Networking
IPv6
Various address types are associated with IPv6 ranges:
- Global Unicast: unique address that may be used on the public Internet
- Unique Local (FD00::/8): equivalent to RFC 1918 private ranges in IPv4, and not routable on the Internet
- Link Local (FE80::/10): equivalent to loopback addresses and automatically generated by IPv6 devices. This is enabled by the command
ipv6 enable - Multicast (FF00::/8): equivalent to broadcast, where a packet is sent to a group of subscribed devices
- FF02::1: all devices
- FF02::2: all routers
- Anycast: allows multiple devices to share the same IPv6 address
- EUI-64
- Generates an IPv6 host address from the device's MAC address
- SLAAC
- IPv6 device learns its prefix information automatically over the local link from another device (i.e. router). The device can then generate its own host portion using EUI-64 Because SLAAC cannot provide additional information such as DNS addresses, it is typically used alongside stateless DHCP.
Permit router to run IPv6-related routing protocols like EIGRP for IPv6 or OSPF version 3.
ipv6 unicast-routing
Switching
When a switch receives an Ethernet frame, it examines the destination MAC address and compares it to its MAC address table. This table is continuously updated by the switch as it learns new addresses and discards or ages old ones.
MAC address table
S1>show mac address-table
When it finds an unknown destination, it proceeds with frame flooding where a frame is sent out all ports for the unknown MAC address's VLAN. If it knows the destination MAC, it transmits the frame on the appropriate port.
Collisions no longer occur in modern networks because switches create a separate collision domain for each connection with a host, a condition called microsegmentation. In older half duplex networks, technologies like CSMA/CD were used to negotiate the possibility of collisions. Modern Cisco devices perform autonegotiation to resolve a common duplex and speed.
Ethernet frames have a common format:
- Preamble (7 bytes) is a pattern of alternating 1's and 0's for synchronization
- Start Frame Delimiter (SFD) (1 byte)
- Destination MAC (6 bytes)
- Source MAC (6 bytes)
- Type (2 bytes) identifies IPv4 or IPv6
- Data and Pad ranges in size from 46 to 1500 bytes. Padding is necessary if the frame would otherwise be less than the minimum 46 bytes.
- Frame Check Sequence (FCS) (4 bytes) is for error-checking
Larger frame sizes are possible with baby giants (1600 bytes) and jumbo frames (9216 bytes).
Interfaces
Switch>show interfaces status
Switch>enable
Switch#configure terminal
Switch(config)#interface fa0/1
Switch(config-if)#no shutdown
Switch(config-if)#end
Basic administration
Change hostname
Switch(config)#hostname SW2
Set banner message
Switch(config)#banner motd #Hello, world!#
Restart
Switch#reload
Display configuration
Switch#show running-config
Switch#show startup-config
Display contents of NVRAM
Switch>show flash:
Configure router IP
R1(config)#interface fa0/0
R1(config-if)#ip address 0.10.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address 2001:aaaa:bbbb::1/64
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address 2001:aaaa:bbbb::/64 eui-64
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address autoconfig
R1(config-if)#no shutdown
R1(config-if)#end
VLAN
A VLAN is a broadcast domain created on a switch that corresponds to a TCP/IP subnet
All non-trunk ports on a Cisco switch are assigned to VLAN 1 by default. And in order to be part of a VLAN, an interface must be set to access mode.
The Native VLAN or VLAN 1 is intended to ensure that management traffic (i.e. CDP) can still flow between devices even if a link loses its status as a trunk. It is considered best practice to tag the Native VLAN or use an unused VLAN for this purpose, for security.
Display VLAN assignments
SW1#show vlan brief
Configure VLAN settings
SW1#configure terminal
SW1(config)#vlan 30
SW1(config-vlan)#name WEST
SW1(config-vlan)#do show vlan brief
SW1#configure terminal
SW1(config)#interface gi0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end
SW1#show vlan brief
SW1#configure terminal
SW1(config)#interface gi0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 30
SW1(config-if)#switchport voice vlan 50
SW1(config-if)#end
SW1#show vlan brief
SW1#show interface gi0/2 switchport
VTP
VTP is a Cisco protocol that facilitates VLAN creation and management across many switches using interswitch links called trunks.
There are three VTP Operating Modes:
- Server (default) permits you to create and modify VLANs on the local device.
