THE SCHOOL OF CISCO NETWORKING (SCN): NETWORKING! TIPS!
Contact No:   ### / ###/ ###
Welcome To The IT Knowledge Base Sharing Freeway "Study With The Zero Fees / Zero Money" Web - If We Believe, That If We Have Knowledge, Let Others Light Their Candles With It. - Our Motivation Has Brought Us Together To Offer Our Helping Hands To The Needy Ones Please. "Student Expectations And Satisfaction Is Always Our Highest Priority")

'Love All, Serve All, Help Ever Hurt Never'

Please Welcome To The "Zero Fees And Zero Money SCN Community Study Page"

We Like To Share Our Stuff With Everyone And Hope You Will Find Something Useful Here. Enjoy Our Collection And Come Back Again And Again, We'll Do Our Best To Make It Always Interesting For You. All Our Stuff Always Available May Be 100% Totally Freely. Use Only For Non-Commercial Purposes Only!

THE SCHOOL OF CISCO NETWORKING (SCN) Is A IT Support Community – Based, Non - Profit Volunteer Organizations, Offering Our Assistance And Support To Developmental Our Services Dedicated To All.

Because Large Section Of Our Students In This World, Especially In Villages, Who Are Under Privileged Expecting For Equal Opportunity In Terms Of Money And Education. We Feel The Sufferings Of Talented Students Losing Their Opportunity To Shine Because Of Their Poor Financial Status. So We Thought That Professional Education Will Be Providing Them Freely.

Our Web Site Is To Give An Easy Way To Understand Each And Every Student Who Are Going To Start CISCO Lab Practice Without Any Doubts And Our ARTICLES STUFF Are Always 100% Totally Free For Everyone, Which Is Belongings To THE SCHOOL OF CISCO NETWORKING (SCN).

Also This Guide Provides Technical Guidance Intended To Help All Network Students, Network Administrators And Security Officers Improve Of Their Demonstrated Ability To Achieve Specific objectives Within Set Timeframes.

Hands - On Experience Is An Invaluable Part Of Preparing For The Lab Exam And Never Pass Up An Opportunity To Configure Or Troubleshoot A Router ( If You Have Access To Lab Facilities, Take Full Advantage Of Them) There Is No Replacement For The Experience You Can Gain From Working In A Lab, Where You Can Configure Whatever You Want To Configure And Introduce Whatever Problems You Want To Introduce, Without Risk Of Disrupting A Production Network.

For Better View Of Our Web Page - Please Use Any Latest Web Browser, Such As (Mozilla Firefox, Google Chrome, Opera, Safari, Internet Explorer, Torch, Maxthon, Sea Monkey, Avant Browser, Deepnet Explorer, And Etc ), Because Some Elements Or Scripts Are Not Work In The Old Web Browser (It Might Not Be Displayed Properly Or Are Not Appearing properly!). Thank You For Your Time And Best Of Luck!

Your Sincerely – Premakumar Thevathasan.
"Our Motivation Has Brought Us Together To Offer Our Helping Hands To The Needy Once Please,Thank You."

NETWORKING! TIPS!

WHAT IS CISCO NETWORKING:

Computer Network Systems Support Involves The Design, Installation And Support Of An Organization’s Local-Area Network (LAN), Wide-Area Network (WAN), Network Segment, Internet Or Intranet.

People Who Work In Network System Support Maintain Network Hardware And Software, Analyze Problems And Monitor The Network To Ensure Its Availability To System Users. Network Support Personnel Also Gather Data To Identify Customer Needs And Then Use The Information To Identify, Interpret And Evaluate System And Network Requirements. Network Administrators May Also Plan, Coordinate And Implement Network Security Measures.
NETWORKING TIPS:
HOW A NETWORK WORKS:

    * A successful PINGing of a host exhibits the connectivity through layers 1, 2, and 3 of an OSI network model.
    * Simple Mail Transfer Protocol (SMTP) and Telnet are application layer protocols of the Internet protocol (IP) suite.
    * Cable modem is used to connect a CATV cable to a computer/router through an Ethernet interface.
    * A Wireless Access Point (WAP) is used to connect wireless hosts to a wired LAN.
    * The Gigabit Ethernet (1000Base-LX) standard supports a maximum cable length of 5000 meters.
    * The 1000Base-LX/SX Ethernet types use fiber cables.
    * The Session layer of the OSI model manages communication between communication entities in a network.
    * The Session layer of the OSI model provides dialog management and assists the upper layers in connecting to services on the network.        

