic so as not to saturate a particular link and it is called variants.

You actually use the variance command with rgrp to achieve this, for example if you use variance2 it would allow more than double the traffic. the path of least capacity ospf open classless standard protocol uses all fights and pronounces distra I think it is the spf algorithm named after the person who invented it the cost is determined by the bandwidth of the link supports ospf authentication the Cost formula is reference bandwidth divided by link bandwidth. You can read more about this when you go into ccna and ccmp recognizes the type of network you are on and you can also configure it to your best requirements by manually configuring what type of network you are on.

If it is a broadcast network to save bandwidth, a designated router is chosen, this is the master for all routing updates and is denoted as dr. You can see it in the diagram there, in fact you can also have a backup designated router. Not necessary, but this is a backup for the dr in case the router goes down. All router links are placed in areas for ospf and this controls what updates are sent in and out of the area. The rule is that all routers must connect directly to the backbone area and that area is known as area 0.

Different routers have different roles because ospf is only designed to scale on fairly large or very large networks, so the background router has at least one link in area zero, so this is given the term background router an internal router has all links within an area an area border router position between multiple areas the asbr which is short for router Autonomous system boundary connects the rspf area with a non-ospf area e.g. ergrp virtual link Say for example your company buys another company and they are running ospf, a virtual link allows you to bridge a bridge not um through zero area trunk areas with a non zero area area, so you can see it illustrated in the diagram here, as I said before, all areas should directly connect to the zero area, so what you might have in this diagram it's area zero connected to area 100 and then area zero one two three whatever, but area zero will have a virtual link and trigger all updates through it, all good, I'm just going to touch very briefly lsa link status ads just so you have heard of them.

If you decide to continue with your studies, these are um different ads and I mentioned earlier that ospf uses advertises the status of the links instead of and the networks, so the type 1 lsa advertises links to routers in the same area. an lsa network is generated by type 2 is designed generated by dr. type 3 is the network summary generated by an abr and don't worry if you don't remember these it is just for your information the asbr summary is type 4 and external links to ads used by the asbr router this is for a type 6 external prefix It's a multicast lsa not used by cisco so don't worry it's a not so stubby type of area 7.

I don't think I'm going to go into detail about the areas just a quick reference to them here. A regular area is normal. A stub prevents two types of lsa from entering. Totally plump, prevents three, four and five. entering this again is for layout and bandwidth issues, the not so stubby area blocks blocks four and five and by the way this is actually a ccmp thing so don't worry too much about it it's okay just a diagram, don't let this discourage or intimidate you. I just wanted to illustrate the different types of areas and upgrades, so it's not a complete shot when you get to read about it.

Isis is not in the ccna or ccnp curriculum. I think she might be in the ccie. I would have to do it. check intermediate system to intermediate system, it is a pure link state protocol that many engineers really prefer, in fact classless ones are very scalable, they are not widely used by engineers, but there are some engineers who really do you a favor by using it like I said and bgp, this is an exterior. gateway protocol, so it's more about autonomous systems than individual networks, there are multiple attributes again. You'll get to this in the ccmp, not the ccna, and you can adjust these attributes to route scale to hundreds of thousands of routes and there are currently 300,000 routes available on the internet, so I hope you enjoyed it, just like I said , it's just to give you a little overview and a sample of some of the concepts that you will experience in ccna and what I've covered a lot of this actually in the ccmp configuring the router, so let's look at some configuration steps and concepts, obviously they'll make a lot more sense when we do a lab together, but I just wanted you to give us some theory to work with, look at the router modes. and passwords show commands, the configuration registers different modes ofinterface configuration, so there are different access levels or privilege levels you could say for Cisco routers and different levels and different parameters um will allow you to configure different parts of the router, for example, just issue show commands or configure IP addresses and routing protocols so that the most basic mode is actually called user mode.

You will see the router if you are on a router or a switch, if you are on a switch it will say and then you will have the greater than the arrow and then it will say even though it doesn't say anything it will type enable to try to enter privilege mode as long as you don't If there are passwords there, it will enter privilege mode and recognize it because it will have the pound key at the end of the router or switch name of the device. If you want to configure something, type the word config or configure.

You can type config for a short space and then t or terminal config t or configure terminal two. words that take you to the configuration mode and then there are different modes there, for example if you want to configure an interface or you want to configure some routing protocols, you will access the relevant configuration prompts, if you are not in the correct prompt then you will not be able to configure these parameters, you can return to the previous mode in which you were typing the word exit. You can return to privileged mode completely wherever you are by holding down the control and z keys or by typing final passwords. secure privilege mode with a secret password enabled.

The reason we do this is that we don't want people to just connect to the console port and then start configuring the router or even telnet, so secret password enabled is called cool because it won't be visible if issues a show run command which is the program running configuration here you won't be able to see the enable secret so I wrote enable secret and then cisco here just to make it easier to run the program and it says enable secret 5 which means it has been encrypted with md5 level 5 encryption and You can see that now there's a hash there, obviously the Cisco password, which this person can't see when they log in to the router console access.

I'll talk more about security issues later if anyone connects to the router's console port. a very vulnerable place for you as a network administrator because they have a lot of access so ports on routers are called lines when you are in configuration mode you can also add a timeout value so if someone doesn't write no command for a certain period of time, it will discard them, so here's how to put a password in or a way to put a password in the airport line console zero password and then the name of the password here's how to do it adds an exec script execution timeout in line setup mode and I just put five for five minutes, you can make a space and then add seconds if you don't have seconds to protect Internet access, Telnet is disabled so default.

The talent lines are called vty lines in the settings now depending on the device you have you will have five lines from zero to four or sixteen which is zero to fifteen inclusive, if you are on gns3 you actually have hundreds so the line vty zero space and I have put a question mark, the question mark will tell you what is available in any command parameter and I can see that I have 903 here, so this is actually in gns3. Now I added the cisco password and then typed login, what that means is just to check the password below the vty lines in the following example on the right, I typed local login which tells the router to interrogate the name of username and password you entered and the configuration mode service password encryption really is a pretty poor way to encrypt your passwords. offers a weak method to encrypt them, it's known as level seven, and there are three programs on the Internet that you can download to crack passwords at level seven, so in the output I put the username, the Cisco extraction password, and then the type of service password encryption issued. a showroom and then showed me my level 7 password.

What I'm trying to say is don't use them. Show commands. You'll get a lot of use as a Cisco engineer showing you all the different types of configuration. Showrun is the full configuration running in dram on the router show version is a common command that shows you all the memory installed on your operating systems and how the router was reloaded last time show ip interface summary is a summary of attached interfaces show ip protocols is a summary of write configurations show memory is used to view memory statistics, show history is for previously entered commands, configuration log is very useful for know it, tells the router what to do during a boot sequence, is a hexadecimal value if the value is 0x2102, tells the router to boot normally and load the configuration for the router from memory if it is 2142, says boot but skips the setting.

You would do this if you just bought a router on eBay and someone put IP addresses and stuff on it or you forgot. passwords and I made a lot of these when I worked at Cisco with clients. You can check the configuration register value with the show version command type. You will probably have to press the space bar to show the rest of the screen and at the bottom it will show you the configuration log if you change it with the command at the top xerox 2142 configuration dashboard log then it will issue a presentation version that will tell you which one will be on the next interface reload get a bunch of these on your routers and you can buy modules that have additional interfaces.

Show IP Interface Brief gives you a summary of its interface. Name the IP address and if it is up or down, there will be two parts. It will be up, up, down administratively, down. The first value says, for example, down, down, it means it's physically down, you can't see a wire there. The second is protocol, which means you can't see that any guardian is alive, so layer one and then layer two, so show the IP interface briefly to find out. what interfaces it has and what are the common layer one and layer two interfaces. Image from Cisco Systems website.

This is a fairly old router model, maybe 3640. I can't see it because of how shiny it is, but a lot. of interfaces here t-series interfaces gigabit fast ethernet and voice interfaces and it also has a module card on the top right so some examples of interfaces you may have have numbering that varies depending on interface types, slots and the modules you can check out on the Cisco website. for the interface numbering, if you type that into Google, but the slots have their own numbers and then if you put different modules in the slots, that will affect how the numbering works, sometimes it can be a little confusing, but that's why that we have The short show ip interface command will tell us what we have and is also numbered on the back of the routers as well as the common configurations.

So here's an example of fast Ethernet. I have written the speed I could have left. on auto, but I set the speed to 100, the duplex is full, the IP address, I issued the no shutdown command, the no shutdown basically tells it to come on, so it's the opposite of being off and you can see there's a informative report. Coming in saying the link is up, okay, interface status, it shows the IP interface summary, I already mentioned that, it gives you the IP address and the current situation, I mentioned them before, okay, an interface, so this is your wide area network, the default encapsulation. on cisco devices it is hdlc unless you have bought a different type of card um like an adsl card or something it shows the interface mine is serial 0 0 0 on this router with quite a large range and you have different cards , cables and so on, uh Here is an output of a series of program interface.

I could have written serial, but I wrote s for short zero zero zero. Loopback interfaces are really useful for testing and home labs. You can have as many as you want, within reason, you should write interface loopbackspace. question mark to see how many, but you can't add IP addresses to them, they never drop because they are logical so they can't be broken, they basically don't exist physically in the path or existing software, but you can ping them and test with them, so I hope you enjoyed it and I hope it gave you a good foundation to move on to the continuing lectures.

Static routing. I realized we discussed this before, but I think those are just some of the things I wanted. To cover why a writer table is used so often, we've seen output from a writer table before, but basically we know that it is a network directory that the router knows about. It can be a directly connected subnet, so it is connected to its interface. your router, you could have entered it manually as an administrator or, as we already know, you could have learned it through a write protocol. Now the important thing to remember is that if there is no route in the writable table by default the router will drop the packet you can configure something called default route to send traffic somewhere if there is no route in the table, so here is a show ip route and you can see there is a key at the top.

I recommend you issue this command on any router or on gns3 if you are using it is just so you can see the available outputs connected static pull mobile bgp and so on, below we have our various routes that one learns by pulling, they both connect another route pull and then there is a static route that network 0.0.0.0 basically says any traffic for any network is sent to 192.168.10.1 and it does this if you don't want to drop packets on your router or if for example you are installing a router on the a customer's site and is connected to an ISP. and you want the ISP to do all the routing for you and you just send the traffic to the next hop, static routing added by you, the administrator at administrative distances, is preferable to any writing protocol, the reason is that you, as administrator, you should know. the best way to get anywhere to override the protocols you need to specify the network you want to go to the exit interface to send the traffic to or the next hop so here we have a router with a few different subnets attached or three routers One, two and three.

I'm configuring a router one to access networks that are not connected, so those are the ones outside router three one seven two sixteen one one seven two sixteen two and the ones outside router two one nine two one six eight four one nine two one six eight three and I'll do two different ways to accomplish this, so to get to one nine two one six eight four dot zero and with the correct subnet mask, I put a next hop address at one ninety one six eight two point two your router must know how to get to the next peak and in this case we know it because it is a network connected to reach network 3.0, this time it is the same. an exit interface uh you will do that if you're not sure what the next higher level is or for other administrative reasons to get to the network um 16.1.0 we're going to exit through our serial zero zero and we're going to get to the network 16.2.0 make sure you put the correct mask and it is also the same interface so we have covered these four subnets of the two different routers, the static routes I have issued a show ip route on my router here and you can see all the interfaces connected in all these static networks that I have configured.

If you ever make a mistake, it's usually because your router doesn't know which one is next up, or the outgoing interface is wrong, or you put in the wrong subnet. Here's a little thing though, I see a lot of students get stuck, they can find a way to get to whatever the remote network is, but the remote network needs to know how to get back, so you're fine here because all the routes they are connected to router 3 and router 2. but if there was another router, say router 5 is connected to router 3, that router 5 would need to have the routes to get back to all the unconnected networks, so you would need to configure more static routes so Router 2 has pinged 172.16.1.1, it has no idea how to reach that network, it is not in the writable table and there is no static route and there is no default route if it had issued the route IP 0 0 0 like I showed you before, then I would just send all traffic to the following network, so in the checklist make sure IP writing is enabled; by default it's actually with the write ip command on the routers because that's what they're doing to make sure the next hop address,if used, be reachable and the egress interface must be up and addressed correctly, so the point-to-point links must be on the same subnet and the egress interface will override the need for an arp lookup so there is no art package. sent for each uh ipv6 packet, a really simple example of putting a simple network address in point to point and a loopback network in zero loopback on the router on the right and here is the configuration, what I suggest you do is get a couple of routers on gns3 connected with an ethernet cable and just add these IP addresses exactly how I put them here and have some fun and do a ping ipv version 6 oh yeah it's done at the bottom of uh the last command, ping ip version six you can't just issue the pin command you have to say ping ip version six and then the IP address so I hope you enjoyed that and I'll see you in the next lecture so here's our topology we have a network 192.168.1 in the middle, we put a dot on this side, a dot on this side.

I've created two loopback networks, so I'm going to a loopback interface on this side on a 10 network and a zero loopback on this side so we can do our testing. It's very useful to use 17216.1.1 loopbacks with a 20 slash mask, so I started. I pressed the start button. Obviously this is gns3 and we will do some configuration to maximize. that window maximize that window let's change some preferences here okay so I have a little bit bigger interface so I'm going to go to router 1 first interface comp t serial zero zero slash mask 30 I know this because I have He done this many times, it's 252 no, the other thing I wanted to do is add the l0 loopback.

I'm going to put a short IP address. It says 10.1.1.1, okay, 10.1.1.1, space, okay, so we have our loopback interface. I think that is correct, slash 26 is 192, yes, so we will go to router 2, now full interface serial 0 0 IP address 192.168.1.2 no loopback interface zero IP address 172.16.1.1 what was the calculation? Sorry 20. 240.00 is fine, so let's go Go back to router 1 here, show the IP interface summary and we can see that our serial interface is up, our loopback is up and I'm just going to ping through serial 68.1. 2 to get everything up and running, so what am I going to do? What we do is choose the address 172, which won't work because the router doesn't know where it is.

We haven't added any routes yet, so if I run the show ip route command, all we have here is a connected network for our 10 and our 192. Okay, so we need a static route that takes us from here to our network 172 , so the network iprout is one seven two point sixteen yes one seven two sixteen network 0.0 240.0 now we have a couple of The options here we can say output interface or next top address, so move on to the IP address of the router or we can choose an interface on this side, we're going to do a next hop and the router should know where the next top is because it's connected to the network.

Now that's good, so let's ping 172.16.1.1. It has worked and if I broadcast the route show ip. We have a static route here for network 172. We will go to router 2 and ping 10.1.1.1. It's not good because there is no route to that network, so we need to fix it if I just check mask 26. Okay, so com. t ipv route 10.1.1.0 192. So it's network 10.1.1.0 with that mask and I'm going to specify an exit interface. I'm going to end here and then ping 10.1.1.1 and that worked. ip route and we can see that we have a static route here connected directly serial zero zero, so there are two different ways to make our routes static.

I'm copying the same topology as before, so network 1921681 here and we have 10. network on router 1 and network 172 on router 2. So I haven't reloaded the routers from the last lab because I wanted to show you a quick way. I could reload the router here if I wanted, but gns3, well again, s3 is a It's kind of funny doing that, you'd be fine with the live team, but I just wanted to show you a quick way to move to another lab without doing all that, so I have all the configuration here. However, what I want to do is copy this, highlight it and copy it, go to comp t, type no and then paste it, and I will do the same with router 2. show run and my ip route is here, copy conf t no and this just clear the command, basically press enter.

Now, if you're broadcasting a show ip route here, you can see that my static router is gone, so my IP address is here. You know how to do it and my loopback is here. What I want to do is add my routing protocols so we can Let's rip, it's not in the ccna, but it's easy to configure the router and if I just put a question mark, you'll see our available protocols bgp and grp isis on demand, so rip, now we enter router configuration mode. so we can do the configuration commands for our red 10 net router to make it work there we go, so there are our two networks and this will not work properly until we get to the router 2 conf t router rip red well, we don't have to add our network in the middle otherwise they won't communicate and sure it's 172.16.00 and that's fine so it should take a few seconds for this to work because it's a pretty small network.

Show IP route, okay, so our connected network will not show as a rip network because it is connected this here our rip network, you can see that the key here is quite useful, actually having r is for rip and we can see that we have our spin network and the administrative distance is 120 and it's a jump away, this is the metric used by rip show ip protocols is a very useful command our protocol is rip, it gives you your timers, it tells you which version of rip was sent , it was sent and received, what networks are you writing for, but you can see that there is a slight The problem here is that this is slash 26 and this is slash 20, so if I issue a presentation IP or a route here, it shows r 16.

Rip doesn't copy version 1 doesn't recognize a variable in the subnet mask, I think your debug IP represents Yeah, okay, so we'll see, yeah, okay, win or that means undebug. Every rip is sending an update, it's broadcasting it, and it's sending the network with the metric, so you can't see any subnet mask information here, so that's a problem we have. so comfortable rip router and all we have to do is turn on version two, which recognizes that you simply type end there comf-t router, oops rotor rip version two and now this could have updated the table and show the IP route, there there's something else I need to do, but um, the IP Rip error, I'll just wait for a debug to be sent.

Okay, so what I wanted to show you is that our subnet mask is now sent before it was just the network, but now the Rip version. 2 sends a subnet mask information, shows IP protocols, and you can see that it's sending and receiving version 2. So there's another thing we need to do. Rip automatically summarizes the networks at the core network boundaries, so once the ted network reaches the main network 192 The network boundary will reduce it back to a slash eight, so show the IP protocols. Oops, sorry, showing the IP route is what I want and we can see we have our network 10 here, so okay, network, sorry, I'm going to change it with a mask 8. so we need to do something to change that, like this that conf t router rip and this is the command no auto summary it is not necessary to have it activated, but you do have it if you want to see the variable n subnet mask if I issue show ip protocols now the automatic summary is not in effect on router 1, it is current because I have not yet added the command com t router rip endless auto, let's go back to router 2, show the IP route and there we go, we can see that it does not have The previous entry was not deleted here, we can see that our network slash 20 6 now it shows show IP route and I want the network seventy 16 20 to show that it is the end of the lab.

Okay, so we have the same topology as our last two labs that I want. to go to our routers and just delete our last lab setup without router disconnection without router disconnection depending on where you live you can't leave it there if you want it will just make it more confusing so type end and then show ipv protocols no there's nothing running so this lab is er grp so router and eigrp now press question mark here because we have to have an autonomous system number and it has to match the routers that we want to communicate using ergrp so I'm just going to choose a number here and then all I need to do is add our networks 192.168.1.0.

I can't, I can't have the automatic summary, but I don't want to get into that particularly for this lab, so the router and the igrp have to do it. be the same number, so I'll add 10 network 192 and then network 172. You see, we have an eigrp message here telling us that an adjacency has been formed with the neighbor router. Show iprout, okay, so what is indicated here is eigrp we have a network 172 that is going to be null zero non zero means it has been trashed it is an attached network we have a 172 our network 10 has been announced and we can see the network 192 again this is our connected network so the one we are most interested in is looking at network 10, the administrative distance is 90, the metric here as shown highlighted, I will go to router 1, I will show the IP, we should see the network 172 here, so that's it. ergrp summarizes the main boundary of the network, so it has been summarized to slash 20 sls 16.

Sorry, we can add the no autosummary command if we want. I'm not going to do that for the moment. Show iprot protocols. I'll just show you now. er grp, ig power 10, the network we are routing for is 110 and the network 192, actually our grp will work with a maximum route value. The default is that you can issue max routes and then the question mark command to see how many you can get. everything is fine, so that's all I wanted to show for er grp were the show ip protocols and the show ip route using the same topology that we probably use for most labs.

I'm just going to get rid of the last part of the configuration that I don't want now is router and igrp 10. So we're going to do ospf for this lab, so now we have a number here, although it doesn't really matter, it's a locally significant number to indicate the ospf process running on the router, one thing we need to do differently is add a wildcard mask and it has to match the network we are advertising so 192.168.1.0 Oops and then we have to designate the area I go to. Put everything into areas here to keep it simple and we'll see 26.

