Best Wireless Networking Terminology

At its most basic, wireless communication is the sending and receiving of data through airwaves. But the CCENT certification exam expects you to understand wireless terminology and concepts. The following are some key points to remember for the exam:

Know the following organizations that help define wireless:

Institute of Electrical and Electronics Engineers (IEEE): Creates the wireless standards, such as 802.11a/b/g/n

Federal Communications Commission (FCC): Regulates the use of wireless devices (licenses of frequencies)

WiFi-Alliance: Ensures compatibility of wireless components. The WiFi-Alliance is responsible for testing and certification of wireless devices.

Know the two types of wireless networks:

Ad hoc mode: No wireless access point is used. The wireless clients communicate in a peer-to-peer environment.

Infrastructure mode: Uses a wireless access point

Know the IEEE Standards for wireless:

802.11a: A wireless standard that uses the 5 GHz frequency range and runs at 54 Mbps.

802.11b: A wireless standard that uses the 2.4 GHz frequency range and runs at 11 Mbps. The WiFi standard was created and 802.11b is part of that standard. This is the frequency used by cordless phones and microwaves, so you may experience interference from those devices. As a correction, you can change the channel of the wireless network or purchase phones that use a different frequency.

802.11g: A wireless standard, which is compatible with 802.11b, that also uses the 2.4 GHz frequency range and runs at 54 Mbps.

802.11n: A new wireless standard that can use either the 2.4 GHz frequency range or the 5 GHz frequency range and is compatible with 802.11a/b/g. 802.11n has a transfer rate of approximately 150 Mbps.

Other wireless terms to know for the exam:

Basic Service Set (BSS): A wireless network consisting of one access point using an SSID. If you had three access points, each using a different SSID, then this would be three BSS networks.

Extended Service Set (ESS): A wireless network comprising multiple access points using the same SSID.

Be sure to know the configuration requirements to set up an ESS:

The SSID on each access point must be the same.

The range of the access points must overlap by 10% or more.

Each access point must use a different channel.

Know the difference between the different wireless encryption types:

Wired Equivalent Privacy (WEP): An old wireless encryption protocol that involves configuring a pre-shared key on the access point and the wireless client that is used to encrypt and decrypt data. WEP uses the RC4 encryption algorithm with the pre-shared key and is not considered secure due to the way the key is used. WEP supports 64-bit and 128-bit encryption.

WiFi Protected Access (WPA): The improvement on WEP that adds the TKIP protocol in order to perform key rotation to help improve on the fact that WEP uses a static key. WPA has two modes: personal mode involves configuring a pre-shared key, and enterprise mode can use an authentication server such as RADIUS.

WiFi Protected Access 2 (WPA2): Improves upon WPA by changing the encryption algorithm to the Advanced Encryption Standard (AES) and supports both personal mode and enterprise mode.

The following are some key points regarding best practices to improve the security of your wireless network:

Disable wireless: If you aren't using wireless, then disable the wireless functionality on the wireless router.

Change the SSID: Make sure you change the SSID to something meaningless. You don't want the SSID set to a value that will help the hacker identify the building you're in because he could move closer to the building to get a stronger signal.

Disable SSID broadcasting: After disabling SSID broadcasting. the router won't advertise the existence of the wireless network. This makes it harder for someone to connect because they have to manually configure their client for the SSID name.

Implement MAC filtering: MAC filtering allows you to limit who can connect to the wireless network by the MAC address of the network card.

Implement encryption: Be sure to encrypt wireless traffic with WEP, WPA, or WPA2. WPA2 is the most secure of the three.

Read more

Configuring Routing for the Commands

Routing protocols will certainly come up on your CCENT certification exam. This section reviews popular commands that deal with routing and routing protocols, such as RIPv1 and RIPv2.

Command(s) Result
ip routing Enables routing on the router. Should be on by default.
no ip routing Disables routing on the router.
show ip route Displays the routing table.
ip route 23.0.0.0 255.0.0.0 22.0.0.2 Adds a static route to the router for the 23.0.0.0 network and sends any data for that network to the 22.0.0.2 address (next hop).
no ip route 23.0.0.0 255.0.0.0 22.0.0.2 Deletes the static route from the routing table.
ip route 0.0.0.0 0.0.0.0 22.0.0.2 Sets the gateway of last resort on the router to forward any packets with unknown destinations to the 22.0.0.2 address.
ROUTERB>enable
ROUTERB#config term
ROUTERB(config)#router rip
ROUTERB(config-router)#network 26.0.0.0
ROUTERB(config-router)#network 27.0.0.0 Configures the router for RIPv1. RIP is a dynamic routing protocol that is used to share routing information with other routers running RIP. In this example, RIP will share knowledge of the 26.0.0.0 and the 27.0.0.0 networks.
ROUTERB>enable
ROUTERB#config term
ROUTERB(config)#router rip
ROUTERB(config-router)#network 26.0.0.0
ROUTERB(config-router)#network 27.0.0.0
ROUTERB(config-router)#version 2 To configure the router for RIPv2, you use the same commands but add the "version 2" command at the end.
show ip protocols Display what routing protocols are running on the router.
debug ip rip Enable RIP debugging, which will display RIP related messages on the screen as RIP-related events occur (packets are sent and received).
no debug all Turns off debugging once you are done troubleshooting RIP.

Read more

Network Cabling for the CCENT Certification Exam

The CCENT certification tests you on the different types of cabling that are used in different scenarios. The following are some key points to remember about network cabling.

Rollover cable: A rollover cable is also known as a console cable and gets the name rollover because the order of the wires from one end of the cable to the other are totally reversed, or rolled over. The rollover/console cable is used to connect a computer to the console port or auxiliary port of the router for administration purposes.

Back-to-back serial cable: The back-to-back serial cable is used to connect two Cisco routers directly together over a serial link. A back-to-back serial link will have one router act as the DCE device with the clock rate set and the other router act as the DTE device.

Straight-through cable: A straight-through cable is used to connect dissimilar devices together. Scenarios that use straight-through cables are computer-to-switch and switch-to-router.

Crossover cable: A crossover cable has wires 1 and 2 switch positions with wires 3 and 6 on one end and is used to connect similar devices together. Scenarios that use crossover cables are computer-to-computer, switch-to-switch, and computer-to-router (they are both hosts).

Coaxial cable: A network cable type used in old Ethernet environments, such as 10Base2 and 10Base5. Coaxial cable is seen in high-speed Internet connections with cable companies today.

Fiber optic cable: A unique cable type that has a glass core which carries pulses of light as opposed to copper cable carrying electrical signals (coax and twisted pair cabling).

Read more

Security Best Practices for the CCENT Certification Exam

One of the most important skills to have as a CCENT is the capability of implementing basic security practices on your Cisco devices. The following are some key points to remember about securing devices when you take the CCENT exam:

Secure Location: Be sure to locate your Cisco routers and switches in a secure location — a locked room where limited access is permitted.

Disable Ports: In high secure environments, you should disable unused ports so that unauthorized systems cannot connect to the network.

Configure Port Security: In order to control which systems can connect to the enabled ports, use port security to limit which MAC addresses can connect to which ports.

Set Passwords: Be sure to configure passwords on the console port, auxiliary port, and the vty ports. Also configure the enable secret for access to priv exec mode.

Login Command: Do not forget the login command after setting the password on the port. The login command tells the Cisco device that anyone connecting must log in and forces the prompt for a password.

Login Local Command: If you are looking to create usernames and passwords for login, then use the login local command to tell the Cisco device that you wish to authenticate persons by the usernames and password configured on the device.

Encrypt Passwords: Be sure to encrypt all passwords in the configuration with the service password-encryption command!

Banners: Be sure to configure banners that do not have the word "welcome" in the message or any other inviting phrases. You want to make sure that the banners indicate that unauthorized access is prohibited.

Secure Communication: To remotely manage the device, use SSH instead of telnet as the communication is encrypted.

Read more

Troubleshooting Commands

When problems arise on Cisco devices, there are a number of show commands you can use to help identify what the problem is. The following table lists popular show commands:

Command(s) Result
show running-config Displays the running configuration stored in VRAM.
show startup-config Displays the startup configuration stored in NVRAM.
show ip interface brief Shows a summary of the interfaces and their status.
show interfaces Displays detailed information about each interface.
show interface serial 0/0 Displays detailed information about a specific interface.
show ip route Displays the routing table.
show hosts Displays the host name table.
show controller serial0/1 Displays whether the serial interface is a DCE or DTE device.
show ip protocols Displays what routing protocols are loaded.
show cdp neighbors Displays basic information about neighboring devices such as name, type of device, and model.
show cdp neighbors detail Displays detailed information about neighboring devices such as name, type of device, model, and IP address.

Read more

Viewing Routing Information for Cisco Networking

After setting up any routing protocol that you want to implement - RIP, OSPF, or EIGRP - you can view all of your routing information through the ip route command. The following is an example of the output of this command. The output includes a legend showing the codes for each routing protocol, and the specific routes are identified by the source protocol.

Router2>enable
Password:
Router2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D    192.168.10.0/24 [90/284160] via 192.168.1.1, 00:04:19, FastEthernet0/0
O    192.168.10.0/24 [110/11] via 192.168.1.1, 00:01:01, FastEthernet0/0
R    192.168.10.0/24 [120/1] via 192.168.1.1, 00:00:07, FastEthernet0/0
C    192.168.5.0/24 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
S    192.168.3.0/24 [1/0] via 192.168.1.1

Read more

Managing Static Routing for Cisco Networking

When working with your routers on your Cisco network, it's very likely that you'll want to have your routers route data. The first step in having your router pass data from one interface to another interface is to enable routing; just use these commands.

Router1>enable
Router1#configure terminal
Router1(config)#ip routing
Whether or not you choose to use a dynamic routing protocol, you may add static routes to your router. The following will add a static route to Router1 to send data to the 192.168.5.0/24 network using the router with the IP address of 192.168.3.2.

Router1>enable
Router1#configure terminal
Router1(config)#ip routing
Router1(config)#ip route 192.168.5.0 255.255.255.0 192.168.3.2
Managing routing information protocol for Cisco networking
Routing Information Protocol (RIP) is widely used, with version 2 allowing you to use Variable Length Subnet Masks (VLSM) across your network. The following code will enable routing, enable RIP, set RIP to version 2, disable route summarization, defines the distributed network from this router as 192.168.5.0/24, and rather than broadcasting routes, it will send RIP data directly to 192.168.1.1.

Router2>enable
Router2#configure terminal
Router2(config)#ip routing
Router2(config)#router rip
Router2(config-router)#version 2
Router2(config-router)#no auto-summary
Router1(config-router)#network 192.168.5.0
Router2(config-router)#neighbor 192.168.1.1
Managing enhanced interior gateway routing protocol for Cisco networking
Enhanced Interior Gateway Routing Protocol (EIGRP) is the updated version of IGRP. The following code will enable EIGRP using an autonomous-system (AS) number of 100, distribute two networks and disables auto summary.

Router2>enable
Router2#configure terminal
Router2(config)#ip routing
Router2(config)#router eigrp 100
Router2(config-router)#network 192.168.1.0
Router2(config-router)#network 192.168.5.0
Router2(config-router)#no auto-summary
Managing open shortest path first for Cisco networking
Open Shortest Path First (OSPF) is a link state protocol which is widely used. OSPF uses the address of the loopback interface as the OSPF identifier, so this example will set the address of the loopback interface, then enable OSPF with a process ID of 100, and distributing a network of 192.168.255.254 and a network of 192.168. 5.0/24

Router2>enable
Router2#configure terminal
Router2(config)#interface loopback 0
Router2(config-if)#ip address 192.168.255.254 255.255.255.0
Router2(config-if)#exit
Router2(config)#router ospf 100
Router2(config-router)#network 192.168.255.254 0.0.0.0 area 0
Router2(config-router)#network 192.168.5.0 0.0.0.255 area 0

Read more

Working with Spanning Tree Protocol for Cisco Networking

Spanning Tree Protocol (STP) enables you to create redundant loops on your Cisco network for fault tolerance, and prevents inadvertent loops that may be created on your network from bringing the network to its knees.

The following code will enable the Cisco proprietary Rapid Per VLAN Spanning Tree Protocol (PVST) over the open standard of Multiple Spanning Tree Protocol (MSTP). In addition to configuring STP on the switch, you will also configure port 2 on the switch for portfast, which allows the port to immediately transition to forwarding mode.

Switch1> enable
Switch1# configure terminal
Switch1(config)#spanning-tree mode rapid-pvst
Switch1(config)#interface FastEthernet 0/2
Switch1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION
%Portfast will be configured in 10 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.

Read more

Using EtherChannel for Cisco Networking

Don't be afraid to use EtherChannel on your Cisco network. EtherChannel allows you to take up to eight network ports on your switch and treat them as a single larger link. This can be used to connect servers with multiple network cards that are bonded (or teamed) to a switch, or to connect multiple switches together. There are two main negotiation protocols, Port Aggregation Protocol (PAgP) which is a proprietary Cisco protocol and Link Aggregation Control Protocol (LACP) which is an open standards protocol.

To set EtherChannel to use with of the protocols you will configure it to support one of the following modes.

auto: Sets the interface to respond to PAgP negotiation packets, but the interface will start negotiations on its own.

desireable: Sets the interface to actively attempt to negotiate a PAgP connection.

on: Forces the connection to bring all links up without using a protocol to negotiate connections. This mode can only connect to another device that is also set to on. When using this mode, the switch does not negotiate the link using either PAgP or LACP.

active: Sets the interface to actively attempt to negotiate connections with other LACP devices.

passive: Sets the interface to respond to LACP data if it receives negotiation requests from other systems.

The following example will configure EtherChannel to use group ports 11 and 12 on the switch together using PAgP as the protocol. The same type of command would be used on the switch to which Switch1 is connected.

Switch1> enable
Switch1# configure terminal
Switch1(config)# interface range FastEthernet0/11 -12
Switch1(config-if-range)# switchport mode access
Switch1(config-if-range)# switchport access vlan 10
Switch1(config-if-range)# channel-group 5 mode desirable

Read more

Creating a VLAN for Cisco Networking

Creating a VLAN for Cisco Networking
When working with your Cisco network, you may want to separate users into different broadcast domains for security or traffic reduction. You can do this by implementing VLANs. The following example will create VLAN (VLAN2) and place the ports on a switch (from 1-12) into VLAN2.

Switch1>enable
Switch1#configure terminal
Switch1(config)#interface vlan 2
Switch1(config-if)#description Finance VLAN
Switch1(config-if)#exit
Switch1(config)#interface range FastEthernet 0/1 , FastEthernet 0/12
Switch1(config-if-range)#switchport mode access
Switch1(config-if-range)#switchport access vlan 2
If you are connecting two switches together, then you will want to allow all configured VLANs to pass between the two switches. This is accomplished by implementing a trunk port. To configure port 24 on your switch to be a trunk port, you will use the following code:

Switch1>enable
Switch1#configure terminal
Switch1(config)#interface FastEthernet 0/24
Switch1(config-if-range)#switchport mode trunk

Read more

How to Configure a Cisco Network

Like all networks, a Cisco network needs to be properly configured. To do so, you need to know the configuration modes to use when configuring your network. You also should know how to configure an interface, configure a switch management interface, and configure an interface to use DHCP for your Cisco network.

Configuration modes for Cisco networking
When moving around in the Cisco IOS, you will see many prompts. These prompts change as you move from one configuration mode to another. Here is a summary of the major configuration modes:

User EXEC mode: When you connect to a Cisco device the default configuration mode is user exec mode. With user exec mode you can view the settings on the device but not make any changes. You know you are in User EXEC mode because the IOS prompt displays a ">".

Privileged EXEC mode: In order to make changes to the device you must navigate to Privileged EXEC mode where you may be required to input a password. Privileged EXEC mode displays with a "#" in the prompt.

Global Configuration mode: Global Configuration mode is where you go to make global changes to the router such as the hostname. To navigate to Global Configuration mode from Privileged EXEC mode you type "configure terminal" or "conf t" where you will be placed at the "(config)#" prompt.

Sub Prompts: There are a number of different sub prompts from Global Configuration mode you can navigate to such as the interface prompts to modify settings on a specific interface, or the line prompts to modify the different ports on the device.

Configure an interface for Cisco networking
When working with routers in particular, but also when dealing the management interface on switches, you will often need to configure network interfaces which will either match physical interface ports or virtual interfaces in the form of a virtual LAN (VLAN) interface (when dealing with switches).

For your router interfaces the following example will set speed, duplex and IP configuration information for the interface FastEthernet 0/0 (notice the interface reference as slot/port). In the case of the router, the interface is enabled using the no shutdown command in the final step; interfaces on switches are enabled by default.

Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#description Private LAN
Router1(config-if)#speed 100
Router1(config-if)#duplex full
Router1(config-if)#ip address 192.168.1.1 255.255.255.0
Router1(config-if)#no shutdown
Configure a switch management interface for Cisco networking
For your switches, to enable an IP address on your management interface, you will use something similar to this example. In this example, management is being performed over VLAN 1 - the default VLAN.

Switch1>enable
Switch1#configure terminal
Switch1#interface VLAN 1
Switch1(config-if)#ip address 192.168.1.241 255.255.255.0
Configure an interface to use DHCP for Cisco networking
If you want to configure either a router or switch to retrieve its IP configuration information from a network Dynamic Host Configuration Protocol (DHCP) server, then you can commands like the following example.

Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip dhcp

Read more