    * The Transport layer of the OSI model divides a message into smaller segments for the underlying protocols.
    * The Transport layer manages data integration between communication entities in a network.
    * The Transport layer defines the function of TCP and IP.
    * The Session layer of OSI establishes virtual circuit session and provides user authentication.
    * The Physical layer of the OSI model is responsible for packaging and transmitting data on the cable.
    * A bridge operates at the data link layer of OSI.
    * Intelligent hubs and bridges work at the data link layer of the OSI reference model.
    * In order to configure a VLAN, switches are used to physically connect the computers.
    * TCP works at the transport layer of the OSI reference mode.
    * The Network Access layer is the only TCP/IP layer that uses both a header and a trailer to encapsulate data before a TCP/IP host transmits data on a network.
    * The PDU information is only read by the peer layer on the receiving device and then stripped off, and data is handed over to the next upper layer.
    * TCP and UDP operate in layer 4 (Transport) of the OSI model of networking.
    * When a host transmits data across a network to another device, data is encapsulated with protocol information at each layer of the OSI model.
    * Switches operate at the data link layer. They make forwarding decision based on layer 2 addresses.
    * VoIP uses the UDP protocol.
    * The TRACERT and PATHPING utilities can be used to determine the path between two hosts across a network.
    * PATHPING shows the delay and packet loss along with the tracing of the path taken by TCP/IP packets to a remote computer.
    * Buffering, windowing, and congestion avoidance are flow control mechanisms.
    * The reassembly of a file at an FTP server has to maintain the correct order of information packets. The sequence number in the TCP header is used for it.
    * The packet-switched service is more reliable than the circuit-switched service and cheaper than the cell-switched service.

 CONFIGURE, VERIFY, AND TROUBLESHOOT A SWITCH WITH VLANS AND INTERSWITCH COMMUNICATIONS:

    * An unshielded twisted-pair connection uses an RJ-45 connector.
    * A 10BaseT Ethernet cable uses an 8-pin male connector.
    * An RJ-11 connector is used by an analog modem to connect to a phone line.
    * An RJ-45 connector is used to connect a 10BaseT Ethernet cable to an NIC on a desktop computer.
    * RJ-45 connectors are used to connect a twisted-pair cable to a network adapter card.
    * Thick Ethernet networks use DB-15 connectors.
    * A straight tip (ST) connector is a fiber-optic connector used with multimode fiber. An ST connector has a 2.5mm shaft and bayonet locking ring, and allows quick connect and disconnect of 125 micron multi-mode fiber.
    * The physical bus cable network requires 50-ohm terminators at both ends of a cable used to connect the computers in a network.
    * The MT-RJ and LC connectors can be used with the SFF fiber-optic cables.
    * 10GBASE-ER can cover transmission distances of up to 40KMs.
    * Multimode fiber optic cables use SC type connectors.
    * UTP cables use RJ-45 connectors.
    * F-type connectors are used for cable modems.
    * An F-type connector is required to connect a cable modem to the network.
    * SC and ST connectors are old and the most common connectors used with fiber optic cables.
    * Both BNC and F-type cables are used with co-axial cables.
    * 10Base5 can transmit data up to a distance of 500 meters.
    * The maximum segment length that a 1000BaseT network supports is 100 meters.
    * 1000BASE-TX supports a maximum transmission distance of 100 meters.
    * 1000BASE-SX uses multimode fiber-optic cables.
    * The 10GBASE-SR standard uses multimode fiber optic cables.
    * VLAN is used to isolate hosts and segments and to control broadcast traffic.
    * Copy configuration changes from running-config to startup-config to make configuration changes permanent.
    * A broadcast domain is a group of devices that receive broadcast frames generated by any device within the group. Router is the only device that stops the flow of broadcasts.
    * A collision domain is a set of network interface cards (NICsNICs of the same set might result in a collision. Routers, switches, and bridges create a separate collision domain for each interface, whereas hubs repeat all frames to all ports and do not create a separate collision domain for each interface.
    * Console, Telnet, and Secure Shell (SSH) are three methods to access Cisco ISO CLI.
    * The copy running-config startup-config command is used to overwrite the startup-config file by the contents of the running-config file
    * A Cisco switch uses the RAM, Flash, ROM, and NVRAM memory types to store its configuration files.
    * The write erase, erase startup-config, and erase nvram commands erase the startup-config file.
    * The ARP -a command is used to display the contents of the ARP cache.
    * In order to telnet a switch on a remote segment, a default gateway is required to be configured on both the telnet client and the switch.
    * The SYST (System) mode of LED provides a quick overall status of a switch.
    * Flashing green port LED at speed mode of a Cisco switch indicates a port speed of 1Gbps.
    * The switch model 1900 with Enterprise IOS has a capability of 64 VLANs.
    * CDP packets share information such as IOS version, hardware platform, device name, hardware capabilities, etc. of a device.
    * A layer 2 switch analyzes layer 2 address, i.e., MAC address.
    * Data Terminal Equipment (DTE)initiates the session in an X.25 network.
    * VLAN Trunking Protocol (VTP) has three modes: server, client, and transparent. Each switch on a switched network must use one of the three modes.
    * The VTP pruning feature enhances the network bandwidth in a switched network by reducing unnecessary flooded traffic.
    * The VTP server mode is used to create, modify, and delete VLANs. This mode is also used to specify other configuration parameters, such as VTP pruning and VTP version, for the entire VTP domain.
  
THE SITUATIONS IN WHICH A SWITCH NEEDS A VTP ADVERTISEMENT REQUEST ARE AS FOLLOWS:

                    1. The VTP domain name has been changed.
                    2. The switch has been reset.
                    3. The switch has received a VTP summary advertisement with a higher configuration revision than its own

    * Micro-segmentation is a method or technology that allows the creation of private or dedicated segments. In this method, the network is divided into smaller segments to reduce the collision domains as well as broadcast domain-using VLAN. In this, each user receives instant access to the full bandwidth on the network and does not have to contend for available bandwidth with other users. This technology decreases broadcast traffic between these hosts. As a result, collisions do not occur.

    * In case the domain has a single VTP server and it crashes, the easiest way to restore the VTP operation is to change any of the VTP clients in the domain to a VTP server.
    * Bridges, switches, and routers can be used to segment a LAN.
    * The Cisco Discovery Protocol (CDP) packet contains the following information about a Cisco device:
    * Host name of the device.
    * IOS software version.
    * Capability list of the device such as routing, switching, and bridging.
    * Hardware platform such as 1900, 2950, etc.
    * Address list (layer 3 addresses of the devices) of the devices.
    * Inter-Switch Link (ISL) is a trunking method developed by Cisco to use for Ethernet and Token Ring trunk connections. Most of the Cisco switches and routers that support trunking also support ISL except some older switches such as Catalyst 4000 switches. ISL encapsulates the original frame by adding a 26-byte header and a 4-byte trailer.
    * The following are four types of switch trunking methods for routing traffic among VLAN: 802.1Q, 802.10, ISL, and LANE.
    * The following tasks can be performed on a switch using the set trunk command:
    * Specifying the range of VLANs transmitted over the trunk.
    * Establishing the trunk.
    * Setting the trunking mode.
    * The on switch port mode sets the port to permanent trunking mode and sends DTP signals that attempt to initiate a trunk with the other side.

IN ORDER TO CONFIGURE VTP AND VLANS ON THE SWITCH, YOU WILL HAVE TO TAKE THE FOLLOWING STEPS: 

   1. Go to privileged mode.
   2. Specify VTP mode using the set vtp mode {client | server | transparent} command.
   3. Configure a VTP domain using the set vtp domain command.
   4. Create VLANs on the switch using the set vlan command.
   5.  Assign ports to the VLAN using the set vlan command..

In order to access configuration mode on the router, users will have to take the following steps:  
     
IN ORDER TO ACCESS CONFIGURATION MODE ON THE ROUTER, USERS WILL HAVE TO TAKE THE FOLLOWING STEPS:

         1. Enter into the enable mode using the enable command on EXEC prompt.
         2. At the privileged EXEC prompt, type the configure terminal command to enter into the global configuration mode.
         3. Enter the commands to configure interVLAN routing.
         4. Press CTRL-Z to exit from configuration mode.

