CCNA 1 v3.

0
Networking Fundamentals

Agenda

Day 1

LAN Switching Technologies

Identify basic switching concepts
-Types of Switching
-Collision / Broadcast Domains
-CAM Table
Configure and verify initial switch configuration
Switch operation (ping, telnet and ssh)
Identify enhanced switching technologies
-RSTP / PVSTP /MST
-Ether channels
Configure and verify VLANs / Trunking
-DTP / Auto negotiation
Configure and verify PVSTP operation
-Root bridge election / STP Modes

Laboratorio

Operation of IP Data Networks

Functions of Routers, Switches, Bridges and Hubs
OSI and TCP/IP models
Data flow between two hosts across a network

Agenda

Day 2

WAN Technologies
Identify different WAN Technologies, HDLC, PPP, Frame Relay.
Configure and verify Frame Relay on Cisco routers

Laboratorio IPV6 e IPv4

Laboratorio PPP

IP addressing (IPv4 / IPv6)

Private and public IP addresses for IPv4
IPv4 addressing scheme using VLSM and summarization
IPv6 addressing scheme General Overview
IPv6 in conjunction with IPv4 such as (dual stack)
Describe IPv6 addresses
-Global unicast
-Multicast
-Link local
-Unique local
-eui 64
-auto configuration

Agenda

Day 3
IP Routing Technologies
Describe basic routing concepts
-C E F
-Packet forwarding
-Router lookup process
Describe the boot process of Cisco IOS routers
Configure and verify basic Router configuration
Configure and verify interface (serial and Ethernet)
Configure and verify Static & Default routing
Manage Cisco IOS Files
- Boot preferences / Cisco IOS image(s)
- Licensing
Differentiate methods of routing and routing protocols
-Static vs. Dynamic
-Link state vs. Distance Vector
-Administrative distance
Configure and verify OSPF (single area)
-Benefit of single area
-neighbor adjacencies
-OSPF states, Multi area
-Configure OSPF v2
-Router ID, Passive interface, LSA types

Agenda

Day 3
Configure and verify EIGRP (single AS)
-Feasible Distance / Feasible Successors
-Administrative distance
-Feasibility condition
-Metric composition
-Router ID, Auto summary, Path selection
-Load balancing (Equal & Unequal)
-Passive interface
InterVLAN routing (Router on a stick)
-sub interfaces, encapsulation
Configure SVI interfaces
Laboratorio de OSPF
Laboratorio EIGRP

Agenda

Day 4
IP Services
Configure and verify DHCP (IOS Router)
-Configuring router interfaces to use DHCP
-DHCP options
-Excluded addresses, Lease time
ACL (Types, Features & Applications of ACLs)
-Standard, Extended, Named & Numbered
-Log option
Configure and verify ACL
Recognize High availability (FHRP, VRRP, HSRP & GLBP)
Configure and verify Syslog.
Describe SNMP v2 & v3

Agenda

Day 4

Network Device Security

Configure and verify network device security
-Enable secret vs enable
-Disable telnet
-SSH / VTYs
-Physical security
-Service password
Configure and verify Switch Port Security
-Sticky MAC / MAC address limitation
-Static / dynamic
-Violation modes(Err disable/Shutdown)
-Protect restrict
-Err disable recovery

Laboratorio

Agenda

Day 5

Troubleshooting
Identify and correct common network problems
Troubleshoot and Resolve VLAN problems
-Identify that VLANs are configured
-port membership correct
-IP address configured
Troubleshoot and Resolve trunking problems
-correct trunk states
-correct encapsulation configured
-correct vlans allowed
Troubleshoot and Resolve STP
-Root switch
-Priority
-Mode is correct
-Port states
Troubleshoot and Resolve routing issues
-Routing is enabled
-Routing table is correct
-Correct path selection

Agenda

Day 5
Troubleshoot and Resolve OSPF problems
-Neighbor advances
-Hello and Dead timers
-OSPF area
-Interface MTU
-Network types
-Neighbor states
-OSPF topology database
Troubleshoot and Resolve EIGRP problems
- Neighbor adjancies
- AS number
- Load balancing
Troubleshoot and Resolve interVLAN
-Connectivity
-Encapsulation
-Subnet
-Native VLAN
-Port mode trunk status
Troubleshoot and Resolve ACL issues
-Statistics, Permitted networks, Direction
Troubleshoot and Resolve WAN implementation issues
-Serial interfaces, PPP, Frame relay
Troubleshoot etherchannel problems

Agenda
Day 6
802.1x

Device Roles
Authentication Process
Authentication Initiation and Message Exchange
Authentication Manager
Port-Based Authentication Methods
Per-User ACLs and Filter-Ids
Authentication Manager CLI Commands
Ports in Authorized and Unauthorized States
802.1x Authentication and Switch Stacks
802.1x Host Mode
802.1x Multiple Authentication Mode
MAC Move
MAC Replace
802.1x Accounting
802.1x Accounting Attribute-Value Pairs
802.1x Authentication with Guest VLAN
802.1x Authentication with Restricted VLAN
802.1x Authentication with Inaccessible Authentication Bypass
IEEE 802.1x Authentication with Voice VLAN Ports
IEEE 802.1x Authentication with Port Security
IEEE 802.1x Authentication with Wake-on-LAN ]

Agenda
Day 6
Prerequisites for Configuring NetFlow and NetFlow Data Export
Restrictions for Configuring NetFlow and NetFlow Data Export
NetFlow Data Capture
NetFlow Data Export

Information About Configuring NetFlow and NetFlow Data Export

NetFlow Data Capture

NetFlow Flows: Key Fields
NetFlow Cache Management and Data Export
NetFlow Export Format Versions 9, 8, 5, and 1
How to Configure NetFlow and NetFlow Data Export
Configuring NetFlow
Verifying that NetFlow Is Operational and Displaying
NetFlow Statistics
Configuring NetFlow Data Export Using the Version 9
Export Format
Prerequisites
Verifying that NetFlow Data Export Is Operational
Clearing NetFlow Statistics on the Router
Customizing the NetFlow Main Cache Parameters
NetFlow Cache Entry Management on a Routing Device
NetFlow Cache Size
Restrictions
Lab demostrativo

Networking Devices

Network Topology

Network Protocols

Local-area Networks (LANs)

Wide-area Networks (WANs)

Metropolitan-Area Network (MANs)

Storage-Area Networks (SANS)

Virtual Private Networks (VPNs)

Intranet and Extranet VPN

Importance of Bandwidth

Bandwidth Pipe Analogy

Bandwidth Highway Analogy

Using Layers to Describe Data Communication

OSI Model

OSI Layers

OSI Layers

Provides connectivity and path selection between two host

Provides Logical address
No error correction, best effort delivery.

OSI Layers

OSI Layers

OSI Layers

OSI Layers

OSI Layers

Peer-to-Peer Communication

TCP/IP Model

Encapsulation

Names for Data at Each Layer

CCNA
Networking Media

Unshielded Twisted Pair (UTP)

Unshielded Twisted Pair (UTP)

Unshielded Twisted Pair (UTP)

Unshielded Twisted Pair (UTP)

Unshielded Twisted Pair (UTP)

Unshielded Twisted Pair (UTP)

CCNA 1 Cabling LANs and

WANs (switches vs routers)

Media Access Control (MAC)

Overview

Routers
Switches, Bridges
Hub, Repeaters

Ethernet networks used to be built using repeaters.

When the performance of these networks began to suffer because too

many devices shared the same segment, network engineers added

bridges to create multiple collision domains.
As networks grew in size and complexity, the bridge evolved into the
modern switch, allowing microsegmentation of the network.
Todays networks typically are built using switches and routers, often
with the routing and switching function in the same device.

Ethernet/802.3 LAN development

Distance limitations
Ethernet is fundamentally a shared technology where all users on a given LAN
segment compete for the same available bandwidth.
This situation is analogous to a number of cars all trying to access a one-lane
road at the same time.
Because the road has only one lane, only one car can access it at a time.
The introduction of hubs into a network resulted in more users competing for
the same bandwidth.
Collisions are a by-product of Ethernet networks.

Bridges

A bridge is a Layer 2 device used to divide, or segment, a network.

A bridge is capable of collecting and selectively passing data frames
between two network segments.
Bridges do this by learning the MAC address of all devices on each
connected segment. Using this information, the bridge builds a bridging
table and forwards or blocks traffic based on that table.
This results in smaller collision domains and greater network efficiency.

Bridges do NOT restrict broadcast traffic.

Switches

Switches create a virtual circuit between two connected devices,

establishing a dedicated communication path between two devices.
Switches on the network provide microsegmentation.
This allows maximum utilization of the available bandwidth.
A switch is also able to facilitate multiple, simultaneous virtual circuit
connections.
Broadcast frames to all connected devices on the network.

Router

A router is a Layer 3 device.

Used to route traffic between two or more Layer 3 networks.
Routers make decisions based on groups of network addresses, or
classes, as opposed to individual Layer 2 MAC addresses.
Routers use routing tables to record the Layer 3 addresses of the
networks that are directly connected to the local interfaces and
network paths learned from neighboring routers.
Routers are not compelled to forward broadcasts.

Elements of Ethernet/802.3 networks

Broadcast data frame delivery of Ethernet/802.3

The carrier sense multiple access/collision detect (CSMA/CD) method

allows only one station to transmit at a time.

Multimedia applications with higher bandwidth demand such as video
and the Internet, coupled with the broadcast nature of Ethernet, can
create network congestion.
Normal latency as the frames travel across the layers
Extending the distances and increasing latency of the Ethernet/802.3
LANs by using Layer 1 repeaters.

Half-Duplex

Originally Ethernet was a half-duplex technology.

Using half-duplex, a host could either transmit or receive at one time, but not both.
If the network is already in use, the transmission is delayed.
When a collision occurs, the host that first detects the collision will send out a jam signal to the other
hosts.
Upon receiving the jam signal, each host will stop sending data, then wait for a random period of time
before attempting to retransmit.
The back-off algorithm generates this random delay.
As more hosts are added to the network and begin transmitting, collisions are more likely to occur.

Duplex Transmissions

Simplex Transmission: One way and one way only.

One way street

Half-duplex Transmission: Either way, but only one way at a time.

Two way street, but only one way at a time (land slide).

Full-duplex Transmission: Both ways at the same time.

Two way street

Network Congestion

Today's networks are experiencing an increase in the transmission of many

forms of media:
Large graphics files
Images
Full-motion video
Multimedia applications

Network Latency

Latency, or delay, is the time a frame or a packet takes to travel from the

source station to the final destination.

It is important to quantify the total latency of the path between the source
and the destination for LANs and WANs.
Latency has at least three sources:
First, there is the time it takes the source NIC to place voltage pulses
on the wire and the time it takes the receiving NIC to interpret these
pulses. This is sometimes called NIC delay.
Second, there is the actual propagation delay as the signal takes time
to travel along the cable.
Third, latency is added according to which networking devices, whether
they are Layer 1, Layer 2, or Layer 3, are added to the path between
the two communicating computers.

Full-duplex transmitting

Full-duplex Ethernet allows the transmission of a packet and the reception of a different packet at the
same time.
To transmit and receive simultaneously, a dedicated switch port is required for each node.
The full-duplex Ethernet switch takes advantage of the two pairs of wires in the cable by creating a
direct connection between the transmit (TX) at one end of the circuit and the receive (RX) at the
other end.
Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth because of collisions
and latency.
Full-duplex Ethernet offers 100% of the bandwidth in both directions.
This produces a potential 20 Mbps throughput, which results from 10 Mbps TX and 10 Mbps RX.

Layer 2 and layer 3 switching

(routing)

A layer 3 switch is typically a layer 2 switch that includes a routing process, I.e.

does routing. (Oh yea, also known as routing. Got to love those people in
Marketing.)
Layer 3 switching has many meanings and in many cases is just a marketing
term.
Layer 3 switching is a function of the network layer.
The Layer 3 header information is examined and the packet is forwarded
based on the IP address.

Memory buffering

switch

1111

3333

Abbreviate
d MAC
addresses

2222

4444

An Ethernet switch may use a buffering

technique to store and forward frames.
Buffering may also be used when the
destination port is busy.
The area of memory where the switch
stores the data is called the memory
buffer.
This memory buffer can use two methods
for forwarding frame:
port-based memory buffering
shared memory buffering
In port-based memory buffering frames
are stored in queues that are linked to
specific incoming ports.
Shared memory buffering deposits all
frames into a common memory buffer
which all the ports on the switch share.

Two switching methods

Store-and-forwardThe entire frame is received before any forwarding takes place.

The destination and source addresses are read and filters are applied before the
frame is forwarded.
CRC Check done
Cut-throughThe frame is forwarded through the switch before the entire frame is
received.
This mode decreases the latency of the transmission, but also reduces error
detection.
1900 and 2800 series switches this is configurable, otherwise depends on the model of
the switch.

Cut-through

Cut-through
Fast-forwardOffers the lowest level of latency.
Fast-forward switching immediately forwards a packet after reading
the destination address.
There may be times when packets are relayed with errors.
Although this occurs infrequently and the destination network
adapter will discard the faulty packet upon receipt.

Cut-through

Cut-through
Fragment-freeFragment-free switching filters out collision fragments before
forwarding begins.
Collision fragments are the majority of packet errors.
In a properly functioning network, collision fragments must be smaller than
64 bytes.
Anything greater than 64 bytes is a valid packet and is usually received
without error.
Fragment-free switching waits until the packet is determined not to be a
collision fragment before forwarding.

Two switching methods

Adaptive cut-through
In this mode, the switch uses cut-through until it detects
a given number of errors.
Once the error threshold is reached, the switch changes
to store-and-forward mode.

Broadcast domains

1 7 2 .3 0 .1 .2 1
2 5 5 .2 5 5 .2 5 5 .0

1 7 2 .3 0 .2 .1 0
2 5 5 .2 5 5 .2 5 5 .0

S w itc h 1

1 7 2 .3 0 .1 .2 3
2 5 5 .2 5 5 .2 5 5 .0

A ll S w itc h e d N e tw o r k - T w o N e tw o r k s
T w o S u b n e ts
S e v e r a l C o llis io n D o m a in s
O n e p e r s w it c h p o r t
O n e B r o a d c a s t D o m a in

S w itc h 2

1 7 2 .3 0 .2 .1 2
2 5 5 .2 5 5 .2 5 5 .0

1 7 2 .3 0 .1 .2 5
2 5 5 .2 5 5 .2 5 5 .0
1 7 2 .3 0 .2 .1 4
2 5 5 .2 5 5 .2 5 5 .0

1 7 2 .3 0 .2 .1 6
2 5 5 .2 5 5 .2 5 5 .0

1 7 2 .3 0 .1 .2 7
2 5 5 .2 5 5 .2 5 5 .0

Even though the LAN switch reduces the size of collision domains, all hosts connected to
the switch are still in the same broadcast domain.
Therefore, a broadcast from one node will still be seen by all the other nodes connected
through the LAN switch.

Switches and broadcast domains

These are logical not

physical
representations of
what happens to
these frames.

Switches flood frames that are:

Unknown unicasts
Layer 2 broadcasts
Multicasts (unless running multicast snooping or IGMP)
Multicast are special layer 2 and layer 3 addresses that are sent
to devices that belong to that group.

Switches and broadcast domains

When a device wants to send out a Layer 2 broadcast, the destination

MAC address in the frame is set to all ones.
A MAC address of all ones is FF:FF:FF:FF:FF:FF in hexadecimal.
By setting the destination to this value, all the devices will accept and
process the broadcasted frame.

Switches and broadcast domains

Communication between switches and

workstation

Ch. 7/ Mod. 6
Switch Configuration
CCNA 3 version 3.0

Physical startup of the Catalyst switch

Switches are dedicated, specialized computers;

Central Processing Unit (CPU
Random Access Memory (RAM)
Operating System.
A switch can be managed by connecting to the console port to view
and make changes to the configuration.
Switches typically have no power switch to turn them on and off.
They simply connect or disconnect from a power source.

Switch LED indicators

Switch LED indicators

The front panel of a switch has several lights to help monitor

system activity and performance.
These lights are called light-emitting diodes (LEDs).
The front of the switch has the following LEDs:
System LED
Whether the system is receiving power and
functioning correctly.
Remote Power Supply (RPS) LED
Whether or not the remote power supply is in use
Port Mode LED
Indicates the current state of the Mode button.
The modes are used to determine how the Port
Status LEDs are interpreted.
Port Status LEDs
Has different meanings, depending on the current
value of the Mode LED.

Switch LED indicators: Port Status LED

Port LEDs during switch POST System

LED

Once the power cable is connected, the

switch initiates a series of tests called the
power-on self test (POST).
If the System LED is green, then POST
was successful.
If the System LED is amber, then POST
failed. POST failure is considered to be a
fatal error.

Port LEDs during switch POST Port

Status LED

The Port Status LEDs also change during switch POST.

The Port Status LEDs turn amber for about 30 seconds as the switch
discovers the network topology and searches for loops.
If the Port Status LEDs turn green, the switch has established a link
between the port and a target, such as a computer.
If the Port Status LEDs turn off, the switch has determined that nothing
is plugged into the port.

Viewing initial bootup output from the

switch

The switch may be configured manually with or without the assistance of

the System Configuration dialog.

The System Configuration dialog on the switch is simpler than that on a
router.

Examining help in the switch CLI

The command-line interface (CLI) for Cisco switches is

very similar to the CLI for Cisco routers.

Switch command modes

The enable command is used to change from User EXEC

mode to Privileged EXEC mode. Privileged EXEC mode is
also recognized by its prompt, which ends in a pound-sign
character (#).

show running-config

show interface

show vlan

show flash

show version

Reset all Switch Configurations & Reload

The following steps will ensure that a new configuration will completely
overwrite any existing configuration:
Remove any existing VLAN information by deleting the VLAN database
file vlan.dat from the flash directory
Erase the back up configuration file startup-config
Reload the switch

Security, documentation, and

management

Set IP Address and Default Gateway

To allow the switch to be accessible by Telnet and other TCP/IP

applications, IP addresses and a default gateway should be set.
By default, VLAN 1 is the management VLAN. (more later)
In a switch-based network, all internetworking devices should be in the
management VLAN.
This will allow a single management workstation to access, configure,
and manage all the internetworking devices.

Set Port Speed and Duplex Settings

The Fast Ethernet switch ports default to:

auto-speed
auto-duplex.
This allows the interfaces to negotiate these settings.
When a network administrator needs to ensure an interface has
particular speed and duplex values, the values can be set manually.
More later

HTTP Service and Port

A web browser can access this service using the IP address and port
80, the default port for http.
The HTTP service can be turned on or off, and the port address for the
service can be chosen.

The GUI Interface

Managing the MAC address table

Switches learn the MAC addresses of PCs or workstations that are connected
to their switch ports by examining the source address of frames that are
received on that port.
Machines may have been removed from a port, turned off, or moved to another
port on the same switch or a different switch.
This could cause confusion in frame forwarding.
The MAC address entry is automatically discarded or aged out after 300
seconds.

Managing the MAC address table

Rather than wait for a dynamic entry to age out, the

administrator has the option to use the privileged EXEC
command clear mac-address-table.

Configuring static MAC addresses

The reasons for assigning a permanent MAC address to an interface include:

The MAC address will not be aged out automatically by the switch.
A specific server or user workstation must be attached to the port and the
MAC address is known.
Security is enhanced.
To set a static MAC address entry for a switch:
Switch(config)#mac-address-table static <mac-address of
host> interface FastEthernet <Ethernet numer> vlan

Configuring port security

Differs on 1900,
2900XL, and
2950 Switches.

Anyone can plug in a PC or laptop into one of these outlets.

This is a potential entry point to the network by unauthorized users.
Switches provide a feature called port security.
It is possible to limit the number of addresses that can be learned on an
interface.
The switch can be configured to take an action if this is exceeded. Secure
MAC addresses can be set statically.
However, securing MAC addresses statically can be a complex task and prone
to error.
To verify port security status the command show port security is entered.

Configuring Port Security

You can use the port security feature to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port.
When you assign secure MAC addresses to a secure port, the port does not forward
packets with source addresses outside the group of defined addresses.
If you limit the number of secure MAC addresses to one and assign a single secure MAC
address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC
addresses is reached, when the MAC address of a station attempting to access the port
is different from any of the identified secure MAC addresses, a security violation occurs.
Also, if a station with a secure MAC address configured or learned on one secure port
attempts to access another secure port, a violation is flagged.

Secure MAC Addresses

A secure port can have from 1 to 132 associated secure addresses. After you have set
the maximum number of secure MAC addresses on a port, the secure addresses are
included in an address table in one of these ways:
1. You can configure all secure MAC addresses by using the switchport port-security
mac-address mac-address interface configuration command.
2. You can allow the port to dynamically configure secure MAC addresses with the
MAC addresses of connected devices.
3. You can configure a number of addresses and allow the rest to be dynamically
configured.
Once the maximum number of secure MAC addresses is configured, they are stored in
an address table.
Setting a maximum number of addresses to one and configuring the MAC address of an
attached device ensures that the device has the full bandwidth of the port.

Secure MAC Addresses

The switch supports these types of secure MAC addresses:

1.
Static secure MAC addressesThese are manually configured by using the switchport portsecurity mac-address mac-address interface configuration command, stored in the address
table, and added to the switch running configuration.
2.
Dynamic secure MAC addressesThese are dynamically configured, stored only in the
address table, and removed when the switch restarts.
3.
Sticky secure MAC addressesThese are dynamically configured, stored in the address
table, and added to the running configuration. If these addresses are saved in the
configuration file, when the switch restarts, the interface does not need to dynamically
reconfigure them.

2950 Security Commands

Switch(config-if)#switchport mode access
Set the interface mode as access; an interface in the default mode (dynamic desirable) cannot be
configured as a secure port.
Switch(config-if)# switchport port-security
Enable port security on the interface
Switch(config-if)# switchport port-security maximum value
(Optional) Set the maximum number of secure MAC addresses for the interface. The range is 1 to
132; the default is 1.
Switch(config-if)# switchport port-security mac-address mac-address
(Optional) Enter a static secure MAC address for the interface, repeating the command as many
times as necessary.
You can use this command to enter the maximum number of secure MAC addresses. If you configure
fewer secure MAC addresses than the maximum, the remaining MAC addresses are dynamically
learned.
Note If you enable sticky learning after you enter this command, the secure addresses that were
dynamically learned are converted to sticky secure MAC addresses and are added to the running
configuration.

2950 Configuration

Copying IOS from TFTP Server

Erasing and Reloading the Switch