So 192. 63. Area zero. There are many more things you can do with OSPF, but I'm going to cover that today it could be the same number or a different one. number okay so spf load net is zero 172.16.1 let me take a look again 1.0 0.0.0 this is the wildcard mask which I will cover in another zero reading area oops it should have been 15 here it is zero, okay so the routes We will have to load for the loopbacks but we will do a show ip wrap to see what we already have okay so we can see the 10 networks that have been announced, they come through 102.168.1.1, that is the entire route and it is attached by a series zero, so one shows the ip route.

See that network 172 has been advertised. We can see our administrative distance and our cost and the same details as on the other router. I simply issue the show ipv protocols command so you can see the ospf 10 networks we have. they're routing to here you can see their information the gateway the distance reference bandwidth now that's all I really wanted to show a very basic spf lab you know there's a lot of information you can cover but just to the basic course is enough for us Continuing with access lists is a pretty difficult topic if you add access lists subnets and nats together, they are probably the three most difficult for any Cisco engineer, so we will have a description high-level overview and I'll show you some configurations.

Examples of ACLs: They are used by routers and some switches and firewalls to restrict traffic. Now, depending on the device you have, they can filter traffic based on the source or destination MAC address, IP address, port number or service, for example, icmp and even the time of day. We'll stick to access lists on Cisco routers due to the format of the course, we really don't want it to be too difficult or intensive in the order of operation, just so you know that a router will compare traffic to an access list which it will then do . make a decision in writing that makes sense if there is an access list that blocks real traffic for whatever reason, I wouldn't route it first and then access the access list because it's just a waste of processing power and a waste of time. available lists, you have the standard access list, an extended access list and then an access list withname that can execute standard or extended commands, so here is a standard access list.

The good news is that it's pretty basic, it's easy to set up, the only problem is that it has limited functionality because there are only a few short parameters you can use and not a huge amount of things you can do with it. The router knows it is a standard access list because it has a number in front of it and the number is 1 to 99. There is an extended range available if you need them, although it is very unlikely that you will have more than 99 access lists, the only one or biggest drawback is that you can only filter based on the source address of the packet, this is the source IP address or the source network. address, you can't filter by destination, and you can't filter by ports or protocols, so you're a little limited.

The extended access list has many more features, but it can be quite complicated to set up for beginners because there are so many. different parameters and the more things you can configure, obviously there are more things you can get wrong, the numbers are 100 to 199, there is an expanded range if you need to use them, filters on the source or destination port or protocol, so pretty much anything you need to do is a name The access list is useful for you as an administrator to remember what the access systems are, especially if you have several on your router.

It's so easy to manage that you can set up a standard named access list or some extended rules that you need to be familiar with. The router reads the access list lines from the top to the bottom, so the more specific it is and the more likely it is to be captured, let's say it's a massive network, I would put it closer to the top to prevent the router from having to configure it with a single access. allowed list per interface per direction, one entering and one exiting, there is an implicit or invisible deny at the bottom.

What this means is that if your router reaches the end of the access list and hasn't found a match, it will. it automatically denies that traffic and that's how a lot of young engineers get trapped because it's invisible, they can't see why the traffic is blocked, the router can't filter the self-generated traffic, so if you try to test it, you can do it. Don't use your router to test an access list that you have in your own interface, you can reuse the access list as many times as you want and the other thing is that it has to be applied somewhere for it to work. access lists and then don't add them to an interface and then wonder why it doesn't work.

You actually have to put them somewhere when you set up access lists. We use wildcard masks and a wildcard mask is the inverse of a subnet mask and says. the router what it needs to match so here's an example 172.20.10.00 a subnet mask the wildcard mask is a quicker way to figure it out any number you add to it has to be two five five total so you can see two two four you have 31 to get two five five and obviously if it's zero you have to add two five five, so here's an example of an access list, a standard access list, a list of access scripts one and a network that allows and the network that I am allowed is 172.20. 10 and then I am putting the wildcard mask not the subnet mask the wildcard mask set up a standard access list there is an example there is an access list number and then the address that will be allowed or denied only one address of origin, I already told you that they always refer to the question mark if you are stuck, just type the question mark key, press enter and the router will tell you what your available commands are in that particular phase of the extended access list of the command line um.

These are your options. Here is an example of an access list, we are allowing a tcp protocol and it is always from and to, from host 172 16.1.1 to host 172 20.1.1 eq is equal to an smtp is a simple mail transfer protocol, the next line is a tcp from a network to a host and then the next line is from a host to a host equals web traffic. I don't expect you to understand all this. I just wanted to do it again to give you an introduction and show you what the syntax looks like. Access 102. I have the keyword established here, what it says is that there has to be a previously established connection, so do you remember the scene and the sync bits correctly?

This is what the router looks for. You are looking for the confirmation bit. I mean, you, uh, I'm acknowledging that you're already logged in. Named access list. Slightly different syntax. type instead of access list, you type the command ip access list and then you can see that you can type standard or extended. There are other um options that we won't discuss, so here's an example of um setting access list and then the name block. web press enter question mark here I have put it so you can see the permutations and I just wrote two simple lines here you can issue the do command if you are not in the privilege command you can issue the do command and then a show command on To prevent you from going back and being able to see that the access list is here, it is also giving it a sequence number uh 30 20 15 10.

That is, you will get these if you are on ios version 12.4 or later, you must apply an access list, I told you this, you should apply it to an interface report, the command is ip access group if it is an interface or a port ip access board class, I don't know why those who specify make two different commands to be honest, but that's how they want it, here's an example for an input or output interface and here's an example for report access class sequence numbers. I mentioned 12.4, this allows you to edit and access this stuff that you never used to be able to do, which was a real pain. so now you can edit an access list, you can add or delete lines, so here is my access list and then I posted a show IP access list and you can go in and delete lines and add them later if you want, a true basic. overview, don't be intimidated by this, I just wanted to give you a little understanding of how they work and what the user authentication rules are, so the authentication method is there are quite a few available, in fact it has pki, which we We are going to discuss kerberos aaa 802.1x for wireless actually it has come out of the ccna exam now there is a bit on the ccmp switch multifactor single sign on so to authenticate users this certainly for ccna just needs a bit overview of this, but just wanted to fill in some of the gaps.

Various methods, obviously you got the username and password, something called a token generator, now you get them a lot for online banking, you put your card in and it's generated. a code fingerprint reader or a combination, so the authentication process always seems simple to the user, as it normally does, but the process behind it can obviously be complicated after this, the fact that the credentials must be sent securely, they can be encrypted, you have md5. which mentioned above secure hashing algorithm, for example hash, no real password is sent. What is sent is a hash value like this example here and in the diagram at the bottom, the server holds the credentials and compares them to the hash received and authenticates or not, you may have heard of pki before .

I'm not really sure it's covered well. It's certainly not covered in the ccna. I've never heard of any questions about this, but it has to do with digital certificates and can be quite a complicated process. It uses a certification authority concept. The CA confirms the identity of each user, and each user in the organization trusts the CA. It uses symmetric encryption, so it is the same key for asymmetric encryption, which uses different ones. The keys to encrypt and decrypt the certificates expire and then a new one is issued. Kerberos is a one-time network authentication protocol. What happens is that you authenticate once and get access to all the resource servers on the network and whatever else the key distribution center consists of. the authentication service that performs the actual authentication and the ticket granting service that provides the user with triple-a tickets that you have probably heard of in your travels, verifies the identity of the user, which is the authentication, provides access to resources , which is the authorization and records the user's access, which is the accounting part, this is the aaa allows authentication through a single username and password, whatever the resources, now you have radio and tacacs that are they can use with this aaa with attack radio everyone's letters it's a remote authentication protocol just to compare and contrast if you're ever asked I doubt you'll go into this detail in the ccna dot one x I mentioned before it addresses threats to wireless security so you won't see this for the ccna, for example, a fraudulent wireless access point, threats and mac address spoofing.

Additionally, 802.1x offers port-based authentication. Whatever port you end up connecting to on your switch, it allows users and devices to authenticate using eap or radio. The authentic 802.1x authentication process authenticates users before they receive the network crash and access. You just have a few terms you need. familiarize yourself with just smoking, as I said, instead of any exam, authenticator and authentication server pap and chap are requested to use mainly in point to point connections with ppp, they use usernames and passwords for authentication and both have to coincide. for the link to appear, the password authentication protocol sends passwords and clear text, it's a common exam question that actually is and then the guy uses encryption and a three-way handshake for the guy, the server sends a challenge, the client responds with the password hash and then the server verifies the hash and then grants access, obviously if they match, multi-factor authentication uses more than one method, often it's something you know, like the username and the password, something that you have like a smart card or a token and something that is like voice recognition or biometrics, different types of token available, obviously, single sign-on, an example is a user only has to authenticate one time to get access to all the resources that we have, a Kerberos or a third party solution works very well with cloud solutions software as a service and an example is obviously Google docs calendar email and all the other resources, so that's the end of it thanks for listening firewalls and dmz so firewall functionality.

I'm sure you've heard of firewalls before, basically, it's a security. device that will filter disallowed traffic that typically enters the network, we typically place a firewall at the entry point of the network or between critical modules, depending on your needs. In fact, I've seen cases where you have a firewall outside your main network router and then another one behind it, so you have two levels of protection. Most operate at layer four, but some at layer seven, which is the application layer. Many create secure tunnels between other firewalls. You can have a routed mode so that it runs IP and routing protocols.

Addresses or Transparent Mode – This is where it works as a layer 2 device and is actually transparent to users. Software firewalls are typically installed on the user's PC, so you have protection for your operating system rather than network layer protection that doesn't protect. your network and you will get a free firewall with a large number of operating systems available on the market. Hardware firewalls typically installed in your rack along with your switches and routers increase security because the device is specifically designed to provide security. The costs can be significant, very significant in fact, you can have a virtual firewall, this splits a hardware firewall into multiple logical devices, each device can have its own configuration, each context has its own or the configuration has its own or it can have their own security policy, interfaces, access lists, administrators and generally do not. supports vpns ipsec or routing protocols, so these are your virtual private networks, stateful inspection, so stateless is packet filtering, your data going in and out has no relation to state, it means you are tracking a dataflow and I mentioned earlier that your dataflow is tracking everything it gets.

Destination IP and port number and it is a flow of traffic that goes back and forth. Responses associated with the connection are automatically allowed. No return traffic rules are required since thefirewall automatically creates the rules. Firewall rules. All traffic is blocked by default. The rules are created in order. to allow allow traffic the same as the access list, it starts at the top and continues down with an implicit deny at the bottom, looks at the source of the destination port number, the application, even the packet size and time of day, zone based firewalls, I'm sure you've heard of dm dmz before it is an evolution of a traditional interface based file wall and creates zones which are called security zones.

Each interface is then placed in a certain area. Zones can be trusted and trustworthy or a demilitarized zone dmz which then create unidex. unidirectional zone pairs, as you can see in the diagram, these zone pairs apply whatever policy you have implemented, which could be modular, flexible or granular, so that your dmz is not actually inside your network, giving you provides another level of security if you like it to be accessible to both people inside and outside your network and the inside of your network is still protected by strict security policies and on your dmz you could have things like your corporate email, which clients They can visit and that kind of thing, okay?

So that's the end of the presentation, thanks for listening to tunnel encryption and remote access, so tunneling and encryption basically allows secure external access to an internal network that I mentioned before, which may have remote workers and home workers who often connect over the Internet using a broadband network rather than a dedicated line from a service provider, which tends to be more expensive. Often used with VPN. Virtual private networks and a VPN concentrator. These are used with SSL for security. PPTP L2TP and IPSEC, which we will talk about so that they are secure sockets. layer a vpn is a common way to set up a secure connection uses tcp port 443 you can set up a vpn tunnel between two points that are unlikely to be blocked along the way by firewalls and allows users to authenticate and also data to be encrypted with some different modes available clientless access which uses an ssl compatible web browser a thin client which is a small java applet so port forwarding is done full access to the channel where you need to download a ssl client vpn pptp tunneling protocol dot a point creates a solo tunnel that doesn't do any encryption or decryption, so you actually have to bind it or use it as an encryption protocol of some kind.

It uses authentication methods like ms chap eip tls pptp uh sorry pptp clients that are built in. On most operating systems, here is an example of a layer two tools protocol that is generally known as l2tp, followed by pptp. This uses udp port 1701 and uses other protocols for encryption, for example ipesec again, it's built into many operating systems, ipsec I'm sure. that you've heard about is basically not a single protocol, it's actually a whole set of protocols that work together. VPNs connect your devices that don't share a physical cable that I mentioned above. IPSEC protects data passing over the connection.

Two types of VPN you can use. common exam question actually this side of the site is a permanent secure connection and remote access and this is created when you need to get the access ipsec gives you data origin authentication data integrity data confidentiality and anti-talk back this prediction protects against denial of service attacks vpn tunnel ipsec is built in two phases i sa kmp ike negotiation which is a complicated data transmission the whole process will have a limited lifespan before running it just looking at the remote access now briefly the access Remote is seamless network access for home or mobile workforces to connect as if they were actually in the office, making it transparent to the user.

Typically, it generally requires a VPN with voice support. You may have to handle high or low traffic volume depending on whether you are doing voice and video. that kind of thing is a permanent connection and you usually have to support hyperflows. I've covered flows before. Additionally, security issues obviously connected over the public Internet have caused us a lot of problems. Risk of identity theft, which is another device pretending to be something. another device is not a risk problems protecting confidential data and comfort secrets common roommate access protocols include raz remote access server ppp ppp over ethernet rdp ica ssh just look at some of these remote access servers at actually a legacy technology uses dial up through public telephone switch network which is your telephone line created by microsoft but actually became generic ppp is a layer 2 protocol which you will use a lot as a cisco engineer or certainly preparing for your exams .

It has authentication, compression, error detection, multi-linking, it's a pretty robust protocol and is very popular over ethernet, it's used over dsl lines, you can set up a connection, authenticate it and build a circuit so you can see why It's so popular, you don't need a router because it's a layer 2 rdp you've probably heard of. you certainly will if you help their stuff gives you remote access to control and business system allows desktop sharing via tcp port 3389 built into windows also works with other operating systems and we have an independent computing architecture ica this is actually from citrix The systems allow users to access the server or services used by non-Citrix systems and, in reality, with it you get more administration, centralized management, reduction of the client.

The fingerprint secure shell is very useful in use and know, it offers communication services to a remote device, so it practically replaces tile networking or a basic form of secure replacement to provide remote access and it is usually command line access. The data is encrypted and I mentioned that you get. a command line to download PuTTY, Google search PuTTY thingsputty.org and you will be able to download PuTTY, so that's the end. Thanks for listening. Safety devices. Some different types of security devices. Let's just take a quick look at the ones that look familiar. with the terminology, if you have a conversation with other network engineers or in an interview, identifiers, ips vulnerability scanners, honeypots and honeynets, a fairly short presentation, so intrusion detection and prevention systems perform inspections traffic, detect and authorize traffic, can be hardware or virtualized software, the intrusion detection system receives a copy of the traffic to analyze the ips, they are actually placed within the traffic flow and the packets progress through the device .

If it blocked traffic, they weren't looking for real problems within the network, so I hope you can appreciate the differences between those devices. The categories you can have are based on behavior, so you analyze the traffic, compare it to the baseline, and look for discrepancies. Signature base. Inspects packages for malicious signatures. The network monitors the entire network for suspicious activities. Host-based is installed on the host, obviously the intrusion detection system is an older technology now, so many major vendors have phased it out. You can have a promiscuous mode that sends all traffic to a CPU to analyze logs, alarm alerts or snmp traps that can be used on the dmz or subnet where the firewalls are located, place the sensor outside the firewall inside the firewall, it could be in the same VLAN as the dmz or the server farm.

Promiscuous mode has no effect on the network. Spam basically means a copy of every frame that comes into a switch is sent to another port on that port that you can connect your device to for traffic vulnerability scanners to analyze. They are non-intrusive tests to detect security or privacy violations. Typically, if you hire a security consultant, they will do some intrusion. detection and detect more capabilities and open ports on your network so identify network devices network topology scan for open ports you can usually download software that will do all that for you test from inside and outside looking for vulnerabilities and then all An example is provided in the final report: nessus, a free commercial vulnerability scanner.

I actually went to the website and couldn't see a free version. I think there is a free trial, but no, I'm not a real free version, but yes, you can check out Honey Pots and Honey Nets for yourself. Honey Pots allow you to attract potential attackers. Attacks are restricted to an isolated environment. Analyzes the attacker's behavior and collects information. Most modern attacks use automated scripts and a Honey Net is purely a series of Honey Pots. Alright, I hope this has given you a little overview of the common devices and the differences. I'll see you in the next presentation securing the switch so switch security looking at physical access accessing remotely securing switch configuration securing switch physical access to ports, a lot of this actually applies in some of these slides, in It actually also applied to Cisco routers because switches run ios the same way routers for ios do, to be honest this is all common sense, however I have assisted many companies esp. the smaller companies where they just put their network on computers above someone's desk or under someone's desk or in a little free niche with no door and these companies, like most other companies, their entire business runs on servers and configuration files and if they lost this data it would probably explode, it's all financial data, transactions and billing so yeah I'll say it's a no brainer but a lot of people don't do it so it should at least be accessed to the team. using a lock and key or key code in a properly cooled room or access to an air conditioned room restricted to staff only, ideally some form of closed circuit cameras.

I know, obviously, every business is different. Ideally, with a personalized swipe card and login access again. It depends on the scale of the business and what your needs are, so remote telnet access is actually disabled, you can't make it a device until someone actually enables it, which is obviously a good step for security. Ideally, you should only enable secure shell access, which requires a security image on your device logins. You can actually provide individual logins on devices. Here is an example of allowing only ssh on a switch. Same for routers and transport inputs. You can have all known ssh or telnet and the correct answer is ssh if you only want to allow ssh and here is an example just below I said my PC I am trying to telnet to a device and it is closed because telnet is not allowed access to Turner , you only need to set a username and password. or put a password below the telnet line for vty lines.

Here is an example where I put a password directly below the vty lines. Here is an example where I add a username and password and then add the local login command which tells the router to inspect the username and password properties to authenticate people to enable ssh, it should add a hostname, a domain name, the actual configuration files which you can easily get from the Cisco website if you do a search, also set a timeout and try again if you want, and a cryptographic key here it is an example of the configuration commands, there are others available, this is the most basic configuration that you can put in enable ssh, alright, secure switch configuration, this is basically to prevent someone from entering configuration mode.

We've covered this before, but I put enable secret cisco. then i logged in under the switch and typed enable and they asked me for the password and i'm about to enter it so i can enter individual usernames and passwords, you can have different usernames and passwords for different people, you can actually assign different access levels Login to these accounts is also a bit complicated unless you start using different servers if you just stick to cisco ios commands it can be a bit complicated and a bit complicated access levels per user this privilege level of username security 4 and I am assigning some privilege level commands here ping and show run are the allowed commands for level four which secures the lineof console ports zero console and then you can add a password to the console port.

An alternative way is to log in locally and have a username and password, I added an executive timeout which basically means after two minutes and 30 seconds it hangs, the connection is blocked and you would have to reconnect, update the ios , fixes bugs and closes security vulnerabilities, updates and improves iOS features. you can issue a presentation run which is part of the output shown below which shows you which one your ios will show if you are on a large enterprise network you usually have to have a support contract with cisco because sometimes updating the ios can introduce new problems depending on your hardware and configuration commands, so larger companies usually perform an evaluation before updating the ios by changing the native vlan I mentioned above, the native vlans used to carry default traffic types, such as your vlan vtp and dtp traffic dynamic trunking protocol. trump protocol and um it should say cdp actually i wonder what does that mean dcp traffic cbp natv land default is always vlan one and hackers can easily gain access to vlan one and therefore any device on it so no use vlan 1 for hosts i have issued a show vlan summary on a switch and it shows that all ports are in vlan, a default management vlan, so this connects to the switch remotely to do some configuration.

