CCNA Super Study Guide: Section 4

Space to dump notes for CCNA

End goal is to obtain a CCNA certificate from Cisco and maybe learn networking

Utilities Used

• Neil Anderson (Gold CCNA Bootcamp)
• Jeremy’s IT Lab 200-301 Video Series on Youtube
• Packet Tracer

Environments Used

• Packet Tracer
• GitHub

CCNA 200-301 Exam Notes: 4.0 IP Services

4.0 – IP Services

4.1 Configure and Verify Inside Source NAT Using Static and Pools

Overview of NAT

Network Address Translation (NAT) modifies IP addresses as traffic passes between private and public networks. It helps conserve IPv4 addresses and enables private network communication with external networks.

Purpose of NAT

1. Allows multiple devices on a private network to access the internet using a single public IP.
2. Provides a layer of privacy by hiding internal IP addresses.
3. Common use cases:
   • Accessing the internet (source NAT)
   • Hosting services (destination NAT)

Types of NAT

1. Static NAT:
   • Maps a single private IP to a single public IP.
   • Used for devices needing a consistent, public IP (e.g., servers).
2. Dynamic NAT (using pools):
   • Maps a private IP to a public IP from a pool.
   • Suitable for networks with more public IPs than devices needing internet access.
3. Port Address Translation (PAT):
   • Maps multiple private IPs to a single public IP using different port numbers.
   • Also called NAT Overload.

---

4.1a Static NAT

Static NAT provides a one-to-one mapping between a private and public IP address.

Configuration Example

• Inside local: 192.168.1.10 (private IP)
• Inside global: 203.0.113.10 (public IP)

Steps:

1. Define the NAT translation:

   ip nat inside source static 192.168.1.10 203.0.113.10
   

2. Configure interfaces for NAT:
   • Inside interface:

     interface gigabitEthernet0/0
     ip nat inside
     

   • Outside interface:

     interface gigabitEthernet0/1
     ip nat outside
     

Verification:

• Show NAT translations:

  show ip nat translations
  

• Show NAT statistics:

  show ip nat statistics
  

---

4.1b Dynamic NAT Using Pools

Dynamic NAT allocates public IPs from a pool to private IPs on a first-come, first-served basis. This requires a pool of public IP addresses.

Configuration Example

• Pool range: 203.0.113.1 to 203.0.113.5
• Private network: 192.168.1.0/24

Steps:

1. Define the NAT pool:

   ip nat pool MY_POOL 203.0.113.1 203.0.113.5 netmask 255.255.255.0
   

2. Define an ACL to match private IPs:

   access-list 1 permit 192.168.1.0 0.0.0.255
   

3. Bind the ACL to the NAT pool:

   ip nat inside source list 1 pool MY_POOL
   

4. Configure interfaces for NAT:
   • Inside interface:

     interface gigabitEthernet0/0
     ip nat inside
     

   • Outside interface:

     interface gigabitEthernet0/1
     ip nat outside
     

---

Key NAT Terms

• Inside Local: The private IP of the source host (e.g., 192.168.1.10).
• Inside Global: The public IP mapped to the source host (e.g., 203.0.113.10).
• Outside Local: The private IP of the destination host (if applicable).
• Outside Global: The public IP of the destination host (e.g., 8.8.8.8).

---

Troubleshooting NAT

1. Verify NAT translations:

   show ip nat translations
   

2. Check NAT statistics:

   show ip nat statistics
   

3. Debug NAT operations:

   debug ip nat
   

Common Issues:

• Incorrect interface NAT configuration.
• Mismatched ACL or pool definitions.
• Overlapping IP ranges.

---

Summary of Commands

• Define static NAT:

  ip nat inside source static <private-ip> <public-ip>
  

• Define NAT pool:

  ip nat pool <name> <start-ip> <end-ip> netmask <subnet-mask>
  

• Create ACL for NAT:

  access-list <number> permit <network> <wildcard-mask>
  

• Verify NAT translations:

  show ip nat translations
  

• Show NAT statistics:

  show ip nat statistics
  

• Debug NAT:

  debug ip nat
  

  ---

  4.2 Configure and Verify NTP Operating in a Client and Server Mode

What is NTP?

Network Time Protocol (NTP) is used to synchronize the clocks of devices on a network. It ensures accurate timestamps for logs, events, and scheduled tasks. NTP operates on UDP port 123.

Synchronization Hierarchy

• Stratum 0: High-precision time sources (e.g., atomic clocks).
• Stratum 1: Directly connected to Stratum 0 (e.g., primary NTP servers).
• Stratum 2: Synchronize with Stratum 1 servers, and so on.

---

4.2a NTP in Server Mode

An NTP server provides time synchronization to clients on the network.

Configuration Example:

1. Enable the device as an NTP server:

   ntp master <stratum-level>
   

   • <stratum-level>: Set the stratum level (1–15). Lower values indicate higher accuracy.
2. Verify the server configuration:

   show ntp status
   

Use Case:

• A router can act as the central time source for devices in a small or isolated network.

---

4.2b NTP in Client Mode

An NTP client synchronizes its clock with an NTP server.

Configuration Example:

1. Configure the NTP server for the client:

   ntp server <server-ip>
   

   • Replace <server-ip> with the IP address of the NTP server.
2. Optional: Configure an authentication key (if required):
   • Define the key:

     ntp authenticate
     ntp authentication-key <key-id> md5 <password>
     ntp trusted-key <key-id>
     

   • Associate the key with the server:

     ntp server <server-ip> key <key-id>
     

3. Verify the client configuration:
   • View NTP associations:

     show ntp associations
     

   • Check NTP status:

     show ntp status
     

Use Case:

• Devices in a network synchronize their clocks with a centralized time source for consistency.

---

Verification Commands

1. Check the status of NTP on the device:

   show ntp status
   

   • Example output:
     • Clock is synchronized: Indicates synchronization with an NTP server.
     • Stratum: Displays the device’s stratum level.
2. View NTP associations:

   show ntp associations
   

   • Lists servers the client is synchronized with, along with delay, offset, and jitter metrics.
3. Check detailed synchronization status:

   debug ntp events
   

---

Troubleshooting NTP

1. Ensure connectivity:
   • Use ping to test reachability to the NTP server:

     ping <server-ip>
     

2. Verify NTP server configuration:
   • Ensure the correct stratum level is set on the server.
3. Check time zones:
   • Set the time zone and daylight saving (if applicable):

     clock timezone <name> <offset>
     clock summer-time <name> recurring
     

4. Confirm NTP server settings on the client:

   show run | include ntp
   

5. Synchronization delays:
   • Check the show ntp associations output for high delay or jitter values.

---

4.3 Explain the Role of DHCP and DNS Within the Network

Dynamic Host Configuration Protocol (DHCP)

Role of DHCP:

• Automates the process of assigning IP addresses and other network configuration details to devices (clients) on a network.
• Eliminates the need for manual IP configuration, reducing errors and administrative overhead.

Key Functions of DHCP:

1. IP Address Allocation:
   • Dynamically assigns IP addresses to devices from a defined range (scope or pool).
2. Network Configuration Parameters:
   • Provides additional information such as:
     • Subnet mask.
     • Default gateway.
     • DNS server.
     • Lease duration: The time an IP address is valid before it must be renewed.
3. Reclamation of Unused IPs:
   • Recycles IP addresses after the lease expires or devices disconnect.

DHCP Workflow:

1. DHCP Discover: The client broadcasts a request to locate available DHCP servers.
2. DHCP Offer: A server responds with an available IP address and configuration.
3. DHCP Request: The client accepts the offer and requests the lease of the IP address.
4. DHCP Acknowledge (ACK): The server confirms the lease and completes the process.

Advantages of DHCP:

• Reduces manual configuration.
• Simplifies IP address management, especially in large networks.
• Prevents IP address conflicts by managing assignments centrally.

---

Domain Name System (DNS)

Role of DNS:

• Translates human-readable domain names (e.g., www.example.com) into IP addresses (e.g., 192.0.2.1) that computers use to locate and communicate with one another.
• Enables users to access resources by names rather than memorizing IP addresses.

Key Functions of DNS:

1. Name Resolution:
   • Converts domain names to IP addresses (forward lookup).
2. Reverse Lookup:
   • Converts IP addresses to domain names.
3. Load Balancing:
   • Distributes traffic among multiple servers by resolving to different IPs for the same domain.
4. Caching:
   • Stores previous query results locally to improve response times and reduce network traffic.

