Unfortunately, I was met with failure today. I came very close to a passing score on the ICND2 exam but fell short. The testing center had some technical issues and was not able to give me an exam report at the end of the exam so I have no clue how I did in regards to specific areas. Still working to try and get that.
It has been about 12 or 13 hours since I started my last day review and 2 things have become apparent:
1. I’m totally exhausted / burnt at this point. The old eyeballs are glazing over.
2. I’m not going to finish transcribing the last 4 chapters tonight.
The exam is tomorrow afternoon which makes it about 14 hours from now.
I need to good night’s rest. Luckily, I studied the last 4 chapters on 7/31 and 8/1 (within the last 2 days) so its recent and still fairly fresh in my head. Do I feel prepared for the exam? Sort of. My confidence level is reasonably high but I keep thinking about the scope of the material and wonder do I know enough of the details on everything. As they say, CCNA is a mile wide and 1 foot deep. (or something like that) It really does cover a lot of material. Tomorrow will be the real judge of my preparation. I am committed to passing ICND2 so even if I do not have success tomorrow, I will go back to the drawing board, formulate another study plan, and take the exam again in a few weeks. However, in the back of my mind I just keep thinking I am going to pass tomorrow. 🙂
I’ll post the results (good or bad) tomorrow when I get back from the testing center.
I have a good amount of experience with Frame Relay so I do not have highlighting or notes in this chapter that a lot of other people would have. For example, I am familiar with VCs, PVCs, DLCIs, etc. so I did not highlight those topics. I mainly focused on the things I thought I needed to know that I did not already feel strong in. Here are the notes:
Frame Relay networks are called nonbroadcast multiaccess (NBMA)
Frame Relay sends keepalive messages along with other messages defined by Local Management Interface (LMI)
Routers are DTE and the Frame Switch is DCE.
ITU Q.922 and Q.933 documents frame relay standards. ANSI uses T1.617 and T1.618.
LMI is NOT encapsulation. LMI is messaging.
LMI Status messages perform 2 keys functions:
2. Active/Inactive VC
Cisco IOS defaults to LMI autosense.
It can be manually set to cisco, ansi, or q933a.
Link Access Frame Bearer Services (LAPF) define the frame relay header and trailer. It contains a protocol field. This is the default Cisco encapsulation.
RFC1490 (later superseded by RFC 2427) was created to overcome the lack of a protocol field in frame relay headers.This is the ietf encapsulation method.
Traffic shaping uses FECNs and BECNs to decrease the sending rate in the event of congestion.
I’ve always considered myself a WAN Engineer as opposed to a Network Engineer since my previous experience was weak in LANs an heavy in ATM, point-to-point T1s/T3s, and Frame-Relay. Therefore, I looked forward to the WAN chapters in the book. The first one up mainly covered PPP. Here are my notes:
One of the most important features of the PPP standard that is not included in the HDLC standard is that of a protocol field to identify the type of packet being carried. (Although Cisco proprietary HDLC overcomes this hurdle as well)
PPP or Point-to-Point protocol uses some additional protocols as well.
Link Control Protocol (LCP) provides 4 main features:
1. Looped Link Detection
2. Enhanced Error Detection
3. Multilink Support
LCP uses Magic Numbers to determine if a link is loped. If it sees its own Magic Number in an LCP message then it knows it is looped.
LCP uses Link Quality Monitoring (LQM) to analyze error rates. LQM only helps when redundant links are present.
Multilink PPP load balances traffic equally across multiple links that appear as a single-link. Multilink PPP fragments packets and sends one packet over each link.
PAP and CHAP can be used to authenticate end-points.
PAP is insecure because it passes the password in plain text.
CHAP uses MD5 hashes which is more secure.
CHAP uses a random number that it adds to the password and then hashes that value.
Basic PPP Configuration
Router(config)#username R2 password mypass (username is hostname of far-end router)
Router(config-if)#ppp authentication chap
Keepalives on a serial link should be enabled on both ends or disabled on both ends.
Use the debug ppp authentication to find the root cause of PPP authentication issues.
