This Cram Sheet contains key facts about the CCNA exam. Review this information as the last thing you do before you enter the testing center, paying special attention to those areas in which you feel that you need the most review. You can transfer any of these facts from your head onto a blank sheet of paper immediately before you begin the exam.
Layer | Name | Protocols and Devices | PDU |
---|---|---|---|
7 | Application | FTP, Telnet, TFTP, SMTP, POP3, SNMP, DNS, NTP, HTTP, HTTPS, DHCP | Data |
6 | Presentation | ASCII, .jpg, .doc | Data |
5 | Session | RPC, SQL/Telnet (for login only) | Data |
4 | Transport | TCP—Connection-oriented, reliable using PAR UDP—Connectionless, unreliable, uses upper layer protocols for reliability | Segment |
3 | Network | IP, ICMP, RIP, IGRP, EIGRP, OSPF Routing and Path determination, logical addressing | Packet |
2 | Data Link | Ethernet, Frame Relay, PPP, HDLC Physical (hardware) addressing (MAC addresses) | Frame |
1 | Physical | Bits transmitted on media Hubs, Repeaters, Connectors | Bits |
Know the following protocols and port numbers:
TCP | UDP | ||
---|---|---|---|
FTP | 20, 21 | DNS | 53 |
Telnet | 23 | DHCP | 67, 68 |
SMTP | 25 | TFTP | 69 |
DNS | 53 | NTP | 123 |
HTTP | 80 | SNMP | 161 |
POP | 110 | ||
NNTP | 119 | ||
HTTPS | 443 |
TCP utilizes Positive Acknowledgment and Retransmission (PAR):
The source device starts the timer for each segment; retransmits if acknowledgment is not received before the timer expires.
The source device records all segments sent and expects acknowledgment of each.
The destination device acknowledges receipt of a segment by sending an ack for the next sequence number it expects.
Be able to recognize a TCP header.
Source Port | Destination Port |
Sequence Number | |
Acknowledgment Number | |
Misc. Flags | Window Size |
Checksum | Urgent |
Options |
Be able to recognize a UDP header.
Source Port | Destination Port |
Length | Checksum |
Proprietary (Cisco only) Data link (Layer 2) protocol
L3 protocol- and media-independent
Uses L2 multicast to gather hardware and protocol information about directly connected devices.
Enabled by default; can be disabled globally by no cdp run
.
To learn remote device L3 address, hardware platform and IOS version, use show cdp neighbor detail
or show cdp entry
.
Ethernet physical addressing = MAC addresses.
12 hexadecimal digits
First six digits are OUI of NIC manufacturer
PC to switch/hub = straight-through cable.
Hub-hub, switch-switch, PC-PC, router-router, PC-router directly (no switch/hub : use cross-over cable.
Switches, bridges, and routers segment a network. Hubs and repeaters EXTEND a network.
Switches increase the number of collision domains, do not segment broadcast domains. Routers, L3 switches, and VLANs segment broadcast domains.
A switch is a multiport bridge. Switches forward frames using hardware ASIC, making them faster than bridges. Dedicated bandwidth per port.
Bridges and switches learn MACs by reading the source MAC of each frame.
Switches operate in one of three modes:
Store-and-Forward: Entire frame is buffered. FCS is run (error checking).
Cut-Through: Only destination MAC is read, frame is forwarded.
Fragment-Free: First 64 bytes of frame are buffered, frame is forwarded. Cisco proprietary.
Half-duplex: Shared collision domain and lower throughput
Full-duplex: Point-to-point and higher throughput
To remotely manage a switch, you need an IP address, subnet mask, and default gateway. The switch must be reachable on a port in its management VLAN.
