The three-tier architecture of the network:
1. Access layer: Provide network access points, the corresponding device ports are relatively dense. Main equipment: switches, hubs.
2. Convergence layer: The aggregation point of the access layer can provide routing decisions. Implement security filtering, traffic control, remote access. Main equipment: router.
3. Core layer: Provide faster transfer speed, no operation on the data packet
OSI seven-layer network model: Protocol data unit
1. Physical layer: Rate, voltage, pin interface type Bit
2. Data link layer: Data error detection, physical address MAC Frame
3. Network layer: routing (path selection), logical address (IP) Packet
4. Transport layer: reliable and unreliable transport services, retransmission mechanism. Segment
5. Session layer: Differentiate data from different applications. The operating system works on this layer. DATA
6. Presentation layer: Implement data encoding, encryption. DATA
7. Application layer: User interface DATA
Bit, Frame, Packet, and Segment are all called: PDU (Protocol Data Unit)
1. Media type: twisted pair, coaxial cable, fiber
2. Connector type: BNC interface, AUI interface, RJ45 interface, SC/ST interface
3. The twisted pair transmission distance is 100 meters.
4. HUB Hub: A broadcast domain, a collision domain. Flooding forwarding. Sharing bandwidth.
Straight line: Host connected to switch or HUB
Crossover: Switch and switch, switch and HUB connection
Rollback: Used to manage CISCO network devices.
data link layer:
1. Switches and Bridges 2. How many collisions are there in the number of segments (ports) between the switch and the bridge.
3. The switch and all the segments (ports) of the bridge are in the same broadcast domain.
1. Router 2. Routing implementation path selection (routing decision). Routing Table 3. WAN access. 4. Router broadcast domain partitioning (partition).
1.TCP (Transmission Control Protocol), connection-oriented, with retransmission mechanism, reliable transmission
2. UDP (User Message Protocol), no connection, no retransmission mechanism, unreliable transmission
3. Port number: Provides the session layer to distinguish data without application. Identity service.
Show hosts show current hostname configuration
Show sessions show current outgoing TELNET sessions
Clear line XXX Clear line+ returns directly to privileged mode
++<6> + x
Enable enter privileged mode
Disable returns from privileged mode to user mode
Configure terminal enters global configuration mode
Interface ethernet 0/1 enters the Ethernet port numbered 1 in slot 0.
Exit returns to the upper mode
End directly returns to privileged mode
1. When the CISCO CATALYST series switch does not find the "User Configuration" file during initialization, it will automatically load the Default Settings file to initialize the switch to ensure the switch works normally. 2. When the CISCO Router is initialized When the "User Configuration" file is not found, the system will automatically enter the "Initial Configuration Mode" (System Configuration Dialog Mode, SETUP Mode, STEP BY STEP CONFIG Mode, Standby Mode), which does not work properly!
1.CONSOLE PORT (Management Console Interface): Distance limit, exclusive mode.
2. AUX port (auxiliary management interface): You can mount MODEM to achieve remote management, exclusive mode.
3. Telnet: multi-person remote management (depending on performance, number of VTY lines). Not safe.
Immediate execution, effective immediately
Hostname Configure the host local ID
R6(config)#interface ethernet 0
R6(config-if)#ip address 220.127.116.11 255.255.255.0
Show version Observe the IOS version Device working time Related interface list
Show running-config View the currently active configuration This configuration file is stored in RAM
Show interface ethernet 0/1 View the status of the Ethernet interface Work status, etc...
Reload reload the Router (restart)
Setup Manually enter the setup configuration mode
Show history View history commands (commands that have just been used recently)
Terminal history size <0-256> Set command buffer size 0 : Indicates no cache
Copy running-config startup-config save the current configuration
Nvram : Non-volatile memory, power-off information will not be lost <-- User configuration <-- startup-config
Ram : Random access memory, power failure information is lost <-- Currently effective configuration <-- running-config
Startup-config will be actively loaded each time the router or switch is started.
Banner motd also ends with
Description description interface comment
( ++<6> ) + x
Configure a password for the console port:
Line conosle 0 Go to consolo 0
Password cisco set a password to "cisco"
Login Use password when setting login
Enable password Set the plaintext enable password
Enable secret Set the password for the secret text (prior to the plaintext is used)
Service password-encryption Encryption system all plaintext passwords (weak)
Set vtp line password (Telnet)
Line vty 0 ?
Configure a virtual loopback interface. The loopback interface is in the UP state by default.
Inerface loopback ? Create a loopback interface
Ip address 18.104.22.168 255.0.0.0 Configuring the IP address of the interface
End exit the interface
Ping 22.214.171.124 Checking the validity of the interface
No * do the reverse operation of the configuration
DCE/DTE only exists in the WAN
Show controllers serial 0 for viewing DCE and DTE properties
The router of the DCE needs to configure the clock frequency.
Clock rate ? Configure the clock frequency of the DCE interface (system specified frequency)
Serial1 is administratively down, Line protocol is down
No port is activated with the no shutdown command
Serial1 is down, Line protocol is down
1. The other party does not have no shutdown to activate the port.
2. The line is damaged, the interface does not have any connection cable
Serial1 is up, line protocol is down
1. The other party does not have the same Layer 2 protocol. serial interface default encapsulation: HDLC
2. There may be no configured clock frequency
Serial1 is up, line protocol is up
The interface works fine.
Show cdp neighbors View CDP neighbors (without IP)
Show cdp neighbors detail View CDP neighbors (including Layer 3 IP addresses)
Show cdp entry * View CDP neighbors (including Layer 3 IP addresses)
R1(config)#no cdp run Turns off the CDP protocol in global configuration mode (affects all interfaces)
R1(config-if)#no cdp enable Disable the CDP protocol on the interface (only affects the specified interface)
Clear cdp table Clear CDP neighbor table
Show cdp interface serial 1 View CDP information of the interface
Sending CDP packets every 60 seconds (send cdp packets every 60 seconds)
HoldTime 180 seconds (each CDP information will be saved for 180 seconds)
Ip host Set static hostname mapping
Telnet *.*.*.* The device that is being telnet needs to set the password of the line vty. If you need to enter the privileged mode, you need to configure the enable password.
Show users View "Who" Log in to the local
Show sessions View "I" telnet outgoing sessions
Clear line * Force interrupt "telnet to local" session
Disconnect * Forced interrupt "telnet out" session
Show flash: View the IOS file in flash
Copy running-config tftp: Copy running-config to the tftp service
Copy tftp: running-config
Copy startup-config tftp:
Copy tftp: startup-config
Copy flash: tftp:
Copy tftp: flash:
Copy flash: tftp://126.96.36.199/c2500-ik8os-l.122-31.bin
ROM: Rom monitor is lower level os system than Mini IOS, similar to BIOS Mini IOS (2500 serial Router) also known as boot mode, can be used for IOS upgrade
nvRam : Startup-config startup configuration file, or user profile
Configuration register starts the configuration key value, modifying it will affect the startup order of the Router
Show version View the configuration register of the router
0x0 indicates that the router is going to enter the Rom monitor mode.
0x1 Router will load the mini ios software and enter BOOT mode.
0x2 Router will load IOS software in Flash. (Default config regcode)
0x2142 bypasses the process of loading startup-config, or: does not load the startup configuration, directly enter setup mode
0x2102 router default configuration key value, perform normal boot sequence.
Config-register 0x2142 modify the startup configuration key
1. Address Learning Address learing 2. Forward/Filter Decision Forward/Filter Decision 3. Loop Avoidance Loop avoidance
Three forwarding modes of the switch:
1. Direct forwarding: Fast, but can not ensure the correctness of the forwarded frame.
2. Storage forwarding: Slow speed, to ensure the correctness of the frame being forwarded.
3. Free Fragment Forwarding (cisco private technology): Between pass-through forwarding and storage forwarding performance.
Store and forward, the FCS of the frame will be recalculated and compared with the original FCS of the frame to decide whether to forward or discard.
Free fragment forwarding, detecting only the first 64 bytes of the frame, judging the integrity of the frame.
The free fragment forwarding mechanism can only be implemented on CISCO devices.
CISCO 1900 series switches use free shard forwarding to forward this forwarding method by default.
Address learning, forwarding filtering, etc. of the switch:
1. The switch will first cache the frame source address.
2. When the destination address is unknown, the switch will flood the data frame (when the target address is known, the frame will not be flooded)
3. For broadcast frames and multicast data frames, the switch forwards by default.
4. If the source address and destination address of the data frame are from the same port, the switch will discard the data frame by default.
Show ip route View current routing table
Configure a static route:
Ip route (Destnation Network IP) (NetMask)
Destnation Network IP: Target Network IP
NetMask: Target Network Subnet Mask
NextHopIP: Next hop IP
LocalInterface: local interface
188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
----- s1 RA s0 >-------- s1 RB s0 --------- s1 RC s0 ------
1 1 2 1 2 1
Ip route 22.214.171.124 255.0.0.0 126.96.36.199
Ip route 188.8.131.52 255.0.0.0 s0
IGPs: Internal Gateway Routing Protocol, which maintains routes within an autonomous system
RIPv1, RIPv2, IGRP, EIGRP, OSPF, ISIS
EGPs: External Gateway Routing Protocol, Maintaining Routes between Autonomous Systems
Management distance: Determine which route generated by the routing protocol will be adopted by the router. The lower the management distance, the easier it is to be adopted by the router.
Select the metric for the route:
RIP: is the hop count as the metric for selecting the best route. The wrong route is selected incorrectly.
IGRP: based on bandwidth, delay, reliability, load, MTU (maximum transmission unit)
Distance vector routing protocol:
1. Content of the announcement: Copy of the routing table (copy) 2. Time of notification: Periodicity 3. Object of the advertisement: Directly connected neighbor router
4. Ways of notification: Broadcast (RIPv1, IGRP)
1. Define the maximum number 2. Horizontal separation 3. Route poisoning, toxicity reversal 4. Silence timer 5. Trigger update
Rip : Router information protocol
Rip V1 uses broadcast announcement broadcast address: 255.255.255.255
1. Use hop count as a metric 2. Support up to 6 paths of equal load (default set to 4) 3. Periodic notification time: 30s
Router rip selects rip as the routing protocol.
Network *.*.*.* declaration interface
1. Add this interface to the rip process 2. Advertise the network of this interface to other routers.
Show ip protocols View RIP related information
Rip management distance: 120
Debug ip rip debug RIP routing
Clear ip route * clear route table
Rip Version 2 :
Ripv2 is a multicast method to advertise the network, multicast address: 184.108.40.206
Version 2 configure the rip version to version 2
No auto-summary turns off automatic summarization
A(config)#key chain A Configuring the keychain A
A(config-keychain)#key 1 Configuration Key 1
A(config-keychain-key)#key-string cisco Define password
A(config)#inte s 1 Enter the interface of s 1
A(config-if)#ip rip authentication key-chain A Select A's keychain
A(config-if)#ip rip authentication mode md5 cipher text authentication
Passive-interface Configure the corresponding interface to not send any notifications
Neighbor indicates the specific neighbor
If the neighbor and passive-interface are configured at the same time, the neighbor will not be restricted by the passive-interface.
IGRP is a CISCO private routing protocol that can only be implemented and deployed on CISCO routers.
IGRP uses composite metrics to select the best route.
1. Bandwidth 2. Delay 3. Reliability 4. Load 5. MTU
IGRP supports equal-cost equalization load, and also supports non-equivalent equalization load.
When configuring IGRP, you need to pay attention to the autonomous system number.
Routers in the same autonomous system are able to learn to advertise related routes to each other.
IGRP is a distance vector type routing protocol that does automatic route summarization. There is no way to turn off this feature.
IGRP uses a 24-bit metric.
Router igrp as number is the autonomous system number (autonomous domain)
Network Number of the main class network number A B C
Debug ip igrp events Debug igrp related events
Debug ip igrp transactions Debug igrp event content
Link state type routing protocol:
1. Content of the announcement: Incremental update (OSPF lsa) 2. Announcement time: Trigger 3. Object of advertisement: Router with neighbor relationship
4. Ways of notification: Unicast & Multicast
The metric is 32 bits long, the K values are not equal, and the neighbor relationship cannot be created. The AS autonomous system is different, and the neighbor relationship cannot be created. At a rate higher than T1, hello packets are sent every 5 seconds, at a rate lower than T1. On the other hand, hello packet will be sent every 60s.
EIGRP external routing management distance: 170 EIGRP internal routing management distance: 90
Show ip eigrp neighbors View EIGRP neighbors
Show ip eigrp topology View EIGRP topology database (table)
Show ip route eigrp View all EIGRP best routes (stored in the routing table)
EIGRP uses a wildcard mask configuration example:
Router eigrp 100
Network 192.168.1.0 0.0.0.3
Network 192.168.1.4 0.0.0.3
Debug ip eigrp neighbor Debug neighbor creation process
Debug ip eigrp notifications debug event notification
The OSPF open protocol is also a link state type routing protocol.
OSPF uses IP packets for route advertisement and learning, Protocol Number : 89
OSPF only supports IP network environments and only supports equivalent load balancing.
Link State Routing Protocols
Need to create a neighbor relationship Use multicast to make route advertisements (reliable) Have a link state database (network map) Use a corresponding algorithm, such as (SPF) to calculate the best route trigger update
1. Neighbor table => All neighbors
2. Topology Table => Network Map
3. Routing Table => Best Route
The process of OSPF creating neighbors:
OSPF hierarchy advantages:
1. Reduce the size of the routing table 2. Speed up the convergence 3. Limit the spread of LSA 4. Improve stability
1. Transmission area (backbone area) 2. Common area (non-backbone area)
The higher the RouteID, the easier it becomes to become a DR (Designated Router designated router)
1. If the router has a loopback interface, select the highest IP from the loopback interface as the RouterID.
2. If the router does not store loopback, select the highest IP from the physical interface as the RouterID (the interface must be active)
Router ospf 1
Network 192.168.1.0 0.0.0.255 area 0
OSPF notification learning that does not affect the process number
Show ip ospf neighbor View neighbors (NeighborID is RouterID)
Show ip ospf interface serial 1 View the process ID of RouterID and OSPF and related network types.
Show ip protocols
Show ip route
Access control list (ACL)
1. Control network traffic 2. Implement packet filtering
There are two types of ACLs:
1. Standard Access Control List 1-99, 1300-1999 2. Extended Access Control List 100-199, 2000-2699
Standard access control list: only detects source address Extended access control list: source address, destination address, protocol, port number
ACL two actions:
1. refuse 2. allow
ACL for packet processing:
1. in direction 2. out direction
ACL is the most important: The ACL condition list will have a condition of hiding "reject all" at the end.
1. Configure ACL to reject london to access Denver
Access-list 1 deny host 10.3.3.1
Access-list 1 permit any
Hide: access-list 1 deny any
2. Configure ACL to reject london to ping through Denver (1)
Configuring ACL allows london to telnet to Denver (2)
Protocol: ICMP (Internet Control Message protocol)
Source port: None
Target port: None
Source port: None