Cheat Sheets for the CCNA Exam

This ebook was created based on notes and experience as a network engineer. Enjoy!

itexampractice.net
Contents
CCNA Cheat Sheet: Exam information .................................................................................................... 3
CCNA Cheat Sheet: Network types and devices ..................................................................................... 4
CCNA Cheat Sheet: The OSI Model ......................................................................................................... 5
CCNA Cheat Sheet: MAC and IP addresses ............................................................................................. 6
CCNA Cheat Sheet: Communication ....................................................................................................... 7
CCNA Cheat Sheet: TCP and UDP ............................................................................................................ 8
CCNA Cheat Sheet: Topologies, layers and network diagrams............................................................... 9
CCNA Cheat Sheet: L1 standards .......................................................................................................... 10
CCNA Cheat Sheet: Cabling ................................................................................................................... 11
CCNA Cheat Sheet: Basic commands .................................................................................................... 12
CCNA Cheat Sheet: OSPF ...................................................................................................................... 13
CCNA Cheat Sheet: NAT ........................................................................................................................ 14
CCNA Cheat Sheet: SERVICES ................................................................................................................ 15
CCNA Cheat Sheet: IPv6 ........................................................................................................................ 16
CCNA Cheat Sheet: ACL ......................................................................................................................... 17
CCNA Cheat Sheet: L2 ........................................................................................................................... 18
CCNA Cheat Sheet: STP and Port Security ............................................................................................ 19
CCNA Cheat Sheet: BGP ........................................................................................................................ 20
CCNA Cheat Sheet: QoS ........................................................................................................................ 21
CCNA Cheat Sheet: Cloud and SDN ....................................................................................................... 22
CCNA Cheat Sheet: EIGRP ..................................................................................................................... 23
CCNA Cheat Sheet: RIP.......................................................................................................................... 24
CCNA Cheat Sheet: LAB......................................................................................................................... 25
CCNA Cheat Sheet: LAB – T-SHOOT ...................................................................................................... 30
CCNA Cheat Sheet: LAB - OSPF ............................................................................................................. 35
CCNA Cheat Sheet: EXAM TIPS ............................................................................................................. 40

itexampractice.net
 CCNA Cheat Sheet: Exam information
EXAM OVERVIEW
Cisco exams: https://www.cisco.com/c/en/us/training-events/training-certifications/exams.html
Certification Exam Tutorial: https://www.cisco.com/c/en/us/training-events/training-certifications/exam-tutorial.html
Schedule the exam: http://www.pearsonvue.com/cisco

HOW TO STUDY
› Understand all the basics
› Key topics: OSI, subnetting, protocols, troubleshooting
› Lab a lot… I mean… a lot
› Know the security aspects
› Get a real Cisco device if possible
› Pay attention to subnetting
› Read the official cert guide
› Practice questions are important

LAB REAL HOME NETWORK

Designed to help you pass an IT exam Designed to help you gain some experience

Focuses on key exam topics Focuses on real world scenarios

Switched on/off when needed Works for you 24/7

Simulates a lot of stuff Runs your home

Old devices acceptable Decent devices needed

Might be loud Has to be quiet

Easy to upgrade Designed to last

itexampractice.net
 CCNA Cheat Sheet: Network types and devices
NETWORK TYPES
LAN (Local Area Network) – covers a limited Router – connects two or more Local Area
area, e.g. one building or one office. The main Networks (LANs). It is your gateway and gives
network device is a switch. you access to the Internet.
A router decides how to route a message.
Switch – connects devices in a Local Area
Network. It knows very well where your device is
It uses a special type of address called a MAC
address.
Hubs are L1 devices; they do not know where a
device is.
Firewall – a device dedicated to network
WAN (Wide Area Network) – covers a large security, in most cases it is a router as well and
area, connects at least two LANs. The main works as an edge device. Might include
network device is a router. additional features like AV, Spam filtering, IPS.
Access Point – works as a bridge between
wireless and wired networks. Allows you to
connect to the network using a wireless card.
Wireless LAN Controller (WiLAN)
We use it to manage and control light-weight
access points. The protocol in use:
LWAPP (Lightweight Access Point Protocol)
http://www.cisco.com/c/en/us/products/wireless/wireless-lan-controller/index.html

A network can be defined as two or more devices (e.g. computers, printers, laptops, servers,
routers) that are linked together. We use a Network Interface Card (NIC) and a network cable.

