The Complete CCENT Cheat Sheet (For CCNA Part 1)

December 24, 2015 | Views: 30353

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

 

Let’s begin…

 

Routers

– Communicate over layer 3 (IP)
– Drop broadcast messages
– Connects LAN’s to WAN’s

 

Switches
– Communicate over Layer 2 (MAC)
– Distributes broadcast messages
– creates multiple collision domains

 

Hubs
– Dumb devices with NO logic
– data is sent to all connected device

 

Bridge
– Local solution connecting two local networks together.

 

Notes:

A switch maintains a separate bridging table for each VLAN
Switches have a higher number of ports than bridges
Both Switches and Bridges flood layer 2 broadcasts
Both bridges and switches make forwarding decisions on layer 2

Advantages Switches have over Hubs:
– Filtering frames based on MAC
– Allowing simultaneous frame transmission

 

 

Straight Cables:
– Connect Switch to Router
– Connect PC to Switch
– Pins are identical both sides

 

Crossover Cables:
– Connect PC to PC
– Wire 1 needs to connect with wire 3
– Wire 2 needs to connect with wire 6


Notes:

10BaseT, 100BaseT & 1000BaseT – Ethernet cables all have the same 100m restriction

 

 

Speed & Duplex:
– NICs are designed with AUTO detect.
– 100mbps NIC – Hardcode
– 1000mbps NIC – Auto
– Speed 10/100mbps – Duplex Half/Full
– Auto-negotiation = 802.3u

 

OSI:
L7 Application – browsers
L6 Presentation – html, encryption
L5 Session – session id’s
L4 Transport – Segment
L3 Network – Packet
L2 Data Link – Frame
L1 Physical – Bit

 

TCP/IP:
L4 Application
L3 Transport
L2 Internet
L1 Network

L1 – Cables broken? Correct Speed/Duplex? Port open?
L2 – Correct protocol? Ethernet, HDLC, PPP?
L3 – Correct IP/Subnet?
L4 – Routing protocol used? is network advertised?

 

Troubleshooting:
– Late Collisions indicate a duplex mismatch
– CRC Errors indicate bad cable/EMI
– Runts – packets that are smaller than the required 64bytes.
– Giants – packet that is larger than the MTU

 

Same Layer Interaction:
– Header information added by a layer on the sending device is processed by the same layer on the receiving device.
Adjacent Layer Interaction
– A layer provides a service for a layer higher in the stack. A higher layer in the stack will request lower layers to perform functions required.

 

Notes:

Cut-through switching is a method for packet switching systems, wherein the switch starts forwarding a frame (or packet) before the whole frame has been received, normally as soon as the destination address is processed.

 

 

STP:
– Spanning-Tree Protocol – blocks some ports from forwarding frames so that only one active path exists between any pair of lan segments.
– Caused by a flood when the MAC address table is full or the MAC address of a host is unknown.

 

CSMA/CD:
– Carrier Sense Multiple Access/Collision Domain
– CSMA/CD Is and indication that a half duplex is running.

 

CRC/FCS:
– Cyclical Redundancy Check
– Frame Check Sequence
– FCS field resides in the Ethernet trailer.
– FCS creates a hash using packet
– Device receiving packets decodes hash
– If hash doesn’t match then packet is dropped.

 

DNS:
– Domain Name Server – Checks IP’s against domain names ARP
– Address Resolution Protocol – used to identify hosts using IP and MAC addresses.
– If host checks ARP cache and MAC is no there an ARP broadcast is generated.

 

CAM Table:
– Also known as a MACADDRESS-TABLE, switching table or bridging table.
– Shows ports with learnt MACs

 

ICMP:
– Internet Control Message Protocol
– reports issues with IP packets
– If there is an issue and IP packet destroyed and an ICMP message is generated and sent to host of origin
– PINGs have TTL so show latency

 

IP:
– Internet Protocol
– operates at the Network Layer
– connection-less
– looks at IP destination
– determines best path

 

TCP:
– Transmission Control Protocol
– Reliable connection orientated
– 3 way – SYN, SYN ACK, ACK
– Windowing
– FTP(21), SSH(22), Telnet(23), SMTP(25), DNS Server(53), HTTP(80), POP3(110), HTTPS(443)
– TCP provides a sequencing of segments with a forward reference acknowledgement.

 

UDP:
– User Datagram Protocol
– Connection-less Protocol
– no checks
– sends data numbered
– DNS client(53),TFTP(69)

 

Notes:

Sequence number, acknowledgement number and window size are all found in the
TCP header and NOT the UDP.

Unicast – One message to one device
Multicast – One message to group
Broadcast – One message to network

 

 

IPv4 Addressing:
Classes of address
Class A – 1 – 127 / 8
Class B – 128 – 191 / 16
Class C – 192 – 223 / 16
Class D – 224 – 239 – Multicast
Class E – 240 – 254 – Experimental

 

Private IP’s
– A – 10.0.0.0 – 10.255.255.255
– B – 172.16.0.0 – 172.31.255.255
– C – 192.168.0.0 -192.168.255.255

 

Public IP’s
– A – 1.0.0.0 – 126.255.255.255
– B – 128.0.0.0 – 191.255.255.255
– C – 192.0.0.0 – 223.255.255.255

– Automatic Addresses
– 169.254.0.0 – 169.254.255.255
Loopback Addresses
– 127.0.0.0 – 127.255.255.255

Running-Config is stored in RAM
Startup-Config is stored in NVRAM

 

VLAN
– Layer 2 feature
– Cannot speak directly without a layer 3 assistant (router)
– Segments broadcast domains
– Logically groups users
– Subnet correlation
– Access control
– QoS
– Native VLAN has to match across network.
– VLAN Pruning, stops VLANs crossing switches where the VLAN doesn’t exist.

 

Notes:

Link Type – Grouping similar items
Unified – Grouping by building
Server Virtualisation – Hosting multiple servers/services on one server.

 

 

Trunking Protocols (VTP & 802.1Q)
– Layer 2 feature
– 802.1Q = VLAN tagging
– Defines a system of tagging Ethernet Frames
– A frame without a VLAN tag is assumed part of the Native VLAN.

– VTP
– VLAN Trunking Protocol
– Carries VLAN info to all switches that are part of a VTP domain.
– VLAN consistency across network

– VTP survives configuration resets
– Higher revs will override lower revisons
– VTP transparent mode

 

CPD:
– Cisco Discovery Protocol
– Cisco proprietary
– Seeks surrounding devices and adds them to a CDP table.
– Advertises every 60 seconds

 

Routing:
– The process of moving packets between IP based networks
– IOS powered, CEF enhanced Cisco Routers support two types of interfaces:
– point-to-point
– point-to-multipoint

 

CEF – Cisco Express Forwarding:
– ADV Layer 3 switching technology
– Layer 3 Switching & Routing is performed on hardware (ASIC).
– Increases speed, reduces overhead and delays.

 

IGRP:
– Advertising every 90 seconds – Dead timer of 270 seconds
– LSA – Link State Advertise = Speed

 

RIP (AD 120):
– Advertising every 30 seconds
– Shares entire routing table
– 90 seconds to tell if neighbor is down.
– LSA – Hop Count

 

OSPF (AD 110):
– Open Shortest Path First
– Hello Timer = 10secs
– LSA = Cost = Bandwidth
– Timers (10 Hello 40 Dead)
– OSPF must run in the same area
– OSPF must run the same key (auth)
– OSPF must run within the same subnet mask.

 

Notes:

Characteristics of OSPF
– Uses cost to determine best route
– OSPF routers discover neighbors before exchanging routing information
– it converges quickly OSPF maintains topology database
– Topology database is a routing table for which no path decisions have been made
– The topology Database us updated by Link State Advertisements

OSPF Hello packets perform:
– Dynamic Neighbor Discovery
– Maintains Neighbor Relationships

OSPF hello packets use the multicast address 224.0.0.5 to detect and keep track of neighbors.

The show ip OSPF interface command lists the area in which the interface belongs, the DR and the BDR, and neighbors adjacent on the interface. OSPF uses the cost to determine the metric for each route.

The cost value can be set on an interface using the ip OSPF cost interface command. The OSPF cost can also be manipulated using the bandwidth interface command.

The default cost of an OSPFenabled interface is found using the following formula:

Cost = 10^8 / bandwidth

Where bandwidth is the bandwidth of the interface in bps. For  example, CISCO IOS defaults to a bandwidth of 10,000 kbps, which is 10 Mbps on Ethernet interfaces, so the cost of this is 10^8 / 10^7 =10. Serial interfaces default to a bandwidth of 1544 kbps, giving the OSPF-enabled interface a default cost of 64. In this example, the interface bandwidth was changed to 64. The bandwidth command units are in kbps, so 108 / 64000 is rounded down to 1562, the correct answer and the cost of the interface.

 

 

EIRGP (AD 90):
– Fastest protocol
– Combo of RIP & OSPF features
– Metric = k value
– Only uses Bandwidth + Delay as standard

 

BGP (AD 20):
– Border Gateway Protocol
– Used at ISP or Enterprise level
Administrative Distance
– Works above the metric
– How ‘believable’ a route is
– Each routing protocol has a number assigned
– The lower the number the better
– STATIC ROUTES = AD 1

 

Notes:

RIPv2, EIGRP, OSPF, and BGP are all classless protocols. Classless protocols send a route’s subnet mask in its routing updates, thus supporting VLSM and CIDR. Before an AD is even considered priority to the route with the largest subnet is always given.

 

 

Distance Vector Protocol:
– send periodical updates regardless of topology changes
– updates the routing table based on update from neighbours.

 

Access Control Lists (ACL):
– Used for access control, NAT, QoS, Demand Dial Routing, Policy Routing and Route Filtering.
– List is read from top to bottom
– Ends with implicit deny
– Applied in/outbound on an interface

 

Standard ACLs:
– Matches based on source address
– Lower processor utilisation
– Effect depends on application

 

Extended ACLs:
– Matches based on source/destination address, protocoland source/destination port.

 

Static Routing:
– Stopping broadcasts
– Finding the best path to destination
– Moving unicast traffic between networks.
– The more specific a route is the better, priority is worked out through the subnet mask.

 

NAT:
– Network Address Translation
– Translates Private IPs to Public addresses.
– Configured Statically/Dynamically
– NAT Overload = PAT – Port Address Translation
– 1 to 1
– one host assigned to the inside global address.
– ‘Overloading’
– a single public IP assigned to the router can be used by multiple internal hosts. This is done by translating source UDP/TCP ports in the packets and keeping track of them within the translation table kept in the router.

 

IPv6:
– IHL, header checksum,and flags are all present in IPv4 that are not present in IPv4.
– Benefits include IPSec, mobility and simpler header.
– A 128 bit hexadecimal address
– Tunnelling is a mechanism that encapsulates IPv6 packets in IPv4 packets for transportation over an IPv4 network.
– Dual stack works by assigning both an IPv4 & IPv6 address to an interface.
– Link-Local -L2 domain
– Assigned automatically as in IPv6 host comes online.
– Always begins with ‘FE80’ followed by 54 bits of zeros,
– Last 64 bits is EUI 64.
– Unique Local – Organisation
– Global Scope – Internet
– First High-level 3 bits set to 001
(2000::/3) – Routing prefix 48 bits or less

 

IPv6 Addressing Short Hand:
– Eliminate groups of consecutive 0’s
– Drop leading zeros
Examples of Valid IPv6 addresses
– ::10.1.1.1 – 2003:1bcd:023::2a – 2003:abcd:cafe:4bad:45:12:aa:103 – ::

 

EUI 64:
– Using MAC address as host id. – A 64-bit interface identifier is derived from its 48-bit MAC address. A MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle: 00:0C:29:FF:FE:0C:47:D5.