I created a vlan 10 interface which is called switch virtual interface and added an IP address for VLAN 10, so this is setting the IP address so that we enter the switch to 192.168.1.1, closing the ports not normally used, if you connect a cable to a switch port, it will appear and attempt to start passing. traffic well its not a good idea so you want to close any unused port you can use interface range command if available on your ios version of fast ethernet interface range 0 10 to 20 and issue the command shutdown turn off cdp cisco discovery protocol, I think we covered this in the lecture, I think it will be later if I haven't covered it already, so cdp allows you to get information from connected devices, anything that is connected to a serial interface or ethernet and shows your ios and a many other features, so if you want to turn it off normally on a perimeter device leaving your network, don't run cdp, if you want to turn it off, the interface writes no cdp enable, adds a banner message, it's not much use. security, but simply displays a message of your choice when someone logs in to the device.

I went into configuration mode and it issued a motd banner, then it should emit a delimiter character and what that means is that the next time you type that character. it means your message is over so I chose the brackets put the message and then I issued the close brackets command there and you can see I logged in at the bottom and it says keep out secure network vtp is Vlan trunking protocol used. For trunking on a switch network, it is best to add a password to vtp to confirm that all updates are really legitimate, so the vtp password and I have added a password called cisco switchboard security is a topic really important for ccna.

You must know this. In quite a bit of detail, ports can filter based on mac address or you can limit the number of mac addresses connecting through a particular port. You can also tell the port to dynamically lend any connected device and secure the mac address which can take the action report. put if there is a violation, I will protect it, that means discarding frames with an unknown Mac address, close, put the support in a disabled error state and the administrator administrator has to recover or restrict it, which means removing frames when the amount is reached of Mac addresses.

For example, you've started at the top, you have to issue access in switchboard mode, you have to tell the switch what type of port it is, so this is the layer 2 command switch port security and then I added the encoded Mac address. only that mac address will be allowed through that switch, another configuration man command below is switchboardport security maximum five, which means only five mac addresses are allowed to learn on this interface. The show port dash security command will show you an overview of all port security. configuration, if you want to drill down into the interface, it shows the port dash security and then the interface, name and number of the fixed mac address means the learned mac addresses are saved in the running configuration once you reboot the switch , they will forget, so you would have to relearn 10 mate up to 10 mac addresses and you can see that the maximum here is 10.

I have issued a new set of commands below here, learn a maximum number of 10 stickers, make them sticky and place them in the running configuration and I also put two hardcoded Mac addresses here, so that's the end of the switch security. Thanks for hearing the same topology as before. I have removed all the routing so what I need to do is add the IP addresses. What I need to do is have some way to reach the loopback networks from anywhere, so the easiest way to do this is with the default static route and what you need to do is add all zeros, all zeros and then specify an exit interface for let's say all traffic for all networks exits over a zero zero series.

I'm just going to add the same thing so the next thing I'm going to do is try the ping ping 10.1.1.1 so that worked so I'm happy now. I can reach and I will do the same on this side, which is actually 172.16.1.1. Now that it's working, I'm going to add an IP access list, now a standard access list to prevent traffic from this loopback host address from reaching the roof interface. conf t act access dash list question mark I have all these numbers, I'm going to choose number one because it's in the standard range of the standard group and then if I press question mark, I can allow or deny, I'm going to deny and then press the question mark, it could have a hostname, a host or anything.

I'm going to deny the host 172.16.1.1. Next I have to allow everything else because of the implicit deny and do it with permission anyone so anything else can go. through the router, the other step is to apply it to an interface of some type or report. I want to add it to the zero zero serial interface and I use IP access group one and then I can choose to log in or log out. choose enter, so let's go to router 2, now let me ping through the loopback, actually I'll ping, okay, that worked to test the access list.

I need to do an extended ping, so let's press ping, press enter The destination IP address is 10.1.1.1 again and then I want to go into the extended commands and click Yes, I want to get it from the blocked IP address 16.1.1, just press enter several times and i get a message u here unreachable, that's exactly it. what I want and then if I go back to router 1, I show the IP access access lists, I can see that I have deny here, there are matches, some packets have been allowed, there are matches in the access list and you can see that it has been blocked if its interface show run serial zero zero.

You can see that my IP access group has been added to that interface and that is what is blocking the traffic which is the end of the lab, the same network as before. I have an access list from the last lab so I need to delete it and I'm going to leave the static route in the no access list one serial zero zero no ip one. Okay, so I'm going to add an access list and I want to avoid telnet. from our loop from our router two the first thing I need to do is enable telnet so comp t actually my vty zero space nine three three which is what I have on the 903 sorry password login cisco, so telnet is enabled, next is to start my extended access list access list if I make a question mark, you can see that the range is available 100 is the first number available for extension, so what are we going to do ?

I'm going to deny it below. Our options are a lot of things. to deny TCP protocol authorization from the source address 192.168.1. Oops 1.2 sorry, it needs to be a host because it's not a 192.168.1.2 network, so it denies tcp from host 192.168.1.2 to anywhere. I'm going to deny it, yes, I'm going to deny it wherever you play. You play with him. different options when you do this lab multiple times tonight anywhere and my options are good, all these options here, but I'm going to do a match given a port number, so any one is the same if I press the sign again question box, you can see all the options.

I can enter the port number or I can just type telnet to access this 100 deny tcp from hosts 102 168 to anywhere if you enter using the telnet port. The other thing I need to do is allow all IP traffic. Allow IP from anywhere to anywhere, that's how it's done for an extended access list. I need to apply it to a serial interface sliro zero zero zero ip access 100 m okay so what I'm going to do now I really should have tried Tilenet before adding the access list, remiss of me I say to net192. 168.1.1 which is fine, destination unreachable, but we still need some way to test telnet.

There are actually a couple of ways you could tell net, let's see if this works. 10.1.1.1, you won't have that. Tell me if I make a slash and then telnet um 192.168.1.1 there we go. I am looking for this source interface. Source interface. The question mark and will be a loop that goes back to zero. This is not blocked. You are getting the tile network from at 172 16 1.1 and there we go, it worked. I'm going to enter the Cisco password and I'm in Iraq on one, so it'll just be left off the access list. If we go back to router 1, we will show the IP access lists and you can.

Look, we have matches here and we have permissions here, same old topology. Let's try a named access list. I actually left our access list on from the last lab, so I'm going to delete the one that doesn't have access. it lists 100 shouts and you also have to remove it from the interface okay so this time we will have another access list here the syntax is slightly different IP access list and then you have to say extended or standard I will have an extended one please , my pss is extended and then give it a name if you want to block i cmp, you need to fix the case if you are going to reference this access list later, it can't have whitespace but can have hyphens or underscores for names Now you see that the syntax has changed configuration extended named access list but the rest of the syntax will now be familiar.

I can turn or deny. I'm going to deny something and I'm going to deny icmp, which is ours. ping uses and denies icmp from a host 192.168.1.2 and I'm going to deny it to host 10.1.1.1 so I'm going to deny rcmp if it's coming from 192.1681.2 and if the destination is 1.1.1.1 10.1.1.1 Sorry I need to allow everything traffic, so I'm going to allow icmp n-e-n-e and I'm going to allow ip any any to allow all ping traffic to work and any other ipa traffic to work from here. can i go to interface serial zero zero ip access group and what was the name block it icmp so the theory now is that we should be able to get into router 2 and it should be able to ping 192.168.1.1 yes but it shouldn't be able to ping and there we go it's blocked by access list really simple lab it shows IP access lists and you can see the matches if you want okay simple lab thanks for watching network address translation so we'll look at nat basically It's a means of preserving IP addresses that I talked about earlier in the IP addresses section, how we were basically running out of IP addresses quickly, so with vlsm the public and private IP addresses we just found ways to preserve IP addresses, allowing private hosts. to access the internet or public networks, I'll give you the private address range before you can nap with a public to public address if you need it for some reason, but it's almost always used for private addresses, e.g. 172 16 for go out.

The Internet also masks its internal IP addresses, so it offers some security protection. You need a translation from the private to the public address, so you'll need a router or firewall to do that. There are some rfcs that have a look at rfc 2663 if you want, okay, so you have to tell the router what the internal and external interfaces are. There are a few ways to configure that, depending on your requirements, three main ways the router or firewall converts the packet headers and traces the session to know what the destination is and responds in and out some bits ofthat terminology you should be aware of because you can test the internal interface is the boundary of the domain that you control the internal local address is the IP address of the host within your network, normally it is a private address, the internal global address is the address internal as it appears in the outside world, the external interface is the domain board that you control, you don't control, sorry, that's coming out.

For your ISP, normally, the external local address is the IP of the external host, as it appears inside and outside, the global address is the legal and routable IP address. Configure that in four steps, usually designating the internal and external interfaces and adding an access. In the list to tell the router or firewall what traffic you want to add, you create a global address pool that it can use and then you configure it with the IP and the internal source list and then you reference the access list number, so here is an example. I have my IP on and off the fast Ethernet and serial interfaces.

I added an access list comment which is just a comment telling the administrator what is happening. It is not actually part of the configuration. I am allowing 10.5.5.0 and I added a wildcard mask which just designates the subnet and I have issued the group which is 150.1.1.3 and ends at point six so I only have three usable addresses for that group and then the last command is open that. list internal sources group 100 and then the group name shows the translations being done and you can see that my internal address has been transferred to an external address, I'm not sure where I got that actual setting because it's at an address 200, so I would have to do it, do a lab and check it, check it, but the main thing is to look at the IP of the program that the translations command when you come to do your own labs, that's where I have the address 200.

