CISCO CCNA in 60 Days Paul Browning (LLB Hons) CCNP, MCSE Farai Tafa CCIE Daniel Gheorghe CCIE Dario Barinic CCIE This study guide and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc., Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, and CCSI™ The Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc., in the United States and certain other countries All other trademarks are trademarks of their respective owners Copyright Notice Copyright ©2014, Paul Browning, all rights reserved No portion of this book may be reproduced mechanically, electronically, or by any other means, including photocopying, without written permission of the publisher ISBN: 978-0-9569892-9-1 Published by: Reality Press Ltd Midsummer Court 314 Midsummer Blvd Milton Keynes UK MK9 2UB help@reality-press.com Legal Notice The advice in this book is designed to help you achieve the standard of the Cisco Certified Network Associate (CCNA) exam, which is Cisco’s foundation internetworking examination A CCNA is able to carry out basic router and switch installations and troubleshooting Before you carry out more complex operations, it is advisable to seek the advice of experts or Cisco Systems, Inc The practical scenarios in this book are meant to illustrate a technical point only and should be used only on your privately owned equipment, never on a live network Table of Contents Acknowledgements Contributors About the Authors Paul Browning Farai Tafa Daniel Gheorghe Dario Barinic Preface Read This First! Extra Study Materials Getting Hands-on Time Does CCNA in 60 Days Work? Introduction to the Second Edition Free Stuff FAQs How the Programme Works Are You Ready? Exam Questions Your Study Plan Preparation Day Day – Networks, Cables, OSI, and TCP Models Day Tasks Network Devices Common Network Devices LAN and WAN Topologies OSI and TCP Models The OSI Model OSI Troubleshooting The TCP/IP, or DoD, Model TCP/IP Transmission Control Protocol (TCP) Internet Protocol (IP) User Datagram Protocol (UDP) File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) Simple Mail Transfer Protocol (SMTP) Hyper Text Transfer Protocol (HTTP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) Proxy ARP Reverse Address Resolution Protocol (RARP) Gratuitous Address Resolution Protocol (GARP) Simple Network Management Protocol (SNMP) Hyper Text Transfer Protocol Secure (HTTPS) Cables and Media LAN Cables WAN Cables Connecting to a Router Router Modes Configuring a Router Day Questions OSI/TCP Model Questions Cable Questions Day Answers OSI/TCP Model Answers Cable Answers Day Lab IOS Command Navigation Lab Day – CSMA/CD, Switching, and VLANs Day Tasks Switching Basics Carrier Sense, Multiple Access with Collision Detection Collision and Broadcast Domians Auto-negotiation Switching Frames Switching Concepts The Need for Switches Ethernet Frames Initial Switch Configuration Virtual Local Area Networks (VLANs) VLAN Marking VLAN Membership VLAN Links Access Links Trunking Configuring VLANs Basic Switching Troubleshooting Common Switch Issues VLAN Assignment Issues Day Questions Day Answers Day Lab Switching Concepts Lab Day – Trunking, DTP, and Inter-VLAN Routing Day Tasks Configuring and Verifying Trunk Links Manual (Static) Trunk Configuration Dynamic Trunking Protocol (DTP) IEEE 802.1Q Native VLAN Inter-VLAN Routing VTP Configuring VTP VTP Modes VTP Pruning Configuration Revision Number Basic VLAN Troubleshooting Troubleshooting Trunking and VTP Troubleshooting Inter-VLAN Routing Day Questions Day Answers Day Labs VLAN and Trunking Lab VTP Lab Day – Router and Switch Security Day Tasks Protecting Physical Access Console Access Telnet Access Protecting Enable Mode Protecting User Access Updating the IOS Router Logging Simple Network Management Protocol (SNMP) Securing the Switch Prevent Telnet Access Enable SSH Set an Enable Secret Password Services Change the Native VLAN Change the Management VLAN Turn Off CDP Add a Banner Message Set a VTP Password Restrict VLAN Information Error Disable Recovery External Authentication Methods Router Clock and NTP Shut Down Unused Ports Cisco Discovery Protocol (CDP) Switch Port Security CAM Table Overflow Attacks MAC Spoofing Attacks Port Security Secure Addresses Port Security Actions Configuring Port Security Configuring Static Secure MAC Addresses Verifying Static Secure MAC Address Configuration Configuring Dynamic Secure MAC Addresses Verifying Dynamic Secure MAC Addresses Configuring Sticky Secure MAC Addresses Configuring the Port Security Violation Action Verifying the Port Security Violation Action Day Questions Day Answers Day Labs Basic Router Security Lab Basic Switch Security Lab Day – IP Addressing Day Tasks IP Addressing IP Version Binary Hexadecimal Converting Exercise Address Classes Subnet Mask Primer Using IP Addresses Private IP Addresses Subnetting Easy Subnetting Classless Inter-Domain Routing The Subnetting Secrets Chart Route Summarisation ZIP Codes Route Summarisation Prerequisites Applying Route Summarisation Variable Length Subnet Masking Using VLSM Slicing Down Networks Troubleshooting IP Addressing Issues Troubleshooting Subnet Mask and Gateway Issues Day Questions Day Answers Answers for the conversion exercises Day Lab IP Addressing on Routers Lab Binary Conversion and Subnetting Practice Day – Network Address Translation Day Tasks NAT Basics Configuring and Verifying NAT Static NAT Dynamic NAT or NAT Pool NAT Overload/Port Address Translation/One-Way NAT Troubleshooting NAT Day Questions Day Answers Day Labs Static NAT Lab NAT Pool Lab NAT Overload Lab Day – IPv6 Day Tasks History of IPv6 Fit for Purpose? Why Migrate? Hex Numbering IPv6 Addressing IPv6 Address Representation The Preferred Form Compressed Representation IPv6 Addresses with an Embedded IPv4 Address The Different IPv6 Address Types Link-Local Addresses Site-Local Addresses Aggregate Global Unicast Addresses Multicast Addresses Anycast Addresses Loopback Addresses Unspecified Addresses IPv6 Protocols and Mechanisms ICMP for IPv6 IPv6 Stateful Autoconfiguration IPv6 Stateless Autoconfiguration Configuring Stateless DHCPv6 Enabling IPv6 Routing in Cisco IOS Software IPv6 Compared to IPv4 Day Questions Day Answers Day Lab IPv6 Concepts Lab Hex Conversion and Subnetting Practice Day – Integrating IPv4 and IPv6 Network Environments Day Tasks IPv4 and IPv6 Dual-Stack Implementations Implementing Dual-Stack Support in Cisco IOS Software Configuring Static IPv4 and IPv6 Host Addresses in Cisco IOS Software Configuring IPv4 and IPv6 DNS Servers in Cisco IOS Software Day Questions Day Answers Day Labs IPv4 – IPv6 Basic Integration Lab IPv4 – IPv6 Tunnelling Lab Day – Access Control Lists Day Tasks ACL Basics Port Numbers Access Control List Rules ACL Rule – Use only one ACL per interface per direction ACL Rule – The lines are processed top-down ACL Rule – There is an implicit “deny all” at the bottom of every ACL ACL Rule – The router can’t filter self-generated traffic ACL Rule – You can’t edit a live ACL ACL Rule – Disable the ACL on the interface ACL Rule – You can reuse the same ACL ACL Rule – Keep them short! ACL Rule – Put your ACL as close to the source as possible Wildcard Masks Configuring Access Control Lists Standard ACLs Extended ACLs Named ACLs Applying ACLs ACL Sequence Numbers Add an ACL Line Remove an ACL Line Resequence an ACL ACL Logging Day 52 – Review 10 Day 52 Tasks Follow the exam tasks below Complete the challenge lab Review the subject of your choice Read the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) Spend 15 minutes on the subnetting.org website Day 52 Exam Spend some extra time on www.subnetting.org Write out the cram guide(s) from memory Day 52 Lab – OSPF and Router Security Topology Instructions Connect two routers together with a serial or crossover cable Add IP addresses to the routers and a Loopback interface on Router A and Router B, according to the diagram Ping between Router A and Router B to test the serial lines (remember clock rates) Now set the serial lines to use PPP with CHAP (also set usernames and passwords) Configure OSPF on both routers and place one Loopback network in another area Lock down both routers with enable secret passwords and Telnet passwords Turn CDP off on one router and off the interface of the other router Add a banner message on one router Issue a service password-encryption Check the routing tables Solution Hints and Commands command on one router Use the router ospf x Use the network Use the enable Use the no Issue a no x.x.x.x y.y.y.y area z secret cdp run Use the show command to place a network in an area command in Global Configuration mode command globally cdp enable Use the banner command to enter OSPF Configuration mode motd command per interface command to configure a banner ip route command to check the routing table Day 53 – Review 11 Day 53 Tasks Take the exam below Complete the challenge lab Review the subject of your choice Read the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) Spend 15 minutes on the subnetting.org website Day 53 Exam Write out the syntax for standard, extended, and named ACLs, and how to apply them to interfaces and the VTY line OSPF operates over IP protocol _ OSPF does NOT support VLSM True or false? Any router which connects to Area and another area is referred to as an _ _ router or _ If you have a DR, you must always have a BDR True or false? The DR/BDR election is based upon which two factors? By default, all routers have a default priority value of _ This value can be adjusted using the _ _ _ interface configuration command When determining the OSPF router ID, Cisco IOS selects the highest IP address of configured Loopback interfaces True or false? What roles the DR and the BDR carry out? 10 Which command would put network 10.0.0.0/8 into Area on a router? Day 53 Answers Standard ACL: access-list x permit host y.y.y.y or access-list x permit x.x.x.x x.x.x.x Exnteded ACL: access-list x permit/deny {service/protocol} {source network/IP} {destination network/IP} {port#} Named ACL: Ip access-list extended NAME Permit x.x.x.x x.x.x.x Deny x.x.x.x x.x.x.x Apply ACLs: ip access-group x inside/outside on interface, access-class class x in/out on vty line 89 False Area Border or ABR False The highest router priority and the highest router ID 1, ip ospf priority True To reduce the number of adjacencies required on the segment, to advertise the routers on the Multi-Access segment, and to ensure that updates are sent to all routers on the segment 10 The network 10.0.0.0 0.255.255.255 area command Day 53 Lab – EIGRP and ACL Topology Instructions Connect three routers together with a serial or crossover cable: Add IP addresses to the routers and Loopback interfaces on Routers A, B, and C, according to the diagram Ping between Routers A and B and between Routers B and C to test the serial lines (remember clock rates) Now set the serial lines to use PPP with CHAP (also set usernames and passwords) Configure EIGRP 40 on all routers Check the routing tables and make sure that you include both of the 192.168.1.x networks Set an ACL to Router A; Telnet should be permitted from the Router C Serial address, but not from Router B; permit Telnet on Router A first, of course Solution Hints and Commands router eigrp 40 Use the network command to advertise the network in EIGRP Use the access-class command on VTY lines to filter traffic NOTE: The two networks on Router B are 192.168.1.12/30 and 192.168.1.16/30 Day 54 – Review 12 Day 54 Tasks Take the exam below Complete the challenge lab Review the subject of your choice Read the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) Spend 15 minutes on the subnetting.org website Day 54 Exam What is the default priority number for STP on switches? What are the states STP ports transition through (in the correct order)? What are the timers for the port transition states? The STP Bridge ID is made from what? What does IEEE 802.1W refer to? Name the RSTP port roles Day 54 Answers 32768 Disabled, Blocking, Listening, Learning, and Forwarding Forward time: 15 seconds; Max Age: 20 seconds bytes priority + bytes system ID RSTP Root, Designated, Alternate, and Backup Day 54 Lab – OSPF and ACL Topology Instructions Connect three routers together with a serial or crossover cable: Add IP addresses to the routers and Loopback interfaces on Routers A, B, and C, according to the diagram Ping between Routers A and B and between Routers B and C to test the serial lines (remember clock rates) Now set the serial lines to use PPP with CHAP (also set usernames and passwords) Configure OSPF on all routers; put one Loopback on either end in a non-zero area Check the routing tables and make sure that you include both of the 192.168.1.x networks Set a named ACL on Router A; DNS traffic should be permitted into Router A only if it comes from Router C; all other IP traffic should be permitted (excluding DNS!) You won’t be able to test this ACL unless you have a DNS service running behind the router, or have live (or GNS3) equipment and can Telnet on the correct port Post on the study page if you get stuck Solution Hints and Commands Use the ip address command on the interface to set an IP address CHAP: username and password for remote peer, ppp Use the router ospf x on interfaces command to enter Router Configuration mode Define networks under the router Use the ip authentication chap access-list ospf command with the network statement command for named ACLs NOTE: The two networks on Router B are 192.168.1.12/30 and 192.168.1.16/30 Please also complete the above lab using OSPFv3 Day 55 – Review 13 Day 55 Tasks Take the exam below Complete the challenge lab Review the subject of your choice Write out the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) from memory Spend 15 minutes on the subnetting.org website Day 55 Exam Name at least three reasons for EIGRP neighbour relationships not forming Which command can you use to verify EIGRP K values? Which command can you use to verify EIGRP packets statistics? Name at least two common reasons for EIGRP route installation failures The administrative distance concept is used to determine how reliable the route source is True or false? By default, EIGRP automatically summarises at classful boundaries and creates a summary route pointing to the Null0 interface True or false? Name the command you can use to debug FSM events Which command can you use to see the originating router ID of a specific prefix? Which command can you use to show the EIGRP event log? 10 What is the best command to use when debugging various routing issues? Day 55 Answers The neighbour routers are not on a common subnet; mismatched primary and secondary subnets; mismatched K values; mismatched ASN; ACLs are filtering EIGRP packets; Physical Layer issues; Data Link Layer issues; and mismatched authentication parameters The show ip protocols command The show ip eigrp traffic command The same route is received via another protocol with a lower administrative distance; EIGRP summarisation; duplicate router IDs are present within the EIGRP domain; and the routes not meet the Feasibility Condition True True The debug eigrp fsm command The show ip eigrp topology x.x.x.x y.y.y.y The show ip eigrp events 10 The debug ip routing command command command Day 55 Lab – OSPF and NAT Topology Instructions Connect three routers together with a serial or crossover cable: Add IP addresses to the routers and Loopback interfaces on Routers A, B, and C, according to the diagram Ping between Routers A and B and between Routers B and C to test the serial lines (remember clock rates) Now set the serial lines to use PPP with CHAP (also set usernames and passwords) Configure OSPF on all routers; put one Loopback on either end in a non-zero area, but not add 172.30.1.0 to OSPF Check the routing tables and make sure that you include both of the 192.168.1.x networks Create a NAT pool of 192.168.2.1 to 10/24, inclusive, on Router A; set an ACL to match the 172.30.1.0/28 subnet Set a static route on Router B for traffic destined to 192.168.2.0/24 to next-hop 192.168.1.13 Turn on NAT debugging on Router A, and an extended ping from 172.30.1.1 to Router B Solution Hints and Commands Use the ip address on interface command to set an IP address CHAP: username and password for remote peer, ppp Use the router ospf x authentication chap command to enter Router Configuration mode on interfaces Define networks under the router Use the ip access-list Use the ip route ospf command with a network statement command for named ACLs command for static route configuration debug ip nat NOTE: The two networks on Router B are 192.168.1.12/30 and 192.168.1.16/30 Day 56 – Review 14 Day 56 Tasks Complete the challenge labs below Review the subject of your choice Write out the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) from memory Spend 15 minutes on the subnetting.org website Day 56 Lab Repeat the following three challenge labs, each in 10 minutes, without looking at the configuration guide: OSPF with NAT OSPF with ACL VLANs and STP Please also review the configurations for EtherChannels and FHRP protocols Day 57 – Review 15 Day 57 Tasks Complete the challenge labs below Review the subject of your choice Write out the ICND2 cram guide (and the ICND1 cram guide, if taking the CCNA exam) from memory Spend 15 minutes on the subnetting.org website Day 57 Labs Repeat the following four challenge labs: PPP and NAT VLANs VLANs and STP EIGRP Day 58 – Review 16 Day 58 Tasks Check the entire list of exam topics for your exam (ICND2 or CCNA) Mark them out of 10 for how well you understand them Anything less than an 8, review today They are listed at the start of the book Day 59 – Review 17 Day 59 Tasks Review any areas of your choice Day 60 – Review 18 Day 60 Tasks Exam day for you (or tomorrow) Nothing else I can teach you or recommend You know your weak areas, so good luck When you pass the exam, please drop me a line at howtonetwork@gmail.com, along with a photo of you holding your CCNA certificate Code Words Please use the correct word in order to get access to all the book bonuses on www.in60days.com Cheese23 Sausage44 Potato56 Apple90 Banana11 Pizzapie84 Chicken55 Sultana33 Orange03 10 Battery28 ... affiliated with Cisco Systems, Inc., Cisco , Cisco Systems®, CCDA™, CCNA , CCDP™, CCNP™, CCIE™, and CCSI™ The Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems,... designed to help you achieve the standard of the Cisco Certified Network Associate (CCNA) exam, which is Cisco s foundation internetworking examination A CCNA is able to carry out basic router and... Implementing Dual-Stack Support in Cisco IOS Software Configuring Static IPv4 and IPv6 Host Addresses in Cisco IOS Software Configuring IPv4 and IPv6 DNS Servers in Cisco IOS Software Day Questions