CCNA Cheatsheet

A lot of this is notes from Pearson's CCNA Routing and Switching 200-101 Complete Video Course.

Table of Contents


OSI Layers

Open Systems Interconnect - ISO OSI model
PDUs - Protocol Data Units at each layer - Bits, Frames, etc
All People Seem To Need Data Processing
Please Do Not Throw Sausage Pizza Away
Some People Fear Birthdays
Bacon Frying Produces Salivation
connection svcs - flow ctrl and packet reordering
Application Application interface not application, services that support applications, service advertisement
Presentation encryption, compression, translation, present, format
Session keeps different applications data separate
dialog control
simplex, half duplex, full duplex
sets up session
maintain a session
tear down session
could get acks here also
example netBIOS/netBEUI
Transport Segments or (Cisco) Packets
reliable/connection (TCP) or unreliable/connectionless (UDP) delivery
error correction before retransmit
flow control - buffering windowing congestion avoidance
  • TCP (connection oriented)
    • sliding window - send more packet/segments at a time each successful ack - max bytes over 2,000,000
  • UDP
Buffering - Queue/Buffer stores packet until time to send
Network Packets or Datagrams
logical addressing, ip addrs
  • packet switching - packet contains header with src and dest addr - router decides where it's going to go
  • circuit switching - temp connection brought up on an as-needed basis
  • message switching - store-and-forward data stream broken into messages
path determination - route discovery and selection
  • directly connected
  • statically configured
  • dynamically learned - EIGRP, OSPF, RIP, IS-IS
Data Frames
or (Cisco) Packets
MAC addresses
MAC layer - physical addressing, logical topology, method of transmitting on media (e.g. CSMA/CD)
LLC Layer - logical link control layer, flow control, error control, synch transmissions -
  • Isochronous - external clock
  • Async - internal clocks - start stop bits, parity bit
  • Sync - share clocking over separate channel, CRC
MAC addr table - CAM (Content Addr Memory) table
Physical Bits, e.g. Current State modulation, 0 volts is 0, 5 or -5 volts is 1,
  • AMI - alternate mark inversion - presence or absense of voltage important - averages 0 volts on wire
  • state transition modulation - change in voltage important
Wiring standards for connectors and jacks
Physical Topologies
Async - Sync bits - start with START bit - stop with STOP bit - receiver uses an internal clock
Sync - both sender and receiver use internal clocks - frequently ref external clocks
Bandwidth usage - e.g. Broadband - diff comm flows use diff freq ranges OR baseband - single stream all frequencies
Multiplexing strategy - TDM - diff channels diff time slots OR Statistical TDM - time slots allocated to channels based on current needs OR FDM (Freq) - diff comm channels get diff frequencies

TCP/IP Stack

Common apps/ports

General rules:

ftp      - tcp 20/21
ssh/sftp/scp - tcp 22
telnet   - tcp 23
smtp     - tcp 25
dns      - tcp/udp 53
tftp     - udp 69
dhcp     - udp 67/68
http     - tcp 80
pop3     - tcp 110
nntp     - tcp 119
ntp/sntp - udp 123
imap4    - tcp 143
ldap     - tcp 389
https    - tcp 443
rsh      - tcp 514
rtsp     - tcp/udp 554
rdp      - tcp 3389


CSMA/CD - Collision Senses Multiple Access / Collision Detection
  • layer 1 repeat all blindly
  • 1 collision domain
  • 1 broadcast domain
MAUMedia Access Unit - Token Ring Network, layer 1 device, physical level, ring topology, no collision domain, 1 broadcast domain
  • layer 2 device
  • individual collision domains
  • forwarding decision based on MAC address learned coming from where
  • switch usually uses hw asic for decision over software for bridge
  • 1 broadcast domain

media types

coax cable
  • rj58 - 10base2 (thinnet) 50 ohms impedance - up to 185meters
  • similar to rj8 - 10base5 (thicknet) - extra shielding and braid - up to 500 meters
  • t connector - bnc connector
  • not cable tv cable (which is 75 ohms impedance)
twisted pair
  • sufficient number of twists protect em interference or radiating like an antenna
  • Unshielded and shielded twisted pair
  • TIA/EIA-568-A - 1991 became TIE/EIA-568-B - 2001 - standard for this cable type - color coding for wiring to rj45 jack - Telecom industry Association/Electronic Industries Alliance
  • Cat 3PBXes and 10BASE-T
    Cat 5100BASE-TX
    Cat 5e1000BASE-T
    Cat 61000BASE-T, slightly better then 5e, thicker insulation, less cross talk
    Cat 6a10GBASE-T
  • Uses RJ45 1236 - MDI
  • crossover 1236 goes to 3612
  • MDIX - Media Dependent Interface Crossover - can reverse a port's transmit and receive pairs as needed
Fiber Optic
  • st - straight tip connector
  • sc - standard connector
  • lc - lucent connector
  • mtrj - media termination recommended jack - 2 fiber optic strands in one jack
  • mmf - multimode fiber - multiple bandwidths
    • can cause multimode delay distortion for higher distances - higher bandwidths bounce more off cladding and have longer path to travel, taking longer to make it down fiber
    • less expensive
    • larger 'angle of incidence' allowed (angle at which light intersects core
  • smf - single mode fiber - use this for > 2km - up to 40km+
  • core and cladding

Network categories



Ethernet Info

developed by xerox in 1972
10base2 - 10 Mbs, baseband, signal taking all frequencies, thinnet/cheapernet, 185 meters limitation
10base5 - 500 meters limitation, aui 15 pin adapter, thicknet
UTP - cat 3, cat 5, cat 5e, cat 6


forwards based on learned mac addrs, unknown (unicast) mac addrs, multicast, broadcast traffic
stands between 2 different collision domain
ARP broadcast asks for MAC addr for IP addr
- switch floods broadcasts and unknown MACs
- switch learns source mac address and incoming port - CAM Table

MAC addresses

48 bits
1st 3 bytes OUI (organizationally unique identifier/vendor code)
last 3 bytes assigned by vendor
CAM table on switch records MAC addresses based on origination

Collision Domains

Layer 2 - shared bus
Collision - interference occuring when 2 packets transmitted at the same time
packet/jamming continues to be transmitted on shared segment
random backoff timer
ethernet hub - all ports in same collision domain
switch - each port is a collision domain
full duplex disables CSMA/CD.  Full Duplex enabled.

Broadcast Domain

How far broadcast (ff:ff:ff:ff:ff:ff) will broadcast
each switch and hub (l2 and l1) are in 1 broadcast domain
router and L3 switch (L3 devices) separates broadcast domains

Frame Forwarding options

CISC Complex instruction Set Computing
RISC Reduced Instruction Set Computing
ASICs Application Specific Integrated Circuits

Ethernet Standards


Ethernet Frame Format

Frame Format

IP Frame Format

IP Packet Format

TCP Frame Format

TCP Frame

UDP Frame Format

UDP Frame

Switch Cfg

Switch LEDs

for 2960
System LED
  • Off
  • Amber - malfunction has occured probably while booting or performing power-on self-test (POST)
  • Green
Redundant Power Supply (RPS)
  • Off - no RPS installed, or RPS installed but not powered up
  • Amber - RPS installed, but not operational
  • Flashing Amber - primary power supply failed, RPS now powering the switch
  • Green - RPS installed and operational
  • Flashing Green - RPS installed, but powering another device currently
Port Status
  • Off - no link up no port
  • Amber - port disabled due to adminstrative config, l2 loop, or security violation
  • Solid Green - link present but no activity
  • Flashing Green - link present with traffic
  • Alternating Green and Amber - Errors (excess collisions, CRC errors, alignment errors)
BW Utilization
  • Amber - max backplane util since power on
  • Green - curr backplane util
Duplex mode
  • Off - half-duplex
  • Green - full-duplex

Port IDs

3750 - SwitchInStack/0/PortNumber - SwitchInStack/SlotOrModuleNum/PortNumber 2960 - 0/PortNumber

Connecting to Console

Can use db9 rs232 to rj45 or (older) db9 rs232
Can use USB to mini-usb with extra drivers loaded on laptop

CLI shortcuts

ctrl-a - beginning of line
ctrl-e - end of line
ctrl-w - delete previous word
ctrl-x - delete current line
ctrl-p - prior command in history
ctrl-n - next command in history
ctrl-k - delete to end of line
ctrl-u - delete to beginning of line
ctrl-x - delete to beginning of line
ctrl-b - back one char
ctrl-f - fwd one char
ctrl-d - del one char
esc b  - back one word
esc f  - fwd one word

basic config

> user mode
# privileged mode
show history
history size x
terminal history size x (only for this terminal session)
show line (shows cty - console and 16 VTYs - virtual terminal)
show line vty 0
show running-config
show ip interface brief (shows int, addrs, methods, status, protocol of interfaces)
show run (/ searches)
ping (icmp echo)

conf t
hostname DaSwitchName
service password-encryption !weak encryption for passwords listed - lvl 7 easy to crack
enable password DaPassword (cleartext)
enable secret DaPassword (non-cleartext - ignore enable password setting)
! 5 128-bit md5 hashed value
int vlan 1 (default vlan - all ports by default)
  ip address
  no shutdown
  end (exits config mode all the way out)
ip default-gateway
line con 0
  password DaPassword
  login (prompt for the above password)
  exec-timeout (minutes) (seconds) !(prompt timeout) - 0 0 no inactivity timer
  logging synchronous (show logs after command completion (e.g. show command)
  exit (exits this level of config mode)
line vty 0 15 (all the VTYs - will break up in run - 0 4, and 5 15)
  password DaOtherPassword
  login local (if you have username's set up)
  transport input all | none | telnet | ssh (ssh or telnet would be exclusive)
  history size 256 (num of commands remembered)
  exec-timeout 30 0 !30 minute timeout
!Enable ssh login
username DaUser password DaPassword
username DaUser seret DaPassword (encrypts it using sha-256 type 4 hash
ip domain-name
crypto key generate rsa
ip ssh version 2
line vty 0 15
  login local
banner login $ ($ is delimiter - this is shown after MOTD but before login prompt)
authorized access only!
$ (delimiter)
banner # (motd - shown before login prompt)
banner exec # (shown after login)

write memory (or wr)
copy running-config startup-config

show ip ssh
show ssh (shows who's logged in via ssh)

show information

show version
!virtual ethernet is vlan
!memory is shown as 2 numbers (e.g. 118784K/12280K - add together for total memory
sh ip int brief (shows int, addrs, methods, status, protocol of interfaces)
!Status up is L1, Protocol up is L2
show int fa 1/0/1
!bia is mac burned in address - diff mac addr for each port
!CRC errors (FD) OR late collisions (HD) - duplex mismatch
show mac address-table (mult addrs if conn to sw)
!CPU has special mac addr - e.g. broadcasat
!CPU 0100.0ccc.cccc - CDP
show mac address-table aging
!mac addr will ageout (by default) in 5 minutes

