Shulou(Shulou.com)05/31 Report--

This article introduces what are the knowledge points of CCNA, the content is very detailed, interested friends can use for reference, I hope it can be helpful to you.

Three-tier architecture of the network:

1. Access layer: provide network access points, the corresponding device ports are relatively dense. Main equipment: switch, hub.

two。 Aggregation layer: the convergence point of the access layer, which can provide routing decisions. To achieve security filtering, flow control. Remote access. Main equipment: router.

3. Core layer: provides faster transmission speed without doing anything to the packet

=

OSI seven-layer network model: Protocol data unit

1. Physical layer: rate, voltage, pin interface type Bit

two。 Data link layer: data error detection, physical address MAC Frame

3. Network layer: routing (path selection), logical address (IP) Packet

4. Transport layer: reliable and unreliable transmission services, retransmission mechanism. Segment

5. Session layer: data that distinguishes different applications. The operating system works at this layer, DATA.

6. Presentation layer: to achieve data coding, encryption. DATA

7. Application layer: user interface DATA

Bit, Frame, Packet and Segment are all called PDU (Protocol Data Unit).

=

Physical layer:

1. Media type: twisted pair, coaxial cable, optical fiber

two。 Connector type: BNC interface, AUI interface, RJ45 interface, SC/ST interface

3. The transmission distance of twisted pair is 100 meters.

4.HUB hub: a broadcast domain, a collision domain. Flood forwarding. Shared bandwidth.

Straight-through line: the host connects to the switch or HUB

Cross line: switch to switch, switch to HUB connection

Reverse Line (Rollback): used to manage the network equipment of CISCO.

=

Data Link layer:

1. Switches and bridges 2. There are as many collision domains as there are as many segments (ports) between the switch and the bridge.

3. All segments (ports) of the switch and the bridge are in the same broadcast domain

=

Network layer:

1. Router 2. Routing implementation path selection (routing decision). Routing Table 3. Wide area network access. 4. Partition (partition) of router broadcast domain.

=

Transport layer:

1.TCP (Transmission Control Protocol), connection-oriented, with retransmission mechanism, reliable transmission

2.UDP (user message Protocol), no connection, no retransmission mechanism, unreliable transmission

3. Port number: provided to the session layer to distinguish data that is not used by the application. Identify the service.

=

Show hosts displays the current hostname configuration

Show sessions displays the current out-of-office TELNET session

Clear line XXX clear line

+ return directly to privileged mode

+ + x

=

Enable enters privileged mode

Disable returns from privileged mode to user mode

Configure terminal enters global configuration mode

Interface ethernet 0ax 1 enters the Ethernet port numbered 1 of slot 0

Exit returns to upper mode

End returns directly to privileged mode

=

1. When the CISCO CATALYST series switch does not find the "user configuration" file during initialization, it will automatically load the Default Settings (default configuration) file and initialize the switch. To ensure delivery.

The switch works normally. 2.When Cisco Router does not find the "user configuration" file during initialization, the system will automatically enter the "initialization configuration mode" (system configuration dialog mode, SETUP mode, STEP BY)

STEP CONFIG mode, standby mode), does not work properly!

=

1.CONSOLE PORT (Management console Interface): distance limit, exclusive way.

2.AUX port (Auxiliary Management Interface): can be connected to MODEM to achieve remote management, exclusive way.

3.Telnet: multi-person remote management (depending on performance, number of VTY lines). Unsafe。

=

Execute immediately, effective immediately

=

Hostname configure host local identity

R6 (config) # interface ethernet 0

R6 (config-if) # ip address 1.1.1.1 255.255.255.0

Show version observes the list of interfaces related to the working time of the IOS version of the device

Show running-config to view the configuration currently in effect this profile is stored in RAM

Show interface ethernet 0ax 1 to view the status of the Ethernet interface, working status and so on.

=

Reload reload Router (restart)

Setup manually enters setup configuration mode

Show history View History command (recently used command)

Terminal history size sets command buffer size 0: does not cache

Copy running-config startup-config saves the current configuration

Concept:

Nvram: non-volatile memory, power outage information will not lose the best route

=

OSPF's process of creating neighbors:

1.Down

2.Init

3.Two-Way

4.ExStart

5.ExChange

6.Loading

7.Full

=

Advantages of OSPF hierarchy:

1. Reduce routing table size 2. Accelerate convergence 3. Limit the spread of LSA 4. Improve stability

=

OSPF area:

1. Transmission area (backbone area) 2. Normal area (non-backbone area)

=

The higher the RouteID, the easier it is to become a DR (Designated Router designated router)

RouterID production?

1. If the router has a loopback interface, select the highest IP from the loopback interface as the RouterID

two。 If the router does not save loopback, select the highest IP from the physical interface as the RouterID (the interface must be active)

=

10.1.1.0/0.0.0.255

10.1.1.0/255.255.255.0

10.1.1.1/255.255.255.255

10.1.1.1/0.0.0.0

Router ospf 1

Network 192.168.1.0 0.0.0.255 area 0

The process number will not affect the notification learning of OSPF

=

Show ip ospf neighbor check neighbors (NeighborID is RouterID)

Show ip ospf interface serial 1 looks at the process numbers of RouterID and OSPF and the related network types.

Show ip protocols

Show ip route

=

Access control list (ACL)

1. Control network traffic 2. Implement packet filtering

There are two types of ACL:

1. Standard access control list 1-99 million 1300-1999 2. Extended access control list 100-19992000-2699

Standard access control list: access control list that detects only source address extensions: source address, destination address, protocol, port number

ACL has two actions:

1. Refuse 2. Allow

ACL for packet processing:

1. In direction 2. Out direction

ACL is the most important: the ACL condition list ends with a hidden deny all condition.

=

Experiment:

1. Configure ACL to deny london access to Denver

Adopt standards:

Access-list 1 deny host 10.3.3.1

Access-list 1 permit any

Hidden: access-list 1 deny any

two。 Configure ACL to deny london to Pingtong Denver (1)

Configure ACL to allow london to go to telnet to Denver (2)

Source: 10.3.3.1

Target: 172.16.3.1

Protocol: ICMP (Internet Control Message protocol)

Source port: None

Destination port: None

Action: Deny

Source: 10.3.3.1

Target: 172.16.3.1

Protocol: TCP

Source port: None

Destination port: 23

Action: Permit

Access-list 100 deny ICMP host 10.3.3.1 host 172.16.3.1

Access-list 100 permit TCP host 10.3.3.1 host 172.16.3.1 eq 23

Access-list 100 permit IP any any

Where the standard access control list is applied: on the interface closest to the target

Location of the extended access control list application: applied on the interface closest to the source

Show ip interface serial 0 to view the configuration of the interface's acl

Show ip access-lists to view specific list conditions and matching information

=

Redundant topology can cause broadcast storm, multiple frame reception, and MAC address table instability.

Spanning tree can avoid the loop problem caused by redundancy. The root of the problem: put redundant ports in a blocking state.

The interface in the blocking state does not receive / send user data.

=

BPDU: Bridge Protocol Data Unit Bridge Protocol data Unit

It contains: BridgeID = Bridge Priority + MAC address

BPDU exchanges between switches every two seconds. Periodically.

=

Ethernet link cost:

10Gbps 2

1Gbps 4

100Mbps 19

10Mbps 100

=

1. Each network elects a root bridge BridgeID Lowest

two。 Each non-root bridge elects a root port 1) Bandwidth Cost Lowest 2) Recevied BridgeID Lowest

3. Select a designated port BridgeID Lowest for each network segment

1) the root port does not compete with the designated port. 2) usually the interfaces owned by the root bridge are designated ports.

4. Non-designated port is set and blocked

=

Spanning tree port

Blocking-> listening-> Learning-> forwarding

20s 15s 15s

=

Show spanning-tree brief View spanning Tree status (3500xl)

(2950 take 3550: show spanning-tree)

Show spanning-tree interface fastEthernet 0tic23 View the status of the interface in the spanning tree

=

understand

Spanning-tree vlan 1 priority? Modify the priority of the switch

Change the cost expense value of the interface

Interface fa0/24

Spanning-tree vlan 1 cost??

=

VLAN characteristics

1.A vlan = = A broadcast domain = = A logic subnet

two。 There is no direct communication between different VLAN.

Characteristics of VLAN:

1. Segmenting: broadcast domain division

two。 Flexibility: VLAN can span multiple switches

3. Security: communication between different VLAN

The implementation method of VLAN:

1. Port-based implementation, static VLAN 2. Based on MAC address implementation, dynamic VLAN

TRUNK (Trunk Road): uses a special encapsulation mechanism to transmit data from multiple VLAN.

=

Create VLAN

Vlan database enters database configuration mode of VLAN

Vlan 10 name cisco creates a 10 VLAN called CISCO

Vlan 20 creates the system's self-named VLAN 20.

Configuration related to apply application

Exit applies and exits VLAN's database configuration mode

Note: by default, all ports belong to vlan 1 (administrative VLAN or system default VLAN), and VLAN1 cannot be deleted.

Adds a port to the specified VLAN

Interface fastethernet 0lap1 enters the Fast Ethernet 0lap1 interface

Switchport access vlan 10 adds this port to VLAN 10.

End exit port configuration

=

Note:

1900 supports only ISL Trunk Road Protocol 2950 supports only 802.1Q Trunk Road Protocol 3550 supports 802.1Q and ISL Trunk Road Protocol creates an 802.1Q trunk road at 2950

Interface fastethernet 0ax 1 enters the fa0/1 interface

Switchport mode trunk changes interface mode to trunk working mode

Create an 802.1Q trunk road in 3550

Interface fastehternet 0ax 1 enters the fa0/1 interface

Switchport trunk encapsulation dot1q needs to choose what kind of trunk road [dot1q | isl]

Switchport mode trunk changes interface mode to trunk working mode

Show interface trunk views the TRUNK configuration of the current switch

Show interfaces fastethernet 0/1 switchport

=

VTP Vlan Trunk Protocol

VTP is a messaging system. Can ensure the VLAN of all switches on the network under the same management domain

The configuration is consistent.

The message notification of VTP can only be transmitted on TRUNK.

There are three modes for VTP:

1.Server mode 2.Client mode 3.TransParent mode

VTP uses multicast to advertise, and VTP will advertise every 5 minutes, even if there is no change here. The VTP switch synchronizes the last configuration.

=

Configure VTP

Vlan database enters vlan configuration mode

Vtp domain configures the domain name of VTP

Vtp password configure the password for VTP

Vtp server configures this switch in server mode [server | client | transparent]

Vtp pruning enables pruning

Exit

=

Show vtp status to check the status of VTP

=

Wide area Network:

Used to connect to remote sites.

Types and encapsulation protocols of WAN:

1. Direct connect: PPP, HDLC, SLIP

two。 Circuit switching: PPP, HDLC, SLIP

3. Packet switching: X.25, Frame-Relay, ATM

=

HDLC:

1.cisco hdlc: can support multi-protocol environment, is achieved by adding the "properties" field.

2.standard hdlc: an environment that only supports single protocol

CISCO router, which is encapsulated with cisco HDLC by default on the serial interface

In practical application, cisco hdlc is not compatible with standard hdlc.

=

PPP:

Through NCP can support multiple network layer protocols through LCP can achieve "authentication", "compression", "error detection", "multi-link".

Authentication method of PPP:

1.PAP: two handshakes, passwords transmitted in clear text

2.CHAP: challenge three-way handshake, password is transmitted by HASH algorithm, which is stronger than PAP

=

Enable HDLC on the interface:

Interface serial 0

Encapsulation HDLC

=

Configuration of PPP

Hostname ABC configure local user name

Username 123 password cisco configures the username password database to authenticate the other party

Interface serial 0

Encapsulation PPP enables PPP on the interface

Ppp authentication CHAP chooses CHAP for authentication [chap | pap]

Debug ppp authentication debugs the authentication of PPP.

=

Autonomous password configuration of PPP

Interface serial 0

Encapsulation PPP enables PPP on the interface

Ppp chap hostname abc sends the local user name in CHAP

Ppp chap password cisco sends local passwords in CHAP mode

=

FRAME-RELAY

1. Connection-oriented service 2. 2. Connection based on virtual link

PVC: permanent virtual link

DLCI: used to identify PVC. Valid locally only.

LMI: local management interface.

BECN: backward explicit congestion notification

FECN: forward explicit congestion notification

=

FRAME-RELAY Topology (pvc)

1. Full mesh 2. Semi-reticulate 3. Star (hub and spoke)

FRAME-RELAY LMI signaling

1. CISCO 2. ANSI 3. Q993A

FRAME-RELAY is a non-broadcast multi-access network and does not support broadcasting.

Broadcast is not supported by FRAME-RELAY, which causes routes to be unadvertised. Solution: copy multiple frames to advertise.

FRAME-RELAY also causes the problem of route unreachability, that is, horizontal separation rules.

To solve the horizontal separation, you can use the subinterface mode.

FRAME-RELAY address Mapping (reverse ARP)

=

Frame-relay switching

!

Interface Serial0

No ip address

Encapsulation frame-relay

Clockrate 64000

Frame-relay lmi-type ansi

Frame-relay intf-type dce

Frame-relay route 110 interface Serial1 120

!

Interface Serial1

No ip address

Encapsulation frame-relay

Clockrate 64000

Frame-relay lmi-type cisco

Frame-relay intf-type dce

Frame-relay route 120 interface Serial0 110

!

Show frame-relay lmi

Show frame-relay pvc

Show frame-relay map

=

Basic FRAME-RELAY configuration

Interface s 1

Encapsulation frame-relay

Ip add 10.1.1.1 255.255.255.0

=

Adopt the configuration of point-to-point subinterface

Interface s 1

No ip add

Encapsulation frame-relay

No shut

Interface s 1.??? Point-to-point enables a point-to-point subinterface. ??? It is the answer number.

Ip add 10.1.1.1 255.255.255.0 configure ip for subinterfaces

Frame-relay interface-dlci? Assign a specific PVC to this subinterface. ??? It's the PVC.

=

Configuration with multipoint subinterfac

Interface Serial1

No ip address

Encapsulation frame-relay

!

Interface Serial1.1 multipoint

Ip address 10.1.1.1 255.255.255.0

Frame-relay map ip 10.1.1.2 110 broadcast for manual static mapping

=

Private IP address:

A: 10.0.0.0/8

B: 172.16.0.0Compact 16-- 172.31.0.0Universe 16

C: 192.168.0.0 Compact 24-192.168.255.0 Universe 24

Hosts with private IP addresses cannot directly access the public network (Internet)

Private IP will not appear in the routing table of the public network router.

=

There are three types of NAT:

1. Static NAT 2. Dynamic NAT 3. PAT

=

Static NAT configuration

B (config) # inte s 0

B (config-if) # ip nat inside configures interface S0 for inside network

B (config) # inte s 1

B (config-if) # ip nat outside configures S1 interface as outside network

Translate an internal source address of 192.168.1.10 into an external IP of 1.1.1.1

B (config) # ip nat inside source static 192.168.1.10 1.1.1.1

=

Dynamic NAT configuration

B (config) # inte s 0

B (config-if) # ip nat inside configures interface S0 for inside network

B (config) # inte s 1

B (config-if) # ip nat outside configures S1 interface as outside network

It is stipulated that those hosts can perform NAT

B (config) # access-list 1 permit any

Specify the free IP of the address pool

B (config) # ip nat pool abc 1.1.1.1 1.1.1.30 prefix-length 24

Translate the host IP of list 1 to the idle IP in pool abc

B (config) # ip nat inside source list 1 pool abc

B#show ip nat translations View Translation relationship Table

=

Configuration of PAT

B (config) # inte s 0

B (config-if) # ip nat inside configures interface S0 for inside network

B (config) # inte s 1

B (config-if) # ip nat outside configures S1 interface as outside network

It is stipulated that those hosts can perform NAT

B (config) # access-list 1 permit any

Specify the free IP of the address pool

B (config) # ip nat pool abc 1.1.1.1 1.1.1.1 prefix-length 8

Translate the host IP of list 1 to the idle IP in pool abc

B (config) # ip nat inside source list 1 pool abc overload

=

How to make the configuration command of outside when the address of PAT interface is unknown

B (config) # ip nat inside source list 1 interface serial 1 overload

=

1. Configure the ISDN switch type and select it according to the region

R14 (config) # isdn switch-type basic-net3

two。 Set the number for dialing

R14 (config) # interface bri 0

R14 (config-if) # dialer string 016300

3. Set user password or authentication protocol

R14 (config) # interface bri 0

R14 (config-if) # encapsulation ppp

R14 (config-if) # ppp chap password 16300

R14 (config-if) # ppp chap hostname 16300

4. Configure the IP protocol

R14 (config) # interface bri 0

R14 (config-if) # ip address negotiated

5. Configure a static default route that indicates the interface from which packets should be sent to an unknown network

R14 (config) # ip route 0.0.0.0 0.0.0.0 bri 0

6. Set when to dial the number

R14 (config) # access-list 1 permit any

R14 (config) # dialer-list 9 protocol ip list 1

R14 (config) # interface bri 0

R14 (config-if) # dialer-group 9

7. When to disconnect

R14 (config-if) # dialer idle-timeout 60

R14#debug isdn events

R14#show isdn active

What are the knowledge points about CCNA to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.