Cisco Systems CCNA 2 - page 123

122 - 238 CCNA 2: Routers and Routing Basics v3.1 Instructor Guide – Module 11 Copyright © 2004, Cisco Systems, Inc.

A.B.C.D Wildcard bits

log Log matches against this entry

<cr>

rt1(config)#access-list 1 permit 192.168.0.1 0.0.0.0 ?

log Log matches against this entry

<cr>

Give students a list of rules for access lists to help them understand this concept. Emphasize

the following points:

• Use one access list for each protocol and for each direction.

• Place standard access lists closest to the destination.

• Place extended access lists closest to the source.

• Apply the "in” or “out" keyword as if from inside the router.

• Remember statements are processed sequentially from the top of the list until a

match is found and if no match is found, the packet is denied.

• Remember there is an implicit “deny all” at the end of ACLs that will not appear in

the configuration listing.

• Remember, the match condition is examined first and the permit or deny is

examined ONLY if the match is true.

• List statements from specific references such as individual hosts to general

references such as entire networks when access list logic overlaps.

• Do not work with an access list that is actively applied.

• Use Notepad or a similar text editor to create comments that outline the logic and

then fill in the statements that perform the logic.

• Remember new lines are always added to the end of the access list.

• Use the no access-list x command to remove an entire list since it is not

possible to selectively add and remove lines.

• Remember that an IP access list will send an ICMP host unreachable message to

the sender of a rejected packet and will discard the packet.

• Use care when removing an access list. If the access list is applied to a production

interface and it is removed, there may be a default “deny any” applied to the

interface and all traffic will be halted. If the IOS defaults to “permit all”, there will be

no security or performance regulation.

• Remember outbound filters do not affect traffic that originates from the local router.

These rules will help students become successful with using ACLs. This is not an all-inclusive

list and it can be presented in any order.

Contents

Main I. Page Page II. Course Overview Target Audience Prerequisites Course Description Course Objectives Lab Requirements Certification Alignment Course Overview Page III. Teaching Guide for Each TI Nomenclature Page Module 1: WANs and Routers 1.1 WANs 1.1.1 Introduction to WANs 1.1.2 Introduction to routers in a WAN 1.1.3 Router LANs and WANs 1.1.4 Role of Routers in a WAN 1.1.5 Academy approach to hands-on labs 1.2 Routers 1.2.1 Introduction to WANs 1.2.2 Router physical characteristics 1.2.3 Router external connections 1.2.4 Management port connections 1.2.5 Console Port Connections 1.2.6 Connecting Router LAN interfaces 1.2.7 Connecting WAN interfaces Module 1 Summary Module 2: Introduction to Routers 2.1 Operating Cisco IOS Software 2.1.1 The purpose of Cisco IOS software 2.1.2 Router user interface 2.1.3 Router user interface modes 2.1.4 Cisco IOS software features 2.1.5 Operation of Cisco IOS software 2.2 Starting a Router 2.2.1 Initial startup of Cisco routers 2.2.2 Router LED indicators 2.2.3 The initial router bootup 2.2.4 Establish a console session 2.2.5 Router login 2.2.6 Keyboard help in the router CLI 2.2.7 Enhanced editing commands 2.2.8 Router command history 2.2.9 Troubleshooting command line errors 2.2.10 The show version command Module 2 Summary Module 3: Configuring a Router Page 3.1 Configure a Router 3.1.1 CLI command modes 3.1.2 Configuring a router name 3.1.3 Configuring router passwords 3.1.4 Examining the show commands 3.1.5 Configuring a serial interface 3.1.6 Making configuration changes 3.1.7 Configuring an Ethernet interface 3.2 Finishing the Configuration 3.2.1 Importance of configuration standards 3.2.2 Interface descriptions 3.2.3 Configuring an interface description 3.2.4 Login banners 3.2.5 Configuring message-of-the-day (MOTD) 3.2.6 Host name resolutions 3.2.7 Configuring host tables 3.2.8 Configuration backup and documentation 3.2.9 Backing up configuration files Page Module 3 Summary Module 4: Learning about Other Devices 4.1 Discovering and Connecting to Neighbors 4.1.1 Introduction to CDP 4.1.2 Information obtained with CDP 4.1.3 Implementation, monitoring, and maintenance of CDP 4.1.4 Creating a network map of the environment 4.1.5 Disabling CDP 4.1.6 Troubleshooting CDP Command Purpose 4.2 Getting Information about Remote Devices 4.2.1 Telnet 4.2.2 Establishing and verifying a Telnet connection 4.2.3 Disconnecting and suspending Telnet sessions 4.2.4 Advanced Telnet operation 4.2.5 Alternative connectivity tests Page 4.2.6 Troubleshooting IP addressing issues Module 4 Summary Module 5: Managing Cisco IOS Software 5.1 Router Boot Sequence and Verification 5.1.1 Stages of the router power-on boot sequence 5.1.2 How a Cisco device locates and loads the Cisco IOS 5.1.3 Using the boot system command 5.1.4 Configuration register 5.1.5 Troubleshooting IOS boot failure 5.2 Managing the Cisco File System 5.2.1 IOS file system overview 5.2.2 IOS naming convention 5.2.3 Managing configuration files using TFTP 5.2.4 Managing configuration files using copy and paste Page 5.2.5 Managing IOS images using TFTP 5.2.6 Managing IOS images using XModem 5.2.7 Environment variables 5.2.8 File system verification Page Module 5 Summary Module 6: Routing and Routing Protocols 6.1 Introduction to Static Routing 6.1.1 Introduction to routing 6.1.2 Static route operation Page 6.1.3 Configuring static routes 6.1.4 Configuring default route forwarding 6.1.5 Verifying static route configuration 6.1.6 Troubleshooting static route configuration Page 6.2 Dynamic Routing Overview 6.2.1 Introduction to routing protocols 6.2.2 Autonomous systems 6.2.3 Purpose of a routing protocol and autonomous systems 6.2.4 Identifying the classes of routing protocols 6.2.5 Distance vector routing protocol features 6.2.6 Link-state routing protocol features 6.3 Routing Protocols Overview 6.3.1 Path determination 6.3.2 Routing configuration 6.3.3 Routing protocols Page Module 6 Summary Module 7: Distance Vector Routing Protocols 7.1. Distance Vector Routing 7.1.1 Distance vector routing updates 7.1.2 Distance vector routing loop issues Page 7.1.3 Defining a maximum count 7.1.4 Eliminating routing loops through split horizon Page 7.1.5 Route poisoning X 7.1.6 Avoiding routing loops with triggered updates 7.1.7 Preventing routing loops with holddown timers 7.2 RIP 7.2.1 RIP routing process 7.2.2 Configuring RIP 7.2.3 Using the ip classless command 7.2.4 Common RIP configuration issues 7.2.5 Verifying RIP configuration 7.2.6 Troubleshooting RIP update issues 7.2.7 Preventing routing updates through an interface 7.2.8 Load Balancing with RIP 7.2.9 Load balancing across multiple paths 7.2.10 Integrating static routes with RIP 7.3 IGRP 7.3.1 IGRP features 7.3.2 IGRP metrics 7.3.3 IGRP routes 7.3.4 IGRP stability features 7.3.5 Configuring IGRP 7.3.6 Migrating from RIP to IGRP 7.3.7 Verifying IGRP Configuration 7.3.8 Troubleshooting IGRP Module 7 Summary Page Module 8: TCP/IP Suite Error and Control Messages 8.1 Overview of TCP/IP Error Message 8.1.1 ICMP 8.1.2 Error reporting and error correction 8.1.3 ICMP message delivery 8.1.4 Unreachable networks 8.1.5 Using ping to test destination reachability 8.1.6 Detecting excessively long routes 8.1.7 Echo messages 8.1.8 Destination unreachable message 8.1.9 Miscellaneous error reporting 8.2 TCP/IP Suite Control Messages 8.2.1 Introduction to control messages 8.2.2 ICMP redirect/change requests 8.2.3 Clock synchronization and transit time estimation 8.2.4 Information requests and reply message formats 8.2.5 Address mask requests 8.2.6 Router discovery message 8.2.7 Router solicitation message 8.2.8 Congestion and flow control messages Module 8 Summary Module 9: Basic Router Troubleshooting 9.1 Examining the Routing Table 9.1.1 The show ip route command 9.1.2 Determining the gateway of last resort 9.1.3 Determining route source and destination 9.1.4 Determining L2 and L3 addresses 9.1.5 Determining route administrative distance 9.1.6 Determining the route metric 9.1.7 Determining the route next hop 9.1.8 Determining the last routing update 9.1.9 Observing multiple paths to destination 9.2 Network Testing 9.2.1 Introduction to network testing 9.2.2 Using a structured approach to troubleshooting 9.2.3 Testing by OSI layers 9.2.4 Layer 1 troubleshooting using indicators 9.2.5 Layer 3 troubleshooting using ping 9.2.6 Layer 7 troubleshooting using Telnet 9.3 Troubleshooting Router Issues Overview 9.3.1 Troubleshooting Layer 1 using show interfaces 9.3.2 Troubleshooting Layer 2 using the show interfaces 9.3.3 Troubleshooting using show cdp 9.3.4 Troubleshooting using traceroute 9.3.5 Troubleshooting routing issues 9.3.6 Troubleshooting using show controllers 9.3.7 Introduction to debug Module 9 Summary Module 10: Intermediate TCP/IP 10.1 TCP Operation 10.1.1 TCP operation 10.1.2 Synchronization or three-way handshake 10.1.3 Denial of service attacks 10.1.4 Windowing and window size 10.1.5 Sequencing numbers 10.1.6 Positive acknowledgements 10.1.7 UDP operation 10.2 Overview of Transport Layer Ports 10.2.1 Multiple conversations between hosts 10.2.2 Ports for services 10.2.3 Ports for clients 10.2.4 Port numbering and well known port numbers 10.2.5 Example of multiple sessions between hosts 10.2.6 Comparison of MAC addresses, IP addresses, and port numbers Module 10 Summary Module 11: Access Control List (ACLs) Overview 11.1 Access Control List Fundamentals 11.1.1 Introduction to ACLs 11.1.2 How ACLs work 11.1.3 Creating ACLs Page 11.1.4 The function of a wildcard mask 11.1.5 Verifying ACLs 11.2 Access Control Lists (ACLs) 11.2.1 Standard ACLs 11.2.2 Extended ACLs 11.2.3 Named ACLs 11.2.4 Placing ACLs 11.2.5 Firewalls 11.2.6 Restricting virtual terminal access Module 11 Summary IV. Case Study Overview and Objectives Scenario and Phase 1: Project Description Page Phase 3: Basic Router and Workstation Configuration Page Phase 4: Access Control Lists Phase 5: Documenting the Network Case Study Deliverables General Documentation: Technical Documentation: Page Case Study Instructor Notes Phase 1: Project Description Phase 2: IP Addressing Phase 3: Basic Router and Workstation Configuration Phase 4: Access Control Lists Phase 5: Documenting the Network Optional Case Study Instructor Sample Outputs Phase 5: Documenting the Network Sample outputs Boaz (2500) Configuration Management documentation Boaz (2500) Page Page Security Management documentation Boaz (2500) Page Phase 5: Documenting the Network Sample outputs Centre (2500) Configuration Management documentation Page Page Security Management documentation Centre (2500) Page Phase 5: Documenting the Network Sample outputs Eva (2500) Configuration Management documentation Eva (2500) Page Page Security Management documentation Eva (2500) Page Page Appendix A: Cisco Online Tools and Utilities 1 Output Interpreter Page Page Page Page Page Page Page 9 TAC Advanced Search Appendix B: Instructional Best Practices B.1 Definition of Best Practices B.1.1 What is meant by best practices? Page Page Page B.1.4 TIMSS report B.1.5 Student-centered learning B.1.6 Multiple intelligences Page Page Page Page Page B.2 Lab-Centric Instruction B.2.1 CCNA labs Page B.2.2 CCNP labs Page B.2.3 NETLAB Page B.2.4 Simulations B.2.5 Sponsored curriculum labs Page Page Page Page Page Page B.2.7 Troubleshooting Page B.3 Project-based Instruction B.3.1 Challenges and projects Page B.3.2 Design activities Page B.3.3 Brainstorming Page B.3.4 Case studies Page B.3.5 Web research B.4 Instructional Strategies B.4.1 Instructor-led classrooms Page B.4.2 Self-paced instruction B.4.3 Cooperative/collaborative work Page Page B.4.4 Jigsaws B.4.5 Ask the right questions Page B.4.6 PMI Page Page Page Page Page Page Page Page B.4.8 Setting goals Page Page B.5 Assessment Strategies B.5.1 Review strategies B.5.2 Journals and reflection Page Page B.5.3 Rubrics Page B.5.4 Portfolio Page Page B.5.6 Lab exams Page B.5.7 Six lenses