IN ORDER TO VIEW AND SAVE THE CONFIGURATION MADE ON THE ROUTER, MARK WILL HAVE TO TAKE THE FOLLOWING STEPS:

         1. Execute the show running-config command to view the current operating configuration at the privileged EXEC prompt.
         2. Execute the show startup-config command to view the configuration in NVRAM.
         3. Execute the copy running-config startup-config command to save the current configuration into NVRAM.

IN ORDER TO BRING UP THE ROUTER INTERFACE THAT IS ADMINISTRATIVELY SHUTDOWN, USERS WILL HAVE TO TAKE THE FOLLOWING STEPS:

         1. On the global configuration mode, use the interface command to specify the interface to bring it up.
         2. Run the no shutdown command to bring the interface up and then press CTRL-Z to exit from configuration mode.

In order to exchange VLAN information between switches, you will have to make sure that VTP information only passes through a trunk port. Hence, you will have to ensure that all ports that interconnect switches are configured as trunks and are actually trunking. Each switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not compatible on switches in the same VTP domain. The VTP domain name on the switches must be the same. The password should also be the same between the server and client switches.

THE FOLLOWING ARE THE REQUIREMENTS FOR A VTP CLIENT OR SERVER SWITCH TO BE CONNECTED TO ANOTHER VTP CLIENT OR SERVER SWITCH:

         1. The linking port on both switches must work as VLAN trunk.
         2. VTP domain name for both the switches must be same.
         3. Password on both the switches must match.

    * A switch configured with the transparent mode does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. The switches with the transparent mode forward VTP messages they receive so that other clients and servers can receive a copy of the messages.
    * In order to make a trunk to come up without DTP negotiation, configure the trunk mode as on or nonegotiate.
    * If you configure a password for VTP, you must configure the password on all switches in the VTP domain. The password must be the same on all the switches in the VTP domain.
    * VTP V2 is disabled by default on VTP V2 capable switches.

THE FOLLOWING ARE SPANNING TREE TIMERS THAT AFFECT THE ENTIRE SPANNING-TREE PERFORMANCE:

         1. Hello timer: It determines how often the switch broadcasts its hello message to other switches.
         2. Forward-delay timer: It monitors the time spent by a port in the learning and listening states.
         3. Maximum-age timer: It measures the age of the received protocol information recorded for a port. 

This timer also ensures that the received protocol information is discarded when its age limit exceeds the value to the maximum age parameter recorded by the switch.

    * Spanning Tree Protocol (STP), based on IEEE standard 802.1d, is used to prevent routing loops.
    * In Rapid Spanning Tree Protocol (802.1w), the following port states are available: Learning, forwarding, and discarding.
    * The CTRL-N key combination recalls the most previously executed command on a command line.
    * The ESC-F key combination is used to move the cursor forward one word at a time.
    * In order to know the commands that were previously executed, users will have to use the show history command in enable mode on the IOS device.
    * The CTRL-A key combination is used to move the cursor to the beginning of a command line.
    * When the protect or restrict violation modes are configured, configure the port security rate limiter to protect the CPU against excessive load.
    * There are three port security violation modes, namely Protect, Restrict, and Shutdown.
    * The enable command is used to move from user mode to enable mode.
    * Reload command works only in enable mode.

IMPLEMENT AN IP ADDRESSING SCHEME AND IP SERVICES TO MEET NETWORK REQUIREMENTS IN A MEDIUM-SIZE ENTERPRISE BRANCH OFFICE NETWORK:

    * Private IP addresses can be assigned by many organizations at a time without any conflict, as packets from private addresses are not routed over the Internet. Moreover, these addresses allow users to share a single public IP address.

TO PROTECT ROUTER’S CONFIGURATION FILES FROM OUTSIDE SECURITY THREATS, TWO ACTIONS SHOULD BE TAKEN:

         o Use firewall.
          o Use encrypted and authenticated medium, such as SSH, to access the configuration file.

    * The following are the ranges for the three classes of private IP addresses used for networking.

      IP address range Class

      10.0.0.0 to 10.255.255.255 Class A

      172.16.0.0 to 172.31.255.255 Class B

      192.168.0.0 to 192.168.255.255 Class C

    * The show ip nat translations command provides information to verify the normal operation of NAT and PAT in a router.
    * The clear ip nat translation command removes all the entries in the NAT table.
    * Class B IP address ranges from 128.0.0.0 to 191.255.0.0.
    * Listing public and private IP addresses.
    * An IP address has two parts, network ID and host ID.
    * Class E addresses are experimental addresses and are reserved for future use.
    * Class A addresses are assigned to networks with large number of hosts. This allows for 126 networks and 16,777,214 hosts per network. Class B addresses are assigned to medium-sized to large-sized networks. This allows for 16,384 networks and 65,534 hosts per network. Class C addresses are used for small networks. This allows for 2,097,152 networks and 254 hosts per network. Class D addresses are reserved for IP multicast addresses. Microsoft supports Class D addresses for applications to multicast data, to multicast-capable hosts, on an internetwork.
    * 255.255.255.255 is the broadcast address for all nodes on a TCP/IP network.

    * OSPF and RIPv2 support VLSM and route summarization.
    * The show ipv6 route command displays IPv6 routes. This command executes in EXEC mode.
    * IP addressing version 6 uses 128-bit address. Its unicast IP address assigned to a single host for allowing the host to send and receive data.
    * 127.0.0.1 is a loop-back address.
    * Class A address has 8-bit of IP address for network and 24-bit for host.
    * The configure terminal privileged mode command is used to modify the running configuration manually on a router from the terminal.

    * IPv6 addresses are hexadecimal numbers, made up of eight octet pairs. An example of an IPv6 address is 45CF: 6D53: 12CD: AFC7: E654: BB32: 543C: FACE.

Configure, verify, and troubleshoot basic router operation and routing on Cisco devices.

    * Protocols that work on Layer 3 of the OSI model, i.e. Network layer, provide logical addressing and path selection.
    * Whenever a router receives a packet, it identifies the destination address of the packet and selects the best path to the destination network address by inspecting the routing table.
    * Whenever a router receives a packet, it identifies the destination address of the packet and selects the best path to the destination network address by inspecting routing table.
    * UDP headers do not include sequence and acknowledgement fields.
    * The boot sequence of a router – POST > Copy bootstrap program from ROM into RAM and run the program > Load the operating system (IOS image) into RAM > Load the startup-config file into RAM as the running-config.
    * The hexadecimal boot field value 1 in the configuration register loads the first IOS file found in Flash memory.
    * The Cisco IOS file can be stored in Flash memory, a TFTP server, and ROM.
    * Fiber-optic cables are used for high-speed, high-capacity data transmission. It uses optical fibers to carry digital data signals in the form of modulated pulses of light.
    * The maximum segment length of a 10BaseT Ethernet network is 100 meters.
    * UTP straight-through cable is used to connect a switch to a router.
    * External CSU/DSU is connected to the router on its serial interface.
    * To configure a router, a computer is connected to the console port of the router.
    * A UTP rollover cable is used to connect a computer to the console port of a router.

    * RIP-2 and IGRP use distance vector logic.
    * RIPv2, EIGRP, OSPF, and Integrated IS-IS support VLSM.

IOS INCLUDES THREE PRIMARY SHOW COMMANDS FOR RIP VERIFICATION. THE THREE RIP OPERATIONAL COMMANDS ARE AS FOLLOWS:

         1. show ip interface brief
         2. show ip route [rip]
         3. show ip protocols

    * The exit command moves back a user to the next higher mode in configuration mode.
    * The prompt hostname (config-if)# is displayed in the command-line interface of a Cisco switch IOS for interface configuration access mode.
    * A router is used for communication between the hosts of two different VLANs configured in a network.
    * Inter VLAN communication gets affected if a router connecting VLANs fails.
    * When the PING command is run, it will first use the ARP protocol to resolve the MAC address of the host. After resolving the MAC address, it will send an ICMP echo message to the specified host.
    * The ip route command is used to add a static route to the routing table.
    * The config-register global configuration command is used to set the configuration register value.

