Find the Root Bridge 1. Find the root bridge with the lowest Bridge ID. (Bridge priority and MAC address) 2. All the active ports on the Root Bridge become designated ports. Find the Root ports (One RP per switch) 1. Lowest cost to Root Bridge. 2. Lowest neighbor Bridge ID 3. Lowest neighbor port priority 4. Lowest neighbor internal port number. Note: 3-4 are only used if you have multiple links between two switches and if you tie with 1-2. Finding the Designated ports for LAN segments. 1. Find the switch that has the lowest cost to the root bridge. You do this by looking at the link between the switches. Which side has the lowest cost? Then that side of the link becomes the DP. 2. Which side of the link has the lowest BID 3. Lowest port priority 4. Lowest internal port number. Note: 3-4 are super rare for DPs. It's only if you have multiple links connected between two switches through a HUB! In this situation, you created a loop! This never happens in real networks. After you find the RPs and DPs all other ports become blocked. STP Costs 1. 100 for 10Mbps 2. 19 for 100Mbps 3. 4 for 1Gbps 4. 2 for 10Gbps
Don't believe me? Well, follow along with the flowchart and Wireshark capture. Wireshark: http://www.derpy.tips/stuff/derpflow.pcapng Flowchart: http://www.derpy.tips/stuff/TCP_ACK_SEQ.png
PPPoE Configuration Derpy: interface Dialer2 dialer pool 1 ! encapsulation ppp ppp chap hostname Muffins ppp chap password Derps ! mtu 1492 ip address negotiated interface FastEthernet0/0 no ip address pppoe enable pppoe-client dial-pool-number 1 ISP : !Config is from the CCNA book ip local pool WOPool 10.1.3.2 10.1.3.254 bba-group pppoe WOGroup virtual-template 1 ! username Muffins password Derps ! interface virtual-template 1 ip address 10.1.3.1 255.255.255.0 peer default ip address pool WOPool ppp authentication chap callin interface f0/0 no ip address pppoe enable group WOGroup no shutdown mac-address C0fe.c0fe.c0fe
Rarity(config)#interface range fa0/1-2 Rarity(config-if-range)#channel-group 1 mode active Rarity(config)#interface port-channel 1 Rarity(config-if)#switchport mode trunk ____________________________________________________________________ Coco_Pommel(config)#int range fa0/1-2 Coco_Pommel (config-if-range)#channel-group 2 mode passive Coco_Pommel (config)#interface port-channel 2 Coco_Pommel (config-if)#switchport mode trunk
Previous Video: https://www.youtube.com/watch?v=WTgKmB1Hyuo snmp-server group Derp_Group v3 priv write v1default snmp-server user Derp_user Derpy_Group v3 auth sha AUTH_PASS priv aes 256 PRIV_PASS snmp-server host 192.168.0.2 version 3 priv Derp_user snmp-server enable traps PowerSNMP: http://powersnmp.com/snmp-free-manager.aspx
The RIPssssssssssssssssss
snmp-server engineID remote 192.168.0.2 446172742E506F776572534E4D50 snmp-server group Derp_Group v3 priv write v1default snmp-server user Derp_User Derp_Group v3 auth sha SHA_PASS priv aes 256 PRIV_PASS snmp-server user Derp_User Derp_Group remote 192.168.0.2 v3 auth sha SHA_PASS priv aes 256 PRIV_PASS snmp-server host 192.168.0.2 informs version 3 priv Derp_User CCNA 200-125: SNMPv3 Configuration : https://www.youtube.com/watch?v=WTgKmB1Hyuo&t=2s CCNA 200-125: SNMPv3 Traps: https://www.youtube.com/watch?v=AyK7Yf4FVqk&t=6s PowerSNMP: http://powersnmp.com/snmp-free-manager.aspx
snmp-server group Derp_Group v3 priv write v1default snmp-server user Derp_user Derpy_Group v3 auth sha AUTH_PASS priv aes 256 PRIV_PASS PowerSNMP: http://powersnmp.com/snmp-free-manager.aspx
Too manys loops! Check out my STP playlist: https://www.youtube.com/watch?v=Yo40Jzqb7Xw&list=PLDzveA55I0_gLMwoYV2tXpuTuGetEYs6m
How do we setup ebgp?
Pre-setup: Usually this is the perimeter router so allow the firewall. Optional access-list acl permit udp source wildcard destination wildcard eq isakmp access-list acl permit esp source wildcard destination wildcard access-list acl permit ahp source wildcard destination wildcard You need to enable to securityk9 technology-package Router(config)#license boot module c2900 technology-package securityk9 Router(config)#reload Task 1: Configure the ISAKMP policy for IKE Phase 1 There are seven default isakmp policies. The most secure is the default. We will configure our own. You can remember this by HAGLE. Hash, Authentication, Group (DH), Lifetime, Encryption. Router(config)#crypto isakmp policy 1 Router(config-isakmp)#hash sha Router(config-isakmp)#authentication pre-share Router(config-isakmp)#group 5 Router(config-isakmp)#lifetime 3600 Router(config-isakmp)#encryption aes 256 We used a pre-shared key for authentication so we need to specify the password for the first phase. Router(config)#crypto isakmp key derpyisbestpony address 208.77.5.1 show crypto isakmp policy Task 2: Configure the IPsec Policy for IKE Phase 2 Configure the encryption and hashing algorithms that you will use for the data sent thought the IPsec tunnel. Hence the transform. Router(config)#crypto ipsec transform-set transform_name esp-aes esp-sha-hmac Task 3: Configure ACL to define interesting traffic Even though the tunnel is setup it doesn't exist yet. Interesting traffic must be detected before IKE Phase 1 negotiations can begin. Allow the local lan to the remote lan. Router(config)#access-list 101 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255 show crypto isakmp sa Task 4: Configure a Crypto Map for the IPsec Policy Now that interesting traffic is defined and an IPsec transform set is configured, you need to bind them together with a crypto map. Rotuer(config)# crypto map map_name seq_num ipsec-isakmp What traffic will be interesting? The access-list we made before. Router(config-crypto-map)#match address 101 The transform-set we created earlier for the IPsec tunnel. Router(config-crypto-map)# set transform-set transform_name The peer router you're connecting to. Router(config-crypto-map)#set peer 172.30.2.2 You need to set the type of DH you want to use. Router(config-crypto-map)#set pfs group5 How long these setting will last before it's renegotiated Router(config-crypto-map)#set security-association lifetime seconds 900 Task 5: Apply the IPsec Policy Apply the crypto map to the interface. Router(config)#interface serial0/0/0 Router(config-if)#crypto map map_name show crypto map
CCNA 200-125: SPAN monitor session 1 source interface Fa0/2 monitor session 1 destination interface Fa0/3
Hello!
NAT Playlist: https://www.youtube.com/playlist?list=PLDzveA55I0_gGGIxKOH3XUbV331J8uLU6 http://blog.ine.com/2008/02/15/the-inside-and-outside-of-nat/ http://www.astorinonetworks.com/2011/08/16/the-inside-outside-of-nat-for-overlapping-networks/ https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13770-1.html https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13774-3.html IP nat inside source (Normal NAT for Internet) o Translates the source of the IP packets when traveling from inside to outside o Translates the destination of the IP packets when traveling from outside to inside IP nat outside source (Useful for overlapping subnets) o Translates the source of the IP packets when traveling from outside to inside o Translates the destination of the IP packets when traveling inside to outside
clock timezone CST -6 clock summer-time CDT recurring clock set 13:00:00 19 May 2018 ntp server 129.6.15.28
The key point is that a switch doesn't understand IP addresses, only MAC addresses. Thus the router needs to find the destination MAC with ARP before it sends it to the switch. Then the switch can forward the frame out the right port. Yes, you'd think an IP address would be enough (Unique), but again switches don't understand IP so we need to find the MAC.
CCNA 200-125. Sorry for click bait. Sending Muffings!
CCNA 200-125: SNMP Traps 2c snmp-server community DERP RW snmp-server host 192.168.0.2 version 2c DERP snmp-server enable traps PowerSNMP: http://powersnmp.com/snmp-free-manager.aspx Paessler SNMP Tester: https://www.paessler.com/tools/snmptester Syslog Watcher: https://syslogwatcher.com/cmd-tools/ Cisco SNMP Object Navigator: http://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
Switch(config)#udld {aggressive|enable} Switch(config-if)#udld port [aggressive] Switch#udld reset Switch#show udld [fa0/2] Switch# show interfaces status err-disabled mac access-list extended UDLD_BLOCK deny any host 0100.0ccc.cccc permit any any interface FastEthernet0/2 mac access-group UDLD_BLOCK in derpy.network/cisco/udld.pcapng
#Detects all causes by default Switch(config)#errdisable detect cause {all | cause-name} Switch(config)#errdisable recovery cause {all | cause-name} Switch(config)#errdisable recovery interval {seconds} Switch#show interfaces status err-disabled Switch#show errdisable recovery
CCNA
VLANS! Yummy for the tummy!
VTP will cause issues with VLANS. If you aren't using VTP, disable it.
In this lab I'm using EIGRP! Distance vector. This gives you a general idea of the bandwidth command. Depending on your routing protocol the behavior might be different. You also learn a little about ICMP TTLs. bon bon: http://mylittleponygalore.tumblr.com/image/24471315881 colgate: http://pre05.deviantart.net/b0c2/th/pre/i/2011/331/5/5/colgate_wet_mane_by_dualingeyes454-d4hhawm.png Derpy: can't find her! She is everywhere! derp
I'm going coco for clocks! pinkie pie: http://pikn2.deviantart.com/art/Pinkie-Pie-Party-Vector-284673319 luna:http://mr-loco-moto.deviantart.com/art/Luna-in-a-hoodie-313288701
Previous Video: https://www.youtube.com/watch?v=wPIjSqZsQyM NAT Playlist: https://www.youtube.com/playlist?list=PLDzveA55I0_gGGIxKOH3XUbV331J8uLU6 Translate interesting traffic. Butter(config)#access-list 1 permit 10.0.0.0 0.0.0.255 Define the pool of address that will be used for translation. Butter(config)#ip nat pool POOL_NAME 100.50.0.0 100.50.0.3 netmask 255.255.255.252 Map the access list to the interface. Butter(config)#ip nat inside source list 1 pool POOL_NAME [overload] Define the outside and inside interfaces Butter(config)#interface s0/0/0 Butter(config-if)#ip nat outside Butter(config)#interface g0/0 Butter(config-if)#ip nat inside pinkie pie: hidden on the interwebs! Sorry! luna: http://mylittlefacewhen.com/f/9286/ fluttershy: http://crusierpl.deviantart.com/art/Scared-Fluttershy-289567767
What ultimately is allowed out the trunk port is the last level. The very bottom tells you what will go out. Pinkie Pie: https://www.deviantart.com/j5a4/art/pinkie-various-vectors-483341227
Derpy: https://starshinecelestalis.deviantart.com/art/Derpy-Smiling-436503115
Ponyville(config)#ip dhcp pool WUT Ponyville(dhcp-config)#network 192.168.0.0 255.255.255.0 Ponyville(dhcp-config)#default-router 192.168.0.1 Ponyville(dhcp-config)#dns-server 192.168.0.1 Ponyville(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.10 ____________________________________________________________________ Ponyville(config)#int g0/0 Ponyville(config-if)#ip helper-address 10.0.0.2 Twilight: http://img10.deviantart.net/887f/i/2012/113/8/3/twilight_sparkle_derp_by_myythic-d4x96oa.png Celestia: http://transparentpony.deviantart.com/art/Princess-Celestia-trolling-387119513
FreeNAS Corral: VDEVs, Pools, Datasets FreeNAS® User Guide 9.10.2-U2: http://doc.freenas.org/9.10/freenas.html Slideshow explaining VDev, zpool, ZIL and L2ARC for noobs!: https://forums.freenas.org/index.php?threads/slideshow-explaining-vdev-zpool-zil-and-l2arc-for-noobs.7775/ FreeBSD Mastery: ZFS: https://www.michaelwlucas.com/os/fmzfs Becoming a ZFS Ninja: https://www.youtube.com/watch?v=6_K55Ira1Cs ZFS Primer: https://forums.freenas.org/index.php?threads/zfs-primer.38927/ ZFS Features and Terminology: https://www.freebsd.org/doc/handbook/zfs-term.html NEWS: Important announcement regarding FreeNAS Corral: https://forums.freenas.org/index.php?threads/important-announcement-regarding-freenas-corral.53502/ FreeNAS Corral Canned – Development Essentially Halted for Now: https://www.servethehome.com/freenas-corral-canned-development-essentially-halted-now/ Migrating from FreeNAS Corral to FreeNAS 9.10: https://forums.freenas.org/index.php?resources/migrating-from-freenas-corral-to-freenas-9-10.33/ Source Images: Trixie: http://theshadowstone.deviantart.com/art/Trixie-Lulamoon-471255758 Dataset: https://www.iconfinder.com/icons/1882649/disk_hard_hdd_raid_storage_icon#size=128 HDD: https://www.iconfinder.com/icons/1817897/hard_disk_hard_drive_hardware_hdd_storage_icon#size=128
CCNA 200-125: SNMP v2c server SnmpSet.exe -r:192.168.0.250 -v:"2c" -c:"DERP" -o:"1.3.6.1.2.1.2.2.1.7.10003" -val:2 -tp:int 3560 Switch OIDs: .1.3.6.1.4.1.9.3.6.6.0 Memory .1.3.6.1.2.1.47.1.1.1.1.13.1001 System Model .1.3.6.1.2.1.47.1.1.1.1.11.1001 BIOS Serial Number .1.3.6.1.2.1.47.1.1.1.1.9.1001 Firmware Revision .1.3.6.1.2.1.1.6.0 Location http://www.itninja.com/blog/view/snmp-oids-for-cisco-3560 PowerSNMP: http://powersnmp.com/snmp-free-manager.aspx Paessler SNMP Tester: https://www.paessler.com/tools/snmptester Syslog Watcher: https://syslogwatcher.com/cmd-tools/ Cisco SNMP Object Navigator: http://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do?local=en Derpy: http://images5.fanpop.com/image/photos/28700000/Derpy-my-little-pony-friendship-is-magic-28778362-766-800.jpg Computer Icon: https://www.iconfinder.com/icons/100125/computer_icon
Cisco UDLD: https://www.youtube.com/watch?v=OyHqeXY8P-g I'm reverse engineering the protocol by looking at the packet capture. Please forgive me if something is wrong. I gave it my best shot to understand it. mac access-list extended UDLD_BLOCK deny any host 0100.0ccc.cccc permit any any interface FastEthernet0/2 mac access-group UDLD_BLOCK in derpy.network/cisco/udld.pcapng https://dashiesparkle.deviantart.com/art/Vector-273-Coco-Pommel-2-563252760
Cisco IP NAT NAT Playlist: https://www.youtube.com/playlist?list=PLDzveA55I0_gGGIxKOH3XUbV331J8uLU6 http://packetlife.net/blog/2010/jan/7/understanding-nat-address-types/ http://www.ciscopress.com/articles/article.asp?p=1725268 inside local address: This is the inside address as it is seen and used within the organizational network. inside global address: This is the inside address as it is seen and used on the outside of the organizational network. outside local address: This is the outside address as it seen and used within the organizational network. outside global address: This is the outside address as it is seen and used on the outside of the organizational network.
Yay! All the muffin protocols!
Colliding muffins! Whoa! Twilight Sparkle: http://psychicwalnut.deviantart.com/art/Angry-Princess-Twilight-456389112 Fluttershy: http://img14.deviantart.net/d2d8/i/2011/123/2/1/dancing_fluttershy_by_moongazeponies-d3fiy2b.png Trixie: http://img06.deviantart.net/09e3/i/2011/194/9/e/trixie_by_shelmo69-d3nxapz.png
You will learn GRE and how to share those networks with EIGRP. Fun! Those IP addresses are getting to me. I'm repeating some. Ha. Derpy: http://elppajack.deviantart.com/art/Derpy-Hooves-Scrunchy-Face-333589319 luna: http://proenix.deviantart.com/art/Sad-Luna-296053579 Twilight sparkle: http://jeatz-axl.deviantart.com/art/Twilight-Sparkle-Whaa-412896192
Spanning tree protocol! How fun! Disclaimer: It may cause muffin cravings! And accuracy is not guaranteed, but I'll do my best! Find the Root Bridge 1. Find the root bridge with the lowest priority or MAC address. Sometimes called the Bridge ID. 2. All the active ports on the Root Bridge become designated ports. Find the Root ports (One RP per switch) 1. Lowest cost to Root Bridge. 2. Lowest neighbor Bridge ID 3. Lowest neighbor port priority 4. Lowest neighbor internal port number. Finding the Designated ports for LAN segments. 1. Between non-root switch segments, find the switch that has the lost cost to the root bridge. 2. Lowest BID 3. Lowest neighbor port priority 4. Lowest neighbor internal port number. STP Costs 1. 100 for 10Mbps 2. 19 for 100Mbps 3. 4 for 1Gbps 4. 2 for 10Gbps
username R2 password derp ! interface Serial0/0/0 ip address 192.168.0.1 255.255.255.252 encapsulation ppp ppp authentication chap username R1 password derp ! interface Serial0/0/0 ip address 192.168.0.2 255.255.255.252 encapsulation ppp ppp authentication chap Derpy: https://givralix.deviantart.com/art/Derpy-Hooves-429911899
Twilight(config)#interface range fa0/1-4 Twilight(config-if-range)#channel-group 2 mode on Twilight(config-if-range)#exit Twilight(config)#interface port-channel 2 Twilight(config-if)#switchport mode trunk ___________________________________________ Flutter(config)#interface range fa0/1-4 Flutter(config-if-range)#channel-group 1 mode on Flutter(config-if-range)#exit Flutter(config)#interface port-channel 1 Flutter(config-if)#switchport mode trunk fluttershy: http://proenix.deviantart.com/art/Scared-Fluttershy-297771368 twilight sparkle: http://ancientkale.deviantart.com/art/Twilight-Sparkle-Vector-253757237