A Cisco router with two FastEthernet ports Cisco switches (24 ports)

itexampractice.net
 CCNA Cheat Sheet: The OSI Model
THE OSI MODEL

Remember:
Hubs work at L1!
CDP works at L2!
The Open System Interconnection (OSI) model was created in 1984 to have one standard for
networking hardware and software. There are 7 layers in the OSI Model.

OSI VS TCP/IP

itexampractice.net
 CCNA Cheat Sheet: MAC and IP addresses
MAC VS IP ADDRESS

MAC Address - sometimes called a physical or IP address - used to identify a device on the
hardware address. It is learnt by switches to locate network. It has to be a unique address in
hosts on the network. There are two sub-layers: every local area network.
› Media Access Control (MAC) IPv4 – 32 bits, 4 octets
› Logical Link Control (LLC) IPv6 – 128 bits
A MAC address is assigned to NICs by
manufacturers. 48 bits, 12 hex numbers.
MAC addresses are stored in the CAM table on a
switch.

RFC 1918 - Address Allocation for Private Internets -

RFC 1519 - Classless Inter-Domain Routing (CIDR)
RFC 1631 - The IP Network Address Translator (NAT)
IEEE 802.3
Ethernet Auto-MDI/MDIX
https://www.transition.com/transition-networks-point-system-online-help/ethernet-auto-mdi-mdix/
Jumbo/Giant Frame
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/24048-148.html

MAC aging: default 300 seconds. Use the mac

address-table aging-time command to change.
Default ARP aging is 4 hours.

CSMA/CA AND CSMA/CD

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
Check if it is OK to transmit; used for wireless networks.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

Just send data; if a collision occurs, we can detect it, back off and try again.

Thanks to full duplex and L2 switches, we do not need CSMA/CD.

COLLISION AND BROADCAST DOMAINS

itexampractice.net
 CCNA Cheat Sheet: Communication
HUBS VS SWITCHES
Hubs work at L1, switches work at L2. A hub is one big collision domain. Even if you have a 16-port
hub, you have one collision domain. Hubs offer half-duplex communication.

SOURCE AND DESTINATION ADDRESSES

itexampractice.net
 CCNA Cheat Sheet: TCP and UDP
TCP VS UDP
The Transport layer (L4) is responsible for communication and message delivery.

TCP UDP
› Connection-oriented › Connectionless
› Reliable (acknowledgments and sequence numbers) › Unreliable, no acknowledgments
› Flow Control and windowing › No retransmissions. Best-effort only
› Stream-oriented › Message oriented
› a big header (20 bytes), slower than UDP › Small header (8 bytes), faster than TCP
› Used for reliable services: FTP, HTTP, SSH, › Examples: streaming music and video, TFTP,
TELNET, SMTP etc. VOIP, SNMP, DNS

MTU and MSS:

https://supportforums.cisco.com/t5/cisco-cafe/difference-between-mss-and-mtu/td-p/2527611

THE THREE-WAY HANDSHAKE

WINDOWING
The amount of data before getting an acknowledgement

PORT NUMBERS
Port numbers allow a device to identify a service or process.
80 - HTTP

20/21 - FTP

23 – Telnet

25 - SMTP

110 - POP3

443 - HTTPS

53 – DNS

itexampractice.net
 CCNA Cheat Sheet: Topologies, layers and network diagrams
THE CISCO THREE-LAYERED HIERARCHICAL MODEL

ENCAPSULATION

itexampractice.net
 CCNA Cheat Sheet: L1 standards
CABLES

STANDARDS
10Base-5 Coaxial 2 - Thin Ethernet (coax)
10Base-2 Thin Coaxial 5 - Thick Ethernet (coax)
100Base-TX Category 5 UTP T - Twisted Pair
1000BASE-T Gigabit Cat 5,6,7 F - Fiber Optic
1000BASE-TX Gigabit Cat 6,7
1000BASE-LX Single-mode
1000BASE-LX Multi-mode
https://www.computernetworkingnotes.com/networking-tutorials/ethernet-standards-and-protocols-explained.html

itexampractice.net
 CCNA Cheat Sheet: Cabling
CABLES

Auto MDI-MDIX
automatically detects the required cables and configures the connections appropriately.