    * RIPv2, EIGRP, and OSPF are classless protocols. RIPv1 and IGRP are classful protocols.
    * The RIPv1 and IGRP routing protocols do not support VLSM.
    * RIP, OSPF, EIGRP, and BGP are routing protocols. IP, Appletalk, IPX, and XNS are routed protocols.
    * EIGRP uses the following types of packets: hello and acknowledgment, update, query, and reply.
    * IS-IS and OSPF are link-state routing protocols. Both v1 and v2 versions of Routing Information Protocol (RIP) and IGRP are distance-vector routing protocols.

    * The following are the interior gateway routing protocol: EIGRP, IGRP, OSPF, RIP, and IS-IS. Border Gateway Protocol (BGP) is the only active Exterior Gateway Protocol (EGP).

OSPF SUPPORTS THE FOLLOWING THREE TYPES OF AUTHENTICATIONS:

         1. Null authentication
         2. Simple password authentication
         3. MD5

    * For getting information about the Open Shortest Path First (OSPF) routing process such as OSPF process ID and router ID on a router, user will have to use the show ip ospf command in EXEC mode.
    * In order to change the designated router election process for the network, you will have to use the ip ospf priority command in interface configuration mode.

In order to set the router priority at the default value of 1, you will have to use the no ip ospf priority command in interface configuration mode.

    * The default administrative distance for OSPF is 110.
    * The ip ospf priority command sets the router priority that helps in determining the OSPF designated router for a network.
    * In order to configure OSPF to look up Domain Naming System (DNS) names for use in all OSPF show command displays, Administrators will have to use the following command in global configuration mode: ip ospf name-lookup.
    * Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary protocol. It is an enhanced version on IGRP. It has faster convergence due to the use of triggered update and saving neighbor’s routing table locally. It supports VLSM and routing summarization. As EIGRP is a distance vector protocol, it automatically summarizes routes across Class A, B, and C networks. It also supports multicast and incremental updates and provides routing for three routed protocols such as IP, IPX, and AppleTalk.
    * The EIGRP protocol has the features of distance-vector as well as link-state routing protocols.
    * The telnet command is used to test that all the seven layers of the OSI reference model are functioning properly.
    * Cisco routers allow a maximum of five concurrent Telnet connections per context.
    * The RESUME command is used to resume a suspended Telnet connection.
    * Cisco Discovery Protocol (CDP) uses multicast frames at the data link layer to learn about the other CDP-supporting devices on the network.
    * The show cdp neighbors detail command provides detailed information of switches and routers connected to a router/switch.
    * The default administrative distance for IGRP,OSPF,IS-IS, and RIP are 100, 110, 115, and 120 respectively.
    * The default administrative distance value of a static route is 1.
    * The show ip interfaces brief command is used to view status of all interfaces on a router.
    * The debug ppp authentication command is used to enable debugging for CHAP or PAP on a Cisco router.
    *
THE SHOW VERSION COMMAND DISPLAYS THE FOLLOWING INFORMATION ON A ROUTER:
         
          o The time and date the system last started.
          o The version of the IOS operating system.
          o The version of the ROM bootstrap
          o The version of the boot loader.
          o The amount of RAM installed in the device.
          o The hostname of the device.
          o The uptime for the system.
          o The number of terminal lines on the router if a router has asynchronous serial lines attached.
          o The configuration register on the device
   
* The debug ip rip command is used to display information on RIP routing transactions. It is used in the privileged EXEC mode.
    * The debug ip routing command is used to display information on the Routing Information Protocol (RIP) routing table and route cache updates. This command is used in the privileged EXEC mode.
    * The debug ip security command displays information for both basic and extended IP security options for the interfaces.
    * The no debug ip udp command is used to disable logging of User Datagram Protocol (UDP) packets sent and received.
    * The debug ip tcp driver command is used to display information on TCP driver events such as connections opening or closing, or packets being dropped because of full queues. This command will be used in privileged EXEC mode.
    * The debug ip SSH command is used to display debug messages for Secure Shell. This command will be used in EXEC mode. By default, debugging for SSH is disabled.
    * A global command makes changes to the entire router.
    * The copy flash tftp command is used to copy the current IOS from the router flash memory to a TFTP server.
    * The show process cpu command is used to check a router’s CPU utilization.
    * The service password-encryption command configures a router to encrypt all passwords entered after the command has been executed, as well as all passwords already on the running configuration. This command will be executed in global configuration mode.
    * In order to set the privilege level for a command, users will have to use the privilege level global configuration command.
    * The enable command is used to get into privileged mode on a router.
    * The no service password-encryption command removes encryption only when the password is changed.
    * The enable secret command stores password in a hidden form in the configuration file.