DNS Components:

1. DNS Server:
   • Provides name resolution services.
2. DNS Client (Resolver):
   • Sends queries to DNS servers to resolve domain names.
3. Zones and Records:
   • Zone: A segment of the DNS namespace managed by a DNS server.
   • Records: Store mappings of domain names to IP addresses:
     • A Record: Maps domain names to IPv4 addresses.
     • AAAA Record: Maps domain names to IPv6 addresses.
     • CNAME Record: Aliases one domain to another.
     • MX Record: Specifies mail servers for a domain.

---

How DHCP and DNS Work Together

• DHCP assigns an IP address and provides the client with the address of the DNS server.
• The client uses the provided DNS server to resolve domain names to IPs for communication.

---

Verification and Troubleshooting

DHCP:

1. Verify IP address configuration:

   show ip dhcp binding
   

2. Check DHCP server statistics:

   show ip dhcp pool
   

3. Troubleshoot lease issues:

   debug ip dhcp server events
   

DNS:

1. Test domain name resolution:

   nslookup <domain-name>
   

2. Verify DNS settings on a device:

   show hosts
   

3. Troubleshoot DNS queries:

   debug ip dns
   

---

Real-World Use Cases

DHCP:

• Automatically assigns IPs in enterprise networks, Wi-Fi hotspots, and home networks.
• Configures network settings for IoT devices and guest access.

DNS:

• Enables users to access websites using domain names.
• Supports email delivery through MX records.
• Facilitates cloud service access and load balancing.

---

4.4 Explain the Function of SNMP in Network Operations

What is SNMP?

Simple Network Management Protocol (SNMP) is a protocol used to manage and monitor network devices, such as routers, switches, servers, printers, and more. It operates at the Application Layer (Layer 7) of the OSI model and enables centralized management of network devices by providing insight into their performance and health.

---

Key Components of SNMP

1. Managed Devices
   • Devices monitored and managed using SNMP (e.g., routers, switches, servers).
   • Run SNMP agents to provide data to the management system.
2. SNMP Agent
   • A software component installed on the managed device.
   • Collects and stores information about the device and responds to requests from the SNMP manager.
3. SNMP Manager
   • A centralized system that communicates with SNMP agents to collect data and manage devices.
   • Examples include network management tools like Cisco Prime, SolarWinds, and Nagios.
4. Management Information Base (MIB)
   • A database of objects that can be monitored or controlled on a device.
   • Structured hierarchically using Object Identifiers (OIDs).

---

How SNMP Works

1. Polling
   • The SNMP manager periodically requests data from agents.
2. Traps and Notifications
   • Agents send unsolicited messages to the manager when specific events occur (e.g., a device failure).
3. Set Commands
   • The SNMP manager can modify configurations on devices (e.g., updating a router’s configuration).

---

SNMP Versions

1. SNMPv1
   • The original version, uses plain text community strings for authentication.
   • Offers limited security.
2. SNMPv2c
   • Adds bulk data retrieval for better performance.
   • Still relies on community strings for authentication.
3. SNMPv3
   • Introduces strong security features:
     • Authentication: Verifies the identity of the sender.
     • Encryption: Protects data from being intercepted.
     • Access Control: Defines what information users can access.

---

Common SNMP Operations

1. GET
   • Retrieves a value from the MIB.
   • Example: Get the CPU usage of a router.
2. GETNEXT
   • Retrieves the next OID in the MIB hierarchy.
3. SET
   • Modifies a value in the MIB.
   • Example: Update a device’s hostname.
4. GETBULK
   • Retrieves large amounts of data efficiently (introduced in SNMPv2).
5. TRAP
   • An alert from the agent to the manager indicating an event or error.
6. INFORM
   • Acknowledged notification sent to the manager (introduced in SNMPv2).

---

SNMP Communication Ports

• UDP Port 161: Used for requests and responses between the manager and agents.
• UDP Port 162: Used for traps and notifications from agents to the manager.

---

Advantages of SNMP

1. Simplifies network monitoring and management.
2. Provides real-time alerts through traps.
3. Reduces the need for manual device checks.
4. Enables centralized visibility into network performance and issues.