Connecting to a Cisco device – Console Cable (Rollover cable)

itexampractice.net
 CCNA Cheat Sheet: Basic commands
IMPORTANT SHOW COMMANDS
show ip interface (brief) - show interface information, IP address, and status (down, ip, shutdown)
show interfaces – interface information: statistics, speed, duplex, IP address and subnet mask,
show protocols – very similar to the show ip interface command
show interface description – check descriptions
show controllers – used for serial controller information (stats, DCE, cable type)
show running-config - show the running configuration file (stored in RAM)
show startup-config – show the startup configuration file (stored in NVRAM)
show flash – show files saved in flash (IOS, CCP)
show cdp neighbors (detail) - a L2 protocol showing you directly connected Cisco devices
show lldp neighbors – show LLDP-enabled devices, very similar to CDP but open standard
show processes – verify the CPU utilization
show ip route – view the routing table
show ip protocols – check routing protocols (great for OSPF)
show arp - show the arp cache
show clock - show date and time on a router
show inventory – show information about hardware
show diag – show all about the hardware
show version – check the IOS version, memory info, uptime of a router, and so on
show users – shows connected users
debug xxx – enable debugs (use the undebug all command to switch off)

MANAGING FILES AND BACKUPS

erase startup-config - delete the startup configuration file
copy running-config startup-config – save the current config
reload – reboot the router
copy running-config tftp - copy the running file to a TFTP server
show flash – show files saved on flash (IOS, CCP)

SSH, TELNET AND TERMINAL CLIENTS

PUTTY
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
SecureCRT
https://www.vandyke.com/products/securecrt/

SHORTCUTS
Ctrl+A– Move cursor to the beginning of the line
Ctrl+E – Move cursor to the end of the line
Tab – finish a command
Up/Down Arrow – scroll through all previous commands
Ctrl+Shift+6 (X) – suspend your telnet session (resume or press enter to go back)

TIPS
✓ Use a question mark when typing a command to learn more options and switches
✓ Play with a TFTP server (e.g. tftpd32.jounin.net)
✓ Be prepared to know more than one way to achieve a result (e.g. verify an IP address, routing protocol, or VLAN
information)
✓ Spend as much time as possible on a router/switch playing with all commands

itexampractice.net
 CCNA Cheat Sheet: OSPF
OSPF FACTS
Open standard and reliable protocol for big networks
Link-state protocol (faster paths are better)
Metric: cost
Uses the concept of areas
The Backbone is Area 0
Uses the database table
Uses the hello messages and forms neighbors
Triggered updates (efficiency)
Supports VLSM and authentication (plain text and md5)
Uses the SPF algorithm to find the best path
Uses a Router-ID
DR and BDR used
Wildcard masks (0.0.0.255 -> 255.255.255.0)
Uses multicast 224.0.0.5 (hello packets) and 224.0.0.6 (DR)
CPU and memory intensive
Not easy to configure and troubleshoot
Admin distance 110

TIMERS AND COMMANDS

Hello: every 10 seconds, the dead timer: 40 seconds (for some networks it is 30/120 seconds).

The Link-State Advertisement (LSA) is a special message that is used by OSPF routers to build the database table.

Show commands:
show ip ospf neighbor
show ip route
show ip ospf database
show ip ospf
debug ip ospf xxx

itexampractice.net
 CCNA Cheat Sheet: NAT
NAT
Allows a router to “hide” private IP addresses. We cannot use private IP addresses on the Internet and need NAT to
be enabled. Private ranges are covered by RFC 1918. Public IPs are assigned by ISPs

NAT TYPES
Static NAT (1-to-1)

Maps a single private IP address to a single public IP address.

Dynamic NAT

Maps private IP addresses to a pool of public IP addresses.