EXPLAIN AND SELECT THE APPROPRIATE ADMINISTRATIVE TASKS REQUIRED FOR A WLAN:

    * IEEE 802.11b is an extension of the 802.11 standard. It is used in wireless local area networks (WLANs) and provides 11 Mbps transmission speeds in the bandwidth of 2.4 GHz.
    * IEEE is responsible for standardization of wireless LAN.
    * FCC regulates interstate and international wireless communications.
    * ITU-R is responsible for managing the assignment of frequencies for wireless communication.
    * The 802.1X IEEE standard is defined to enhance security of Wireless LANs.
    * The 802.11i standard of IEEE defines the security of WLAN.
    * To bridge two WAPs, use Yagi-Uda antennas.
    * The 801.11a wireless LAN standard is least affected by interference from domestic appliances.
    * The 802.11a standard of wireless communication uses OFDM technology for transmitting signals.
    * To increase the WLAN coverage area, omnidirectional antennas are used.
    * A wireless client learns about each access point (AP) and its SSID through beacon process.
    * 802.11g WAP uses 2.4GHz range, which is also used by some home appliances, such as microwave ovens. The route cause for interferences.
    * The 801.11a wireless LAN standard is least affected by interference from domestic appliances.
    * The 801.11a wireless LAN standard is least affected by interference from domestic appliances.
    * Performance and range of WLAN is degraded by interferences and solid obstacles such as concrete wall and metal ceiling.

IDENTIFY SECURITY THREATS TO A NETWORK AND DESCRIBE GENERAL METHODS TO MITIGATE THOSE THREATS:

    * Attackers make Denial-of-Service attacks by sending a large number of protocol packets to a network.
    * In a brute force attack, an attacker uses software that keeps trying password combinations until the correct password is found.
    * A denial-of-service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network.
    * To disable ping from the host outside the internetwork, the ICMP protocol should be blocked through ACL.
    * IPS tools can prevent attacks by filtering traffic.
    * DES uses a 56-bit key to encrypt data and AES uses minimum of 128-bit and a maximum of 256-bit key to encrypt data.

IMPLEMENT, VERIFY, AND TROUBLESHOOT NAT AND ACLS IN A MEDIUM-SIZE ENTERPRISE BRANCH OFFICE NETWORK:

    * By default, Cisco routers support up to five simultaneous VTY line sessions, and no passwords are assigned to these VTY lines. Cisco routers have built-in security that forces the use of password to access the router through a VTY line session.
   
    * Port 20 is reserved for FTP data.
    * The IPX Standard ACL uses numbers in the range of 800-899.
    * The IP Standard ACL uses numbers in the range of 1-99.
    * In order to remove an access control list from a router, the no access-list command will be used. This command will be executed in enabled mode.
    * NAT will always be configured on the border router as it is directly connected the Internet. This will allow internal computer to connect to the Internet.
    * Inside global is a NAT addressing term. It is the registered (public) IP address that represents the inside host in a private network to the outside network.
    * NAT only translates one (and only one) IP address to another without using ports
    * PAT uses port number to keep the uniqueness of internal hosts.
    * SDM is an Internet browser-based tool to configure the Cisco router for LAN, WAN, and security.
    * It is required to establish an IP connectivity of the router on the local LAN to install and access SDM.
    * Use the ping utility to verify that you are able to connect to the router from a local host on the LAN in order to use SDM to configure the router.

IMPLEMENT AND VERIFY WAN LINKS:

    * The default gateway address is the IP address of the interface of the router that is connected to the internal network.
    * Pulse-code modulation is a standard for converting analog voice to a digital signal.
    * In order to communicate to the remote segment of the routed network, it is required to provide the default gateway address on the client computers.
    * Cable modems do not support symmetric speeds.
    * ATM is also called a cell-switching service.
    * Symmetric DSL means that the link speed in each direction is the same.
    * A DSL modem uses frequencies higher than 4000Hz.
    * DSLAM receives signals from multiple customer DSL connections and places the signals on a high-speed backbone line using multiplexing techniques.
    * Frame relay is a switched data link layer protocol that handles multiple virtual circuits. Point-to-Point Protocol (PPP) is a standard method for transporting multi-protocol datagrams over point-to-point links. High-Level Data Link Control (HDLC) specifies a data encapsulation method on synchronous serial links using frame characters and checksums.
    * 802.1X specification defines the authentication method for wireless access.
    * Link Access Procedure Frame mode bearer services (LAPF) encapsulation is used in Frame Relay between a DTE and a DCE.

FOLLOWING ARE STANDARDS FOR FRAME RELAY LOCAL MANAGEMENT INTERFACE (LMI):
       
         1. ANSI Annex D
         2. Gang of Four (Cisco)
         3. ITU-T Annex A

    * IETF encapsulation is interoperable with all vendors’ Frame Relay equipments.
    * Integrated Services Digital Network (ISDN) has two levels of service, Basic Rate Interface (BRI) and Primary Rate Interface (PRI).
    * A connectionless service is a technique used in data communications. It is used to transfer data at the Transport Layer of the OSI model. The service does not require a session or a virtual circuit connection between the sender and the receiver. This service is less reliable, but faster than a connection-oriented service. In this type of service, packets do not need to arrive in a specific order and no acknowledge is required. In contrast with the connection-oriented service, it consumes less bandwidth on a network. IPX, IP and UDP are connectionless protocols or services.
    * Maximum Transmission Unit (MTU) is a term that refers to the size of the largest packet that a given layer of a communications protocol (such as TCP) can transmit. MTU parameters appear in association with a communications interface such as NIC, etc. On the Ethernet network, MTU is fixed. MTU can also be decided at connecting time for the connections, such as point-to-point serial links. A higher MTU brings higher bandwidth efficiency. A small MTU size generates more overhead and more acknowledgements that have to be sent and handled. MTU size is measured in bytes.

FOLLOWING ARE THE STEPS IN CORRECT ORDER FOR ESTABLISHING A VIRTUAL CIRCUIT IN AN X.25 NETWORK:
      
  1. The source DTE sends a packet to the local DCE.
  2. The local DCE packet binder sends a packet to the nearest packet switch exchange.
  3. The packet switch exchange sends a packet to the next remote DCE.
  4. The remote DCE examines a packet header of destination DTE.
 
  * Asynchronous Transfer Mode (ATM) is a type of cell-switched connection used for transmitting data, voice, video, and frame relay traffic.
    * Leased lines are used for short distance connections and when you have a constant amount of traffic on the connection with a requirement of guaranteed bandwidth.
    * X.25 and Frame Relay are types of packet-switched connection.
    * Intranet VPN connects computers at two sites of the same organization. Each site uses a VPN device for creating the VPN. This type of network is used to connect company’s headquarters, remote offices, and branch offices over a shared infrastructure using dedicated connections. Extranet VPN connects computers at two sites of different organizations or corporate intranets. Each site uses a VPN device for creating this type of VPN. This type of VPN is used to connect a company’s customers, suppliers, and partners to a company’s intranet over a shared infrastructure using dedicated connections. Access VPN connects Internet users to a company network. In this type of VPN, user’s computer or laptop itself is the end of a VPN tunnel instead of Internet access router. It provides remote access to a corporate intranet or extranet over a shared infrastructure with the same policies as a private network. Hence, it enables users to access their company’s network resources from home or any other remote site.

    * Link Control Protocol (LCP) negotiates and sets up PPP settings on the WAN data link.
    * Network Control Protocol (NCP) is a component of Point-to-Point Protocol (PPP) involved in protocol negotiation in order to establish a PPP connection.
    * Point-to-Point Protocol (PPP) is the most common encapsulation used for dial-up connections.
    * A PPP frame is made by the following fields: Flag, Address, Control, Protocol, Data, and Frame Check Sequence.

This useful information provided By: Premakumar Thevathasan.CCNA, CCNP, CCIP, MCSA, MCSE, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.

No comments: