CCNA-4

Manual Allocation: The administrator assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device.
Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device.
Dynamic Allocation: DHCP automatically dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or until the client tells the DHCP server that it no longer needs the address.

R1(config)# ip dhcp exclude-address 192.168.10.1 192.168.10.9
R1(config)# ip dhcp exclude-address 192.168.10.254
R1(config)# ip dhcp pool LAN-POOL-1
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default router 192.168.10.1
R1(dhcp-config)# domain-name span.com
R1(dhcp-config)# end

Configure DHCP address:

1
2
3

Eagle(config)# interface fa0/0
Eagle(config-if)# ip address dhcp
Eagle(config-if)# no shut

Configure DHCP relay:

R1# config t 
R1(config)# interface Fa0/0
R1(config-if)# ip helper-address 192.168.11.5
R1(config-if)# end

Configure Static NAT

1	R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131

Configure Dynamic NAT Overload

R2(config)#ip nat pool R2POOL 209.165.202.128 209.165.202.130 netmask 255.255.255.252
R2(config)#ip nat inside source list R2NAT pool R2POOL overload
 
 
R2(config)#interface Serial 0/1/0
R2(config-if)#ip nat outside
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip nat inside
# optional
ISP(config)#ip route 209.165.202.128 255.255.255.224 serial0/0/0

IPV6 Dual Stack Configuration:

conf t
pv6 unicast-routing
interface ethernet0
ip address 192.168.99.1 255.255.255.0
ipv6 address 2001:470:1f0b:1514::7/64

IPV6 Routing:

Router(config)# ipv6 unicast-routing
Router(config-if)# ipv6 address ipv6prefix/prefix-length eui-64
 
DNS Resolver:
ip name-server 2001:470:1f0b:1514::1

Carrier protocol:
The protocol over which the information is traveling (Frame Relay, ATM, MPLS).
Encapsulating protocol:
The protocol that is wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP).

Passenger protocol:

The protocol over which the original data was being carried (IPX, AppleTalk, IPv4, IPv6).
Data Encryption Standard (DES) algorithm – Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Symmetric and asymmetric keys are explained below.
Triple DES (3DES) algorithm – A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.
Advanced Encryption Standard (AES) – The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys.
Rivest, Shamir, and Adleman (RSA) – An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger.

Peer authentication methods:
RSA signatures
PSKs

DES – Encrypts and decrypts packet data.
3DES – Provides significant encryption strength over 56-bit DES.
AES – Provides stronger encryption, depending on the key length used, and faster throughput.
MD5 – Authenticates packet data, using a 128-bit shared secret key.
SHA-1 – Authenticates packet data, using a 160-bit shared secret key.
DH – Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel.

AH provides the following:
Authentication
Integrity

ESP provides the following:
Confidentiality
Authentication
Integrity

[Read more…]

CCNA Exploration 4 – Module 7

CCNA Exploration 4 – Module 6