Network Layers Using SLAAC for Address Assignment on Routing Technologies An OSPF Configuration
u Access layer: Provides workgroup/user a Cisco Router R1#configure terminal
access to the network; as a result, this layer Default Administrative Distances R1(config)#interface fa0/0 R1(config)#router ospf 1 Routing Information Source Default Administrative Distance is sometimes called the workstation layer R1(config-if)#ipv6 address autoconfig Connected interface 0 R1(config-router)#network u Distribution layer: Provides policy-based Static route 1 10.10.10.0 0.0.0.255 area 0
The CCNA Cram Sheet
connectivity and controls the boundary LAN Switching Technologies Enhanced IGRP summary route 5 between the access and core layers External BGP 20 The Ethernet Frame Format Internal Enhanced IGRP 90 Wireless Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . u C ore layer: Provides fast transport between IGRP 100 distribution switches within the enterprise u RF bands: Two main radio frequency This Cram Sheet contains key information as a final preparation tool for the CCNA exam. Review this OSPF 110 campus; this is sometimes called the IS-IS 115 bands are used with Wi-Fi technologies: information as the last thing you do before you enter the testing center, paying special attention to backbone layer RIP 120 the 2.4 GHz band and the 5 GHz band. those areas in which you think that you need the most review. Enjoy this additional study aid! u 2 -Tier Spine-Leaf: This simple 2-tier model EGP 140 For example, 802.11g uses the 2.4 GHz Networking Fundamentals in Cisco ACI topologies features a spine layer External Enhanced IGRP 170 band, while 802.11ac uses the 5 GHz Internal BGP 200 band. where core devices connect in a full mesh to Unknown 255 The OSI and TCP/IP Models every single leaf node u SSID: This is the “friendly” name of OSI—the layers are Application, Presentation, Session, Transport, Network, Data Link, Physical; The ROAS Configuration a wireless network. TCP/IP—the layers are Application, Transport, Internet, Network Interface. R1#configure terminal u Non-overlapping channels: Channels 1, A Conversion Chart for IPv4 Addressing and Subnetting Questions Creating a VLAN on a Cisco Switch 6, and 11 are non-overlapping channels Switch(config)#vlan 20 R1(config)#interface gi0/1 The PDUs of the Bottom Four Layers that permit you to configure wireless Segments, Packets, Frames, Bits Switch(config-vlan)#name EAST R1(config-if)#no shutdown LANs that function properly in the R1(config-if)#! Notice no IP 2.4 GHz band. Protocols at Various Layers of the OSI Model The TCP/IP Version 4 Address Classes Configuring an Interface for a VLAN address is configured on the u Wireless LAN controller (WLC): Layer Examples Address Class High-Order Bit Setting 1st Octet Range in Decimal Switch#configure terminal physical interface A WLC is a device for configuring, Application FTP, HTTP, SMTP Presentation JPEG, MPEG A 0 1–127 R1(config-if)#interface gi0/1.10 monitoring, and troubleshooting a wireless B 10 128–191 Switch(config)#interface gi0/1 LAN. For example, wireless access points Session NetBIOS, PPTP C 110 192–223 R1(config-subif)#encapsulation can be “lightweight” and can rely on Transport TCP, UDP D 1110 224–239 Switch(config-if)#switchport mode dot1q 10 Network IP, ICMP access WLCs for the “intelligence” required to Data link PPP, ATM R1(config-subif)#ip address form the WLAN. Physical Ethernet, USB Default IPv4 Subnet Masks Switch(config-if)#switchport access 10.1.10.1 255.255.255.0 Address Class Default Mask Prefix Notation Mask Bits vlan 20 A 255.0.0.0 /8 R1(config-subif)#exit UDP is connectionless; UDP has very little overhead; UDP is often used for voice and B 255.255.0.0 /16 Switch(config-if)#end R1(config)#interface gi0/1.20 video traffic forms; UDP can multiplex using port numbers to work with multiple applications. C 255.255.255.0 /24 Switch# R1(config-subif)#encapsulation TCP is connection-oriented; TCP has more overhead than UDP; TCP uses features like dot1q 20 flow control, sequencing and acknowledgements to ensure reliable and ordered delivery The Possible Values in an IPv4 Subnet Mask Octet The Configuration of the Voice VLAN of segments; TCP can multiplex using port numbers to work with multiple applications. R1(config-subif)#ip address On Bits Value Switch#configure terminal 8 255 10.1.20.1 255.255.255.0 APPLICATIONS THAT USE TCP/UDP 7 254 Switch(config)#vlan 50 TCP UDP 6 252 Switch(config-vlan)#name VOICE Configuring of a Default Static Route 5 248 R1#configure terminal HTTP DHCP 4 240 Switch(config-vlan)#exit 3 224 Enter configuration commands, one FTP RIP Switch(config)#interface gi0/2 per line. End with CNTL/Z. 2 192 Telnet SNMP 1 128 R1(config)#ip route 0.0.0.0 Switch(config-if)#switchport mode SSH TFTP 0 0 0.0.0.0 10.10.10.2 access SMTP *DNS R1(config)#end