I think I used a configuration of another lab, so the static nat address is changed to another useful address if you have a web server or a file transfer ftp server and you need to have a static address, here is the configuration. ipinside static source and then my internal address to my external address dynamic knot is for a group or group of addresses obviously useful if you have a lot of addresses inside that need to leave my group here it has 100 sorry 200 ends in one and the last usable address ends in 16. The access list tells the router which IP addresses to overload or translate the port or pat address saves the cost of purchasing multiple public addresses;

It swaps IP addresses for port numbers so you can Look, it saves a lot of money, it's the same setup, however at the end of the group name you add the word overload well, so that's just an overview and then I recommend that you do some nat labs to get familiar with all the commands and display commands so this is our usual network we have a fast ethernet connection between the two devices here I just want to issue the cdp commands so I'm going to turn on router one and address IP is already configured, so show cdp neighbors neighbors.

Notice that's the US spelling, so there's no u, so I can see I have router two connected via fast Ethernet. You have quite a time for cdp packages. The capacity is the router switch. I have to verify what the ice platform actually means. Port ID so you have basic information. The next thing you can do is issue the detail show c d p nayback. This gives you a lot more information. So it's a bit of a security risk if you're at the edge of your network. you, the IP address again, the capabilities, the version of the software that runs in duplex is half of some reason I would have to check that so you get a lot more information, so you need to know how to turn it off if I go to the router 2. okay we are going to race zero 0 fast interface without cdp oops there is no cdp enabled if you want to do it in the interface if you want to turn off the whole device it won't run cdp now if I go back to router one now.

I'm not sure how long it stores the cdp information, show the cdp neighbor and if I can clear the cdp, yes, clear the cdp counters, clear the cdp in the table and then show the cvp neighbors, see if it works, yes, I can't see any cdp neighbors because it has been activated. shutdown from the other device, I think the last command is to maybe show cdp just general cdp information and then you can drill down into the other subcommands if you want, but the lab was just to show you how to check cvp and then shut it down. logging and ntp network time protocol, so sis login is actually a standard for computer message logging, it's not just a cisco installation that runs common devices that can also run on printers and obviously Cisco Damon routers or a service that listens for messages that it can't actually be. it is used to poll devices so it doesn't actively scan or poll messages that are something like sn snmp which does pass through to udp so it could lose packets if it's a busy network, it also doesn't offer any authentication so security is possible. loophole floor, if that is a concern for your network, there are different levels of severity and you should know them for the cisco ccna exam.

You should actually be able to name each one of them. I've listed them here, from emergencies all the way up to general debugging information, which is Cisco's lowest level. You use the login command to enable logging and it's actually on by default so you don't have to turn it on. Obviously you can disable it with the logout command. You can specify the severity level with the log capture and then the severity message. You can also issue a show login command to see the configured level. Specify the destination for log messages. It could be another route or a server and in the source address if you want.

So here is a sample configuration. The login is actually already in the informational log trap and then I just specified where the logs should be sent. Here is the log output of the program. It is very important to have the router clock because it gives us an accurate timestamp for when. Crash messages occur when incidents occur on the router or switch. You can use a clock setting command. Keep using the question mark with this because it's pretty easy to fill out all the different requirements for hours, minutes, seconds, and days, and yes, if you know the command that's coming to mind, you can just type it all out without hitting the question mark question mark and then the program clock will show you the clock and then whatever time zone you are in, you have set the clock to ntp. in operation for quite some time, it is basically used to synchronize device clocks over the internet, so that all devices that have exactly the same time within a few milliseconds work on your udp and you designate strata, This tells you how far away. you are from master source stratum 0 is the most accurate, it is an atomic clock or gps known as reference clock and then pole loads from different servers, you can have a server pole on that and a server pole on the server that extract that, etc. so on Cisco devices you can issue the ntp server command and then the IP address which you can also backup.

You can also back it up with a secondary ntp clock if you want to show ntp associations. It will show you the association with your watch when it is polled and you can show the ntp status to see your current settings and reference times by setting the time zone. I'll put the commands here in case you want to set the time zone manually again, use the question mark to mark the time zone and then just check to see. which time zones are suitable for your device, wherever you are, okay, so it's just an introduction, a very small topic, but still quite important, so please try the commands when you have access to the protocol simple live computer snmp network management that we have alluded to in previous lectures.

Jobs at the application layer use udp ports 161 and 162. It is there to facilitate the exchange of information between network devices. A network that is written in SNMP consists of a management system or system agents and SNMP agents of managed devices. The small pieces of software that reside on each managed device and each device you want to manage must have this small piece of code. Vendors often publish it and have their own programming team that publishes codes that you can download and install on devices not all devices are manageable some really small manufacturers do not release software that can work with snmp translate performance information into events or traps.

This could be any number of things, such as a high CPU. A certain amount of memory used on a server. A problem with a port or interface. A lot of things. Agents translate traps into a readable format. The management station used by the SNMP agents obtains requests that carry the data, and the agents fetch the data from the management information bases. These are usually known as mibs just for brevity, so mips describe the data management structure of a device subsystem typically in large enterprises. You actually have a whole team that deals with snmp for your devices, that's certainly the case with cisco because they used to support and be part of snmp support.

Here is a sample gui for a worthwhile solarwinds snmp software service. Check if you are interested in learning about snmp and adding it to your network, but it gives you a really useful dashboard. You can see CPU load memory, packet loss usage and that kind of stuff, and you get reports in different formats that you can track. Over time, the agent accesses the agent process management device, such as router, switch, or server, the managed device collects and stores this management information and sends it in a readable format to the network management station nms, usually a computer or server, here is an output from a Cisco device running Cisco SNMP software, actually what it does is quite useful is give you a graphical representation of the output of the entire device, also the ports on the device and you can Color them depending on whether they are up or down. at the bottom you have two power systems, a redundant power supply and a main power supply which has the green lights on and you can use snmp, you can go to devices and you can set up an individual porch which is really useful, You can see the port statistics, you can open the port, close the port and do a lot of things, so very powerful SNMP commands are monitored with its read, write and capture commands; it probably won't issue them if you are using a snmp graphical management station it will do it for you with its menus and commands and menu systems and point and click read command to monitor devices the correct command controls the devices the trap command will uses to report everything the correct example is an interface that goes down the traps are not recognized remember we are using udp here snmp reports is something slightly different it is a trap that includes a confirmation of receipt from the administrator so the problem is that it consumes more memory and bandwidth because it is waiting for a recognition three versions of the snmp version Version 1 is still actually the version currently used.

Version 2 is an improvement and version 3 provides authentication encryption and message integrity, so I hope that gave you a good overview of snmp. Thanks for listening to dhcp dynamic host configuration protocol 101, it basically saves us as a network. Administrators manually configure IP information on tens, hundreds, or thousands of hosts on our network. They consider how many end systems you have, obviously your personal choice, but if you have less than 50, you might consider just static addressing if they keep the same address. regularly if you have more than that obviously consider dhcp but it's your call. You can use dhcp for five systems if you like the security considerations.

Can a user connect to the network and get an IP address as an option for part of their security assessment? the probability that devices will have to obtain another IP address at any time a different IP address Do you have high availability demands on the network? Therefore, the static addresses that are normally used on corporate servers basically have to keep the same address that they are never going to request. a different address, network management workstations where thesnmp devices report to network printers, public access servers, your wide area network devices especially your routers, firewalls, anything else you choose, obviously static versus dynamic manual entry for ip subnet mask gateway , dns servers and ntp servers, so there are a lot of The boot protocol was created in 1993, which partly helped solve the problem of having to assign this information to devices; however, it didn't do everything I needed and couldn't tell when the device left the network.

There was no logout. bp, as I said, couldn't configure all the parameters we needed, so it was replaced by dhcp. It's a four-step process that you can see in the diagram: discover, offer, request, and then, and not as an acknowledgment, dhcp discovers when the device boots are broadcast for an address that is where it is normally located on the PC, if Windows clicks to get advice using dhcp and offer to the server, transmit the offer on udp port 68. The request has the device to officially request the IP information that has been offered by the server and then it has to wait for the acknowledgment from the dhcp server, so here are the four steps: Reservations, these are usually addresses assigned from a pool of addresses that are expiring, you can set them to not expire, it's your choice automatic, there are hints of previous IP addresses and try to reassign the same IP address if possible and static is where you manually assign IP addresses based on the device's MAC address.

Dhcp scopes are a range of IP addresses typically within a given dcp i' subnet. We have already said scope, sorry, a group of IP addresses that you can assign to hosts, each subnet has its own scope, you can have multiple scopes, certain static addresses will be excluded and I already mentioned static addresses for your router interfaces, your firewalls, web servers, email. Servers with such scopes can include the IP address range and subnet mask. Duration of release. Default Gateway. DNS and win servers. dhcp lease. If desired, the administrator can assign the address to a device temporarily. It could be minutes, hours, days.

As long as you really want it, the server usually reclaims it when the client leaves the network and signs the lease. Defines how long the host can use the IP address. Normally it will request another address upon reboot. The timers are associated with the address list so it starts when the address is assigned, you have timers associated with dhcp so you don't suddenly lose an address, there is a renewal timeout t1, so when 50 of your lease time has expired, the client will try to renew its lease rebind timer t2 the default value is 87.5 percent of the lease time the client will try again and if it cannot get a response from the dhcp server it will try to contact another dhcp server dhcp options 254 usable option values, so it's kind of veering more towards server configuration than knowledge of networking from Cisco's point of view, I would go into more detail if I did a course on Linux or a Microsoft subnet mask, obviously, something we need to map the DNS server address, domain name options one, two, nine. and one three five these are specific to your network just take a look at the dhcp packet you can see here discover offer hacking requests captured by a Wireshark captcha you can see the discovery packet here take a look at the source and destination address and you will be able to look, it is a broadcast address here, dhcp offers dhcp request and then finally dhcp confirmation.

It's worth pausing the video or watching the slides if you have access to them to see them in more detail, but I hope it's given you a good foundation for dhcp. It's certainly something you'll have to deal with on a regular basis as a network engineer, so it's worth learning thanks for listening, we have our usual topology, it says, let's get the address right here 192.168.1.0 dot one on this side and dot two on that side, I can actually add one and on this side, I'm sure you know this anyway, so this is static in this particular lab, what I'm going to do is swap this internal address here like it's a host on the network, although I am using a loopback address, I will change it to a routable address and then it will reach router 2.

The only thing we need to keep in mind here is that router 2 will not know how to reach this routable address. It doesn't actually exist anywhere, so what we'll do is add a static route on router two to send all traffic back out of the fast Ethernet interface. That's the only thing we need to worry about is the router two around the two we need. to tell the router which is the inside which is the outside which it interacts with if you use gns3 you need to make sure there is enough memory in the router it is covered in another video but you need to configure the device and add more virtual memory which is covered if google gns3 and add more memory to the routers or virtual routers then router two I already added the command it already did it before also iprout000 zero zero zero zero and it will output to f zero so that's all you need to worry about in router two obviously has the IP addresses, make sure I can ping the loopback on router 1, which I can do here and then on router 1, we need to designate the internal and external interfaces. so the loopback zero i p nat interface is going to be inside the fast ethernet interface zero zero zero would be your ip nat outside so you have to have that command there and you have to have a static route and a router two so the next thing that what we need to do is that configuration we are going to make a static map so translate one address to another address for the configuration and you can do the question mark as you go open that and then press question mark you have some options here and for doing static which is internal ipnot taking an internal address if the source of the question mark is pressed, the question mark is pressed and we are going to do a static mapping here, so open that internal static source, the question mark it doesn't work as well in the exam as it does in live iOS. but it should give you some different results, so what is the internal direction?

This is the part we're looking for, so I paid for inside statically. Well, let's do 10.1.1.1 and we need to change it to a global address. I'm going to choose a routable address, never use this on a live network because this address belongs to someone, I will choose one, in fact I will choose 20, I will open that internal static source, that's all we need to worry about, there are some of the commands there, but we don't need to worry about them, so that's the command there. We're going to change our address 10 to an address 20. Now the next thing we need to do is test it somehow, so I'll just do some debugging. actually debug actually you won't see an ad because it's static but I'll show you something else so ping uh ip the destination IP address will be 192.168.1.2 so we'll ping our first ethernet on the router 2. get to the extended commands we want to hit a source address loop and go back to zero you can enter the ip address if you want just keep hitting enter that worked and gave us our nat of um 10.1.1.1 translating it to 20.1 .1.1, that is the source d for destination 192.168.1.2. show ip nat tram relations now um, because it's static, it should actually be here all the time so you can see our inside global, inside local and outside local and global is the same address, so our static nat It has the same topology as before, the only thing we have.

What we're going to do is add a secondary IP address to this zero loopback. The reason is that we are creating a nat address pool and we want to check the assignment of more than one address of this pool, so if we go, we have the static routes on router 2 and we still have the nat inside and outside commands, so if we do a show we run a pipeline in a straight line, you might have to press shift to get that ink nat, which means include that. I already have the internal and external net IP addresses assigned to loopback for the interior and Fast Ethernet for the exterior.

The other thing I added is that if I do a show run interface loopback zero, I added another command which you can see here ip address, just enter the loopback interface zero and then type the IP address 19.1.1.2, same subnet mask and then the child space and you can add as many child addresses as you want, so this is just for testing, but sometimes you can if you want. you can add an address from a different network. You don't do that kind of thing very often, but sometimes you can do it to test or troubleshoot, so make sure you can ping it through the 1.2 link. running and we need to go into our nat configuration so this is from that group so console ipnat and if you press question mark you can see all the different options the one we're looking for is paul so we need to give it a name.

I'm just going to call him Paul after my first name. I'm horrified by Paul and then here the question mark says what his AP home address is, so I'm going to say 20.1.1.1 and then as you've probably guessed, they want to do it. Know the final IP address below, so 20.1.1.10. I'm going to use a pool of 10 addresses and if you're using the packet sniffer you only have one option here, but I'm using Cisco IOS so I can set a prefix length which is how many bits are on the subnet. mask or netmask, I'm just going to do netmask and then 255.25.25.0, so we've set up a pool of IP addresses to use as our national pool, which isn't a lot for a live network, but we're just doing a test for a home lab, the next thing we will need to do is add an access list, so the access list will be a standard access list, an access list with a permission and then we will allow the entire network 10 and we need to have the wildcard mask that will match so that all the traffic on network 10 that is connected to our loopback matches and then the last thing we need to do is link the access list with the nat.pool mask so that they both work together, there is ipnat inside and then if we press question mark, we have a couple of different font options and then the next thing we need to do is the list you see, there are different ways to do this font, list one and then you can see we have the pull option and then we just have the poor pool name, so I set that inside the internal traffic reference, the access list to match and then I use the pull port, enter, so this is for our nat pool exit debug ip nat now the next bit you have to do quite quickly because then the entries in the nat pool expire.

I'll do a show ipnat tran there's nothing there. I have debugging on so let's do an extended ping we're going to point through our link to the other router extended command yes sources 10.1.1.1 so we'll use the first loopback address hit enter a few times and you can see it's working . I'm going to do it again quickly 1.2 yes extended command sources 10.1.1.2 enter, you can see it's happening again, there may be a shorter memory on this router here uh oh, I didn't translate for some reason, so it appears in that translation, so I don't know why the second thing didn't actually work, but the main thing is that I wanted to show you the nat that is taking place, so the address 10 here was translated from the first host in the group and then the address was used from the second host. for the second host on the um inside so you can see that two nat translations have been done, I'll troubleshoot why that ping didn't work later, but the main thing is I wanted to show you why and show you that the nat pull uh it works and you can see why we have to do it quickly because it basically expires the translations, you can go in and change the nat times which is a little bit more advanced so I don't really want to get into that. for the moment, but as you can see, this first ping worked.

Why the second ping worked. Not sure about source 1.2, destination 192.161.2. Yes, I'll see it another time, but I don't destructively know the reasons why we did the lab. So that's how to set up a Nat Pool frame relay, just a little look at this layer two, a protocol, it wasn't, yeah, it used to be in the ccna in quite a bit of detail and then it seemed to disappear and now. it's annoyingly reappeared because it's not really used that often, to be honest it's been completely removed from the cisco ccie exam that's floating around on ccna and ccnp so let's take a look at it expect some theory at least for you.

I could possibly have somelabs also in the actual ccna exam or analyze maybe some outputs or configurations, so it is a non-streaming multiple access technology, so there is no streaming and multiple devices can access it via the link referenced in the layer 2 address. a dlc, a data link connection identifier, this number is there solely to identify your device, its interface to the frame relay service provider, that's all it does, so the number may change as you, as your connection crosses different service providers and local lmi management changes. interface, allows your router to communicate with the frame relay switch.

Consider it live maintenance. Sends a live frame every 10 seconds. He gets six every minute, every six. It is a complete status report that reports on the status of the link. The maintainer is responsible for reporting whether the link is up, down, or removed. There is actually a kind of protocol for lmi. The three available are Cisco Ansi and Q933a. A Cisco router will try to communicate with all three until it finds a response and it will do so. do it in that order cisco 1c and q933a, you can configure it if you want. I've never been personally bothered by it.

Here's some frame relay lmi debug output and I just wanted to show you the status in red. I have highlighted it. 0x2 is what you are looking for, it means the state is active. You can refer to Cisco documentation to debug Frame Relay LMI if you wish or troubleshoot the permanent Frame Relay virtual circuit. This gives you your connection between two extremes. devices, so you can't actually see what's happening between the Frame Relay service provider cloud in between, but what you can see is whether or not your circuit is up between the two endpoints. Different Ways to Set Up Frame Relay Depending on Your Budget and Network Requirements A multidrop interface is where more than one Frame Relay connection terminates, so you could have a headquarters in the middle and then different field offices and, like hubs, you have to There is a way to resolve your layer 3 address and your IP address. your layer 2 address which is your candy can be done dynamically using reverse arp, statically using the frame relay map command is the other way to do it and it can be confusing because it works in different ways depending on how you have it configured. above and then you also have to deal with the complicated configuration commands for eigrp and ospf, which act differently on frame relay networks.

There is a congestion. Finding a mechanism built into Frame Relay, it will report any congestion to or from the destination. The guys are feckins fecns and they attract becns and you can see the diagram which direction they travel and how they report, so it was just a frame relay test, it's a pretty meaty topic actually and takes up a chapter or two in most the ccmp and ccie guides but just wanted us to appreciate it for now wide area networks and vpns virtual private networks what area networks i'm sure you're familiar with this as they rotate across vast geogeographic distances and due to the distances mainly No We can use the same technology that we use for our local area networks, they cannot carry multiple signals and do not have the technology we need to cover the distances, so we usually have to get support from an Internet Service Provider. or a telecommunications company that supports any service we need, such as voice and video transmission, an equipment that we can actually buy and simply connect it to an interface provided by the service provider or they can provide the providers with all the network equipment of wide area we need. we can rent it and get support for it and just connect our network switch directly to the one that normally pays monthly fees as well as the bandwidth used, now it obviously depends on us having a lot of services available, it depends on our traffic. budget and many times it can depend, depending on where we are geographically, because some services are available in some countries and others not in remote areas.

The connection type is a circuit switch for example, this is turned on and off as required. and when you need it, you'll only pay for it as you use it. The leasing line is completely dedicated, it will cost more, but it is always available to you. There is a packet switched network where you share the bandwidth with other users and An example of this is Frame Relay where you can purchase 64k cell switching increments, it uses a fixed packet size and would normally be something like an ATM automatic, which is not so common anymore, yes, broadband that can use DSL.

I have heard of wired networks, example of circuit switching in a packet switching in circuit switching, it uses the same route all the time. Packet switching, you don't really know which route it will take as long as it's your top priority. We mentioned nbma when I talked about the special Frame Relay technology used in a connection, it does not support broadcast traffic so it has problems with some writing protocols and Art Frame Relay. ISDN and ATM use non-broadcast multiple access, so it is a reverse application. allows Frame Relay to map an IP address to a Mac address, it works like Harp, but in reverse, the reverse arp interface types that I already mentioned above in Frame Relay have multipoint and a pointer point, multipoint has multiple devices or endpoints connected to it an interface a point to point is simply a one two a connection still requires a layer three to layer two resolution method you can use the reverse arc or the static command I mentioned earlier if it is a point to point connection you have no problems with layer 3 to layer 2 addressing here is a picture from Cisco website of a t1 card used for our connections 1 older technology t1 means carrier level t one was generally used in North America, Japan, Korea from the south.

It had two 64k channels and some signaling, but the cumulative amount of available bandwidth was 1,544 megabytes. The European t1 standard is called e1. You have 32 64k channels plus some other signaling giving you an upgrade of just over two megabytes to Actually, this was the same deal for t3 and e3, but with higher bandwidth, more metro ethernet circuits and long range ethernet . It is a rapidly emerging solution based on Ethernet standards. The infrastructure is truly transparent to the end user or to all metro ethernet connected services using gigabit connection speeds. You may want to look into your own time for more information on Metro Ethernet, okay, satellites, wireless connectivity, typically remote locations are used a lot on cruise ships, oil, oil consumption and drilling platforms or wells and things so where it is simply not feasible to function. a cable, uh, it could be a temporary office somewhere, use a satellite dish, a satellite dish to reach a satellite, an average five meg download, one meg upload, you do it or you may experience severe latency and You are affected by the weather, if it is cloudy or rainy, you need it.

The line of sight to the satellite is also not ideal and can be quite expensive. It's kind of a legacy technology that now actually allows communication over a traditional phone line. It has an ISDN basic rate interface that provides you with 264 b channels that are bearers. channels and the data of the d channels and you have pri, which are 23 64 b channels of 164 d dsl. I'm sure you've heard that it's quite popular. It is an alternative to stn. It works much faster. It is much more economical. of around 24 megs obviously depends on where you live and upload speeds of up to 3.5 high connection speeds for dsl, you have different types of dsl available vdsl hdsl symmetrical dsl, which means the same upload and download speeds, the cable gives you Internet access through your home cable. system which is really useful because you don't have to install any new equipment or lines.

It gives you 100 megabytes, which is a really fast VPN. I have mentioned and alluded to in several presentations. It gives you a secure connection between two unsecured locations. Generally we will be browsing the Internet with this site-to-site connection. VPN is a type of remote access VPN and is another, and a common extra net exam question is that the types of traffic available from VPN are added over any infrastructure to get the security IP ipsec is used ip6 is used along with aaa quite a few benefits including cost flexibility, scalability, you could have hundreds of users using vpn access, you have site-to-site remote access, vpn and extranet, which is what I mentioned before and there's just a little more description here, okay, Thanks for listening, I hope you enjoyed, we have a simple topology route, so one to route to two one nine two one six eight one point one and one point 1.2 to the right. and we are going to do a ppp lab so there are important things that we need to keep in mind here for this lab about the host name and each router router r1 and r2 and then if I broadcast if I ping 1.2, our link zero It will work if we make a program. serial interface zero zero by default is a hdlc, so high level data link control encapsulation cisco standard serial to make it work well.

What we want to do is switch to ppp and add some authentication, so the first thing we need to do is add a username. I'm going to add the opposite device username username r2 password cisco and on your router 2 the same thing you reversed username r1 password cisco next thing I want to do is configure the ppp in cap shuffle encapsulation ppp alright some different options here ppp authentication is what we are going to use, so authentication has two options. I usually have two cap and dad. I don't want to cover anything else. I don't really care about Microsoft.

Here the ppp authentication chat sends a hash value of the ppp authentication chat password. show serial interface zero zero, okay, you can see it's physically active. The line protocol is down so it's a layer two issue and you can see the encapsulation is ppp. It will not be active until the other side agrees. That's it and debug, wow, debug the ppp ppp package. authentication, you'll get a lot of information there, but I just wanted to turn on debugging so you can see if you ever want to turn off debugging. It's a all for and debugging all committees of zero zero serial interface in cat pp, wow!

I can see there's a lot going on in the ppp auth chat and you can see it's going to try to authenticate and now it's disabled all the debugging because you're going to get a lot of it, but basically you're seeing there's a response and a challenge and it's passed. and it is yes, the login request response sent is r1, this is my username, so the interface should have appeared. Show serial interface 0 0. I can see that it is active, which is good. The upline protocol is physically active and the encapsulation is ppp. It's really simple. lab, I just wanted to show you some ppp encapsulation and also authentication using the chat router and troubleshooting the switch.

Obviously I can't go over every scenario, but I just wanted to cover a few different facets of troubleshooting switching loops that I covered above. cause of them and it really is a no-brainer to use spanning tree in your switch network, if you don't use it you will almost certainly get a switching loop if you have redundant ways to connect through your switch and connected to the network , so as you know, the layer two frames don't have time to look integrated, so the station was forwarded up to the router so that, in theory, they could cycle through the switch network infinitely until Eventually your entire network will be flooded with transmissions.

Never ever connect a U-switch to your network. The reason is that if you have a configuration there, there are many possibilities. it will erase all other settings on all other switches and certain things need to happen before that, which I don't have time to explain here, but basically you need to erase all the settings on the switch and depending on the model you have, make sure it is configured as client and not as a server. Cable problems are quite easy to fix and this is your bread and butter as a network engineer. If there is no connection on the actual interface, you cannot see the traffic passing through in the fastest and most economical way.

The way to troubleshoot, other than closing a notion of the interface, is to change swata, change the cable to the cable that you know works well. A fin is known as an interface that rises and falls rapidly. This may happen normally or often before. actually a cable fails completely, check the link light and you should also check your switch documentation to read the errors, check the pins, if it's a pit, it can happen with ethernet too i guess, butespecially in serial cable, sometimes people can force it or it can be a cheap cable and you can bend the pins and then your network won't work.

Be sure to use cables approved by the supplier. I use cheap cables for my home network for a price just to save money, but in a corporate network you should always use the cables made by the provider. There's a db60 interface here, a serial interface, and sometimes the pins on these are obviously bent out of place just because the cables have been plugged and unplugged too many times, and that could be a cause. of your problem also here are the link lights on your switch. I'm not sure what model of switches it really is if it is a Cisco switch and the link lights will give an indication of what is going wrong.

Shows Fast Ethernet interface 0 0 take a look. Cisco documentation will also tell you what the different errors mean. If you are getting input errors, collisions, interface resets, resets, it is an indication that something could be going wrong with your interface or with your cable connected to your interface. The program drivers is a really useful command and it tells you if there is a serial cable connected because physically you can have a cable connected but if there is a bent pin or a problem for some reason with the cable and you see it says no serial cable connected, then you know. you have a problem with the cable or the actual interface, another command you can look at is show interface and then whatever interface number I showed you on the last slide at the bottom, you can see the most important one is dcd, what is your carrier, you can detect if the interface can detect a signal on it.

Port configuration problems. It can manifest itself as poor performance or a lack of connectivity. Changed the cable and still has the problem. You just need to check that both sides have the same speed, duplex configuration, encapsulation settings in the same VLAN auto configuration can cause problems, especially if you have equipment from different vendors, for example an HP switch connecting to a Cisco switch and sometimes ports just break down, you see. It's fine and sometimes they test fine but they just don't work properly so use a different port and everything works fine. VLAN Mapping displays the VLAN Summary which will show you which ports are connected to which VLAN, so remember that all ports default to VLAN 1.

The link lights will not alert you because the port could be passing traffic but not yet. it's on the right VLAN so check the Nokia network documentation, maybe someone plugged in the wrong cable or just signed the wrong port to the wrong VLAN. This happens mtu, I haven't come across this very often. An issue with the maximum transmission unit, but this is the maximum size an iep packet can be without being fragmented. This will change depending on the type of technology, for example a frame relay or an Ethernet connection. or ATM or whatever and also the technology that is used, if a device can't pass the entire frame, it will fragment it.

Fragmentation consumes time and network resources, if even a part of a large packet is lost, if a fragment is lost then the entire packet must be deleted. Retransmitted packets may have a df bit set so as not to fragment a bit, if this df bit is actually set inside the packet it will be discarded if it is too large to send, so you still have a problem, an Ethernet frame component, which is something that could be part of the problem, it starts with the data field so it has a maximum of 1500 bytes, then it has tcp and ip headers, layer 2 headers and headers, this can cause a problem if a device can't processing a frame of this size, so it's a problem. part of the troubleshooting process is to issue what is known as extended ping, you type ping, press enter and then it goes through different options, it goes to extended commands and you can see it says set set to df bit in the ip header that I mentioned earlier . do not fragment and I clicked on and.

I can also manually type the maximum size of the packet to be sent and the minimum size. This is a good way to test whether ping traffic is allowed through your network. The tunnel also adds additional IP headers. the packet is over 1500 bytes here is a ping test in a windows command line interface. I added the switches uh minus f minus l and then the size of the packet to be sent. Routing problems. The enterprise variety requires careful planning and testing, so all testing is typically done in a lab environment before switching to the live environment, it can often be a configuration issue, especially if a large amount of configuration is present. .

Start by using the traceroute command. Try both directions. This is a mistake that many people make when testing. routing in one direction may well work, but if routing comes back in the other direction it may not work, you may be taking a different path for various reasons, check all your routing tables and check from layer 1 as well upwards, if applicable, it obviously depends on what the problem is - subnet mask and gateway issues are part of your daily routine as a network engineer and you may regularly have a team of servers, for example setting up a IP address and getting the wrong subnet mask or getting the wrong gateway and all of a sudden you get forwarded to you because they say there's a problem on the network when actually a subnet mask is fine, so it's more difficult to solve if you can only access certain host addresses.

It's pretty easy to verify. It can print a route on the servers and display the IP route. and show the ip interface and show the interface on the routers check the dhcp configuration check that the address has not been used or assigned anywhere else on the network or sometimes I have even seen people manually add an ip address to their device thinking it is free when it has already been assigned by dhcp show ip interface and show interface. I mentioned it and here is this result that you have already seen several times. DNS problems. Can you ping the IP address but not the hostname?

That's a dead giveaway if the host name is not working, but you can ping the IP address and then it tells you that there is some kind of problem with the name lookup. Are you connecting to the correct IP address for the DNS server? You should check with your network administrator. Check with NS lookup. command on your Windows command line, if you're using Windows you can also temporarily use a public DNS server if you want, so I hope that's given you a few things to go on, these are some that I've found on a regular basis when you have troubleshooting network issues for customers