Network Layers Using SLAAC for Address Assignment on Routing Technologies An OSPF Configuration

u Access layer: Provides workgroup/user a Cisco Router R1#configure terminal

access to the network; as a result, this layer Default Administrative Distances
R1(config)#interface fa0/0 R1(config)#router ospf 1
Routing Information Source Default Administrative Distance
is sometimes called the workstation layer R1(config-if)#ipv6 address autoconfig Connected interface 0 R1(config-router)#network
u Distribution layer: Provides policy-based Static route 1 10.10.10.0 0.0.0.255 area 0

The CCNA Cram Sheet

connectivity and controls the boundary LAN Switching Technologies Enhanced IGRP summary route 5
between the access and core layers External BGP 20
The Ethernet Frame Format Internal Enhanced IGRP 90 Wireless Technologies
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . u C
 ore layer: Provides fast transport between
IGRP 100
distribution switches within the enterprise u RF bands: Two main radio frequency
This Cram Sheet contains key information as a final preparation tool for the CCNA exam. Review this OSPF 110
campus; this is sometimes called the IS-IS 115 bands are used with Wi-Fi technologies:
information as the last thing you do before you enter the testing center, paying special attention to
backbone layer RIP 120 the 2.4 GHz band and the 5 GHz band.
those areas in which you think that you need the most review. Enjoy this additional study aid!
u 2
 -Tier Spine-Leaf: This simple 2-tier model
EGP 140 For example, 802.11g uses the 2.4 GHz
Networking Fundamentals in Cisco ACI topologies features a spine layer
External Enhanced IGRP 170 band, while 802.11ac uses the 5 GHz
Internal BGP 200 band.
where core devices connect in a full mesh to Unknown 255
The OSI and TCP/IP Models every single leaf node u SSID: This is the “friendly” name of
OSI—the layers are Application, Presentation, Session, Transport, Network, Data Link, Physical; The ROAS Configuration a wireless network.
TCP/IP—the layers are Application, Transport, Internet, Network Interface. R1#configure terminal u Non-overlapping channels: Channels 1,
A Conversion Chart for IPv4 Addressing and Subnetting Questions Creating a VLAN on a Cisco Switch
6, and 11 are non-overlapping channels
Switch(config)#vlan 20 R1(config)#interface gi0/1
The PDUs of the Bottom Four Layers that permit you to configure wireless
Segments, Packets, Frames, Bits Switch(config-vlan)#name EAST R1(config-if)#no shutdown LANs that function properly in the
R1(config-if)#! Notice no IP 2.4 GHz band.
Protocols at Various Layers of the OSI Model The TCP/IP Version 4 Address Classes Configuring an Interface for a VLAN address is configured on the u Wireless LAN controller (WLC):
Layer Examples
Address Class High-Order Bit Setting 1st Octet Range in Decimal
Switch#configure terminal physical interface A WLC is a device for configuring,
Application FTP, HTTP, SMTP
Presentation JPEG, MPEG
A 0 1–127
R1(config-if)#interface gi0/1.10 monitoring, and troubleshooting a wireless
B 10 128–191 Switch(config)#interface gi0/1 LAN. For example, wireless access points
Session NetBIOS, PPTP
C 110 192–223 R1(config-subif)#encapsulation can be “lightweight” and can rely on
Transport TCP, UDP
D 1110 224–239 Switch(config-if)#switchport mode dot1q 10
Network IP, ICMP access WLCs for the “intelligence” required to
Data link PPP, ATM R1(config-subif)#ip address form the WLAN.
Physical Ethernet, USB Default IPv4 Subnet Masks Switch(config-if)#switchport access 10.1.10.1 255.255.255.0
Address Class Default Mask Prefix Notation Mask Bits vlan 20
A 255.0.0.0 /8
R1(config-subif)#exit
UDP is connectionless; UDP has very little overhead; UDP is often used for voice and B 255.255.0.0 /16 Switch(config-if)#end R1(config)#interface gi0/1.20
video traffic forms; UDP can multiplex using port numbers to work with multiple applications.
C 255.255.255.0 /24 Switch# R1(config-subif)#encapsulation
TCP is connection-oriented; TCP has more overhead than UDP; TCP uses features like dot1q 20
flow control, sequencing and acknowledgements to ensure reliable and ordered delivery The Possible Values in an IPv4 Subnet Mask Octet The Configuration of the Voice VLAN
of segments; TCP can multiplex using port numbers to work with multiple applications. R1(config-subif)#ip address
On Bits Value Switch#configure terminal
8 255 10.1.20.1 255.255.255.0
APPLICATIONS THAT USE TCP/UDP 7 254 Switch(config)#vlan 50
TCP UDP
6 252
Switch(config-vlan)#name VOICE Configuring of a Default Static Route
5 248
R1#configure terminal
HTTP DHCP 4 240 Switch(config-vlan)#exit
3 224 Enter configuration commands, one
FTP RIP Switch(config)#interface gi0/2 per line. End with CNTL/Z.
2 192
Telnet SNMP 1 128 R1(config)#ip route 0.0.0.0
Switch(config-if)#switchport mode
SSH TFTP 0 0 0.0.0.0 10.10.10.2
access
SMTP *DNS R1(config)#end
The IPv4 Private Address Ranges Switch(config-if)#switchport access
Well-Known Port Numbers vlan 30
Address Class Range of Private Addresses
Configuring an IPv6 Static Route
Port Number (s) TCP or UDP? Protocol A 10.0.0.0 to 10.255.255.255 Switch(config-if)#switchport voice
R1#configure terminal
B 172.16.0.0 to 172.31.255.255 vlan 50
20 TCP FTP data C 192.168.0.0 to 192.168.255.255 R1(config)#ipv6 route
21 TCP FTP control
2001:aaaa::/64 serial 0/0
22 TCP SSH
Modified EUI-64 Host Portion Assignment
23 TCP Telnet Configuring Trunking
25 TCP SMTP R1(config)#interface fastEthernet 0/0 Configuring a Floating Static Route
53 UDP DNS
Switch#configure terminal
R1(config-if)#ipv6 address R3#configure terminal
67, 68 UDP DHCP Switch(config)#interface gi1/0
69 UDP TFTP
2001:AAAA:BBBB::/64 eui-64 R3(config)#ip route 10.60.60.0
Switch(config-if)#switchport trunk 255.255.255.0 10.20.20.2 121
80 TCP HTTP R1(config-if)#no shutdown encapsulation dot1q
110 TCP POP3 R3(config)#end
R1(config-if)#end Switch(config-if)#switchport mode
161 UDP SNMP
443 TCP SSL/TLS R1# trunk
514 UDP Syslog
520 UDP RIP

9780136632887_Sequeira_Tearcard.indd 1 4/1/20 10:41 AM

 Infrastructure Services
nslookup is an excellent DNS troubleshooting
command.
Configuring a DHCP Server on a
Cisco Router
R1#configure terminal
R1(config)#ip dhcp excluded-address
10.1.1.1 10.1.1.10
R1(config)#ip dhcp pool
ICND1EXAMCRAM
R1(dhcp-config)#default-router
10.1.1.1
R1(dhcp-config)#dns-server 8.8.8.8 Building a Standard Named ACL
4.2.2.2
R1(dhcp-config)#option 150 ip
10.10.10.2
R1(dhcp-config)#network 10.1.1.0 /24
R1(dhcp-config)#end
Configuring a DHCP Relay Agent
R2#configure terminal
R2(config)#interface fa1/0
R2(config-if)#ip helper-address
10.1.1.3
R2(config-if)#end
Configuring the NTP Master
R1(config)#ntp master ?
<1-15> Stratum number
<cr>
R1(config)#ntp master 2
R1(config)#end
Configuring the NTP Client
R2#configure terminal
R2(config)#ntp server 10.1.1.1
R2(config)#end
Infrastructure Security
Configuring Static Port Security
Switch#configure terminal
Switch(config)#interface gi1/0
Switch(config-if)#switchport mode
access
Switch(config-if)#switchport port-
security maximum 2
Switch(config-if)#switchport
port-security mac-address
fa16.3e20.58f1
Switch(config-if)#switchport
port-security mac-address
fa16.3e20.aabb
Switch(config-if)#switchport port-
security
Switch(config-if)#end
9780136632887_Sequeira_Tearcard.indd 2
Standard Access Control Lists Saving the Configuration on a
Cisco Router
Building a Standard Numbered ACL R3#
R1#configure terminal R3#copy running-config startup-config
R1(config)#access-list 1 deny host Destination filename [startup-config]?
172.16.1.100
Overwrite the previous NVRAM
R1(config)#access-list 1 deny host
configuration?[confirm]
172.16.1.101
Building configuration...
R1(config)#access-list 1 permit
[OK]
172.16.1.0 0.0.0.255
R3#
R1(config)#end
The service password-encryption command lus
obscures plaintext passwords in a configuration. a key modulus greater than
R1#configure terminal
Wireless LAN Security
R1(config)#ip access-list standard
u W
 EP: WEP is no longer considered accept-
MYACL
able as a security solution. This technique can
R1(config-std-nacl)#deny 10.0.0.0
0.255.255.255 be “hacked” with relative ease.
R1(config-std-nacl)#permit u W
 PA: WPA was the first attempt at replacing
192.168.1.0 0.0.0.255 WEP. Some security issues with this technology u C
quickly led to the release of WPA2.
u W
 PA2: WPA2 is considered strong enough
Assigning Standard ACLs
for use today. It replaced TKIP (which had
R1#configure terminal
weaknesses) with CCMP. Like WPA, it uses
R1(config)#interface fa0/0 AES for encryption. TKIP is still present in the
R1(config-if)#ip access-group 1 in protocol, but only for backward compatibility
R1(config-if)#exit with WPA.
R1(config)#interface fa1/0 u W
 PA3: Like WPA2, this latest version of the
R1(config-if)#ip access-group MYACL security protocol permits you to configure
out a “personal” or home version, instead of
R1(config-if)#end a stronger “enterprise” version.
Inside Source Dynamic PAT Automation and Programmability
R2#configure terminal u C
 ontroller-based networking: Software
defined networking (SDN) often features the
R2(config)#interface fa1/0
use of a central controller that implements
R2(config-if)#ip nat inside the control plane functions required by the
R2(config-if)#exit network. The devices that are controlled in
R2(config)#interface fa0/0 SDN can focus on the forwarding of traffic.
The SDN approach fosters efficient,
Infrastructure Management automated, highly controlled networks.
u R
 EST APIs: These APIs, often used for
Syslog Security Levels cloud and SDN technologies, ensure that
Keyword Level Description you can retrieve data using “standard” URLs
Emergency 0 System unusable, or unstable understood by web browsers and Internet
Alert 1 Immediate action needed technologies.
Critical 2 Critical event
u J
 SON: This is a very friendly way to represent
Error 3 Error event
data in a human readable form. JSON presents
Warning 4 Warning event
data as a series of attribute-value pairs. It
Notification 5 Normal but significant condition
is very similar to XML, but even more easily
Informational 6 Informational messages only
Debug 7 Debugging messages, requested readable by humans.
by administrator
u P
 uppet, Chef, and Ansible: These tools allow
you to easily manage network devices from
a central location. The tools use different
techniques. For example, Puppet uses an
agent on the various network devices,
while Ansible is often celebrated as being
agent-less.
Configuring SSH Common Cybersecurity Threats u R
 ootkit: A rootkit is a collection of software
R2#configure terminal u C
 omputer viruses: Viruses are some of the tools that are installed on a system to
R2(config)#ip domain-name lab.ajsnet- oldest threats, and they persist today. Viruses ultimately provide the attacker with full
working.com are code pieces or entire applications that administrative control over a device.
R2(config)#crypto key generate rsa seek to install on systems to do damage or u SQL injection attack: This type of attack
steal data in some way. leverages the fact that most applications and
sites are powered by SQL-based databases
The name for the keys will be: u M
 alware: The industry needed a very broad
and do not filter user input. In a SQL injection
term to describe the many different types of
attacks that are intentionally designed to dis- attack, malicious SQL code is injected into
R2.lab.ajsnetworking.com
rupt, damage, gain unauthorized access the system through a form, with the goal of
to a computer, server, client, or computer extracting data or simply denying service to
Choose the size of the key modu- the system.
network. Malware is the umbrella term for
in the range of 360 to 2048 for
your General Purpose Keys. Choosing this in the industry. u M
 an-in-the-middle: In this type of attack,
512 may
u T
 rojan horse: With this type of threat, the a system intercepts communication between
take a few minutes.
code that attacks or steals data from a devices. The difference between a man-in-
the-middle attack and simple eavesdropping
system is hidden behind what appears to be
How many bits in the modulus [512]: 768 is that the man-in-the-middle attack also
a legitimate application or website. Often,
% Generating 768 bit RSA keys, keys these types of attacks spread via email. impersonates the end devices in order to
An application is sent for you to download, terminate encrypted sessions and get
CRUD you download the application and install it, access to the data exchanged, whereas an
 reate u R
 ead u U
 pdate u D
 elete and the attacking code is then executed. eavesdropper would also have to decrypt
the encrypted traffic first.
PING Return Codes u A
 dware and spyware: Adware might sneak
onto your computer or trick you into installing u R  ansomware: This is software that encrypts
PING Return Codes a system’s data, and then offers decryption
it while appearing to be some useful little util-
Character Description ity or full program. This software then pres- keys for a fee.
! Reply success
ents ads in the forms of banners or popup u Data exfiltration: In this type of attack,
. Server timed out
windows. Spyware is even more evil. This a system’s data is copied to an external
U Destination unreachable error received
software watches and records your actions
Q Source quench (destination too busy) system by an unauthorized attacker or
and is often a critical step in a larger attack by malware.
M Could not fragment
? Unknown packet type against a system.
& Packet lifetime exceeded
u W
 orm attack: In this type of attack, malicious
code spreads from system to system in the
network. It does this by replicating itself onto
another system from the system where it was
originally running. Worms can not only spread
but cause damage, such as conducting
denial-of-service (DoS) attacks or stealing data.
u Distributed denial-of-service (DDoS) attack:
DDoS attacks are feared today. Such an
attack attempts to make services or entire
systems unavailable. DDoS attacks often
employ botnets (also called zombie systems)
that have no idea they are taking part in the
attacks.
u P
 hishing: Phishing is a popular social
engineering attack. In this type of attack,
a malicious party sends an email that is
carefully constructed to look legitimate. It
might pretend to be from a bank and ask the
recipient to enter a username and password
on a website linked in the email. Of course,
this website is also constructed to appear
completely legitimate. Spear phishing is a
phishing attack that is customized for and
targets a particular person.
4/1/20 10:41 AM