The IPv4 Private Address Ranges Switch(config-if)#switchport access Well-Known Port Numbers vlan 30 Address Class Range of Private Addresses Configuring an IPv6 Static Route Port Number (s) TCP or UDP? Protocol A 10.0.0.0 to 10.255.255.255 Switch(config-if)#switchport voice R1#configure terminal B 172.16.0.0 to 172.31.255.255 vlan 50 20 TCP FTP data C 192.168.0.0 to 192.168.255.255 R1(config)#ipv6 route 21 TCP FTP control 2001:aaaa::/64 serial 0/0 22 TCP SSH Modified EUI-64 Host Portion Assignment 23 TCP Telnet Configuring Trunking 25 TCP SMTP R1(config)#interface fastEthernet 0/0 Configuring a Floating Static Route 53 UDP DNS Switch#configure terminal R1(config-if)#ipv6 address R3#configure terminal 67, 68 UDP DHCP Switch(config)#interface gi1/0 69 UDP TFTP 2001:AAAA:BBBB::/64 eui-64 R3(config)#ip route 10.60.60.0 Switch(config-if)#switchport trunk 255.255.255.0 10.20.20.2 121 80 TCP HTTP R1(config-if)#no shutdown encapsulation dot1q 110 TCP POP3 R3(config)#end R1(config-if)#end Switch(config-if)#switchport mode 161 UDP SNMP 443 TCP SSL/TLS R1# trunk 514 UDP Syslog 520 UDP RIP
9780136632887_Sequeira_Tearcard.indd 1 4/1/20 10:41 AM
Infrastructure Services Standard Access Control Lists Saving the Configuration on a Configuring SSH Common Cybersecurity Threats u R ootkit: A rootkit is a collection of software Cisco Router R2#configure terminal u C omputer viruses: Viruses are some of the tools that are installed on a system to nslookup is an excellent DNS troubleshooting Building a Standard Numbered ACL R3# R2(config)#ip domain-name lab.ajsnet- oldest threats, and they persist today. Viruses ultimately provide the attacker with full command. R1#configure terminal R3#copy running-config startup-config working.com are code pieces or entire applications that administrative control over a device. Configuring a DHCP Server on a R1(config)#access-list 1 deny host Destination filename [startup-config]? R2(config)#crypto key generate rsa seek to install on systems to do damage or u SQL injection attack: This type of attack Cisco Router 172.16.1.100 steal data in some way. leverages the fact that most applications and Overwrite the previous NVRAM R1#configure terminal R1(config)#access-list 1 deny host sites are powered by SQL-based databases configuration?[confirm] The name for the keys will be: u M alware: The industry needed a very broad R1(config)#ip dhcp excluded-address 172.16.1.101 and do not filter user input. In a SQL injection 10.1.1.1 10.1.1.10 Building configuration... term to describe the many different types of R1(config)#access-list 1 permit attacks that are intentionally designed to dis- attack, malicious SQL code is injected into R1(config)#ip dhcp pool [OK] R2.lab.ajsnetworking.com 172.16.1.0 0.0.0.255 rupt, damage, gain unauthorized access the system through a form, with the goal of ICND1EXAMCRAM R3# R1(config)#end to a computer, server, client, or computer extracting data or simply denying service to R1(dhcp-config)#default-router Choose the size of the key modu- the system. 10.1.1.1 network. Malware is the umbrella term for The service password-encryption command lus in the range of 360 to 2048 for R1(dhcp-config)#dns-server 8.8.8.8 Building a Standard Named ACL your General Purpose Keys. Choosing this in the industry. u M an-in-the-middle: In this type of attack, obscures plaintext passwords in a configuration. a key modulus greater than 512 may 4.2.2.2 u T rojan horse: With this type of threat, the a system intercepts communication between R1#configure terminal take a few minutes. R1(dhcp-config)#option 150 ip Wireless LAN Security code that attacks or steals data from a devices. The difference between a man-in- 10.10.10.2 R1(config)#ip access-list standard the-middle attack and simple eavesdropping u W EP: WEP is no longer considered accept- system is hidden behind what appears to be R1(dhcp-config)#network 10.1.1.0 /24 MYACL How many bits in the modulus [512]: 768 is that the man-in-the-middle attack also able as a security solution. This technique can a legitimate application or website. Often, R1(dhcp-config)#end R1(config-std-nacl)#deny 10.0.0.0 % Generating 768 bit RSA keys, keys these types of attacks spread via email. impersonates the end devices in order to 0.255.255.255 be “hacked” with relative ease. An application is sent for you to download, terminate encrypted sessions and get R1(config-std-nacl)#permit u W PA: WPA was the first attempt at replacing CRUD you download the application and install it, access to the data exchanged, whereas an Configuring a DHCP Relay Agent 192.168.1.0 0.0.0.255 WEP. Some security issues with this technology u C reate u R ead u U pdate u D elete and the attacking code is then executed. eavesdropper would also have to decrypt R2#configure terminal quickly led to the release of WPA2. the encrypted traffic first. PING Return Codes u A dware and spyware: Adware might sneak R2(config)#interface fa1/0 u W PA2: WPA2 is considered strong enough Assigning Standard ACLs onto your computer or trick you into installing u R ansomware: This is software that encrypts R2(config-if)#ip helper-address for use today. It replaced TKIP (which had PING Return Codes a system’s data, and then offers decryption R1#configure terminal it while appearing to be some useful little util- 10.1.1.3 weaknesses) with CCMP. Like WPA, it uses Character Description ity or full program. This software then pres- keys for a fee. R1(config)#interface fa0/0 AES for encryption. TKIP is still present in the R2(config-if)#end ! Reply success ents ads in the forms of banners or popup u Data exfiltration: In this type of attack, R1(config-if)#ip access-group 1 in protocol, but only for backward compatibility . Server timed out windows. Spyware is even more evil. This a system’s data is copied to an external Configuring the NTP Master R1(config-if)#exit with WPA. U Destination unreachable error received software watches and records your actions Q Source quench (destination too busy) system by an unauthorized attacker or R1(config)#interface fa1/0 u W PA3: Like WPA2, this latest version of the and is often a critical step in a larger attack by malware. R1(config)#ntp master ? M Could not fragment R1(config-if)#ip access-group MYACL security protocol permits you to configure ? Unknown packet type against a system. <1-15> Stratum number out a “personal” or home version, instead of & Packet lifetime exceeded u W orm attack: In this type of attack, malicious <cr> R1(config-if)#end a stronger “enterprise” version. code spreads from system to system in the R1(config)#ntp master 2 network. It does this by replicating itself onto R1(config)#end Inside Source Dynamic PAT Automation and Programmability another system from the system where it was R2#configure terminal u C ontroller-based networking: Software originally running. Worms can not only spread Configuring the NTP Client defined networking (SDN) often features the but cause damage, such as conducting R2(config)#interface fa1/0 use of a central controller that implements denial-of-service (DoS) attacks or stealing data. R2#configure terminal R2(config-if)#ip nat inside the control plane functions required by the u Distributed denial-of-service (DDoS) attack: R2(config)#ntp server 10.1.1.1 R2(config-if)#exit network. The devices that are controlled in DDoS attacks are feared today. Such an R2(config)#end R2(config)#interface fa0/0 SDN can focus on the forwarding of traffic. attack attempts to make services or entire The SDN approach fosters efficient, systems unavailable. DDoS attacks often Infrastructure Security Infrastructure Management automated, highly controlled networks. employ botnets (also called zombie systems) u R EST APIs: These APIs, often used for that have no idea they are taking part in the Configuring Static Port Security Syslog Security Levels cloud and SDN technologies, ensure that attacks. Switch#configure terminal Keyword Level Description you can retrieve data using “standard” URLs u P hishing: Phishing is a popular social Switch(config)#interface gi1/0 Emergency 0 System unusable, or unstable understood by web browsers and Internet engineering attack. In this type of attack, Switch(config-if)#switchport mode Alert 1 Immediate action needed technologies. a malicious party sends an email that is access Critical 2 Critical event u J SON: This is a very friendly way to represent carefully constructed to look legitimate. It Switch(config-if)#switchport port- Error 3 Error event data in a human readable form. JSON presents might pretend to be from a bank and ask the security maximum 2 Warning 4 Warning event recipient to enter a username and password data as a series of attribute-value pairs. It Switch(config-if)#switchport Notification 5 Normal but significant condition is very similar to XML, but even more easily on a website linked in the email. Of course, port-security mac-address Informational 6 Informational messages only fa16.3e20.58f1 Debug 7 Debugging messages, requested readable by humans. this website is also constructed to appear by administrator completely legitimate. Spear phishing is a Switch(config-if)#switchport u P uppet, Chef, and Ansible: These tools allow port-security mac-address phishing attack that is customized for and you to easily manage network devices from fa16.3e20.aabb a central location. The tools use different targets a particular person. Switch(config-if)#switchport port- techniques. For example, Puppet uses an security agent on the various network devices, Switch(config-if)#end while Ansible is often celebrated as being agent-less.
9780136632887_Sequeira_Tearcard.indd 2 4/1/20 10:41 AM