CCNA 640-607 Memorization Lists.doc - appsremote.com

CCNA 640-607 Memorization Lists

The following are lists and explanations that you should memorize for the CCNA 640-607 exam. You may or may not receive any questions from some of these lists. It depends on the exam you get. It’s best to be safe and know them.

Cisco Access Lists

Access List Type Number Range

IP Standard 1-99

IP Extended 100-199

Protocol Type-Code 200-299

DECnet 300-399

XNS Standard 400-499

XNS Extended 500-599

AppleTalk 600-699

48-Bit MAC Address 700-799

IPX Standard 800-899

IPX Extended 900-999

IPX SAP 1000-1099

Extended 48-Bit MAC Address 1100-1199

IPX Summary Address (NLSP) 1200-1299

Cisco Access Lists Command Formats, etc.

Standard IP Access Lists

This is the command format for a standard IP access list (notice that you can only use a source address, not a destination address, in a standard IP access list): access-list [number] [permit or deny] [source address]

Here is an example of configuring a standard IP access list (this is done in configuration mode within privileged EXEC mode):

RouterA(config)#access-list 12 permit 172.17.35.3

Extended IP Access Lists

This is the command format for an extended IP access list:

access-list [number] [permit or deny] [protocol] [source] [destination] [port]

Here is an example of configuring an extended IP access list (this is done in configuration mode within privileged EXEC mode):

RouterA(config)#access-list 120 permit tcp any any eq www tcp is the protocol,

any is any source address, any is any destination address, eq www is the port (Remember that when filtering by port, you cannot use IP as the protocol. You can only use TCP, UDP, or ICMP)

1

CCNA 640-607 Memorization Lists

Standard IPX Access Lists

This is the command format for a standard IPX access list (notice that you can use both a source address and a destination address in the standard IPX access list): access-list [number] [permit or deny] [source address] [destination address]

Here is an example of configuring a standard IPX access list (this is done in configuration mode within privileged EXEC mode):

RouterA(config)#access-list 820 permit 30 10 30 is the source, 10 is the destination

Extended IPX Access Lists

This is the command format for an extended IPX access list:

access-list [number] [permit or deny] [protocol] [source] [socket] [destination] [socket]

Here is an example of configuring an extended IPX access list (this is done in configuration mode within privileged EXEC mode):

RouterA(config)#access-list 930 permit –1 –1 0 –1 0 -1 is any protocol, -1 is any

source, 0 is the socket, -1 is any destination, 0 is the socket

IPX SAP Filters

This is the command format for an IPX SAP Filter:

access-list [number] [permit or deny] [source address] [service type]

Here is an example of configuring an IPX SAP filter (this is done in configuration mode within privileged EXEC mode):

RouterA(config)#access-list 1080 permit 12.0000.0000.0001 0 12.0000.0000.0001

is the source address which is the network/node address of the server, 0 is any service type

Applying access lists and SAP Filters to an interface

Remember, after you configure an access list or SAP Filter, it doesn’t do you any good unless it is applied to an interface. You must be in interface configuration mode within privileged EXEC mode and you must use the command “access-group” to apply an

access list and “input-sap-filter” to apply a SAP Filter. Here are examples:

RouterA(config-if)#ip access-group 12 out applies standard IP access list 12 to

outgoing packets on the chosen interface

RouterA(config-if)#ipx access-group 930 in applies extended IPX access list 930

to incoming packets on the chosen interface

RouterA(config-if)#ipx input-sap-filter 1080 applies IPX SAP Filter 1080 to the

chosen interface

2

redistribute in any form.

CCNA 640-607 Memorization Lists

Cisco Access List Wildcard Masking with IP access lists

Wildcards are used to specify a single host, an entire network, or part of a network. They can be used in standard IP or extended IP access lists. 0’s within the mask must match up exactly and 255’s within the mask can be anything.

Specifying a single host

host 172.16.10.3 is the same as specifying 172.16.10.3 0.0.0.0 . Since the wildcard mask

is all 0’s, this means that each octet must match up exactly, specifying a single host.

For example, the following two commands are the same, specifying the single host 172.16.10.3:

access-list 75 permit host 172.16.10.3

access-list 75 permit 172.16.10.3 0.0.0.0

Specifying all networks and all hosts

any is the same as specifying 0.0.0.0 255.255.255.255 .Since the wildcard mask is all

255’s and no particular network is specified, this means that it doesn’t matter what each octet is, specifying any host on any network.

For example, the following two commands are the same:

access-list 75 permit 0.0.0.0 255.255.255.255

access-list 75 permit any

(Note: When using IPX access lists, -1 is just like using the any keyword. It refers to any

IPX network address)

Specifying a whole network

The mask must contain 0’s to specify a particular network and 255’s to specify all the

hosts within that network.

For example, the following command would permit all the hosts within the 172.16.0.0 network:

access-list 75 permit 172.16.0.0 0.0.255.255

This command means that the 172.16 must match up exactly because the wildcard mask for those two octets are 0’s. Since the wildcard mask for the last two octets are 255’s, it doesn’t matter what the last two octet’s are. They could be anything.

Specifying a part of a network or a portion of available hosts

To do this, you need to understand block sizes. These block sizes are used to specify a block of addresses. Some of the different block sizes available are 64, 32, 16, 8, and 4. You use the closest block size for your needs. If you need to specify 34 networks or hosts, you would have to use the next highest block size of 64. If you wanted to specify 22 networks or hosts, you would have to use the next highest block size of 32. When you specify the wildcard mask, the wildcard is always one less than the block size. Also, block sizes must start at zero. If you want a block size of 8, you must stay within the 3

redistribute in any form.

CCNA 640-607 Memorization Lists

block ranges of 0-7, 8-15, etc. For example, you couldn’t start on 11. If you want a block size of 32, you must stay within the ranges 0-31, 32-63, 64-95, etc. Let’s look at some

examples:

Example # 1

Let’s say you want to deny access to the networks 172.16.16.0 through 172.16.19.0. First of all, this is good because the range is 16-19. So, we could use a block of 4. This is within one of the ranges because they are 0-3, 4-7, 8-11, 12-15, 16-19, etc. So, your access list command would look like the following:

access-list 50 deny 172.16.16.0 0.0.3.255

If you look at the wildcard mask, the first two octets are zero, so this means that the 172.16 must match exactly. Next, the 3 is one less than the block size as discussed above. So, this means that the block size is 4, which would be the networks 16, 17, 18, and 19. The 255 means that this last octet could be any host number.

Example # 2

Let’s say you want to deny access to the networks 172.16.16.0 through 172.16.21.0. This

is a total of 6 networks so we would have to use the block size of 8. If you look at the ranges 0-7, 8-15, 16-23, 24-31, etc., you would have to use the range 16-23. So, your access list command would look like the following:

access-list 50 deny 172.16.16.0 0.0.7.255

If you look at the wildcard mask, the first two octets are zero, so this means that the 172.16 must match exactly. Next, the 7 is one less than the block size. So, this means that the block size is 8, which would be the networks 16, 17, 18, 19, 20, 21, 22, and 23. The 255 means that this last octet could be any host number. The only problem with this is that you’re denying two networks (22 and 23) that aren’t within the networks that you

originally wanted to deny. This is one of the problems with block sizes.

Example # 3

Let’s say you want to permit access to the hosts 172.16.16.9 through 172.16.16.14. This is a total of 6 hosts so we would have to use the block size of 8. If you look at the ranges 0-7, 8-15, 16-23, 24-31, etc., you would have to use the range 8-15 because the hosts you wish to permit access to fall in this range. So, your access list command would look like the following:

access-list 50 permit 172.16.16.8 0.0.0.7

If you look at the wildcard mask, the first three octets are zero, so this means that the 172.16.16 must match exactly. Next, the 7 is one less than the block size. So, this means that the block size is 8, which would be the hosts 8, 9, 10, 11, 12, 13, 14, and 15. The only problem with this is that you’re permitting two hosts (8 and 15) that aren’t within the networks that you originally wanted to permit. This is one of the problems with block sizes.

4

redistribute in any form.

CCNA 640-607 Memorization Lists

Routing Protocols and their attributes

Protocol Type Int. or Ext. Class Metrics Scalability RIP Distance-Vector Interior Classfull Hop count 15 Hops RIPv2 Distance-Vector Interior Classless Hop count 15 Hops IGRP Distance-Vector Interior Classfull Bandwidth, 255 Hops

Delay, (default is

Reliability, 100)

Load

EIGRP Advanced Interior Classless Bandwidth, Thousands

Distance-Vector Delay, of routers

(Hybrid) Reliability,

Load

RTMP Distance-Vector Interior NA Hop count 15 Hops AURP Distance-Vector Interior or NA Hop count 15 Hops on

Exterior each side IPX RIP Distance-Vector Interior NA Ticks and 15 Hops

Hop count

NLSP Link-state Interior NA Cost and 127 Hops

bandwidth

OSPF Link-state Interior Classless Cost Approx. 50

routers per

area,

approx. 100

areas IS-IS Link-state Interior Classless Path value, Thousands

delay, of routers

expense,

and errors

BGP Path-vector Exterior Classless Path Thousands

attributes of routers

and other

factors

5

redistribute in any form.

CCNA 640-607 Memorization Lists

OSI (Open Systems Interconnection) Reference Model

Application Layer

This layer is responsible for file, message, print, database, and application services. It is the layer closest to the end user and this means that the user and the Application layer interact directly with the software applications. It is also responsible for synchronizing applications on the client and the server, determining if sufficient resources exist for the intended communication, understanding resources that are needed to communicate between two devices and establishing their availability, agreeing on error control and data integrity of communicating applications, and providing processes and services to end users. Always think of “data” with this layer.

Presentation Layer

Responsible for the format, conversion, encryption, decryption, compression, and decompression of data. This layer also negotiates which format or syntax to use, such as PICT, TIFF, JPEG, MIDI, QuickTime, and MPEG. This layer presents data to the Application layer, so basically, it services the Application layer and is serviced by the Session layer. Always think of “data” with this layer.

Session Layer

This layer is responsible for establishing, managing, and terminating sessions between applications. Its main concern is dialog control between nodes, or devices. It keeps data from different applications separate from each other and offers three modes: simplex, half-duplex, and full-duplex. Some examples of Session Layer protocols and interfaces are SQL (Structured Query Language), RPC (Remote Procedure Call), X Window, and Network File System (NFS). Always think of “data” with this layer.

Transport Layer

Responsible for sequencing, session establishment, and maintenance and termination (tear-down) of virtual circuits. Services in this layer segment and reassemble data from upper-layer applications. It establishes a logical connection between the sending host and the destination host. Always think of “segments” with this layer.

Network Layer

This layer decides the best path through a network and handles network addressing. It is responsible for routing within an internetwork. Routers are defined at this layer. Always think of “packets or datagrams” with this layer.

Data Link Layer

Responsible for providing reliable transmission of data across the Physical layer. It formats the message into data frames and adds a header to the frame containing the hardware source and destination address. Consists of two sublayers: Media Access Control (MAC) and Logical Link Control (LLC). The MAC sublayer is responsible for Media Access, Framing, and Logical Topology. The LLC sublayer can provide error correction while the MAC sublayer only provides error detection. Always think of “frames” with the Data Link layer

6

redistribute in any form.

CCNA 640-607 Memorization Lists

Physical Layer

This layer is responsible for sending and receiving bits. It specifies the electrical,

mechanical, functional, and procedural requirements for activating, maintaining, and

deactivating a physical link between systems. It is where the cable, connector, and

signaling specifications are defined. This layer is the only layer that does not rely on a

layer beneath it and the only one that can communicate electrical/light pulses to the other

side. Always think of “bits” with this layer.

“OSI Reference Model / DoD Model” Comparison and Associated Protocols

DoD (Dept. of Defense) Model OSI Model Protocols

Application Telnet, TFTP, FTP,

Process / Application --------> Presentation --------> SMTP, NFS, LPD,

Session SNMP, X Window

Host-to-Host --------> Transport --------> TCP, UDP

Internet --------> Network --------> ARP, RARP, IP,

BootP, ICMP

Network --------> Data Link --------> Ethernet, Fast Ethernet,

Access Physical Token Ring, FDDI

Routing Table Updates for Distance Vector Routing Protocols

Routing Protocol Routing Table Updates in Seconds

AppleTalk RTMP 10

IP RIP 30

XNS 30

DECnet IV 40

IPX SAP 60

IPX RIP 60

IP IGRP 90

VINES VRTP 90

Encapsulation

7

CCNA 640-607 Memorization Lists

Data encapsulation at each layer of the OSI Reference Model: Application Data

Presentation Data

Session Data

Transport Segments

Network Packets or Datagrams Data Link Frames

Physical Bits

Frame Relay encapsulation types:

Cisco (Default)

IETF

Serial interface encapsulation types:

HDLC (Default)

PPP

Novell IPX encapsulation (frame) types:

Interface Encapsulation or frame type Cisco keyword

Ethernet Ethernet_802.3 novell-ether (Default)

Ethernet_802.2 sap

Ethernet-snap snap

Ethernet_II arpa

Token Ring Token-Ring sap (Default)

Token-Ring_snap snap

FDDI Fddi_snap snap (Default)

Fddi_802.2 sap

Fddi_raw novell-fddi

Editing Commands

8

redistribute in any form.

CCNA 640-607 Memorization Lists

Ctrl + A Move to the beginning of the command line Ctrl + E Move to the end of the command line

Ctrl + B (or left arrow) Move back one character

Ctrl + F (or right arrow) Move forward one character Ctrl + N (or down arrow) Repeat most recent command Ctrl + P (or up arrow) Repeat previous command

Ctrl + D Deletes a single character

Ctrl + R Redisplays a line

Ctrl + U Erases a line

Ctrl + W Erases a word

Ctrl + Z Ends configuration mode and returns you to exec mode

Esc + B Move backward one word

Esc + F Move forward one word

Backspace Deletes a single character

Tab Finishes typing a command

IP Address Ranges

Class Address Range First Octet Range

Class A (commercial use) 1.0.0.0 to 126.0.0.0 1 - 126 Class B (commercial use) 128.0.0.0 to 191.254.0.0 128 - 191 Class C (commercial use) 192.0.1.0 to 223.255.254.0 192 - 223 Class D (multicast groups) 224.0.0.0 to 239.255.255.255 224 - 239 Class E (experimental) 240.0.0.0 to 254.255.255.255 240-254

127.0.0.0 is reserved for the loopback address. It is used by a device to address itself

internally and used to test a local device’s TCP/IP stack and identify possible stack

corruption. This is done by using the command “ping 127.0.0.1” on the local device.

Private IP Addresses

The following three sets of IP addresses and subnet masks are private IP addresses. They

are for use on private networks and usually don’t connect to the global Internet:

Addresses Subnet mask

10.0.0.0 255.0.0.0

172.16.0.0 through 172.31.255.255 255.240.0.0

192.168.0.0 through 192.168.255.255 255.255.0.0

Subnetting

9

CCNA 640-607 Memorization Lists

(Definitely memorize the following subnet mask tables and write them down before starting the exam. See our Subnetting Tips document for more information)

Subnet Masks for a Class C network

Subnet Mask Length of mask (bits) # of subnets # of hosts per subnet

255.255.255.252 30 62 2

255.255.255.248 29 30 6 255.255.255.240 28 14 14

255.255.255.224 27 6 30

255.255.255.192 26 2 62

Subnet Masks for a Class B network

Subnet Mask Length of mask (bits) # of subnets # of hosts per subnet

255.255.255.252 30 16,382 2

255.255.255.248 29 8,190 6 255.255.255.240 28 4,094 14

255.255.255.224 27 2,046 30

255.255.255.192 26 1,022 62

255.255.255.128 25 510 126

255.255.255.0 24 254 254

255.255.254.0 23 126 510

255.255.252.0 22 62 1,022

255.255.248.0 21 30 2,046

255.255.240.0 20 14 4,094

255.255.224.0 19 6 8,190

255.255.192.0 18 2 16,382

Notice how the “# of subnets” and the “# of hosts per subnet” on the Class C table are inverses of each other. For example, on the Class C table, the “# of subnets” starts at 62, then 30, 14, 6, and 2. The “# of hosts per subnet” starts at 2, then 6, 14, 30, and 62. Notice that right in the middle is the 255.255.255.240 subnet mask with 14 subnets and 14 hosts per subnet.

The Class B table works the same way. The “# of subnets” starts at 16,382 and goes all the way down to 2 while the “# of hosts per subnet” starts at 2 and goes all the way up to 16,382. Right in the middle is the 255.255.255.0 subnet mask with 254 subnets and 254 hosts per subnet.

Here’s a tip to help memorize the Class B table. Notice that when you look at the “# of subnets” starting with 16,382, that each number going to the bottom of the list keeps

splitting almost in half. Half of 16,382 is close to 8,190, half of 8,190 is close to 4,094, etc. When you look at the “# of hosts”, the same thing is happening except that you start at the bottom of the list.

Regarding the “Length of Mask (bits)” field: For example, 30 means

11111111.11111111.11111111.11111100, or 30 1’s, etc.

10

redistribute in any form.

DOCSFORD

CCNA 640-607 Memorization Lists.doc - appsremote.com