static mac add

mac address-table static a820.6632.0234 vlan 1 interface fa 1/0/1

port security

int fa 1/0/10
  switchport mode access | dynamic | trunk | private-vlan | dot1q-tunnel
  switchport port-security
  switchport port-security maximum (1-6144 - 2 is a good choice for timeout switch 1)
  switchport port-security mac-address 0011.2233.4455
  switchport port-security mac-address sticky (1st 2? learned are remembered in mem)
  switchport port-security violation protect (drops frame from 3rd addr)
  switchport port-security violation restrict (drops and increment security violation counter frame from 3rd addr)
  switchport port-security violation shutdown (shuts port down - shut/no shut to clear)
!snmp trap sent on violation
show port-security
show port-security address (shows table of addrs sticky learned or statically configured)
show port-security int fa 1/0/10

port speed and duplex

int fa 1/0/1
  speed 10 | 100 | auto
  duplex auto | full | half 
  mdix auto (media dependant interface crossover)

  show int fa 1/0/1

interface range FastEthernet 0/11-20
  description end-users connect_here


old VLAN notes
802.1p/Q header notes
Virtual LAN - broadcast domain on l2 switch - no vlan header

basic cfg - access port

show vlan brief (shows interfaces in vlan)

conf t
vlan 2
  name DaVLANName
vlan 3
  name dontreallywantVlan
no vlan 3
(vlans configured in separate file on sw from cfg)
show flash
delete flash:vlan.dat (deletes vlans)
(wr erase will delete config)
interface fa 0/11
  switchport access vlan 2
  switchport mode access
interface range fastethernet 0/13 - 14
  switchport access vlan 2
  switchport mode access

DHCP VLAN - switch

interface vlan 1
  ip address dhcp
  no shutdown
show dhcp lease
show interfaces vlan 1
show ip default-gateway

Trunk port

show int fa 0/2 switchport (will show trunk configuration)
show interfaces trunk (shows which interfaces are in trunk mode)
 n-802.1q means negotiated
 vlan 1 created automitically

int fa 1/0/2
  switchport trunk encapsulation dot1q
  switchport mode dynamic desirable
  switchport trunk native vlan 100 (to control vlan hopping (default native is 1))
  switchport trunk allowed vlan [add | all | except | none | remove] ...
  switchport trunk allowed vlan 1,100
  switchport trunk allowed vlan except 200


VLAN Trunking Protocol - cisco proprietary
conf t
vtp mode [server | client | transparent]
vtp domain DaVTPDomain (case sensitive)
vtp password DaPassword (case sensitive)
vtp pruning
vtp version 2

set vtp revision number to 0 when re-adding switch - toggle vtp transparent
vtp mode transparent
vtp mode server (or client) (keeps revision number 0)
(consider deleting vlan.dat - delete flash:vlan.dat)

show vtp status
show vlan brief

VLAN Trunking

sh int gigabit 0/1 switchport  (shows trunking details)
 show interfaces trunk (shows which interfaces are in trunk mode)
expected trunk oper mode
SW1 Mode SW2 Mode Trunk Formed
access any
trunk dynamic desirable
trunk dynamic auto
trunk trunk
dynamic desirable dynamic desirable
dynamic desirable any
dynamic auto dynamic auto

admin modeaccessdynamic autotrunkdynamic desirable
accessaccessaccessdo not useaccess
dynamic autoaccessaccesstrunktrunk
trunkDo Not Usetrunktrunktrunk
dynamic desirableAccesstrunktrunktrunk

Troubleshooting switching

sh interfaces fa 1/0/2
(look  at interface status up - L1 / up - L2)
  down/down(notconnect) - cable not connected to at least one switch, or other switch port admin shutdown

show interfaces status (shows status connected/notconnected, member of what vlan, duplex speed, type of fport (e.g. 10/100BaseTX))
clear counters (after fix problem)
common issue - one side to full duplex, one to auto, full duplex doesn't participate in auto negotiation
when 1 side has CRC/FCS errors, other side late collisions, indicative of duplex mismatch, late collisions in half duplex

determine adjacencies

sh cdp
sh cdp neighbors (Local Intrfce - egress, Port ID - ingress of other device)
(cdp version 2 works with cisco ip phone on what vlan)
sh cdp neighbors detail
(shows l3 addr, what version of ios, native vlan, vtp info)

conf t
no cdp run (turn off cdp globally)
cdp run
no cdp advertise-v2 (turns off version 2 - don't do)
int fa 1/0/2
  no cdp enable (off for this interface)

port vlan membership

show vlan brief (see all ports on a vlan)
conf t
int range fa 1/0/15 - 20
  switchport access vlan 100 (all ports go into vlan 100)
int fa 1/0/10
  switchport access vlan 300
(if you later delete vlan 300 - port will not be associated with any vlan 
 - will not be able to communicate on network - reassign to new vlan)

check trunk status

sh int trunks
make sure things match - including native vlan
sh run (look for int cfg)

IPv4 Addrs

IPv4 notes
Subnet quick ref

IPv6 Addrs

IPv6 refs



ip routing table

gateway of last resort

administrative distance (ad)

believability of a route, lower values are more believable than higher ones, highest ones injected (if dupl routes from diff sources)
show ip route will show the admin distance and metric (cost to get to remote network)
part of this table take from Cisco What Is Administrative Distance? table
Letter Route Source Default Distance Values
C Connected interface 0
L Local Interface
S Static route 1 - can be higher for backup route
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5
External Border Gateway Protocol (BGP) 20
E Internal EIGRP 90
IGRP 100
O OSPF 110
Intermediate System-to-Intermediate System (IS-IS) 115
Routing Information Protocol (RIP) 120
Exterior Gateway Protocol (EGP) 140
On Demand Routing (ODR) 160
External EIGRP 170
Internal BGP 200
Unknown* 255

