About This E-Book
EPUB is an open, industry-standard format for e-books. However, support for EPUB
and its many features varies across reading devices and applications. Use your device
or app settings to customize the presentation to your liking. Settings that you can
customize often include font, font size, single or double column, landscape or portrait
mode, and figures that you can click or tap to enlarge. For additional information about
the settings and features on your reading device or app, visit the device manufacturer’s
Web site.
Many titles include programming code or configuration examples. To optimize the
presentation of these elements, view the e-book in single-column, landscape mode and
adjust the font size to the smallest setting. In addition to presenting code and
configurations in the reflowable text format, we have included images of the code that
mimic the presentation found in the print book; therefore, where the reflowable format
may compromise the presentation of the code listing, you will see a “Click here to view
code image” link. Click the link to view the print-fidelity code image. To return to the
previous page viewed, click the Back button on your device or app.

EXAM CRAM
CCNA Routing and Switching 200-125

Anthony Sequeira, CCIE No. 15626

800 East 96th Street
Indianapolis, Indiana 46240 USA

CCNA Routing and Switching 200-125 Exam Cram
Copyright © 2017 by Pearson Education, Inc.
All rights reserved. No part of this book shall be reproduced, stored in a retrieval
system, or transmitted by any means, electronic, mechanical, photocopying, recording,
or otherwise, without written permission from the publisher. No patent liability is
assumed with respect to the use of the information contained herein. Although every
precaution has been taken in the preparation of this book, the publisher and author
assume no responsibility for errors or omissions. Nor is any liability assumed for
damages resulting from the use of the information contained herein.
ISBN-13: 978-0-7897-5674-9
ISBN-10: 0-7897-5674-9
Library of Congress Control Number: 2016961093
Printed in the United States of America
First Printing: February 2017
Editor-in-Chief
Mark Taub

Product Line Manager
Brett Bartow

Development Editor
Christopher A. Cleveland

Managing Editor
Sandra Schroeder

Project Editor
Mandie Frank

Copy Editor
Christopher Morris

Indexer
Cheryl Lenser

Proofreader
Sathya Ravi

Technical Editor
Keith Barker

Publishing Coordinator Vanessa Evans

Designer
Chuti Prasertsith

Compositor
codeMantra
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have
been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of
this information. Use of a term in this book should not be regarded as affecting the
validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible,
but no warranty or fitness is implied. The information provided is on an “as is” basis.
The author and the publisher shall have neither liability nor responsibility to any person
or entity with respect to any loss or damages arising from the information contained in
this book or from the use of the supplementary online content.
Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs; and content
particular to your business, training goals, marketing focus, or branding interests),
please contact our corporate sales department at corpsales@pearsoned.com or (800)
382-3419.
For government sales inquiries, please contact governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact intlcs@pearson.com.

Contents at a Glance
Introduction
Part I: Network Fundamentals
CHAPTER 1 Network Fundamentals: Models and Designs
CHAPTER 2 Network Fundamentals: IPv4
CHAPTER 3 Network Fundamentals: IPv6
Part II: LAN Switching Technologies
CHAPTER 4 LAN Switching Technologies: Switching Concepts
CHAPTER 5 LAN Switching Technologies: VLANs, Trunks, and STP
CHAPTER 6 LAN Switching Technologies: EtherChannel and Switch Stacking
Part III: Routing Technologies
CHAPTER 7 Routing Technologies: Routing Concepts
CHAPTER 8 Routing Technologies: Inter-VLAN Routing
CHAPTER 9 Routing Technologies: Routing Methods
CHAPTER 10 Routing Technologies: Static Routing and Dynamic Routing
Part IV: WAN Technologies
CHAPTER 11 WAN Technologies: WAN Options
CHAPTER 12 WAN Technologies: eBGP
CHAPTER 13 WAN Technologies: QoS
Part V: Infrastructure Services
CHAPTER 14 Infrastructure Services: DNS, DHCP, NTP, HSRP
CHAPTER 15 Infrastructure Services: NAT
Part VI: Infrastructure Security
CHAPTER 16 Infrastructure Security: Access Layer Security, AAA
CHAPTER 17 Infrastructure Security: ACLs
CHAPTER 18 Infrastructure Security: Device Hardening

Part VII: Infrastructure Management
CHAPTER 19 Infrastructure Management: SNMP, Syslog, IP SLA
CHAPTER 20 Infrastructure Management: Device Management
CHAPTER 21 Infrastructure Management: Initial Device Configuration
CHAPTER 22 Infrastructure Management: Device Maintenance
CHAPTER 23 Infrastructure Management: IOS Troubleshooting Tools
CHAPTER 24 Infrastructure Management: Network Programmability
Part VIII: Command Reference, Practice Exams, and Glossary
Command Reference
Practice Exam 1
Answer Key to Practice Exam 1
Practice Exam 2
Answer Key to Practice Exam 2
Glossary
Index

To register this product and gain access to bonus content, go to
www.pearsonitcertification.com/register to sign in and enter the ISBN. After you
register the product, a link to the additional content will be listed on your Account page,
under Registered Products.

Contents

Introduction
Part I: Network Fundamentals
CHAPTER 1: Network Fundamentals: Models and Designs
Topic: Compare and contrast OSI and TCP/IP models
Topic: Compare and contrast TCP and UDP protocols
Topic: Describe the impact of infrastructure components in an enterprise network
Topic: Describe the effects of cloud resources on enterprise network architecture
Topic: Compare and contrast collapsed core and three-tier architectures
Topic: Compare and contrast network topologies
Topic: Select the appropriate cabling type based on implementation requirements
Topic: Apply troubleshooting methodologies to resolve problems
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 2: Network Fundamentals: IPv4
Topic: Configure, verify, and troubleshoot IPv4 addressing and subnetting
Topic: Compare and contrast IPv4 address types
Topic: Describe the need for private IPv4 addressing
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 3: Network Fundamentals: IPv6
Topic: Identify the appropriate IPv6 addressing scheme to satisfy addressing
requirements in a LAN/WAN environment
Topic: Configure, verify, and troubleshoot IPv6 addressing
Topic: Configure and verify IPv6 Stateless Address Auto Configuration
Topic: Compare and contrast IPv6 address types
Review Questions
Answers to Review Questions
Additional Resources
Part II: LAN Switching Technologies

CHAPTER 4: LAN Switching Technologies: Switching Concepts
Topic: Describe and verify switching concepts
Topic: Interpret Ethernet frame format
Topic: Troubleshoot interface and cable issues (collisions, errors, duplex, speed)
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 5: LAN Switching Technologies: VLANs, Trunks, and STP
Topic: Configure, verify, and troubleshoot VLANs (normal range) spanning
multiple switches
Topic: Configure, verify, and troubleshoot interswitch connectivity
Topic: Configure, verify, and troubleshoot STP protocols
Topic: Configure, verify, and troubleshoot STP-related optional features
Topic: Configure and verify Layer 2 protocols
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 6: LAN Switching Technologies: EtherChannel and Switch Stacking
Topic: Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel
Topic: Describe the benefits of switch stacking and chassis aggregation
Review Questions
Answers to Review Questions
Additional Resources
Part III: Routing Technologies
CHAPTER 7: Routing Technologies: Routing Concepts
Topic: Describe the routing concepts
Topic: Interpret the components of routing table
Topic: Describe how a routing table is populated by different routing information
sources
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 8: Routing Technologies: Inter-VLAN Routing

Topic: Configure, verify, and troubleshoot inter-VLAN routing
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 9: Routing Technologies: Routing Methods
Topic: Compare and contrast static routing and dynamic routing
Topic: Compare and contrast distance vector and link state routing protocols
Topic: Compare and contrast interior and exterior routing protocols
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 10: Routing Technologies: Static Routing and Dynamic Routing
Topic: Configure, verify, and troubleshoot IPv4 and IPv6 static routing
Topic: Configure, verify, and troubleshoot single area and multi-area OSPFv2 for
IPv4 (excluding authentication, filtering, manual summarization, redistribution,
stub, virtual-link, and LSAs)
Topic: Configure, verify, and troubleshoot single area and multi-area OSPFv3 for
IPv6 (excluding authentication, filtering, manual summarization, redistribution,
stub, virtual-link, and LSAs)
Topic: Configure, verify, and troubleshoot EIGRP for IPv4 (excluding
authentication, filtering, manual summarization, redistribution, and stub)
Topic: Configure, verify, and troubleshoot EIGRP for IPv6 (excluding
authentication, filtering, manual summarization, redistribution, and stub)
Topic: Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding
authentication, filtering, manual summarization, and redistribution)
Topic: Troubleshoot basic Layer 3 end-to-end connectivity issues
Review Questions
Answers to Review Questions
Additional Resources
Part IV: WAN Technologies
CHAPTER 11: WAN Technologies: WAN Options
Topic: Configure and verify PPP and MLPPP on WAN interfaces using local
authentication
Topic: Configure, verify, and troubleshoot PPPoE client-side interfaces using
local authentication

Topic: Configure, verify, and troubleshoot GRE tunnel connectivity
Topic: Describe WAN topology options
Topic: Describe WAN access connectivity options
Review Questions
Answers to Review Questions
Additional Resource
CHAPTER 12: WAN Technologies: eBGP
Topic: Configure and verify single-homed branch connectivity using eBGP IPv4
(limited to peering and route advertisement using Network command only)
Review Questions
Answers to Review Questions
Additional Resource
CHAPTER 13: WAN Technologies: QoS
Topic: Describe basic QoS concepts
Review Questions
Answers to Review Questions
Additional Resource
Part V: Infrastructure Services
CHAPTER 14: Infrastructure Services: DNS, DHCP, NTP, HSRP
Topic: Describe DNS lookup operation
Topic: Troubleshoot client connectivity issues involving DNS
Topic: Configure and verify DHCP on a router (excluding static reservations)
Topic: Troubleshoot client- and router-based DHCP connectivity issues
Topic: Configure and verify NTP operating in client/server mode
Topic: Configure, verify, and troubleshoot basic HSRP
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 15: Infrastructure Services: NAT
Topic: Configure, verify, and troubleshoot inside source NAT
Review Questions
Answers to Review Questions
Additional Resource

Part VI: Infrastructure Security
CHAPTER 16: Infrastructure Security: Access Layer Security, AAA
Topic: Configure, verify, and troubleshoot port security
Topic: Describe common access layer threat mitigation techniques
Topic: Describe device security using AAA with TACACS+ and RADIUS
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 17: Infrastructure Security: ACLs
Topic: Configure, verify, and troubleshoot IPv4 standard numbered and named
access list for routed interfaces
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 18: Infrastructure Security: Device Hardening
Topic: Configure, verify, and troubleshoot basic device hardening
Review Questions
Answers to Review Questions
Additional Resources
Part VII: Infrastructure Management
CHAPTER 19: Infrastructure Management: SNMP, Syslog, IP SLA
Topic: Configure and verify device-monitoring using syslog and SNMP
Topic: Troubleshoot network connectivity issues using ICMP echo-based IP SLA
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 20: Infrastructure Management: Device Management
Topic: Configure and verify device management
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 21: Infrastructure Management: Initial Device Configuration
Topic: Configure and verify initial device configuration

Review Questions
Answers to Review Questions
Additional Resource
CHAPTER 22: Infrastructure Management: Device Maintenance
Topic: Perform device maintenance
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 23: Infrastructure Management: IOS Troubleshooting Tools
Topic: Use Cisco IOS tools to troubleshoot and resolve problems
Review Questions
Answers to Review Questions
Additional Resources
CHAPTER 24: Infrastructure Management: Network Programmability
Topic: Describe network programmability in enterprise network architecture
Review Questions
Answers to Review Questions
Additional Resource
Part VIII: Command Reference, Practice Exams, and Glossary
Command Reference
Practice Exam 1
Answer Key to Practice Exam 1
Practice Exam 2
Answer Key to Practice Exam 2
Glossary
Index

Preface
Why is this book so valuable? Why is it an excellent last resource prior to your exam?
Let me outline that for you here:
This book balances the two potential areas of expertise you need for each exam
topic. You either need to focus on the theory of a technology or you need to be able
to demonstrate mastery of configuration, verification, and troubleshooting. You can
trust this text to guide you through the precise knowledge you need, topic by topic.
As alluded to above, this text remains tightly in scope with the exam. Although
larger texts might provide background or peripheral information about a topic, this
book is laser-focused on just those topics you need to master for success in the
exam environment. We certainly encourage the reading and study of larger works
for those that require it.
Your author and technical reviewer have specialized in writing about and training
candidates in all things CCNA since the inception of the certification in 1998.
Your author and technical reviewer take the actual CCNA exam as many times as
Cisco permits them in a constant effort to be intimately familiar with the exam
itself and Cisco’s testing techniques.
This book is filled with valuable resources to assist you immediately in your
passing score—these resources include CramSavers, CramQuizzes, Review
Questions, Final Exams, a Command Reference, and even CramSheets.

He quickly formed his own computer consultancy. . and enjoys getting beaten up by women and children at the martial arts school he attends with his daughter. Computer Solutions. Follow Anthony today on Twitter @compsolv or Facebook at facebook. a private pilot.About the Author Anthony Sequeira (CCIE No. and then discovered his true passion—teaching and writing about Microsoft and Cisco technologies. 15626) began his IT career in 1994 with IBM in Tampa. Anthony has lectured to massive audiences around the world while working for Mastering Computers. Anthony has never been happier in his career than he is now as a full-time trainer for CBT Nuggets.com/compsolv. a semi-professional poker player. He is an avid tennis player. Florida.

This was my first book of many where you were old enough to help write it! Thank you.Dedication This book is dedicated to my beautiful daughter Annabella (Bella) Joy Sequeira. my Bell! .

Keith.Acknowledgments I cannot thank Keith Barker enough! He helped me acquire this incredible opportunity. and he improved the book dramatically as its technical editor. I am so lucky to have you as a friend and brother from another Mother! .

ITIL. . on YouTube at Keith6783. CCISP. He can be reached through his Facebook page: Keith Barker Networking. Palo Alto. and has also earned certifications associated with VMware. is a Cisco CCIE in Route/Switch and Security. and others.About the Technical Reviewer Keith Barker began as a network technician for Electronic Data Systems (EDS) in 1985 and has had experience in IT and networking for more than 30 years. Keith creates training for CBT Nuggets. Check Point. or on Twitter @KeithBarkerCCIE.

We will carefully review your comments and share them with the author and editors who worked on the book. you are our most important critic and commentator. please be sure to include this book’s title and author as well as your name and email address. We value your opinion and want to know what we’re doing right.We Want to Hear from You! As the reader of this book. We welcome your comments.com Mail: Pearson IT Certification ATTN: Reader Feedback 800 East 96th Street Indianapolis. what we could do better. IN 46240 USA . Email: feedback@pearsonitcertification. Please note that we cannot help you with technical problems related to the topic of this book. and any other words of wisdom you’re willing to pass our way. You can email or write to let us know what you did or didn’t like about this book—as well as what we can do to make our books better. what areas you’d like to see us publish in. When you write.

com/register and log in or create an account*. and corrections as they become available. To start the registration process. . go to www.pearsonitcertification.Reader Services Register your copy of CCNA Routing and Switching 200-125 Exam Cram at www. you will find any available bonus content under Registered Products. *Be sure to check the box that you would like to hear from us to receive exclusive discounts on future editions of this product. Enter the product ISBN 9780789756749 and click Submit.com for convenient access to downloads. updates.pearsonitcertification. When the process is complete.

Included are sections covering preparation. Let’s begin by looking at preparation for the exam. Review Questions to end each chapter: Your final pass through the material for that chapter. and certification.cisco. open- ended questions ensure you really know the material. Each chapter in this book contains practice questions. There are also two full-length practice exams at the end of the book. a description of this book’s contents. you’ll find information here that will ensure your success as you pursue knowledge. experience. CramQuizzes to end each section: Another chance to demonstrate your knowledge after completing a section. . Practice Tests This book is filled with practice exam questions to get you ready! Enjoy the following: CramSaver questions before each and every section: These difficult. This book is one of the Exam Cram series of books and will help by getting you on your way to becoming a CCNA. Two full final exams: These exams include explanations and tips for approaching each final exam question. Practice exams in this book should provide an accurate assessment of the level of expertise you need to obtain to pass the test. How to Prepare for the Exam This text follows the official exam objectives letter for letter. Answers and explanations are included for all test questions. This introduction discusses the basics of the CCNA exam. These official objectives from Cisco Systems can be found here: https://learningnetwork.com/community/certifications/ccna/ccna- exam/exam-topics Following the exam topics item by item and in their original order allows you to ensure you are ready for the real exam questions that will come your way on your actual test date. finally. Whether this is your first or your fifteenth Exam Cram. Some readers use these questions in order to “test out” of a particular section. how this book is organized.Introduction Welcome to CCNA Routing and Switching 200–125 Exam Cram! This book covers the accelerated CCNA certification exam. how to take an exam. and. This introduction covers how the Exam Cram series can help you prepare for the CCNA exam. author contact information. It is best to obtain a level of understanding equivalent to a consistent pass rate of at least 90 percent or more on the practice questions and exams in this book before you attempt the real exam.

In the Testing Center You will not be allowed to take into the examination room study materials or anything else that could raise suspicion that you’re cheating. which means you should schedule your exam in advance to make sure you can get the specific date and time you would like. because if you are late. The testing center staff requires proof that you are who you say you are and that someone else is not taking the test for you. Arriving at the Exam Location As with any examination. the book includes two additional full practice tests in the Pearson Test Prep software available to you either online or as an offline Windows application.pearsonvue. books. ExamAlert You’ll be spending a lot of time in the exam room. Taking a Certification Exam When you have prepared for the exam. you must register with Cisco Systems to take the exam. This includes practice test material. The insert card in the back of the book includes a special offer for a 70 percent discount off of this Premium Edition eBook and Practice Test product.In addition. After you register. If you are interested in more practice exams than are provided with this book. To access the practice exams. You can register for an exam online or by phone. allowing you to easily refresh your knowledge. This card includes a unique access code that enables you to activate your exams in the Pearson Test Prep software. or other test aids. Some locations may have limited test centers available. Policies differ from location to location regarding bathroom breaks—check with the testing center before beginning the exam. Arrive early. The Testing Center will provide you with scratch paper and a pen or pencil. Pearson IT Certification publishes a Premium Edition eBook and Practice Test product. you will receive a confirmation notice. The CCNA exam is given at Pearson VUE testing centers. you will be barred from entry and will not receive a refund for the cost of the exam. which is an incredible deal. arrive at the testing center early. These days. and Kindle) this product provides you with two additional exams’ worth of questions. please see the instructions in the card inserted in the sleeve in the back of the book. PDF. Plan on using the full two hours of time allotted for your exam and surveys. The Premium Edition version also offers you a link to the specific section in the book that presents an overview of the topic covered in the question.com/ to get specific details. In addition to providing you with three eBook files (EPUB. Be prepared! You need to bring two forms of identification (one with a picture). this often comes in the form of an . Check the Pearson VUE website at http://www. exam prep guides.

Most people seeking certification use multiple sources of information. tips. Exam Cram books use elements such as ExamAlerts. this book is set up so that you can quickly jump back and forth to find sections you need to study. This allows those individuals to see what areas they are weak in. If you pass the exam. You can always brush up on specific topics in detail by referring to the table of contents and the index. This book includes other helpful elements in addition to the actual logical. you will simply receive a passing grade—your exact score will not be provided. Candidates who do not pass will receive a complete breakdown on their score by domain. . This text also includes a very helpful command reference and glossary to assist you. rapid presentation of facts. Check out the links at the end of each chapter to get more information about subjects you’re weak in. After the Exam Examination results are available after the exam. you can use this book as a rapid-access reference manual. an Exam Cram book is also extremely useful as a quick reference manual. it should be noted that an Exam Cram book is a very easily readable.erasable whiteboard. notes. Use the practice questions to test your knowledge. and practice questions to make information easier to read and absorb. About This Book The ideal reader for an Exam Cram book is someone seeking certification. The Exam Blueprint The table that follows outlines the CCNA exam domains and objectives and maps the objectives to the chapter(s) in the book that cover them in detail. step-by-step learning progression of the chapters themselves. Therefore. Even after you achieve certification. Use the CramSheet to remember last-minute facts immediately before the exam. However. Note Reading this book from start to finish is not necessary.

.

.

.

.

.

The Chapter Elements Each Exam Cram book has chapters that follow a predefined structure. The following elements typically are used: Chapter topics Essential Terms and Components CramSavers CramQuizzes ExamAlerts Notes Exam preparation practice questions and answers An “Additional Resources” section at the end of each chapter . This structure makes Exam Cram books easy to read and provides a familiar format for all Exam Cram books.

A picture can paint a thousand words sometimes. The objective of an Exam Cram book is to cover all the important facts without giving too much detail. Notes—Notes typically contain useful information that is not directly related to the current topic under consideration. Each chapter contains a list of questions relevant to that chapter. including answers and explanations. This chapter element is designed to help you determine if you need to read the whole section in detail or merely skim the material and skip ahead to the CramQuiz at the end of the section. Test your skills as you read. Review Questions—At the end of every chapter is a battery of exam practice questions similar to those in the actual exam. exam-related information. Now let’s look at each of the elements in detail. tricky. numbered lists. Additional Resources section—This section at the end of each chapter describes . An ExamAlert looks like this: ExamAlert Make sure you remember the different ways in which you can access a router remotely. CramQuizzes—Each major section in the chapter concludes with a multiple choice question quiz to help ensure that you have gained a familiarity with the section content. Note Bulleted lists. To avoid breaking up the flow of the text. and tables can help to associate different elements with each other visually. ExamAlerts—ExamAlerts address exam-specific. These are all defined in the book’s accompanying Glossary. they are set off from the regular text. Essential Terms and Components—The start of every chapter contains a list of terms and concepts you should understand. tables. An ExamAlert addresses content that is particularly important. they are included. Note This is a note. You have already seen several notes. Chapter topics—Each chapter contains details of all subject matter listed in the table of contents for that particular chapter. it is an exam cram. When examples are required. Know which methods are secure. or likely to appear on the exam. and graphics are also used where appropriate. and which are not. CramSavers—Each major section in the chapter kicks off with a brief short answer question quiz to help you assess your knowledge of the section topic.

com/ register and entering the ISBN: 9780789756749. This card includes a unique access code that enables you to activate your exams in the Pearson Test Prep software. Pearson Test Prep Practice Test Software As noted previously. Practice exams—In addition to exam-preparation questions at the end of each chapter. Accessing the Pearson Test Prep Software Online . two full practice exams are included at the end of the book. These practice tests are available to you either online or as an offline Windows application. Other Book Elements Most of this Exam Cram book on CCNA follows the consistent chapter structure already described. 3. Companion website—The companion website for your book allows you to access several digital assets that come with your book. please see the instructions in the card inserted in the sleeve in the back of the book. including: Pearson Test Prep software (both online and Windows desktop versions) Key Terms Flash Cards application A PDF version of the command reference A PDF version of the CramSheet To access the book’s companion website. other relevant sources of information related to the chapter topics covered. there are various. Go to your account page and select the Registered Products tab. Glossary—The glossary contains a listing of important terms used in this book with explanations. CramSheets often include a simple summary of the facts that are most difficult to remember. this book comes complete with the Pearson Test Prep practice test software containing four full exams (the two from the back of the book as well as two additional tests). 4. providing answers and explanations to the questions in the exams. Register your book by going to: PearsonITCertification. tear-out cardboard sheet of important facts useful for last-minute preparation. important elements that are not part of the standard chapter format. CramSheet—The CramSheet is a quick-reference. simply follow these steps: 1. Click on the Access Bonus Content link under the product listing. Answers and explanations for practice exams—These follow each practice exam. 2. However. To access the practice exams that were developed with this book. Command reference—This valuable study guide appears at the end of the text. Respond to the challenge questions. These elements apply to the entire book as a whole.

simply follow these steps: 1. 6. The product will now be listed in your My Products page. and follow the on-screen instructions to complete the registration. Accessing the Pearson Test Prep Software Offline If you wish to study offline. click the Activate New Product button.com/content/downloads/pcpt/engine. 6. In the My Products tab. Enter the access code printed on the insert card in the back of your book to activate your product. including desktop machines. 4. 7. When the installation is complete. Click the Install Pearson Test Prep Desktop Version link under the Practice Exams section of the page to download the software.com/register and entering the ISBN: 9780789756749. Select Pearson IT Certification as your product group. 3. Click on the Access Bonus Content link under the product listing. 8. 9. Click the Activate a Product button in the Activate Product Wizard. launch the application and select Activate Exam button on the My Products tab. After the software finishes downloading.pearsonitcertification. 11. you can download and install the Windows version of the Pearson Test Prep software. 10. Go to: http://www.PearsonTestPrep. Click Next and then the Finish button to download the exam data to your application. Go to your account page and select the Registered Products tab. and smart-phones.The online version of this software can be used on any device with a browser and connectivity to the Internet. 3. Enter the unique access code found on the card in the sleeve in the back of your book and click the Activate button.com. Click the Exams button to launch the exam settings screen and start your exam. To start using your practice exams online. tablets.com. Enter your email/password for your account. There is a download link for this software on the book’s companion website. you will need to establish one by going to PearsonITCertification. You can now start using the practice exams by selecting the product and clicking .com or CiscoPress.com/join. Register your book by going to: PearsonITCertification. 2. or you can just enter this link in your browser: http://www. 2. Respond to the challenge questions. unzip all the files on your computer. 12. simply follow these steps: 1. 5. 5. 4.zip To access the book’s companion website and the software. If you don’t have an account on PearsonITCertification. Double-click the application file to start the installation.

the Open Exam button to open the exam settings screen. In addition to these three modes. Customizing Your Exams Once you are in the exam settings screen. Updating Your Exams If you are using the online version of the Pearson Test Prep software. You can have the test engine serve up exams from all four banks or just from one individual bank by selecting the desired banks in the exam bank area. Note that the offline and online versions will synch together. Use this mode when you are preparing to test your exam readiness. The two exams printed in the book are available to you as well as two additional exams of unique questions. whether to show the number of correct answers for multiple answer questions. You can choose to take exams that cover all of the chapters or you can narrow your selection to just a single chapter or the chapters that make up specific parts in the book. you can choose to take exams in one of three modes: Study Mode Practice Exam Mode Flash Card Mode Study Mode allows you to fully customize your exams and review answers as you are taking the exam. so it should not be used if you are trying to identify knowledge gaps. whether to randomize questions and answers. as it is presenting a realistic exam experience. This mode is great for late stage preparation when you really want to challenge yourself to provide answers without the benefit of seeing multiple choice options. or whether to serve up only specific types of questions. such as the time of the exam. If you want to narrow your focus to individual chapters. If you are using the Windows desktop version. Practice Exam Mode locks certain customization options. You can also select the exam banks on which to focus. the number of questions served up. This is typically the mode you would use first to assess your knowledge and identify information gaps. This mode will not provide the detailed score reports that the other two modes will. you will be able to select the source of your questions. every time you launch the software. you should always have access to the latest version of the software as well as the exam data. You can also create custom test banks by selecting only questions that you have marked or questions on which you have added notes. simply deselect all the chapters then select only those on which you wish to focus in the Objectives area. Each exam bank comes complete with a full exam of questions that cover topics in every chapter. All chapters are selected by default. Flash Card Mode strips out the answers and presents you with only the question stem. There are several other customizations you can make to your exam from the exam settings screen. it will check to see if there are any updates to your exam data and automatically download any changes . so saved exams and grade results recorded on one version will be available to you on the other as well.

Windows desktop version.com. This will ensure you are running the latest version of the software engine. Thank you for selecting my book. Contacting the Author Hopefully. you may need to manually update your exams. This requires that you are connected to the Internet at the time you launch the software. I have worked to apply the same concepts in this book that I have used in the hundreds of training classes I have taught. the exam data may not fully download when you activate your exam. To update a particular exam you have already activated and downloaded. Again. If you wish to check for updates to the Pearson Test Prep exam engine software. too. You can contact the author at compsolv@me.that were made since the last time you used the software. you will certainly minimize the amount of luck required! . although if you carefully work through this text. simply select the Tools tab and select the Update Application button. Sometimes. simply select the Tools tab and select the Update Products button. Good luck for the exam. this is only an issue with the desktop Windows application. can become a CCNA. If you find that figures or exhibits are missing. due to many factors. Feedback is appreciated. this book provides you with the tools you need to pass the CCNA exam. Spend your study time wisely and you.

There are three chapters total that make up Part 1. Here you master networking models and designs. You dig deep into the worlds of TCP/IP version 4 and TCP/IP version 6. whereas more and more installations should make IPv6 predominant. You also master key fundamentals of networking such as transport protocols and cabling. Part I: Network Fundamentals This part of the text deals with one of the seven overall sections you must master for the CCNA exam. These three chapters taken as a whole represent 15 percent of the exam questions you face in your exam. including cloud-based technologies. Version 4 should gradually fade away from usage (although perhaps never completely). Part 1 includes the following chapters: CHAPTER 1 Network Fundamentals: Models and Designs CHAPTER 2 Network Fundamentals: IPv4 CHAPTER 3 Network Fundamentals: IPv6 . Both of these protocol suites are already popular today.

this is just a portion of the Network Fundamentals area. respectively. The topics covered in Chapters Two and Three complete the Network Fundamentals grouping.Chapter 1. Remember. Network Fundamentals: Models and Designs This chapter covers the following official CCNA 200-125 exam topics: Compare and contrast OSI and TCP/IP models Compare and contrast TCP and UDP protocols Describe the impact of infrastructure components in an enterprise network Describe the effects of cloud resources on enterprise network architecture Compare and contrast collapsed core and three-tier architectures Compare and contrast network topologies Select the appropriate cabling type based on implementation requirements Apply troubleshooting methodologies to resolve problems This chapter ensures you are ready for the above topics from the Network Fundamentals section of the overall exam blueprint from Cisco Systems. Essential Terms and Components The OSI (Open Systems Interconnection Model) The TCP/IP (Transmission Control Protocol/Internet Protocol) Model TCP (Transmission Control Protocol) UDP (User Datagram Protocol) Firewalls APs (Access Points) WLCs (Wireless LAN Controllers) Cloud Resources Three-Tier Network Designs Collapsed Core Network Designs Network Topologies Star Topologies Mesh Topologies Hybrid Topologies Network Cabling Types Troubleshooting Methodologies . These chapters deal with IPv4 and IPv6.

Name the four layers of the TCP/IP model from top to bottom. Fault Isolation Escalation Resolution Monitoring Documentation Topic: Compare and contrast OSI and TCP/IP models CramSaver If you can correctly answer these CramSaver questions. save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section. Name the missing levels of the OSI model from top to bottom. What two layers of the OSI model are associated with the network interface layer of the TCP/IP model? _________ . Name the protocol that maps Layer 2 to Layer 3 addresses? _________ 5. Application _________ _________ _________ _________ _________ _________ 2. If you are in doubt at all—read EVERYTHING in this chapter! 1. _________ _________ _________ _________ 3. _________ _________ _________ _________ 4. Name the PDUs of the bottom four layers of the OSI model from top to bottom.

1 shows the classic OSI and TCP/IP models for networking. Application Transport Internet Network Interface 3. Frames d. Segments b. . Application Presentation Session Transport Network Data Link Physical 2. Data Link Physical Figure 1. ARP (Address Resolution Protocol) 5. a. Bits 4. Packets c. Notice how the layers between the two compare. _________ Answers 1.

when possible. Remember the acronym All People Seem To Need Data Processing or Please Do Not Throw Sausage Pizza Away to help when recalling the order of the layers with the OSI model. Here is a recap of the major functions of each of the layers of the OSI model: Physical: Defines the electrical and physical specifications. Transport: This layer controls the reliability of communications through flow control mechanisms. corrects errors found at the physical layer. Data Link: Detects and. ExamAlert To establish a TCP connection before the transmission of data. for reliable delivery. or User Datagram Protocol (UDP). Address Resolution Protocol (ARP) is used to resolve Layer 3 network IP addresses to Layer 2 Ethernet addresses on LANs. This process is as follows: .1 The OSI and TCP/IP Models ExamAlert Be ready to name all seven layers of the OSI model and their function. TCP uses a three-way handshake. be ready to name the TCP/IP layers and how they might coordinate to the OSI model. Network: Provides for logical network addressing. for unreliable delivery. FIGURE 1. defines the Layer 2 protocols to establish and terminate a connection between two physically connected devices. Also. important examples of protocols used at this layer are Transmission Control Protocol (TCP).

the client sends an ACK back to the server. 2. Application: This layer provides services for end user applications so that communication with another application across the network is effective. Session: This layer controls the logical connections between two systems. manages. we tend to reference the information above Layer 4 as simply data. and terminates the connections between the local and remote systems. As a result. For example. you often hear them discussed as simply Layers 1 through 4. 3. ACK: Finally. you might simply say Layer 2 instead of the data link layer. An easy way to remember them is the acronym—Some People Fear Birthdays. we often deal with the bottom four layers intensely. Note As network engineers. By the way. Presentation: This layer is sometimes called the syntax layer because it ensures that network formats are converted in such a way that the application layer can understand them. the server replies with a SYN-ACK.2 shows the specific PDU names for each layer. both the client and server have both received an acknowledgment from each other regarding the connection.2 The PDUs of the Bottom Four Layers ExamAlert Be prepared to reference these PDU names for the bottom four layers of the OSI model. Another important skill is identifying the sample technologies we work with every day . Figure 1. At this point. SYN-ACK: In response. The data and header information (Protocol Data Units) that are built at each of the bottom four layers of the OSI model receive special names. it establishes. FIGURE 1. 1. SYN: The client sends a SYN to the server.

1 provides important sample information in this regard. This is the job of ARP. What protocol is used for a host to discover the L2 address of the next device in the path towards a remote destination? A. Network B. Name at least four key characteristics of UDP. Session D. The Transport layer of the TCP/IP model coordinates directly with the Transport layer of the OSI model. _________ . D is correct. ARP 2. Transport C. B is correct. Presentation CramQuiz Answers 1. 2. What layer of the OSI model coordinates with the Transport layer of the TCP/IP model? A. UDP C.1 Protocols at Various Layers CramQuiz 1.and at what layer of the OSI model they exist. Table 1. TABLE 1. TCP B. Topic: Compare and contrast TCP and UDP protocols CramSaver 1. DNS D.

UDP can multiplex using port numbers to work with multiple applications. connection-oriented communications. _________ _________ _________ 2. whereas UDP is for connectionless transport. UDP is connectionless. but keep in mind that TCP adds overhead and some inefficiencies to the process. This is the reason that UDP is often used for things like voice and video communications. In fact. sequencing and acknowledgements to ensure reliable and ordered delivery of segments. UDP has very little overhead. Name at least four key characteristics of TCP. UDP is often used for voice and video traffic forms. TCP uses features like flow control. not all traffic relies upon TCP or UDP at the Transport layer. TCP can multiplex using port numbers to work with multiple applications. It might seem as if you would never want to send information in an unreliable manner using UDP. ExamAlert Remember. where efficiency and non-delay of packets is key at the sacrifice of reliability mechanisms. Here is a list of examples of protocol identifiers from the IP header: . TCP is connection-oriented. A great clue for traffic forms that do not use them are those that have their own protocol identifiers. TCP is used for reliable. TCP has more overhead than UDP. 2. _________ _________ _________ _________ Answers 1. sometimes applications use UDP and then use their own application layer mechanisms for reliability. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are both protocols that operate at the transport layer (Layer 4).

and HTTP uses TCP port 80.2 Applications That Rely on TCP versus UDP TCP and UDP can both multiplex using port numbers to work with multiple applications. 1—ICMP 6—TCP 17—UDP 88—EIGRP 89—OSPF What are some examples of applications that rely on TCP and UDP? Table 1. I would encourage you to make flash cards to learn the well-known ports shown below. RIP uses UDP port 520. For example. For example. The overhead that TCP uses is a result of reliable delivery. This might even come in the clever form of you building a firewall statement in the exam. DHCP uses UDP ports 67 and 68.2 provides plenty of examples for you. TABLE 1. . with TCP we have: Error recovery Flow control using windowing Connection establishment and termination Ordered data transfer Data segmentation ExamAlert You never know when Cisco might need you to prove that you know a TCP or UDP port number.

None of these answers are correct 2. You should also note that ICMP is not a Transport layer protocol but a Network layer protocol. Interestingly. What Transport layer protocol does EIGRP rely upon in its operation? A. What protocol and port does RIP use? (Choose two.CramQuiz 1. D is correct. ICMP D. UDP C. The protocol encapsulates inside of IP and provides its own reliable mechanisms for delivery from router to router. EIGRP does not rely upon TCP or UDP in its operation. UDP C. 520 CramQuiz Answers 1. ICMP does not rely . TCP B. TCP B.) A. 514 D.

B and D are correct. Often. 2. _________ 3. Name a network device that connects users to the network using multiple frequency bands. _________ Answers 1. The specific shining example of a network firewall appliance from Cisco Systems is the Adaptive Security Appliance or ASA. Although there are many specialized devices. These are often termed dual band . This device connects to “inside” protected networks and protects them from “outside” networks. it might be built into your operating system. _________ 2. It might be software running as an application on your operating system. There is even a virtual version (ASAv) today that you can connect to a virtualized (VMware) network. the exam blueprint calls upon three that we must review: Firewalls: The firewall is implemented in a number of ways. Topic: Describe the impact of infrastructure components in an enterprise network CramSaver 1. upon TCP or UDP to function but rather has its own protocol number. Some cities around the world (including my own) provide complimentary Internet access using WiFi. Name a network device that protects certain networks from other networks in your infrastructure. This means new devices appear and play critical roles in the network infrastructure and functionality. the main outside network is the Internet. is the network firewall. the job is always the same. Firewalls 3. Access points: It seems like you cannot go anywhere today without being in a wireless cell for Internet access. protect one portion of your network or computer system from another portion. Access point Networks today are growing in complexity. Name a network device that is used to manage lightweight access points (APs). No matter its form. One of the key devices that make this a reality is the access point. or it might be a network appliance. The classic example (and most likely for your exam). RIP relies on the connectionless UDP protocol and port number 520. Wireless Controllers—also known as Wireless LAN Controllers (WLC) 2.

and then waits for a random time interval before trying to resend the frame.3 The Cisco 8540 Wireless Controller ExamAlert Wireless LAN controllers from Cisco are capable of many advanced features including: Configuration of wireless policy. They used carrier sense multiple access with collision detection (CSMA/CD).3 shows the Cisco 8540 wireless controller. This might be no security at all in the case of an open Guest network. This is a media access control method that uses a carrier sensing scheme in which a transmitting data station listens for other signals while transmitting a frame. the device stops transmitting that frame. With CSMA/CA. carrier sensing is used. Cisco is in the business of wireless controllers as well. transmits a jam signal. As you might guess. connect users to the network as quickly and efficiently as possible with some level of security. If it detects that two devices are sending at the same time. Cisco manufactures “lightweight” access points that rely on a wireless LAN controller for their instructions and management. or it might mean the highest levels of security available for a protected corporate network.” Contrast this to what happened in older hub- based local-area networks (LANs) with Ethernet cables.” They use carrier sense multiple access with collision avoidance (CSMA/CA).11 wireless standards. A wireless controller is ideal in this situation to manage the many APs (access points) that exist. FIGURE 1. For corporate environments. because they support multiple frequency bands for various iterations of the 802. Figure 1. or security settings at any time through centralized provisioning and management . Wireless controllers: In larger more complex environments than the home. there might be many access points to fulfill the needs of the organization. but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be “idle. ExamAlert Wireless networks often use an older method of allowing multiple devices to access the infrastructure “at the same time. The role of the device is simple. These devices often act as the brains of the operation and control aspects like security and frequency usage and antennae strength. management.

What security device tends to be implemented in many different forms. CSMA/CQ 2. CSMA/CD C. Topic: Describe the effects of cloud resources on enterprise network architecture CramSaver . B is correct. Ethernet LANs. Router CramQuiz Answers 1. Faster response to business needs by centrally managing wireless networks Standardized access point configuration for software versioning Wireless intrusion prevention system (wIPS) capabilities Network-wide quality of service (QoS) for voice and video across wired and wireless networks Network-wide centralized security policies across wired and wireless networks Mobility. when operating in half-duplex. and management for IPv6 and dual-stack clients A clever method of testing you on these devices is to describe what the device does and then have you select that device from a multiple choice question. They come in many different varieties. Half-duplex Ethernet LANs use carrier sense multiple access collision detection in order to guard against collisions. 2. WLC B. so expect those devices to be in the list of options. CramQuiz 1. CSMA/CC D. including hardware and software? A. B is correct. Some firewalls are hardware-based. you study routers and switches in preparation for the CCNA exam as well. Access point D. Firewall C. Firewalls protect some part of your system or network from another part of the system or network. whereas others are software-based. security. Keep in mind. CSMA/CA B. rely on what technology in order to deal with collisions? A.

Intercloud Exchange Cloud services are the rage today! From companies relying on DropBox for Business and Gmail. Name at least three characteristics of cloud computing IT services. What is a cloud computing organization called that connects to multiple cloud providers and multiple customers and creates a private network as a service? Answers 1. a public cloud service is one that is external to the organization. They can dynamically scale. 1. Public cloud providers (such as Google with Gmail). What does it mean for IT services to really be considered cloud technology? Here is an important list of criteria: These services can be requested on-demand from clients. offer cloud services to many private enterprises all over the globe. it seems that everyone wants to adopt some aspect of their IT as a cloud service. They can be requested on demand. clients can be billed for usage per agreements with the cloud provider. to enterprises building their own cloud services. These services rely on resource pooling in the data center. The use of these services can be easily measured. This has the obvious name of private cloud. What cloud service is often used for enterprises to develop software applications? _________ 3. The services offer dynamic scaling (this is often referred to as elasticity). The services provide a wide variety of network access options. In contrast. 2. They can be measured and billed back to the user. _________ _________ _________ 2. an increasing number of enterprises are using a hybrid cloud approach. This has . Today. They offer a variety of network access options. PaaS 3. They use a pool of resources. Some larger enterprises today develop their own cloud services in their own privately controlled data centers.

This presents itself today with the as a service terminology. and resiliency planning. IaaS providers can also host clients’ applications and handle such tasks as system maintenance. the cloud provider makes available to the client the hardware. there are many ways clients can connect. Virtual private network (VPN) technologies can address most security concerns. Just as there are many virtual service offerings. Platform as a service (PaaP): With PaaS. Gmail is a prime example of SaaS. so has virtual networking changed traditional networking. but. convenience. backup. Intercloud exchanges have appeared to make these private WAN connections more affordable and flexible. This certainly provides for ease of use. of course. Cloud technologies have given rise to the virtual service model. an aspect of cloud technologies is to ensure many different network access options. Remember. it tends to come with higher costs. it does come with disadvantages such as security concerns as well as quality-of-service issues. This permits much greater security and control. Unfortunately. Amazon Web Services (AWS) is one of the initial pioneers in this cloud space. Here are some important examples of as a service virtual services you should commit to memory: Infrastructure as a service (IaaS): with IaaS.” and that is exactly what XaaS (or EaaS) refers to. through which Google provides rich email services to worldwide clients. software. including: Firewalls . the cloud provider makes powerful software available to clients. and lowered costs. storage and other infrastructure components. For public cloud services. Software as a service (SaaS): With SaaS. Virtual network services are becoming more and more common to make cloud-based datacenters a reality. More and more functions of the network are moving to virtual implementations. it is typical for the PaaS provider to also make software development tools available as part of the platform. Some organization might so heavily rely on cloud services that they purchase private WAN connections to these services. servers. the cloud provider makes virtual machines (VMs) available to the clients so that they may develop software applications in a test environment. X as a service (XaaS): These days it seems like anything or everything is being offered “as a service. Just as the virtual machine (VM) revolutionized the computer industry. These companies connect to multiple public cloud providers and make it simple for clients to switch between them while accessing the intercloud exchange through the original private WAN connection. any aspect of IT that is delivered through the cloud model can fall in the XaaS category.the organization relying on private clouds for some resources and public clouds for other IT services. most immediately think of the Internet as the connection path. and this represents another pathing option.

PaaS CramQuiz Answers 1. this also leads to more programmability. TaaS B. IaaS D.” CramQuiz 1. as is discussed in Chapter 24. On-demand B. Gmail is an example of what type of as a service model? A. Topic: Compare and contrast collapsed core and three-tier architectures CramSaver 1. C is correct. Which is not a common characteristic of cloud services? A. B is correct. Gmail is a prime example of software as a service. Resource pooling 2. Of course. 2. What are the three tiers of the classic hierarchical Cisco network design? _________ _________ _________ 2. Auto-administration is not one of the five common characteristics of cloud services. Auto-administration D. Dynamic scaling C. “Infrastructure Management: Network Programmability. SaaS C. Routers Switches DNS services Virtualization of the network services leads to more flexibility and more cloud-like scaling possibilities for the data center. What layer of the classic hierarchical Cisco network design is typically eliminated in a collapsed design? _________ .

Distribution layer: The layer provides policy-based connectivity and controls the boundary between the access and core layers. Here are some examples: The Access layer: Layer 2 switching Port security QoS classification and marking and trust boundaries Address Resolution Protocol (ARP) inspection Virtual access control lists (VACLs) Spanning tree Power over Ethernet (PoE) and auxiliary VLANs for VoIP The Distribution layer: Aggregation of LAN or WAN links Policy-based security in the form of access control lists (ACLs) and filtering Routing services between LANs and VLANs and between routing domains Redundancy and load balancing A boundary for route aggregation and summarization configured on interfaces toward the core layer Broadcast domain control The Core layer: . ExamAlert You should be aware of particular functions that most often occur at different layers. Answers 1. this is sometimes called the backbone layer. Core Distribution Access 2. Cisco has suggested that we break up our network into easy to understand and manage layers or tiers. The classic three-layer model consists of the following: Access layer: This layer provides workgroup/user access to the network. Core layer: This layer provides fast transport between distribution switches within the enterprise campus. Distribution For years. this layer is sometimes called the workstation layer. as a result.

What topology is common today in the access layer that features a . In fact. Core CramQuiz Answers 1. So you dramatically simplify things with a Core and Access layer only. it is why we often move functions like QoS and security out of the core layer. it has no problem providing incredibly fast speeds at the same time it accomplishes the overhead of the Distribution layer functions. Distribution B. you might be thinking to yourself. simple network right now. Really??? You expect me to buy all of this equipment to make all of that happen in layers? This is where the collapsed core design might come in. Distribution B. and Power over Ethernet. QoS classification. Topic: Compare and contrast network topologies CramSaver 1. ExamAlert The collapsed core design takes the functions of the distribution layer and moves them (or collapses them) into the core layer. Core 2. to name just a few. Internet C. D is correct. Access D. At what layer of the Cisco network model might you expect to find port security? A. Internet C. speed is so important at this layer. The core layer is where speed is of critical importance. C is correct. Providing high-speed switching Providing reliability and fault tolerance If you are in charge of a small. Access D. especially when the Core/Distribution equipment is so sophisticated. The access layer is where we find such mechanisms as port security. At what layer of the Cisco network model is speed most important? A. CramQuiz 1. 2. Keep in mind this also might be done in larger networks as well.

the devices that connect look like shining beams of light from this star. but let us stick with our elaboration for clarity. What topology might be skipped due to cost concerns? _________ Answers 1. . switch for network connectivity? _________ 2. Figure 1. thus the name. The star topology 2. The full mesh topology The exam blueprint calls out three topologies that we should be mindful of: Star Mesh Hybrid Let us actually elaborate on this list a bit more fully: Star Full Mesh Partial mesh Hybrid I presume the exam blueprint authors were thinking of the hybrid topology as a partial mesh. The star refers to a network design in which one central device connects to several others. If you locate the central device in the center of your drawing.4 shows an example of a star topology.

In Wide Area Networking (WAN) we term this a hub-and-spoke design.4 An Example of a Star Topology ExamAlert Note that this star topology shows an Ethernet switch from Cisco Systems connected to workstations. FIGURE 1. Perhaps we have a certain area where a key device connects to all other devices. If you were to have a star connected to a full mesh. Most networks today are quite complex and as such use a wide variety of topologies to make themselves up. The formula is n(n–1)/2 where n equals the number of nodes. In reality. switched LANs are more of what we call an extended star topology. but it certainly looks just like the star topology. If your topology connects every single node to every other single node. Consider that the star is actually a form of a partial mesh topology. but the remainder of these devices are not connected to every other device. That is 45 connections to fully mesh the 10 nodes! This is why full mesh environments typically have a high cost and/or an administrative overhead. The partial mesh seeks to eliminate some of the connections in a full mesh. technically you . There is a formula for calculating the number of connections you need in this type of topology. it is a full mesh topology. but this exam fails to enter that level of detail. So if you have 10 nodes. it is 10(10–1)/2.

2. Bus D. Partial mesh CramQuiz Answers 1. Star B. Hybrid C. B is correct. Hybrid 2. CramQuiz 1. Name a category of Ethernet cabling that supports speeds of 10 GB. What topology consists of an n(n–1)/2 number of connections? A. 1000BASE-T operates at a speed of 1000 Mbps or 1 Gbps. Table 1. Full mesh C. In a WAN environment. Notice the formula indicates an increasing number of connections as you add nodes. Ethernet continues to evolve and get faster. Topic: Select the appropriate cabling type based on implementation requirements CramSaver 1. Ethernet is king today when it comes to cabling. Partial mesh D. D is correct. the hub-and-spoke design is most often termed what type of topology? A. The hub-and-spoke topology is an excellent example of a partial mesh. What is the speed of 1000BASE-T? _________ Answers 1. _________ 2. The full mesh might be skipped due to overhead and costs of the many connections that might be present. Cat 6 supports 10 GB Ethernet.3 shows you some forms you should be aware of: .could say your network topology is a hybrid topology. 2. Full mesh B.

Cat 5e is capable of 1 gigabit per second Ethernet. there is one critical command you use in order to check the type and the health of such a cable. Each of the unshielded twisted pair cable categories is technically advanced compared to its predecessor. CAT3. for example). Here are just some of the questions you must answer: Is the router being connected to a data terminal equipment (DTE) or data communications equipment (DCE) device? Is a male or female connector required on the cable? What signaling standard does the device require? Although it is not necessary for us to review the dozens of serial cables you might encounter in the data center. Unfortunately. There are many categories of this UTP abbreviated as follows: CAT1. This technology allows the switch to work correctly with whatever cable is connected between the switch and any other device. please pay attention to the next ExamAlert. CAT6. things are more complex when selecting the correct serial cable. Although these pin outs still exist. of course. ExamAlert Although there are many types of serial cables that you can implement in your network. and CAT 7. CAT5e. TABLE 1. CAT2. Know this . for example). we care much less. we still find them at use in data centers to make certain types of WAN connections. The most popular forms of Ethernet use unshielded twisted pair (UTP) in their operations. There was a crossover pin out for connecting like devices (a switch to switch. There was a straight-through pin out for connecting unlike devices (a router and a switch. CAT6a. CAT4. What about serial connections? Of course.3 Examples of Ethernet Technologies ExamAlert For the longest time we had to worry about the way in which the copper cables inside a physical Ethernet cable were arranged. The command is show controllers. because a modern Cisco switch supports auto-mdix. For example. CAT5. whereas Cat 6 is capable of 10 gigabit per second Ethernet.

command and its sample output. idb = 0x29A82C. clockrate 64000 CramQuiz 1. What signaling standard does the device require? CramQuiz Answers 1. V. 2. Auto-mdix permits the switch to adapt to the type of cable connected to the device. A technician examines the symptom reports from their junior tech in the field and decides to start troubleshooting at the network layer. B is correct. Here is an example of its output: Click here to view code image HD unit 0. STP B. What is not an example of a question you might need to ask when provisioning your device with the correct serial cable? A. C is correct. driver structure at 0x2A1DF0 buf- fer size 1524 HD unit 0. Is a male or female connector required on the cable? D. Is the port part of the chassis or modular? C.35 DCE cable. Auto-mdix D. Whether the port you are connecting is part of a module or part of the chassis is not as critical a concern as the other questions listed here. Topic: Apply troubleshooting methodologies to resolve problems CramSaver 1. What technology eliminates the major concerns about crossover versus straight- through cables? A. This is an example of what troubleshooting approach? _________ 2. Is the router being connected to a data terminal equipment (DTE) or data communications equipment (DCE) device? B. FabricPath 2. RSTP C. What troubleshooting methodology allows others to learn from your troubleshooting experience? _________ Answers .

If a device is without power. you might even choose a divide-and-conquer approach. I guide you through these topics in many of the pages that follow. there should be a written escalation process in your organization. 1. Documentation allows others to easily benefit from your troubleshooting experience. This means starting at the physical layer and moving upward. CramQuiz 1. Should you gather excellent and trustworthy problem evidence. Escalate: Should you not be able to fix the issue. it can not only help you in the current process. Further documentation B. I present the exam blueprint depiction of a very simple and brief troubleshooting methodology: Problem isolation: Determining at what layer of the OSI model and on what devices and links the problem may exist. Resolve: This is. this might involve even communicating to a third party that your company partners with in order to fix the issue. You will perform plenty of troubleshooting of specific technologies in this exam. this text provides very important guidance on exact verification and monitoring procedures for various specific technologies. you document what has happened. Escalation . you find the root cause of the problem after your problem isolation process. ExamAlert The OSI model is a critical tool when carrying out your troubleshooting. of course. A top-down approach starts at the application layer and works its way downward. fixing the problem is what is meant by resolving the problem. As such. Here. This permits you to begin at a very specific layer and then move upward or downward as required. Monitoring D. What happens should you not be able to resolve a problem that one of your users is having regarding their e-mail? A. you find it very quickly with a bottom-up troubleshooting approach. This is an example of the divide-and-conquer approach. Verify and monitor: Many times it might take time to carefully verify and monitor your solution to ensure the issue(s) are truly resolved. and then you fix the root cause of the problem. Documentation: It is critical to document the processes you use and the information you find. Verification C. but can become critical for those that troubleshoot after you. 2. your ultimate goal.

Frames. Session 2. What are two steps of a troubleshooting methodology where Cisco show commands might prove most valuable? (Choose two. Escalation B. What layer of the OSI model exists just above the Network layer? A. Presentation 4. Transport B. 2. Monitoring C.) A. establishing. Application C. What are the terms for the four PDUs that exist at the bottom of the OSI model? Name these in order from bottom to top. Problem isolation CramQuiz Answers 1. maintaining. Transport B. 2. Segments. monitoring. Session B. and documenting most often involve show commands. B and D are correct. Data Link C. Resolve D. Packets. and terminating these connections as necessary? A. We typically resolve the problem that an end user is having. Session D. D is correct. Review Questions 1. What layer of the OSI model controls the logical connections between two systems (local and remote). Presentation C. Transport 3. Bits . Presentation D. Problem isolation. Your enterprise should document the escalation procedure. A. A. Application D. What layers of the OSI model coordinate to the Application layer of the TCP/IP model? Choose all that apply. verification. or we must escalate the problem to another group or even a third party.

(Choose two. ICMP B. Bits 5. Frames. B. Segments D. Packets. 23 8. Frames. UDP D. What topology do you find in a modern switched LAN? A. Straight-through B. TCP C. Mesh C. What command allows you to see the type of serial cable connected to your device? A. Name two Transport layer protocols. Star B. show flash 9. Null D. Bits. UDP D. What type of cable is used in order to connect a switch to another switch? A. RIP 7. show interface D. show version B. TCP C. Full mesh 10. Packets. show controllers C. Packets. Bits. ICMP B. Dual band . 22 D. FTP 6. Crossover C. UDP C. Frames. Segments. Hybrid D. What is the port number and protocol used by SSH? (Choose two. Segments C. TCP B. What protocol uses windowing in order to implement flow control? A.) A.) A.

8. such as two switches. The Application layer of the TCP/IP model coordinates to the Application. it establishes. Additional Resources Bring the OSI Model to Life—http://www. 9. 5. 11. 6. manages. 11. B is correct. What pathing option for public cloud provides the most security and control for an organization? A. 4. 3. B is correct. A and C are correct.com/ osi-anyone-guess- layer Common Cloud Characteristics —http://www. B is correct. 7. The private WAN option provides the most control and security. A is correct. The modern switched LAN is an excellent example of a star topology. and Segments. 2. B. From the bottom to the top.com/osi-life OSI Reference Model—http://www. Cisco DirectConnect Cloud Answers to Review Questions 1. The crossover cable is used to connect like devices. The Transport layer exists just above the Network layer in the OSI model. Presentation. Transmission Control Protocol uses several mechanisms in order to attempt to guarantee delivery of packets. the PDUs are Bits. Internet access C. A is correct. C is correct.ajsnetworking. and Session layers for the OSI model. D is correct. and terminates the connections between the local and remote systems. Windowing is one of these. Private WAN B. SSH uses TCP and port 22 in its operations. Internet access with VPN D.ajsnetworking. The Transport layer features both TCP and UDP. The show controllers command allows you to see what type of serial cable attaches to your interface.com/common-cloud-characteristics . Packets.ajsnetworking. B is correct. The Session layer controls the connections between two systems. and D are correct. C. Frame. but it often comes with a much higher cost. B and C are correct. 10.

this chapter is just a portion of the Network Fundamentals area. Network Fundamentals: IPv4 This chapter covers the following official CCNA 200-125 exam topics: Configure. These chapters deal with networking models and IPv6. The topics covered in Chapters One and Three also complete the Network Fundamentals grouping. and troubleshoot IPv4 addressing and subnetting CramSaver If you can correctly answer these CramSaver questions. What is 187 converted to binary? _________ 2. What is 10010011 in decimal? _________ . Remember. and troubleshoot IPv4 addressing and subnetting Compare and contrast IPv4 address types Describe the need for private IPv4 addressing This chapter ensures you are ready for the above topics from the Network Fundamentals section of the overall exam blueprint from Cisco Systems. respectively.Chapter 2. verify. If you are in doubt at all—read EVERYTHING in this chapter! 1. verify. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of the chapter. Essential Terms and Components IPv4 Addressing IPv4 Address Classes Subnet Masks IPv4 Subnetting IPv4 Address Configuration Broadcasts Unicasts Multicasts Private IPv4 Addressing NAT (Network Address Translation) Topic: Configure.

1. Note we cannot subtract 64 from this number (without having a negative number). 3.15.224 /27? _________ Answers 1. What class of address is 239.2.3? _________ 4.15. Class D 4. so we move to the next number after setting the 64 value to off (0).255. to convert 186 to binary. Figure 2. We then subtract 32 from 58. This places a 1 in the 32 column and leaves us with 26. For example.0 255. 126 6. 10111011 2.1 A Conversion Chart for IPv4 Addressing and Subnetting Questions One task that is simple using this chart is converting a number from decimal to binary or vice versa.0? _________ 8. 10. 10.0. 248 5. so the first bit is on (1). What is the broadcast address for the subnet 10. an IPv4 address is a 32-bit number that we like to represent in dotted decimal notation.254. 64 7. How many subnets can you create if you borrow 6 bits? _________ 7.15.1 is the simple chart I build on scratch paper before starting the exam: FIGURE 2.15. Consider using a conversion chart for the 8 bits that exist in an octet to help you with the various subnetting exercises you might encounter in the exam. 147 3.255 8.128? _________ 6.0 255.254 Remember. We can . we first note that you can successfully subtract 128 from this number.255. The remainder is 58 after this subtraction. You are using 5 mask bits in an octet. What is the decimal value in this octet of the subnet mask? _________ 5.0.0.15.3.255. How many hosts can this network support: 10. What is the usable host range for 10.0.0.2.225–10.

Continuing with this method. Table 2. Note that addresses beginning with 127 are reserved for local loopback purposes.subtract 16 from 26 so there is a 1 in that column.1 The TCP/IP Version 4 Address Classes ExamAlert It is an important skill to be able to recognize the class of address using the decimal value in the first octet. Table 2.1 shows these classes. So for example. Remember. we easily calculate that 186 in binary is: 10111010 Converting from binary to decimal is even easier. .2 Default IPv4 Subnet Masks Note that subnet masks must use continuous on bits (1). TABLE 2. it is the job of the subnet mask to define what portion of the 32-bit address represents the network portion versus the host portion.3. Another critical memorization point here is the default subnet masks for these address classes. Multicast can be used to send a message to multiple devices across multiple networks and subnetworks. This results in the only possible values in a subnet mask octet. the designers created address classes to attempt to accommodate networks of various sizes. Also memorize that class D addresses are for multicasting. Just examine what bit positions are on (1) and add those decimal values together. TABLE 2.2 defines the default masks. 11101111 equals: 239 Early on in the development of TCP/IP. as shown in Table 2. Notice they did this by setting the initial bit values.

In the preceding example. Sure.0. We subtract two in this formula because we cannot assign a host an IP address with all zeros in the host bits or all ones in the host bits. we like to divide networks into small sections (subnetworks) of about 100 computers or less. TABLE 2.3 The Possible Values in an IPv4 Subnet Mask Octet ExamAlert Some students will write out this table on scratch paper.0. 224 – 2).0.0 255. this network can have many host systems (specifically. as well as other tables in this chapter before they begin their exam.0 This allows you to only create one giant network. Now the .0. and the broadcast address (all ones) for that subnet. I do not do so. Today.0. and then subtracting 2 from this amount. Thus. With broadcast traffic and other potential issues. the formula is 2h – 2.0. as I find I can pretty quickly calculate these facts on an as needed basis during the exam. Remember. ExamAlert Notice that the formula for calculating the number of hosts a subnet can support is to take the number of bits remaining for host addressing (h) and making this the exponent for the number 2. These are reserved for the identification of the network itself (all zeros). we might decide to borrow 4 bits for subnetting. Think of using the following IP address and subnet mask combination in your network: 10. but they all must exist in the same network. this would be terrible for efficient communications.0/8 or 10. subnetting is the process of “stealing” or “borrowing” bits from the host portion of the IPv4 address in order to create additional subnets.

46.46.48.0.0.574 hosts per subnet.0/20 10.0. we have: 10.0. So in our example here.0. Note that our calculation (220 – 2) requires a calculator.0/12 10. Another important skill we need is establishing the exact subnets we create given a bit borrowing scenario. ExamAlert But how many subnets can we create? The answer is the formula 2s where s is the number of subnet bits we are borrowing. 48.80.0 255.240.32. 80.1.0.0/12 How many bits are left for host identification? The subnet mask now contains 12 bits.0/12 10.0. 64. We have: 10.0/12 10. So in this case. What if we begin with 10.64. you would not see this question in your exam. The block size is the least significant bit (rightmost) decimal value that the mask extends in to.0/12 Etc.0.0/12 To determine the subnets—we determine our block size.0 or 10.46.0 255. The answer is an astounding 1. we extend four bits into the second octet.0.0.16.0 or 10. Note that as we borrow more and more host bits.0.0/20 .0.1 for assistance! Using the preceding scenario.64.46.46. we can create more and more subnets. and so on.0/20 10.0/20 10.0. Plugging these values into our IP address. As a result. we have: 10.048. I quickly see the answer is 16 subnets.0. but each subnet supports fewer and fewer hosts.0/12 10.0/16 and we want to borrow 4 additional bits to create new subnets? No problem.240.48. The decimal value here from Figure 2.0/20 10.0.0/12 10.32. we have 24. Examining my scratch paper chart from Figure 2.0. 32.identifications look like this: 10.16. 16.1 is 16.0. The great news is: We once again rely on Figure 2.0. We start at 0 and then each new subnet increments by 16! So we have subnets numbered 0. leaving 20 bits available for host identification.46.0.

0/20—First Usable 10.168. Here are the usable host ranges for the first four subnets: Subnet 10.96/27 192.1.46. If we have 10.168.15.10.48. and Review Questions.10.10.254 ExamAlert Be ready to implement all of the above skills in the exam environment.10. you eventually crave questions like this in the exam because math questions don’t have the challenging gray areas some multiple- .1.0. but we do not care here because we only needed six. CramQuizzes. It is for the subnet broadcast.168.168. The last usable address is always the next subnet ID minus two.168. That is a reserved address—it is the subnet ID itself.32.10.1.0/16 and we want at least 15 new subnets.10.254 Subnet 10.80.254 Subnet 10.1.10. we create the scheme 10.0/20 Etc.10.32.10. So we have subnets of: 192.10.10.254 Subnet 10.168.64/27 192.1. Although initially these questions might seem like a lot of work.0. What about usable addresses for hosts on a subnet? Look at 192. Here is one more example for you. and this chapter provides plenty of examples through CramSavers.16.10.1.168.168.0.1.47.1/27.1.1.1.168. Obviously there are a variety of ways in which questions can be asked of you.16. Add 1 to this and you have the first usable host address on this subnet—so it would be 192.0/27 192. This is reserved as well.160/27 There are two more subnets of course.0/20—First Usable 10. Remember from our earlier discussion these two reserved addresses are why we have the –2 in the hosts calculation formula.168.48.1—Last Usable 10.0/27 above.32/27 192. 10. So the last usable address on the subnet is 192.30/27.0/20.31.0/20—First Usable 10.168.0.1.63. Note You can take unused subnets and further subnet them! This is known as variable length subnet masking.0/24 and we need to create 6 subnets? Borrowing 3 bits does the job with some to spare (23 = 8).1—Last Usable 10.0/20—First Usable 10.31/27.1—Last Usable 10.1—Last Usable 10.128/27 192. What if we begin with 192.10.10. The last address before we get to the next subnet is 192.

11001000 2. 120 D.0. 240 D. What is the default subnet mask for a class B network? A. 110 3. 112 B.255. 62 C.255. How many bits should you “borrow” in order to create the least waste in address space? A. 4 B.0 D. 10101100 D. CramQuiz 1.0.255. If you have a mask of 255. 252 5. What is 01101111 in decimal? A. 6 D. Your network needs to support 30 subnets. 111 C. If your mask uses three bits in an octet. 255.0 B.255. 6 6. 224 C. 255.255.0 C. 7 . 14 D.255 4.240—how many hosts can you support? A. choice questions have.255. 192 B. what is the decimal value? A. 5 C. What is 203 converted to binary? A. 255. 11101011 C.255. 11001011 B. 255.0. 32 B.

With this mask.1.1. B is correct. this is what type of traffic? _________ 2. You have the 30 you need. C is correct. B is correct. 255. 2.16. Topic: Compare and contrast IPv4 address types CramSaver 1.16. D is correct.7. Unicast 2.16. Using the chart in Figure 2.1 through 172.7. plus 2 additional subnets.7. A is correct.1 C. When you send information from one system to another system in the network without the intent of the data reaching any other system. What destination MAC address do you find in an ARP frame when it is sent from a workstation that needs Layer 3 to Layer 2 address resolution? _________ Answers 1. The usable host range here is 172. there are only 4 bits left for host addressing.128 D. 5. 172.16.255 B. C is correct.0 or 16 bits is the default mask for a Class B address.16. 172. B is correct. The bits we add here are 64 + 32 + 8 + 4 + 2 + 1 = 111.255.0. The broadcast address . Borrowing 5 bits permits the creation of 32 subnets. What is the last usable host on a subnet where host has been given the address of 172.16. 6. Using the chart in Figure 2.7. 172.255.6.6. 172. What type of traffic uses the address range with 224–239 in the first octet? _________ 3. We subtract 2 from this number to arrive at 14 hosts.1 255.254. 3. we learn that 2 raised to the 4th power is 16. 4.7.254 CramQuiz Answers 1.16.0? A. 7. you arrive at these decimal values 128 + 64 + 8 + 2 + 1 = 203.254. 7. Three bits would mean 128 + 64 + 32 = 224. Multicast 3.

15.2 and you want to send data to print to a printer located at 192.168. Remember. Remember. ExamAlert Multicast saves bandwidth because a single traffic stream serves multiple recipients across multiple networks. an example of a broadcast IPv4 address is 255.Modern networking systems use three main forms of addressing in order to communicate in the network: Unicast Broadcast Multicast Unicast transmission is most likely what you think of first. however.0.1. the broadcast address for Subnet 10. So for example. this is termed a broadcast. Your system is sending email to the local SMTP server. What if you want your device to “tune into” traffic in much the same way we tune into a television station in order to enjoy a broadcast of some show? The network equivalent of this is multicasting.10. the multicast address range is 224–239 in the first octet. most routers give you the opportunity to enable or disable directed broadcast capabilities. You and I calculated the broadcast address for subnets in this chapter.9 address as this is the address used to send traffic to all RIPv2 routers.255. This is a classic example of unicast IPv4 traffic. What type of IPv4 traffic is this most likely given that these two systems have communicated seconds ago? . Note Because a directed broadcast to a remote subnet can introduce many potential security issues. This is when a packet is destined for all of the members of a subnet. For example.0/20 is 10.10. Computers can “subscribe” to or “join” the multicast group by participating in this address scheme (in addition to their unicast address). Multicast is a way of sending one message (or set of packets) to multiple hosts across multiple networks and subnetworks. there is another type of broadcast.0.168.10.1.255. Contrast this to a traffic stream that must be replicated for every single unicast receiver that needs the traffic. the destination broadcast address is FF:FF:FF:FF:FF:FF. You do not intend for any other system to receive this traffic. it starts listening for traffic destined for its 224. When you have a system that must send a frame to all members of the network. Some routing protocols use multicast addressing.255. At Layer 2.255. When you enable RIP on your router. you are in a home network with an IP address of 192. CramQuiz 1.0. At Layer 3.

0.0.255 . What type of address is this? A.10 in its operation.16.0. Unicast B.168.0 to 172.10 is the all EIGRP routers multicast address.0.0.31. D is correct. Broadcast B. _________ 2.0.0.255 2.168. It means the frame is a broadcast CramQuiz Answers 1. It means the frame should be dropped D. because these systems have already communicated. 192. Unicast D. _________ Answers 1. the traffic can be sent unicast. Anycast 3. EIGRP uses 224. 172. Broadcast C. Topic: Describe the need for private IPv4 addressing CramSaver 1.255 3. List the Class B private address space. A.0 to 10. _________ 3. 224. List the Class A private address space.0. C is correct. C is correct. What does it mean when you see FF:FF:FF:FF:FF:FF as the destination address in an Ethernet frame? A. 2. It means the frame is a unicast C. 10.255.255. It means the frame is a multicast B.255. Although an ARP broadcast may initially be needed.255. 3.0 to 192. List the Class C private address space. Anycast 2. The destination address of FF:FF:FF:FF:FF:FF is a reserved MAC address to indicate a broadcast. Multicast C. Multicast D.

X range).1.16.168. 172.34. the RFC that defined these ranges is so famous you should know it. CramQuiz 1.4 shows you the private address space. Which of the following is not a private address? A.1 C. The above ranges are often termed RFC 1918 addresses.10. TABLE 2. we must use Network Address Translation (NAT) in order to enable proper communications with the public Internet. The use of private addresses and NAT is why you tend to see the same addresses ranges used in homes today (typically in the 192. This address space can be used as needed inside corporations. SMTP B. SNMP D.100. This address space would then be translated using Network Address Translation (NAT) to allow access to and through the public Internet.4 The IPv4 Private Address Ranges ExamAlert Clearly a skill you must possess is to memorize these ranges. ExamAlert Whenever we use private address space on our Internet facing device. What technology permits many private addresses to communicate on the public Internet? A.1 B. 12. Although it is normally not important to memorize Request for Comment numbers.1.The designers of IPv4 created private address space to help alleviate the depletion of IPv4 addresses. NAT 2. 10. This address space is not routable on the public Internet.10 .10. Table 2. POP3 C.

If you need to create six subnets.0. D is correct. B is correct.1? A.240. This is a Class A unicast address.255. RFC 1918 defined the private address space.10 3. 12. D. RFC 2001 D. 3 C. This is a loopback address. This is a multicast address. 64 B. 4 . 192. 32 D.X is part of the public IP address space. What is two raised to the seventh power? A. 3. RFC 1918 CramQuiz Answers 1. 255.240 4. 16 2.255.0 C. C. 2.0. B. 255. What is the meaning of this IP address—127. and want to waste as little IP address space as possible.240.X. how many bits should you “borrow”? A. Network Address Translation permits these private addresses to communicate. RFC 2191 C.0 B.X.0 D. What famous RFC defined the private use only IP address space? A.1.168.128. 128 C. This is an invalid IP address. D is correct. RFC 2020 B. What is the subnet mask if you began with the default Class A mask and then “borrowed” four bits for subnetting? A. 2 B. D.255.255. 255.0. Review Questions 1. 3. 255.

172. 255. C.255. B is correct. C is correct. D is correct. 127.0. The Layer 3 broadcast address is simply 255. B is correct.16. 127. Additional Resources . Examine the following diagram.0.255. 3.255.32. The RFC 1918 range is 172.0. 1.255 7.255. 2. 4. C is correct. The value is 128. What is the most likely reason HostA is unable to ping HostB? A.0. Borrowing four bits from the next octet creates a new mask of 255.1 is a loopback address. The HostB IP address is the subnet identifier for that subnet and is reserved.0 C.255. What is the range of Class B private addresses? A. 172.1. 5. HostA has an invalid IP address.1 D.1.255.255.255 for Class B.255 B.0.0 to 172.0.255.255 B.0.255 C.240.255.0.0. 6.0 to 172. B.0.16. D. The default Class A subnet mask is 255.0.255 Answers to Review Questions 1.255.1. D. C is correct.255. What is the Layer 3 broadcast address? A. 0.255. 7.0 to 172. Two raised to the seventh power is on our quick reference sheet shown in Figure 2.255.0 to 172.31.0.0.0.36.31. 172. C is correct. The subnet masks are incorrect for the link between R1 and R2. Borrowing three bits permits the creation of eight subnets. 6.16. 5 5.16.0 to 172. 172.255 D. HostB is attempting to use the subnet ID as an IP address.0. The R2 interface to R1 is attempting to use a subnet broadcast IP address.

com/reverse-ipv4 Online IP Subnet Calculator—http://www.subnet-calculator.Reverse Engineering an IPv4 Host Address —http://www.ajsnetworking.com .

These other chapters deal with networking models and IPv4.Chapter 3. If you are in doubt at all—read EVERYTHING in this chapter! 1. respectively. Remember. this is just a portion of the Network Fundamentals area. Essential Terms and Components IPv6 Addressing IPv6 Stateless Address Auto Configuration Global unicast Unique local Link local IPv6 Multicast Modified EUI 64 IPv6 Autoconfiguration IPv6 Anycast Topic: Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment CramSaver If you can correctly answer these CramSaver questions. How many bits are in an IPv6 IP address? _________ 2. Re-write this IPv6 address as short as possible: 2001:0000:0011:0001: . save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. verify. Network Fundamentals: IPv6 This chapter covers the following official CCNA 200-125 exam topics: Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment Configure. The topics covered Chapters One and Two also exist in the Network Fundamentals grouping. and troubleshoot IPv6 addressing Configure and verify IPv6 Stateless Address Auto Configuration Compare and contrast IPv6 address types This chapter ensures you are ready for the above topics from the Network Fundamentals section of the overall exam blueprint from Cisco Systems.

you can represent consecutive sections of 0000s with a double colon (::) As many times as you can in the address. Figure 3. 0000:0000:0001:1AB1 _________ 3. Because this is such an incredibly long address. there are two rules for shortening these IPv6 address: Once in the address. 2001:0:11:1::1:1AB1 3. For example: 2001:1111:A231:0001:2341:9AB3:1001:19C3 Remember. The 32-bit address space of IPv4 expands to 128 bits with IPv6. 64 bits IPv6 attacks the address exhaustion issues with IPv4 head on. A colon separates each set of four digits. 128 bits 2. you can eliminate leading 0’s.1 The IPv6 Header The IPv6 address format is eight sets of four hex digits. you can even take a section of all zeroes (0000) and represent it as simply 0 . hexadecimal is used to represent the address. What is the “standard” host portion for an IPv6 address? _________ Answers 1. The header IPv6 uses in packets is larger than IPv4’s. FIGURE 3.1 shows this new header.

What are the two rules you can use to shorten an IPv6 address? (Choose two). What is the size of the source address field in an IPv6 header? A. You can trim all trailing zeros in all sections. To simplify subnetting in IPv6. Note With the massive address space. that uses the first 64 bits to represent the network could be shown as: 2001:0:11:1::1:1AB1 /64 This section of your exam blueprint focuses on the global unicast address space for IPv6. they can create and use subnets. 16 bytes 2. 6 bytes B. For example. you immediately have more subnet and host capabilities than you should ever need. Your organization requests address space from a service provider. A. For example. this means a 64-bit network portion and a 64-bit host portion. These function like the public IPv4 addresses that we are accustomed to. Remember. B. please understand that these facts are frequently tested in the CCNA exam. IANA assigns blocks of address spaces to regional registries. 8 bytes C. an IPv6 address. . CramQuiz 1. The management of the IPv6 address space is done by the Internet Assigned Numbers Authority (IANA). a company may be assigned the address space similar to 2001:DB8:6783::/48 From that network address space. 12 bytes D. ExamAlert Although the section sounds like it might be a “real world only” bit of information. Other types of IPv6 addresses are elaborated upon later in this chapter. You can trim all leading zeros in all sections.Here is an example of the application of these rules to make an address more convenient to read and type: 2001:0000:0011:0001:0000:0000:0001:1AB1 2001:0:11:1::1:1AB1 You present the subnet mask in prefix notation only. companies often use a /64 mask. who then allocate address space to network service providers.

verify. Dual stack 2. 2. Which method uses the interface hardware address as part of the IPv6 Layer 3 host address? _________ 4. The network portion is typically 64 bits and the host portion is 64 bits as well. show ipv6 interface brief . and troubleshoot IPv6 addressing CramSaver 1. D is correct. D. B and D are correct. Topic: Configure. 128 bits CramQuiz Answers 1. C is correct. What command would you use to configure the IPv6 address of 2001:aaaa:bbbb::1 on an interface with a 64 bit mask? _________ 3. you can use :: in order to represent a successive section of all zeroes. 48 bits C. You can use :: once in an address. What is the equivalent command for IPv6 for the IPv4 command show ip interface brief? _________ Answers 1. 3. ipv6 address 2001:aaaa:bbbb::1/64 3. What is the term for running IPv4 and IPv6 on the same network interface? _________ 2. You can use :: twice in an address. The source and destination address fields are 16 bytes in length to accommodate the IPv6 addresses. You can trim all leading zeroes in all sections. Once in an address. C. 64 bits D. What is the typical network portion of an IPv6 global unicast address? A. 3. Modified EUI-64 4. 32 bits B.

10.0 R1(config-if)#ipv6 address 2001:aaaa:bbbb::1/64 R1(config-if)#no shutdown Note A global configuration command you will often use is ipv6 unicast-routing. Note how this interface is now dual stack.255. This is a quite common configuration since IPv4 may be around for the rest of our lifetimes and beyond.255. What about verification? No problem—Example 3. It runs IPv4 and IPv6 simultaneously. This permits your router to run IPv6-related routing protocols such as EIGRP for IPv6 or OSPF version 3. subnet is 2001:AAAA:BBBB::/64 Joined group address(es): FF02::1 FF02::1:FF00:1 FF02::1:FF65:0 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent . line protocol is up IPv6 is enabled.2 Two Sample IPv6 Address Verifications Click here to view code image R1#show ipv6 interface brief FastEthernet0/0 [up/up] FE80::C801:6FF:FE65:0 2001:AAAA:BBBB::1 R1#show ipv6 interface fa0/0 FastEthernet0/0 is up. This command is not shown in Example 3. Examine the configuration shown in Example 3.IPv6 address configuration is pleasantly simple.1. EXAMPLE 3.2 provides two different approaches: EXAMPLE 3.1 A Sample IPv6 Address Configuration Click here to view code image R1(config)#interface fastethernet0/0 R1(config-if)#ip address 10.1 because it is not required for the configuration of IPv6 addresses. Keep in mind of course that IPv4 is not required for the configuration of IPv6.1 255. link-local address is FE80::C801:6FF:FE65:0 No Virtual link-local address(es): Global unicast address(es): 2001:AAAA:BBBB::1.10.

IPv6 offers an excellent feature termed modified EUI-64. EXAMPLE 3. number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) R1# Many engineers will not want the extra work of manually assigning host addresses to their systems. number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) R1# CramQuiz 1. subnet is 2001:AAAA:BBBB::/64 -[EUI] Joined group address(es): FF02::1 FF02::1:FF65:0 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled. link-local address is FE80::C801:6FF:FE65:0 No Virtual link-local address(es): Global unicast address(es): 2001:AAAA:BBBB:0:C801:6FF:FE65:0.3 show the configuration and verification of an IPv6 address using this very groovy approach. What command do you need in order to enable IPv6 routing capabilities on a Cisco router? . ND DAD is enabled.3 Modified EUI-64 Host Portion Assignment and Verification Click here to view code image R1(config)#interface fastEthernet 0/0 R1(config-if)#ipv6 address 2001:AAAA:BBBB::/64 eui-64 R1(config-if)#no shutdown R1(config-if)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#show ipv6 interface brief FastEthernet0/0 [up/up] FE80::C801:6FF:FE65:0 2001:AAAA:BBBB:0:C801:6FF:FE65:0 R1#show ipv6 interface fa 0/0 FastEthernet0/0 is up. This process takes the MAC address from the device and uses it to automatically generate a host portion! Example 3. however. line protocol is up IPv6 is enabled.

ipv6 address 2001:aaaa:bbbb::/64 auto B. ipv6 unicast-enable 2. What command configures IPv6 on your interface and eliminates your requirement of manually configuring a host address? A. Topic: Configure and verify IPv6 Stateless Address Auto Configuration CramSaver 1. What two commands could you use to verify your IPv6 interface address? (Choose two. ipv6 routing C. show ipv6 interface D. Use the eui-64 keyword with the IPv6 address command in order to automatically have the device generate its host portion. Describe the difference between stateful and stateless address assignment. ipv6 unicast-routing B. A. 3. The command required to enable IPv6 routing capabilities on a Cisco router is ipv6 unicast-routing. What is the command on a Cisco router to assign an IPv6 address using SLAAC? _________ Answers . A is correct. C is correct. The show ipv6 interface brief and show ipv6 interface commands are the equivalents of show ip interface brief and show ip interface commands. show interface ipv6 details C. ipv6 address 2001:aaaa:bbbb::/64 C. A and C are correct. ipv6 routing enable D. 2. show ipv6 interface brief B. ipv6 address 2001:aaaa:bbbb::/64 eui-64 D. show interface ipv6 info CramQuiz Answers 1. _________ 2.) A. ipv6 address 2001:aaaa:bbbb::/64 slaac 3.

in IPv6 you can use SLAAC and stateless DHCP to provide a host with all of the information it might need. Stateless assignment refers to a lack of tracking information. However. With SLAAC. This is stateless address auto configuration (SLAAC). Stateless simply means that a device is not keeping track of the address information.4 Using SLAAC for Address Assignment on a Cisco Router Click here to view code image R1(config)#interface fa0/0 R1(config-if)#ipv6 address autoconfig ExamAlert Remember. you must use the ipv6 unicast-routing command. We review this information in the next topic. Obviously. or use the modified EUI method discussed earlier in this chapter. 1. EXAMPLE 3. ipv6 address autoconfig If you think the ability to have the IPv6 network device configure its own host address (modified EUI) is pretty awesome.4 shows how remarkably simple it is. For example. and the DNS server(s) address. what is even more exciting is having one network device assist another in the assignment of the entire address. ExamAlert How does the SLAAC host communicate with its neighbor if it does not yet possess the IPv6 address information it needs? Remember. and tracks this information in a database. Stateful address assignment refers to a device “tracking” the automatic assignment of addressing information. Fortunately. there is a fair amount of overhead involved in this process for the DHCP server. as discussed earlier in this chapter. in IPv4 and IPv6 you can use a DHCP server in a “stateful” manner. this is the job of the link-local address in IPv6. 2. the IPv6 device learns its prefix information automatically over the local link from another device (such as the router). we often combine SLAAC with the use of stateless DHCP in IPv6. the prefix length. A DHCP device provides the address information that devices need. the default gateway address. then can randomly assign its own host portion of the address. if the router needs to run IPv6 routing protocols (such as OSPF or EIGRP). What does the configuration look like on a Cisco router for having an interface acquire its IPv6 address using SLAAC? Example 3. Cisco routers that support IPv6 are ready for any of the IPv6 interface addressing methods with no special configuration. A typical example is DHCP for IPv4. This of course includes things like the IPv6 address. Remember. . because SLAAC cannot provide additional information such as DNS server addresses.

How might a device create its host portion of the address once acquiring its prefix via SLAAC? A. Using Modified EUI C.CramQuiz 1. Why might a stateless DHCP server be used in addition to SLAAC? A. SLAAC works perfectly with Modified EUI. In order to conserve address space B. Using NAT D. The Link Local address B. B is correct. SLAAC is able to function thanks to Link Local addressing used in IPv6. The Anycast address CramQuiz Answers 1. NAT D. D is correct. but cannot assign additional information such as DNS servers. Topic: Compare and contrast IPv6 address types CramSaver 1. SLAAC provides information such as prefix and prefix length. allowing the host to use Modified EUI in order to assign its own host portion. In order to provide DNS address information 2. Using a DNS server 3. What type of IPv6 address allows a variety of IPv6 services to function between two devices on the same network? _________ . Using stateless DHCP B. In order to track address assignments D. How can a SLAAC host communicate with its neighbor that is providing network prefix information? A. A is correct. 3. CDP C. 2. What type of IPv6 address is similar to an RFC 1918 address in IPv6? _________ 2. In order to assign the prefix information needed by the host C. SLAAC provides the prefix and length.

Modified EUI 64—This is the approach a device uses to assign itself its host portion of the IPv6 address. if your device wants to reach all devices. but they are covered again here in order to stay consistent with the exam blueprint. these addresses begin with FD. Global Unicast—This is the unique IPv6 address that may be used on the public Internet Unique Local—This is similar to the concept of private use only addresses (RFC 1918) in IPv4. The configuration is simple for this addressing feature involving the keyword anycast following the address. These addresses are not routable on the Internet. For example. these addresses only function on the local link. In IPv6. multicast traffic is beneficial in IPv6. Multicast—Just like in an IPv4 environment. Remember. when clients attempt to reach this address. 3. The Link Local address uses the prefix FE80::/10. An Anycast address ExamAlert For success in the exam regarding IPv6. IPv6 Autoconfiguration—This refers to an IPv6 address achieved through the stateless address auto configuration (SLAAC) process. it sends traffic to the IPv6 multicast address of FF02::1. IPv6 Anycast—This feature allows you to configure identical IPv6 addresses on your devices. multicasting means a packet is sent to a group of devices interested in receiving the information. IPv6 devices automatically generate them in order to perform many automated functions between devices. A Link Local address 3. What type of IPv6 address has you configure identical addresses on different devices? _________ Answers 1. Notice we have reviewed many of these already. fde4:8dba:82e1::1/64 is an example of a unique local address. A Unique Local address 2. . In IPv6. In IPv6. multicasting actually replaces completely the IPv4 approach of broadcasting. Link Local—As the name makes clear. IPv6 routers can send the traffic to the nearest anycast device. it is critical that you master the following IPv6 address types. Now.

FF02::2 is for all routers. ExamAlert A confusing command for many students is the interface command ipv6 enable. FD80::/10 B. but what it does do is configure a Link Local address and prepare the interface for processing IPv6 information. B is correct. FF02::2 C. When troubleshooting an IPv6 network. 3. they must be using Anycast addresses. This command is not required to enable IPv6 on an interface. you notice that two devices have identical IPv6 addresses. This is the all nodes IPv6 multicast address. The devices are using matching Link Local addresses for the purpose of SLAAC D. FF02::1 B. why might this occur? A. A is correct. What address does IPv6 use in order to multicast traffic to all devices? A. FF02::5 D. The other multicast addresses listed in this question are valid—but for other purposes. If the network is actually configured correctly. The devices are using broadcasts for routing protocol traffic B. FF02::6 3. For example. The FE80::/10 space is reserved for Link Local addressing. If the devices are properly configured and have matching configured addresses. 2. FF80::/10 D. B is correct. FC80::/10 2. The devices are using Unique Local addresses CramQuiz Answers 1. CramQuiz 1. What does a Link Local address begin with? A. The devices are using Anycast C. FE80::/10 C. ExamAlert Be sure to commit to memory the prefixes (including mask length) used for the different IPv6 address types shown below: Here is a list you can create flash .

ipv6 address 2001:aaaa:bbbb::/64 auto 4. 48 D. show ipv6 interface C. How many more bits are used in an IPv6 address compared to an IPv4 address? A. What is the significance of :: in the following IPv6 address—2001:0:11:1:: 1:1AB1/64? A. D. If you are using DHCP in IPv6 combined with the SLAAC feature. ipv6 address 2001:aaaa:bbbb::1/64 eui-64 C. show multicast ipv6 5. C. Stateful B. 96 B. 3. 64 2. It is used to represent a single section of 0000. Headless D. you are most likely using what version of DHCP? A. show ipv6 interface brief B. cards from: Unique Local: FD00::/8 Link-Local: FE80::/10 Multicast: FF00::/8 Review Questions 1. ipv6 address 2001:aaaa:bbbb::1/64 auto B. It is used to represent one or more continuous sections of 0000. What command allows you to see the multicast addresses that an interface has joined in IPv6? A. It is used to represent one or more continuous sections of 1111. B. Auto . 128 C. What command causes your router interface to configure its own host portion of the address? A. show ipv6 interface multicast D. ipv6 address 2001:aaaa:bbbb::/64 eui-64 D. It is used to represent a single section of 1111. Stateless C.

what address do you have on that interface? A. 5. 4.ajsnetworking.com/ stateless- dhcp-ipv6 . B is correct. A is correct. 6. Additional Resources IPv6 EUI-64 Calculation on an IOS Router —http://www. It shows the multicast and link local addressing joined. B is correct. 2. Autoconfiguration C. The :: may be used once in an address in order to represent one or more continuous sections of 0000. The ipv6 enable command ensures a Link Local address exists. 3. The modified EUI method is in the correct syntax in this example. The stateless DHCP feature often combines with SLAAC. If you use the ipv6 enable command on an interface. 6. while an IPv6 is 128 bits. D is correct.ajsnetworking. C is correct. Unique Local D.com/eui-64 Stateless DHCP with IPv6—http://www. Link Local Answers to Review Questions 1. B is correct. The show ipv6 interface command provides this level of detail. An IPv4 address is 32 bits. Global Unicast B.

This section then quickly moves into the details of their configuration and exciting technologies like EtherChannel and Switch Stacking. you begin with a high-level overview of the world of switches. In this section. and STP CHAPTER 6 LAN Switching Technologies: EtherChannel and Switch Stacking . Trunks. Part 2 includes the following chapters: CHAPTER 4 LAN Switching Technologies: Switching Concepts CHAPTER 5 LAN Switching Technologies: VLANs. There are three chapters total that make up Part 2. Part II: LAN Switching Technologies This part of the text deals with one of the seven overall sections you must master for the CCNA exam.

save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What is the process called when a MAC address that is no longer . These other chapters deal with VLANs and trunking configurations as well as technologies like EtherChannel and Switch Stacking. this chapter is just a portion of the LAN Switching Technologies area. errors. Remember. Essential Terms and Components Ethernet Switching MAC Learning MAC Aging Frame Switching Frame Flooding MAC Address Table Ethernet Frame Format Collisions Errors Speed and Duplex Mismatches Topic: Describe and verify switching concepts CramSaver If you can correctly answer these CramSaver questions.Chapter 4. speed) This chapter ensures you are ready for the above topics from the LAN Switching Technologies section of the overall exam blueprint from Cisco Systems. Chapters Five and Six also exist in this grouping. duplex. If you are in doubt at all—read EVERYTHING in this chapter! 1. LAN Switching Technologies: Switching Concepts This chapter covers the following official CCNA 200-125 exam topics: Describe and verify switching concepts Interpret Ethernet frame format Troubleshoot interface and cable issues (collisions. What specific field of an Ethernet frame does a switch “learn” from and then record in a database? _________ 2.

What happens when a frame enters the switch and the destination MAC address is not known by the switch? _________ 5. 5. When the destination MAC address is known by the switch. The switch transparently observes incoming frames. Frame flooding occurs when the destination MAC address is unknown. 4. this is the process where the frame is sent out all ports (for the same VLAN) except the port on which the frame entered. . Figure 4.1 and the list that follows provide the context for the discussion of several fundamental Ethernet switching concepts that you must review. the switch can intelligently forward the information out the correct port. The switch “learns” and records the source MAC address. communicating on the network is removed from the switch database? _________ 3. filtering the traffic from all other ports.1 A Simple Switch Layout MAC learning and MAC aging: What is one of the responsibilities of the switch? It is to learn MAC addresses. 2. FIGURE 4. What happens when a frame enters the switch and the destination MAC address is known by the switch? _________ 4. What command can you use to view the MAC address table on a Cisco switch? _________ Answers 1. The command show mac address-table allows you to view the MAC address table. 3. This process of removing stale MAC addresses is termed aging.

the switch looks up the destination MAC address in its switching table. the switch must also age MAC addresses and remove them from the table after they have not been seen for some duration. When these frames enter the switch. but then switches frames from port to port based on the destination MAC information. ExamAlert Remember. if D1 sends a unicast frame destined for D4. As a result. it will not take long before all four systems send some traffic. the switch examines the MAC address table. You can even disable MAC address aging on some switches.000 seconds. Frame switching: Along with building a MAC address table (learning MAC address to port mappings). Using Figure 4. which is located in the first six bytes of the frame following the preamble. In a hub based network. the switch learns based on source MAC information. Notice that a network machine could be turned off or moved at any point. Depending on the model of switch. determines the outgoing interface port. Switches typically use one of three overall approaches to forwarding frames: Store-and-forward: This means that the LAN switch copies each complete frame into the switch memory buffers and computes a cyclic redundancy check (CRC) for errors before forwarding the frame. and forwards the frame out only the port connecting to D4. It also records the specific port for the source MAC address.1 as an example. and forwards the frame on to its destination through the designated switch port. . it can make intelligent frame forwarding (switching) decisions. Think about this as the opposite of how a Layer 1 hub works. The default is 300 seconds. Keep in mind that many protocols broadcast information periodically. the switch also forwards (switches) frames intelligently from port to port. Cut-through: As soon as the LAN switch copies into its memory just the destination MAC address. If its MAC address table is fully populated for all ports. then it “filters” the frame from being forwarded out ports unnecessarily. It records the source MAC address of these frames in its MAC address table. the range of time you can set is from 0 to 1.000. It forwards the frame to the correct port based on the destination MAC address. The switch is too smart for that. ExamAlert You can manipulate the aging of MAC addresses on your Cisco switch. Based on this information. it records the source MAC address and port information in its MAC address table. The device hub takes in a frame and always forwards this frame out all other ports.1. every port is part of the same collision domain. In Figure 4. finds the destination MAC address in this table.

You can also program the switch with static MAC address entries. ----- 1 e213. 300 seconds .5864. Note that many errors can be detected in the first 64 bytes of the frame.7d71 DYNAMIC Gi1/0 ExamAlert Note that the switch dynamically learns MAC address entries by default.3ee3.ab8f DYNAMIC Gi0/0 1 fa16. Amber can indicate a port is blocked by spanning- tree protocol (STP). Fragment-free: Works like cut-through switching with the exception that a switch in fragment-free mode stores the first 64 bytes of the frame before forwarding. What is the default aging time for MAC address entries on a typical Cisco switch? A.1 Examining a Real MAC Address Table Click here to view code image Switch#show mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---. It contains the MAC address to port mappings so the switch can work its network magic. Port LEDs on a switch indicate the health status of ports. Blinking green indicates the port is sending and receiving data. Example 4. -------. EXAMPLE 4. Alternating green-amber indicates errors on the link. This also happens when the destination MAC address in the frame is the broadcast address. 60 seconds B. ----------.1 shows how easy it is to examine the MAC address table of a Cisco switch. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching. Frame flooding: What happens when a frame has a destination address that is not in the MAC address table? The frame is flooded out all ports (other than the port on which the frame was received). 120 seconds C. CramQuiz 1. MAC address table: Obviously the MAC address table is a critical component in the modern switch. It really is the brains of the operation.

4. This is done by setting the aging time to 0.3ee3. This triggers switch flooding behavior. C. Traffic with a destination MAC address of fa16.ffff.7d71 entering the switch is flooded. Traffic with a destination MAC address of fa16. Which statement about a transparent Ethernet switch is true? A. Topic: Interpret Ethernet frame format CramSaver 1. The frame is forwarded out the gi0/0 port only.7d71 entering the switch resets the aging timer. B is correct. which statement is true? A. C. 1200 seconds 2. The default aging time on most Cisco switches is 300 seconds. B. CramQuiz Answers 1.7d72 entering the switch is forwarded out port gi0/1. B. What happens to a frame with a destination MAC address of ffff. Traffic with a source MAC address of fa16. 2. The switch must use dynamic learning only. 3. C.3ee3. The frame is buffered. The switch drops broadcast frames by default. 4. The switch aging process can be disabled. The frame is flooded out all ports except for the port the frame entered the switch on. If a MAC address of fa16. D. The switch aging process can be disabled. B. Traffic with a source MAC address of fa16. The switch records the destination MAC address from received frames. C is correct. D. D is correct.3ee3.7d71 entering the switch is forwarded out port gi0/1.7d71 exists in the MAC address table of a switch and is associated with the port gi0/1.ffff? A. 3. D. What is the first field of a common Ethernet frame format today? _________ . The frame is dropped. The aging timer is reset when traffic enters the switch with a known source MAC address. Notice the MAC address shown is the broadcast MAC address. D is correct.3ee3.3ee3. D.

The SFD is the Start Frame Delimiter. The Data and Pad section ranges from 46 to 1500 bytes. The Frame Check Sequence (FCS). For example. It is four bytes in length. 3. Of course the data portion represents the actual data being sent from a higher layer of the OSI model. It also has a simple job. It marks the end of the Preamble and indicates the beginning of the Ethernet frame. It also has a simple job. This is one byte in length. What is the job of the SFD in an Ethernet frame? _________ Answers 1. The Source MAC address field is also six bytes in length. 2. It marks the end of the Preamble and indicates the beginning of the Ethernet frame. What is the last field of a common Ethernet frame format today? _________ 3. and jumbo frames (up to 9216 bytes). These frame sizes include baby giants (up to 1600 bytes).2 The Ethernet Frame Format Here is information you should know regarding this format: The fields before the Data and Pad are collectively termed the header. The FCS field is the Frame Check Sequence. The field after the Data and Pad is known as the trailer. depending on the switch model. 2. It is simply a pattern of alternating 1 and 0 bits. allowing devices on the network to easily synchronize their receiver clocks. The Preamble. The purpose of this field is to determine whether the frame experienced transmission . The Preamble is seven bytes in length. The Type field is two bytes in length and identifies the protocol in the frame. It stores the appropriate source MAC. This is one byte in length. Some Cisco switches have the capability to support larger than default frames. The padding might exist so that the section can meet the minimum length requirement for this field of 46 bytes. FIGURE 4. The Destination MAC address field is six bytes in length to store the appropriate destination MAC address for the frame. Figure 4. The SFD is the Start Frame Delimiter. this field might indicate IPv4 or IPv6 in a network today.2 shows the most common Ethernet frame format.

Type C. What is the default MTU of the Data and Pad section of the Ethernet frame? A. What is the typical size of a Baby Giant frame in a modern network? . What field of the Ethernet frame indicates whether IPv4 or IPv6 is the protocol? A. 900 C. 2. SFD B. 3. The Frame Check Sequence field determines whether there was an error in the transmission of the frame. SFD B. Preamble 2. Topic: Troubleshoot interface and cable issues (collisions. Type C. 1200 B. The Type field indicates the protocol being carried. FCS D. 1600 CramQuiz Answers 1. What field of the Ethernet frame ensures the frame was not damaged in transit? A. B is correct. C is correct. What command allows you to quickly see the various errors that might have occurred on Gi0/1 on a Cisco switch? _________ 2. 1500 D. duplex. Preamble 3. The MTU for Ethernet is 1500 bytes in size. speed) CramSaver 1. What is the typical size of a Giant frame in a Gigabit Ethernet data center? _________ 3. C is correct. See the next section for much more information on this question. CramQuiz 1. errors. errors in its journey through the network. FCS D.

link type is auto. Note that many of these were not explicitly listed in the Cisco exam blueprint. ARP Timeout 04:00:00 Last input never. but are very likely to be tested. _________ 4. media type is unknown input flow-control is off.3eb4. Notice these is the last section of the output shown in Example 4. BW 1000000 Kbit/sec. Runts are frames that are beneath what size? _________ 5.2. show interface gi0/1 2. txload 1/255. Auto-speed. address is fa16. DLY 10 usec. EXAMPLE 4. output hang never Last clearing of "show interface" counters never . rxload 1/255 Encapsulation ARPA. Full duplex and half duplex There are many things that can go wrong when you are dealing with a technology as complex as local area networking! Here are many issues you should be aware of.b62b) MTU 1500 bytes. input flow-control is unsupported Auto-duplex. output flow-control is unsupported ARP type: ARPA.b62b (bia fa16. Name the two types of duplex options? _________ Answers 1. reliability 255/255. 1600 bytes 4. line protocol is up (connected) Hardware is iGbE. Approximately 9216 bytes 3. link type is auto.2 The show interface Output on a Cisco Switch Click here to view code image Switch#show interface gi0/1 GigabitEthernet0/1 is up. output 00:00:00. media type is unknown media type output flow-control is unsupported.3eb4. Unknown. 64 bytes 5. loopback not set Keepalive set (10 sec) Unknown. The show interface command on a switch displays a ton of potential errors and problems that might happen due to interface and cable issues.

For example. you needed to ensure that duplex mismatches did not occur between full-duplex (switched) areas and half-duplex areas. Today. 0 packets/sec 6783 packets input. 2 interface resets 0 unknown protocol drops 0 babbles. 0 no carrier. the Frame Check Sequence often is the source for catching these errors. autonegotiation to full-duplex between devices is common. This leads to what is termed microsegmentation. just understand that if an older device is hard coded to half-duplex and you code the LAN device connected to full duplex. These can be difficult to track down because some packets typically make it through the connection fine. Speed is another area where conflict can occur. 0 bytes. 0 deferred 0 lost carrier. 0 packets/sec 5 minute output rate 0 bits/sec. 0 late collision. Input queue: 0/75/0/0 (size/max/drops/flushes). 0 collisions. Each time a router forwards a packet on an Ethernet network. 0 frame. but this is also becoming a less common problem as technologies advance. Each port on a switch is a separate collision domain. 0 underruns 0 output errors. 0 giants. whereas others are dropped. This is the construction of your network so that all hosts exist as the only device in a collision domain. 0 overrun. For example. Remember. Duplex used to be a big concern in Ethernet LANs. Today. there could be electrical interference somewhere or a bad Network Interface Card that is not able to frame things correctly for the network. 0 ignored 0 watchdog. Errors might occur in your network for a wide a variety of reasons. Because you might be using half-duplex due to having hubs in your network. 0 throttles 0 input errors. 7107939 bytes. along with a new FCS. we have the ability to design full-duplex networks using switches that intelligently filter frames from being sent out all interfaces. a duplex mismatch can still result. 0 no buffer Received 14 broadcasts (0 multicasts) 0 runts. it replaces and rewrites the Layer 2 Ethernet header information. Total output drops: 32562 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec. 0 pause input 108456 packets output. 0 CRC. 0 output buffers swapped out Switch# Collisions should not occur in your properly designed switched network. 0 pause output 0 output buffer failures. For the exam. 1 Gigabit per second interfaces are quite common now and operate with each other seamlessly at 1 . In networks that operate in half duplex. 0 multicast. the technology of Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used to allow devices to operate on a half-duplex network.

overrun. The issue again becomes older equipment that might default to a slower speed causing a speed mismatch. Frame: The number of frames received that did not end on an eight-bit byte boundary. what if your frame is 1600 bytes in size? You have what networkers term a Baby Giant. Throttles: The number of times the local interface requested another local interface within the switch to slow down. ExamAlert Although the indicators in the preceding list are by far the most likely to appear in your exam. Runts are Ethernet frames that are less than 64 bytes and may be caused by excessive collisions. this is a result of congestion on the interface. here is a list of a few other conditions often included in show interface outputs: Output Hang: The number of hours. but technically can refer to anything over the standard IP MTU (Maximum Transmission Unit) of 1500 bytes. CRCs. giants. Input Errors: The total of no buffer. and seconds since the interface was last reset because of a transmission that took too long. This often indicates frames of 9216 bytes for Gigabit Ethernet. Broadcasts: The number of broadcasts received on the interface. No Buffer: The number of input packets dropped because of no available buffers. . and aborts errors. Baby Giant Frames: What if your Ethernet frame is just a little larger than the standard MTU of 1500 bytes? Specifically. ignored. This is made possible to detect thanks to the Frame Check Sequence on frame formats. Output Drops: The number of frames dropped on the output interface. Of course. Input Drops: The number of frames dropped on the input interface. frame. Gbps. these frames have become more rare as networks have become nearly collision free. Ignored: The frames dropped because the interface hardware buffers ran low on internal buffers. Abort: An illegal sequence of 1 bits was detected in a frame received. Typically. CRC: The Cyclic Redundancy Check failed on an input packet. minutes. runts. Jumbo Frames (Giants): Today many technologies are enhancing networks by adding information to Ethernet frames. This results in Jumbo Frames (Giants). Overrun: The number of times the receiver hardware was unable to transfer received data to a hardware buffer because the input rate exceeded the receiver’s ability to process the data.

CRC. Babbles: The number of frames transmitted greater than 1518 bytes in size. CramQuiz 1. Dribble Condition Detected: A dribble bit error indicates that a frame is slightly too long. Underruns: The number of times the sender has been running faster than the switch can handle. alignment. Lost Carrier: The number of times the carrier was lost during transmission. The result of a duplex mismatch is extremely slow performance. Alignment errors: Misaligned reads and writes. The frame is still accepted in this case. intermittent connectivity. No Carrier: The number of times the carrier was not present during the transmission. Note that something such as slow performance could also be caused by other issues. remember that many of these same conditions appear in show interface output from routers as well. Duplex mismatches can be tough to track down because there are a variety of symptoms possible. Interface Resets: The number of times the interface had a reset. Late Collision C. If counters in the output related to FCS. Output Buffer Failures: The number of times a frame was not output from the output hold queue because of a shortage of shared memory. or vice versa. Late Collision: A collision that occurs after the interface has started transmitting the frame. or runts are incrementing. and loss of connection. Deferred: The number of frames that were transmitted successfully after waiting because the media was busy. Duplex mismatch is a situation where the switch is operating at full-duplex and the connected device is operating at half-duplex. Ignored . Output Buffers Swapped Out: The number of frames stored in main memory when the output queue is full. ExamAlert Although this section focuses on switches. This is normally the result of missed keepalives from a neighboring device. Babble B. check for a duplex mismatch on your device. Which of the following is not a valid error typically seen in a show interface output? A.

What command allows you to view the addresses learned by a Cisco switch? A. 2. A is correct. The interface table D. The buffer table 3. Babble B. The routing table C. FCS C. Negotiation B. There is no Trickle reported in the output as this is not a valid counter. A Babble increments when the number of frames over 1518 bytes increases. Destination MAC 2. 3. Trickle 2. CDP D. B is correct. Preamble B. D. show mac-address-table . what field does the switch “learn” from? A. When a frame enters a Cisco switch. Ignored 3. Runt D. D is correct. Autonegotiation attempts to resolve a common duplex and speed between two Cisco devices. What is the name of the database that stores address information in a Cisco switch? A. Review Questions 1. What process on a Cisco device attempts to dynamically resolve speed and duplex between two devices? A. What counter increments if the number of frames transmitted is greater than 1518 bytes in size? A. Late Collision C. Source MAC D. LLDP CramQuiz Answers 1. Autonegotiation C. The MAC address table B.

show mac address-table C. 4. 2. show mac addresses 4. 3. C is correct. Why might padding be used in an Ethernet frame? A. how many collision domains are created? A.ly/2cBGaGu . The database is termed the MAC address table. To bring the length of the FCS field to 64 bytes D. B is correct. Five workstations connected to a switch are each in their own collision domain. C is correct. To bring the length of the SFD field to 1 byte 5. B is correct. show addresses D. If a switch has 5 workstations attached. B. A is correct.ajsnetworking.com/l2-gns3 Bridging and Switching Basics—http://bit. Additional Resources Using Layer 2 Virtual Switches Inside of GNS3 —http://www. Padding might be used in the Data and Pad field in order to bring it to the required minimum length of 46 bytes. 5. 5 D. The switch examines and learns the source MAC addresses of incoming frames. 1 B. 6 Answers to Review Questions 1. 0 C. To bring the entire length of the frame to 1500 bytes B. The command is show mac address-table. To bring the length of the data field to 46 bytes C.

1Q The Native VLAN STP PVST+ RPVST+ STP root bridge selection STP optional features PortFast BPDU guard Layer 2 Protocols Cisco Discovery Protocol Link Layer Discovery Protocol (LLDP) . and Switch Stacking. and troubleshoot STP-related optional features Configure and verify Layer 2 protocols This chapter ensures you are ready for the above topics from the LAN Switching Technologies section of the overall exam blueprint from Cisco Systems. Remember. Chapters Four and Six also exist in this grouping. and troubleshoot VLANs (normal/extended range) spanning multiple switches Configure. verify. verify. EtherChannel. Essential Terms and Components Virtual Local Area Networks (VLANs) Data Access Ports Voice Access Ports The Default VLAN Interswitch Links Trunk ports 802. Trunks. LAN Switching Technologies: VLANs. verify. verify. and troubleshoot interswitch connectivity Configure.Chapter 5. this chapter is just a portion of the LAN Switching Technologies area. These other chapters deal with switching fundamentals. and STP This chapter covers the following official CCNA 200-125 exam topics: Configure. and troubleshoot STP protocols Configure.

a Virtual Local Area Network (VLAN) is a broadcast domain you create on a switch. Client. Cisco Discovery Protocol (CDP). what does a VLAN equate to? _________ 2. VLAN 1. verify. If you are in doubt at all—read EVERYTHING in this chapter! 1. What command creates VLAN 30? _________ 5. VTP Transparent mode effectively disables VTP. the creation of the VLAN occurs when exiting VLAN configuration mode. 4.Topic: Configure. 5. Figure 5. 6. What is the default VLAN on a Cisco switch? _________ 6. and troubleshoot VLANs (normal range) spanning multiple switches CramSaver If you can correctly answer these CramSaver questions. What protocol allows a Cisco IP phone to function properly with the Voice VLAN and the Cisco switch? _________ Answers 1. and Transparent. A VLAN equates to an IP subnet. Remember.1 shows an example of VLANs created on a Cisco switch. 2. What VTP mode effectively disables VTP? _________ 4. What is the default VTP mode on a Cisco switch? _________ 3. The default VTP mode is Server. vlan 30. 3. . This domain also coordinates to a TCP/IP subnet. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. Some switches also support the mode of Off in addition to Server. From an IP perspective.

0 (no valid interface found) Feature VLAN: -------------- VTP Operating Mode : Server Maximum VLANs supported locally : 1005 Number of existing VLANs : 5 Configuration Revision : 0 MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD .0.0.1 shows the default VTP status of a Cisco switch.1 VLANs on a Cisco Switch Cisco provides VLAN Trunking Protocol (VTP) in order to assist you with VLAN creation across many switches. FIGURE 5. this is why the word Trunking appears in the name.0 at 0-0-00 00:00:00 Local updater ID is 0.0. In fact. Example 5.1 The VTP Status of a Default Configuration for a Cisco Switch Click here to view code image Switch#show vtp status VTP Version capable : 1 to 3 VTP version running : 1 VTP Domain Name : VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : fa16.3ebb. In order for VLAN creation to automatically span switches.0. the switches must be connected with special interswitch links called trunks.cb23 Configuration last modified by 0. EXAMPLE 5. The next section of this chapter focuses on these trunks.

Another mode termed Transparent basically disables VTP. use the hostname command from global configuration mode. or hyphens and no spaces. Notice that one powerful command for verifying your VLANs is show vlan brief.---------- .------------------------------. The limits for the hostname are 63 characters. Switch(config)#vlan 30 Switch(config-vlan)#name WEST Switch(config-vlan)#do show vlan brief VLAN Name Status Ports ---.3 demonstrates several critical exam points.3 Configuring and Verifying a VLAN Click here to view code image Switch#configure terminal Enter configuration commands. Example 5. whereas a mode termed Client allows switches to inherit the VLAN information from a server(s). one per line. EXAMPLE 5. if you want to configure a hostname for the switch itself. This permits you to create and modify VLANs on this local device. End with CNTL/Z. Also. EXAMPLE 5. Note that you cannot create VLANs locally on a VTP Client device. Also notice that the new VLAN of WEST does not appear in the output because you have not exited from (config-vlan) mode.---------. numbers.2 shows the creation of a VLAN on a Cisco switch.2 Creating a VLAN on a Cisco Switch Click here to view code image Switch(config)#vlan 20 Switch(config-vlan)#name EAST Switch(config-vlan)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# ExamAlert Example 5. 0x56 0x9D 0x4A 0x3E 0xA5 0x69 0x35 0xBC Switch# Note the VTP Operating Mode is set to Server by default. letters. The name also must begin and end with a letter or number.

Gi0/2.------------------- ------- 1 default active Gi0/0. Gi0/2. Typically.-------------------------.4 Configuring and Verifying an Interface for a VLAN Click here to view code image Switch#configure terminal Enter configuration commands. one per line. Gi0/1. By default. Gi1/0 20 EAST active Gi0/1 30 WEST active 40 TEST active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup . It is a best practice to remove all ports from this default VLAN. --------.4 demonstrates configuring an interface for participation in a data VLAN as well as the simple verification. Gi0/3 Gi1/0 20 EAST active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Switch(config-vlan)# Notice that there is a VLAN 1 by default on a Cisco switch and that all non- trunk ports are listed as participants of this VLAN. End with CNTL/Z. two hosts connected to the same switch will be in separate collision domains (one per port). This is termed the default VLAN. --------- 1 default active Gi0/0. engineers create a special unused VLAN for any ports they are not using on the switch. Gi0/3. Switch(config)#interface gi0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan brief VLAN Name Status Ports ---. But what good is a VLAN if interfaces (ports) are not participating in it? Example 5. EXAMPLE 5. but will both be part of the same Layer 2 broadcast domain and VLAN.

5 The Configuration and Verification of the Voice VLAN Click here to view code image Switch#configure terminal Enter configuration commands. Example 5. Switch(config)#vlan 50 Switch(config-vlan)#name VOICE Switch(config-vlan)#exit Switch(config)#interface gi0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 30 Switch(config-if)#switchport voice vlan 50 Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan brief VLAN Name Status Ports ---.------------------------. Gi0/3. Because this is a default on the switch. Gi1/0 20 EAST active Gi0/1 30 WEST active Gi0/2 40 TEST active 50 VOICE active Gi0/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Switch#show interface gi0/2 switchport Name: Gi0/2 Switchport: Enabled Administrative Mode: static access . no configuration for CDP is shown here. 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Switch# ExamAlert Another big concern for your CCNA exam is the configuration of a Voice VLAN for IP phones to send their data in.5 demonstrates the Voice VLAN configuration and verification. Note the Cisco Discovery Protocol (CDP) is required for Cisco IP phones to function properly with this configuration. ----------------- - 1 default active Gi0/0. EXAMPLE 5. one per line. End with CNTL/Z.--------.

How many broadcast domains exist on the switch? A.5. Your Cisco switch has been configured with five different VLANs. Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 30 (WEST) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: 50 (VOICE) Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none Switch# Notice in the output in Example 5. What VTP mode would prevent you from creating a VLAN on the local switch? . 0 B. show vtp status C. What command allows you to easily verify your VTP mode? A. the show interface switchport command is used for verifying the Voice VLAN functionality. 1 C. CramQuiz 1. show vtp server D. 5 D. 10 2. show vtp brief 3. show vtp mode B.

What command allows you to verify the Voice VLAN configuration? A. Each VLAN is a broadcast domain. switchport vlan 10 voice D. A is correct. Client mode prevents local VLAN creation. Server C. The show vlan brief command allows you to easily verify the VLANs and the interface assignments. Off 4. 3. switchport mode vlan 20 C. show interface gi0/1 vlan D. then you have five broadcast domains. show vlan status C. show vlan database 5. 5. switchport vlan 20 B. Transparent D. The command is switchport access vlan 20. show interface gi0/1 switchport C. show vlan brief B. What command assigns an access port to Voice VLAN 10? A. Client B. What command assigns an access port to VLAN 20? A. switchport voice vlan 10 B. show vlan information D. If there are five defined on the switch. switchport assign vlan 20 D. The show vtp status command allows you to verify many basic VTP parameters. A is correct. show interface gi0/1 vlan assign CramQuiz Answers 1. C is correct. show interface gi0/1 voice B. B is correct. switchport access vlan 10 7. 4. A. switchport access vlan 20 6. D is correct. switchport access vlan 10 voice C. 2. What command allows you to view the VLANs and interface assignments on your switch? A. .

The command is switchport voice vlan 10. There are security concerns brought about by the Native VLAN. What is the default Native VLAN in Cisco networking? _________ 4. Figure 5. Specifically. It fully re-encapsulated the frame in order to add a VLAN marking. 802. and troubleshoot interswitch connectivity CramSaver 1. How does a switch move the traffic of different VLANs from switch to switch? It is a trunk link. The command show interface gi0/1 switchport is very powerful and displays verbose information regarding the interface configuration. B is correct.1Q trunk link. It was called Inter Switch Link (ISL) and it took an interesting approach. Cisco originally created their own method of marking traffic with a VLAN ID for transport over an interswitch link.1Q takes a different approach. What is the most common Ethernet trunking protocol in use today? _________ 2. 3. 802. including the Voice VLAN. verify. The default Native VLAN is VLAN 1. Why are administrators typically concerned about the Native VLAN? _________ Answers 1. It injects in a tag value in the existing frame. 802.1Q is the most common Ethernet trunking protocol in use today. A is correct.1Q allows multiple VLANs to be supported over a single trunk interface.1Q Tag . FIGURE 5.2 shows the 802. The Native VLAN is not tagged. Topic: Configure. an 802. 2. What is the name of the VLAN that is not tagged on an Ethernet trunk? _________ 3. 6.1Q approach which is inserted between the Source MAC address and Type fields of the frame. 7.2 The 802. 4.

End with CNTL/Z. VLAN identifier (VID): A 12-bit field specifying the VLAN to which the frame belongs. EXAMPLE 5.1p class of service and maps to the frame priority level.1Q-tagged frame.6 The Configuration and Verification of Trunking Click here to view code image Switch#configure terminal Enter configuration commands.6 demonstrates the configuration and verification of 802.Here is the breakdown of these values: Tag protocol identifier (TPID): A 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802. Tag control information (TCI): This section consists of the following: Priority code point (PCP): A three-bit field that refers to the IEEE 802. Drop eligible indicator (DEI): A one-bit field that may be used separately or in conjunction with PCP to indicate frames eligible to be dropped in the presence of congestion.1Q trunking on a Cisco switch. Example 5. Switch(config)#interface gi1/0 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show interface gi1/0 switchport Name: Gi1/0 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none . one per line.

40.50 Switch# There is a very special VLAN in your infrastructure by default.1Q tag inserted in a frame? A.20. switchport trunk dot1q C. Where is an 802.30. switchport trunk B.40. CramQuiz 1. Between the Preamble and the SFD B. CDP messages are sent over the Native VLAN by default. It is the only untagged VLAN in the infrastructure. What command configures an interface to trunk? A. Between the Source and Destination MAC addresses C.30. Why would Cisco introduce a Native VLAN feature? The idea was to use this for management traffic and this critical traffic can still flow between devices even if a link loses its trunking status. It is the termed the Native VLAN.50 Port Vlans in spanning tree forwarding state and not pruned Gi1/0 1. This VLAN is not tagged. Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none Switch#show interface trunk Port Mode Encapsulation Status Native vlan Gi1/0 on 802. Between the Source MAC and Type fields D. By default.1q trunking 1 Port Vlans allowed on trunk Gi1/0 1-4094 Port Vlans allowed and active in management domain Gi1/0 1. Between the Source MAC and FCS fields 2.20. switchport mode trunk D. switchport trunk enable 3. the Native VLAN is VLAN 1—the default VLAN. What command allows you to quickly view all of the trunks on your switch? .

show trunk all 4. show trunk interface D. Today. 2. and troubleshoot STP protocols CramSaver 1.1Q trunking function failed. The command is show interface trunk. C is correct. The tag is inserted between the Source MAC and Type fields. What is the converged state of the nondesignated port? _________ 4. C and D are correct. This reduces some vulnerabilities. Disable VLAN 1 C. A. show vlans trunk B. Voice VLAN traffic D. If your Cisco switch is using PVST+. What was the intent of the Native VLAN feature? A. What are two methods that a network engineer might use in order to stop security issues with the Native VLAN? (Choose two) A. 3. Topic: Configure. engineers will tag the Native VLAN or use an unused VLAN for the Native VLAN. show interface trunk C. The command is switchport mode trunk. D is correct. B is correct. What two values make up the bridge ID for STP purposes? _________ 2. Management traffic 5. C is correct. what is the indication in the show spanning-tree command? _________ 3. verify. Use an unused VLAN for the Native VLAN CramQuiz Answers 1. What value does STP use in order to calculate the root port? . Security traffic B. 4. 5. Eliminate VLAN 1 B. Tag the Native VLAN D. Monitoring traffic C. The intent of the Native VLAN was to carry management traffic in the event the 802.

The bridge ID is made up of the priority value and the system ID. F. STP elects a root bridge. a two-byte priority value and a six-byte system ID. This switch is called the designated switch. STP gives this port the role called root port. Blocking 4. The six-byte system ID is based on the built-in MAC address for the switch. the switch with the lowest root cost is placed in forwarding state on that shared link. the . 6. 4. This bridge ID is an eight-byte value that is unique for each switch. 2. 7. ExamAlert Notice that if you do not modify the priority values on your switches. Each nonroot switch calculates which one of its ports has the least cost between itself and the root bridge. remember the MAC address is in hexadecimal and begins the BID. If so. In fact. 8. The root cost value is used to calculate a root port. This identifier consists of two parts. The classic version termed 802. 2. many switches can attach to the same Ethernet segment. To elect the root bridge. IEEE 3. ExamAlert When analyzing the lowest bridge ID (BID) for the root switch election. and that switch’s forwarding interface on that shared link is the designated port for that segment. 2. 3. The device with the lowest bridge ID becomes the root bridge. it is implemented on a Per VLAN basis using a mode Cisco calls Per VLAN Spanning Tree Plus (PVST+). The hex numbering system is as follows: 0. A. D. Nonroot and nondesignated ports in the topology are placed in a blocking state. This cost value we call the switch’s root cost. 9.1D might be the default on your Cisco Layer 2 switch today. B. your CCNA exam blueprint even calls this process out for your mastery. Spanning-Tree Protocol (STP) is one technology of many that allows you to add redundancy to your switched infrastructure without causing Layer 2 switching loops. switches use STP Bridge Protocol Data Units (BPDUs) to carry their bridge ID information. _________ Answers 1. There are several different versions of STP in use today. All ports on this device are given a role called designated ports and each is placed in a forwarding state. This classic version of STP operates as follows: 1. 1. C. E. Obviously. 3. Notice that the key first step in this process is the election of the root bridge. 5. When two nonroot switches directly connect. and it is placed in the forwarding state. 4.

3e2c. Let’s use Figure 5.7 Verifying and Troubleshooting STP Click here to view code image DISTSW1# DISTSW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address fa16. and troubleshooting of STP.8b4f Cost 4 Port 2 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address fa16.8330 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec . This command is simply show spanning-tree.3 Our STP Topology We begin on DISTSW1 with Example 5. verification.3e3e.7 and run a key verification and troubleshooting command for STP.3 in order to study the configuration. EXAMPLE 5. FIGURE 5. election of the root bridge is based on the switch with the lowest built-in MAC address in your topology.

The root bridge in this topology has the MAC address of fa16.-------.8330 with a bridge priority of 32769.8b4f This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address fa16. including the following: The VLAN running STP in our topology is VLAN0001. Both of our local switch ports are in the forwarding state.Nbr Type ------------------. ---.3e3e.3 Shr DISTSW1# From this command output. Where is the root bridge? It must be the device off of the ge0/1 interface (the root port). Our local bridge ID is fa16.------------- --------- Gi0/1 Root FWD 4 128. This is ACCSW1. The STP mode that is running by default on this device is ieee. Let’s confirm this with show spanning-tree on that device.8.--.2 Shr Gi0/2 Desg FWD 4 128. Aging Time 300 sec Interface Role Sts Cost Prio. as shown in Example 5.8 Verifying and Troubleshooting STP on ACCSW1 Click here to view code image ACCSW1# ACCSW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address fa16. and a priority value of 32769 (this is the default value of 32768 plus the VLAN ID of 1).8b4f.8b4f Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec .--------. this means PVST+ (802.3e2c.3e2c. we are not the root bridge. EXAMPLE 5. we can determine some important details regarding our Spanning-Tree topology.1D).3e2c. and the other port is a designated port. one port is the root port.

2 Shr Gi0/2 Altn BLK 4 128.------------- --------- Gi0/1 Desg FWD 4 128. as the output in Example 5. you can see that the root ID information matches the bridge ID information.-------.9 Verifying and Troubleshooting STP on DISTSW2 Click here to view code image DISTSW2# DISTSW2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address fa16.--. also. we can determine the following: Because this is the root bridge. Interface Role Sts Cost Prio.Nbr Type ------------------.--.--------. all of the ports on this device are forwarding and are designated ports.-------.3 Shr ACCSW1# From this output. ---. As described earlier.--------.3 Shr . ---.3edb.8b4f Cost 4 Port 2 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address fa16. there is additional output that clearly states: This bridge is the root. So where is the blocking taking place in this topology? It must be on the device DISTSW2.9 confirms.e1e9 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.------------- --------- Gi0/1 Root FWD 4 128.3e2c. EXAMPLE 5.2 Shr Gi0/2 Desg FWD 4 128.Nbr Type ------------------.

8330 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address fa16. DISTSW2# Notice the following on DISTSW2: The root port (gi0/1) is in a forwarding state and connects directly to the root bridge of ACCSW1. EXAMPLE 5. Lower the priority value on that device. verification should be simple on DISTSW1 thanks to show spanning-tree.10 Configuring the STP Priority Value Click here to view code image DISTSW1# DISTSW1#configure terminal Enter configuration commands. as demonstrated in Example 5. Example 5.11 Verifying that DISTSW1 Is the New Root Bridge Click here to view code image DISTSW1# DISTSW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 4097 Address fa16.3e3e. EXAMPLE 5.11. This causes a recomputation of the STP topology.8330 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec . The nondesignated port is gi0/2 and is in the blocking state. How can you reconfigure this topology so that the root bridge is DISTSW1? The answer is simple. End with CNTL/Z. one per line.10 demonstrates this configuration. DISTSW1(config)#spanning-tree vlan 1 priority 4096 DISTSW1(config)#end DISTSW1# If this reconfiguration worked. this port connects to the nonroot bridge of DISTSW1.3e3e.

End with CNTL/Z. EXAMPLE 5.13 Verifying RPVST+ Click here to view code image DISTSW1# DISTSW1#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 4097 Address fa16. Rapid Spanning- Tree Protocol (RSTP) was invented to improve convergence time.12 Configuring the Switch for RPVST+ Click here to view code image DISTSW1# DISTSW1#configure terminal Enter configuration commands.13 demonstrates.3e3e. once again we can rely on show spanning-tree as Example 5.--------. one per line.8330 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec .--. Interface Role Sts Cost Prio.12.3e3e.8330 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4097 (priority 4096 sys-id-ext 1) Address fa16. as shown in Example 5. it can be fairly slow to converge.-------. EXAMPLE 5. Cisco implements RSTP with a VLAN by VLAN version named Rapid Per VLAN Spanning Tree Plus (RPVST+).Nbr Type ------------------.2 Shr Gi0/2 Desg FWD 4 128. It is simple to make this change on a device.------------- --------- Gi0/1 Desg FWD 4 128. DISTSW1(config)#spanning-tree mode rapid-pvst DISTSW1(config)#end DISTSW1# To verify this change. ---.3 Shr DISTSW1# Although PVST+ does a decent job.

8192 D. spanning-tree priority 4096 vlan-id 10 CramQuiz Answers 1. spanning-tree priority 4096 vlan 10 C.Nbr Type ------------------. spanning-tree 4096 10 D. Elect a root bridge D. show spanning-tree 4.-------. it would also be a sound practice to implement the same method of spanning tree on the other switches in the topology as well. spanning-tree vlan 10 priority 4096 B. Block nondesignated ports B. Calculate root ports 2. Calculate designated ports C. show 802dot1d B. 4098 3. ---.2 Shr Peer(STP) Gi0/2 Desg FWD 4 128.--. What is the first step of the STP convergence process? A. show redundancy D. show topology spanning-tree C. What is the default STP priority value? A. 32768 C. 0 B. Interface Role Sts Cost Prio.------------- -------- Gi0/1 Desg FWD 4 128.--------. What command sets the priority to 4096 for VLAN 10? A. The first step of the STP convergence process is to elect a root . C is correct.3 Shr Peer(STP) DISTSW1# In production. What command allows you to see the current STP parameters on your Cisco switch? A. CramQuiz 1.

What optional STP feature is a protection mechanism against switch loops and is triggered by seeing a BPDU? _________ Answers 1. 4. PortFast speeds the time it takes a port to move from blocking to forwarding in an STP topology. D is correct.14 demonstrates how easy it is to configure this powerful optional feature. ACCSW1(config)#interface gi0/3 ACCSW1(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a . Although there are many. The show spanning-tree command is extremely valuable for checking the STP status. A is correct. 3. and troubleshoot STP-related optional features CramSaver 1. BPDU Guard STP has some powerful optional features you should consider. verify. 2. EXAMPLE 5. PortFast 2. End with CNTL/Z. B is correct. This feature should not be used on ports that connect to switches because it can cause a switching loop. for the purposes of the CCNA exam. you are responsible for understanding two— PortFast and BPDU Guard. This feature is used on ports connecting to servers and workstations. bridge. The default priority value for STP switches is 32768. What optional STP feature permits ports to quickly transition from blocking to forwarding? _________ 2. Example 5. one per line. The spanning-tree vlan 10 priority 4096 sets the priority value for the switch in VLAN 10. Topic: Configure.14 Configuring PortFast Click here to view code image ACCSW1# ACCSW1#configure terminal Enter configuration commands.

ce35 . Port Identifier 128. ACCSW1(config)#interface gi0/3 ACCSW1(config-if)#spanning-tree bpduguard enable ACCSW1(config-if)#end ACCSW1# Verifying these configurations involves nothing more than using the show spanning-tree interface detail command.15 Configuring BPDU Guard Click here to view code image ACCSW1# ACCSW1#configure terminal Enter configuration commands. EXAMPLE 5. EXAMPLE 5.16. ACCSW1(config-if)#end ACCSW1# What if you configure PortFast on this port that connects to a server. single host. End with CNTL/Z. bridges.. can cause temporary bridging loops..3e49. Designated root has priority 32770.3e49. switches. one per line.15 shows this configuration. etc. address fa16.4. concentrators. Use with CAUTION %Portfast has been configured on GigabitEthernet0/3 but will only have effect when the interface is in a non-trunking mode. address fa16.ce35 Designated bridge has priority 32770. but someone comes along and either accidentally or maliciously connects a switch? The BPDU Guard feature can detect this and ensure the port is error disabled for safety and security. to this interface when portfast is enabled.16 Verifying PortFast and BPDU Guard Click here to view code image ACCSW1# ACCSW1#show spanning-tree interface gi0/3 detail Port 4 (GigabitEthernet0/3) of VLAN0002 is designated forwarding Port path cost 4. Port priority 128. as shown in Example 5. Connecting hubs. Example 5.

forward delay 0. designated path cost 0 Timers: message age 0. What is the Cisco Layer 2 protocol for discovering neighbors? _________ 2. What command configures a port to dynamically error disable should a BPDU be received? A. spanning-tree bpdufilter enable B.4. Designated port id is 128. spanning-tree port-fast enable 2. spanning-tree portfast B. received 0 ACCSW1# Notice toward the end of this output it is reported that The port is in the portfast edge mode and BPDU guard is enabled. 2. spanning-tree bpduguard enable CramQuiz Answers 1. A is correct. spanning-tree rstp D. D is correct. spanning-tree bpduguard D. What command allows a port to more quickly transition from blocking to forwarding? A. The spanning-tree portfast command is done in interface configuration mode. hold 0 Number of transitions to forwarding state: 1 The port is in the portfast edge mode Link type is shared by default Bpdu guard is enabled BPDU: sent 349. It is an interface-level configuration command. spanning-tree switchguard enable C. What is the open standard protocol for discovering neighboring devices? _________ . spanning-tree convergefast C. Topic: Configure and verify Layer 2 protocols CramSaver 1. The spanning-tree bpduguard enable command produces this behavior. CramQuiz 1.

you can use the commands shown in Example 5. and network-independent protocol that networking applications use to learn about nearby. To ensure it has not been disabled globally on the device. Cisco IP phones also use it to communicate their capabilities and VLAN information to their local switch.17 Ensuring CDP is Running on the Device and an Interface Click here to view code image Switch#configure terminal Enter configuration commands. media-independent. one per line. Switch(config)#cdp run Switch(config)#interface gi1/0 Switch(config-if)#cdp enable Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# Why might an administrator disable CDP globally or on certain interfaces? The answer is clear—they are concerned about their device sharing information with an unauthorized neighbor. To quote Cisco themselves: “Cisco Discovery Protocol is a Layer 2. This can prove useful when you are unsure of the topology. ExamAlert Remember. Two routers connected to the same switch would not see each other’s CDP messages. Cisco Discovery Protocol (CDP) 2. on all interfaces.17. This concern is legitimate and often leads to disabling CDP from specific public facing interfaces.” . What is the default status of for Cisco’s Layer 2 protocol for discovering neighbors? _________ Answers 1. It does not rely on other protocols. directly connected devices. End with CNTL/Z. 3. EXAMPLE 5. CDP is its own Layer 2 protocol. or to ensure it has not been “trimmed” off an interface. CDP messages from a Cisco router are not forwarded by a directly connected Cisco switch. CDP is enabled by default on Cisco routers and switches. CDP is enabled by default Cisco Discovery Protocol is a Layer 2 protocol that allows Cisco devices to communicate information about each other to their directly connected neighbors. Link Layer Discovery Protocol (LLDP) 3.

no cdp enable C. Example 5. What Cisco technology heavily relies upon CDP? A. Note that CDP and LLDP basically serve the same purpose. Video on Demand C.18 Ensuring LLDP is Running Globally and on an Interface Click here to view code image Switch#configure terminal Enter configuration commands. NTP 3. Unlike CDP. UDP C. Switch(config)#lldp run Switch(config)#interface gi1/0 Switch(config-if)#lldp transmit Switch(config-if)#lldp receive Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# CramQuiz 1. What command disables CDP globally on a device? A. EXAMPLE 5.18 shows the commands that may be used to configure LLDP. cdp stop CramQuiz Answers . one per line. End with CNTL/Z. they provide a method for network devices to communicate information about themselves. VoIP B. LLDP is not enabled globally by default. cdp disable D. The open standard approach is Link Layer Discovery Protocol (LLDP). no cdp run B. What technology does CDP rely upon in its operation? A. TCP B. ICMP D. STP D.CDP is obviously a Cisco-specific solution. Layer 2 2.

Exit from config-vlan mode B. PortFast B. Review Questions 1. UplinkFast C. What two STP features are recommended for ports that connect to workstations or servers? (Choose two. VLAN 10 B. CDP 2. The no cdp run command is how you globally disable CDP on a device. TRILL D. and does not use TCP. Place the device in Client mode D. What protocol exists to assist you in creating VLANs across different devices with ease? A. CDP operates at Layer 2. Save the running configuration 3. What is the default VLAN in Cisco networking? A.) A. VoIP relies upon CDP for neighbor discovery and capabilities exchange. VLAN 0 C. 2.) A. What must you do in order to place VLAN 20 in the VLAN database on your local device? A. VTP B. Restart the device C. D is correct. A is correct. What are the two modes of STP you should be familiar with? (Choose two. UDP. STP C. SPAN D. VLAN 4092 D. RPVST+ 5. MSTP B. VLAN 1 4. BPDU Guard D. BackboneFast . or ICMP. PVST+ C. 3. A is correct. 1.

VLAN 1 is the default VLAN in Cisco. Why. CDP is disabled by default.ajsnetworking. D is correct. 4. CDP is a Layer 2 protocol.ajsnetworking. 3. D. B and D are correct. Which statement about CDP is correct? A. Cisco implements these as PVST+ and RPVST+. VTP allows you to configure or modify VLANs on a central device and then have these configurations synchronize across multiple switches. CDP is a media and protocol-independent Layer 2 protocol. A is correct. In order to complete a VLAN configuration. 6. D is correct. B.com/vlans- what-why-and-how Topology Change with STP—http://www. Classic STP and Rapid STP are the two versions. A and C are correct.ajsnetworking. and How?—http://www.com/what-is-a-vlan VLANs—What. 6. CDP is disabled on all serial interfaces by default. These features speed convergence and guard against topology misconfigurations. Answers to Review Questions 1. The PortFast and BPDU Guard features are excellent optional features or ports that connect to workstations or servers. CDP relies upon TCP.com/topology- change-stp . 2. you must exit from config-vlan mode. A is correct. C. Additional Resources What Is a VLAN—http://www. 5.

What technology aggregates multiple physical links to have them act as one link? _________ 2. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. verify. If you are in doubt at all—read EVERYTHING in this chapter! 1. and troubleshoot (Layer 2/Layer 3) EtherChannel Describe the benefits of switch stacking and chassis aggregation This chapter ensures you are ready for the above topics from the LAN Switching Technologies section of the overall exam blueprint from Cisco Systems. and troubleshoot (Layer 2/Layer 3) EtherChannel CramSaver If you can correctly answer these CramSaver questions. These other chapters deal with basic switching topics. LAN Switching Technologies: EtherChannel and Switch Stacking This chapter covers the following official CCNA 200-125 exam topics: Configure. this chapter is just a portion of the LAN Switching Technologies area. Remember. What are three options for the EtherChannel configuration? _________ Answers .Chapter 6. Chapters Four and Five also exist in this grouping. VLANs and trunking configurations. verify. as well as Spanning-Tree Protocol (STP). Essential Terms and Components EtherChannel Layer 2 EtherChannel Layer 3 EtherChannel Static EtherChannel PAgP LACP Switch Stacking Chassis Aggregation Topic: Configure.

1 Configuring a Static EtherChannel Click here to view code image DISTSW1#configure terminal Enter configuration commands. The number of EtherChannels that a switch supports will vary from device to device. To create EtherChannels. It does not block any link within that bundle.1 The EtherChannel Topology Example 6. With EtherChannel. Layer 2 and Layer 3 EtherChannel 2. FIGURE 6. End with CNTL/Z. STP gets tricked by this. you should use interfaces that are of the same type and capabilities from a physical perspective. you take multiple links between two Cisco switches and bundle them together to act like a single link. Of course. Why? Because EtherChannel tricks STP. PAgP The EtherChannel capability of Cisco switches is often included as part of Spanning- Tree Protocol discussions. 1. Figure 6. but for bundles that are not blocked. . verifying. You should also ensure they are configured identically.1 demonstrates the configuration of a Layer 2 EtherChannel that is statically configured. Static. EXAMPLE 6. one per line. they enjoy the redundancy and increased bandwidth that EtherChannel provides. A typical number supported for many Cisco switches is eight total EtherChannels. it might need to block the entire bundle in order to avoid Layer 2 loops.1 shows the topology we use for configuring. and troubleshooting the various EtherChannel configurations. LACP.

But did the configuration work? Example 6. the ID of 1 is locally significant only and the mode of on indicates a static configuration. this prevents EtherChannel misconfiguration errors as the other side of this link defaults to the use of PAgP for dynamically configuring an EtherChannel. We issue the shutdown command first. DISTSW1(config)#interface range gi0/1 . End with CNTL/Z. We use the channel-group command to create the EtherChannel. changed state to administratively down DISTSW1(config-if-range)#channel-group 1 mode on DISTSW1(config-if-range)#end DISTSW1# DISTSW1# ACCSW1# ACCSW1#configure terminal Enter configuration commands. When the other side of the link (ACCSW1) possesses the same configuration. DISTSW1(config)#interface range gi0/1 . EXAMPLE 6. gi0/3 DISTSW1(config-if-range)#shutdown DISTSW1(config-if-range)# %LINK-5-CHANGED: Interface GigabitEthernet0/1. we no shutdown the interfaces on DISTSW1. gi1/0 ACCSW1(config-if-range)#channel-group 1 mode on Creating a port-channel interface Port-channel 1 ACCSW1(config-if-range)#end ACCSW1# DISTSW1# DISTSW1#configure terminal Enter configuration commands. End with CNTL/Z.2 demonstrates how easy the EtherChannel is to verify. one per line. ACCSW1(config)#interface range gi0/1 . gi0/3 DISTSW1(config-if-range)#no shutdown DISTSW1(config-if-range)#end DISTSW1# Notice the following about this configuration: We use the interface range command in order to configure the two interfaces simultaneously. one per line. changed state to administratively down %LINK-5-CHANGED: Interface GigabitEthernet0/3.2 Verifying a Static EtherChannel .

unsuitable for bundling w . There are two settings possible here—auto and desirable. Gi0/1(P) Gi0/3(P) DISTSW1# Notice the following from this output: The configuration created a logical port-channel interface with an ID of 1 The port-channel interface is Layer 2 (S) and in use (U) The physical interfaces are labeled as bundled in a port-channel (P) Next. no aggregation f . we will create a Layer 2 EtherChannel using the built-in and default dynamic method of using the Port Aggregation Protocol (PAgP).3 demonstrates this configuration and verification.failed to allocate aggregator M .Click here to view code image DISTSW1# DISTSW1#show etherchannel 1 summary Flags: D .down P . port not aggregated due to minimum links not met u .Layer3 S .not in use.suspended H .stand-alone s . minimum links not met m .bundled in port-channel I .3 Using PAgP to Form a Layer 2 EtherChannel Click here to view code image ACCSW1# ACCSW1#configure terminal .in use N .not in use.not in use.waiting to be aggregated d .Hot-standby (LACP only) R . EXAMPLE 6. Example 6.Layer2 U .formed by Auto LAG Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------- --------- 1 Po1(SU) .default port A .

End with CNTL/Z.default port A .not in use.not in use.Layer3 S .in use N .unsuitable for bundling w . one per line.bundled in port-channel I .formed by Auto LAG Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------- --------- 2 Po2(SU) PAgP Gi0/1(P) Gi0/3(P) DISTSW2# Next we will create a Layer 2 EtherChannel using LACP for automatic negotiation. Notice that here we use the shutdown approach once again on the interfaces to avoid a misconfiguration with the default mode of PAgP.stand-alone s . Enter configuration commands. ACCSW1(config)#interface range gi0/2 . End with CNTL/Z.failed to allocate aggregator M .not in use.Layer2 U . port not aggregated due to minimum links not met u .4. minimum links not met m . gi1/1 ACCSW1(config-if-range)#channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 ACCSW1(config-if-range)#end ACCSW1# DISTSW2# DISTSW2#configure terminal Enter configuration commands.down P . as shown in Example 6. one per line. no aggregation f . gi0/3 DISTSW2(config-if-range)#channel-group 2 mode desirable Creating a port-channel interface Port-channel 2 DISTSW2(config-if-range)#end DISTSW2# DISTSW2#show etherchannel summary Flags: D .Hot-standby (LACP only) R . .waiting to be aggregated d . DISTSW2(config)#interface range gi0/1 .suspended H . This mode uses Active or Passive settings.

default port A .formed by Auto LAG .unsuitable for bundling w .not in use.Layer2 U .stand-alone s . port not aggregated due to minimum links not met u .failed to allocate aggregator M . gi1/0 DISTSW1(config-if-range)#no shutdown DISTSW1(config-if-range)#end DISTSW1# DISTSW1# DISTSW1#show etherchannel 3 summary Flags: D . minimum links not met m .Layer3 S . one per line.waiting to be aggregated d .4 Using PAgP to Form a Layer 2 EtherChannel Click here to view code image DISTSW1# DISTSW1# DISTSW1#configure terminal DISTSW1(config)#interface range gi0/2 . gi1/0 DISTSW1(config-if-range)#shutdown DISTSW1(config-if-range)#channel-group 3 mode active Creating a port-channel interface Port-channel 3 DISTSW1(config-if-range)#end DISTSW1# DISTSW2# DISTSW2#configure terminal Enter configuration commands.EXAMPLE 6. DISTSW2(config)#interface range gi0/2 . no aggregation f . gi1/0 DISTSW2(config-if-range)#channel-group 3 mode active Creating a port-channel interface Port-channel 3 DISTSW2(config-if-range)#end DISTSW2# DISTSW1# DISTSW1#configure terminal DISTSW1(config)#interface range gi0/2 .suspended H .not in use.Hot-standby (LACP only) R .not in use.down P .in use N . End with CNTL/Z.bundled in port-channel I .

LACP C. What is the default EtherChannel mode on a Cisco switch? A. Static D. Note how we create the port- channel interface first and assign it an IP address. LACP. static. Where do you assign the IP address in a Layer 3 EtherChannel? A.255.10. PAgP B.10. gi0/3 DISTSW1(config-if-range)#no switchport DISTSW1(config-if-range)#shutdown DISTSW1(config-if-range)#channel-group 1 mode on DISTSW1(config-if-range)#no shutdown DISTSW1(config-if-range)#end DISTSW1# CramQuiz 1. Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+---------------------------- --------- 3 Po3(SU) LACP Gi0/2(P) Gi1/0(P) DISTSW1# Configuring a Layer 3 EtherChannel is also simple. Remember.5 Configuring a Layer 3 EtherChannel Click here to view code image DISTSW1# DISTSW1#configure terminal DISTSW1(config)#interface port-channel 1 DISTSW1(config-if)#no switchport DISTSW1(config-if)#ip address 10.255. NULL 2. We removed all previous configuration to DISTSW1 and demonstrate this configuration in Example 6. The physical interfaces B. and PAgP options all still exist. The port-channel interface .5. EXAMPLE 6.0 DISTSW1(config-if)#exit DISTSW1(config)#interface range gi0/1 .1 255.

this eliminates the need to block links between these switches. A is correct. Topic: Describe the benefits of switch stacking and chassis aggregation CramSaver 1. channel-group 10 mode enable CramQuiz Answers 1. Switch stacking tends to be implemented at the access layer. 3. . What command creates a LACP EtherChannel with a local ID of 10? A. A is correct. Switch stacking presents many advantages. CDP. even though there are multiple physical devices in the stack. The LACP options are Active and Passive. and VTP run across a single switch infrastructure. multiple switches appear as one device. channel-group 10 mode active B. including the following: Ease of management through the access of a single management IP address for the entire stack. A single configuration file for the management of the entire stack of switches. channel-group 10 mode desirable C. What method of grouping physical switches together is considered more complex but also more functional? _________ Answers 1. With these technologies. The default mode is PAgP. C. The port-channel interface received the IP address configuration. The NVI interface D. Two other technologies that can trick STP are switch stacking and chassis aggregation. B is correct. channel-group 10 mode on D. in the case of STP. Chassis aggregation EtherChannels trick STP into permitting redundant links. STP. What method of grouping physical switches together is often done at the access layer? _________ 2. 2. whereas chassis aggregation is often found in the distribution and core layers. Global configuration mode 3. Switch stacking 2.

B is correct. PAgP D. Chassis aggregation uses two physical devices. Switch stacking uses special ports and cables. Static C. 3 D. 1 B. Chassis aggregation C. Switch stacking B. 2. What method of grouping physical switches together uses special ports and cables? A. How many switches do you use chassis aggregation with? A. LACP 2. It does not require special ports and cables. In order for switch stacking to function. 2 C. What command would verify all of your local EtherChannels? . Chassis aggregation functions differently. Review Questions 1. It is used to aggregate two switches. 4 CramQuiz Answers 1. It does not need special cabling and ports. A is correct. TRILL 2. as opposed to more physical devices. it can function with Ethernet interfaces and cables. Which of the following is not a mode for EtherChannel configuration? A. there are special stacking ports and cables used to create the stack. it is more functional than stacking. In most environments. Virtual port channel D. It tends to be more complex than switch stacking. Here are the main distinctions for chassis aggregations when compared to stacking technologies: This technology tends to be found in the distribution and core layers. NULL B. A centralized MAC address table for all of the physical devices. CramQuiz 1.

B is correct. B is correct.ajsnetworking. Switch stacking C.com/etherchannel-layer-3 . Chassis aggregation B. 2.ajsnetworking. A is correct. Use show etherchannel summary. STP-NULL Answers to Review Questions 1. show portchannels all B. show etherchannel summary C. show portchannel details D. A. 3. There are three options for configuring the EtherChannel mode. Additional Resources Increasing Throughput with EtherChannel —http://www. Switch stacking allows for the combination of more than two switches into one logical stack of switches. TRILL D.com/etherchannel When EtherChannel and Layer 3 Switching Collide —http://www. show portchannel interfaces 3. What physical switch aggregation technology allows for the combination of three or more switches? A.

but then quickly move into details of router configurations including inter-VLAN routing. Part 3 includes the following chapters: CHAPTER 7 Routing Technologies: Routing Concepts CHAPTER 8 Routing Technologies: Inter-VLAN Routing CHAPTER 9 Routing Technologies: Routing Methods CHAPTER 10 Routing Technologies: Static Routing and Dynamic Routing . Here you being with high-level overviews of routing concepts. and dynamic routing with advanced technologies like EIGRP and OSPF. routing methods. There are four chapters total that make up Part 3. static routing. Part III: Routing Technologies This part of the text deals with one of the seven overall sections you must master for the CCNA exam.

If you are in doubt at all—read EVERYTHING in this chapter! 1. Essential Terms and Components Packet Handling Route Lookups Frame Rewrite Routing Table Prefix Network Mask Next Hop Routing Protocol Code Administrative Distance Metric Gateway of Last Resort Topic: Describe the routing concepts CramSaver If you can correctly answer these CramSaver questions. this is just a section of the Routing Technologies area. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter.Chapter 7. Remember. Routing Technologies: Routing Concepts This chapter covers the following official CCNA 200-125 exam topics: Describe the routing concepts Interpret the components of routing table Describe how a routing table is populated by different routing information sources This chapter ensures you are ready for the above topic from the Routing Technologies section of the overall exam blueprint from Cisco Systems. These other chapters cover Inter-VLAN Routing. routing methods. What does a router rewrite in a packet when forwarding data on . Nine. and static and dynamic routing. Chapters Eight. and Ten also deal with this topic domain. What criteria is used for the best match in a routing table lookup? _________ 2.

1 0.10. We begin with a discussion of how routing really works.16.23/24? 172. if the destination IPv4 address is 172. CramQuiz 1.0/26.0/26.0. Remember. there must be at least the number of matching bits indicated by the subnet mask of the routing table prefix.0/0 via 192.16. for any of these routes to be considered a possible match. It changes the source MAC address to the forwarding interface of the local router.0/16 via 10. The router scans the routing table to find a best match for the destination IPv4 address.0.168. Given the following routing table entries. This features all of the information required to route traffic stored in specialized hardware. the longest match and the entry used for the packet is 172.1 . Another critical aspect for us to understand is the frame rewrite procedure by the router. This process continues from hop to hop on Ethernet networks until the packet reaches the destination host. but what does this really mean? What are the details of the packet handling process? When a IPv4 packet arrives on a router interface. This includes a Forwarding Information Base (FIB) and an adjacency table with required MAC address information.1. The router changes the destination MAC address to the receiving interface of the next- hop device. The router identifies the destination IPv4 address. An FCS as part of the trailer is also added.16. the router de-encapsulates the Layer 2 frame and examines the Layer 3 IPv4 header. and proceeds through the route lookup process.0.16.0. along with a new frame check sequence (FCS) as part of the trailer in a newly encapsulated frame.16. 172.10 and the entries in the routing table are for 172. ExamAlert A technique used by Cisco in order to dramatically improve routing performance is to use Cisco Express Forwarding (CEF). Ethernet networks? _________ Answers 1.0/12.0. For the router to do its job.1.0. and 172. 2. We know a packet enters the router and a routing lookup is done. it encapsulates the IP packet with the same source and destination IP address that was sent from the original sending device into a new Layer 2 frame. The router rewrites the Layer 2 header. The best match is the longest match in the table.16.16.0.0/18. what is the next router (or hop) to be used for a packet destined for 172.0.10. For example. including the source and destination MAC addresses. The best match is the longest match prefix in the routing table.

16. 10. Here the longest match entry is 172.20. the router changes the source MAC to its own sending interface MAC address.10. The sending interface MAC address on the local router C.1 D.23/24.168.16. What does the routing protocol code of EX stand for? _________ 3. Via indicates the next-hop IP address. 10.1. During this rewrite process. When performing a Layer 2 rewrite.20.1.0/24 via 10. What is the Gateway of Last Resort? _________ Answers 1.10. 2.2 172.1.1.3 B.16.2 2.0/24 via 10. In a routing table. Topic: Interpret the components of routing table CramSaver 1. the word “via” indicates what? _________ 2. This is the IP address of the next router for forwarding packets to the final destination. What do the two numbers [120/1] mean when seen in a routing table entry? _________ 4.2. The receiving interface MAC address of the local router CramQuiz Answers 1.30.20.1 C.16. 192.30.20.0/24 via 10.20.30.3 A. The next-hop interface MAC address B. .30. D is correct.20. The previous hop sending interface MAC address D. 10.2 for the destination IP address of 172. What is the metric value used by RIP? _________ 5. 172. what does the router use for the source MAC address? A. B is correct.

10. 5. FastEthernet0/0 192.2.3. 2 subnets. 00:00:19. FastEthernet0/0 L 10.0/24 is subnetted. 2.10.10. 3.0. 00:00:19. FastEthernet0/0 R1# .1/32 is directly connected. M—mobile.2. FastEthernet0/0 R 172. 120 is the administrative distance and 1 is the metric.2. U—per-user static route o—ODR.16.0/0.0/24 is directly connected.168. +— replicated route Gateway of last resort is not set 10.1.0 [120/1] via 10. EXAMPLE 7.10.10.168. E2—OSPF external type 2 i—IS-IS.2 [110/2] via 10.168.0/32 is subnetted. *—candidate default. C—connected. N2—OSPF NSSA external type 2 E1—OSPF external type 1.0/8 is variably subnetted.3.10.2 [110/2] via 10. 00:00:37.1. 00:00:37.1 shows a sample table. FastEthernet0/0 R 172. The metric used by RIP is Hop Count.10.2.2.3. 2 masks C 10.0/32 is subnetted. the prefix match is 0. IA—OSPF inter area N1—OSPF NSSA external type 1.0.16.0. It is time to examine in great detail the vast amount of information communicated in a key network component—the IP routing table of a Cisco router. 1 subnets O 192. 4.10.10.10.10. su—IS-IS summary.16. S—static. 00:00:19.16.0 [120/1] via 10.10.168.10. This is the default gateway for any unknown prefixes. O—OSPF. L2—IS-IS level-2 ia—IS-IS inter area.10. R—RIP. P—periodic downloaded static route.0. EX—EIGRP external. 3 subnets R 172.1 The IP Routing Table on a Cisco Router Click here to view code image R1#show ip route Codes: L—local. L1—IS-IS level-1.3. FastEthernet0/0 192.0 [120/1] via 10. 1 subnets O 192. FastEthernet0/0 172. Example 7.0. B—BGP D—EIGRP.1. EIGRP External.

So for the 172.255. Routing Protocol Code: Located at the very beginning of a routing table entry is the routing protocol code.0.0. Remember.0. The next hop refers to the IP address of the next router in the path when forwarding packets to a remote destination.0.16. we must master the meaning and location of the following components: Prefix: Notice that the routing table lists the parent and children prefixes reachable in the table. Next Hop: The next-hop IP address follows the via word for a child prefix entry. this is 255.16.0.3 for our 172.0/24 entries.0/24 is subnetted. in non- prefix notation. three subnets listing the parent prefix. in this output.10. Here are those values for your ease of reference: L—local C—connected S—static R—RIP M—mobile B—BGP D—EIGRP EX—EIGRP external O—OSPF IA—OSPF inter area N1—OSPF NSSA external type 1 N2—OSPF NSSA external type 2 E1—OSPF external type 1 E2—OSPF external type 2 i—IS-IS su—IS-IS summary L1—IS-IS level-1 L2—IS-IS level-2 ia—IS-IS inter area *—candidate default U—per-user static route . and the specific child prefixes below of 172. For example. Note that it is 10. the network mask is /24. and 172.16.1.Specifically.16.255. Cisco is kind to us and even provides a legend at the beginning of the show output to explain what each value means.0. in the table above the entry 172.2. 172.16.10. Network Mask: Notice the parent prefix lists the network mask in prefix notation.16.0.3.0 example above.

i 3.16.0 C. L C. 255.255. o—ODR P—periodic downloaded static route +—replicated route Administrative Distance: The administrative distance (AD) for the prefix.254.0 B. What is the decimal network mask for a prefix notation of /22? A.0.0. As I indicate later in this chapter.0. Gateway of Last Resort: Notice our routing table example above indicates there is no Gateway of Last Resort set. or it can be set using three different commands: ip default- gateway. What is the routing protocol code for a connected prefix? A.0 D.0.0/0 setup that allows the router to send traffic somewhere if it does not have a specific prefix entry for the destination IP address. CramQuiz 1. Note the AD associated with the 172. Metric . The Gateway of Last Resort can be dynamically learned.0.255.0.0. you must memorize small details like the routing protocol codes. It indicates how many routers you must cross to reach the destination prefix in question.252. ExamAlert Yes.0/24 prefixes is 120. flash cards can really help with these matters.0? A.0. S B. Metric: The metric varies for the dynamic routing protocol involved.255.0.0.0 2.0 0.0. What aspect of the routing table is impacted by the command ip route 0. It is a measure of the “distance” to reach the prefix. ip default-network.240. This is because these routes were learned via RIP. and ip route 0.0. 255. 255. and 120 is the default administrative distance for RIP. C D. This text details AD in the last section of this chapter.248.255.0 0. This is the simple metric used by RIP. Especially for non-obvious codes like D for EIGRP. This indicates there is no default route 0. 255. Network mask B. In our 172 prefixes it is a hop count.

What is preferred. The router prefers administrative distances that have a lower numeric value 3. a lower or a higher administrative distance number? _________ 3.252. Is it any surprise that Cisco rated their own inventions of IGRP and EIGRP so trustworthy? .0. A is correct. Cisco ranks the trustworthiness of the various routing information sources. 255. D is correct.0.255.0 is one way to set the default route and Gateway of Last Resort. Topic: Describe how a routing table is populated by different routing information sources CramSaver 1. What is the default administrative distance value for Internal BGP? _________ Answers 1. the router uses Administrative Distance. As a result. ip route 0. What is the meaning of an administrative distance value? _________ 2. 1 4. C. just like in golf. Gateway of Last Resort CramQuiz Answers 1.0 equates to /22. 2. C is correct. Some administrators like to call it administrative trustworthiness.0. What is the default administrative distance value for a static route? _________ 4. C is used for Connected prefixes. This can be a bit of a misleading term since the value has nothing to do with actual distance of any kind. Administrative distance D. 200 What happens when multiple different routing sources indicate they know how to reach a network/prefix? The router needs to be able to break this “tie” between routing information sources. Administrative distance is a measure of the trustworthiness of the routing information source—note that a directly connected prefix is by far the most believable to the router 2. 3.0 0.0. A lower score is better.

For example.1 shows the default administrative distance values. Notice also that logic comes into play. ExamAlert You should have the above values memorized for success in the exam. This makes the route unusable. this can be tough. ExamAlert Remember. the administrative distance is shown in the prefix entries in the routing table with the show ip route command. Without a ton of experience at the command line. the router does not believe the source of that route and does not install the route in the routing table. .1 Default Administrative Distance Values Note On Cisco gear. RIP scores relatively poorly because it is so prone to problems. TABLE 7. the maximum configurable administrative distance for a route is 255.Table 7. If the administrative distance is 255. I recommend you make some flash cards to help you in memorizing information like this.

B is correct. 255. 200 3. 0. 60 C. C is correct. 5 B. D is correct. what might the router use to route the traffic? A. 110 C. When a router forwards packets on Ethernet. what is rewritten? .0.0/32 D. 60 B. 110 D.255/0 B. OPSF features an AD of 110.0. 20 CramQuiz Answers 1. B is correct. 4. A directly connected interface has the best possible AD of 0.CramQuiz 1. 120 D. 140 4. 100 B. 3. What is the default administrative distance value for RIP? A. 127. 200 D. 100 B. RIP features a default admin distance of 120.0. 0. 1 C.255.1/32 C. If a router cannot find a best match. 2.0.0/0 2. External BGP features an excellent admin distance of 20. What is the default administrative distance value for a connected interface? A. What is the default administrative distance value for OSPF? A.0.255.0. What is the default administrative distance value for External BGP? A. 120 2. 0 D. 20 C. Review Questions 1.

200 D. 90 D. D is correct. D is correct. 0 B.com/what-is-virl What is Administrative Distance—http://bit. A. BGP 4. 2. What does the routing protocol code B indicate in the routing table? A. RIP D. 5. 100 5. 4.ly/1OkgevM . OSPF E. What is the administrative distance of Internal EIGRP? A. Only the source IP address C. IGRP C. The source and destination MAC addresses 3. The router must rewrite the source and destination MAC addresses. D is correct. B indicates BGP. An AD of 255 indicates the prefix is unreachable.ajsnetworking. The source and destination IP addresses B. What is the unreachable AD? A. 3. EIGRP B. Additional Resources What is VIRL?—http://www. Routers use the default route to send packets that have no other better match in the routing table. 20 C. 100 C. 5 B. 255 Answers to Review Questions 1. Internal Enhanced IGP receives an AD of 90. E is correct. Only the source MAC address D. C is correct.

1Q for VLAN 10 on a virtual interface? _________ 4.Chapter 8. this is just a section of the Routing Technologies area. What command sets the encapsulation to 802. These other chapters deal with basic routing concepts and static and dynamic routing protocol. Essential Terms and Components Inter-VLAN Routing Router on a Stick Subinterfaces Topic: Configure. Chapters Seven. and Ten also exist in this grouping. Nine. also known as a device that can do IPv4 Layer 3 routing. verify. What type of interface(s) allows a physical router interface to carry the traffic of multiple VLANs? _________ 3. What is required in order to move traffic from VLAN to VLAN? _________ 2. and troubleshoot inter-VLAN routing CramSaver If you can correctly answer these CramSaver questions. If you are in doubt at all—read EVERYTHING in this chapter! 1. and troubleshoot inter-VLAN routing This chapter ensures you are ready for the above topic from the Routing Technologies section of the overall exam blueprint from Cisco Systems. . A routing engine (RE). What two methods allow for the traffic of a Native VLAN in a router on a stick (ROAS) configuration? _________ Answers 1. verify. Routing Technologies: Inter-VLAN Routing This chapter covers the following official CCNA 200-125 exam topics: Configure. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. Remember.

1. Subinterfaces 3.1 The ROAS Topology EXAMPLE 8. FIGURE 8. one per line. End with CNTL/Z. The specific variation of this technology we must master is called router on a stick (ROAS).255. Setting the appropriate IP address under the physical interface. This RE allows the device to very efficiently route between the various VLANs the device participates in.1 The ROAS Configuration of R1 Click here to view code image R1# R1#configure terminal Enter configuration commands.2 show the topology and configuration of this feature.1 255. encapsulation dot1q 10 4. 2.255.0 R1(config-subif)#exit R1(config)#interface gi0/1.1 and Examples 8. or using a subinterface with the native keyword on the encapsulation statement Inter-VLAN routing is an interesting topic in the scope of CCNA. R1(config)#interface gi0/1 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface GigabitEthernet0/1. Figure 8.1 and 8. changed state to up R1(config-if)#! Notice no IP address is configured on the physical interface R1(config-if)#interface gi0/1. A multilayer switch possesses a routing engine (RE) in its components. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1. You very rarely encounter this in production any longer because of the popularity of multilayer switches.20 .10.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 10. I walk you through these configurations in the text that follows. The router on a stick configuration provides us with the ability to perform inter-VLAN routing.

I do it in practice to help my configuration to be easier to read and troubleshoot. SW1(config)#interface gi0/1 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#end SW1# Note Example 8. But now a new issue is apparent. They may randomly assign subinterface network addresses. ExamAlert In the example. one per line.20 solve the issue. How do the subinterfaces get associated with the different VLANs from the switch? This is the power of the encapsulation dot1q 10 and encapsulation dot1q 20 commands under these subinterfaces.2 above does not include the configuration you need of the VLANs and their interface assignments. These commands ensure . and VLAN IDs that do not match each other numerically. End with CNTL/Z. subinterface IDs.1.0 R1(config-subif)#end %SYS-5-CONFIG_I: Configured from console by console R1# EXAMPLE 8. In the exam. do not expect the exam authors to be “nice” to you like this. This allows the router to use one single physical interface and multiple subinterfaces to properly encapsulate and route traffic for multiple VLANs.2 The ROAS Configuration of SW1 Click here to view code image SW1# SW1#configure terminal Enter configuration commands. “LAN Switching Fundamentals: VLANs and Interswitch Connectivity.255. Notice that router R1 has an issue.255.10 and gi0/1. I used an IP network address that had as part of it the same VLAN ID number.” covers this configuration in detail. I also chose the subinterface ID number to match the VLAN ID. R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 10.20. This is an issue because this device needs to route between two VLANs (VLAN 10 and VLAN 20).1 255. Subinterfaces gi0/1. This is where subinterfaces come to the rescue in the ROAS configuration. Chapter 5. It has only one physical interface that connects to SW1. This is not required.

We configure the interface facing the router as an 802.1 YES manual up up R1#show vlans Virtual LAN ID: 1 (IEEE 802.20 10.1Q tagged traffic.3 Verifying the R1 Configuration Click here to view code image R1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/1. For the SW1 configuration.1.10 10.20. 21366 bytes input 271 packets. The physical interface receives no IP address (more on this later in the chapter). These IP addresses can be used as the Default Gateway addresses hosts will use in the respective subnets.1 YES manual up up GigabitEthernet0/1.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/1. whereas the subinterfaces receive the appropriate IP addresses for the VLANs (subnets).1. Verification on the router is shown in Example 8.3. things are remarkably straightforward.10.10 .1Q trunk.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/1 This is configured as native Vlan for the following interface(s) : GigabitEthernet0/1 Native-vlan Tx-type: Untagged Protocols Configured: Address: Received: Transmitted: GigabitEthernet0/1 (1) Other 0 118 packets. EXAMPLE 8. Notice that IP addressing is also very interesting.the subinterfaces can successfully do their job with the 802. 19851 bytes output Virtual LAN ID: 10 (IEEE 802.

1.20.10.1.10. Example 8.20 Port Vlans in spanning tree forwarding state and not .20 Protocols Configured: Address: Received: Transmitted: GigabitEthernet0/1. Protocols Configured: Address: Received: Transmitted: GigabitEthernet0/1. 92 bytes output Virtual LAN ID: 20 (IEEE 802. 0 bytes input 2 packets.1q trunking 1 Port Vlans allowed on trunk Gi0/1 1-4094 Port Vlans allowed and active in management domain Gi0/1 1.1Q Encapsulation) vLAN Trunk Interface: GigabitEthernet0/1. EXAMPLE 8. You can then use show vlans (interesting for a router!) in order to verify the encapsulations you have in place on your subinterfaces. 0 bytes input 2 packets.4 shows the verification on SW1.10 (10) IP 10.20 (20) IP 10.4 Verification on SW1 Click here to view code image SW1#show interface trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1 0 Other 0 0 packets.1 0 Other 0 0 packets. 92 bytes output R1# Notice I like to first use show ip interface brief (as always!) to verify that the physical interface and the subinterfaces are all just fine (UP/UP).

since the encapsulated tag does not exist on the native VLAN! EXAMPLE 8.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 10.20 SW1# My verification on SW1 is super straightforward. that one VLAN that is not tagged with an 802. R1(config)#interface gi0/1 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface GigabitEthernet0/1.10. Remember. assumes I have already properly verified my VLANs and interfaces and all of the other infrastructure stuff from earlier chapters.0 R1(config-subif)#exit . Example 8. ExamAlert In a production environment.0 R1(config-if)#interface gi0/1. one per line. This makes sense because this traffic is not tagged and requires no recognition of an encapsulated tag. changed state to up R1(config-if)#! Notice now the IP address on the physical interface! R1(config-if)#ip address 10. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.5 demonstrates placing the IP address that coordinates with the subnet of the Native VLAN on the physical interface. This. I just like to check the trunking status of my trunk port with show interface trunk.1 255. so always test this if it is possible.10.255.1.5 The Native VLAN on the Physical Interface Click here to view code image R1# R1#configure terminal Enter configuration commands. The preceding configurations assume that no Native VLAN is in use by the router. or in a robustly constructed exam simulation.255.0. the point of inter- VLAN routing is to permit devices in one VLAN and IP subnet to communicate with devices in another.255. you might have the opportunity to move to properly configured host workstations in each VLAN and ensure they can ping each other.1Q tag by default. pruned Gi0/1 1. End with CNTL/Z.1.255. Let me demonstrate two separate methods you can use to handle a Native VLAN. of course. If you are curious like me.1 255. you might be wondering about the Native VLAN.

10.1 255.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 10.1 255.255.6 The Native VLAN on a Subinterface Click here to view code image R1# R1#configure terminal Enter configuration commands.255. R1(config)#interface gi0/1.777 R1(config-subif)#encapsulation dot1q 777 native R1(config-subif)#ip address 10.0 R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# CramQuiz .255.0 R1(config-subif)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1# Example 8.0 R1(config-subif)#exit R1(config)#interface gi0/1.255. the native keyword must be used in the encapsulation command.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 10.0.6 show another way to handle the use of a Native VLAN on your ROAS configuration.255.255. This time. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1. R1(config)#interface gi0/1 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface GigabitEthernet0/1. changed state to up R1(config-if)#! Notice no IP address on the physical interface R1(config-if)#interface gi0/1.1.0 R1(config-subif)#exit R1(config)#interface gi0/1. EXAMPLE 8.1. End with CNTL/Z. one per line.1.20. a subinterface is used for the Native VLAN.1 255.255.1 255. Because there is no tagging to identify the VLAN.20.255.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 10.1.

Examine the configuration of R1 following the depicted network topology.. Why is ROAS not functioning? Click here to view code image Building configuration. 1.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! no ip routing ! ! ! no ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! .. Current configuration : 3056 bytes ! version 15.

20.14 255.10 encapsulation dot1Q 10 ip address 10.255.0 no ip route-cache shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 no ip address no ip route-cache duplex auto speed auto media-type rj45 no shutdown ! interface GigabitEthernet0/1.0 no ip route-cache ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! no scheduler allocate ! end .10.0 no ip route-cache ! interface GigabitEthernet0/1.255.255.1.0.255.255.0.1 255.! interface GigabitEthernet0/0 ip address 10.20 encapsulation dot1Q 20 ip address 10.255.1.1 255.

A. 2. Why is ROAS not functioning? Click here to view code image Building configuration. Examine the configuration of SW1 following the depicted network topology in the figure.. IP routing is disabled. Interface gi0/1 has no IP address assigned.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname SW1 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ! ! ip cef no ipv6 cef ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface GigabitEthernet0/0 media-type rj45 negotiation auto . B. Current configuration : 2688 bytes ! version 15.. The IP address on the gi0/1. C.20 interface is the subnet ID. D. AAA is disabled.

someone has inserted the no ip routing command. This is required before the use of the command switch mode trunk. The device cannot use CEF. CramQuiz Answers 1. The trunk interface is missing a required command of switch trunk encapsulation dot1q. Routing entity B. The trunk is not going to form properly. Routing entry C. Routing engine D. A is correct. B. An RE allows inter-VLAN communication. The interface cannot be set to autonegotiate. What is an RE? A. The gi0/1 interface is shutdown. which disabled routing capabilities. C. Review Questions 1. D. Register entry . D is correct. On this router. 2. ! interface GigabitEthernet0/1 no shutdown media-type rj45 negotiation auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login ! ! end A.

this VLAN is not 802. VTY 3. C is correct. show interface trunk B.1Q tagged. Remember. TTY D. What is the virtual interface that makes ROAS possible? A. In a ROAS configuration. Subinterface C. this is a function integrated as part of a multilayer switch. C is correct. 4. The IP address is an RFC 1918 address and is not used Answers to Review Questions 1. show vlan D. this is a physical router appliance. show vlan status C.ly URL is the numeric 1 and the later characters are lowercase l’s) . The configuration is in error B. In modern times. Why might a ROAS configuration have an IP address on the physical interface? A. C is correct.ly/1FELL8P (NOTE: The first character in the bit. You can use the show vlan command on a router to help verify ROAS. Subinterfaces are the virtual interfaces that make ROAS able to support multiple IP subnets and their associated VLANs. 3. B is correct. Loopback B. show subinterfaces status 4.ajsnetworking. A routing engine (RE) routes between IPv4 networks and their associated VLANs. You might see an IP address on the physical interface for the Native VLAN. This is a required configuration C. What command allows you to verify the ROAS configuration on a router? A. 2. 2.com/inter-vlan Configure InterVLAN Routing on Layer 3 Switches —http://bit. Additional Resources Configure Inter-VLAN Routing on Cisco Routers and Switches —http://www. The IP address is associated with the Native VLAN D.

Besides directly connected networks.Chapter 9. Routing Technologies: Routing Methods This chapter covers the following official CCNA 200-125 exam topics: Compare and contrast static routing and dynamic routing Compare and contrast distance vector and link state routing protocols Compare and contrast interior and exterior routing protocols This chapter ensures you are ready for the listed topics from the Routing Technologies section of the overall exam blueprint from Cisco Systems. What is the command to configure a default static route with a next hop of 172. Essential Terms and Components Default Routing Static Routing Dynamic Routing Distance Vector Link State Interior Routing Protocols Exterior Routing Protocols Topic: Compare and contrast static routing and dynamic routing CramSaver If you can correctly answer these CramSaver questions.4? _________ Answers 1. Eight. and Ten also exist in this grouping. Chapters Seven. These other chapters deal with general routing concepts. and the configuration of static and dynamic routing.1. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. Static and dynamic . inter-VLAN routing. Remember. this is just a section of the Routing Technologies area. what are the two general categories of how routes are added to a router? _________ 2. If you are in doubt at all—read EVERYTHING in this chapter! 1.16.

0.0 0. Example 9.1 demonstrates the static configuration of a default route.0. “Routing Technologies: Routing Concepts. End with CNTL/Z. but keep in mind it is extremely common for you to statically configure default routing information.” provides much more information on the configuration of static and dynamic routing for you.1 The Configuration of a Static Default Route Click here to view code image R1# R1#configure terminal Enter configuration commands.” Dynamic routing protocols share information regarding prefixes to dynamically build the routing table.0. “Routing Technologies: Static Routing and Dynamic Routing. Admins still need to configure these protocols. Remote prefixes in a local area network B.0 10.0.0.16.0 0.0 172.0.10. R1(config)#ip route 0.0.1. ip route 0. Because of the overhead of OSPF .0. This creates the Gateway of Last Resort as discussed in Chapter Seven.2 R1(config)#end R1# ExamAlert Chapter Ten. Examples of dynamic routing protocols include: RIP version 1 RIP version 2 EIGRP OSPF IS-IS BGP CramQuiz 1. one per line.10. The default route indicates the path to take when the router does not have a better matching prefix entry in the routing table. EXAMPLE 9. 2. What is a popular reason for configuring static routing in a modern network? A. you are engaged in static routing. It might sound silly considering how much work this would be compared to having the routers dynamically learn routing information themselves. but the entries in the routing tables auto populate.4 When you manually configure your routers with specific routing table entries.

RIP is a Distance Vector routing protocol. Topic: Compare and contrast distance vector and link state routing protocols CramSaver 1. ExamAlert . BGP is an exterior routing protocol. OSPF is a Link State routing protocol. Static routing is a frequent configuration today thanks to the static default route. BGP B. Because of the need for a default route 2. Dynamic routing protocols consist of the following categories: Distance Vector: These are the first-generation type protocols (RIP is one of them). 2. as you learn in the next topic. they periodically share their routing tables with each other. C. Link State: OSPF and IS-IS are prime examples. these sophisticated protocols build a map of the network. Hybrid: Protocols that feature characteristics of both Distance Vector and Link State. Because static routing has less administrative overhead D. Path Vector: There is one prime example of this type of routing protocol: BGP. D is correct. EIGRP is an example. RIP CramQuiz Answers 1. VTP D. EIGRP C. What category of routing protocol is OSPF? _________ 2. What category of routing protocol is RIP? _________ Answers 1. 2. this protocol uses an AS-Path attribute to record where the prefix is being learned from. C is correct. VTP is a Layer 2 protocol for synchronizing the VLAN databases across Cisco switches. Which is not an example of a dynamic routing protocol? A.

OSPF. 2. .” Topic: Compare and contrast interior and exterior routing protocols CramSaver 1. BGP is considered a Path Vector protocol. Link State 2. This means that RIPv1 does not send subnet mask information with its routing updates and therefore cannot support VLSM. CramQuiz 1. Distance Vector D. 2. The main difference between them is that RIPv1 is classful whereas RIPv2 is classless. “WAN Technologies: eBGP. Link State CramQuiz Answers 1. Path Vector C. and EIGRP are all examples of interior routing protocols. B is correct. _________ Answers 1. This book examines BGP in more detail in Chapter Twelve. Name three examples of interior routing protocols. RIP. D is correct. Name an example of an exterior routing protocol. What type of routing protocol is considered more sophisticated and builds a map of the network? A. Link State routing protocols are considered more sophisticated than Distance Vector. _________ _________ _________ 2. Path Vector C. Hybrid B. Distance Vector D. BGP is an example of an exterior routing protocols. You should note that RIP version 1 and version 2 are both Distance Vector protocols. They use link state advertisements to build a map of the network. Hybrid B. BGP is considered what type of routing protocol? A.

B is correct. the modern Internet would not function. RIP . IS-IS B. RIP 2. without a doubt. Interestingly. But. Within Autonomous Systems C. Between Autonomous Systems D. its main function is for inter-AS routing purposes.Another common characteristic of routing protocols is whether they are internal or external. This means whether the protocol is designed for use within an Autonomous System (AS) or for use between them. Review Questions 1. Border Gateway Protocol is the key to the Internet. C is correct. Here are examples of each: Internal: EIGRP OSPF RIP version 1 RIP version 2 IS-IS External: BGP Notice there are not many options when it comes to routing between Autonomous Systems. Which of the following is the main protocol enabling the Internet to function with inter-AS routing? A. Interior Gateway Protocols function with Autonomous Systems. What is an example of a Hybrid routing protocol? A. Only within service providers B. BGP can be used for routing within an AS as well. BGP D. CramQuiz 1. without BGP and it capabilities. In lab environments only CramQuiz Answers 1. OSPF C. In fact. Where is internal routing found? A. BGP rules this world. 2.

A static default route in IPv4 features a mask of 0 on bits. 2. EIGRP D. EIGRP D. 4. OPSF C. 0 B. D is correct. RIP C. A is correct. What protocol is considered distance vector? A. EIGRP combines some features of Distance Vector and Link State dynamic routing protocols. B.ly/2dahANk . BGP Answers to Review Questions 1. OSPF C. Additional Resources Distance Vector Routing Protocols—http://bit. What protocol is used for inter-AS routing? A.ly/2dNRvER Link State Routing Protocols—http://bit. C is correct. EIGRP D. BGP is an external protocol. IS-IS B. 16 D. 64 C. D is correct. BGP 2. What is the mask length for a static default route? A. RIP is a distance vector protocol. RIP 4. 32 3. 3. OSPF B.

manual summarization. stub. filtering. and troubleshoot IPv4 and IPv6 static routing Configure. verify. Essential Terms and Components Static Routing Dynamic Routing Default Route Network Route Host Route Floating Static OSPFv2 OSPFv3 EIGRP for IPv4 EIGRP for IPv6 RIPv2 for IPv4 . and various routing methods. verify. and LSAs) Configure. Remember. and troubleshoot EIGRP for IPv6 (excluding authentication. Chapters Seven through Nine also exist in this grouping. and troubleshoot RIPv2 for IPv4 (excluding authentication. and stub) Configure. verify.Chapter 10. Routing Technologies: Static Routing and Dynamic Routing This chapter covers the following official CCNA 200-125 exam topics: Configure. virtual-link. filtering. and stub) Configure. virtual-link. and redistribution) Troubleshoot basic Layer 3 end-to-end connectivity issues This chapter ensures you are ready for the topics in the preceding list from the Routing Technologies section of the overall exam blueprint from Cisco Systems. redistribution. manual summarization. filtering. manual summarization. and troubleshoot EIGRP for IPv4 (excluding authentication. verify. this is just a section of the Routing Technologies area. These other chapters deal with general routing concepts. manual summarization. stub. manual summarization. and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication. and LSAs) Configure. inter- VLAN routing. redistribution. filtering. verify. redistribution. and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication. redistribution. verify. filtering.

Notice the CramSaver is also broken down by section. Using static routing.0 10.10.168.2 R1(config)#end R1# %SYS-5-CONFIG_I: Configured from console by console .10. End with CNTL/Z.40.2 R1(config)#ip route 172.10. so perhaps you just need to review a certain area.10. Example 10. I have already covered default routes in Chapter Nine.1 Configuring Static Network Routes and Host Routes in IPv4 Click here to view code image R1#configure terminal Enter configuration commands. R1(config)#ip route 192. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter.2? _________ 2. What is a floating static route? _________ Answers 1.40. If you are in doubt at all— read EVERYTHING in this chapter! 1.10.0 255.0/24 with a next hop of 10. Network routes are static routes to specific prefixes. and troubleshoot IPv4 and IPv6 static routing CramSaver If you can correctly answer these CramSaver questions. This means we are specifying the exact address.1 shows the configuration of network and host routes using static routing in IPv4.255.10. and host routes.255.10.0 255. What is the command to configure a static route to 10. A floating static route is a static route that is not installed in the routing table initially thanks to an artificially high (untrustworthy) AD.255.255 10.1. one per line.10. EXAMPLE 10. ipv6 route 2001:aaaa::/64 serial 0/0 3.3 255. network routes.Topic: Configure.255.40.255.40.0 10.2 2.1. ip route 10. verify. we can create default routes.255.16. What is the command to configure an IPv6 static route to 2001:aaaa::/64 using the Serial 0/0 interface? _________ 3. whereas host routes are prefixes that have a 32-bit network mask.

R1#

Note
When your link is a point-to-point link, you can specify just the outgoing
interface, also referred to as the exit interface, on the local router as part of
your ip route command. This is a nice timesaver. For example, ip route
192.168.1.0 255.255.255.0 serial 0/0, where Serial 0/0 is the exit interface of
the local router.

Notice how simple the static route creation is. It is just as easy in an IPv6 environment.
Example 10.2 demonstrates this.

EXAMPLE 10.2 Configuring a Static Route in IPv6

Click here to view code image

R1#configure terminal
R1(config)#ipv6 route 2001:aaaa::/64 serial 0/0

Example 10.3 demonstrates the use of the show ip route and show ipv6 route
commands to verify static routes.

EXAMPLE 10.3 Verifying Static IPv4 and IPv6 Routes

Click here to view code image

R1#show ip route
Codes: L—local, C—connected, S—static, R—RIP, M—mobile, B—BGP
D—EIGRP, EX—EIGRP external, O—OSPF, IA—OSPF inter area
N1—OSPF NSSA external type 1, N2—OSPF NSSA external
type 2
E1—OSPF external type 1, E2—OSPF external type 2
i—IS-IS, su—IS-IS summary, L1—IS-IS level-1, L2—IS-IS
level-2
ia—IS-IS inter area, *—candidate default, U—per-user
static
route
o—ODR, P—periodic downloaded static route, +—
replicated route
Gateway of last resort is 10.10.10.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.10.2
is directly connected, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/24 is directly connected, FastEthernet0/0
L 10.10.10.1/32 is directly connected, FastEthernet0/0

172.16.0.0/32 is subnetted, 1 subnets
S 172.16.1.3 [1/0] via 10.10.10.2
S 192.168.1.0/24 [1/0] via 10.10.10.2
R1#
R1#show ipv6 route
IPv6 Routing Table—default—2 entries
Codes: C—Connected, L—Local, S—Static, U—Per-user Static
route
B—BGP, M—MIPv6, R—RIP, I1—ISIS L1
I2—ISIS L2, IA—ISIS interarea, IS—ISIS summary, D—
EIGRP
EX—EIGRP external, ND—Neighbor Discovery
O—OSPF Intra, OI—OSPF Inter, OE1—OSPF ext 1, OE2—OSPF
ext 2
ON1—OSPF NSSA ext 1, ON2—OSPF NSSA ext 2
S 2001:AAAA::/64 [1/0]
via Serial 0/0, directly connected
L FF00::/8 [0/0]
via Null0, receive
R1#

Another interesting use of a static route is a floating static route. A floating static route
“floats” above a prefix learned by a dynamic routing protocol. The static route kicks in
when the dynamic routing protocol removes the prefix. How does the static route
“float”? The answer is Administrative Distance. To create a floating static route, you set
the AD artificially high (numerically higher than other existing routing sources) for the
static route. Specifically, you set the AD greater than (less believable) than the dynamic
route. Example 10.4 shows the creation of a floating static route that could be used with
RIP as the dynamic routing protocol. Notice the AD that is one notch higher (worse) than
the default AD of RIP, which is 120. This newly created static router won’t be placed in
the routing table as long as the same route is being learned via RIP. If the router stops
learning of this route via RIP, then the static route, with its AD of 121, will be placed in
the routing table.

EXAMPLE 10.4 Configuring a Floating Static Route

Click here to view code image

R3#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip route 10.60.60.0 255.255.255.0 10.20.20.2 121
R3(config)#end
R3#

CramQuiz

1. What two parameters of a static route are acceptable as part of the ip route
command to indicate where traffic should be sent? (Choose two.)
A. Next-hop IP address
B. RE ID
C. Destination MAC address
D. Outgoing interface
2. What command permits the simple verification that a static route is in the routing
table?
A. show static
B. show ip route
C. show routing table static
D. show admin routes
3. What feature do you use in order to create a floating static route?
A. Metric
B. Dampening
C. Route suppression
D. Administrative Distance

CramQuiz Answers
1. A and D are correct. You may specify the next-hop IP address or the outgoing
interface.
2. B is correct. The show ip route command allows you to view static routes (if
they exist) in the routing table.
3. D is correct. Administrative Distance creates floating static routes. It eliminates
the route from appearing through the artificial manipulation of trustworthiness.

Topic: Configure, verify, and troubleshoot single area and multi-area
OSPFv2 for IPv4 (excluding authentication, filtering, manual
summarization, redistribution, stub, virtual-link, and LSAs)

CramSaver
1. What aspect of OSPF makes the protocol hierarchical and permits the
creation of very scalable networks?
_________
2. What single OSPF router configuration command allows the assignment
of OSPF area 0 to all interfaces in the range 10.0.0.0 to
10.255.255.255?

_________
Answers
1. OSPF areas
2. network 10.0.0.0 0.255.255.255 area 0

Open Shortest Path First (OSPF) is a beloved Link State routing protocol that is
extremely configurable and scalable. It uses the concepts of areas to ensure that
scalability can be maintained. Areas reduce the size of convergence domains in your
topology. They can also represent borders on which IP address summarization can take
place. OSPF version 2 is the current IPv4-only version of OSPF. OSPF version 3 is
being standardized upon for routing IPv4, or IPv6, or both IPv4 and IPv6
simultaneously. Note that this section covers version 2, and the next section of this
chapter covers version 3 in the context of IPv6 routing.
Figure 10.1 shows our sample topology, and Example 10.5 shows the configuration of
OSPF in a single area using the network command.

FIGURE 10.1 Our OSPF Topology

EXAMPLE 10.5 Configuring Single Area OSPF Using the Network Command

Click here to view code image

R1#
R1#configure terminal
R1(config)#router ospf 1
R1(config-router)#network 10.10.10.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#end
R1#
R2#
R2#configure terminal
R2(config)#router ospf 1
R2(config-router)#network 10.0.0.0 0.255.255.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R2(config-router)#end
R2#
R3#
R3#configure terminal
R3(config)#router ospf 1
R3(config-router)#network 10.20.20.3 0.0.0.0 area 0

R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R3(config-router)#end
R3#

Notice the following details in this configuration:
router ospf 1: This command enters router configuration mode for OPSF and sets
a process ID of 1; this number is locally significant and does not need to match on
the neighboring router.
network 10.10.10.1 0.0.0.0 area 0: The network command sets the interface(s)
that will run OSPF for this process; note that here a wildcard mask of 0.0.0.0
indicates that OSPF will run on the specific interface that has the IP address of
10.10.10.1 (fa0/0); notice also that this interface participates in area 0: Area 0 is
the backbone or core area for OSPF; all other areas must have contact with this
backbone.
Example 10.6 shows how we can easily verify OSPF.

EXAMPLE 10.6 Verifying Single Area OSPF

Click here to view code image

R1#
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address
Interface
2.2.2.2 1 FULL/BDR 00:00:37 10.10.10.2
FastEthernet0/0
R1#show ip route
Codes: L—local, C—connected, S—static, R—RIP, M—mobile, B—BGP
D—EIGRP, EX—EIGRP external, O—OSPF, IA—OSPF inter area
N1—OSPF NSSA external type 1, N2—OSPF NSSA external
type 2
E1—OSPF external type 1, E2—OSPF external type 2
i—IS-IS, su—IS-IS summary, L1—IS-IS level-1, L2—IS-IS
level-2
ia—IS-IS inter area, *—candidate default, U—per-user
static route
o—ODR, P—periodic downloaded static route, +—
replicated route

Gateway of last resort is not set

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
L 1.1.1.1/32 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.10.10.2, 00:32:13,
FastEthernet0/0

3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/3] via 10.10.10.2, 00:19:12,
FastEthernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.10.0/24 is directly connected, FastEthernet0/0
L 10.10.10.1/32 is directly connected, FastEthernet0/0
O 10.20.20.0/24 [110/2] via 10.10.10.2, 00:32:33,
FastEthernet0/0
R1#ping 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
20/52/64 ms
R1#

Example 10.6 uses the following commands:
show ip ospf neighbor: This command permits you to verify that you have an OSP
adjacency with your neighbor(s).
show ip route: This command permits you to see the OSPF learned route
information.
ping 3.3.3.3: This command tests for full reachability in our example; here, the R1
device is pinging an OSPF learned route from R3.

ExamAlert
Several parameters must match in order for an OSPF neighborship to form.
These include:
The area ID
Authentication settings
Hello and dead intervals
Stub flag
MTU size
The hello and dead intervals are manipulated under interface configuration
mode with the following commands: (config-if)#ip ospf hello-interval 10;
(config-if)#ip ospf dead-interval 30; the values you see here are in seconds.

Example 10.7 demonstrates the single area OSPF configuration without the use of the
network command.

EXAMPLE 10.7 Configuring Single Area OSPF Without Use of the Network
Command

Click here to view code image

R1#
R1#configure terminal
R1(config)#interface fa0/0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#interface lo0
R1(config-if)#ip ospf 1 area 0
R1(config-if)#end
R1#
R2#
R2#configure terminal
R2(config)#interface fa0/0
R2(config-if)#ip ospf 1 area 0
R2(config-if)#interface fa1/0
R2(config-if)#ip ospf 1 area 0
R2(config-if)#interface loopback 0
R2(config-if)#ip ospf 1 area 0
R2(config-if)#end
R2#
R3#
R3#configure terminal
R3(config)#interface fa0/0
R3(config-if)#ip ospf 1 area 0
R3(config-if)#interface loopback 0
R3(config-if)#ip ospf 1 area 0
R3(config-if)#end
R3#

Notice how simple it is to configure OSPF under the appropriate interfaces. We do not
have to enter OSPF router configuration mode at all for a basic configuration as shown.
Note that with or without the network command, it is also simple to configure multiple
OSPF areas. Example 10.8 demonstrates area 0 between R1 and R2, and area 22
between R2 and R3. Notice also in this example how we mix the methods of
configuration—even on the same device! This example ends with a quick verification
test.

EXAMPLE 10.8 Configuring and Verifying Multiple Area OSPF

Click here to view code image

R1#
R1#configure terminal
R1(config)#router ospf 1
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0
R1(config-router)#exit
R1(config)#interface fa0/0

R1(config-if)#ip ospf 1 area 0
R1(config-if)#end
R1#
R2#
R2#configure terminal
R2(config)#router ospf 1
R2(config-router)#network 2.0.0.0 0.255.255.255 area 0
R2(config-router)#network 10.10.10.2 0.0.0.0 area 0
R2(config-router)#network 10.20.20.2 0.0.0.0 area 22
R2(config-router)#end
R2#
R3#
R3#configure terminal
R3(config)#router ospf 1
R3(config-router)#network 0.0.0.0 255.255.255.255 area 22
R3(config-router)#end
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
60/64/80 ms
R3#

CramQuiz
1. What statement about OSPFv2 is true?
A. The dead timers do not need to match between neighbors.
B. The hello timers do not need to match between neighbors.
C. The area ID must match between neighbors.
D. The network command must be used.
2. What command can you use to verify neighbors in OSPFv2?
A. show ospf neighbors
B. show ip ospf neighbors
C. show ospf database neighbors
D. show ospf peers

CramQuiz Answers
1. C is correct. Area ID and hello and dead timers must match between neighbors.
2. B is correct. The show ip ospf neighbors command permits the verification of
OSPF peerings.

Topic: Configure, verify, and troubleshoot single area and multi-area
OSPFv3 for IPv6 (excluding authentication, filtering, manual
summarization, redistribution, stub, virtual-link, and LSAs)

CramSaver
1. What global configuration command permits the configuration of
OPSFv3 or other IPv6 routing protocols?
_________
2. What interface level command configures the interface for OSPF
version 3 using area 10 and a process ID of 1?
_________
Answers
1. ipv6 unicast-routing
2. ipv6 ospf 1 area 10

If you can configure and verify OSPFv2, you are well on your way to a version 3
configuration for IPv6. In fact, things get a little more straightforward since there is no
longer a network command you can use in version 3. Example 10.9 shows the multiple
area configuration and verification on our topology from Figure 10.1.

EXAMPLE 10.9 Configuring and Verifying Multiple Area OSPF Version 3

Click here to view code image

R1#
R1#configure terminal
R1(config)#ipv6 unicast-routing
R1(config)#interface fa0/0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#interface lo0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#end
R1#
R2#
R2#configure terminal
R2(config)#ipv6 unicast-routing
R2(config)#interface fa0/0
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#interface fa1/0
R2(config-if)#ipv6 ospf 1 area 22
R2(config-if)#interface lo0
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#end

R2#
R3#
R3#configure terminal
R3(config)#ipv6 unicast-routing
R3(config)#int fa0/0
R3(config-if)#ipv6 ospf 1 area 22
R3(config-if)#interface lo0
R3(config-if)#ipv6 ospf 1 area 22
R3(config-if)#end
R3#ping 2001:11::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:11::1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
24/58/96 ms
R3#

Notice that the ipv6 unicast-routing command is required. Cisco routers are IPv6
capable “out of the box,” but they will not route IPv6 traffic until they’re enabled for
that. Also, realize in this configuration that a 32-bit router ID is used for these OSPF
speaking devices. If your router does not possess a 32-bit IPv4 address, you must assign
a router ID using the router-id command under the OPSF routing process.

ExamAlert
IPv6 routing protocols use the link-local address of their peers for next-hop
information. You can prove this by examining an IPv6 routing table entry. For
example:
O 2001:33::3/128 [110/1] via FE80::C804:28FF:FE5C:0, FastEthernet1/0

CramQuiz
1. What statement about OSPFv3 is true?
A. The dead timers do not need to match between neighbors.
B. The hello timers do not need to match between neighbors.
C. The area ID must match between neighbors.
D. The network command must be used.
2. What command can you use to verify neighbors in OSPFv3?
A. show ospfv3 neighbors
B. show ipv6 ospf neighbors
C. show ospf database neighbors v3
D. show ospf peers version 3

CramQuiz Answers
1. C is correct. Area ID and hello and dead timers must match between neighbors in
OSPFv3.
2. B is correct. The show ipv6 ospf neighbors command permits the verification of
OSPFv3 peerings.

Topic: Configure, verify, and troubleshoot EIGRP for IPv4 (excluding
authentication, filtering, manual summarization, redistribution, and
stub)

CramSaver
1. What EIGRP for IPv4 command enables EIGRP for AS 100 on the
interface with the exact address 10.10.10.1?
_________
2. What global configuration command enables EIGRP for AS 100 and
places you into router configuration mode?
_________
Answers
1. network 10.10.10.1 0.0.0.0
2. router eigrp 100

The EIGRP for IPv4 configuration is quite simple. Example 10.10 demonstrates the
configuration and verification of this scalable hybrid IGP.

EXAMPLE 10.10 Configuring and Verifying EIGRP for IPv4

Click here to view code image

R1#
R1#configure terminal
R1(config)#router eigrp 100
R1(config-router)#network 10.0.0.0 0.255.255.255
R1(config-router)#network 1.0.0.0
R1(config-router)#end
R1#

R2#
R2#configure terminal
R2(config)#router eigrp 100
R2(config-router)#network 10.0.0.0
R2(config-router)#network 2.0.0.0
R2(config-router)#end

R2#

R3#
R3#configure terminal
R3(config)#router eigrp 100
R3(config-router)#network 3.0.0.0
R3(config-router)#network 10.0.0.0
R3(config-router)#end
R3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold
Uptime SRTT RTO
Q Seq
(sec) (ms)
Cnt Num
0 10.20.20.2 Fa0/0 14
00:01:09 28 200
0 8
R3#show ip route
Codes: L—local, C—connected, S—static, R—RIP, M—mobile, B—BGP
D—EIGRP, EX—EIGRP external, O—OSPF, IA—OSPF inter area
N1—OSPF NSSA external type 1, N2—OSPF NSSA external
type 2
E1—OSPF external type 1, E2—OSPF external type 2
i—IS-IS, su—IS-IS summary, L1—IS-IS level-1, L2—IS-IS
level-2
ia—IS-IS inter area, *—candidate default, U—per-user
static
route
o—ODR, P—periodic downloaded static route, +—
replicated route

Gateway of last resort is not set

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 1.1.1.0/24 [90/158720] via 10.20.20.2, 00:01:13,
FastEthernet0/0
D 2.2.2.0/24 [90/156160] via 10.20.20.2, 00:01:13,
FastEthernet0/0
C 3.3.3.0/24 is directly connected, Loopback0
L 3.3.3.3/32 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 10.10.10.0/24 [90/30720] via 10.20.20.2, 00:01:13,
FastEthernet0/0
C 10.20.20.0/24 is directly connected, FastEthernet0/0
L 10.20.20.3/32 is directly connected, FastEthernet0/0
R3#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2

seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
36/50/60 ms
R3#

Here, notice the following:
router eigrp 100: Here, the identifier is an AS number and must match for
neighborship to form.
network 10.0.0.0 0.255.255.255: EIGRP permits the use of wildcard masks in the
network command, but it is not required.
With EIGRP for IPv4, there is no interface level command for the configuration; of
course, for EIGRP for IPv6 there is only the interface level command, as shown in
the next section

CramQuiz
1. What statement about EIGRP for IPv4 is true?
A. An AS is used in the configuration.
B. The router code is E.
C. Cost is the administrative distance value.
D. The network command cannot use a wildcard mask.
2. What command can you use to verify neighbors in EIGRP for IPv4?
A. show eigrp neighbors
B. show ipv4 eigrp neighbors
C. show eigrp peerings
D. show ip eigrp neighbors

CramQuiz Answers
1. A is correct. EIGRP for IPv4 uses an AS number in the configuration.
2. D is correct. The show ip eigrp neighbors command permits the quick
verification of peerings.

Topic: Configure, verify, and troubleshoot EIGRP for IPv6 (excluding
authentication, filtering, manual summarization, redistribution, and
stub)

CramSaver
1. What command configures an interface for EIGRP for IPv6 using AS
100?

_________
2. What EIGRP for IPv6 configuration command enables the process in
router configuration mode?
_________
Answers
1. ipv6 eigrp 100
2. no shutdown

Example 10.11 shows the configuration and verification of EIGRP for IPv6.

EXAMPLE 10.11 Configuring and Verifying EIGRP for IPv6

Click here to view code image

R1#
R1#configure terminal
R1(config)#ipv6 unicast-routing
R1(config)#interface fa0/0
R1(config-if)#ipv6 eigrp 100
R1(config-if)#interface lo0
R1(config-if)#ipv6 eigrp 100
R1(config-if)#ipv6 router eigrp 100
R1(config-rtr)#no shutdown
R1(config-rtr)#end
R1#
R2#
R2#configure terminal
R2(config)#ipv6 unicast-routing
R2(config)#interface fa0/0
R2(config-if)#ipv6 eigrp 100
R2(config-if)#interface fa1/0
R2(config-if)#ipv6 eigrp 100
R2(config-if)#interface lo0
R2(config-if)#ipv6 eigrp 100
R2(config-if)#ipv6 router eigrp 100
R2(config-rtr)#no shutdown
R2(config-rtr)#end
R2#
R3#
R3#configure terminal
R3(config)#ipv6 unicast-routing
R3(config)#interface fa0/0
R3(config-if)#ipv6 eigrp 100
R3(config-if)#interface lo0
R3(config-if)#ipv6 eigrp 100

show eigrp peerings ipv6 D. The show ipv6 eigrp neighbors command permits the quick verification of peerings. What router configuration command enables RIP on specific interfaces? . filtering. R3(config-if)#ipv6 router eigrp 100 R3(config-rtr)#no shutdown R3(config-rtr)#end R3#ping 2001:11::1 Type escape sequence to abort. Topic: Configure. show eigrp ipv6 peerings B. and troubleshoot RIPv2 for IPv4 (excluding authentication. The network command cannot use a wildcard mask. round-trip min/avg/max = 40/56/76 ms R3# Notice in this configuration that you should ensure the EIGRP for IPv6 routing process is in the no shutdown state. What command can you use to verify neighbors in EIGRP for IPv6? A. The router code is E. show eigrp neighbors ipv6 C. D is correct. D. B. 2. and redistribution) CramSaver 1. CramQuiz 1. What statement about EIGRP for IPv6 is true? A. EIGRP for IPv6 uses an AS number in the configuration. show ipv6 eigrp neighbors CramQuiz Answers 1. Sending 5. C. What command do you use to configure version 2 of RIP in router configuration mode? _________ 2. A is correct. An AS is used in the configuration. Cost is the administrative distance value. verify. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). 2. 100-byte ICMP Echos to 2001:11::1. manual summarization.

0 R3(config-router)#end R3# . R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)#network 10. one per line. network RIP version 2 is not a scalable routing protocol. End with CNTL/Z. and Example 10. End with CNTL/Z. but it does have appeal for small networks as it is simple to understand and configure.0. one per line.12 The RIP Version 2 Configuration Click here to view code image R1# R1#configure terminal Enter configuration commands.0. R3(config)#router rip R3(config-router)#version 2 R3(config-router)#no auto-summary R3(config-router)#network 10. version 2 2.2 shows the topology for our configuration.0 R1(config-router)#end R2# R2#configure terminal Enter configuration commands. one per line.0.0 R2(config-router)#end R3# R3#configure terminal Enter configuration commands. _________ Answers 1.12 shows the relevant configuration on all three devices.0.0.2 The RIPv2 Topology EXAMPLE 10. Figure 10. R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 10.0. End with CNTL/Z. FIGURE 10.

1).x.Here are the commands we use in this RIPv2 for IPv4 configuration: router rip: This global configuration command enters router configuration mode for RIP version 2: This command ensures we are using the new and improved version of RIP.0: This command configures RIP on any interfaces on the router that fall within the 10. The passive-interface command can be used with other routing protocols as well. This passive interface command is entered in router configuration mode along with the network command. such as OSPF and EIGRP. flushed after 240 Redistributing: rip Default version control: send version 2. Example 10.10. next due in 11 seconds Invalid after 180 seconds. originally classful protocol.13 demonstrates the use of the show ip protocols command to see the configuration details for RIP. This fact stems from RIP being a first generation.13 Using show IP protocols to Verify RIP Click here to view code image R3#show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds.x IPv4 network being a class A address.0. this version includes many enhancements including the support for subnet mask advertisement to support Variable Length Subnet Masking (VLSM) no auto-summary: This command ensures that RIP version 2 does not automatically send summary routes for major classful networks network 10.x. receive version 2 Interface Send Recv Triggered RIP Key-chain FastEthernet0/0 2 2 Automatic network summarization is not in effect Maximum path: 4 .0. you can use the following command—passive- interface interface_name.10.0/8 address space. if you have an interface in this range that you do not want to speak RIP. ExamAlert The network command in RIP must be a classful reference.0. based on the 10. but the router simply converts this entry to the classful entry. Verification of RIP is very simple. You can enter something as incredibly specific as a host route (network 10. EXAMPLE 10. and with those protocols it will prevent the sending of hello messages on those interfaces.0. hold down 180.

R—RIP. L2—IS-IS level-2 ia—IS-IS inter area.0/8 is variably subnetted.0/24 is directly connected.20.0. L1—IS-IS level-1. 2 masks R 10. su—IS-IS summary. FastEthernet0/0 R3# CramQuiz 1.20. EX—EIGRP external.20. IA—OSPF inter area N1—OSPF NSSA external type 1.0/24.20. FastEthernet0/0 L 10.14 shows the use of show ip route in order to verify RIP. *—candidate default. +— replicated route Gateway of last resort is not set 10.2 120 00:00:24 Distance: (default is 120) R3# Example 10. C—connected. E2—OSPF external type 2 i—IS-IS. S—static.10. Routing for Networks: 10. 5 subnets.0.0/24 [120/1] via 10. Note that a RIP route does appear in the routing table for the remote prefix of 10.2.10.0 Passive Interface(s): Loopback0 Routing Information Sources: Gateway Distance Last Update 10. FastEthernet0/0 C 10.0. B—BGP D—EIGRP. What is the issue preventing the network from functioning properly? .0.20. M—mobile. O—OSPF. Examine the topology and configurations that follow.20.20. N2—OSPF NSSA external type 2 E1—OSPF external type 1.10.20. EXAMPLE 10.10.14 Using show ip route to Verify RIP Click here to view code image R3# R3#show ip route Codes: L—local.3/32 is directly connected. P—periodic downloaded static route. U—per-user static route o—ODR. 00:00:11.

Current configuration : 1346 bytes ! ! Last configuration change at 21:42:50 UTC Sun Aug 21 2016 ! upgrade fpd auto version 15..0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup ipv6 unicast-routing ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ..Click here to view code image R1 Building configuration.

0.16.0 10.1.1 255.10.0.2 ip route 172.0.10.0 0.255.0. ip address 10.255.255.168.0.255.0.2 ip route 192.10.0 10.10.0 0.0.255 10.255.0.2 ! no cdp log mismatch duplex ipv6 route 2001:AAAA::/64 FastEthernet0/0 ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 .0.10.10.0 FastEthernet0/0 ip route 0.0 255.0 duplex half ipv6 enable ! ! interface FastEthernet1/0 no ip address shutdown duplex half ! ! router rip version 2 network 10.3 255.0.1.255.10.0 ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip route 0.10.

0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10..255.10. logging synchronous stopbits 1 line vty 0 4 R2 Building configuration.2 255.. Current configuration : 1115 bytes ! ! Last configuration change at 20:28:20 UTC Sun Aug 21 2016 ! upgrade fpd auto version 15.10.255.0 duplex half ! .

255.255.20.0 255.! interface FastEthernet1/0 ip address 20.0.0 duplex half ! ! router rip version 2 network 10.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R3 Building configuration..0.20. ..

0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 10.255.40.3 255.255.0 duplex half ! ! router rip .20.40.0 ! ! interface FastEthernet0/0 ip address 10.3 255.Current configuration : 1174 bytes ! ! Last configuration change at 21:52:40 UTC Sun Aug 21 2016 ! upgrade fpd auto version 15.20.255.255.

3 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip route 10.255.20. B.0 10.2 121 ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end A.20.20.255. What command stops an interface that is included by the network command in . version 2 passive-interface Loopback0 network 10. R2 requires the version 2 command. R3’s network statement will return an error.60. D. There is an IP address issue on R2. 2.20. R1 must use the no auto-summary command.60. C.0 255.

show ipv6 ospf neighbor Consider the following when troubleshooting a routed Layer 3 topology: The traceroute tool can help you determine the traffic path. show ipv6 eigrp neighbor 2. administrative distance dictates the most trustworthy and believed route. the metric dictates the installed route. passive-interface C. What verification command exists for EIGRP for IPv6 peerings? _________ 2. The passive-interface command silences RIP for an interface included in the broad network command. rip-silent CramQuiz Answers 1. when different route sources are providing prefix information. “Infrastructure Management: IOS Troubleshooting Tools. this book covers traceroute in great detail in Chapter Twenty-Three.” You should use ping to test for basic IP connectivity between neighbors before adding the complexity of routing protocols. 2. interface-silent D. These peering verification commands are critical: show ip ospf neighbor show ipv6 ospf neighbor show ip eigrp neighbor show ipv6 eigrp neighbor Remember. B is correct. order to not send RIP information? A. D is correct. What verification command exists for OSPF version 3 peerings? _________ Answers 1. . Topic: Troubleshoot basic Layer 3 end-to-end connectivity issues CramSaver 1. disable interface B. R2 is attempting to use the subnet ID for an IP address. when analyzing prefixes from the same routing source.

32 3. What command permits you to view the IPv6 routing table? A. EIGRP D. Ping B. Dead time CramQuiz Answers 1. NSLOOKUP C. show route ipv6 B. WHOIS 2. RIP B. Ping provides an excellent test of basic IP connectivity. B is correct. What verification command includes the following? Routing for Networks: . Metric C. What value is compared when analyzing two possible EIGRP routes? A. 0 B. The metric analysis occurs between different routes to the same destination.CramQuiz 1. 16 D. show ipv6 route D. What is an example of a link state routing protocol? A. Review Questions 1. BGP 2. Telnet D. 2. OSPF C. What is the mask length for a host route? A. What tool is excellent for checking basic IP connectivity? A. AD B. show route 4. show route new C. Hop count D. A is correct. 64 C.

The routing process permits a shutdown and no shutdown. NETSTAT Answers to Review Questions 1. OSPF is an example of a link state routing protocol. router ospf version 2 C. Traceroute B. show rip config D. show ip route B. 9. A metric 8. ospf version 3 D. What tool enables you to follow the router-to-router path a packet takes in the network? A. Ping-path C. Which statement about EIGRP for IPv6 is correct? A. ipv6 unicast-routing 7. router ospf 1 B. The network command accepts a wildcard mask. 10.0. router ospf process 1 version 2 6. NSLOOKUP D. The network command is a requirement in the configuration. B is correct. An AS number D.0. What identifier is used with an EIGRP configuration? A. What command enters router configuration mode for OSPF version 2? A. ipv6 route-enable B. A process ID B. B. What command must be used in order to properly configure OSPF version 3? A. show router rip C. C. D. show ip protocols 5. ospf router version 1 D. A tag C. . set ospf v 3 C.0 A. The global unicast address is the next-hop value in routes.

6.ajsnetworking. 3. You must use an Autonomous System number during the EIGRP configuration. 5. A is correct. 7.com/implementing-eigrp-for-ipv6 .ly/2dcffWU MicroNugget: OSPF Simulation 1 —http://www. 4. It uses the local process ID of 1. Unicast routing for IPv6 protocols is not enabled by default. 9. A host route in IPv4 features a mask of 32 bits. A is correct.ajsnetworking. The show ip protocols command allows you to easily verify the configuration of your dynamic routing protocols. D is correct. C is correct. C is correct. The traceroute tool permits the analysis of network paths. The router ospf 1 command enters router configuration mode for OSPF. Additional Resources RIPv2 Concepts Review—http://www. The EIGRP for IPv6 routing process may be shutdown or no shutdown in EIGRP router configuration mode. 2. 8.com/ripv2 The Mechanics of Routing Protocols—http://bit. D is correct. D is correct.ajsnetworking.com/micronugget-ospf-simulation-1 Implementing EIGRP for IPv6 —http://www. D is correct. The show ipv6 route command is the equivalent of show ip route but shows the v6 table of course.

Part IV: WAN Technologies This part of the text deals with one of the seven overall sections you must master for the CCNA exam. For many students. There are three chapters total that make up Part 4. these chapters will be critical in their preparation. This is an area of very unique topics from the previous editions of CCNA. Here you begin by examining the many options for wide area networking today. then you move to fascinating discussions of eBGP and QoS technologies. Part 4 includes the following chapters: CHAPTER 11 WAN Technologies: WAN Options CHAPTER 12 WAN Technologies: eBGP CHAPTER 13 WAN Technologies: QoS .

verify. verify. and troubleshoot PPPoE client-side interfaces using local authentication Configure. WAN Technologies: WAN Options This chapter covers the following official CCNA 200-125 exam topic: Configure and verify PPP and MLPPP on WAN interfaces using local authentication Configure. These other chapters deal with eBGP and QoS.Chapter 11. this is just a section of the WAN Technologies area. Remember. If you are in doubt at all—read EVERYTHING in this chapter! 1. What are two authentication methods for PPP? _________ 2. and troubleshoot GRE tunnel connectivity Describe WAN topology options Describe WAN access connectivity options This chapter ensures you are ready for the topics in the preceding list from the WAN Technologies section of the overall exam blueprint from Cisco Systems. Chapters Twelve and Thirteen also exist in this grouping. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. Essential Terms and Components PPP MLPPP PPPoE GRE MPLS Metro Ethernet Broadband PPPoE DMVPN Topic: Configure and verify PPP and MLPPP on WAN interfaces using local authentication CramSaver If you can correctly answer these CramSaver questions. What syntax creates a multilink PPP interface with an ID of 10? .

_________ Answers 1. a clear-text PAP for low-security environments and CHAP for more robust security Control protocols for each higher-level protocol Control Protocols for PPP are broken into the following: Link Control Protocol (LCP): This control protocol focuses on the link itself and ignores Layer 3 protocols sent across the link Network Control Protocol (NCP): This category of protocols functions in conjunction with a specific Layer 3 protocol sent across the link Example 11. interface multilink 10 The Point to Point Protocol (PPP) provides many useful functions for leased line WAN connections. EXAMPLE 11. These include: The definition of a header and trailer that permits frame delivery over the link Support for synchronous and asynchronous WAN links A Type field that permits many protocols to pass over the link Authentication protocols.1 Configuring PPP with CHAP Click here to view code image R1# R1#configure terminal R1(config)#username R2 password cisco R1(config)#interface serial2/0 R1(config-if)#encapsulation ppp R1(config-if)#ppp authentication chap R1(config-if)#end R1# R2# R2#configure terminal R2(config)#username R1 password cisco R2(config)#interface serial2/0 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap R2(config-if)#end R2# . specifically. CHAP and PAP 2.1 demonstrates the configuration of PPP with CHAP authentication between two Cisco routers.

crc 16.1 YES manual up up Serial2/1 unassigned YES unset administratively down down Serial2/2 unassigned YES unset administratively down down Serial2/3 unassigned YES unset administratively down down R1# R1#show interface serial2/0 Serial2/0 is up.1. LCP Open Open: IPCP. EXAMPLE 11. output 00:00:05. The password must match on each device. 3407 bytes.1. loopback not set Keepalive set (10 sec) Restart-Delay is 0 secs Last input 00:00:05.2 shows how we can easily verify the configuration. rxload 1/255 Encapsulation PPP.2 Verifying the PPP Configuration Click here to view code image R1# R1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down Serial2/0 10. 0 packets/sec 5 minute output rate 0 bits/sec. output hang never Last clearing of "show interface" counters 00:05:22 Input queue: 0/75/0/0 (size/max/drops/flushes). DLY 20000 usec. 0 packets/sec 76 packets input. Example 11.Notice how in this example the username commands are entries for the opposite router.1/24 MTU 1500 bytes.1. Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec. CDPCP. BW 1544 Kbit/sec.1. 0 no buffer . reliability 255/255. txload 1/255. line protocol is up Hardware is M4T Internet address is 10.

4004 bytes. 0 CRC. 0 overrun.1. 0 giants. 0 runts. 0 underruns 0 output errors.255. Also. but it can be configured under the physical interfaces.1. just use the appropriate IP address under the multilink 1 interface. 0 collisions. 0 abort 113 packets output. Example 11. In order to verify.3 shows a sample configuration: EXAMPLE 11. note that the configuration of R2 would be identical. simply use show ip interface brief and ensure that the physical . 0 ignored.255. 4 interface resets 11 unknown protocol drops 0 output buffer failures.1 255.3 Configure Multilink PPP Click here to view code image R1# R1#configure terminal R1(config)#interface multilink 1 R1(config-if)#encapsulation ppp R1(config-if)#ppp multilink R1(config-if)#ip address 10. 0 output buffers swapped out 4 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R1# What about using multiple links between WAN devices in order to load share and improve reliability? This is where multilink PPP enters the equation. 0 frame. 0 throttles 0 input errors. Received 0 broadcasts.0 R1(config-if)#ppp multilink group 1 R1(config-if)#exit R1(config)#interface serial2/0 R1(config-if)#encapsulation ppp R1(config-if)#ppp multilink R1(config-if)#no ip address R1(config-if)#ppp multilink group 1 R1(config-if)#no shutdown R1(config)#interface serial 2/1 R1(config-if)#encapsulation ppp R1(config-if)#ppp multilink R1(config-if)#no ip address R1(config-if)#ppp multilink group 1 R1(config-if)#no shutdown R1(config-if)#end R1# Notice we do not demonstrate authentication.

When you are configuring CHAP on your device. show interface serial 2/0 ppp CramQuiz Answers 1. A is correct. such as DSL or cable service. The admin username of the remote device D. what is typically the local username you set? A. verify. Topic: Configure. Active Discovery Phase and the PPP Session Phase 2. CramQuiz 1. . The username is the hostname of the remote router in a typical CHAP configuration. What are the two main phases of PPPoE? _________ 2. Use the command show interface serial 2/0 in order to verify the health of your PPP interface. The admin username of the local device 2. The hostname of the remote device B. 2. show interface serial 2/0 C. The hostname of the local device C. B is correct. Ethernet and PPP. show ppp all B. What command with PPPoE is typically used in order to receive an IP address? _________ Answers 1. ip address negotiated PPPoE combines two widely accepted standards. What commands permits the verification of PPP on interface serial 2/0? A. PPPoE clients are typically personal computers connected to an ISP over a remote broadband connection.interfaces as well as the multilink interface are in the up state. and troubleshoot PPPoE client-side interfaces using local authentication CramSaver 1. show ppp interface serial 2/0 D. This combination provides an authenticated method of assigning IP addresses to client systems.

EXAMPLE 11. When used by ISPs. At system initialization. each packet is encapsulated in the PPPoE and PPP headers. allowing data to be transferred over the PPP link within PPPoE headers.ISPs deploy PPPoE because it supports high-speed broadband access using their existing remote access infrastructure and because it is easier for customers to use. PPP Session Phase—In this phase. After the session is established. a PPP link is set up. a Session ID is assigned. Example 11. During this phase. called an access concentrator. ExamAlert PPPoE is composed of two main phases: Active Discovery Phase—In this phase. When the link setup is completed. When the PPP session is established.4 The PPPoE Client Configuration Click here to view code image R1# R1#configure terminal R1(config)#interface dialer 2 R1(config-if)#ip address negotiated R1(config-if)#mtu 1492 R1(config-if)#encapsulation ppp R1(config-if)#ppp chap hostname JohnS R1(config-if)#ppp chap password cisco R1(config-if)#dialer pool 1 R1(config-if)#interface fa0/0 R1(config-if)#no ip address R1(config-if)#pppoe-client dial-pool-number 1 R1(config-if)#pppoe enable R1(config-if)#no shutdown R1(config-if)#end .4 shows a sample configuration for a PPPoE client. the PPPoE client and server are interconnected by Layer 2 bridging protocols running over a DSL or other broadband connection. and the PPPoE layer is established. PPPoE provides a standard method of employing the authentication methods of the Point-to-Point Protocol (PPP) over an Ethernet network. which includes authentication using Password Authentication Protocol (PAP). PPPoE functions as a Layer 2 encapsulation method. PPPoE allows authenticated assignment of IP addresses. PPP options are negotiated and authentication is performed. the PPPoE client establishes a session with the access concentrator by exchanging a series of packets. In this type of implementation. the PPPoE client locates a PPPoE server.

The PPP Session Phase handles options negotiation and authentication. A public IP address D. what IP address do you assign under the physical interface on the client? A. 2. PPP Authentication Phase D. A public IP address of your local ISP CramQuiz Answers 1. B is correct. NCP Phase 2. None C. A is correct. Topic: Configure. GRE creates an additional header used by GRE to perform tunneling. 2. Notice that GRE does not . PPP Session Phase B. R1# CramQuiz 1. The local interface or the local IP address Generic Routing Encapsulation (GRE) is one method of creating tunnels through your network. It then uses a new IP header that encapsulates the original packet. Active Discovery Phase C. and troubleshoot GRE tunnel connectivity CramSaver 1. There is no configuration of an IP address under the physical interface. If security is required. An RFC1918 address B. In the PPPoE client configuration. you can add it to the configuration using a toolset like IPSec. In what PPPoE phase are PPP options negotiated and authentication performed? A. True or False: GRE provides security in the tunnel creation by default? _________ 2. verify. What two options do you have to set the source address of your GRE tunnel? _________ Answers 1. False.

255.255 area 0 R2(config-router)#end R2# Example 11.0 R2(config-if)#tunnel mode gre ip R2(config-if)#tunnel source serial 2/0 R2(config-if)#tunnel destination 10.1.5 demonstrates the GRE tunnel configuration.0.255.1.255.1 255.1.provide any encryption type services.2 R1(config-if)#exit R1(config)#router ospf 1 R1(config-router)#network 172.16.16.16.2 255.0 R1(config-if)#no shutdown R1(config-if)#interface tunnel 0 R1(config-if)#ip address 172.255.0 R1(config-if)#tunnel mode gre ip R1(config-if)#tunnel source serial2/0 R1(config-if)#tunnel destination 10.255.255.6 shows some simple verifications of GRE.6 Verifying GRE Click here to view code image R2# R2#show ip interface brief Interface IP-Address OK? Method . this can be added using IPsec (for example).1.0.5 GRE Tunnel Configuration Click here to view code image R1# R1#configure terminal R1(config)#interface serial2/0 R1(config-if)#ip address 10.1.255.1.1.255 area 0 R1(config-router)#end R1# R2# R2#configure terminal R2(config)#interface serial2/0 R2(config-if)#ip address 10.1 255.1 R2(config-if)#router ospf 1 R2(config-router)#network 172.255. Example 11.1.0 0. EXAMPLE 11.0 R2(config-if)#no shutdown R2(config-if)#interface tunnel 0 R2(config-if)#ip address 172.1. If security is required.1.1.0. EXAMPLE 11.0 0.16.2 255.1.0.

16.2 YES manual up up R2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172. 2 —a temporary instability caused by route flapping elsewhere in the network CramQuiz 1.16.1.1 Tunne R2# ExamAlert There are many rules that exist for your tunnel interface to be healthy as shown in the preceding examples.1. This condition is usually due to one of these causes: 1—a misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing).2 YES manual up up Serial2/1 unassigned YES unset administratively down down Serial2/2 unassigned YES unset administratively down down Serial2/3 unassigned YES unset administratively down down Tunnel0 172. Finally. 00:00:31 172.1. Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down Serial2/0 10. including the following: The tunnel source reference to a local source interface requires that the interface have an IP address and be in the up/up state Referencing a local IP address for your tunnel source requires that the IP address exist on the router and the associated interface be in the up/up state If you reference the tunnel destination using an IP address.16. this hostname must be resolvable by the local device. What is the error that occurs when a router tries to route to the tunnel destination . a %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the GRE tunnel router has discovered a recursive routing problem.1. the router must have a matching route to that destination IP address If you reference the destination as a hostname.1.1 0 FULL/ .

Hub-and-spoke: This WAN topology features a central hub device (typically at a network HQ for example) that makes WAN connections out to branch offices (the spokes). A is correct. Looped routing C. In fact. . tunnel mode gre ip B. tunnel mode ip gre C. we discussed many of them when we discussed possible network topologies in general in Chapter One. Layer 2 looped resolution D. What WAN topology involves two devices total on the link? _________ 2. 2. Hub and spoke There are many possible topologies in the WAN. Let’s quickly review them here: Point-to-point: This simple WAN topology connects two devices over a single connection. D is correct. The tunnel mode gre ip command ensures that GRE is the tunnel type. Recursive routing 2. tunnel gre CramQuiz Answers 1. Down state proliferation B. address using the tunnel interface itself? A. What command sets the tunnel to GRE? A. tunnel mode gre-ip D. P2P (point-to-point) 2. The recursive routing error occurs when a misconfiguration exists that causes the router to try to route to the tunnel destination address using the tunnel interface itself. Topic: Describe WAN topology options CramSaver 1. What topology is often found with a large HQ and many branch offices? _________ Answers 1.

this is called what? A. 2. What Cisco technology permits the dynamic creation of hub-to-spoke and even spoke-to-spoke tunnels? _________ Answers 1. Hub-and-spoke C. Single-homed B. Point-to-point D. but that customer can dynamically fail over to the surviving ISP. Single-vs dual-homed: These WAN topologies refer to making a connection to multiple ISPs versus a single ISP. Point-to-point D. Metro Ethernet 2. notice it provides excellent redundancy of WAN paths through the network. If your WAN client actually makes connections to two separate ISPs. Full-mesh: This WAN topology is the most expensive and complex to maintain since this topology has all devices making connections to all other devices. Full-mesh B. CramQuiz 1. Making a WAN connection to different provides is termed dual- homed. Full-mesh CramQuiz Answers 1. A is correct. What topology is often skipped due to costs and administrative overhead? A. Topic: Describe WAN access connectivity options CramSaver 1. a dual-homed configuration is very powerful since it means that an ISP can completely fail to be able to route traffic for the customer. What technology forms a MAN using Ethernet? _________ 2. Dual-homed C. although it can be complex and expensive. DMVPN . B is correct. Single-homed 2. The full-mesh might not be implemented due to costs.

ATM. Broadband PPPoE B. hence its name “multiprotocol. MPLS: Multiprotocol Label Switching is a data-carrying technique for high- performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses. Internet VPN (DMVPN. It appeared in 1999. client VPN software can be used in order to permit remote access to corporate resources. Client VPN C. Another distinct advantage of an Ethernet-based access network is that it can be easily connected to the customer network. and DSL. due to the prevalent use of Ethernet in corporate and residential networks. Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password. Metro Ethernet . and from there to the rest of the Internet. client VPN): Dynamic Multipoint VPN is a Cisco invention for created hub-and-spoke topologies with ease. including T1/E1.” MPLS supports a range of access technologies. It is commonly used to connect subscribers to a larger service network or the Internet. This provides many advantages.Today. or it can be as simple as a Web browser. Here is a review of these options you should know for the CCNA. What technology uses simple labels for the forwarding of traffic instead of complex routing tables? A. site-to-site VPN. The labels identify virtual links (paths) between remote nodes rather than endpoints. including the dynamic creation of spoke-to-spoke tunnels in order to reduce the burdens on busy HQ (hub) devices. as the solution for tunneling packets over the DSL connection to the ISP's IP network. Businesses can also use Metro Ethernet to connect their own offices to each other. CramQuiz 1. Site-to-site VPNs permit the creation of VPN links between locations that client devices can use in order to send protected data. An Ethernet interface is much cheaper than a synchronous digital hierarchy (SONET/SDH) or plesiochronous digital hierarchy (PDH) interface of the same bandwidth. Finally. in the context of the boom of DSL. Broadband PPPoE: Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. MPLS can encapsulate packets of various network protocols. The client VPN software can be a complex client app installed. Metro Ethernet: A Metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards. predominately via the PAP protocol and less often via CHAP. including the elimination of complex lookups in a routing table. customers have more options than ever for client connectivity to the WAN.

To ensure that OSPF is forming properly over your tunnel interface. show ospf process B. A is correct. What technology might use a Web browser in order to form a secure VPN connection? A. show ip ospf gre Answers to Review Questions 1. what command can you use? A. The Link Control Protocol (LCP) is concerned with the link itself and not upper layer protocols. It is the job of the Active Discovery Phase to ensure a Session ID is assigned and that the PPPoE layer is established. 2. show ip ospf neighbor D. Client or SSL VPN C. Metro Ethernet D. 2. The PPP Session Phase C. PPC D. The Active Discovery Phase B. B is correct. The Session ID Phase 3. VTP 2. NCP B. MPLS uses labels to forward traffic. Review Questions 1. Which control protocol of PPP ignores the upper layer protocols and focuses on the link itself? A. MPLS CramQuiz Answers 1. MPLS 2. A Client SSL VPN might come in the form of a Web browser. LCP C. show interfaces ospf C. D is correct. D. . B is correct. Which phase of PPPoE ensures a Session ID is assigned and the PPPoE layer is established? A. The Link Layer Phase D. Broadband PPPoE B.

com/ppp . Use show ip ospf neighbor Additional Resource PPP Simulation—http://www. 3.ajsnetworking. C is correct.

10. Remember. External BGP (eBGP) 2.1? _________ Answers 1.Chapter 12. If you are in doubt at all—read EVERYTHING in this chapter! 1.10. Essential Terms and Components BGP eBGP iBGP Peerings network Command Topic: Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only) CramSaver If you can correctly answer these CramSaver questions. What is the term for BGP peerings that are made to routers outside of your AS? _________ 2. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. These other chapters deal with WAN options and QoS. WAN Technologies: eBGP This chapter covers the following official CCNA 200-125 exam topic: Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only) This chapter ensures you are ready for the aforementioned topic from the WAN Technologies section of the overall exam blueprint from Cisco Systems.10.10. neighbor 10. What command would you use in order to configure a peering to a device in AS 65501 at the IP address of 10. Chapters Eleven and Thirteen also exist in this grouping. this is just one section of the WAN Technologies area.1 remote-as 65501 .

1 Configuring the eBGP Peering Click here to view code image R1# R1#configure terminal Enter configuration commands. EXAMPLE 12. FIGURE 12. For example. at the CCNA level. This is because the protocol behaves differently between these uses.1. R1(config)#router bgp 65000 R1(config-router)#neighbor 10. The remote-as command uses the AS number of the neighbor. but this is not done with iBGP.1. This external gateway protocol is specially designed to efficiently share prefixes between autonomous systems.Border Gateway Protocol (BGP) is the protocol that powers the Internet as we know it today.1 Sample eBGP Topology Unlike the IGPs you might be more familiar with (OSPF. BGP does not dynamically discover neighbors. Interestingly. EIGRP). You must manually set the BGP peerings. Fortunately. BGP can also share prefixes within an AS as well. End with CNTL/Z. When used in this manner. the next- hop IP address is changed for the prefix. you are not responsible for these important distinctions. Contrast this to protocols like OSPF that are designed to share prefixes within autonomous systems. You should take note that the CCNA exam specifically examines the functionality and configuration of exterior BGP (eBGP). one per line. Note that the command must be used on each device and the IP address referenced is the reachable IP address of the neighboring device. the functionality is termed interior BGP (iBGP). This is true for eBGP and iBGP.1 shows the simple topology we use in this chapter for you to master the configuration of a simple eBGP peering and the sharing of a prefix using the network statement per our exam blueprint.1 demonstrates the use of the neighbor command for creating the eBGP peering between these devices. when sharing a prefix using eBGP. ExamAlert You might wonder why there is this distinction with the protocol of BGP between interior and exterior. Figure 12. Example 12.2 remote-as 65002 R1(config-router)#end R1# .

1 remote-as 65000 R2(config-router)#end R2# %BGP-5-ADJCHANGE: neighbor 10.1.1 that R1 is in AS 65000 per the router bgp command. the one you are responsible for this in this exam.2 4 65002 54 54 1 0 0 00:45:31 R1# How do prefixes within an AS make their way into the BGP table for advertisement? The network command does this. local AS number 65000 BGP table version is 1.3 Using the Network Command in BGP Click here to view code image R2# R2#configure terminal Enter configuration commands.2).1. one per line. The neighbor is in AS 65002. ExamAlert How can you be sure that the peering is successful should you miss the console message? Use show ip bgp summary (as shown in Example 12. EXAMPLE 12. Example 12.1 Up.1.1. End with CNTL/Z. EXAMPLE 12.1. Notice also that we get a powerful confirmation that our configuration is accurate with the console message that appears on R2 when we complete the configuration: %BGP-5-ADJCHANGE: neighbor 10.1 Up R2# Notice in Example 12. main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10. .1.1.1.3 demonstrates the use of the network command.1. one per line. This is one option. R2# R2#configure terminal Enter configuration commands.1.2 Confirming the eBGP Peering Click here to view code image R1# R1#show ip bgp summary BGP router identifier 10.1. R2(config)#router bgp 65002 R2(config-router)#neighbor 10. End with CNTL/Z.

4 Confirming the Prefix Advertisement Click here to view code image R1# R1#show ip bgp BGP table version is 2.2 255. P–periodic downloaded static route.16. e . su–IS-IS summary. L2–IS-IS level-2 ia–IS-IS inter area. C–connected.1. IA–OSPF inter area N1–OSPF NSSA external type 1. r RIB-failure.EGP. d damped.0/24 10.1.255.16.255.internal.incomplete Network Next Hop Metric LocPrf Weight Path *> 172. R2(config)#interface loopback 0 R2(config-if)#ip address 172. EXAMPLE 12. B–BGP D–EIGRP. O–OSPF.5.2 0 0 65002 i R1# But what about the routing table? Of course.1. N2–OSPF NSSA external type 2 E1–OSPF external type 1.1 Status codes: s suppressed. L1–IS-IS level-1.IGP. M–mobile.0 R2(config-router)#end R2# Example 12. *–candidate default.0 mask 255.1. * valid.0 R2(config-if)#exit R2(config)#router bgp 65002 R2(config-router)#network 172. ? . S Stale Origin codes: i . E2–OSPF external type 2 i–IS-IS.4 shows how you can confirm this prefix is in the BGP table on R1 after advertisement on R2.1.255. R–RIP.5 Displaying the Routing Table Click here to view code image R1# R1#show ip route Codes: L–local.1.255. local router ID is 10. S–static. EX–EIGRP external. i . +– . h history.1. show ip route can handle that as shown in Example 12.16. EXAMPLE 12. > best. U–per-user static route o–ODR.

peer . neighbor C.0 [20/0] via 10. 2 subnets. What command do you use to advertise a local prefix into BGP? A. 10 B.1/32 is directly connected. The default admin distance of eBGP is 20. 2 masks C 10.0. show ip bgp summary C.1. FastEthernet0/0 172. What command permits you to verify that your eBGP relationship has formed? A. show summary bgp D. 20 C. 00:00:39 R1# CramQuiz 1.1.16. Review Questions 1. network B.2. show route peering summary bgp 2. 1 subnets B 172. What is the default admin distance of eBGP? A.16.0/8 is variably subnetted. adjacency 2. The show ip bgp summary command is how you can easily verify peerings.1. 2.0.0.1. FastEthernet0/0 L 10. replicated route Gateway of last resort is not set 10. show bgp routes B.0/24 is directly connected. network B. B is correct.1. 200 D. neighbor C. 110 CramQuiz Answers 1. B is correct. peer D.0/24 is subnetted.1.1. What command do you use to form a BGP peering? A.

The neighbor command permits the creation of a BGP adjacency. 2. B is correct. D. adjacency Answers to Review Questions 1.com/bgp-on-ios .ajsnetworking. A is correct. Use the network command to advertise a prefix into BGP. Additional Resource BGP on IOS—http://www.

These other chapters deal with WAN options and eBGP. What marking is used at Layer 2? _________ 3.Chapter 13. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What link QoS mechanism buffers traffic by default when it exceeds a certain rate? . Essential Terms and Components QoS Marking Device Trust Prioritization Voice Video Data Shaping Policing Congestion Management Topic: Describe basic QoS concepts CramSaver If you can correctly answer these CramSaver questions. this is just a section of the WAN Technologies area. If you are in doubt at all—read EVERYTHING in this chapter! 1. Remember. The topics covered in Chapters Eleven and Twelve also exist in this grouping. What QoS approach ensures resources are available for voice and video applications through the use of predetermined assignments? _________ 2. WAN Technologies: QoS This chapter covers the following official CCNA 200-125 exam topics: Describe basic QoS concepts This chapter ensures you are ready for the above topic from the WAN Technologies section of the overall exam blueprint from Cisco Systems.

This means they feature two or more of the following traffic forms: Voice: Voice over IP permits calls to transpire over the same network as data traffic. Differentiated Services (DiffServ): This approach is the most popular today. Traffic Shaping There are three main approaches you can take to Quality of Service (QoS) in your organization: Best Effort (BE): Using this approach. it begins with traffic marking and classification to identify and group traffic that must be treated in a special manner. no longer is special equipment and links required for voice traffic. this approach is no longer popular as it requires special signaling protocols and requires tight integration from network to network. Marking traffic for a certain QoS treatment can be done at several layers of the OSI model. Prioritization is done in order to avoid problems with: Packet loss Packet delay (latency) Jitter (variations in delay) QoS is so popular in networks today because more and more networks are converged. _________ Answers 1. the Resource Reservation Protocol (RSVP) is used to reserve resources on devices in the path that will carry important or fragile traffic forms. Class of Service (CoS) 3. For example: Layer 2: Class of Service (CoS) Layer 2. Video: Video over IP is more and more popular for the transmission of video . Integrated Services (IntServ): With this approach. most Cisco devices default to a First In First Out (FIFO) approach to packet queuing in the best effort environment. QoS seeks to control several potential issues in your network with traffic. Integrated Services (IntServ) with the Resource Reservation Protocol (RSVP) 2.5: The Experimental Bits with MPLS Layer 3: Type of Service (ToS) Should your local router or switch trust the markings from an incoming device? This is known as device trust. Those devices you are trusting become the trust boundary in the network. you overprovision the bandwidth in the network as you do not use any special QoS settings or tools.

What approach to QoS features marking and classifying traffic? A. Class-Based Weighted Fair Queuing (CBWFQ) seeks to prioritize traffic based on markings. Tools for this special treatment include: Shaping: This QoS tool permits you to control the rate of traffic on a link. Data: This could include critical transactional data and scavenger class data like gaming or social media traffic. traffic in excess of a specified rate is dropped by default. while Low Latency Queuing (LLQ) takes the CBWFQ system and adds a strict priority queue (PQ) to this system. Congestion Management: There are several tools in this category. Device trust refers to honoring QoS markings. Type of Service B. BECN 2. To honor the QoS markings C. The Type of Service field exists in a Layer 3 packet and permits the marking of traffic at Layer 3. IntServ B. Experimental Bits D. Review Questions 1. and then can be treated in a special manner on a hop-by-hop basis. To forward the traffic from the device regardless of priority B. Policing: This QoS tool is similar to shaping. traffic above a specified threshold is buffered in an attempt to send it later in time when there is less traffic on the link. What does it mean to trust a device in a QoS environment? A. DNS Client CramQuiz Answers 1. 2. this PQ is reserved for voice traffic in a typical implementation. CramQuiz 1. What marking is done at Layer 3? A. BE . With Differentiated Services. with this approach. Zone File Server D. however. traffic. B is correct. A is correct. traffic is marked and classified. DiffServ C. Class of Service C.

What is a variation in delay in QoS? A. The Differentiated Services (DiffServ) approach features marking and classification as a first step. Jitter refers to a variation in delay. D. Latency D.ajsnetworking. A is correct.com/overall-approaches-to-qos-problems . Marking Answers to Review Questions 1. Shaping D. Additional Resource Overall Approaches to QoS Problems —http://www. Policing C. 3. 2. Congestion Management B. Shaping B. This is a large problem for voice and video traffic. Jitter 3. D is correct. RSVP 2. B is correct. Packet loss C. LLQ is a form of what tool in QoS? A. Examples of Congestion Management QoS tools are CBWFQ and LLQ.

you are in for big trouble. If you cannot successfully manage your infrastructure services in your complex network. NTP. Part V: Infrastructure Services This part of the text deals with one of the seven overall sections you must master for the CCNA exam. DHCP. HSRP CHAPTER 15 Infrastructure Services: NAT . These chapters prove critical for your success in production networks. Part 5 includes the following chapters: CHAPTER 14 Infrastructure Services: DNS. especially when things inevitably go wrong. There are two chapters total that make up Part 5.

and troubleshoot basic HSRP This chapter ensures you are ready for the preceding topics from the Infrastructure Services section of the overall exam blueprint from Cisco Systems. verify. Remember. Essential Terms and Components DNS DNS Lookups Client DNS Configurations DHCP DHCP Server DHCP Relay DHCP Client Other DHCP Assigned Parameters NTP Server NTP Client Stratum FHRP HSRP Priority Preemption Version Topic: Describe DNS lookup operation CramSaver . also exists in this grouping. this is just a section of the Infrastructure Services area. Infrastructure Services: DNS.and router-based DHCP connectivity issues Configure and verify NTP operating in client/server mode Configure. which deals with NAT.Chapter 14. Chapter Fifteen. NTP. DHCP. HSRP This chapter covers the following official CCNA 200-125 exam topics: Describe DNS lookup operation Troubleshoot client connectivity issues involving DNS Configure and verify DHCP on a router (excluding static reservations) Troubleshoot client.

Remember. _________ Answers 1. Common record types include: Start of Authority (SOA) IP addresses (A and AAAA) SMTP mail exchangers (MX) Name servers (NS) Pointers for reverse DNS lookups (PTR) Domain name aliases (CNAME) Imagine a world where we would need to communicate with devices on the Internet (or our company’s intranet) using the IP addresses of systems.com to an IP address? _________ 2.cbtnuggets.com to the IP address that devices truly need to reach the remote system. The Domain Name System (DNS) resolves friendly names to IP addresses. globally routable IPv4 address space on the Internet. What service resolves “friendly names” like www. so perhaps you just need to review a certain area. You can also have your internal private DNS servers interact with public DNS servers. This approach gives us a fault-tolerant design and eliminates the need for everyone to rely on one single huge database. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. when you hear DNS. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. If you are in doubt at all— read EVERYTHING in this chapter! 1. . Notice the CramSaver is also broken down by section. This would be nearly impossible since IP addresses are so difficult to memorize for the many devices. you are talking about this structure of naming as well as the technical details of the protocol itself (for example. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. The system can refer to a private RFC 1918 address space inside your organization or to the public. 2. The Domain Name System (DNS) prevents this nightmare. Name two types of DNS records. We use DNS every day. If you can correctly answer these CramSaver questions.cbtnuggets. DNS resolves “friendly” names like www. what messages are exchanged and how data is processed in the system). as you might guess.

The DNS system creates a distributed database so that one central master database does not need to be relied upon. DNS client CramQuiz Answers 1. Which statement about DNS is false? A. B is correct. CramQuiz 1. Zone file server D. What Windows CLI command allows you to see the IP address information configured as well as the DNS server IP address? _________ . D. What device is responsible for each DNS domain? A. DNS resolves domain names to IP addresses. Authoritative name server C. Topic: Troubleshoot client connectivity issues involving DNS CramSaver 1. Multiple DNS servers are typically available for a client. A DNS name server is a server that stores the DNS records for a domain. C. Each domain has an authoritative name server that helps manage the domain. 2. DNS uses many types of records to do its job. DNS operates thanks to one central master database. Master DNS B. 2.The Internet maintains the domain name hierarchy and the Internet Protocol (IP) address spaces. DNS maintains the domain name hierarchy and provides translation services between it and the address spaces. A is correct. a DNS name server responds with answers to queries against its database. B. The most common types of records stored in the DNS database are as follows: Start of Authority (SOA) IP Addresses (A and AAAA) SMTP Mail Exchangers (MX) Name Servers (NS) Pointers for Reverse DNS Lookups (PTR) Domain Name Aliases (CNAME) DNS databases are traditionally stored in structured zone files.

1 Examining DNS Settings on a Windows Client Click here to view code image C:\Users\terry>ipconfig /all Windows IP Configuration Host Name . . . . ip name-server Ensuring your clients are properly configured to use DNS is important for full functionality on the Internet today. . . . : Yes Autoconfiguration Enabled . : Hybrid IP Routing Enabled. . . . . . . . . . . : DESKTOP-ABC123 Primary Dns Suffix . non-authoritative response. . . nslookup 3. . . . address. . On a Windows client system. ipconfig /all 2.home Ethernet adapter Ethernet: Connection-specific DNS Suffix . . : Realtek PCIe GBE Family Controller Physical Address. . What Windows CLI tool allows you to learn information regarding the DNS lookup including the DNS server name. . . . . . EXAMPLE 14. . . .1. . . . . . . . . . . . as shown in Example 14. . . you can check the DNS settings using ipconfig. : fe80::bc5e:a448:8dcc:72ce%3 (Preferred) IPv4 Address. . What is the command that specifies one or more DNS servers for a Cisco device to use? _________ Answers 1. . . . . . : my-router. . : . : No DNS Suffix Search List. . : my-router. . . . . . . . . . : Node Type . : Yes Link-local IPv6 Address . . : 84-8F-69-F5-5F-3D DHCP Enabled. and resolved addresses and aliases? _________ 3. . . . . . . . 2. . . . . . .home Description . . . . . . . . . . . . . . : No WINS Proxy Enabled. . . .

. . . . . . .1 is being learned by this client automatically. of course. . : Enabled C:\Users\terry> Notice from the output in Example 14. .168. . . . . . . : 255. . . . Figure 14.168. . . : 00-01-00-01-1E-72-89- C7-84-8F- 69-F5-5F-3D DNS Servers . .1. . : 59019113 DHCPv6 Client DUID. . . . . .255. . . .1.1. : 192. . . Notice that the DNS information of 192. . .1. . . . . This is. . . . . . . . .168. . . : Monday3:33:08 AM Lease Expires .1 NetBIOS over Tcpip. . . . .1.1 DHCPv6 IAID . . .1 that this client will send DNS requests to 192. . : 192. . .168.1. . . . a private-use-only address inside our network. . This router receives public DNS server addresses automatically from our ISP so that it can resolve public website names that we want to visit.1.255. . . 192. . .168. : 192. : Friday 3:33:19 AM Default Gateway . . . . .1 shows the actual configuration for this Windows client in the graphical user interface of the Control Panel. . . . .1 DHCP Server . . . .168. . . . .0 Lease Obtained.191(Preferred) Subnet Mask . .

Example 14. EXAMPLE 14.2 demonstrates this approach. FIGURE 14.com .cisco.1 The DNS Settings Inside of Windows What about verifying the Windows client is fine from a DNS perspective? One approach is to ping a known and reachable Web server using the friendly name.2 Checking DNS Functionality by Using PING Click here to view code image C:\Users\terry>ping www.

net wwwds. Maximum = 37ms.170: bytes=32 time=36ms TTL=54 Reply from 23.1 Non-authoritative answer: Name: e144. Received = 4. Pinging e144.edgekey.192.1.com Server: ACME_Quantum_Gateway.192.202.202.net Addresses: 2600:1408:10:18c::90 2600:1408:10:181::90 23.170] with 32 bytes of data: Reply from 23.dscb.akamaiedge. Example 14. use the NSLOOKUP command.202.net C:\Users\terry> Just as it can be convenient for your Windows client to use DNS.cisco.170: bytes=32 time=35ms TTL=54 Reply from 23.com.akadns.cisco.3 Using NSLOOKUP to Verify DNS Click here to view code image C:\Users\terry>nslookup www.202. however.net [23.cisco. Do not ignore the Windows client information.202.170: bytes=32 time=35ms TTL=54 Ping statistics for 23. it can also be beneficial for your Cisco routers and switches.192.edgekey. however. .3 demonstrates this powerful tool.168. If you would like to receive even more information.170 Aliases: www.akamaiedge. EXAMPLE 14.home Address: 192.com.com.akadns.192.192.my-router. Average = 35ms C:\Users\terry> ExamAlert You can also configure a Cisco router or switch as a DNS client.1 provides commands available on these devices. Lost = 0 (0% loss).202. Table 14.170: bytes=32 time=37ms TTL=54 Reply from 23.Com www.cisco.192.cisco.globalredir.170: Packets: Sent = 4.192. We cover this later in this chapter.202.net. Approximate round trip times in milli-seconds: Minimum = 35ms.dscb.net wwwds.

The use of only Google DNS public servers B. Which feature allows a router to forward a client’s DHCP request to a . 2. To acquire the DNS settings automatically via DHCP C. What is a common Windows client setting for IPv4 DNS? A. Topic: Configure and verify DHCP on a router (excluding static reservations) CramSaver 1. ip domain-name B. ip domain-list D.1 DNS Related Commands on Cisco Devices CramQuiz 1. A very common approach for Windows client’s DNS is to acquire this information dynamically. To use the public IP address of the ISP’s router D. This command is a default setting. D is correct. TABLE 14. What is the default lease duration on a Cisco DHCP server? _________ 2. The ip domain-lookup command enables DNS-based host name resolution. B is correct. ip domain-lookup CramQuiz Answers 1. What command enables DNS-based host name translations on a Cisco router and is enabled by default on many Cisco routers? A. ip name-server C. To use a local loopback address 2.

1. changed state to up R1(config)#ip dhcp excluded-address 10.1.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)# %LINK-3-UPDOWN: Interface FastEthernet0/0. and to configure a Cisco router (R2) as a DHCP client. which is 86. EXAMPLE 14. FIGURE 14.2 R1(dhcp-config)#network 10.4 The Configuration of the DHCP Server Click here to view code image R1# R1#configure terminal Enter configuration commands.1.8 4.1 255.1.255. The DHCP Relay-Agent feature permits this.1.255. the DHCP Server. one per line.1.8.1.400 seconds. remote DHCP server? _________ Answers 1.8.2.1 R1(dhcp-config)#dns-server 8. End with CNTL/Z. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1. The default lease duration is 1 day.10.0 /24 R1(dhcp-config)#end R1# . 2.2 shows the simple topology we use to configure a Dynamic Host Configuration Protocol (DHCP) server using a Cisco router (R1).2.1. R1(config)#interface fa0/0 R1(config-if)#ip address 10.10.2 R1(dhcp-config)#option 150 ip 10. Figure 14.4 shows the configuration of R1.1.2 The DHCP Server and Client Topology Example 14.1 10.10 R1(config)#ip dhcp pool CCNAEXAMCRAM R1(dhcp-config)#default-router 10.

10.2. we excluded a small portion of this network address space.1.1: This command assigns the default gateway to clients of this DHCP pool. default-router 10. Remember.1.The commands directly involving DHCP are as follows: ip dhcp excluded-address 10.10 to DHCP clients. As a result.1.1. the 10.1 address is the static router interface address configured on R1’s fa0/0 interface.1.2: This command sets a primary and backup DNS server for the clients. End with CNTL/Z. network 10. one per line.1. ExamAlert The network command used in DHCP configuration accepts a subnet mask or prefix notation in its syntax.8.2.1.1.1. For example.1.1 10.1. R2(config)#interface fa0/0 R2(config-if)#ip address dhcp R2(config-if)#no shutdown R2(config-if)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# %LINK-3-UPDOWN: Interface FastEthernet0/0.10: This command tells the DHCP server not to assign the addresses from 10.1.10. dns-server 8.8 4.1.2: This command provides clients with the IP address of a TFTP server. changed state to up R2# . EXAMPLE 14.1 to 10.1.5 shows the configuration of a DHCP client function on a Cisco router.5 The Configuration of the DHCP Client Click here to view code image R2# R2#configure terminal Enter configuration commands.11/24. we expect the first leased address to be 10.0 /24: This command specifies the IP address assignments for the pool. This pool will contain the specific parameters we want to hand out to clients who lease addresses from the DHCP server. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1. option 150 ip 10. Example 14.8.1. ip dhcp pool CCNAEXAMCRAM: This command creates our DHCP pool on R1.

let’s begin our verification on the server.6973.6330. 302f.11 YES DHCP up up FastEthernet1/0 unassigned YES unset administratively down down FastEthernet1/1 unassigned YES unset administratively down down .30 R1# ExamAlert Notice that the default lease duration for Cisco DHCP servers is one day.636f.3030. Next.332e. 2e30. Example 14.6 Verifying the DHCP Server Click here to view code image R1# R1#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 10.3066.2d63.11 0063. 08:10 PM _______ Automatic 6130.1. The show ip interface brief command allows us to quickly view the DHCP learned address on Fa0/0.4661. Example 14.302d. To see any IP address conflicts in your Cisco DHCP environment.6 shows the use of the show ip dhcp binding command to verify the server’s operation.7 Verifying the DHCP Client Click here to view code image R2# R2#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 10.Notice here the very simple configuration.1.7 shows a simple verification on the client. you can use the command show ip dhcp conflict.1. EXAMPLE 14. EXAMPLE 14.1. The command ip address dhcp gets the job done for the client interface.

1. R2# What happens if your DHCP server is not on the same subnet with the clients that need it? One option is to configure a DHCP relay-agent. ip dhcp no-lease address D. R2(config)#interface fa1/0 R2(config-if)#ip helper-address 10. What command configures a default gateway in a DHCP server pool? A. ip dhcp excluded-address 2.1. It is very simple to configure this relay agent.3 R2(config-if)#end R2# CramQuiz 1. This is a router that hears the DHCP requests from clients and forwards them to the appropriate DHCP server. so it can successfully forward local DHCP traffic to the DHCP server. Note that the powerful ip helper-address dhcp-server-ip command gets the job done.3 and Example 14.8 Configuring the DHCP Relay-Agent Click here to view code image R2# R2#configure terminal Enter configuration commands. one per line. Figure 14. gateway-of-last-resort C. ip default-gateway B.3 The DHCP Relay-Agent EXAMPLE 14.8 show a sample topology and configuration. The relay agent knows the address of the DHCP server. What command ensures your DHCP server does not lease out addresses you have statically configured elsewhere? A. no dhcp-lease address C. FIGURE 14. What command configures a Cisco device as a DHCP client? . End with CNTL/Z. ip domain-server D. default-router 3. no dhcp-server assign-address B.

2. D is correct. Use the default-router command in the DHCP pool to set the default gateway address. D is correct. ip address dhcp C. ip address dhcp. Topic: Troubleshoot client.and router-based DHCP connectivity issues CramSaver 1.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! . A.. 3. Current configuration : 1343 bytes ! ! Last configuration change at 08:30:24 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15. Why is the DHCP client failing to acquire IP address information? Click here to view code image R1# R1#show running-config Building configuration. ip address learn D. ip address dynamic CramQuiz Answers 1. Examine the figure and the example configurations. Use the ip dhcp excluded-address command to create a range of excluded addresses from your pool. ip address auto B. B is correct.. used in interface configuration mode. sets the Cisco device as a DHCP client.

2.10 ! ip dhcp pool CCNAEXAMCRAM network 10.1.0 default-router 10.1 dns-server 8.1.1.2 option 150 ip 10.1.1.8.1.10.1.! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ip dhcp excluded-address 10.0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! ip forward-protocol nd no ip http server no ip http secure-server .1 10.8 4.255.1 255.2.255.2.255.1.10.0 255.8.2 ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.255.1.

.0 service timestamps debug datetime msec .! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ntp master 2 end R1# R2# R2#show running-config Building configuration. Current configuration : 1165 bytes ! ! Last configuration change at 08:49:30 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15..

service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address dhcp duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! .

The subnet for lease assignments is incorrect for the DHCP server pool.0 /24. ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ntp server 10.1. the correct subnet should be configured with network 10.1. .1. What command allows you to easily verify the lease assignments from the DHCP server? _________ Answers 1.1.1 end R2# _________ 2.

Request (from the client) 4. 2. Acknowledgement (from the server) Remember the key verification commands for DHCP.1.0/24 subnet are complaining that they cannot access Internet resources.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 . CramQuiz 1. DHCP clients in the 10. watch out for server or client misconfigurations because these will be the most common. Examine the configuration shown. Current configuration : 1312 bytes ! ! Last configuration change at 08:57:10 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15. Here are just some issues you should be aware of: Errors in router or switch configurations DHCP server configuration DHCP relay-agent configuration DHCP server scope configuration or software defect ExamAlert Although there are many possible errors in your CCNA exam. show ip dhcp server bindings There can be many issues to prevent proper DHCP connectivity. show ip dhcp binding is critical for the server... What is the most likely issue? Click here to view code image R1#show running-config Building configuration. Discover (from the client) 2. and show ip interface brief works well for the client. Offer (from the server) 3. The four steps of the DHCP process that must succeed for a successful DHCP lease are as follows: 1.1.

0 default-router 10.1.255.0 255.1 option 150 ip 10.1 10.255.1.1.255.1.1.1 255.255.1.! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ip dhcp excluded-address 10.2 ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.10 ! ip dhcp pool CCNAEXAMCRAM network 10.1.1.1.0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto .10.10.1.

The scope of addresses in the pool is not correct. The default gateway is incorrect. There are no DNS servers assigned to the clients. 2. There is no lease duration set. speed auto ! ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! ntp master 2 end R1# A. C. B. What is the second step of the four steps of the DHCP process? . D.

we have Network Time Protocol (NTP). Topic: Configure and verify NTP operating in client/server mode CramSaver 1.9 Configuring the NTP Master in the Network Click here to view code image R1#configure terminal Enter configuration commands.9 configures R1 to act as a reference clock source for the network. To automate this process. show ntp association It is critical for many reasons to have accurate time on your network devices. Notice we select a stratum value of 2. or at least linked to one. Discover CramQuiz Answers 1. This configuration is missing the assignment of DNS servers for the clients. End with CNTL/Z. Offer D. What command confirms your NTP client to server relationship in tabular form? _________ Answers 1. 2. You can think of stratum like a hop count from the authoritative reference clock source. Request C. A lower stratum value is preferred. The second step of the process is an offer. NTP uses the concept of a stratum value to gauge the accuracy of time values carried by NTP. C is correct. What command configures your Cisco router to be an authoritative reference clock source with a stratum of 3? _________ 2. ntp master 3 2. R1(config)#ntp master ? <1-15> Stratum number <cr> . A. Example 14. one per line. C is correct. EXAMPLE 14. Acknowledgement B. this time source should be an atomic clock. Ideally. NTP uses the transport layer protocol of UDP and port 123.

peer.951 * sys. Note how this allows us to easily verify our association with the configured NTP master device. ~ configured .127.1. EXAMPLE 14. Example 14. EXAMPLE 14. one per line. but these are not required at the CCNA level.7 68.1.1.10 shows this configuration. x falseticker. How do you configure an NTP client to receive the correct time from your NTP server (master)? The command is ntp server ntp-server-ip-address. End with CNTL/Z.11 shows one of them. Example 14.outlyer. # selected.1. R1(config)#ntp master 2 R1(config)#end R1# ExamAlert The default stratum value for the ntp master command is 8.10 Configuring the NTP Client Click here to view code image R2# R2#configure terminal Enter configuration commands. . R2(config)#ntp server 10.11 Verifying the NTP Configuration with Show NTP Associations Click here to view code image R2#show ntp associations address ref clock st when poll reach delay offset disp *~10. + candidate.1 R2(config)#end R2# ExamAlert There are several other NTP configuration options available (such as broadcasting NTP updates).1 127.784 40129. the show ntp associations command.1 2 0 64 275 19. There are two key commands for verifying NTP.1.

1 CramQuiz Answers 1.1 D. ntp client 10. The number of total NTP clients D. precision is 2**24 reference time is DA5E7147. What command configures your Cisco device as an NTP client of 10.1. stratum 3. peer dispersion is 5. A is correct. ntp 10. A measure of the proximity to the reference clock B.56CADEA7 (19:54:31.1. A key value for authentication C. ntp master 10.0986 msec. Topic: Configure. A measurement for the number of NTP queries per minute 2.1.1 C. and troubleshoot basic HSRP CramSaver .1 B. last update was 530 sec ago.1 nominal freq is 250. The ntp server command is used on a client.1.1? A.0000 Hz. 2.339 EST Thu Feb 4 2016) clock offset is 0.33 msec loopfilter state is 'CTRL' (Normal Controlled Loop).12 shows another frequently used verification option of show ntp status. EXAMPLE 14. ntp server 10.000000009 s/s system poll interval is 64. verify.1. root delay is 2.46 msec root dispersion is 16.1.0000 Hz. actual freq is 250. The stratum indicates how far a device is from the reference clock.1. R2# CramQuiz 1.1.1.12 Using Show NTP Status to Verify NTP Click here to view code image R2#show ntp status Clock is synchronized. What is a stratum in NTP? A. drift is 0.1.1.1.27 msec. R2# Example 14. C is correct. reference clock is 10.

1? _________ 2.10.10. 1. The HSRP routers communicate with each other every three seconds by default to ensure they are up.13 Configuring HSRP Click here to view code image R1# R1#configure terminal Enter configuration commands. R1(config)#interface gi0/1 R1(config-if)#standby 10 ip 10. and the others in the group are called standby routers. one per line. End with CNTL/Z.10.100 R2(config-if)#end R2# Verification is also simple. What command configures HSRP under an interface for group 10 with a virtual IP address of 10. End with CNTL/Z.10. Preemption The Hot Standby Router Protocol (HSRP) allows multiple default gateways to respond to clients and permit them access off of their LAN segment. Example 14.10.10.13 demonstrates the HSRP configuration on two routers connected to a LAN segment. EXAMPLE 14. standby 10 ip 10.14 demonstrates the use of the show standby command on R1. The device that forwards traffic is called the active router.10. The active router can respond to this virtual IP address and forward traffic.1 2.100 R1(config-if)#end R1# R2# R2#configure terminal Enter configuration commands. There is a dead timer of ten seconds. What feature would you use along with interface tracking in HSRP? _________ Answers 1. HSRP has each router (or even more than two devices) present a virtual IP address to the LAN segment. one per line. Example 14. .10. This technology was invented by Cisco Systems and is known as a First Hop Redundancy Protocol (FHRP). R2(config)#interface gi0/1 R2(config-if)#standby 10 ip 10.

0c07.ac0a Local virtual MAC address is 0000. one per line.10.100 Active virtual MAC address is 0000. End with CNTL/Z. priority 100 (expires in 9.10.10. EXAMPLE 14.15 demonstrates setting preemption (disabled by default) and setting the priority to immediately win the active role. The actual IP addresses on R1 and R2 are 10. last state change 00:02:03 Virtual IP address is 10.14 Verifying HSRP Click here to view code image R1# R1#show standby GigabitEthernet0/1 . the higher the priority is. Example 14. last state change 00:00:10 .10. This directly controls the active router assignment.2. The virtual IP address is our assignment of 10.100.10.1 and 10.10. respectively.ac0a (v1 default) Hello time 3 sec.0c07. hold time 10 sec Next hello sent in 0.10.10.Group 10 State is Active 2 state changes. R2(config)#interface gi0/1 R2(config-if)#standby 10 preempt R2(config-if)#standby 10 priority 120 R2(config-if)#end R2# *%HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 10 state Standby -> Active R2# R2#show standby GigabitEthernet0/1 .EXAMPLE 14.552 sec) Priority 100 (default 100) Group name is "hsrp-Gi0/1-10" (default) R1# Notice that R1 is the active router.2.304 secs Preemption disabled Active router is local Standby router is 10. The greater the priority number. Notice the default priority is in place of 100.10.15 Setting Preemption and Adjusting HSRP Priority Click here to view code image R2# R2#configure terminal Enter configuration commands.Group 10 State is Active 2 state changes.10.

640 secs Preemption enabled Active router is local Standby router is 10.ac0a (v1 default) Hello time 3 sec. What type of record is used in DNS for a mail server? A. HSRP is an example of a First Hop Redundancy Protocol.0c07. MX C.10. Review Questions 1. CramQuiz 1.1. such as VRRP and GLBP. show router hsrp C. 2. priority 100 (expires in 9. What does FHRP stand for? A. show hsrp D.552 sec) Priority 120 (configured 120) Group name is "hsrp-Gi0/1-10" (default) R2# ExamAlert Remember that HSRP is a Cisco proprietary FHRP! There are other standards- based protocols. Virtual IP address is 10. A is correct.ac0a Local virtual MAC address is 0000. hold time 10 sec Next hello sent in 0. Use show standby for the HSRP verification. NS D.0c07. show fhrp hsrp CramQuiz Answers 1. First Hop Routing Protocol D.10. What command permits the verification of your HSRP configuration? A. First Hop Redundancy Protocol B. A is correct. CNAME . SOA B. First HSRP Router Protocol C.100 Active virtual MAC address is 0000.10.10. show standby B. Final Hop Routing Protocol 2.

1.168. network 192. ip dhcp relay-agent B.com/hsrp .0 /24 D. subnet 192. What command configures HSRP preemption for group 10? A. 2. B is correct. NTP D. 2.1.255. DNS C.168. which is successful. standby 10 preempt B. DHCP 3. hsrp preempt group 10 Answers to Review Questions 1. What command configures a DHCP relay-agent? A.ajsnetworking.1. Additional Resources Configuring a Cisco Router as a DHCP Server —http://www. What command sets the DHCP scope to 192. ip helper-address 5. we use ip helper-address. WINS B. scope 192.ajsnetworking.168. ip forward-address D.0 4. standby preempt group 10 C. To configure a relay agent. What has been verified? A. D is correct. 3. Your junior network admin issues a ping to www. DNS name resolution has been verified.0 255. 4. The simple command is standby 10 preempt.0/24? A.1.0 /24 B. A is correct. The MX record is for a mail server.168.com. B is correct.ajsnetworking.1.cisco. addresses 192.com/dhcp-server Network Time Protocol—http://www. 5.168.0 C.255. B is correct.com/network-time- protocol HSRP Configuration—http://www. The network command sets this. ip dhcp relay-agent enable C. hsrp 10 preempt D.

NTP. DHCP. what is the pool used for? _________ 3. If you are in doubt at all—read EVERYTHING in this chapter! 1. NAT? _________ 2.1. dynamic NAT. Infrastructure Services: NAT This chapter covers the following official CCNA 200-125 exam topic: Configure. also exists in this grouping.0/24 is the inside segment. 10. Essential Terms and Components NAT Source NAT Static NAT Unidirectional NAT Bidirectional NAT NAT Pools Dynamic NAT PAT Topic: Configure. Examine the topology and configuration shown. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. 10.1) cannot trigger a NAT translation on R2 when pinging R3.Chapter 15. and troubleshoot inside source NAT CramSaver If you can correctly answer these CramSaver questions. What are four issues with the NAT configuration on R2? _________ . this is just a section of the Infrastructure Services area.2. which deals with DNS. R1 (10.2. verify.1. The configuration should also permit PAT if needed. Remember.2. or one-way.0/24 is the outside segment. With inside source. What is a classic example of using unidirectional. verify.2. and troubleshoot inside source NAT This chapter ensures you are ready for the aforementioned topic from the Infrastructure Services section of the overall exam blueprint from Cisco Systems. and HSRP. Chapter Fourteen.

. _________ _________ _________ Click here to view code image R2# R2#show running-config Building configuration.. Current configuration : 1406 bytes ! ! Last configuration change at 16:00:36 UTC Sun Aug 28 2016 ! upgrade fpd auto version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! .

100 no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper .ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.0.1.2 255.0 ip nat outside ip virtual-reassembly ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 10.1.0.1.2.2 255.255.2.255.2.0 ip nat inside ip virtual-reassembly ! ! interface FastEthernet1/0 ip address 10.2.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 10 interface FastEthernet0/0 ! access-list 1 permit host 10.255.1.255.1 access-list 1 permit host 10.

3. The NAT statement is missing the overload keyword. A private IP address must be converted to a public IP address for proper communication on the public Internet. Specifically. but devices on the public network cannot initiate a connection with a device on the inside network. notice the CCNA exam focus is very specific to inside source NAT. The NAT pool is used to specify the outside addresses to be used in the translation. The access-list is specifying the incorrect internal device. To allow many private IP addresses on an inside network to dynamically access public IP addresses on an outside Internet network. we are taking inside devices and translating the source IP address for public communication. ExamAlert Unidirectional NAT. or one-way NAT. The inside and outside interface commands are reversed. Although there are many different variations of NAT. The incorrect list is specified in the NAT statement. If you configure NAT to permit connections initiated from the Internet . the inside source IP address must be converted to one that is valid on the Internet. 2. shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R2# Answers 1. The RFC 1918 address space we reviewed in our chapter on IPv4 addressing helped delay the depletion of IPv4 address space. But private addresses that aren’t routable over the Internet necessitated another change—the introduction of Network Address Translation (NAT). Again. permits devices on the inside to initiate connections and communicate to devices on the public network.

1 10.3).1.2. Figure 15.1.1 Configuring Inside Source Static NAT Click here to view code image R2# R2#configure terminal Enter configuration commands. as well.1.0/24 is the inside segment. we ping from R1 (10. This bidirectional translation would allow initial connections to be sourced by devices on the inside or outside.2.10.1. ip nat outside: Configures the outside interface for the device and enables NAT there. This creates the translation on R2 that we can view with show ip nat translation.1.2.1.100 R2(config)#end R2# Notice the commands this configuration requires: ip nat inside: Configures the inside interface for the device and enables NAT there.2.2.1 is the source IP address from the inside for translation and 10.1.0/24 segment. Next. The first approach we examine is static NAT.1. We are now ready for the configuration shown in Example 15. End with CNTL/Z. Static NAT has you configure a manual mapping from an inside address to an outside address. EXAMPLE 15. For verification of this configuration.2.2.1 10. you are configuring bidirectional NAT.2. FIGURE 15.100 is the new source IP address for the translated packet. ip nat inside source static 10. Example .1.2. We will pretend that is the 10. one per line. R2(config)#interface fa1/0 R2(config-if)#ip nat inside R2(config-if)#exit R2(config)#interface fa0/0 R2(config-if)#ip nat outside R2(config-if)#exit R2(config)#ip nat inside source static 10.1 The NAT Topology The configuration begins by identifying the inside network.1) to R3 (10.1.100: Provides the static instructions for translation. identify the outside segment.1. We will pretend the outside network is the 10.1 shows the topology used in our example.2.

2.1.3:0 --.1.1.10. In addition to static NAT.100 actually maps to the device at 10. ExamAlert A simple method to check for NAT configurations in a running configuration is to use show run | include nat.1.3 Type escape sequence to abort.100 in our topology! This is because when the traffic returns to R2 (the NAT device).2.15. The inside local source address of 10.2.1.1 --.1.2.2.100.1.1:0 10. --- R2# Notice from the output that our exact NAT instructions were followed. EXAMPLE 15. Note that all previous NAT commands have been removed from R2 before Example 15.2. Sending 5.3 demonstrates this new configuration on R2 from our topology in Figure 15.1. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).1.2.1.1. and it replaces the original source address.1.100 10.1.100:0 10.1.1.1.3:0 10.3 is presented.1. there is also dynamic NAT. This returns any commands including the term NAT.1.2 Verifying the Inside Source Static NAT Configuration Click here to view code image R1# R1#ping 10. Note It is interesting that the ping succeeds since there is no device with the IP address of 10.3 Configuring Inside Source Dynamic NAT Click here to view code image .1.2 demonstrates this.1 was translated to global address of 10. it sees that 10. 100-byte ICMP Echos to 10. EXAMPLE 15.3. Example 15. round-trip min/avg/max = 200/221/244 ms R1# R2# R2#show ip nat translation Pro Inside global Inside local Outside local Outside global icmp 10.1.2.

which is the first address in the pool.2.1.2.1.100 10. ip nat inside source list 1 pool MYNATPOOL: The NAT instructions that tie the access list to the NAT pool we created. The IP address on the outside interface can even be used. For example. also sometimes termed NAT overloading. Of course.100 R2(config)#ip nat pool MYNATPOOL 10.1.1. all previous NAT configurations have been removed.0 R2(config)#ip nat inside source list 1 pool MYNATPOOL R2(config)#end R2# Notice what is unique about this configuration: access-list 1: This access list defines the inside source addresses that can be translated.1.255. Here we permit many inside devices to communicate on the outside network using the single public address on the outside address. A ping from R1 to R3 results in the translation of 10.255.2.1 to 10. Example 15.2. if there were another host on the inside network at 10.1.1.1. it could translate to 10.100.2. one per line.2.100.2. ip nat pool MYNATPOOL: This NAT pool defines the starting IP address and ending IP address to which R2 will translate the source address.4 The Inside Source Dynamic PAT Configuration Click here to view code image R2# R2#configure terminal . EXAMPLE 15.1. R2(config)#interface fa1/0 R2(config-if)#ip nat inside R2(config-if)#exit R2(config)#interface fa0/0 R2(config-if)#ip nat outside R2(config-if)#exit R2(config)#access-list 1 permit 10. R2# R2#configure terminal Enter configuration commands. But even inside source dynamic NAT is not the most popular form of NAT! What is then? It is Port Address Translation (PAT). this time there is a dynamic element to the translation. Verification is identical to the output shown in Example 15.101 netmask 255.2.4 shows this configuration based on the topology shown in Figure 15.1 R2(config)#access-list 1 permit 10.2. How is this possible? It is a result of unique port numbers being assigned to each translation entry. Again. End with CNTL/Z.100. and this device were to communicate first across the R2 device.

1.1.2.2. Sending 5.2.2:2 10.1.1 is translated to 10.2. Example 15. EXAMPLE 15. Enter configuration commands.3 Type escape sequence to abort. one per line.1.5 shows the verification.2. The IP address on R2 fa0/0 is 10.100 R2(config)#ip nat inside source list 1 interface fa0/0 overload R2(config)#end R2# What is unique about this configuration from inside source dynamic NAT? Not much.3:2 R2# Notice this time R1’s source address of 10.1. R2(config)#interface fa1/0 R2(config-if)#ip nat inside R2(config-if)#exit R2(config)#interface fa0/0 R2(config-if)#ip nat outside R2(config-if)#exit R2(config)#access-list 1 permit 10. Other inside hosts could translate to this same address.1. This is also the common configuration of NAT in home networks today. This type of configuration and functionality is the one that helped hold off the public IPv4 address shortage.3. really. 100-byte ICMP Echos to 10. What about NAT troubleshooting? What can commonly go wrong? Here are some .1:2 10. This instructs NAT to translate source addresses to the IP address that is on the physical outside interface and allow it to be used over and over again for the source address translation of multiple inside devices.5 Verifying the Inside Source Dynamic PAT Configuration Click here to view code image R1# R1#ping 10. Notice the ip nat inside source command now specifies the interface fa0/0 overload. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). End with CNTL/Z.1.2.2.1.3:2 10.2.1.1. round-trip min/avg/max = 200/221/244 ms R1# R2# R2#show ip nat translation Pro Inside global Inside local Outside local Outside global icmp 10.2.1.1.1 R2(config)#access-list 1 permit 10.1.1.2.

To ensure that multiple inside addresses can translate to a single outside address D. With static inside NAT. that the IP address is constructed properly and matches the appropriate source addresses for translation. Synchronous C. One-way and unidirectional NAT terms are used interchangeably. CramQuiz 1. To translate a single specific inside address to a single specific outside address C. To increase the visibility possible with Internet connections 2. With PAT. Incorrect assignment of inside versus outside interfaces. One-way B. To allow the RFC1918 private address space to communicate on the internet C. With dynamic NAT.important things to watch out for: Failure to assign NAT inside and outside interfaces. 3. What is another name commonly used for unidirectional NAT? A. B is correct. specific inside address to a single. that the overload keyword is not forgotten. Dual D. To increase the number of possible IP v4 addresses B. To secure private networks from outside attackers D. The primary motivation for NAT was to allow RFC1918 addresses to be used on inside network while providing them with Internet connectivity. 2. To ensure the destination IP address remains unchanged during translation B. specific outside address. Inside source static NAT translates a single. that the ip nat inside source static command lists the inside and outside addresses in the correct order. What was the main motivation for NAT? A. A is correct. . To pull inside addresses for translation from a pool of addresses 3. What is the purpose of static NAT? A. B is correct. Static CramQuiz Answers 1.

Examine the following command: ip nat inside source list 1 interface fa0/0 overload. 2. 3. The IP address on the interface specified here is the inside global address. The ip nat inside command identifies the inside NAT interface. show nat usage C.A. Additional Resource What Is N. D is correct. The show ip nat translation command allows you to see all of the translations currently on the device. inside D. The address in access-list 1 D.ajsnetworking. nat inside B. ip nat inside 2.com/nat-2 . What command allows you to view the NAT translations at the CLI? A. The virtual address on interface fa0/0 C. A is correct. (Network Address Translation) —http://www. The address in the NAT pool named interface Answers to Review Questions 1. What command identifies the inside NAT interface? A. nat ip inside C. What is the inside global address for translation? A. show nat all 3. show nat statistics D. A is correct. The IP address on interface fa0/0 B. show ip nat translation B.T.Review Questions 1.

Part 6 includes the following chapters: CHAPTER 16 Infrastructure Security: Access Layer Security. Part VI: Infrastructure Security This part of the text deals with one of the seven overall sections you must master for the CCNA exam. There are more attacks from a wider variety of attackers than ever before. AAA CHAPTER 17 Infrastructure Security: ACLS CHAPTER 18 Infrastructure Security: Device Hardening . Security has become one of the main areas of focus for networking today. There are three chapters total that make up Part 6. These chapters prove critical for your success in modern networks.

name the resulting port-security mode. violation action. These other chapters deal with ACLs and device hardening. and troubleshoot port security Describe common access layer threat mitigation techniques Describe device security using AAA with TACACS+ and RADIUS This chapter ensures you are ready for the preceding topics listed from the Infrastructure Security section of the overall exam blueprint from Cisco Systems. . Remember.Chapter 16. and maximum number of MAC addresses permitted.1x DHCP Snooping TACACS+ RADIUS Topic: Configure. Chapters Seventeen and Eighteen also exist in this grouping. If you issue the single switchport port-security command. Infrastructure Security: Access Layer Security. AAA This chapter covers the following official CCNA 200-125 exam topics: Configure. Notice the CramSaver is also broken down by section. Essential Terms and Components Port Security Static Port Security Dynamic Port Security Sticky Learning Maximum MAC Addresses Port-Security Violation Actions errdisable recovery 802. verify. so perhaps you just need to review a certain area. verify. this is just a section of the Infrastructure Security area. If you are in doubt at all— read EVERYTHING in this chapter! 1. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. and troubleshoot port security CramSaver If you can correctly answer these CramSaver questions.

1. and the maximum MAC addresses is 1. 3. Switch(config)#interface gi0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show port-security interface gi0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 . wouldn’t it be nice if you could ensure the correct device connects to a switch. 2. one per line. Sticky learning. Let us enable port security on a switch port and observe the results as demonstrated in Example 16. show port-security interface gi0/1 Here is one of those straightforward security ideas! If the switch is excellent about transparently learning MAC addresses. EXAMPLE 16. and no one else with a different MAC address is allowed to connect? This and more is possible with port security. the correct MAC address is learned by the switch. What command allows you to verify the port-security settings of the Gi0/1 interface? _________ Answers 1.1 Configuring and Verifying Port Security Click here to view code image Switch#configure terminal Enter configuration commands. End with CNTL/Z. _________ 2. The mode is dynamic port security. the violation action is Shutdown. What form of port security combines aspects of dynamic learning with static learning? _________ 3.

Protect is so lame that Cisco recommends you not use it. the switch port port-security command cannot be entered. Notice the default Maximum MAC Addresses permitted on the interface is 1. and Protect is the least. This configures a basic and default dynamic port-security configuration. There are three options here we may configure. So. and no other MAC addresses are permitted. in this very basic configuration. Restrict. Shutdown is the most severe. The status indicates Secure-up. This time we engage in static port security. Shutdown is very severe indeed. only 1 MAC address is dynamically learned on the interface. You remember them using the order of the alphabet—Protect.0000:0 Security Violation Count : 0 Switch# Notice how simple a basic configuration is! Notice the port must be in access port mode. and know them well! Example 16. offending MAC addresses are blocked from speaking on the port.2 provides a very different configuration. As an administrator. Let us examine some important sections of the show port-security interface output: Notice first that port security is indeed enabled for the interface we are examining. The Port-Security Violation Mode (Action) is the default of Shutdown. With Protect. you must manually re- enable the port after correcting the security problem. but the administrator is never notified. and Shutdown. EXAMPLE 16. Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000. Restrict blocks offending MAC addresses and notifies the admin.2 Configuring Static Port Security Click here to view code image Switch#configure terminal .0000. If this is not in place. or you may use the errdisable recovery command to cause the port to emerge from the error condition automatically after some time passes. meaning that port security is functioning and the port is not disabled due to a security violation. Notice that this default configuration would cause a massive problem in a VoIP environment because there would be no room on the port for a Cisco IP Phone’s MAC address. An offending MAC address causes the entire interface to disable. Notice also that a basic configuration involves the one simple command. ExamAlert Know these defaults of the basic port security configuration for the exam. That is the first task.

I am not either.” I am betting you are not a huge fan of running around your network recording MAC addresses for your devices. Then things get really secure! We provide the exact MAC addresses expected. The idea here is that you physically inspect that the correct systems are connected to your switches. ExamAlert Notice something interesting about this configuration. The “static” entries are dynamically inserted in the configuration for you! All you need to do as the administrator is save the running-configuration to the startup-configuration. Enter configuration commands.3e20. First. Then we actually enable port security. End with CNTL/Z. we quickly indicate that two MAC addresses are permitted.3e20.3e20. You then enable port security with the sticky learning feature. This is what makes the configuration static.aabb Switch(config-if)#switchport port-security Switch(config-if)#end %SYS-5-CONFIG_I: Configured from console by console Switch#show port-security interface gi1/0 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 2 Sticky MAC Addresses : 0 Last Source Address:Vlan : fa16. It is very easy to forget this last and critical step! This is one reason verification is always mandatory following your configurations. we set all of the port security parameters. We must set the port to access mode. Switch(config)#interface gi1/0 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security maximum 2 Switch(config-if)#switchport port-security mac-address fa16. both in the exam and in the “real world. Thankfully. It has the one of the most colorful names in all of Cisco networking—it is sticky learning.58f1:1 Security Violation Count : 0 Switch# Notice this configuration begins exactly the same as a dynamic configuration. there is a nice combination approach to dynamic and static port security.58f1 Switch(config-if)#switchport port-security mac-address fa16. . one per line. This time.

switchport mode secure D.0000. Protect . Error D. switchport data enable 2.3 Configuring Sticky MAC Address Learning Click here to view code image Switch#configure terminal Enter configuration commands. Restrict B. switchport mode access C. What command precedes the switchport port-security command typically? A. one per line. switchport port-security enable B.3 demonstrates this configuration.0000:0 Security Violation Count : 0 Switch#copy running-config startup-config Switch# CramQuiz 1. What violation mode does Cisco not recommend? A. Switch(config)#interface gi0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security maximum 2 Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#switchport port-security Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#show port-security interface gi0/2 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 2 Configured MAC Addresses : 2 Sticky MAC Addresses : 2 Last Source Address:Vlan : 0000. End with CNTL/Z. Shutdown C. EXAMPLE 16.Example 16.

errdisable recovery C. DHCP snooping is an excellent security feature that examines DHCP messages exchanged in your network for their validity. which is known as “EAP over LAN” or EAPoL. This means that DHCP servers must be configured off certain ports and then explicitly trusted on these ports. What feature prevents against rogue DHCP servers? _________ Answers 1. B is correct. . B and C are correct. What is a common authentication set of standards for the LAN or WLAN? _________ 2.1x 2. D is correct. You can have automatic recovery with errdisable recovery. Manual recovery D. ExamAlert IEEE 802.1X uses Extensible Authentication Protocol (EAP) over IEEE 802. Cisco does not recommend the Protect mode as it does not alert the administrator of any violation. Port Security Auto Recovery B. all ports are untrusted. or you can manually recover from the situation.) A. By default. What are two options for recovering from an error disabled port due to port security? (Choose two. There are two DHCP trust states for every port—trusted versus untrusted. 2. The switchport mode access command typically must precede switchport port-security as the port cannot be dynamic. 802. DHCP Snooping 802. It provides a very flexible authentication mechanism to devices wishing to attach to a LAN or WLAN. Topic: Describe common access layer threat mitigation techniques CramSaver 1. 3. 3. Port Security Disable CramQuiz Answers 1.1X is an IEEE Standard for port-based Network Access Control (NAC).

What does EAP stand for? A. What is the default DHCP snooping port state when the feature is enabled? A. as you know. Permitted D. Untrusted C. This presents security risks because this VLAN is not tagged and can fall prey to various security attacks. Extensible Authentication Protocol B. TACACS+ 2. The default state is untrusted. Trusted B. Disabled 2. Topic: Describe device security using AAA with TACACS+ and RADIUS CramSaver 1. B is correct.DHCP snooping provides the following benefits: Rogue DHCP servers are not permitted. Every Access Person D. EAP stands for Extensible Authentication Protocol. A is correct. DHCP database exhaustion attacks are prevented. IP address to MAC address security information can be maintained. Extended Authorization Protocol C. 2. Extended Access Permit CramQuiz Answers 1. What AAA security protocol communicates from network devices to a central security server using UDP? _________ Answers 1. What AAA security protocol communicates from network devices to a central security server using TCP? _________ 2. CramQuiz 1. RADIUS . The default native VLAN is 1.

but it is secure? . and accounting functions. What security protocol is often used to authenticate administrators against a Cisco device? A.Chapter 18 discusses AAA to complete local authentication on a Cisco device. The communication protocol between Cisco devices and this central server is often TACACS+ or RADIUS. whereas RADIUS is often the protocol used for authentication of users communicating through the Cisco device. whereas TACACS+ uses the AAA architecture. What security protocol does not encrypt the entire body of the packet? A. CramQuiz 1. RADIUS combines authentication and authorization. A is correct. whereas TACACS+ encrypts the entire body of the packet. ExamAlert TACACS+ is often the security protocol used for authenticating administrators logging in to a Cisco device. STP 2. from the client to the server. What is the port status when there is no issue with the port. 2. Understand that in larger enterprises. which separates authentication. TACACS+ is often the protocol for authentication of administrators. VTP D. B is correct. authorization. AAA with a central security server is often utilized. VTP D. RADIUS B. RADIUS encrypts only the password in the access-request packet. In addition to the preceding ExamAlert. it is important that you understand other key differences between TACACS+ and RADIUS. Review Questions 1. TACACS+ C. RADIUS encrypts only the password in the access-request packet. RADIUS B. STP CramQuiz Answers 1. from the client to the server. TACACS+ C. These differences include: RADIUS uses UDP. whereas TACACS+ uses TCP.

The command is switchport port-security maximum 4.bbbb. C is correct. switchport port-security mac-address aaaa. B is correct. Secure-up D. What protocol often performs the authentication of users communicating through a Cisco device for network access? A. Telnet D. 3. 2 C. Locked-safe 2. TACACS+ C.bbbb. . set port-security mac-address aaaa. switchport port-security maximum 4 C. 10 5. What command creates a static entry for aaaa. The state is Secure-up. RADIUS is often the security protocol used for client access through a Cisco device. 4. The command is switchport port-security mac-address aaaa. switchport port-security aaaa. What command sets the maximum MAC addresses permitted to 4? A. A is correct.cccc D.bbbb.cccc B. 2.bbbb. Shutdown-up C. 0 D. 5. RADIUS B. switchport port-security 4 3. switchport port-security maximum mac-address 4 D. B is correct. set port-security max mac-address 4 B. A.bbbb. Enabled-up B. The default native VLAN is VLAN 1.cccc 4. What is the default native VLAN? A. A is correct. 1 B.cccc.bbbb.cccc? A. switchport port-security address aaaa. SSH Answers to Review Questions 1.cccc C.

Additional Resources CAM Table Overflow Attack—http://www.ajsnetworking.ajsnetworking. and SSH—https://youtu.be/u484rv6r-eI . TACACS+.com/cam-table- overflow-attack Learn DHCP Snooping Here—http://www.com/learn-dhcp- snooping-here AAA.

Chapter 17. and device hardening. Essential Terms and Components Access Control List (ACL) Numbered ACL Named ACL Standard ACL Extended ACL Access Control Entry (ACE) Wildcard (Inverse) Mask Implicit Deny All APIC-EM Path Trace ACL Topic: Configure. Remember. and troubleshoot IPv4 standard numbered and named access list for routed interfaces This chapter ensures you are ready for the listed topic from the Infrastructure Security section of the overall exam blueprint from Cisco Systems. Layer 2 security. Infrastructure Security: ACLs This chapter covers the following official CCNA 200-125 exam topics: Configure. The topics covered in Chapters Sixteen and Eighteen also exist in this grouping. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. this is just a section of the Infrastructure Security area. Examine the topology and configurations shown. If you are in doubt at all—read EVERYTHING in this chapter! 1. and troubleshoot IPv4 standard numbered and named access list for routed interfaces CramSaver If you can correctly answer these CramSaver questions. What are the ranges possible for a standard numbered access control list (ACL)? _________ 2. verify. What is implied at the end of every ACL? _________ 3. These other chapters deal with AAA. Why is R3 unable to . verify.

.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! . _________ Click here to view code image R1#show running-config Building configuration. Current configuration : 1296 bytes ! ! Last configuration change at 17:41:54 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15. ping R1? Be as specific as possible..

255 access-list 1 permit 10.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! access-list 1 permit 10.1.0 0.1.0 ip access-group 1 in duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 10.0 0.2.255.! ! interface FastEthernet0/0 ip address 10.1 255.0.0.0.0.2.255 no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! .0.2.0.255.2.

! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R1# R2#show running-config Building configuration...0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! . Current configuration : 1281 bytes ! ! Last configuration change at 17:28:48 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15.

2 255.2.255.1.3 access-list 1 permit any no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! .0.2.! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.0 ip access-group 1 in ! ! interface FastEthernet1/0 ip address 10.1.0 duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 10.255.255.1.2 255.255.1.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! access-list 1 deny 10.0.

0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! .! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R2# R3#show running-config Building configuration. Current configuration : 1194 bytes ! ! Last configuration change at 17:25:44 UTC Fri Aug 26 2016 ! upgrade fpd auto version 15...

0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 10.0.1.! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface FastEthernet0/0 ip address 10.255.255.3 255.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! .1.

10.0/24 destined for network 192. _________ Answers 1. Use ACL 101.0. a specific usage is explored per the exam objectives. 4. There is an inbound ACL on R2 Fa0/0 explicitly denying R3 source traffic. access-list 101 permit tcp 10. An implicit deny all ends an ACL. In this chapter.0. If . ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R3# 4. 2.0 0. that permits Telnet traffic sourced from a server on network 10. There are also two types of ACLs you need to be aware of—standard and extended. Here we examine applying ACLs as a security filter to a routed interface.168.1.255 eq 23 192. Create a numbered access control list entry (ACE).10.0/24. Numbered standard ACLs use 1–99 or 1300–1999.168.0.1.0.10.255.10. Here is a breakdown of each: Standard ACLs: These lists can be named or numbered to identify them. Access control lists (ACLs) are powerful methods of identifying traffic.0 0. 3.

This eliminates entries such as access-list 1 permit 0.16.16.16.1. and any value can appear in the fourth octet. Notice the use of the keyword host in Example 17.1. Typing access-list 1 permit any is much easier.0.0.0. in the entry access-list 1 permit 172. you must use 1–99 or 1300–1999.1 shows an example of the construction of a standard ACL that would function as desired if properly assigned to a routed interface (this configuration is demonstrated later in this topic).255. you must have at least . Because there is such a vast amount of filtering criteria. when using an ACL as a routing interface filter.255.255 R1(config)#end R1# Notice in this example the more specific entries are located above the more general entry so the desired effect of blocking these two specific host source addresses would be achieved by the filter.0 0.0. As a result of this very limited matching criteria. This eliminates the requirement of the longer entry of access-list 1 deny 172.255.1 Building a Standard Numbered ACL Click here to view code image R1# R1#configure terminal Enter configuration commands. and specific port numbers. ExamAlert All ACLs end with an implicit deny all entry that we cannot see.1.0. extended ACLs be placed as close to the source of traffic as possible.0 255.100 0. End with CNTL/Z. For this reason.0.16.1.16. in general. This functions as the opposite of a subnet mask.0. So.0. Example 17.1. The order of these entries is critical because packets are processed in a top-down fashion with a match resulting in the processing of the permit or deny action and the termination of further processing.1 portion of the address. Extended ACLs: These lists can be named or numbered. EXAMPLE 17. R1(config)#access-list 1 deny host 172.101 R1(config)#access-list 1 permit 172. Standard ACLs can only match on source IP address. Entries in an ACL are called access control entries (ACEs). Cisco recommends that. protocol type.16.255.100 R1(config)#access-list 1 deny host 172. we match on the 172. in general. Cisco recommends that. you must use 100–199 or 2000–2699. standard ACLs be placed as close to the destination of your filtering as possible. Extended ACLs can match on a wide variety of criteria including source and destination IP addresses. one per line.0. numbered.1. If numbered. Another shortcut keyword we use frequently is any.0 0. Notice also the use of a wildcard (or inverse) mask in an access control list.

255 R1(config-std-nacl)#permit 192.168.0.255 R1(config-std-nacl)#end R1# Well-constructed ACLs are wonderful. End with CNTL/Z.0. one per line.1.0.255 R1# Note You see from this output that the Cisco router numbers the entries for you even though you did not specify line numbers during the ACL’s construction.10.2.16. Notice also in Example 17. The IOS adds an entry by descending order of the IP address. Many times you will see an entry of deny any log to end an ACL. followed by line 10.1.255.1 would be denied as a result of this implicit deny all entry that truly ends this ACL. R1(config)#ip access-list standard MYACL R1(config-std-nacl)#deny 10.0 0. wildcard bits 0.16. doesn’t negatively impact the results of the ACL created. EXAMPLE 17.255.0.100 30 permit 172. one permit statement. This makes it easier for you to potentially edit an ACL layer.0.1 that traffic sourced from 10.1. but they’re useless as routing filters unless they .1. and then 30). This is because the administrator wants to track how many packets are reaching the end of the ACL! Verifying the creation of your ACL is simple.2 Verifying a Standard ACL Click here to view code image R1# R1#show access-list Standard IP access list 1 20 deny 172.16. Example 17.0. The order shown in the output (with line 20 first.101 10 deny 172.0 0.3 demonstrates the configuration of a standard named ACL. as you can see in Example 17.0.3 Configuring a Standard Named ACL Click here to view code image R1# R1#configure terminal Enter configuration commands.10. EXAMPLE 17.

5. So even if you place an ACL outbound on an interface.are applied to an interface. End with CNTL/Z. that ACLs can filter. line protocol is up Internet address is 10. EXAMPLE 17. Notice how you must assign the filter for inbound traffic or for outbound traffic on the interface.4. Remember.5 Verifying ACL Interface Assignment Click here to view code image R1# R1#show ip interface fa0/0 FastEthernet0/0 is up. the ip access-group command is key regardless of named or numbered ACL assignment. one per line. ExamAlert By default. as demonstrated in Example 17. Example 17.4 Assigning Standard ACLs to Interfaces Click here to view code image R1# R1#configure terminal Enter configuration commands.255. Is there a verification command you can use to see if an ACL is applied to an interface (other than show run. EXAMPLE 17.1/24 Broadcast address is 255. R1(config)#interface fa0/0 R1(config-if)#ip access-group 1 in R1(config-if)#exit R1(config)#interface fa1/0 R1(config-if)#ip access-group MYACL out R1(config-if)#end R1# As shown in Example 17. by default this ACL does not impact local router generated packets such as routing protocol updates.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set .1.4 demonstrates the assignment of numbered and named ACLs to interfaces. it is other devices’ routed traffic. of course)? There is. moving through a router.1. an ACL does not impact traffic generated by the local router.255.

1.3 (10 matches) 20 permit any R2# ExamAlert Even though this topic deals with the specific case of ACLs used as filters. EXAMPLE 17.6 shows this.6 The Use of show access-list for Verification of Matches Click here to view code image R2# R2#show access-list Standard IP access list 1 10 deny 10. Inbound access list is 1 Proxy ARP is enabled Local Proxy ARP is disabled … Here. Thanks to extended access control lists.7 demonstrates the configuration of an extended ACL. including the following: Source IP address Destination IP address Protocol Source port Destination port Example 17. you actually revisit ACLs in Chapter 15.1. As stated earlier. “Infrastructure Services: NAT.5 is great. the show ip interface command verifies that there is an inbound access list set numbered 1. not filter it.” which deals with NAT. Notice the matches are being logged. what about verifying that an ACL is actually filtering traffic? This is possible with the show access-list command after the filter is assigned to an interface. EXAMPLE 17. Example 17.7 Configuring an Extended ACL Click here to view code image R1# . Although Example 17. there are many parameters you can match. In the case of NAT. Notice that I trimmed the rest of this command’s output for brevity’s sake. ACLs are used to simply identify traffic. there are many additional uses for ACLs that are not covered in CCNA.

168.0 access-list 1 permit 192.0 access-list 1 permit 192.255 192.168.255 eq ftp R1# ExamAlert One very interesting blueprint element in this section is the APIC-EM Path Trace ACL Analysis Tool.1.168.168.0.255 eq 80 R1(config)#access-list 101 permit tcp 10. access-list 1 permit 192.10.10. access-list 1 deny 192.0.168.255 eq www 30 permit tcp 10.0.10.0.0 0.0. This is often tricky in an SDN-style network because there are multiple levels of virtualization in place.255 192. End with CNTL/Z.1.0.10.0.0.0.0 0. What ACL correctly denies traffic from 192.0 0.0.0.0 0.1.0.1.0 0.0.1.1.255 192.10.10.0 0. “Infrastructure Management: Network Programmability” covers Cisco SDN and the APIC-EM for you in more detail.10.0 0.0.0 0.255 eq telnet 20 permit tcp 10.0.10. one per line.168.1.1 while permitting all other traffic? A.0.0 0.0 0.255 eq 21 R1(config)#interface gi0/1 R1(config-if)#ip access-group 101 in R1(config-if)#exit R1(config)#exit R1# R1#show access-list Extended IP access list 101 10 permit tcp 10. Chapter 24.255 192.0.1.0.255 eq 23 R1(config)#access-list 101 permit tcp 10.168.0.0.255 B.0. The APIC-EM Path Trace ACL Analysis Tool permits the APIC-EM to discover a network topology and then synthetically predict how traffic will flow (or be blocked) as it travels through the network.168.0.255 .0.0 0.1.0 0.10. R1#configure terminal Enter configuration commands.10.0. R1(config)#access-list 101 permit tcp 10.0.0 0.0.10.0.10.168.0.1.168.168.255 192.0.0. CramQuiz 1.10.0 0.255 192. This tool is used in the Software Defined Networking APIC-EM technologies from Cisco Systems.1.10.0.0.

eq is used to match port numbers.0. Port C. C is correct. D is correct.168. Your ACL is not a traffic filter. D. The show access-list command displays matches once the filter is in place. access-list 1 deny 192. What field can a standard ACL filter on? A. C.1 and then permits all other traffic. This entry denies 192. access-list 1 permit any access-list 1 deny host 192.0. show access-list hits D. Review Questions 1. show ip interface B.10. Protocol B.168. Source IP 2. You are matching a port or ports. 3.0. You are using a standard ACL in place of an extended ACL. show access-list 3.1. What command would you use to see the matches that an ACL would have? A.1 2.0 access-list 1 permit any D.0. 2. entry 4. C. Dest IP D. device B. 4. You are only using one ACE in the ACL. system C.168. What does eq indicate in an ACL? A. Why might deny any log appear at the end of an ACL? . CramQuiz Answers 1.0. D is correct. The host keyword allows you to eliminate the wildcard mask entry of 0. A is correct. show ip interface brief C.1. B. What keyword can you use in place of a four-zeroes wildcard mask? A.1. host D.

ip-access bind in|out C. What command permits you to verify that an access list is assigned to an interface in a specific direction? A. 2. The ip access-group command is what we use. This is matched before the implicit deny all. 4. show access-list assign Answers to Review Questions 1. We use show ip interface to verify assignment of ACLs to interfaces. A is correct. 3. An explicit deny all is used for tracking entries that match the end of the list.ly/2d2SC3P . D. 3. show access-list interface C. What command assigns a standard ACL for filtering on an interface? A. D is correct. ip-access track in|out 4. A standard ACL can filter on source IP address only. To ensure fast packet processing. ip-access group in|out B. It is required as the final ACE. Additional Resources Configuring Standard ACLs on Cisco Routers —http://www. C. ip-access assign in|out D. A. To send emails to security team members. B. show access-list B. A is correct. show ip interface D. To track traffic matching no previous ACL entries.ajsnetworking. C is correct.com/standard-acls Configuring IP Access Lists—http://bit.

and troubleshoot basic device hardening This chapter ensures you are ready for the listed topic from the Infrastructure Security section of the overall exam blueprint from Cisco Systems. _________ 2. Infrastructure Security: Device Hardening This chapter covers the following official CCNA 200-125 exam topics: Configure. What password is used for backward compatibility with very old Cisco devices? _________ 3. and troubleshoot basic device hardening CramSaver If you can correctly answer these CramSaver questions. If you are in doubt at all—read EVERYTHING in this chapter! 1. What command can you use to place a weak hashing on the clear text passwords in a configuration? _________ 4. this is just a section of the Infrastructure Security area. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What two parameters must be set before you generate an RSA key for . Chapters Sixteen and Seventeen also exist in this grouping. and ACLs. AAA. verify. What single command allows you to create a local user account named JOHNS with an MD5 hashed password of cisco123 and a privilege level of 15? This command should be entered as efficiently as possible. These other chapters deal with Access Layer Security. verify. Remember.Chapter 18. Essential Terms and Components Local Authentication Secure Passwords Device Access Source Addressing Telnet SSH Login Banners Topic: Configure.

SSH usage? _________ _________ 5.. Click here to view code image R1# R1#show running-config Building configuration. Name at least seven things wrong with this configuration from a device-hardening standpoint. Examine the configuration that follows. Current configuration : 1113 bytes ! version 15..4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! enable password cisco123 ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! archive log config hidekeys ! ! ! ! ip tcp synwait-time 5 ! ! ! .

10.10.! interface FastEthernet0/0 ip address 10.0 duplex auto speed auto ! interface Serial0/0 no ip address shutdown clock rate 2000000 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown clock rate 2000000 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! no cdp log mismatch duplex ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 password cisco login transport input telnet ! ! end R1# .255.255.1 255.

service password-encryption 4. EXAMPLE 18. enable password 3. Simple passwords are in use. There is no banner message. R1(config)#aaa new-model R1(config)#username JOHNS privilege 15 secret 1L0v3C1sc0Systems R1(config)#line con 0 R1(config-line)#login local R1(config-line)#end R1# The commands are as follows: aaa new-model: This command enables the AAA system on the router username JOHNS secret privilege 15 1L0v3C1sc0Systems: This command creates a local user account with a name of JOHNS. one per line. A device hostname other than router. note the password keyword used in place of secret would not accomplish this hashing. The console port never times out from inactivity.1 Configuring Local Authentication for the Console Line Click here to view code image R1# R1#configure terminal Enter configuration commands. username JOHNS privilege 15 secret cisco123 2. We will want to ensure that local authentication can be used to enforce user accounts on the device.1. There is no enable secret configured. We begin with Example 18. Answers 1. and a domain name 5. the password . which demonstrates configuring a local user account for access to the device. Your CCNA exam is primarily concerned with local authentication on your Cisco device. the password is hashed using MD5 so it does not display as clear text in the configuration. There is no service password-encryption. End with CNTL/Z. Privilege level 15 is granted at the console without authentication. Telnet is allowed.

What about passwords that might appear in plain text in the configuration. which is commonly referred to as user mode. you can assign privilege levels to those accounts with the privilege keyword.3 shows the configuration and verification of this feature.2 Verifying the Local Authentication Configuration Click here to view code image R1# R1#exit R1 con0 is now available Press RETURN to get started. The privilege 15 portion of the command provides that level of access for the user. Your organization should set password length and complexity requirements. ExamAlert Obviously. login local: This command requires authentication (based on the local configuration of user accounts) for a user to access this router through line console 0. Consideration must also be given to secure passwords on all of your Cisco devices. ! Note: pressing enter will prompt for a username and password User Access Verification Username: JOHNS Password: R1# ExamAlert When creating local user accounts. . configurations of this nature are critical (misconfiguration can actually lead to device lock-out). EXAMPLE 18. Example 18. These are easily enforced using commands on modern Cisco operating systems now. however? Cisco provides the service password-encryption feature to help with this. The default privilege for local users is 1. The default privilege level for a user is privilege level 1.2 walks through our verification. so be careful and always verify. itself for this user is 1L0v3C1sc0Systems. Example 18.1 we use simple character substitution and a mix of case in order to set a fairly strong password. Note that in our Example 18.

R1(config)#enable password ThisIsmyPassw0rd R1(config)#line vty 0 4 R1(config-line)#password ThisIsMyT3ln3tPassword R1(config-line)#login R1(config-line)#end R1# R1#show run Building configuration. one per line... Current configuration : 1413 bytes … service password-encryption enable password 7 02320C52182F1C2C557E080A1600421908 ! line vty 0 4 password 7 15260305170338093107662E1D54023300454A4F5C460A ! end R1# The enable password is used for backward compatibility for very old Cisco devices that do not support the enable secret or other MD5 hashes. Current configuration : 1370 bytes … enable password ThisIsmyPassw0rd ! line vty 0 4 password ThisIsMyT3ln3tPassword login transport input telnet ! end R1#configure terminal Enter configuration commands.EXAMPLE 18. Passwords stored in clear text are a security risk. Note that the service password-encryption command places a very weak level 7 Cisco proprietary hashing on these passwords. Although this is not a .. Examples include the enable password and passwords used on VTY and console lines. R1(config)#service password-encryption R1(config)#end R1#show run Building configuration. End with CNTL/Z. one per line. End with CNTL/Z.3 Configuring and Verifying the Service Password-Encryption Feature Click here to view code image R1# R1#configure terminal Enter configuration commands..

Another important consideration for device hardening is source addressing specific traffic. a review topic. This protects privileged mode using a securely hashed version of the password.5 reviews the configuration of Telnet for you. ExamAlert If you use this service password-encryption command and then issue no service password-encryption. If someone can gain physical access to your Cisco equipment.4 Setting a Source Address for Network Communications Click here to view code image R1# R1#configure terminal Enter configuration commands.strong method of protecting them.1. Often. We should only really use it in a lab environment since it sends information in clear text. Notice this time.0 R1(config-if)#exit R1(config)#snmp-server source-interface traps loopback 1 R1(config)#end R1# Notice here we use the source-interface keyword to ensure that Simple Network Management Protocol (SNMP) traps are sent from a source address of our loopback interface. Example 18. note that it does at least prevent them from appearing in clear text. Example 18. and security by only allowing access from those loopback addresses. This is. consistency.168. of course. R1(config)#interface loopback 1 R1(config-if)#ip address 192. no future clear text passwords are protected.255. Remember. End with CNTL/Z. they can easily reset the equipment—never mind the fact they could easily physically damage it as well. EXAMPLE 18. If using both commands. the service password-encryption command helps with security on the password as we have seen in this chapter. we source traffic from a loopback address to improve reliability. It is interesting that Telnet exists in this section since it is an insecure protocol. but your existing passwords remain in their hashed form.1 255. the password must be different between the two. since we examined it in our chapter on initial-device setup. the modern alternative to the enable password command is the enable secret command. Another important consideration with proper device hardening is physical security (device access). . one per line.4 provides an example. such as management traffic.255.

one per line. End with CNTL/Z. Specifying line vty 5 10. there must be a secure remote access protocol alternative . there are other lines available depending on your exact device.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. R1(config)#line vty 0 4 R1(config-line)#password C1sc0I$Aw3some R1(config-line)#login R1(config-line)#transport input telnet R1(config-line)#exit R1(config)#service password-encryption R1(config)#end R1# *Mar 1 00:01:34. Remember. one per line.5 The Configuration of Telnet Click here to view code image R1# R1#configure terminal Enter configuration commands.6 The Configuration of SSH Click here to view code image R2# R2#configure terminal Enter configuration commands. and not just the first five lines.131: %SYS-5-CONFIG_I: Configured from console by console R1# ExamAlert All of our configuration examples have shown manipulation of the default VTY 0 4 lines. apply it to all of them. Since Telnet is insecure. This enables you to provide alternate configurations to different lines. . Most Cisco switches have VTY lines 0–15 by default. End with CNTL/Z.6 shows the SSH configuration. . EXAMPLE 18.cbtnuggets.lab. so if you are configuring security on VTY lines. Choosing a key modulus greater than 512 may take a few minutes. . applies a specific configuration to VTY lines 5 through 10.EXAMPLE 18. and there is—Secure Shell (SSH). Example 18.com R2(config)#crypto key generate rsa The name for the keys will be: R2. for example.cbtnuggets. R2(config)#ip domain-name lab.

this controls the strength of the security where more is better. This is a text message displayed to users when they log in to the device. crypto key generate rsa: This command triggers the generation of the RSA key for security. The typical use of this banner is to provide a legal disclaimer that access is restricted. Another aspect of device hardening is the configuration of a login banner.7 shows the configuration and verification of a login banner. It displays just before the username and password prompt. 768 is used here in order to later specify SSH version 2 because at least 768 is required. be sure to check with your own regarding the exact language of your banner! EXAMPLE 18.com: The setting of a domain name on the device is required for the generation of the RSA key used for the SSH security. ExamAlert Take note that you can configure multiple protocols with the transport input command.cbtnuggets. [OK] R2(config)# %SSH-5-ENABLED: SSH has been enabled R2(config)#ip ssh version 2 R2(config)#line vty 0 4 R2(config-line)#transport input ssh R2(config-line)#end R2# %SYS-5-CONFIG_I: Configured from console by console R2# These configuration commands are as follows: ip domain-name lab. such as Telnet. keys will be non-exportable. For example. transport input ssh telnet specifies that SSH or Telnet may be used.. notice that you must specify how many bits are in the modulus. due to it sending and receiving information in plain text. note that a hostname configuration is also required. It is not ideal for security because Telnet is never considered acceptable regarding security. Note that since your author is not an attorney..7 The Configuration and Verification of a Login Banner Message Click here to view code image . but that is not shown here since it has been done (R2). How many bits in the modulus [512]: 768 % Generating 768 bit RSA keys. ip ssh version 2: This command specifies that version 2 of SSH should be used. Example 18. transport input ssh: This command locks down the VTY lines to the use of SSH and excludes the use of other protocols.

CramQuiz 1. What is wrong with the command username JOHNS password cisco123? (Choose two. ExamAlert The login banner is only one type of banner possible on the Cisco device. User Access Verification Username: JOHNS Password: R2# Notice how simple the configuration is.) A. The password is in clear text if service password-encryption is not in use. Any other use is strictly prohibited. This MOTD banner is displayed to all terminals connected and is useful for sending messages that affect all users (such as impending system shutdowns). The character or symbol used as part of the banner message doesn’t have to be the “#” character. This router is for the exclusive use of ACME. This allows you to do carriage returns and even ASCII art. The password is too simple. and when used again in the configuration of the banner—it triggers the end of the banner text. R2# R2#configure terminal Enter configuration commands. one per line. When a user connects to the router. should you desire. This router is for the exclusive use of ACME. the MOTD banner appears. For example. Any other use is strictly prohibited. End with CNTL/Z. R2(config)#banner login # Enter TEXT message.INC employees. Violators will be prosecuted to the full extent of the law. . B.# R2(config)#exit R2#exit R2 con0 is now available Press RETURN to get started. End with the character '#'. The banner login # command gets the job done. C.INC employees. Violators will be prosecuted to the full extent of the law. Notice the # symbol is a character chosen by the administrator. the banner motd command configures a Message of the Day Banner. The username command must be separate from the password assignment.

What command under the VTY lines allows the checking of a local password? A. You can use ASCII art in them. The privilege level must be set. aaa new-model 3. 5. They can contain carriage returns and even ASCII art.) A. A and C are correct. What command dictates the use of AAA on a Cisco device? A. B. 2. enable C. aaa authentication D. CramQuiz Answers 1. check-password B. Telnet is used instead of SSH. B and C are correct. D. tranport input ssh telnet permits Telnet and SSH. You must always use a # symbol to indicate the end of the banner. D is correct. The command no login on a VTY line (when aaa new-model is not enabled globally) disables password checking and results in open access. C. 4. There are various types of banner messages that appear at different times or conditions. What is true about banner messages on Cisco routers? (Choose two. aaa run C. SSH and Telnet are allowed. The login local command requires authentication using the local configuration. Review Questions . What is the effect of the command transport input ssh telnet? A. 5. SSH is used instead of Telnet. Telnet and SSH are restricted. There are various types of banner messages used for different purposes. C. 3. login local D. The aaa new-model command enables the use of AAA on the device. D. They typically are not used for legal warnings. C is correct. The password here will be in clear text and the password that is selected is much too simple. D. D is correct. 2. aaa enable B. B. test 4.

FTP for authentication 2. D. A remote Telnet database C. B is correct. 3. The most common and most powerful configuration for authentication is to centralize this with AAA. 3. In order to increase reliability B. Centralized AAA B. A and C are correct. Additional Resources Setting Up SSH on a Cisco IPv6 Router —http://www. What command do you use to create the RSA key for SSH? A. crypto key generate ssh C. 2.ajsnetworking.) A. crypto key ssh create B. Why might you set the source interface in traffic? (Choose two. 4. This command creates the keying material needed for SSH security. In order to enhance security D. C. The device no longer hashes future passwords. Hashed passwords are reversed. crypto key generate rsa Answers to Review Questions 1. This command is not valid. The device removes all hashed passwords. B. What is an alternative to using local authentication on a Cisco router? A.ly/2bU7wGL . A is correct. What happens if you issue the command—no service password-encryption? A.com/setting-ssh-ipv6 Managing Connections Menus and System Banners —http://bit. No future passwords created will be hashed. In order to enhance processing speed C. SNMP for authentication D. D is correct. In order to eliminate the use of send buffers 4. crypto key ssh D. Source address control is often used for enhanced reliability and or security. This command has no effect on passwords that have already been hashed on the device. 1.

Part VII: Infrastructure Management This part of the text deals with one of the seven overall sections you must master for the CCNA exam. There are six chapters total that make up Part 7. Syslog. This section is quite large as a result. IP SLA CHAPTER 20 Infrastructure Management: Device Management CHAPTER 21 Infrastructure Management: Initial Device Configuration CHAPTER 22 Infrastructure Management: Device Maintenance CHAPTER 23 Infrastructure Management: IOS Troubleshooting Tools CHAPTER 24 Infrastructure Management: Network Programmability . you should be able to keep your network running smoothly and your clients very happy! Part 7 includes the following chapters: CHAPTER 19 Infrastructure Management: SNMP. Thanks to the tools and technologies of this section. There are more tools than ever when it comes to successfully managing your complex network.

Essential Terms and Components Syslog SNMP version 2 SNMP version 3 IP SLA Topic: Configure and verify device-monitoring using syslog and SNMP CramSaver If you can correctly answer these CramSaver questions. Chapters Twenty through Twenty-Four also exist in this grouping. Notice the CramSaver is also broken down by section. IP SLA This chapter covers the following official CCNA 200-125 exam topics: Configure and verify device-monitoring protocols Troubleshoot network connectivity issues using ICMP echo-based IP SLA This chapter ensures you are ready for the listed topics from the Infrastructure Management section of the overall exam blueprint from Cisco Systems. What is the default status of monitor and buffer logging? _________ 2. The default status of monitor and buffer logging is enabled . Remember. If you are in doubt at all— read EVERYTHING in this chapter! 1. so perhaps you just need to review a certain area. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What version of SNMP provides robust security mechanisms? _________ Answers 1. What logging level is Emergency? _________ 3. Syslog. Infrastructure Management: SNMP. These other chapters deal with topics such as initial device configuration and network programmability. this is just one section of the Infrastructure Management area.Chapter 19.

2. Level 1
3. SNMP version 3

Network devices typically engage in system-logging capabilities, commonly termed
syslog. Cisco devices are no exception. System logging allows devices to report on
their health and important events that might be transpiring. In Cisco networking, we
commonly call syslog simply logging. These messages can vary from the mundane to the
critical. Example 19.1 shows the default logging configuration on a Cisco router.

ExamAlert
You can configure the timestamp information in your syslog messages with the
service timestamps command. These timestamps can be right down to the
millisecond thanks to the msec optional keyword as part of the command.

EXAMPLE 19.1 The Default Logging Configuration of a Cisco Router

Click here to view code image

R2#
R2#show logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-
limited,
0 flushes, 0 overruns, xml disabled, filtering
disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: level debugging, 16 messages logged, xml
disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml
disabled,
filtering disabled
Buffer logging: level debugging, 16 messages logged, xml
disabled,
filtering disabled
Logging Exception size (8192 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

Trap logging: level informational, 19 message lines logged

Log Buffer (8192 bytes):

*Aug 28 15:54:39.063: %IFMGR-7-NO_IFINDEX_FILE: Unable to
open nvram:/
ifIndex-table No such file or directory
*Aug 28 15:54:56.991: %LINEPROTO-5-UPDOWN: Line protocol on
Interface
VoIP-Null0, changed state to up
*Aug 28 15:54:56.995: %LINK-3-UPDOWN: Interface
FastEthernet0/0,
changed state to up
*Aug 28 15:54:57.003: %LINK-3-UPDOWN: Interface
FastEthernet1/0,
changed state to up

Notice that by default logging is enabled and that syslog messages are being stored in a
buffer for later analysis. Specifically, notice there are three forms of logging that are
enabled by default:
Console logging
Monitor logging
Buffer logging
Console logging is where you see console syslog messages such as *Aug 28
15:54:56.995: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to
up when you are configuring the device. Monitor logging allows users that are telnetted
into the device to see console messages as well, whereas buffer logging permits
viewing messages at a later date, as Example 19.1 demonstrates.

ExamAlert
Just because a feature like console logging is typically on by default, never
make assumptions in the exam environment. Console logging might be disabled
in a -running configuration.

Notice from the example log messages shown in Example 19.1 that these messages
follow a specific format with fields that include:
A timestamp:*Aug 28 15:54:57.003:
A facility that generated the message:%LINK
A severity level:3
A mnemonic for the message: UPDOWN
A description: Interface FastEthernet1/0, changed state to up
The possible severity levels for messages are very important, especially since you can

filter the logging to the various destinations using these levels. Table 19.1 shows the
syslog severity levels used by most Cisco equipment.

TABLE 19.1 The Syslog Severity Levels
Example 19.2 shows a sample configuration involving logging on a Cisco router.

EXAMPLE 19.2 A Sample Syslog Configuration on a Cisco Router

Click here to view code image

R2#
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#logging console 6
R2(config)#logging buffered 4
R2(config)#logging monitor warning
R2(config)#logging host 10.1.1.3
R2(config)#end
R2#

The commands in Example 19.2 have the following effect:
logging console 6: Console syslog messages are limited to levels 6 through 0.
logging buffered 4: Buffer syslog messages are limited to levels 4 through 0.
logging monitor warning: Monitor syslog messages are limited to levels 4
through 0; note that you can use the keyword or level number.
logging host 10.1.1.3:Send syslog messages to a recipient network device for
storage; this device is located at 10.1.1.3.
Simple Network Management Protocol (SNMP) permits the ease of management of
network devices. Monitoring and configuration are both possible using this technology.
SNMP version 2 was excellent, and it was used for many years, but it lacked security

features. In fact, it used a simple clear text community string (password) for security
protection.
SNMP version 3 addresses the security concerns with previous versions. This version
provides robust authentication, authorization, and integrity verification—if desired.

CramQuiz
1. What level of logging is for an event where an immediate action is required?
A. Emergency
B. Critical
C. Error
D. Alert
2. How can you configure your Cisco router so that level 5 through level 0 log
messages appear in a buffer?
A. logging buffered 5
B. logging level 5 buffer
C. logging 5 buffer
D. logging buffered 5 0
3. What version of SNMP uses a simple clear text password?
A. Version 1
B. Version 2
C. Version 3
D. Version 4

CramQuiz Answers
1. D is correct. The Alert level of syslog in Cisco is to indicate an immediate action
is required.
2. A is correct. The command logging buffered 5 allows you to filter the buffer for
log messages at a level of 0 through 5.
3. B is correct. SNMP version 2 uses a simple clear text password.

Topic: Troubleshoot network connectivity issues using ICMP echo-
based IP SLA

CramSaver
1. What is a term to reference the relative consistent delay in a network?
_________
2. What protocol does IP SLA use for simple latency testing?

_________
Answers
1. Latency
2. ICMP

Cisco IOS IP service-level agreements (SLAs) allow administrators to analyze IP
service levels by performing active traffic monitoring. This way, they can measure and
verify network performance.
Example 19.3 shows the configuration of an IP SLA test.

EXAMPLE 19.3 An IP SLA Test

Click here to view code image

R1#
R1#configure terminal
R1(config)#ip sla 6
R1(config-ip-sla)# icmp-echo 10.1.1.2 source-ip 10.1.1.1
R1(config-ip-sla-echo)# frequency 300
R1(config-ip-sla-echo)# request-data-size 28
R1(config-ip-sla-echo)# tos 160
R1(config-ip-sla-echo)# timeout 6000
R1(config-ip-sla-echo)#ip sla schedule 6 life forever start-
time now
R1(config)#end
R1#

Example 19.4 shows monitoring an IP SLA test.

EXAMPLE 19.4 Monitoring the IP SLA Test

Click here to view code image

R1#
R1#show ip sla statistics 6
IPSLAs Latest Operation Statistics

IPSLA operation id: 6
Type of operation: icmp-echo
Latest RTT: 60 milliseconds
Latest operation start time: *16:22:07.143 UTC Wed Nov 16
2016
Latest operation return code: OK
Number of successes: 1
Number of failures: 1
Operation time to live: Forever

R1#

CramQuiz
1. What command do you use to schedule an IP SLA test?
A. ip sla schedule
B. ip sla run
C. ip sla execute
D. ip sla timing
2. What command do you use to create an ICMP-based SLA test?
A. icmp
B. icmp-test
C. icmp-echo
D. icmp-latency

CramQuiz Answers
1. A is correct. The ipsla schedule command is what you use to run a test.
2. C is correct. The icmp-echo keyword permits the configuration of this test.

Review Questions
1. What command allows you to see the syslog configuration currently in place on
your Cisco router?
A. show syslog
B. show logging
C. show logging enable
D. show logging detail
2. Given the syslog message of *Nov 16 00:23:23.003: %SYS-6-
CLOCKUPDATE: System clock has been updated from 14:20:35 EDT Sun
Aug 28 2016 to 19:23:23 EST Thu Nov 15 2018, configured from console by
console what is the facility that produced the message?
A. %SYS-6-CLOCKUPDATE
B. CLOCKUPDATE
C. %SYS
D. 6
3. What command permits you to send log messages to a device at 10.1.1.3?
A. logging 10.1.1.3
B. logging trap level 2 10.1.1.3

C. logging host 10.1.1.3
D. logging host send 7 host 10.1.1.3
4. What tool permits the monitoring of latency between network devices?
A. SMTP
B. IP SLA
C. DHCP snooping
D. AAA
5. SNMP version 3 provides for what?
A. Monitoring with no overhead
B. Security
C. A reduction in server calls
D. ICMP IP SLA

Answers to Review Questions
1. B is correct. Use the simple show logging command to verify syslog settings.
2. C is correct. The facility precedes the severity level.
3. C is correct. Use logging host 10.1.1.3.
4. B is correct. The IP SLA feature permits latency monitoring.
5. B is correct. The main motivation for SNMP version 3 comes from the security
enhancements.

Additional Resources
Troubleshooting and Fault Management—http://bit.ly/2buThbJ
IP SLA—http://www.ajsnetworking.com/ip-sla

Chapter 20. Infrastructure Management: Device
Management

This chapter covers the following official CCNA 200-125 exam topics:
Configure and verify device management

This chapter ensures you are ready for the listed topic from the Infrastructure
Management section of the overall exam blueprint from Cisco Systems. Remember, this
is just a section of the Infrastructure Management area. Chapters Nineteen and Twenty-
One through Twenty-Four also exist in this grouping. These other chapters deal with
SNMP, syslog, IP SLA, initial device configuration, device maintenance, IOS
troubleshooting tools, and network programmability.
Essential Terms and Components
Backup Configurations
Restoring Configurations
Running Configuration
Startup Configuration
Cisco Discovery Protocol (CDP)
Link Layer Discovery Protocol (LLDP)
Licensing
Logging
Timezones
Loopbacks

Topic: Configure and verify device management

CramSaver
1. What is the “backup” configuration called on a Cisco router?
_________
2. How do you globally disable CDP on a Cisco router?
_________
3. What is a virtual/logical interface called that is often used for
management purposes?
_________
Answers
1. startup-config

2. no cdp run
3. A loopback interface

Remember that the running configuration is the device configuration currently in use and
stored in RAM on the device. To view this configuration, issue the command show
running-config, as demonstrated in Example 20.1.

EXAMPLE 20.1 Viewing the Running Configuration on a Cisco Router

Click here to view code image

R2#
R2#show running-config
Building configuration...

Current configuration : 1474 bytes
!
! Last configuration change at 17:43:08
!
upgrade fpd auto
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!

To back up this configuration to nonvolatile RAM (NVRAM) on the device, use the
command copy running-config startup-config, as demonstrated in Example 20.2.

EXAMPLE 20.2 Backing Up a Router Configuration to NVRAM

Click here to view code image

R3#
R3#copy running-config startup-config
Destination filename [startup-config]?
Overwrite the previous NVRAM configuration?[confirm]
Building configuration...
[OK]
R3#

ExamAlert

Remember which configuration you need to view when in a lab-based exam
environment. For example, show running-config shows the configuration
currently in use, but show startup-config shows the saved configuration that
would be in place after a reboot of the device.

Cisco Discovery Protocol (CDP) is a built-in device management protocol that is at
times a convenience and other times a requirement. For example, if you are configuring
a network that you did not install and for which you have no documentation, you might
need to discover the IP address of a directly connected neighboring device. CDP makes
this possible, as demonstrated in Example 20.3.

EXAMPLE 20.3 Obtaining Information about a Neighboring Cisco Device

Click here to view code image

R3#
R3#show cdp neighbor detail
-------------------------
Device ID: R2
Entry address(es):
IP address: 10.1.1.2
Platform: Cisco 7206VXR, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port):
FastEthernet0/0
Holdtime : 157 sec
Version :
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M),
Version 15.8(1)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 30-Sep-16 07:48 by prod_rel_team
advertisement version: 2
Duplex: half
R3#

CDP is required in some situations. For example, Cisco IP Phones use it in order to
discover and communicate key capabilities with a switch.
At times, administrators do not want CDP running on an interface or even an entire
device. Example 20.4 shows how to disable CDP on an interface or an entire device.
The output also allows you to confirm that CDP is disabled.

EXAMPLE 20.4 Disabling CDP on an Interface or an Entire Device

Click here to view code image

R3#

R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface fa0/0
R3(config-if)#no cdp enable
R3(config-if)#exit
R3(config)#no cdp run
R3(config)#end
R3#
R3#show cdp
% CDP is not enabled
R3#

Link Layer Discovery Protocol (LLDP) is an open standard protocol that provides
similar functionality to the proprietary Cisco Discovery Protocol (CDP). The command
structure and usage is nearly identical to that of CDP, as follows:
show lldp neighbors: Displays a table of LLDP neighbors
show lldp entry R2: Obtains detailed information about a specific neighbor,
including IP information
lldp run: Enables LLDP globally on the router
lldp transmit and lldp receive: Interface-level commands for controlling the
sending and receiving of LLDP information
Another aspect of device management you should be familiar with is licensing. Be
aware of the following commands:
show license: Allows you to view the license state on your device; information
shown includes the type of license and the time period left.
show license feature: Allows you to see the specific features you might be
permitted to use and whether they are enabled.
show version: Provides information about the license in use on the device.
license install: Allows you to install a license on a Cisco device.

ExamAlert
Remember, when logging appears in your CCNA exam blueprint, it can mean
two things: the syslog configurations from earlier in this chapter or the specific
aspect of logging termed debugging (logging level 7). We review debugging in a
later chapter.

From a device management perspective, you should also review how to set the time and
timezone on a device. This is simple, as shown in Example 20.5. Remember, you might
engage in this configuration so that you can see the correct local time on the device when
using NTP.

EXAMPLE 20.5 Setting the Clock and Time Settings on a Cisco Device

Click here to view code image

R3#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#clock timezone EST -5
R3(config)#
%SYS-6-CLOCKUPDATE: System clock has been updated from
18:19:36 UTC
Sun Aug 28 2016 to 13:19:36 EST Sun Aug 28 2016, configured
from
console by console.
R3(config)#clock summer-time EDT recurring
R3(config)#
%SYS-6-CLOCKUPDATE: System clock has been updated from
13:19:52 EST
Sun Aug 28 2016 to 14:19:52 EDT Sun Aug 28 2016, configured
from
console by console.
R3(config)#exit
R3#clock set 19:23:23 15 November 2018
R3#
%SYS-6-CLOCKUPDATE: System clock has been updated from
14:20:35 EDT
Sun Aug 28 2016 to 19:23:23 EST Thu Nov 15 2018, configured
from
console by console.
R3#show clock
19:31:49.679 EST Thu Nov 15 2018
R3#

The final device management component to review is the frequent use of loopback
interfaces on Cisco devices. Many management features need a stable interface on the
device to function. A virtual interface known as a loopback interface can be created on
the device. Example 20.6 demonstrates the creation and verification of three loopback
interfaces.

EXAMPLE 20.6 The Configuration and Verification of Loopback Interfaces

Click here to view code image

R3#
R3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface loopback 0
R3(config-if)#ip address 10.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 1

R3(config-if)#ip address 10.4.4.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 3
R3(config-if)#ip address 10.5.5.3 255.255.255.0
R3(config-if)#end
R3#
%SYS-5-CONFIG_I: Configured from console by console
R3#show ip interface brief
Interface IP-Address OK? Method
Status Protocol
FastEthernet0/0 10.1.1.3 YES NVRAM up up
FastEthernet1/0 unassigned YES NVRAM administratively down
down
FastEthernet1/1 unassigned YES NVRAM administratively down
down
Loopback0 10.3.3.3 YES manual up up
Loopback1 10.4.4.3 YES manual up up
Loopback3 10.5.5.3 YES manual up up
R3#R3#

CramQuiz
1. How do you save the running configuration?
A. copy run star
B. copy star run
C. copy run backup
D. copy run wr
2. What is an open standard protocol with features similar to CDP?
A. SLARP
B. LLDP
C. NTP
D. ARP
3. What license verification command can be used for verifying the status of certain
features?
A. show license all
B. show license detail
C. show license feature
D. show license full
4. What command sets the time zone on a Cisco router to EST?
A. timezone EST
B. timezone EST -5

C. clock timezone EST -5
D. set clock timezone EST -5

CramQuiz Answers
1. A is correct. The command copy run star copies the running configuration in
RAM to NVRAM.
2. B is correct. LLDP has a function similar to CDP and is an open standard.
3. C is correct. The show license feature command provides this information.
4. C is correct. Use clock timezone EST -5 in order to set the time zone to EST.

Review Questions
1. What command allows you to retrieve the IP address of your neighbor?
A. show cdp
B. show cdp neighbor
C. show cdp neighbor detail
D. show cdp all
2. What two commands are used on an interface in order to ensure LLDP is
functioning properly? (Choose two.)
A. lldp transmit
B. lldp enable
C. lldp run
D. lldp receive
3. What command do you use to verify your time settings on the local router?
A. show time
B. show calendar
C. show counter
D. show clock

Answers to Review Questions
1. C is correct. Use the show cdp neighbor detail command to see the IP address
information. show cdp and show cdp neighbor are also valid commands but do
not provide enough details on neighbors.
2. A and D are correct. The lldp transmit and lldp receive commands permit this.
3. D is correct. The show clock command verifies your time settings.

Additional Resources
Chapter: Basic System Management—http://bit.ly/2ehGBcx

Configuring Cisco Discovery Protocol—http://bit.ly/1TaK8s9 .

. _________ _________ _________ 2. Physical interfaces are shut down. Infrastructure Management: Initial Device Configuration This chapter covers the following official CCNA 200-125 exam topics: Configure and verify initial device configuration This chapter ensures you are ready for the listed topic from the Infrastructure Management section of the overall exam blueprint from Cisco Systems. Essential Terms and Components Initial Device Configuration Interfaces Loopbacks Console VTY (Virtual Terminal Lines) Topic: Configure and verify initial device configuration CramSaver If you can correctly answer these CramSaver questions. IPv6 routing is disabled. If you are in doubt at all—read EVERYTHING in this chapter! 1. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter.Chapter 21. Remember. There are a total of six chapters that make up this important section. What command stops the console line timing out after inactivity? _________ Answers 1. Name at least three common factory-default configurations for a Cisco router. The hostname is Router. this is just a single topic of the Infrastructure Management area.

but they are in the next chapter. This chapter prepares you for what you need to know for CCNA about initial device configuration outside of these security features. no exec-timeout or exec-timeout 0 0. We will configure the R1 device together from its factory-default configuration from Cisco. . FIGURE 21. Factory defaults might vary slightly among versions of Cisco IOS Software. Figure 21. Declining this option results in the configuration shown in Figure 21.1 shows the topology for our initial device configuration in this chapter.. ExamAlert Many of the initial device configuration features deal with hardening (securing) a Cisco device. Notice that initial device configuration in this chapter means the initial config that we provide beyond the factory-default configuration from Cisco Systems. Example 21. 2.1 provides a look at the factory-default configuration from Cisco before we provide our own additions: EXAMPLE 21.1 The Topology for the Initial Device Configuration ExamAlert A factory-default router initially offers the use of a setup script to apply an initial configuration. Service timestamps are in place for logging.1 The Initial Factory-Default Configuration of a Cisco Router Click here to view code image Router#show run Building configuration. No Telnet access is possible. These are not covered in this chapter.1..

6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto media-type rj45 ! .Current configuration : 2667 bytes ! version 15.

1. Router(config)#line console 0 Router(config-line)#logging synchronous Router(config-line)#exec-timeout 0 0 Router(config-line)#exit Router(config)#hostname R1 R1(config)#interface lo1 R1(config-if)#ip address 1.2 demonstrates the required initial device configuration in this case.255.255 R1(config-if)#exit R1(config)#interface gi0/1 . including: Enabling synchronous logging for the console port Ensuring we are not timed out of the console port in this lab environment Configuring the correct router hostname Establishing all IP addressing shown in the diagram Establishing a RIP dynamic routing relationship with R2 Allowing remote access from R2 using Telnet Example 21.1 255. End with CNTL/Z. EXAMPLE 21.2 The Initial Configuration of the R1 Router Click here to view code image Router>enable Router#configure terminal Enter configuration commands.1. one per line. ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login transport input none ! no scheduler allocate ! end Our initial device configuration of R1 seeks to accomplish many things.255.

255. this line-configuration command ensures that console messages do not interrupt your entry of commands at the command-line interface. in a lab environment.1. hostname R1: This global-configuration command sets the host name of the router.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 192. exex-timeout 0 0: This line-configuration command sets the inactivity timeout in minutes and seconds for the console port (in our case). exit: This command allows you to move from the configuration mode that you are in to one level higher. logging synchronous: This command is considered a necessity by almost every administrator.1 255. the prompt is (config-line). this mode is also a launching pad for many other modes. for example.0 R1(config-router)#exit R1(config)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#transport input telnet R1(config-line)#end R1# Here is a review of the commands that we use in this initial device configuration: enable: This command moves us from user mode to privileged mode.1. line console 0: This global-configuration command enters line-configuration mode for the console port.0.168. The name .168. whereas the # symbol indicates privileged mode. this mode allows you to apply important parameters for the console connection to the device. ExamAlert Do not expect case to be preserved with all of your Cisco hostnames.0 R1(config-router)#network 1. R1(config-if)#ip address 192. we love exec-timeout 0 0 because security is not a concern. for example. many of these impact your experience with the local command-line interface (CLI).255. configure terminal: This command places the device in a mode where global parameters can be configured. although in actual production you would want your console port to time out when inactive.0. this mode allows you to provide the device with a unique hostname. note that a key distinguishing feature is the prompt change. interface configuration mode. this mode is easy to spot because the prompt includes (config). a > indicates user mode.

ExamAlert The RIP commands shown in our configuration here are not explicitly covered since they were covered in detail in Chapter 9. and have as interior characters only letters. login C.255. check D. end with a letter or digit. aaa-local 2. “Routing Technologies: Static and Dynamic Routing. must also follow strict rules—it must start with a letter. login: This line command requires a login and indicates the local password setting (cisco) should be checked upon Telnet login. What configuration creates a loopback 10 interface and assigns the IP address 10.1. line vty 0 4: This command enters the configuration mode for the first five virtual terminal lines (vty). ip address 1. password cisco: This line command sets the password of cisco for incoming Telnet connections.255.” They are shown here because most administrators consider this a key part of the initial configuration. Names must be 63 characters or fewer. digits. Creating an all-numeric hostname is not recommended.1 255. end: This command exits all configuration levels and returns the administrator to the privileged mode prompt. What command requires authentication for Telnet connections? A. local B. transport input telnet: This line command indicates that Telnet sessions are permitted into this device. these lines allow remote connections like Telnet and SSH. and hyphens. no shutdown: This command enables an interface. interface loopback 10 . CramQuiz 1.1/19? A. loopback interfaces automatically achieve the status of UP/UP once an IP address is assigned.10.1. interface lo1: This command creates a virtual interface named Loopback 1.255: This interface-level command assigns the IP address and subnet mask. Notice that most Cisco router interfaces are in a shutdown state by default and require this command.10.

1 255.10. All interfaces are assigned 192.1 255. D. but for this exam. C.1/19 B.255. What command in line-configuration mode specifically permits Telnet? A. 2.10. transport input none B.168. Basic RIP routing is configured. B is correct. 2.255.255. The transport input telnet command permits Telnet access. C is correct. There is no default configuration—you must enter commands through a setup script.1.255.1 255. interface loopback 10 ip address 10. D is correct. transport input telnet D. interface loopback 10 ip address 10.0.10.255.0 D. transport input C.0/24 addresses and Telnet is enabled.10.10. The login command requires authentication for Telnet connections. ip address 10. Layer 3 physical interfaces are in the shutdown state.10.248. Layer 3 interfaces are disabled by default on most Cisco routers.ly/2c5Oy0g . C is correct.10. 2. What is the default configuration of a Cisco router from the factory? A. The correct mask here is 255. Review Questions 1. transport input no ssh Answers to Review Questions 1.224.10. D is the best answer. interface loopback 10 ip address 10. B.224. Note that prefix notation is now accepted on some Cisco devices.0 C. Additional Resource Configuration Fundamentals Configuration Guide—http://bit.0 CramQuiz Answers 1.

this is just a section of the Infrastructure Management area. If you are in doubt at all—read EVERYTHING in this chapter! 1.Chapter 22. and Network Programmability. Device Management. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What command would you use to transfer an IOS image from a TFTP server to a local device’s flash memory? _________ 2. Essential Terms and Components IOS upgrade IOS Recovery password recovery SCP FTP TFTP MD5 Verify File System Management Topic: Perform device maintenance CramSaver If you can correctly answer these CramSaver questions. IOS Troubleshooting Tools. Remember. These other chapters deal with Syslog. What transport protocol does TFTP use? _________ . There are five other chapters in this grouping. Initial Configuration. What step begins the typical password recovery process for a router? _________ 3. Infrastructure Management: Device Maintenance This chapter covers the following official CCNA 200-125 exam topics: Perform device maintenance This chapter ensures you are ready for the listed topic from the Infrastructure Management section of the overall exam blueprint from Cisco Systems.

. We review the file systems later in this chapter. EXAMPLE 22.100 Source filename []? c2900-universalk9-mz. Make note of the MD5 hash that Cisco provides. Place this new IOS in a location that is accessible to the device that you want to upgrade.152- 4.bin ]? Accessing tftp://10. Here is an overview of how this process works: 1. or even a USB stick for insertion into a USB-capable Cisco device.SPA.1 Using the copy Command to Upgrade your IOS Click here to view code image R2# R2# copy tftp flash Address or name of remote host []? 10.bin . Later in this chapter.2.10.bin from 2. In this example.152-4. You typically accomplish this using a browser by going to Cisco.152-4.SPA.SPA.10.com.. UDP 4. we copy the new IOS from a TFTP server on the network to the local flash system of the device.1 demonstrates the use of the copy command.100/c2900-universalk9-mz.10. MD5 Verify Inevitably. we review how you can confirm the integrity of your new ISO using this hash value.SPA. 3. 4. you are going to want an IOS upgrade to experience new features. Use the copy command to move the new IOS to the file system on your Cisco device.M1. 2.152-4.2. Common examples would be a TFTP server. copy tftp flash 2. Boot the router into ROMMON 3. or perhaps to fix issues with your current IOS. an FTP server.M1.M1. Example 22. What process can you use on a router to check the integrity of the IOS upgrade image? _________ Answers 1.1 (via GigabitEthernet0/2): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .M1.10. Loading c2900-universalk9-mz.bin Destination filename [c2900-universalk9-mz. Obtain your new IOS.

-----date/time-----.1. !!!!!!!!!!!! [OK .2 demonstrates an example of the show flash command. We detail these protocols for you later in this chapter.bin 3 3000320 Jul 10 201700:05:44 +00:00 cpexpress.path 1 84193476 Jul 21 201713:38:06 +00:00 c2900-universalk9- mz. M1. SPA.152-4. you should understand the fundamentals of TFTP.1.pkg 8 1153 Aug 16 201718:20:56 +00:00 wo-lic-1 9 97794040 Oct 10 201821:06:38 +00:00 c2900-universalk9- mz.M1. completely unknown to you? .1. Why? IOS recovery of course! Should issues arise with the local router or switch copy of the IOS. EXAMPLE 22.97794040 bytes] 97794040 bytes copied in 187.SPA.tar 4 1038 Jul 10 201700:05:52 +00:00 home. ExamAlert There are many options for transfer of the IOS image to your local device. What about forgetting the enable secret for your device? Or perhaps you purchase used equipment for lab practice and the passwords are in place.151-1. For the exam.tar 6 1697952 Jul 10 201700:06:16 +00:00 securedesktop-ios- 3.--length-. FTP.176.bin 49238016 bytes available (207249408 bytes used) R2# It is very typical for network administrators today to keep that downloaded copy of the new IOS on that accessible TFTP server. if needed in the future. Example 22. you will still have a copy of the IOS on the TFTP server. 45-k9.shtml 5 122880 Jul 10 201700:06:02 +00:00 home.2 Using the show flash Command Click here to view code image R2# R2# show flash -#. and SCP.4.pkg 7 415956 Jul 10 201700:06:28 +00:00 sslclient-win- 1.876 secs (396555 bytes/sec) R2# How can you verify this copy operation was a success? It is simple—show flash.

Unlike FTP. To be fair. Secure Copy Protocol (SCP). For the CCNA exam. issue the command copy startup-config running-config. there is a password recovery process on most Cisco devices. File Transfer Protocol (FTP) is an insecure method for moving files or IOS images through the network. which is now ignoring the startup-config. This ensures the authenticity and confidentiality of the information in transit. Boot the device into ROMMON mode. Trivial File Transfer Protocol (TFTP) is an insecure method for moving files or IOS images through the network. FTP may run in active or passive mode. is a secure method of moving configuration files or IOS images through the network. it’s helpful to be familiar with the typical procedure covered here. you ensure the integrity of the image. 6. SCP runs over TCP port 22 by default.Thankfully. Also. There are other methods for setting this within ROMMON. This assists us in being more secure against attacks from remote users. a sample ROMMON command for this is confreg 0x2142. Set the configuration register back with config-reg 0x2102. The configuration register of the device is then set to ignore the startup-config file (a common configuration register setting for this is 0x2142). depending on the device. Reboot the router. Copy the running-config to the startup-config with copy running-config startup- config. as its name implies. If the previous startup-config is desired. As mentioned earlier in this section. Example . 4. it is lighter weight and uses UDP port 69. In both cases. 3. it is not really password recovery. this is accomplished with a break key during boot or the removal of flash memory. which determines how the data connection is established. it is important that you verify that the images you download from Cisco have not been tampered with. Enter privileged mode. A simple way to do this is using MD5 Verify. 2. 5. when you use this feature. SCP uses Secure Shell (SSH) for data transfer and uses authentication and encryption. the client creates a TCP control connection to the FTP server command port at TCP 21. Technically. it is password reset. Here is the password recovery process: 1. The Additional Resources section of this chapter provides a master document link for specific devices. ExamAlert Password recovery procedures vary from Cisco device to Cisco device. 7. Integrity checks verify the original image is the image you acquired. Change the enable secret password to your own new one. 8. keep in mind this requires physical access to the device.

.SPA.. Note this could work well when used in conjunction with the archive command to restore a previous version of the device’s configuration....... when rebooted.. there are command examples that you should fully understand....... CramQuiz 1...SPA..... there are more modern methods you should be aware of. EXAMPLE 22........................3 demonstrates the use of the verify /md5 command..bin) =a79e325e6c498b70829d4db0afba2011 Notice this command has you specify your IOS image and the MD5 hash you acquired from Cisco..... show flash ......... There is also the configure replace command that allows the enactment of a new running-config without a reload of the device..154-3..... copy startup-config usbflash1:copy_config: This command demonstrates how the copy command could also be used to make a backup of your startup-config and place it for safekeeping on a USB device..... With that said.....M3.. For example.MD5 of flash0:c2900-universalk9-mz.. Here we see the match of the hash value and successful integrity checking! Throughout this text in various spots.. there is an archive command that provides you with the ability to automate the archiving of configuration files on set intervals. we have been dealing with the last topic in this section—File System Management... .............M3....... note here that copy_config is the name we provide for this USB-stored version. ... ......SPA....3 Using the Verify MD5 Feature Click here to view code image R1# verify /md5 flash0:c2900-universalk9-mz............... a Cisco device clears the RAM and loads it with the NVRAM configuration...... as follows: copy running-config startup-config: Here we take the configuration running in RAM and “back it up” to the NVRAM......... This is another area on Cisco devices in which technologies can vary from device to device and therefore possibilities abound...bin a79e325e6c498b70829d4db0afba2011 ..22.....154-3... What command can you use to verify the contents of flash on your device? A...........154-3.... ExamAlert Although the copy functionality has been with us for a long time in Cisco networking.......M3.bin Done! Verified (flash0:c2900-universalk9-mz..........

What value do you change to have a router ignore its own startup-config on boot? A. show memory C. SCP 4. The configuration register value controls this. system. D is correct. What command can transfer a file from your local device to a USB device? A. TFTP B. A is correct. move C. 3. among other router behaviors. copy 2. show nvram 2. verify /md5 CramQuiz Answers 1. D is correct. Where might you typically store a downloaded IOS upgrade image from the Cisco Systems website for future deployment to your local router? . boot. C is correct. flash-boot B. Which transfer option is secure? A. dirsync D. The verify /md5 command provides a valuable integrity check. config check C. 4. Telnet D. transfer B. B. ios check D. The Secure Copy Protocol uses SSH and is secure. FTP C.ini C. Review Questions 1. What command would you use in order to perform an integrity check of an upgrade IOS? A.ini 3. config verify B. show usb D. configuration register D. The show flash command allows you to view the contents of flash. 2.

DNS B. archive D. A DHCP server D. A TFTP server C. store Answers to Review Questions 1. ROMMON C. You initially set the configuration register to ignore the startup-config from ROMMON mode. TFTP D. 4. replace B. From what mode do you initially configure the configuration register value during password recovery? A. An SNMP server 3. Images are often copied to a TFTP server for deployment to devices.com/password-recovery Password Recovery Procedures—http://bit. 3.ly/2cAQuim . The copy command does this transfer. C is correct. You can use the archive command to automate the periodic archiving of a configuration. D is correct. 2. B is correct. A. backup C. Global Config B. Additional Resources Password Recovery on a Cisco Router —http://www.ajsnetworking. B is correct. Interface Config 4. What command can periodically back up your running-configuration to an external location? A.

Infrastructure Management: IOS Troubleshooting Tools This chapter covers the following official CCNA 200-125 exam topics: Use Cisco IOS tools to troubleshoot and resolve problems This chapter ensures you are ready for the listed topic from the Infrastructure Management section of the overall exam blueprint from Cisco Systems. and network programmability. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. What does DF stand for in an extended Ping? . What protocol does Ping use in its operation? _________ 2. this is just a section of the Infrastructure Maintenance area. IP. Essential Terms and Components IOS Tools Ping Traceroute Extended options Terminal monitor Log events Local SPAN Topic: Use Cisco IOS tools to troubleshoot and resolve problems CramSaver If you can correctly answer these CramSaver questions.Chapter 23. SLA. Remember. These other chapters deal with SNMP. device management. Syslog. If you are in doubt at all—read EVERYTHING in this chapter! 1. How many packets are sent by the ping command on a Cisco router by default? _________ 3. initial device configuration. What is the default IP source address for Ping packets? _________ 4. device maintenance. Chapters Nineteen through Twenty-Two and Twenty-Four also exist in this grouping.

30 7. What is the command to see debug messages at the CLI while you are using Telnet to access a remote router? _________ 8. _________ 5.2/24. Traffic monitoring of devices connected to the same local switch There are many powerful IOS tools you can use to successfully troubleshoot problems with your Cisco devices. In addition to the physical networks shown.1/24. What issue does Local SPAN solve? _________ Answers 1.2. 5 3.2. The last octet of the IP addresses has been configured to match the router number. RIP version 2 is running on all devices for all networks. undebug all 9. the IP addresses on R1 all have . the CCNA exam focuses on just a handful of the main methods we use today. what character is displayed? _________ 6. The exit interface of the device sending the Ping 4. let’s examine Ping. If there is a timeout experienced for a Traceroute probe. First.1 for the last octet. What is the default maximum TTL for a Traceroute probe? _________ 7.1 shows the topology we use in this section. ICMP 2. each router possesses a loopback 0 interface with an IP address in the format of 1. For example. 2. and so on.1. terminal monitor 8. What command disables all debugging on a Cisco router? _________ 9. . Fortunately. * 6. Don’t fragment 5.1. You can use it to verify and troubleshoot connectivity in your networks. Figure 23.

30. round-trip min/avg/max = 52/61/72 ms R1# Note that this test was 100 percent successful. For example. Notice also that the output shows a round-trip time of an average of 61 milliseconds.2. It also indicates that most of our logical configuration appears correct. This means that all of the physical connectivity between these devices appears to be functioning normally.4 Type escape sequence to abort.30. But what about the loopbacks that exist in this scenario? Are they properly configured.1 Our IOS Tools Troubleshooting Topology We begin with just a simple.30.30. Example 23. 100-byte ICMP Echos to 10. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). both from an IP-addressing standpoint and from a RIP standpoint? We need to perform a more elaborate Ping test for this information. ExamAlert Remember.2 Testing the Loopback Connectivity Using ping . and five responses (ICMP echo replies) were received. What have we confirmed exactly? We have confirmed the physical Fa0/0 interface of R1 can reach the physical interface (Fa0/0) of R4. our IP addressing assignments and RIP configuration appear to be correct. A quick and easy way to see if we have full reachability in our topology is to perform a test from R1 to R4 using Ping. Five Ping (ICMP echo request) packets were sent by default. EXAMPLE 23. basic.4. Ping uses an ICMP echo (sometimes referred to as an Echo Request) and an ICMP Echo Reply in its operation. as demonstrated in Example 23. EXAMPLE 23.1 shows this test. FIGURE 23. Sending 5. but important Ping test. We should also combine this with a show ip route command.1 Performing a Simple Ping Test Click here to view code image R1# R1#ping 10.

4. R—RIP. 1 subnets R 4. S—static.2.0. B—BGP D—EIGRP. 2 subnets.20. FastEthernet0/0 L 10. L2—IS-IS level-2 ia—IS-IS inter area.0.0.4. IA—OSPF inter area N1—OSPF NSSA external type 1. FastEthernet0/0 4. L1—IS-IS level-1.4.0. P—periodic downloaded static route.0.10. 1 subnets R 3.0/24 is subnetted. su—IS-IS summary. FastEthernet0/0 10.1. 00:00:17.30. 4 subnets.2.0 [120/1] via 10.10. Loopback0 L 1.10.0/24 is subnetted.10. E2—OSPF external type 2 i—IS-IS.0/24 is subnetted. 1 subnets R 2. N2—OSPF NSSA external type 2 E1—OSPF external type 1.0/24 is directly connected.0.2.3.0 [120/3] via 10.1. 00:00:17.10. 00:00:18.1/32 is directly connected.10.0 [120/2] via 10.10. FastEthernet0/0 3. C—connected.1.0/24 is directly connected.10.4. 100-byte ICMP Echos to 4.2.0/24 [120/2] via 10.10. 2 masks C 10. EX—EIGRP external.0.10. Loopback0 2.10. FastEthernet0/0 R 10.10.20.0/8 is variably subnetted.3.10. O—OSPF. M—mobile. 2 masks C 1. FastEthernet0/0 R1# R1#ping 4.2. U—per-user static route o—ODR.1 !!!!! Success rate is 100 percent (5/5). round-trip min/avg/max = 40/56/64 ms R1# .0.Click here to view code image R1# R1#show ip route Codes: L—local.0.1.2.1/32 is directly connected. FastEthernet0/0 R 10. +— replicated route Gateway of last resort is not set 1.10.4.4 source loopback 0 Type escape sequence to abort.4.4.1.30.0/24 [120/1] via 10.1. *—candidate default. 00:00:17.0.2. Sending 5. 00:00:17. timeout is 2 seconds: Packet sent with a source address of 1.0/8 is variably subnetted.

one per line.4.4 shows the results.Notice that our routing table indicates we have reachability to the networks for the loopback interfaces of R2. Sending 100.1. We then perform a Ping.4 source loopback 0 repeat 100 Type escape sequence to abort. EXAMPLE 23.4. Example 23.4. round-trip min/avg/max = 44/60/68 ms R1# Let’s review what a Ping looks like when things are broken in the network. timeout is 2 seconds: Packet sent with a source address of 1. 100-byte ICMP Echos to 4. changed state to adminis- tratively down R4# %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100). R3. this time with a destination address of the loopback 0 on R4 of 4.3 demonstrates how easy this is. R4(config)#interface fa0/0 R4(config-if)#shutdown R4(config-if)#end R4# %SYS-5-CONFIG_I: Configured from console by console %LINK-5-CHANGED: Interface FastEthernet0/0. EXAMPLE 23. but this time with 100 packets? Example 23. The five packets are successful.4.4 A ping with Failures in the Network Click here to view code image R4# R4#configure terminal Enter configuration commands.3 Running a ping Test with More Packets Click here to view code image R1# R1#ping 4. What if we want to perform this test again.4. End with CNTL/Z. and R4 learned through RIP. . we disable the physical interface on R4 and retry our Ping (with five packets).4. and we source this Ping from the R1 loopback 0 interface.4. In this example.1.4.

the fa0/0 interface on R4 has been brought up since the previous example. Not all of these return codes are supported or used on all Cisco router IOS versions and platforms. Example 23. EXAMPLE 23. Table 23.1.1 ..5 demonstrates what most engineers term an extended Ping.5 Running an Extended Ping in the Network Click here to view code image R1# R1#ping Protocol [ip]: ip Target IP address: 4. changed state to down R4# R1# R1#ping 4. timeout is 2 seconds: Packet sent with a source address of 1. regarding IPv4.1 The Ping Return Codes Although features like source and repeat count seem impressive with Ping. Success rate is 0 percent (0/5) R1# Note the exclamation point usage for success on the Ping packets versus the period for failure.4. For this example. 100-byte ICMP Echos to 4.4. things get even more impressive when we do a Ping with extended options.4.4 Repeat count [5]: 8 Datagram size [100]: 1600 .4.4. Sending 5.1 provides a few of the Ping return codes for a Cisco router...4..4.1.4 source loopback 0 Type escape sequence to abort. TABLE 23.

4. like whether or not a specific path should be selected. we choose none of these options.1. Loose. Timeout in seconds [2]: 4 Extended commands [n]: y Source address or interface: 1. Timestamp. Validate reply data? [no]:: This checks the reply packets to see whether the data pattern sent is the exact data pattern received. Verbose [none]:: This permits you to set specific options in the ping packets. Strict. Data pattern [0xABCD]:: This allows you to set the exact data pattern in the payload of the ping packets. Datagram size [100]:: The size of the packets we are sending. Timeout in seconds [2]:: The timeout value in seconds. and select a second timeout. we choose 1. we choose no.1. we chose 1600 bytes.4. Type of service [0]:: The ToS value for QoS we want marked in the packets. Verbose[none]: none Sweep range of sizes [n]: n Type escape sequence to abort. Set DF bit in IP header? [no]:: Whether or not we want the Don’t Fragment setting in the packets. Target IP address: We use our earlier target IP of the loopback on R4 (4. round-trip min/avg/max = 56/64/76 ms R1# Notice the incredible variations and detail we can add here.1 Packet has data pattern 0xAAAA !!!!!!!! Success rate is 100 percent (8/8).4. we of course choose yes.4.1. we choose 1.1. Extended commands [n]:: Whether or not we want to perform an extended ping with additional options. Timestamp. Record.1. we choose 0xAAAA. Record.1 as the source IPv4 address.4). including: Protocol [ip]: Our example uses the default IPv4. we decide to send eight. Repeat count [5]:: How many packets we want to send. we choose no.4. Sending 8. Source address or interface:: The source address or interface of the ping packets.1. we change from the default of 2. 1600-byte ICMP Echos to 4.1 Type of service [0]: 1 Set DF bit in IP header? [no]: no Validate reply data? [no]: no Data pattern [0xABCD]: 0xAAAA Loose. . Strict. timeout is 4 seconds: Packet sent with a source address of 1.

4. Traceroute on a Cisco router uses a combination of UDP and ICMP to provide this information. The TTL value of 1 causes these packets to “timeout” as soon as they hit the first router in the path. Three more UDP segments are then sent. The purpose of Traceroute is to record the source of each ICMP Time Exceeded Message packet to provide a trace of the path the packet took to reach the final destination.4. and sending out three more UDP packets continues until the packets reach the final destination.4. What about tracing the path of traffic as it traverses the network? With Ping. It also uses a Time To Live (TTL) value in the IP header. which causes the second router to return ICMP time-exceeded messages.30.1.6 Using a Simple traceroute Click here to view code image R1# R1#traceroute 4.4 1 10. ExamAlert Remember.20.4 Type escape sequence to abort. Tracing the route to 4.6 shows a simple (non-extended) use of Traceroute. EXAMPLE 23.4. indicating that the packets were dropped (one ICMP message per dropped packet). but without using an extended Ping and the record option. and that router then replies with ICMP Time Exceeded Messages. Traceroute is the tool that can provide this path information. three UDP segments are sent. we get no information about the Layer 3 routers that were traversed for this to take place. each with a Time-To-Live (TTL) field value set to one (“1”) in the IPv4 Layer 3 header of the packet. in the Cisco CLI. Example 23.1.4. When using Traceroute on a Cisco router.4.4. The process of increasing the TTL by one. This reveals the IP address of the second router in the path. Sweep range of sizes [n]:: This dictates whether the router will generate packets in a range of sizes up to the datagram size value set earlier.10. each with the TTL value set to 2.20.3 16 msec 44 msec 40 msec 3 10. we can see that 1. we choose no.2 16 msec 16 msec 20 msec 2 10. and that source address is how we learn about that specific router in the path to the final destination. These ICMP responses includes the source IP address of the router.10.30. a value in brackets is the default value inserted should we press Enter on the keyboard.1 can reach 4.4 68 msec 52 msec 64 msec R1# .

home [192.1) begins with a next hop of 10.map.frontiernet.Level3. then 10.4 from the physical interface of R1 (Fa0/0 10. a * displays for that packet.4.168.Here we see that the journey to 4. When using tracert on Windows.1] 2 8 ms 6 ms 6 ms 71.40.73 Trace complete.20.scr01. Notice that three test packets are sent to produce these results.net [4. Should a packet time out.com Tracing route to prod.10.fl.3.1 topology. Contrast this to a Cisco router.170] 8 * * * Request timed out.cnn.1. the command is tracert.cbr01. EXAMPLE 23.net [74.20.net [74.turner.1. then the packet reaches the next hop of 10.214.Miami2.156.fl.7 Performing a traceroute on Windows System to an Internet Destination Click here to view code image C:\Users\terry>tracert www.mias. In both cases.fastlylb. be aware that the packets sent out are ICMP- based. 9 11 ms 11 ms 12 ms 151.2 (R2 Fa0/0).4.30.Miami2.7 shows an example of performing a Traceroute from a Windows system to an external destination.101.4. EXAMPLE 23. C:\Users\terry> What about extended Traceroute? Example 23.frontiernet.15.net [151.mias.69] 5 10 ms 11 ms 12 ms ae0-- -0.Level3.40.3 (R3 Fa0/0).1 3 6 ms 7 ms 8 ms 172.101.73] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms FIOS_Quantum_Gateway. and Tracer-oute provides us with time values similar to Ping’s.10.22] 6 * 13 ms 11 ms lag-101.99. Example 23.4.10.29] 7 15 ms 14 ms 14 ms Cogent-level3- 40G. This often occurs when tracing paths to Internet destinations because delay can cause issues as well as devices in the path that are configured to not respond with ICMP messages. Note that on a Windows system.fios- router.30.8 Using Extended Traceroute Options .ear3.10.99.net [4.136 4 12 ms 11 ms 11 ms ae7-- -0. which sends out UDP-based segments when doing a traceroute.68.4 (R4 Fa0/0). the intention is that the Layer 3 devices in the path reply back with ICMP Time Exceeded Messages when the TTL expires for the packets.110.45.8 demonstrates this capability on a Cisco router from our Figure 23.

4. Verbose[none]:none Type escape sequence to abort.4.30. Maximum Time to Live [30]:: Set the largest TTL value that can be used. but it can be set to a higher value to suppress the display of known hops.1 Numeric display [n]: y Timeout in seconds [3]: 1 Probe count [3]: 5 Minimum Time to Live [1]: 1 Maximum Time to Live [30]: 10 Port Number [33434]: 33000 Loose. Timestamp. Here we manipulate the following: Protocol [ip]:: Set the protocol to trace.4 72 msec 60 msec 64 msec 60 msec 64 msec R1# Notice how remarkably similar this is to the extended Ping capabilities. we set R1 loopback (1. Strict. we choose the default of 1. we set IPv4. the default is 30. Timeout in seconds [3]:: Set the number of seconds to wait for a response to a probe packet. the traceroute command terminates when the destination is reached or when this value is reached.1).10. the default is 1.4.1.1.4 Source address: 1. we set the non-default of 33000.4 1 10.20. Loose. Record. we set 5.1. Source address:: Now we can set the specific source address.3 24 msec 36 msec 36 msec 72 msec 20 msec 3 10.1. we set R4 loopback (4. Verbose[none]:: Set the IP options. we set yes.10. Minimum Time to Live [1]:: Set the TTL value for the first probes. Port Number [33434]:: Set the destination port used by the UDP probe messages. we set 1 second. here we choose the default of none.Click here to view code image R1# R1#traceroute Protocol [ip]: ip Target IP address: 4.4.30. Target IP address:: Set the target IP address.20.2 40 msec 16 msec 20 msec 20 msec 16 msec 2 10.4).4. Numeric display [n]:: The default is to have both a symbolic and numeric display. the default on this router is 33434. Strict. Timestamp. however.4. we set a non-default value of 10. Record. you can suppress the symbolic display with yes. Probe count [3]:: Set the number of probe packets. Tracing the route to 4. .

30.2 Trying 2.0 in 1 hops RIP: sending v2 update to 224.0. let’s remind ourselves of a feature we initially discussed in an earlier chapter.0.0.9 shows the use of the terminal monitor feature.1 on FastEthernet0/0 1. metric 2. we discuss a very important feature of log events called debug messages.2.2) RIP: build update entries . It is the terminal monitor feature.0/24 via 0. however.0.9 via FastEthernet1/0 (10. tag 0 RIP: sending v2 update to 224.0.10.10.0/24 via 0.0.2. If you are connected to multiple remote routers using a Telnet or SSH application.0. you would expect see the exact prompt you had before you suspended that session with that router. tag 0 10.20. tag 0 3.4. Open User Access Verification Password: R2>enable Password: R2#debug ip rip RIP protocol debugging is on R2#terminal monitor R2# RIP: received v2 update from 10.2) RIP: build update entries 2.10.0/24 via 0.2. if you were in user mode. EXAMPLE 23.0.0.0/24 via 0.3. When you later resume that session on the router.0. tag 0 4. metric 3.1.0. Before we cover those fully.20..3. you can suspend a session with one of the routers using the key stroke sequence of Ctrl+Shift+6. For example.30.0/24 via 0.9 via FastEthernet0/0 (10.2.2 .20. ExamAlert The terminal monitor feature permits you to view syslog messages at the CLI while you are accessing a device using a remote access protocol like Telnet or SSH. and if that session hasn’t timed out. you would return to configuration mode.9 Using the Terminal Monitor Feature Click here to view code image R1# R1#telnet 2. If you were in configuration mode. metric 1. metric 1.0.0.0. tag 0 10. metric 2.0.0.To end this section shortly.1..0.0/24 via 0. then pressing the x key.0.0.20. you would return to user mode.2.10.2.4.0.0. Example 23.

5. We use Telnet to connect to R2 using its loopback address of 2. metric 1.10 Performing a Debug of ICMP Traffic Click here to view code image R4# R4#debug ip icmp ICMP packet debugging is on R4# R1# R1#ping 4.10. We turn off debugging with the undebug all command.4. 4. tag 0 10.1). we turn on ICMP debugging on R4. 6. We issue the debug ip rip command in order to initiate syslog messages. We exit the router.2.2.4 . use the command terminal no monitor. Notice in Example 23. we issue a Ping to R4.2. We access privileged mode on R2. 7. Notice the messages that appear on R4 about this Ping. Here.0.0. To turn off monitoring.0. tag 0 2.10.9 the following steps: 1.0/24 via 0. metric 1. We see syslog messages (debug) at the CLI.2. Enabling debugging and terminal monitoring is important to see log messages when connected via SSH or Telnet. We issue the terminal monitor privileged mode command. for example.10.2.10 shows another example of debugging at work. 2.1.0. Here we see confirmation.2. that the source address is the physical interface address of R1 (10. 1.10. Viewing logging and debugging messages allows us to see events in almost real time on the device. Then from R1.4.0/24 via 0. Example 23. 3.9 that we can get valuable details regarding the functioning of RIP on the devices thanks to the debug ip rip command. 8. tag 0 R2#undebug all All possible debugging has been turned off R2#exit [Connection to 2.2 closed by foreign host] R1# Notice in Example 23.0. EXAMPLE 23.0.1. metric 2. These messages do not appear at our CLI as we are accessing R2 via remote access (Telnet).0/24 via 0.0. which can be critical when troubleshooting or verifying features.2.0.0.

4. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).4.4. topology BASE. dscp 0 topoid 0 19:14:20.10.1. EXAMPLE 23.822: ICMP: echo reply sent. Example 23.4.10. dscp 0 topoid 0 R4# Example 23. src 4. topology BASE. dst 10.10.10. dscp 0 topoid 0 19:14:19.4. topology BASE. dscp 0 topoid 0 19:14:20.10.11 Disabling the Debug of ICMP Traffic R4# R4#no debug ip icmp ICMP packet debugging is off R4# ExamAlert Be very specific and careful when debugging.11 demonstrates how to turn off a specific debug (in this case.1. src 4. topology BASE.10.1.10.4. these level 7 messages are still being stored in memory . dscp 0 topoid 0 19:14:20.4. dst 10.042: ICMP: echo reply sent. Sending 5.4. src 4. Keep in mind you can turn all debugging off quickly with the undebug all or no debug all commands.4.10. src 4.1. By default. and you can control syslog message logging.10.4. src 4.4.4.142: ICMP: echo reply sent. dst 10. our ICMP debugging).1.10.12 demonstrates us eliminating log messages of level 7 from being sent to the console. You can overwhelm the device by creating too much debug traffic.4.922: ICMP: echo reply sent. Type escape sequence to abort.242: ICMP: echo reply sent. dst 10.4. dst 10.4. round-trip min/avg/max = 96/104/112 ms R1# R4# 19:14:19. topology BASE.4.4. 100-byte ICMP Echos to 4.4. You can control where debug messages appear.

. Console logging: level informational. xml disabled. 22 messages logged. 0 overruns. xml disabled. 118 messages logged. xml disabled. filtering disabled) No Active Message Discriminator.(in the buffer) on the router.12 Controlling Debug Messages Click here to view code image R1# R1#configure terminal Enter configuration commands. No Inactive Message Discriminator. one per line. R1(config)#logging console 6 R1(config)#exit R1# %SYS-5-CONFIG_I: Configured from console by console R1#clear logging Clear logging buffer [confirm] R1#debug ip rip RIP protocol debugging is on R1#show logging Syslog logging: enabled (0 messages dropped. EXAMPLE 23. filtering disabled Logging Exception size (8192 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. We then turn on RIP debugging and confirm these messages are appearing in the logging buffer. End with CNTL/Z. 0 messages logged. 2 messages rate- limited. filtering disabled Buffer logging: level debugging. This example also demonstrates how to clear the logging buffer with clear logging. xml disabled. 0 flushes. filtering disabled Monitor logging: level debugging.

1) 20:07:29.9 via Loopback0 (1.30.1 (sourced from one of our addresses) R1#no debug ip rip RIP protocol debugging is off R1# There is an incredible number of debug commands that exist on Cisco equipment. tag 0 20:07:29.30. Think about it.0.0.1.3. tag 0 20:07:29.0. metric 2. Note that packet sniffers can sometimes be software running on a PC or even a dedicated hardware device.1. Another powerful tool on Layer 2 devices is the ability to monitor traffic from devices connected to the local device. tag 0 20:07:29.638: 10. A Layer 2 device will naturally filter unicast traffic from being sent to multiple ports.0/24 via 0. This presents a problem for a connected traffic sniffer because that port will not receive unicast frames not destined for it.0.0. metric 1.3.0.4.0.658: RIP: build update entries 20:07:26.0.0.0.0.13 Local SPAN Click here to view code image Switch#configure terminal .10. This is called Local SPAN (Switched Port Analyzer). metric 1.638: RIP: ignored v2 packet from 1. This destination port is where you place your packet sniffer.1) 20:07:26.0. 25 message lines logged Log Buffer (8192 bytes): 20:07:26.10.10.1. metric 4.1.638: RIP: sending v2 update to 224.0.658: RIP: sending v2 update to 224. metric 3. tag 0 20:07:29. tag 0 20:07:29.20.638: 10. These command references include several dedicated to debug commands. Local SPAN copies frames and sends them to the SPAN destination port.638: 2. ESM: 0 messages dropped Trap logging: level informational. tag 0 20:07:29.0/24 via 0.0/24 via 0.0.638: 10.9 via FastEthernet0/0 (10.4.2. metric 3.638: RIP: build update entries 20:07:29.0/24 via 0.638: 3. Example 23. metric 2.0.0.658: 1.0.1. EXAMPLE 23.0.0. tag 0 20:07:29.20.0.0/24 via 0.0. The “Additional Resources” section of this chapter leads you to the command references for the IOS.0.10.0/24 via 0.13 demonstrates the configuration of Local SPAN on a Layer 2 switch.0/24 via 0.1.638: 4.2.0.0.0.

ping 4.4. What command sends Ping packets to 4.4. 0 B. You can control this in the source interface command.4.4. We then specify the source interface for packets that we want to copy to the destination interface. (Choose three. 4. ping 4. ping 4.) A.4 source-address loopback 10 D.) A.4. Name three elements that allow Traceroute to function in a Cisco network.4 address loopback 10 3. 3 5. 2 D. Switch(config)# monitor session 1 source interface fastEthernet0/1 Switch(config)# monitor session 1 destination interface fastEthernet0/10 Switch(config)# end Switch# Notice in this example we begin by ensuring there is no SPAN session 1 on the device. ? C.4 source loopback 10 B.4.4 from the source IP address assigned to the Loopback 10 interface? A. Echo-Reply 2. ping 4. By default. ingress and egress packets are copied. Here the packets are copied to FastEthernet 0/10.4 source-interface loopback 10 C.4. ! B. CramQuiz 1. TCP . Echo D. 1 C. . What ICMP packets are used with Ping packets? (Choose two. Return B. What symbol indicates a timeout with a Ping packet? A. * D.4.4. What is the default ToS in an Extended Ping? A. Send C.4.

36534 D. monitor session CramQuiz Answers 1. The default ToS is 0. D is correct. 33434 C. 5 D. C and D are correct. span 1 B. Traceroute uses a TTL as well as UDP and ICMP in its operation in a Cisco network. Level 7 9. B. 3. The default initial port for Traceroute is 33434 on a Cisco router. Level 0 B. UDP C. local-span 1 D. symbol allows Ping to communicate a timeout condition. D is correct. Level 1 D. Ping sends an Echo (sometimes called an Echo Request) and then there is an Echo-Reply. What is the default port used by Traceroute on a Cisco router? A. 32340 B. 32114 8. What level of syslog messages are debug messages? A. B is correct. 2. local span 1 C. 1 C. The . 7. ICMP E. The source keyword in Ping allows you to set the source IP address. Traceroute uses three probes by default. 5. A is correct. A is correct. 4 B. and D are correct. TTL D. How many Traceroute probes are used by default with the same TTL? A. FTP 6. 4. What is the correct command to configure Local SPAN? A. Level 5 C. C. B. 6. 3 7. .

The monitor session command configures SPAN. Debug messages are a Level 7. parsecs D. A Ping Echo-Reply B. What is the syntax for sending 1000 Ping packets? A. What is the measurement value for this? A. Q C. repeat 1000 4. count 1000 B. . D is correct. ? 5. 0 B. 8. 2 D. try 1000 C. 5 6. D is correct. terminal monitor C. A Ping Ack D. Review Questions 1. U D. terminal send D. usecs B. terminal test . mms 3. What is the code for a destination unreachable returned in Ping? A. send 1000 D. A Ping Response C. What is the default minimum TTL with Traceroute? A. 9. 1 C. terminal copy B. What feature permits additional viewing of syslog information by remote clients? A. Ping also provides latency information. B. ms C. What is sent in response to a Ping probe? A. A Ping TTL 2.

Use repeat 1000 in order to send 1000 Ping echo request packets. B is correct. no debug ip rip D. A Ping Echo-Reply is the response.com/trace- route Debug Command References—http://bit. To reduce CPU consumption in the switch-filtering and forwarding process Answers to Review Questions 1. 2. Additional Resources Finding Your Way with Traceroute—http://www. To scan the Layer 2 switch for security flaws C. you must log to the console. debug ip rip terminate 8. 7. The terminal monitor command/feature permits this. It places only level 6 messages on the console. To send syslog messages to a central server D. 9. C is correct. It returns an error. D is correct. What does the following command do: logging console 6? A. D. What is the command to negate the debug ip rip feature? A.ajsnetworking. no debug ip rip is the correct command. 9. Traceroute uses a default minimum TTL of 1.ly/2cu06OO . It places log messages 0 through 6 to the console. Local SPAN copies frames for analysis by a packet analyzer off the destination port. B is correct. 6. 4. 8. B. A is correct. The U symbol indicates a destination unreachable. 3. B is correct. This command omits level 7 messages to the console. 5. 7. B is correct. debug ip rip stop C. C is correct. To copy unicast frames for analysis B. Why would you use local SPAN on a switch? A. It places all log messages to the console. debug ip rip disable B. Ping uses milliseconds in order to communicate latency information. A is correct. C.

These other chapters deal with device management and maintenance as well as troubleshooting. If you are in doubt at all—read EVERYTHING in this chapter! 1. REST is an excellent example of what in SDN? _________ Answers 1. Infrastructure Management: Network Programmability This chapter covers the following official CCNA 200-125 exam topics: Describe network programmability in enterprise network architecture This chapter ensures you are ready for the listed topic from the Infrastructure Management section of the overall exam blueprint from Cisco Systems. this is just a section of the Infrastructure Management area. save time by skimming the ExamAlerts in this chapter and then completing the CramQuiz at the end of each section and the Review Questions at the end of the chapter. The creation of a routing table is an example of what plane of operation on a Cisco device? _________ 2. Control Plane 2. Essential Terms and Components Controller Control Plane Data Plane Northbound API Southbound API Topic: Describe network programmability in enterprise network architecture CramSaver If you can correctly answer these CramSaver questions. since everyone seems to be talking about Software Defined Networking (SDN) . A Northbound API Yes. Chapters Nineteen through Twenty-Three also exist in this grouping.Chapter 24. Remember.

What does it actually look like? Well. There is stuff in your router or switch that is great at building the little databases these devices need. On a router. Routing protocols. help to create a routing table. This allows the fancy . For example. Separating the Control Plane stuff and the Data Plane stuff inside a device is old news and has been going on for a long time! What really gets exciting is in SDN where you take the Control Plane intelligence needed and centrally locate it in a device called the controller. Cisco likes to use REST-based APIs. Whew. After that. On top. Finally. First. But wait—we have a potential problem here! How are these devices going to communicate? For example. on a switch. It makes more sense to me to first fully understand the separation of the control plane and the data plane. if someone wants to write a program to control the network using the controller. you have a programmer that wants to develop a program to get information from the controller and provide the controller with instructions for controlling the devices. These are basically standardized languages for communications between devices. One thing that is surprising. we need a nice MAC address table built. that is a mouthful. we call the language options Northbound APIs. discuss northbound and southbound APIs. This device can then handle (very efficiently) all the Control Plane items while the other networking devices just handle the Data Plane tasks! Cisco has a version of SDN termed Application Centric Infrastructure (ACI). Because the programmer is above the controller in our diagram. I suppose. a key component is the controller called the Application Policy Infrastructure Controller— Enterprise Module. It is the job of the Control Plane to build these things. let us take a high-level look at these three points. what language will they use? And what language will the controller use to communicate to the network devices? The answer is in APIs (application programming interfaces). Sure enough. the separation of the control plane and data plane. Think of the fancy Cisco controller sitting in the middle between two things. In this quick chapter. realize the function of a controller.these days. it is software that runs on a physical server or even a virtual (especially VMware) server in your network. Separating that fancy stuff from the raw forwarding mechanics of the devices helps make things super-efficient for you. what is even a bit stranger is the fact that someone got the order of these a bit wrong. is the fact that those three letters never appear in that section of the blueprint shown below! “Describe network programmability in enterprise network architecture Function of a controller Separation of control plane and data plane Northbound and southbound APIs” In fact. I think. Moving frames or packets from one interface to the next based on the information from the Control Plane is the job of the Data Plane (sometimes called the Forwarding Plane). I guess we are not surprised to find SDN rear its head in the latest CCNA exam from Cisco Systems. we better have a nifty routing table that is accurate. such as OSPF.

What is the current Cisco version of SDN? A.1 shows these components of SDN. Where is the service abstraction layer in SDN? A.discovery and control of the network elements using the HTTPS protocol. ExamAlert Figure 24. Below the data plane devices B.1 The Components of SDN CramQuiz 1. IP SLA D. Above the network apps C. At the same layer as the northbound APIs 2. SPAN . Cisco likes to keep it simple—they use the command-line interface (CLI) and Simple Network Management Protocol (SNMP). The APIs are aided by a service abstraction layer in order to control the devices. What about the APIs that are used below the controller? Those APIs for the controller to actually command the network devices? These are Southbound APIs. For the exam—know these well! FIGURE 24. SNMP B. Below the controller D. Application Centric Infrastructure C.

CDP B.com/sdn-apis . Additional Resource SDN APIs—http://www. B is correct. Review Questions 1. The Application Centric Infrastructure is Cisco’s SDN offering. HTTPS C. Network elements can be discovered how in SDN? A. The CLI and SNMP are both examples of Southbound APIs. CLI B. TELNET D. 2. REST-based APIs can leverage HTTPS. FTP D. A is correct.CramQuiz Answers 1. FTP C. 2. SCP Answers to Review Questions 1. What is an example of a Southbound API option with Cisco? A.ajsnetworking. NTP 2. The service abstraction layer is below the controller. C is correct. B is correct.

The two practice exams are followed by their answer keys with explanations to help with remediation on those questions you missed. Part 8 includes the following elements: Command Reference Practice Exam 1 Practice Exam 2 Answer Key to Practice Exam 1 Answer Key to Practice Exam 2 Glossary . the glossary provides definitions for all of the essential terms and components highlighted in all of the chapters. The command reference defines commands that are relevant for your CCNA Exam. Practice Exams. Finally. and Glossary This part of the book provides both study material and a few practice exams to help prepare you for the actual exam. Part VIII: Command Reference.

255: This global-configuration command creates a standard ACL. this command could be used to upgrade or restore an IOS image crypto key generate rsa: This global-configuration mode command creates the RSA keys material needed for SSH encryption D debug ip icmp: This command enables the syslog (Level 7 debug) information to be . and it sets a banner message to display before the username: login prompt. or if you prefer.0.0.255 B banner login #: This command is done in global-configuration mode. run through all of the commands from A to Z to help further prepare you for exam day! A access-list 1 permit 172.0.16.Command Reference This command reference permits you to quickly brush up on any commands that might be relevant for your CCNA Exam. you run this from privileged mode clock set 19:23:23 15 November 2018: This command sets the time and date on your Cisco device clock summer-time EDT recurring: This global-configuration command sets the Daylight Savings Time settings clock time zone EST-5: This global-configuration command sets the time zone for your device copy running-config startup-config: This command saves your configuration in RAM to the NVRAM of the system copy tftp flash: This command retrieves files from a TFTP server and copies them into the local flash memory of your system.1. note that the special character is your choice and will end the banner entry C cdp enable: This interface-level command enables CDP on an interface cdp run: This global-configuration command enables CDP on the local device channel-group 1 mode on: This command sets an interface for a static port-channel group clear logging: This command clears the contents of the logging buffer.16.0 0.0 0. Use this as a reference. note here the number is 1 and the permitted source addresses are 172.1.0.

in this example.2: This DHCP pool configuration command sets the DNS server addresses for the clients. in this example. we use the name MYACL .1.2. the clients will use 10. its ID is 10 ip access-group 1 in: This interface-level command assigns a numbered standard ACL as a network filter in the inbound direction ip access-group 40out: This interface-level command sets the outbound filtering ACL to 40 (in this example) ip access-list standard MYACL: This global-configuration command creates a named access list.100: This global-configuration command configures inside static source NAT.2. in this example.1. here we set a name of R1 I ip nat inside source static 10. it is used for backward compatibility with very old Cisco devices encapsulation ppp: This interface command sets PPP as the WAN encapsulation end: This command sends you back to the privileged mode prompt regardless of how deep you are in the configuration hierarchy exec-timeout 0 0: This command is typically performed in the console port—it configures an inactivity timer in minutes and seconds.2 E enable: This user mode command allows you to enter privileged mode enable password ThisIsmyPassw0rd: This global-configuration command sets an unencrypted password.1. in this example. the DNS servers used by clients would be 8.produced for ICMP traffic on the device debug ip rip: This command enables the syslog (Level 7 debug) information to be produced for RIP traffic to and from the device default-router 10.10: This command creates a subinterface. the first IP listed is the inside local.1. this example will never cause a timeout on the line where it is configured exit: This command exits the current configuration mode and sends you back one level H hostname R1: This global-configuration command sets the network name of the local device.8 4.2.2.1 as their default gateway dns-server 8.8.1.8.2.8.1: This DHCP pool configuration command sets the default gateway for DHCP clients.1.8 and 4. the ACL is a standard type.2.8.1 10. and the second is the inside global interface fastethernet0/0: This global-configuration command enters interface configuration mode for the referenced interface interface gi0/1.

2 121: This global-configuration command configures a static route . it is a static default route.100 10. if there is no domain list.10.10.0. note that the next hop is 10.0 255. note the source list is ACL 1 ip nat inside source list 1 pool MYNATPOOL: This global-configuration command configures dynamic source NAT.255.101 netmask 255.60.0 10.0. you can also exit interfaces instead of the next-hop router address ip route 10.1.20.10: This global-configuration command excludes a range of IP addresses from the DHCP pool scope ip dhcp pool CCNAEXAMCRAM: This global-configuration command begins the DHCP pool configuration mode.1. note the ACL 1 is for the devices to be translated (inside local).10.1.1 10.2: This global-configuration command configures a static route.1. note that it also creates the pool specified ip domain-list: This global-configuration command defines a list of domains.ip address 10.255. if there is a domain list. note that this command is required for using SSH ip helper-address 10. the pool represents IP address(es) that will be used for the translation(s) ip nat outside: This interface-level command sets the outside interface for NAT ip nat pool MYNATPOOL 10.255.60.1.1. the IP addresses are the starting IP and the ending IP of a range ip ospf area 0: This interface-level command sets Area 0 for OSPF on the interface. the domain name that you specified with the ip domain-name global-configuration command is used.0: This global-configuration command configures a NAT pool used in dynamic NAT.1.0. which is the address of your DHCP server ip name-server: This global-configuration command is used to specify a DNS server that the router can use to resolve names to IP addresses ip nat inside: This interface-level command sets the inside interface for NAT ip nat inside source list 1 interface fa0/0 overload: This global-configuration command configures PAT. in certain cases (such as point-to-point serial interfaces). in this case. this is an alternative to the network command ip route 0.2.20. the default domain name is not used ip domain-lookup: This global-configuration command sets the router to request DNS resolution as a client ip domain-name: This global-configuration command sets the domain name for the local device. each to be tried in turn.255.0.0 10.0 0.255.1 255.1.0: This command configures the IPv4 address and subnet mask under an interface ip address dhcp: This interface-level command instructs the device to obtain its interface IP address using DHCP.3: This interface-level command instructs the router to forward DHCP broadcasts as directed unicasts to the address listed.10. this is DHCP client functionality ip dhcp excluded-address 10.255.1.1.10.10.

the user is also taking advantage of the IPv6 address notation shortcuts ipv6 address 2001:AAAA:BBBB::/64 eui-64: This command assigns an IPv6 address under an interface.ip sla 1: This global-configuration command begins the construction of an IP SLA test ip sla schedule 1: This command begins the scheduling parameters for an IP SLA test ip ssh version 2: This global-configuration command sets the version of SSH to be used ipv6 address 2001:aaaa:bbbb::1/64: This command assigns an IPv6 address under an interface. note here that the modified EUI-64 format is used for the automatic host portion assignment ipv6 address autoconfig: This interface-level command instructs the local device to acquire its IPv6 address through the Stateless Autoconfiguration process ipv6 eigrp 100: This interface command sets EIGRP for IPv6 on the interface ipv6 ospf 1 area 0: This interface-level command sets IPv6 OPSF for area 0 ipv6 route 2001:aaaa::/64 serial 0/0: This global-configuration command configures a static route for IPv6 ipv6 router eigrp 100: This global-configuration command enters EIGRP for IPv6 router configuration mode ipv6 router ospf 1: This global-configuration command enters OSPFv3 (OSPF for IPv6) configuration mode ipv6 unicast-routing: This global-configuration command enables the routing of IPv6 routing protocols on the local device L line console 0: This global-configuration command enters the configuration for the console 0 port line vty 0 4: This global-configuration mode command allows you to enter the virtual terminal lines for configuration on a router.1.3: This command sets the sending of syslog messages to the specified destination address . The default for most switches are vty lines 0–15 lldp run: This global-configuration command enables LLDP on the local device lldp receive: This interface-level command configures settings for the receiving of LLDP messages lldp transmit: This interface-level command configures the settings for the sending of LLDP messages logging buffered 4: This global-configuration command sends syslog messages of level 4 through 0 to the buffer logging console 6: This global-configuration command sends syslog messages of level 6 through 0 to the console line logging host 10. notice here the mask is 64-bits and the user is assigning a specific host portion.1.

0.0 0.0 network 10.10.1.0: This BGP-configuration command advertises a prefix into BGP no shutdown: This interface-level command enables the interface no auto-summary: This router-configuration-mode command sets RIP to not perform automatic summarization on major network boundaries ntp master 2: This global-configuration command sets the local device to be the authoritative time source. this command is optional neighbor 192.0.logging synchronous: This line-configuration mode command ensures that syslog output does not interrupt your command input at the CLI login: This line-configuration command causes a local password check for access login local: This line-configuration command causes authentication to use the local accounts database M monitor session 1: This command begins the configuration of a SPAN session N name EAST: This VLAN configuration mode command provides a name for your VLAN. when used as part of routing protocol configuration.1. the default stratum is 8 ntp server 10.1.1 remote-as 6500: This command configures your eBGP peer network 10.255.0.0.0/24 range network 10.0 /24: This DHCP-pool-configuration command sets the addresses to be leased to clients.1.2: This DHCP-pool-configuration command allows DHCP to function in conjunction with VoIP TFTP servers for the downloading of configurations to IP Phones P passive-interface: This command.255.255 area 0: This OSPF-configuration command runs OSPF area 0 on all interfaces in the 10.0 0.0: This router-configuration-mode command sets the interfaces on which to run RIP network 10.10.1.1.1. note the use of a wildcard mask is optional network 10.0.255: This router-configuration-mode command sets the interfaces to run EIGRP. can cause interfaces to not send routing updates .0 mask 255. the stratum set here is 2.255.1.10.10.0.1 O option 150 ip 10. note that any excluded-addresses are not included.0 255.1.1.10.168.1. here the NTP server is located at 10. here the addresses to lease are set to 10.1.1.1: This global-configuration command configures the local device to be a client of a remote NTP server.255.255.

the ports inside it.4. this command does not indicate interface assignments for filtering. a weak Cisco hashing is used show access-list: This command allows you to see the access lists that are configured on the device. this command shows detailed information about CDP neighbors show clock: This command shows the current time and date settings for the router show etherchannel 1 summary: This command allows you to verify the EtherChannel.4 source loopback 0: This command performs a Ping setting the source address to the interface you specify ping 4.4.4 source loopback 0 repeat 100: This command performs a Ping and sets the source address as well as sets the Ping packet count (packets sent) to 100 R router-id 2.2.2. the flash is typically where the IOS is stored show interface gi0/1: This command shows the statistics and health information for an interface show interface gi0/2 switchport: This command is very useful on a switch in order to .1.4.4. and their health show flash: This command shows the contents of flash memory on the Cisco device.password ThisIsMyT3ln3tPassword: This line-configuration-mode command provides a password for access via that line ping: This command allows you to begin a Ping with extended options ping 10. note that this command also would allow you to see hits on the access list. note that this command does not show detailed information like IP address information show cdp neighbor detail: Like show cdp entry *. this includes the IP address of the neighboring device or devices show cdp neighbor: This command shows general information about the neighbors in a tabular format.1. remember.3: This command allows you to perform a Ping to the IP address specified ping 4.2: Sets the Router ID for the local OSPF process router bgp 6500: This global-configuration command enters BGP-configuration mode router eigrp 100: Enters EIGRP-configuration mode from global-configuration mode router ospf 1: This global-configuration command enters OSPF-configuration mode for local process ID 1 router rip: This global-configuration command enters RIP-configuration mode S service password-encryption: This command ensures that passwords do not appear as clear text in the running and startup configurations. however show cdp: This command shows global CDP settings for the device show cdp entry *: This command shows detailed neighbor information for CDP.

note that this command also shows the logging buffer and its contents show mac address-table: This command allows you to view the CAM (or MAC) table on your local switch. note it is the IPv6 equivalent of show ip interface brief show ipv6 interface fa0/0: This command shows IPv6 details on the referenced interface show ipv6 ospf neighbor: This command permits you to see your OSPFv3 peerings show ipv6 route: This command shows the IPv6 routing table. note this command does not show subnet mask information show ip interface fa0/0: This command shows important Layer 3 characteristics for an interface. this is also very useful to see details regarding trunking on the port. note that by default you see both static and dynamic entries show monitor session all: Here you can easily verify configured SPAN sessions show ntp associations: This command permits you to see the NTP devices that you are synchronized with .see details of the Layer 2 configuration such as the data and voice VLAN assignments. note that it is the IPv6 equivalent of show ip route show logging: This command shows the logging (syslog) settings for the local device. should trunking be configured show interface trunk: This command shows details for all of the trunk ports that exist on the Cisco switch show ip bgp summary: This command allows you to see your BGP peerings show ip dhcp binding: This command shows the lease information that clients possess from the local DHCP server where this command is run show ip eigrp neighbor: This command allows you to view your EIGRP peerings show ip interface brief: This command shows a tabular summary of the status of interfaces as well as the IP address information that is assigned. this includes the assignment of access-lists that might be used as incoming or outgoing filters show ip nat translation: This command shows NAT translations that exist on the local device performing NAT show ip ospf neighbor: This command allows you to see your OPSF peerings show ip protocols: This command shows details about the routing protocols that are running on the local device show ip route: This command shows the IP routing database show ip sla summary: This command permits IP SLA verification show ipv6 eigrp neighbor: This command permits the verification of the EIGRP for IPv6 neighbors show ipv6 interface brief: This command shows brief tabular information about the status and IPv6 address information on interfaces.

spanning-tree portfast: This command enables PortFast on an interface standby 10 ip 10. these. it is often thought of as the “saved” or backed up” config show vlan brief: This command shows you a tabular summary of the VLAN information on your switch show vlan: This command shows you detailed information about the VLANs that exist on your device. this example sets data VLAN 20 switchport mode access: This interface-level switch command sets the local interface to access mode as opposed to trunk mode. They must be configured manually either as an access or trunk port switchport mode trunk: This interface-level switch command sets the local interface to trunk mode as opposed to access mode. it is rarely used.show ntp status: This command provides you information on your local NTP sync status. there are different VTP versions and VTP modes. this command is critical to ensure you are receiving accurate time from a time source show port-security interface gi0/1: This command provides valuable status information regarding the port security settings for a particular interface. as well as the defaults in place show running-config: This command permits you to view the commands that makeup the configuration in RAM on the device. among other things. remember. the resulting status is Administratively Disabled snmp-server: This partial command permits many options for the configuration of SNMP version 2c and 3 on the device spanning-tree bpduguard enable: This command sets BPDU Guard on an interface. compared to show vlan brief show vtp status: This command allows you to confirm the VTP settings on your local switch. Port security requires that ports are not dynamic.1: This command sets the HSRP virtual IP standby 10 preempt: This permits an HSRP speaker with a higher priority to take over as the active router standby 10 priority 110: This command demonstrates setting the HSRP priority switchport access vlan 20: This interface-level switch command assigns the data VLAN on the interface. are confirmed with this command shutdown: This interface-level command disables an interface. this is the configuration that is currently being used by your local device show spanning-tree vlan 10: This command permits the verification of the spanning tree settings for the VLAN 10 show standby: This command permits the verification of HSRP show startup-config: This command allows you to see the configuration stored in NVRAM. it is an excellent way to check your configured settings.10. this config is the one that is activated upon a reboot of your device.10. note that this command allows multiple data .

it is a port-security-optional configuration switchport port-security maximum 2: This interface-level switch command sets the maximum number of MAC addresses for port security.4.154-3.3e20.M3.1Q encapsulation. then static entries to be written in the running config. all settings use the default switchport port-security mac-address fa16. note that this variation allows you to use extended options. here the MAC address is fa16. with an MD5 stored password for that user. and ICMP response messages for its functionality traceroute 4.2: This command is used to Telnet to the address specified terminal monitor: This command permits a client to see syslog information while remotely accessing a device traceroute: This command shows you the path taken to reach a specific destination.2. on some switches. traceroute uses the TTL in the IP header.4: This command shows the path to the specified destination transport input ssh: This line-configuration-mode command permits the specific remote access protocols you are allowing. the default privilege level is 1 V verify / md5 flash0:c2900-universalk9-mz.VLANs on the port switchport port-security: This interface-level switch command enables port security on the interface.3e20. in this example.2. two MAC addresses are permitted switchport trunk encapsulation dot1q: This interface-level switch command sets the local interface to use 802.4.bin a79e325e6c498b70829d4db0afba2011: This command verifies the IOS image referenced has not been altered since download from Cisco . this example uses VLAN 50 for this T telnet 2. note that you can list multiple protocols U undebug all: This command disables any enabled debugging on the local system.58f1 switchport port-security mac-address sticky: This interface-level switch command causes MAC addresses to be learned dynamically.58f1: This interface-level switch command sets a static MAC address for port security. you run this command from privileged mode username JOHNS secret 1L0v3C1sc0Systems: This command is done in global- configuration mode. if this is the only command used. specifying the trunking protocol is a requirement before setting the mode to trunk switchport voice vlan 50: This interface-level switch command sets the local interface to use a specific Voice VLAN.SPA. it creates a user account on the system for local access.

in this example VLAN 20. this creation of a new VLAN does not take effect until you exit from VLAN configuration mode .version 2: This router configuration command sets RIP to use version 2 vlan 20: This command is performed in VLAN configuration mode and creates a VLAN on the device.

As you take this practice exam. begin by eliminating incorrect answer(s): If there are four options and you know that three are absolutely wrong. If you read the answers from the top. The Answer Key provides a chapter reference for you to make looking up trouble spots much easier for you. chances are you might be unsure about other areas related to that same topic. If you are unsure about one aspect of a topic. make a note of it: Go back and review any trouble areas later. Read the answers starting from the bottom: When you read the answers from the bottom. Use the online materials: There are even more practice exams waiting for you on Pearson Test Prep software that is available to you either online or as an offline . the better you are likely to perform in the actual exam. This is dangerous since there might be a better answer later in the options. If you cannot determine the correct answer(s). the fourth option has to be the correct one. please consider the following test-taking tips: Read each question twice if necessary: Be sure to read each question carefully so that you can fully understand the question. Sometimes this will necessitate reading the question twice.Practice Exam 1 Are you ready to assess your preparedness for the actual CCNA exam? Practice Exam 1 and then Practice Exam 2 are here for this purpose. Prepare mentally to take a test: To properly assess yourself. multiple times until you get perfect scores: When you can consistently score high on these practice exams. you might find yourself quickly selecting an answer that looks right and skipping over the other answers. Time yourself: The CCNA exam is a 90-minute exam. not just looking up the answer to this one question. Consider taking this practice exam. Be sure that you are mastering the topic area. you force yourself to carefully read each answer. we use them here to make this exam much tougher! These questions also provide me with the ability to test you in a simulation style manner —where you must provide correct configurations. Provide scratch paper and a pen and pencil for yourself. Time yourself during this practice exam to make sure that you stay within this time limit. No other tools (such as calculators) may be used in your actual exam or in your practice here. take this practice exam as you would take the real exam. Pay close attention to the Answer Key: You will note that many exam answers lie in store for you in our explanations to questions as well! Enjoy the fill-in-the-blank style questions: Although these question types are rare for the actual exam. This means that you should find a quiet place without any distractions so that you can focus on each question. If you do not know the answer to a question. as well as the next one.

The violation mode in use here is Protect 4. TCP C. What is the default administrative distance for eBGP? . Be sure to use those materials as well. C. What transport layer protocol features the use of sequencing and synchronization methods? A. You have configured your gi0/1 Cisco switch port as follows: interface gi0/1 switchport mode access switchport port-security Which of the following statements is true? A. Don’t despair: Do not be overly upset if on your first attempt at this practice exam. The default number of dynamic MAC addresses is 1. D. The mode must be trunk for port security to be used. Go back through and review your problem areas now to ensure you are ready! Congratulations in your pursuit of this valued IT certification! 1. ICMP B. E. ARP 2. 2. The default violation mode is Restrict. UDP D. and 3 are all Cisco Layer 2 switches in their default configuration. how many collision domains exist in this network? _________ 3. It only means that you need to continue studying. What protocol is used with an Integrated Services approach to QoS? _________ 5. Windows application. Be glad that you can spot your weak areas now and not after taking the actual exam. you do not score well. Examine the figure. If devices 1. This configuration prevents the logging of Port Security violations. B.

255. What is the following IPv4 address range used for? 224. 8 9. 0–30 C. 20 B. 1–20 B. Which of the following is an error-free valid hostname for a Cisco switch running . What is the Layer 2 destination address? _________ 11. To send a packet to a group of systems C. What is the default range for TTL in Cisco’s implementation of extended Traceroute? A. How are IPv6 addresses typically allocated to computers at a company connected to the Internet? A. Using Unique Local Addressing (ULA) 10. By an ISP B. 1–10 8.0 to 239. To send a packet to a single specific system D. 1–30 D. Using an EUI-64 server C. 200 E. To send multiple packets to only a single specific system 7. 90 6.255.0. To send a packet to all systems B. Examine the figure. 110 D. 15 D. What is the privilege level for the user given the following command? username johns secret cisco123 A. Using an NATv6 device D.0. 0 B. A. 120 C.255 A. 1 C.

20 Protocol: 802.20 (VLAN 20) VLANs: 10. going to a host on network 192. STP D. What keyword enables the use of PAT in your NAT configuration? A. Load B. Link state C.1. FHRP B. Path vector 15. What technology provides multiple default gateways in a redundant manner? A.1Q IP addressing: 10. Distance vector B. SW1-4501 D.1/24 (VLAN 20) _________ 14. Pool 17.20.10.0/24. What type of routing protocol uses split horizon and poison reverse type mechanisms? A.10.0/24. SPAN C. How many syslog levels are there with Cisco equipment? . _________ 16.1. 10.168. Use ACL 101. Overload D.10 (VLAN 10). Hybrid D. Provide all configuration commands in order to configure this device as a router on a stick (ROAS) using the following information: Physical Interface: GigabitEthernet 0/1 Subinterfaces: GigabitEthernet 0/1.1/24 (VLAN 10). 1SW12 12. Ports C.1. You are in privileged mode on R1. IP SLA 13. 1SW-2 C. GigabitEthernet 0/1. Create an extended ACE that permits Telnet traffic from a Telnet server on the network 10. version 12.x of Cisco IOS? A.10. 12345 B.

1 C. How many collision domains exist between the PC and Router 1? A. 6 C. Examine the topology shown here. What value do you change to have a router ignore its own startup-config on boot? A. 2 D. 0 B. Examine the topology shown in the figure. FTP C. 4 D. nvram. flash-boot B. SCP 21. 8 B. Which devices in the network operate only at the physical layer of the OSI . 16 18. Which of the following provides a secure method to transfer files in your Cisco network? A. TFTP B.ini C. A. The PC has sent a Ping request to the Server. system-start 19. 3 20. configuration register D. Telnet D.

Disable VTY login using the VTY line configuration command: no login B. It can have IP routing enabled B. Disable the use of the plain text passwords in the configurations E. Disable SSH on the VTY lines 24. Switch 3 F. Router 2 D. Disable Telnet on the VTY lines using the command: transport input ssh C. Bridge 1 C. reference model? (Choose two.) A. A default gateway allows the switch to access remote networks E. From the list. Ethernet cabling B. PC Network Interface Card 22. It can be used for NAT or PAT D. Examine the switch configuration shown. Which of the following are true on a typical Cisco access-layer switch? (Choose two.) A. which of the following would be correct best practices for device hardening measures? (Choose two. What problem exists with this suggested configuration change? .) A. Disable all banner messages D. It can have an IP address configured for management C. Hub A E. Ports default to no switchport mode 23.

but it is likely there will be many more than two learned MAC addresses on that port. C. Port security can only be used with 802. and RIPv2 were all enabled on each interface on each router. B. A violation mode for port security must be selected. Port security can only support a single secure MAC address. OSPF because its cost is derived from bandwidth and delay C.1Q trunks.Click here to view code image SW1 configure terminal interface fa0/10 switchport trunk encapsulation isl switchport mode trunk switchport port-security switchport port-security max 2 no shutdown A.77. If OSPF. Port security can be used on trunks (depending on the switch).0/24? A. TCP C. EIGRP because its metric considers bandwidth and delay B.67. HTTPS E. ICMP 26. Examine the topology shown in the figure. 25. D. IP B. OSPF because it is an advanced distance vector routing protocol D. Which of the following would be the preferred transport layer protocol for carrying Voice over IP (VoIP) when speed and throughput is a priority? A. which routing protocol would be used by R4 to determine the best route to 10. EIGRP. EIGRP because of administrative distance . UDP D.

A router at Layer 3 28. Firewall B.11 standards for connecting end users to the network? A. What device can use a dual-band approach and 802. B. Which of the following statements regarding ICMP is correct? A. ICMP relies on TCP for reliable packet delivery. Provide the Router 2 configuration for RIP version 2 to enable RIP on G2/0. D. Also. A network device that forwards packets between those VLANs would be operating (at a minimum) at which OSI level? A. ICMP functions at the Network layer of the OSI model. ensure that RIP will not perform automatic summarization. A switch at Layer 2 C. C.0. 30. What type of physical topology is created when using a Layer 2 switch or a hub on the LAN? . Examine the topology shown in the figure.168. The G2/0 IP address is 192. AP D. A router at Layer 2 D. A switch at Layer 1 B. ICMP relies on UDP for efficient packet delivery. ICMP functions at the Session layer of the OSI model. _________ 29. WLC C.1/24. Router 31.27. You decided to reduce the size of your existing Layer 2 broadcast domains by creating new VLANs.

19 C.224. Unicast D. The command dual-stack routing B. What type of IP address is used to send traffic to one specific receiver from one specific source? A. N2=1. Rxhead 0 00 pak=0x6044D78 ds=0x6044ED4 status=80 max_size=1524 pak_size=0 _________ 34. Star 32. What must be in place before you can route other devices IPv6 traffic through your Cisco router? A.104 36.16.255. The ipv6 unicast-routing global-configuration command .43. NIM slot 1. remote_addr=0 N1=1524. NIM version 1 idb = 0x6150. local_addr=0. What command produced the following output? Click here to view code image MK5 unit 0. scaler=100. Mesh B. regaddr = 0x8100300 IB at 0x6045500: mode=0x0108.35 serial cable attached RX ring with 32 entries at 0x45560 : RLEN=5. T3=2000. 177. Which of the following addresses is a private-use-only address? A.123. Partial mesh D. IPv4 interfaces D.120 B. 12.34. Hybrid C.23. A. Multicast B.92. TP=1 buffer size 1524 DTE V. 10.56. A loopback 0 interface with an IPv4 address assigned C.10.12. driver structure at 0x34A878. Broadcast C. 201.100 D. Anycast 35.101 with 255. What is the last usable host address given the IP address and subnet mask of 172.34.0? _________ 33. NIM type code 7. T1=1000.

What traditional 802. The switch sends VLAN 100 configuration information to the VTP Server. Discarding B.1D STP port state does not exist in 802. Listening C.) A. C. show version 40. B. The switch produces an error message. show ip bgp peers C. show collisions D. What is the result? A. 41. show controllers B.37. Learning D. no cdp B. no cdp enable C. B. no cdp run . You issue the vlan 100 command in global-configuration mode to create a new VLAN. Your Cisco switch is currently in VTP Client mode. Connectivity is typically intermittent. What are two reasons a duplex mismatch can be so difficult to find? (Choose two. show ip bgp adjacencies B. show ip bgp summary D. Users are presented with an error message that varies by operating system. 39. Forwarding 42. The switch reverts to Transparent mode. Which command displays a quick view of BGP neighbor status? A. Users cannot communicate on the network at all. show ip bgp neighbor 38. Connectivity might be slow. D. The switch configures the VLAN. C. show interface C.1w RSTP? A. What global-configuration command allows you to disable CDP on an entire Cisco switch? A. D. What command would you use on a Cisco Layer 2 switch in order to verify errors regarding sending or receiving frames? A. but on the local device only.

0. What command permits you to see your EIGRP peers? A.1 A. 10.255. What service provides name resolution for network requests? A. Examine the configuration that follows.0 47. 120 D. When you enable port security for a switch port. workstation 46.255.0 172. Shutdown C. what is the default violation mode? A. 172.20. NAT C. show eigrp peers 48.255. Passive 44.255.10. 20 B.16.20. access B.1. 255.10. What is the default administrative distance for internal EIGRP? A.0/24? Click here to view code image ip route 10.20. What layer of the Cisco hierarchical model would most likely feature intense security mechanisms? A. Protect D.10. What is the next hop for 10.1.0 255. ICMP B. DNS .0 B. show eigrp sessions C. no cdp search 43. distribution C.0. Restrict B.16.0. D. show eigrp neighbor table B.1 D. show ip eigrp neighbor D. core D.1 C. 110 C. 90 45.

NTP 49. NBTSTAT C.139.yahoo. 2 D.8. D. MSCONFIG 50. Examine the access list shown below. show interfaces terse B.8#53 Non-authoritative answer: www.com Address: 98. ip address enable dhcp C. 8 E.wg1.180. What interface configuration mode command configures a Cisco router as a DHCP client? A.24 Name: fd-fp3.b.wg1. 1 C.183. What is the stratum of a Cisco router if you configure it to be the authoritative time server with the command ntp master? A. ip address auto B.139. NETSTAT B. dhcp address D.8.8. 0 B.wg1. show addresses C. show ip interface brief D.com Address: 98.yahoo. show ip interface 52. 13 53.b. What tool produced the output shown? Click here to view code image Server: 8. Name: fd-fp3. What command allows you to confirm the IP address and mask assigned to an interface? A.com.yahoo.149 A. NSLOOKUP D.8 Address: 8. What is the issue with this access list? Click here to view code image .b.8. ip address dhcp 51.yahoo.com canonical name = fd-fp3.

D. Telnet is disabled. CPU usage D. An access list B. C. CHAP D. The access list permits the traffic before it denies the traffic. What is the effect of the no login command in line vty 0 4? A.1 access-list 1 deny any log A. B. What protocol is responsible for setting up and maintaining PPP links? A.10. Users can not access a VTY. The access list cannot end with a deny statement. Examine the configuration below. The access list is not named. 54. A NAT list D. An interface reference 55. D. Buffer overflow 56. Standard access lists do not support logging.10. Redirection B.1.16. An IP SLA ICMP test can be used to check for which of the following? A. This command has no effect.2 access-list 1 deny host 172. What do we use in dynamic NAT configuration in order to identify the traffic we intend to translate? A. A pool C. What statement is false? Click here to view code image no service password-encryption ! enable secret rtYHS3TTs ! . LCP B. access-list 1 permit any access-list 1 deny host 10. B. Users are not asked for a password. PAP 57.10.10. NCP C. C. Latency C.1 access-list 1 deny host 10. 58. which is required.

the switch would have learned the MAC address of both Windows hosts. A new Layer 2 switch in its default configuration has just been powered up. Your senior network administrator is concerned about network security. He has asked that you ensure the PC-10 device in VLAN 10 is the only device that is permitted to connect to Port 0/2 on the switch. The switch can be configured with an IPv4 address on interface VLAN 1. The switch would see the two Windows hosts directly connected devices from CDP. D. Telnet users will be required to provide a password for Telnet access. and an IP Phone (using POE) connected to its Ethernet ports. In addition to a console connection there are two Windows hosts. New plain-text passwords will not be encrypted. username admin01 privilege 15 secret Cisco123 ! line vty 0 4 password ChEeEs&WiZ login transport input telnet A. C. The admin-level user account’s password is not very secure. B. D. 60. B. The switch won’t know if the IP phone is a Cisco IP phone.) . C. How should you respond? (Choose two. If either Windows host has successfully completed an ARP resolution. 59. Refer to the network topology that follows. or a third party IP phone until a call is initiated from the phone.) A. Which of the following are true? (Choose two. Telnet users will be required to provide enable password of ChEeEs&WiZ for access to privileged mode.

Configure Router A to route traffic sourced from any device other than PC-10 to Null0.A. C. E. D. Configure the service password-encryption command on the switch. Configure Port Security on interface 0/2 of the switch. . B. Configure RIP on all network devices and use MD5 authentication. Configure a static MAC address as part of port security.

10 encapsulation dot1q 10 ip address 10.Answer Key to Practice Exam 1 Answers at a Glance to Practice Exam 1 1.1 255. B 7.255.255.20. B 2.255. 11 3. C 4.20 encapsulation dot1q 20 ip address 10.1 255.1. C 8. configure terminal ! interface gi0/1 no shutdown ! interface gi0/1. C 12.255. RSVP 5. A 10. A 6.1.0 14. 00:1b:77:12:34:56 11.0 ! interface gi0/1. A . A 13. B 9.10.

B. D 27.0. D 21. D 24. C 35.0. D 37.0. access-list 101 permit tcp 10. C 17. show controllers 34. router rip version 2 no auto-summary network 192. A 30. 172.16.0.10. D 36.168. A.15. D 22. B. D 23. C 20. B 25. D 28.168.10. D 32. C 31.0 0.255 16. C 26.255 eq 23 192.0 29.254 33.0 0. C 19. C .0. A 18.31.1.

E Answers with Explanations 1. B 59. D 39. There are two transport layer protocols listed here. D 58. Therefore. UDP. B. B 44. C. D 51. C 49. B 54. Of these two. Chapter 1 Network Fundamentals: Models and Designs—Answer B is correct. AAA—Answer C is correct. C 43. Chapter 4 LAN Switching Technologies: Switching Concepts—11 is correct. A 41. UDP does not. A. TCP provides reliability features like sequencing of packets and synchronization. D 52. B 42. TCP and C. B 40. Here we have 9 workstations connected for 9 collision domains. 38. you should be able to narrow this question down to two options immediately—B. Notice this is a default configuration of Port Security. 3. This Layer 2 switch concept is often called microsegmentation. D 45. Chapter 16 Infrastructure Security: Access Layer Security. B 56. A 57. C 48. This makes a total of 11 collision domains. B 46. D 60. Every port on a Layer 2 switch creates a collision domain by default. Every value is . and we have a collision domain for each of the 2 interswitch links. D 53. A 55. C 47. 2. C 50.

0. This is unlike a broadcast where a single packet is sent to all systems. Extended Traceroute uses a default range of 1 to 30 by default. digits. and hyphens.255 is the IPv4 multicast address range. Chapter 21 Infrastructure Management: Initial Device Configuration— Answer C is correct. Chapter 8 Routing Technologies: Inter-VLAN Routing—the following configuration is correct: Click here to view code image configure terminal ! interface gi0/1 no shutdown ! . HSRP—Answer A is correct. it is common to have ISPs assigning blocks of addresses to an enterprise. Chapter 2 Network Fundamentals: IPv4—Answer B is correct. 13. C is the only option that conforms to the naming requirements. set to default. 11. Chapter 18 Infrastructure Security: Device Hardening—Answer B is correct. The username command defaults to privilege level 1 for the user when a level is not specified. Chapter 7 Routing Technologies: Routing Concepts—Answer A is correct. Chapter 13 WAN Technologies: QoS—RSVP is correct. and have as interior characters only letters.0. 7. Hostnames on most Layer 2 switches running IOS 12. In IPv6. This violation mode will log violations. NTP. This means the default number of MAC addresses is 1 and the default violation mode is Shutdown. Chapter 4 LAN Switching Technologies: Switching Concepts— 00:1b:77:12:34:56 is correct. end with a letter or digit. 4. Names must be 63 characters or fewer. 10. 12. Chapter 14 Infrastructure Services: DNS. There is the Src for Source and Dst for Destination in the output of the packet capture shown. Chapter 23 Infrastructure Management—IOS Troubleshooting Tools— Answer C is correct. 5. The Layer 2 addressing information appears under the Ethernet II section. RSVP sends signals to reserve resources in the path of traffic.0 to 239.x must start with a letter. First Hop Reachability Protocols include HSRP and VRRP. DHCP. 224. Chapter 3 Network Fundamentals: IPv6—Answer A is correct. This range permits the sending of a single packet to a group of machines that “subscribe” to the traffic. This is due to the massive address space that is possible and a lack of need for private use only addressing.255. Contrast this to Internal BGP (iBGP) of 200. 6. In IPv6 environments. 8. The default administrative distance for eBGP is excellent at 20. 9.255. broadcast traffic is eliminated in favor of multicast.

Chapter 22 Infrastructure Management: Device Maintenance—Answer C is correct. Chapter 4 LAN Switching Technologies: Switching Concepts—Answer C is correct.10.0 0. The cabling and the hub are Layer 1 components. It is the only protocol listed here with security and encryption capabilities for file transfer.20.1. 20.1 255.255 eq 23 192. The hub does not create collision domains off its ports. interface gi0/1. The Secure Copy Protocol (SCP) relies upon SSH technology for its operation.168.0. Syslog levels 0 through 7 are available on most Cisco devices. Syslog. 14. Chapter 15 Infrastructure Services: NAT—Answer C is correct. The Configuration Register settings can permit a router to ignore its own startup-config during boot.255.20 encapsulation dot1q 20 ip address 10.0.255.1 255. 17.255.10. Chapter 17 Infrastructure Security: ACLS—access-list 101 permit tcp 10.0 0. and uses subinterfaces set for 802.10 encapsulation dot1q 10 ip address 10. This ACE meets the criteria given. Chapter 4 LAN Switching Technologies: Switching Concepts—Answers B and D are correct. This includes poison reverse and split horizon. There are two collision domains. The router includes a Layer 2 and Layer 3 component. 23.10. Layer 2 access switches will typically have IP addresses assigned for management purposes. IP SLA—Answer A is correct. 16. You should disable the use of Telnet by using the transport input ssh . again for management purposes.255. Chapter 9 Routing Technologies: Routing Methods—Answer A is correct.0 ! interface gi0/1. A default gateway permits a managed switch to access remote networks.0. Bridges and Switches include Layer 2 components. The bridge does. 19.1. Chapter 22 Infrastructure Management: Device Maintenance—Answer D is correct.1. Chapter 1 Network Fundamentals: Models and Designs—Answers A and D are correct. 22. So there are two collision domains created by the bridge.1Q encapsulation and appropriate IP addresses for the different VLANs. 15.255.0 Notice this configuration features no IP address on the physical interface. Chapter 18 Infrastructure Security: Device Hardening—Answers B and D are correct.0. 21. Distance vector routing protocols rely on many mechanisms to avoid errors in routing information. The overload keyword implies the use of Port Address Translation. 18. Chapter 19 Infrastructure Management: SNMP.

11ac and others. A wireless access point (AP) is a device designed to connect users to the network. Depending on the AAA configuration (or lack thereof). Note that this is often in the form of route processor inside a multilayer switch. VoIP uses UDP for efficient transport. Chapter 1 Network Fundamentals: Models and Designs—Answer C is correct. so the limit of two MAC addresses would likely be too restrictive. The device is typically dual band. allowing 2. ICMP operates at the Network layer of the OSI model.254. 802. .0 29. AAA—Answer B is correct.16. including 802. Chapter 1 Network Fundamentals: Models and Designs—Answer D is correct. Chapter 8 Routing Technologies: Inter-VLAN Routing—Answer D is correct. command. 27. Chapter 1 Network Fundamentals: Models and Designs—Answer A is correct.15.1 to 172. which also do not rely on TCP or UDP. the command no login removes the requirement for a login password on the VTY lines. There are 3 subnet bits. 24. Chapter 1 Network Fundamentals: Models and Designs—Answer C is correct. It is encapsulated directly in IP packets and does not rely on UDP or TCP for its operation.11 standards. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—the following configuration is correct: router rip version 2 no auto-summary network 192. This is output from show controllers. but not on a dynamic port. Note that ICMP possesses its own protocol number like OSPF or EIGRP.31. Chapter 16 Infrastructure Security: Access Layer Security. use the service password-encryption command to hide plain text passwords. it is likely there will be many devices’ MAC addresses crossing the trunk. 33. The host range for this subnet is 172. 26. A router at Layer 3 provides the Inter-VLAN communications. Note the type of serial cable connected is displayed regarding a serial interface. This could also be implemented as a router on a stick (ROAS). 32. Also.168. Chapter 2 Network Fundamentals—IPv4: 172.0. 30. Chapter 1 Network Fundamentals: Models and Designs—show controllers is correct.16.0. 31. 25.11n.16. Both the hub and switch form a physical star topology. Port security can be used on configured access or trunk ports. 28. The increment is 32.254 is correct. When used on a trunk.4 GHz and 5 GHz bands for access by several different 802. Chapter 7 Routing Technologies: Routing Concepts—Answer D is correct. Here EIGRP is preferred due to its lower administrative distance.

On a point- to-point link. Chapter 4 LAN Switching Technologies: Switching Concepts—Answer C is correct. If you attempt to do this.0. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing— Answer C is correct.0: 172. The default admin distance for internal EIGRP is 90.255. and STP—Answer B is correct.31. Chapter 1 Network Fundamentals: Models and Designs—Answer B is correct. and STP—Answer A is correct. 45. 37.10. The next hop is the last IP address shown in this command.0.255. use the no cdp enable command in interface configuration mode.0 255. 44. Chapter 5 LAN Switching Technologies: VLANs. AAA—Answer B is correct.255. 192. Trunks.1.0.16. Chapter 2 Network Fundamentals: IPv4—Answer D is correct. When you configure port security. Chapter 4 LAN Switching Technologies: Switching Concepts—Answer B is correct. This issue is difficult to pinpoint because communication is intermittent or slow.16. 40.0.168. the local exit interface can be used as part of the command instead of . Unicast addresses are used for a specific host to send traffic to a specific host. To disable a CDP just on a single interface. Note that the workstation layer and the access layer are the same.255. Here are examples of private IPv4 address ranges 10. 46. Chapter 4 LAN Switching Technologies: Switching Concepts—Answers B and D are correct. Chapter 2 Network Fundamentals: IPv4—Answer C is correct.168. route other devices IPv6 traffic without the added global command. 39. the default violation mode is shutdown. They cannot. No cdp run is used to disable CDP globally on the device.255.255. 43. The listening state does not exist in RSTP.20. Trunks. 172. The show interface command is very valuable for troubleshooting issues like collision. and also for verifying the overall status of a switch or router interface. however. 36.255.255. 35.0: 10. 42.34. The static route is ip route 10.0: 192. such as access control lists to control traffic. This rules out A and D as options. The distribution layer typically features the most intense security mechanisms. Use show ip bgp summary in order to quickly verify peers. Chapter 16 Infrastructure Security: Access Layer Security. Chapter 5 LAN Switching Technologies: VLANs. you receive an error message.255. Chapter 2 Network Fundamentals: IPv4—Answer D is correct. Chapter 7 Routing Technologies: Routing Concepts—Answer D is correct. Cisco routers are able to support IPv6 on interfaces by default.1. 38. 41. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing— Answer C is correct. VLANs cannot be created on VTP Client devices.0 172.

it indicates that the password should not be checked when connecting to the router on those VTY lines. This command does not provide mask information. Chapter 19 Infrastructure Management: SNMP. NTP. With the IP SLA feature. Link Configuration Protocol (LCP) is responsible for the WAN link maintenance in PPP. Chapter 11 WAN Technologies: WAN Options—Answer A is correct. The NSLOOKUP tool is a common utility for DNS issues. It is simple to configure your Cisco device to acquire an address via DHCP. NTP. 48. they are processed from top to bottom. 52. you can use show ip interface. 57. Chapter 14 Infrastructure Services: DNS. HSRP—Answer D is correct. Chapter 14 Infrastructure Services: DNS. DHCP. table-like format. A stratum 1 device is the most authoritative time server on the network. after bringing up the interface. HSRP—Answer C is correct. 54. the next-hop address of the next router in the path. HSRP—Answer C is correct. The order of access list statements is very important. you can test latency. Syslog. Under interface configuration mode. 55. HSRP—Answer D is correct. Chapter 14 Infrastructure Services: DNS. DNS provides resolution of names to IP addresses. 56. DHCP. When it is issued. When you use the command ntp master and do not specify the stratum: the default stratum is 8. 51. the subsequent “deny” access control entries wouldn’t even be allowed. Here. DHCP. This command is often typed as simply sh ip int br. however. . NTP. For that. It does so in an easy-to-read. The NAT commands also can include a pool to indicate the addresses that will be used for the translations. use the ip address dhcp command. The no login command is very confusing. Chapter 21 Infrastructure Management: Initial Device Configuration— Answer D is correct. Chapter 17 Infrastructure Security: ACLS—Answer B is correct. 50. and would generate a message indicating a conflict due to the permit any entry already being in place. Chapter 14 Infrastructure Services: DNS. Chapter 21 Infrastructure Management: Initial Device Configuration— Answer D is correct. The show ip interface brief command provides a nice summary of the IP addresses assigned to your interfaces and their status. 53. Effectively it means that no login is required. On many IOS routers. IP SLA—Answer B is correct. the permit statement that begins the list permits all traffic before the deny statements are processed. Chapter 15 Infrastructure Services: NAT—A is correct. 49. DHCP. The tool is excellent and displays information that you can use to diagnose Domain Name System (DNS) infrastructure problems and misconfigurations. NTP. 47. Dynamic NAT uses an ACL to identify the addresses to translate. Use show ip eigrp neighbor to see your peers. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing— Answer C is correct.

. a solution is port security with a static port security MAC address assignment. 59. Here the Telnet password will be ChEeEs&WiZ. but to access privileged mode. Chapter 4 LAN Switching Technologies: Switching Concepts—Answers A and D are correct. 60. rtYHS3TTs is required. When the Windows hosts send at least 1 frame into the network. A default gateway is also required for the switch to communicate back to the management computer if that management computer is not on the same IP subnet as the switch. AAA—Answers C and E are correct. Here. Chapter 18 Infrastructure Security: Device Hardening—Answer B is correct. the switch would learn their respective MAC addresses. The switch can be configured with a management VLAN 1 IP address for the benefit of management of the switch. Chapter 16 Infrastructure Security: Access Layer Security.58.

take this practice exam as you would take the real exam. Use the Pearson Test Prep software online: There are even more practice exams waiting for you in the Pearson Test Prep software online for this text. If you do not know the answer to a question. Provide scratch paper and a pen and pencil for yourself. we use them here to make this exam much tougher! These questions also provide me with the ability to test you in a simulation style manner —where you must provide correct configurations. Consider continuously taking this practice exam and the next until you get perfect scores: When you can consistently score high on these practice exams. Pay close attention to the Answer Key: You will note that many exam answers lie in store for you in our explanations to questions as well! Enjoy the fill-in-the-blank style questions: While these question types are rare for the actual exam. chances are you might be unsure about other areas related to that same topic. make a note of it: Go back and review any trouble areas later.Practice Exam 2 Are you ready to assess your preparedness for the actual CCNA exam? Practice Exam 1 and this Practice Exam 2 are here for this purpose. No other tools (such as calculators) may be used in your actual exam or in your practice here. Sometimes. please consider the following test-taking tips: Read each question twice if necessary: Be sure to read each question carefully so that you can fully understand the question. you should be very close to ready for the actual exam. If you cannot determine the correct answer(s). Prepare mentally to take a test: To properly assess yourself. If you read the answers from the top. If you are unsure about one aspect of a topic. This means that you should find a quiet place without any distractions so that you can focus on each question. Be sure that you are mastering the topic area. As you take this practice exam. The Answer Key provides a chapter reference for you to make looking up trouble spots much easier for you. you force yourself to carefully read each answer. Time yourself during this practice exam to make sure that you stay within this time limit. Time yourself: The CCNA exam is a 90-minute exam. Read the answers starting from the bottom: When you read the answers from the bottom. Be . this will necessitate reading the question twice. not just looking up the answer to this one question. the fourth option has to be the correct one. This is dangerous since there might be a better answer later in the options. begin by eliminating incorrect answer(s): If there are four options and you know that three are absolutely wrong. you might find yourself quickly selecting an answer that looks right and skipping over the other answers.

20.0.0 0.10.10. Authentication Phase 3.10.16.255. In what phase of PPPoE is authentication performed? A. It only means that you need to continue studying.10. sure to use those materials as well.0 ip nat inside ! interface gi0/1 ip address 10. Be glad that you are able to spot your weak areas now and not after taking the actual exam.0.0 ip nat inside ! interface serial 0/0 ip address 172. Examine the NAT configuration shown in the exhibit. Don’t despair: Do not be overly upset if on your first attempt at this practice exam.255.10.1 prefix 24 ip nat inside source list 7 pool MYPOOL overload access-list 7 permit 10. Go back through and review your problem areas now to ensure you are ready! Congratulations in your pursuit of this valued IT Certification! 1. Which protocols on the left match up to the layers on the right regarding the encapsulation done by the PC? (Not all protocols are used.1 255.10.64 255. Active Discovery Phase B.31 access-list 7 permit 10.1 255.10. PPP Session Phase D. The user at the PC shown in the figure that follows is copying a file from the Server with a program that uses a connectionless transport protocol.255.0 0.10.) .255.255.20.1 172.16.0 ! ip nat pool MYPOOL 172.255.16. Passive Discovery Phase C.31 _________ 2.0.10. you do not score well. What is the problem with this NAT configuration? Click here to view code image interface gi0/0 ip address 10.0.

It triggers AAA only access to the VTY lines. B. show bgp peers D. Examine the configuration shown below. show bgp adjacencies 5. 4. It redirects login to the console port. D. 6. Why is the configuration producing an error when pasted into the CLI? Click here to view code image Current configuration : 2945 bytes ! ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption . It prevents log in to the device using the VTY lines. It does not require login on the VTY lines. What is the effect of the no login command under the virtual terminal lines? A. C. show ip bgp neighbors C. What command can you use to see the BGP peers from your local device? A. show ip bgp summary B.

10.10.1.255.16.! hostname Router-A ! boot-start-marker boot-end-marker ! no aaa new-model ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! redundancy ! ! ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 ip address 172.16.224 duplex auto speed auto media-type rj45 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip route 10.0 0.255.1 any access-list 101 deny ip any any log ! control-plane .0 255.10.0.255.64 255.0.10.2 ! ! ! access-list 101 permit ip 10.255 any access-list 101 deny ip host 10.1.10.255.255.0 172.

CBWFQ C. ARP C. Because of a bad IP address and mask combination 7. TPM B. Flash 10. What Cisco technology features the use of a Forwarding Information Base? A. The transport input command lists both Telnet and SSH D. VTP D. A bridge would forward the packet based on the Layer 1 destination . FIFO 9. Where is the full compressed IOS image typically stored on a Cisco router? A. CEF B. What QoS technology is often used for congestion management in VoIP environments? A. RAM C. LLQ B. ! ! line con 0 line aux 0 line vty 0 4 password cisco no login transport input telnet ssh ! no scheduler allocate ! end A. NVRAM D. WFQ D. What is true regarding a network device that receives the packet as shown in the protocol analyzer output that follows? (Choose two.) A. Because there is no enable password set B. IPv6 8. Because the hostname is not legal C.

Network access layer C. TCP B. ARP 12. Map the layers on the left to the protocols on the right. 13. ICMP C. What is the equivalent of the OSI presentation layer in the TCP/IP model? A. Transport layer D. Application layer 14. HTTP B. A router would forward the packet based on the Layer 2 source address E. What protocol does Ping use? A. What transport layer protocol provides sequencing and synchronization? A. A router would forward the packet based on the Layer 3 source address F. TCP . UDP D. address B. Not all layers are used. A router would forward the packet based on the Layer 3 destination address 11. and some layers may be used more than once. A hub would forward the packet based on the Layer 2 destination address C. A switch would forward the frame based on the Layer 2 destination address D. Internet layer B.

AP D. the user at PC1 has asked about which program to use that will copy a file from the server to PC1 using a reliable Layer 4 transport protocol. Star D. Partial mesh 18.) . ICMP D. Which of the following would meet both requirements? (Choose two. WLC B. Access B. What topology provides the most overhead in a network design? A. What device protects “internal” networks from “external” networks? A. 1600 C. 1500 B. C. Internet C. 9000 19. What layer of the classic Cisco network model is typically not collapsed in a simplified two-layer design? A. Distribution 17. What is the standard maximum frame size in a typical Ethernet network? A. Full mesh C. Bus B. Firewall C. UDP 15. 1900 D. Core D. Layer 2 Switch 16. In the network depicted.

SCP E.e728. Error Disabled B. Both devices . Paused 21. SwitchB C. TFTP C. Admin Disabled D.8101 Which switch becomes the root bridge if the default STP priority values are in place? A.9301 SwitchB: 0019. SwitchA B. Shutdown C. A. DNS 20. FTP D. What happens to a port protected with BPDU Guard when there is a violation? A. VTP 22. OSPF B. Trunking C.3412. What technology is used in order to allow a switch port to carry the traffic of multiple Data VLANs from one device to another in a Cisco network? A. Port Security D. VLAN hopping B. None of these switches D. Examine the MAC addresses on SwitchA and SwitchB: SwitchA: c001.

D. This is the metric value for the route entry. ff00::/8 C. fe80::/8 D.16.10.0 255. f008::/10 28. What does this indicate? A. what is the purpose of the last entry in this command (121)? Click here to view code image ip route 10. Your junior administrator is examining a Cisco routing table and asks you what is the meaning of the D he sees in routing table entries. Violation null C.1 121 A. EIGRP 25. BGP C. RIP D. What port security approach is considered a mix of dynamic and static configuration? A.0 172. What networking device provides instructions to APs in the modern network? A. Examine the command shown here.10.1. Which of the following is used by an IPv6 multicast address? A. fec0::/10 C. fec0::/8 26. fc00::/8 D. OSPF B. B. fe80::/10 B.255. 27. C. Sticky learning D. This is a sequence number. This is an administrative distance value to create a floating static route. What is the prefix used for IPv6 Link Local addresses? A. This is a weight value. Trunking B.255. Blocked learning 24. f080::/10 B. 23. Firewall C. Router B. Switch .

the Server is sending HTTP content back to the PC that requested it. The Hubs. Authentication 30. show ipv6 eigrp neighbor D. show eigrp neighbor ipv6 B. The Routers. Bridges. The area ID D. Which of the following does not need to match when configuring your OSPF version 2 peering? A. In the network depicted. Which of the following is true as the packets are forwarded over the network? A. and Switches use Ethernet addresses to make forwarding decisions C. Based on the network depicted. Routers. The hello and dead timers C. and Switches use Ethernet addresses to make forwarding decisions D. The Hubs. WLC 29. The local process ID B. D. and Switches use Ethernet addresses to make forwarding decisions 32. show ipv6 eigrp peering 31. provide the complete syntax for a standard ACL . Bridges. The Bridges and Switches use Ethernet addresses to make forwarding decisions B. What command enables you to see your IPv6 EIGRP neighbors? A. show eigrp ipv6 neighbor C. Bridges.

. but is available to IGPs. _________ 33.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! . for Router 2 G2/0 that permits traffic sourced from the PC but denies all other traffic. The tunnel interface is not exported by BGP. Examine the topology and the configurations that follow. Why is R1’s loopback interface unable to Ping the loopback interface of R3? Click here to view code image R1# R1#show running-config Building configuration. The tunnel interface goes down. B. There is no impact on the tunnel interface. HSRP D. 34. Which of the following is a Cisco FHRP protocol? A. What may happen to a GRE tunnel if the router has learned the destination IP address for the destination of the tunnel interface through the tunnel itself? A. PPPoE B. C. The tunnel interface comes up. STP 35. D.. This ACL must use the number 10. Current configuration : 1270 bytes ! ! upgrade fpd auto version 15. and must use the most efficient syntax possible. GRE C.

255.255.1 255.1 255.2.1.255 ! ! interface FastEthernet0/0 ip address 10.1.255.2.255.boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 1.0 duplex half ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! .

0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R1# R2# R2#show running-config Building configuration...0.router rip version 2 network 1.0. Current configuration : 1280 bytes ! upgrade fpd auto .0.0.0 network 10.

255.2.2.0 duplex half ! ! interface FastEthernet1/0 ip address 10.2.255 ! ! interface FastEthernet0/0 ip address 10.255.255.255.2.1.2 255.version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! interface Loopback0 ip address 2.1.255.2 255.0 duplex auto speed auto ! ! .255.2 255.

0.0 network 10.0.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! control-plane ! ! ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end .interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 2.0.

. Current configuration : 1270 bytes ! ! upgrade fpd auto version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! redundancy ! ! ip tcp synwait-time 5 ! ! ! ..R2# R3#show running-config Building configuration.

0 network 10.255 ! ! interface FastEthernet0/0 ip address 10.1.0.! ! ! ! ! interface Loopback0 ip address 3.3.3 255.0.255.3.1.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! .0 duplex half shutdown ! ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! ! router rip version 2 network 3.0.255.255.0.3 255.255.

126 Type escape sequence to abort. Your junior admin notes that when he just performed a Ping.255. ! mgcp fax t38 ecm mgcp behavior g729-variants static-pt ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end R3# _________ 36.cnn. What is the correct sequence of the first four protocols .com for news. ARP resolution C. with one of the next hops being unavailable B. Sending 5. 10Mbps being used instead of FastEthernet or GigabitEthernet 37. Load balancing. Half-duplex operation D. round-trip min/avg/max = 35/72/76 ms A. 100-byte ICMP Echos to 10. What is the most likely cause of the following results? Click here to view code image Router1# ping 10.255. and checks www. one of the packets failed. The user at PC-10 powers up their computer.0.0. timeout is 2 seconds: .126. Router A is assigning IP addresses to hosts in VLAN 10 as shown in the depicted network that follows.!!!! Success rate is 80 percent (4/5).

15.255 39. 172.255. Given the following address and mask 172.0 C.16.8.10. what is the broadcast address for the subnet? A.255 D. 172. TELNET D.255 B. 172.16.255. What is the authentication method found in many RADIUS environments today? A.0. used by PC-10 when it powers up? _________ 38. PAP C.1 255.16.16.16. EAP B. MD5 .248. 172.16.

40.255. This command is not valid C. West B. What will be the result? A. What command does a client use to enable stateless auto configuration of IPv6 address information on an interface? A.255. B. East C.0.75 89. To indicate the time of transference for syslog messages to the server 42.255. The following was added to Router X: ip route 10.0. The static route will have an administrative distance that is better than RIP. Northbound 41. ipv6 address autoconfig B. Southbound D. ipv6 address dhcp C. . To prevent attackers from manipulating the time in syslog messages B. There will be a Layer 2 loop. What is the purpose of the following command: service timestamps log datetime msec? A. To mark syslog messages with the data and time.224 10.128 255. ipv6 enable 43. ipv6 address enable D. RIP version 2 is properly configured and working on both routers shown in the depicted network.255. What is the term for an API that communicates from a network management station to the SDN controller? A. including the millisecond D.

128/27 to PC 1. PC1 is sending an HTTP packet to Server 1. Destination physical address will be 00:00:66:66:66:66.92.255.255. Source physical address will be 0000. D. 45. The Switch MAC address table is shown below the topology here. Router X will attempt to send packets destined to subnet 10. Source address will be 10. and the user at PC 1 uses Ping to test the IP address reachability of Sever 1. C.0. This will cause a broadcast storm. C.4444.3333. Destination address will be 0000.4444. Examine the topology shown below.0.) A. PC1’s ARP cache is empty. E. D. B.3333. What is true about this traffic as it is forwarded through Switch C? (Choose three. 44. Which of the following is true when the user presses enter? . Source Layer 2 address will be 00:00:11:11:11:11.

. C. . . . The switch will add the printer’s MAC address to the MAC address table. . : 172.) . . B.255 Subnet Mask .255. : 172. except 0/7. . The first frame will be sent out port 0/6 only. : 255. The results are as follows: Click here to view code image Ethernet adapter: Connection-specific DNS Suffix .18. . . . The reply to the Ping request will cause the server’s MAC address to be added to the table. The first frame will have a destination MAC address of Server 1. . . . . . D. . . A host runs the command ipconfig on their local system. 46. .254 Which of the following are true? (Choose two. : IPv4 Address.0 Default Gateway . . .18.63. . . .248. E. . . . A. The first frame from PC1 will be forwarded out all ports.62. . .

45.60.61. C.255. .255 E. E.0? (Choose three.0 C.18.) A.0 F. A. The host address is on the 172. These devices are now running in their default configuration. The broadcast address for the host’s subnet is 172. 60.56. show interface.248. SW1 will see CDP neighbors on at least three interfaces.0/21 network. 60. or show ip interface brief can be used to confirm that R1 G0/0 is up/up.5 would be on the same network as the host in the question.71. The network the host is connected to is a Class B private address. 40.60.70. B.18. show ip interface. 51. Refer to the depicted network. Which of the following are true? (Choose three. All the switches and R1 have had their startup configurations deleted and then were rebooted before saving to NVRAM.70. 47.70. The host with an IP of 172.) A. 50.64. The subnet the host is connected to could support up to 2048 hosts. D.255.56.0 B. B.18. and 30 will now all be on the same VLAN. Which of the following are valid host addresses when using a mask of 255.50. Clients shown in the diagram as being on VLANs 10.255 D. C. The commands show protocols.80. 20.80.71.255 48. 34.

Existing and future plain text passwords should be encrypted. Star D. Using Layer 2 D. Using 802. Service Password Encryption was used. SSH should be enabled on the switch. CSMA/CD technology is critical for what type of Ethernet network? A.30. Provide the switch configuration to meet these requirements: Create a user account BOB with a password of ToUgH1!23. _________ 50.1Q messages B.1 /24 was added for G0/0 on R1. B. E.0. SW2 will see two CDP neighbors.75/27. Full mesh B. 20 . and it should be stored using MD5.0. Half-duplex 51.30. this password should be stored using MD5.94. Using VTP messages C. Your VoIP users are complaining about their Cisco IP Phones not functioning properly. The local user accounts should be used to authenticate on the VTY lines. Using Layer 1 53. How is CDP carried on the network? A. CDP was disabled. SSH is now mandatory. If the command: ip address 10. 52. There have been changes to the local switch that connects these users. The password to get into privileged mode should be iTsMe@HeRe$. 49. Telnet was no longer permitted. Telnet should be disabled on the switch. What is the most likely problem? A. C. Partial mesh C. SW1 would learn that IP address within 60 seconds. The default gateway should be set to 10.20. D. The management interface should use the default VLAN and have the IP address of 10.20. What is the default administrative distance of iBGP? A. D.

57. 0 B. login B. Use the ntp server command. 1 week D. 1 day C. 1 hour B. C. What is the default privilege level for a local user account created with the username command? A. What two options exist for the next-hop information in a static route? (Choose two. 1 C. Use the ntp master command. What is the default lease duration for a Cisco DHCP server? A. D. 200 54. 8 D. Specifying the next-hop CDP ID D. 120 D. B.) A. 90 C. Specifying the exit interface 55. 15 58. local C. B. Specifying the next-hop IP address B. Use the ntp clock command. Use the ntp source command. login local D. What VTY line command causes the local username database to be checked for remote access? A. How do you configure a Cisco router to act as the reference time source on a network? A. move . 1 month 56. Specifying the next-hop MAC address C. What command do you use in order to upgrade an IOS image on your local device with an image from a TFTP server? A. aaa login local 59.

2 C. 3 D. upgrade 60. 1 B. tftp server D. copy C. 5 . B. How many probes does Ping send by default? A.

B 16. B 23. F 11. B 18. C. A 30. D 6. Application—TFTP. A 8. D 20. A 5. D 7. D 14. TCP—Transport. A 9. Transport—UDP. C 3. This configuration fails to define the outside NAT interface 2. Network Access—Ethernet 4. B 12. D 10. C 27. B 28. D 25. C .Answer Key to Practice Exam 2 Answers at a Glance to Practice Exam 2 1. A 17. A 26. Internet—IP. CDP—Datalink. Serial —Physical. PPP—-Datalink. SMTP—-Application. IP—Network 13. B 15. C 24. C. A 21. B 22. D 29. A 19.

16. C 46. D 41. 1st—DHCP. A 32. 4th—HTTP 38.0. A. B. C 35.50 access-list 10 deny any interface gi2/0 ip access- group 10 out 33. B 34. E 47. 3rd—DNS. The Fa0/0 interface on R3 is administratively down 36. A 44. C. A 40. F 48. C. username BOB secret ToUgH1!23 ! line vty 0 15 transport input ssh login local ! service password- . B. A 39. B 37. B. access-list 10 permit host 172. A.31. 2nd—ARP. E 49. E 45. C 42. A 43.

B 58.30. Chapter 11 WAN Technologies: WAN Options—C is correct. B 60. Transport—UDP. .30. D 51.94 50. A 52.255. Internet—IP. 255. D Answers with Explanations 1. Notice here we are doing a form of dynamic NAT. C 53. Authentication takes place in the PPP Session Phase. UDP is the connectionless transport protocol used by TFTP. This means we are doing Port Address Translation or PAT. Network Access—Ethernet. 2. C 59. while Ethernet is used at the Network Access. 3. B 56. we are overloading a single routable address. Chapter 15 Infrastructure Services: NAT—this configuration fails to define the outside interface. There are two phases of PPPoE. D 54. Chapter 1 Network Fundamentals: Models and Designs—Application— TFTP. Also. encryption ! enable secret iTsMe@ HeRe$ ! interface vlan 1 ip address 10. IP is the Internet layer protocol. D 55.20. A.75 255. except it does not specify the outside NAT interface (serial 0/0). This configuration is fine.20. Here the connectionless application if TFTP.224! ip default- gateway 10. There is the Active Discovery Phase and the PPP Session Phase. B 57.

it indicates that the password should not be checked upon login. 14. As a side note. 15. so it does not prevent login. the hostname was not the problem. This provides a strict priority queue for voice traffic alongside CBWFQ for other traffic forms. Use the show ip bgp summary command to see the peers with your local device. SMTP—Application. Names must be 63 characters or fewer. Chapter 1 Network Fundamentals: Models and Designs—D is correct. CDP—Datalink. Chapter 12 WAN Technologies: eBGP—A is correct. 16. This includes the sequencing and synchronization of packets. 7. as done here. 9. 5. TCP at the Transport layer provides connection oriented. Keep in mind. Chapter 7 Routing Technologies: Routing Concepts—C and F correct. 12. Chapter 21 Infrastructure Management: Initial Device Configuration—D is correct. Chapter 22 Infrastructure Management: Device Maintenance—D is correct. When it is issued. Chapter 13 WAN Technologies: QoS—A is correct. but actually makes login possible without security. These days they can even be virtual. TCP —Transport. Cisco Express Forwarding enhances the speed of routing operations and uses a Forwarding Information Base in its operation. LLQ is the most common congestion management mechanism in VoIP environments today. PPP—Datalink. 6. The presentation layer of the OSI model is rolled into the Application layer of the TCP/IP model. In this example. 4. which is the problem with this attempted configuration. Chapter 1 Network Fundamentals: Models and Designs. A . Be prepared to map technologies to the correct layer of the OSI model. Firewalls are specialized devices that protect internal networks from external networks. A valid IP address can’t have all zeros for the host portion. digits. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—B is correct. on some Cisco devices. 8. The no login command can be very confusing. end with a letter or digit. Chapter 23 Infrastructure Management: IOS Troubleshooting Tools—B is correct. Flash memory is like the hard drive on a PC. they can be software implementations or hardware appliances. Chapter 1 Network Fundamentals: Models and Designs—A is correct. reliable features. 13. whereas routers forward based on the destination Layer 3 address (the IP address). 11. hostnames must begin with a letter. 10. Serial—Physical. Chapter 1 Network Fundamentals: Models and Designs—B is correct. it is typically where the operating system is stored. IP— Network. Chapter 21 Infrastructure Management: Initial Device Configuration—D is correct. and have as interior characters only letters. and hyphens. Ping is a troubleshooting tool that relies upon ICMP. Switches forward based on the destination MAC (Layer 2) address. Chapter 7 Routing Technologies: Routing Concepts—A is correct.

23. Trunks. specifically 802. DNS is used for name resolution and not file transfer. Chapter 16 Infrastructure Security: Access Layer Security. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—D is correct. Trunks. Multicast in IPv6 uses a FF00::/8 prefix. 7. Then this MAC address can be saved (using the command copy running-config startup-config) in the startup configuration as a static MAC address assignment for port security when the switch reboots. 9. Chapter 3 Network Fundamentals: IPv6—B is correct. . 20. Chapter 1 Network Fundamentals: Models and Designs—D is correct. the lower MAC address belongs to SwitchB. Chapter 4 LAN Switching Technologies: Switching Concepts—A is correct. Chapter 5 LAN Switching Technologies: VLANs. Chapter 22 Infrastructure Management: Device Maintenance—C and D are correct. collapsed core design is one where the distribution layer meshes into the core. In this case. EIGRP routes appear in the routing table with a D designation. C. 24. Chapter 10 Routing Technologies—Static Routing and Dynamic Routing—C is correct. A BPDU-Guard–protected port enters an error-disabled state when a violation is detected. AAA—C is correct. 4. TFTP uses UDP and does not provide reliability. fe80::/10 is the prefix reserved for link local addressing in IPv6.1Q. 3. permits the transport of multiple Data VLANs between devices. 6. 25. F. and STP—B is correct. You often see this in smaller networks. 21. 28. Trunking. 22. Chapter 1 Network Fundamentals: Models and Designs—B is correct. where the complexity of a three-layer design just really is not needed. 1. 2. D. 27. Chapter 3 Network Fundamentals: IPv6—A is correct. E. 17. The standard frame size and MTU is 1500 bytes in Ethernet networks. Port security sticky learning means the port will initially dynamically learn the MAC address and added to the running configuration. The mesh topology is often implemented as full or partial. 8. OSPF is a routing protocol and not a file transfer protocol used in the network. and STP—A is correct. Chapter 5 LAN Switching Technologies: VLANs. B. 26. The lower MAC address wins in the case of equal priority values. but it typically comes at the cost of complexity and the cost of many links. Chapter 5 LAN Switching Technologies: VLANs. 19. Finally. Administrative distance is added to the ip route command in order to create floating static routes. 5. The full mesh provides the best redundancy. A. The Wireless LAN Controller is the device in the modern network that controls and manages Access Points. Remember hex values of 0. Trunks. and STP—B is correct. 18.

38. Chapter 24 Infrastructure Management: Network Programmability—D is correct. Chapter 19 Infrastructure Management: SNMP. 40. AAA—A is correct. Here the increment is on 8 as there are 5 bits of subnetting used. 39. 32. 35. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—The Fa0/0 interface on R3 is administratively down. 34. Chapter 14 Infrastructure Services: DNS. The tunnel interface will go down if GRE has learned the tunnel destination IP address for the tunnel interface through the tunnel itself. Chapter 16 Infrastructure Security: Access Layer Security. The host range of this subnet is 172. Chapter 11 WAN Technologies: WAN Options—B is correct. 30. HSRP—C is correct. The local process ID is not one of them. 37.50 access-list 10 deny any interface gi2/0 ip access-group 10 out 33. . This can be a recursive routing problem.0.16. DHCP.16. 41.8. 3rd—DNS.254. Switches and Bridges use Layer 2 Ethernet addresses to forward traffic. 29. 36. EAP is an authentication framework used in many RADIUS environments. Chapter 1 Network Fundamentals: Models and Designs—A is correct. The show ipv6 eigrp neighbor command permits you to see the local peerings.16.15. Chapter 4 LAN Switching Technologies: Switching Concepts—B is correct. HSRP—1st—DHCP. Finally. The Northbound APIs are used to communicate between those configuring the network and the SDN controller. 31. this device will use DNS for domain name resolution and HTTP to access the Web site. Chapter 17 Infrastructure Security: ACLS—The correct syntax: Click here to view code image access-list 10 permit host 172. 4th—HTTP. This system broadcasts for its local DHCP server. DHCP. The Cisco FHRP protocol is HSRP. It then performs ARP for its default gateway. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—A is correct. Initial Ping packets might fail as a result of the initial ARP that must be performed. Syslog. Many values must match in order for an OSPF peering to form. Chapter 14 Infrastructure Services: DNS. The southbound APIs represent the communications from the controller to the actual network devices themselves. Notice the shutdown command is in place under the interface configuration for Fa0/0. NTP. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—C is correct. NTP. Chapter 2 Network Fundamentals: IPv4—A is correct.1 to 172. IP SLA—C is correct. This command ensures that syslog messages are timestamped to the msec. 2nd—ARP.

18. Chapter 18 Infrastructure Security: Device Hardening—Here is the solution configuration: Click here to view code image username BOB secret ToUgH1!23 ! line vty 0 15 transport input ssh . Chapter 2 Network Fundamentals: IPv4—B and E are correct. SW2.254 host range. The first frame would be an ARP request.0 or /21 48.56.56. SW1 will see SW4. Chapter 4 LAN Switching Technologies: Switching Concepts—C is correct.18.255.248.1—172. 42. and R1 via CDP. the source and destination IP addresses never change. SW2 will see SW1 and SW3 via CDP. The ipv6 address autoconfig command is used on the client.63. and F are correct. 44. Chapter 3 Network Fundamentals: IPv6—A is correct. This host is on the 172. Trunks. given this mask. Here the AD of the static route (89) is less (better) than the AD of RIP which is 120. 49. The Layer 2 header information as the frame goes through Switch C will show a source MAC address of Router X and a destination MAC address of Router Y.18. The clients are now on the same VLAN. 47.0/21 network with a 172. sent as a broadcast and it is sent out all ports for that VLAN except the switch port where the original frame entered the switch. C. Chapter 7 Routing Technologies: Routing Concepts—A. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—A is correct. Chapter 5 LAN Switching Technologies: VLANs. B and E are correct. Host addresses can’t have all 1s or all 0s for the host portion of their addresses. Chapter 2 Network Fundamentals: IPv4—B. and STP—A. 43. the default VLAN if 1. NOTE: 255. 46. C. Without NAT. Below is the breakdown for the relevant networks. and E are correct. 45.

DHCP. .255. 59. CSMA/CD allows devices to react properly when collisions occur on half-duplex network connections. Chapter 23 Infrastructure Management: IOS Troubleshooting Tools—D is correct.255. NTP. 57. NTP. Chapter 21 Infrastructure Management: Initial Device Configuration—B is correct. 53. Chapter 21 Infrastructure Management: Initial Device Configuration—A is correct.20. This permits user mode access only. iBGP is not considered compared to IGPs for distribution of prefixes inside an AS. Chapter 21 Infrastructure Management: Initial Device Configuration—C is correct. Chapter 7 Routing Technologies: Routing Concepts—D is correct.30. 51. 56. HSRP—B is correct. 52. The next-hop property can take an IP address of the next router or the local exit interface of the sending router. Chapter 22 Infrastructure Management: Device Maintenance—B is correct. HSRP—B is correct. Chapter 10 Routing Technologies: Static Routing and Dynamic Routing—A and D are correct. Chapter 22 Infrastructure Management: Device Maintenance—C is correct. 58. CDP is transported directly over Layer 2. The login local command ensures the use of the local user accounts database on the device when connecting to the VTY lines. Chapter 4 LAN Switching Technologies: Switching Concepts—D is correct. The default privilege level is very low—it is 1.224 ! ip default-gateway 10. As a result. 55. Chapter 14 Infrastructure Services: DNS. 54. The Ping utility sends five packets by default. The ntp master command sets the local device as an authoritative time source.30.20. Cisco IP Phones use CDP in order to communicate key information with the switch.94 50. 60. login local ! service password-encryption ! enable secret iTsMe@HeRe$ ! interface vlan 1 ip address 10. Chapter 14 Infrastructure Services: DNS. The copy command allows the transfer of files and images. The default lease duration is one day. This ensures devices can see each other. DHCP.75 255. it has a very high admin distance of 200.

Glossary A 802. ACE An access control entry is a permit or deny statement in an access control list. It represents network services to support end-user applications such as email and FTP. Cisco Enhanced Interior Gateway Routing Protocol (EIGRP) is considered an advanced distance vector protocol. which determines the believability of a source’s routing information. lower is more preferred. anycast The ability to assign identical IP addresses to different nodes. Attenuation occurs with any type of signal. these ACLs are often used to filter traffic when assigned to an interface. Note that backup configuration could also refer to a copy of the configuration that exists on a remote TFTP or FTP server. attenuation A term that refers to the reduction in strength of a signal. advanced distance vector protocol A routing protocol that combines some of the characteristics of both distance vector and link-state routing protocols. these devices are often dual band. 802. ACL An access control list is a list of access control entries that are checked to match traffic on a Cisco device. A device performs an ARP broadcast to identify the physical Layer 2 address of a destination device on an Ethernet network.1Q This technology inserts tags into frames in order to identify traffic belonging to specific VLANs over a trunk link. B Backup configuration The version of the Cisco device configuration stored in the NVRAM of the system. administrative distance A value that ranges from 0 through 255. APs Access points connect end users to the network using IEEE wireless technologies. application layer The highest layer of the OSI model (Layer 7). ARP (Address Resolution Protocol) A protocol used to map a known logical address to a physical address. whether digital or analog. BGP (Border Gateway Protocol) An exterior routing protocol that exchanges route . The network then calculates and forwards traffic to the “closest” device to respond to client requests. bandwidth The available capacity of a network link over a physical medium. AS (autonomous system) A group of networks under common administration that share a routing strategy. This physical address is then stored in local cache memory for later use. Sometimes referred to as signal loss.1x A security protocol suite for authentication of LAN and WLAN users. this is more frequently called the startup configuration.

client DNS configurations Domain Name Services configured on the client permit the . BPDU guard A STP security protocol for blocking rogue switches bridge A device used to segment a LAN into multiple physical segments. It is the essential mechanism that separates network switches from hubs. therefore. Broadband PPPoE A network protocol for encapsulating PPP frames inside Ethernet frames broadcast A data frame that is sent to every node on a local segment. and C. The most common classes are A. Bridges isolate local traffic to the originating physical segment. but forward all nonlocal and broadcast traffic. C CAM Content-addressable memory is the specialized memory used to store the CAM table—the dynamic table in a network switch that maps MAC addresses to ports. B. CDP enables network administrators to view summary protocol and address information about other directly connected Cisco devices. Bidirectional NAT Network Address Translation (NAT) that features address translation from the inside network to the outside network as well as translation of traffic flowing from the outside network to the inside network. boot field The lowest four bits of a 16-bit configuration register. classful addressing Categorizes IP addresses into ranges that are used to create a hierarchy in the IP addressing scheme. classless addressing Classless addressing does not categorize addresses into classes and is designed to deal with wasted address space. CDP (Cisco Discovery Protocol) A Cisco proprietary protocol that operates at the data link layer. The value of the boot field determines the order in which a router searches for Cisco IOS software. channels can be multiplexed over a single connection.information between autonomous systems. Chassis Aggregation A technology that allows many switches to act as a single switch checksum A field that contains calculations to ensure the integrity of data. In some situations. it reduces multiple routes into a single prefix. the CAM table is often considered to be synonymous with the MAC address table. CIDR provides a more efficient method of allocating IP address space by removing the concept of classes in IP addressing. A bridge uses a forwarding table to determine which frames need to be forwarded to specific segments. channel A single communications path on a system. which can be identified by looking at the first three bits of an IP address. CIDR (classless interdomain routing) Implemented to resolve the rapid depletion of IP address space on the Internet and to minimize the number of routes on the Internet. Cisco Discovery Protocol (CDP) A Cisco technology for discovering information about neighbors. CIDR enables routes to be summarized on powers- of-two boundaries.

and whether to load the startup configuration from NVRAM. collisions The result of two frames colliding on a network. installed at the customer site and connected to the network. such as where to look for the IOS image. CPE (customer premise equipment) Terminating equipment such as telephones and modems. Congestion Management A QoS category for dealing with network bandwidth congestion. this condition is avoided through the use of switches. Control Plane That category of network processing that involves control protocols such as routing protocols. CSMA/CD (carrier sense multiple access/collision detection) A physical specification used by Ethernet to provide contention-based frame transmission. collapsed core network designs A simplified version of the three-layer network model from Cisco Systems. resulting in the core and the access layer. D data access ports Ports on a switch used to accepts traffic from a single VLAN from .com) to IP addresses needed for network communication. A sending device first verifies that data can be sent without contention before it sends the data frame. CSMA/CA (carrier sense multiple access/collision avoidance) A physical specification used in wireless networks to provide contention-based frame transmission. this version takes the distribution layer and collapses it into the core layer. convergence The result when all routers within an internetwork agree on routes through the internetwork. controller The Software Defined Networking control device. configuration register A 16-bit storage location that is set as a numeric value (usually displayed in hexadecimal form) used to specify certain actions on a router. this means that an Ethernet card has a built-in capability to detect a potential packet collision on the internetwork. console A direct access to the router for configuring and monitoring the router.yahoo.device to resolve fully qualified domain names (www. In modern Ethernet networks. CSMA/CD specifies that a sending device must share physical transmission media and listen to determine whether a collision occurs after transmitting. CRC (cyclic redundancy check) An error checking mechanism by which the receiving node calculates a value based on the data it receives and compares it with the value stored within the frame from the sending node. In simple terms. congestion A situation that occurs during data transfer if one or more computers generate network traffic faster than it can be transmitted through the network. cloud services Resources that exist on the Internet for internal use.

forwards traffic. device access The ability to connect to a Cisco device for management using a wide variety of methods. delay The amount of time necessary to move a packet through the internetwork from source to destination. DCE (data communications equipment) The device at the network end of a user-to- network connection that provides a physical connection to the network. de-encapsulation The process by which a destination peer layer removes and reads the control information sent by the source peer layer in another network host. device trust Trusting the QoS markings sent from a device. and provides a clocking signal used to synchronize data transmission over the network. The class of the IP address defines the default mask. DMVPN A Cisco technology for dynamically connecting spokes to the hub. DHCP snooping A technology for eliminating rogue DHCP servers in your network. Dotted decimal notation represents the four octets of an IPv4 address in four decimal values separated by decimal points. DNS (domain name system) A system used to translate fully qualified hostnames or computer names into IP addresses. default VLAN In a Cisco switch with the default factory configuration. There are DHCP servers and DHCP clients that make up the process. dotted-decimal notation A method of representing binary IP addresses in a decimal format. the default VLAN is VLAN 1. and local login. Most distance vector protocols involve each router sending all or a large part of its routing table to its neighboring routers at regular intervals.workstations. DHCP The dynamic host configuration protocol. . Telnet. including SSH. data plane The movement of user traffic. default route A network route used for packets which don’t have a better match in the routing table. This communication protocol permits a server to automatically assign the IP address information required by clients on the network. default mask A binary or decimal representation of the number of bits used to identify an IP network. DHCP relay A device on the network that forwards DHCP requests from clients as unicast traffic to a DHCP server on a remote network segment. Contrast this to a trunk port that is carrying the traffic of many data VLANs. This VLAN permits all ports to participate in it by default. instead of having a full picture of the network. demarc The point of demarcation is between the carrier’s equipment and the customer premise equipment (CPE). The mask can be presented in dotted-decimal notation or as the number of bits making up the mask. distance vector protocol An interior routing protocol that relies information from immediate neighbors only. default routing The ability to create a default gateway for unknown destinations.

DTE (data terminal equipment) The device at the user end of the user-to-network connection that connects to a data network through a data communications equipment (DCE) device. encapsulation Generally speaking. EIGRP is considered an advanced distance vector protocol. dynamic route A network route that adjusts automatically to changes within the internetwork. EIGRP for IPv4 Enhanced Interior Gateway Protocol—a hybrid routing protocol. In the context of the OSI model. escalation The process of taking a troubleshooting issue to other parties for their assistance. encapsulation is the process of wrapping data in a particular protocol header. EIGRP for IPv6 Enhanced Interior Gateway Protocol for IPv6 routing. The show interface command is used to see these errors for an interface. Ethernet switching Ethernet switching permits full duplex communication that is collision free in modern LANs. dynamic NAT Network Address Translation that uses a pool of address for translation and access lists to define the addresses that will be translated. errors There are many different error conditions that might occur in an Ethernet network. it is widely used within the Internet. encapsulation is the process by which a source peer layer includes header and trailer control information with a protocol data unit (PDU) destined for its peer layer in another network host. EtherChannel The bundling of links together for shared bandwidth. EIGRP (Enhanced Interior Gateway Routing Protocol) A Cisco-proprietary routing protocol that includes features of both distance vector and link-state routing characteristics. The information encapsulated instructs the destination peer layer how to process the information. Encapsulation occurs as information is sent down the protocol stack. critical fields for Ethernet switches. EGP (Exterior Gateway Protocol) A routing protocol that conveys information between autonomous systems. Ethernet frame format The common fields found in modern Ethernet frames. dynamic routing Using routing protocols to dynamically share prefix information. These fields include a source MAC address and destination MAC address. dynamic port security This variation of port security features MAC addresses that are dynamically learned and secured on the switch port. These routes are learned dynamically via a routing protocol. err-disable recovery This Cisco device feature permits error conditions to be recovered from automatically after a duration of time. The Border Gateway Protocol (BGP) is an example of an exterior routing protocol. . E eBGP External BGP—a peering with a remote AS.

Flash is erasable. These include components like RAM. This is done for broadcast frames and unknown unicast frames. FTP (File-Transfer Protocol) A protocol used to copy a file from one host to another host. frame rewrite Routers manipulate address information inside of packets they are sending. F fault isolation The process of determining exactly where a problem exists in the network. regardless of the physical hardware or operating system of each device. extended ACL These access control lists permit the matching of traffic using many different criteria. The process of tagging frames allows VLANs to span multiple switches. . and USB. including source IP address and destination IP address. firewalls These devices seek to protect networks or devices at specific points in the network. frame tagging A method of tagging a frame with a unique user-defined virtual local- area network (VLAN). flash Router memory that stores the Cisco IOS image and associated microcode. In addition. Flash. flow control A mechanism that throttles back data transmission to ensure that a sending system does not overwhelm the receiving system with data. reprogrammable ROM that retains its content when the router is powered down or restarted. FCS is the result of a cyclic redundancy check (CRC). FTP identifies a client and server during the file-transfer process. FHRP First hop reachability protocols like HSRP and GLBP. it provides a guaranteed transfer by using the services of the Transmission Control Protocol (TCP). exterior routing protocols Protocols designed to route traffic between Autonomous Systems. frame flooding The process where a switch sends traffic out all ports except for the port where the traffic entered. extended options Both Ping and Traceroute permit the use of extended IP options for using various parameters in network tests. floating static route These routes have an artificially high administrative distance value in order to make dynamic routes more preferred. These are used as backup routes as a result of this configuration. NVRAM. FCS (frame check sequence) Extra characters added to a frame for error control purposes. frame switching The processes used on an Ethernet switch in order to efficiently forward and filter traffic in the LAN. file system management The process of managing the various storage facilities within a Cisco device. Specifically they rewrite MAC address information.EXEC The user interface for executing Cisco router commands.

hostname A logical name given to a Cisco device. For example. CSMA/CD is used. ICMP enables devices to check the status of other devices and is used as part of the functions with ping and traceroute. Full-duplex transmission is achieved by eliminating the possibility of collisions on an Ethernet segment. I iBGP Interior BGP—a peering with an AS. hybrid topology A network that features the use of multiple topologies. G Gateway of Last Resort The route to send traffic to when the exact destination of the traffic is not in the local routing table. HSRP Hot Standby Router Protocol—a FHRP that permits multiple default gateways in the network. banners.backbone routers traverses the backbone routers (or at least travels to the backbone) to reach another non-backbone router. global-configuration mode A router mode that enables simple router configuration commands—such as router names. the network might use a star topology that connects to a full mesh topology. header Control information placed before the data during the encapsulation process. host route The most specific route possible in the routing table. GRE Generic Routing Encapsulation—the ability to tunnel traffic. In a half-duplex Ethernet network. This route features a 32-bit or 128-bit mask depending on the use of IPv4 versus IPv6. Global- configuration commands affect the whole router rather than a single interface or component. and passwords—to be executed. . ICMP (Internet Control Message Protocol) A protocol that communicates error messages and controls messages between devices. Most traffic from non.full duplex The physical transmission process on a network device by which one pair of wires transmits data while another pair of wires receives data. hierarchical routing protocol A routing environment that relies on several routers to compose a backbone. global unicast The IPv6 address information that is used for Internet routing. hop count The number of routers a packet passes through on its way to the destination network. Multiple types of ICMP messages are defined. hybrid cloud Cloud technology that uses internal and external cloud components. thereby eliminating the need for a device to sense collisions. H half duplex The physical transmission process where only a single device in the broadcast domain can send data at a time.

IOS tools There are many powerful troubleshooting and monitoring tools built right in to the IOS. Depending on the model of router. Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are examples of interior routing protocols. IP SLA IP service-level agreement is a tool for testing the network. implicit deny all This statement ends every ACL. IP is the Layer 3 network-level mechanism used for Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). VLANs usually have a one-to-one correlation with IP subnets in a Cisco network. ICMP-type. IP standard access list An access list that provides a way of filtering IP traffic on a router interface based on only the source IP address or range. interfaces Router components that provide the network connections in which data packets move in and out of the router. IP extended access list An access list that provides a way of filtering IP traffic based on the source and/or destination IP address.IEEE (Institute of Electrical and Electronics Engineers) An organization whose primary function is to define standards for network LANs. IP (Internet Protocol) One of the many protocols maintained in the TCP/IP suite of protocols. TCP port. IPv6 autoconfiguration The ability of an IPv6 device to receive its IPv6 address . initial device configuration This configuration is provided by an administrator or is provided by the Cisco factory default. Interfaces could also be logical. and more. inside global The term to describe your inside addresses after they have been translated with Network Address Translation (NAT). inside local The addresses on the inside of your network before they are translated with Network Address Translation (NAT). The initial configuration dialog is an optional tool used to simplify the configuration process. Inside global addresses are registered addresses that represent your inside hosts to your outside networks. modular interface cards. Remember. interior routing protocol A routing protocol that exchanges information within an autonomous system. It is an implied deny statement that ensures that packets not matching an explicit entry are denied. UDP port. IOS recovery This is the process of copying a valid IOS image to a Cisco device that has a troubled operating system. It configures the basic parameters of the device. such as loopback interfaces. interVLAN routing This is the process of using a Routing Engine (RE) in order to move packets from one VLAN to another. initial configuration dialog The dialog used to configure a router the first time it is booted or when no configuration file exists. This is often done from a TFTP server that stores backup or upgraded IOS files. interfaces exist either on the motherboard or on separate. interswitch links Trunk links connect Cisco devices in order to move the traffic of multiple VLANs from device to device.

information automatically with little to no administrator intervention.
IPv6 stateless address autoconfiguration The IPv6 process for assigning full IPv6
address information to devices that require it.

K
keepalive frames Protocol data units (PDUs) transmitted at the data link layer used for
multiple purposes, including verifying that an interface is up and available.

L
LACP The Link Aggregation Control Protocol can dynamically create EtherChannels.
LAN protocols Sets of rules used for the transmission of data within a local-area
network (LAN). A popular LAN protocol used today is Ethernet.
Layer 2 EtherChannel The bundling of links together at Layer 2 for switching traffic
Layer 2 protocols Various protocols like CDP that operate at Layer 2 of the OSI model.
Layer 3 EtherChannel The bundling of links together at Layer 3 for routed traffic.
licensing The process of making your software powering your Cisco device legal.
link-local A special IPv6 address used to permit communications between devices
sharing the same local link.
link-state advertisement A packet that contains the status of a router’s links or network
interfaces.
link-state protocol An interior routing protocol in which each router sends the state of
its own network links across the network to every router within its autonomous system
or area. This process enables routers to learn and maintain full knowledge of the
network’s exact topology and how it is interconnected. Link state protocols use a
“shortest path first” algorithm. An example is OSPF.
LLC (Logical Link Control) sublayer A sublayer of the data link layer. The LLC
sublayer provides some of functions supporting the data link layer.
LLDP Link Layer Discovery Protocol. This open-standard Layer 2 technology permits
devices to learn information about each other over the local link.
local authentication This refers to a Cisco device performing the security checks
required to prove the identity of a user requesting access to the device, using its running
configuration on the local router.
Local SPAN A monitoring tool for the local switch.
log events Information recorded about the health and operation of the device thanks to
the local Syslog system.
logging The process on a Cisco router of using Syslog to report about the operation and
health of the local device.
logical addressing Network layer IP addressing is most commonly referred to as logical
addressing (versus the physical addressing of the data link layer). A logical address

consists of two parts: the network and the node.
login banners These messages are presented to users just before the username prompt
on the device. They are often used for security warnings.
loopbacks These virtual interfaces are used for many maintenance and monitoring
techniques. They can also provide stable connections between devices that have
multiple physical paths, in the event one of those paths goes down, since loopbacks
should always be available as long as one physical interface remains functional.

M
MAC (Media Access Control) address A physical Layer 2 address used to define a
device uniquely.
MAC address table The database on a Layer 2 switch that lists the MAC addresses
known by the device and the ports these MAC addresses relate to.
MAC aging The process of removing stale MAC addresses from a Layer 2 switch.
MAC learning The process of recording the source MAC addresses for incoming
frames on a Layer 2 switch.
Marking The tagging of traffic with an identifier to be used by QoS.
Maximum MAC Addresses The port security feature that permits you to restrict the
total number of MAC addresses learned by a port
MD5 verify This Cisco device feature permits the integrity verification of an IOS
acquired from Cisco Systems.
mesh topologies These are topologies that feature full connections or partial
connections between all network nodes.
metric The relative cost of sending packets to a destination network over a specific
network route. Examples of metrics include hop count and cost.
Metro Ethernet A version of Ethernet for the creation of a Metropolitan Area Network.
MLPPP Multilink PPP permits WAN communications with greater bandwidth.
Modified EUI 64 This method of assigning an IPv6 node with its host address portion is
one of the many time saving features of IPv6.
MPLS The switching of traffic using labels instead of IP address information
multicasting A process of using one IP address to represent a group of IP hosts.
Multicasting is used to send messages to a subset of IP addresses in a network or
networks.
Multi-area OSPF A feature of OSPF which divides the routed system into hierarchical
areas, allowing greater control over routing update traffic. Router loads are generally
reduced, as is the frequency of SPF recalculation. Multi-area OSPF system can scale to
large deployments.
multipath routing protocol A routing protocol that load balances over multiple optimal
paths to a destination network. This is often used when the costs of the paths are equal.

multiplexing A method used by the transport layer in which application conversations
are combined over a single channel by interleaving packets from different segments and
transmitting them.

N
named ACL An access control list that uses a name as an identifier instead of a number.
NAT (Network Address Translation) The process of translating internal IP addresses
to routable registered IP addresses on the outside of your network.
Native VLAN This is the single VLAN in the Cisco network that is not tagged with an
802.1Q VLAN identifier.
network command The command used by BGP to advertise a local prefix.
network mask The subnet mask used with an IP address.
next hop The IP address of the next device in a path to reach a network destination.
NIC (network interface card) An adapter or circuitry that provides network
communication capabilities to and from a network host.
Northbound API The communications in SDN from the management station to the SDN
controller.
NTP Network Time Protocol provides IP network-based synchronization of device
clocks, facilitating log and transaction analysis, and improving quality-of-service (QoS)
responsiveness in Voice and Video over IP systems.
numbered ACL An access control list that uses a number to identify it instead of a
name.
NVRAM (nonvolatile random-access memory) A memory area of the router that stores
permanent information, such as the router’s backup configuration file. The contents of
NVRAM are retained when the router is powered down or restarted.

O
OSI (Open Systems Interconnection) model A layered networking framework
developed by the International Organization for Standardization. The OSI model
describes seven layers that correspond to specific networking functions.
OSPF (Open Shortest Path First) A hierarchical link-state routing protocol that was
developed as a successor to the distance vector Routing Information Protocol (RIP).
OSPFv2 OSPF for TCP/IP version 4.
OSPFv3 OSPF for TCP/IP version 6.

P
packet switching A process by which a router moves a packet from one interface to
another.
PAgP The Port Aggregation Protocol for dynamically bundling EtherChannels.

passive-interface A routing protocol command that places a router interface into
“receive-only” mode; no routing updates are sent out, but those that are received are
processed. This allows the passive interface’s network to be advertised out other
interfaces, without generating unnecessary routing protocol traffic on the passive
interface network.
password recovery The process of resetting the password on a Cisco device in order to
permit access to the device. This typically requires local access to the device.
PDU (protocol data unit) A unit of measure that refers to data that is transmitted
between two peer layers within different network devices. Segments, packets, and
frames are examples of PDUs.
peer-to-peer communication A form of communication that occurs between the same
layers of two different network hosts.
peerings A term for BGP adjacencies.
Ping A tool for testing IP connectivity between two devices. Ping is used to send
multiple IP packets between a sending and a receiving device. The destination device
responds with an Internet Control Message Protocol (ICMP) packet to notify the source
device of its existence.
policing The dropping of traffic that is more than a certain rate.
Port Address Translation This form of NAT allows many different inside devices to
share a single address for translation.
port security A system of MAC-based switch port security capabilities that can limit or
deny access to certain hosts attempting to connect to a switch port.
Port security violation actions The various actions that can be taken when there is a
port security violation.
PortFast An STP feature that transitions a port to forwarding almost immediately.
PPP The Point-to-Point Protocol used in WAN configurations.
PPPoE The use of PPP over an Ethernet link.
preemption The ability of an HSRP device to take over as the active forwarder.
prefix This refers to the network portion of a Layer 3 logical address.
presentation layer Layer 6 of the OSI model. The presentation layer is concerned with
how data is represented to the application layer.
Prioritization The QoS feature that permits traffic to receive better treatment compared
to other traffic.
priority To give certain traffic preferential treatment over other traffic forms.
private cloud Using cloud technology that resides internal to your company.
private IPv4 addressing These IPv4 addresses are for use in internal networks only.
This technology allows for the duplication of addressing behind corporate network
boundaries and helped ward off the IP address shortage. RFC 1918 lists most of the
private IPv4 address space.

privileged mode An extensive administrative and management mode on a Cisco router.
This router mode permits testing, debugging, and commands to modify the router’s
configuration.
protocol A formal description of a set of rules and conventions that defines how devices
on a network must exchange information.
public cloud Using cloud technology that exists external to your company.
PVST+ Per VLAN Spanning Tree protocol.

R
RAM (random-access memory) A memory area of a router that serves as a working
storage area. RAM contains data such as route tables, various types of caches and
buffers, in addition to input and output queues and the router’s active configuration file.
The contents of RAM are lost when the router is powered down or restarted.
RIP (Routing Information Protocol) A distance vector routing protocol that uses hop
count as its metric.
ROM (read-only memory) ROM stores the bootstrap program and power-on
diagnostic programs.
ROM Monitor mode A mode on a Cisco router that allows basic functions such as
changing the configuration register value, or loading an IOS image to flash from a TFTP
server.
route aggregation The process of combining multiple IP address networks into one
superset of those networks. Route aggregation is implemented to reduce the number of
route table entries required to forward IP packets accurately in an internetwork.
route table An area of a router’s memory that stores the route forwarding information.
Route tables contain information such as destination network, next hop, and associated
metrics.
routed protocol A protocol that can be routed, such as IP.
router on a stick This refers to a router on a trunk link. This router is used to route
between the VLANs on the trunk.
router modes Modes that enable the execution of specific router commands and
functions. User and privileged are examples of router modes that allow you to perform
certain tasks.
routing algorithms Well-defined rules that aid routers in the collection of route
information and the determination of the optimal path.
routing protocols Routing protocols use algorithms to generate a list of paths to a
particular destination and the cost associated with each path. Routers use routing
protocols to communicate among each other the best route to use to reach a particular
destination.
running configuration This is the configuration in RAM on a Cisco device. It is the
configuration currently being used by the device.

S
Secure Copy Protocol SCP permits the secure transfer of files in the network. This
technology relies upon SSH for the security mechanisms.
Secure Shell (SSH) A protocol that allows for secure communication between a client
and a router. It is a secure alternative to Telnet.
service set identifier (SSID) A 32-byte unique identifier that is used to name a wireless
network.
session layer As Layer 5 of the OSI model, the session layer establishes, manages, and
terminates sessions between applications on different network devices.
setup mode The router mode triggered on startup if no configuration file resides in
nonvolatile random-access memory (NVRAM).
shaping The ability to buffer traffic in QoS that goes over a certain rate.
sliding windows A method by which TCP dynamically sets the window size during a
connection, enabling the receiving device involved in the communication to slow down
the sending data rate.
SMTP (Simple Mail Transfer Protocol) A protocol used to pass mail messages
between devices, SMTP uses Transmission Control Protocol (TCP).
SNMP Simple Network Management Protocol is a standards-based protocol that allows
remote monitoring and management of networked devices.
SNMP version 2 The version of Simple Network Management Protocol that does not
provide sophisticated security.
SNMP version 3 The version of Simple Network Management Protocol that provide
sophisticated security.
socket The combination of the source and destination Transmission Control Protocol
(TCP) port numbers and the source and destination Internet Protocol (IP) addresses
defines a socket. Therefore, a socket can be used to define any User Datagram Protocol
(UDP) or TCP connection uniquely.
source addressing This refers to the management technique of specifying the source of
traffic coming from a router. This often allows a more consistent or reliable management
traffic approach.
source NAT This refers to NAT of the source address in traffic packets.
Southbound API The communication protocols that run from the controller down to the
network devices.
SSH The Secure Shell protocol is a secure alternative to Telnet.
standard ACL This is an ACL that can filter using source IP address information.
star topology The star topology is what you have with a switch connecting workstations
today. Note, if drawn with the switch in the center of the network diagram, it literally
resembles a star.
startup configuration The configuration of the device that is stored in NVRAM for

booting a system.
startup configuration file The backup configuration file on a router, stored in NVRAM.
static EtherChannel The manual configuration of an EtherChannel without the use of
dynamic protocols.
static NAT This refers to NAT with a single source address being mapped to a specific
translated address.
static port security The manual configuration of a MAC addresses or addresses on a
securing switch port.
static route A network route that is manually entered into the route table. Static routes
function well in simple and predictable network environments.
static routing The creation of static route entries for routing purposes.
sticky learning This is the process of recording dynamically learned MAC addresses as
static entries in the running configuration of a switch running port security.
STP Spanning Tree Protocol—the technology used to prevent Layer 2 loops.
STP optional features Additional STP features that help secure and optimize the
protocol.
STP root bridge selection The process by which STP elects a root device.
stratum This is a measure of the “distance” from an authoritative time source.
subinterface One of possibly many virtual interfaces on a single physical interface.
subnetting A process of splitting a classful range of IP addresses into multiple IP
networks to allow more flexibility in IP addressing schemes. Subnetting overcomes the
limitation of address classes and allows network administrators the flexibility to assign
multiple networks with one class of IP addresses.
subnet mask This is the network mask associated with an IP address. The purpose of
this value is to distinguish between the network and host portions of the address.
SVI A switched virtual interface is a logical Layer 3 interface defined on a switch.
These are also called VLAN interfaces because there is usually one defined for each
VLAN, allowing inter-VLAN routing to be performed by a Layer 3 switch instead of by
a router. Layer 2 switches can have only one SVI configured, which is used for switch
management.
switch Provides increased port density and forwarding capabilities as compared to
bridges. The increased port densities of switches enable LANs to be micro segmented,
thereby increasing the amount of bandwidth delivered to each device.
switch stacking The ability to group physical switches together to make them act as one
virtual switch.
syslog A network service that provides centralized log message archiving.

T
TACACS+ A security protocol that authenticates administrators in the Cisco network.

TCP (Transmission Control Protocol) One of the many protocols maintained in the
TCP/IP suite of protocols. TCP provides a transport layer connection-oriented and
reliable service to the applications that use it.
TCP/IP (Transmission Control Protocol/Internet Protocol) (TCP/IP) Model This
represents the suite of protocols used in the IP protocol suite, including those at the
application, transport, network, and datalink layers.
TCP three-way handshake A three-step process whereby a TCP session is established.
In the first step, the sending device sends the initial sequence number with the SYN bit
set in the TCP header. The receiver sends back a packet with the SYN and ACK bits set.
In the third and final step, the sender sends a packet with the ACK bit set.
TCP windowing A method of increasing or reducing the number of acknowledgments
required between data transmissions.
Telnet A standard protocol that provides a virtual terminal. Telnet enables a network
administrator to connect to a router remotely.
terminal monitor This functionality permits a uses with a remote session to a Cisco
device, using Telnet or SSH to see logging messages produced by that local device.
TFTP (Trivial File Transfer Protocol) A protocol used to copy files from one device to
another. TFTP is a stripped-down version of FTP.
three-tier network design This classic Cisco networking model defines the access,
distribution, and core layers.
Timezones This is a clock setting possible on the Cisco device.
traceroute An IP service on a Cisco router that uses User Datagram Protocol (UDP)
and the Internet Control Message Protocol (ICMP) to identify the number of hops
between sending and receiving devices and the paths taken from the sending to the
receiving device. Typically, traceroute is used to troubleshoot IP connectivity between
two devices.
trailer Control information placed after the data during the encapsulation process. See
encapsulation for more detail.
transport layer As Layer 4 of the OSI model, it is concerned with segmenting upper-
layer applications, and in the case of TCP is concerned with establishing end-to-end
connectivity through the network, sending segments from one host to another, and
ensuring the reliable transport of data.
troubleshooting methodology This is an approach to troubleshooting using a defined
sequence of steps.
trunk Supporting multiple virtual local-area networks (VLANs) on a single physical
interface. The standardized protocol for trunks on Ethernet is 802.1Q.

U
UDP (User Datagram Protocol) One of the many protocols maintained in the TCP/IP
suite of protocols, UDP is a Layer 4, best-effort delivery protocol and, therefore,

maintains connectionless network services.
unicast This method of data transfer is from one specific system on the network to
another specific system on the network.
unidirectional NAT This is a reference to Network Address Translation that occurs in
one direction. For example, inside addresses being translated for outbound traffic, but
no translation occurring for source addresses in the return path.
unique local addressing This is an IPv6 approach to private addressing similar to
IPv4’s RFC 1918 private address space.
User Datagram Protocol (UDP) This transport layer approach is the opposite of TCP.
It provides no reliability in order to attempt to more efficiently send traffic due to less
overhead.
user mode A display-only mode on a Cisco router. Only limited information about the
router can be viewed within this router mode; no configuration changes are permitted.
User mode is often referring to privilege level 1, which is the default for a new user
account created on the local router.

V
V.35 A physical standard used serial connections.
virtual network infrastructure The virtualization of network devices in the enterprise.
virtual network services A network service that has been virtualized; for example, a
virtual security service.
VLAN (virtual local-area network) A technique of assigning devices to specific LANs
based on the port to which they attach on a switch rather than the physical location.
VLAN scan extend the flexibility of LANs by allowing devices to be assigned to
specific LANs on a port-by-port basis versus a device basis.
VLSM (variable-length subnet masking) VLSM provides more flexibility in assigning
IP address space. (A common problem with routing protocols is the necessity of all
devices in a given routing protocol domain to use the same subnet mask.) Routing
protocols that support VLSM allow administrators to assign IP networks with different
subnet masks. This increased flexibility saves IP address space because administrators
can assign IP networks based on the number of hosts on each network.
voice port This refers to a switch port that has been configured to carry voice traffic in
addition to data.
VTP (VLAN Trunking Protocol) A protocol for configuring and administering VLANS
on Cisco network devices. With VTP, an administrator can make configuration changes
centrally on a single Catalyst series switch and have those changes, such as the addition
of VLANs, automatically communicated to all the other switches in the network.
virtual terminal lines (VTY) These are virtual access ports on a Cisco device that
allow connectivity using protocols like Telnet and SSH.

W
WANs (wide-area networks) WANs use data communications equipment (DCE) to
connect multiple LANs. Examples of WAN protocols include Frame Relay, Point-to-
Point Protocol (PPP), and High-Level Data Link Control (HDLC).
well-known ports A set of ports between 1 and 1,023 that are reserved for specific
TCP/IP protocols and services.
wildcard (inverse) mask This technique is used in Access Control Lists in order to
mark bits as not being required to match. For example, a wildcard mask of 0.0.0.255
means the last octet of the associated IP address doesn’t have to match.
wireless LAN controllers (WLCs) These devices are used to control and manage
wireless access points in the network.

Index

Numbers
802.1Q, 107–110
802.1X, 321

A
AAA (authentication, authorization, accounting) with TACACS+ and RADIUS,
323–324
access layer (three-tier network model), 22, 23, 321–322
ACEs (Access Control Entries), 338
ACI (Application Centric Infrastructure), 433
ACLs (Access Control Lists), 330–343
Active Discovery Phase, 233
addressing (IPv4). See IPv4 addressing
addressing (IPv6). See IPv6 addressing
administrative distance, 151, 153–155, 190
anycast (IPv6) addresses, 70
APIC-EM Path Trace ACL Analysis Tool, 342
APIs (application programming interfaces), 433
Application layer (OSI model), 8
applications, TCP versus UDP, 12
APs (access points), 16
archive command, 404
ARP (Address Resolution Protocol), 8
authentication
AAA with TACACS+ and RADIUS, 323–324
local authentication, 351–352
MLPPP (Multilink Point to Point Protocol), 228–231
PPP (Point to Point Protocol), 228–231
PPPoE (Point to Point Protocol over Ethernet), 232–234
Autonomous System (AS), routing protocols, 181

B
baby giant frames, 90
backup configurations, 379
banner login # command, 357
banner motd command, 357

BE (Best Effort), 257
BGP (Border Gateway Protocol), 246
bidirectional NAT, 303
binary numbers, conversion chart, 39
block size, 42
BPDU Guard, 119–121
BPDUs (Bridge Protocol Data Units), 112
broadband PPPoE (Point-to-Point Protocol over Ethernet), 241
broadcasts, 47–49
buffer logging, 368

C
cabling types, 28–30
CDP (Cisco Discovery Protocol), 122–123, 379–380
CEF (Cisco Express Forwarding), 147
chassis aggregation, 137–138
clear logging command, 422
client DNS configurations, troubleshooting, 270–274
client VPN, 241
cloud services, 18–21
collapsed core network designs, three-tier network designs, compared, 22–24
collisions, 90
configure replace command, 404
configuring
ACLs (Access Control Lists), 330–343
BPDU Guard, 120
device hardening, 348–358
device management, 378–383
device monitoring with syslog and SNMP, 366–370
DHCP (Dynamic Host Configuration Protocol), 275–279
DHCP clients, 276–277
DHCP relay agents, 278
DHCP servers, 275–276
DNS (Domain Name System), troubleshooting client configurations, 270–274
EIGRP for IPv4, 202–204
EIGRP for IPv6, 205–207
EtherChannel, 130–136
GRE (Generic Routing Encapsulation), 235–237
HSRP (Hot Standby Router Protocol), 292–294

initial device configuration, 388–394
interswitch links, 107–110
inter-VLAN routing, 160–170
IPv4 addressing and subnetting, 38–46
IPv6 addressing, 62–65
IPv6 SLAAC, 66–68
Layer 2 protocols, 122–124
local authentication, 351–352
login banners, 356–357
loopback interfaces, 382
MLPPP (Multilink Point to Point Protocol), 228–231
NAT (Network Address Translation), 300–308
NTP (Network Time Protocol), 289–291
OSPFv2 for IPv4, 193–198
OSPFv3 for IPv6, 199–201
port security, 316–320
PortFast, 119–120
PPP (Point to Point Protocol), 228–231
PPPoE (Point to Point Protocol over Ethernet), 232–234
RIPv2 for IPv4, 208–217
single-homed WAN topology with eBGP, 246–250
SSH (Secure Shell), 355–356
static routing, 189–192
STP (Spanning Tree Protocol), 111–118
STP optional features, 119–121
Telnet, 354–355
VLANs (virtual local area networks), 99–106
congestion management, 258
connectivity issues, troubleshooting, 218–219
console logging, 368
consoles, 392
control plane, 433
controllers, 433
conversion chart, decimal and binary numbers, 39
copy command, 401, 404
copy running-config startup-config command, 379
core layer (three-tier network model), 23
CSMA/CA (carrier sense multiple access with collision avoidance), 16
CSMA/CD (carrier sense multiple access with collision detection), 16

cut-through frame switching, 82

D
data access ports, 102
Data Link layer (OSI model), 8
data plane, 433
data traffic, 257
debug ip rip command, 421
debug messages, 421–424
decimal numbers, conversion chart, 39
default routing, 176–177
default VLAN, 102
device access, 354
device configuration, initial, 388–394
device hardening, 348–358
device maintenance, 400–405
device management, 378–383
device monitoring, 366–370
device security with TACACS+ and RADIUS, 323–324
device trust, 257
DHCP (Dynamic Host Configuration Protocol)
configuring and verifying, 275–279
troubleshooting, 280–288
DHCP clients
configuring, 276–277
verifying, 277–278
DHCP relay agents, configuring, 278
DHCP servers
configuring, 275–276
verifying, 277
DHCP snooping, 321–322
DiffServ (Differentiated Services), 257–258
disabling
CDP (Cisco Discovery Protocol), 380
debug messages, 422
distance vector routing protocols, link state protocols, compared, 179–180
distribution layer (three-tier network model), 23
DMVPN (Dynamic Multipoint VPN), 241
DNS (Domain Name System), 267–269

270–274 DNS lookups. compared. 32 . compared. 89 escalation. 181–182 F fault isolation. 179–180 static routing. 205–207 enable password command. troubleshooting client configurations. 80–84 PPPoE (Point to Point Protocol over Ethernet). 238 dynamic NAT. 342 defined. 28–30 Ethernet frame format. 130–136 Ethernet cabling types. 163 errdisable recovery command. 317–318 dynamic routing floating static routes. 415–416 for traceroute command. 163 encapsulation dot1q 20 command. 202–204 EIGRP for IPv6. 232–234 troubleshooting interface and cable issues. 191 link state and distance vector routing protocols. 270–274 troubleshooting connectivity. 338 extended options for ping command. 418 exterior routing protocols. interior protocols. 353 enable secret command. 176–178 E eBGP (exterior Border Gateway Protocol). 267–269 documentation. 88–93 extended ACLs configuring. 354 encapsulation dot1q 10 command. compared. 32 EtherChannel. 305–306 dynamic port security. 85–87 Ethernet switching. 317 errors. 32 dual-homed WAN topology. 246–250 EIGRP for IPv4.

82 frame flooding. compared. 146–147 frame switching. 403 full mesh WAN topology. 292 file system management. 16 floating static routes. 238 G gateway of last resort. exterior protocols. 81–82 FTP (File Transfer Protocol). 411–412 implicit deny all. 151 giants. 388–394 inside source NAT. 235–237 H host routes. 339 initial device configuration. 60 iBGP (interior Border Gateway Protocol). 300–308 interfaces. 90 global unicast addresses. 189 HSRP (Hot Standby Router Protocol). 181–182 Internet VPN. 179 hybrid topologies. 107–110 inter-VLAN routing. 191 fragment-free frame switching. 246 ICMP Echo Replies. 411–412 ICMP Echo Requests. 238 hybrid routing protocols. 160–170 IntServ (Integrated Services). 256 . 292–294 hub and spoke WAN topology.FHRP (First Hop Redundancy Protocol). 393 interior routing protocols. 403–404 firewalls. 20 IANA (Internet Assigned Numbers Authority). 241 interswitch links. 82 frame rewrite. 26 I IaaS (infrastructure as a service). 70 GRE (Generic Routing Encapsulation).

verifying. 205–207 OSPFv3 for IPv6. 202–204 OSPFv2 for IPv4. troubleshooting. 189–192 IPv4 subnetting configuring. 40 comparison of address types. troubleshooting. 193–198 private addressing. 199–201 shortening addresses. 38–46 subnet masks. 40 IPv4 addressing address classes. 273 ip domain-name command. troubleshooting with. 190 IP SLA (service-level agreements). 40–41 IPv6 addressing comparison of address types. 400–402 ip access-group command.IOS recovery. 70 ipv6 enable command. 340 ip address dhcp command. 200 ISL (Inter Switch Link). 50–52 RIPv2 for IPv4. 278 ip name-server command. 273 ip nat inside source command. 38–46 EIGRP for IPv4. 270–271 IPv4 address classes. verifying. 107 . 62–65 EIGRP for IPv6. 371–372 ipconfig command. 69–71 configuring. 58–61 IPv6 autoconfiguration. 402 IOS tools. 410–426 IOS upgrade. 63. 70 IPv6 stateless address auto configuration (SLAAC). 208–217 IPv4 static routing. 307 ip route command. 189–192 ipv6 unicast-routing command. troubleshooting. 277 ip domain-lookup command. 273 ip helper-address command. verifying. 66–68 IPv6 static routing. 67. 47–49 configuring.

228–231 PPPoE (Point to Point Protocol over Ethernet). 421–424 defined. 81 MAC learning. 228 licensing. configuring and verifying. 380 local authentication configuring and verifying. See also syslog debug messages. 122–124 Layer 3 end-to-end connectivity. 90 L LACP (Link Aggregation Control Protocol). debug messages. 134–135 Layer 2 EtherChannel. 351–352 MLPPP (Multilink Point to Point Protocol). 228–231 PPP (Point to Point Protocol). 382 testing with ping command. 318 MD5 Verify. 82 MAC aging. 179–180 LLDP (Link Layer Discovery Protocol). 218–219 Layer 3 EtherChannel. 381 login banners. 393 configuring and verifying. 424 log events. 81 marking traffic. 257 maximum MAC addresses. distance vector protocols. troubleshooting. 232–234 Local SPAN (Switched Port Analyzer).J jumbo frames. 421–424 logging. 130–136 Layer 2 protocols. 356–357 loopback interfaces. 26 metric (in routing table). 130–136 LCP (Link Control Protocol). compared. 70 link state routing protocols. 151 Metro Ethernet. 403–404 mesh topologies. 412–413 M MAC address table. configuring and verifying. 381 link local addresses. 240 . 123.

228–231 modified EUI-64. 40. 289–291 NTP clients. 25–27 WAN. 193. 164–166 NCP (Network Control Protocol). 228 neighbor command. 306 Native VLAN.MLPPP (Multilink Point to Point Protocol). 290 NTP servers. 209. 432–434 network routes. 247 network cabling types. 50–52. configuring. 161 N named ACLs. 273 NTP (Network Time Protocol). 109. 306–307 NAT pools. 246–250. 290 ntp server command. 289–290 numbered ACLs. 28–30 network command. 330–343 NAT (Network Address Translation). 241 multicast (IPv6) addresses. 238–239 next hop. 422 no service password-encryption command. 276 Network layer (OSI model). 189 network topologies comparisons. 63–64. 8 network mask. 368 MPLS (Multiprotocol Label Switching). 149 no debug all command. 149 network programmability. 300–308 NAT overloading. 330–343 O OSI (Open System Interconnection) model . 47–49 multilayer switches. 70 monitor logging. configuring. 353 Northbound APIs. 70 multicasts. 290 ntp master command. 433 nslookup command.

233 PPPoE (Point to Point Protocol over Ethernet) broadband PPPoE. 228–231 PPP Session Phase. 179 PDUs (Protocol Data Units). 316–320 violation actions. 13 port security configuring. 146–147 PAgP (Port Aggregation Protocol). 306–307 path vector routing protocols. 272. 133–134 password recovery. 119–121 PPP (Point to Point Protocol). 50–52 privilege levels. 411–416 point-to-point WAN topology. 402–403 password security. 241 configuring. 8 prioritization. 317 PortFast. verifying. 12 . 5–10 troubleshooting with. 352–354 PAT (Port Address Translation). verifying. 293 prefix (in routing table). 8–9 peerings. 238 policing. 9 TCP/IP model. well-known. 352 protocol identifiers. 257 priority in HSRP. 20 packet handling. troubleshooting. 193–198 OSPFv3 for IPv6. 246–250 Physical layer (OSI model). 199–201 P PaaS (platform as a service). 293 private IPv4 addressing. 32 OSPFv2 for IPv4. 258 port numbers. troubleshooting. protocols by layer. 232–234 preemption. 304. compared. 151 Presentation layer (OSI model). 8 physical security. 354 ping command.

146–147 router bgp command. 247 resolution monitoring. compared. 179–180 OSPFv2 for IPv4. 189–192 routing engine (RE).protocols by OSI layer. 402 passwords. 199–201 RIPv2 for IPv4. 205–207 interior and exterior protocols. 153–155 . 150 routing table administrative distance values. 248 router on a stick (ROAS). 111 Q QoS (Quality of Service). troubleshooting. 202–204 EIGRP for IPv6. 193–198 OSPFv3 for IPv6. 9. 208–217 static and dynamic routing. compared. 176–177 EIGRP for IPv4. 111–112 route lookups. 161 routing protocol code. 200 routing concepts. 218–219 link state and distance vector routing protocols. 176–178 static routing. 181–182 inter-VLAN routing. 160–170 Layer 3 end-to-end connectivity. 208–217 root bridge selection (STP). compared. 414 RFC 1918. 146–147 default routing. 160–170 router-id command. See also specific protocol names PVST+ (Per VLAN Spanning Tree Plus). 402–403 remote-as command. 51 RIPv2 for IPv4. 32 return codes for ping command. explained. 256–258 R RADIUS. 323–324 recovering IOS.

164. 8 shaping. 231. 258 show access-list command. 412 . 277 show ip interface brief command. 29 show flash command. 88–89. 354 port security. 401–402 show interface command. 354 service timestamps command. 91–92 show interface switchport command. 210. components of. 341 show bgp summary command. 402–403 passwords. 366 Session layer (OSI model). 277. 352–354 security access layer threat mitigation. 348–358 device security with TACACS+ and RADIUS. 351–352 password recovery. 330–343 device hardening. 304 show ip protocols command. 154. 341 show ip nat translation command. 316–320 serial connections. 190. 378–379 runts. 116–117 running configurations. 321–322 ACLs (Access Control Lists). 323–324 local authentication. 20 SCP (Secure Copy Protocol). 248 show controllers command. 90 S SaaS (software as a service). 104 show interface trunk command. 249. 29 service password-encryption command. 285 show ip interface command. 352–354 physical security. 210 show ip route command. 352–353. 403 SDN (Software Defined Networking). 148–152 RPVST+ (Rapid Per VLAN Spanning Tree Plus). 285 show ip dhcp conflict command. 432–434 secure passwords. 164 show ip dhcp binding command.

troubleshooting. troubleshooting. 379 show spanning-tree command. 120 show standby command. 290 show port-security interface command. 290 show ntp status command. 424 Southbound APIs. 241 SLAAC (IPv6 stateless address auto configuration). 114. 319–320 store-and-forward frame switching. 379 static EtherChannel. 354 source interface command. 293 show startup-config command. 305 show running-config command. verifying. 238. 117 show spanning-tree interface detail command. 369 SNMP version 3. 90 SSH (Secure Shell). 433 speed and duplex mismatches. 189–192 dynamic routing. verifying. verifying. 378. 317 show run | include nat command. 111–118 . 131–133 static NAT. 369 source addressing. 164 single-homed WAN topology. 330–343 defined. 303–305 static port security. 318–319 static routing configuring. 82 STP (Spanning Tree Protocol) configuring. 190 show ntp associations command. troubleshooting. compared. 338 star topologies. 66–68 SNMP (Simple Network Management Protocol). 379 show vlan brief command. 25–26 startup configurations. 176–178 sticky learning. 355–356 standard ACLs configuring. 113. 369 SNMP version 2.show ipv6 route command. 101 show vlans command. 246–250 site-to-site VPN. 116.

289 subinterfaces. OSI model. 80–84 PPPoE (Point to Point Protocol over Ethernet). 111–118 optional features. 317 switch stacking. 122–124 multilayer switches. 59–60 switch port port-security command. 354–355 terminal monitor feature. compared. 13 three-way handshake. compared. 111–112 switch stacking. verifying. 162–164 subnet masks IPv4. 137–138 VLANs (virtual local area networks). 366–370 severity levels. 88–93 interswitch links. 119–121 root bridge selection. 119–121 root bridge selection. 130–136 Ethernet switching. 11–14 TCP/IP (Transmission Control Protocol/Internet Protocol) model. 8 port numbers. 8 UDP. 368 terminal monitor feature. 137–138 switching chassis aggregation. 111–112 stratum values. 419–421 T TACACS+323–324 TCP (Transmission Control Protocol). 40–41 IPv6. 161 STP (Spanning Tree Protocol) configuring. 5–10 Telnet. optional features. troubleshooting. 137–138 EtherChannel. 99–106 syslog configuring and verifying device monitoring. 107–110 Layer 2 protocols. 419–421 . 232–234 troubleshooting interface and cable issues.

88–93 GRE (Generic Routing Encapsulation). 371–372 IPv4 addressing and subnetting. 160–170 with IOS tools. 330–343 BPDU Guard. 416–418 tracert command. 120 client DNS configurations. 270–274 device hardening. 193–198 OSPFv3 for IPv6. 381–382 topologies. 38–46 IPv6 addressing. 8 troubleshooting ACLs (Access Control Lists).terminal no monitor command. collapsed core network designs. 417 transport input command. 292–294 interswitch links. 300–308 OSPFv2 for IPv4. 270–274 EIGRP for IPv4. 356 Transport layer (OSI model). 403 threat mitigation. 218–219 methodologies for. 199–201 port security. compared. 235–237 HSRP (Hot Standby Router Protocol). 410–426 with IP SLA. 8 timezones. 316–320 PortFast. 130–136 Ethernet interface and cable issues. 421 TFTP (Trivial File Transfer Protocol). 205–207 EtherChannel. 232–234 RIPv2 for IPv4. setting. 202–204 EIGRP for IPv6. 62–65 Layer 3 end-to-end connectivity. 321–322 three-tier network designs. 120 PPPoE (Point to Point Protocol over Ethernet). 22–24 three-way handshake. 348–358 DHCP (Dynamic Host Configuration Protocol). See network topologies traceroute command. 31–32 NAT (Network Address Translation). 107–110 inter-VLAN routing. 208–217 . 280–288 DNS connectivity.

70 upgrading IOS. 802. 388–394 interswitch links. 13 TCP. 275–279 DHCP clients. 277 EIGRP for IPv4. 400–402 user mode. 160–170 . 378–383 device monitoring with syslog and SNMP. 107–110 inter-VLAN routing. 130–136 GRE (Generic Routing Encapsulation). 107–110 trunks. 111–118 STP optional features. 277–278 DHCP servers. 352 V variable length subnet masking. 202–204 EIGRP for IPv6. 235–237 HSRP (Hot Standby Router Protocol). 43 verify /md5 command. 120 device hardening. 235–237 U UDP (User Datagram Protocol). 205–207 EtherChannel. 47–49 unidirectional NAT. 100 tunneling GRE (Generic Routing Encapsulation). 348–358 device management. 330–343 BPDU Guard. 403–404 verifying ACLs (Access Control Lists). static routing. 303 unique local addresses. 422 unicasts.1Q. 119–121 VLANs (virtual local area networks). 292–294 initial device configuration. 11–14 undebug all command. 8 port numbers. 366–370 DHCP (Dynamic Host Configuration Protocol). 99–106 trunk ports. 189–192 STP (Spanning Tree Protocol). compared.

189–192 STP (Spanning Tree Protocol). 100–101 VTY (virtual terminal lines). 120 PPP (Point to Point Protocol). 246–250 static routing. 193–198 OSPFv3 for IPv6. 235–237 MLPPP (Multilink Point to Point Protocol). 300–308 NTP (Network Time Protocol). 228–231 NAT (Network Address Translation). 257 virtual network services. 122–124 local authentication. 20 VLANs (virtual local area networks) configuring. 38–46 IPv6 addressing. 382 MLPPP (Multilink Point to Point Protocol). verifying. IPv4 addressing and subnetting. 228–231 PPP (Point to Point Protocol). 103–104 voice traffic. 228–231 PPPoE (Point to Point Protocol over Ethernet). 289–291 OSPFv2 for IPv4. 232–234 RIPv2 for IPv4. 66–68 Layer 2 protocols. 199–201 port security. 62–65 IPv6 SLAAC. 316–320 PortFast. 99–106 video traffic. 99–106 inter-VLAN routing. 351–352 login banners. 228–231 . 393 W WAN interfaces configuring and verifying with eBGP. 240–241 GRE (Generic Routing Encapsulation). 111–118 STP optional features. troubleshooting. 160–170 voice access ports. 356–357 loopback interfaces. 208–217 single-homed WAN topology with eBGP. 257 VTP (VLAN Trunking Protocol). 119–121 VLANs (virtual local area networks). 246–250 connectivity options.

13 wildcard (inverse) mask. PPPoE (Point to Point Protocol over Ethernet). 16–17 X XaaS (X as a service). 232–234 QoS (Quality of Service). 238–239 well-known port numbers. 256–258 topology options. 20 . 338 WLCs (wireless LAN controllers).

.

.

Presentation. Bits UDP is connectionless. Enjoy this additional study aid! Networking Fundamentals The OSI and TCP/IP Models OSI—the layers are Application. Session. TCP/IP[md]the layers are Application. Packets. UDP is often used for voice and video traffic forms. UDP can multiplex using port numbers to work with multiple applications. TCP can multiplex using port numbers to work with multiple applications. paying special attention to those areas in which you think that you need the most review. Network Interface. Data Link. TCP uses features like flow control.EXAM CRAM: The CCNA Cram Sheet This Cram Sheet contains key information as a final preparation tool for the CCNA exam. TCP has more overhead than UDP. . Transport. sequencing and acknowledgements to ensure reliable and ordered delivery of segments. Transport. UDP has very little overhead. Review this information as the last thing you do before you enter the testing center. Internet. Physical. Frames. TCP is connection-oriented. The PDUs of the Bottom Four Layers Segments. Network.

this is sometimes called the backbone layer A Conversion Chart for IPv4 Addressing and Subnetting Questions . this layer is sometimes called the workstation layer Distribution layer: Provides policy-based connectivity and controls the boundary between the access and core layers Core layer: Provides fast transport between distribution switches within the enterprise campus.Network Layers Access layer: Provides workgroup/user access to the network. as a result.

Modified EUI-64 Host Portion Assignment R1(config)#interface fastEthernet 0/0 R1(config-if)#ipv6 address 2001:AAAA:BBBB::/64 eui-64 R1(config-if)#no shutdown R1(config-if)#end R1# Using SLAAC for Address Assignment on a Cisco Router R1(config)#interface fa0/0 R1(config-if)#ipv6 address autoconfig LAN Switching Technologies The Ethernet Frame Format Creating a VLAN on a Cisco Switch Switch(config)#vlan 20 Switch(config-vlan)#name EAST Switch(config-vlan)#end Switch# %SYS-5-CONFIG_I: .

Switch(config)#interface gi0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 20 Switch(config-if)#end Switch# The Configuration of the Voice VLAN Switch#configure terminal Enter configuration commands. End with CNTL/Z. End with CNTL/Z. one per line. Switch(config)#interface gi1/0 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk Switch(config-if)#end Switch# Routing Technologies . Switch(config)#vlan 50 Switch(config-vlan)#name VOICE Switch(config-vlan)#exit Switch(config)#interface gi0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 30 Switch(config-if)#switchport voice vlan 50 Switch(config-if)#end Configuring Trunking Switch#configure terminal Enter configuration commands. one per line. one per line. End with CNTL/Z. Configured from console by console Switch Configuring an Interface for a VLAN Switch#configure terminal Enter configuration commands.

255.1. End with CNTL/Z.1 255.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 10.1.1 255.0 R1(config-subif)#exit R1(config)#interface gi0/1.255.10. R1(config)#interface gi0/1 R1(config-if)#no shutdown R1(config-if)# %LINK-3-UPDOWN: Interface GigabitEthernet0/1.0 R1(config-subif)#end The Configuration of a Default Static Route R1#configure terminal Enter configuration commands. one . one per line.255.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 10.The ROAS Configuration R1#configure terminal Enter configuration commands. changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1.20. changed state to up R1(config-if)#! Notice no IP address is configured on the physical interface R1(config-if)#interface gi0/1.255.

0. End with CNTL/Z. one per line.0 R1(config-router)#end An OSPF Configuration R1#configure terminal Enter configuration commands.0. one per line.60.20.10. per line.0 10. R1(config)#router eigrp 100 R1(config-router)#network 10.10.0 10. one per line.0. one per line. R1(config)#ip route 0.10.0 0.255 area 0 R1(config-router)#end An EIGRP Configuration R1#configure terminal Enter configuration commands. End with CNTL/Z.0 0.10.255 R1(config-router)#end . R1(config)#router rip R1(config-router)#version 2 R1(config-router)#no auto-summary R1(config-router)#network 10.0.255.10.10.0.255. End with CNTL/Z. R1(config)#router ospf 1 R1(config-router)#network 10. R3(config)#ip route 10.0.0.0 255.0. End with CNTL/Z.0.0 0.60.0.20.2 121 R3(config)#end A RIP Version 2 Configuration R1#configure terminal Enter configuration commands.2 R1(config)#end Configuring an IPv6 Static Route R1#configure terminal R1(config)#ipv6 route 2001:aaaa::/64 serial 0/0 Configuring A Floating Static Route R3#configure terminal Enter configuration commands. End with CNTL/Z.

R2(config)#interface fa0/0 .1.1.8.2 R1(dhcp-config)#network 10.10. client VPN): Dynamic Multipoint VPN is a Cisco invention for created hub and spoke topologies with ease.1.1 R1(dhcp-config)#dns-server 8.1.10 R1(config)#ip dhcp pool ICND1EXAMCRAM R1(dhcp-config)#default-router 10.8 4.1. Configuring a DHCP Server on a Cisco Router R1#configure terminal R1(config)#ip dhcp excluded-address 10.0 /24 R1(dhcp-config)#end Configuring a Cisco Router as a DHCP Client R2#configure terminal Enter configuration commands.1.1. site-to-site VPN.1.WAN Technologies MPLS: Multiprotocol Label Switching is a type of data-carrying technique for high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses Metro Ethernet: A Metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards Broadband PPPoE: Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames Internet VPN (DMVPN.8. one per line.2.2.2 R1(dhcp-config)#option 150 ip 10.1.1 10.2 remote-as 65002 R1(config-router)#end R1# Infrastructure Services nslookup is an excellent DNS troubleshooting command.10. including the dynamic creation of spoke to spoke tunnels in order to reduce the burdens on busy HQ (hub) devices eBGP Technologies R1(config)#router bgp 65000 R1(config-router)#neighbor 10.1. End with CNTL/Z.

1. one per line.3e20.1 R2(config)#end Infrastructure Security Configuring Static Port Security Switch#configure terminal Enter configuration commands. End with CNTL/Z.1. R2(config-if)#ip address dhcp R2(config-if)#no shutdown R2(config-if)#end Configuring a DHCP Relay Agent R2#configure terminal Enter configuration commands. R2(config)#interface fa1/0 R2(config-if)#ip helper-address 10. one per line.3e20. Switch(config)#interface gi1/0 Switch(config-if)#switchport mode access Switch(config-if)#switchport port- security maximum 2 Switch(config-if)#switchport port-security mac-address fa16.1. End with CNTL/Z. R2(config)#ntp server 10.aabb .1.3 R2(config-if)#end Configuring the NTP Master R1(config)#ntp master ? <1-15> Stratum number <cr> R1(config)#ntp master 2 R1(config)#end Configuring the NTP Client R2#configure terminal Enter configuration commands. End with CNTL/Z.58f1 Switch(config-if)#switchport port-security mac-address fa16. one per line.

End with CNTL/Z. End with CNTL/Z.16.1.168. R1(config)#ip access-list standard MYACL R1(config-std-nacl)#deny 10. Building a Standard Numbered ACL R1#configure terminal Enter configuration commands. As a result of this very limited matching criteria.0. Cisco recommends that in general.0 0.255.101 R1(config)#access-list 1 permit 172.0 0.0.1. one per line. standard ACLs be placed as close to the destination of your filtering as possible.255 R1(config-std-nacl)#permit 192.1. Standard ACLs can only match on source IP address.16. one per line.100 R1(config)#access-list 1 deny host 172. End with CNTL/Z.16.255 R1(config)#end Building a Standard Named ACL R1#configure terminal Enter configuration commands.0.255 R1(config-std-nacl)#end Assigning Standard ACLs R1#configure terminal Enter configuration commands. If numbered.0 0.0. one per line. R1(config)#interface fa0/0 R1(config-if)#ip access-group 1 in R1(config-if)#exit R1(config)#interface fa1/0 R1(config-if)#ip access-group MYACL out R1(config-if)#end .255. Switch(config-if)#switchport port- security Switch(config-if)#end Standard Access Control Lists These lists can be named or numbered to identify them. you must use 1–99 or 1300–999.1.0.0. R1(config)#access-list 1 deny host 172.

Inside Source Dynamic PAT R2#configure terminal Enter configuration commands.2. one per line. one per .1 R2(config)#access-list 1 permit 10..100 R2(config)#ip nat inside source list 1 interface fa0/0 overload R2(config)#end Infrastructure Management Saving the Configuration on a Cisco Router R3# R3#copy running-config startup-config Destination filename [startup-config]? Overwrite the previous NVRAM configuration?[confirm] Building configuration. Configuring SSH R2#configure terminal Enter configuration commands.2.2. [OK] R3# The service password-encryption command hashes clear text passwords in the configurations. End with CNTL/Z.. R2(config)#interface fa1/0 R2(config-if)#ip nat inside R2(config-if)#exit R2(config)#interface fa0/0 R2(config-if)#ip nat outside R2(config-if)#exit R2(config)#access-list 1 permit 10.2.

..com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys.....cbtnug gets...... ..INC employees......... .............154-3. How many bits in the modulus [512]: 768 % Generating 768 bit RSA keys... Any other use is strictly prohibited........M3. R2(config)#banner login # Enter TEXT message.....bin a79e325e6c498b70829d4db0afba2011 ...SPA.. line.. End with the character '#'...... Choosing a key modulus greater than 512 may take a few minutes.com R2(config)#crypto key generate rsa The name for the keys will be: R2.......lab... Violators will be prosecuted to the full extent of the law.. keys will be non-exportable...... ... ... one per line... End with CNTL/Z. This router is for the exclusive use of ACME.... R2(config)#ip domain-name lab............................ End with CNTL/Z.........[OK] R2(config)# %SSH-5-ENABLED: SSH has been enabled R2(config)#ip ssh version 2 R2(config)#line vty 0 4 R2(config-line)#transport input ssh R2(config-line)#end Configuring a Login Banner R2#configure terminal Enter configuration commands....# R2(config)#exit Using the copy Command to Upgrade an IOS R2# copy tftp flash The Verify MD5 Feature R1# verify /md5 flash0:c2900-uni- versalk9-mz...... .cbtnuggets.........

SPA.... ............154-3.154-3...bin) =a79e325e6c498b70829d4db0afba2011 ...................M3.. .bin Done! Verified (flash0:c2900-univer- salk9-mz....MD5 of flash0:c2900-universalk9- mz. ......SPA.M3....

You have access to these files by following the steps below: 1. Please note that many of our companion content files can be very large. especially image and video files. Our customer service representatives will assist you. Go to pearsonITcertification. 2. please visit pearsonITcertification. Click on the “Access Bonus Content” link in the Registered Products section of your account page for this product to be taken to the page where your downloadable content is available.Where are the companion content files? Thank you for purchasing this Premium Edition version of: CCNA Routing and Switching 200-125 Exam Cram This product comes with companion content.com/contact and select the “Site Problems/Comments” option.com/account and log in. If you are unable to locate the files for this title by following the steps at left. The Professional and Personal Technology Brands of Pearson .

visit pearsonITcertification. Enter the ISBN: 9780789756749. You May Also Like—Premium Edition eBook and Practice Test. Answer the challenge question as proof of purchase. 4. Go to pearsonITcertification. to be taken to the page where your downloadable content is available. (NOTE: please enter the print book ISBN provided to register the eBook you purchased.com/practicetest The Professional and Personal Technology Brands of Pearson .Where are the companion content files? Register this digital version of CCNA Routing and Switching 200-125 Exam Cram to access important downloads. Register this eBook to unlock the companion files. Follow the steps below: 1. To learn about the Premium Edition eBook and Practice Test series. This eBook version of the print title does not contain the practice test software that accompanies the print book. 2.com/account and log in or create a new account. Click on the “Access Bonus Content” link in the Registered Products section of your account page.) 3.

Pearson IT Certification also sells network simulators and Video Training. Video Training provides you with hours of expert level instruction mapped directly to exam objectives. go to: www. Simply go to the URLs below. Special Offer—Save 50% This single-use coupon code will allow you to purchase either the network Simulator or video training at a 50% discount. and apply the coupon code at checkout: CCNA R&S 200-125 Network Simulator www. If you .pearsonitcertification.PearsonTestPrep.pearsonitcertification.com/title/9780134580708 Coupon Code: EXAM CRAM CCNA Routing and Switching CCNA 200-125 Fifth Edition ISBN: 978-0-7897-5674-9 See other side for your Pearson Test Prep Practice Test activation code and special offers DO NOT DISCARD THIS NUMBER You will need this activation code to activate your practice test in the Pearson Test Prep practice test software. add the product you want to your cart.Video Training / Network Simulators To enhance your preparation. Select Pearson IT Certification as your product group. Network simulators help you develop and improve hands-on configuration and troubleshooting skills without the investment in expensive lab hardware. To access the online version.com. Enter your email/password for your account.com/title/9780134575742 CCNA R&S 200-125 Complete Video Course www.

In the My Products tab. Click the Access Bonus Content link. select Registered Products tab on your account page.com or CiscoPress.pearsonitcertification.com. add the Premium Edition to your cart. Enter the access code printed on this insert card to activate your product.com/join. and MOBI/Kindle) as well as an enhanced edition of the Pearson Test Prep practice test software.don’t have an account on PearsonITCertification. EPUB. Simply go to the URL below.com/title/9780134645322 Coupon Code: . The Premium Edition provides you with three eBook files (PDF. you will need to establish one by going to PearsonITCertification. www. The Premium Edition includes two additional practice exams with links for every question mapped to the eBook.pearsonitcertification. Access Code CCNA Routing and Switching 200-125 Exam Cram. If you wish to use the Windows desktop offline version of the application. Premium Edition and Practice Test To enhance your preparation. Pearson IT Certification also sells a digital Premium Edition of this book. and download and install the software from the companion website. Special Offer—Save 70% This single-use coupon code will allow you to purchase a copy of the Premium Edition at a 70% discount. This access code can be used to register your exam in both the online and offline versions. click the Activate New Product button. and apply the coupon code at checkout. simply register your book at www.com/register. The product will now be listed in your My Products page.

Code Snippets .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Network Fundamentals: Models and Designs 36 Topic: Compare and contrast OSI and TCP/IP models 37 CramQuiz 41 .Table of Contents About This E-Book 2 Title Page 3 Copyright Page 4 Contents at a Glance 6 Contents 8 Preface 14 About the Author 15 Dedication 16 Acknowledgments 17 About the Technical Reviewer 18 We Want to Hear from You! 19 Reader Services 20 Introduction 21 How to Prepare for the Exam 21 Practice Tests 21 Taking a Certification Exam 22 Arriving at the Exam Location 22 In the Testing Center 22 After the Exam 23 About This Book 23 The Exam Blueprint 23 The Chapter Elements 29 Other Book Elements 31 Pearson Test Prep Practice Test Software 31 Accessing the Pearson Test Prep Software Online 31 Accessing the Pearson Test Prep Software Offline 32 Customizing Your Exams 33 Updating Your Exams 33 Contacting the Author 34 Part I: Network Fundamentals 35 Chapter 1.

and troubleshoot IPv4 addressing and subnetting 62 CramQuiz 68 CramQuiz Answers 69 Topic: Compare and contrast IPv4 address types 69 CramQuiz 70 CramQuiz Answers 71 Topic: Describe the need for private IPv4 addressing 71 CramQuiz 72 CramQuiz Answers 73 . Network Fundamentals: IPv4 62 Topic: Configure. verify. CramQuiz Answers 41 Topic: Compare and contrast TCP and UDP protocols 41 CramQuiz 44 CramQuiz Answers 44 Topic: Describe the impact of infrastructure components in an enterprise 45 network CramQuiz 47 CramQuiz Answers 47 Topic: Describe the effects of cloud resources on enterprise network 47 architecture CramQuiz 50 CramQuiz Answers 50 Topic: Compare and contrast collapsed core and three-tier architectures 50 CramQuiz 52 CramQuiz Answers 52 Topic: Compare and contrast network topologies 52 CramQuiz 55 CramQuiz Answers 55 Topic: Select the appropriate cabling type based on implementation 55 requirements CramQuiz 57 CramQuiz Answers 57 Topic: Apply troubleshooting methodologies to resolve problems 57 CramQuiz 58 CramQuiz Answers 59 Review Questions 59 Answers to Review Questions 61 Additional Resources 61 Chapter 2.

and STP 103 Topic: Configure. Trunks. and troubleshoot IPv6 addressing 79 CramQuiz 81 CramQuiz Answers 82 Topic: Configure and verify IPv6 Stateless Address Auto Configuration 82 CramQuiz 84 CramQuiz Answers 84 Topic: Compare and contrast IPv6 address types 84 CramQuiz 86 CramQuiz Answers 86 Review Questions 87 Answers to Review Questions 88 Additional Resources 88 Part II: LAN Switching Technologies 89 Chapter 4. verify. Network Fundamentals: IPv6 76 Topic: Identify the appropriate IPv6 addressing scheme to satisfy 76 addressing requirements in a LAN/WAN environment CramQuiz 78 CramQuiz Answers 79 Topic: Configure. LAN Switching Technologies: Switching Concepts 90 Topic: Describe and verify switching concepts 90 CramQuiz 93 CramQuiz Answers 94 Topic: Interpret Ethernet frame format 94 CramQuiz 96 CramQuiz Answers 96 Topic: Troubleshoot interface and cable issues (collisions. LAN Switching Technologies: VLANs. errors. Review Questions 73 Answers to Review Questions 74 Additional Resources 74 Chapter 3. 96 speed) CramQuiz 100 CramQuiz Answers 101 Review Questions 101 Answers to Review Questions 102 Additional Resources 102 Chapter 5. verify. and troubleshoot VLANs (normal range) spanning 104 multiple switches . duplex.

and troubleshoot (Layer 2/Layer 3) EtherChannel 129 CramQuiz 135 CramQuiz Answers 136 Topic: Describe the benefits of switch stacking and chassis aggregation 136 CramQuiz 137 CramQuiz Answers 137 Review Questions 137 Answers to Review Questions 138 Additional Resources 138 Part III: Routing Technologies 139 Chapter 7. verify. and troubleshoot STP-related optional features 122 CramQuiz 124 CramQuiz Answers 124 Topic: Configure and verify Layer 2 protocols 124 CramQuiz 126 CramQuiz Answers 126 Review Questions 127 Answers to Review Questions 128 Additional Resources 128 Chapter 6. verify. and troubleshoot STP protocols 114 CramQuiz 121 CramQuiz Answers 121 Topic: Configure. verify. Routing Technologies: Routing Concepts 140 Topic: Describe the routing concepts 140 CramQuiz 141 CramQuiz Answers 142 Topic: Interpret the components of routing table 142 CramQuiz 145 CramQuiz Answers 146 Topic: Describe how a routing table is populated by different routing 146 information sources CramQuiz 148 . CramQuiz 109 CramQuiz Answers 110 Topic: Configure. and troubleshoot interswitch connectivity 111 CramQuiz 113 CramQuiz Answers 114 Topic: Configure. LAN Switching Technologies: EtherChannel and Switch Stacking 129 Topic: Configure. verify.

stub. and troubleshoot IPv4 and IPv6 static routing 169 CramQuiz 171 CramQuiz Answers 172 Topic: Configure. stub. and LSAs) CramQuiz 177 CramQuiz Answers 177 Topic: Configure. and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication. Routing Technologies: Inter-VLAN Routing 150 Topic: Configure. CramQuiz Answers 148 Review Questions 148 Answers to Review Questions 149 Additional Resources 149 Chapter 8. and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication. verify. verify. and LSAs) CramQuiz 179 . redistribution. manual 178 summarization. verify. manual 172 summarization. Routing Technologies: Static Routing and Dynamic Routing 168 Topic: Configure. filtering. and troubleshoot inter-VLAN routing 150 CramQuiz 156 CramQuiz Answers 160 Review Questions 160 Answers to Review Questions 161 Additional Resources 161 Chapter 9. filtering. verify. redistribution. virtual-link. virtual-link. Routing Technologies: Routing Methods 162 Topic: Compare and contrast static routing and dynamic routing 162 CramQuiz 163 CramQuiz Answers 164 Topic: Compare and contrast distance vector and link state routing 164 protocols CramQuiz 165 CramQuiz Answers 165 Topic: Compare and contrast interior and exterior routing protocols 165 CramQuiz 166 CramQuiz Answers 166 Review Questions 166 Answers to Review Questions 167 Additional Resources 167 Chapter 10.

WAN Technologies: WAN Options 199 Topic: Configure and verify PPP and MLPPP on WAN interfaces using 199 local authentication CramQuiz 203 CramQuiz Answers 203 Topic: Configure. and troubleshoot PPPoE client-side interfaces 203 using local authentication CramQuiz 205 CramQuiz Answers 205 Topic: Configure. verify. and troubleshoot EIGRP for IPv6 (excluding 182 authentication. verify. verify. redistribution. and stub) CramQuiz 184 CramQuiz Answers 184 Topic: Configure. CramQuiz Answers 180 Topic: Configure. manual summarization. filtering. manual summarization. manual summarization. and troubleshoot GRE tunnel connectivity 205 CramQuiz 207 CramQuiz Answers 208 Topic: Describe WAN topology options 208 CramQuiz 209 CramQuiz Answers 209 Topic: Describe WAN access connectivity options 209 CramQuiz 210 CramQuiz Answers 211 . verify. and troubleshoot EIGRP for IPv4 (excluding 180 authentication. verify. and troubleshoot RIPv2 for IPv4 (excluding 184 authentication. filtering. and stub) CramQuiz 182 CramQuiz Answers 182 Topic: Configure. filtering. and redistribution) CramQuiz 187 CramQuiz Answers 194 Topic: Troubleshoot basic Layer 3 end-to-end connectivity issues 194 CramQuiz 195 CramQuiz Answers 195 Review Questions 195 Answers to Review Questions 196 Additional Resources 197 Part IV: WAN Technologies 198 Chapter 11. redistribution.

and router-based DHCP connectivity issues 236 CramQuiz 241 CramQuiz Answers 244 Topic: Configure and verify NTP operating in client/server mode 244 CramQuiz 246 CramQuiz Answers 246 Topic: Configure. NTP. Review Questions 211 Answers to Review Questions 211 Additional Resource 212 Chapter 12. and troubleshoot basic HSRP 246 . Infrastructure Services: DNS. verify. HSRP 224 Topic: Describe DNS lookup operation 224 CramQuiz 226 CramQuiz Answers 226 Topic: Troubleshoot client connectivity issues involving DNS 226 CramQuiz 231 CramQuiz Answers 231 Topic: Configure and verify DHCP on a router (excluding static 231 reservations) CramQuiz 235 CramQuiz Answers 236 Topic: Troubleshoot client. WAN Technologies: QoS 219 Topic: Describe basic QoS concepts 219 CramQuiz 221 CramQuiz Answers 221 Review Questions 221 Answers to Review Questions 222 Additional Resource 222 Part V: Infrastructure Services 223 Chapter 14. WAN Technologies: eBGP 213 Topic: Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command 213 only) CramQuiz 217 CramQuiz Answers 217 Review Questions 217 Answers to Review Questions 218 Additional Resource 218 Chapter 13. DHCP.

verify. CramQuiz 249 CramQuiz Answers 249 Review Questions 249 Answers to Review Questions 250 Additional Resources 250 Chapter 15. and troubleshoot port security 262 CramQuiz 266 CramQuiz Answers 267 Topic: Describe common access layer threat mitigation techniques 267 CramQuiz 268 CramQuiz Answers 268 Topic: Describe device security using AAA with TACACS+ and RADIUS 268 CramQuiz 269 CramQuiz Answers 269 Review Questions 269 Answers to Review Questions 270 Additional Resources 271 Chapter 17. Infrastructure Security: ACLs 272 Topic: Configure. verify. and troubleshoot inside source NAT 251 CramQuiz 259 CramQuiz Answers 259 Review Questions 260 Answers to Review Questions 260 Additional Resource 260 Part VI: Infrastructure Security 261 Chapter 16. AAA 262 Topic: Configure. Infrastructure Security: Device Hardening 287 Topic: Configure. verify. Infrastructure Security: Access Layer Security. verify. and troubleshoot IPv4 standard numbered and 272 named access list for routed interfaces CramQuiz 284 CramQuiz Answers 285 Review Questions 285 Answers to Review Questions 286 Additional Resources 286 Chapter 18. Infrastructure Services: NAT 251 Topic: Configure. and troubleshoot basic device hardening 287 CramQuiz 296 .

Infrastructure Management: Device Maintenance 323 Topic: Perform device maintenance 323 CramQuiz 327 CramQuiz Answers 328 Review Questions 328 Answers to Review Questions 329 Additional Resources 329 Chapter 23. Infrastructure Management: Initial Device Configuration 316 Topic: Configure and verify initial device configuration 316 CramQuiz 321 CramQuiz Answers 322 Review Questions 322 Answers to Review Questions 322 Additional Resource 322 Chapter 22. IP SLA 300 Topic: Configure and verify device-monitoring using syslog and SNMP 300 CramQuiz 304 CramQuiz Answers 304 Topic: Troubleshoot network connectivity issues using ICMP echo-based 304 IP SLA CramQuiz 306 CramQuiz Answers 306 Review Questions 306 Answers to Review Questions 307 Additional Resources 307 Chapter 20. Infrastructure Management: IOS Troubleshooting Tools 330 . Syslog. Infrastructure Management: Device Management 308 Topic: Configure and verify device management 308 CramQuiz 313 CramQuiz Answers 314 Review Questions 314 Answers to Review Questions 314 Additional Resources 314 Chapter 21. CramQuiz Answers 297 Review Questions 297 Answers to Review Questions 298 Additional Resources 298 Part VII: Infrastructure Management 299 Chapter 19. Infrastructure Management: SNMP.

Topic: Use Cisco IOS tools to troubleshoot and resolve problems 330 CramQuiz 345 CramQuiz Answers 346 Review Questions 347 Answers to Review Questions 348 Additional Resources 348 Chapter 24. and Glossary 353 Command Reference 354 Practice Exam 1 364 Answer Key to Practice Exam 1 379 Answers at a Glance to Practice Exam 1 379 Answers with Explanations 381 Practice Exam 2 388 Answer Key to Practice Exam 2 414 Answers at a Glance to Practice Exam 2 414 Answers with Explanations 416 Glossary 422 Index 440 Tear Card 460 Where are the companion content files? 472 Access Card 474 Code Snippets 476 . Practice Exams. Infrastructure Management: Network Programmability 349 Topic: Describe network programmability in enterprise network 349 architecture CramQuiz 351 CramQuiz Answers 352 Review Questions 352 Answers to Review Questions 352 Additional Resource 352 Part VIII: Command Reference.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.
ciscoexam-online-sale-200-125-exam    | udemy-newccnax-sale-200-125-exam    | whats-new-with-ccna-sale-200-125-exam    | ccna-practice-quiz-sale-200-125-exam    | What-is-the-difference-sale-200-125-exam-cert    | boson-practice-sale-200-125-exam-practice    | measureup-Cisco-Certified-Network-Associate-sale-200-125-exam    | globed-cisco-new-ccna-sale-200-125-exam-standard    | exam-labs-sale-200-125-exam-cert    | streaming-ccna-sale-200-125-exam-technologies    | caring-charts-blood-pressure-sale-200-125-exam    | pluralsight-courses-networking-cisco-sale-200-125-exam    | pearsonitcertification-articles-sale-200-125-exam    | safaribooksonline-library-sale-200-125-exam-routing    | learncisco-ccna.php-sale-200-125-exam-tast    | protechgurus-fees-syllabus-sale-200-125-exam    | certificationkits-cisco-ccna-sale-200-125-exam-standard-kit    | zeqr-lazaro-diaz-course-sale-200-125-exam    | 9tut-faqs-tips-sale-200-125-exam    | scribd-document-CCNA-sale-200-125-exam    | itunes-ccnax-sale-200-125-exam    | linkedin-cisco-sale-200-125-exam-questions-details    | teachertube-ccna-sale-200-125-exam-practice    | killexams-detail-sale-200-125-exam    | examsboost-test-sale-200-125-exam    | ccnav6-online-full-collections-sale-200-125-exam    | spiceworks-topic-sale-200-125-exam    | behance-gallery-sale-200-125-exam    | vceguide-share-experience-sale-200-125-exam    | techexams-forums-ccna-sale-200-125-exam    | free4arab-sale-200-125-exam    | openlearning-courses-sale-200-125-exam    | mindhub-Cisco-Certified-Network-sale-200-125-exam    | vceplus-ccna-exam-sale-200-125-exam    | examsforall-cisco-sale-200-125-exam    | how2pass-ccna-practice-tests-sale-200-125-exam    | simulationexams-details-ccna-sale-200-125-exam    | teksystems-sale-200-125-exam-routing-switching    | cram-flashcards-sale-200-125-exam    | pass4cert-cisco-new-ccna-sale-200-125-exam    | snatpedia-ccnaa-sale-200-125-exam    | cert4sure-free-download-sale-200-125-exam    | logicindia-ccnarouting-switching-sale-200-125-exam    | justcerts-practice-questions-sale-200-125-exam    | isc2-cissp-sale-CISSP-exam    | infosecinstitute-cissp-boot-camp-sale-CISSP-exam    | tomsitpro-security-certifications-sale-CISSP-125-exam    | infoworld-cissp-certification-sale-CISSP-exam    | welivesecurity.com-cissp-certified-sale-CISSP-exam    | searchsecurity-definition-sale-CISSP-exam    | simplilearn-cyber-security-training-sale-CISSP-exam    | arstechnica-security-sale-CISSP-exam    | cybrary-course-cissp-sale-CISSP-exam    | skillset-cissp-sale-CISSP-exam    | transcender-certprep-sale-CISSP-exam    | pearsonvue-sale-CISSP-exam-cert    | gocertify-isc2-issp-sale-CISSP-exam    | trainingcamp-training-bootcamp-sale-CISSP-exam    | cbtnuggets-security-sale-CISSP-exam    | cglobalknowledge.com-us-en-sale-CISSP-exam    | itgovernance-cissp-sale-CISSP-exam    | boson-certification-sale-CISSP-exam    | firebrandnordic-training-sale-CISSP-exam    | firebrandnordic-sale-CISSP-exam-123    | cybervista-sale-CISSP-exam-cert    | becker-sale-CISSP-exam-pdf    | youracclaim-certified-information-sale-CISSP-exam    | techexams-forums-sale-CISSP-exam    | munitechacademy-courses-sale-CISSP-exam    | hot-topics-cyber-security-courses-sale-CISSP-exam    | pearsonitcertification-sale-CISSP-exam    | sybextestbanks-wiley-sale-CISSP-exam    | lifewire-preparing-sale-CISSP-exam    | villanovau.com-resources-iss-sale-CISSP-exam    | intenseschool-boot-sale-CISSP-exam    | phoenixts-training-sale-CISSP-exam    | infosecisland-blogview-sale-CISSP-exam    | centralohioissa-member-sale-CISSP-exam    | learningtree-courses-certified-information-sale-CISSP-exam    | udallas.edu-executive-education-sale-CISSP-exam    | umbctraining-Courses-catalog-sale-CISSP-exam    | skyhighnetworks-cloud-security-sale-CISSP-exam    | helpnetsecurity-cert-sale-CISSP-exam    | secureninja-certification-bootcamp-sale-CISSP-exam    | mercurysolutions-information-sale-CISSP-exam    | exam-labs-info-sale-100-105-exam-pdf    | cbtnuggets-training-ccna-icnd1-sale-100-105-exam    | gocertify-ccent-practice-quiz-sale-100-105-exam    | ciscopress.com-ccna-icnd1-sale-100-105-exam    | boson-practice-sale-100-105-exam    | examcollectionuk-vce-download-sale-100-105-exam    | pearsonitcertification-articles-sale-100-105-exam    | transcender-practice-sale-100-105-exam-test    | techexams-forums-ccna-ccent-sale-100-105-exam    | shop-oreilly-sale-100-105-exam    | safaribooksonline-library-view-sale-100-105-exam    | subnetting-download-ccent-sale-100-105-exam    | 2cram-icnd1-online-quiz-sale-100-105-exam    | networklessons-routing-sale-100-105-exam    | centriq-123-ccna-certification-sale-100-105-exam    | ituonline-interconnecting-sale-100-105-exam    | transcender-introducing-the-new-sale-100-105-exam    | measureup-Networking-Devices-Part-sale-100-105-exam    | vceguide-icnd1-experience-sale-100-105-exam    | dumpscollection-dumps-sale-100-105-exam    | computerminds-business-sale-100-105-exam    | globed-ccent-or-icnd1-sale-100-105-exam    | ucertify-load-course-sale-100-105-exam    | academy-gns3-sale-100-105-exam    | visiontrainingsystems-product-sale-100-105-exam    | pearsonhighered-program-Wilkins-CCENT-sale-100-105-exam    | vceplus-ccent-sale-100-105-exam    | mindhub-Interconnecting-sale-100-105-exam    | sale-70-410-exam    | we-sale-70-410-exam    |
http://mleb.net/    | http://mleb.net/    |