---

Disadvantages of SNMP

1. Security Concerns
   • SNMPv1 and SNMPv2c use plain text community strings

---

4.5 Describe the Use of Syslog Features Including Facilities and Levels

What is Syslog?

• System Logging Protocol (Syslog) is a standard protocol used to capture, store, and analyze log messages from network devices.
• Provides administrators with information about device events, aiding in troubleshooting, monitoring, and auditing.

Key Features of Syslog

1. Centralized Logging:
   • Collects logs from multiple devices into a single server (Syslog server).
2. Standardized Format:
   • Ensures logs are organized and easier to analyze.
3. Severity Levels:
   • Categorizes messages based on urgency or importance.
4. Facilities:
   • Groups messages by their source or subsystem.

---

How Syslog Works

1. Devices generate log messages for events such as errors, warnings, or status changes.
2. Messages are sent to a local buffer or a centralized Syslog server.
3. Administrators monitor and analyze logs for network events and issues.

---

Syslog Components

1. Syslog Server:
   • Centralized system where logs from multiple devices are stored and managed.
   • Examples: SolarWinds, Splunk, Graylog.
2. Syslog Client:
   • A network device (e.g., router, switch) that generates and sends logs to the server.
3. Syslog Message Format:
   • Includes metadata such as timestamp, hostname, severity, and message content.

---

Syslog Severity Levels

• Syslog defines 8 severity levels ranging from critical to informational.
• Each level has a numeric value and a description.

---

Syslog Facilities

• Facilities represent different components or subsystems of a device.
• Used to categorize log messages by their source (e.g., kernel, authentication, or system processes).

---

Syslog Message Structure

A typical Syslog message contains the following components:

1. PRI: Priority value calculated as Facility * 8 + Severity.
2. Header: Includes timestamp and hostname.
3. Message: Contains the actual log details.

Example Message:

<34>Jan 27 10:32:15 router1 %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

• <34>: PRI (Facility = 4, Severity = 2).
• Jan 27 10:32:15: Timestamp.
• router1: Hostname.
• %LINEPROTO-5-UPDOWN: Log source and severity.
• Line protocol on Interface GigabitEthernet0/1, changed state to up: Message content.

---

Syslog Configuration on Cisco Devices

1. Enable logging:

   logging on
   

2. Set logging levels: Configure the device to send logs of specific severity levels.

   logging trap <level>
   

   Example:

   logging trap warning
   

3. Set syslog server: Specify the IP address of the syslog server.

   logging host <server-ip>
   

4. View logs: Display logs stored in the device buffer.

   show logging
   

---

Syslog Use Cases

1. Network Monitoring:
   • Track device status and changes, such as interface up/down events.
2. Troubleshooting:
   • Identify issues like misconfigurations, errors, or hardware failures.
3. Security Auditing:
   • Monitor unauthorized access attempts or changes to device configurations.

---

Best Practices for Using Syslog

1. Centralize Logs:
   • Use a Syslog server to simplify monitoring and analysis.
2. Filter Logs:
   • Configure devices to send only relevant logs (e.g., warnings or errors).
3. Use Syslog Levels Wisely:
   • Balance the need for detailed logs with storage and processing limitations.
4. Secure Syslog Communications:
   • Use transport mechanisms like TLS or VPNs to protect log data.

---

Verification and Troubleshooting

1. Verify Syslog server configuration:

   show logging
   

2. Check connectivity to the syslog server:

   ping <server-ip>
   

3. Use debug commands to test Syslog behavior:

   debug logging
   

Internal Logging Location Configurations

• Disable logging to the console line:

  R1(config)#no logging console
  

• Log events to VTY lines with severity level informational and higher:

  R1(config)#logging monitor 6
  

• Log events to the buffer with debugging level and higher:

  R1(config)#logging buffered debugging
  

---

Logging Synchronous

• Override logging behavior with the logging synchronous command.
• Ensures a new line is printed where you were in the command.

---

Debug and Terminal Monitor

1. Show and debug commands:
   • show output shows a static point-in-time state.
   • debug output dynamically updates in real-time.
2. Be cautious with debug commands in production environments:
   • Large amounts of output can overwhelm the device.
3. Redirect debug output to VTY lines:

   R1#terminal monitor
   

   ---

Understanding QoS: Forwarding Per-Hop Behaviour (PHB)

Classification and Marking

Ways to Recognize Traffic

• CoS (Class of Service) Marking
• DSCP (Differentiated Service Code Point) Marking
• Access Control List (ACL)
• NBAR (Network Based Application Recognition)

Layer 2 Marking – CoS (Class of Service)

• CoS is carried in a 3-bit field in the Layer 2 802.1q frame header.
• Values range from 0 to 7:
  • Default: 0 (Best Effort traffic).
  • Reserved for Network Use: 6 and 7.
• IP Phones:
  • Call signaling traffic: CoS 3.
  • Voice payload: CoS 5.

Layer 3 Marking – DSCP

• DSCP is carried in the Type of Service (ToS) byte in the Layer 3 IP header.
• Uses 6 bits, allowing 64 possible values:
  • Default: 0 (Best Effort traffic).
  • IP Phones:
    • Call signaling traffic: 24 (CS3).
    • Voice payload: 46 (EF).
  • Standard Markings:
    • Mission-critical data: 26 (AF31).
    • SD video: 34 (AF41).

Trust Boundary

• Configuration:
  • The switch should trust markings from IP phones and pass them unchanged.
  • Traffic from PCs behind phones should be marked down to CoS 0 and DSCP 0.
• Rationale:
  • PCs are untrusted; their traffic is classified as Best Effort.
  • Voice and video endpoints mark their traffic with DSCP values for QoS prioritization.

Recognizing Traffic

• Access Control List (ACL):
  • Matches traffic using Layer 3 and Layer 4 information.
  • Example: SSH traffic to/from 10.10.100.10 on TCP port 22.
• NBAR (Network-Based Application Recognition):
  • Performs deep packet inspection (Layers 3-7).
  • Can recognize well-known applications using Cisco signatures.

Preferred Method: DSCP

• Routers can quickly classify traffic using a single byte in the IP header.
• If using ACLs or NBAR, classification and marking should occur near the traffic source.

---

Congestion Management

Queuing

• Used to manage congestion on routers and switches.
• CBWFQ (Class-Based Weighted Fair Queuing):
  • Guarantees bandwidth to specified traffic types.
• LLQ (Low Latency Queuing):
  • Adds a priority queue to CBWFQ.
  • Priority traffic is sent before other traffic.

---

Cisco QoS Configuration: Modular QoS CLI (MQC)

Key Sections

1. Class Maps:
   • Define the traffic to act upon.
2. Policy Maps:
   • Define the actions to take on traffic.
3. Service Policies:
   • Apply policies to interfaces.

---

Policing and Shaping

Overview

• Both measure the rate of traffic and enforce limits:
  • Traffic Policing:
    • Drops or re-marks excess traffic.
  • Traffic Shaping:
    • Buffers excess traffic to stay within rate limits.

Use Cases

• Enterprises:
  • Recognize and limit “junk traffic” (e.g., peer-to-peer applications).
  • Mark such traffic as DSCP 8 (CS1) and police it to prevent interference with business-critical applications.

---

4.6 Configure and verify DHCP client and relay

What is DHCP?

• Dynamic Host Configuration Protocol (DHCP) is used to dynamically assign IP addresses and other network configurations (e.g., subnet mask, default gateway, DNS servers) to devices in a network.
• Reduces administrative overhead by automating IP configuration.

DHCP Components

1. DHCP Server:
   • The device or service that assigns IP configurations to clients.
   • Examples: Routers, switches, or dedicated servers.
2. DHCP Client:
   • A device requesting an IP configuration from the server.
   • Examples: PCs, phones, printers.
3. DHCP Relay:
   • A device that forwards DHCP requests from clients to a remote DHCP server, often used when the DHCP server is not on the same subnet as the client.

DHCP Client Configuration

1. Enable a device to act as a DHCP client:
   • Configure an interface to receive an IP address dynamically.

     interface <interface-id>
     ip address dhcp
     no shutdown
     

2. Verify DHCP client operation:
   • Use the following command to confirm the dynamically assigned address:

     show ip interface brief
     

DHCP Relay Configuration

• Used when the DHCP server and client are in different subnets. The relay forwards client requests to the server.

1. Enable DHCP Relay:
   • Configure the router or Layer 3 switch to forward DHCP requests to a remote server:

     interface <interface-id>
     ip helper-address <dhcp-server-ip>
     

   • Key Command: ip helper-address specifies the DHCP server’s IP address.
2. Supported Protocols by ip helper-address:
   • By default, this command forwards several UDP protocols, including:
     • DHCP/BOOTP (Ports 67, 68)
     • TFTP
     • SNMP
     • Syslog
3. Verify DHCP Relay Configuration:
   • Display the relay agent settings:

     show ip interface <interface-id>
     

How DHCP Works (DORA Process)

1. Discovery:
   • The client broadcasts a DHCPDISCOVER message to find a DHCP server.
2. Offer:
   • The server responds with a DHCPOFFER message, offering an IP configuration.
3. Request:
   • The client broadcasts a DHCPREQUEST message to request the offered IP.
4. Acknowledgment:
   • The server sends a DHCPACK message, confirming the IP assignment.

DHCP Lease Renewal

• Clients periodically renew their leases by sending DHCPREQUEST messages to the server.
• The renewal process occurs at:
  • 50% of lease time (T1): Client attempts renewal with the original server.
  • 87.5% of lease time (T2): Client broadcasts a renewal request if the server is unavailable.

DHCP Verification and Troubleshooting

1. Verify DHCP Leases on Client:
   • View DHCP-assigned information:

     show ip interface brief
     

   • For more detailed information:

     show dhcp lease
     

2. Verify DHCP Server or Relay Operation:
   • Check DHCP bindings (assigned addresses):

     show ip dhcp binding
     

   • View DHCP server statistics:

     show ip dhcp server statistics
     

3. Troubleshooting Commands:
   • Debug DHCP traffic:

     debug ip dhcp server events
     

   • Verify ip helper-address configuration:

     show run interface <interface-id>
     

DHCP Relay Use Cases

1. Centralized DHCP Server:
   • Used in large networks to simplify IP management.
2. Inter-VLAN DHCP:
   • Allows devices on different VLANs to obtain IP addresses from a single DHCP server.

Example Configurations

1. Configuring DHCP Client:

     interface GigabitEthernet0/1
     ip address dhcp
     no shutdown
   

2. Configuring DHCP Relay:

     interface GigabitEthernet0/2
     ip helper-address 192.168.1.1
   

3. DHCP Relay with Multiple Servers:
   • Add multiple ip helper-address commands to support redundancy:

     interface GigabitEthernet0/2
     ip helper-address 192.168.1.1
     ip helper-address 192.168.1.2
     

Advantages of DHCP

1. Reduces configuration errors (e.g., IP conflicts, typos).
2. Simplifies IP management in dynamic networks.
3. Centralizes IP address allocation.

Common Issues with DHCP

1. No IP Address Assigned:
   • Check for misconfigured ip helper-address.
   • Verify the DHCP server is operational.
2. Duplicate IP Address Conflicts:
   • Check DHCP scope and address exclusions.
3. Unreachable DHCP Server:
   • Verify routing between relay and server.

   • Ensure relay agent is configured correctly.

4.7 Explain the Forwarding Per-Hop Behaviour (PHB) for QoS

Classification and Marking

• Ways to recognise traffic: COS (Class of Service) marking, DSCP (Differentiated Service Code Point) marking, Access Control List (ACL), or NBAR (Network Based Application Recognition).

Layer 2 Marking – CoS (Class of Service)

• The higher the number, the more important the traffic.
  • There is a 3-bit field in the Layer 2 802.1q frame header used to carry the CoS QoS marking.
  • A value of 0 – 7 can be set. The default value is 0, designated as Best Effort traffic.
  • CoS 6 and 7 are reserved for network use.
  • IP phones mark their call signalling traffic as CoS 3 and their voice payload as CoS 5.

Layer 3 Marking – DSCP

• The ToS (Type of Service) byte in the Layer 3 IP header is used to carry the DSCP QoS marking.
  • 6 bits are used, giving 64 possible values. The default value is 0, designated as Best Effort traffic.
  • IP phones mark their call signalling traffic as 24 (CS3) and their voice payload as 46 (EF).
  • There are standard markings for other traffic types, such as 26 (AF31) for mission-critical data, and 34 (AF41) for SD video.

Trust Boundary

• The switch should be configured to trust markings from the IP phone and pass them on unchanged, but mark traffic from the PC down to CoS 0 and DSCP 0. Example:
  • Don’t want to trust the PC behind the phone. Best effort.
  • Voice and video endpoints mark their own traffic with a DSCP value.

Recognising Traffic with an ACL

• An access control list can be used to recognise traffic based on its layer 3 and layer 4 information. Example: SSH traffic to and from the router 10.10.100.10 on TCP port number 22.

NBAR (Network Based Application Recognition)

• NBAR performs deeper packet inspection and can be used to recognise traffic based on its layer 3 to layer 7 information.
  • Signatures can be downloaded from Cisco and loaded on your router to recognise well-known applications.

    DSCP as the Preferred Classification and Marking Method

• The router can quickly gather information from a single byte in the IP header.
  • If using another method such as ACL or NBAR, this should be done as close to the source as possible and then a DSCP value added.

Congestion Management

• Queuing can be used to manage congestion on routers and switches.
  • CBWFQ (Class-Based Weighted Fair Queuing): Gives bandwidth guarantees to specified traffic types.
  • LLQ (Low Latency Queuing): A CBWFQ with a priority queue where traffic in the priority queue is sent before other traffic.
  • Congestion management is manipulating the queue to get better service.

MQC (Modular QoS CLI)

• Cisco QoS configuration uses the MQC modular QoS CLI with three main sections:
  • Class Maps: Define the traffic to take an action on.
  • Policy Maps: Take the action on that traffic.
  • Service Policies: Apply the policy to an interface.

Policing and Shaping

• Both are used to control traffic rate:
  • Traffic Shaping: Buffers any excess traffic so the overall traffic stays within the desired rate limit.
  • Traffic Policing: Drops or re-marks excess traffic to enforce the specified rate limit.
• Classification can be used to allow different rates for different traffic types.

Policing within Enterprises

• Another use case for policing is worm and junk traffic mitigation.
  • An enterprise can configure classification and marking to recognise worms and junk traffic like peer-to-peer file-sharing applications. This is known as ‘Scavenger’ traffic.
  • The recommended DSCP value to mark it is DSCP 8 (CS1).
  • Policing can be used to rate limit junk traffic to prevent it from taking bandwidth from business applications.

---

SSH Configuration for Network Devices

Configuring Network Devices for Remote Access Using SSH

What is SSH?

Secure Shell (SSH) is a protocol that provides secure, encrypted communication for remote access to network devices. SSH replaces Telnet, which transmits data, including passwords, in plaintext.

Benefits of SSH

• Encryption: Ensures data confidentiality during transmission.
• Authentication: Verifies the identity of the user and device.
• Secure Remote Management: Allows secure access to device configurations and troubleshooting.

SSH Configuration Process

1. Configure a Hostname:

   hostname

   Example:

   hostname Router1

2. Configure a Domain Name:

   ip domain-name

   Example:

   ip domain-name example.com

3. Generate RSA Key Pair:

   crypto key generate rsa

   Specify the key length:

   crypto key generate rsa modulus

   Example:

   crypto key generate rsa modulus 2048

4. Enable SSH on VTY Lines:

   line vty 0 4 transport input ssh login local

5. Create Local User Accounts:

   username privilege secret

   Example:

   username admin privilege 15 secret StrongPassword123

6. Verify SSH Version:

   ip ssh version 2

7. Test SSH Connectivity: Use an SSH client (e.g., PuTTY, OpenSSH) to connect to the device:

   ssh @

Verification and Troubleshooting Commands

• Check SSH Configuration:

  show ip ssh

• Check Active SSH Sessions:

  show ssh

• Debug SSH Traffic:

  debug ip ssh

• Check VTY Line Status:

  show run

  section line vty

Best Practices for SSH Configuration

• Use Strong Passwords: Ensure local user passwords meet complexity requirements.
• Enable SSH Version 2: SSHv2 provides better security features compared to SSHv1.

• Set Inactivity Timeout: Configure session timeouts to close inactive connections:

  exec-timeout

  Example:

  exec-timeout 5 0

• Restrict IP Access: Limit which IP addresses can access the device using an Access Control List (ACL):

  access-class in

Common Issues and Solutions

• Cannot Connect via SSH:
  • Ensure VTY lines are configured for transport input ssh.
  • Verify the RSA key pair is generated.
  • Check ACLs or firewall rules blocking SSH traffic.
• Weak Encryption Warnings: Use a key modulus of at least 2048 bits for stronger encryption.
• Authentication Failures: Verify username/password or local user configuration.

Use Cases for SSH

• Secure Device Management: Configure and monitor devices remotely without physical access.
• Remote Troubleshooting: Execute diagnostic commands to resolve network issues.
• Scripted Automation: Use SSH with tools like Python to automate network tasks securely.

---

4.9 Describe the Capabilities and Functions of TFTP/FTP in the Network

What is TFTP?

Trivial File Transfer Protocol (TFTP) is a simple, lightweight protocol used to transfer files between devices on a network.

Characteristics:

• Operates on UDP port 69.
• Does not require authentication.
• Uses minimal resources and overhead.
• Typically used for transferring small configuration files or images.

Capabilities and Use Cases:

• File Transfer:
  • Transfer of device configuration files.
  • Firmware or operating system upgrades.
• Backup:
  • Save copies of device configurations to a TFTP server for disaster recovery.
• Bootstrapping:
  • Used by network devices for downloading initial configurations (e.g., during PXE boot or Cisco device startup).

Limitations:

• No encryption or security.
• Cannot handle large files effectively.
• Reliability issues due to UDP (no acknowledgment of delivery).

What is FTP?

File Transfer Protocol (FTP) is a robust protocol for transferring files between devices and servers on a network.

Characteristics:

• Operates on TCP ports 20 and 21:
  • Port 21: Control connection.
  • Port 20: Data transfer.
• Supports user authentication.
• Can transfer large files effectively.

Capabilities and Use Cases:

• File Transfer:
  • Upload/download files to/from servers.
• Backup and Recovery:
  • Backup device configurations and retrieve them as needed.
• Directory Management:
  • Allows file browsing, creating, renaming, and deleting on remote servers.
• Security Extensions:
  • Can use FTPS (FTP Secure) for encrypted file transfers.

Advantages:

• Reliable file transfer with delivery acknowledgment.
• Can handle large and complex file operations.

Limitations:

• Basic FTP is not secure (transfers data, including credentials, in plaintext).
• More resource-intensive than TFTP.

Comparison of TFTP and FTP

Use Cases in Networking

1. TFTP:

• Backup and Restore Configurations:

  copy running-config tftp

  copy tftp startup-config

• Firmware/IOS Upgrades:

  copy tftp flash

2. FTP:

• Secure File Management:

  copy running-config ftp

  copy ftp flash

• Remote File Access:

  • Access large file repositories remotely for network operations.

Security Considerations

1. TFTP:

• Use only in secure environments or isolated networks.
• Avoid exposing TFTP servers to public networks.

2. FTP:

• Use FTPS or SFTP (Secure File Transfer Protocol) instead of plain FTP to encrypt data in transit.
• Implement strong authentication and access controls on FTP servers.

Verification and Troubleshooting Commands

• Test Connectivity to a TFTP/FTP Server:

  TFTP: ping

  FTP: ftp

• Check File Transfers:
  • View logs on the TFTP or FTP server for successful transfers.

  • Use debug commands for troubleshooting:

    debug ip tftp

    debug ip ftp

• Verify Configuration:

  show file systems

Example Configuration: TFTP File Transfer

1. Backing Up Configurations:

copy running-config tftp Address or name of remote host []? 192.168.1.10 Destination filename [running-config]?

2. Restoring Configurations:

copy tftp running-config Address or name of remote host []? 192.168.1.10 Source filename [running-config]?

Example Configuration: FTP File Transfer

1. Setting FTP Server Details:

ip ftp username ip ftp password

2. Copying Files via FTP:

copy running-config ftp Address or name of remote host []? 192.168.1.20 Destination filename [running-config]?

3. Restoring Files via FTP:

copy ftp startup-config

Best Practices

• Use TFTP for simple tasks in controlled environments.
• Use FTP/FTPS for secure file transfer in production networks.
• Regularly update and secure FTP/TFTP servers to prevent unauthorized access.