Port Address Translation (PAT, NAT overload)

Maps private IP addresses using a single public IP.

itexampractice.net
 CCNA Cheat Sheet: SERVICES
NTP
Allows your router to sync time and date. Your router can be an NTP client or server. You can also sync with some
public NTP servers.
Router(config)# ip name server x.x.x.x
Router(config)# ntp server x.x.x.x
Router(config)# ntp master
Verify:
show ntp associations

DHCP
Dynamic Host Configuration Protocol (DHCP)
Your router, L3 switch, server or firewall can be a DHCP Server.
ip dhcp excluded-address 172.16.1.1 172.16.1.20
ip dhcp pool POOLNAME
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 172.16.1.5
lease 3 23 59

IP Helper Address = DHCP relay agent

itexampractice.net
 CCNA Cheat Sheet: IPv6
IPV6 FACTS
The next-generation IP address
Introduced because we did not have enough IPv4 public IPs
128 bits (a huge address space)
Not backwards compatible with IPv4
Smaller and simpler header
No broadcast, all about multicast
Improved security (IPSec)
Link-local addresses (FE80::/10)
Anycast – a new address type (one to the nearest)
Private IPs - Site-local addresses (FEC0::/10) – deprecated!
Public, routable IPs are called Global Unicast addresses (2000::/3)

Example of an IPv6 address

2001:AAAA:0000:0000:0000:AB99:1234:0001

HOW TO CONFIGURE
To enable IPv6 globally:
ipv6 unicast-routing

IP address:
ipv6 address 2001:::1/64

OSPFv3:
ipv6 router ospf 1
router-id 1.1.1.1
ipv6 enable
ipv6 ospf 1 area 0

itexampractice.net
 CCNA Cheat Sheet: ACL
ACL FACTS
An ACL can be used to filter information for security reasons or to match traffic that you need (e.g. for NAT or QoS).
Types:
✓ Standard (1-99)
(based on a source address only)
✓ Extended (100-199)
(based on source and destination addresses and protocol)

RULES
One ACL per interface, per protocol, and direction
Use more specific rules at the top
The implicit deny at the end of every ACL (deny any)
Apply a Standard ACL as close to the destination as possible
Apply an Extended ACL as close to the source as possible
Take advantage of named ACLs and sequence numbers
Test your ACL

itexampractice.net
 CCNA Cheat Sheet: L2
VLANS
Allow you to group users and end devices in a logical way.

802.1Q
The standard we use today for VLANs is dot1q (802.1q). There is an old standard ISL (Cisco proprietary) as well.

A switch tags a frame with VLAN information and recalculates the original Frame Check Sequence (FCS) value.

All ports on a new Switch belong to VLAN 1 (default VLAN).

If you want to send a frame with VLAN information between two switches, you need a trunk to be formed.

A trunk can be negotiated between two switches using DTP. Modes:

✓ Dynamic Desirable

✓ Dynamic Auto

✓ Trunk

✓ Nonegotiate

✓ Access

Native VLAN

If your switch receives a frame with no VLAN information, it assumes this frame belongs to the Native VLAN.

Switches do not tag frames that belong to the native VLAN.

itexampractice.net
 CCNA Cheat Sheet: STP and Port Security
STP

Designed to prevent loops in the network. Enabled on all switches by default.

VTP
Allows switches to exchange VLAN information.

Modes:

✓ Server

✓ Client

✓ Transparent

✓ Off

Port Security

Lock down your switch and make sure that nobody can connect a hub, SOHO router or another PC!

switchport port-security

show port-security interface xxx

✓ MAC address sticky

✓ Max number of MAC addresses

Violation modes:

✓ Shutdown (the default option)

✓ Protect

✓ Restrict

switchport port-security violation

itexampractice.net
 CCNA Cheat Sheet: BGP
BGP
✓ Open standard, EGP protocol
✓ The protocol of the Internet
✓ Uses TCP port 179
✓ iBGP and eBGP
✓ One instance of BGP on a router
✓ Uses a list of attributes
✓ Forms neighbor
✓ Neighbors manually configured
✓ Classless, supports VLSM, and summarization
✓ Messages: open, update, keep alive, notifications,
✓ Admin distance 20 (external updates) and 200 (internal updates)
✓ Prevents loops using the AS numbers

itexampractice.net
 CCNA Cheat Sheet: QoS
QOS
QoS (Quality of Service)
✓ Bandwidth
✓ Delay
✓ Jitter
✓ Loss

We use Modular Quality of Service Command-Line Interface (MQC)

✓ Create a class-map, which categorizes traffic types
✓ Create a policy-map and apply it (what to do with this class-map)
✓ Take advantage of Network Based Application Recognition (NBAR)
✓ CoS (L2) and DSCP (L3) marking
✓ Police or shape?

itexampractice.net
 CCNA Cheat Sheet: Cloud and SDN
VM
A virtual machine (VM) is an emulation of a computer system; it runs an operating system on shared hardware
resources.

VMware
Hyper-V
Oracle VirtualBox

Virtual Switches and Virtual NICs

Internal vs external cloud

SAAS, PAAS, IAAS

SDN
✓ Data plane (forwarding plane) – 802.1q, ACL, NAT, port security

✓ Control plane (decides how and what to do) – OSPF, ARP, STP

✓ Management Plane (telnet, ssh)

✓ SDN Controllers (centralize the control of the networking devices)

✓ Southbound Interface (an interface between the controller and devices)

✓ Protocols: OpenFlow, OpFlex

✓ Northbound Interface (allows other programs to use the data)

✓ Application Program Interfaces (APIs)

itexampractice.net
 CCNA Cheat Sheet: EIGRP
FEATURES
✓ Created by Cisco
✓ Uses triggered updates
✓ Forms neighbors
✓ Uses the DUAL algorithm
✓ Multicast address of 224.0.0.10
✓ The default max hop count is 100 (max 255)
✓ Hello and dead timers do not have to match
✓ Feasible distance, reported distance
✓ Feasible successor
✓ K-values have to match
✓ Easier to implement than OSPF
✓ Admin distance is 90

itexampractice.net
 CCNA Cheat Sheet: RIP
FEATURES OF RIP
✓ Two versions: v1 and v2 (v1 not used anymore)
✓ Metric – hop count, 16 is unreachable
✓ Easy to configure, slow to react
✓ Distance-vector routing protocol (ignores how fast a path is)
✓ Full routing table sent every 30 seconds (no triggered updates)
✓ Can load balance using 6 equal cost paths (default = 4)
✓ RIPv2 supports VLSM
✓ Automatic summarization
✓ RIPv2 supports authentication
✓ Two message types: request message & response message
✓ Rip v1 uses broadcast (255.255.255.255), Rip v2 uses multicast (224.0.0.9)
✓ Administrative distance is 120
✓ Needs loop-avoidance solutions!

itexampractice.net
 CCNA Cheat Sheet: LAB
LAB – step-by-step instructions

Description:
You work at ABC company. A senior network engineer has asked you to deploy a new
network for them and preconfigure both devices based on the network diagram shown
below.

Your tasks:
✓ Change all hostnames
✓ Assign IP addresses
✓ Create the enable password: cisco
✓ Allow and test telnet on all devices using the password: cisco

Time to complete: 20 minutes

Topology:

itexampractice.net
Step by step instructions:

1. If you’ve used these devices before and there is an old configuration on them,
remove it:

Router# erase startup-config

Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete

Router# reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

2. Answer ‘no’ to this question, we do not need a wizard:

Would you like to enter the initial configuration dialog? [yes/no]: no

3. Go to the privileged mode and then global configuration mode and assign the
hostname:

Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# hostname R1
R1(config)#

4. Assign the IP address specified in the lab:

R1(config)# interface f0/0
R1(config-if)# ip address 192.168.1.1 255.255.255.0

5. Bring the interface up:

R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#

6. Let’s verify the IP address. Use the show ip interface brief command:
R1# show ip interface brief
Interface IP-Address OK? Method Status
Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 unassigned YES administratively down down

itexampractice.net
 7. Create a password to protect the privilege mode:

R1(config)# enable password test

R1(config)# exit
R1# exit

R1>enable
Password:
R1#

8. The last task specified in the lab is telnet. Let’s enable it. The lab says we should use
the password ‘test’ for it, which means we are not going to use the local database:

R1# configure terminal

R1(config)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# exit
R1(config)#

9. Connect to the switch now, remove any old configuration files and reboot it:
Switch# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete

Switch# reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

10. Answer ‘no’ to this question:

Would you like to enter the initial configuration dialog? [yes/no]: no

11. Go to the privileged mode and then global configuration mode and assign the
hostname
Switch> enable
Switch#
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# hostname Switch01

Switch01(config)#

itexampractice.net
 12. Assign the IP address specified in the lab. Remember we are on a L2 switch, which
means we need to use an SVI interface, in our case we use the default VLAN, VLAN1
and a L3 interface for it:
Switch01(config)# interface vlan 1
Switch01(config-if)# ip address 192.168.1.3 255.255.255.0

13. Do not forget to bring it up - sometimes these interfaces are shut down as well!

Switch01(config-if)# no shutdown

14. Let’s verify the IP address. Use the show ip interface brief command:
Switch01# show ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.3 YES manual up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset up up
FastEthernet0/14 unassigned YES unset up up
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset up up
FastEthernet0/18 unassigned YES unset up up
FastEthernet0/19 unassigned YES unset up up
FastEthernet0/20 unassigned YES unset up up
FastEthernet0/21 unassigned YES unset up up
FastEthernet0/22 unassigned YES unset up up
FastEthernet0/23 unassigned YES unset up up
FastEthernet0/24 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down

15. Create the password ‘cisco’ to protect the privilege mode:

Switch01(config)# enable password cisco

16. The last step is to configure telnet:

Switch01(config)# line vty 0 15
Switch01(config-line)# password cisco

17. To test it, make sure you can ping Router1 from Switch01 and telnet:

itexampractice.net
 Switch01# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!

Switch01# telnet 192.168.1.3

Trying 192.168.1.3 ... Open
User Access Verification
Password:
R1#

itexampractice.net
 CCNA Cheat Sheet: LAB – T-SHOOT
You have been asked to run some show commands to verify a few solutions and protocols.

Tasks:
✓ What is the MAC address that belongs to the device connected to port F0/7?
✓ What is the status of port security for F0/23?
✓ Verify if a switch has a default gateway specified
✓ Check if there are any access lists in place

Time to complete: 10 minutes

itexampractice.net
Step by step instructions:

1. What is the MAC address that belongs to the device connected to port F0/7?
Execute the show mac address-table command on Switch1 to check the MAC
address of the device connected to port F0/7:

Switch1# show mac address-table

Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 0015.fad7.6b68 DYNAMIC Fa0/5
1 0015.fad7.6b69 DYNAMIC Fa0/18
1 0016.4650.e990 DYNAMIC Fa0/6
1 0016.4650.e991 DYNAMIC Fa0/18
1 0017.0ee7.9058 DYNAMIC Fa0/4
1 0017.0ee7.9059 DYNAMIC Fa0/18
1 0018.18ba.5ff0 DYNAMIC Fa0/10
1 0018.18ba.5ff1 DYNAMIC Fa0/24
1 0019.56db.d914 DYNAMIC Fa0/18
1 0019.56db.d915 DYNAMIC Fa0/19
1 0019.56db.d916 DYNAMIC Fa0/20
1 0019.56db.d940 DYNAMIC Fa0/18
1 0019.aa6f.4e97 DYNAMIC Fa0/21

itexampractice.net
 1 0019.aa6f.4e98 DYNAMIC Fa0/22
1 0019.aa6f.4ec0 DYNAMIC Fa0/21
1 0019.aab4.fe1a DYNAMIC Fa0/24
1 001f.6cdf.1d78 DYNAMIC Fa0/1
1 001f.9e5e.df38 DYNAMIC Fa0/9
1 001f.9e5e.df39 DYNAMIC Fa0/21
1 acf2.c55d.c1a8 DYNAMIC Fa0/8
1 acf2.c55d.c1a9 DYNAMIC Fa0/21
1 f872.eaf8.9238 DYNAMIC Fa0/7
1 f872.eaf8.9239 DYNAMIC Fa0/18
Total Mac Addresses for this criterion: 43