Each of the major sections of the book closes with a troubleshooting chapter and this section was no different. Chapter 13 mainly showed more examples of the material already covered in the previous chapters with some expanded coverage of their use. The only note I made in this chapter was:
The passive-interface router subcommand can be used to keep an interface from finding neighbors while still allowing that connected subnet to be included in routing advertisements.
Delving in to Chapter 12 was made a little easier after reading chapter 11 because a lot of the OSPF concepts apply to EIGRP. They are similar in many ways although there are very different beasts as well. Here are my notes:
EIGRP sends Hello messages and perform parameter checks similar to OSPF.
Neighbors exchange full topology information.
Each router analyzes its own EIGRP topology table and chooses the lowest metric route to install in the routing table.
EIGRP maintains 3 tables:
1. Neighbor table
2. Topology table
3. Routing table
EIGRP multicasts on 22.214.171.124.
EIGRP routers must all use the same AS number to become neighbors.
EIGRP has a Hold Timer which serves the same purpose as the OSPF dead interval.
Update messages are sent using Reliable Transport Protocol. (RTP)
EIGRP uses a composite metric of bandwidth and delay.
Formula used is ((10^7/least-bandwidth)+cumaltive-delay)*256
EIGRP uses Feasible Distance (FD) and Reported Distance (RD)
Feasible Distance (FD) is the metric of the best route for a subnet
Reported Distance (RD) is the neighbors calculated route metric that is learned
Serial links default to a bandwidth of 1544 and a delay of 20,000 microseconds and do not automatically adjust by link speed.
EIGRP keeps a record of each next-hop router but not topology on the whole network like OSPF.
The best metric route for each subnet is the SUCCESSOR. The next best route(s) are FEASIBLE SUCCESSORS and can be installed in the routing table immediately upon failure of the successor route.
When a route fails and no Feasible Successor exists, EIGRP runs Diffusing Update Algorithm (DUAL) to look for a new route.
Router(config)#router eigrp 10
Router(router)#network 10.0.0.0 0.255.255.255
Router(config-if)#ip hello-interval eigrp 10 (changes hello interval on an interface)
Router(config-if)#ip hold-time eigrp 45 (changes hold time on an interface)
Router(config-if)#bandwidth 1000 (changes bandwidth setting on an interface – NOT LINK SPEED)
Router(config-if)#delay 10000 (changes delay setting on an interface)
Main EIGRP SHOW Commands
Router#show ip eigrp neighbors
Router#show ip eigrp interfaces
Router#show ip eigrp topology (lists only successor and feasible successor routes)
Router#show ip eigrp topology all-links (shows all routes)
Router#show ip eigrp traffic
Router(config)#key chain MyKeychain
Router(config-if)#ip authentication mode eigrp 10 md5
Router(config-if)#ip authentication key-chain eigrp 10 MyKeychain
Variance allows routes whose metrics are relatively close to be considered equal.
Chapter 11 was chest deep in the OSPF protocol and there was a lot to highlight. Here are my notes:
OSPF starts with OSPF sending Hello messages out the configured interfaced. Each Hello lists the router’s Router ID (RID).
OSPF RIDs are 32-bit dotted decimal numbers similar to IP address.
Hello messages are protocol type 89.
Hello messages multicast to 126.96.36.199.
Hello messages include:
RID of the designated router
RID of the backup designated router
List of the router’s known neighbors
We finally get to routing in Chapter 10 which covers a lot of concepts about Distance Vector Protocols and Link State Protocols. It is definitely a good read. I knew a good bit about this so I did not highlight as much as some others might. No commands in this chapter. (only theory) Here are my notes:
Routing protocols perform 4 basic functions:
1. Learn routes from neighbor routers
2. Advertise routes to neighbors
3. If more than one route exists, pick the nest route, and populate it in the routing table
4. If anything changes, react, and pick new best routes
Distance Vector Routing Protocols:
RIPv1: Classful, No VLSM, Broadcasts instead of Multicasts, No Manual Summarization, No Authentication, Uses Hop Count as Metric
RIPv2: Classless, VLSM, Uses Hop Count as Metric
Link State Routing Protocols:
OSPF: Classless, VLSM, No Auto-Summarization, Uses Cost as Metric
IS-IS: Classless, VLSM
Hybrid (Balanced) Routing Protocols:
EIGRP: Classless, VLSM, Proprietary, Used Bandwidth and Delay as Metric
RIP sends full routing table every 30 seconds. All others send partial updates when changes occur.
