Cisco CCNP training diary full contact

Source: Internet
Author: User
Tags network troubleshooting

= Day 1 =

Today we are talking about advanced IP address Editing:
I found that there are indeed many IPv6 addresses! On average, each person has hundreds of millions and hundreds of millions of people ...... Enough ~
IPv6 addresses starting with 2002 are used to convert v4, followed by v4 addresses in hexadecimal notation;
I have a more perceptual knowledge of anycast, which means that data needs to be sent to the RP first, and then the target host needs to be retrieved from the RP;
The VLSM is detailed, and the case is used to explain how to allocate an IP address to each CIDR Block, first pick up the maximum number of hosts, and finally divide the IP address into 30 addresses, in addition, it is better to separate these/30 addresses from the last group of available addresses (not the big network segment left in the end, but small ones) (not express ......)
The route is summarized manually: ip summary command
By default, many routing protocols use auto-summary. Therefore, to configure Classless, you must first disable this statement;
R1_1 can accept v1 and v2 information, but v2 does not accept v1, so v1 routes will not be distributed to the vro Where v2 is located;
The Management Distance of various routing protocols must be backed up;
Static Routing can be used as a backup route. You only need to set a large (larger than the active routing protocol's Active AD) AD;
Classful can cause address waste. In case of inconsistent network segment masks under a vro, an error occurs during the summary guess, and routes in the longes t match route table will not be matched one by one, in this way, the route destined for the directly connected CIDR block is discarded.
In addition, the 25 series does not support IPv.
Will be phased out, because even if IOS is refreshed, IPSec is not supported.

In Internet cafes, I don't take books and notes. That's all I can think ~ Haha ~ Continue tomorrow ~ Please correct me if you have any questions ~

=== Day 2 ====

Today we are talking about the following:

D. V. The biggest disadvantage of Type protocols: loop generation;
Three tables are maintained in the network, including the neighbor table, the topology table (a subset of the neighbor table), and the route table;
A. D. is the distance from the neighbor to the destination, and F. D. is A. D. Plus the distance from yourself to the neighbor;
Banwidth is the minimum bandwidth from the path egress to the destination CIDR block. Note: exit and minimum (the bandwidth of the link with the smallest bandwidth on one road );
The metric of IGRP is multiplied by 256 to become the metric of VPN;
Banwidth = the 7th Power of 10 divided by bandwidth;
If you want to analyze a protocol, start with the Protocol package ~;
The AS and K in the hello packet cannot form a neighbor relationship;
The main address of the interface is used to establish the adjacent relationship;
The SRTT value in show ip VPN neighbors is the length of time for a packet to be sent back to a neighbor (ACK is received), and the RTO value is the time interval for data re-transmission (when the data package does not arrive );
Update/Query/Reply is reliable transmission (ACK is required), while Hello and ACK are not;
Data re-transmission uses the stop-and-wait Mechanism for unicast data re-transmission;
DUAL: diffusion update. The Query can be passed down until Reply is received;
If A. D. is less than F. D. Hour of successor path, you can select feasible successor;
Horizontal segmentation means that route information is not sent back, But packets are not sent back;
The routing protocol always uses the optimal route. When the master path is disconnected, the backup path is used. Once the master path is restored, the master path is used. This is different from the ospf dr and BDR election;
When the master path is disconnected and there is no available backup path, the vro becomes ACTIVE and then sends A Query. If the Reply is not obtained for A long time, it will be in the si a status;
Configuring an IP address for the fault has two meanings: one is to give it an address; the other is to specify a network segment connected to it;
Make the VBR automatically announce the gateway information to the following vro: ip default-network X. X (host address rather than network segment address );
The border routing automatically aggregates its own network segments and generates a static route pointing to NULL0;
Unequal path Load Balancing has two conditions: 1. The next hop route used for Load Balancing must be a backup route; 2. the multiplier can be adjusted by variance;
If Query is not restricted, cross-AS is possible;
Two methods to limit Query: 1. Add a converged route; 2. Use the stub command;
Only one egress network is the stub (terminal) network;

=== Day 3 ====

Today we are talking about OSPF.

SPT and SPF aim to find the shortest path, but SPT is picked out (who has the least stamp) Just like a walker carrying a bag with a postmark, while SPF calculates it;
OSPF uses the Hello packet to find the neighbor and uses LSA (LSU) to establish the topological structure;
LSA is divided into different types because the network structure is different, which is used to simplify the information transmitted by LSA;
It is recommended that OSPF have no more than 50 neighbors. Each link counts as one neighbor, and the redundant link counts as two neighbors;
Two routing Methods: Hop-by-hop routing and source-based routing (the path has been selected in advance, which is highly real-time );
RTP functions are similar to TCP;
OSPF transmits various packages on four layers and uses IP addresses for encapsulation (ISIS is on two layers and frame for encapsulation );
Each LSA is included in LSU and there is no LSA package;
The LSR is equivalent to the Query in MongoDB, And the LSU is equivalent to Reply and Update;
Use multicast when the network changes. For example, and can be resold to DR;
Each LSA has a serial number and a lifetime to keep it up to date. The serial number range is 0x80000001 -- 0x7FFFFFFF. The reason from large to small is that the first digit is the symbol bit;
1 hour of service life, updated every 30 minutes;
When the serial number reaches the maximum value, the service life of the update will be updated for one hour first, so that the router will discard the entry and then send another 80000001;
Dividing OSPF networks into BMA, NBMA, P2M, and P2P is essentially determining whether to automatically select neighbors and whether to select DR/BDR;
Various network types are self-configured, but only work methods of OSPF;
The value range of the router Priority is 1-255;
The ABR (connected to Area 0) maintains both the database in area 0 and the database in Area 0;
LSA type: T1 sums up several Ethernet connections into one, T2 sums up several vro connections into one, T3 is the out-of-band area route, and T4 is the ASBR address for transmitting and broadcasting, t5 is an out-of-propagation AS route, and T7 is a T5 variant in NSSA;

=== Day 4 ====


NSAP is a string of NET in the format of region number (partially customizable ). system number (you can use MAC or custom ). SEL (service number, generally 00, representing the table host, you can also use numbers to represent different services );
CLNS is also a Routed protocol, and IP, IPX type;
L1 routers do not see LSP on L2 layer. On the contrary, L1 is equivalent to Totally Stub in OSPF;
Two SPF settings are run on the L1/L2 router;
When addressing, first find the Area ID, then the System ID;
The Area ID is not sent to the nearest L1/L2 at the same time;
The LSP includes: PDU type, length, lsp id, serial number, and lifetime;
Tlv is a field of LSP, including: IS neighbor, ES neighbor, authentication information, etc;
The formats of broadcast and P2P Hello packets in ISIS are different;
L1 and L2 layers are independent;
The LSP for normal router multicast. When DIS receives the LSP, it summarizes and broadcasts it to the group;
DIS sends brief information with CSNP. The following vro receives a list of items that are missing after comparison, sends a connection details to DIS through PSNP, And Then DIS responds with PSNP;
PSNP can also respond to LSP as ACK;
Circuit ID is used to identify each port in one byte;
The lan id is the System ID. Circuit ID, which is used to specify a network segment connected by L1;
Metric is 10 by default;
Use default information original to send the default gateway.
=== Day 5 ====


BGP routing is based on the policy, so it may not be selected AS the optimal path. Therefore, it is best to use BGP and IGP in the same;
Routes learned through IGP exist in the table and must be the same as the mask in the route table. You can use the NEtwork command to publish the routes;
The Neighbor in the same AS is IBGP, while the AS is EBGP;
The Neighbor of IBGP is not necessarily directly connected. EBGP must be directly connected by default, but it can be changed using Mulitihop;
BGP uses TCP to establish a connection, so BGP works on the fifth layer, OSPF/RIP/OSPF/IGRP works on the fourth layer, IS-IS on the third layer, encapsulate the data directly into the frame;
If a route is forwarded directly from BGP;
The Network and IGP concepts in BGP are completely different. IGP specifies the port used in the Protocol, and BGP specifies the route to be published (whether directly connected or not );
Netowrk is not based on the interface, but is sent as long as it is a neighbor;
If a vro is connected to the public network, you need to apply for the AS number of the BGP running above;
If there is cross-zone traffic in a transmit AS, all the routers passing through the traffic must be configured with IBGP;
The neighbor of BGP is not automatically discovered and must be manually specified;
BGP is a path-vector protocol, and the path depends on the AS number;
BGP information type: open keepalive update notification;
"Horizontal segmentation": each two IBGP routers have a p2p relationship, and the transmission information is only one hop. It will not be sent to other routers that are not p2p, but EBGP can;
When EBGP advertises a route, it uses its port address as the next hop address and does not change it after it is transmitted to IBGP;
NULL0 must be configured manually during aggregation;
BGP does not compare metric, but compares attributes;
Routes are identified by IGP as I, EGP as e, and redistribution ?;
When selecting a path, select high local preference and low MED;
Define a seed metric when there is a redistribution;
Loops are easily generated during bidirectional redistribution, with sub-optimal paths;
Route filtering is used to ensure security when the IGP route is redistributed to BGP;
Two loopback connections are not considered as direct connections. They only need mulitihop (neighbor ebgp-mulitihop );


=== Day 6 ====

Introduced campus network design, VTP, VLAN, and Spanning-Tree

Remember to design networks: performance, scalability, and availability;
Network Design Framework: AVVID (effectively integrating voice videos and data );
AVVID can be divided into three parts: 1. Infrastructure: All hardware resources; 2. Smart services: network management, high availability; 3. Various services: IP phones;
Today's enterprise network model is based on the AVVID architecture: enterprise parks, enterprise boundaries, and service provider boundaries;
Implement a three-layer hierarchical model in the above three regions;
E-commerce: the connection between your enterprise and business partners;
VPN: used to upload private network information on the public network;
Enterprise edge components: E-commerce, Internet connection, remote access-VPN, WAN;
Compared with a router, a layer-3 switch does not support NAT and Wan interfaces. It is often used in Ethernet, but the forwarding rate (pps) of a layer-3 switch is much faster than that of a router;
Voice has been well supported since the 3500 series;
The STP convergence time is 50 s;
One VLAN = One Broadcast domain = one subnet;
Routing is required for communication between different VLANs;
Local VLAN: no crossover and no Trunk is required;
Two methods for establishing a VLAN: Vlan database and Conf t/vlan XX;
After the VLAN database is configured, you must enter exit to save it;
VLAN troubleshooting: physical connection> Switch configuration> VLAN configuration;
Physical connections include CDP and duplex;
The Trunk is a link between two vswitches;
802.1 p: Priority of the 802.1qTAG field;
Tunnel requires two tags: one for the enterprise and one for the carrier. The carrier can transmit VLAN, CDP, VTP, STP, and other information;
Native VLAN is unique to 802.1q. It is vlan 1 and is used to manage VLANs;
ISL will also output some native vlan information, but it has no meaning;
VTP is a proprietary CISCO protocol used to manage VLAN configurations (equivalent to DR \ BDR );
After VTP works on the trunk port and has VTP, you can make unified configuration on a certain switch (Server) and then deliver the configuration to other switches;
VTP cannot traverse a vro;
VTP domain names are case sensitive;
VTP troubleshooting: Is it Trunk? --> Are domain names the same? --> Is it transparent? --> Are the vswitch passwords in the same domain the same?
STP can logically block loops and determine whether loops exist;
STP uses BID to select the root (equivalent to the router ID in the vro );
STP selection process: the lowest root BID, the lowest root path cost, the lowest sender BID, and the lowest port ID;
The Designed Port is the parent of the Root Port;
When the topology changes, the RP sends a tcn bpdu to the upper-level DP, and then sends the BPDU to the root, and clears the MAC table after receiving the other packets, recalculate the Spanning-Tree;
The BID of the same network segment is low, who becomes DP, and the other is Block;
In addition to Wan interfaces, A vro has a MAC. A layer-3 switch is similar to a layer-2 switch. A layer-2 switch has only one MAC.

=== Day 7 ====

Today we are talking about advanced Spanning-Tree, CAM, TCAM, some switching principles, and inter-VLAN routing.
STP is enabled by default;
Start STP: spanning-tree vlan XX (Because CISCO uses PVST, one tree is planted in each VLAN slot of the STP tree ~);
Adjust the STP priority for a VLAN: Spanning-tree vlan 200 priority XXXX (XXXX is preferably a multiple of 4096 );
Default priority of each VLAN = 32768 + vlan id (default priority of e.g. VLAN11 = 32768 + 11 = 32779 );
The purpose of VLAN priority adjustment is to adjust the location of the root switch;
Port cost: On the access port: spanning-tree cost 18; on the Trunk port: spanning-tree vlan 200 cost 17;
See STP: show spanning-tree vlan 200/show spanning-tree bridge;
Several features of CISCO switches:
I. BPDU Guard: used on the Postfast port. When the switch is configured, once the portfast port is received by the BPDU of another switch, the Shu tdown (to prevent the interface from connecting to the switch) immediately ), manual recovery is required;
Ii. BPDU Filitering: it has the same functions as the above, but does not shut down. It is only temporarily disabled for a period of time. Once the connected switch is removed, it will be restored;
3. BPDU Skewing: an error is reported when the BPDU is not received within the specified time. This will occupy a large amount of resources. Using Skewing, you can prevent or generate fewer errors;
4. ROOT Guard: this port will not be changed but it will only be DP. This will prevent the newly added switch from becoming root, this port is changed to permanent DP (show spann inconsistentport). If the newly added switch wants to become root, its port cannot work, the new switch is committed to complete RP;
5. Unidirectional Link Detection: checks whether two-way communication can be performed on the line. When the communication fails, the port is interrupted until the Link returns to normal;
6. Loop Guard: prevent a blocked port from forwarding because the link is abnormal (two-way communication is not allowed) after it fails to receive the BPDU, even if the BPDU is not received, it is blocked (loop guard is automatically disabled when loop guard is enabled );
Cisco specifies that the maximum number of STP hops used between two switches is 7, which is called the STP diameter;
The Gateway is the IP address of the VLAN port on the switch;
CAM table: place the source information (MAC + VLAN) in the Hash, calculate * the target location, find a table that has been computed, and then send data, this table is different from the MAC address table, which is used by high-end switches;
TCAM table: A Table dedicated to layer-3 Switching Based on ACL, mainly for security;
These two tables exist at the same time in the high-end switch. Check the TCAM table first. If you allow them, check the CAM table again and then send data;
Several parts of TCAM:
V (patterns): mode <example> content;
M (mask): determines which content to check;
R (result): permit or deny
Central Exchange is a previous technology. It now supports distributed Forwarding (up to mb pps) and stream Exchange (netflow). It caches Layer 2, Layer 3, and Layer 4 Information and provides the accounting function;
Process switching: each packet is processed, with thousands of PPS;
ASIC switching: the forwarding rate is greatly improved, and only the first frame is processed;
Topology-Based Switching CGBE: This is a software switching method that works on ASIC;
Multi-layer switches do not require manual configuration;
ARP Throttling: In the CEF switch, some packets are discarded before the ARP response, pointing to a fake MAC, which takes a very short time;
Once the route is started, it will work in the CEF mode;
Multi-layer switch: layer-3: SVI port: Virtual, logical, VLAN interface with IP address, can be used as a gateway for users;
Routed port: an IP address can be assigned to a router port. It does not belong to any VLAN and has similar functions as SVI;
Configure the Routed port: ip routing --> no switport --> ip add --> routing protocol;
Layer-3 switches are generally used for inter-VLAN communication, which is faster than router forwarding;
EtherChannel is used to bundle some ports with the same features for Load Balancing (usually trunk );

