Binder 1

FIRST HOP REDUNDANCY packetlife.
net
First Hop Redundancy Protocols Protocols Comparison

Hot Standby Router Protocol HSRP VRRP GLBP
Provides default gateway redundancy using one
Standard RFC 2281 RFC 3768 Cisco
active and one standby router; standardized but
licensed by Cisco Load Balancing No No Yes
Virtual Router Redundancy Protocol IPv6 Support Yes No Yes
An open-standard alternative to Cisco's HSRP, Transport UDP 1985 IP 112 UDP 3222
providing the same functionality
Default Priority 100 100 100
Gateway Load Balancing Protocol
Supports arbitrary load balancing in addition to
Default Hello 3s 1s 3s
redundancy across gateways; Cisco proprietary Multicast Group 224.0.0.2 224.0.0.18 224.0.0.102
HSRP Operation VRRP Operation GLBP Operation
HSRP Configuration HSRP/GLBP Interface States

Speak · Gateway election in progress
interface FastEthernet0/0
ip address 10.0.1.2 255.255.255.0 Active · Active router/VG
standby version {1 | 2}
standby 1 ip 10.0.1.1 Standby · Backup router/VG
standby 1 timers <hello> <dead>
standby 1 priority <priority> Listen · Not the active router/VG
standby 1 preempt
standby 1 authentication md5 key-string <password> VRRP Interface States
standby 1 track <interface> <value>
standby 1 track <object> decrement <value> Master · Acting as the virtual router
Backup · All non-master routers
VRRP Configuration
GLBP Roles
ip address 10.0.1.2 255.255.255.0 Active Virtual Gateway (AVG) · Answers for the virtual
vrrp 1 ip 10.0.1.1 router and assigns virtual MAC addresses to group members
vrrp 1 timers {advertise <hello> | learn}
vrrp 1 priority <priority> Active Virtual Forwarder (AVF) · All routers which forward
vrrp 1 preempt traffic for the group (may include the AVG)
vrrp 1 authentication md5 key-string <password>
vrrp 1 track <object> decrement <value> GLBP Load Balancing
Round-Robin (default) · The AVG answers host ARP requests
GLBP Configuration for the virtual router with the next router in the cycle
interface FastEthernet0/0 Host-Dependent · Round-robin cycling while maintaining a

ip address 10.0.1.2 255.255.255.0 consistent AVF for each host
glbp 1 ip 10.0.1.1
glbp 1 timers <hello> <dead> Weighted · GLBP weight determines the proportionate share
glbp 1 timers redirect <redirect> <time-out> of hosts handled by each AVF
glbp 1 priority <priority>
glbp 1 preempt Troubleshooting
glbp 1 forwarder preempt
glbp 1 authentication md5 key-string <password> show standby [brief] show vrrp [brief]
glbp 1 load-balancing <method>
glbp 1 weighting <weight> lower <lower> upper <upper> show glbp [brief] show track [brief]
glbp 1 weighting track <object> decrement <value>
by Jeremy Stretch v1.0

IEEE 802.11 WIRELESS · PART 1 packetlife.net
IEEE Standards
802.11a 802.11b 802.11g 802.11n (Draft)
Maximum Throughput 54 Mbps 11 Mbps 54 Mbps 300 Mbps
Frequency 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz
Modulation OFDM DSSS DSSS/OFDM OFDM
Channels (FCC/ETSI) 21/19 11/13 11/13 32/32
Ratified 1999 1999 2003 N/A
WLAN Types WLAN Components

Ad Hoc · A WLAN between isolated stations
with no central point of control; an IBSS
Infrastructure · A WLAN attached to a wired

network via an access point; a BSS or ESS
Frame Types
Type Class
Association Management
Authentication Management
Probe Management
Basic Service Area (BSA) · The physical area covered by the wireless
Beacon Management signal of a BSS
Request To Send (RTS) Control Basic Service Set (BSS) · A set of stations and/or access points which
can directly communicate via a wireless medium
Clear To Send (CTS) Control
Distribution System (DS) · The wired infrastructure connecting
Acknowledgment (ACK) Control
multiple BSSs to form an ESS
Data Data
Extended Service Set (ESS) · A set of multiple BSSs connected by a DS
Client Association which appear to wireless stations as a single BSS
Independent BSS (IBSS) · An isolated BSS with no connection to a DS;
an ad hoc WLAN
Measuring RF Signal Strength

Decibel (dB) · An expression of signal strength as compared to a
reference signal; calculated as 10log10(signal/reference)
dBm · Signal strength compared to a 1 milliwatt signal
dBw · Signal strength compared to a 1 watt signal

dBi · Compares forward antenna gain to that of an isotropic antenna
Modulations
Scheme Modulation Throughput Terminology
DBPSK 1 Mbps Basic Service Set Identifier (BSSID) · A MAC address (typically
belonging to an AP) which serves to uniquely identify a BSS
DSSS DQPSK 2 Mbps
Service Set Identifier (SSID) · A human-friendly text string which
CCK 5.5, 11 Mbps identifies a BSS (up to 32 characters in length)
BPSK 6, 9 Mbps Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) ·
QPSK 12, 18 Mbps The mechanism which facilitates efficient communication across a shared
OFDM wireless medium (provided by DCF or PCF)
16-QAM 24, 36 Mbps
Effective Isotropic Radiated Power (EIRP) · An expression of net
64-QAM 48, 54 Mbps signal strength (transmitter power + antenna gain - cable loss)

IEEE 802.11 WIRELESS · PART 2 packetlife.net
Distributed Coordination Function
Interframe Spacing Client Authentication

Short IFS (SIFS) · Used to provide minimal spacing delay Open · No authentication is used
between control frames or data fragments
Preshared Encryption Keys · Keys must be manually
DCF IFS (DIFS) · Normal spacing enforced under DCF for entered into clients and access points before a secure
management and nonfragment data frames connection can be established
Arbitrated IFS (AIFS) · Variable spacing calculated to Lightweight EAP (LEAP) · Deprecated Cisco- proprietary
accomodate differing qualities of service (QoS) EAP method introduced to provide dynamic keying for
WEP
Extended IFS (EIFS) · Extended delay imposed after
detecting errors in a received frame EAP-TLS · Employs Transport Layer Security (TLS); PKI
certificates are required on the AP and clients to provide
Encryption Schemes mutual authentication
Wired Equivalent Privacy (WEP) · Deprecated encryption EAP-TTLS · Clients authenticate the AP with its cert, then
mechanism which employs a flawed RC4 implementation and a form a secure tunnel inside which the client authentication
40- or 104-bit preshared encryption key takes place; removes the requirement for a PKI cert on the
Wi-Fi Protected Access (WPA) · A temporary fix for the client
flaws in WEP; implements an improved RC4-based encryption Protected EAP (PEAP) · A proposal by Cisco, Microsoft,
called Temporal Key Integirty Protocol (TKIP) which can and RSA which forms a secure tunnel like EAP-TTLS and
operate on WEP-capable hardware does not require a cert on the client
IEEE 802.11i (WPA2) · IEEE standard developed to replace EAP-FAST · Developed by Cisco to replace LEAP;
WPA; requires a new generation of hardware to implement establishes a secure tunnel using a Protected Access
significantly stronger AES-based CCMP encryption Credential (PAC) in the absence of PKI certs
Quality of Service Markings RF Signal Interference

WMM 802.11e 802.1p Reflection Scattering Absorption
7 6
Platinum
6 5
5 4
Gold
4 3
Refraction Diffraction
3
Silver 0
0
2 2
Bronze
1 1
Wi-Fi Multimedia (WMM) · A Wi-Fi Alliance
Antenna Types
certification for QoS; a subset of 802.11e
Directional · Radiates power in one or several focused directions
802.11e · Official IEEE WLAN QoS standard ratified
in 2005; replaces WMM Omnidirectional · Radiates power uniformly across a plane
802.1p · QoS markings in the 802.1Q header on Isotropic · A theoretical antenna referenced when measuring
wired Ethernet LANs shown for comparison effective radiated power

IEEE 802.1X packetlife.net
802.1X Header Terminology

Extensible Authentication Protocol (EAP) · A flexible
authentication framework defined in RFC 3748
EAP Over LANs (EAPOL) · The encapsulation used by 802.1X
EAP Header to carry EAP across a layer two segment
Supplicant · The device on one end of a link that requests

authentication by the authenticator
Authenticator · The device that controls the status of a link;
EAP Flow Chart
typically a wired switch or wireless access point
Authentication Server · A backend server which

authenticates the credentials provided by supplicants (for
example, a RADIUS server)
Guest VLAN · Fallback VLAN for clients not 802.1X-capable
Restricted VLAN · Fallback VLAN for clients which fail

authentication
802.1X Packet Types EAP Codes

0 EAP Packet 1 Request
1 EAPOL-Start 2 Response
2 EAPOL-Logoff 3 Success
3 EAPOL-Key 4 Failure
4 EAPOL-Encap-ASF-Alert EAP Req/Resp Types
Interface Defaults 1 Identity
Max Auth Requests 2 2 Notification
Reauthentication Off 3 Nak
Configuration
Quiet Period 60s 4 MD5 Challenge
Global Configuration
Reauth Period 3600s 5 One Time Password
! Define a RADIUS server
radius-server host 10.0.0.100
Server Timeout 30s 6 Generic Token Card
radius-server key MyRadiusKey Supplicant Timeout 30s 254 Expanded Types
! Configure 802.1X to authenticate via AAA
aaa new-model Tx Period 30s 255 Experimental
aaa authentication dot1x default group radius
! Enable 802.1X authentication globally Port-Control Options
dot1x system-auth-control
force-authorized · Port will always remain in authorized state
Interface Configuration (default setting)
! Configure static access mode force-unauthorized · Port will always remain in unauthorized
switchport mode access state, ignoring authentication attempts
! Enable 802.1X authentication per port
dot1x port-control auto auto · Port is authorized only in the presence of a successfully
! Configure host mode (single or multi) authenticated supplicant
dot1x host-mode single-host
! Configure maximum authentication attempts
dot1x max-reauth-req Troubleshooting
! Enable periodic reauthentication
show dot1x [interface <interface>]
dot1x reauthentication
! Configure a guest VLAN show dot1x statistics interface <interface>
dot1x guest-vlan 123
! Configure a restricted VLAN dot1x test eapol-capable [interface <interface>]
dot1x auth-fail vlan 456
dot1x auth-fail max-attempts 3 dot1x re-authenticate interface <interface>

IPV4 MULTICAST packetlife.net
Layer 2 Addressing Ranges

224.0.0.0/24 Local network control
224.0.1.0/24 Internetwork control
232.0.0.0/8 Source-specific
233.0.0.0/8 GLOP (RFC 3180)
239.0.0.0/8 Admin-scoped
Bits 1-24 Multicast OUI of 01-00-5E
Common Groups
Bit 25 Always set to zero
224.0.0.1 All hosts
Bits 26-48 Carried over from lower 23 bits of IP address
224.0.0.2 All routers
Terminology 224.0.1.39 Cisco RP Announce
Reverse Path Forwarding (RPF) · Verifies that multicast traffic travels in the 224.0.1.40 Cisco RP Discovery
reverse direction of unicast traffic, away from the tree root
Internet Group Management Protocol (IGMP) · End hosts issue IGMP
Distribution Trees
requests to local routers to join multicast groups Shared · A common, static set of links
which carry all multicast traffic;
Cisco Group Management Protocol (CGMP) · A proprietary protocol used by
administratively constructed
switches to obtain multicast membership information for end hosts
Source-Rooted · Provide the shortest
IGMP Configuration paths from the source to receivers
IGMP Support Router(config-if)# ip igmp [version {1|2|3}]
IGMP
IGMP Snooping Switch(config)# ip igmp snooping
IGMPv1 · End hosts send requests to
Protocol Independent Multicast local routers to receive multicast traffic
for a particular group
Dense Mode · The initial tree encompasses all multicast routers; after a period
of time, routers without IGMP members prune back branches IGMPv2 · Adds support for dynamic
leave requests and querier election
Sparse Mode · The tree is grown from a central rendevous point out to the
multicast source and recipients IGMPv3 · Adds multicast source filtering
capability
Sparse-Dense Mode · Allows a PIM-enabled interface to function in either
sparse or dense mode per group IGMP Snooping · A switch passively
inspects IGMP requests to determine
PIMv1 · Provides automatic RP discovery with Auto-RP (Cisco proprietary) which hosts should receive layer two
PIMv2 · Automatic RP discovery is accomplished by the bootstrap router multicast traffic
method (standards based)
IGMP Troubleshooting
PIM Configuration show ip igmp
ip multicast-routing show ip igmp group

!
show ip igmp interface
ip pim {sparse-mode | dense-mode | sparse-dense-mode } show ip igmp snooping
ip pim version {1 | 2}
ip igmp join-group
RP Configuration
PIM Troubleshooting
Manual ip pim rp-address <IP>
show ip mroute
Auto-RP Mapping Agent ip pim send-rp-discovery scope <TTL>
show ip pim interface
Auto-RP Candidate ip pim send-rp-announce <interface>
show ip pim neighbor
BSR Candidate ip pim bsr-candidate <interface>
show ip pim rp [mapping]
BSR RP Candidate ip pim rp-candidate <interface>
show ip rpf <IP>

IPV6 packetlife.net
Protocol Header Address Notation
Step 1 · Eliminate all leading zeros
Step 2 · Replace up to one set of consecutive zeros with a

double-colon
Address Formats
Global unicast
Link-local unicast
Version (4 bits) · Always set to 6
Traffic Class (8 bits) · A DSCP value for QoS
Flow Label (20 bits) · Identifies unique flows (optional)
Multicast
Payload Length (16 bits) · Length of the payload in bytes
Next Header (8 bits) · Header or protocol which follows
Hop Limit (8 bits) · Functions as IPv4's time to live field
Source Address (128 bits) · Source IP address EUI-64 Formation
Destination Address (128 bits) · Destination IP address
Address Types
Unicast · One-to-one communication
Multicast · One-to-many communication Step 1 · Insert 0xfffe between the two halves of the MAC
Anycast · An address configured in multiple locations Step 2 · Flip the seventh bit (universal/local flag) to 1
Special-Use Ranges Extension Headers

::/0 Default route Hop-by-hop Options (0) · Carries additional information which must be
examined by every router in the path
::/128 Unspecified
Routing (43) · Provides source routing functionality
::1/128 Loopback
Fragment (44) · Included when a packet has been fragmented by its source
::/96 IPv4-compatible*
Encapsulating Security Payload (50) · Provides payload encryption (IPsec)
::FFFF:0:0/96 IPv4-mapped
Authentication Header (51) · Provides packet authentication (IPsec)
2001::/32 Teredo
Destination Options (60) · Carries additional information which pertains only to
2001:DB8::/32 Documentation
the recipient
2002::/16 6to4
Transition Methods
FC00::/7 Unique local
Dual Stack · Running IPv4 and IPv6 on all devices simultaneously
FE80::/10 Link-local unicast
Tunneling · IPv6 packets are encapsulated into IPv4 using IPv6-in-IP, UDP
FEC0::/10 Site-local unicast* (Teredo), or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
FF00::/8 Multicast Translation · Stateless IP/ICMP Translation (SIIT) translates IP header fields and
* Deprecated NAT Protocol Translation (NAT-PT) maps between IPv6 and IPv4 addresses

IPSEC packetlife.net
Protocols Encryption Algorithms

Internet Security Association and Key Management Protocol Type Key Strength
(ISAKMP) · A framework for the negotiation and management of
DES Symmetric 56-bit Weak
security associations between peers; traverses UDP port 500
3DES Symmetric 168-bit Medium
Internet Key Exchange (IKE) · Responsible for key agreement using
public key cryptography AES Symmetric 128, 192, or Strong
256-bit
Encapsulating Security Payload (ESP) · Provides data encryption,
data integrity, and peer authentication; IP protocol 50 RSA Asymmetric 1024-bit Strong
minimum
Authentication Header (AH) · Provides data integrity and peer
authentication, but not data encryption; IP protocol 51
Hashing Algorithms
IPsec Modes Length Strength
MD5 128-bit Medium
SHA-1 160-bit Strong
IKE Phases
Phase 1 · A bidirectional ISAKMP SA is
established between peers to provide a secure
management channel; IKE is performed in main
mode or agressive mode
Transport Mode · The ESP or AH header is inserted behind the IP Phase 1.5 (optional) · Xauth can optionally be
implemented to enforce user authentication
header; the IP header can be authenticated but not encrypted
Phase 2 · Two unidirectional IPsec SAs are
Tunnel Mode · A new IP header is created in place of the original; this
established for data transfer using separate
allows for encryption of the entire original packet
keys; IKE quick mode is used
Configuration Terminology
ISAKMP Policy Data Integrity · Secure hashing (HMAC) is used to ensure
data has not been altered in transit
crypto isakmp policy 10
encryption aes 256 Data Confidentiality · Encryption is used to ensure data
hash sha cannot be intercepted by a third party
authentication pre-share
group 2 Data Origin Authentication · Peer authentication
lifetime 3600
Anti-replay · Sequence numbers are used to detect and
ISAKMP Pre-Shared Secret Key block duplicate packets
crypto isakmp key 0 MySecretKey address 10.0.0.2 Hash-based Message Authentication Code (HMAC) · A
hash of the data and secret key used to provide message
IPsec Transform Set authenticity
crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac Diffie-Hellman · A method of establishing a shared secret
mode tunnel
key over an insecure path using public and private keys
IPsec Profile
Troubleshooting
crypto ipsec profile MyProfile
set transform-set MyTS
show crypto isakmp sa
show crypto isakmp policy
Virtual Tunnel Interface
show crypto ipsec sa
interface Tunnel0
ip address 172.16.0.1 255.255.255.252 show crypto ipsec transform-set
tunnel source 10.0.0.1
tunnel destination 10.0.0.2 debug crypto isakmp
tunnel mode ipsec ipv4
tunnel protection ipsec profile MyProfile debug crypto ipsec

QUALITY OF SERVICE · PART 1 packetlife.net
Quality of Service Models IP Type of Service (TOS)

Best Effort · No QoS policies are implemented
Integrated Services (IntServ) · Resource Reservation Protocol (RSVP) is used to

reserve bandwidth per flow across all nodes in a path
Differentiated Services (DiffServ) · Packets are individually classified and marked;
policy decisions are made independently at each node in a path
Layer 2 QoS Markings

Medium Name Type Precedence Values
Ethernet Class of Service (CoS) 3-bit 802.1p field in 802.1Q header Binary Application
Frame Relay Discard Eligibility (DE) 1-bit drop eligibility flag 7 111 Reserved
ATM Cell Loss Priority (CLP) 1-bit drop eligibility flag 6 110 Routing
MPLS Experimental Field (EXP) 3-bit field compatible with 802.1p 5 101 Voice
4 100 Streaming Video
IP QoS Markings
3 011 Call Signaling
Precedence · The first three bits of the IP TOS field are evaluated; compatible with
Ethernet CoS and MPLS EXP values 2 010 Transactional
DSCP · The first six bits of the IP TOS are evaluated to provide more granular 1 001 Bulk Data
classification; backward-compatible with IP Precedence 0 000 Best Effort
QoS Flowchart DSCP Values
Binary Prec. DSCP
56 111000 7 Reserved
48 110000 6 Reserved
46 101110 5 EF
32 100000 CS4
34 100010 AF41
Terminology 4
36 100100 AF42
Per-Hop Behavior (PHB) · The individual QoS action performed at each DiffServ
38 100110 AF43
node according to its configured policy
24 011000 CS3
Trust Boundary · The perimeter beyond which QoS markings are not trusted
26 011010 AF31
Tail Drop · Occurs when a packet is dropped because its queue is full 3
28 011100 AF32
Policing · Creates an artificial ceiling on the amount of bandwidth that may be
consumed; traffic exceeding the cap and be remarked or dropped 30 011110 AF33
Shaping · Similar to policing but buffers excess traffic for delayed transmission; 16 010000 CS2
makes more efficient use of bandwidth but introduces a delay
18 010010 AF21
TCP Synchronization · Flows adjust window sizes in synch, wasting bandwidth 2
20 010100 AF22
Per-Hop Behaviors Congestion Avoidance 22 010110 AF23
Class Selector (CS) · Backward- Random Early Detection (RED) · 8 001000 CS1
compatible with IP Precedence values Packets are randomly dropped before a
10 001010 AF11
queue is full to prevent tail drop; 1
Assured Forwarding (AF) · Four classes
mitigates TCP synchronization 12 001100 AF12
with variable drop preferences
Weighted RED (WRED) · RED with the 14 001110 AF13
Expedited Forwarding (EF) · Provides
added capability of recognizing
priority queuing for delay-sensitive traffic 0 000000 0 BE
prioritized traffic by its marking

QUALITY OF SERVICE · PART 2 packetlife.net
Queuing Comparison Chart

FIFO PQ CQ WFQ CBWFQ LLQ
Default on interfaces >2 Mbps No No <=2 Mbps No No
Number of queues 1 4 Configured Dynamic Configured Configured
Configurable classes No Yes Yes No Yes Yes
Bandwidth allocation Automatic Automatic Configured Automatic Configured Configured
Provides for minimal delay No Yes No No No Yes
Modern implementation Yes No No No Yes Yes
First In First Out (FIFO) Priority Queuing (PQ) LLQ Configuration Example
! *** Class definitions ***

class-map match-all Voice
! Matches packets by DSCP value
match dscp ef
!
class-map match-all Call-Signaling
match dscp cs3
» Packets are transmitted in the order !
they are processed class-map match-any Critical-Apps
» Provides four static queues which match dscp af21 af22
» No prioritization is provided cannot be reconfigured ! Matches packets by access list
match access-group name Mgmt_LAN
» Default queuing method on high- » Higher-priority queues are always !
speed (>2 Mbps) interfaces emptied before lower-priority queues class-map match-all Scavenger
match dscp cs1
» Configurable with the tx-ring-limit » Lower-priority queues are at risk of !
interface configuration command bandwidth starvation ! *** Policy creation ***
policy-map Foo
class Voice
Custom Queuing (CQ) Weighted Fair Queuing (WFQ) ! Priority queue policed to 33%
priority percent 33
class Call-Signaling
! Allocate 5% of bandwidth
bandwidth percent 5
class Critical-Apps
bandwidth percent 20
! Extend queue size to 96 packets
» Rotates through queues using queue-limit 96
» Queues are dynamically created per class Scavenger
Weighted Round Robin (WRR) ! Police to 64 kbps
flow to ensure fair processing
» A configurable number of bytes is police cir 64000
» Statistically drops packets from conform-action transmit
processed from each queue per turn exceed-action drop
agressive flows more often
» Prevents queue starvation but does class class-default
» No support for delay-sensitive traffic ! Enable WFQ
not support delay-sensitive traffic fair-queue
! Enable WRED
Class-Based WFQ (CBWFQ) Low Latency Queuing (LLQ) random-detect
!
! *** Policy Application ***
interface Serial0
service-policy Foo
Troubleshooting
» Provides the benefits of WFQ with show policy-map
administratively configured queues
show interface
» CBWFQ with the addition of a policed
» Each queue is allocated an amount or strict priority queue show queue <interface>
percentage of bandwidth
» Highly configurable while still show mls qos
» No support for delay-sensitive traffic supporting delay-sensitive traffic

THE QoS BASELINE
AT–A–GLANCE
The QoS Baseline is a strategic document designed to unify
L3 Classification Referencing
QoS within Cisco. The QoS Baseline provides uniform, Application Recommended Configuration
PHB DSCP Standard
standards-based recommendations to help ensure that QoS
products, designs, and deployments are unified and consistent. IP Routing CS6 48 RFC 2474-4.2.2 Rate-Based Queuing + RED
Voice EF 46 RFC 3246 RSVP Admission Control + Priority Queuing
The QoS Baseline defines up to 11 classes of traffic that may Interactive-Video AF41 34 RFC 2597 RSVP + Rate-Based Queuing + DSCP-WRED
be viewed as critical to a given enterprise. A summary of
these classes and their respective standards-based markings Streaming Video CS4 32 RFC 2474-4.2.2 RSVP + Rate-Based Queuing + RED
and recommended QoS configurations are shown below. Mission-Critical AF31 26 RFC 2597 Rate-Based Queuing + DSCP-WRED
Call-Signaling CS3 24 RFC 2474-4.2.2 Rate-Based Queuing + RED
Interactive-Video refers to IP Video-Conferencing; Streaming
Transactional Data AF21 18 RFC 2597 Rate-Based Queuing + DSCP-WRED
Video is either unicast or multicast uni-directional video; Voice
refers to VoIP bearer traffic only (and does not include Network Mgmt CS2 16 RFC 2474-4.2.2 Rate-Based Queuing + RED
Call-Signaling traffic). Bulk Data AF11 10 RFC 2597 Rate-Based Queuing + DSCP-WRED
Scavenger CS1 8 Internet 2 No BW Guarantee + RED
The (Locally-Defined) Mission-Critical class is intended for
a subset of Transactional Data applications that contribute Best Effort 0 0 RFC 2474-4.1 BW Guarantee Rate-Based Queuing + RED
most significantly to the business objectives (this is a non-
technical assessment). In Cisco IOS Software , rate-based queuing translates to QoS Baseline
5 Class Model 8 Class Model
CBWFQ; priority queuing is LLQ.DSCP-Based WRED Model
The Transactional Data class is intended for foreground, (based on RFC 2597) drops AFx3 before AFx2, and in turn
drops AFx2 before AFx1. RSVP Voice Voice
user-interactive applications such as database access,
transaction services, interactive messaging, and preferred is recommended (whenever supported) for Voice and/or Realtime
Interactive-Video
data services. Interactive-Video admission control Video
Streaming Video
The Bulk Data class is intended for background, non- Cisco products that support QoS features will use these Call Signaling Call Signaling Call Signaling
interactive traffic flows, such as large file transfers, content QoS Baseline recommendations for marking, scheduling,
and admission control. IP Routing
distribution, database synchronization, backup operations, Network Control
and email. Network Mgmt
The Scavenger class is based on an Internet 2 draft that
Critical Data Mission-Critical
The IP Routing class is intended for IP Routing protocols, defines a “less-than-Best Effort” service. In the event of link Critical Data
such as Border Gateway Protocol (BGP), Open Shortest congestion, this class will be dropped the most aggressively. Transactional
Path First (OSPF), and etc.
The Best Effort class is also the default class. Unless an Bulk Data Bulk Data
The Call-Signaling class is intended for voice and/or video application has been assigned for preferential/deferential
signaling traffic, such as Skinny, SIP, H.323, etc. service, it will remain in this default class. Most enterprises Best Effort Best Effort Best Effort
have hundreds—if not thousands—of applications on their
The Network Management class is intended for network networks; the majority of which will remain in the Best
Scavenger Scavenger Scavenger
management protocols, such as SNMP, Syslog, DNS, etc. Effort service class.
Standards-based marking recommendations allow for better The QoS Baseline recommendations are intended as a Copyright © 2005 Cisco Systems, Inc. All rightsTimereserved. Cisco, Cisco IOS, Cisco
Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc.
integration with service-provider offerings as well as other standards-based guideline for customers-not as a mandate.
and/or its affiliates in the U.S. and certain other countries.
internetworking scenarios. Customers do not have to deploy all 11 traffic classes, but
All other trademarks mentioned in this document or Web site are the property of their
may start with simple QoS models and expand over time as respective owners. The use of the word partner does not imply a partnership relationship
business needs arise, as shown in the diagram to the right. between Cisco and any other company. (0502R) 204170.l_ETMG_AE_4.05
Quality of Service reference card JOHN CORDIER ACADEMY
QUALITY OF SERVICE MODELS CLASSIFICATION AND MARKING AT THE NETWORK LAYER
ISL (Cisco Proprietary)
IPv4
ISL Header Encapsulated Frame 1...24.5 KBytes FCS
DiffServ IntServ 26 bytes 4 bytes
Best Version Header TOS 1 byte Total length
Hard QoS or Length
Soft QoS or Differentiated Integrated Service 2 bits used for CoS Identification Flags Fragment offset
Effort Service (or Guaranteed Service)
RSVP TTL Protocol Header checksum
DA Type User SA LEN AAAA03 HSA VLAN BPDU INDEX RES
Source Address
This reference card is about Differentiated Service
User Code Meaning Destination Address
XX00 Normal Priority Options and Padding
XX01 Priority 1
QUALITY OF SERVICE MECHANISMS XX10 Priority 2 Data
XX11 Highest Priority
• Classification IPv6
• Marking
• Congestion Management MPLS
Version Traffic Class 1 byte Flow label
• Congestion Avoidance
• Policing and Shaping Frame MPLS Header IP Payload Payload Length Next Header Hop Limit
• Link Efficiency Mechanisms Header 32 bits Header
3 bits used for CoS Source Address
CLASSIFICATION AND MARKING AT THE DATA LINK LAYER
Label EXP S TTL
Priority at the Layer 2 is called Class of Service (CoS).
Depending on the protocol run at the data link layer, respectively
1 (Frame Relay, ATM), 2 (ISL) or 3 (IEEE 802.1 p/Q, MPLS) bits Destination Address
are used in order to prioritize the traffic.
Frame Relay
Following table shows a possible baseline when 3 bits are used.
Flag Frame Relay Header Information FCS Flag Extension Header Info
Class of Service CoS Value Baseline 2 bytes Data
CoS 7 111
1 bit used for CoS - ToS Byte (IPv4) / Traffic Class (IPv6) : IP precedence
CoS 6 110
CoS 5 101 Voice Bearer DLCI C/R EA DLCI FECN BECN DE EA TOS Byte (IPv4)
CoS 4 100 Videoconference Traffic Class (IPv6)
Frame Relay DE (Discard Eligible) bit IP
CoS 3 011 Call-Signalling 0= high priority frame Precedence
1= low priority frame (increased drop probability)
CoS 2 010 High-Priority Data b7 b6 b5 b4 b3 b2 b1 b0
CoS 1 001 Medium-Priority Data
ATM IP Precedence Value Description Baseline
CoS 0 000 Best Effort
111 Network (reserved)
ATM Header Payload
IEEE 802.1p/Q 5 bytes 48 bytes 110 Internet (reserved)
ATM UNI 101 Critical Voice Bearer
Pream. SFD DA SA TPID TCI T/L Data FCS
GFC VPI VCI PT CLP HEC
2 bytes 2 bytes 100 Flash-override Videoconference
1 bit used for CoS 011 Flash Call-Signalling
3 bits used ATM NNI
for CoS VPI VCI PT CLP HEC 010 Immediate High-Priority Data
(802.1p user
priorIty) PRI CFI VLAN ID ATM CLP (Cell Loss Priority) bit 001 Priority Medium-Priority Data
0= high priority cell
3 bits 1 bit 12 bits 1= low priority cell (increased drop probability) 000 Routine Best Effort
QOS BASELINE
- ToS Byte (IPv4) / Traffic Class (IPv6) : DSCP Application L3 Classification JOHN CORDIER ACADEMY
PHB DSCP www.jcacademy.com
TOS Byte (IPv4)
Traffic Class (IPv6) IP Routing CS6 48
IP
Precedence
Voice EF 46
Quality of
Flow
DSCP control
b7 b6 b5 b4 b3 b2 b1 b0 PHB
DCSP Value
(decimal)
TOS Value
(decimal)
Drop
Probability Interactive-Video AF41 34
Best Effort 0 0 0 0 0 0 0 0 Default 0 0
Streaming-Video CS4 32
service
0 0 1 0 0 0 0 0 CS1 8 32
0 1 0 0 0 0 0 0 CS2 16 64 Mission-Critical Data AF31 26
Class Selector
(Backward 0 1 1 0 0 0 0 0 CS3 24 96
Compatibility
with IP 1 0 0 0 0 0 0 0 CS4 32 128 Call-Signaling CS3 24 reference card© v.2.0
Precedence)
1 0 1 0 0 0 0 0 CS5 40 160
Transactional Data AF21 28
1 1 0 0 0 0 0 0 CS6 48 192
1 1 1 0 0 0 0 0 CS7 56 224 Network-Management CS2 16
0 0 1 0 1 0 0 0 AF11 10 40 Low
Bulk Data AF11 10
0 0 1 1 0 0 0 0 AF12 12 48 Medium
Assured
Forwarding 0 0 1 1 1 0 0 0 AF13 14 56 High Scavenger CS1 8
0 1 0 0 1 0 0 0 AF21 18 72 Low
0 1 0 1 0 0 0 0 AF22 20 80 Medium Best-Effort 0 0
0 1 0 1 1 0 0 0 AF23 22 88 High
0 1 1 0 1 0 0 0 AF31 26 104 Low REFERENCES
0 1 1 1 0 0 0 0 AF32 28 112 Medium
Intserv
0 1 1 1 1 0 0 0 AF33 30 120 High
• RFC 2212: Specification of Guaranteed Quality of Service,
1 0 0 0 1 0 0 0 AF41 34 136 Low see www.ietf.org/rfc/rfc2212.txt
• RFC 2211: Specification of the Controlled-Load Network Element Service,
1 0 0 1 0 0 0 0 AF42 36 144 Medium
see www.ietf.org/rfc/rfc2211.txt
1 0 0 1 1 0 0 0 AF43 38 152 High
ToS Byte / Traffic Class
Expedited Forwarding 1 0 1 1 1 0 0 0 EF 46 184
• RFC 791: Internet Protocol Darpa Internet Program Protocol Specification,
• RFC 1349: Type of Service in the Internet Protocol Suite,
ECN: Explicit Congestion Noticication • RFC 2474: Definition of the Differentiated Services Field (DS Field) in
the IPv4 and IPv6 Headers,
x x x x x x 0 0 Non ECN-Capable see www.ietf.org/rfc/rfc2474.txt
x x x x x x 0 1 ECN-Capable Transport (ECT 1) DiffServ
x x x x x x 1 0 ECN-Capable Transport (ECT 0)
• RFC 3246 (previously RFC2598): An Expedited Forwarding PHB (Per-
x x x x x x 1 1 Congestion Experienced (CE) Hop Behavior),
• RFC 2597: Assured Forwarding PHB Group,
• RFC 3168: The Addition of Explicit Congestion Notification (ECN) to IP,
SPANNING TREE · PART 1 packetlife.net
Spanning Tree Protocols

Legacy STP PVST PVST+ RSTP RPVST+ MST
Algorithm Legacy ST Legacy ST Legacy ST Rapid ST Rapid ST Rapid ST
Definition 802.1D-1998 Cisco Cisco 802.1w, Cisco 802.1s,
802.1D-2004 802.1Q-2003
Instances One Per VLAN Per VLAN One Per VLAN Configurable
Trunking N/A ISL 802.1Q, ISL N/A 802.1Q, ISL 802.1Q, ISL
Spanning Tree Instance Comparison
BPDU Format Spanning Tree Specifications Link Costs

Field Bits Bandwidth Cost
Protocol ID 16 4 Mbps 250
Version 8 10 Mbps 100
BPDU Type 8 16 Mbps 62
Flags 8 45 Mbps 39
Root ID 64 100 Mbps 19
Root Path Cost 32 155 Mbps 14
Bridge ID 64 Open Standards 622 Mbps 6
Port ID 16 IEEE 802.1D-1998 · Deprecated legacy STP standard 1 Gbps 4
Message Age 16 IEEE 802.1w · Introduced Rapid STP (RSTP) 10 Gbps 2
Max Age 16 IEEE 802.1D-2004 · Replaced legacy STP with RSTP Port States
Hello Time 16 IEEE 802.1s · Introduced Multiple Spanning Tree (MST) Legacy ST Rapid ST
Forward Delay 16 IEEE 802.1Q-2003 · Added MST to 802.1Q Disabled Discarding
Default Timers Cisco Proprietary Implementations Blocking Discarding
Hello 2s PVST · Per-VLAN implementation of legacy STP Listening Discarding
Forward Delay 15s PVST+ · Added 802.1Q trunking to PVST Learning Learning
Max Age 20s RPVST+ · Per-VLAN implementation of RSTP Forwarding Forwarding
Spanning Tree Operation Port Roles

1 Determine root bridge The bridge advertising the lowest bridge ID becomes Legacy ST Rapid ST
the root bridge
Root Root
2 Select root port Each bridge selects its primary port facing the root
Designated Designated
3 Select designated ports One designated port is selected per segment
Blocking Alternate
4 Block ports with loops All non-root and non-desginated ports are blocked
Blocking Backup

SPANNING TREE · PART 2 packetlife.net
PVST+ and RPVST+ Configuration Bridge ID Format
! Set STP type

spanning-tree mode {pvst | rapid-pvst}
! Bridge priority
spanning-tree vlan 1-4094 priority 32768 Priority · 4-bit configurable priority (configurable from 0 to 61440
in increments of 4096)
! Timers, in seconds
spanning-tree vlan 1-4094 hello-time 2 System ID Extension · 12-bit value taken from VLAN number
spanning-tree vlan 1-4094 forward-time 15
MAC Address · 48-bit value to ensure uniqueness
spanning-tree vlan 1-4094 max-age 20
! Enabling PortFast by default Path Selection

spanning-tree portfast default
1 Prefer the neighbor advertising the lowest root ID
! PVST+ Enhancements
2 Prefer the neighbor advertising the lowest cost to root
spanning-tree backbonefast
spanning-tree uplinkfast 3 Prefer the neighbor with the lowest bridge ID
! Interface attributes 4 Prefer the lowest sender port ID
spanning-tree [vlan 1-4094] port-priority 128 Optional PVST+ Ehancements
spanning-tree [vlan 1-4094] cost 19
PortFast Enables immediate transition into the
! Manual link type specification forwarding state on edge ports
spanning-tree link-type {point-to-point | shared}
UplinkFast Enables access switches to maintain backup
! Enables spanning tree if running PVST+, or paths to root
! designates an edge port under RPVST+
spanning-tree portfast BackboneFast Enables immediate expiration of the Max Age
timer on an indirect link failure
! Spanning tree protection
spanning-tree guard {loop | root | none}
Spanning Tree Protection
! Per-interface toggling Root Guard Prevents a port from becoming the root port
spanning-tree bpduguard enable
spanning-tree bpdufilter enable BPDU Guard Error disables a port if a BPDU is received
Loop Guard Prevents a blocked port from transitioning to
MST Configuration listening after the Max Age timer has expired
! Set STP type BPDU Filter Blocks BPDUs on an interface

spanning-tree mode mst
RSTP Link Types
! MST Configuration
spanning-tree mst configuration Point-to-Point Connects to exactly one other bridge (a full
name MyTree duplex interface)
revision 1
Shared Potentially connects to multiple bridges (a half
! Map VLANs to instances duplex interface)
instance 1 vlan 20, 30
instance 2 vlan 40, 50 Edge Connects to a single host; designated by
applying PortFast
! Bridge priority (per instance)
spanning-tree mst 1 priority 32768
Troubleshooting
! Timers, in seconds show spanning-tree [summary | detail]
spanning-tree mst hello-time 2
spanning-tree mst forward-time 15 show spanning-tree root
spanning-tree mst max-age 20
show spanning-tree vlan <VLAN>
! Maximum hops for BPDUs
spanning-tree mst max-hops 20
show spanning-tree interface <interface>
show spanning-tree mst [<instance>] [detail]
! Interface attributes
interface FastEthernet0/1 show spanning-tree mst configuration
spanning-tree mst 1 port-priority 128
spanning-tree mst 1 cost 19 show spanning-tree mst interface <interface>

JOHN CORDIER ACADEMY
TCP/IP (IPv4) reference card
��
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Version IHL Service Total length

DOD OSI
Identification Flags Fragment offset
Protocol:
TTL Protocol Header checksum
1 ICMP
Application Layer Source Address 2 IGMP
Destination Address 6 TCP
8 EGP
SMTP
Other
HTTP
DNS
FTP
Application Layer Presentation Layer Options and Padding 9 IGRP

17 UDP
46 RSVP
Session Layer Data 88 EIGRP
89 OSPF
TCP UDP Other Host-to-host Layer Transport Layer Version: IP version number (4 bits) Fragm. Offset: Fragmentation offset field (13 bits)
IHL: Internet header length (4bits) TTL: Time to live field (1 byte)
IP Internet Layer Network Layer Service: Type of service flags (1 byte) Protocol: Protocol identifier field, identifies the
Precedence (=absolute priority) (3 bits) next higher layer protocol (1 byte)
Minimize delay (1 bit) Header Checksum: Checksum field (2 bytes)
Network Access Network Access Datalink Layer Maximize throughput (1 bit) Source Address: IP address of the source host
Layer Layer Maximize reliability (1 bit) (4 bytes)
Minimize monetary cost (1 bit) Destination Address: IP address of the destination
Physical Layer Reserved for future use (1 bit) host (4 bytes)
Total length: Total length of IP datagram (2 byte) Options and Padding: (Variable length)
Identification: Unique packet identifier, used to identify Options: Strict source route
the fragments of the datagram (2 bytes) Loose source route
Flags: Fragmentation flags, indicates if datagram Record route
can be fragmented, and if a particular Timestamp
packet is the last in the series of the Security
fragments (3 bits)
��
32 bits 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Source port Destination port

10111110 10101100 00100001 00000011 Sequence number
Acknowledgement number
Offset Reserved U A P R S F Window size
190 . 172 . 33 . 3 Checksum Urgent pointer
Options and Padding
Netnumber Host number
Data
IP Address Classes Source port: Number of the port that initiates the session (2 bytes)
Destination port: Number of the port for which the the transmision
Netnumber Host number is destined (2 bytes)
Sequence Number: Used to reconstruct the fragmented data out of
0-126 A 0 the segments (4 bytes)
Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)
128-191 B 10 Offset: Size of the TCP header (4 bits)
Reserved: Set to zero, reserved for future use (6 bits)
Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)
192-223 C 110 Acknowledgment (ACK, 1 bit)
Push (PSH, 1 bit)
224-239 D 1110 Reset connection (RST, 1 bit)
Synchronisation of sequence numbers (SYN, 1 bit)
Finished sending data (FIN, 1 bit)
240-255 E 1111 Window Size: Used to exchange TCP buffer sizes (2 bytes)
Checksum: Checksum field (2 bytes)
8-bit Urgent pointer: Points to urgent data in the data field
Only valid if the urgent flag is set (2 bytes)
Number of networks Number of hosts Options and Padding:
Class A 126 16.777.214 (variable length) Options: Maximum segment size
Class B 16.384 65.534 TCP window scale
Selective acknowledgment
Class C 2.097.152 254 SACK-permited
TCP timestamps
Subnetmask
32 bits ��
IP Address 7 Echo 25 SMTP
9 Discard 53 DNS
NET SUBNET HOST 13 Daytime 80 HTTP
17 Qotd 110 POP3
19 Chargen 119 NNTP
Subnet Mask 20 FTP-data 179 BGP
11111111 11111111 11111111 00000000 21 FTP-control 143 IMAP ≤1023: Well known applications
22 SSH 389 LDAP >1023: Proprietary applications and
255 255 255 0 23 Telnet 443 HTTPs (s=over SSL) client applications
646 MPLS
��
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Hardware type Protocol type Hardware type: Identifies the type of hardware interface (2 bytes)
Protocol Type: Identifies the type of protocol the
HLEN PLEN Operation sending device is using (2 bytes)
HLEN: Hardware Address Length (1 byte)
Sender HA (0-3) PLEN: Protocol Address Length (1 byte)
Sender HA (4-5) Sender IP (0-1) Operation: Request or reply (2 bytes)
Sender HA: Sender hardware address (6 bytes)
Sender IP (2-3) Target HA (0-1) Sender IP: Sender IP address (4 bytes)
Target HA: Target hardware address (6 bytes)
Target HA (2-5) Target IP: Target IP address (4 bytes)
Target IP (0-4)
V1.5
��
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Source port Destination port Version IHL T.O.S. Total length www.jcacademy.com
Length Checksum Identification Flags Fragment offset
Data TTL Protocols=1 Header checksum
Source Address
Source port: Number of the port that initiates the session (2 bytes) Destination Address
TCP/IP
Destination port: Number of the port for which the
the transmision is destined (2 bytes) Options and Padding
Length: Size of UDP message (2 bytes)
Checksum: Checksum field (2 bytes) ICMP TYPE ICMP CODE Header checksum (IPv4)
Unused or depending on TYPE (see notes)
�� IP header + 8 octets of original datagram
reference card© v.2.0
7 Echo 67 DHCP server 520 RIP
9 Discard 68 DHCP client 646 MPLS
13 Daytime 69 TFTP
17 Qotd 123 NTP
19 Chargen 161 SNMP
53 DNS 162 SNMPtrap ��
≤1023: Well known applications
>1023: Proprietary applications
Type Code
0 0 Echo Reply
3 Destination Unreachable
�� 0 Network unreachable
1 Host unreachable
DIX Ethernet v2 2 Requested protocol unreachable
3 Port unreachable
DA SA E-TYPE DATA FCS 4 Fragmentation needed, but “Don’t Fragment
flag set”
IEEE 802.3 5 Source route has failed
6 Destination network unknown
00 00 00 E-TYPE 7 Destination host unknown
4 0 Source Quench
5 Redirect
IEEE 802.2 0 Redirect datagrams for network
SNAP DSAP AA SSAP AA Control SNAP DATA
1 Redirect datagrams for host
8 0 Echo Request
9 0 Router advertisement
IEEE 802.2 DSAP 06 SSAP 06 Control DATA 10 0 Router selection
11 Time Exceeded
0 Time-to-live exceeded
DA SA Length DATA FCS 1 fragment reassembly time exceeded
12 Parameter Problem
E-Type (Hex.) 0 Pointer indicates the error
1 Missing a required option
2 Bad length
08 00: IP(v4) 08 06: ARP 86 DD: IP(v6)
Important RFC’s Interesting links
RFC 768: User Datagram Protocol Standard Internet Assigned Numbers Authority (IANA) http://www.iana.org
RFC 791: Internet Protocol v4 Standard Internet Corporation for Assigned Names and Numbers
RFC 792: Internet Control Message Protocol Standard (ICANN) http://www.icann.org
RFC 793: Transmission Control Protocol Standard Réseaux IP Européens (RIPE) http://www.ripe.net
RFC 821: Simple Mail Transfer Protocol Standard American Registry for Internet Numbers (ARIN) http://www.arin.net
RFC 826: Ethernet Address Resolution Protocol Standard Asia Pacific Network Information Center (APNIC) http://www.apnic.net
RFC 854: Telnet Protocol Specifications Standard Internet Engineering Task Force (IETF) http://www.ietf.org
RFC 959: File Transfer Protocol Standard Institute of Electrical and Electronics Engineers (IEEE) http://www.ieee.org
RFC 1157: Simple Network Management Protocol Standard InterNIC http://rs.internic.net
RFC 3232: Assigned Numbers Informational Internet Architecture Board (IAB) http://www.iab.org
http://www.iana.org/numbers.html Internet Society (ISOC) http://www.isoc.org
RFC 1771: Border Gateway Protocol v4 Draft Standard Internet Software Consortium http://www.isc.org
RFC 2131: Dynamic Host Configuration Protocol Draft Standard World Wide Web Consortium http://www.w3c.org
RFC 2328: Open Shortest Path First v2 Standard Internet Mail Consortium http://www.imc.org
RFC 2453: Routing Information Protocol v2 Standard RFC Editor http://www.rfc-editor.org
RFC 2616: Hypertext Transfer Protocol 1.1 Draft Standard Telindus High-Tech Institute (THTI) http://www.thti.telindus.be
Search for RFC’s on http://www.rfc-editor.org
TCP/IP (IPv4) reference card
��
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Version IHL Service Total length

DOD OSI
Identification Flags Fragment offset
Protocol:
TTL Protocol Header checksum
1 ICMP
Application Layer Source Address 2 IGMP
Destination Address 6 TCP
8 EGP
SMTP
Other
HTTP
DNS
FTP
Application Layer Presentation Layer Options and Padding 9 IGRP

17 UDP
46 RSVP
Session Layer Data 88 EIGRP
89 OSPF
TCP UDP Other Host-to-host Layer Transport Layer Version: IP version number (4 bits) Fragm. Offset: Fragmentation offset field (13 bits)
IHL: Internet header length (4bits) TTL: Time to live field (1 byte)
IP Internet Layer Network Layer Service: Type of service flags (1 byte) Protocol: Protocol identifier field, identifies the
Precedence (=absolute priority) (3 bits) next higher layer protocol (1 byte)
Minimize delay (1 bit) Header Checksum: Checksum field (2 bytes)
Network Access Network Access Datalink Layer Maximize throughput (1 bit) Source Address: IP address of the source host
Layer Layer Maximize reliability (1 bit) (4 bytes)
Minimize monetary cost (1 bit) Destination Address: IP address of the destination
Physical Layer Reserved for future use (1 bit) host (4 bytes)
Total length: Total length of IP datagram (2 byte) Options and Padding: (Variable length)
Identification: Unique packet identifier, used to identify Options: Strict source route
the fragments of the datagram (2 bytes) Loose source route
Flags: Fragmentation flags, indicates if datagram Record route
can be fragmented, and if a particular Timestamp
packet is the last in the series of the Security
fragments (3 bits)
��
32 bits 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Source port Destination port

10111110 10101100 00100001 00000011 Sequence number
Acknowledgement number
Offset Reserved U A P R S F Window size
190 . 172 . 33 . 3 Checksum Urgent pointer
Options and Padding
Netnumber Host number
Data
IP Address Classes Source port: Number of the port that initiates the session (2 bytes)
Destination port: Number of the port for which the the transmision
Netnumber Host number is destined (2 bytes)
Sequence Number: Used to reconstruct the fragmented data out of
0-126 A 0 the segments (4 bytes)
Acknowledgement number: Used to acknowledge the receive of a segment (4 bytes)
128-191 B 10 Offset: Size of the TCP header (4 bits)
Reserved: Set to zero, reserved for future use (6 bits)
Flags: (6 bits) Enables the controle functions of urgent fields (URG, 1 bit)
192-223 C 110 Acknowledgment (ACK, 1 bit)
Push (PSH, 1 bit)
224-239 D 1110 Reset connection (RST, 1 bit)
Synchronisation of sequence numbers (SYN, 1 bit)
Finished sending data (FIN, 1 bit)
240-255 E 1111 Window Size: Used to exchange TCP buffer sizes (2 bytes)
Checksum: Checksum field (2 bytes)
8-bit Urgent pointer: Points to urgent data in the data field
Only valid if the urgent flag is set (2 bytes)
Number of networks Number of hosts Options and Padding:
Class A 126 16.777.214 (variable length) Options: Maximum segment size
Class B 16.384 65.534 TCP window scale
Selective acknowledgment
Class C 2.097.152 254 SACK-permited
TCP timestamps
Subnetmask
32 bits ��
IP Address 7 Echo 25 SMTP
9 Discard 53 DNS
NET SUBNET HOST 13 Daytime 80 HTTP
17 Qotd 110 POP3
19 Chargen 119 NNTP
Subnet Mask 20 FTP-data 179 BGP
11111111 11111111 11111111 00000000 21 FTP-control 143 IMAP ≤1023: Well known applications
22 SSH 389 LDAP >1023: Proprietary applications and
255 255 255 0 23 Telnet 443 HTTPs (s=over SSL) client applications
646 MPLS
��
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Hardware type Protocol type Hardware type: Identifies the type of hardware interface (2 bytes)
Protocol Type: Identifies the type of protocol the
HLEN PLEN Operation sending device is using (2 bytes)
HLEN: Hardware Address Length (1 byte)
Sender HA (0-3) PLEN: Protocol Address Length (1 byte)
Sender HA (4-5) Sender IP (0-1) Operation: Request or reply (2 bytes)
Sender HA: Sender hardware address (6 bytes)
Sender IP (2-3) Target HA (0-1) Sender IP: Sender IP address (4 bytes)
Target HA: Target hardware address (6 bytes)
Target HA (2-5) Target IP: Target IP address (4 bytes)
Target IP (0-4)
V1.5
��

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Source port Destination port Version IHL T.O.S. Total length www.jcacademy.com
Length Checksum Identification Flags Fragment offset
Data TTL Protocols=1 Header checksum

Source Address
Source port: Number of the port that initiates the session (2 bytes) Destination Address
TCP/IP
Destination port: Number of the port for which the
the transmision is destined (2 bytes) Options and Padding
Length: Size of UDP message (2 bytes)
Checksum: Checksum field (2 bytes) ICMP TYPE ICMP CODE Header checksum (IPv4)
Unused or depending on TYPE (see notes)
�� IP header + 8 octets of original datagram
reference card© v.2.0
7 Echo 67 DHCP server 520 RIP

9 Discard 68 DHCP client 646 MPLS
13 Daytime 69 TFTP
17 Qotd 123 NTP
19 Chargen 161 SNMP
53 DNS 162 SNMPtrap ��
≤1023: Well known applications
>1023: Proprietary applications
Type Code
0 0 Echo Reply
3 Destination Unreachable
�� 0 Network unreachable
1 Host unreachable
DIX Ethernet v2 2 Requested protocol unreachable
3 Port unreachable
DA SA E-TYPE DATA FCS 4 Fragmentation needed, but “Don’t Fragment
flag set”
IEEE 802.3 5 Source route has failed
6 Destination network unknown
00 00 00 E-TYPE 7 Destination host unknown
4 0 Source Quench
5 Redirect
IEEE 802.2 0 Redirect datagrams for network
SNAP DSAP AA SSAP AA Control SNAP DATA
1 Redirect datagrams for host
8 0 Echo Request
9 0 Router advertisement
IEEE 802.2 DSAP 06 SSAP 06 Control DATA 10 0 Router selection
11 Time Exceeded
0 Time-to-live exceeded
DA SA Length DATA FCS 1 fragment reassembly time exceeded
12 Parameter Problem
E-Type (Hex.) 0 Pointer indicates the error
1 Missing a required option
2 Bad length
08 00: IP(v4) 08 06: ARP 86 DD: IP(v6)
Important RFC’s Interesting links

RFC 768: User Datagram Protocol Standard Internet Assigned Numbers Authority (IANA) http://www.iana.org
RFC 791: Internet Protocol v4 Standard Internet Corporation for Assigned Names and Numbers
RFC 792: Internet Control Message Protocol Standard (ICANN) http://www.icann.org
RFC 793: Transmission Control Protocol Standard Réseaux IP Européens (RIPE) http://www.ripe.net
RFC 821: Simple Mail Transfer Protocol Standard American Registry for Internet Numbers (ARIN) http://www.arin.net
RFC 826: Ethernet Address Resolution Protocol Standard Asia Pacific Network Information Center (APNIC) http://www.apnic.net
RFC 854: Telnet Protocol Specifications Standard Internet Engineering Task Force (IETF) http://www.ietf.org
RFC 959: File Transfer Protocol Standard Institute of Electrical and Electronics Engineers (IEEE) http://www.ieee.org
RFC 1157: Simple Network Management Protocol Standard InterNIC http://rs.internic.net
RFC 3232: Assigned Numbers Informational Internet Architecture Board (IAB) http://www.iab.org
http://www.iana.org/numbers.html Internet Society (ISOC) http://www.isoc.org
RFC 1771: Border Gateway Protocol v4 Draft Standard Internet Software Consortium http://www.isc.org
RFC 2131: Dynamic Host Configuration Protocol Draft Standard World Wide Web Consortium http://www.w3c.org
RFC 2328: Open Shortest Path First v2 Standard Internet Mail Consortium http://www.imc.org
RFC 2453: Routing Information Protocol v2 Standard RFC Editor http://www.rfc-editor.org
RFC 2616: Hypertext Transfer Protocol 1.1 Draft Standard Telindus High-Tech Institute (THTI) http://www.thti.telindus.be
Search for RFC’s on http://www.rfc-editor.org

VLANS packetlife.net
Trunk Encapsulation Trunk Types

Ethernet Header 802.1Q ISL
Header Size 4 bytes 26 bytes
Trailer Size N/A 4 bytes
Standard IEEE Cisco
Maximum VLANs 4094 1000
Command dot1q isl
VLAN Numbers
0 Reserved 1004 fdnet
1 default 1005 trnet
VLAN Creation
1002 fddi-default 1006-4094 Extended
Switch(config)# vlan 100 1003 tr 4095 Reserved
Switch(config-vlan)# name Engineering
Terminology
Access Port Configuration
Trunking · Extending multiple VLANs over the
Switch(config-if)# switchport mode access same physical connection
Switch(config-if)# switchport nonegotiate
Native VLAN · By default, frames in this VLAN are
Switch(config-if)# switchport access vlan 100
Switch(config-if)# switchport voice vlan 150 untagged when sent across a trunk
Access VLAN · The VLAN to which an access port is
Trunk Port Configuration assigned
Voice VLAN · If configured, enables minimal
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q trunking to support voice traffic in addition to data
Switch(config-if)# switchport trunk allowed vlan 10,100-200 traffic on an access port
Switch(config-if)# switchport trunk native vlan 10
Dynamic Trunking Protocol (DTP) · Can be used
to automatically establish trunks between capable
SVI Configuration
ports; carries a security risk
Switch(config)# interface vlan100 Switched Virtual Interface (SVI) · A virtual
Switch(config-if)# ip address 192.168.100.1 255.255.255.0 interface which provides a routed gateway into and
out of a VLAN
VLAN Trunking Protocol
Switch Port Modes
Domain · Common to all switches participating in VTP
trunk · Forms an unconditional trunk
Server Mode · Generates and propagates VTP advertisements to
clients; this mode is default on unconfigured switches dynamic desirable · Actively attempts to negotiate
a trunk with the distant end
Client Mode · Receives and forwards advertisements from servers;
VLANs cannot be manually configured on switches in client mode dynamic auto · Will form a trunk only if requested
by the distant end
Transparent Mode · Forwards advertisements but does not
participate in VTP; VLANs must be configured manually access · Will never form a trunk
Pruning · VLANs not having any access ports on an end switch are
Troubleshooting
removed from the trunk to reduce flooded traffic
show vlan
VTP Configuration
show interface status
Switch(config)# vtp mode server show interface switchport
Switch(config)# vtp domain LASVEGAS
Switch(config)# vtp password Presl3y show interface trunk
Switch(config)# vtp version 2
Switch(config)# vtp pruning show vtp status
show vtp password

BGP · PART 1 packetlife.net
Attribute Types About BGP

Well-known Mandatory · Must be supported and propagated Type Path Vector
Well-known Discretionary · Must be supported; propagation optional Algorithm Path Selection
Optional Transitive · Marked as partial if unsupported by neighbor eBGP AD 20
Optional Nontransitive · Deleted if unsupported by neighbor iBGP AD 200
Attributes Standard RFC 4271
Name Type Description Protocols IP
Aggregator OT ID and AS of router which performed Transport TCP 179

summarization Authentication MD5
AS Path WM List of autonomous systems the
Terminology
advertisement has traversed
Autonomous System (AS) · A logical
Atomic Aggregate WD Includes AS which have been
domain under the control of a single entity
dropped due to route aggregation
External BGP (eBGP) · BGP neighborships
Cluster ID ON Originating cluster
formed between autonomous systems
Community OT Route tag
Internal BGP (iBGP) · BGP between peers
Local Preference WD Metric for internal neighbors to within a single autonomous system
reach external paths; default 100
Synchronization requirement · Asserts
Multiple Exit ON Metric for external neighbors to that a route must be known by an IGP before
Discriminator (MED) reach the AS; default 0 it may be advertised to BGP peers
Next Hop WM External peer in neighboring AS Packet Types

Origin WM Origin type (IGP, EGP, or unknown) Open Update
Originator ID ON Identifies route reflector Keepalive Notification
Weight O Cisco proprietary, not
communicated to peers; default 0 Neighbor States
Idle · Neighbor is not responding
Path Selection
Connect · TCP session established
Order Description Preference
Open Sent · Open message sent
1 Weight Administrative preference Highest
Open Confirm · Response received
2 Local Communicated between peers Highest
Preference within an AS Established · Neighborship established
3 Self-Originated Prefer paths originated locally True Troubleshooting

4 AS Path Minimize AS hops Shortest show ip bgp
5 Origin Prefer IGP-learned routes over IGP show ip bgp summary
EGP, and EGP over unknown
show ip bgp neighbors
6 MED Used externally to enter an AS Lowest
show ip route [bgp]
7 External Prefer eBGP routes over iBGP eBGP
clear ip bgp * [soft]
8 IGP Cost Consider IGP attributes Lowest
debug ip bgp events
9 eBGP Peering Favor more stable routes Oldest
debug ip bgp updates
10 Router ID Tie breaker Lowest
Influencing Path Selection

Weight neighbor 172.16.0.1 weight 200 Local Preference bgp default local-preference 100
MED default-metric 400 Route Map neighbor 172.16.0.1 route-map Foo

Edited by Foxit Reader
BGP · PART 2 Copyright(C) by Foxit Corporation,2005-2009
packetlife.net
For Evaluation Only.
Configuration Example
Router A
interface Serial1/0
description Backbone to B
ip address 172.16.0.1 255.255.255.252
!
interface Serial1/1
description Backbone to C
ip address 172.16.0.5 255.255.255.252
!
description LAN
ip address 192.168.1.1 255.255.255.0
!
router bgp 65100
no synchronization
network 172.16.0.0 mask 255.255.255.252
network 172.16.0.4 mask 255.255.255.252
network 192.168.1.0
neighbor South peer-group
neighbor South remote-as 65200
neighbor 172.16.0.2 peer-group South
neighbor 172.16.0.6 peer-group South
no auto-summary
Router B Router C
interface FastEthernet0/0 interface FastEthernet0/0

description Local to C description Local to B
ip address 10.0.0.1 255.255.255.252 ip address 10.0.0.2 255.255.255.252
! !
interface Serial1/0 interface Serial1/0
description Backbone to A description Backbone to A
! !
description LAN description LAN
! !
router ospf 100 router ospf 100
network 10.0.0.1 0.0.0.0 area 0 network 10.0.0.2 0.0.0.0 area 0
! !
router bgp 65200 router bgp 65200
no synchronization no synchronization
redistribute ospf 100 route-map LAN_Subnets redistribute ospf 100 route-map LAN_Subnets
neighbor 10.0.0.2 remote-as 65200 neighbor 10.0.0.1 remote-as 65200
neighbor 172.16.0.1 remote-as 65100 neighbor 172.16.0.5 remote-as 65100
no auto-summary no auto-summary
! !
access-list 10 permit 192.168.0.0 0.0.255.255 access-list 10 permit 192.168.0.0 0.0.255.255
! !
route-map LAN_Subnets permit 10 route-map LAN_Subnets permit 10
match ip address 10 match ip address 10
set metric 100 set metric 100
Router A Routing Table Router B Routing Table
172.16.0.0/30 is subnetted, 2 subnets 172.16.0.0/30 is subnetted, 2 subnets

C 172.16.0.4 is directly connected, S1/1 B 172.16.0.4 [20/0] via 172.16.0.1
C 172.16.0.0 is directly connected, S1/0 C 172.16.0.0 is directly connected, S1/0
C 192.168.1.0/24 is directly connected, F2/0 10.0.0.0/30 is subnetted, 1 subnets
B 192.168.2.0/24 [20/100] via 172.16.0.2 C 10.0.0.0 is directly connected, F0/0
B 192.168.3.0/24 [20/100] via 172.16.0.2 B 192.168.1.0/24 [20/0] via 172.16.0.1
C 192.168.2.0/24 is directly connected, F2/0
O IA 192.168.3.0/24 [110/2] via 10.0.0.2, F0/0

EIGRP packetlife.net
Protocol Header Attributes

Type Distance Vector
Algorithm DUAL
Internal AD 90
External AD 170
Summary AD 5
Standard Cisco proprietary
Protocols IP, IPX, Appletalk
Transport IP 88
Authentication MD5
Metric Formula
Multicast IP 224.0.0.10
K2 * bw K5
256 * (K1 * bw + + K3 * delay) * Hello Timer 5 / 60
256 - load reliability + K4
Hold Timer 15 / 180
bw = 107 / Interface bandwidth in Kbps
delay = Interface delay in usecs / 10 K Defaults Packet Types
EIGRP Configuration K1 1 1 Update
Protocol Configuration
K2 0 3 Query
! Enable EIGRP
K3 1 4 Reply
router eigrp <ASN> K4 0 5 Hello
! Add interfaces to advertise K5 0 8 Acknowledge
network <IP address> <wildcard mask>
Terminology
! Configure K values
metric weights 0 <k1> <k2> <k3> <k4> <k5> Reported Distance · The metric for a route
advertised by a neighbor
! Disable automatic route summarization
no auto-summary Feasible Distance · The distance advertised by a
neighbor plus the cost to get to that neighbor
! Designate passive interfaces
passive-interface (<interface> | <default>) Stuck In Active (SIA) · The condition when a
route becomes unreachable and not all queries are
! Enable stub routing
eigrp stub [receive-only | connected | static | summary] answered; adjacencies with unresponsive neighbors
are reset
! Statically identify a neighboring router
neighbor <IP address> <interface> Passive Interface · An interface which does not
participate in EIGRP but whose network is
Interface Configuration advertised
! Set maximum bandwidth EIGRP can consume Stub Router · A router which does not relay
ip bandwidth-percent eigrp <percentage> updates between neighbors or participate in
querying
! Configure manual summarization of outbound advertisements
ip summary-address eigrp <ASN> <IP address> <mask> [<AD>]
Troubleshooting
! Enable MD5 authentication show ip eigrp interfaces
ip authentication mode eigrp <ASN> md5
ip authentication key-chain eigrp <ASN> <key-chain> show ip eigrp neighbors
! Configure hello and hold timers show ip eigrp topology
ip hello-interval eigrp <ASN> <seconds>
ip hold-time eigrp <ASN> <seconds> show ip eigrp traffic
! Disable split horizon for EIGRP

clear ip eigrp neighbors
no ip split-horizon eigrp <ASN> debug ip eigrp [packet | neighbors]

OSPF · PART 1 packetlife.net

Type Link-State
Algorithm Dijkstra
Metric Cost (Bandwidth)
AD 110
Standard RFC 2328, 2740
Protocols IP
Transport IP 89
Metric Formula
Authentication Plaintext, MD5
100,000,000bps*
cost = AllSPF Address 224.0.0.5
link speed
AllDR Address 224.0.0.6
* modifiable with 'ospf auto-cost reference-bandwidth'
Adjacency States
Link State Advertisements
1 Down 5 Exstart
Type 1 Router Link · Lists a router's neighbors and its cost to each;
flooded throughout an area 2 Attempt 6 Exchange
Type 2 Network Link · Generated by a DR; lists all routers on an adjacent 3 Init 7 Loading
segment; flooded throughout an area 4 2-Way 8 Full
Type 3 Network Summary · Generated by an ABR and sent between
areas; point of summarization Router Types
Internal Router · All interfaces reside
Type 4 ASBR Summary · Injected by an ABR into the backbone to
advertise the presence of an ASBR within the same area
Backbone Router · A router with an
Type 5 External Link · Generated by an ASBR and flooded throughout the
AS to advertise a route external to OSPF interface in area 0 (the backbone)
Area Border Router (ABR) · Connects
Type 7 NSSA External Link · Generated by an ASBR in a not-so-stubby
area; converted into a type 5 LSA by the ABR two or more areas
AS Boundary Router (ASBR) · Connects
DR/BDR Election Virtual Links to additional routing domains; typically
· The DR serves as a common point for all · Tunnel formed to join two located in the backbone
adjacencies on a multiaccess segment areas across an intermediate
Area Types
· The BDR also maintains adjacencies with · Both end routers must share a
all routers in case the DR fails common area Standard Area · Default OSPF area type
· Election does not occur on point-to-point · At least one end must reside Stub Area · External summary route (type
or multipoint links in area 0 5) LSAs are replaced by the ABR with a
default route
· Default priority (0-255) is 1; highest · Cannot traverse stub areas
priority wins; 0 cannot be elected Totally Stubby Area · A stub area which
· Temporary solution; not also replaces summary (type 3 and 4) LSAs
· DR preemption will not occur unless the considered best practice with a default route
current DR is reset
Not So Stubby Area (NSSA) · A stubby
Troubleshooting area containing an ASBR; type 5 LSAs are
converted to type 7 within the area
show ip route show ip ospf border-routers
show ip protocols show ip ospf virtual-links External Route Types
E1 · Cost of the path to the originating
show ip ospf interface debug ip packet
ASBR is added to the route cost
show ip ospf neighbor debug ip ospf events
E2 (default) · Only the cost of the route as
show ip ospf database debug ip ospf adjacency seen by the ASBR is considered

OSPF · PART 2 packetlife.net
Network Types
Nonbroadcast Multipoint Multipoint Broadcast Point-to-Point
(NBMA) Broadcast Nonbroadcast
DR/BDR Eelected Yes No No Yes No
Neighbor Discovery No Yes No Yes Yes
Hello/Dead Timers 30/120 30/120 30/120 10/40 10/40
Standard RFC 2328 RFC 2328 Cisco Cisco Cisco
Supported Topology Full Mesh Any Any Full Mesh Point-to-Point
RouterA
interface Serial0/0
description WAN Link
ip address 172.16.34.2 255.255.255.252
!
description Area 0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback0
! Used as router ID
ip address 10.0.34.1 255.255.255.0
!
router ospf 100
! Advertising the WAN cloud to OSPF
redistribute static subnets
network 192.168.0.0 0.0.0.255 area 0
!
! Static route to the WAN cloud
ip route 172.16.0.0 255.255.192.0 172.16.34.1
RouterB RouterC
interface Ethernet0/0 interface Ethernet0/0

description Area 0 description Area 9
! !
interface Ethernet0/1 interface Ethernet0/1
! Optional MD5 authentication configured ! Optional MD5 authentication configured
ip ospf authentication message-digest ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 FooBar ip ospf message-digest-key 1 md5 FooBar
! Give RouterB priority in DR election ! Give RouterC second priority (BDR) in election
ip ospf priority 100 ip ospf priority 50
! !
interface Ethernet0/2 !
description Area 1 !
ip address 192.168.1.1 255.255.255.0 !
! !
interface Loopback0 interface Loopback0
! !
router ospf 100 router ospf 100
! Define area 1 as a stub area ! Define area 9 as a totally stubby area
area 1 stub area 9 stub no-summary
! Virtual link from area 0 to area 9 ! Virtual link from area 9 to area 0
area 2 virtual-link 10.0.34.3 area 2 virtual-link 10.0.34.2
network 192.168.2.0 0.0.0.255 area 2 !

CISCO IOS VERSIONS packetlife.net
IOS Nomenclature Typical Release Lifecycle
First Customer Shipment (FCS) · The release is first available to

Cisco customers on CCO
EOS Notice · Notification of upcoming EOS

End of Sale (EOS) · The release is no longer orderable or included
in manufactured shipments
End of Engineering (EOE) · The last day for software fixes; only
TAC assistance is offered from this point
End of Life (EOL) · The last day for TAC support; release becomes
obsolete; upgrade is only option for support
IOS Filename
IOS Package Trees
Recommended IOS
800, 1700, 2600, 2800, 3700, 3800 12.4 / 12.4T
Catalyst 2960, 3560, 3750 12.2SE
Catalyst 4500 and 4900 12.2SG
Catalyst 6500 12.2SX
7200, 7301 routers 12.4 / 12.4T / 12.2SB
7304 routers 12.2SB
7500 routers 12.4 / 12.0S
10000 routers 12.2SB
7600 routers 12.2SR
IOS Verification
Router# show version
Router# dir <filesystem>:
Router# verify <filesystem>:<image>

COMMON PORTS packetlife.net
TCP/UDP Port Numbers
7 Echo 554 RTSP 2745 Bagle.H 6891-6901 Windows Live

19 Chargen 546-547 DHCPv6 2967 Symantec AV 6970 Quicktime
20-21 FTP 560 rmonitor 3050 Interbase DB 7212 GhostSurf
22 SSH/SCP 563 NNTP over SSL 3074 XBOX Live 7648-7649 CU-SeeMe
23 Telnet 587 SMTP 3124 HTTP Proxy 8000 Internet Radio
25 SMTP 591 FileMaker 3127 MyDoom 8080 HTTP Proxy
42 WINS Replication 593 Microsoft DCOM 3128 HTTP Proxy 8086-8087 Kaspersky AV
43 WHOIS 631 Internet Printing 3222 GLBP 8118 Privoxy
49 TACACS 636 LDAP over SSL 3260 iSCSI Target 8200 VMware Server
53 DNS 639 MSDP (PIM) 3306 MySQL 8500 Adobe ColdFusion
67-68 DHCP/BOOTP 646 LDP (MPLS) 3389 Terminal Server 8767 TeamSpeak
69 TFTP 691 MS Exchange 3689 iTunes 8866 Bagle.B
70 Gopher 860 iSCSI 3690 Subversion 9100 HP JetDirect
79 Finger 873 rsync 3724 World of Warcraft 9101-9103 Bacula
80 HTTP 902 VMware Server 3784-3785 Ventrilo 9119 MXit
88 Kerberos 989-990 FTP over SSL 4333 mSQL 9800 WebDAV
102 MS Exchange 993 IMAP4 over SSL 4444 Blaster 9898 Dabber
110 POP3 995 POP3 over SSL 4664 Google Desktop 9988 Rbot/Spybot
113 Ident 1025 Microsoft RPC 4672 eMule 9999 Urchin
119 NNTP (Usenet) 1026-1029 Windows Messenger 4899 Radmin 10000 Webmin
123 NTP 1080 SOCKS Proxy 5000 UPnP 10000 BackupExec
135 Microsoft RPC 1080 MyDoom 5001 Slingbox 10113-10116 NetIQ
137-139 NetBIOS 1194 OpenVPN 5001 iperf 11371 OpenPGP
143 IMAP4 1214 Kazaa 5004-5005 RTP 12035-12036 Second Life
161-162 SNMP 1241 Nessus 5050 Yahoo! Messenger 12345 NetBus
177 XDMCP 1311 Dell OpenManage 5060 SIP 13720-13721 NetBackup
179 BGP 1337 WASTE 5190 AIM/ICQ 14567 Battlefield
201 AppleTalk 1433-1434 Microsoft SQL 5222-5223 XMPP/Jabber 15118 Dipnet/Oddbob
264 BGMP 1512 WINS 5432 PostgreSQL 19226 AdminSecure
318 TSP 1589 Cisco VQP 5500 VNC Server 19638 Ensim
381-383 HP Openview 1701 L2TP 5554 Sasser 20000 Usermin
389 LDAP 1723 MS PPTP 5631-5632 pcAnywhere 24800 Synergy
411-412 Direct Connect 1725 Steam 5800 VNC over HTTP 25999 Xfire
443 HTTP over SSL 1741 CiscoWorks 2000 5900+ VNC Server 27015 Half-Life
445 Microsoft DS 1755 MS Media Server 6000-6001 X11 27374 Sub7
464 Kerberos 1812-1813 RADIUS 6112 Battle.net 28960 Call of Duty
465 SMTP over SSL 1863 MSN 6129 DameWare 31337 Back Orifice
497 Retrospect 1985 Cisco HSRP 6257 WinMX 33434+ traceroute
500 ISAKMP 2000 Cisco SCCP 6346-6347 Gnutella Legend
512 rexec 2002 Cisco ACS 6500 GameSpy Arcade Chat
513 rlogin 2049 NFS 6566 SANE Encrypted
514 syslog 2082-2083 cPanel 6588 AnalogX Gaming
515 LPD/LPR 2100 Oracle XDB 6665-6669 IRC
Malicious
520 RIP 2222 DirectAdmin 6679/6697 IRC over SSL
Peer to Peer
521 RIPng (IPv6) 2302 Halo 6699 Napster
Streaming
540 UUCP 2483-2484 Oracle DB 6881-6999 BitTorrent
IANA port assignments published at http://www.iana.org/assignments/port-numbers

IP ACCESS LISTS packetlife.net
Standard IP ACL Syntax Actions
! Legacy syntax permit Allow matched packets

access-list <number> {permit | deny} <source> [log]
deny Deny matched packets
! Modern syntax remark Record a config comment
ip access-list standard {<number> | <name>}
[<sequence>] {permit | deny} <source> [log] evaluate Evaluate a reflexive ACL
Extended IP ACL Syntax
! Legacy syntax
access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
! Modern syntax
ip access-list extended {<number> | <name>}
[<sequence>] {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
ACL Numbers Source/Destination Definitions

1-99 any Any address
IP standard
1300-1999
host <address> A single address
100-199
IP extended <network> <mask> Any address matched by the wildcard mask
2000-2699
200-299 Protocol IP Options
300-399 DECnet dscp <DSCP> Match packets with the given DSCP value
400-499 XNS fragments Check non-initial fragments
500-599 Extended XNS option <option> Match packets with the specified IP option
600-699 Appletalk precedence <0-7> Match packets with the given precedence value
700-799 Ethernet MAC ttl <count> Match packets with the given Time To Live
800-899 IPX standard TCP/UDP Port Definitions
900-999 IPX extended eq <port> Equal to neq <port> Not equal to
1000-1099 IPX SAP lt <port> Less than gt <port> Greater than
1100-1199 MAC extended range <port> <port> Matches a range of port numbers
1200-1299 IPX summary
Miscellaneous Options
TCP Options reflect <name> Create a reflexive ACL
ack Match ACK flag time-range <name> Enable rule only during the specified time range
fin Match FIN flag
Applying ACLs to Restrict Traffic
psh Match PSH flag
rst Match RST flag ip access-group {<number> | <name>} {in | out}
syn Match SYN flag
Troubleshooting
urg Match URG flag
show access-lists {<number> | <name>}
established Match packets in a pre-
established session show ip access-lists {<number> | <name>}
show ip access-lists interface <interface>
Logging Options
show ip access-lists dynamic
log Log ACL entry matches
show ip interface [<interface>]
log-input Log matches with ingress
interface and source MAC show time-range [<name>]

PHYSICAL TERMINATIONS packetlife.net
Optical Terminations Copper Terminations GBICs
RJ-45
ST (Straight Tip)
1000Base-SX/LX
RJ-11
SC (Subscriber Connector)
1000Base-T
RJ-21 (25-pair)
LC (Local Connector)
Cisco GigaStack
MT-RJ
Wireless Antennas DE-9 (Female)
1000Base-SX/LX SFP
RP-TNC 1000Base-T SFP
DB-25 (Male)
RP-SMA
DB-60 (Male)
X2 (10Gig)

Anchors Quantifiers Groups and Ranges
^ Start of string * 0 or more . Any character except

\A Start of string + 1 or more new line (\n)
$ End of string ? 0 or 1 (a|b) a or b
\Z End of string {3} Exactly 3 (...) Group
\b Word boundary {3,} 3 or more (?:...) Passive Group
\B Not word boundary {3,5} 3, 4 or 5 [abc] Range (a or b or c)
\< Start of word [^abc] Not a or b or c
\> End of word [a-q] Letter between a and q
Quantifier Modifiers
[A-Q] Upper case letter
"x" below represents a quantifier between A and Q
Character Classes
x? [0-7] Digit between 0 and 7
Ungreedy version of "x"
\n nth group/subpattern
\c Control character
Note: Ranges are inclusive.
\s White space Escape Character
\S Not white space
\d Digit \ Pattern Modifiers
Escape Character
\D Not digit
\w g Global match
Word
\W Metacharacters (must be escaped) i Case-insensitive
Not word
\x m Multiple lines
Hexadecimal digit
^ [ . s Treat string as single line
\O Octal digit
$ { * x Allow comments and
( \ + white space in pattern
POSIX
) | ? e Evaluate replacement
< > U Ungreedy pattern
[:upper:] Upper case letters
[:lower:] Lower case letters
[:alpha:] All letters Special Characters String Replacement (Backreferences)
[:alnum:] Digits and letters
[:digit:] Digits \n New line $n nth non-passive group
[:xdigit:] Hexadecimal digits \r Carriage return $2 "xyz" in /^(abc(xyz))$/
[:punct:] Punctuation \t Tab $1 "xyz" in /^(?:abc)(xyz)$/
[:blank:] Space and tab \v Vertical tab $` Before matched string
[:space:] Blank characters \f Form feed $' After matched string
[:cntrl:] Control characters \xxx Octal character xxx $+ Last matched string
[:graph:] Printed characters \xhh Hex character hh $& Entire matched string
[:print:] Printed characters and
spaces Sample Patterns
[:word:] Digits, letters and
underscore Pattern Will Match
([A-Za-z0-9-]+) Letters, numbers and hyphens
(\d{1,2}\/\d{1,2}\/\d{4}) Date (e.g. 21/3/2006)
Assertions
([^\s]+(?=\.(jpg|gif|png))\.\2) jpg, gif or png image
?= Lookahead assertion (^[1-9]{1}$|^[1-4]{1}[0-9]{1}$|^50$) Any number from 1 to 50 inclusive
?! Negative lookahead (#?([A-Fa-f0-9]){3}(([A-Fa-f0-9]){3})?) Valid hexadecimal colour code
?<= Lookbehind assertion ((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,15}) String with at least one upper case
?!= or ?<! Negative lookbehind letter, one lower case letter, and one
?> Once-only Subexpression digit (useful for passwords).
?() Condition [if then] (\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}) Email addresses
?()| Condition [if then else] (\<(/?[^\>]+)\>) HTML Tags
?# Comment
Note: These patterns are intended for reference purposes and have not been
extensively tested. Please use with caution and test thoroughly before use.
Available free from
AddedBytes.com
SUBNETTING packetlife.net
Subnet Chart Decimal to Binary

CIDR Subnet Mask Addresses Wildcard Subnet Mask Wildcard
/32 255.255.255.255 1 0.0.0.0 255 1111 1111 0 0000 0000
/31 255.255.255.254 2 0.0.0.1 254 1111 1110 1 0000 0001
/30 255.255.255.252 4 0.0.0.3 252 1111 1100 3 0000 0011
/29 255.255.255.248 8 0.0.0.7 248 1111 1000 7 0000 0111
/28 255.255.255.240 16 0.0.0.15 240 1111 0000 15 0000 1111
/27 255.255.255.224 32 0.0.0.31 224 1110 0000 31 0001 1111
/26 255.255.255.192 64 0.0.0.63 192 1100 0000 63 0011 1111
/25 255.255.255.128 128 0.0.0.127 128 1000 0000 127 0111 1111
/24 255.255.255.0 256 0.0.0.255 0 0000 0000 255 1111 1111
/23 255.255.254.0 512 0.0.1.255 Subnet Proportion
/22 255.255.252.0 1,024 0.0.3.255
/21 255.255.248.0 2,048 0.0.7.255
/20 255.255.240.0 4,096 0.0.15.255
/19 255.255.224.0 8,192 0.0.31.255
/18 255.255.192.0 16,384 0.0.63.255
/17 255.255.128.0 32,768 0.0.127.255
/16 255.255.0.0 65,536 0.0.255.255
/15 255.254.0.0 131,072 0.1.255.255 Classful Ranges
/14 255.252.0.0 262,144 0.3.255.255 A 0.0.0.0 - 127.255.255.255
/13 255.248.0.0 524,288 0.7.255.255 B 128.0.0.0 - 191.255.255.255
/12 255.240.0.0 1,048,576 0.15.255.255 C 192.0.0.0 - 223.255.255.255
/11 255.224.0.0 2,097,152 0.31.255.255 D 224.0.0.0 - 239.255.255.255
/10 255.192.0.0 4,194,304 0.63.255.255 E 240.0.0.0 - 255.255.255.255
/9 255.128.0.0 8,388,608 0.127.255.255
Reserved Ranges
/8 255.0.0.0 16,777,216 0.255.255.255
RFC1918 10.0.0.0 - 10.255.255.255
/7 254.0.0.0 33,554,432 1.255.255.255
Localhost 127.0.0.0 - 127.255.255.255
/6 252.0.0.0 67,108,864 3.255.255.255
RFC1918 172.16.0.0 - 172.31.255.255
/5 248.0.0.0 134,217,728 7.255.255.255
RFC1918 192.168.0.0 - 192.168.255.255
/4 240.0.0.0 268,435,456 15.255.255.255
Determine Usable Hosts
/3 224.0.0.0 536,870,912 31.255.255.255
Total Addresses 256
/2 192.0.0.0 1,073,741,824 63.255.255.255
- Subnet ID - 1
/1 128.0.0.0 2,147,483,648 127.255.255.255 - Broadcast Address - 1
Usable hosts 254
/0 0.0.0.0 4,294,967,296 255.255.255.255
Terminology
CIDR · Classless interdomain routing was developed to VLSM · Variable length subnet masks are an arbitrary length
provide more granularity than legacy classful addressing; between 0 and 32 bits; CIDR relies on VLSMs to define routes
masks expressed in the form /XX are in CIDR notation

TCPDUMP packetlife.net
Command Line Options

-A Print frame payload in ASCII -q Quick output
-c <count> Exit after capturing count packets -r <file> Read packets from file
-D List available interfaces -s <len> Capture up to len bytes per packet
-e Print link-level headers in the capture dump -S Print absolute TCP sequence numbers
-F <file> Use file as the filter expression -t Don't print timestamps
-G <n> Rotate the dump file every n seconds -v[v[v]] Print more verbose output
-i <iface> Specifies the capture interface -w <file> Write captured packets to file
-K Don't verify TCP checksums -x Print frame payload in hex
-L List data link types for the interface -X Print frame payload in hex and ASCII
-n Don't convert addresses to names -y <type> Specify the data link type
-p Don't capture in promiscuous mode -Z <user> Drop privileges from root to user
Capture Filter Primitives

[src|dst] host <host> Matches a host as the IP source, destination, or either
ether [src|dst] host <ehost> Matches a host as the Ethernet source, destination, or either
gateway host <host> Matches packets which used host as a gateway
[src|dst] net <network>/<len> Matches packets to or from an endpoint residing in network
[tcp|udp] [src|dst] port <port> Matches TCP or UDP packets sent to/from port
[tcp|udp] [src|dst] portrange <p1>-<p2> Matches TCP or UDP packets to/from a port in the given range
less <length> Matches packets less than or equal to length
greater <length> Matches packets greater than or equal to length
(ether|ip|ip6) proto <protocol> Matches an Ethernet, IPv4, or IPv6 protocol
(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts
(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts
type (mgt|ctl|data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype
vlan [<vlan>] Matches 802.1Q frames, optionally with a VLAN ID of vlan
mpls [<label>] Matches MPLS packets, optionally with a label of label
<expr> <relop> <expr> Matches packets by an arbitrary expression
Protocols Modifiers Examples

arp ip6 slip ! or not udp dst port not 53 All UDP not bound for port 53
ether link tcp && or and host 10.0.0.1 && host 10.0.0.2 All packets between these hosts
fddi ppp tr || or or tcp dst port 80 or 8080 All packets to either TCP port
icmp radio udp ICMP Types
ip rarp wlan icmp-echoreply icmp-routeradvert icmp-tstampreply
TCP Flags icmp-unreach icmp-routersolicit icmp-ireq
tcp-urg tcp-rst icmp-sourcequench icmp-timxceed icmp-ireqreply
tcp-ack tcp-syn icmp-redirect icmp-paramprob icmp-maskreq
tcp-push tcp-fin icmp-echo icmp-tstamp icmp-maskreply

WIRESHARK DISPLAY FILTERS · PART 1 packetlife.net
Ethernet ARP
eth.addr eth.len eth.src arp.dst.hw_mac arp.proto.size
eth.dst eth.lg eth.trailer arp.dst.proto_ipv4 arp.proto.type
eth.ig eth.multicast eth.type arp.hw.size arp.src.hw_mac
arp.hw.type arp.src.proto_ipv4
IEEE 802.1Q
arp.opcode
vlan.cfi vlan.id vlan.priority
vlan.etype vlan.len vlan.trailer TCP
tcp.ack tcp.options.qs
IPv4
tcp.checksum tcp.options.sack
ip.addr ip.fragment.overlap.conflict
tcp.checksum_bad tcp.options.sack_le
ip.checksum ip.fragment.toolongfragment
tcp.checksum_good tcp.options.sack_perm
ip.checksum_bad ip.fragments
tcp.continuation_to tcp.options.sack_re
ip.checksum_good ip.hdr_len
tcp.dstport tcp.options.time_stamp
ip.dsfield ip.host
tcp.flags tcp.options.wscale
ip.dsfield.ce ip.id
tcp.flags.ack tcp.options.wscale_val
ip.dsfield.dscp ip.len
tcp.flags.cwr tcp.pdu.last_frame
ip.dsfield.ect ip.proto
tcp.flags.ecn tcp.pdu.size
ip.dst ip.reassembled_in
tcp.flags.fin tcp.pdu.time
ip.dst_host ip.src
tcp.flags.push tcp.port
ip.flags ip.src_host
tcp.flags.reset tcp.reassembled_in
ip.flags.df ip.tos
tcp.flags.syn tcp.segment
ip.flags.mf ip.tos.cost
tcp.flags.urg tcp.segment.error
ip.flags.rb ip.tos.delay
tcp.hdr_len tcp.segment.multipletails
ip.frag_offset ip.tos.precedence
tcp.len tcp.segment.overlap
ip.fragment ip.tos.reliability
tcp.nxtseq tcp.segment.overlap.conflict
ip.fragment.error ip.tos.throughput
tcp.options tcp.segment.toolongfragment
ip.fragment.multipletails ip.ttl
tcp.options.cc tcp.segments
ip.fragment.overlap ip.version
tcp.options.ccecho tcp.seq
IPv6 tcp.options.ccnew tcp.srcport
ipv6.addr ipv6.hop_opt tcp.options.echo tcp.time_delta
ipv6.class ipv6.host tcp.options.echo_reply tcp.time_relative
ipv6.dst ipv6.mipv6_home_address tcp.options.md5 tcp.urgent_pointer
ipv6.dst_host ipv6.mipv6_length tcp.options.mss tcp.window_size
ipv6.dst_opt ipv6.mipv6_type tcp.options.mss_val
ipv6.flow ipv6.nxt
UDP
ipv6.fragment ipv6.opt.pad1
udp.checksum udp.dstport udp.srcport
ipv6.fragment.error ipv6.opt.padn
udp.checksum_bad udp.length
ipv6.fragment.more ipv6.plen
udp.checksum_good udp.port
ipv6.fragment.multipletails ipv6.reassembled_in
ipv6.fragment.offset ipv6.routing_hdr Operators Logic
ipv6.fragment.overlap ipv6.routing_hdr.addr eq == and && Logical AND
ipv6.fragment.overlap.conflict ipv6.routing_hdr.left ne != or || Logical OR
ipv6.fragment.toolongfragment ipv6.routing_hdr.type gt >
xor ^^ Logical XOR
ipv6.fragments ipv6.src lt <
not ! Logical NOT
ipv6.fragment.id ipv6.src_host ge >=
ipv6.hlim ipv6.version le <= [n] [...] Substring operator

WIRESHARK DISPLAY FILTERS · PART 2 packetlife.net
Frame Relay ICMPv6

fr.becn fr.de icmpv6.all_comp icmpv6.option.name_type
fr.chdlctype fr.dlci icmpv6.checksum icmpv6.option.name_type.fqdn
fr.control fr.dlcore_control icmpv6.checksum_bad icmpv6.option.name_x501
fr.control.f fr.ea icmpv6.code icmpv6.option.rsa.key_hash
fr.control.ftype fr.fecn icmpv6.comp icmpv6.option.type
fr.control.n_r fr.lower_dlci icmpv6.haad.ha_addrs icmpv6.ra.cur_hop_limit
fr.control.n_s fr.nlpid icmpv6.identifier icmpv6.ra.reachable_time
fr.control.p fr.second_dlci icmpv6.option icmpv6.ra.retrans_timer
fr.control.s_ftype fr.snap.oui icmpv6.option.cga icmpv6.ra.router_lifetime
fr.control.u_modifier_cmd fr.snap.pid icmpv6.option.cga.pad_length icmpv6.recursive_dns_serv
fr.control.u_modifier_resp fr.snaptype icmpv6.option.length icmpv6.type
fr.cr fr.third_dlci
RIP
fr.dc fr.upper_dlci
rip.auth.passwd rip.ip rip.route_tag
PPP rip.auth.type rip.metric rip.routing_domain
ppp.address ppp.direction rip.command rip.netmask rip.version
ppp.control ppp.protocol rip.family rip.next_hop
MPLS BGP
mpls.bottom mpls.oam.defect_location bgp.aggregator_as bgp.mp_reach_nlri_ipv4_prefix
mpls.cw.control mpls.oam.defect_type bgp.aggregator_origin bgp.mp_unreach_nlri_ipv4_prefix
mpls.cw.res mpls.oam.frequency bgp.as_path bgp.multi_exit_disc
mpls.exp mpls.oam.function_type bgp.cluster_identifier bgp.next_hop
mpls.label mpls.oam.ttsi bgp.cluster_list bgp.nlri_prefix
mpls.oam.bip16 mpls.ttl bgp.community_as bgp.origin
bgp.community_value bgp.originator_id
ICMP
bgp.local_pref bgp.type
icmp.checksum icmp.ident icmp.seq
bgp.mp_nlri_tnl_id bgp.withdrawn_prefix
icmp.checksum_bad icmp.mtu icmp.type
icmp.code icmp.redir_gw HTTP
http.accept http.proxy_authorization
DTP
http.accept_encoding http.proxy_connect_host
dtp.neighbor dtp.tlv_type vtp.neighbor
http.accept_language http.proxy_connect_port
dtp.tlv_len dtp.version
http.authbasic http.referer
VTP http.authorization http.request
vtp.code vtp.vlan_info.802_10_index http.cache_control http.request.method
vtp.conf_rev_num vtp.vlan_info.isl_vlan_id http.connection http.request.uri
vtp.followers vtp.vlan_info.len http.content_encoding http.request.version
vtp.md vtp.vlan_info.mtu_size http.content_length http.response
vtp.md5_digest vtp.vlan_info.status.vlan_susp http.content_type http.response.code
vtp.md_len vtp.vlan_info.tlv_len http.cookie http.server
vtp.seq_num vtp.vlan_info.tlv_type http.date http.set_cookie
vtp.start_value vtp.vlan_info.vlan_name http.host http.transfer_encoding
vtp.upd_id vtp.vlan_info.vlan_name_len http.last_modified http.user_agent
vtp.upd_ts vtp.vlan_info.vlan_type http.location http.www_authenticate
vtp.version http.notification http.x_forwarded_for
http.proxy_authenticate

boot and the name is read from these files. HOSTNAME=hostname.domain.com
LINUX Admin Quick Reference /etc/NETWORKING
(Slackware) May change manually.
Jialong He
Jialong_he@bigfoot.com /etc/sysconfig/network NFS File Sharing
http://www.bigfoot.com/~jialong_he (Redhat)
Files
specify name server, DNS domain and
User Management search order. For Example: /etc/fstab file systems mounted during boot.
etc/resolv.conf search la.asu.edu
Files nameserver 129.219.17.200
/etc/exports NFS server export list.
/etc/group /etc/auto.master auto mount master file.

/etc/hosts host name to IP mapping file.
/etc/passwd User account information.
/etc/shadow host name information look up order. Commands
Example:
/etc/bashrc /etc/host.conf mount mount a file system or all entries in fstab.
order hosts, bind
/etc/profile bash system wide and per user init files. multi on exportfs export file system listed in exports
$HOME/.bashrc
$HOME/.bash_profile /etc/nsswitch.conf new way to specify information source. showmount –e show file systems exported
hostname
/etc/csh.cshrc /etc/networks
/etc/csh.login /etc/protocols TCP/IP services and ports mapping.
$HOME/.cshrc tcsh system wide and per user init files. /etc/services
Printer Configuration
$HOME/.tcshrc /etc/rpc RPC service name to their program numbers
$HOME/.login mapping. Files
/etc/skel template files for new users. /etc/printcap
Commands Printer capabilities data base.
/etc/default default for certain commands. /etc/printcap.local
netconfig menu driven Ethernet setup program.
/etc/redhat-release Redhat/Slackware version info (Linux kernel /etc/lpd.conf LPRng configuration file.
/etc/slackware-version version with “uname –a”) pppsetup setup PPP connection (Slackware).
permissions control file for the LPRng line
/etc/lpd.perms printer spooler
setup Ethernet during boot, for example
Commands
/etc/hosts.lpd Access control (BSD lpd).
script to create an new user interactively /sbin/ifconfig eth0 ${IPADDR} broadcast
adduser (slackware) or link to useradd (Redhat). ${BROADCAST} netmask ${NETMASK} /etc/hosts.equiv trusted hosts.
useradd, userdel, create, delete, modify an new user or update ifconfig PRINTER Environment variable of default printer.
/sbin/route add -net ${NETWORK} netmask
usermod default new user information.. ${NETMASK} eth0 /dev/lp0 parallel port.
newusers update and create new users (batch mode).
/sbin/route add default gw ${GATEWAY} netmask Commands
groupadd, groupdel, add, delete or modify group. 0.0.0.0 metric 1
groupmod line printer control program, print queue
lpc, lpq, lprm maintain
host lookup host name or IP (similar to nslookup).
modify account policy (password length,
expire data etc.) or finger information (full dnsdomainname show DNS domain name.
chage. ch fn, chsh
name, phone number etc.) change default login arping; arp find out Ethernet address by first arping then arp. Sendmail
shell.
ipchains firewall and NAT (/etc/sysconfig/ipchains on Redhat) Files
gain root access during boot prompt without
linux init=/bin/sh rw iptables firewall and NAT (/etc/sysconfig/iptables on Redhat)
password, can be used to fix some problems. “sendmail.cf” is the configuration file. “sendmail.mc” is
mount –w -n –o remount / sendmail.cf a macro file which can be used to generate “sendmail.cf”
sendmail.mc by: m4 sendmail.mc > sendmail.cf
Redhat files in /etc/sysconfig
mail aliases, must run “newaliases” after change. use
Network Configuration Configuration Files aliases :include: to include external list in a file.
Files keyboard map, e.g., mail access control, FEATURE(access_db) should be set
keyboard KEYBOARD=”/usr/lib/kdb/keytables/us.map” in sendmail.mc. For example, in /etc/mail/access
/etc/rc.d/rc.inet1
(Slackware) IP address, Network mask, Default gateway cyberpromo.com REJECT
Mouse type, e.g.,
/etc/sysconfig/nework- are in these files. May edit manually to access mydomain.com RELAY
mouse MOUSETYPE=Microsoft spam@somewhere.com DISCARD
scripts/ifcfg-eth0 (Redhat) modify network parameters. XEMU3=yes
network settings, contains makemap hash /etc/mail/access < /etc/mail/access
/etc/HOSTNAME hostname is set by “/bin/hostname” during network NETWORKING=yes
/etc/mail/relay- list all host/domain accepted for relaying.
domains Manage Modules crontab show or edit cron jobs.
Commands sys-unconfig unconfigure system

insmod, lsmod, modinfo,
modprobe, rmmod, Manage loadable modules. chkconfig --list list services started at different run level.
newaliases rebuild the data base for the mail aliases file.
depmod probe for new hardware (Redhat).
build access database, e.g, kudzu
makemap rpm -i INSTALL a package
makemap hash access.db<access
Miscellaneous rpm
rpm -e UNINSTALL a package
rpm -q QUERY a package
Useful Configuration Files Files rpm -U UPDATE a package
Files /etc/shells allowed login shells save a man page as a text file and remove control
man cmd | col –b
characters.
/etc/ftpusers user names NOT allowed to use ftp. >cmd.txt
httpd.conf Apache web server configuration file.
/etc/host.allow
smb.conf Samba server (file and print for Windows).
/etc/host.deny
TCP wrapper host control files. Configure Apache 2.0 with SSL
lilo.conf LILO boot loder configuration file. mod_ssl
/etc/sysconfig contains system configuration files.
syslog.conf System log daemon (syslogd) configuration. (redhat) (1) when compile apache, specify –enable-ssl for configure script.
ssh_config SSH client and server configuration files. /dev/fd0 floppy drive A By default, ssl is not enabled. After compiling, use “httpd –l”
sshd_config to list the modules. “mod_ssl” should be in them.
/etc/inittab system run level control file. (2) generate private key with command:
ld.so.conf default dynamic library search path (run /etc/init.d openssl genrsa -out server.key 1024
ldconfig).
mtool configuration file (access DOS file).
Commands (3) generate certificate request
mtools.conf
fromdos, todos openssl req -new -key server.key -out server.csr
named.conf DNS name server (BIND).
(Slackware)
sysctl.conf kernel parameters by sysctl (Redhat). dos2unix, convert text file from/to linux format. (4) generate self-signed certificate
unix2dos openssl x509 -req -days 60 -in server.csr -signkey server.key -out
ntp.conf net time server. server.crt
(Redhat)
inetd.conf Internet super server.
pwck, grpck verify integrity of password and group files. (5) modify “ssl.conf” which is included in “httpd.conf”. Note,
Xinetd.conf, Xinet.d Extended inetd configuration. specify “httpd –DSSL”, otherwise, commented out <IfDefine SSL>
pwconv,
directory in ssl.conf.
pwunconv, convert to and from shadow passwords and groups.
proftpd.conf proftpd FTP server. grpconv,
amanda.conf network backup server. grpuncov
shadowconfig toggle shadow passwords on and off.
Syslog.conf
/etc/pine.conf PINE mail client system wide settings.
/etc/pine.conf.fixed quota, Each line consists of a selector and an action. A selector has two parts:
edquota, facilities and priorites, separated by a period (.),You may precede every
quotacheck, priority with an equation sign (``='') to specify only this single priority
Manage disk quota.
Rebuild Kernel quotaon, and not any of the above. You may also (both is valid, too) precede the
quotaoff, priority with an exclamation mark (``!'') to ignore all that priorities, either
Configure Kernel Parameters repquota, exact this one or this and any higher priority.
make config Configuring the kernel with interactive, menu lilo -D dos set LILO default OS (default=dos in lilo.conf) Example:
make menuconfig mail.notice /var/log/mail # log to a file
or X window interface. ldd find out shared library dependencies. *.emerg @myhost.mydomain.org # log to remote host
make xconfig
lsof list opened files.
Compile Kernel Source auth, auth-priv, cron, daemon, kern, lpr, mail, mark,
fuser filename show processes that using the file.
facilities news, syslog, user, uucp, local0 – local7.
make dep
ifdown bring up/down a network interface (Redhat)
make zImage priorities debug, info, notice, warning, err, crit, alert, emerg.
Building and installing a new kernel. ifup
make zdisk
make zlilo sysctl configure kernel parameters (Redhat). Regular File:
action File with full pathname beginning with “/”.
make bzImage list opened socked.
socklist
Compile Modules Terminal and Console:
shutdown [–r|h] Specify a tty, same with /dev/console.
now reboot / halt computer
make modules Building and installing modules. Remote Machine:
make modules_install @myhost.mydomain.org
nmap scan a host for opened ports.
IPtables (Netfilter) -insert | -I Inserts a rule in a chain at a particular point. X Window (XFree86)
Command Syntax Other commands: Files
(1) --new | -N (2) --delete | -D (3) --replace | -D (4) --zero | -Z To set screen resolution, in “Screen” section and Subsection “Display”,
iptables [-t <table >] <command > <chain > <parameters> (5) –check | -C (6) delete-chain | -X (7) rename-chain | -E specify a mode. For example: Modes “1024x768”
Save and Restore rules
/sbin/iptables-save > /etc/sysconfig/iptables Parameters To specify screen refresh rate, in “Monitor” section, specify vertical rate.
/sbin/iptables-restore < /etc/sysconfig/iptables For example: VertRefresh 70-120
--proto | -p [!] name protocol: by number or name, including tcp,
Firewall script sample udp, icmp or all. /etc/X11/xinit/xinitrc clients to run after X server started
http://tiger.la.asu.edu/iptables_examples.htm $HOME/.xinitrc
--source | -s [!] addr/mask source IP address.
/etc/X11/fs/config configure X11 font path (font server).
Build-in Table --destination | -d addr/mask destination IP address.
filter This is the default table for handling network packets. Build- --in-interface | -i incoming interface name, e.g. eth0 or ppp0. Commands
in chains are: outgoing interface name. startx start X window system.
--out-interface | -o
1. INPUT — This chain applies to packets received
via a network interface. --jump | -j jump to a particular target when matching a Xconfigurator
2. OUTPUT — This chain applies to packets sent rule. Standard options: ACCEPT, DROP, (Redhat)
out via the same network interface which received QUEUE, RETURN, REJECT. May jump xfree86setup setup X server and generate XF86config.
the packets. to a user defined chain. (Slackware)
3. FORWARD — This chain applies to packets xf86config
--fragment | -f match second or further fragments only.
received on one network interface and sent out on XFreee86 auto configuration (Plug-n-Play),
XFree86 -configure
Options for TCP and UDP protocol
another. generate a template named “XF86Config.new”
nat This table used to alter packets that create a new connection. Ctrl+Alt+Del stop X server (on some system Ctrl+Alt+ESC).
Build-in chains: --sport | --source-port source and/or destination port. Can specify a
1. PREROUTING — This chain alters packets Ctrl+Alt+F1 F1 temporary switch to text mode, F7 switch
--dport | destination-port range like 0:65535, use exclamation back to graphic mode.
received via a network interface when they arrive. Ctrl+Alt+F7
character (!) to NOT match ports.
2. OUTPUT — This chain alters locally -generated SuperProbe detect graphic hardware.
packets before they are routed via a network
interface.
Options for TCP only xvidtune adjust X server origin and size.
3. POSTROUTING — This chain alters packets --syn Match SYN packets. xmodmap modifying key map and mouse button map.
before they are sent out via a network interface. xhost server access control program for X.
## Masquerade everything out ppp0. --tcp-flags Match TCP packets with specific bits set. For example, -p
iptables -t nat -A POSTROUTING -o ppp0 -j tcp –tcp-flags ACK,FIN,SYN SYN will only match TCP xsetroot root window parameter setting utility for X.
MASQUERADE packets that have the SYN flag set and the ACK and FIN
flags unset. xlsfonts server font list displayer for X.
## Change source addresses to 1.2.3.4. xset ser preference utility for X.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to Options for ICMP only
1.2.3.4
--icmp-type [!] type Match specified ICMP type. Valid ICMP type can be XF86Config
mangle This table is used for specific types of packet alteration. list by
Build-in chains:
iptables –p icmp -h
1. PREROUTING — This chain alters packets
Option for state module (-m state --state)

received via a network interface before they are
routed.
2. OUTPUT — This chain alters locally-generated The matching packet is associated with other
ESTABLISHED
packets before they are routed via a network packets in an established connection.
interface.
RELATED The matching packet is starting a new connection
Commands related in some way to an existing connection.
NEW The matching packet is either creating a new
--flush | -F Flush (delete) rules in the selected chain. connection or is part of a two-way connection not
previously seen.
--policy | -P Set default policy for a particular chain.
List all rules in filter table, use [–t tablename] to INVALID The matching packet cannot be tied to a known
--list | -L
specify other tables. connection.
--append | -A A appends a rule to the end of the specified chain.

XFree86 uses a configuration file called XF86Config for its initial setup. Option "OffTime" "time" EXAMPLE
This file is normally located in “/etc/X11” or “/etc” directory. The Sets the inactivity timeout for the "off" phase of DPMS mode, default 40 Section "InputDevice"
XF86Config file is composed of a number of sections which may be min. Identifier "Generic Keyboard"
present in any order. Each section has the form: Driver "keyboard"
Option "DefaultServerLayout" "layout_id" Option "AutoRepeat" "500 30"
Specify the default ServerLayout section to use. Default is the first
Section "SectionName" Option "CoreKeyboard"
ServerLayout section.
SectionEntry EndSection
... EXAMPLE
EndSection Section "ServerFlags" Section "InputDevice"
Option "BlankTime" "99999" Identifier "PS2 Mouse"
The graphics boards are described in the Device sections, and the monitors Option "StandbyTime" "99999" Driver "mouse"
are described in the Monitor sections. They are bound toget her by a Screen Option "SuspendTime" "99999" Option "CorePointer"
section. Keyboard and Mouse are described in InputDevice sections, Option "OffTime" "99999" Option "Device" "/dev/mouse"
although Keyboard and Pointer are still recognized. ServerLayout section EndSection Option "Protocol" "PS/2"
is at the highest level and bind together the InputDevice and Screen Option "Emulate3Buttons" "true"
sections. EndSection
Module Section
A special keyword called Option may be used to provide free-form data to
various components of the server. The Option keyword takes either one or Load "modulename"
two string arguments. The first is the option name, and the optional second Load a module. The module name given should be the module's standard Device Section
argument is the option value. All Option values must be enclosed in quotes. name, not the module file name. Specifies information about the video card used by the system. You must
EXAMPLE have at least one Device section in your configuration file. The active device
File Section Section "Module" is in ServerLayout->Screen.
FontPath "path" Load "extmod"
Identifier
Font path elements may be either absolute directory paths, or a font server Load "type1" Specify an unique name for this graphics card.
identifier EndSection
Driver
RGBPath "path" Specify the name of the driver to use for this graphics card.
Sets the path name for the RGB color database.
InputDevice Section EXAMPLE
ModulePath "path" Section "Device"
Allows you to set up multiple directories to use for storing modules loaded There are normally at least two InputDevice sections, one for Keyboard and Identifier "ATI Mach64"
by the XFree86 server. one for Mouse. VendorName "ATI MACH64"
EXAMPLE Identifier VideoRam 2048
Section "Files" Specify an unique name for this input device. EndSection
RgbPath "/usr/X11R6/lib/X11/rgb"
FontPath "unix/:7100" Drive r
Specify the name of the driver to use for this input device..
EndSection Monitor Section
Option "CorePointer"
Serverflags Section This input device is installed as the primary pointer device. Monitor section describes a monitor. There must be at least one monitor
section and the active one is used in ServerLayout ->Screen.
Option "DontZap" "boolean" Option "CoreKeyboard"
Disable use Ctrl+Alt+Backspace to termin ate X server. This input device is the primary Keyboard. Identifier
Specify an unique name for this monitor.
Option "DontZoom" "boolean"
Disable use ‘Ctrl+Alt +Keypad +’ and ‘Ctrl+Alt +Keypad -’ to switch video HorizSync horizsync-range
mode. Gives the range(s) of horizontal sync frequencies of this monitor in kHz.
Option "BlankTime" "time" VertRefresh vertrefresh-range
Sets the inactivity timeout for the blanking phase of the screensaver in Gives the range(s) of vertical sync frequencies of this monitor in Hz.
minutes. Default 10 min.
EXAMPLE
Option "StandbyTime" "time" Section "Monitor"
Sets the inactivity timeout for the "standby" phase of DPMS mode in Identifier "Generic Monitor "
minutes. Default 20 min. VendorName "Monitor Vendor"
ModelName "Monitor Model"
Option "SuspendTime" "time" HorizSync 31.5-56.6
Sets the inactivity timeout for the "suspend" phase of DPMS mode, default VertRefresh 40-70
30 min. EndSection
Screen Section Identifier
An unique name for this ServerLayout Section.
Screen Section binds Device and Monitor sections. There must be at least
one Screen Section. The active one is in ServerLayout section. Screen screen-num "screen-id" position-information
The screen-id field is mandatory, and specifies the Screen section being
Identifier referenced.
Specify an unique name for this Screen Section.
InputDevice "idev-id" "option" ...
Device "device-id" Normally at least two are required, one for the core pointer and the other for
This specifies the Identifier of Device section to be used for this screen. the primary keyboard devices.
Monitor "monitor-id" EXAMPLE
This specifies the Identifier of Monitor section to be used for this screen. Section "ServerLayout"
Identifier "Default Layout"
DefaultDepth depth Screen "My Screen"
Default color depth, like 8, 16 or 24.
InputDevice "Generic Keyboard"
Option "Accel" InputDevice "PS/2 Mouse"
Enables XAA (X Acceleration Architecture), default is ON. EndSection
DISPLAY SUBSECTION
Each Screen section must have at least one Display Subsection which
matches the depth values in DefaultDepth.
Depth depth
This entry specifies what color depth of this Display Subsection.
Virtual xdim ydim
Specifies the virtual screen resolution to be used.
ViewPort x0 y0
Sets the upper left corner of the initial display.
Modes "mode-name" ...
Secifies the list of video modes to use. Each mode-name specified must be
in double quotes. They must correspond to those specified in the appropriate
Monitor section (including implicitly referenced built -in ESA standard
modes). mode can be switched with Ctrl+Alt+Keypad-Plus or
Ctrl+Alt+Keypad-Minus.
EXAMPLE
Section "Screen"
Identifier "My Screen”
Device " ATI Mach64"
Monitor " Generic Monitor"
DefaultDepth 16
SubSection "Display"
Depth 16
Modes "1024x768" "800x600" "640x480"
EndSubSection
SubSection "Display"
Depth 24
Modes "1024x768" "800x600" "640x480"
EndSubSection
EndSection
ServerLayout Section
ServerLayout section binds a Screen section and one or more InputSection
to form a complete configuration. The active ServerLayout section is
specified in ServerFlags. If not, the first ServerLayout section is active. If no
ServerLayout sections are present, the single active screen and two active
(core) input devices are selected as described in the relevant sections.
Unix/Linux Command Reference .com
File Commands System Info
ls – directory listing date – show the current date and time
ls -al – formatted listing with hidden files cal – show this month's calendar
cd dir - change directory to dir uptime – show current uptime
cd – change to home w – display who is online
pwd – show current directory whoami – who you are logged in as
mkdir dir – create a directory dir finger user – display information about user
rm file – delete file uname -a – show kernel information
rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information
rm -f file – force remove file cat /proc/meminfo – memory information
rm -rf dir – force remove directory dir * man command – show the manual for command
cp file1 file2 – copy file1 to file2 df – show disk usage
cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage
doesn't exist free – show memory and swap usage
mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app
if file2 is an existing directory, moves file1 into which app – show which app will be run by default
directory file2
ln -s file link – create symbolic link link to file Compression
touch file – create or update file tar cf file.tar files – create a tar named
cat > file – places standard input into file file.tar containing files
more file – output the contents of file tar xf file.tar – extract the files from file.tar
head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with
tail file – output the last 10 lines of file Gzip compression
tail -f file – output the contents of file as it tar xzf file.tar.gz – extract a tar using Gzip
grows, starting with the last 10 lines tar cjf file.tar.bz2 – create a tar with Bzip2
compression
Process Management tar xjf file.tar.bz2 – extract a tar using Bzip2
ps – display your currently active processes gzip file – compresses file and renames it to
top – display all running processes file.gz
kill pid – kill process id pid gzip -d file.gz – decompresses file.gz back to
killall proc – kill all processes named proc * file
bg – lists stopped or background jobs; resume a
stopped job in the background Network
fg – brings the most recent job to foreground ping host – ping host and output results
fg n – brings job n to the foreground whois domain – get whois information for domain
File Permissions dig domain – get DNS information for domain
dig -x host – reverse lookup host
chmod octal file – change the permissions of file
wget file – download file
to octal, which can be found separately for user,
wget -c file – continue a stopped download
group, and world by adding:
● 4 – read (r) Installation
● 2 – write (w) Install from source:
● 1 – execute (x) ./configure
Examples: make
chmod 777 – read, write, execute for all make install
chmod 755 – rwx for owner, rx for group and world dpkg -i pkg.deb – install a package (Debian)
For more options, see man chmod. rpm -Uvh pkg.rpm – install a package (RPM)
SSH
ssh user@host – connect to host as user Shortcuts
ssh -p port user@host – connect to host on port Ctrl+C – halts the current command
port as user Ctrl+Z – stops the current command, resume with
ssh-copy-id user@host – add your key to host for fg in the foreground or bg in the background
user to enable a keyed or passwordless login Ctrl+D – log out of current session, similar to exit
Ctrl+W – erases one word in the current line
Searching Ctrl+U – erases the whole line
grep pattern files – search for pattern in files Ctrl+R – type to bring up a recent command
grep -r pattern dir – search recursively for !! - repeats the last command
pattern in dir exit – log out of current session
command | grep pattern – search for pattern in the
output of command
locate file – find all instances of file * use with extreme caution.
THE ONE PAGE LINUX MANUAL
A summary of useful Linux commands
Version 3.0 May 1999 squadron@powerup.com.au
rm name Remove a file or directory called

Starting & Stopping name
rm -rf name Kill off an entire directory and all it’s
includes files and subdirectories
shutdown -h now Shutdown the system now and do not
reboot cp filename Copy the file called filename to the
halt Stop all processes - same as above /home/dirname /home/dirname directory
shutdown -r 5 Shutdown the system in 5 minutes and

reboot mv filename Move the file called filename to the
/home/dirname /home/dirname directory
shutdown -r now Shutdown the system now and reboot
reboot Stop all processes and then reboot - same
as above cat filetoview Display the file called filetoview
startx Start the X system man -k keyword Display man pages containing
keyword
more filetoview Display the file called filetoview one
Accessing & mounting file systems page at a time, proceed to next page
using the spacebar
mount -t iso9660 /dev/cdrom Mount the device cdrom head filetoview Display the first 10 lines of the file
/mnt/cdrom and call it cdrom under the called filetoview
/mnt directory
head -20 filetoview Display the first 20 lines of the file
mount -t msdos /dev/hdd Mount hard disk “d” as a called filetoview
/mnt/ddrive msdos file system and call
it ddrive under the /mnt tail filetoview Display the last 10 lines of the file
directory called filetoview
mount -t vfat /dev/hda1 Mount hard disk “a” as a tail -20 filetoview Display the last 20 lines of the file
VFAT file system and call it called filetoview
/mnt/cdrive
cdrive under the /mnt
directory Installing software for Linux
umount /mnt/cdrom Unmount the cdrom
rpm -ihv name.rpm Install the rpm package called name
Finding files and text within files rpm -Uhv name.rpm Upgrade the rpm package called
name
find / -name fname Starting with the root directory, look
rpm -e package Delete the rpm package called
for the file called fname package
find / -name ”*fname*” Starting with the root directory, look
rpm -l package List the files in the package called
for the file containing the string fname package
locate missingfilename Find a file called missingfilename
rpm -ql package List the files and state the installed
using the locate command - this version of the package called
assumes you have already used the package
command updatedb (see next)
rpm -i --force package Reinstall the rpm package called
updatedb Create or update the database of files name having deleted parts of it (not
on all file systems attached to the linux deleting using rpm -e)
root directory
tar -zxvf archive.tar.gz or Decompress the files contained in
which missingfilename Show the subdirectory containing the tar -zxvf archive.tgz the zipped and tarred archive called
executable file called missingfilename archive
grep textstringtofind Starting with the directory called dir , ./configure Execute the script preparing the
/dir look for and list all files containing installed files for compiling
textstringtofind
The X Window System User Administration

adduser accountname Create a new user call accountname
xvidtune Run the X graphics tuning utility
passwd accountname Give accountname a new password
XF86Setup Run the X configuration menu with
automatic probing of graphics cards su Log in as superuser from current login
Xconfigurator Run another X configuration menu with exit Stop being superuser and revert to
automatic probing of graphics cards normal user
xf86config Run a text based X configuration menu
Moving, copying, deleting & viewing files Little known tips and tricks
ifconfig List ip addresses for all devices on
ls -l List files in current directory using
long format the machine
ls -F List files in current directory and apropos subject List manual pages for subject
indicate the file type usermount Executes graphical application for
ls -laC List all files in current directory in mounting and unmounting file
long format and display in columns systems
/sbin/e2fsck hda5 Execute the filesystem check utility
on partition hda5
File permissions
fdformat /dev/fd0H1440 Format the floppy disk in device fd0
tar -cMf /dev/fd0 Backup the contents of the current
directory and subdirectories to
multiple floppy disks
tail -f /var/log/messages Display the last 10 lines of the system
log.
cat /var/log/dmesg Display the file containing the boot
time messages - useful for locating
problems. Alternatively, use the
dmesg command.
* wildcard - represents everything. eg.
cp from/* to will copy all files in the
from directory to the to directory
? Single character wildcard. eg.
cp config.? /configs will copy all files
beginning with the name config. in
the current directory to the directory If the command ls -l is given, a long list of file names is
named configs. displayed. The first column in this list details the permissions
applying to the file. If a permission is missing for a owner,
[xyz] Choice of character wildcards. eg.
group of other, it is represented by - eg. drwxr-x—x
ls [xyz]* will list all files in the current
directory starting with the letter x, y, Read = 4 File permissions are altered by giving the
or z. Write = 2 chmod command and the appropriate
octal code for each user type. eg
linux single At the lilo prompt, start in single user Execute = 1
mode. This is useful if you have chmod 7 6 4 filename will make the file
forgotten your password. Boot in called filename R+W+X for the owner,
single user mode, then run the R+W for the group and R for others.
passwd command. chmod 7 5 5 Full permission for the owner, read and
ps List current processes execute access for the group and others.
kill 123 Kill a specific process eg. kill 123 chmod +x filename Make the file called filename executable
to all users.
Configuration files and what they do X Shortcuts - (mainly for Redhat)

/etc/profile System wide environment variables for
all users. Control|Alt + or - Increase or decrease the screen
resolution. eg. from 640x480 to
/etc/fstab List of devices and their associated mount 800x600
points. Edit this file to add cdroms, DOS
partitions and floppy drives at startup. Alt | escape Display list of active windows
/etc/motd Message of the day broadcast to all users Shift|Control F8 Resize the selected window
at login. Right click on desktop Display menu
etc/rc.d/rc.local Bash script that is executed at the end of background
login process. Similar to autoexec.bat in Shift|Control Altr Refresh the screen
DOS. Shift|Control Altx Start an xterm session
/etc/HOSTNAME Conatins full hostname including domain.
/etc/cron.* There are 4 directories that automatically Printing
execute all scripts within the directory at
intervals of hour, day, week or month.
/etc/rc.d/init.d/lpd start Start the print daemon
/etc/hosts A list of all know host names and IP
addresses on the machine. /etc/rc.d/init.d/lpd stop Stop the print daemon
/etc/httpd/conf Paramters for the Apache web server /etc/rc.d/init.d/lpd Display status of the print daemon
status
/etc/inittab Specifies the run level that the machine
should boot into. lpq Display jobs in print queue
/etc/resolv.conf Defines IP addresses of DNS servers. lprm Remove jobs from queue
/etc/smb.conf Config file for the SAMBA server. Allows lpr Print a file
file and print sharing with Microsoft lpc Printer control tool
clients. man subject | lpr Print the manual page called subject
~/.Xdefaults Define configuration for some X- as plain text
applications. ~ refers to user’s home man -t subject | lpr Print the manual page called subject
directory. as Postscript output
/etc/X11/XF86Confi Config file for X-Windows. printtool Start X printer setup interface
g
~/.xinitrc Defines the windows manager loaded by
X. ~ refers to user’s home directory.
Get your own Official Linux Pocket Protector - includes

handy command summary. Visit:
www.powerup.com.au/~squadron
IS-IS · PART 1 packetlife.net
4 8 12 16 Type Link-State
IRPD Packet Length
Algorithm Dijkstra
Version/Protocol ID Extension ID Length
Metric Default (10)
R R R PDU Type Version
AD 115
Reserved Maximum Area Addresses
Standard ISO 10589
Type Length
Protocols IP, CLNS
Value ...
Transport Layer 2
NSAP Addressing Authentication Plaintext, MD5
Interdomain Part Domain-Specific Part Routing Levels

Level 0 Used to locate end systems
NSAP AFI IDI HODSP
System ID SEL Level 1 Routing within an area
Condensed Area
Level 2 Backbone between areas
Example 47 0005.80ff.f800.0000 0001 0000.0c00.1234 00
Level 3 Inter-AS routing
Interdomain Part (IDP) Terminology

Portion of the address used in routing between autonomous
Type-Length-Value (TLV)
systems; assigned by ISO
Variable-length modular datasets
Domain-Specific Part (DSP)
Link State PDU (LSP)
Portion of the address relevant only within the local AS
Carry TLVs encompassing link state
Authority and Format Identifier (AFI) information
Identifies the authority which dictates the format of the address Sequence Number Packet (SNP)
Used to request and advertise LSPs; can
Initial Domain Identifier (IDI)
be complete (CSNP) or partial (PSNP)
An organization belonging to the AFI
Hello Packet
High Order DSP (HODSP) Establishes and maintains neighbor
The area within the AS adjacencies
System ID Designated Intermediate System
Unique router identifier; 48 bits for Cisco devices (often taken from A pseudonode responsible for emulating
a MAC address) point-to-point links across a multi-access
NSAP Selector (SEL) segment
Identifies a network layer service; always 0x00 in a NET address
Adjacency Requirements
Network Types · Interface MTUs must match
Broadcast Point-to-Point · Levels must match
DIS Elected Yes No · Areas must match (if level 1)
Neighbor Discovery Yes Yes · System IDs must be unique
Hello/Dead Timers 10/30 10/30 · Authentication must succeed
Troubleshooting DIS Election
show ip route show isis spf-log · Highest-priority interface elected
show ip protocols debug isis spf-events · Highest SNPA (MAC/DLCI) breaks tie
show [clns|isis] neighbor debug isis adjacencies-packets · Highest system ID breaks SNPA tie
show [clns|isis] interface debug isis spf-statistics · Default interface priority is 64
show isis database debug isis update-packets · Current DIS may be preempted

IS-IS · PART 2 packetlife.net
TLV Types
Name Use Name Use Name Use
1 Area Addresses Hello, LSP 6 IS Neighbors Hello, L2 LSP 128 IP Internal Reach. LSP
2 IS Neighbors LSP 8 Padding Hello 129 Protocols Supported Hello, LSP
3 ES Neighbors L1 LSP 9 LSP Entries SNP 131 IDRPI SNP, L2 LSP
5 Prefix Neighbors L2 LSP 10 Authentication All 132 IP Interface Address Hello, LSP
Area 1 Router A2
192.168.1.0/24 interface FastEthernet0/0
description Area 1
ip address 192.168.1.2 255.255.255.0
A3 ip router isis
A2 isis circuit-type level-1
!
router isis
A1 net 49.0001.0000.0000.00a2.00
10
0
/3
.0
Router B2
.0
.0
Area 2 Area 3
0
.4/
.0.
192.168.2.0/24 192.168.3.0/24
10
30
description Area 2
ip address 192.168.2.2 255.255.255.0
ip router isis
B2 C2 isis circuit-type level-1
10.0.0.8/30 !
B1 C1 router isis
B3 net 49.0002.0000.0000.00b2.00
C3
Router A1 Router B1
ip router isis ip router isis
isis circuit-type level-1 isis circuit-type level-1
! !
interface Serial1/0 interface Serial1/0
no ip address no ip address
encapsulation frame-relay encapsulation frame-relay
! !
interface Serial1/0.1 point-to-point interface Serial1/0.1 point-to-point
description To Area 2 description To Area 1
isis circuit-type level-2-only isis circuit-type level-2-only
! MD5 authentication (keychain not shown) ! MD5 authentication (keychain not shown)
isis authentication mode md5 isis authentication mode md5
isis authentication key-chain <keychain> isis authentication key-chain <keychain>
frame-relay interface-dlci 101 frame-relay interface-dlci 101
! !
interface Serial1/0.2 point-to-point interface Serial1/0.2 point-to-point
description To Area 3 description To Area 3
isis circuit-type level-2-only isis circuit-type level-2-only
frame-relay interface-dlci 102 frame-relay interface-dlci 103
! !
router isis router isis
net 49.0001.0000.0000.00a1.00 net 49.0002.0000.0000.00b1.00

POINT-TO-POINT PROTOCOL packetlife.net
PPP Components PPP Summary
Link Control Protocol (LCP) Standard RFC 1661
Provides for the establishment, configuration, and maintenance of a
PPP link. Protocol-independent options are negotiated by LCP.
Asynchronous serial, synchronous
Interfaces
serial, ISDN, HSSI
Network Control Protocol (NCP)
A separate NCP is used to negotiate the configuration of each PPP Features
network layer protocol (such as IP) carried by PPP.
Protocol Multiplexing · Multiple NCPs
PPP Header Optional Authentication · PAP/CHAP
8 16 24 32
Optional Compression · Stacker/predictor
Address Control Protocol
Loopback Detection · Provided by LCP
LCP Header Load Balancing · Multilink PPP

8 16 24 32
Connection Phase Flowchart
Code Identifier Length
Auth Required
Dead Establish
Authentication Protocols
No Auth
Plaintext Authentication Protocol (PAP)
Original, obsolete authentication protocol which relies on the Terminate Authenticate
exchange of a plaintext key to authenticate peers (RFC 1334). Failure
Admin Success
Challenge Handshake Authentication Protocol (CHAP) Shutdown
Authenticates peers using the MD5 checksum of a pre-shared secret Network
key (RFC 1994).
General PPP Configuration PPP Connection Example
! Configure a peer account if authentication will be used

username peer-hostname password password
LCP Configuration Request
! Configure a local IP address pool if needed LCP Configuration Ack
ip pool name first-IP last-IP
CHAP Challenge
interface Serial0/0
CHAP Response
! Enable PPP encapsulation
encapsulation ppp CHAP Success
! Enable CHAP and/or PAP for authentication IP Control Configuration Request

ppp authentication { chap | pap } [ chap | pap ]
IP Control Configuration Ack
! Enable compression CDP Control Configuration Request
compress { predictor | stac }
CDP Control Configuration Ack
! Enable peer IP address assignment (server side)
peer default ip address { pool name | IP-address } PPP Compression Algorithms
! Enable IP address negotiation (client side) Stacker
ip address negotiated Replaces repetitive data with symbols from a
dynamic dictionary (more processor-intensive)
Multilink PPP Configuration Predictor
Attempts to predict sequential data (more
! Create the multilink interface
interface Multilink1
memory-intensive)
ip address IP-address subnet-mask
ppp multilink group group
Troubleshooting
show ppp multilink
! Assign physical interfaces to the multilink group
interface Serial0/0 debug ppp authentication
encapsulation ppp
ppp multilink group group
debug ppp { negotiation | packet }

FRAME MODE MPLS packetlife.net
Protocol Header Conceptual Components
8 16 24 32 Control Plane
Label TC S TTL Facilitates label exchange between neighboring
LSRs using LDP or TDP (includes the LIB)
Forwarding/Data Plane
L2 IP Forwards packets based on label or destination
IP address (includes the FIB and LFIB)
Label stack
Label Protocols
Label (20 bits) · Unique label value LDP TDP
Traffic Class (3 bits) · CoS-mapped QoS marking Hello Address 224.0.0.2 255.255.255.255
Bottom of Stack (1 bit) · Indicates label is last in the stack Hello Port UDP/646 UDP/711
Time To Live (8 bits) · Hop counter mapped from IP TTL Adjacency Port TCP/646 TCP/711
Label Switched Path Proprietary No Cisco
Terminology
Provider Network
Label Distribution Protocol (LDP)
PE P PE Standards-based label distribution protocol
P
defined in RFC 3036
P Tag Distribution Protocol (TDP)

Cisco's proprietary predecessor to LDP
LSP
Label Switching Router (LSR)
Any router performing label switching (MPLS)
Customer Network Label-Switched Path (LSP)

The unidirectional path through one or more
LSRs taken by a label-switched packet
belonging to an FEC
CE C C CE
Forwarding Equivalence Class (FEC)
A group of packets which are forwarded in an
Customer (C) · IP-only routers internal to customer network identical manner, typically by destination prefix
Customer Edge (CE) · C routers which face PE routers and/or traffic class
Label Information Base (LIB)
Provider Edge (PE) · LSRs on the MPLS-IP boundary
Contains all labels learned by an LSR via a label
Provider (P) · MPLS-only LSRs in provider network distribution protocol
MPLS Configuration Forwarding Information Base (FIB)

Routing database for unlabeled (IP) packets
! Enable CEF Label FIB (LFIB)
ip cef Routing database for labeled (MPLS) packets
! Select label protocol Interim Packet Propagation
mpls label protocol ldp An LSR temporarily falls back to IP routing
while waiting to learn the necessary MPLS
! Enable MPLS on IP interfaces label(s)
ip address 10.0.0.1 255.255.255.252 Penultimate Hop Popping (PHP)
mpls ip The second-to-last LSR in an LSP removes the
! Raise MPLS MTU to accommodate multilabel stack MPLS label so the last LSR only has to perform
mpls mtu 1512 an IP lookup
Troubleshooting
show mpls interfaces show mpls ldp bindings [detail] (LIB) show ip cef [detail] (FIB)
show mpls ldp neighbors show mpls forwarding-table [detail] (LFIB) debug mpls […]

Binder 1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Binder 1

Uploaded by

Copyright:

Available Formats

FIRST HOP REDUNDANCY packetlife.

First Hop Redundancy Protocols Protocols Comparison

HSRP Operation VRRP Operation GLBP Operation

HSRP Configuration HSRP/GLBP Interface States

interface FastEthernet0/0 Host-Dependent · Round-robin cycling while maintaining a

by Jeremy Stretch v1.0

WLAN Types WLAN Components

Infrastructure · A WLAN attached to a wired

Measuring RF Signal Strength

dBm · Signal strength compared to a 1 milliwatt signal

dBw · Signal strength compared to a 1 watt signal

by Jeremy Stretch v1.0

Distributed Coordination Function

Interframe Spacing Client Authentication

Quality of Service Markings RF Signal Interference

by Jeremy Stretch v1.0

802.1X Header Terminology

Supplicant · The device on one end of a link that requests

Authentication Server · A backend server which

Restricted VLAN · Fallback VLAN for clients which fail

802.1X Packet Types EAP Codes

by Jeremy Stretch v1.0

Layer 2 Addressing Ranges

ip multicast-routing show ip igmp group

by Jeremy Stretch v1.0

Protocol Header Address Notation

Step 1 · Eliminate all leading zeros

Step 2 · Replace up to one set of consecutive zeros with a

Destination Address (128 bits) · Destination IP address

Special-Use Ranges Extension Headers

by Jeremy Stretch v1.1

Protocols Encryption Algorithms

by Jeremy Stretch v1.1

Quality of Service Models IP Type of Service (TOS)

Integrated Services (IntServ) · Resource Reservation Protocol (RSVP) is used to

Layer 2 QoS Markings

by Jeremy Stretch v1.2

Queuing Comparison Chart

! *** Class definitions ***

by Jeremy Stretch v1.2

Spanning Tree Protocols

Spanning Tree Instance Comparison

BPDU Format Spanning Tree Specifications Link Costs

Spanning Tree Operation Port Roles

by Jeremy Stretch v2.0

PVST+ and RPVST+ Configuration Bridge ID Format

! Set STP type

! Enabling PortFast by default Path Selection

! Set STP type BPDU Filter Blocks BPDUs on an interface

by Jeremy Stretch v2.0

TCP/IP (IPv4) reference card

Version IHL Service Total length

Application Layer Presentation Layer Options and Padding 9 IGRP

Source port Destination port

TCP/IP (IPv4) reference card

Version IHL Service Total length

Application Layer Presentation Layer Options and Padding 9 IGRP

Source port Destination port

JOHN CORDIER ACADEMY

Data TTL Protocols=1 Header checksum

7 Echo 67 DHCP server 520 RIP

Important RFC’s Interesting links

Search for RFC’s on http://www.rfc-editor.org

! * Class definitions *