“100 CCNA® Exam Gotchas – And How To Avoid Them!”

Transcription

“100 CCNA® Exam Gotchas –
And How To Avoid Them!”
Chris Bryant, CCIE™ # 12933
www.thebryantadvantage.com
The Net’s #1 Cisco Certification Site!
Copyright Information:
Cisco®, Cisco® Systems, CCIE™, and Cisco Certified Internetwork
Expert are registered trademarks of Cisco® Systems, Inc., and/or its
affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registered
trademarks, and service marks of the respective owners. Throughout
this Course Guide, The Bryant Advantage has used its best efforts to
distinguish proprietary trademarks from descriptive names by
following the capitalization styles used by the manufacturer.
Disclaimer:
This publication, 100 CCNA® Exam Gotchas – And How To Avoid
Them! is designed and intended to assist candidates in preparation
for the exams necessary for the Cisco Certified Network Associate ®
certification. All efforts have been made by the author to make this
book as accurate and complete as possible, but no guarantee,
warranty, or fitness are implied, expressly or implicitly. The enclosed
material is presented on an “as is” basis. Neither the author, Bryant
Instructional Services, or the parent company assume any liability or
responsibility to any person or entity with respect to loss or damages
incurred from the information contained in this workbook.
This Course Guide is an original work by the Author. Any similarities
between materials presented in this Study Guide and actual CCNA®
exam questions are completely coincidental.
Copyright 2005 © The Bryant Advantage
Chris Bryant
CCIE #12933
2950 Switch Gotchas
The MAC Address Table is built from source MAC addresses,
not the destination MAC. The first part of the frame
examined by the switch is indeed the source MAC, which is
used in port security as well as building the MAC address
table.
To create a trunk between two 2950s, use a crossover cable.
Keep in mind that with a crossover cable, only four of the
wires actually cross over.
A 2950’s trunk settings are desirable (the default), auto, and
on. If both sides are set to on, no trunk results. There is no
“trunk mode off” command; to prevent a port from ever
becoming a trunk port, make it an access port.
1
Chris Bryant
CCIE #12933
STP prevents switching loops; it has nothing to do with
routing loops.
Make sure to know the details of port security:
1. Restrict mode only drops frames from non-secure MAC
addresses.
2. Protect mode drops those frames as well, and also
sends a syslog message alerting the network admin to
the situation.
3. Shutdown mode, the default, places the port into “errdisabled” state and sends a syslog message. A port in
err-disabled state must be manually reopened.
The lowest BID wins the root bridge election. If the
priorities are the same, the switch with the lowest MAC will
win the election. If the priorities have been changed, the
MAC address can’t come into play, because the BID looks
like this: <priority>:<mac_address>.
2
Chris Bryant
CCIE #12933
STP considers port speed when calculating the root port. If
a switch has two ports leading to the root bridge, with one
on a 100 MBPS link and the other on a 10 MBPS link, the
port on the 100 MBPS link will become the root port, since it
will have the lowest cost of the two.
Ports in blocking mode still accept BPDUs.
When running VTP, the domain name is case sensitive. The
domain names CCNA and ccna are two different VTP domain
names.
3
Chris Bryant
CCIE #12933
If you want to create a VLAN that only a VTP Client will use,
you still have to create it on the VTP Server.
Cisco switches use one of two trunking protocols, ISL or
IEEE 802.1q (“dot1q”). ISL is Cisco-proprietary; dot1q is
the industry standard.
ISL does not recognize native vlans and encapsulates the
entire frame.
Dot1q places a 4-byte header on a frame, unless it is
destined for the native vlan. In that case, no header is
placed on the frame.
4
Chris Bryant
CCIE #12933
Frame Relay Gotchas
The DTEs have to agree on the frame encapsulation type;
the LMI has to be agreed upon between the DCE and DTE.
It’s the DTE that initiates LMI autosense. The DTE sends
three LMI, the DCE answers with a status message using its