VLANs:
Logically divide a switch into multiple, independent switches at L2
Create separate broadcast domains in a switch, increasing the number of broadcast domains
Span multiple switches using trunks
Allow logical grouping of users by function
Simplify adding, moving, and changing hosts in the network
Enhance security
VLAN configuration steps:
Trunks carry traffic from multiple VLANs over a single connection (cross-over cable). The VLAN ID is tagged using one of two methods:
ISL
IEEE 802.1q
A trunk can operate in one of five modes:
Dynamic Auto
Dynamic Desirable
On
Off
Nonegotiate
VTP simplifies VLAN administration. Configuration of VLANs is distributed to all switches in a VTP domain from a single server-mode switch.
The three VTP modes are as follows:
Server
Client
Transparent
Switches must be in the same VTP domain and must use the same password to exchange VTP information.
Spanning Tree Protocol (STP IEEE 802.1d)
L2 protocol prevents switching loops in networks with redundant switched paths.
Root switch is the one with the lowest STP Priority; if tied, low MAC is the Root
Root Port has the least-cost path to the Root switch
STP path cost is determined by the sum of the costs based on bandwidth.
Spanning Tree Topology Port states:
Blocking: Sending no data, listening for BPDUs
Listening: Sending and receiving BPDUs
Learning: Recording MAC addresses
Forwarding: Normal operation
Convergence: 50 seconds (20 sec Max Age + 15 sec Fwd Delay + 15 sec Fwd Delay)
POST—Device finds hardware and performs hardware-checking routines.
Locate IOS.
Load IOS.
Locate configuration (startup-config).
Load configuration (running-config).
Configuration register settings:
0x2102 (default): Checks NVRAM for “boot system” commands; if none, loads first valid IOS in Flash.
0x2100: Boots into ROM Monitor mode (ROMMON).
0x2101: Boots into ROM RxBoot mode. RxBoot can connect to a TFTP server to download an IOS to Flash.
0x2142: Ignores startup-configuration in NVRAM when booting (for password recovery).
Memory Components of a Router/Switch:
ROM: Basic microcode for starting and maintaining device Power on Self Test (POST), bootstrap, ROM Monitor (ROMMON), RXBOOT
Flash memory: Stores IOS
NVRAM: Stores startup-config (configuration loaded at bootup)
RAM: Running IOS and running-config (active configuration after startup)
To configure a password on all five telnet lines, the configuration will be similar to the following:
Router(config)# line vty 0 4 Router(config-line)# password cisco Router(config-line)# login
To configure SSH on your router or switch, the following are required elements:
A hostname
A domain name
An RSA key
A username and password for local authentication
Sample SSH Configuration:
Switch>enable Switch#config t Switch(config)#hostname Branch_2960 Branch_2960(config)#ip domain-name ExamCram2.net Branch_2960(config)#crypto key generate rsa Branch_2960(config)#username admin password ciscocisco Branch_2960(config)#line vty 0 4 Branch_2960(config-line)#login Branch_2960(config-line)#login local Branch_2960(config-line)#transport input ssh Branch_2960(config-line)#exit
Default Administrative Distances:
Connected Interface | 0 |
Static Route | 1 |
EIGRP Internal | 90 |
IGRP | 100 |
OSPF | 110 |
RIP | 120 |
EIGRP External | 170 |
Router(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.1
The default route syntax is:
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
Advertise the entire routing table to directly connected neighbors and send the updates regardless of whether a change has occurred (every x seconds). RIPv1, RIPv2, IGRP.
Sends updates containing the state of their own links to all other routers on the network. Examples are OSPF, ISIS.
Triggers exchange of advertisement by a change in the network.
Builds and maintains topological database from hello packets and Link State Advertisements (LSA) from other routers.
Calculates the paths to each destination from the topological database and places the best of them into the routing table
Classful (RIPv1, IGRP, EIGRP by default): Does not advertise subnet masks.
Classless (RIPv2, IS-IS, OSPF, EIGRP): Advertises subnet masks
Route summarization/aggregation/supernetting represents several networks/subnets as one larger network address, by shortening the subnet mask to include only the “in-common” bits from all the networks.
Syntax: directly connected, classful networks:
Router(config)#router rip Router(config-router)#network 192.168.111.0 Router(config-router)#network 192.168.165.0
EIGRP: fast convergence, VLSM support. Multiprotocol support: IP, IPX, AppleTalk. EIGRP maintains routing, topology, and neighbor tables for each protocol.
EIGRP metric same as IGRP, but 32-bit versus IGRP 24-bit metric.
The successor route is the best route, loaded in the route table. Feasible successor is the backup route in the Topology table.
EIGRP max hop count = 224
Scalable (unlimited hop count), vendor-neutral, link-state, VLSM support.
OSPF areas:
Areas may be assigned any number from 0 to 65535.
Area 0 is the backbone area.
OSPF RouterID criteria:
Highest IP address on a loopback (logical) interface.
If no loopback, then highest IP address on physical interface.
DR/BDR elections only in the following topologies:
Broadcast multi-access (for example, Ethernet)
Non-broadcast multi-access (for example, Frame Relay)
To configure OSPF for network 192.168.16.0/24 in area 0
Router(config)#router ospf 7 Router(config-router)#network 192.168.16.0 0.0.0.255 area 0
The OSPF Metric = cost. Cost = 108/bandwidth in bps.
Implicit deny any at end: Every access list must have at least one permit, or it denies all traffic.
Standard IP access lists filter the entire IP protocol based on the source IP address/network. Number range 1–99. Places as close to destination as possible.
Extended IP access lists filter based on the source IP address/network, destination IP address/network, specific protocols (TCP, UDP, ICMP ...) and port number. Places as close to source as possible.
One access list per direction per protocol per interface.
Wildcard mask: 0s match; 1s ignore corresponding bit in address.
Extended access-list syntax:
access-list list# [permit | deny] [protocol] [source ip] [WCmask][dest. ip][WCmask] [operator] [operand]
The common WAN serial encapsulations are
HDLC
PPP
Frame Relay
Encapsulation type must match on both ends of a link
IPSec Component | Description | Examples |
---|---|---|
Security Protocols | Methods that use security algorithms to secure communications | Authentication Header (AH) Encapsulating Security Payload (ESP) |
Key Management | Responsible for exchanging secret keys that are used in the algorithms to secure IPsec VPNs | Internet Security Association and Key Management Protocol (ISAKMP) Internet Key Exchange (IKE) Secure Key Exchange Mechanism (SKEME) Oakley |
Security Algorithms | The mathematical algorithms used to secure communications | Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) Message Digest (MD5) Secure Hashing Algorithm (SHA-1) |
Goal | Description | Examples | Mitigation Steps |
---|---|---|---|
Confidentiality | Keeping your data private from eavesdropping | Packet capturing and replaying | Use encryption to hide the contents of the data in transit. |
Integrity | Keeping your data from being altered | Man-in-the-middle (MiTM) attacks | Use hashing to take a fingerprint of your data, so you can verify it has not changed from its original form. |
Availability | Keeping your data, hosts, and services available for their intended purposes | Denial of service (DoS) attacks | Use rate limiting to stop an excessive flow of traffic and install the latest patches. |
Wireless security methods, in order of increasing security:
WEP—. Static preshared key, weak encryption
Cisco Interim Solution—. Dynamic Key Exchange, 802.1x/EAP authentication, unique key per packet; proprietary
WPA—. Dynamic keying with TKIP; preshared key or 802.1x authentication; Wi-Fi Alliance product certification.
802.11i/WPA2—. AES encryption (strong); dynamic keying; preshared key or 802.1x authentication; Wi-Fi Alliance product certification
Characteristic | 802.11 | 802.11a | 802.11b | 802.11g | 802.11n[*] |
---|---|---|---|---|---|
Date of Standard | 1997 | 1999 | 1999 | 2003 | 2008? |
Max Speed (DSSS) | n/a 1 or 2Mbps FHSS | n/a | 11Mbps | n/a | 11Mbps per stream |
Max Speed (OFDM) | n/a | 54Mbps | n/a | 54Mbps | 600Mbps |
Assigned Frequency Band | 2.4GHz | 5GHz | 2.4GHz | 2.4GHz | 2.4 and/or 5.0GHz |
Available Channels | 11 | 23 | 11 | 11 | 11 or 23 |
Approx. Range | 75 feet | 75 feet | 150 feet | 150 feet | 500 feet |
[*] For 802.11n, all values assumed until ratification of this standard. |
NAT maps private IP addresses to public registered addresses.
Static: ip nat inside source static
[
inside ip
]
[
outside ip
]
Inside local: A private IP address assigned to a host on the inside network
Inside global: A registered Internet address that represents an inside host to an outside network
Outside global: The registered address of an Internet host
Outside local: The address of the Internet host as it appears on the inside network
Sample PAT configuration, using a pool of addresses to translate to (named MyPool, starting with 24.17.5.1 and ending with 24.17.5.14):
access-list 1 permit 192.168.1.0 0.0.0.255 ip nat pool MyPool 24.17.5.1 24.17.5.14 netmask 255.255.255.240 ip nat inside source list 1 pool MyPool overload interface Ethernet 0 ip nat inside interface serial 0 ip nat outside
Vendor-neutral: Cisco to non-Cisco
Can encapsulate multiple L3 protocols on single L2 link.
RtrA(config)#username RtrB password samepass RtrA(config)#interface bri 0 RtrA(config-if)#encapsulation ppp RtrA(config-if)#ppp authentication chap RtrB(config)#username RtrA password samepass RtrB(config)#interface bri 0 RtrB(config-if)#encapsulation ppp RtrB(config-if)#ppp authentication chap
DLCIs identify the circuit (PVC) between the router and the frame switch; DLCI is the L2 address in frame relay.
LMI is signaling between the router and the local frame relay switch. LMI types are as follows:
Cisco (the DEFAULT)
ANSI
Q.933a
Two Frame Relay encapsulations (must match on both routers):
Cisco (default)
IETF
Point-to-point subinterfaces solve Split Horizon issues and map a single subnet to a single DLCI.
Removes IP address on physical interface if using subinterfaces.
Must specify sub-if as point-to-point or multipoint—no default since IOS 12.0.
To map Layer 3 IP addresses to Layer 2 DLCIs, Frame Relay uses inverse ARP, or static map:
(config-if)#frame-relay map ip [next-hop-address] [local DLCI] broadcast
broadcast
keyword allows routing updates over the PVC.
show interface serial 0
Serial 0 is Up / Line protocol is up: Interface is working.
Serial 0 is Up / Line protocol is down: Layer 1 is up, Layer 2 is down (clocking or mismatching frame types).
Serial 0 is Down / Line protocol is down: Layer 1 down. (Fault or remote end is shut down.)
Administratively down/Line protocol is down: Interface is shut down and must be no shut.
IPv6 general info:
IPsec support is mandatory and built in.
Header size is fixed at 40 bytes/320 bits.
Mobility built in but not mandatory.
Transition strategies include tunneling, dual-stacking, and protocol translation.
IPv6 addresses:
128 bits long.
Written as 8 sets of 4 hex characters.
2001::/16 = 6to4 tunnel addresses.
Unicast address assigned to a single host.
Multicast address assigned to one or more hosts at once; start with FF00::/8.
Anycast address is similar to multicast except that anycast packet will go to the one host that is closest as determined by routing protocol metric.
IPv6 never broadcasts; it multicasts instead.
IPv6 address compression:
Given the address 1010:0000:BBBB:000C:D000:0000:0000:0001, the following address representations are possible:
Drop leading zeroes:
1010:0:BBBB:C:D000:0:0:1
Compress contiguous all-zero groups with “::” once per address:
1010:0:BBBB:C:D000::1
3.145.70.38