2. What is the status of port security for F0/23?

Use the show port-security command to check port security information:

Switch1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/23 1 0 1 Shutdown
---------------------------------------------------------------------------

We can see that port security is enabled for F0/23 and the port will be shut down if a
security violation occurs. You can use the show port-security int f0/23 to learn more:

Switch1# show port-security int f0/23

Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0018.18ba.5ff1:1
Security Violation Count : 1

Here is an example of a syslog message when a violation occurs. The port will be
disabled (err-disabled). You need to do shutdown and no shutdown to bring it up
again:

itexampractice.net
 *Mar 1 00:46:49.671: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/23,
putting Fa0/23 in err-disable state int
*Mar 1 00:46:49.671: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
occurred, caused by MAC address 0018.18ba.5ff1 on port FastEthernet0/23.

To fix it, you should use shut down the port and bring it up again:

Switch1(config)# int f0/23

Switch1(config-if)# shutdown
Switch1(config-if)# no shutdown

You could also instruct your switch to auto-recover from it using the errdisable
recovery interval command and the show errdisable recovery to verify.
To verify a list of reasons for a port to be err-disabled, use the show errdisable
detect command:

Switch1# show errdisable detect

ErrDisable Reason Detection status
----------------- ----------------
udld Enabled
bpduguard Enabled
rootguard Enabled
pagp-flap Enabled
dtp-flap Enabled
link-flap Enabled

3. Verify if a switch has a default gateway specified

You can check the running-config or routing table to check if there is a default
gateway on a switch. Remember, we need a default gateway on a switch to access
other networks and manage this switch from another place.

Switch1# show ip route

Default gateway is 192.168.1.254
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

Switch1# show run

/output omitted/

itexampractice.net
 interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
ip default-gateway 192.168.1.254

/output omitted/

4. Check if there are any access lists in place

Again, to verify if there are any access lists in place on Switch1, you can analyse the
running-config or use the show access-lists command:

Switch1# show access-lists

Extended IP access list acl1
10 permit icmp any any

We can see there is one named access list on Switch 1 called acl1.

itexampractice.net
 CCNA Cheat Sheet: LAB - OSPF
LAB – step-by-step instructions
Your client has changed his mind and for the topology created in Lab7, remove all static
routes, enable OSPF on all routers using the process ID of 1.

Tasks:

✓ Remove static routes

✓ Enable OSPF on all routers. Use the most specific wildcard mask on R1 and R3.
On R2 you are allowed to create one network statement only.
✓ Use the following RID: R1 - 1.1.1.1; R2 – 2.2.2.2; R3 – 3.3.3.3

itexampractice.net
Step by step instructions:
We are going to use the topology and configuration from Lab8.
1. We need to remove all static routes from all routers. If you do not remember what
we put, use the show running-config command to check the ip route commands to
be removed:

R1(config)# no ip route 10.10.10.0 255.255.255.252 192.168.1.2

R3(config)# no ip route 192.168.1.0 255.255.255.252 10.10.10.1

To verify it is all gone, use the show ip route command:

R1# show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.0/30 is directly connected, FastEthernet0/0
L 192.168.1.1/32 is directly connected, FastEthernet0/0

R3# show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.10.10.0/30 is directly connected, FastEthernet0/1
L 10.10.10.2/32 is directly connected, FastEthernet0/1

itexampractice.net
 2. Connect back to R1 and enable OSPF. We will use the process ID of 1:

R1(config)# router ospf 1

3. The lab specifies the router-id to be configured:

R1(config-router)# router-id 1.1.1.1

4. The last step is to execute the network command. Remember we use a wildcard
mask for it! What’s more – the most specific one, this means 0.0.0.0.
The area is area 0:

R1(config-router)# network 192.168.1.1 0.0.0.0 area 0

5. Connect to R2 and repeat the same steps. The lab asked to use one network
command only, however we need to enable OSPF on two interfaces, we would need
two network commands. There is a way around: use the network 0.0.0.0
255.255.255.255 command to include all interfaces:

R2(config)# router ospf 1

R2(config-router)# router-id 2.2.2.2

R2(config-router)# network 0.0.0.0 255.255.255.255 area 0

6. We should see our first neighbor!

Jan 2 12:45:45.255: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from

LOADING to FULL, Loading Done

7. Connect to R3 and follow the same procedure: enable the OSPF process, configure
the RID, and use the network command (again, the most specific wildcard mask):

R3(config)# router ospf 1

R3(config-router)# router-id 3.3.3.3

R3(config-router)# network 10.10.10.2 0.0.0.0 area 0

8. The best place to verify OSPF neighbors is R2. We should see two neighbors:

R2# show ip ospf neighbor

itexampractice.net
 Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:31 10.10.10.2 FastEthernet0/1
1.1.1.1 1 FULL/DR 00:00:36 192.168.1.1 FastEthernet0/0

9. Now, connect to e.g. R1 and verify the routing table. You should see one network
advertised by OSPF:

R1# show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/30 is subnetted, 1 subnets

O 10.10.10.0 [110/2] via 192.168.1.2, 00:00:30, FastEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/30 is directly connected, FastEthernet0/0
L 192.168.1.1/32 is directly connected, FastEthernet0/0

10. It is always a good idea to ping it:

R1# ping 10.10.10.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

11. If you want to learn more about OSPF, you should use some additional commands. A
very handy one is the show ip ospf interface command:

R1# show ip ospf interface

FastEthernet0/0 is up, line protocol is up
Internet Address 192.168.1.1/30, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 1

itexampractice.net
 Designated Router (ID) 1.1.1.1, Interface address 192.168.1.1
Backup Designated router (ID) 2.2.2.2, Interface address 192.168.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:04
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)
Suppress hello for 0 neighbor(s)

itexampractice.net
 CCNA Cheat Sheet: EXAM TIPS
✓ Do not forget to bring all interfaces up! (no shut)
✓ Practice a basic router and switch configuration
✓ Make sure you know how to enable telnet, ssh, passwords, and banners
✓ Telnet is clear text, ssh is more secure (encryption)
✓ Use the enable secret command if possible instead of enable password
✓ Use the service password-encryption command to encrypt existing and future
passwords
✓ Ports will negotiate duplex and speed settings (a feature of the 802.3u standard)
✓ Remember that gigabit ports do not support half-duplex
✓ To enable CDP globally, use the cdp run command
✓ To enable CDP per interface, use the cdp enable command
✓ Remember that CDP is a Layer2 protocol, it can work without IP addresses
✓ Master subnet masks, increments, and everything else you need to work with IPv4
addresses. This includes VLSM as well!
✓ Basic router configuration - be comfortable with the CLI commands, including show
commands.
✓ Take your time when you do labs
✓ If you are asked to configure or troubleshoot something in the exam, do not panic.
Analyse everything, take some notes, think how to approach the problem. However,
do not spend more than 10-15 minutes if you cannot figure out the correct answer.
Sometimes it is better to skip a question. Watch the clock!
✓ All interfaces on a router are shut down (disabled) by default. Always use the no
shutdown command when assigning IP addresses.
✓ Subnetting is crucial!
✓ Be comfortable with static routing and OSPF
✓ Remember that a static route uses a network address, not an IP address
✓ Use Loopback interfaces to simulate a network behind a router and create better labs
to practice for your exam
✓ Understand ALL aspects of the routing table (routing codes, administrative distance,
prefix, next hop, exit interface)
✓ Create a lot of labs with static routes and OSPF

itexampractice.net
 ✓ Focus on show commands (show ip route, show ip protocols, show ip ospf)
✓ Use loopback interfaces to simulate networks and create bigger routing tables
✓ Understand how a switch works (MAC addresses, CAM, ARP etc.)
✓ SVIs and router on a stick is a must
✓ Port security is important
✓ Understand VLANs, native VLANs, trunks etc.
✓ Network security and wireless concepts (WLC)

itexampractice.net