Packet Forwarding/Switching

Rtr HW


SYS LED solid green - rtr up
blinking green - booting up
off - powered off or error with system board
Activity off - not routing
solid or blinking rapidly - packet flow
POE green - poe on
amber - poe off
RPS green - powered by external PS
PS green - ps powering
amber - ps not powering
consol led port which one is in use
speed 1 blink (then pause) 10
2 blinks 100
3 blinks 1000
L(ink) green - fast ether or gig ether
off - no link or 10 mbs

Interface addressing

module 0 is motherboard gig 0/0 - 0/2
top serial in ehwic 1 is serial 0/1/1 (motherboard module, slot 1 (right to left), interface 1 (bottom to top))
sh run is a sanity check to confirm what interfaces are recognized
sh inventory will display router's components
sh ip interface brief shows op stat and assigned ip addrs for each int on router

Console and VTY

default 9600 baud 8/N/1
vty used for telnet and ssh

Basic Rtr Cfg

enable/disable (> vs # prompts)
sh running-config
sh run | begin line (starts show at first line prompt)
wr (write memory OR copy run start)
sh version (ios version, uptime, where sys image loaded from, platform, memory (add both #s)
  interface types)
show ip interface brief (summ info about interfaces incl ip addr and status l1 status l2 protocol)
sh interface fa 0/0 (or any int id) (ip addr, duplex speed, 5 minute traffic avgs)
sh ip route (shows route info including admin distance)
sh cdp neighbors (can see this int and other int and other device)
sh cdp neighbors detail
show cdp entry [devname | *]
sh ipv6 interface brief

(optional)no cdp run (globally)
int fa0/1
  no cdp enable (for this interface)

hostname DaRtrName
ip domain-name
no ip domain-lookup (don't try to resolve dns lookups (mis-types))
username dauser secret dapassword

enable secret dasecretpw (hashed md5 128bit pw, default type 5 (md5), type 4 (sha256) more resistant)
service password-encryption (e.g. line password - type 7 encryption not strong)

crypto key generate rsa modulus [360-4096]

ip ssh version 2

ipv6 unicast-routing (turn on ipv6 routing)

line vty 0 4
  password DaPassword
  transport input ssh telnet
  exec-timeout 5 30 (5 minutes 30 seconds - default is 10 minutes)
line con 0
  password DaPassword
  logging synchronous (wait until after fresh line for console logging)
  exec-timeout 0 0 (inactivity timer turned off - default is 10 minutes)

int fa 0/1
  description ipv4 test interface
  ip address (optional - secondary
  no shutdown
int fa 0/0
  description ipv6 connection to R2
  ipv6 enable (optional: link-local addr will auto assign)
  ipv6 address 2000::4/64
sh ipv6 int fa 0/0
sh ipv6 interface brief

banner login $ (delimiting char is $)
This is the login banner

banner motd $ (motd is before login, login only used if pw needed)
this is the motd banner

exit (go out one level)
end (go out of config mode to privilege)

do show ip int brief

routing protocols

Distance Vector Routing Protocol

dist vector routing protocols have magnitueude/distance and direction/next-hop associated with a network

Link State Routing Protocols

Every rtr has map of network

Passive Interfaces

Inter-vlan routing


int fa0/1.1
 encapsulation dot1q 10 (10 is the vlan)
 ip addr
int fa0/1.2
 encapsulation dot1q 20 (could be native)
 ip addr

sh ip route
sh vlans


L3/Multilayer switch - switched virtual interface that can do routing
can also make a port be routed externally
show vlan

ip routing (enable routing)

int vlan 10 (this is an svi)
 ip addr
int vlan 20 
 ip addr
(cannot assign ip addr to sw port without turning of switching on that port)
int fa 1/0/24
 no switchport (turn off switching on this port - make it routed)
 ip addr
sh ip int brief

Troubleshooting Routing issues

IP addr issues


Verifying host configuration

MacOS/*nix get default gateway
  route -n get default

L1 issues

sh interface <interface>
queues - size/max/total/threshold/drops
clear counters
runts < 64 byte ethernet
giants > 1518 bytes ethernet

Discovering Neighbors

sh cdp neighbors
sh cdp neighbor detail
no cdp run (turn off cdp globally)
int fa0/1
 no cdp enable (turn off on this interface)

Router Services


dhcp interface cfg

int fa 0/0
ip address dhcp (interface gets addr from dhcp)

dhcp relay

int fa 0/0
 ip helper-address
 sh ip int brief

dhcp server

ip dhcp excluded-address
ip dhcp pool PC
 network /24

sh ip dhcp pool
sh ip dhcp binding


static NAT

int fa 0/0
 ip nat inside
int fa 0/1
 ip nat outside
ip nat inside source static

sh ip nat translations

Dynamic NAT

int fa 0/0
 ip nat inside
int fa 0/1
  ip nat outside
access-list 1 permit (wildcard mask, inside local addrs)
ip nat pool DAPOOLNAME netmask (range)
ip nat inside source list 1 pool DAPOOLNAME

sh ip nat translations


NAT Overloading - match ephemeral ports against public ip addr
int fa 0/0
 ip nat inside
int fa 0/1
  ip nat outside
access-list 1 permit (wildcard mask, inside local addrs)
ip nat inside source list 1 int fa 0/1 overload

sh ip nat translations


NTP Master clock

#clock set 13:36:00 31 July 2013

clock timezone UTC 0 (offset from UTC)
ntp master 5 (stratum number)

NTP source for first rtr close to internet
ntp server
clock timezone PST -8
clock summer-time PDT recurring

show clock
show ntp associations
show ntp status (show stratum, reference src, is loopback addr)