Administrative Distance for ICND2 Routing Protocols:
Distance Vector Concepts:
Route poisoning refers to advertising a route with an infinity metric.
Split Horizon: Do not advertise a route out the same interface you learned it on. Cisco IOS defaults to use split horizon on most interfaces.
Hold down timer: As soon as a route is down, keep it down until the hold time timer expires.
Link State Concepts:
Link State protocols advertise information about every detail of the network to their neighbors. After all the flooding is complete each router has the same information and store it in a Link State Database (LSDB).
Two main LSA types: Router LSA and Link LSA.
To prevent loops the router asks if its neighbor already knows about an LSA before sending it.
OSPF re-floods each LSA based on its aging timer. (Default 30 minutes)
Each router looks independent at the LSDB and determines which routes to place in its routing table.
Link State protocols have very fast convergence times.
Chapter 9 was another long chapter that had a LOT of information on Traceroute. It also covered PING. It wrapped up with VLSM and ACL troubleshooting which basically took the same show commands already learned from the previous chapters and gave some example. Good read but not a lot of notes here.
ICMP Unreachable codes and their probable cause
Network Unreachable – No route in the routing table to the destination IP
Host Unreachable – end host is not responding
Can’t fragment – do not fragment bit is set and router need to fragment to send
Protocol Unreachable – Protocol stack not running on host (i.e no ftp server when looking to ftp to host)
Port Unreachable – closed port on host (or non-responding)
PING result symbols
! – Echo reply received (Good)
. – Nothing received (Bad)
U – Host Unreachable
N – Network Unreachable
M – Cannot fragment
? – Unknown Packet Received
Cisco’s traceroute use UDP with a destination port that is unlikely to be used on the destination host.
Microsoft’s tracert uses ICMP Echo Requests and does not use UDP.
Chapter 7 taught you the very basics of standard access control lists and Chapter 8 is where you *really* learn about ACLs. The concepts are basically the same and the biggest issue with extended ACLs is remember the exact order of the parameters in the command. Here are my chapter 8 review notes:
Extended ACLs can look at more than the source address of a packet. (source address, destination address, source port, and destination port – as well as protocol type)
You can select TCP, UDP, or ICMP as the protocol type in an extended ACL. You can also use IP to select ALL IP packets.
When using a single address the host parameter is option in a standard ACL but not in an extended ACL. Always use host for both and there will be no issue.
When using TCP or UDP you can optionally use the port number as well.
Format of extended ACL:
access-list 101 permit protocol source_IP source_mask keyword source_port destination_IP destination_mask keyword destination_port
eq is equal to
ne is NOT equal to
lt is less than
gt is greater than
range allows range of ports
access-list 101 permit TCP 10.0.0.0 0.255.255.255 lt 2000 192.168.1.0 0.0.0.255 eq 80
would allow TCP traffic from 10.0.0.0/8 with a source port of less than 2000 to go to 192.168.1.0/24 on port 80
Some well known ports numbers can be replaced with available keywords. Example:
telnet = port 23
www = port 80
pop3 = port 110
snmp = port 161
Using names instead of number make it easier to identify the purpose of an ACL.
Named ACLs use the ACL subcommand instead of global commands for each item in the ACL.
To create a named ACL use:
Router(config#)ip access-list [standard | extended] MyNamedAccessList
You can also create a numbered ALC using the ip access-list command vs. the access-list command to allow more robust editing and line numbers.
When deleting an ACL, remove it from the interface first and then delete it.
The show-running-config always shows the old style of access lists.
To view the content of an IP access-list with line number use:
Router#show ip access-list 101
Place more specific statements earliest in the ACL.
Reflexive ACLs are essentially Stateful Packet Inspection (SPI) that most firewalls do my default.
Dynamic ACLs require a user to telnet to the router and authenticate before changing the ACL to accommodate the request.
Time-based ACLs add a time constraint to a normal ACL.