Study Reference

ICND 2 (part 2 of CCNA exam)

I was lucky enough to pass ICND1&2 at the first go, BUT:

I would recommend reading both Cisco Press books by the authors below (thoroughly).  Feel free to use these notes as revision reference - I think they helped me!

Read both Wendell Odom's & Steve McQueen's (thats not his real name, but I remember it better) Cisco press books cover to cover.  I've compiled some notes from the latter, which just help refresh certain parts of the exam - not teaching you to suck eggs, its just that I forget some meanings/reasons on such a wide variety of subjects.

VLANS, Trunking, VTP etc

When an address is not in the MAC table, the switch floods out of all ports on that VLAN except itself.
VLAN membership modes: Static, Dymanic & Voice.

Use VLANS 1 > 1001 as 1002 > 1005 are reserved.

802.1Q is called Trunking.
802.1Q Frames have a four byte tag field.  Ethertype 0x8100 indicates the fram has an 802.1Q tag.
802.1P - (prioritising) to use this, you must have 802.1Q.

To enable trunking (or not), use:

Switchport mode <Trunk>/<Access>/<Dynamic Desirable>/<Dynamic Auto>
Switchport nonegotiate - in either trunk or access mode turns of negotiation.

Trunking port-to-port decisions:

Desirable or Auto + Desirable = Trunk
Trunk or Desirable + Auto = Trunk

VTP is a layer 2 messaging protocol.
Switches can only be in one VTP domain.
VTP Messages are propogated out of trunks.
No VLAN info is sent until a VTP Domain is specified.

VTP Modes: Server, Transparent or Client - Default mode is Server.

Server Mode = Changes made effect all switches.
Transparent Mode = forwards VTP messages but does not sync its database.  Changes are saved locally.
Client Mode = No changes can be made to the VLAN database but does still forward VTP Messages.

VTP info is saved to Vlan.dat in Flash.
VTP messages are sent every 5 minutes or whenever a config changes.
A revision number of zero means you are in transparent mode.

VTP Pruning can only be configured on VTP servers.


Show vlan <number> or show vlan <name>
Show vlan brief = one line for each
Show vlan = switchports assigned
No switchport access vlan = resets a port

Show vtp status
Show interfaces <Port number> switchport trunk

Spanning Tree

802.1D - Standard spanning tree.

Performs 3 steps:

- Elects a root bridge (all ports in forwarding state)
- Selects a designated port on the non-root bridge (which is the lowest cost to the route bridge)
- Selects a designated port on each segment (in a forwarding state per segment)

BID = Bridge ID which is made up of Priority value & Bridge MAC.
Default priority is 32,768 (or 0x8000 in hex)
Root bridge is the one with the lowest BID (best to be in the centre of the network).

STP Port states:

- Blocking (receives but not sends)
- Listening (sending/receiving to determine topology state)
- Learning
- Forwarding
- Disabled (manually configured state)

Topology changes temporarily cause listening and learning states.
Enable PortFast (instant blocking to forwarding) on Access ports to servers.

BPDU guard will disable pors when a BPDU is received.


- 10GB = 2
- 1GB = 4
- 100Mb = 19
- 10Mb = 100

PVST+ (Per Vlan Spanning Tree)
The BID is extended to carry the VLAN ID (VID).

Quicker than STP.  States include: Discarding, Learning & Forwarding.  It also defines additional port roles, such as Alternate & Backup.

Similar to PVST+ but rapid!

Single instance spanning tree for multiple Vlans.

RSTP Port Roles


Root & Designated and the ones including in the active topology.

STP Vs RSTP Port States

- Blocking & Listening = Discarding
- Learning = Learning
- Forwarding = Forwarding
- Disabled = Discarding


Spanning-tree mode rapid-pvst - Enables it globally
Show spanning-tree vlan <number>
Spanning-tree vlan <number> root primary - Set a swtich priority
Spanning-tree vlan <number> secondary - er... as explained.

Routing Protocols

Hop count = the number of times a packet passes an output port.
Admin Distance = Use these when the same route is learned by multiple sources.

Routers will remain in hold-down until:
- Hold-down timer expires
- Another update with better metric is received
- Flush timer removes the route from the routing table

VLSM = More than one subnet and the ability to subnet already subnetted networks
Supported in Rip V2, OSPF and EIGRP.

4 entries in the routing table is the default with maximum-paths allowed 16.
Force an interface cost with ip ospf cost


Link-state routing protocol.
Exchanged LSP's (Link state packets).
LSP's and triggered by changes in the network.
Cost metrics are based on link capacity.
LSA (Link state advertisements) are sent every 30 minutes.
Hello protocol is used to create two-way communications.

OSPF processes do not need to match - also uses wildcard masks.
When OPPF adjacency = full, then its working.

REMEMBER: OSPF does not do auto-summary by default.


Show ip protocols - parameters, link timers, filters, metrics and networks
show ip route
show ip ospf  - verify router id
show ip ospf interface - interfaces configured in right area
show ip ospf neighbor <can specify address>
Show interface - check MTU's are the same.
Debug ip ospf adj - hello packet options
Debug ip ospf events - general debug
Debug ip ospf packet - each packet, check authentication

Authentication commands:

Plain text = ip ospf authentication-key <password>
Specify = ip ospf authentication <MD5>/<null>


Best route = Successor route
Backup route = Feasible Successor route

Advertisements include Metric + Feasible distance learned from neighbour.


Turn off Auto-summary (similar to rip).

EIGRP load balancing works on bandwidth and delay (can work on reliability + load).
Per packet load balancing = process switched
Per destination load balancing = fast switched

To use unequal cost paths, use the VARIANCE command.
If Variance is 1, then it will use just equal cost load balancing.
Variance is a multiplier of the best local feasible distance, if within that value, the path will be used.

For authentication to work properly ensure the routers use the same time source.
EIGRP supports MD5 only.


Show ip protocols - parameters and current state
Show ip eigrp interfaces - which interface eigrp is active
Show ip eigrp neighbors
Show ip eigrp topology - topology table, routes, successors
Show ip eigrp traffic - packets sent/received
Debug ip eigrp
Debug ip eigrp packets - helps with authentication

Authentication commands:

*in the interface sub config*
ip authentication mode eigrp <number> MD5
ip authentication key-chain eigrp <number> <name of chain>

Access Control Lists (ACL's)
Standard ACL's check Source address only.
Extended ACL's can check source, destination and port numbers.

You can apply only one ACL per protocol, per direction, per interface.

ACL numbers:
1 > 99, 1300 > 1999 = Standard
100 > 199, 2000 > 2699 = Extended

Use the no command followed by the sequence number to remove a statement from an ACL.

Dynamic ACL's
Used for limited access for a finite period - eg. Telnet. Uses lock & key.

Reflexive ACL's
Allows outbound but limited inbound.  Only used with extended ACL's.

Time-baed ACL's
Similar to extended ACL's relies on NTP to work well.Remember that ACL's use Wildcard masks - like OSPF and EIGRP.

To see if an ACL is applied to an interface: show ip interface.

Remember the format is:  access-list <number> permit <blah blah blah>

Network address translation (NAT)

Understanding the NAT Terms:

Inside Local = host inside the network
Inside Global = A legitimate IP that represents an inside local address
Outside Local = OUtside host as it appears from inside
Outside Global = Assigned to a host on the outside - globally routable

NAT Forms:

Static NAT = One to one mapping
Dynamic NAT = Maps on address to a group of addresses
NAT Overloading = Maps multiple addresses to a single address using PAT

Configure static NAT with: ip nat inside source static <local ip> <global ip>
-Then specify your inside and outside interfaces.

Configure dynamic NAT: ip nat pool <name> <start ip> <end ip>
-Then define an ACL for the nat pool addresses
ip nat inside source list <acl number> pool <pool name>
-Then specify your inside and outside interfaces.

Configure overloading: configure an ACL with addresses to be translated.
ip nat inside source list <acl number> interface <fa0/0 gi0/0 etc> overload
-Then specify your inside and outside interfaces.


show ip nat translations = active information
clear ip nat transltion = clears the table (follow this command with entries if you want to remove specifics)
debug ip nat = every packet translated
debug ip nat detailed = description on each packet (more overhead)
show ip nat statistics


Transition methods: Dual-stack, Tunnelling, NAT-PT

In an address, leading zero's are optional.

IPv6 replaces broadcasts with multicasts and anycasts.

Types of addresses:

Global = like IPv4 global unicast addresses
Private = just like IPv4 used inside networks (Start FE)
- Site Local = FEC, FED, FEE, FEF
- Link Local = Auto address configuration
- Loopback = ::1
- Unspecified = All zeros.  this means the host doesn't know its I.P

Global unicasts start 2000::/3 and need 64 bit interface identifiers.
Global unicasts have the first 48 bits as global routing then 16 bit subnet, the rest is for interface ID.

IPv6 can be used on many protocols, such as Ethernet, PPP, HDLC and Frame Relay.

Assigning an address to an interface:

- Manual interface ID = full address (ipv6 address <address>)
- Static using EUI-64 = Mac created address (ipv6 address <prefix>/<length> eui-64
- Stateless auto configuration
- DHCP for IPv6

Remember that mac addresses are only 48bit and ipv6 interface addresses will be 64 bit.
EUI-64 inserts FFFE between the upper 3 bytes of OUI Field and the lower 3 bytes of the serial number.  To ensure this is unique, it sets the seventh order byte to 1.
The 64 bit prefix is learnt from router advertisements.

Globally enable ipv6 routing with = ipv6 unicast-routing
ip name-server works for ipv4 and ipv6

RipNG no longer uses the 'network' statement. Instead on an interface you use: Ipv6 rip <tag> enable

When using Dual-stack routers, the stack is chosen based on packet destination.


AES = 128, 192 & 256 bit keys
RSA = 512, 768 & 1024 bit keys

HMAC = data integrity algorithm
MD5 - 128 bit shared key
SHA1 - 160 bit secret key

PSK = secret key manually entered
RSA = signatures using digital certificates

IPsec framework
AH = No encryption
ESP = Encryption + authentication
DES = Encrypt/decrypt packet data
3DES = Improvement over DES
AES = Encryption
MD5 = Authenticates packet data
SHA-1 = Sames as MD5 but with a 160 bit key
DH = Two parties to establish a shared secret key

Used on asyncronous and syncronous lines
Uses PAP (2way) + CHAP (3way) security
CHAP uses a hash value (MD5) to improve security
LCP is part of PPP and deals with setup and control options
NCP allows PPP to carry multiple protocols

Three Phases of PPP connections:
1. Link establishment = LCP
2. Authentication (optional) = PAP or CHAP
3. Network layer = NCP

If using authentication, the hostname and passwords must match on 2 routers.

Show interface - verifies LCP open
debug PPP authentication

Frame Relay

DTE = Router/Bridge
DCE = Clocking device

Local access rate/Local loop = Clock speed to frame relay cloud
Virtual circuit (VC) = DLCI can either be PVC or SVC
PVC = permanent
SVC = switched
DLCI = 10 bit number that identifies a VC
CIR = average data rate
ARP = inverse ARP discovers network addresses of remote DTE's
LMI = signalling
FECN = A bit in the address field, 1 = congestion
BECN = As above but for frames going backwards

Partial mesh = not every site connected to each other
Full mesh = all routers have VC's to all
Star = central site

Split horizon is the main issue with multiple PVC's over a single interface.  Solve this by turning it off or move to full mesh or use sub-interfaces.

Each sub-interface should be on its own subnet.
Either be point-to-point or multipoint.

DLCI is local - discovered by LMI. 
VC's have three states after LMI receives info - Active, inactive, deleted.

LMI Types

Show interfaces - encapsulation and lmi info
show frame-relay pvc - dlci across pvc
show frame-relay lmi - traffic stats
debug frame-relay lmi
show frame-relay map - map entries

Good luck with your study/exams.

No comments:

Post a Comment