=== DAY 8-9 ===

The two days are about redundant HSRP, QOS, and Multicast:
Redundancy: Device-level redundancy: Router === router --------- network-level redundancy: All devices are in Full Mesh.
A super engine is the core of a vswitch;
65000 of the first generation engines use RPR (redundant routing processors) and have an independent handshake mechanism. The two engines can switch between each other. Now RPR + is used;
Install a MSFC routing card (module) on the super engine );
RPR backup engine is enabled, but MSFC and PFC are not enabled;
The backup engine and MSFC and PFC of RPR + have been started;
RPR + synchronization does not support vlan database and SNMP modifications;
Before a Cisco device dies, a core dump record is left;
When RPR + is switched, the FIB table is cleared, and the route table is restored for a short period of time (no dynamic route exists around 60 s), but the static route always exists;
With RPR +: Running Dancy ---> mode-rpr-plus ---> show redundancy status;
IRDP is used to send notifications between the host and the router;
HSRP can work on Trunk;
HSRP status: initial --> learn --> listen ---> speak ---> sta ndby ---> Active;
Select ACTIVE when speaking Speak, and the priority of announcement;
HSRP interface tracking: monitors the status of the egress link. Once disconnected, the priority of HSRP is adjusted.
Example: standby 47 priority 120
Standby 47 track s0 50
When s0 is disconnected, the priority is automatically changed to 120-50 = 70.
Then s0 is normal, and the priority is automatically changed back to 120.
Only applicable to single-exit links;
The ACTIVE status (standby 47 preempt) is changed only when the ACTIVE status is configured );
HSRP can solve the problem of proxy ARP and IRDP latency;
STANDBY becomes ACTIVE when no hello (3 S) is sent three times in a row.

Only one ACTIVE and one STANDBY are allowed in a group;
Cisco is HSRP, standard is VRRP;
All vrouters of VRRP use the IP address of the MASTER node. When the MASTER node is disconnected, other routers set their own IP addresses to the MASTER node. When the MASTER node is recovered, the ma ster switches back to the original address;
SRM can solve the configuration complexity. It is redundancy technology, no load sharing, and has the courage to switch between two modules within 65. The VRRP mentioned above is used between multiple routers;
Configure SRM: redunancy ---> high-ava ---> single-router-m ----> show redu;
Multicasting: Best transmission with no connection, applicable to pay-as-you-go digital TV channels;
Multicast sources can be group members or not;
Multicast addresses do not have the concept of network numbers;
Source tree: each source has a tree to the destination, such as PVST. The path is optimal because of high system overhead;
Shared tree: data is sent from multiple sources to the RP. The system overhead is small and the path is not necessarily optimal;
Multicast loop avoidance: RPF reverse check: the packet source and the interface for receiving the packet are broadcast only when the same table exists on the road;
PIM is a multicast routing protocol;
Pim dm is from the source tree, while SM is from the shared tree;
IGMP works between multicast routers and hosts to exchange group member information;
Cisco's Auto-RP allows the router to send information to the ing proxy and then send the information;
If both PIMv1 and v2 are on a Cisco device, v2 is automatically downgraded to v1;
BSR does not support PIMv2;
View multicast routes: show ip mroute;
The RPF neighbor is the previous hop;
(*. G) indicates the shared tree and (S.G) indicates the source tree;
See PIM: show ip pim int;
The non-compressed voice data is 64 Kbps;
An IP phone can use one auxiliary VLAN, and the voice uses one VLAN. The data uses one VLAN, which has a higher priority;
Two models of QoS: Integrated Services & differential services;
When QoS is implemented, traffic-based features are first classified and different levels are marked on the edge of the network;
NBAR: an advanced classification method that supports high-level application information classification;
Layer-2 QoS: 802.1 p & CoS (TAG field );
Layer-3 QoS: Ip precedence, DSCP (ToS field );
Queuing technology is implemented on the premise of congestion;
RTP protocol is the highest level, with priority forwarded. As EF, UDP ranges from 16384--16384 + 16383;
WRR: weighted cyclic queue (WRR). There are 4 queues. You can manually assign a priority to a queue and determine the bandwidth allocation ratio when the stack is released;
Tail drops can cause high jitter;
You can use WRED to capture several low-priority packets and discard them first to avoid TCP synchronization;
TCP synchronization does not occur as long as the queue is not full;
Congestion Control Technology: Traffic Shaping: making traffic stable;
Traffic Policy: Mark some packets and give priority to them;
Data Packet sharding: the packet is cut into long fragments, and the transmission interval is stable;

=== DAY 10 ====

Today is the last day of BCMSN. We talked about QoS commands, Metro Ethernet, WRED, network management, network security, and so on:
MQC is a modular QoS;
Use MQC to implement QoS: class-map --> policy-map --> service-policy;
Enable QoS on a multi-layer switch: mls qos;
Border of configuration trust: mls qos trust (cos | dscp | ip predencel) trusts the priority information carried by the inbound traffic;
Several observed commands :;
Configure class-based labels: (modify the TOS field) policy-map --> class --> set ip precedence;
NBAR: provides QoS at the application layer, such as guaranteed bandwidth and traffic shaping;
With NBAR: class-map --> match protocol --> policy-map --> class --> service-policy;
The router can also process data above three layers, but the speed is slow;
PBR is a means of traffic classification and can be used as a traffic indicator;
By default, the bandwidth of the APIs used by the queue cannot exceed 75%. You can change the bandwidth;
CBWFQ is a subset of MQC;
The following is the abbreviation of a mess:
CBWFQ can contain LLQ;
FIFO ---- default, no queue mechanism;
WRED ----- can be used for CBWFQ;
Only interfaces over Gbit/s are supported;
The vswitch can have two minimum thresholds (min1, min2, and maximum threshold) set for WRED;
A vro can have a minimum threshold and a maximum threshold;
Network Management:
Normally, you need to collect a log --> test network changes --> unexpected phenomenon record --> analyze the load caused by the Network Management System -- & g t; monitor network performance (about 50%, cannot exceed 80% in the long term) ---> make an Upgrade Plan;
SPAN switch port analysis technology, which must be connected to the Port Analyzer;
SPAN can monitor sessions, ports, VLANs, inbound stack (RX), outbound stack (TX), and bidirectional;
RSPAN: You can monitor other switches on one vswitch;
NAM is a module inserted in 65 for analysis;
SSH is used to replace Telnet. Telnet establishes a connection in plain text, but SSH is not;
802.1X is port-based authentication, which is available on WinXP;
The ACL is called VACL on the second layer, frame-based and VLAN-based access control, and RACL on the third layer;
City Ethernet:
A private VLAN is a Cisco proprietary technology. It is used to isolate hosts in the same VLAN. The management is complex and the scalability is poor;
PVLAN can be divided into the primary VLAN and the secondary VLAN. The secondary VLAN can be divided into the isolated VLAN and the ac vlan;
PVLAN port: public port, isolation port, and AC port. The isolation port can only communicate with public ports (only one port can be used), internal communication ports can be used, and public ports can also be used (multiple ports can be used );
Metro Transmission Technology: DWDM, SONET, CWDM;
SONET and SDH are the same, but they are called different methods;
7600 support optical transmission and MPLS;
DWDM is available between ISPs;
Advantages of using ethernet technology on the WAN: flexible topology (p2p, p2m) and transparent transmission (ethernet was originally used for ship IP addresses), service quality level, low cost, strong scalability, strong interaction performance;
Two types of Metro Ethernet: Transparent LAN Service (TLS): extremely secure (with the same VLAN as the ISP), switch interconnection, and poor scalability (up to 4096 VLAN );
Direct VLAN Service (DVS): intercommunication between users and ISPs through bridges;
SONET bandwidth is an integer multiple of 51.84M;
The 152 series are optical switches that can provide DWDM;
CWDM can reuse eight channels, and the transmission distance is too short. The price is lower than that of DWDM;
CWDM and DWDM implement redundancy switching at the physical layer, less than 50 ms;
When an enterprise connects to an ISP, multiple VLANs can be connected to one of the ISP using the 802.1 QinQ Tunnel technology. The VLAN is restored when it is uploaded to the destination;
QinQ isolates VLANs of different enterprises. However, if the ISP still has a ring connection, STP should be considered;
QinQ does not transmit STP. To create a SPT across ISPs, use LRPT;
QinQ cannot be routed, Cisco is dedicated;
EoMPLS only supports p2p;
MPLS is based on Label Switching, similar to L2 switching, between 2-3 layers;
The key device of EoMPLS is 76, which uses VC to identify different VLANs (exceeding the limit of 4096 );
Exp/Cos in MPLS can be used to deploy QoS and support traffic engineering;
MPLS labels can be stacked, indicating different functions;
EoMPLS is P2P and cannot be bent in the middle;
=== DAY 11 ====

Start BCRAN ~ today ~
I talked about AAA and cat, but I do not have to take the cat test:
A (verification) ---- what are you ----> A (authorization) --- What Can You Do -----> A (Accounting) --- what have you done;
Dialer is a logical interface with exclusive physical interfaces;
Switching Mode: Circuit Switching requires independent maintenance of a circuit, which is costly; packet switching (VC), one physical connection can be used by multiple VC, allowing data bursts;
Synchronization: I can receive as soon as you send it;
Asynchronous: each byte requires 1/8 for synchronization;
Bandwidth above KB;
The coaxial cable media determines its co-competition;
Twisted twisted pair to avoid Signal Crosstalk, line sequence to avoid electromagnetic interference;
The light cannot be bent to a large angle (90 degrees );
Single-Mode Optical Fiber: transmits only one color light;
DS0 is a 64 K channel, divided by time slot, called time division multiplexing (TDM );
China's ISDN adopts the E1 standard;
The biggest benefit of PPP is compression and verification;
CDP is a layer-2 protocol, and the underlying layer must support SNAP;
Line protocol down: verification fails, compression fails, and layer-2 encapsulation protocols are different;
PPPoE authentication and negotiation are on the second layer, and the third layer cannot be connected to the second layer;
Implementation Network first consideration: feasibility (availability );
WDM can be used in both single-mode and multi-Mo modes. It is an upper layer technology (DL Layer );
Interactive: Interview with the traffic of the Router (for example, telnet the router );
Traffic transmitted: data is transmitted between two nodes through the router interface;
AA is authenticated by default. Manual designation is required if no authentication is required. authorization is required after verification;
Local verification: PAP, CHAP;
Verify by using the ACS server: RIDIUS, TACACS +;
Accessing the modem from an intranet router is called reverse telnet, and accessing the modem from the Internet is called forward tennet;
Where command = show session command;
A virtual port can be set to int async X on the port connected to the router and the cat;

=== DAY 12-13 ===

In the past two days, we talked about PPP, ISDN, and FR:
PPP is a layer-2 protocol that solves point-to-point communication;
CDP is on the top of Layer 2 and can be supported by NCP;
The basic functions of HDLC are similar to those of PPP, but many things (such as authentication) are missing );
Generally, PPP is encapsulated on the serial port, and logical interfaces (such as PPPoE) must be enabled on the Ethernet port );
The default Encapsulation Format of Cisco is HDLC, while that of  is PPP;
PPP session: transmission. (Dedicated );
Exec session: interaction. (Interactive );
Ppp lcp: authentication, callback (Security), compression, multilink (load balancing );
PPP is not authenticated when AAA is not started;
PAP does not require the same passwords at both ends, but CHAP does not;
Ppp authencation pap chap indicates that PAP starts CHAP If no response is received during the timeout period;
Three features of VPN: verifiable, integrity, and confidentiality;
Encrypted data is not encrypted or compressed;
The reference point is a line, and the function group is a device;
ISDN supports HDLC, but HDLC cannot be verified or compressed;
The US version has SPID numbers for each channel B to measure the line;
Call ID: Based on the peer L2 phone number;
Call Party: It is equivalent to Call transfer. If answer1 is busy, it is automatically transferred to answer2;
--------- Isdn answer1 XXXX
--------- Isdn answer2 XXXX
When P2M is used, dialer profile is used if the peer end is different;
Backup interface when the main chain is disconnected, the secondary link is enabled;
The second-layer address of FR is DLCI, And the ISDN is the phone number;
The ing can be manual or LMS;
LMIS: maintains the link status & implements IARP;
You must manually specify the type of the LMS before IOS12;
Keepalive is issued by LMS;
IARP is the ing between IP addresses and DLCI;
The DLCI number is determined by China Telecom;
In hub & spoke mode, spoke points must be connected to the hub point first;
All F broadcast addresses are local;
The DCE of FR is Layer 2, and the DCE of Clock rate is Layer 1. There is no inevitable relationship between the two;
P2P sub-interface: waste of IP address and center point configuration (configuration is required for every spoke added );
P2M interface anti-ring is horizontally split on the hub side and enabled on spoke;
Traffic Shaping: do not transmit excess data greater than the peer bandwidth;
BECN can reduce the speed and perform traffic shaping;
Queue depth: how much data is waiting in queue;
Backup is written on the master port, specifying the secondary port;
Do not set the physical port to Backup, but design it to the logical port;
Backup can only be configured at one end, not both ends;
In OSPF Server Load balancer, the cost of the link should be set to the same size;

=== DAY 14 ====

Today we talked about QoS, Broadband, and NAT for the WAN Port:
There are not many concepts and understandings. The broadband test is not the focus:
The depth of the FIFO queue is 0 on the high-bandwidth port; (10 m or more ports)
LLQ integrates the features of PQ and CBWFQ;
10 m ports (inclusive) or above should use FIFO;
Layer-2 frame is generally not congested, and CoS bit may not be set, but Trunk has;
FIFO depends on where the first bit is, first come, first served;
WFQ checks the order in which the last bit arrives, so that the packet is first transmitted;
A small packet has a small weight value. The last bit position of multiple packets is the same as that of a small first-out packet;
WFQ is not sensitive to latency;
ISDN multilink is automatically no fair queue;
CBWFQ: the manual WFQ defines the class as needed, and grants permissions and the ratio of each allocable bandwidth. Although 64 classes are provided, at least one class must be left as the default class;
IP precedence: video, voice, route information, and keepalive;
CBWFQ can be nested with WFQ;
Bandwidth is not used to limit the speed. It only specifies the number of outgoing packets and cannot limit the speed;
The CQ queue contains the kiddie queue;
When both sides of the compression are passive, the first package is not compressed, and subsequent packages are compressed;
Compression: show compression;
NAT: inside source: initiated by the Intranet ----- inside local/global address;
NAT: outside source: initiated by the Internet --- outside local/global address;
Overlapping occurs when the company makes a merger;
Overload (Multiple-to-single, multiple-to-few) is a random port number, while PAT is specified;
When the debug ip address is nat, the "*" is cached, and the others are CPU;
When NAT changes, the cache must be cleared before modification;
Cable is a joint link in the community;
VDSL is dedicated to Cisco;
DSL and Cable are both layer-1 technologies;

=== DAY 15 ====

Today we will talk about the configuration of VPN and DSL. The last day of BCRAN:
The pvc id of the ATM must be globally unique, but FR is not;
PPPoE is on the ATM;
For normal data, 8 bytes must be added in VPDN, so MTU must be set to 1492;
MTU 1500 is an IP address and 1518 is a layer-2 frame;
The frame of FR is not long, And the ATM splits the data into a 48 byte segment plus a 5 byte header, a total of 53 bytes, which is fixed and can be matched by hardware, so the speed can reach 155 MB, the FR can only reach 1.544 M;
PPPoA uses modem as the router, while PPPoE uses modem as the host;
VPN: low price, leased line speed and confidentiality, high flexibility, but FR is not;
Tunnel technology increases VPN flexibility and is transparent to the public network;
Encrypt first ---> enter tunnel ---> exit tunnel ---> decrypt the plaintext only on both ends and in the private network;
Remote VPN (mobile user) dialing as needed;
VPN can appear in many layers: Application Layer (SSH, S/MIME), Transmission Layer (SSL), network layer (IPSec-enterprise-level encryption, all traffic is encrypted), and DL layer: it can be encrypted, but it is too cumbersome;
The speed of adding a VPN to the firewall is extremely slow;
GRE/L2TP/IPSec itself is a tunnel;
IPsec only encrypts IP Unicast;
L2TP and GRE first put multicast, non-IP, and so on into unicast, and then handed over to IPSec;
IPSec runs on Layer 3. Layer 2 FR/DSL does not matter, but the physical connection is purely ill;
Key Exchange Methods: artificial, public/private key (Diff-Hellman), CA Server generation;
Hash can be used to verify the integrity or encryption. It is mainly used for integrity verification;
Two VPN modes: Tunnel: protects both IP headers and data, and adds a new IP packet header;
----------- Transport: only protects data, and the original IP Address Header remains unchanged;
Preshared key is used to verify ISAKMP communication, not for encryption;
If the data is not encrypted, the router discards the data;
First, you must prove that the link is connected, and then perform VPN;
Encryption is required for outgoing traffic of interest, but not for non-interest traffic. Extended ACLs are required on both sides to define peer-to-peer traffic of interest;

=== Day 16-20 ===

CIT, network troubleshooting.
This is less than other subjects than theoretical subjects, and more things actually exist. This can be seen from the book's book, so I will not elaborate on it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.