LMI type, and the DTE then sends LMI from that point on
using only that LMI type (cisco, ansi, or q933a).
Frame map statements map a local DLCI to a remote IP
address.
Leaving the broadcast option off a frame map statement
prevents multicasts from being transmitted to that remote iP
address as well. This will stop routing updates of any kind
from getting to that remote address.
5
Chris Bryant
CCIE #12933
To prevent dynamic frame mappings from occurring, run
“no frame inverse-arp” before opening the interface.
R1#conf t
R1(config)#int serial0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame inverse-arp
Point-to-point serial interfaces do not use the frame map
statement; they use the “frame-relay interface-dlci”
statement.
R3(config)#int s0
R3(config-if)#encap frame
R3(config-if)#no frame inverse-arp
R3(config-if)#int s0.31 point
R3(config-subif)#frame map ip 110.1.1.1 110 broadcast
FRAME-RELAY INTERFACE-DLCI command should be used on point-to-point
interfaces
R3(config-subif)#frame interface-dlci 110
6
Chris Bryant
CCIE #12933
PTP Serial Connections And ISDN
The DCE supplies the clock rate, not the DTE. After running
“show controller serial x” to see which end of the DTE/DCE
cable is connected to a router, configure the clock rate
command on the DCE interface.
The Cisco-proprietary HDLC is the default encapsulation type
for serial and ISDN interfaces.
R2#show interface serial0
Serial0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
While there’s only one D-channel in BRI, PRI (US) and PRI
(EU), the bandwidth of that D-channel does vary from BRI to
PRI. It’s 16 kbps in BRI and 64 kbps in both PRI versions.
7
Chris Bryant
CCIE #12933
The global command “isdn switch-type” must be configured
before you can even begin to have ISDN work. “show isdn
status” will tell you whether or not you’ve done this
correctly.
R2#show isdn status
**** No Global ISDN Switchtype currently defined ****
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = none
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
PAP allows passwords to be different; CHAP requires that
they be the same.
PAP requires the “ppp pap sent-username” interface-level
command. CHAP has no equivalent command.
Define interesting traffic with dialer-list and link that list to
the interface with dialer-group.
R2#conf t
R2(config)#dialer-list 1 proto ip permit
R2(config)#int bri0
R2(config-if)#dialer-group 1
The “dialer idle-timeout” value is expressed in seconds, not
minutes. (Even IOS Help isn’t totally clear on this.)
R2(config)#int bri0
R2(config-if)#dialer-group 1
R2(config-if)#dialer idle-timeout ?
<1-2147483> Idle timeout before disconnecting a call
R2(config-if)#dialer idle-timeout 120
8
Chris Bryant
CCIE #12933
Dialer map maps a remote IP address to a remote phone
number. You never dial the local router’s phone number.
“dialer load-threshold” requires the “ppp multilink” command
to be configured, and the value of dialer load-threshold is
expressed as a ratio of 255, NOT 100. For example, if you
want the second b-channel to come up when the first
reaches 50% of capacity, the value to express with dialer
load-threshold would be 50% of 255 – which equals 127.
This command also requires that ppp multilink be enabled.
R2(config)#int bri0
R2(config-if)#encap ppp
R2(config-if)#ppp multilink
R2(config-if)#dialer load-threshold ?
<1-255> Load threshold to place another call
Binary / Hex / Decimal Conversions
Watch the value that Cisco’s asking you to express the
answer in. We are not going to convert the value and then
choose the answer that’s in another format. If they want a
binary value, choose a binary string, not a hex equivalent.
We’re working too hard on your CCNA to give points away.
Be careful and read the question twice.
9
Chris Bryant
CCIE #12933
Configuration Register / Passwords / CDP
There are two reasons a router goes into setup mode:
1. The startup configuration was deleted with “write
erase”
2. The contents of NVRAM were ignored because the
configuration register was set to 0x2142.
Note that the first option actually got rid of the startup
config, while the second option just ignored it.
You view the configuration register setting with “show
version”. It’s at the very bottom of all this output:
R1#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(21), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Mon 31-Dec-01 21:34 by nmasa
Image text-base: 0x0303E258, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE
SOFTWARE (fc1)
R1 uptime is 12 minutes
System restarted by reload
System image file is "flash:c2500-is-l.120-21.bin"
cisco 2520 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 07884164, with hardware revision 00000003
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
--More-00:12:41: %SYS-5-CONFIG_I: Configured from console by console
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
10
Chris Bryant
CCIE #12933
The default configuration register setting of a Cisco 2500
router is 0x2102.
IOS Help uses one character, but has two applications. By
not leaving a space between the word and the “?”, you can
see all possible commands that begin with those letters. By
putting a space in, you can see the list of possible options
that follow that command.
R1#show?
show
R1#show ?
access-expression List access expression
access-lists
List access lists
accounting
Accounting data for active sessions
aliases
Display alias commands
alps
Alps information
arp
ARP table
async
Information on terminal lines used as router interfaces
backup
Backup status
If both enable secret and enable password are in use, the
enable secret takes precedence.
If you want to see the IP address of the remotely connected
Cisco device, you need to run show cdp neighbor detail.
Show cdp neighbor doesn’t show the remote IP address.
SW1#show cdp nei detail
Device ID: R2
Entry address(es):
IP address: 10.1.1.2
Platform: cisco 2520, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): Ethernet0
Holdtime : 163 sec
11
Chris Bryant
CCIE #12933
ARP vs. RARP
ARP acquires a remote device’s MAC address when that
remote device’s IP address is known; RARP allows a device
that knows its own MAC address to retrieve its own IP
address from a RARP server. (Sounds like DHCP!)
Routing
A gateway of last resort (default static route) is configured
with ip route 0.0.0.0 0.0.0.0 <next-hop-ip or EXITinterface>.
R3(config)#ip route 0.0.0.0 0.0.0.0 ?
A.B.C.D Forwarding router's address
Ethernet IEEE 802.3
Null
Null interface
Serial Serial
A static route’s default Administrative Distance can be
changed by specifying the desired AD at the end of the ip
route command. (This is referred to as a “floating static
route”.)
R3(config)#ip route 0.0.0.0 0.0.0.0 ethernet0 ?
<1-255> Distance metric for this route
Split horizon can be turned off at the interface level.
R1#conf t
R1(config)#int serial0
R1(config-if)#no ip split-horizon
12
Chris Bryant
CCIE #12933
RIP’s default behavior is to send version 1 updates, but to
accept both version 1 and 2 routing updates.
R2(config)#router rip
R2(config-router)#net 172.16.0.0
R2(config-router)#^Z
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 6 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface
Send Recv Key-chain
Serial0
1
12
By default, RIP v2 autosummarizes routing updates send
across classful network boundaries. To disable this
behavior, run “no auto-summary” under the RIP process.
R1#conf t
R1(config-router)#version 2
R1(config-router)#no auto-summary
You do not specify a subnet mask or wildcard mask when
configuring RIP – just the classful network, even if you’re
running RIP v2.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config-router)#version 2
R1(config-router)#network 172.10.0.0 ?
<cr>
13
Chris Bryant
CCIE #12933
Debug ip rip displays the routing updates and metrics as the
advertisements are sent and requested. To see this in
action without waiting for the next regularly scheduled
update, run clear ip route *.
R1#debug ip rip
RIP protocol debugging is on
R1#clear ip route *
01:16:54: RIP: sending v1 update to 255.255.255.255 via Loopback1
(1.1.1.1)
01:16:54:
network 2.0.0.0, metric 2
01:16:54:
01:16:54:
01:16:54:
01:16:54: RIP: sending v1 update to 255.255.255.255 via Serial0
(172.16.123.1)
01:16:54:
subnet 172.16.123.0, metric 1
01:16:54:
01:16:54:
01:16:54:
01:16:54:
To see only the routes discovered by a routing protocol, run
show ip route followed by the name of the protocol:
R1#show ip route rip
R 2.0.0.0/8 [120/1] via 172.16.123.2, 00:00:26, Serial0
R 3.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
R 10.0.0.0/8 [120/1] via 172.16.13.2, 00:00:09, Serial1
[120/1] via 172.16.123.3, 00:00:09, Serial0
[120/1] via 172.16.123.2, 00:00:26, Serial0
To turn off all currently running debugs, run undebug all.
R1#undebug all
All possible debugging has been turned off
14
Chris Bryant
CCIE #12933
IGRP
IGRP and EIGRP are both Cisco-proprietary and both use
Autonomous System numbers. As Cisco-proprietary
protocols, they are unsuited for a multivendor environment.
R1(config)#router eigrp ?
<1-65535> Autonomous system number
Only IGRP and EIGRP allow unequal-cost load sharing. This
is configured with the variance command.
The defaults for equal-cost load-sharing: up to 4 paths by
default, possible range of 1 – 6, change this with the
maximum-paths command under the router process.
R1(config)#router eigrp 100
R1(config-router)#maximum-paths 2
IGRP and EIGRP both use bandwidth and delay as default
values in metric calculation; they can use bandwidth, delay,
load, and reliability.
IGRP and EIGRP assume that any serial interface is
connected to a T1 line (1.544 MBPS).
The bandwidth command is used to change the default
assumption; it does not actually change the bandwidth
allocated to the interface. Notice that the value of this
command is entered in KBPS, not BPS.
R1#conf t
R1(config)#interface serial1
R1(config-if)#bandwidth ?
<1-10000000> Bandwidth in kilobits
R1(config-if)#bandwidth 512
15
Chris Bryant
CCIE #12933
To get the value to use with variance in configuring unequalcost load-sharing with IGRP, run debug ip igrp
transactions and clear the routing table. With EIGRP, just
look in the topology table with show ip eigrp topology.
By default, IGRP and EIGRP will share the load
proportionally when unequal-cost load-sharing is configured.
For example, if the primary path’s metric is three times
better than the secondary path, the primary path will carry
roughly three times as much data.
To balance the load equally among paths when IGRP or
EIGRP are running unequal-cost load-sharing, configure the
traffic-share balanced command under the routing
process.
EIGRP routes are indicated with the letter “D”. It’s not “E”
because EGP was in the routing table already when EIGRP
was introduced.
A router only considers administrative distance if the routing
table contains two or more routes to a destination that are
reported by different protocols and have the same length
mask. AD is a measure of a route’s believability. The
lowest AD is zero, that of a connected route.
16
Chris Bryant
CCIE #12933
OSPF
OSPF configurations use wildcard masks, not subnet masks.
R2#conf t
R2(config)#router ospf 1
R2(config-router)#network 2.2.2.2 ?
A.B.C.D OSPF wild card bits
The OSPF process numbers do not have to match to form an
adjacency.
R2#conf t
R2(config-router)#net 10.1.1.0 0.0.0.255 area 0
R3#conf t
R3(config-router)#network 10.1.1.0 0.0.0.255 area 0
R3#show ip ospf nei
Neighbor ID
10.1.1.2
Pri State
1 FULL/BDR
Dead Time
00:00:36
Address
10.1.1.2
Interface
Ethernet0
OSPF-enabled routers do not send routing updates. OSPF
sends link-state advertisements.
The OSPF hello and dead timers must match for an
adjacency to form, as you’re about to see.
17
Chris Bryant
CCIE #12933
The OSPF dead-time is four times the hello-interval. If you
change the hello interval, the dead timer dynamically
changes to four times the new hello-interval value. (Notice
that OSPF’s metric is cost.)
R3#show ip ospf int e0
Ethernet0 is up, line protocol is up
Internet Address 10.1.1.3/24, Area 0
Process ID 2, Router ID 10.1.1.3, Network Type BROADCAST, Cost:
10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.1.1.3, Interface address 10.1.1.3
Backup Designated router (ID) 10.1.1.2, Interface address 10.1.1.2
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
R3(config)#int e0
R3(config-if)#ip ospf hello 5
R3#show ip ospf int e0
Ethernet0 is up, line protocol is up
Process ID 2, Router ID 10.1.1.3, Network Type BROADCAST, Cost:
10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.1.1.3, Interface address 10.1.1.3
Backup Designated router (ID) 10.1.1.2, Interface address 10.1.1.2
Timer intervals configured, Hello 5, Dead 20, Wait 20,
Retransmit 5
Note that the dead timer adjusted dynamically. Also, since
the timer is now different than the neighbor’s, this adjacency
dropped seconds later. The network type is still the same,
but the timers are different, resulting in a lost adjacency.
18
Chris Bryant
CCIE #12933
In a hub-and-spoke network, use the ip ospf priority 0
command on the spoke interfaces to prevent them from
becoming a DR or BDR.
A point-to-point OSPF network has no DR or BDR.
R1#show ip ospf nei
Neighbor ID
Interface
20.1.1.3
Pri
1
State
FULL/ -
Dead Time
00:00:36
Address
20.1.1.3
Serial1
R1#show ip ospf int serial1
Serial1 is up, line protocol is up
Process ID 1, Router ID 20.1.1.1, Network Type
POINT_TO_POINT, Cost: 195
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
R1 has a point-to-point OSPF network connection to R3. The
show neighbor command reveals a dash under “state”,
showing neither a DR or BDR.
The command ip ospf demand-circuit will prevent an
ISDN circuit from being kept up by OSPF hellos. This is an
interface-level command.
If an OSPF-enabled router has a loopback interface, that
interface’s IP address will be the Router ID (RID) of that
router, regardless of whether that loopback is advertised via
OSPF.
If an OSPF-enabled router has no loopback interface, the
highest IP address assigned to a physical interface will be
19
Chris Bryant
CCIE #12933
the RID, regardless of whether that interface is advertised
via OSPF.
To hardcode the OSPF RID, use the router-id command.
There are two ways to make the router-id command take
effect: reload the router or run the clear ip ospf process
command.
R1#conf t
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
A stub area will have a default route for any external routes
(routes learned via redistribution); a total stub router will
have a single default route to reach all internal and external
destinations.
A virtual link cannot use a stub or total stub area as a transit
area.
OSPF runs the SPF algorithm, also referred to as the Dijkstra
algorithm.
20
Chris Bryant
CCIE #12933
EIGRP
EIGRP configurations use wildcard masks, not subnet masks.
R3#conf t
R3(config-router)#net 172.10.0.0 ?
A.B.C.D EIGRP wild card bits
Like RIPv2, EIGRP autosummarizes route advertisements at
classful network boundaries. To disable this behavior, run
no auto-summary.
R3#conf t
EIGRP has three tables of interest; the route table, which
contains the best routes; the topology table, which contains
the best routes (“successor”) and less-desirable but still
valid routes (“feasible successor”); and the neighbor table,
shown here:
R2#show ip eigrp neighbor
IP-EIGRP neighbors for process 100
H Address
Interface Hold Uptime SRTT RTO Q Seq
(sec)
(ms)
Cnt Num
0 10.1.1.3
Et0
12 00:00:16 1492 5000 0 1
EIGRP uses the DUAL algorithm to compute the route
metrics and to send queries in case the successor is lost and
there is no feasible successor.
21
Chris Bryant
CCIE #12933
Advanced TCP/IP Topics
Standard ACLs filter only on the source IP address.
Regular pings can be sent from user exec, but extended
pings cannot.
R3>ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R3>ping
% Incomplete command.
R3>ping ?
WORD Ping destination address or hostname
ip IP echo
tag Tag encapsulated IP echo
Standard ACL Ranges are 1-99 and 1300-1399.
Extended ACL Ranges are 100-199 and 2000 – 2699.
Be careful when answering multiple choice questions
involving ACLs. If a standard ACL looks good but the
number isn’t in the above range… I wouldn’t pick it. ☺
A named ACL is written in the following format, but it’s
applied in the same way as a standard or extended ACL.
R3#conf t
R3(config)#ip access-list extended BLOCK_WEB_TRAFFIC
R3(config-ext-nacl)#deny tcp any any eq www
R3(config-ext-nacl)#interface serial0
R3(config-if)#ip access-group BLOCK_WEB_TRAFFIC out
Explicit denies do not nullify the implicit deny. In the above
example, that list wouldn’t just stop web traffic .. it would
22
Chris Bryant
CCIE #12933
stop ALL traffic. WWW traffic is stopped explicitly, and then
the implicit deny will stop everything else!
An interface can have two ACLs applied; one affecting
inbound traffic and the other affecting outbound traffic.
The word “any” is used to represent a wildcard mask of
255.255.255.255.
The word “host” is used to represent a wildcard mask of
0.0.0.0.
R3(config)#access-list 17 deny ?
Hostname or A.B.C.D Address to match
any
Any source host
host
A single host address
To apply an ACL to your VTY lines, use the access-class
command.
R1#conf t
R1(config)#access-list 24 permit 200.14.87.23
R1(config)#line vty 0 4
R1(config-line)#access-class 24 in
To enable PAT, configure the word overload at the end of the
ip nat inside source command.
R1(config)#ip nat inside source list 1 interface serial0 ?
overload Overload an address translation
23
Chris Bryant
CCIE #12933
Cisco routers require a password for telnet access. Anyone
trying to telnet to a router with no VTP password set will get
the message “Password required, but none set.”
R2#ping 10.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8
ms
R2#telnet 10.1.1.3
Trying 10.1.1.3 ... Open
Password required, but none set
[Connection to 10.1.1.3 closed by foreign host]
By default, users who telnet into a router are placed into
user exec mode. For them to enter privileged exec mode,
an enable password or enable secret must be set. In the
example below, a password has been entered for the VTY
lines, allowing a user to telnet in from R2. The user cannot
enter privileged exec, though, because no enable password
has been set.
R3#conf t
R3(config-line)#login
R3(config-line)#password CCNA
R3(config-line)#^Z
R3#wr
R2#telnet 10.1.1.3
User Access Verification
Password:
R3>enable
% No password set
24
Chris Bryant
CCIE #12933
An enable password is then set on R3. The user on R2 can
now telnet in with CCNA and then enter privileged exec
mode with coach.
R3#conf t
R3(config)#enable password coach
R3(config)#^Z
R2#telnet 10.1.1.3
Password:
R3>enable
Password:
R3#
To allow users who telnet into a router to be placed directly
into privileged exec mode, run the command privilege
level 15 under the VTP lines. In the below example, the
user telnetting from R2 immediately enters privileged exec
mode after entering the telnet password CCNA.
R3#conf t
R3(config-line)#privilege level 15
R3(config-line)#login
R3(config-line)#password CCNA
R2#telnet 10.1.1.3
Password:
R3#
25
Chris Bryant
CCIE #12933
To use hostnames for telnet instead of IP address, create a
host table with the ip host command.
R2#conf t
R2(config)#ip host LA 10.1.1.3
R2(config)#^Z
R2#LA
Trying LA (10.1.1.3)... Open
Password:
R3#
In the above example, after creating the IP Host table, the
user can now type “LA” instead of “telnet 10.1.1.3”.
By default, a Cisco router will attempt to resolve a mistyped
command locally in a host table, and will then attempt to
find a DNS server to resolve it. To prevent the resulting
broadcast for a DNS server, run no ip domain-lookup.
The default behavior:
R3#dfdf
Translating "dfdf"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer
address
R3#conf t
R3(config)#no ip domain-lookup
R3(config)#^Z
R3#dfdf
Translating "dfdf" (router attempts to use IP Host table to
translate, but there isn’t one in this example)
% Unknown command or computer name, or unable to find computer
address
26
Chris Bryant
CCIE #12933
The ip name-server command indicates the IP address of a
DNS server to the router. Ip domain-lookup has to be
enabled to do so. Note that no broadcast is sent when the
router is configured with the location of a DNS server.
R3#conf t
R3(config)#ip name-server 10.10.10.10
R3(config)#ip domain-lookup
R3(config)#^Z
R3#dfdf
Translating "dfdf"...domain server (10.10.10.10)
% Unknown command or computer name, or unable to find computer address
27

“100 CCNA® Exam Gotchas – And How To Avoid Them!”

Transcription

Similar documents

Chris Bosh - Computer Science Education Week

Why Choose Uniland? - Uniland Development Company

I Hope You Fail.qxd

REVEREND KEVIN A. O`BRYANT, Assistant to Senior Pastor

Woodpeckers

Phenolic Router Top Flyer

CREATING DISTRICT PLAN MAPS USING ATLASMAPS

Chapter 3 Lab 3-4, OSPF over Frame Relay

Bryant is pleased to announce that three heat pump models and a

WHAT`S NEW!