- Transparent disables VTP.
- Client allows switches to inherit the VLAN information from a server. You cannot create VLANs locally on a VTP Client device.
Display VTP mode
SW1#show vtp status
Trunking
802.1Q trunk links are the modern way of sharing traffic between switches by injecting a 4-byte tag value in the existing frame between the Source MAC address and Type fields rather than fully re-encapsulating the frame to add a VLAN marking as was the case in ISL.
Without configuring trunking, the interfaces are in access mode.
SW1#show interfaces gi0/1 switchport
Name: GigabitEthernet0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: false
Access Mode VLAN: 1
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: none
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW3#show interfaces gi0/2 switchport
Name: GigabitEthernet0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: false
Access Mode VLAN: 1
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: none
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Now the interface of one switch is configured as a trunk, and because the adminstrative mode of either is "dynamic", the facing interface accepts the change.
Configure interface as trunk
SW1#configure terminal
SW1(config)#interfaces gi0/2
SW1(config-if)#switchport mode trunk
There are several ways of confirming the trunk status:
SW1#show interfaces status
Interface Name Status Vlan Duplex Speed Type
Fa0/1 connected 1 a-full a-100 media type is 10/100BaseTX
Fa0/2 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/3 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/4 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/5 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/6 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/7 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/8 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/9 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/10 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/11 connected 1 a-full a-100 media type is 10/100BaseTX
Fa0/12 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/13 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/14 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/15 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/16 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/17 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/18 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/19 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/20 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/21 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/22 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/23 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/24 notconnect 1 auto auto media type is 10/100BaseTX
Gi0/1 connected 1 a-full a-1000 media type is 10/100/1000BaseTX
Gi0/2 connected trunk a-full a-1000 media type is 10/100/1000BaseTX
vlan1 connected 1 auto auto media type is 10/100/1000BaseTX
SW1#show interfaces gi0/2 switchport
Name: GigabitEthernet0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: false
Access Mode VLAN: 1
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: none
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Gi0/2 1
Port Vlans in spanning tree forwarding state and not pruned
Gi0/2 1
On SW3, the three commands produce similar output, except for the interface's Administrative Mode.
SW3#show interfaces status
Interface Name Status Vlan Duplex Speed Type
Fa0/1 disabled 1 auto auto media type is 10/100BaseTX
Fa0/2 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/3 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/4 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/5 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/6 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/7 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/8 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/9 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/10 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/11 connected 1 a-full a-100 media type is 10/100BaseTX
Fa0/12 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/13 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/14 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/15 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/16 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/17 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/18 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/19 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/20 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/21 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/22 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/23 notconnect 1 auto auto media type is 10/100BaseTX
Fa0/24 notconnect 1 auto auto media type is 10/100BaseTX
Gi0/1 connected trunk a-full a-1000 media type is 10/100/1000BaseTX
Gi0/2 notconnect 1 auto auto media type is 10/100/1000BaseTX
vlan1 connected 1 auto auto media type is 10/100/1000BaseTX
SW3#show interfaces gi0/2 switchport
Name: GigabitEthernet0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: false
Access Mode VLAN: none
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled:
Pruning VLANs Enabled: none
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
SW3#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1
Encapsulation method is 802.1Q by default, although it can be explicitly specified.
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
STP
The classic version of STP is PVST+, which is slower to converge than RSTP. Cisco's implementation of RSTP is called RPVST+.
STP
Switch#show spanning-tree
PortFast is a STP feature that speeds up the process of moving a port from blocking to forwarding and is used exclusively on ports connected to servers and workstations.
PortFast
Switch(config-if)#spanning-tree portfast
BPDU Guard is a related feature that can detect if a switch was mistakenly connect to a PortFast port and error disable the port for safety and security.
BPDU Guard
Switch(config-if)#spanning-tree bpduguard enable
Confirming PortFast and BPDU Guard
Switch#show spanning-tree interface gi0/3 detail
CDP
CDP allows Cisco devices to communicate about each other to directly connected neighbors. VoIP in particular is reliant on CDP, however CDP messages cannot be passed from router to router through a switch.
It is also considered a security issue, since it is enabled by default on Cisco routers and switches on all interfaces and devices may share information with an unauthorized neighbor.
Disable CDP on a device
Switch(config)#no cdp run
Enable CDP on an individual interface
Switch(config)#cdp run
Switch(config)#interface gi1/0
Switch(config-if)#cdp enable
LLDP is an open standard similar to CDP, but it is not enabled by default
Enable LLDP
Switch(config)#lldp run
Switch(config)#interface gi1/0
Switch(config-if)#lldp transmit
Switch(config-if)#lldp receive
EtherChannel
EtherChannel aggregates multiple physical links to have them act as as a single one, providing redundancy and increased bandwidth. It is often brought up in the context of STP because although STP does not permit redundant links it will also not block any one of the links within an EtherChannel bundle or port-channel interface.
Other aggregation technologies that make multiple switches act as one logical device:
- Switch stacking is used in the access layer and uses special stacking ports and cables.
- Chassis aggregation is used in the distribution and core layers to aggregate only two switches with Ethernet interfaces. It is more complex to setup but is also more functional.
Configure EtherChannel
EtherChannel can be configured using PAgP (desirable), LACP (active), statically (on), or at Layer 3.
Because PAgP is the default, all other methods require the interfaces to be shutdown first.
SW1(config)#interface range gi0/2 , gi1/1
SW1(config-if-range)#channel-group 2 mode desirable
SW2(config)#interface range gi0/1 , gi0/3
SW2(config-if-range)#channel-group 2 mode desirable
SW1(config)#interface range gi0/2 , gi1/1
SW1(config-if-range)#shutdown
SW1(config-if-range)#channel-group 3 mode active
SW2(config)#interface range gi0/2 , gi1/0
SW2(config-if-range)#channel-group 3 mode active
SW3(config)#interface range gi0/2 , gi1/0
SW3(config-if-range)#no shutdown
SW1(config)#interface range gi0/1 , gi0/3
SW1(config-if-range)#shutdown
SW1(config-if-range)#channel-group 1 mode on
SW2(config)#inteface range gi0/1 , gi1/0
SW2(config-if-range)#channel-group 1 mode on
SW1(config)#interface range gi0/1 , gi0/3
SW1(config-if-range)#no shutdown
Verify EtherChannels
SW1#show etherchannel summary
Routing
The routing table of a Cisco router has various sources, including many protocols of varying reliability. Each source is associated with:
- A letter code (i.e. R for RIP, etc)
- Administrative distance, a numeric value which reflects Cisco's measure of the source's trustworthiness. A lower value indicates higher trustworthiness, and the maximum value of 255 indicates an unusable route. The administrative values associated with each routing protocol must be memorized for the CCNA exam.
- For dynamic routing protocols a metric is also provided whose significance varies with protocol. For example, with RIP the metric signifies hop count.
Administrative distance and metric are delimited by a forward slash and appear within square brackets following the prefix.
Display routing table
R1#show ip route
Configure static route
R1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
Set Gateway of Last Resort
ip default-gateway
ip default-network
ip route 0.0.0.0 0.0.0.0
Configure router IP
R1(config)#interface fa0/0
R1(config-if)#ip address 0.10.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address 2001:aaaa:bbbb::1/64
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address 2001:aaaa:bbbb::/64 eui-64
R1(config-if)#no shutdown
R1(config-if)#end
R1(config)#interface fa0/0
R1(config-if)#ipv6 address autoconfig
R1(config-if)#no shutdown
R1(config-if)#end
Inter-VLAN routing
A multilayer switch possesses a routing engine (RE) to route between VLANs. Without an RE, a Router on a stick configuration is necessary.
Configure ROAS
A subinterface can be configured by specifying a VLAN number after a period on the physical interface, then associating an IP range with it. Theese IP addresses can be used as default gateway addresses hosts will use in respective subnets.
ROAS can be configured with or without setting an IP address on the interface.
R1(config-if)#ip address 10.1.0.1 255.255.255.0
R1(config-if)#interface gi0/1.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 10.1.10.1 255.255.255.0
R1(config-subif)#end
R1(config)#inteface gi0/1.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 10.1.20.1 255.255.255.0
R1(config-subif)#end
R1(config-if)#interface gi0/1.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 10.1.10.1 255.255.255.0
R1(config-subif)#end
R1(config)#inteface gi0/1.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 10.1.20.1 255.255.255.0
R1(config-subif)#end
SW1(config)#interface gi0/1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
Verify ROAS
R1#show ip interface brief
=== "`show vlans``