CCNA 2.0 List
of points to memorize night before Exam
The following are lists and explanations that you should memorize for the CCNA 2.0 640-507 exam. You may or may not receive any questions from some of these lists. It depends on the exam you get. It’s best to be safe and know them.
Cisco
Access Lists
|
Access
List Type |
|
|
|
|
|
IP Standard |
1-99 |
|
IP Extended |
100-199 |
|
Protocol Type-Code |
200-299 |
|
DECnet |
300-399 |
|
XNS Standard |
400-499 |
|
XNS Extended |
500-599 |
|
AppleTalk |
600-699 |
|
48-Bit MAC Address |
700-799 |
|
IPX Standard |
800-899 |
|
IPX Extended |
900-999 |
|
IPX SAP |
1000-1099 |
|
Extended 48-Bit MAC Address |
1100-1199 |
|
IPX Summary Address (NLSP) |
1200-1299 |
Cisco Access
Lists Command Formats, etc.
Standard IP
Access Lists
This is the command format for a standard IP access list (notice that you can only use a source address, not a destination address, in a standard IP access list):
access-list [number] [permit or deny] [source address]
Here is an example of configuring a standard IP access list (this is done in configuration mode within privileged EXEC mode):
RouterA(config)#access-list
12 permit 172.17.35.3
Extended IP
Access Lists
This is the command format for an extended IP access list:
access-list [number]
[permit or deny] [protocol] [source] [destination] [port]
Here is an example of configuring an extended IP access list (this is done in configuration mode within privileged EXEC mode):
RouterA(config)#access-list 120 permit tcp any any eq www tcp is the protocol, any is any source address, any is any destination address, eq www is the port
(Remember that when filtering by port, you cannot use IP as the protocol. You can only use TCP, UDP, or ICMP)
Standard IPX
Access Lists
This is the command format for a standard IPX access list (notice that you can use both a source address and a destination address in the standard IPX access list):
access-list [number] [permit or deny] [source address] [destination address]
Here is an example of configuring a standard IPX access list (this is done in configuration mode within privileged EXEC mode):
RouterA(config)#access-list 820 permit 30 10 30 is the source, 10 is the destination
Extended IPX
Access Lists
This is the command format for an extended IPX access list:
access-list [number]
[permit or deny] [protocol] [source] [socket] [destination] [socket]
Here is an example of configuring an extended IPX access list (this is done in configuration mode within privileged EXEC mode):
RouterA(config)#access-list 930 permit –1 –1 0 –1 0 -1 is any protocol, -1 is any source, 0 is the socket, -1 is any destination, 0 is the socket
IPX SAP Filters
This is the command format for an IPX SAP Filter:
access-list [number] [permit or deny] [source address] [service type]
Here is an example of configuring an IPX SAP filter (this is done in configuration mode within privileged EXEC mode):
RouterA(config)#access-list 1080 permit 12.0000.0000.0001 0 12.0000.0000.0001 is the source address which is the network/node address of the server, 0 is any service type
Wildcards are used to specify a single host, an entire network, or part of a network. They can be used in standard IP or extended IP access lists. 0’s within the mask must match up exactly and 255’s within the mask can be anything.
host 172.16.10.3 is the same as specifying 172.16.10.3
0.0.0.0 . Since the wildcard mask is all 0’s, this means that each
octet must match up exactly, specifying a single host.
For example, the following two commands are the same, specifying the single host 172.16.10.3:
access-list 75 permit host
172.16.10.3
access-list 75 permit
172.16.10.3 0.0.0.0
any is the same as specifying 0.0.0.0
255.255.255.255 .Since the wildcard mask is all 255’s and no
particular network is specified, this
means that it doesn’t matter what each octet is, specifying any host on
any network.
For example, the following two commands are the same:
access-list 75 permit
0.0.0.0 255.255.255.255
access-list 75 permit any
(Note:
When using IPX access lists, -1 is just like using the any keyword. It refers to any IPX network address)
For example, the following command would permit all the hosts within the 172.16.0.0 network:
access-list 75 permit
172.16.0.0 0.0.255.255
This
command means that the 172.16 must match up exactly because the wildcard mask
for those two octets are 0’s. Since the wildcard mask for the last two octets
are 255’s, it doesn’t matter what the last two octet’s are. They could be
anything.