IP provides best-effort delivery of packets.

Show process – shows CPU utilisation.

Show access-list – shows what tips are allowed inside address.

Trace-route relies on Time-to-live (TTL) packets not hops.

The show IP interface interface-id command displays whether an access list is assigned to an interface.

 

DHCP:
Address conflicts occur when the same IP address is used by two hosts. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. This address will not be used until the administrator resolves the conflict.
An IPv6 header contains the next header field, and IPv6 routers send router advertisement (RA) messages. RA messages are part of IPv6 stateless auto-configuration.

Switches will never learn broadcast addresses because they will never be the source address of a frame and cannot be stored in the mac-address-table.

An Ethernet frame maximum transmission unit (MTU) is 1518 bytes. Any frame larger than the MTU is considered a giant/jumbo frame.

Establishing VLANs increases the number of broadcast domains.

Micro-segmentation decreases the number of collisions on the network.

 

HSRP (Hot Standby Router Protocol):
HSRP is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway.

The protocol establishes a framework between network routers in order to achieve default gateway failover if the primary gateway becomes inaccessible, in close association with a rapid converging routing protocol like EIGRP or OSPF. HSRP routers send multicast Hello messages to other routers to notify them of their priorities (which router is preferred) and current status (Active or Standby).

The primary router with the highest configured priority will act as a virtual router with a pre-defined gateway IP address and will respond to the ARP / ND request from machines connected to the LAN with a virtual MAC address. If the primary router should fail, the router with the next-highest priority would take over the gateway IP address and answer ARP requests with the same MAC address, thus achieving transparent default gateway failover.

HSRP is not a routing protocol as it does not advertise IP routes or affect the routing table in any way.

HSRP has the ability to trigger a failover if one or more interfaces on the router go down. This can be useful for dual branch routers each with a single serial link back to the head end. If the serial link of the primary router goes down, the backup router will take over the primary functionality and thus retain connectivity to the head end.

 

GLBP (Gateway Load Balancing Protocol):
GLBP is a CISCO proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality. In addition to being able to set priorities on different gateway routers, GLBP allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. Thus,by default, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router.

By default GLBP load balances in round-robin fashion. GLBP elects one AVG (Active Virtual Gateway) for each group. Other group members act as backup in case of AVG failure. In case there are more than two members, the second best AVG is placed in the Standby state and all other members are placed in the Listening state. This is monitored using hello and holdtime timers, which are 3 and 10 seconds by default. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to its virtual MAC address. There could be up to four AVFs at the same time.

By default, GLBP routers use the local multicast address 224.0.0.102 to send hello packets to their peers every 3 seconds over UDP 3222 (source and destination).

CISCO implemented IPv6 support for GLBP in IOS release 12.2(33)SXI.[1]

Neighbor Discovery Protocol (NDP) acts as a replacement for several IPv4 protocols, including ARP, as well as providing several new functions for IPv6. ARP does not exist in IPv6.

By default, two Cisco 2960 switches that have a crossover cable connected will not automatically form an 802.1Q trunk because of the default trunking setting of dynamic auto. To create a trunk, one of the two switches can be configured to trunk (switchport mode trunk) or to initiate the negotiation of trunking (switchport mode dynamic desirable).

 

Well, that’s it.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
52 Comments
  1. Error CPD > CDP

  2. Waiting for Part 2 😛

  3. Thanks very nice..really does a job.!!

  4. super very good work … may god bless you and your effort

  5. Very well done.
    Found few errors:
    Error: Class C – 192 – 223 /16
    Correction: Class C – 192 – 223 /24

    Error: CSMA/CD (Carrier Sense Multiple Access/Collision Domain)
    Correction: CSMA/CD (Carrier Sense Multiple Access/Collision Detection)

Page 9 of 9« First...«56789
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 334 / December 14, 2019
How do I Get MTA Certified?
Views: 926 / December 12, 2019
How much does your PAM software really cost?
Views: 1379 / December 10, 2019
How Do I Get into Android Development?
Views: 1757 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel