Almost everything you need to know about CCNA


CCNA is the entry-level exam for cisco certifications. The particulars of the test are:

  • Exam number: #640-802
  • 55-65 questions
  • 90 minutes at a proctored location
  • Minimum passing score: 849 / 1000

  • LUCK!
    • Exam Topics
      Describe how a network works:
      Describe the purpose and functions of various network devices
    • Router - A device that recieves and transmits packets from one disjoint network to an other.
    • Switch - A device that recieves and transmits packets within practicular LANs
    • Bridge - A device that links two or more disjoint networks via layer 2
  • Select the components required to meet a network specification
  • Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network

  • Describe common networked applications including web applications
    • WWW - Hosts which typicall listen on 80/443 and serve html formatted pages
    • FTP - Hosts which typically listen on port 21 and provide a shell used for transfering files.
    • SQL - Hosts which typically listen on 1443 or other DB ports to communicate backend information to frontend hosts
    • DNS - Hosts which typically listeno n 53 and can handle tcp or udp requests for name resolution
  • Describe the purpose and basic operation of the protocols in the OSI and TCP models
    • Application Layer The Application Layer of the OSI model is responsible for providing end-user services, such as file transfers, electronic messaging, e-mail, virtual terminal access, and network management. This is the layer with which the user interacts.
    • Presentation Layer The Presentation Layer of the OSI model is responsible for defining the syntax which two network hosts use to communicate. Encryption and compression should be Presentation Layer functions.
    • Session Layer The Session Layer of the OSI model is responsible for establishing process-to-process commnunications between networked hosts.
    • Transport Layer The Transport Layer of the OSI model is responsible for delivering messages between networked hosts. The Transport Layer should be responsible for fragmentation and reassembly.
    • Network Layer The Network Layer of the OSI model is responsible for establishing paths for data transfer through the network. Routers operate at the Network Layer.
    • Data Link Layer The Data Link Layer of the OSI model is responsible for communications between adjacent network nodes. Hubs and switches operate at the Data Link Layer.
    • Physical Layer The Physical Layer of the OSI model is responsible for bit-level transmission between network nodes. The Physical Layer defines items such as: connector types, cable types, voltages, and pin-outs.
  • Describe the impact of applications (Voice Over IP and Video Over IP) on a network
  • Interpret network diagrams

  • Determine the path between two hosts across a network
    • Issue traceroute from one host to the other (tracert - This should identify every layer 3 router the packets passess through
  • Describe the components required for network and Internet communications
  • Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
    • Is your network cable plugged in? (physical)
    • Is there a link light on the Ethernet switch and Ethernet NIC? (data-link)
    • Do you have an IP address? (network)
    • Can you ping your default gateway? (network, testing LAN IP connectivity)
    • Do you have DNS server information?
    • Can you ping your DNS server? (network, testing IP connectivity)
    • Do you have a firewall configured? (network on up to application)
    • Can you ping the host you are trying to get to by name? (application, DNS and network WAN IP connectivity)
    • What format is the graphic in? Do you have a viewer for that format? (presentation)
    • Can your web browser open up another website? (basic application troubleshooting)
  • Differentiate between LAN/WAN operation and features
    • LAN A LAN is a local area network which usually is contained within a building
      • Typically used equipment: Hubs, Switches
    • WAN A WAN is a wide area network which usually spans multiple buildings to cities and countries.
      • WANs typically do not use Ethernet, they use T1, E1, ADSL, ISDN, ATM, MPLS etc..)
      • Typically used equipment:

Configure, verify and troubleshoot a switch with VLANs and interswitch communications

  • Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  • Explain the technology and media access control method for Ethernet networks
  • Explain network segmentation and basic traffic management concepts
  • Explain basic switching concepts and the operation of Cisco switches
  • Perform and verify initial switch configuration tasks including remote access management
  • Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands
    • Ping is useful to test layer 3 connectivity to an other host SYNTAX ping
    • Traceroute is useful to determine the layer 3 path a host is taking SYNTAX traceroute
    • Telnet is useful to trouble shoot firewall issues it allows you to write and recieve data over a socketSYNTAX telnet hostname port
    • arp is useful to troubleshoot layer 2 issues. It lists mac addressess and ip addresses SYNTAX arp -a
    • ipconfig is the utility on windows systems to configure a host's NIC
    • show is the command to print a current status or configuration to the screen (cisco devices) SYNTAX show parameter
  • Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures
  • Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
    VTP VLAN trunking protocol is a Cisco proprietary layer 2 messaging protocol. Mainly this protocol is used as a added relief to switched infrastructures, making it easy to pass vlan configurations from one master (vtp server) to clients (vtp clients). VTP traffic is sent over isl, 802.1q trunks as well as VLAN1.
    • Server In this mode the network appliance acts as the cononcial source of vlan information, sending out advertisements
    • Client In this mode the network appliance recieves vtp advertisements from the server
    • Transparent In this mode the network appliance opts out of vtp all together (version 2 transparent forwards vtp advertisements through their trunk ports but do not actually use the vtp information

  • RSTP
    VLAN A virtual local area network is a "network" or broadcast domain which is configured on one or more switches. The use of vlans allows network admins to group hosts together on the same network by defining their vlan on the port level.
    802.1q This IEEE specification is a protocol which adds additional information to network frames traversing "trunk" ports called "tags." This is essentially another piece of information used to differentiate between vlans and allows vlan information to be passed to other network devices.
  • Describe how VLANs create logically separate networks and the need for routing between them
  • Configure, verify, and troubleshoot VLANs
    vlan 5
    Creates a vlan with the ID of "5"
    name  "Helpdesk
    Defines the name of the vlan
    Exits to global config mode
    show vlan
    Displays all VLANs and what ports they are connected to
  • Configure, verify, and troubleshoot trunking on Cisco switches

    interface fastethernet 0/1
    Drops into interface config for that interface
    switchport mode trunk
    Puts the interface into permanent trunking mode/negotiates to convert the link into a trunk link
    switchport trunk encapsulation isl
    Specifies isl encapsulation to be used.
    switchport trunk encapsulation dot1q
    Specifies 802.1q encapsulation to be used.
    vtp password some-password
    Configures the VTP domain's password
    vtp v2-mode or "vtp verstion 2"
    Sets the VTP domain to verstion 2
    show vlan
    Displays all VLANs and what ports they are connected to
  • Configure, verify, and troubleshoot interVLAN routing
  • Configure, verify, and troubleshoot VTP
    vtp mode client
    Changes switch to VTP client mode (default is server)
    vtp mode server
    Changes switch to VTP server mode (default)
    vtp mode transparent
    Changes switch to VTP transparent mode (default)
    vtp domain somedomain-name
    Configures the domain name for vtp
    vtp password some-password
    Configures the VTP domain's password
    vtp v2-mode or "vtp verstion 2"
    Sets the VTP domain to verstion 2
    show vlan
    Displays all VLANs and what ports they are connected to
  • Configure, verify, and troubleshoot RSTP operation
  • Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network.
  • Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network

  • Describe the operation and benefits of using private and public IP addressing
  • Explain the operation and benefits of using DHCP and DNS

    How it works:

    Benefits: is a huge time saver in terms of configuration on the client side. Without DHCP each machine would have to be statically configured. DHCP can also provide more functionality through its "scope options" allowing vendor specific information to be passed to dhcp clients.

    How it works:

    Benefits: is oddly the most forgotten about, but one of the most important services a network can have. One of the least thought about benefits of DNS is the abillity to administratively poison DNS records.
  • Configure, verify and troubleshoot DHCP and DNS operation on a router.(including: CLI/SDM)
    Configure DHCP

    Command Result
    ip dhcp pool internal
    Creates a DHCP pool called internalnetwork
    Defines the range of addresses to be leaseddefault-router
    Defines the default gateway for the host recieving dhcp offernetbios-name-server
    Specifies the netbios server to be useddns-server
    Specifies the DNS server to be useddomain-name
    Specifies the domain name for the clientlease 14 12 23
    Defines the lease time to be 14 days, 12hours, 23 minutes (default is 1 day)exit
    returns to global config modeip dhcp excluded-address 192.

    Defines addresses to be excluded from dhcp scope
    service dhc

    Enables dhcp service on IOS
  • Im
    plement static and dynamic addressing services for hosts in a LAN environment
    Calculate and apply an addressing scheme including VLSM IP addressing design to a network
    Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
    Describe the technological requirements for running IPv6 in conjunction with IPv4 (including: protocols, dual stack, tunneling, etc).
    Describe IPv6 addresses

    IPv6 has a much larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2128 addresses.

    IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). For example:


    Any leading zeros in a group may be omitted; thus, the given example becomes2001:db8:85a3:0:0:8a2e:370:7334
    One or any number of consecutive groups of 0 value may be replaced with two colons (::):2001:db8:85a3::8a2e:370:7334
    This substitution with double-colon may be performed only once in an address, because multiple occurrences would lead to ambiguity.

    Identify and correct common problems associated with IP addressing and host configurations

    Configure, verify, and troubleshoot basic router operation and routing on Cisco devices
    Describe basic routin
  • g concepts (including: packet forwarding, router lookup process)
  • Describe the operation of Cisco routers (including: router bootup process, POST, router components)
  • Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
  • Configure, verify, and troubleshoot RIPv2
  • Access and utilize the router to set basic parameters.(including: CLI/SDM)
  • Connect, configure, and verify operation status of a device interface
  • Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
  • Perform and verify routing configuration tasks for a static or default route given specific routing requirements
  • Manage IOS configuration files. (including: save, edit, upgrade, restore)
  • Manage Cisco IOS
  • Compare and contrast methods of routing and routing protocols
  • Configure, verify, and troubleshoot OSPF
  • Configure, verify, and troubleshoot EIGRP
  • Verify network connectivity (including: using ping, traceroute, and telnet or SSH)
    • Ping is useful to test layer 3 connectivity to an other host SYNTAX ping
    • Traceroute is useful to determine the layer 3 path a host is taking SYNTAX traceroute
    • Telnet is useful to trouble shoot firewall issues it allows you to write and recieve data over a socketSYNTAX telnet hostname port
  • Troubleshoot routing issues
  • Verify router hardware and software operation using SHOW & DEBUG commands.
  • Implement basic router security

Explain and select the appropriate administrative tasks required for a WLAN

  • Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
  • Identify and describe the purpose of the components in a small wireless network. (Including: SSID, BSS, ESS)
    • SSID - Service Set Indicator the ascii name of a network
    • BSS- One accesspoint and the clients associated to it.
    • ESS- Extended Service Set a set of one ore more BSSs
  • Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point
    • SSID - Name of the network (i.e. "linksys")
    • Data Encryption - Type of encryption to be used (i.e. AES, TKIP, WEP)
    • Authentication Method - Type of authentication (i.e. WPA-psk, wpa2-psk, wpa2, open)
    • EAP type: - Authentication protocol (i.e. PEAP, LEAP)
    • Inner EAP type: - MSCHAP v2, smart card, cert
  • Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)
  • WEP
    • Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.
    • 40bits (encryption)+ 24bits(init. vector)=64bits Encryption.
    • 104bit(encryption)+ 24bits(init. vector)=128bits Encryption.
    • WEP uses RC4 stream encryption, for a fresh key stream for each packet.
    • The Init Vector & the key are combined to get per-packet key which is used to generate RC4 keys stream.
    • The RC4 is one of the major culprits in the security issues.
    • Part of the weakness of RC4 has to do with the combo of Init. Vector and Plain Text chipper.
    • 24 bit Init vector is finishing a cycle of 2 in the power of 24 in about hour and then repeats.
    • Repeating Init Vector plus knowledge about the plaintext language, makes guessing the plaintexts simpler.
    • It is an interim solution that is used now until 802.11i comes out.
    • It still using RC4, but the Key was changed to TKIP.
    • TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher.
    • TKIP also adds into the picture the Message Integrity Code (MIC). The transmission.s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.
    • The Future (probably in mid 2005 will come with the release of 802.11i). The Big Change will be Advance Encryption Standard (AES). 802.11i will change the WPA RC4 usage to employ AES. Referred to as WPA2 the main difference for regular user would be.
    • WPA uses (as describe above) TKIP/MIC Encryption.
    • WPA2 uses AES-CCMP Encryption
    • AES aka the Rijndael algorithm is a secure, fast symmetric cipher that is easily implemented in hardware.
    • AES has its own mechanism for dynamic key generation. It's also resistant to statistical analysis of the cipher text.
    • Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).
    • Identify common issues with implementing wireless networks. (Including: Interface, missconfiguration)

    Identify security threats to a network and describe general methods to mitigate those threats

    • Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats
    • Explain general methods to mitigate common security threats to network devices, hosts, and applications
    • Describe the functions of common security appliances and applications
    • Describe security recommended practices including initial steps to secure network devices

    Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network

    • Describe the purpose and types of ACLs
    • ACLs Access Control Lists are conditional if-then statements which pretain to interfaces or different IP protocol information. For example, an acl can be created to deny or permit traffic coming from towards on port 137. ACLs are also directional, meaning the source and destination help define the rule and interface (access-group). An ACL can also be used to explictly configure which networks will or won't be advertised by dynamic routing protocols.
      Standard ACLs Access control lists which only use the source IP address for condition-meeting.
      Extended ACLs Access control lists which can use a variety of fields in layer 3 and layer4 (for instance port).
    • Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
    • Configure and apply an ACLs to limit telnet and SSH access to the router using (including: SDM/CLI)
    • Verify and monitor ACLs in a network environment
    • show access-list | include "blah"
      Will display current acls filtered by "blah" this shows hit counts (how many times that condition (acl) has been "hit".
    • Troubleshoot ACL issues
    • Explain the basic operation of NAT
    • NAT Network Address Translation make it possible for hosts that are using rfc 1918 addresses to browse to the internet using a publically routable IP address. The edge router connected to the internet recieves a packet from say and re-writes the IP source header to the ip address that has been allocated from their ISP or IANA. NAT has increased popularity due to the shortage of ipv4 space available as well as some people think its more "secure" to NAT.
    • Configure NAT for given network requirements using (including: CLI/SDM)

    • Command Result
      ip route s0/0/0
      Defines static route for
      ip nat pool employees netmask
      Creates NAT pool with
      access-list 1 permit
      Creates ACL to define wthich rfc 1918 will be translated
      ip nat inside source list 1 pool employees
      Drops int interface config
      ip nat inside
      Source of rfc1918 is from ACL 1, the pool of pub ips is named employees
      Exits interface config
      interface serial 0/0/0
      Drops into interface config
      ip nat outside
      Defines the outside interface
      Troubleshoot NAT issues

    Implement and verify WAN links

    • Describe different methods for connecting to a WAN
    • Configure and verify a basic WAN serial connection
    • Configure and verify Frame Relay on Cisco routers
    • Troubleshoot WAN implementation issues
    • Describe VPN technology (including: importance, benefits, role, impact, components)
    • Configure and verify a PPP connection between Cisco routers

No comments: