RSS

ICND1 100-101 Study Progress 2

30 May

I have reached page 682 of the Odem book which is where I am going to stop. Now I am going finish typing up my notes. Next I will use the attached CD to quiz myself to figure out what areas I need to brush up on in the coming weeks.

CHAP19 Subnet Design p533
– count the bits know the powers of 2
– 2^10 is 1024 and that is easy to remember

CHAP20 VLSM p561
– Old routing protocol doesn’t support vlsm (RIP)
– no additional config to get this to work
– be able to find overlap of networks to troubleshoot

CHAP21 Route Summarization p577
– strategy used for performance to lower the size of routing tables
– subnet design should have summarization in mind
Steps to finding the best summary route
1. list all decimal subnets in order
2. note low and high points
3. pick the shortest prefix length mask and subnet -1
4. calculate new potential network mask summary

CHAP22 Basic ACLs p599
– ACLs most common use is a packet filter
– can match source and/or destination
– match packets for QoS
– to filter a packet you must enable acl on the interface either enter or exit
– NAT uses ACL permits
– when processing ACL list router uses first match logic
– ex command: access-list 1 permit 10.1.1.1
– To figure out wildcard, get mask and subtract
255.255.255.255
-255.255.252.0
—————-
0.0.3.255

*know where the best place to put the ACL is and on what router in the path

CHAP23 Advanced ACLs p623

ACLs are numbered or named
– to make a change to the list, must delete the whole list and reconfigure
– extended ACLs allow for more packet headers to be searched
– example command: access-list 101 permit protocol SIP wildcard DIP wildcard
– example command: access-list 101 deny tcp any gt 1023 host 10.1.1.1 eq 23
– keywords can be used instead of port #s (HTTP instead of 80)

Named ACLs, differences
– easier to remember
– subcommands not global
– allows single line deletion

numbered ACLs allow for new style of command

config t
do show ip access-list 24

ROUTER and switch SECURITY
– use the “enable secret” command
– username secrets if external auth not available
– disable telnet
– avoid using simple password checking
– disable unused services
– use ACLs to secure SSH
– extended ACLs close to source
– Standard ACLs close to destination
– Specific ACLs early in list

enable secret myPass
-this sets the password of myPass to reach enable mode

CHAP24 NAT p653
– CIDR route summarization
– classless interdomain routing
– inside local: local ip assigned to host
– inside global: what the internet knows your network as. address used to represent inside host as packet hits internet
– outside global: public ip outside enterprise (the ip of the URL you are trying to access)

PAT is port address translation
pic on p664-uses source port to return traffic to proper client
NAT troubleshooting
-don’t mix up ip nat inside and ip nat outside addresses
-don’t mix up local and global addresses in this command: ip nat inside source static 192.168.1.2 207.53.23.132
-dynamic NAT uses ACLs, check these
-PAT uses the overload command on ip nat inside source command

TESTING PROGRESS

I took a couple 10 question tests from the CD. The idea was hit some chapters that I struggled with which were, WANs, ACLs and NAT. I got 6 out of 10 questions right which isn’t all the great.

Next I took a test of the first 5 chapters of the book. I scored 8 out of 10 right which is passing for the book test. The only concept I wasn’t sure on was crossover cable pin numbers and when to use a straight through and crossover cable. I knew like devices use crossover cables but that alone didn’t help me get the two questions right. I may memorize this table for the test.

TRANSMIT PINS
routers Hubs
pcs Switches
1,2 3,6
Advertisements
 
Leave a comment

Posted by on May 30, 2015 in Network Admin

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: