Table of Contents: Network Warrior 2nd Edition
- Introduction to Network Warrior
- Network Fundamentals
- OSI Model and TCP/IP Stack
- Ethernet and Switching
- IP Addressing and Subnetting
- Cisco IOS Basics
- Command Line Interface
- Configuration Management
- Basic Commands and Navigation
- Switching Technologies
- VLANs and Trunking
- Spanning Tree Protocol (STP)
- EtherChannel and Link Aggregation
- Routing Fundamentals
- Static Routing
- Dynamic Routing Protocols
- RIP, OSPF, EIGRP
- Advanced Routing
- BGP (Border Gateway Protocol)
- Route Redistribution
- Policy-Based Routing
- Network Security
- Access Control Lists (ACLs)
- Network Address Translation (NAT)
- VPN Technologies
- Quality of Service (QoS)
- Traffic Classification
- Queuing and Scheduling
- Bandwidth Management
- Network Management
- SNMP and Monitoring
- Logging and Debugging
- Performance Optimization
- Troubleshooting
- Systematic Troubleshooting
- Common Issues and Solutions
- Tools and Techniques
1. Introduction to Network Warrior
Network Warrior by Gary A. Donahue is a comprehensive guide for network engineers working with Cisco equipment. The book focuses on practical, real-world scenarios that network professionals encounter daily.
Key Themes
- Practical Approach: Real-world examples and scenarios
- Cisco-Centric: Focus on Cisco IOS and equipment
- Troubleshooting Focus: Emphasis on problem-solving
- Production Ready: Techniques used in live networks
2. Network Fundamentals
OSI Model and TCP/IP Stack
The OSI (Open Systems Interconnection) model provides a framework for understanding network communication:
Layer 7: Application - HTTP, FTP, SMTP
Layer 6: Presentation - Encryption, Compression
Layer 5: Session - Session Management
Layer 4: Transport - TCP, UDP
Layer 3: Network - IP, ICMP
Layer 2: Data Link - Ethernet, Frame Relay
Layer 1: Physical - Cables, Hubs
TCP/IP Stack (Simplified):
Application Layer - HTTP, FTP, SMTP
Transport Layer - TCP, UDP
Internet Layer - IP, ICMP
Network Access - Ethernet, Wi-Fi
Ethernet and Switching
Ethernet Fundamentals
- CSMA/CD: Carrier Sense Multiple Access with Collision Detection
- Frame Structure: Preamble, Destination MAC, Source MAC, Type/Length, Data, FCS
- Speeds: 10 Mbps, 100 Mbps, 1 Gbps, 10 Gbps, 40 Gbps, 100 Gbps
Switching Concepts
- MAC Address Learning: Switches build MAC address tables
- Frame Forwarding: Unicast, Broadcast, Multicast
- Collision Domains: Each switch port is a separate collision domain
- Broadcast Domains: VLANs create separate broadcast domains
IP Addressing and Subnetting
IPv4 Addressing
- 32-bit addresses: Dotted decimal notation (192.168.1.1)
- Classes: A (1-126), B (128-191), C (192-223), D (224-239), E (240-255)
- Private Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
Subnetting
Key Concepts:
- Subnet Mask: Defines network and host portions
- CIDR: Classless Inter-Domain Routing notation
- VLSM: Variable Length Subnet Masking
Example:
Network: 192.168.1.0/24
Subnet Mask: 255.255.255.0
Hosts per subnet: 254
3. Cisco IOS Basics
Command Line Interface (CLI)
Modes
-
User EXEC Mode (
>)- Limited commands
- Basic monitoring
-
Privileged EXEC Mode (
#)- Full access to show commands
- Entered with
enable
-
Global Configuration Mode (
(config)#)- System-wide configuration
- Entered with
configure terminal
-
Interface Configuration Mode (
(config-if)#)- Interface-specific configuration
- Entered with
interface <interface>
Essential Commands
# Basic navigation
enable
configure terminal
exit
end
write memory
# Show commands
show version
show interfaces
show ip route
show running-config
show startup-config
# Interface configuration
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
no shutdown
Configuration Management
Configuration Files
- Running Config: Current active configuration
- Startup Config: Saved configuration (NVRAM)
- Backup: Always backup configurations before changes
Best Practices
# Save configuration
copy running-config startup-config
# or
write memory
# Backup configuration
copy running-config tftp://server/config-backup.txt
# Restore configuration
copy tftp://server/config-backup.txt running-config
4. Switching Technologies
VLANs and Trunking
VLANs (Virtual LANs)
Benefits:
- Broadcast domain segmentation
- Security isolation
- Logical grouping of devices
Configuration:
# Create VLAN
vlan 10
name Sales
# Assign port to VLAN
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
Trunking
Trunk Protocols:
- 802.1Q: Industry standard
- ISL: Cisco proprietary (deprecated)
Configuration:
# Configure trunk
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
Spanning Tree Protocol (STP)
STP Purpose
- Prevents loops in switched networks
- Provides redundant path backup
- Ensures single active path between any two network segments
STP States
- Blocking: No forwarding, learns topology
- Listening: Participates in STP, no learning
- Learning: Learns MAC addresses, no forwarding
- Forwarding: Normal operation
- Disabled: Administratively disabled
STP Variants
- STP: Original (802.1D)
- RSTP: Rapid STP (802.1w)
- MSTP: Multiple STP (802.1s)
Configuration:
# Enable RSTP
spanning-tree mode rapid-pvst
# Set root bridge priority
spanning-tree vlan 10 priority 4096
EtherChannel and Link Aggregation
EtherChannel Benefits
- Increased bandwidth
- Load balancing
- Redundancy
- Simplified configuration
Protocols:
- PAgP: Port Aggregation Protocol (Cisco)
- LACP: Link Aggregation Control Protocol (IEEE 802.3ad)
Configuration:
# Configure EtherChannel
interface range GigabitEthernet0/1-2
channel-group 1 mode active
5. Routing Fundamentals
Static Routing
Static Route Configuration
# Basic static route
ip route 192.168.2.0 255.255.255.0 192.168.1.2
# Default route
ip route 0.0.0.0 0.0.0.0 192.168.1.1
# Floating static route (backup)
ip route 192.168.2.0 255.255.255.0 192.168.1.3 10
Static Route Advantages
- No routing protocol overhead
- Predictable routing behavior
- Security (no route advertisements)
- Simple configuration
Dynamic Routing Protocols
Routing Protocol Types
- Distance Vector: RIP, EIGRP
- Link State: OSPF, IS-IS
- Path Vector: BGP
RIP (Routing Information Protocol)
Characteristics:
- Distance vector protocol
- Hop count metric (max 15)
- Updates every 30 seconds
- RIPv1 (classful), RIPv2 (classless)
Configuration:
router rip
version 2
network 192.168.1.0
network 10.0.0.0
no auto-summary
OSPF (Open Shortest Path First)
Characteristics:
- Link state protocol
- Cost-based metric
- Hierarchical design (areas)
- Fast convergence
Configuration:
router ospf 1
router-id 1.1.1.1
network 192.168.1.0 0.0.0.255 area 0
network 10.0.0.0 0.255.255.255 area 1
EIGRP (Enhanced Interior Gateway Routing Protocol)
Characteristics:
- Advanced distance vector
- Composite metric (bandwidth, delay, reliability, load)
- Fast convergence
- Cisco proprietary
Configuration:
router eigrp 100
network 192.168.1.0
network 10.0.0.0
6. Advanced Routing
BGP (Border Gateway Protocol)
BGP Basics
- Path vector protocol
- Inter-domain routing
- Policy-based routing
- TCP-based (port 179)
BGP Configuration
router bgp 65001
neighbor 192.168.1.2 remote-as 65002
network 10.0.0.0 mask 255.0.0.0
BGP Attributes
- AS Path: List of AS numbers
- Next Hop: Next router IP
- Local Preference: Path preference
- MED: Multi-Exit Discriminator
- Origin: Route origin (IGP, EGP, Incomplete)
Route Redistribution
Redistribution Concepts
- Metric Translation: Converting between protocols
- Administrative Distance: Route preference
- Route Maps: Policy control
Configuration:
router ospf 1
redistribute eigrp 100 subnets
redistribute static subnets
Policy-Based Routing (PBR)
PBR Purpose
- Override normal routing
- Traffic engineering
- Load balancing
- QoS routing
Configuration:
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
route-map PBR permit 10
match ip address 100
set ip next-hop 192.168.2.1
interface FastEthernet0/1
ip policy route-map PBR
7. Network Security
Access Control Lists (ACLs)
ACL Types
- Standard ACLs: Source IP only
- Extended ACLs: Source/destination IP, protocol, port
- Named ACLs: Descriptive names
- Time-based ACLs: Time restrictions
ACL Configuration
# Standard ACL
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 deny any
# Extended ACL
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any
# Apply ACL
interface FastEthernet0/1
ip access-group 100 out
Network Address Translation (NAT)
NAT Types
- Static NAT: One-to-one mapping
- Dynamic NAT: Pool-based mapping
- PAT (NAT Overload): Many-to-one mapping
NAT Configuration
# Static NAT
ip nat inside source static 192.168.1.10 203.0.113.10
# Dynamic NAT
ip nat pool NAT-POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0
ip nat inside source list 1 pool NAT-POOL
# PAT
ip nat inside source list 1 interface FastEthernet0/0 overload
# Define inside/outside interfaces
interface FastEthernet0/1
ip nat inside
interface FastEthernet0/0
ip nat outside
VPN Technologies
VPN Types
- Site-to-Site VPN: Router-to-router
- Remote Access VPN: Client-to-gateway
- IPSec: Security protocol suite
- SSL VPN: Web-based access
IPSec Configuration
# IKE Phase 1
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 2
lifetime 3600
# IKE Phase 2
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
# Crypto map
crypto map VPN-MAP 10 ipsec-isakmp
set peer 203.0.113.2
set transform-set ESP-AES-SHA
match address 100
8. Quality of Service (QoS)
QoS Concepts
Traffic Classification
- Class of Service (CoS): Layer 2 marking
- Type of Service (ToS): Layer 3 marking
- Differentiated Services (DSCP): Modern ToS
QoS Models
- Best Effort: No QoS guarantees
- Integrated Services (IntServ): Per-flow guarantees
- Differentiated Services (DiffServ): Class-based guarantees
Traffic Classification and Marking
# Class map
class-map match-any VOICE
match dscp ef
match dscp cs3
# Policy map
policy-map QOS-POLICY
class VOICE
priority percent 30
class class-default
bandwidth remaining percent 70
# Apply policy
interface FastEthernet0/1
service-policy output QOS-POLICY
Queuing and Scheduling
Queuing Mechanisms
- FIFO: First In, First Out
- Priority Queuing: High priority first
- Custom Queuing: Bandwidth allocation
- Weighted Fair Queuing (WFQ): Flow-based fairness
- Class-Based Weighted Fair Queuing (CBWFQ): Class-based
9. Network Management
SNMP (Simple Network Management Protocol)
SNMP Components
- Manager: Network management station
- Agent: Device being managed
- MIB: Management Information Base
- OID: Object Identifier
SNMP Configuration
# SNMP community
snmp-server community public RO
snmp-server community private RW
# SNMP traps
snmp-server host 192.168.1.100 public
snmp-server enable traps
Logging and Debugging
Logging Configuration
# Logging destination
logging host 192.168.1.100
logging facility local0
logging trap informational
# Local logging
logging buffered 4096
logging console informational
Debug Commands
# Debug examples
debug ip ospf events
debug ip eigrp neighbors
debug ip bgp updates
debug ip nat
# Conditional debug
debug ip packet access-list 100
Performance Optimization
Performance Monitoring
# Interface statistics
show interfaces
show interfaces counters
# CPU and memory
show processes cpu
show memory
# Routing table
show ip route
show ip route summary
10. Troubleshooting
Systematic Troubleshooting
Troubleshooting Methodology
- Define the Problem: What exactly is wrong?
- Gather Information: Collect relevant data
- Analyze Information: Look for patterns
- Formulate Hypothesis: What might be causing it?
- Test Hypothesis: Verify your theory
- Implement Solution: Fix the problem
- Verify Solution: Ensure problem is resolved
- Document: Record the solution
Information Gathering
# Basic information
show version
show running-config
show interfaces
show ip route
show arp
show mac address-table
# Detailed information
show interfaces status
show interfaces counters
show processes cpu history
show memory statistics
Common Issues and Solutions
Connectivity Issues
Problem: Cannot reach remote network Troubleshooting Steps:
- Check local connectivity (
pinglocal gateway) - Check routing table (
show ip route) - Check ARP table (
show arp) - Check interface status (
show interfaces)
Performance Issues
Problem: Slow network performance Troubleshooting Steps:
- Check interface utilization (
show interfaces) - Check for errors (
show interfaces counters) - Check CPU usage (
show processes cpu) - Check memory usage (
show memory)
Security Issues
Problem: Unauthorized access Troubleshooting Steps:
- Check ACLs (
show access-lists) - Check NAT translations (
show ip nat translations) - Check VPN status (
show crypto isakmp sa) - Review logs (
show logging)
Tools and Techniques
Built-in Tools
# Ping with options
ping 192.168.1.1
ping 192.168.1.1 source 192.168.2.1
ping 192.168.1.1 size 1500
# Traceroute
traceroute 8.8.8.8
# Telnet/SSH
telnet 192.168.1.1
ssh -l username 192.168.1.1
External Tools
- Wireshark: Packet analysis
- Nmap: Network scanning
- SolarWinds: Network monitoring
- PRTG: Network monitoring
- Cacti: SNMP monitoring
11. Best Practices
Configuration Management
- Document Everything: Keep detailed records
- Backup Configurations: Regular backups
- Change Management: Formal change process
- Testing: Test changes in lab first
- Rollback Plans: Always have a rollback strategy
Security Best Practices
- Strong Passwords: Use complex passwords
- Access Control: Limit administrative access
- Regular Updates: Keep IOS updated
- Monitoring: Monitor for security events
- Documentation: Document security policies
Performance Best Practices
- Baseline Performance: Establish baselines
- Regular Monitoring: Continuous monitoring
- Capacity Planning: Plan for growth
- Optimization: Regular optimization
- Documentation: Document performance metrics
12. Use Cases
When to use Network Warrior concepts:
- Enterprise network design and implementation
- Cisco equipment configuration and management
- Network troubleshooting and optimization
- Security policy implementation
- Performance monitoring and tuning
- Disaster recovery planning
Key scenarios covered:
- Multi-site network connectivity
- VLAN design and implementation
- Routing protocol selection and configuration
- Security policy enforcement
- QoS implementation for voice/video
- Network monitoring and management