新的目標 - CCSP

　　早前，就在8月底的時候，完成了那個名叫“Cisco Network Security Fundamental Course”的東西，著實增添不少對於Security方面的知識，相信對於就讀中的CCNP也會很大的幫助。

　　CCSP已經正式改版，8月份到11月17號的這段時間是舊版到新版的一個過渡時期，可以考舊版也可以考新版的試，價錢差不多，證書的有效期也一樣，主要是考試的內容有點變化。考舊版就要先拿到CCNA，然後還要考6科，新版就要考5科。今天剛收到老師的回覆，建議我考新版，因為舊版在11月17號就過期了，而且考新版可以多學點新的Cisco產品。

　　預計可以在半年內完成這5科吧，然後加上2科CCNP，差不多一個月1科就可以了。而且到了年底了，假期比較多，公司那里還有好幾天的假期，應該問題不是很大。主要問題還是 => Money Money，5科的CCSP要US$850。明天厚著臉皮叫上司幫忙要求公司像CCNP的贊助吧，做牛做馬都可以啊，呵呵呵～

無債一身輕

哈哈哈，真的是鬆口氣，終於考完CCNA了，也完成左多媒體功課和考試～

說起CCNA，考試的過程還真的有點迂回。
預定了1號下午考試的，剛進入考試畫面的時候還可以說是順利，只是斷斷續續的停了一下，而到就要按下Agreement的那個Yes的時候，也停了“一下”。但這一下就停了半個月，我到11號早上的時候才收到VUE考試中心的電話通知，說已經可以重新安排考試了，就16號吧。這一下也給了我更多的時間去溫習，結果當然是順利的通過了。

然後了，接著就是要交多媒體課程的功課和準備考試，時間就在21號，很“緊湊”的哦。其實多媒體這個課程相對於其他的已經是較容易的了，基本上就是考電腦通識與應用，最後只用了3天的時間就準備好了。而功課也在當天晚上就完成了，老實說，相對於這個身上只有一兩個藝術細胞僅存的人來說，要畫出一份及格的Flash出來，難度還蠻大的。

最後在“黑格比”先生的陪伴下，欣賞一下這份藝術品吧。因為是公益廣告，別給太低分了 -_-''

CCNA - NAT

NAT(Network Adddress Translation)

1). NAT with Address Pool - Multi 2 Multi

2). PAT

3). Static Mapping - Address <=> Address OR Port <=> Port

Implementation:
1). NAT - Address Pool
~In Router R1~
R1(config)#ip nat pool POOL_NAME 50.0.0.1 50.0.0.254 netmask 255.255.255.0
R1(config)#access-list 10 permit 10.0.0.0 0.0.0.255
R1(config)#ip nat inside source list 10 pool POOL_NAME
R1(config)#int fa0/0
R1(config-if)#ip nat outside
R1(config-if)#int fa0/1
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

~In Router R2~
R2(config)#ip route 0.0.0.0 0.0.0.0 fa0/0


2). PAT - use only one address here, but you may use over one.
~In Router R1~
R1(config)#ip nat pool POOL_NAME 50.0.0.1 50.0.0.1 netmask 255.255.255.0
R1(config)#access-list 10 permit 10.0.0.0 0.0.0.255
R1(config)#ip nat inside source list 10 pool POOL_NAME overload
R1(config)#int fa0/0
R1(config-if)#ip nat outside
R1(config-if)#int fa0/1
R1(config-if)#ip nat inside
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

~In Router R2~
R2(config)#ip route 0.0.0.0 0.0.0.0 fa0/0


3). Static Mapping (Port Mapping)
~In Router R2~
R2(config)#ip nat inside source static tcp 30.0.0.2 80 20.0.0.2 80
R2(config)#int fa0/0
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

~In Router R1~
R1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0

CCNA - VTP

1). VTP works only if there is a link in trunk mode, not access mode

2). By compare the Configuration Revision, whatever it is client or server mode, it updates the neighbours when has higher revision number. And it is full update, elimates the differences.

3). VTP Advertisements

Summary advertisements

- Are sent every 5 minutes to inform the current VTP configuration revision number

- Immediately after a configuration has been made

Subset Advertisements

- Creating or deleting a VLAN

- Suspending or activating a VLAN

- Changing the name of a VLAN

- Changing the MTU of a VLAN

Request Advertisements

- The VTP domain name has been changed

- The switch receives a summary advertisement with a higher configuration revision number.

- A subset advertisement message is missed for some reason

- The switch has been reset

4). VTP Pruning

VTP pruning prevents unnecessary flooding of broadcast information from one VLAN across all trunks in a VTP domain. VTP pruning permits switches to negotiate which VLANs are assigned to ports at the other end of a trunk and, hence, prune the VLANs that are not assigned to ports on the remote switch. Pruning is disabled by default. VTP pruning is enabled using the vtp pruning global configuration command.

CCNA - Spanning-Tree

When 3 switch connect together, make a circle. Without spanning-tree, there will be a loop.

Here is how switches make spanning-tree, it is enabled by default on the switches.

1). Elect the Root bridge, I like to call it Root switch.

- Switches send BID(Bridge ID) out of its connecting ports.

- BID composed with Bridge Priority, Extend System ID and MAC.

- Default BID priority is 32769, but can be changed switch-globally per vlan.

- With BID, switches compare with each other, which who has lowest BID will be the Root bridge, the BOSS.

2). Elect the non-designated port on the other switches.

- There are 3 kinds of port roles, root port, designated port and non-designated port.

- Root port is the port that has the direction toward the root bridge(the BOSS), designated port is just the opposite.

- Non-designated port is the port that the traffic will be blocked on this port except BPDU.

- How to decide which switch's port to be blocked:

- They use port cost and BID to decide. The port cost is the first priority.

- Post cost is the how fast it go toward the Root bridge.

- Here are the cost definitiion: 10G - 2, 1G - 4, 100M - 19, 10M - 100.

3). States of a switch port without configurated portfast.

- Blocking: Only receivce BPDU, no other traffic

- Listening: Send and receive BPDU, preparing to participate in the active topology.

- Learning: Prepares to participate in frame forwarding and begins to populate the MAC address table.

- Forwarding: All traffic allowed.

- Disable: Port is down, administratively disabled.

4). BPDU Timers

- Hello time: By default, 2 seconds to send a BPDU frame. Can be changed between 1 and 10.

- Forward delay: The time spent in the listening and learning state. Default 15 seconds for each state, can be changed between 4 and 30.

- Maximum age: The time a switch port saves BPDU information. 20 seconds by default, but can be changed between 6 and 40.