CCIE SEC General Networking

Basics
1. Have you tried switching it off & on again?
OSI Layers
1. Application
  1. Layer 7
  2. SMTP
  3. HTTP
2. Presenetation
  1. Layer 6
  2. XML / HTML
  3. GIF / JPEG
3. Session
  1. Layer 5
  2. Controls Connections... i.e. source port to destination port.. and source port tied to applications
4. Transport
  1. Layer 4
  2. TCP
  3. UDP
  4. ICMP
5. Network
  1. Layer 3
  2. Logical Addressing
  3. IP
  4. Routing
6. Data-Link
  1. Layer 2
  2. MAC Addresses
  3. ARP
  4. Switching
7. Physical
  1. Layer 1
  2. Physical Connections, plugs
  3. Fibre / Copper
TCP/IP Protocols
1. ICMP
  1. Protocol 1
  2. Types
    1. 0 Echo Reply
    2. 3 Destination Unreachable
    3. 4 Source Quench
    4. 5 Redirect
    5. 8 Echo Request
    6. 11 TTL Expired
2. TCP
  1. Protocol 6
  2. Connection-Orientated
3. UDP
  1. Protocol 17
  2. Connection LESS
4. IP v4
  1. Class A
  2. Class B
  3. Class C
  4. Class D
    1. MultiCast
  5. Class E
    1. Experimental
  6. RFC 1918
  7. RFC 2827
5. IP v6
Switching
1. Spanning Tree
  1. BPDU
    1. Notication Frames
      1. Note Generated by spanning-tree portfast
    2. Config Frames
    3. Set with Source Mac & root bridge MAC
  2. Security
    1. Root Gurad
      1. Stops new root Bridge BPDUs, allows switches to connect
    2. BPDU Guard
      1. Rejects ANY BPDU
    3. Loop Gurad
      1. Stops Loops forming if no BPDU recieved
    4. UDLC
      1. UNI-Directional Loop Detection
      2. used to detect if tx or rx breaks
        Normal Mode = Log
        Aggressive Mode = Err_Disable Port
    5. BPDU Filter
      1. Filters Outbound BPDU
2. VLANS
  1. VLAN Trunking
    1. Trunk Link carries many VLANS over a single switch port
    2. Switch Frames are "tagged" with a VLAN ID, so receiving device can determine where Frames were destine
    3. ISL
      1. Inter-Switch Link Protocol
      2. Cisco-proprietary protocol that maintains VLAN information as traffic flows between switches and routers
      3. Performs frame identification in Layer2 by encapsulating each frame between a header and trailer.
      4. Referred to as FRAME double tagging
        Not the same as Security Layer2 attach "double tagging"
    4. 802.1q
      1. IEEE 802.1Q Protocol
      2. EEE 802.1Q (also known as VLAN Tagging) was a project in the IEEE 802 standards process to develop a mechanism to allow multiple bridged networks to transparently share the same physical network link without leakage of information between networks
      3. Each Frame is tagged within the layer2 frame.... not encapsulated
        Single Tagging
        Internal Tagging
      4. Native VLAN
        VLAN where "untagged" frames should reside.
    5. VTP
      1. VLAN Trunking Protocol
      2. Modes
        Server
        DEFAULT!
        Client
        Transparent
        All VLANS are local
      3. Layer 2 Frames
      4. Domains
        Revision Number
        To re-Set to 0
        Change Domain Name
        Change Switch Mode
        VLANS in domain
        Paramaters
        Mode
        Version 2
        Version 2
        Pruning
    6. DTP
      1. Dynamic Trunking Protocol
      2. The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used
  2. Virtual LAN
    1. LAN = Local Area Network
  3. A group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.
  4. Static VLAN Assignment
    1. Port Based Membership
    2. This is the "normal"
    3. Steps
      1. Step 1
        Create VLAN
        vlan
        name
      2. Step 2
        Assign Port to VLAN
        switchport mode access
        switchport access vlan
  5. Dynamic VLAN Assignment
    1. VLANs are assigned based on the MAC address of the end-user device
    2. Switch must query VLAM Membership Policy Server (VMPS)
  6. End to End VLANS
    1. A vlan switch spans a large geographical area
    2. examples would be a single vlan across a whole building or campus
  7. Local VLANS
    1. A vlan restricted by "something"
    2. Example, local to switch or local to room or local to floor
Routing Protocols
1. RIP
  1. Distance Vector
  2. UDP 520
  3. Admin Distance 120
  4. Load Balance upto 16 paths
  5. Version 1
    1. Broadcast Updates
    2. Classfull
    3. No Authentication
  6. Version 2
    1. Classless, VLSM = ok!
    2. Auto Summary on Class
    3. MULTICAST - 224.0.0.8
    4. Authentication
2. EIGRP
  1. Enhanced Interior Gateway Routing Protocol
  2. Routing protocol designed and developed by Cisco
  3. EIGRP is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router.
  4. Mixture of Distance Vector & Link state
  5. Fast Convergence via DUAL (Diffusing Update Algorithm)
  6. VLSM Support
  7. Triggered partial routing updates
  8. Multiple network layer supports
    1. Supports IP, AppleTalk, IPX, Novell NetWare
  9. Route States
    1. Passive
    2. Active
    3. A route is considered "active" when route recomputation is taking place, i.e. a routing decision has not yet been made.
    4. Passive is the operational "normal" state
  10. Terminology
    1. Neighbour Table
      1. Router uses "hello packets" to discover neighbors
      2. The Neighbour Tables stores a list of directly connected neighbours
    2. Topology Table
      1. When a new neighbour is discovered they update each other with details on all the routes they know about.
      2. The topology table contains all the destination networks learned by other routers.
    3. Advertised Distance
      1. Advertised Distance (AD) is the total metric along a path to a destination network as advertised by an upstream neighbor
    4. Feasible Distance
      1. A Feasible Distance (FD) is the lowest known distance from a router to a particular destination
      2. This is the Advertised Distance (AD) + the cost to reach the neighboring router from which the AD was sent
    5. Sucessor
      1. Also known as Current Sucessor
      2. Is a neighbour that has least-coset path to a destination (and not part of a routing loop)
    6. Feasible Sucessor
      1. is the backup "next hop" if a sucessor fails
      2. (also not part of a routing loop)
    7. Routing table
      1. Stores the best routes to all destinations
  11. multi data-link protocol / topology support
    1. Multicast Neighbours on Ethernet
      1. 224.0.0.10
      2. Support for Unicast Multi-Cast comminucation
    2. Support for point to point & non-broadcast multi-access (NBMA)
  12. EIGRP Packets are IP Protocol Number 88
  13. Admin Distance 90
  14. EIGRP Message Authentication Configuration Example
    1. Routing authentication relies on a key on a keychain to function
    2. ip authentication mode eigrp 10 md5
    3. ip authentication key-chain eigrp 10 MYCHAIN
3. IGRP
  1. Interior Gateway Routing Protocol
  2. Distance Vector
  3. Cisco Proprietary
  4. IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 15, and a single routing metric) when used within large networks
  5. CLASS_FULL_
  6. Periodically each gateway broadcasts its entire routing table (with some censoring because of the split horizon rule) to all adjacent gateways.
  7. Admin Distance 100
4. OSPF
  1. Open Shortest Path First
  2. Terminology
    1. Router Types
      1. Internal
        All routers have identical LSDBs
      2. Backbone
        A router with at least one connection to Area 0
      3. ABR
        A router with a connection to 2 or more areas
      4. ASBR
        A router with a connectio to an external area
        External Area would be re-distributing routes from another protocol
    2. LSDB
      1. Link State DB
      2. A Database of routes within a given area
      3. Routers may have many LSDBs
  3. Admin Distance 110
  4. Multicast
    1. 224.0.0.5 (all SPF/link state routers, also known as AllSPFRouters)
    2. 224.0.0.6 (all Designated Routers, AllDRouters)
  5. OSPF does not use TCP or UDP but uses IP directly, via IP protocol 89
  6. Classless, VLSM = ok!
  7. Link-State Routing Protocol
  8. LSA
    1. Link State Announcement
    2. Types
      1. LSA 1
        Router LSA
        Describe the state of the routers links to the area
        Only Flooded within a particular Area
      2. LSA 2
        Network LSA
        Generated by DR in multi-acess networks (ethernet)
        Describe the routers connected to the multi-access area
      3. LSA3
        Summary LSA
        Describe routes to the Area's Networks
        Flooded thru Backbone (Area 0)
        Not flodded thru Totally Stubby or NSSAs
      4. LSA4
        Summary LSA
        Describe routes to the ASBRs
        Flooded thru Backbone (Area 0)
        Not flodded thru Totally Stubby or NSSAs
      5. LSA 5
        AS External LSA
        Generated by ASBRs
        Describe routes to external Areas
        Not Flooded to Stub, totally stubby or NSSAs
      6. LSA 6
        Multicase OSPF LSA
        Used in multicase applications
      7. LSA 7
        NSSA LSA
      8. LSA 8
        External LSA for BGP
        Used to OSPF <-> BGP internetworking
      9. LSA 9, 10 or 11
        Opaque LSA
        Designed for future upgrades
  9. IGP (Interior gateway protocol)
  10. Areas
    1. Backbone
      1. Area 0 is the backbone area
      2. Virtual Link can create a temp link to area 0
      3. All Areas must connect to Area 0
    2. Stub Area
      1. A stub area is an area which does not receive external routes except the default route
      2. Does recieve internal routes
      3. Cannot contain an ASBR
    3. Totally Stubby Area
      1. Does not receive internal or external routes
    4. No So Stubby Area
      1. NSSA
      2. Can send external routes to back bone
      3. Does not accept external routes from other areas
      4. _CAN_ contain an ASBR
  11. Configuring OSPF Authentication on a Virtual Link
    r3.3.3.3# debug ip ospf adj 23:48:06: OSPF: Interface OSPF_VL1 going Up 23:48:06: OSPF: Send with youngest Key 0 23:48:07: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000001 23:48:07: OSPF: Build router LSA for area 2, router ID 3.3.3.3, seq 0x80000033 23:48:07: OSPF: Build router LSA for area 1, router ID 3.3.3.3, seq 0x80000030 23:48:14: OSPF: 2 Way Communication to 1.1.1.1 on OSPF_VL1, state 2WAY 23:48:14: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x7 len32 23:48:14: OSPF: Send with youngest Key 1 23:48:14: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x3FB opt 0x62 flag 0x7 len 32 mtu 0 state EXSTART 23:48:14: OSPF: First DBD and we are not SLAVE 23:48:16: OSPF: Send with youngest Key 1 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x7 len 32 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Retransmitting DBD to 1.1.1.1 on OSPF_VL1 [1] 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x3FB opt 0x62 flag 0x7 len 32 mtu 0 state EXSTART 23:48:19: OSPF: First DBD and we are not SLAVE 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x2 len 172 mtu 0 state EXSTART 23:48:19: OSPF: NBR Negotiation Done. We are the MASTER 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EB opt 0x62 flag 0x3 len 112 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Database request to 1.1.1.1 23:48:19: OSPF: sent LS REQ packet to 5.0.0.1, length 48 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EB opt 0x62 flag 0x0 len 32 mtu 0 state EXCHANGE 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EC opt 0x62 flag 0x1 len 32 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000030 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EC opt 0x62 flag 0x0 len 32 mtu 0 state EXCHANGE 23:48:19: OSPF: Exchange Done with 1.1.1.1 on OSPF_VL1 23:48:19: OSPF: Synchronized with 1.1.1.1 on OSPF_VL1, state FULL !--- This indicates the establishment of neighbor adjacency. 23:48:19: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on OSPF_VL1 from LOADING to FULL, Loading Done
    1. ip ospf authentication-key cisco
    2. area 1 virtual-link 3.3.3.3 authentication-key cisco
  12. Sample Configuration for Authentication in OSPF
    1. Types
      1. Null Authentication
      2. Plain Text Authentication
      3. MD5 Authentication
    2. show ip ospf interface serial0
      R1-2503# show ip ospf interface serial0 Serial0 is up, line protocol is up Internet Address 192.16.64.1/24, Area 0 Process ID 10, Router ID 172.16.10.36 , Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:05 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 70.70.70.70 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1
5. BGP
  1. TCP 179
IP Multicast