Standard ACLs

based on source ip
acl number 1-99 or 1300-1999
place near destination
access-list 1 permit host
(implicit deny)

int fa 0/0
 ip access-group 1 in
sh access-lists

Numbered Extended ACLs

source and dest ip addr and port (optional)
acl number 100-199 or 2000-2699
place near source
access-list 100 permit ip host host
access-list 100 permit tcp host host eq www

int fa 0/0
 ip access-group 100 in
 sh access-lists

Named Extended ACLS

source and dest ip addr and port
acl name
place near source
ip access-list extended DANAME
 permit ip host host
 permit tcp host host eq www
int fa 0/0
 ip access-group DANAME in
(edit access control list)
ip access-list extended DANAME
 15 deny ip any any (inserts between 10 and 20)

show access-lists

Device security

dropping, banging, employee training, electrical damage, malicious user, physical security, environmenetal threats

ssh vs telnet, https vs http
strong passwords
in order to connect to devices, have to come from specific networks
access-list 1 permit
access-list 1 deny any log

line vty 0 15
 access-class 1 in


local users
aaa svr -

switch port security

shut down unused port, man-in-the-middle, gratuitous arp
int range fa 0/1 - 24
 int gig 1/0/1
  switchport  port-security maximum 1
  switchport port-security mac-address aaaa.aaaa.aaaa (or sticky)
  switchport port-security violation protect | restrict | shutdown
!optional put unused ports in unused vlan
vlan 999
int range fa 0/1 - 24
 int range fa 1/0/1 - 24
 switchport access vlan 999
!select non-default native vlan
!native vlan not tagged (incl on trunk port)
!vlan hopping attack - attack device in another vlan without crossing a router
!double tag vlan - 1st switch strips 1st tag, 2nd tag sends to 2nd vlan
!don't put production traffic on native vlan




Spanning Tree notes Needed to eliminate l2 loops
Radia Perlman - DEC - develops STP
802.1D - IEEE - 1990
no ttl field


PAgP - Port Aggregation Protocol (Cisco proprietary)

make sure all speed duplex vlans of ports are same.
Channel ModeOnAutoDesirable
int range fa 1/0/1 - 2
  speed auto (needed for mdix auto)
  duplex auto
  mdix auto
  channel-group 1 mode desriable (or active or auto or on or passive)
int port-channel 1
  switchport encapulation dot1q
  switchport mode trunk
port-channel load-balance src-dst-ip
show ip int brief (should see the port-channel1 interface)
show int trunk (should see Po1 with vlans)

LACP - Link Aggregation Control Protocol

passive - like auto
active - like desirable


show interfaces port-channel 1
show etherchannel summary
show etherchannel port-channel
show etherchannel load-balance (what algo is being used)

Router bootup sequence

  1. POST - Power On Self-Test - stored in system ROM
  2. Execute Bootstrap Code
  3. Locate Cisco IOS SW - typically on Flash
  4. Load Cisco IOS SW
  5. Locate Cfg - typicaly in NVRAM
  6. Load Cfg
  7. Execute Cfg

Boot options

Cfg Register

16-bit register Bottom 4 important Common cfg register settings
config-register 0x2100
rommon 1 > confreg (config register utility wizard)
do you wish to change the config
enable diag mode
use net in bcast addr
load rom after netboot fails
use all zero broadcast
break/abort has effect
change console baud rate
change boot characteristics 
rommon 1 > reset

working with ios files

sh file systems
dir nvram:
show flash:
mkdir outputdir
dir (flash)
cd outputdir
show ip int_brief | redirect flash:int_brief
more int_brief
delete int_brief
cd ..
rmdir outputdir
copy startup-config tftp:
copy tftp: flash: (fill in details as prompted)
show flash:
conf t
  boot system flash:DaFileName
  (maybe no boot system flash:daotherfilename)
sh version

Cisco IOS images

feature navigator -

Cisco IOS licenses

prior to IOS 15.0 and ISR2

IOS 15+ and ISR2 rtrs

Transitioning from old licensing model to new

IP VoiceIPBaseK9+UCK9
Adv SecurityIPBaseK9+SECK9
SP ServicesIPBaseK9+DataK9+UCK9
Enterprise BaseIPBaseK9+DataK9+UCK9
Advanced IP ServicesIPBaseK9+DataK9+UCK9
Enterprise ServicesIPBaseK9+UCK9
Advanced Enterprise ServicesIPBaseK9+DataK9+UCK9+SECK9

CLI commands to clear install backup and preserve licenses

show license
license install flash0:<filename> (permanent production license)
license boot module c2900 technology-package uck9 (temp license)
license save flash:da_licenses.lic (backup licenses)

conf t
  license boot module c2900 technology-package uck9 disable (disable than clear)
license clear uck9 (clear installed license)
conf term
  #no license boot module c2900 technology-package uck9 disable (remove from config)

password recovery

power off rtr
power on - issue break command (Standard Break Key Sequence Combinations During Password Recovery)
gets you into rom monitor mod
rommon 1> confreg 0x2142 (ignore startup config)
rommon 2> reset 
would you like to enter initial configuration dialog? [yes/no]: no
into privileged mode with no password)
Router#copy startup-config running-config
(doesn't admin bring up interfaces)
Router#config t
Router(config)#enable secret cisco
Router(config)#config-register 0x2102 (normal setting)
Router#copy running-config startup-config

Routing Protocol Characteristics

administrative distance

trustworthiness of route - lower is better
Route Source Administrative Distance
Connected 0
Static 1
OSPF 110
RIP 120
External EIGRP 170
Unknown 255

Split Horizon Rule

do not advertise route out interface route originally learned from EIGRP and RIP advertise tables, so they use this
sh ip route


value of how far it is to get to network

Next Hop Address

what gw to go thru to get to subnet
sh ip route
sh ip ospf rib (routing info base)
sh ip eigrp topology

- maintains FIB - Forward info base - prefix, next hop, interface
  sh ip cef
  sh adjacency - interface, address (of neighbor)
- maintains arp cache
  sh ip arp - addr age(min) hwaddr(mac) type(arpa) interface

Troubleshooting Rtr ops

verifying Routing is enabled

rtr#conf t
rtr(config)#ip routing

sh ip protocols

Checking IP Routing Table

sh ip route
O is OSPF ,  O IA is OSPF Inter-Area
R is RIP
L is local
C is connected
sh ipv6 route
OSPF sh ip ospf rib EIGRP show ip eigrp topology (only sucessor or feasible successor) show ip eigrp topology all CEF quick summary tables show ip cef (shows FiB) show adjacency (adjacency table) show adjacency detail show ip arp enable cef rtr#conf term rtr(conf)#ip cef show ip int f0/0 (CEF switching is shown)

Monitoring Path Selection

sh ip route <destiproute>
show ip cef exact-route <srcipaddr> <destipaddr> (will tell you egress int and next hop addr)

Verifying Interface Status

sh int f0/0/0 (shows up/down l1 up/down l2,duplex,queue stats,l1 stats)
clear counters


OSPF cheatsheet
IS-IS (Intermediate System to Intermediate System)


EIGRP cheatsheet

First-Hop redundancy protocols


Hot Standby Router Protocol
cisco proprietary
active / standby
active rtr snds hello msg sent every 3 seconds
if standby rtr doesn't hear anything for hold timer (10 seconds), 
   standby rtr concludes r1 not available and becomes active
hsrpV2 allows hold timer to be set to milliseconds
hold timer has to be at least 3 times hello timer
hsrp elects active rtr based on rtr with highest priority
  default prio is 100
tracking option allows hsrp rtr to monitor net condition
  (e.g. interface status, and decrement its priority).
when tracking event is restored, original rtr stays standby
  even though it (once again) has a higher priority
  preempt option needs to be set to allow previously
  active router to reclaim its role as the active rtr
hsrp will generate common mac addr for virt ip addr
    (00000c is cisco vendor pref)
    (07ac cisco says is hsrp v1)
    (0a is group number)
    (00000c is cisco vendor pref)
    (9ff is hsrp v2)
    (00a is group number)
rfc2281 (v1) (v2)
cannot use intrfc ipaddr as virtipaddr

int f0/0
  standby 10 ip  (10 is group num)
  standby 10 priority 110
  standby 10 track serial 1/0 20 (drop prio by 20 if s1/0 goes down)
  standby 10 preempt
  standby version 2 (if you want timers less than 1 second)
  standby 10 timers msec 100 msec 300 (hello timer 100ms, hold timer 300ms)

show standby brief
show standby (shows many details)
debug standby terse (hsrp errors, events, packets)
int f0/0
  standby 10 ip
  (default prio is 100)
  standby 10 preempt
  standby version 2 (if you want timers less than 1 second)
  standby 10 timers msec 100 msec 300 (hello timer 100ms, hold timer 300ms)


Virtual Router Redundancy Protocol
Master Router and Backup Router
Master addr can addr of phys int on Master
1 second hello timer default
can do object tracking
pre-empt option enabled by default
MasterDownInterval = 3 * MasterAdvInterval * [(256 - VRRP_Prio)/256]
  not specifically set
  skew time is (256 - VRRP_Prio)/256
100 default prio

int f0/0
  vrrp 10 ip (10 is grp num) is shared gw addr
  vrrp 10 priority 110 (higher prio is Master)

show vrrp brief
show vrrp (shows many details)
int f0/0
  vrrp 10 ip (10 is grp num) is shared gw addr


Cisco Proprietary Standard
RFC2281 RFC3768
Active Router Master Router
Standby Router Backup Router
0000.0c07.acXX (v1)
0000.0c9f.fXXX (v2)
Preempt Option Not Enabled by Default Preempt Option Enabled by Default
Default Hello Interval: 3 sec Default Master Advertisement Interval: 1 sec
Default Holdtime: 10 sec Master Down Interval:
3*Master_Advertisement_Interval + [(256-VRRP_Priority)/256] (v1) (v2)
Cannot Use Interface IP Addr as Virt IP Addr Can Use Interface IP Addr as Virt IP Addr


Gateway Load Balancing Protocol
Cisco Proprietary
FHRP that can load balance
1 rtr is AVG (Active Virtual Gateway) - resp to arp reqs fr hosts, and assigns virt MAC addrs to members of GLBP grp (AVFs)
  Redirect time is time mac addr is handed out for failed AVF (default 600 sec)
  Forwarder time-out is how long bkup AVF will accept frames destined for virt MAC addr of failed AVF (def 4 hours)
All rtrs in group are AVF (Active Virtual Forwarder)
All rtrs are standby for other rtrs. ip addrs (not just common gw ipaddr)
default prio is 100

int f0/0
  glbp 10 ip (10 is grp num) is shared gw addr
  glbp 10 priority 110 (default is 100)
  glbp 10 preempt
  glbp 10 load-balancing host-dependent (based on mac addrs) (OR)
  glbp 10 load-balancing round-robin (default) (OR)
  glbp 10 load-balancing weight (in proportion to forwarder weighting

  show glbp brief
  show glbp

Net Monitoring


default port udp 514
Sev lvl
lower more severe
0-emergency    -cond renders sys unusable
1-alerts       -cond that reqs imm attn
2-critical     -cond that should be addressed to prev interup in svc, less severe than alert
3-errors       -error cond that does not render sys unusable
4-warnings     -cond where op failed to successfully complete
5-notifications-change to system
6-info         -normal sys operation
7-debugging    -troubleshooting details

terminal monitor (term mon)
logging (send syslog msgs to this ip)
logging trap notifications (send lvl 5 and lower)

show logging (shows conf and log msgs in rtr buffer)

syslog fields:
sequencenum - (enable using 'service sequence-numbers')
timestamp - (requires 'service timestamps log [datetime | log]')
facility - (e.g. %DUAL (eigrp))
sevlvl - 1 of 8 values above
mnemonic - abbr desc of log msg
description - detailed desc of log msg


SNMP agents
contain MIBs
OID identifies element of mib
trap notifications
v1 uses community strings
v2c also used comm str with more features
v3 encryption, integrity checking, auth svcs
default port udp 161

snmp-server community dapasswrd ro
snmp-server community daotherpw rw
snmp-server location da location
snmp-server contact Joe Smith
snmp-server host version 2c CCNA (snds traps to this host with commstring CCNA)
snmp-server enable traps (send all traps)

show snmp


info about 1-way data stream
web browser session - 2 flows
like cdr in voice world
- who are top talkers
- acct purp
- security
- QoS analysis

what is a flow?
1 - same src ip addr
2 - same dest ip addr
3 - same src port num
4 - same dest port num
5 - same l3 proto
6 - same ToS/DSCP val
7 - same ingress interface

example netflow collector - LiveAction from

ip flow-export source lo0
ip flow-export version 5
ip flow-export destination 9996 (port 9996 not guaranteed)
int f0/0
  ip flow ingress (look at ingress flows)
int s1/0
  ip flow ingress

show ip cache flow

WAN connection types

metro ethernet

MAN (Metropolitan Area Network) based on ethernet
typically uses fiber optics
km apart
easily conn to LAN
less expensive than alternatives (e.g. SONET)
10gbps (slowest), 40Gbps, 100gbps


Very Small Aperture Terminal
2way satellite connectiviter
small satellite (< 3 meters)
useful for locations thhat connect be wire
56kbps - 4Mbps
delays are greater then expected
22300 miles up
typical round-trip delay times 500ms
sensitive to weather conditions

Cellular 3G/4G

std def by ITU-R (Int Telecom Union, Radiocommunication Sector)
LTE - Long-Term Evolution - commonly offered as 4G tech
  technically not 4G, actually like 3.9G
  LTE that is 4G is LTE advanced
WiMax does 4G


Multiprotocol Label Switching
makes fwding decisions based on 20bit label in 32bit header
label switching used to be considered faster than ip switching

QoS usable
svc provider can easily isolate based on labels
compatible with mult prot

inserts 32bit shim header between l2 and l3 header

cpe - customer premise equipment
elsr - Edge Label Switch Router
       dev at edge of mpls that adds labels to traf coming into cloud and removes 
       labels from traff leaving cloud.  ELSR also known as PE (Provider Edge) rtr.
lsr - Label Switch Router)
      dev inside mpls cloud that relabels traff and makes fwd decisions 
      based on thosse labels.  also known a P (Provider) rtr


T1 quick ref
Nyquist theorem states min num of samples to be taken per sec should be 2x highest freq - 8000 samples
8bit samples
24 channels & 8b8tperchan+1frame bit = 193 bits
*8000 samples = 1.544Mbps
SF 12 frames
ESF 24 frames
CSU/DSU - channel svc unit/data svc unit
l2 proto (e.g. PPP) runs over circ
T1 - 1.544Mbps
E1 - 2.048Mbps
T3 - 44.7 Mbps
E3 - 34.4 Mbps


Integrated Services Digital Network
bri - 2b+d (d chan 16kbps)
pri - t1 23b+d, e1 30b+d+framechan (2-16, 18-30, 17d)
te1 (cust rtr)
r ref pt - point between term adapter and non-isdn dev(e.g. pc)
s/t ref point - piont between nt1 and isdn dev (rtr) - 4wire
  nt1 (net term 1) converts 4 wire to 2 wire
u ref point - point between nt1 and wall jack (u have an nt1 in rtr)
te2 - non-isdn dev
te1 - isdn dev (rtr, isdn phone)


Digital Subscriber Line
uses telephone line for data transmission
ADSL asymmetric - commonly used in home env - filter separates data and phone
     terms to DSL access multiplexer (DSLAM)
     max 18000 feet (distorted by capacitance buildup)
     conn dslam to srv prov uses atm (53 byte cells w/ 48 bytes payload)
     often has dhcp and auth using pppoe (ppp over ethernet)
     Load Coil - device the phone comp installs at intervals of 18000 ft to counteract
       capacitance buildup
     theoretical max downstream is 8 Mbps, theoretical up is 1.544 Mbpbs
SDSL Symetric
     max speeds vary by serv prov.  common are just over 11mbps
     max 12000 feet
VDSL VeryHighBitRate
     Typical down is 52Mbps
     Typical up is 12Mbps
     max 4000 feet to DSLAM

Frame Relay

L2 WAN tech - frames over virt circuits (VCs) identified by DLCIs (Data Link Connection
              Identifer) numbers.  DLCIs locally significant.
SVC - switched virt circ brought up on demand
PVC - permanent virt circuit - always active
PointToPoint circ - single vc interconnecting 2 endpoints, both ends in same subnet
PointToMultipoint circ - conn from one endpoint to 1 or more othter endpoints.  all in same IP subnet
SLA - svc lvl agreement guarantees svc lvl (CIR) committed info rate
DE (Discard Eligibility) bit set on frames sent in excess of CIR, and can be discarded by
  svc provider if congestion occuring
BECN (Bckwd Explicit Congestion Notification) bit gets set by svc pvder asking sender to
  slow down
FECN (Fwd Explicit Congestion Notification) bit gets set by svc pvder asking receiver to
  tell sender to slow down. q922 test frame sent from rec to snd, and this is marked w BECN.


HFC (Hybrid Fiber-Coax) dist net
typical upstream 5-42MHz
typical downstream - 50-860MHz
DOCSIS (Data-Over-Cable Svc Intrfc Spec) - stds w diff versions specifying freq ranges
Euro-DOCSIS - used by many European countries


Virt Priv Ntwrk
SiteToSite VPN
RemoteAccess VPN
    option 1 using web browser (e.g. clientless cisco ssl vpn)
    option 2 using software client
    confidentiality, data integrity, authentication, anti-replay
    IKE (Intrnet key exchange) phase 1 tunnel is outer tunnel negotiate ike phase 2 tunnel
    IKE phase 2 tunnel protects inner tunnel
    can only handle unicast
    often gre tunnel inside to handle multicast/broadcast - gre packet is unicast 

GRE tunnel cfg

- repeat for both rtrs

int tunnel 1 
  tunnel source
  tunnel destination
  ip addr

sh ip int brief
sh int tunnel 1


HDLC - Cisco proprietary version

Typical wan connectors could be v.35, db-60, or 'Smart Serial - 2 conns on wic'
  or EIA/TIA-233 (25-pin D-connector - 64kbps foor shrt dist)
HDLC - default l2 proto - cisco uses proprietary version
DCE (Data Comm Equip) - end of serial cable that provides clocking
DTE (Data Term Equip) - end of serial cable that receives clocking
  show controllers s1/0 (will show dte vs dce)
  show ip int brief
  show int s0/0

int s0/0
  ip addr
  bandwidth 500 (not clock speed, is metric and qos related)
  no shut

int s0/1 (dce)
  ip addr
  bandwidth 500
  clock rate 5000000 (500kbps)
  no shut


l2 encaps commonly used on leased lines
suports auth, compression, error checking and correction, logical multilink interface
PAP - Password Auth Proto - performs one-way auth, clear text
CHAP - Challenge Handshake Auth Proto - 2-way auth, sends hash of pw, better option
compression -use hw compress if possible
multi-link interfaces show up as virtual intrfce
LCP - Link Control Protocol - used by PPP to setup maintain teardown conn
NCPs - protocols used to negotiate cfg of protos being transmitted over PPP link


PAP svr cfg (srv side of 1way auth)
username dausername password dapassword

int s0/0 (srv side)
  encap ppp
  ppp authentication pap

PAP client cfg (clent side of 1way auth)

int s0/1
  encap ppp
  ppp pap sent-username dausername password dapassword
show ip int bri
show int s1/0 (will show encaps, and NCPs)
debug ppp authentication


on r1
username R2 password daotherpass (other router name)
int s0/2
  ppp authentication chap

on r2
username R1 password daotherpass (other router name)
int s1/2
  ppp authentication chap


int s1/0
  compress stac (or predictor or mppc - last one microsoft)

show compress

Error detection and correction

does not play nice with multilink

int s1/0
  ppp reliable-link
sh int s1/0
(if LAPB section shows up - error detection and correction is on)


does not play nice with error detection and correction

int multilink 1
  ip addr
  ppp multilink

int s1/0
  no ip addr
  ppp multilink group 1

int s1/1
  no ip addr
  ppp multilink group 1

sh ip int brief

Frame Relay

LMI - local mgmt intrfc - performs signaling betwn fr rtr and fr sw
PVC active   - connection info is being exchanged on both sides
    inactive - lcl rtr to fr switch good. far-end rtr to fr sw not good
    deleted  - lcl rtr to fr sw not good
Inverse ARP - allows fr rtr to determine L3 addr at far-end of a DLCI (L2 addr)
By nature fr non-broadcast..needed for routing protos.
additional dlci or static mapping needed for full mesh topology
mesh links (n*(n-1))/2
int s1/0
  encap frame-relay
  frame-relay lmi-type [cisco|ansi|q933a]
  frame-relay map ip 301 broadcast (to get to use dlci 301, even if not
                                             directly connected, disables inv arp
                                             need to put statics for all)

show frame-relay pvc
show frame-relay map (tells what ips are accessible over LMI)


Logical div of phys intrfc, each of which can belong to a separate subnet
point-to-point - doesn't rely on inverse arp
interface Serial1/0
  no ip addr
  encapsulation frame-relay
  serial restart-delay 0
  frame-relay lmi-type ansi
int Serial1/0.102 point-to-point
  ip addr
  frame-relay interface-dlci 102
  ip ospf network point-to-point (configure rting proto network type)
int Serial1/0.103 point-to-point
  ip addr
  frame-relay interface-dlci 103
  ip ospf network point-to-point (configure rting proto network type)
ip route Serial1/0.102

multipoint (also known as point-to-multipoint)
helps with mesh and split horizon scenarios

interface Serial1/0
  no ip addr
  encapsulation frame-relay
  serial restart-delay 0
  frame-relay lmi-type ansi
int Serial1/0.1 point-to-multipoint
  ip addr
  frame-relay map ip 103 broadcast
  frame-relay map ip 102 broadcast


PVC identified by VPI/VCI
VPI - Virtual Path Identifier
VCI - Virtual Channel Identifier

Cisco 3-Layer Hierarchical Model