To do this, you need to understand block sizes. These block sizes are used to specify a block of addresses. Some of the different block sizes available are 64, 32, 16, 8, and 4. You use the closest block size for your needs. If you need to specify 34 networks or hosts, you would have to use the next highest block size of 64. If you wanted to specify 22 networks or hosts, you would have to use the next highest block size of 32. When you specify the wildcard mask, the wildcard is always one less than the block size. Also, block sizes must start at zero. If you want a block size of 8, you must stay within the block ranges of 0-7, 8-15, etc. For example, you couldn’t start on 11. If you want a block size of 32, you must stay within the ranges 0-31, 32-63, 64-95, etc. Let’s look at some examples:
Example # 1
Let’s say you want to deny access to the networks 172.16.16.0 through 172.16.19.0. First of all, this is good because the range is 16-19. So, we could use a block of 4. This is within one of the ranges because they are 0-3, 4-7, 8-11, 12-15, 16-19, etc. So, your access list command would look like the following:
access-list 50 deny
172.16.16.0 0.0.3.255
If you look at the wildcard mask, the first two octets are zero, so this means that the 172.16 must match exactly. Next, the 3 is one less than the block size as discussed above. So, this means that the block size is 4, which would be the networks 16, 17, 18, and 19. The 255 means that this last octet could be any host number.
Example # 2
Let’s say you want to deny access to the networks 172.16.16.0 through 172.16.21.0. This is a total of 6 networks so we would have to use the block size of 8. If you look at the ranges 0-7, 8-15, 16-23, 24-31, etc., you would have to use the range 16-23. So, your access list command would look like the following:
access-list 50 deny
172.16.16.0 0.0.7.255
If you look at the wildcard mask, the first two octets are zero, so this means that the 172.16 must match exactly. Next, the 7 is one less than the block size. So, this means that the block size is 8, which would be the networks 16, 17, 18, 19, 20, 21, 22, and 23. The 255 means that this last octet could be any host number. The only problem with this is that you’re denying two networks (22 and 23) that aren’t within the networks that you originally wanted to deny. This is one of the problems with block sizes.
Example # 3
Let’s say you want to permit access to the hosts 172.16.16.9 through 172.16.16.14. This is a total of 6 hosts so we would have to use the block size of 8. If you look at the ranges 0-7, 8-15, 16-23, 24-31, etc., you would have to use the range 8-15 because the hosts you wish to permit access to fall in this range. So, your access list command would look like the following:
access-list 50
permit 172.16.16.8 0.0.0.7
If you look at the wildcard mask, the first three octets
are zero, so this means that the 172.16.16 must match exactly. Next, the 7 is
one less than the block size. So, this means that the block size is 8, which
would be the hosts 8, 9, 10, 11, 12, 13, 14, and 15. The only problem with this
is that you’re permitting two hosts (8 and 15) that aren’t within the networks
that you originally wanted to permit. This is one of the problems with block
sizes.
|
Protocol |
Type |
Int.
or Ext. |
Class |
Metrics |
Scalability |
|
RIP |
Distance-Vector |
Interior |
Classfull |
Hop count |
15 Hops |
|
RIPv2 |
Distance-Vector |
Interior |
Classless |
Hop count |
15 Hops |
|
IGRP |
Distance-Vector |
Interior |
Classfull |
Bandwidth, Delay, Reliability, Load |
255 Hops (default is 100) |
|
EIGRP |
Advanced Distance-Vector (Hybrid) |
Interior |
Classless |
Bandwidth, Delay, Reliability, Load |
Thousands of routers |
|
RTMP |
Distance-Vector |
Interior |
NA |
Hop count |
15 Hops |
|
AURP |
Distance-Vector |
Interior or Exterior |
NA |
Hop count |
15 Hops on each side |
|
IPX RIP |
Distance-Vector |
Interior |
NA |
Ticks and Hop count |
15 Hops |
|
NLSP |
Link-state |
Interior |
NA |
Cost and bandwidth |
127 Hops |
|
OSPF |
Link-state |
Interior |
Classless |
Cost |
Approx. 50 routers per area, approx. 100 areas |
|
IS-IS |
Link-state |
Interior |
Classless |
Path value, delay, expense, and errors |
Thousands of routers |
|
BGP |
Path-vector |
Exterior |
Classless |
Path attributes and other factors |
Thousands of routers |
OSI (Open
Systems Interconnection) Reference Model
Application Layer
This layer is responsible for file, message, print, database, and application services. It is the layer closest to the end user and this means that the user and the Application layer interact directly with the software applications. It is also responsible for synchronizing applications on the client and the server, determining if sufficient resources exist for the intended communication, understanding resources that are needed to communicate between two devices and establishing their availability, agreeing on error control and data integrity of communicating applications, and providing processes and services to end users. Always think of “data” with this layer.
Presentation Layer
Responsible for the format, conversion, encryption,
decryption, compression, and decompression of data. This layer also negotiates
which format or syntax to use, such as PICT, TIFF, JPEG,
Session Layer
This layer is responsible for establishing, managing, and terminating sessions between applications. Its main concern is dialog control between nodes, or devices. It keeps data from different applications separate from each other and offers three modes: simplex, half-duplex, and full-duplex. Some examples of Session Layer protocols and interfaces are SQL (Structured Query Language), RPC (Remote Procedure Call), X Window, and Network File System (NFS). Always think of “data” with this layer.
Transport Layer
Responsible for sequencing, session establishment, and maintenance and termination (tear-down) of virtual circuits. Services in this layer segment and reassemble data from upper-layer applications. It establishes a logical connection between the sending host and the destination host. Always think of “segments” with this layer.
Network Layer
This layer decides the best path through a network and handles network addressing. It is responsible for routing within an internetwork. Routers are defined at this layer. Always think of “packets or datagrams” with this layer.
Data Link Layer
Responsible for providing reliable transmission of data across the Physical layer. It formats the message into data frames and adds a header to the frame containing the hardware source and destination address. Consists of two sublayers: Media Access Control (MAC) and Logical Link Control (LLC). The MAC sublayer is responsible for Media Access, Framing, and Logical Topology. The LLC sublayer can provide error correction while the MAC sublayer only provides error detection. Always think of “frames” with the Data Link layer
Physical Layer
This layer is responsible for sending and receiving bits.
It specifies the electrical, mechanical, functional, and procedural
requirements for activating, maintaining, and deactivating a physical link
between systems. It is where the cable, connector, and signaling specifications
are defined. This layer is the only layer that does not rely on a layer beneath
it and the only one that can communicate electrical/light pulses to the other
side. Always think of “bits” with this layer.
“OSI Reference
Model / DoD Model” Comparison and Associated Protocols
|
DoD
(Dept. of Defense) Model |
|
OSI
Model |
|
Protocols |
|
|
|
|
|
|
|
|
|
Application |
|
Telnet, TFTP, FTP, |
|
Process / Application |
--------> |
Presentation |
--------> |
SMTP, NFS, LPD, |
|
|
|
Session |
|
SNMP, X Window |
|
|
|
|
|
|
|
|
|
|
|
|
|
Host-to-Host |
--------> |
Transport |
--------> |
TCP, UDP |
|
|
|
|
|
|
|
|
|
|
|
|
|
Internet |
--------> |
Network |
--------> |
ARP, RARP, IP, |
|
|
|
|
|
BootP, ICMP |
|
|
|
|
|
|
|
Network |
--------> |
Data Link |
--------> |
Ethernet, Fast Ethernet, |
|
Access |
|
Physical |
|
Token Ring, FDDI |
|
Routing Protocol |
Routing
Table Updates in Seconds |
|
|
|
|
AppleTalk RTMP |
10 |
|
IP RIP |
30 |
|
XNS |
30 |
|
DECnet IV |
40 |
|
IPX SAP |
60 |
|
IPX RIP |
60 |
|
IP IGRP |
90 |
|
VINES VRTP |
90 |
Encapsulation
Data
encapsulation at each layer of the OSI
Reference Model:
Application Data
Presentation Data
Session Data
Transport Segments
Network Packets or Datagrams
Data Link Frames
Physical Bits
Frame Relay
encapsulation types:
Cisco (Default)
IETF
Serial interface
encapsulation types:
HDLC (Default)
PPP
Novell IPX
encapsulation (frame) types:
Interface Encapsulation or frame type Cisco keyword
Ethernet Ethernet_802.3 novell-ether (Default)
Ethernet_802.2 sap
Ethernet-snap snap
Ethernet_II arpa
Token Ring Token-Ring sap (Default)
Token-Ring_snap snap
FDDI Fddi_snap snap (Default)
Fddi_802.2 sap
Fddi_raw novell-fddi
Editing Commands
Ctrl + A Move to the beginning of the command line
Ctrl + E Move to the end of the command line
Ctrl + B (or left arrow) Move back one character
Ctrl + F (or right arrow) Move forward one character
Ctrl + N (or down arrow) Repeat most recent command
Ctrl + P (or up arrow) Repeat previous command
Ctrl + D Deletes a single character
Ctrl + R Redisplays a line
Ctrl + U Erases a line
Ctrl + W Erases a word
Ctrl + Z Ends configuration mode and returns you to exec mode
Esc + B Move backward one word
Esc + F Move forward one word
Backspace Deletes a single character
Tab Finishes typing a command
IP
Class
Class A (commercial use) 1.0.0.0 to 126.0.0.0 1 - 126
Class B (commercial use) 128.0.0.0 to 191.254.0.0 128 - 191
Class C (commercial use) 192.0.1.0 to 223.255.254.0 192 - 223
Class D (multicast groups) 224.0.0.0 to 239.255.255.255 224 - 239
Class E (experimental) 240.0.0.0 to 254.255.255.255 240-254
127.0.0.0 is reserved for the loopback address. It is used by a device to address itself internally and used to test a local device’s TCP/IP stack and identify possible stack corruption. This is done by using the command “ping 127.0.0.1” on the local device.
Private IP Addresses
The following three sets of IP addresses and subnet masks are private IP addresses. They are for use on private networks and usually don’t connect to the global Internet:
Addresses Subnet mask
10.0.0.0 255.0.0.0
172.16.0.0
through 172.31.255.255 255.240.0.0
192.168.0.0
through 192.168.255.255 255.255.0.0
Subnetting
(Definitely memorize the following subnet mask tables and write them down before starting the exam. See our Subnetting Tips document for more information)
Subnet Masks for
a Class C network
Subnet Mask Length of mask (bits) # of subnets # of hosts per subnet
255.255.255.252 30 62 2
255.255.255.248 29 30 6
255.255.255.240 28 14 14
255.255.255.224 27 6 30
255.255.255.192 26 2 62
Subnet Masks for
a Class B network
Subnet Mask Length of mask (bits) # of subnets # of hosts per subnet
255.255.255.252 30 16,382 2
255.255.255.248 29 8,190 6
255.255.255.240 28 4,094 14
255.255.255.224 27 2,046 30
255.255.255.192 26 1,022 62
255.255.255.128 25 510 126
255.255.255.0 24 254 254
255.255.254.0 23 126 126
255.255.252.0 22 62 1,022
255.255.248.0 21 30 2,046
255.255.240.0 20 14 4,094
255.255.224.0 19 6 8,190
255.255.192.0 18 2 16,382
Notice how the “# of subnets” and the “# of hosts per subnet” on Class C table are inverses of each other. For example, on the Class C table, the “# of subnets” starts at 62, then 30, 14, 6, and 2. The “# of hosts per subnet” starts at 2, then 6, 14, 30, and 62. Notice that right in the middle is the 255.255.255.240 subnet mask with 14 subnets and 14 hosts per subnet.
The Class B table works the same way. The “# of subnets” starts at 16,382 and goes all the way down to 2 while the “# of hosts per subnet” starts at 2 and goes all the way up to 16,382. Right in the middle is the 255.255.255.0 subnet mask with 254 subnets and 254 hosts per subnet.
Here’s a tip to help memorize the Class B table. Notice that when you look at the “# of subnets” starting with 16,382, that each number going to the bottom of the list keeps splitting almost in half. Half of 16,382 is close to 8,190, half of 8,190 is close to 4,094, etc. When you look at the “# of hosts”, the same thing is happening except that you start at the bottom of the list.
Regarding the “Length of Mask (bits)” field: For example, 30 means 11111111.11111111.11111111.11111100, or 30 1’s, etc.
Port Numbers (these are for reference only. Most likely, you will not see these on the exam)
- Port numbers below 1024 are considered well-known port numbers.
- Port numbers 1024 and above are used by the upper layers of the OSI reference model to set up sessions with other hosts and by TCP to use as source and destination addresses in the TCP segment
Some popular ports:
Description Port Type
Echo 7 UDP
FTP data 20 TCP
FTP 21 TCP
Telnet 23 TCP
SMTP 25 TCP
DNS 53 UDP
TFTP 69 UDP
Gopher 70 UDP
Finger 79 UDP
WWW 80 TCP
POP3 110 TCP
NNTP 119 TCP
NetBIOS Name Service 137 UDP
NetBIOS Datagram Service 138 UDP
NetBIOS Session Service 139 UDP
SNMP 161 UDP
SNMP Traps 162 UDP
ISDN
ISDN Channels
Interface # of B (Bearer) Channels # of D (Signaling) Channels
BRI 2 1 (16 Kbps)
PRI (
PRI (International) 30 1 (64 Kbps)
ISDN Protocols
E-Series Telephone network and ISDN
I-Series ISDN concepts, aspects, and interfaces
Q-Series Switching and signaling
ISDN Reference
Points
Reference Point Connection between:
R TE2 and TA
T NT2 and NT1
U NT1 and telco
S/T TE1 or TA, and NT1 when no NT2 or NT1/NT2 is used
TE2-----R-------TA
|
|
TE1------S/T---NT2--------T----------NT1----------U------------ LE |
| |
| |
ET ----V-----LT