CCENT Cisco Certified Entry Networking Technician Study Guide (Exam 640-822) (Study Guide Book & CD)

CCENT™ ® Cisco Certified Entry Networking Technician Study Guide (Exam 640-822) This page intentionally left blank ...

Author: Matt Walker | Angela Walker

108 downloads 2283 Views 17MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!

Report copyright / DMCA form

DOWNLOAD PDF

CCENT™

®

Cisco Certified Entry Networking Technician Study Guide (Exam 640-822)

This page intentionally left blank

®

CCENT™

Cisco Certified Entry Networking Technician Study Guide (Exam 640-822) Matthew Walker Angie Walker This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc. in any manner. Cisco®, Cisco Systems®, CCDA®, CCNA®, CCDP®, CCNP®, CCIE®, CCIP®, CCSP®, CCVP®, CCDETM, CCENTTM, the Cisco Systems logo, and the Cisco Certified Internetwork Expert logo are trademarks or registered trademarks of Cisco Systems, Inc., in the United States and certain other countries. All other trademarks are trademarks of their respective owners. This publication and CD may be used in assisting students to prepare for an exam. Neither The McGraw-Hill Companies nor Boson Software warrant that use of this publication and CD will ensure passing any exam.

New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

Copyright © 2008 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-164378-8 The material in this eBook also appears in the print version of this title: 0-07-159114-1. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/0071591141

This book is dedicated to my father, Ronald Walker (1947–2008). We miss you, Dad.

This page intentionally left blank

ABOUT THE AUTHORS

Matthew Walker is the IA Training Instructor Supervisor and a Sr. IA Analyst at Dynetics, Inc., in Huntsville, Alabama. An IT education professional for over 15 years, Matt served as the Director of the Network Training Center and the Curriculum Lead and Senior Instructor for the local Cisco Networking Academy on Ramstein AB, Germany. After leaving the US Air Force, Matt served as a Network Engineer for NASA’s Secure Network Systems, designing and maintaining secured data, voice, and video networking for the agency. He has written and contributed to numerous technical training books for Air Education and Training Command, United States Air Force, and continues to train, and write, certification and college-level IT and IA Security courses. Matt holds numerous commercial certifications, including Cisco Certified Network Professional (CCNP), Microsoft Certified System Engineer (MCSE), CEH (Certified Ethical Hacker), CNDA (Certified Network Defense Architect), and Certified Pen Test Specialist (CPTS). Angie Walker is currently the Chief Information Security Officer for the University of North Alabama, located in beautiful Florence, Alabama. Among the many positions she has filled over the course of her 20-plus years in Information Technology and Information Assurance are Manager of the Information Systems Security (ISS) Office for the Missile Defense Agency (MDA) South, as well as the lead for the MDA Alternate Computer Emergency Response Team (ACERT). She served as Superintendent of the United States Air Forces in Europe (USAFE) Communications and Information Training Center, Superintendent of the 386 Communications Squadron on Ali Al Saleem AB, Kuwait, and Senior Information Security Analyst for Army Aviation Unmanned Aircraft Systems. Angie holds several industry certifications, including CISSP, Network+ and Security+, and a master’s degree in Information Systems Management. With over nine years of IT and IA educational experience, she has developed and taught courseware worldwide for the US Air Force, as well as several computer science courses as an instructor for the University of Alabama in Huntsville, and Kaplan University in Fort Lauderdale, Florida.

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

About the Tech Editor Bobby E. Rogers is a Senior Information Assurance Analyst for Dynetics, Inc., in Huntsville, Alabama. In addition to working in the Certification and Accreditation process for the U.S. government, Bobby also leads penetration testing teams for Dynetics. Bobby recently retired from the United States Air Force after almost 21 years, serving as a computer networking and security specialist, and has designed and managed networks all over the world. He has held several positions of responsibility overseeing network security in both the Department of Defense and private company networks. His duties have included perimeter security, client-side security, security policy development, security training, penetration testing, and computer crime investigation. As a trainer, he has taught a wide variety of IT-related subjects in both makeshift classrooms in tents in the desert and formal training centers. He also has taught a wide variety of courses as a part-time contractor for several nationally known training centers and a major university. Bobby is an accomplished author, having written numerous IT articles in various publications and training materials for the U.S. Air Force, and has authored several training videos on a wide variety of IT security topics. He is also a regular security article contributor for several online IT sites. He has a Bachelor of Science degree in Computer Information Systems from Excelsior College, and two Associates in Applied Science degrees from the Community College of the Air Force. Bobby’s professional IT certifications include: A+, Security+, ACP, CCNA, CCAI, CIW, CIWSA, MCP+I, MCSA (Windows 2000 & 2003), MCSE (Windows NT4, 2000, & 2003), MCSE: Security (Windows 2000 & 2003), CISSP, CHFI, CIFI, CPTS, and CEH.

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

CONTENTS AT A GLANCE

1

Networking 101

..............................................................

1

2

TCP/IP

.......................................................................

31

3

Network Media and Devices

4

Ethernet Fundamentals

5

Switching: Moving Data Inside Your Network

6

Routing Essentials and IP Addressing

................................................

69

.....................................................

101

...........................

129

......................................

155

7

IP Address Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

191

8

Interfacing with Cisco Devices

.............................................

229

9

Cisco Switch Configuration

................................................

271

10

Cisco Router Configuration

................................................

315

11

WANs and WLANs

.........................................................

363

12

Applications, Security, and Troubleshooting

A

About the CD Glossary Index

..............................

403

................................................................

455

.......................................................................

461

. . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

495

ix

This page intentionally left blank

For more information about this title, click here

CONTENTS

Foreword . . . . . .................................................... xvii Preface . . . . . . ..................................................... xix Acknowledgments ................................................. xxv Introduction . ..................................................... xxvii

1

2

Networking 101 ................................................

1

Network Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The OSI Reference Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Functions and Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Protocol Data Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2 2 5 8 11 11 12 17 19 23 25 28

TCP/IP ...........................................................

31

TCP/IP and OSI Reference Model Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . TCP/IP History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing the Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Application Layer Functions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 2-1: Viewing TCP/IP Protocols in Action . . . . . . . . Transport Layer Functions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Numbers and Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32 32 33 34 34 37 39 42 46 47 50 51

xi

xii

CCENT Cisco Certified Entry Networking Technician Study Guide

3

4

Internet and Network Access Layer Functions and Protocols . . . . . . . . . . . IP and ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Access Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53 54 56 59 62 66

Network Media and Devices .................................

69

Network Media . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Media Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Copper Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fiber Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Devices . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transceivers, Repeaters, and Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridges and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 70 71 77 79 79 80 81 85 87 88 92 94 98

Ethernet Fundamentals ...................................... 101 Ethernet History . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frame Types and Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Media Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5

102 103 103 107 112 116 121 122 126

Switching: Moving Data Inside Your Network ............. 129 Switch Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Initialization Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

130 130 133

Contents

Duplex and Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Installation and Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . Looping and STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6

136 137 139 139 140 142 146 148 152

Routing Essentials and IP Addressing ...................... 155 Routing Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Logic and Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routed and Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7

xiii

156 157 162 168 168 171 174 183 185 189

IP Address Subnetting ........................................ 191 Foundation Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Binary Math . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boolean AND Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 7-1: Binary Math Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Definition and Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Mask Creation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Decoding Subnet Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applying Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnetting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 7-2: Decoding and Applying Subnet Information . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

192 192 197 198 199 200 202 206 206 208 210 214 220 223 226

xiv

CCENT Cisco Certified Entry Networking Technician Study Guide

8

Interfacing with Cisco Devices .............................. 229 The IOS and Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Cisco IOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 8-1: Router Connection Methods—HyperTerminal and Telnet . . . . . . . . . . . . . . . . . . . . . . . . The CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Help Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 8-2: Basic CLI Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing the Router and Switch CLI . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9

230 230 234 238 241 244 249 249 252 257 258 263 265 269

Cisco Switch Configuration .................................. 271 About Cisco Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the System Configuration Dialog . . . . . . . . . . . . . . . . . . . . . . . . . Basic Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Securing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-1: Basic Switch Configuration . . . . . . . . . . . . . . . . . . . . Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-2: SSH Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN1 and the Switch IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Speed, Duplex, and Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-3: Interface and VLAN Configuration . . . . . . . . . . Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

272 272 274 275 276 278 281 282 285 285 287 289 290 291 292 294 297 299

Contents

xv

✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

305 309 313

10 Cisco Router Configuration .................................. 315 First Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Cisco Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Initial Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-1: Basic Router Configuration . . . . . . . . . . . . . . . . . . Configure Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-2: Static Route Configuration . . . . . . . . . . . . . . . . . . Dynamic Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring RIPv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-3: Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring an Internet Access Router . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

316 316 321 324 325 327 329 333 334 336 337 341 342 354 357 361

11 WANs and WLANs ............................................ 363 Wide Area Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WAN Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Point-to-Point Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet Switched Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access Technologies .................................... WAN Configuration Extras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

364 365 368 371 374 378 380 380 384 386 394 397 401

xvi

CCENT Cisco Certified Entry Networking Technician Study Guide

12 Applications, Security, and Troubleshooting ............... 403 Application Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Application Needs and Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . telnet (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 12-1: telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Threats and Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mitigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Host Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch and Router Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 12-2: Using CDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A

404 404 407 409 410 410 414 417 418 423 426 430 445 448 452

About the CD .................................................. 455 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing and Running the Boson NetSim LE and BEE . . . . . . . . . . . . . . . . . Boson NetSim LE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BEE and Practice Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Electronic Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CertCams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Removal Installation(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Book Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boson Software Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

456 456 456 457 458 458 458 459 459 459

Glossary ............................................................... 461 Index ................................................................... 495

FOREWORD

From Boson Software The Cisco CCENT certification requires that you learn and master a number of skills. As you read this book, incorporating Boson NetSim into your learning process will help you successfully complete the CCENT certification. The Boson NetSim Limited Edition (LE) included with this book will get you started on your way, and additional capability from the full edition is available after purchasing an upgrade. Boson NetSim will help you with the practical hands-on portion of your education, and it ensures that you not only understand the concepts of routing and switching but that you can actually configure and implement routing and switching on Cisco devices. Once you feel you have mastered both the theory and the practical labs, you can test your knowledge using the exams included with this book and the CD. You may also purchase ExSim-Max practice exams from Boson, available at http://www.boson.com. ExSim-Max is the most realistic practice exam on the market with questions that are well-written, technically accurate, and completely representative of those on the actual exam. With ExSim-Max, you can be sure you are ready to pass the real exam. Boson NetSim is the most advanced network simulator on the market for learning how to configure a Cisco router and Catalyst switch. Boson NetSim will not only help you become CCENT certified, it will actually help you learn and understand how to configure routers, switches, and networks. The Boson NetSim LE can be upgraded to the full edition for CCENT at any time at http://www.boson.com/mcgrawhill (with a valid activation code from your qualifying McGraw-Hill book). Upgrading enables all other Boson NetSim labs, commands, telnet, and advanced features. Don’t forget to complete your study with ExSim-Max practice exams. Thank you very much, and best wishes in your future studies! Boson Software http://www.boson.com

xvii Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

This page intentionally left blank

PREFACE

O

f course, the primary focus of our book is to help you achieve the Cisco Certified Entry-level Network Technician certification—but there’s more to it than that. We’ve provided all the background and technical knowledge in this book that you’ll need to be successful on the exam, as well as a few exercises and hands-on projects to increase your odds. Hopefully, though, we’ll also succeed in two other, secondary but just as important, goals. First, after reading through this we’d be happy to see you emboldened with confidence. Yes, we whole-heartedly believe, and would like to make sure you know, YOU CAN DO IT! Sure, certifications are hard—they’re supposed to be; if they were easy, everyone would do it—but this isn’t something you’re not capable of. This book was written in the same manner we learned the information—in a simple, easy and, yes, fun fashion. Look at it this way: If a couple of yahoos from Alabama, with four kids and two full-time jobs, can figure this stuff out, you should do just fine. Secondly, after all is said and done, we sure hope you don’t stop. CCENT is a great certification, but it’s not the end-all be-all. Instead, it should be a great beginning for you. After you pass—and you know you will—follow it up with personal practice, hands-on experience, and study. Put into play what you’ve been studying for all this time and prove you know it. Then, of course, start on your next certification—the CCNA. After you’ve completed the CCENT certification by passing the Interconnecting Cisco Network Devices (ICND) v1 640-822 exam, you’ll be (literally) halfway to a CCNA certification. The ICNDv2 640-816 exam covers the second half of the CCNA body of knowledge and is more Cisco IOS configuration-, and device-, centric. An excellent resource for studying for “part 2” is the Cisco Certified Network Associate (CCNA) Study Guide (McGraw-Hill) by Richard Deal.

In This Book This book covers all the exam objectives posted on Cisco’s web site concerning the CCNA 640-822 exam. Each chapter explores one or more of the main objectives in this list. You’ll also find much repetition from chapter to chapter since some objectives are covered across multiple chapters. The Introduction offers a breakdown of Cisco’s objectives and which chapter of this book covers each objective.

xix Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

xx

CCENT Cisco Certified Entry Networking Technician Study Guide

In Every Chapter Each chapter has several components designed to effectively communicate the information you’ll need for the exam: ■ Every chapter begins with the Certification Objectives. These identify the

major topics within each section on the exam, dealing with the chapter topic. Using these objective headings will help you keep track of where you are with your studies. ■ Practice Exercises, step-by-step exercises providing hands-on experience,

are found in chapters with configuration objectives. While some chapters require only knowledge and comprehension levels, other objectives require you to know how a specific configuration option is entered into the switch or router. These practice exercises are designed to reinforce the chapter verbiage and provide insight into the skills that are likely to be an area of focus on the exam. The information covered in these exercises is not simply for reading purposes—you’ll be required to perform configuration on a variety of scenario and simulation questions on the exam. Don’t fail to prepare for them by simply reading over the practice exercises—practice them and be very, very comfortable with their focus. These exercises will always work with the simulator product, produced by Boson and provided with this book, but they can be used anywhere. Practice as much as you can with the simulator and with real equipment, should you have the opportunity. ■ On the Job entries are found throughout all the chapters and are designed to

point out information and tips that will be helpful both in your day-to-day responsibilities and in studying for the exam. Please note that while these notes provide insights, tips, and otherwise interesting tidbits of information, they are also sometimes used to reinforce testable material. Don’t dismiss them as simply “neat”—some of the mistakes and real-world issues described in these notes may prove the difference in correctly answering a question or two on the exam! ■ Exam Watch notes highlight specific information within the section on

which to focus your studies. Do not rely on them totally, but be sure to read over them before the exam. ■

Remember the benefits and disadvantages of static routing, and commit Table 6-2 to memory.

An Inside the Exam entry is provided at the end of each chapter and basically summarizes the important aspects of the chapter in regards to the exam. Tips and tricks mentioned in this section will definitely help you understand what to expect on the test.

Preface

✓■ Q&A ■

xxi

The Two-Minute Drill is a full summary of the chapter, condensed and organized for quick last-minute review. The Self Test section at the end of each chapter offers questions similar to those found on the certification exams. Answers and explanations of both correct and incorrect choices are provided to assist in understanding the material.

Some Pointers This may seem strange to say, since we wrote this book and hope everyone in the networking arena gets a copy, but we’ll say it anyway: First and foremost, do not rely on this book alone to pass your CCENT exam. There’s not a book on the planet that, by itself, will fully prepare you for the test. Read this book, using the pointers we provide here to guide your study, but never forget to practice, practice, practice. The benefit of hands-on real-world experience in preparing you for the exam is immeasurable. This book is, we humbly feel, a great guide to follow in preparing for the exam, but you’ll definitely need plenty of practice outside its pages to succeed. Once you finish reading this book, be sure to do a thorough review of everything: 1. Reread all the Two-Minute Drills. These will serve as an excellent “cram” session just before the exam. 2. Reread all the Exam Watch notes. Knowing the information to satisfy each knowledge objective is one thing, but it’s only part of the battle. To be truly successful, you’ll need to know what to expect on the exam itself. Reading the Exam Watch notes will give you insights into how the information will be presented on the exam, and what to expect. If you know this upfront, you won’t be surprised on the exam, and your confidence will contribute to your success. 3. Retake the Self Test sections at the back of each chapter. Immediately after reading the chapter, give the accompanying Self Test a shot. Then, after you’re done with the entire book, go back and take each Self Test again. Facing all the questions at one time is very similar to the exam itself, and will help with your study. Please note that simply memorizing these questions and answers will NOT help you on the exam. The Self Test questions are similar to what you’ll see, but they’re not exact replicas. 4. Use the Exam Test Engine on the CD. The test engine, provided by Boson Software on the CD accompanying this book, provides plenty of questions to prepare you for the exam. You can choose to quiz yourself on all questions, much like the exam itself, or target your study by focusing on a single category.

xxii

CCENT Cisco Certified Entry Networking Technician Study Guide

Categories roughly match the chapter outline of the book, to help mark your progression. Additionally, you can also purchase extra tests from Boson Software at their web site (www.boson.com). 5. Do all the Practice Exercises in each of the chapters. You will be required to perform configuration and troubleshooting on simulators during the exam. While CCENT doesn’t go overboard with these, you’ll definitely need to be familiar with all the configuration commands and steps included in this text. Use the exercises in the book to reinforce concepts and prepare for the exam. Additionally, feel free to experiment on your own—especially if you have access to equipment. Interject problems to working environments and note various troubleshooting techniques you can use to fix the problem. The configuration of devices is a big part of the exam, but troubleshooting and examining configuration files for errors will play a large role in your success or failure. 6. There may be some simulation questions on the CCENT exam. In simulation questions, you’ll be required to perform basic configuration and troubleshooting tasks on a Cisco router and/or switch. Therefore, it is important that you have good configuration skills. Use the Practice Exercises to hone your configuration skills! You may come across a simulation scenario presenting a flawed configuration on the exam. The more you practice with the exercises and Boson’s NetSim, the easier it will be to spot these configuration errors right off the bat.

Practice Exams and the Simulator Hands-on practice and real-world experience are essential in your preparation for the exam. The practice exercises and simulator built for this book are designed with exactly that in mind—giving you hands-on experience and an opportunity to practice to your heart’s delight. The network provided in the simulator should allow you ample opportunity to see all the command and configuration options in action. The network is displayed in Figure 1, with addressing for all exercises spelled out in Figure 2. This network provides every configuration option covered in the book. As you go through the practice exercises, refer to Figures 1 and 2 to “see” how your configuration should be applied. Additionally, don’t just rely on the exercises, as written, for your study. Feel free to create your own configurations on each device. Use all the show and debug commands you want to see the IOS in action. Finally, after configuring the network to function, purposely change configuration options to see the results. Using the practice exercises and your own creativity on this network will greatly increase your odds of passing the exam.

Preface

FIGURE 1

A simulator network for practice exercises

PC-1

xxiii

PC-3

Fast Ethernet 2960-2 Switch

Serial Point-to-Point (T-line or DirectConnected in a Lab)

2960-1 Fast Switch Fast Ethernet Ethernet 2800-1 Router

Fast Ethernet

Fast Ethernet

2960-4 Switch

2800-2 Router

Fast Ethernet

2960-3 Switch Fast Ethernet

PC-4

PC-2

IP: 192.168.1.11 Mask: 255.255.255.0 Gateway: 192.168.1.1

FIGURE 2

Addressing for the network topology used for the practice exercises

PC-3

PC-1 MAC:

00-00-11-AA-BB-CC

IP: 192.168.2.10 Mask: 255.255.255.0 Gateway: 192.168.3.1 MAC:

00-00-33-AA-BB-CC

Fast Ethernet 2960-1 192.168.1.2/24

FA0/2 FA0/1

FA0/2 FA0/1

FA0/1

FA0/2 2960-2 192.168.1.4/24

FA0/3

FA0/3

FA0/2

FA0/1

FA0/3

2800-1 FA0/0: 192.168.1.1/24 S1/0: 172.16.0.1/24 (DCE)

2960-4 192.168.2.2/24

FA0/3 2800-2 FA0/0: 192.168.2.1/24 S1/0: 172.16.0.254/24 (DTE)

2960-3 192.168.1.3/24

PC-2

IP: 192.168.1.10 Mask: 255.255.255.0 Gateway: 192.168.1.1 MAC:

00-00-22-AA-BB-CC

PC-4

IP: 192.168.2.11 Mask: 255.255.255.0 Gateway: 192.168.3.1 MAC:

00-00-44-AA-BB-CC

This page intentionally left blank

ACKNOWLEDGMENTS

W

e would like to thank the following people: ■ This book would not have been possible without the support of Dynetics, Inc.,

and Matt’s supervisor, Paul Clark. Paul’s willingness to help—no matter what was asked nor when—was critical throughout this entire process. Balancing work, family, and writing is a tough business, and without the willingness displayed by Dynetics to support the effort, we never would have finished. ■ A special thanks to Bobby Rogers for providing excellent technical insight on

editing this book. Bobby’s acerbic wit and his attention to details we simply didn’t think about proved vital to the success of this project. ■ The team at McGraw-Hill (Jennifer Housh, Tim Green, Vasundhara

Sawhney, and Jody McKenzie) is due several toasts at the local establishment of their choice. The unbelievable patience and support they displayed throughout every stage of this process was nothing short of amazing. It’s been an honor and a privilege to work with such an outstanding, professional, and fun group of people. ■ Finally, there is no way this book could have ever even been started, much

less completed, without a lot of understanding and patience from our children. Faith, Hope, Charity, and Christian—thanks for putting up with us. All those nights of, “Not right now, Daddy’s writing,” are finally over! At least for now…

xxv Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

This page intentionally left blank

INTRODUCTION

How to Take a Cisco Certification Examination This introduction offers a host of information on your CCENT certification and prepares you for taking the actual examination. In this section, you’ll find a brief overview of Cisco’s certification program, and some guidelines on methods of preparing and studying for the exam, including what to expect on the exam itself and some simple things you can do on test day to increase your chances of passing.

Cisco’s Certification Program Cisco now has a number of certifications, ranging from entry level (CCENT) and advanced routing and switching (CCIE) to network security, wireless, and VoIP. Cisco recommends a variety of classes as training for these individual certifications, but they are not mandatory—all one need do to hold the certification is pass the appropriate test(s). With the right experience, study materials, and a good work ethic, you’ll pass any Cisco exam without necessarily attending the recommended course. Cisco is constantly changing and updating their certification requirements. For more information about Cisco certifications and exams, visit Cisco on the Web at www.cisco.com/web/learning/index.html.

Cisco’s web site is a veritable gold mine of information regarding your certification. Not only will you be referring to it for certification tracking purposes after your exam, but you can also find plenty of information to help you achieve the certification in the

first place. In addition to the objectives being tested for each exam, you will find exam-specific information, sample test questions, information on becoming certified, demonstration tutorial videos, and the latest news on Cisco certification.

xxvii Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

xxviii

CCENT Cisco Certified Entry Networking Technician Study Guide

Computer-Based Testing I know you’d probably prefer to be told that a certification exam actually tests your skills in a real-world hands-on environment, but unfortunately this just isn’t true. Imagine trying to ensure that a stable, secured, unchanging network is available at every test center, worldwide, for candidates attempting a certification. It simply couldn’t be—such logistics would preclude anyone from ever offering a certification—especially those as far reaching as Cisco’s certifications. To get around this, Cisco (and most vendors, for that matter) relies on a computer-based testing service, operated by Pearson Vue. Pearson Vue provides a secured testing environment in a number of facilities around the world (there’s probably a Pearson Vue test center in your own town). Tests on a Vue system are relatively straightforward and are similar from vendor to vendor. Cisco is unique in that they do not make use of the “adaptive” testing format (thank goodness). Cisco instead relies on a more traditional format, simply providing test questions in a random order and scoring participants according to their success or failure on each question. However, there is another characteristic of a Cisco test you will not find on any other vendor: Cisco does not allow you to mark a question for further review. In other words, whether you answer the question or not, once you press the “Next” button to move on, you are no longer allowed to view that question.

I cannot stress this point enough: You are not allowed to skip questions and return to them later on a Cisco exam! Most test-takers will tell you a good strategy on any exam is to skip the questions you don’t know and return to them later since many times

a question later in the exam will provide insight into those you don’t know. On a Cisco test, though, if you skip it, you miss it. Sometimes you may need to pass one over for time purposes. Just keep in mind that once it’s gone, you’ll never see it again!

Each test consists of a random set of questions pulled from an enormous pool of them. During the “beta testing” of the exam, Cisco will compile and refine a huge amount of questions for this pool. Thus, when you receive your test, it simply retrieves a unique combination of these questions to test your ability. Some are

Introduction

xxix

straightforward multiple-choice questions, while others are based on a simulator (forcing you to use your hands-on experience as well as your “book” knowledge). Cisco exams are also timed—lasting usually 75 to 90 minutes, depending on the number of questions and the particular test. The time you have remaining for your specific exam will be displayed in a small box on the corner of the computer screen. If your time elapses, the exam will be scored based on what you have answered up to that point (of course, all unanswered questions will be counted as incorrect answers). Lastly, the scoring of the test, and the feedback you’ll receive after an attempt, warrant some discussion. As soon as the exam is over, your score will be calculated and displayed onscreen for your review. It will also be passed on electronically to Cisco, for tracking purposes. Whether you pass or fail, you’ll receive a printed report from the test administrator, showing your overall score and a score for each objective the exam covered. Unfortunately, you will not receive a list of the questions you marked incorrectly.

Question Types Cisco uses many different question formats in their exams, most of which should be covered here in this section. While you’ll find a brief overview of what to expect here, your best resource on any particular exam is to talk things over with other testtakers. No, it won’t do you much good to ask exactly what’s on the exam, since each is different, but you can get an idea of what types of questions to expect. Check with Cisco’s web site for something called the Cisco Network Professionals Connection. Between this and other forums on the site, you can get a good idea of what the CCENT exam makeup will be like.

True/False Oh, I know what you’re thinking. I can sense it a mile away, and although I don’t like the idea of shattering your hopes on anything, anywhere, I am going to shut the door on this one. The simple 50-percent-chance classic true-or-false question will not be found anywhere on a Cisco exam. This is not to say that Cisco doesn’t employ true or false logic on their tests—in fact, you’ll find quite a few questions like this—just that Cisco will test your ability to determine a true or false statement or scenario using a multiple-choice question format. An example would be, “Choose the true (or false) statements from the following.”

xxx

CCENT Cisco Certified Entry Networking Technician Study Guide

Multiple Choice Multiple choice is the primary format for questions in Cisco exams. These questions may be posed in a variety of ways; however, no matter which way the question is presented, one tip will always apply on these questions: ALWAYS read the question very, very carefully. Sometimes you may understand the intent of the question perfectly, and know well what the answer is, only to wind up missing it because of a “technicality.” For example, if the question asks you to choose two answers, choose two ONLY.

Choose the Correct Answer Celebrate every time you receive one of these multiple-choice questions on the exam. This is the classic format, requiring you to choose one correct option from the four or five presented. In addition to the wording “Choose the Correct Answer,” indicating a single response, these single-answer questions will display Windows radio buttons—allowing only a single response to be entered. One final tip: If the question states, “Select the best answer,” it’s also a single-answer multiple-choice question. Choose X Correct Answers This type of multiple-choice question appears differently than the single-choice version listed earlier. On these, the question will ask you to choose X number of options, where X will be a number from 2 to (sometimes) 4. Instead of the radio buttons used before, you’ll find checkboxes used for marking answers. It’s very important to keep in mind that these questions are all-or-nothing: All the correct answers must be selected, otherwise the entire question is marked as incorrect. Additionally, the testing software prevents too many answers from being selected; if the question asks for two responses, you cannot choose three. Choose All that Apply Easily the most difficult, and unfortunately relatively common, multiple-choice question you’ll see on the exam, the choosing-all-thatapply type lets the candidate choose as many, or as few, answers as they wish. Since you don’t know how many answers the exam expects, you are at a distinct disadvantage. It’s important to note on these questions that they, too, are all or nothing enterprises: If too few, or too many, answers are given, you will miss the question.

Freeform Response You should not see any freeform response type questions on the CCENT exam. However, Cisco has surprised us from time to time on other issues, so you should at least know what to expect should they slip one in on you. A freeform response

Introduction

xxxi

question provides no choices (or help) at all. You are simply given a scenario with an empty text box and asked which command to enter. You must then type the command, precisely as it should be, into the freeform textbox provided. Obviously this is challenging and is the reason this type of question usually isn’t found on entry-level certifications. If you see one, however, be sure to type the entire command in—do not use a truncated version that would work just fine on a “real” router.

Exhibits While not actually a test question type in and of themselves, exhibits are a big part of the exam, and you should know about them upfront. You’ll find exhibits used constantly throughout your exam, with several questions sometimes referring to a single exhibit. These diagrams and pictures will normally appear in a separate window, which you can enlarge or minimize as you see fit, using a button on the screen.

Scenarios Scenario questions generally consist of one to two short paragraphs that describe a specific circumstance, network, or event, requiring you to pick the correct choice from a variety of answers. Additionally, you may sometimes find several questions referring to a single scenario (sometimes referred to as a “testlet” question). On any scenario question, pay close attention to the wording of the problem (if troubleshooting) and apply simple logic. Oftentimes, reading the question first, and then returning to the scenario, proves a useful practice in navigating the exam.

Simulations Simulation questions require you to enter a basic configuration on a Cisco switch or router, given a specific set of instructions and settings required. You’ll need to know how to access the device, navigate through the various IOS modes, enter commands, and save configurations. Additionally, sometimes these simulators have existing configurations with built-in errors that require you to troubleshoot and fix the problem. The context-sensitive help functions within the IOS are supposed to be available for you within the simulator, but don’t be surprised if it does not work exactly as you’d see it on a “live” router. For example, the simulator may force you to type certain commands completely, while allowing TAB and auto-complete on others.

xxxii

CCENT Cisco Certified Entry Networking Technician Study Guide

An important note here with this style of question is your ability to manipulate the simulator itself. In other words, knowing what configuration to enter does you no good if you cannot figure out how to enter the commands into the simulator in the first place. Before the exam begins, you will be presented with a screen asking if you’d like to become familiar with the simulator before the exam starts. Do not skip this. It does not affect your time for the exam and ensures you won’t be wasting valuable time during it figuring out how the simulator works. Additionally, for a demonstration of what the simulator is like, you can also visit www.cisco.com and browse to the certification section to find the demo. This example is very similar, but not exactly the same, as the simulator you would see on the real exam.

Studying Techniques When I’m asked, “How do I study for a Cisco exam?”, my first response seems almost out of place: To effectively study for the exam, first schedule the exam. You’re probably thinking that’s lunacy, but trust me, it’s the only way. Once your exam is scheduled, you’ll have a deadline and will be forced into studying for it. I can’t count the number of times I’ve heard students say they were planning on scheduling the exam, “after I’ve had time to study for it,” only to greet me months later with the same excuse. Let me assure you, soon-to-be fellow Cisco networking professional, you’ll never think you’re ready for it without some kind of deadline to push you. Sure, take some time to read this book (and encourage everyone you know to pick up a copy and do the same) and practice on your own, but schedule the exam as soon as you can. After reading through this book, schedule your exam no more than a month out. Spend that time studying, using the tips provided here, then just go knock it out! There are a million study tips out there, and just as many people willing to give them to you. Our suggestions are pretty simple, straightforward, and easy: Make the best use of your time available and practice, practice, practice. Time scheduling, for focused study, is the easy part—30 minutes of focused study time a day should do it. Any more than 30 minutes a day will, most likely, burn you out—any less and you’re just not willing to work for this. Additionally, you’ll be amazed at how easy it is to study during times when you’d least expect it. The principle is known as “stealing time,” and works very simply: While you’re accomplishing one task, make use of the slack time to work on another. For example, create an audio tape (or CD) of yourself asking questions and providing answers. Pop this into your vehicle on the drive to work and voilà, you’ve just added some free study time. Want another example? How about creating a cheat

Introduction

xxxiii

sheet, or a few flash cards, to keep handy in your jacket or wallet? While waiting for your lunch, sitting in the airport, or taking a break from work, bring it out and take a quick peek. There are a thousand ways to do this, but the point is simple: You can find ways to study during your day-to-day activities if you really look for them. Secondly, practice, practice, and practice some more. Experiment with both live equipment (if available) and the simulator provided with this book. Just memorizing facts and commands might, might, be enough to make it through a single exam, but it’s certainly not going to be enough in the real world. Your best bet, on both the exam and your job, is to not only know the “what” but the “how and why.” The best way to do this is to apply what you’ve read in this book on a system. Try commands out. Set up configurations that work, and then break them. Throw in weird configurations a college guy might try on Saturday night after the big game (and a celebratory adult beverage or two). Of course there’s a little humor here, but you get the point: The more you see the configuration, commands, and traffic in use, the better you’ll know how they work and why you need them. One last note on studying deals with the “dark side” of the network certification world. A wide variety of study guides and “braindumps” are available on the Internet. Many of these are legitimate vendors wishing to provide helpful insight on making you a better network professional. Others are charlatans, hoping to take your money at any cost (pardon the pun). Do not rely on a single study guide or braindump downloaded from the Internet. I can promise you, it’s NOT a copy of the Cisco exam and will do more harm than good to your studying. If you do find a practice test or study guide on the Internet, verify the answers through your own research. Simply memorizing test questions, from any resource, will NOT result in a passing score.

Scheduling Your Exam You can schedule any Cisco exam by calling Pearson Vue, or visiting their online registration web site at www.vue.com (if calling outside the United States, go to Vue’s web site to find your local number). Exams can be scheduled up to a year in advance, and can be rescheduled with 24 hours’ notice. If you miss your test date/ time, or fail to provide appropriate notice, you will lose your test fee. Payment for the exam is due upon registration with Vue and is accepted through a variety of means, credit cards being the most convenient. Vue e-mails a receipt and confirmation of your testing date, which typically arrives the same day you schedule the exam. If you need to cancel or reschedule an exam, remember to call at least one day before your exam, otherwise you’ll lose your test fee.

xxxiv

CCENT Cisco Certified Entry Networking Technician Study Guide

If this is the first time you’ve ever attempted a Cisco exam, Vue will provide a unique number for testing with Cisco. Be sure to keep this number handy and use it for every Cisco test for which you register. Additionally, address information provided when you first register is also used by Cisco to ship certificates and other related material, so make sure you get it right! You will also be required to give a valid e-mail address when registering. If you do not have an e-mail address that works, you will not be able to schedule the exam. Once you are registered, you will receive an e-mail notice containing your registration information for your scheduled exam. Examine it closely to make sure it’s correct.

Arriving at the Exam You should always arrive early for your exam, giving yourself time to relax and review last-minute key facts. While waiting for your exam, take the time to review notes, read over the Exam Watch sections of this book, and look over any cheat sheets and practice cards you have handy. Generally speaking, so long as a computer system is available, you can start your test any time before your scheduled test time. So, after your last-minute cram session, when you’re ready, you can begin. Be sure to bring two sets of identification with you to the testing center. Acceptable forms include government-issued IDs (for example, a passport or driver’s license) and credit cards. One form of ID must include a photograph. After the identification, though, you won’t need anything else. In fact, testing centers do not allow you to take anything else with you into the exam area: no books, papers, notepads, PDAs, cell phones, nothing. The test administrator will, however, provide you with a paper and pencil, or a small erasable marker board. These are to let you write notes and perform calculations during the exam. A helpful tip, though, is to hurriedly jot down any last-minute tidbits you looked at just before the exam, as soon as the administrator allows you to write. In other words, you can download everything in your brain directly to the paper or marker board before your exam ever starts. Just remember that’s the only material you’ll have to write on during the test, so leave a little room! You’ll have to return the paper (marker board) to the administrator immediately upon completion of the test. In the exam room, the exam administrator logs you in to your exam, and you have to verify that your name and exam number are correct. If this is the first time you’ve taken a Cisco test, you can select a brief tutorial for the exam software (which we mentioned before, and you should not skip). Additionally, you’ll be asked to take a survey before the exam. This does NOT count against your time, so take advantage of it and write down your notes during this survey.

Introduction

xxxv

Before the test begins, you will be provided with facts about the exam, including the duration, the number of questions, and the score required for passing. Once you click Begin Test, the clock starts ticking. The test will appear full screen, with a single question per screen. Navigation buttons allow you to move forward to the next question but, as discussed earlier, not back. The time countdown will appear in the corner and a variety of buttons may be available depending on the question asked (a “Display Exhibit” button, for example). Periodically check to ensure you’re budgeting your time wisely. Remember, once you pass over a question, it is scored immediately (you cannot return to it). Nevertheless, you don’t want to waste too much time on any one test question. Generally speaking, you’ll receive between 55 and 65 questions and will need to get at least 82–85% of them correct. Cisco does not provide specifics on either the number of questions, or the passing percentile, so you’ll never really know until the exam is finished.

The Grand Finale As soon as your exam is completed, it will be graded automatically. The actual real time that elapses between when you press Score Exam and when the results appear on the screen is just under ten seconds. In your mind, it will most likely seem like an eternity. The result of your exam is displayed showing the minimum passing score, your score, and a PASS/FAIL indicator. With some Cisco tests, the actual score isn’t displayed on the screen, only on the printed version of your test results. If you’re curious, you can review the statistics of your score at this time. Normally, though, candidates are either so elated they can’t sit still or too dejected to bother looking at the screen. Keep in mind, whether you pass or fail, Cisco does not show you the individual questions answered right or wrong. Instead, you’ll get a generic list, showing categories and your results within each one. This is also provided on the report that’s automatically printed at the exam administrator’s desk. Keep your results in a safe place and check back with Cisco’s web site over the next 48 hours to make sure your results are posted. After some time (a week or so), you’ll receive a folder in the mail from Cisco containing your official certificate and other goodies.

Retesting If you don’t pass the exam, don’t worry about it. Certification tests are, by design, very difficult and the vast majority of people who take them fail the first time.

xxxvi

CCENT Cisco Certified Entry Networking Technician Study Guide

Simply jot down those things you remember and go into the next attempt a little more educated on format and content. Additionally, the score report will help guide your study efforts, showing those areas you were weakest in. Cisco makes you wait five business days before you can sign up for another exam. During this time, continue with the study tips from before, but focus on those areas that need the most attention. When you’re ready, contact Vue and schedule another exam. You can track your current certification status by going to www.cisco.com/go/ certifications/login. You’ll need to use your Cisco testing ID number to log in.

Introduction

xxxvii

Study Guide Coverage

Ch#

Describe the purpose and functions of various network devices

Network Essentials Network Devices Switch Fundamentals Routing Fundamentals Wireless Networking

1 2 5 6 11

Select the components required to meet a given network specification

Network Essentials About Cisco Switches Routing Fundamentals

1 9 6

Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network

OSI Reference Model TCP/IP and OSI Reference Model Comparison Network Devices

1

Describe common networking applications, including web applications

Application Layer Functions and Protocols Application Fundamentals

Describe the purpose and basic operation of the protocols in the OSI and TCP models

Application Layer Functions and Protocols Transport Layer Functions and Protocols Internet and Network Access Layer Functions and Protocols

Describe the operation of data networks

2 2 2 12 2 2 2

Describe the impact of applications (Voice over IP and Video over IP) on a network

Application Fundamentals

12

Interpret network diagrams

Network Devices

3

Advanced

Official Objective

Beginner

Exam Readiness Checklist

Intermediate

CCENT 640-822

Official Objective

Study Guide Coverage

Determine the path between two hosts across a network

TCP/IP and OSI Reference Model Comparison Application Layer Functions and Protocols Transport Layer Functions and Protocols Internet and Network Access Layer Functions and Protocols Network Devices

Describe the components required for network and Internet communications

Ch# 2 2 2 2 3

Network Essentials TCP/IP and OSI Reference Model Comparison Network Devices WAN Fundamentals Wireless Networking

1

Identify and correct common network problems at layers 1, 2, 3, and 7 using a layered model approach

OSI Reference Model TCP/IP and OSI Reference Model Comparison Troubleshooting

1

Differentiate between LAN/WAN operation and features

Network Essentials WAN Fundamentals

1 11

2 3 11 11

2 12

Implement a small switched network Physical Media Select the appropriate media, cables, ports, and connectors to connect switches Network Devices to other network devices and hosts Switch Fundamentals

3 3 5

Explain the technology and media access control method for Ethernet technologies

Ethernet Characteristics Ethernet Standards

4 4

Explain network segmentation and basic traffic management concepts

Switch Fundamentals Switch Design Considerations Routing Fundamentals

5 5 6

Explain the operation of Cisco switches and basic switching concepts

Switch Fundamentals Initial Configuration About Cisco Switches

5 9 9

Beginner

Exam Readiness Checklist

Advanced

CCENT Cisco Certified Entry Networking Technician Study Guide

Intermediate

xxxviii

Study Guide Coverage

Ch#

Perform, save, and verify initial switch configuration tasks, including remote access management

The IOS and Configuration Files The CLI Initial Configuration Securing the Configuration

8 8 9 9

Verify network status and switch operation using basic utilities (including ping, traceroute, telnet, SSH, arp, ipconfig), SHOW, and DEBUG commands

The IOS and Configuration Files The CLI Securing the Configuration First Steps Troubleshooting

8 8 9 10 12

Implement and verify basic security for a switch (port security, deactivate ports)

Initial Configuration Securing the Configuration Interface Configuration

9 9 9

Identify, prescribe, and resolve common switched network media issues, configuration issues, autonegotiation, and switch hardware failures

Initial Configuration Securing the Configuration Interface Configuration Troubleshooting

9 9 9 12

Implement an IP addressing scheme and IP services to meet network requirements for a small branch office Describe the need and role of addressing in a network

Routing Fundamentals Introduction to IP Addressing Subnet Tasks Subnet Essentials

6 6 7 7

Create and apply an addressing scheme to a network

Routing Fundamentals Introduction to IP Addressing Subnet Tasks Subnet Essentials

6 6 7 7

Assign and verify valid IP addresses to hosts, servers, and networking devices in a LAN environment

Subnet Essentials Subnet Tasks

7 7

Explain the basic uses and operation of NAT in a small network connecting to one ISP

WAN Fundamentals Routing Configuration

11 10

Advanced

Official Objective

Beginner

Exam Readiness Checklist

xxxix

Intermediate

Introduction

Official Objective

Study Guide Coverage

Ch#

Describe and verify DNS operation

Application Layer Functions and Protocols

2

Describe the operation and benefits of using private and public IP addressing

Introduction to IP Addressing Subnet Essentials

6 7

Enable NAT for a small network with a single ISP connection using SDM and verify operation using CLI and ping

WAN Fundamentals Routing Configuration

11 10

Configure, verify, and troubleshoot DHCP and DNS operation on a router (including CLI/SDM)

WAN Fundamentals Routing Configuration

11 10

Implement static and dynamic addressing services for hosts in a LAN environment

Application Layer Functions and Protocols Introduction to IP Addressing WAN Fundamentals

2 6 11

Identify and correct IP addressing issues

Introduction to IP Addressing Troubleshooting

6 12

Describe basic routing concepts (including packet forwarding and the router lookup process)

Introduction to IP Addressing Routing Fundamentals Routing Configuration Subnet Tasks

6 10 7 7

Describe the operation of Cisco routers (including router bootup process, POST, and router components)

Routing Fundamentals First Steps Configuration Fundamentals Routing Configuration WAN Fundamentals

6 10 10 10 11

Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts

Network Essentials Physical Media Network Devices Configuration Fundamentals Routing Configuration Wireless Networking

1 3 3 10 10 11

Implement a small routed network

Beginner

Exam Readiness Checklist

Advanced

CCENT Cisco Certified Entry Networking Technician Study Guide

Intermediate

xl

Study Guide Coverage

Ch#

Configure, verify, and troubleshoot RIPv2

Routing Configuration

10

Access and utilize the router CLI to set basic parameters

The IOS and Configuration Files First Steps Configuration Fundamentals

8 10 10

Connect, configure, and verify the operation status of a device interface

Routing Configuration Troubleshooting

10 12

Verify device configuration and network connectivity using ping, traceroute, telnet, SSH, or other utilities

The IOS and Configuration Files The CLI Securing the Configuration First Steps Troubleshooting

8 8 9 10 12

Perform and verify routing configuration tasks for a static or default route given specific routing requirements

Routing Fundamentals Configuration Fundamentals Routing Configuration WAN Fundamentals

6 10 10 11

Manage IOS configuration files (including save, edit, upgrade, and restore)

The IOS and Configuration Files The CLI

8 8

Manage Cisco IOS

The IOS and Configuration Files The CLI

8 8

Implement password and physical security The IOS and Configuration Files The CLI Securing the Configuration

8 8 9

Verify network status and router operation The IOS and Configuration Files using basic utilities (including ping, The CLI traceroute, telnet, SSH, arp, ipconfig), Securing the Configuration and the SHOW and DEBUG commands First Steps Troubleshooting

8 8 9 10 12

Explain and select the appropriate administrative tasks required for a WLAN Describe standards associated with wireless media (including IEEE WI-FI Alliance and ITU/FCC)

Ethernet Standards Wireless Networking

4 11

xli

Advanced

Official Objective

Beginner

Exam Readiness Checklist

Intermediate

Introduction

Official Objective

Study Guide Coverage

Ch#

Identify and describe the purpose of the components in a small wireless network (including SSID, BSS, and ESS)

Wireless Networking

11

Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point

Wireless Networking

11

Compare and contrast the wireless security features and capabilities of WPA security (including open, WEP, and WPA-1/2)

Wireless Networking

11

Identify common issues with implementing wireless networks

Wireless Networking

11

Beginner

Exam Readiness Checklist

Identify security threats to a network and describe general methods to mitigate those threats Explain today’s increasing network security threats and the need to implement a comprehensive security policy to mitigate those threats

Network Devices Network Security

3 12

Explain general methods to mitigate common security threats to network devices, hosts, and applications

Network Devices Network Security

3 12

Describe the functions of common security appliances and applications

Network Devices Network Security

3 12

Describe security recommended practices, including initial steps to secure network devices

Network Devices Switch Design Considerations Initial Configuration Securing the Configuration First Steps Configuration Fundamentals Network Security

3 5 9 9 10 10 12

Advanced

CCENT Cisco Certified Entry Networking Technician Study Guide

Intermediate

xlii

Study Guide Coverage

Ch#

Implement and verify WAN links Describe different methods for connecting WAN Fundamentals to a WAN

11

Configure and verify a basic WAN serial connection

10 10 11

Configuration Fundamentals Routing Configuration WAN Fundamentals

xliii

Advanced

Official Objective

Beginner

Exam Readiness Checklist

Intermediate

Introduction

This page intentionally left blank

1 Networking 101

CERTIFICATION OBJECTIVES 1.01

Network Essentials

1.02

The OSI Reference Model

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

2

Chapter 1:

Networking 101

Y

ou cannot begin learning any aspect of technology or industry without first mastering the basics. This chapter covers the building blocks you’ll need to be successful in the rest of your study. The first half explores some basic terminology and definitions, what networks look and act like, and the components that make up the network, while the second half—through an examination of the OSI Reference Model—looks at how data is treated as it moves through your network. A thorough understanding of this chapter should provide a great bedrock upon which to build the rest of your study!

CERTIFICATION OBJECTIVE 1.01

Network Essentials Any text on networking should begin by defining what, exactly, a network is. In its simplest terms, a network is a collection of systems and devices exchanging data over some form of media. The systems provide an interface for users to easily share, store, and access a variety of data, the network devices provide a means to control and regulate the traffic between the systems, while the media provides a pathway for the data to travel across. It sounds simple (and it really is), but it can get complicated in a hurry. Let’s keep it simple and start with the definitions and terminology you’ll need to know.

Network Definitions The world of networking has more than its share of terminology and jargon. In this section, we’ll introduce some terms and concepts you’ll need to be familiar with as you move forward. We’ll cover things in a logical order, hitting terms that range from what makes up a network and how data is transmitted on the wire, to how far the network reaches. When thinking about what components make up a network, most observers pick the obvious—the devices they can see or touch. As you’ll see, there’s more to it than that. A network is first made up of hosts. A host is defined as any device that holds a logical address on your network. Most commonly, this address is an Internet Protocol (IP) address, which we’ll cover later in the book. Hosts can be workstations, servers, printers, connection devices, or routers. Apprentice network technicians generally do a good job keeping track of the computers and printers on the network, but

Network Essentials

3

sometimes forget to include the connection devices and routers in their overall address plan. It’s important to remember that, even though you do not necessarily interact with them daily (as you would a workstation or server), switches and routers need attention, too. The next major term commonly left out in a discussion of networking is the information itself. After all, what would a network be without data to transmit? Information transmitted across a network can include voice, video, or data (text, presentations, pictures, and so on). Each of these requires special attention and functionality to traverse the network correctly. While we cover actual data types and terms later in this chapter, keep in mind that networking isn’t just data anymore. Modern networks are charged with delivering our phone calls and, soon, our television and entertainment options. Data—no matter what its form—is transmitted in the form of bits. A single bit is a 1 or a 0 (based on the binary number system of two digits versus the typically used decimal numbering system based on the digits 0–9). An arrangement of eight bits in a specific order is known as a byte. Bits can also be arranged to signify a hex digit. Hex digits are always four bits in length and are expressed to the human eye as the numerals and alpha characters 0–9 or A–F. Depending on the specific combination of bits, bytes, and hex digits received, a host will respond accordingly. Some bit streams, for example, tell the host, “A message is coming and it is intended for you. Please process the information contained inside.” After the hosts and connection devices are in place, you need something for the data to travel on between them. Transmission media is the physical pathway over which the data travels. A wide variety of media choices are available in networking and can be broken down into two major categories: bound or unbound (cabling or wireless). Akin to the roads on which you drive your car, cabling is the most common media choice, and includes two types: copper (transmitting electrical impulses) and fiber (transmitting data in the form of light impulses). Wireless makes use of radio frequency (RF) waves, microwaves, or infrared beams to send data packets from one host to the next. Our next definition has to do with the rules of the road. Human beings can, oftentimes, make up the rules as they go, while exchanging data. For example, while you may speak perfect fluent English, your client may not. They may speak slower, or broken, English—occasionally misusing a noun or applying the wrong tense of a verb or two. As a human, you can assimilate these changes to the expected spontaneously and apply understanding to the communication. Unfortunately, computer systems do not function this way. Standardized, near ritualistic, activities must be in place or the communications process cannot continue. Protocols provide this for your

4

Chapter 1:

Networking 101

network. A protocol is simply an agreed upon set of rules for a particular network function. For example, you may agree on a specific method of encoding an electrical signal on a wire to signify a 1 or a 0. Timing sequences, the specific arrangement of bits to signify an address, and how a host can tell that the other end is receiving all the data sent are all examples of protocols in use. Protocols in networking are usually combined in one grouping, referred to as a protocol suite or stack. Once you have bits from your hosts ready to travel on the media, you should familiarize yourself with a few more terms. The first is bandwidth. Just as with the roadways you drive on, a given media only has a finite number of lanes the data can travel on. The more lanes you have, the higher the bandwidth available to you. Bandwidth is generally considered to be the total amount of data (in bits) you can theoretically transmit within a given time period (typically one second). Bandwidth is expressed in bits or bytes per second in digital networking. For example, 10 Mbps would be 10 million bits per second (a million bytes per second would appear as 10 MBps). On analog circuits, bandwidth is expressed in cycles per second (Hertz, or Hz), and is usually simply the difference between the top and bottom frequency range available. Another term closely related to bandwidth is throughput. While bandwidth is the theoretical total amount of data a given media can transmit, throughput is the actual measurement of the data that’s able to pass through the media at any given time. Expressed in the same manner as bandwidth, throughput can be thought of as what you are really getting out of your network. In many cases, throughput is the more Pay close attention to the important measurement and can be affected bandwidth and throughput measurements by an increase in network traffic, transmission of network devices and media. errors, interference, network devices, and a host of other variants. Last in our terminology discussion is the method in which hosts can send and receive traffic. In simplex transmission, devices can only send in one direction. In duplex, devices can send in both directions. To further complicate things, duplex has two implementations: half and full. In half duplex, the systems can transmit in either direction, but only one at a time. In full duplex, both systems can transmit in either direction simultaneously. Whenever possible, network design should include as much full duplexing as possible. In many cases, your duplex setting may be more important than your overall bandwidth/speed available. Incorrect duplex settings could affect the perceived throughput of the network connection.

Network Essentials

5

Network Topologies One of the first steps in designing your network is to decide on its topology. A topology is simply the layout of your network hosts and media. The topology can refer to how the network actually looks (the physical topology), as well as how the data travels on your network (referred to as the logical topology).

Physical Topologies The physical topology of the network refers to how the network actually looks from a bird’s-eye view—the physical cabling layout of the network itself. Usually, these are very easy to distinguish from one another. The five different physical topologies are bus, ring, star, mesh, and hybrid. See Figure 1-1 for examples of physical topology appearances. A bus topology consists of all devices connecting to a single wire—a coaxial cable. A physical bus looks like a straight line—a stick—with connections to hosts coming off Be sure you understand in a “T” shape. Physical bus topologies are the appearance, benefits, and drawbacks simple to implement and use the least amount of each physical topology. of cabling of any topology; however, they are

FIGURE 1-1

Physical topologies

Mesh

Star

Ring Bus

6

Chapter 1:

Networking 101

relatively difficult to troubleshoot. A break in the cable in a bus topology brings the entire system down, and breaks are usually very difficult to locate. Additionally, terminators (50-ohm, usually) must be affixed to both ends. A terminator is a resistor attached to each end of a bus topology network to cause the signal to stop rather than reflect back toward the source. A loose or missing terminator will also bring down the entire network. In a ring topology, all devices are connected to each other in the shape of a circle—the first device feeds into the second device, which in turn feeds into the third, and so on and so on until the loop plugs back into the first device. As with bus topology, a break in the cable brings the entire network down. However, cable faults are much easier to find and resolve when compared to bus topology. Another disadvantage of ring topology is that it is difficult to expand. Each device must be reconfigured when you add a new one to the ring. Ring topologies can be either single ring or dual ring. Dual rings provide redundancy in the case of a line break—if a cable breaks on one ring, the devices can use the other to communicate until the fault is repaired. Star physical topology is by far the most common in day-to-day networking. In a star topology, all devices are connected to a single, central device—usually a hub or a switch. The benefits of star are fairly easy to decipher—cable faults only take down the host on that cable (not the entire network), the network is easily expandable, and troubleshooting is very simple. The only drawback is that it uses more cabling than a bus and provides a central point of failure—thus, if the central device fails, the entire network goes down. Star topologies can also include extended star, where the central device extends links to other hubs and switches. Mesh and hybrid topologies are the last two physical topologies. In a mesh topology, every device is directly connected to every other device. Mesh networks have the benefit of complete redundancy—a network break doesn’t affect anything. However, they do use the most cable and have scalability problems. Should you ever have to determine the number of links used in a mesh network, counting them may prove a challenge. The formula for calculating the number of links in a mesh network is N(N–1)/2, where N is the number of hosts. Hybrid topologies are simply any combination of two or more physical topologies. Which would you choose? Most office and home networks are built using star topology. Support is plentiful, media and connection devices are easy to come by, and installation and troubleshooting is a snap. Instances exist, however, where you should choose one of the others, but be prepared to see a lot of star networking.

Network Essentials

7

Logical Topologies The physical layout of the network is only half the picture. The logical topology refers to the path the data actually travels on its way through the network. Regardless of what the network physically appears to be, the pathway of the data itself may be something completely different. The two major logical topologies are bus (broadcast) and token (ring). A bus logical topology broadcasts data to all nodes on the network at the same time. This may seem like a difficult concept to grasp, but consider an analogy. Suppose you are holding a copper wire. Ten other people are holding the same wire with you. You apply voltage to the wire. Who gets shocked? The answer is, of course, everyone. It has nothing to do with the address—you may have been signaling the person at the very end of the cable, but given physics, anyone touching the copper will get shocked. In a bus topology, a system listens for the wire to get “quiet,” then broadcasts its message to the cable. All stations receive it, but only the one it is addressed to can open it. Also known as contention-based networking, bus is the most commonly used logical topology, and bus and star physical topologies make use of this method of communication. While it seems like a free-for-all and there’s no guarantee you’ll get to speak on the network, broadcasting is actually very fast and efficient when properly implemented. A token passing, or ring, topology works in a more organized, almost friendly format. In a token passing logical topology, systems can only transmit information when they hold a special data packet, known as a token. The token is passed from one device to the next, in a prescribed, circular path. Each device receives the token and examines it. If it holds a message for the device, it will open and process it. If it doesn’t, it will pass it on to the next device in the ring. If the token is empty and the device has something to transmit, it will place its message in the token and send it along the pathway. If the token is already in use, the device will have to wait for a free token to come along before transmitting. While this seems orderly and less contentious than bus topology, token passing is actually much slower and not used nearly as often. Also known as deterministic based networking, token passing can be used by bus, star, and ring physical topologies.

Pay attention to the wording of questions regarding the logical topology. Many times a physical star topology can still pass data from one

machine to the next, making it a logical ring. In the event that a star topology acts as a ring, the central device is called a Multi Station Access Unit (MSAU).

8

Chapter 1:

Networking 101

Network Categories Defining a network category usually revolves around two things: the geographical area covered and who owns the lines. Networks are typically of two types: LANs and WANs. Additionally, the implementation and functions of these networks also include several other terms, such as SOHO, branch office, and central office.

LANs A LAN (local area network) can be defined as a network that serves users within a small geographic footprint. Usually LANs are confined to a single room, floor, or building, although they can cover as much as an entire campus. LANs are generally created to fulfill basic networking needs, such as file and printer sharing, file transfers, or gaming. The key to defining a LAN usually comes with examining the administrative control boundary—if you own all the devices and cabling within it, and it is confined to a manageably small geographic area, it’s a LAN. LANs are generally high speed in nature and contain workstations, servers, printers, hubs, and switches. Depending on their use within the network, devices such as firewalls, gateways, proxies, and routers can also be considered part of a LAN. Lastly, one of the primary defining characteristics of a LAN is its physical data transmission technology. By far, Ethernet is the most common LAN technology, but there are many others, including Token Ring and ATM. LAN traffic is generally considered inside traffic, whereas WAN traffic is considered outside. Another term tossed about in networking is the Metropolitan Area Network (MAN). MANs are usually larger than LANs—spanning a city, for instance— but are not as large as a WAN. In most instances, the term MAN and WAN can be used interchangeably on a given network.

WANs A WAN (wide area network) is nothing more than the network connecting a collection of LANs across a wide geographic area—perhaps a state, nation, or even the whole world! Aside from the distance variable, another defining characteristic of WANs is the concept of a leased line. Most companies and individuals do not have the time or resources to install physical cabling across great distances to hook their networks together. Therefore, they simply lease bandwidth from a provider

Network Essentials

9

who already has those lines in place. WAN technologies include everything from dial-up networking with a modem to leased dedicated bandwidth space on frame relay networks. WAN technologies fall into three major categories: circuit switched, packet (or cell) switched, and dedicated connections (point to point). Circuit switched WAN connections work much like your telephone at home. When you wish to transmit, you make a call and the line is in use until you are finished transmitting. No one else can use the line, and it remains open, even when you’re not talking. WAN technologies using circuit switching include regular dial-up with a modem, using the plain old telephone system (POTS), or Integrated Services Digital Networking (ISDN), using specialized equipment to send digital messages over special phone lines. The advantages of circuit switched technologies include cost (cheaper, generally), scalability (easy to install and expand), and availability. Packet or cell switching technologies work a little differently than circuit switching. In a packet switched network, the point-to-point circuits between devices are opened for the length of time it takes to send a message, and are then cleared for use. Cell switching works in much the same way. The only difference has to do with the length of the individual packet sent. In cell switching, the cell size is always the same, whereas with packet switching, the sizes of individual packets vary. Packet switching allows multiple connections from one device, but is generally much more expensive than circuit switching. Packet/cell switched technologies are also harder to implement and may not be available in all locations. However, for larger companies or for companies requiring Quality of Service (QoS) features for specialized programs, these technologies are well worth the investment. Point-to-Point, or dedicated, WAN connections are exactly what they sound like—a leased line that directly connects one network to another. The advantage is that the connection is always up and available, and you are guaranteed 100 percent of the bandwidth available 100 percent of the time. The drawback is closely related—whether you use the bandwidth or not, you pay for it. Generally speaking, these connections are rather expensive to implement. Examples of dedicated connection include the “T” lines, such as T1 (1.544 Mbps), T2 (6.312 Mbps), and T3 (44.736 Mbps). Obviously, only one connection device per line is allowed on each end, so scalability with this option is also a concern. For example, suppose a network had one central office and five branch offices. To connect these together using T lines, the route at the central facility would need at least six ports available—one to serve the central office, and five for each branch office. Going a step further, if you decided to fully mesh this network, each router at each location would also need six ports available. In comparison with frame relay, each office router would only need one port, making scalability much easier.

10

Chapter 1:

Networking 101

Due to cost and ease of scalability, most enterprise networks make use of packet switched technologies, such as frame relay or ATM.

Location Terminology Within the LAN/WAN architecture, your business will have several offices and networks functioning toward your end goal. Each of these locations refers to a specific user, or groups of users, within your network, as well as to the location at which you would find them. A small office/home office (SOHO) is fairly self-explanatory. The SOHO refers to a single user, or a small group of people (one to ten), working from a single location, such as a home or office space. This location usually doesn’t require a dedicated connection to a corporate network, as SOHOs are generally considered to be independent businesses on their own. Typically, network connectivity for the SOHO requires lower bandwidth and, therefore, cheaper options are considered. The branch office is very close in definition to a SOHO, with one major difference. The branch office, oftentimes, supports a small group of people, just as the SOHO does. However, the branch office has its own LAN and is considered a part of the overall corporation or enterprise. Branch offices are, simply, portions of the enterprise that happen to be in different geographical locations than the corporate headquarters. Network connections to branch offices vary greatly depending on the bandwidth and traffic support needs, and can include any of the WAN technologies discussed earlier. Finally, the last “location” to worry about is the mobile user. A mobile user is part of the corporation, but is not located at a branch office. These users may be salespeople, technicians, managers, or any member of the company that is traveling on business. Oftentimes, these users, while not at a location that belongs to the company, need to connect back to the central office for any number of tasks. Connections for mobile users must be guarded very carefully, and strong caution is advised in setting up a method for remote access. Be sure to pay particular Generally speaking, mobile users connect via attention to the network connection dial-in or by using the existing public Internet, via technologies needed by each location. some form of a virtual private network (VPN).

The OSI Reference Model

11

CERTIFICATION OBJECTIVE 1.02

The OSI Reference Model Thankfully, standards exist for almost everything in day-to-day life. Imagine, for example, how difficult it would be to replace a missing bolt on your vehicle if the sizes weren’t standardized, or attempting to fix a plumbing problem in your home if every house used different-sized pipes. ISO, the International Organization for Standardization, has created standards for almost everything you can imagine—film, pipe and screw threads, even the size of holes for a paper punch are all covered by an ISO standard. In addition to the multitude of day-to-day life standards, ISO is also responsible for giving us the OSI Reference Model.

Functions and Advantages A common question asked by new networkers is, “What, exactly, does the OSI Reference Model do?” The answer may be a little surprising. Technically, the OSI Reference Model does…nothing. You do not buy a box of it, you don’t install it, and you don’t configure it on devices. The main purpose of the OSI Reference Model is to provide a means for us to break down the communications process between two computers into stages, and easily discuss and describe the steps within each stage. While imperfect, the model provides a good method of breaking down the communication process in an organized manner for discussion, troubleshooting, and training. One word bandied about quite a bit in regards to the OSI model is encapsulation. Encapsulation is the process of adding a header and a trailer to a piece of data. While each stage of communication (layer of the model) adds a header to the data, only one layer always adds a trailer. Some texts define encapsulation as occurring in all layers of the model; however, it technically only occurs at one—the Data Link layer. When ISO developed the OSI Reference Model, every effort was made to distinctly separate logical functions from one layer to the next. This design concept greatly enhances vendor efficiency in creating new network devices, protocols, and services. For example, a vendor can choose to work in one layer and modify/enhance

12

Chapter 1:

Networking 101

their product without adversely affecting the functions of the other layers. The OSI Reference Model provides several benefits: ■ It simplifies training and learning. ■ It reduces complexity in product and services design. ■ It provides for vendor interoperability. ■ It allows for modular construction.

The Layers The OSI Reference Model splits the communications process into seven distinct You should be able to modular layers, with each layer accomplishing explain the benefits of the OSI Reference a specific function independently of all other Model, as well as layered protocol stacks. layers. The layers do rely on layers above and below to provide something to work with, but they don’t necessarily care what they receive to work with. For example, as you’ll see, the network layer doesn’t really care which segment number it is addressing and routing—it simply knows it has a segment to send. Each layer is discussed in further detail next. The individual protocols mentioned will be discussed in greater detail in Chapter 2. Figure 1-2 displays the seven layers. FIGURE 1-2

The OSI Reference Model layers

Application layer (7)

Presentation layer (6)

Session layer (5)

Transport layer (4)

Network layer (3)

Data Link layer (2)

Physical layer (1)

The OSI Reference Model

13

Because the OSI model acts as a foundation for the rest of networking, it’s very important that you thoroughly understand the stack. It is essential you be able to identify: ■ The order of the layers, from top to bottom, and bottom to top ■ The number that corresponds to each layer ■ The function(s) of each layer ■ The protocols and devices that work at each layer

Memorizing the layers and their numbers is actually fairly easy using a mnemonic. Keeping in mind that the “top” of the stack is layer 7—Application—simply take the first letter of each layer and create a phrase to help remember their place in the stack. Common examples are, “Please Do Not Throw Sausage Pizza Away” and “All People Seem To Need Data Processing.” There are, literally, hundreds of different mnemonics new network technicians use to help remember the layers. Find one that works for you and stick Memorize the information with it! In the remainder of this section, we’ll in Table 1-1. Questions may or may not examine each layer in more detail. Refer to be explicit, but you will need to know this Table 1-1, OSI Protocols and Devices, as you information to correctly determine the read more information about the devices and question’s intent. protocols working at each layer.

TABLE 1-1

OSI Protocols and Devices

Protocols/Standards Working in the Layer

Layer

Devices Found in the Layer

Application

Firewall, Gateway, and IDS

SMTP, POP3, DNS, DHCP, FTP, HTTP, TFTP, SNMP, VoIP

Presentation

N/A

JPG, JPEG, TIFF, PNG, GIF, MIME

Session

N/A

NFS, ASP, SQL, RPC

Transport

Firewall

TCP, UDP, SPX

Network

Router

IP, IPX, Appletalk

Data Link

Bridge, Switch

Ethernet, PPP, HDLC, Frame Relay, ATM

Physical

Transceiver, Repeater, Hub

RJ45, ST/SC, V series (modem standards)

14

Chapter 1:

Networking 101

The Data Layers (Application, Presentation, and Session) It might help you to understand the functions of the seven layers of the OSI model if you think of them in terms of data layers and delivery layers. The data layers would be the top three layers of the model. At the top of the stack, we find layer 7—the Application layer. A common mistake made by new network technicians regarding the Application layer is the belief that the applications themselves reside here. This is not accurate. The Application layer holds the protocols that allow programs to access and make use of a network. For example, Microsoft Outlook—a common e-mail program—can work just fine without a network. You can open, edit, create, and delete e-mails offline just as well as you can online. However, if you wish to use the network to send and receive e-mail, you need an Application layer protocol to do this. In this example, the Application layer protocol would be SMTP. Continuing the e-mail analogy, imagine you are sending an e-mail from a Microsoft Outlook application to a computer running the Thunderbird e-mail application. You may have bold, italics, and any number of font settings within your e-mail. Additionally, you may attach a picture file (jpg) for the recipient to enjoy. Thunderbird might treat bold, italics, and font settings differently than does Outlook, and SMTP is only capable of sending ASCII code (a combination of bits representing an alphanumeric character, commonly referred to as, simply, text). Enter layer 6—the Presentation layer. The Presentation layer is responsible for formatting and code conversion between systems. This layer accepts the data from the Application layer and ensures it is placed in a format the end station can understand. In this case, the e-mail is in text mode, and another protocol, like MIME, translates the jpg into ASCII for transit. Once received at the far end, the recipient’s Presentation layer will perform the reverse, handing the data back to the Application layer protocol. Encryption is another function of the Presentation layer. While the Presentation layer has historically been responsible for encryption, modern systems make use of encryption at other layers—particularly layers 3 and 4. Layer 5—the Session layer—is perhaps the most enigmatic and troublesome of the entire stack. This layer doesn’t necessarily do anything to the data at all. Instead, its function is to work in the background, ensuring the communications process between two systems runs smoothly. The standard definition applied to the Session layer is that it creates, maintains, and tears down sessions. To correctly understand this, consider an analogy.

The OSI Reference Model

15

A person and their significant other are driving down the road, discussing the day’s events. While one partner is talking, the other begins to daydream a little. After a few seconds, the one talking says, “Are you listening to me?” BAM!—communications are reestablished and data flow is stabilized. Notice the communications process never actually stopped, it just needed a little “massaging” to continue properly. That is exactly what the Session layer does for us. In addition to changing the world and simplifying our lives, computers are, at heart, insecure little beings and need constant reassurance that the other end is still listening and still playing by the rules. The Session layer takes care of this throughout the communication process. An example of Session layer protocols would be an SQL session or an RPC session between two servers.

Certain things are just a given—the sun will set in the West, fried food is always better in the South, and RPC

will be used as an example for a Session layer protocol on exams.

The Delivery Layers Until this point in the process, we still have one giant block of data handed down from the Application and Presentation layers. In keeping with the old truism, “It’s easier to pour pebbles down a pipe than boulders,” it makes sense that this data could be sent faster if we were to break it up into smaller, more manageable segments. In doing this, each segment could be delivered very quickly, but we’d have to take steps to make sure the recipient could reassemble all the segments in the proper order. Enter layer 4: the Transport layer. The Transport layer’s main job is to efficiently and reliably transport the data from the sender to the recipient. It does this via three main functions: segmentation, the reliable delivery of data, and flow control. Transport layer functions are relatively easy to understand. Segmentation is simply taking a small piece of the bits making up the data as a whole. A small header is put in front of these bits. Inside the header is all sorts of information, including: ■ A sequence numbering system (one of X, two of X, and so on) to mark each

segment and provide a means to put them back together on the recipient end ■ A method to let the recipient know which application needs to look at the

bits in the data field

16

Chapter 1:

Networking 101

■ A method to ensure segments can be delivered as quickly as possible without

overwhelming the recipient ■ A means to ensure that the recipient actually received each segment

As you can see, the information in the header is used by both parties to ensure all the segments get there in the order they were sent (reliability) and the recipient is processing data as quickly as possible without being swamped (flow control). The segments are then passed down to layer 3. The Network layer—layer 3—then answers a question that, so far, has not been answered: “Just where is the segment going?” The Network layer is responsible for logical addressing and routing. Receiving a segment from the Transport layer, the Network layer adds a header that includes a source and destination logical (network) address. This address is read by layer-3 devices (routers) and best path determinations are made to deliver the segment to its final destination. At this point, your system has a packet ready to deliver, but still needs a couple of questions answered. Specifically, how do I get on the media and which device inside my network will deliver this to its destination? Enter the Data Link layer. The Data Link layer is responsible for media access, physical addressing, and framing. Media access refers to the method in which your system accesses the media—it either transmits when quiet, or waits for a token. Layer 2 takes the packet and attaches a header and a trailer. The header contains the source and destination physical addresses needed to move the data inside your network segment. The trailer contains something called an FCS—Frame Check Sequence. The FCS is used by layer-2 devices to ensure that the bits inside the frame are in good order. This process is called framing, and is also referred to as encapsulation. Each layer-2 technology has a different method of framing, which will be discussed in greater detail later in this book. Lastly, the frame is passed to layer 1—the Physical layer. At this layer, everything is simply bits. There are no addresses, no routing decisions, and no sense of which application is sending or receiving—if you receive an electrical shock, you give one. The Physical layer is responsible for encoding bits onto a media. Encoding is the process of manipulating an electrical (or light) signal to represent a 1 or a 0. Standards in the Physical layer vary greatly, and apply to such things as the way connectors are affixed to different cable types, or the impedance allowed on a given copper cable. As the bits hit the wire, they are passed up the stack on devices receiving them. The process is reversed on the recipient end, with each layer removing the header from the layer below it to examine the information in its own header. With this information, the recipient can make decisions to continue to pass it up the stack,

The OSI Reference Model

17

or dump it. When you consider that this process occurs for each segment of data traveling back and forth between our systems, it really puts into perspective a few second’s wait for a web page to load. The distinction between data and delivery, and the categorizing of the layers within them, can greatly help with troubleshooting and network design.The top three layers are generally application-oriented, and spend their time on the data itself.The bottom four layers are concerned with delivering that data to a recipient.

Network Components A thorough understanding of networking components, as well as their functions and placement, is essential to your success both as a networking technician, and as a potential candidate for certification. In this section, we will briefly cover some of the more common network components, and discuss several features, functions, and concerns with each. These devices will, quite obviously, be discussed at greater length throughout the rest of this text, and terminology like collision domain and broadcast domain will also be covered in greater detail. Additionally, the devices are discussed and listed within the layer where they work.

Physical Layer Devices Physical layer devices do nothing more than physically connect wiring together to complete a path, or change the connection from one type to another. Examples of physical layer devices include transceivers, repeaters, and hubs. Transceivers connect one media type to another, such as a fiber connection to a copper one. Repeaters are used to extend the range of a given media—whatever they take in one port, they regenerate and repeat out the other. Hubs are nothing more than multiport repeaters. Comparatively, where a repeater takes bits in one port to relay to another, hubs have several ports they accept and relay bits on. Simply speaking, these devices are “dumb” and neither read nor understand data. Physical layer devices will pass on an electric shock, or light signal, exactly as they received it, making no decisions on its path whatsoever. These devices are used to extend the reach of network segments and, in the case of a hub, to share a single media segment between several systems. In other words, if a single network segment is capable of a 10 Mbps transmission, and you connect ten users to it using a hub, each user has an effective bandwidth of 1 Mbps. Physical layer devices extend collision domains, increase network traffic problems, and decrease (effective) available bandwidth.

18

Chapter 1:

Networking 101

Data Link Layer Devices Data Link layer devices actually read your internal physical network addresses and make decisions on forwarding or filtering traffic. The addressing used inside your network segment is akin to the street address on the front of a letter addressed to you—it makes sense to your local postal carrier, but wouldn’t mean a thing to someone in a different city or state. These devices have the processing power to read these addresses and make decisions on which port(s) to send the data through. Layer-2 devices include bridges and switches. Switches and bridges split (or segment) collision domains, decrease network traffic problems, and increase effective available bandwidth to hosts. However, keep in mind they are incapable of moving traffic outside your LAN.

Network Layer Devices Network layer devices play a unique role in your network design. These devices read the logical network addresses on your data and make decisions about which route to send the data. This sounds very much like the switches and bridges discussed earlier, but keep in mind the layer-3 device not only knows which port to send the data out, but also the best route through outside networks to its final destination. Continuing the analogy from earlier, if the street address on your letter is akin to the physical address of your hosts, the logical address used by layer-3 devices is equivalent to the ZIP code. When you place a letter in your mailbox, the local carrier doesn’t look at the street address, they look at the ZIP code and make a determination about which post office should see the letter next. This process continues until the letter reaches a post office that does recognize the street address. Routers (and sometime firewalls) are layer-3 devices, and not only split collision domains, but also broadcast domains. Routers are placed on the borders of your networks and subnets, for obvious reasons.

Other Devices Networks can also include a variety of other devices, such as firewalls, gateways, and proxies. A firewall is a device that typically works at layers 3 and 4, and is used to filter network traffic based upon rules the administrator configures on the device. Generally placed between your network and the Internet, firewalls work on an implicit deny principle—if you do not explicitly allow the traffic, it is blocked. Gateways work at all layers and are generally used to connect networks and applications of different types together. A proxy is a system that provides a specific service to a host. For example, a web proxy will make requests to the Internet for web content on behalf of a host. This increases security and performance since web

The OSI Reference Model

19

traffic coming from your network appears from only one system, and hosts can access cached pages on the proxy instead of going out to find them. Generally speaking, these devices are usually placed between your network and the Internet in a special network called a DMZ.

While you may not see definition type questions regarding these devices, it’s extremely important to know

the basics of their function and placement within your network.

Protocol Data Units As important as it is for you to know the OSI model’s protocol and devices, it may be even more important to know the encapsulation steps as the data moves through systems. As the process in data exchange moves from one layer to the next, the information is given a specific name. The protocol data unit (PDU) is the name given to the bits at a given layer. As you remember from the earlier discussion, each layer adds a header to the information given to it from the layer above. The combination of that header and the information passed along from the preceding layer is known as a protocol data unit. PDUs can be referenced by a specific name, or by their layer. For example, the terms packet and layer-3 PDU mean the same thing. The PDUs are listed in Table 1-2.

TABLE 1-2

Protocol Data Units

Layer

PDU

Bits Added

Application

Data

Header

Presentation

Data

Header

Session

Data

Depending on the protocol, either none or a header

Transport

Segment

Header

Network

Packet

Header

Data Link

Frame

Header and trailer

Physical

Bits

N/A

20

Chapter 1:

Networking 101

The process of headers and/or trailers being affixed to data as it moves through the stack is referred to as encapsulation. It is vital to your success on the exam and as a network technician to know and understand these PDUs. Much like with the OSI model, a mnemonic can help you. An old mnemonic from the military is “Do Sergeants Pay For Beer?” Again, any mnemonic that helps you remember the terms will suffice. The Sergeants line is only one suggestion. Lastly, two additional terms need to be discussed here: adjacent layer interaction and same layer interaction. When the transport layer passes a segment on to the network layer for addressing and routing, that function is known as adjacent layer interaction. Quite simply, a layer interacts with a layer directly above or below it. Same layer interaction, ironically enough, occurs when two different computers interact using the same layer within their respective stacks. For example, the Transport layer on a recipient computer communicates with the Transport layer of the sending computer during the transmission process, to take care of retransmission requests, flow control, and acknowledgments. Despite the fact the layers are on different computers, this process is considered same layer interaction. Figure 1-3 demonstrates same layer and adjacent layer interactions.

Be very, very careful with the term encapsulation. Encapsulation is considered a layer-2 function because that is the only layer guaranteed to wrap the data with a header and a trailer. However,

FIGURE 1-3

Layer interaction

the term is also used to refer to the process at each layer, regardless of a trailer being affixed. Pay attention to the wording of the question to avoid misunderstandings here.

Computer A

Computer B

Application layer (7)

Application layer (7)

Presentation layer (6)

Presentation layer (6)

Session layer (5)

Session layer (5)

Transport layer (4)

Transport layer (4)

Network layer (3)

Network layer (3)

Data Link layer (2)

Data Link layer (2)

Physical layer (1)

Physical layer (1)

Certification Summary

21

INSIDE THE EXAM Network Essentials This chapter covered many of the bare-bones basics of networking, but don’t be surprised to see several questions on the exam concerning this material. Questions from the chapter may not be explicit—requiring a word-forword definition or a matching scheme—but the information in this chapter will help you answer questions you otherwise may have problems with. For example, a confusing scenario question may pop up, and the only real clue you can glean from it in the short time you have is the key word Frame. Well, framing is a layer-2 function, and the devices you’d need to look at are bridges or switches. Using this tip and the information in this chapter, combined with the explanations found throughout this book, will be the key to your success. Remember, networks require hosts, media, connection devices, data, and applications. The way the cabling appears from a bird’s-eye view is referred to as the physical topology, whereas the logical topology refers to the actual path the data uses to flow through the cabling. The devices making up a network range from Physical-layer dumb devices, all the way up to Application layer components, capable of making all sorts of decisions based

on the bit stream read. Network categories and locations deal mainly with the geographic footprint and the users on the network. Pay particular attention to the devices that actually read addresses and make filtering or forwarding decisions.

The OSI Reference Model The OSI Reference Model does a good job of breaking down the communication process into easily understood, manageable layers. Each layer has specific functions, devices, and protocols. The bits at each layer are known as PDUs, and each PDU has a specific name. Layers 2 through 4 will be tested most heavily on the exam, so pay close attention to the wording of the questions on the exam. Look for key words to help with each question: encoding is at the Physical layer, framing and error checking are at the Data Link layer, routing is at the Network layer, reliability and error correction are at the Transport layer, and encryption and formatting are at the Presentation layer. Lastly, be sure you can identify each layer by name and number, as well as which devices, protocols, and functions occur at each.

CERTIFICATION SUMMARY This chapter focused on two main topics: network terminology and the OSI Reference Model. Network terminology includes terms about what makes up a network (hosts, protocols, and media), how data is transmitted on the wire

22

Chapter 1:

Networking 101

(bandwidth, throughput, simplex, and duplex), and various network categories and locations (LANs, WANs, SOHOs, and branch offices). Network topologies include physical (bus, ring, star, and mesh), which describes how the cables physically appear, and logical (broadcast, or bus, and token passing, or ring), which describes how data actually flows through the media. Network categories (LANs and WANs) describe the geographical distance covered and the administrative control of a network. Network locations (SOHO, branch office, and mobile user) describe various users and functions in specific locations and circumstances. The OSI Reference Model provides an easily understood, modular description of data as it flows between two systems. The model splits the communications process into seven distinct layers, numbered seven to one, from top to bottom. Starting at the top, the layers include Application, Presentation, Session, Transport, Network, Data Link, and Physical. Each layer performs a specific function and relies on the layer above and below it to provide and/or take information. The information at each level has a specific name and is known as the PDU for that given layer.

Two-Minute Drill

✓

23

TWO-MINUTE DRILL Network Essentials ❑ Networks consist of specific devices exchanging data over a given media us-

ing a specific set of protocols. Transmission can be in one direction (simplex) or in both directions (duplex). Network topologies describe how the network physically appears and how the data moves within the network. The physical and logical topologies are independent of each other. ❑ Each network component provides a specific function and works at a specific

layer within a network model. Physical layer devices do not read addresses at all, Data Link layer devices read physical addresses, and Network layer devices read logical addresses. ❑ Network categories include LANs and WANs, with the overall geographic

distance covered and services rendered determining the classification. Users work in a SOHO (a stand-alone small office), a branch office (an offsite LAN that is part of the overall enterprise WAN), or connect to a corporate network using mobile technology or VPNs.

The OSI Reference Model ❑ The OSI simplifies training and education on networking concepts and stan-

dards. Its modular design contributes to easier development and maintenance from multiple vendors. ❑ The OSI layers are Application, Presentation, Session, Transport, Network,

Data Link, and Physical. The Application layer allows programs to access a network. The Presentation layer formats (and encrypts, if needed) data for transmittal. The Session layer opens, maintains, and closes a session. The Transport layer segments data and provides for reliable end-to-end delivery. The Network layer logically addresses packets and makes routing decisions. The Data Link layer assigns physical addresses, performs media access functions, and conducts framing (aka, encapsulation). The Physical layer encodes bits onto the wire. ❑ The bits making up the data payload and the header (and trailer for layer 2)

at each layer is known as a PDU. The PDU at each layer has a specific name. The PDU at the Application, Presentation, and Session layers is known as

24

Chapter 1:

Networking 101

data. At the Transport layer, the PDU is called a segment. The Network layer PDU is called a packet. At the Data Link layer, the PDU is known as a frame, and the PDU at the Physical layer is referred to simply as bits. ❑ In adjacent layer interaction, layers receive a PDU from a layer above or be-

low it to perform a function on. In same layer interaction, the same layers on two different machines communicate with each other to accomplish a task.

Self Test

25

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Network Essentials 1. Which of the following defines a host? A. Any device with a connection to a network B. Any device on wireless C. Any device processing data D. Any device with an address on a network 2. Which of the following is/are true regarding hex digits? (Choose all that apply.) A. Hex digits are made of four bits. B. Hex digits are made of four bytes. C. Hex can be expressed as 0–9 and A–G. D. Hex can be expressed as 0–9 and A–F. 3. Which physical topology has all systems connecting to a central connection device? A. Bus B. Ring C. Star D. Mesh 4. A new network trainee presents her network diagram, which shows all systems connecting to a hub. She also tells you messages flow from one system to the next in line, until the message reaches the intended recipient. Which physical and logical topologies are in use? A. Physical Bus, Logical Ring B. Physical Star, Logical Ring C. Physical Ring, Logical Bus D. Physical Ring, Logical Ring 5. Which addresses do physical layer devices—such as repeaters and hubs—examine in order to make forwarding decisions? A. Physical B. Logical

26

Chapter 1:

Networking 101

C. Host D. None of the above 6. Which of the following WAN technologies is considered packet switched? A. Frame relay B. T1 lines C. Dial-up D. DSL

The OSI Reference Model 7. Which OSI layer is concerned with reliable end-to-end delivery of data? A. Application B. Transport C. Network D. Data Link 8. At what layer of the OSI model would you find framing? A. Transport B. Network C. Data Link D. Physical 9. Logical addressing is found in the ________________ layer, while physical addressing is found in the ________________ layer. A. Physical, Network B. Network, Physical C. Data Link, Network D. Network, Data Link 10. The OSI Reference Model layers, in order from top to bottom, are: A. Application, Physical, Session, Transport, Network, Data Link, Presentation B. Application, Presentation, Network, Session, Transport, Data Link, Physical C. Physical, Data Link, Network, Transport, Session, Presentation, Application D. Application, Presentation, Session, Transport, Network, Data Link, Physical

Self Test

27

11. What is the PDU at layer 4 called? A. Data B. Segment C. Packet D. Frame E. Bit 12. What is the PDU at layer 3 called? A. Data B. Segment C. Packet D. Frame E. Bit 13. The Transport layer on the recipient machine requests a retransmission of a segment from the sending machine. This is an example of: A. Same layer interaction B. Adjacent layer interaction C. Cross layer interaction D. Split layer interaction

28

Chapter 1:

Networking 101

SELF TEST ANSWERS Network Essentials ✓ D. Any device with an address on a network (this will normally be an IP address). 1. ® ® ˚ A is incorrect because not every device touching the network has an address. B is incorrect because the media (wireless or wire) has nothing to do with it. C is incorrect because a computer (or any device) can process data without being connected to the network. ✓ A and D. Hex digits are four bits in length and can be manipulated to display the 2. ® alphanumeric characters 0–9, A–F. ® ˚ B. Hex digits are made of four bits, not four bytes. C. Hex digits can only represent characters up to F. ✓ C. A star topology connects all devices to a central point. 3. ® ® ˚ A. All devices are connected to a single wire. B connects all devices in a circle, with one device connected directly to the next. D has all devices connected directly to all other devices. ✓ B. The network diagram displays a physical star, and the description of the data pathway is 4. ® a logical ring. ® ˚ A, C, and D. The diagram is a physical star. ✓ D. Physical layer devices do not see addresses at all; they simply forward bits. 5. ® ® ˚ A. Physical addresses are used by layer-2 devices, such as switches and bridges. B. Logical addresses are used by layer-3 devices, such as routers. C “Host” is a synonym for logical addresses. ✓ A. Frame relay is a packet switched WAN technology. 6. ® ® ˚ B. T1 lines are examples of dedicated connection WAN technology. C. Dial-up is an example of point-to-point WAN connectivity. D. DSL is not a packet switched technology.

The OSI Reference Model ✓ B. The Transport layer is responsible for segmentation, flow control, and reliable end-to7. ® end data delivery. ® ˚ A. The Application layer allows programs to access a network. C. The Network layer is responsible for logical addressing and routing. D. The Data Link layer is responsible for encapsulation, framing, media access, and physical addressing. ✓ C. The Data Link layer is responsible for encapsulation, framing, media access, and physical 8. ® addressing. ® ˚ A. The Transport layer is responsible for segmentation, flow control, and reliable end-toend data delivery. B. The Network layer is responsible for logical addressing and routing. D. The Physical layer is responsible for encoding bits onto the media.

Self Test Answers

29

✓ D. The Network layer is responsible for logical addressing and routing, while the Data Link 9. ® layer is responsible for physical addressing and media access. ® ˚ A, B, and C are out of order. ✓ D. From layer 7 to layer 1, the order is Application, Presentation, Session, Transport, 10. ® Network, Data Link, and Physical. ® ˚ A, B, and C do not have the order correct. ✓ B. The layer-4 PDU is called a segment. 11. ® ® ˚ A. Data is the PDU for the top three layers. C. Packet is the PDU at the Network layer. D. Frame is the PDU for the Data Link layer. E. Bit is the PDU at the Physical layer. ✓ C. Packet is the PDU at the Network layer. 12. ® ® ˚ A. Data is the PDU for the top three layers. B. The layer-4 PDU is called a segment. D. Frame is the PDU for the Data Link layer. E. Bit is the PDU for the Physical layer. ✓ A. A layer on one machine communicating directly with the same layer on a distant 13. ® machine is known as same layer interaction. ® ˚ B. This interaction type involves a layer interacting with a layer directly above or below it in the same stack. C and D do not exist.

This page intentionally left blank

2 TCP/IP

CERTIFICATION OBJECTIVES 2.01

TCP/IP and OSI Reference Model Comparison

2.04

2.02

Application Layer Functions and Protocols

✓

2.03

Transport Layer Functions and Protocols

Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Internet and Network Access Layer Functions and Protocols Two-Minute Drill Self Test

32

Chapter 2:

TCP/IP

T

he OSI Reference Model and the TCP/IP stack are foundational topics covered in almost every text on networking ever written. The OSI model gives us a great overall picture of data networking, while the TCP/IP stack shows the actual protocols and functions working together to accomplish the task. This chapter is dedicated to examining the layers, functions, and protocols found within the TCP/IP protocol stack. The first part of this chapter compares the TCP/IP suite to the OSI Reference Model. The second, third, and fourth sections cover individual layers, and the functions and working protocols you would find in each. As with Chapter 1, this information helps complete a solid foundation of networking knowledge.

CERTIFICATION OBJECTIVE 2.01

TCP/IP and OSI Reference Model Comparison If you’ll remember from Chapter 1, each layer of the OSI model has a particular function or task to accomplish. The TCP/IP stack works in much the same way, with a few key differences. While the OSI Reference Model provides a great means for discussing data operations between two systems, it is not a viable, working protocol stack. TCP/IP has become the de facto protocol standard for networking and, like most operating protocol stacks, TCP/IP does conform to the same networking processes proposed by the OSI Reference Model.

TCP/IP History In the late 1970s, and on through the early 1980s, ISO began work on the OSI model in an effort to standardize the burgeoning network protocol field. Work on the OSI model continued and, modeled after the System Network Architecture (SNA) model promoted by IBM, it caught hold in educational and training institutions, but never really caught on as a working suite. Along the same timeline, a small, almost ignored Department of Defense initiative was working on a set of networking rules and functions that would wind up changing the world. The Advanced Research Projects Agency Network (ARPANET) was developed and started operations in 1969. The U.S. government had a simple, albeit never before attempted, goal: create a communications method that could tolerate and

TCP/IP and OSI Reference Model Comparison

33

automatically recover from massive outages at any given location. In other words, create a network capable of rerouting traffic around, say, an entire city destroyed by a nuclear bomb. From 1970 to 1983, government researchers and various educational institutions worked on this open standard. TCP/IP was officially adopted by ARPANET and all systems wishing to communicate with this network on January 1, 1983, and the Internet, as we know it, was born. TCP/IP eventually became accepted as the worldwide standard for communication due to its open architecture and, eventually, public input on its inner working. During development, and even today, details on individual protocols and needed functions are released in a Request for Comment (RFC). RFCs are open for public discourse; protocols and functions are refined and improved over time as individuals and institutions provide comments and recommendations on them. The eventual adoption of TCP/IP as an accepted standard greatly accelerated the development of the Internet, as well as the systems and devices connecting to it. The OSI model is still referenced in networking, with many of its terms and functionality used interchangeably with TCP/IP. However, the actual working stack of protocols is the TCP/IP model, and it differs slightly from the OSI stack.

Comparing the Models As with the OSI model, TCP/IP divides networking functions into distinct layers. However, TCP/IP does so with only four layers: Application, Transport, Internet, and Network Access. All the functionality of the OSI model also occurs within the TCP/IP model; however, the layers do not line up exactly. Figure 2-1 displays the OSI and TCP/IP model comparison.

FIGURE 2-1

OSI Model

OSI to TCP/IP comparison

Presentation layer (6)

TCP/IP Model

Application layer (7) Application

Session layer (5) Transport layer (4)

Transport

Network layer (3)

Internet

Data Link layer (2) Physical layer (1)

Network Access

34

Chapter 2:

TCP/IP

Carefully read questions asking you to match functions and protocols with a particular layer. Identify which stack the question is asking about before answering. For example, a question

asking about routing has two different answers, depending on which stack the question is referring to: the Network layer for OSI, or the Internet layer for the TCP/IP model.

CERTIFICATION OBJECTIVE 2.02

Application Layer Functions and Protocols As you can see in Figure 2-1, the Application layer of the TCP/IP model encompasses the top three layers of the OSI Reference Model (refer to Chapter 1 for a refresher on the Application, Presentation, and Session layers). All the functions, activities, and protocols from layers 7, 6, and 5 of the OSI model occur in the Application layer of TCP/IP. This TCP/IP layer: ■ Provides applications access to the network through a variety of specialized

protocols ■ Provides data formatting, code conversion, and encryption ■ Establishes, maintains, and terminates sessions

Literally hundreds of protocols are in the TCP/IP Application layer. Some of the more common protocols are covered throughout the rest of this section.

DNS The Domain Name Service (DNS) may well be the most widely and universally used protocol within the Application layer. Its use is so ubiquitous within Internet communications, it’s even used by other protocols! Therefore, it is absolutely essential you understand the purpose of DNS and how it functions. It probably goes without saying that computers and humans communicate in different ways. For one example, computers cannot communicate with each other

Application Layer Functions and Protocols

35

unless they are given a specific numerical address. This would work out great if we referred to each other by numbers instead of names: “Hello, 325176652, how are things? Heard from 447987768 lately?” However, people generally speak and communicate with names, and memorizing and using them is much easier for us. Names, though, simply don’t mean anything to computer systems. Consequently, we need a mechanism to give us the flexibility of remembering and referring to systems by easy-to-remember names, while simultaneously providing the numerical addresses computers need. This is where DNS enters the picture. DNS is simultaneously very simple, yet immense in nature and purpose. The main task of DNS is to resolve, or convert, an IP address for a given domain name. This allows an operator to type in a name for a resource, and provides a means for the system to find its numerical address equivalent. A domain name—sometimes referred to as a fully qualified domain name (FQDN)—is a name that is associated with one (or more) specific IP addresses. The name itself comes from a portion of something called the DNS namespace. The entire service referred to as DNS is comprised of three major components: the namespace, zones, and name servers (resolvers).

Be sure you understand the function, components, and basic name resolution steps within DNS. Exam questions will most likely reference DNS

operation as part of a scenario, and knowing what DNS does and how it works will greatly increase your ability to correctly choose the right answer.

The DNS namespace is comprised of a tree structure that, amazingly enough, begins with the root—a single dot (.). The DNS root symbolically provides a starting point for all lookups and names. One step below the root is the top-level domain. Many top-level domains (too many to list here) exist, with each established for a specific purpose. Some of the more common top-level domains are us, gov, edu, com, mil, net, and org. The level immediately below the top-level domain is known as the second-level domain—commonly referred to as the domain name. This portion of the namespace denotes a single organization or entity. For example, Cisco.com indicates a portion of the namespace, found inside the .com top-level domain, belonging to the Cisco organization. All computers and systems under Cisco’s control that Cisco wishes for people to locate via a name will be given an FQDN ending in cisco.com. For example,

36

Chapter 2:

TCP/IP

a server may be named srv1.cisco.com. This domain can additionally be further subdivided by additional names. For instance, accounting.cisco.com might contain all the computer names within the accounting department. Within each defined area of DNS namespace—referred to as a zone—there must be at least one server storing all the records for that particular zone. The zone file contains all the name-to-IP address mappings, and is queried by DNS to find the addresses of domain names. Table 2-1 lists some of the record types found in the zone file. The last major component of DNS is the servers themselves. Name servers hold the records for a single zone, or sometimes for several zones. Name servers answer DNS requests from clients to resolve FQDNs. The actual request to a given name server usually comes from a resolver. Resolvers are servers on your network that ask name servers for the information. To fully grasp this concept, consider a client trying to resolve the name www.cisco.com. Caching is a process used to limit the number of queries that have to go all the way to the root. Your computer has a DNS cache, and every name server and resolver along the way caches their results.This means systems can sometimes get the answer to a query very quickly, especially if others on their network have queried for the same record. The client operator types www.cisco.com into their web browser. The client system, to resolve to an IP address, sends its resolution DNS request to a local resolver. This resolver then queries name servers, all the way up to a root server, to find the one system holding all the records for cisco.com. That server responds to the resolver with the IP address. The resolver then responds to the client request, and this all results in the user happily surfing on Cisco’s web site.

TABLE 2-1

DNS Record Types

Record Type

Definition

SOA

Start of Authority: Defines the server that owns the zone records, as well as other administrative information (administrator name, current version, and so on)

NS

Name server: Defines a name server within the zone. Name servers hold all DNS records for the namespace.

A

Maps an IP address to a domain name.

MX

Mail Exchanger: Denotes the server within a namespace that takes care of e-mail traffic.

CNAME

Canonical Name: An alias used to mask the true identity of a server. This is often used as an alias for specific web sites within a domain.

Application Layer Functions and Protocols

37

DNS is a wonderful thing, but can sometimes cause unenviable frustration when working on Cisco products. For example, when working on a Cisco router or switch, if you type in an unrecognized command, the device assumes you want to make a DNS lookup and happily obliges.This lookup doesn’t work, obviously, and takes a long time to run through iterations before returning to the screen. In order to avoid this problem, use the command no ip domain-lookup on your devices (configuration of this command, and others, are covered later in the book—this is solely listed for reference and illustration).

DHCP Another well-known and oft-used Application layer protocol is Dynamic Host Configuration Protocol (DHCP). The main function of DHCP is to automatically assign IP addresses from a given pool of addresses to clients within a specific network segment. The pool of addresses a DHCP server uses is known as a scope. Servers and routers are generally configured as DHCP servers within a network. Every host on a TCP/IP network must have an IP address, which can be defined statically, if the administrator has plenty of time, patience, and organizational skills. Once a network grows, Don’t be surprised to see however, this becomes much more challenging DHCP listed as a Network layer utility on the and can quickly get out of hand. A better choice, exam.The actual protocol resides in the and one most administrators choose, is to use Application layer; however, the CCENT DHCP. To correctly apply and use DHCP within exam may list it as a Network, or layer-3, a network, you must install or enable the service, utility. configure the scope and other settings, and correctly place the server within the network. Installing and configuring the service is relatively easy, although there are many situations and configuration options to consider. When configuring the scope, savvy network administrators know to exclude or reserve certain addresses from the pool. Servers, switches, printers, and so on, all have a need for static IP addresses. Therefore, administrators can either assign these addresses statically and exclude those addresses from the scope, preventing clients from inadvertently pulling an address already in use, or reserve address space in DHCP so the devices always pull and maintain the same address. Other configuration additions include the address of the default gateway, DNS servers, WIN servers, and the amount of time a client is allowed to hold the IP address—known as a lease. Configuring DHCP on Cisco devices is covered later in this book. See Figure 2-2 for more information on the process a client uses to request and accept an IP address from a DHCP server.

38

Chapter 2:

FIGURE 2-2

The DHCP lease process

TCP/IP

START

New network client, no IP. TCP/IP stack initialization begins.

DHCP Discover

DHCP server responds with a lease proposal.

DHCP Offer Declined

Client restarts process.

Accept Requesting State: Client indicates to server it wants IP. DHCP Request DHCP server grants lease. DHCP Pack Binding State: Client uses lease information to complete TCP/IP stack configuration.

Pay particular attention to the location of DHCP servers in scenario questions. Remember, unless otherwise noted by an ip helper address

command within the scenario, DHCP servers will not offer IP addresses to clients on the far side of a router.

Application Layer Functions and Protocols

39

Finally, placement of your DHCP server is a very important consideration. DHCP works by broadcasting, which makes a lot of sense when you consider the process. When the computer first boots up, it does not know where the DHCP server is. In truth, it doesn’t even know its own network or address! So, the system sends a broadcast message asking for a DHCP server to provide an IP address. Every server running the DHCP service that receives the broadcast will respond, and the client generally takes the first offer it receives. Since routers do not forward broadcasts, it is important to remember to place a DHCP server on each network segment. If it is placed outside the segment, the systems cannot pull IP addresses. Watch for multiple or rogue DHCP servers on your network. A trainee learning how to configure DHCP on a server may inadvertently give out bogus addresses to many systems in your segment, causing issues for you and your users.

Other Protocols While there are many more protocols within the TCP/IP Application layer, and an entire book series could be written just about them, this section concentrates on the protocols you’ll most likely see on the exam. This is not to say this is all you’ll ever need to know about the Application layer; it’s just a focused view. Protocols covered in this section perform most of the basic day-to-day functions found in any network, such as file transfers, e-mail, web surfing, and network management.

File Transfer Protocols File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) are both found in the TCP/IP Application layer, and they both perform the same function—they transfer files from one system to another. The manner in which they perform these functions differs, as well as where you would traditionally see them in play. FTP is as much a service as it is a protocol, and is comprised of a server, an authentication method, and the protocol itself. The FTP server is simply a machine that has installed and enabled the FTP service. The server administrator will define an authentication method within FTP (oftentimes completely separated from the operating system authentications), as well as assign permissions through the FTP directory structure. Users log on to the FTP service and, using a variety of commands, pull or put files from or to the server. FTP is considered a connection-oriented protocol, requiring a reliable transport protocol to manage acknowledgments of each packet sent. FTP can be installed on almost any server or workstation, as well as on many Cisco devices.

40

Chapter 2:

TCP/IP

FTP, while containing an authentication function, is not considered secure. Everything in FTP, including usernames, passwords, and data, is transmitted in clear text over the wire. Additionally, most FTP installations allow for an “anonymous” connection—meaning a user doesn’t even have to log on to use the service. TFTP operates a bit differently. While FTP is a reliable protocol, requiring acknowledgments for each packet sent, TFTP works in a “fire and forget” format: packets are sent as quickly as possible without any acknowledgment required (a process known as connectionless). This results in a much faster file exchange, but does not work well across long network segments or across network boundaries since some packets will, eventually, be lost. Another way this protocol differs from FTP is that TFTP requires no authentication at all—users simply connect and transfer files to and from the server. While there is no authentication method in place, TFTP does require the user to know the complete filename and location, as no directory listing is available. It is important to type the filename precisely when transferring to or from a TFTP server.

TFTP has traditionally been used to transfer Cisco IOS and configuration files between Cisco devices and a TFTP server on the network. Its small footprint, lack of extensive overhead, and

general ease of use make it an easy choice. FTP provides many more features, such as the ability to list the files within the directory, and is a better choice for end users.

E-mail Protocols Another important and very common network function is e-mail. The protocols in play to move e-mail through networks are Simple Mail Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3). SMTP, sometimes jokingly referred to as Send Mail To People, is always used to send mail and always transmits data in clear text (ASCII). Whether the file is being sent from a user or between servers, the protocol in use is always SMTP. POP3 comes in on the recipient side. When a client connects to an e-mail server to pull the messages down to read them, POP3 is the protocol in use. Both SMTP and POP3 are considered connection-oriented protocols. Because SMTP has little to no authentication features built in, attackers can sometimes abuse its hospitality to forward spam. Spam is unsolicited, unwanted e-mail sent in mass quantities, usually for commercial gain or malicious intent. An SMTP server, if not configured properly, will happily forward any e-mail

Application Layer Functions and Protocols

41

it receives—basically doing exactly what it was programmed to do. However, spammers connect to SMTP servers from outside the network and feed e-mails to it for delivery. This process is known as SMTP Relay and should be guarded against. IMAP4 (Internet Message Access Protocol) is another protocol that may be used to pull an e-mail message from a server. IMAP has a more sophisticated authentication structure than POP3, but is not as commonly used in modern networks.

Network Management Protocols Simple Network Management Protocol (SNMP) is another very important and oft-used Application layer protocol. SNMP provides a much needed, simple to use, and very powerful method of querying and managing devices on your network. However, it simultaneously opens significant security risks. SNMP consists of three major components: a central monitoring station, an agent on each device, and a database of questions. In a typical SNMP setting, a central monitoring station, running an SNMPcompliant application, is used to simplify management. The station begins by broadcasting SNMP GET requests to all devices within its network boundary. This message is received by each SNMP-enabled device and a small application, known as an agent, processes the request. To answer the request, the agent uses an agreed-upon standard set of questions and answers. These questions can be different per device type and vendor. The database that a particular device answers questions from is known as the Management Information Base (MIB). MIBs are normally unique for each device and vendor. The central station repeats SNMP requests against the MIB on each device and, eventually, builds a map of the network. This map can be used by a network management specialist to monitor network health, watch for potential problems, and even send configuration updates or changes to devices. Obviously, SNMP is very powerful. In an effort to provide at least some security to this process, SNMP was configured with two passwords in which to conduct business—a public and a private community string. The public community string is a password used to read information from SNMP-enabled devices. The private string is used to send configuration updates to devices. By default, the public and private strings on every SNMP-enabled device on the planet are set to (surprise) public and private, respectively. Should you choose to take advantage of SNMP within your network, these strings should, obviously, be changed to a more difficult password.

Web Surfing Protocols Lastly, no discussion on popular TCP/IP applications would be complete without at least briefly discussing web surfing. Most Internet browsing and viewing is done

42

Chapter 2:

TCP/IP

using two major protocols: HTTP and HTTPS. The World Wide Web (WWW) application, basically the complex combination of servers and specially formatted documents that make up the Web, is mostly accessed by browsers using Hyper Text Transport Protocol (HTTP). The main purpose of HTTP is to transport Hyper Text Markup Language (HTML) files; HTML is the language used to create a web page. The HTML instructions tell the browser what to display on the screen. The entire process is actually pretty simple. A user first enters a Uniform Resource Locator (URL) in the address bar of their web browser. For example, consider what happens when the user types in http://www.cisco.com/ccna.html. The browser then makes a request, using HTTP, for the HTML file named ccna.html, hosted on the computer (or domain) www.cisco.com, listed in the URL. The file is delivered, and the browser interprets and displays the HTML settings.

A URL is made up of three major components: the protocol used, the name of the server (or host) holding the resource, and the name of the page. The protocol comes first, before the //.

The domain name listed, such as Cisco .com, comes next and is the host holding the resource. Anything listed after the last “/” is the name of a specific resource (page) on the host.

Hyper Text Transport Protocol over SSL (HTTPS) uses much the same process, but adds security and encryption to the process. Secure Sockets Layer (SSL) is an encryption process that secures the communication between the client and the server hosting the site. An exchange of certificates ensures the client can safely exchange data without worrying about third-party interception. HTTPS is very common in online banking, shopping, and secured data sharing implementations. Both HTTP and HTTPS are connection-oriented protocols. CertCam

A multimedia demonstration of Wireshark can be found on the CD accompanying this book.

EXERCISE 2-1 Viewing TCP/IP Protocols in Action This exercise shows TCP/IP applications in action by viewing the packets captured during a live session. Please note the CCENT exam does not test on packet captures at all. This exercise is provided solely to enhance your understanding of TCP/IP by

Application Layer Functions and Protocols

43

viewing the packets in live action. Be sure you have Wireshark installed on your machine before proceeding. 1. Open a command prompt by clicking Start/Run/CMD. Type in ipconfig /release but do not press ENTER yet. 2. Open Wireshark and click Capture | Interfaces from the menu bar at the top. If you have more than one interface, the active interface will show packets being received and sent. Click the Prepare button beside the active interface and configure the settings to match Figure 2-3. Click Start. 3. Once the capture begins, you’ll see Figure 2-4. Additionally, Wireshark will display the capture packets in the background on the Capture Statistics window. At this point, go back to the command prompt window and press ENTER to release your IP address from all interfaces. After the interface releases the address (the command prompt window will display the IP address empty and a waiting prompt), type ipconfig /renew and press ENTER. After the interface gets a new address, type ping www.google.com and press ENTER. Close the cmd prompt window. 4. Go back to the capture window (shown in Figure 2-4) and press Stop—or press the Stop Capture button on the main menu. Wireshark displays the capture window, a frame display window, and a details window at bottom, as shown in Figure 2-5. Packets are displayed in the order in which they were captured. FIGURE 2-3

Interface capture options

44

Chapter 2:

TCP/IP

FIGURE 2-4

The Capture Statistics window

5. Click the Protocol column header, as shown in Figure 2-6. The packets are now displayed in the order of their type. ARP packets should show up first, with others following in alphabetical order.

FIGURE 2-5

Wireshark capture review

Application Layer Functions and Protocols

FIGURE 2-6

45

The Protocol column header

6. Highlight an ARP packet by clicking it once. Expand the Frame Display window in the middle of the screen by dragging the window open larger. Click the “+” signs beside each area to fully expand the information. All information about the packet, including frame type, protocol used, flags set, and addressing is displayed. Your display should look something like Figure 2-7. 7. Use the scroll bar to the right of the packet capture window to move down to the first DHCP packet. After selecting it and viewing the information in the frame display window, simply arrow down to the next DHCP packet. Notice the information in the frame display window changes to reflect the information from each new packet. Continue to arrow down to view the entire DHCP release and renew process. 8. Repeat the previous steps to view information on DNS packets, as well as any other protocols your particular system may be receiving or sending (FTP, SNMP, SMTP, and so on).

46

Chapter 2:

TCP/IP

FIGURE 2-7

Examining packets

CERTIFICATION OBJECTIVE 2.03

Transport Layer Functions and Protocols No matter what the application protocol, there must be a protocol in place to transport the request and, eventually, the return data. The TCP/IP Transport layer performs the same functions as its namesake layer in the OSI model: segmentation, reliable end-to-end delivery of data, and flow control. Transport layer protocols include Transport Control Protocol (TCP) and User Datagram Protocol (UDP).

Transport Layer Functions and Protocols

47

TCP TCP is a connection-oriented reliable transport protocol used by applications that require error correction in delivery. On the good side, TCP provides the reliability services that applications may not have built into them. The drawback is that, in order to do so, TCP adds a lot of overhead to the communications process (see Figure 2-8 to view the TCP header). This slows things down, consumes more bandwidth, and requires more processing for hosts during communication. Protocols making use of TCP as a transport protocol include SMTP, HTTP, HTTP(s), FTP, and a host of others. The TCP communications process encompasses three major functions: session establishment, error recovery, and flow control. Every TCP communication process begins with a session establishment process known as the three-way handshake. In the first phase, the requesting system sends a synchronization request segment, known as a SYN. The SYN segment is a simple request to open a communications channel, and includes the SYN flag set, a sequence number, and port numbers (covered later in this chapter). When the server receives this request, it formulates and sends a synchronization/acknowledgment segment, known as a SYN/ACK. This segment includes the SYN and ACK flags set, an acknowledgment of the requestor’s sequence number, and a separate sequence number. Finally, in the third step, the requesting system sends an acknowledgment segment, known as an ACK. This segment includes the ACK flag set, a copy of the acknowledgment of the original sequence number, and an acknowledgment of the server’s own sequence number. This process can be seen in Figure 2-9. Once the session is established, data can start flowing between the two systems. During data transmission, eventually segments get lost due to a variety of causes. TCP handles error recovery by using the sequence number and acknowledgment

FIGURE 2-8

0

4

10

16

SOURCE PORT

A TCP header

24

31

DESTINATION PORT SEQUENCE NUMBER ACKNOWLEDGMENT

HLEN

RESERVED CODE BITS* CHECKSUM

WINDOW URGENT POINTER

OPTIONS (IF ANY) DATA ....

PADDING

48

Chapter 2:

TCP/IP

FIGURE 2-9

SYN (Synchronization Request)

1

The three-way handshake 2

SYN/ACK (Acknowledgment)

Requesting host

Receiving host ACK

3

fields in the header. The sequence number agreed upon during the three-way handshake is incremented for every agreed-upon number of data bytes sent. For example, if the two systems agree to send 100 bytes at a time, the sequence number would increase by 100 for every segment sent. In other words, each segment that leaves increases the sequence number by a specific amount. On the receiving end, the recipient system acknowledges the receipt of each segment by incrementing the sequence number to the next expected segment. For example’s sake, imagine an established session with an agreed-upon sequence size of 100. If a system sends a segment with a sequence number of 422, the recipient would send an acknowledgment with the sequence number set to 522. An example of this in practice can be seen in Figure 2-10. Recovery of lost segments is easy to see within this process. The sending machine will wait until it receives an acknowledgment before it sends the next segment in line. If the acknowledgment does not come, or is not the expected reply, the sender knows to retransmit the previous segment(s). For example, imagine a sender has transmitted segments with sequence numbers of 122 and 222, and has received an acknowledgment of 322 (the next segment number). The sender knows the recipient has accepted both previous segments and is expecting 100 bytes (322). The sending machine transmits segments 322 and 422, and waits. If all goes well, the acknowledgment will read 522. If the end station loses the last segment, however, the acknowledgment is 422, telling the sender to retransmit the segment with sequence number 422. This process, also known as ordered data transfer, allows for retransmission of lost segments and ensures all segments are received in the order in which they were sent.

Transport Layer Functions and Protocols

FIGURE 2-10

Sequence Number: 422 —Send Acknowledgment

A TCP acknowledgment 2

4

1

ACK-522

Sequence Number: 522 —Send Acknowledgment

Requesting host

49

3 Receiving host

ACK-622

Sequence numbers not only help out in keeping segments in order, but they can also help in reducing the number of retransmissions. For example, consider a conversation occurring between two systems with an agreed-upon sequence increment of 1000 bytes. If the sending device has sent three segments and the sequence number started at 1000, the sending device would expect an acknowledgment of 4000. Suppose, however, the recipient only received the first and third segments. The acknowledgment would be 2000, notifying the sender it needed the second segment. However, immediately after sending the acknowledgment, the second segment finally arrived. The sending device, receiving an acknowledgment of 2000, would assume the second segment never arrived. It would then retransmit sequence number 2000 and await an acknowledgment. The recipient now has all three segments, having received the second segment in between all this activity. It now sends an acknowledgment for what it is expecting next—sequence number 4000. Requesting the retransmission of the third segment would have been a waste since it had already been received. TCP also makes use of a timer for error recovery. If the sending machine does not receive an acknowledgment within the allotted time, it will retransmit all outstanding segments.

50

Chapter 2:

TCP/IP

The last major function in TCP is flow control. This process ensures data is transmitted as quickly as possible without overwhelming the recipient machine. If TCP required an acknowledgment of each and every segment, flow control wouldn’t be needed at all. However, that wouldn’t be very efficient, and the communications process would be dramatically slowed. A more equitable solution would be to have the sending machine transmit several segments and wait for an acknowledgment from the recipient of the entire grouping. Both machines could communicate with each other until a maximum size of segment groupings is agreed upon. TCP accomplishes this by using the window size field in the TCP header. The window size field lets each system know the total number of unacknowledged segments that can be outstanding at any time, and can change at any time during the process. Keeping things simple, assume a sending machine sends segments 1, 2, and 3, with a window size of 3. If the path between the two can transmit all segments within the allotted time, and the recipient can handle it, the acknowledgment will read 4. This lets the sender know all three segments were received and it can send the next three. Starting small, the window size will be slowly incremented by the sending machine until a threshold is met. At this point, the sender and recipient are transmitting data as quickly as possible, without congestion problems. The process of the window size changing during communications is known as sliding windows.

Be sure to review and understand the three major functions accomplished within TCP. You will definitely be asked questions testing your knowledge on the order transfer of data, requiring

you to predict sequence numbers from a given scenario. Pay close attention to the sequence number itself, as well as the agreed-upon size.

UDP The second Transport layer protocol is User Datagram Protocol (UDP), shown in Figure 2-11. Unlike TCP, UDP is a connectionless protocol, meaning it does not require acknowledgments and does not provide for error correction. A much simpler protocol with a smaller header, UDP simply transmits segments as quickly as possible, without regard to the recipient. UDP has the advantage of being much faster than TCP, but it does not provide many of the services that TCP’s larger header allows for. If UDP is used as a transport protocol, reliability becomes a function of the applications themselves.

Transport Layer Functions and Protocols

FIGURE 2-11

A UDP header

Source Port Number (16 Bits) UDP Length (16 Bits)

51

Destination Port Number (16 Bits) UDP Checksum (16 Bits) DATA

The UDP header is only eight bytes long.

UDP is a good choice in a couple of scenarios. If the data transfer is one (or just a few) packets, then the overhead of TCP is unnecessary. Both DNS and DHCP are good examples. In another good UDP scenario, the applications themselves must be capable of tolerating lost packets, or have some means by which to ask for retransmissions. For example, streaming video and Voice over IP (VoIP) can both tolerate a packet or two lost along the way, as long as the stream doesn’t get too choppy.

Port Numbers and Multiplexing Regardless of the transport protocol in use, there must be a method in place to let the recipient Transport layer know which application protocol the transmitted segments should be passed to. For example, imagine a server simultaneously hosting a web site and running an FTP service. A TCP connection sequence occurs and a client connects to the server, sending a request for data. How does the server know which application protocol—HTTP or FTP—is to handle the request? Additionally, consider how confusing things could get if the same address asked for both services in different streams. Port numbers are used to identify which protocol is to answer a request and provide for multiplexing multiple requests from a single source. Both TCP and UDP use port numbers, from 0 to 65,535, which are divided into specific ranges. The numbers up to 1023 are called well-known port numbers and represent applications used by the operating system. Port numbers between 1024 and 49,151 are called registered ports, while those between 49,152 and 65,535 are dynamic ports. Dynamic ports are open for use without restriction, and are used by sending machines to identify individual communication sessions. Well-known ports are listed in Table 2-2. To understand the use of port numbers in TCP for multiplexing, consider the preceding example and the demonstration in Figure 2-12. First, the client requests a web page from the server by choosing a random port number (5000) in the dynamic range for the source, and using the port number for HTTP (80) as the destination. When the data is returned, the ports are reversed—80 is now the source, with 5000 as the destination. While surfing the web site, the same client decides to transfer a file from the FTP service on the server. A second communications request begins,

52

Chapter 2:

TABLE 2-2

Well-Known Port Numbers

TCP/IP

Port Number

Application Protocol

20

FTP (Data)

21

FTP (Control)

22

SSH

23

Telnet

25

SMTP

53

DNS

67,68

DHCP

69

TFTP

80

HTTP

110

POP3

161

SNMP

443

HTTPS (SSL)

with the recipient choosing another random port number (5001) as the source port, and using the port number for FTP (21) as the destination. Once again, as the data is returned, the port numbers are swapped—21 is now the source with 5001 as the destination. This process allows both systems to track each session separately, even though the address of the requestor and sender remain the same.

FIGURE 2-12 Source Port 5000

Port numbers and multiplexing 2

Source Port 80

Source Port 5001

Web server 2

Destination Port 80

Destination Port 5000

Destination Port 21

Source Port 21

1

1

Destination Port 5001

Client

Internet and Network Access Layer Functions and Protocols

53

Even though ports 1024 through 49,151 are considered registered ports, they can be used as dynamic ports by systems during communications.The combination of an IP address, a transport protocol, and a port number is known as a socket. Additionally, just for fun, the ports clients used are also known as ephemeral ports.They randomly are assigned from a pool of ports the client has available, and are never reused until a client has exhausted all of its pool of ports.

CERTIFICATION OBJECTIVE 2.04

Internet and Network Access Layer Functions and Protocols After the Application and Transport layers have accomplished their functions, the segment is passed down for logical addressing and routing. The same functions and activities from the Network layer of the OSI model occur in the Internet layer of the TCP/IP stack. As with any stack, two major protocol types occur in this layer: routed and routing protocols. Routed protocols define the format and fields of a packet, provide the logical addressing needed to be moved from one location to another, and can be routed from one subnetwork to another across a router. Routing protocols specify the manner in which routes are learned and placed in the route tables of routers, as well as define how the routers talk to each other. Routing protocols will be covered in greater detail in Chapter 6.

Routed protocols can be routed across networks (or subnets). Routing protocols are used to exchange information between routers to determine best path availability. You might also see a

reference to “non-routable” protocols on the exam. Non-routable protocols cannot, obviously, be moved from one subnet to another. An example is NetBEUI.

54

Chapter 2:

TCP/IP

IP and ICMP The Internet Protocol (IP) is the routed protocol found in this layer. It provides the hierarchical addressing and routing functions for data delivery across networks. IP addresses are 32 bits in length, with some bits providing a network address and others acting as host addresses inside the network. This ability acts much like a ZIP code in postal addressing, as discussed in the “Network Components” section of Chapter 1. IP address construction, use, and functionality are discussed in greater depth in Chapter 6. While considered a connectionless protocol, IP does make a sincere effort to forward all packets. This is commonly referred to as best-effort delivery. However, due to network congestion, cable faults along the way, and a host of other reasons, packets (sometimes referred to as datagrams) can get lost. In and of itself, IP has no way to deal with datagram loss, or with issues such as out-of-order receipt. The Internet Control Message Protocol (ICMP) was established to alleviate this problem. ICMP is an Internet layer protocol that provides error notification and, sometimes, error correction for IP datagram delivery. ICMP can notify sending hosts when packets are lost or congestion occurs. It can even alter their default gateway information to more efficiently send certain packets! A host of ICMP message types are available, but by far the most familiar and often used are the ECHO REQUEST and ECHO REPLY types. ping is a command-line tool used to test basic network connectivity. It sends an echo request to a distant host, and if the host receives the message, it responds with an echo reply. A successful test means the connection between the two hosts is good from layers 1 through 3. However, a number of reasons exist as to why the connectivity test would fail. A network segment along the path may be too congested to pass the requests, the host might be temporarily offline or configured to not respond to pings, a firewall may be preventing the ping, or a router along the way does not have a route listed in its table for the end destination IP address. Table 2-3 covers common ping responses and their meaning. ping is usually used to systematically test network connectivity between two devices. In doing so, you should always ping from local to remote. For example, suppose a user claims they cannot access a resource on the Internet. To properly troubleshoot this problem, you should first eliminate problems with the local machine by typing ping 127.0.0.1 (or ping localhost). The IP address 127.0.0.1 (also known as localhost) is used to test the TCP/IP binding on the local network card. Next, ping the default gateway for the system. The default gateway is the

Internet and Network Access Layer Functions and Protocols

TABLE 2-3

ping Responses

55

ping Response (ICMP Message Type)

Meaning

Reply from ______

Layer 1–3 connectivity is good for the pathway.

Request Timed Out

The host did not respond to the ping request. This could mean it is offline, the pathway is corrupt, or ping is being blocked.

Destination Unreachable

There is no route to the end station. This could mean your default gateway router cannot find the route, or a router along the way does not have a route.

router port or firewall port on the local subnet providing access to outside networks. Lastly, ping the remote host. This systematic approach simplifies and accelerates troubleshooting efforts.

The responses to a ping display differently in a Cisco device, with a single character indicating the message type. An exclamation point (!) indicates a good response. Other responses include a

dot (.) for timed out, and a capital “U” for destination unreachable. Also, be sure to remember to ping from local to remote in troubleshooting scenarios.

A final tool associated with ICMP is traceroute. The traceroute command displays all the IP addresses of all routers along the path to the final destination, which obviously provides a much more granular and meaningful snapshot in any troubleshooting scenario. The traceroute command on Cisco devices displays the IP address of the next hop device along the path. A sample network and traceroute output is displayed in Figure 2-13.

Be sure you understand how to use the traceroute command, as

well as the meaning of its expected output. You will definitely see exam questions on it.

56

Chapter 2:

TCP/IP

172.16.1.1

FIGURE 2-13

199.50.60.15

172.16.1.2

Traceroute 192.168.1.1

172.17.1.1 172.17.1.2

Host1 192.168.1.15

RTR1#traceroute 199.50.60.15 Type escape sequence to abort.

Host2 199.50.60.15

Tracing the route to 199.50.60.15 1 172.16.1.2

9 msec 4 msec 4 msec

2 172.17.1.2

22 msec 24 msec 22 msec

3 199.50.60.15 24 msec 24 msec 28 msec

Network Access Layer Protocols The Network Access layer of TCP/IP encompasses all the functionality of both the Data Link and Physical layers of the OSI Reference Model. Encapsulation, framing, media access, and physical addressing, as well as all the physical standards associated with cabling, connectors, and encoding, all occur here. Each Network Access layer protocol defines a specific frame type in which to encapsulate a packet for delivery within the network segment. In other words, the packet must be delivered somewhere locally first, before it can make its way out of the network. If all devices on the media use the same Network Access protocol and standard, the frame type is understood and the frame is delivered to the appropriate device. The Network Access layer encompasses a wide variety of protocols and standards, including SLIP, PPP, and Ethernet. Serial In-Line Protocol (SLIP) and Point-to-Point Protocol (PPP) are both designed for point-to-point network segments. SLIP was the first, and generally worked well. However, it was only capable of delivering TCP/IP traffic and, as networking grew, the need for transporting other protocol suites grew with it. PPP was created to address this problem, since it could transmit almost any Internet layer protocol. Within LANs, however, Ethernet is by far the most common Network Access layer standard. Ethernet also defines a specific frame type, using MAC addresses and

Internet and Network Access Layer Functions and Protocols

57

allowing for a host of services and functions within the LAN. While point-to-point connections generally do not need to worry about addressing (everything sent is always sent to the same recipient), multiple systems connecting to a single segment do need a method to determine who the message is intended for. Additionally, by putting more than one system on the wire, functionality for dealing with collisions had to be put into place. These functions, along with more details, are covered in Chapter 4.

Each network segment uses a specific Network Access layer standard. As the packet moves from one network segment to the next, the frame is stripped off by the router and a new frame is built

for transmission on the next segment. For example, an Ethernet segment may pass over a PPP or SLIP network on the way to its destination.

INSIDE THE EXAM TCP/IP Much like Chapter 1, questions from this chapter’s material on the exam may not be explicit, but instead be part of scenario-based queries. Direct questions about the material should be fairly straightforward, so a good understanding of the protocols discussed here will help out greatly. On matching questions asking you to identify a particular layer, remember that the TCP/IP layers do not match exactly with the OSI model. The TCP/IP Application layer encompasses the top three layers of the OSI Reference Model, the Internet layer replaces the Network layer, and the

Network Access layer encompasses the bottom two OSI layers. You should commit several key points to memory from this chapter, and be sure to understand the basic functions of each of the Application protocols mentioned. At the Transport layer, pay particular attention to the three-way handshake, port numbers, flow control, and multiplexing. Additionally, be very familiar with the differences between TCP and UDP. In the Network Access layer, be sure to remember the frame type changes as the packet travels from network to network.

58

Chapter 2:

TCP/IP

CERTIFICATION SUMMARY The TCP/IP chapter first compared and contrasted TCP/IP and OSI. All functionality from the OSI Reference Model also occurs within the TCP/IP stack; however, TCP/IP only has four layers. The TCP/IP Application layer comprises layers 7 through 5, and holds several protocols. DNS provides domain-name-to-IPaddress resolution, while DHCP dynamically tracks and assigns IP addresses within a network segment. FTP and TFTP are file transfer protocols. FTP is connectionoriented, while TFTP is connectionless and faster. SMTP and POP3 combine to move e-mail through networks. SNMP is a very powerful protocol for network management functions. HTTP provides for web surfing and HTML transport, while HTTPS provides secured methods for web access. Transport layer protocols include TCP and UDP. TCP is connection-oriented and uses a three-way handshake to set up a session. Within the session, TCP uses sequence numbers and acknowledgments for reliability, and sliding windows for flow control. UDP is connectionless, and faster than TCP, but does not have the flow control and reliability features of TCP. Regardless of TCP or UDP, port numbers are used to track multiple communications sessions between systems. Well-known ports are used to identify the Application layer protocol, while dynamic ports are used by requesters to identify the session. Internet layer protocols include IP and ICMP. IP is a routed protocol, providing hierarchical logical addressing; ICMP provides error notification and other services lacking in IP. Network Access layer standards include SLIP, PPP, and Ethernet.

Two-Minute Drill

✓

59

TWO-MINUTE DRILL TCP/IP and OSI Reference Model Comparison ❑ The TCP/IP model has four layers: Application, Transport, Internet, and

Network Access. ❑ TCP/IP’s Application layer maps to the Application, Presentation, and Ses-

sion layers of the OSI model. The Internet layer maps to OSI’s Network layer. The Network Access layer holds the Data Link and Physical layers.

Application Layer Functions and Protocols ❑ DNS provides domain-name-to-IP-address resolution. DNS makes use of

resolvers, name servers, and the domain namespace. Top-level domains fall immediately under the DNS root, and hold individual zones. Each zone has an SOA record and a name server that holds all the records for the zone. ❑ DHCP provides automatic dynamic IP address allocation within your net-

work segment. A DHCP server is configured with a range of addresses, called a scope, along with other information—such as default gateway and DNS server addresses. DHCP works on broadcasts, so placement of the server must be within the segment. Multiple DHCP servers on the same segment can be problematic, because bogus addresses may be handed out to clients. ❑ Both FTP and TFTP are file transfer protocols. FTP is connection-oriented

and requires some form of authentication, but is considered insecure because it passes everything in clear text. TFTP is connectionless and much faster, but does not offer directory listing or authentication. TFTP is commonly used to transfer Cisco IOS or configuration files. ❑ SMTP, POP3, and IMAP4 work together to transmit e-mail. SNMP is used

for network management and configuration options and relies on public and private community strings for security. HTTP transports HTML formatted pages, and HTTPS adds the SSL protocol for encrypted data transfer. ❑ Transport layer protocols include TCP and UDP. TCP is connection-

oriented and uses a three-way handshake, with a SYN, SYN/ACK, and ACK transfer to establish a communications channel before data is transmitted. TCP provides reliability by using acknowledgments, and flow control by using a sliding window. UDP is connectionless and does not provide the same

60

Chapter 2:

TCP/IP

services as TCP; however, it is much faster. UDP is typically used to transfer Cisco IOS and configuration files from devices to a server and vice versa. ❑ Port numbers are used to identify the Application layer protocol to be used.

A sending machine applies a source port dynamically and a destination port from the well-known range. Upon the response, the port numbers are swapped in the header. The combination of IP address, sequence number, and port number is known as a socket and allows for multiplexing between two systems. ❑ IP is a connectionless routed protocol assigning hierarchical addresses to

packets. IP allows for both host and network address bits within each address. ICMP provides error notification services for IP. ping responses include request timed out (host did not respond), destination unreachable (no route available in a router), and reply from (success). ❑ Network Access layer standards include SLIP, PPP, and Ethernet, as well as

many others. SLIP and PPP are used for point-to-point links, while Ethernet is used inside most LANs.

Transport Layer Functions and Protocols ❑ TCP is a connection-oriented, reliable layer-4 transport protocol. Applica-

tion protocols making use of TCP as a transport protocol include SMTP, HTTP, HTTP(s), and FTP. ❑ The steps within TCP session establishment (known as the three-way hand-

shake) include Synchronization, Synchronization Acknowledgment, and Acknowledgment packets (SYN, SYN/ACK, ACK). ❑ TCP handles error recovery by using the sequence number and acknowledg-

ment fields in the header. The sequence number agreed upon during the three-way handshake is incremented for every byte of data sent. ❑ Flow control in TCP is accomplished using the window size field in the TCP

header. ❑ UDP is a connectionless, unreliable layer-4 transport protocol. UDP does not

require acknowledgments, does not provide for error correction, and does not require a session establishment before data is transmitted. Application protocols making use of UDP as a transport protocol include DNS, DHCP, TFTP, and streaming audio programs.

Two-Minute Drill

61

❑ Port numbers in the TCP or UDP header identify which Application layer

protocol is to answer a request, as well as to provide for multiplexing multiple requests from a single source. Port numbers range from 0 to 65,535: 0 to 1023 are called well-known port numbers, 1024 to 49,151 are called registered ports, and 49,152 to 65,535 are dynamic ports. Source port numbers are dynamically assigned, and any number over 1023 is an acceptable source port.

Internet and Network Access Layer Functions and Protocols ❑ Routed protocols can be routed across networks (or subnets). Routing proto-

cols are used to exchange information between routers to determine best path availability. ❑ Internet Protocol (IP) is a routed protocol, using a 32-bit hierarchical ad-

dress. IP is considered a connectionless, best-effort protocol. ❑ ICMP is an Internet layer protocol that provides error notification and, some-

times, error correction for IP datagram delivery. ❑ ping is a command-line tool used to verify basic network connectivity (up to

layer 3). ping uses ICMP ECHO REQUEST, ICMP ECHO REPLY, and other ICMP message types to convey connectivity information. ❑ Encapsulation, framing, media access and physical addressing, as well as all

the physical standards associated with cabling, connectors, and encoding, all occur in the Network Access layer. ❑ Serial In-Line Protocol (SLIP) and Point-to-Point Protocol (PPP) are both

designed for point-to-point network segments. SLIP is only capable of delivering TCP/IP traffic, while PPP is capable of delivering almost any Internet layer protocol. ❑ Ethernet is the most popular layer-2 technology used within LANs.

62

Chapter 2:

TCP/IP

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

TCP/IP and OSI Reference Model Comparison 1. Which of the following are true when comparing TCP/IP to the OSI Reference Model? (Choose two.) A. The TCP/IP model has seven layers while the OSI model has only four layers. B. The TCP/IP model has four layers while the OSI model has seven layers. C. The TCP/IP Application layer maps to the Application, Session, and Presentation layers of the OSI Reference Model. D. The TCP/IP Application layer is virtually identical to the OSI Application layer. 2. In which layer of the TCP/IP stack is routing and logical addressing found? A. Network B. Data Link C. Internet D. Network Access 3. In which layer of the TCP/IP stack is framing found? A. Network B. Data Link C. Internet D. Network Access 4. Formatting and code conversion occurs in the ________ layer of the OSI model, and the ________ layer of the TCP/IP stack. A. Data Link, Network Access B. Network Access, Data Link C. Application, Presentation D. Presentation, Application

Self Test

63

Application Layer Functions and Protocols 5. Which TCP/IP Application layer protocol provides IP address resolution for domain names? A. DHCP B. DNS C. SMTP D. SNMP 6. You receive several calls about a lack of network connectivity from a group of users. After investigating, you find all the users are on a brand-new segment off the internal router. Your network uses DHCP and all users on the original segment are functioning fine. What is the most likely cause of the problem? A. Every user on the new segment has manually assigned their own TCP/IP address information. B. The DHCP server is on the original segment, and DHCP requests are not allowed to cross a router. C. Cabling to a single host on the new segment has been severed, taking down the entire network. D. This is a temporary problem. Simply waiting longer will fix it. 7. Within SNMP, the ________ community string allows a central device to read MIB information, while a ________ community string provides the authentication to send configuration updates. A. Public, Private B. Private, Public C. Read, Read/Write D. Read/Write, Read 8. What signifies the hostname holding the resource in the URL http://www.cisco.com/ education.htm? A. http B. www.cisco.com C. education.htm D. www.cisco.com/education.htm

64

Chapter 2:

TCP/IP

Transport Layer Functions and Protocols 9. TCP completes a three-way handshake before exchanging data. In order, what are the steps? A. ACK, SYN/ACK, SYN B. ACK, SYN, SYN/ACK C. SYN/ACK, ACK, SYN D. SYN, SYN/ACK, ACK 10. What is the well-known port number for SMTP? A. 21 B. 22 C. 23 D. 25 E. 110 11. A client connects to a server and attempts to pull a web page. What port would appear in the destination field of the requesting machine’s TCP header? A. 23 B. 25 C. 80 D. 88 E. 110 12. Which of the following port numbers could appear in the source port field of a TCP header leaving a requesting system? A. 1022 B. 1023 C. 49,172 D. 80

Internet and Network Access Layer Functions and Protocols 13. Which protocol provides error notification services for IP? A. ping B. SNMP C. DNS D. ICMP

Self Test

65

14. While using ping to test network connectivity, you receive a “Destination Unreachable” reply. Which of the following is the most correct interpretation of the result? A. The end host is offline. B. A layer-1 problem exists between the two hosts. C. A layer-3 problem exists between the two hosts. D. The end host is online. 15. The point-to-point protocol ________ was replaced by PPP, largely because it could only transport TCP/IP. A. PPTP B. SLIP C. SNMP D. SMTP

66

Chapter 2:

TCP/IP

SELF TEST ANSWERS TCP/IP and OSI Reference Model Comparison ✓ B and C. The TCP/IP model has four layers. The Application layer maps to the top three 1. ® layers of the OSI Reference Model. ® ˚ A and D. These are contrary to B and C. ✓ C. Routing and logical addressing occur at the Internet layer of the TCP/IP stack. 2. ® ® ˚ A. The Network layer is an OSI model layer. B. Data Link is an OSI model layer. D. Framing, error checking, and media access occur at the Network Access layer of the TCP/IP stack. ✓ D. Framing, error checking, and media access occur at the Network Access layer of the 3. ® TCP/IP stack. ® ˚ A. The Network layer is an OSI model layer. B. Data Link is an OSI model layer. C. Routing and logical addressing occur at the Internet layer of the TCP/IP stack. ✓ D. Formatting and code conversion are Presentation layer functions in the OSI model. The 4. ® Application layer in TCP/IP maps to the top three layers of the OSI model. ® ˚ A, B, and C. None of the remaining options are correct.

Application Layer Functions and Protocols ✓ B. DNS resolves an IP address for a domain name. 5. ® ® ˚ A. DHCP provides automatic dynamic address allocation inside a network segment. C. SMTP provides e-mail transmission between clients and servers. D. SNMP provides network and configuration management services. ✓ B. DHCP messages are sent broadcast and, therefore, will not cross the router. 6. ® ® ˚ A. It is unlikely every client manually changed their TCP/IP configuration at the same time. C. Cabling to a single host would not bring the entire network segment down. D. Waiting will not fix this problem. ✓ A. Public and private community strings are used within SNMP to read and write, 7. ® respectively. ® ˚ B. The choices are backwards. Private allows for writing configuration data, while public allows for reading MIB information. C and D do not exist as community strings. ✓ B. Anything between the // and / in the URL is the hostname holding the resource. 8. ® ® ˚ A, C, and D. http is the protocol used, and education.htm is the individual page requested.

Self Test Answers

67

Transport Layer Functions and Protocols ✓ D. The three-way handshake begins with a synchronization packet (SYN), which is then 9. ® acknowledged (SYN/ACK). The last step is an acknowledgment of the sequence numbers (ACK). ® ˚ A, B, and C. The steps are out of order. ✓ D. The port number for SMTP is 25. 10. ® ® ˚ A. 21 is the port number for FTP. B. 22 is the port number for SSH. C. 23 is the port number for telnet. E. 110 is the port number for POP3. ✓ C. The port number for HTTP, used to pull HTML web pages, is 80. 11. ® ® ˚ A. 23 is the port number for telnet. B. 25 is the port number for SMTP. D. 88 is the port number for Kerberos. E. 110 is the port number for POP3. ✓ C. Source port numbers from a requesting machine are dynamic and must not be from the 12. ® well-known port range 0–1023. ® ˚ A, B, and D. All answers are from the well-known port range, which cannot be used here.

Internet and Network Access Layer Functions and Protocols ✓ D. ICMP provides error correction and notification services to IP. 13. ® ® ˚ A. ping is a command-line utility used to test network connectivity. B. SNMP is an Application layer protocol for network management. C. DNS provides IP address resolution for a domain name. ✓ C. Destination unreachable indicates there is no entry in the route table of your system, or 14. ® a router on the path, for the end host. ® ˚ A. If the packet makes it to the end station’s network, and the station is offline, you should receive a Reply Timed Out message. B. A Destination Host Unreachable message indicates a layer 3 problem, not one in layer 1. D. If the packet reaches the destination network and the device is online, you should receive a Reply From message. ✓ B. SLIP was a popular point-to-point protocol early on, but was only capable of 15. ® transmitting TCP/IP. ® ˚ A. PPTP is a tunneling protocol. C. SNMP is an Application layer protocol for network management. D. SMTP is an Application layer protocol for e-mail.

This page intentionally left blank

3 Network Media and Devices

CERTIFICATION OBJECTIVES 3.01

Network Media

3.02

Network Devices

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

70

Chapter 3:

Network Media and Devices

S

o far, we’ve covered some basic essentials of networking knowledge, and discussed the grouping of rules needed for a network to function. However, while protocols provide the rules and standards needed on our networks, and the knowledge and definitions covered are essential, they only offer portions of the overall networking puzzle. To become an effective networking technician, you need to know the physical as well as the theoretical. In this chapter, we’ll begin the examination of the physical hands-on side of networking by taking an in-depth look at the pathways data uses to travel on a network, known as network media. We’ll first examine some basics and terminology on media in general, followed by a discussion on copper cabling characteristics, types, and connectors. Next, we’ll explore some basics of fiber cabling. Lastly, we’ll complete the chapter with wireless transmission media characteristics and fundamentals.

CERTIFICATION OBJECTIVE 3.01

Network Media Just as vehicles need roadways on which to travel, data needs a pathway to use to move from system to system. In the early days of networking, these choices were limited. However, in the modern world, your choice of data pathways ranges from physical cabling to a wide variety of wireless over-the-air options. Network media simply refers to the defined pathway data travels within a network. Your choice of media depends on a variety of considerations, such as bandwidth, attenuation, noise immunity, and cost. Every media choice has a specific maximum bandwidth it is capable of transmitting. In general, installers choose the highest grade of cable available, within cost, for a specific installation. This allows for upgrades in networking devices later on, without removing and installing new cabling. This section concentrates on physical media (cabling), while wireless communications are covered in Chapter 11.

Media Terminology Attenuation refers to the degradation of a signal over distance traveled on a media. As data travels down a cable, the signal strength weakens due to imperfections and

Network Media

71

interference. Each media type, therefore, has a specific cable length in which signaling works. Some cable types and implementations have relatively short distances, while others can span—literally—miles. Attenuation concerns, unless handled by the cable type itself, are usually mitigated with a layer-1 device—a repeater. Noise immunity is another concern in choosing appropriate media for your network. Noise is a catchall term used to refer to the many different forms of interference that can affect a data signal. Electromagnetic interference (EMI) and radio frequency interference (RFI) are two common culprits in damaging data signals. Depending on your media choice, your network may be susceptible to one, both, or neither. Lastly, many times media choice comes down to cost. Generally speaking, the cost of the media increases as its susceptibility to noise and attenuation decreases. Additionally, media can have several different grades or categories within a specific type. While you may wish to install the best media available, keep in mind that all the devices you purchase for your network must also work on the media, and some media requires a healthy investment in component/hardware upgrades. In other words, the cost isn’t necessarily just about the media, but also includes the upgrade in networking components you may need to run the media. Cabling falls into two major categories: copper-based and fiber-based. Copper cabling uses electrical impulses to send bits, while fiber cabling encodes bits using light impulses. Each category has several defining characteristics and is applied in different situations. In the next section, we’ll discuss some basics of cabling at the LAN level. Most, if not all, of the cable discussions following will be applicable to an Ethernet LAN. Ethernet networking is discussed in greater detail in the next chapter.

Copper Cabling Copper cables are the most common media choice for the majority of LAN installations, mainly due to cost and their relative ease of installation. Initially, copper-based networks used coaxial cables as their media; however, most modern implementations use a form of twisted pair. Regardless of which copper cabling you choose, attenuation and EMI are issues to deal with in your network planning. Some, like coax and shielded twisted pair, have at least a modicum of protection against EMI, but all are susceptible to noise interference and eavesdropping. While not a wise option for modern networks, in the early days of Ethernet networking coaxial (coax) cables provided the most popular media choice. A coax cable consists of a central copper core surrounded by insulating material and a

72

Chapter 3:

Network Media and Devices

braided metal shield. The signal travels through the central core, and the shield provides protection against EMI as well as acting as a ground for the signal. Another consideration with using coax is the actual physical properties of the electrical signal itself. All electrical signals require a terminated ground, or they will “bounce” back through the wire. In coax cabling, terminators must be affixed to both ends of the cable for data networking to function. If a terminator is loose or disconnected, the entire network segment will fail. Coax cables come in a wide variety of standards, but only two were normally used in LAN implementations. Coax cables aren’t a part of modern LAN implementations, but you will still see them on the job—particularly on the WAN provision side. Cable television providers are now taking advantage of the available bandwidth on the RG-6 coax cables already in place throughout much of the country, splitting the data signal from the analog waves carrying the television channels. You can easily tell whether a coax cable is for television/cable modem purposes by looking at the connector. An F-type connector is threaded and screws on a nut-and-bolt assembly. Thicknet cabling (also known as 10BASE5) was the original Ethernet transmission media. As its name implies, the cable itself is relatively thick, stiff, and hard to work with. The benefit of thicknet is that its solid core is capable of transmitting a signal up to 500 meters, and it is highly resistant to EMI. However, connections to the bus required “vampire” clasps (taps), and data transmissions were only capable up to 10 Mbps. Thicknet is no longer used as a data transmission media, although it may appear in older networks. If you were to see either coax type on an existing, relatively modern network, you’ll most likely see thinnet used as a backbone to connect several hubs together. Thinnet (also known as 10BASE2) rapidly replaced thicknet in most LAN installations during the early 1980s. Thinnet is much thinner, lighter, and, more flexible than thicknet, making it easier to work with and install. Due to its thinner core, however, data signals can travel only 185 meters before attenuating. However, attaching hosts to the bus was relatively easy, using Bayonet Neill-Concelman (BNC) and T connectors.

Network Media

Important topics to remember regarding coax cabling are the maximum data transmission rate (10 Mbps), the segment lengths (185–500), and the connector types (BNC,T, and Terminators). Additionally, remember coax

73

cabling is difficult to troubleshoot: loose or disconnected terminators and/or a single break in the cable will bring the entire segment down, and discovering where the link is broken can be frustrating.

Twisted pair has replaced coaxial cabling as the media of choice for most new network installations. Twisted pair cabling is relatively inexpensive and is simple to work with and install. Signals do not travel as far on twisted pair as they do on coax—generally, 100 meters on TP, with up to 500 meters on coax—however, they do provide more options for network topologies and offer much greater transmission speeds—up to 10 Gbps compared to coax’s 10 Mbps. Twisted pair consists of eight separate wires twisted into four distinct color-coded pairs. The pairs consist of four solid color wires—orange, green, blue, and brown—together with a white-striped version in each pair (for example, orange and white orange, green and white green, and so on). The twist ratio, twists per inch, is different on each pair and is used to reduce crosstalk and interference on the wire. Additionally, twisted pair comes in two distinct varieties: shielded and unshielded. The shielded version provides a metal shield to help protect against EMI. The Electronic Industries Alliance, the Telecommunications Industry Association (EIA/TIA), and the American National Standards Institute (ANSI) created several categories for twisted pair cabling in 1991, setting specific measurable standards for attenuation, twist ratio, and grade. The higher the category listed, the better the cable and the more options you have available to you as a network technician. For instance, Category 3 cabling is perfectly acceptable for 10 Mbps Ethernet. However, Category 5 can handle the same 10 Mbps rate, but can also run up into gigabit speeds. In most cases, network designers will call for the highest grade of cabling available in order to provide for Be sure to know the future growth and expansion of services. Twisted transmission rates and implementation pair categories are listed in Table 3-1. uses for each of the categories.

74

Chapter 3:

TABLE 3-1

Twisted Pair Categories

Network Media and Devices

Cable Category

Bandwidth Capability

Application

1

1 Mbps

Voice (telephone)

2

4 Mbps

Token ring

3

10 Mbps

Ethernet

4

16 Mbps

Token ring

5

100 / 1000 Mbps

Fast/gigabit Ethernet

5e

1000 Mbps

Gigabit Ethernet

6

1000–10,000 Mbps

Gigabit and 10-gigabit Ethernet

6e

10,000 Mbps

10-gigabit Ethernet

7

10,000 Mbps

10-gigabit Ethernet

Just as with coax cabling, one of the most important pieces of the overall cable plan is the connector allowing a device to access the wire. While thinnet cabling used BNC connectors, T connectors, and Terminators, twisted pair makes use of either an RJ11 or an RJ45 connector. RJ11 connectors—smaller, thinner, and using only six pins (three pair)—are used on telephone twisted pair, while RJ45—larger, thicker, and using eight pins (four pair)—is the choice for data networking. Attaching an RJ45 connector to a twisted pair cable end is a bedrock function for data networkers today and requires knowledge of the physical connector itself and the color-coded cable pairs. The connector has eight copper pins that, before crimped, jut out from the bottom of the connector. These pins have small “teeth” on the inside of the connector that will pierce each cable as the connector is crimped, providing the electrical conduit for the signal. These pins are designed to touch matching pins in an open port. Therefore, it is vitally important that all cables are cut square, arranged properly, and pushed all the way inside the connector before crimping. Poor connectors are the number one source for almost all physical network connectivity problems. On a twisted pair cable, be sure to check that the Kevlar sheath has been pushed into the connector before crimping. If not, the only things holding the connector to the wire are the small copper taps at the end of the connector, and as a result, sooner or later, you’ll have problems with that cable. Before learning the appropriate color combination for an RJ45 connector, you must first understand the pinouts on the devices you are connecting. A pinout is the

Network Media

75

allocation of a specific function to an individual pin. For example, one pin can be set to transmit, while another is set to receive. The pinouts on a device are defined by the network standard in use. Ethernet standards, covered more in depth in Chapter 4, prescribe the pinouts listed in Table 3-2. The pinouts on a device port dictate which type of cable should be used in any given scenario. Notice from Table 3-2, the transmit pins on an NIC, pins 1 and 2, are different than the transmit pins on a switch or hub port. Switches and hubs have a pinout that is the reverse of the NIC—pins 1 and 2 are set to receive, while 3 and 6 are set to transmit. Considering this, it should be easy to see that a cable connecting the pins directly to each other, allowing the signal to run straight through, works perfectly between devices of different pinouts. A twisted pair cable that has all pins running to their corresponding twin—pin 1 to pin 1, pin 2 to pin 2, and so on—is known as a straight-through cable. Examining the connectors on both ends of a straight-through cable, you’ll find they are identical. Consider, though, what would happen if you were to plug two devices of the same pinout together. For example, oftentimes network design will call for hubs or switches to be plugged together. If a straight-through cable were used in this instance, pin 1 on one switch port would transmit to pin 1 on the other switch port—which is also set to transmit. Therefore, communication could not occur; pins 1 and 2 on both ends would continually transmit to nothing, and pins 3 and 6 would always be listening, waiting for a signal that would never arrive. In this instance (plugging two devices of the same pinout together), a cable must be created that allows the signal to cross over from pin 1 to pin 3 and pin 2 to pin 6. This is accomplished by swapping the colored

TABLE 3-2

Device Pinouts

Devices NIC, Router, Wireless Access Point, Network Printers

Function and Pinout

Function and Pinout

Transmit

1

1

Receive

Transmit

2

2

Receive

Receive

3

3

Transmit

4

4

5

5

6

6

7

7

8

8

Receive

Transmit

Devices Hub, Switch

76

Chapter 3:

Network Media and Devices

pairs on one end of the cable to a different pin set than the original. A cable that maps pins this way is known as a crossover cable. If you examine the connectors at the ends of a crossover cable you’ll find the orange and green pairs are swapped, allowing the signal to cross from pins 1 and 2 to pins 3 and 6.

Be very aware of which and a computer have the same pinout, cable to use in a given scenario. Pay therefore, a crossover cable is the correct particular attention to the pinouts before choice. answering a question. For example, a router

The last cable type is more Cisco-specific and is not used to connect networking devices together. A rollover cable is used in conjunction with a PC serial port and a DB9-to-RJ45 transceiver to physically access a router or switch console port for administrative purposes. Rollover cables map the pins to their opposite on the end of the wire—pin 1 to pin 8, pin 2 to pin 7, and so on—rolling the signal over to the opposite end. More on rollover cables and console administration will be covered later. While true that a cable with a connector on both ends pinned out the same will suffice for straight-through uses, it’s obviously a better choice to make sure all cables within your network are created with the same color scheme. Imagine trying to troubleshoot connectivity problems in a network where every cable had a different pinout! Additionally, the cables are granted a category rating based in part on the twist ratio for each pair. In other words, the individual color codes are created with a specific purpose in mind, and are twisted accordingly. With eight pairs and multiple colors to choose from, it seems logical a standard should be set. Many new Cisco devices have a built-in method to assist with cabling—the port senses the pinout from the far end device and auto-configures the port’s pinouts to match, no matter whether the cable is straight-through or crossover. However, just because this feature is available, you shouldn’t throw caution to the wind and simply use any cable lying around. Sticking with convention assists in troubleshooting and reduces downtime later. The Electronic Industries Alliance and the Telecommunications Industry Association (EIA/TIA) created standards for color coding and connectors for

Network Media

77

twisted pair wiring. The EIA/TIA 568A and 568B standards are used for creating twisted pair cabling for Ethernet networks. 568B pinouts on both ends of the cable create a straight-through, while a crossover can be created by using 568B on one end and 568A on the other. The color codes for 568B, from left to right, with the tab down and the open end of the RJ45 connector toward you, are white-orange, orange, white-green, blue, white-blue, green, and white-brown, brown. The 568B standard is most commonly used for Ethernet networks. A simple way to remember the color layout is the pneumonic “Only Good Boys Get Brownies.” The first letter corresponds to the color, and you always alternate white, solid, white, solid, and so on. The 568A pinouts simply reverse the orange and green pair: white-green, green, whiteorange, blue, white-blue, orange, white-brown, brown. Either standard will work just fine for Make sure to familiarize Ethernet straight-through cabling, but typically yourself with the color codes for straightif you see a connector wired to 568A, it will be through (568B) and crossover (568A) a crossover cable, with a 568B pinout on the cables. far end. See Figure 3-1 for a picture of the cable layout by color for each standard.

Fiber Cabling While copper cabling is much more common in data networks, fiber cabling offers many advantages and is finding its way more and more into modern networks. Fiber cabling encodes bits into light signals, which are totally immune from both

FIGURE 3-1

The EIA/TIA pinouts

Pin Pin Pin Pin Pin Pin Pin Pin 1 2 3 4 5 6 7 8

Pin Pin Pin Pin Pin Pin Pin Pin 1 2 3 4 5 6 7 8

EIA/TIA 568B Standard

EIA/TIA 568A Standard

78

Chapter 3:

Network Media and Devices

EMI and eavesdropping. Fiber also offers longer segment lengths, much higher bandwidth speeds, and better security than copper cabling. On the other hand, fiber has historically been the most expensive option—not only the cabling itself but the devices and NICs used to access the fiber media drive up the installation cost. Until recently, it has also been considered relatively difficult to work with, as connectors are difficult to attach and the cable itself is relatively fragile. Fiber cables contain a glass or clear plastic core that is surrounded by a material known as cladding. Cladding works like mirrors to reflect the light signal back toward the core. As an analogy, consider a flashlight pointed at a wall. If you turn the flashlight on and begin walking backward, the circle of light on the wall gets larger, but dimmer. Light signals inside the wire tend to do the same thing, making the signal weaken the further down the wire it travels. Cladding controls this modal dispersion and ensures the signal stays clear and focused directly down the core of the wire. Most fiber cabling in LAN and WAN implementations falls into two major categories: single mode fiber (SMF) and multi mode fiber (MMF). SMF is generally yellow in color, uses a laser as a light signal source, and has a smaller core (9 microns or less in diameter). MMF is orange in color, uses an LED as a light source, and has a larger core (50 to 100 microns in diameter). SMF accommodates high bandwidths and very long segment lengths and is the primary fiber choice for network backbone lengths. MMF carries multiple light signals concurrently, but at a shorter distance than SMF. Just as with coax and twisted pair cabling, fiber cables have specific connectors for each cable type. The most common connectors used in fiber cabling are ST, SC, and MTRJ. ST connectors, often referred to as stick and twist connectors, look very much like the BNC connectors used on coax cabling. SC connectors, known as stick and click, are square and have a tab used for connectivity, much like the tab on the RJ45. Lastly, MTRJ connectors are small form factor (meaning they are smaller in physical size than typical connectors), and are normally used for connections to fiber modules in switches or routers. Fiber cable is used as a backbone inside most LANs. Many times, the cable (yellow or orange) will travel into a small transceiver, which allows a UTP or STP cable to then run into your router or switch. Fiber can be used straight to the desktop, but this is not very common.

Network Devices

79

CERTIFICATION OBJECTIVE 3.02

Network Devices Network media supplies the pathway on which data can travel, and protocols furnish the rules that data must comply with while “on the road.” However, it’s logical to then wonder what controls the traffic as it moves through our network highway. While Chapter 1 touched on the devices needed for a network to function, this section goes into a little greater detail on how these devices interact with one another to control traffic. In general, two terms are used in discussion with devices: flooding and filtering. Flooding a packet means the device sends it out of every port, regardless of address. Filtering implies the device reads an address and makes a decision about which port to send it out on, or whether to drop it. More information on Cisco devices is, of course, covered in much greater detail throughout the rest of this book. This section is merely an introduction to network device function.

Exam questions won’t usually be merely rote memorization. Rather, the exam will concentrate on the usage of each device in a given scenario.

Pay particular attention to the layer at which each device works, and how each device’s function affects network performance.

NICs Network interface cards (NICs) provide the interface your system needs to access to physical media. Usually, NICs are built into the motherboard on the computer itself, or are added as some form of expansion bus card. These cards can range from (older) ISA boards and (newer) PCI boards to PCMCIA cards inserted into a laptop port. The card installed on the system must match the media used. For example, you can’t have a 10BASE2 coax card on a network using UTP—the ports and connectors simply don’t match. NICs listen to the wire based on the media access method the network uses. When a frame is detected, the NIC reads the physical address (MAC address) and makes a determination on whether to pass it to the operating system (OS) through

80

Chapter 3:

Network Media and Devices

the protocol stack bound to the board, or to ignore the frame. If the address in the frame is unicast and matches the NIC’s MAC address, it will accept and process the frame. If the address is broadcast, it will open and process the frame to determine if action needs to be taken. If the address is multicast, the frame will be accepted and the layer-3 address will be used to determine if it is processed or discarded. Because NICs make processing decisions based on the layer-2 addresses, NICs are considered to be layer-2 devices.

Transceivers, Repeaters, and Hubs In many instances, various network media will find its way into a network design. For instance, a designer may use fiber cabling as a backbone, daisy-chaining several switches together on the segment, while using UTP for client connectivity to the switches. Something has to provide a means to translate the light signals on the fiber backbone to electrical signals for the UTP and vice versa. A transceiver is used for just such a purpose. Transceivers do not read addresses, nor affect the data at all. They simply convert the signal from one media type to another. Because they are “dumb” to addresses and work purely on bits, transceivers are known as Physical (layer 1) devices. Transceivers are most often seen when connecting a fiber ST or SC backbone to a UTP or STP network, or at legacy router ports. Older Ethernet router ports were built using an AUI connector, and a transceiver allowed a UTP cable to be used with the AUI port. On most modern networks, switches and routers can have a fiber module built in.The module is nothing more than a transceiver crafted to fit in the available slot on the router or switch. Occasionally in your network design, you will come across the need for a longer segment length than is allowed for a given media. For example, a single user may be 120 meters from the communications closet, and your UTP network is only capable of 100-meter segment lengths. To solve this problem, a repeater can be used. Repeaters have two ports and, like transceivers, do not read addresses of any kind, nor do they update the data. Repeaters simply repeat and regenerate a signal in order to overcome the attenuation restrictions of a media type. Because repeaters do not read addresses, nor make any changes to the data, they are also considered layer-1 devices.

Network Devices

81

A hub, another layer-1 device, is simply a multiport repeater. Hubs act as a wiring concentration point, allowing systems to plug into a central location, and do not look at addresses of any kind. Hubs do not make any decisions on filtering or forwarding data traffic—whatever enters the hub on one port is flooded out of every other port. To further examine this claim, consider Figure 3-2. Though this is an oversimplified depiction of a hub, the image does show why signals on a hub are sent to all devices. If you take off the top of the hub and examine the wiring within, you’ll notice that all ports basically run to a bus in the back of the box. This means all copper cables are touching; therefore, any electrical charge applied to a single port charges all other ports. The hub is nothing more than a box that ties all the wiring together. Hubs and repeaters provide both good news and bad news regarding your network. On the good side, repeaters allow designers to extend segment lengths in special situations, to provide services to individuals or offices that happen to fall outside the network’s serviceable footprint. On the bad side, repeaters allow for more systems to share the media. As more and more systems attach to the media, more and more bandwidth is shared, and the opportunity for collisions to occur increases (collisions and collision domains are covered in greater detail in Chapter 4). Because of their impact on network performance, and the fact they increase the size of collision domains, hubs and repeaters are not recommended in network design unless absolutely necessary.

Bridges and Switches Hubs and repeaters can result in very slow networks. Assume, for example, you have four hubs daisy-chained together, as shown in Figure 3-3, and each hub has ten users on it. After chaining all the hubs together, you have 40 users sharing the same wire segment. The result is that a message from any of the users is repeated to every other

FIGURE 3-2

A hub

82

Chapter 3:

Network Media and Devices

A collision domain with hubs

Message to PC3

FIGURE 3-3

PC2

PC3

PC4

PC5

PC6

PC7

PC8

PC1

member on the wire (in Figure 3-3, a message from PC1 to PC3 is flooded to all 40 users). Additionally, the chances of a collision (two devices transmitting at the same time) is relatively high. In this case, 40 systems are all part of the same collision domain—a shared segment of media where a message from one system could collide with messages from other systems. Collisions greatly slow not only the individual systems that are part of the collision, but the network as a whole. An answer to this problem is to segment the collision domain, and in this case, a bridge would work nicely. A bridge is a two-port layer-2 device that is used to effectively split a single collision domain in two. Continuing our example, the bridge would be placed between the hubs, with two chained hubs plugged into one side of the bridge, and the remaining pair plugged into the other port, as shown in Figure 3-4. When the bridge is powered on, it initially acts just like a hub, flooding all messages as they are received. However, it pays attention to the source MAC address in each frame and keeps a table in memory, recording the location of each MAC. After a short amount of time, the bridge learns the MAC addresses on each side of the network and can then begin filtering traffic. As a message is sent from one station, it floods through the hubs and reaches the bridge port. The bridge reads the MAC address and compares it to its table. If the MAC is on the other side of the network, the bridge will allow the message to cross and flood into that segment. If, however, the MAC is on the same side of the bridge as the sending PC, the bridge will not allow the message to cross, effectively splitting the collision domain in half. In our example shown in Figure 3-4, the message from PC1 to PC3 is not forwarded to the other side of the network segment. The bridge learned which side PC3 was on and, after reading the destination MAC address, knew to keep the message on the originating side.

Network Devices

Collision domain

FIGURE 3-4

83

Collision domain

Message to PC3

Segmenting with a bridge

PC2

PC3

PC4

PC5

PC6

PC7 PC8

PC1

Additionally, our bridge has split the collision domain in half. Because it blocks messages intended for one side from crossing over to the other side, the number of stations that can collide with each other reduces. In our example, the bridge has taken the original single-collision domain of 40 systems and segmented it into two domains of 20 systems each. Messages from PC1 can collide with PC2, PC3, and PC4, but not with systems from the other collision domain! This provides an obvious performance boost to your network and, effectively, cuts the number of collisions in half. This topic is touched on again in Chapter 4. In addition to improving network performance, bridges can also be used to connect two dissimilar layer-2 segments together under one logical address scheme. For example, consider Figure 3-5. In this instance, the bridge is placed between a segment using token passing and a segment using standard Ethernet. The frame type used by the token ring network will not make sense to systems on the Ethernet side, and vice versa. To solve this problem, a translational bridge will read the frame and compare the destination MAC address to its table. If the bridge determines that the destination MAC is on the other side of the segment, the original frame is stripped off and a new frame, matching that type, is built for delivery into the other segment.

84

Chapter 3:

FIGURE 3-5

Translational bridging

Network Media and Devices

Host A

Host B

Application

Application

Presentation

Presentation

Session

Session

Transport

Transport Bridge

Network

Network

IP PKT

LLC

Link

Data Link MAC

Ethernet

Data Link

Token ring

Physical

Physical Ethernet

Ethernet frame

Token ring

Physical

Token ring frame

Switches do an even better job of segmenting collision domains. A switch looks much like a hub, and it starts out just like a hub—forwarding all traffic to all ports. However, as you’ll see, this does not last long. As with the diagram for a hub, Figure 3-6 displays an oversimplified version of a switch, with the top taken off. Notice that each wire connection from a port ends with a physical switch that does not physically touch

FIGURE 3-6

A switch

Network Devices

85

the bus. Chips inside the switch monitor both the port wires and the bus itself. As a message hits a port, that wire energizes and the switch at the end closes, touching the bus. The chips inside the device read the source and destination MAC addresses and make a determination as to which port to send the message. The bus then closes the appropriate switch for that one port, and the message is delivered. After delivery, the switches are opened, awaiting the next message. A final advantage switches hold over hubs deals with simultaneous delivery of frames. If a hub receives two frames at the same time, a collision occurs and neither gets delivered; remember, all ports on a hub share the same media, so only one device can transmit at a time. On a switch, ports do not share the media; they see the line as available 100 percent of the time. Because of this design, a switch is capable of simultaneous frame transmission from multiple hosts — a significant advantage over hubs.

Be sure to familiarize yourself with bridge and switch operation in regards to splitting collision domains and speeding up network performance. Remember, both devices initially flood all traffic until the source addresses are learned and entered into an internal table. Exam questions will not only test

basic knowledge on this, but will provide scenarios in which you’ll have to determine which system can collide with the source, as well as trace the forwarding of a frame, based on its MAC address. Also, don’t forget: switches and bridges both flood broadcast and multicast traffic, no matter where it comes from.

This method of operation offers a couple of advantages. First, because only one wire is allowed to touch the bus at any given time, collisions are effectively eliminated. Second, since the bus ensures the switches close only between sender and receiver, each device receives 100 percent of the available bandwidth speed. Because switches read MAC addresses and make filtering decisions on frames, they are considered layer-2 devices.

Routers Bridges and switches do a great job of splitting collision domains and improving LAN traffic speeds. However, switches and bridges do nothing to limit broadcasts (bridges and switches flood all broadcast and multicast traffic), and cannot get traffic out of your network. For these functions, and more, you’ll need a router.

86

Chapter 3:

Network Media and Devices

Switches can be used to control broadcasts if you configure VLANs. However, VLANs can get very confusing, especially in a large network, and must be used with extreme caution and care. VLANs are covered later in this book. A broadcast domain is the area of your enterprise network a broadcast can be propagated through. Since hubs, bridges, and switches flood broadcast traffic, they serve to expand a broadcast domain—any host connected to these devices receives every broadcast sent by any other host on the device. Administrators should attempt to control broadcast propagation within the network for two main reasons: broadcasts can rapidly consume available bandwidth, and each host must spend its own processing cycles on broadcast messages. The only piece of equipment that splits broadcast domains is a layer-3 device, such as a router or firewall. Getting traffic out of the network is another job for the layer-3 appliance. While a bridge can be used to connect two layer-2 segments, they both must be in the same IP address subnet. For clarification, consider the post office analogy used earlier in this book: A layer-2 device acts like a single postal clerk inside a neighborhood. The clerk can deliver mail inside the neighborhood, where all houses have the same ZIP code, but is not responsible for delivering mail to houses in a different ZIP code. In fact, if the clerk receives a letter destined for another ZIP code, he takes it back to the post office (router) for delivery. A bridge can only connect layer-2 segments where all systems share the same network address. (More on network IP addresses and subnetting will be covered later in this book.) A router is used to connect networks. Acting much like a post office, the router strips off the frame and looks at the Logical (layer 3) address. It then compares the address to a route table and makes a determination on what to do with the packet. If a route exists in the route table, the router will build the appropriate frame for that network’s technology (Ethernet, Point-to-Point, Frame Relay, and so on) and send it out the appropriate port. If there is no entry in the route table, the router will drop the packet. Route tables are built in one of two ways: static or dynamic. Static routing means the administrator simply types in the routes for the route table. Dynamic routing allows the routers within your network to share information with each other about the networks they know of, and information regarding each link. This information is incorporated into the route table and keeps it constantly updated. Much more on routing, route tables, routing protocols, and the like is covered later in this book.

Network Devices

87

Security Devices While hubs, bridges, switches, and routers are used to move data around in the network (and you can apply security actions to each), modern networks also make use of devices specifically intended for security purposes. Probably the best known and most often referenced device involving network security is a firewall. Firewalls work by examining traffic at the Network and Transport layers and comparing the frame/packet with a filter list. If the administrator has specifically defined the traffic as allowable, the frame/packet is allowed through. If the traffic presents a security risk, the administrator can add an explicit deny statement, or simply choose to not address the traffic at all in the filter list. Firewalls work with an implicit deny feature, meaning if the traffic is not explicitly allowed by a filter rule, it is automatically dropped. For example, assume a firewall has been placed between an internal network and the Internet. The administrator decides to allow users from inside to surf web traffic, but does not want to allow users from outside (the Internet) to access web resources inside the network. The administrator could add two rules to the filter list: the first rule allows traffic with a source IP address matching the internal network and a destination port of 80 traveling to any IP address to pass through the firewall, and the second prevents traffic with a source IP address from any subnet other than the internal network destined to the internal network IP range with a destination port of 80.

You should be very familiar with firewall operations—not necessarily the configuration of the device—but the basics on how it operates. Pay particular

attention to the implicit deny feature, the idea of an inside and outside port (network), and how the firewall uses IP addresses and port numbers to filter traffic.

Obviously, careful planning is required before installing a firewall—simply taking it out of the box and installing it blocks all traffic to (and sometimes from) the network! Firewalls are typically placed between a public network and the Internet to protect internal users from attack. Additionally, firewall ports are treated just like router ports—each is a separate network. Most designers use firewalls to create demilitarized zone (DMZ) networks to help secure their internal networks. Devices that are to be publicly accessible—such as your company web, DNS, and e-mail servers—are placed in the DMZ, and firewall rules are used to allow access to them, but not your internal network.

88

Chapter 3:

Network Media and Devices

A firewall is only as good as the configuration placed on it and does not, by itself, represent a total security solution. Use care in the placement of a firewall, as well as in determining which configuration settings to set. A second, very commonly discussed network security device is an intrusion detection system (IDS). Intrusion detection systems perform exactly as the name implies. These devices are placed in a location to monitor all network traffic (usually, just inside—or immediately on the outside—of your network border) and compare the traffic against a set of criteria. If the packet stream matches the criteria (predefined indicators of an intrusion attempt), the IDS takes action. Depending on the type of system used, this could be as simple as an audible alarm and a notification to a log file (for administrator review), or a more active response, such as shutting down the communication stream or redirecting the traffic to another location for analysis during the attack. If the device takes action to prevent the attack, in addition to simply detecting and notifying administrators of it, the system is referred to as an intrusion prevention system (IPS). If the device simply detects attack signatures and provides notification on possible incidents, it is an IDS. More information on firewalls, IDS and IPS, network security, risks, and mitigations is covered in Chapter 12.

Putting It All Together Knowing how all the devices work together helps in the overall design of a network. Two of the most important tasks of a network installer are reviewing network diagrams for technical accuracy and performing troubleshooting. A thorough understanding of how data travels through the network via the stages of the OSI Reference Model and within the protocols of TCP/IP helps in this process. A typical network diagram appears in Figure 3-7. Most network diagrams follow the same symbology: ■ Routers are circles. ■ Switches are rectangles with multiple arrows pointing in each direction. ■ Hubs are rectangles with a single arrow pointing in each direction. ■ Bridges are rectangles with a half-moon shape cut out of the top.

Network Devices

89

FIGURE 3-7

A typical network diagram

Internet

Firewall Bridge Hub Workstation Router Switch

DMZ

Other oft-used symbols include those for firewalls (comprised of a wide variety of symbols, usually including bricks), the cloud (indicating the Internet, or another packet switched network that traffic must travel through), lines representing specific connections (such as wireless, serial, Ethernet, and so on), and other networking equipment (PCs, laptops, servers, firewalls, and others).

Make sure you are very familiar with network diagrams.The exam uses the same symbology discussed in this section, but may not label each device on the diagram. In other words, knowing what a switch and bridge do will help you in answering the question, but if you are

not familiar with the symbol for each, you may misdiagnose the network diagram provided. Be sure to check the icons used in the diagrams on the exam before the exam starts.The icons should be listed on one of the preparatory pages.

90

Chapter 3:

Network Media and Devices

INSIDE THE EXAM Network Media Exam questions on media may seem like a straightforward exercise, but be forewarned; they are trickier than you think. It is essential you understand port pinouts, both 568A and 568B cabling standards, and the different cable types (straight-through, crossover, and rollover). Most exam questions will involve a network diagram and a scenario, requiring the knowledge to identify which cable type to use and/or which pin number is being used from one device to the next. Make sure you know the differences between copper and fiber—chiefly the EMI implications. Lastly, be able to identify and match connectors, cables, and ratings.

Network Devices Much of the CCENT exam will center on diagnosing problems using a scenario and a

network diagram. Be sure you understand each device function and placement, paying special attention to how each device handles frames, packets, collisions, and broadcasts. Also, knowing what layer each device works at will help with many questions. Keep in mind that the layer a device is said to work at is the topmost layer that device works in. For instance, all devices work at the Physical layer and, of course, routers must read layer-2 addresses before processing the packet. Be sure you understand the process of a message received at an interface: bits are interpreted as frames and, once the address is determined to match, the frame is stripped off and the packet is handed up the stack. Lastly, make sure you’re very familiar with the icons used on the exam to represent each device—including the type of line connection to and from the device.

CERTIFICATION SUMMARY Important media terminology includes attenuation (the degradation of a signal over distance traveled on media), noise (any form of interference affecting the signal), and EMI (interference caused by magnetic interference). Cable falls into two categories: copper and fiber. Copper is generally cheaper and much more prevalent; however, it is susceptible to EMI. Fiber is immune to EMI but is more expensive. Copper cable includes coax and twisted pair.

Certification Summary

91

Twisted pair cables come in a variety of grades, with each Category rating providing a media for a specific purpose. Cat 5e is the minimum recommended for Fast Ethernet. The 568B standard is the most common wiring pinout for RJ45 connectors—white-orange, orange, white-green, blue, white-blue, green, white-brown, brown. 568A swaps the green and orange pairs. The pinout on NICs, routers, WAPs, and printers transmits on pins 1 and 2, and receives on pins 3 and 6. Hub and switch ports have a pinout with pins 1 and 2 set to receive, and 3 and 6 set to transmit. Straight-through cables are used for connecting devices with different pinouts, while crossover cables are used to connect devices with matching pinouts. Rollover cables are used between the serial connection on a PC and the console port on a Cisco router or switch. Fiber cable types include SMF, for high bandwidth and long distances, and MMF, for shorter distances and multiple concurrent signals. Fiber connectors include ST (stick and twist), SC (stick and click), and MTRJ, used mainly for connections to fiber modules in switches and routers. Network devices include NICs, transceivers, hubs, bridges, switches, routers, firewalls, and IDSs. NICs are considered layer-2 devices and allow hosts to access network media. Transceivers are layer-1 devices that translate one Physical layer connection to another. Hubs are layer-1 wiring concentrators, while bridges work at layer-2, and can effectively cut a collision domain in half, increasing performance. Additionally, bridges can be used to tie two different layer-2 segments together, known as translational bridging. Switches split the collision domain by every port, and also work at layer 2. Routers connect networks together and split broadcast domains, while security devices include firewalls and IDS. Firewalls filter traffic between two networks, examining the source layer-3 address and the destination port number to make a decision on permitting or denying the packet. All firewalls work with an implicit deny feature—unless the traffic is explicitly allowed, it is blocked. IDSs monitor network traffic and notify administrators when an attack is occurring. IPSs take action to prevent the attack from continuing.

92

Chapter 3:

✓

Network Media and Devices

TWO-MINUTE DRILL Network Media ❑ Concerns in selecting media for the network include attenuation, noise

immunity, features, and cost. ❑ Coax cabling is of two major types: thicknet and thinnet. Thicknet segment

lengths can reach up to 500 meters, while thinnet segments can reach 185 meters. Coax connectors include BNC and T connectors. ❑ The two major kinds of twisted pair cabling are unshielded twisted pair

(UTP) and shielded twisted pair (STP). Twisted pair cabling consists of four color-coded pairs, with each pair twisted at a specific rate (twist ratio), where segment lengths can reach up to 100 meters. ❑ UTP (and STP) is rated in several categories. Category 3 cabling is the mini-

mum required for Ethernet networking (10 Mbps). Category 5 cabling is the minimum for Fast and Gigabit Ethernet. ❑ The pinout on NIC, router, wireless access point, and printer ports has pins 1

and 2 set to transmit, and pins 3 and 6 set to receive. Hub and switch ports have pins 1 and 2 set to receive, and pins 3 and 4 set to transmit. ❑ Straight-through cables have all pins on one end of the cable mapped directly

to the same pins on the far end, and are used between devices with different pinouts. Crossover cables map pins 1 and 2 on one end to pins 3 and 6 on the far end. They are used between devices with the same pinout. Rollover cables map pins on one end to their opposites on the far end, and are used to connect a PC serial port to a router or serial console port. ❑ The EIA/TIA 568B standard from left to right, with the tab down, has colors

in this order: white-orange, orange, white-green, blue, white-blue, green, and white-brown, brown. 568B is the standard used on most straight-through cables. ❑ The EIA/TIA 568A standard from left to right, with the tab down, has the

colors in this order: white-green, green, white-orange, blue, white-blue, orange, and white-brown, brown. 568A is most often used on the other end of a 568B cable to create a crossover cable.

Two-Minute Drill

93

❑ Single mode fiber (SMF) has a small core, uses a laser as a transmission light

source, and can transmit high bandwidth over very long segment lengths. Multi mode fiber (MMF) has a larger core. ❑ Fiber connectors include ST, SC, and MTRJ connectors.

Network Devices ❑ Layer-1 devices include transceivers, repeaters, and hubs. Layer-1 devices

extend collision domains, slowing network performance and increasing collisions. ❑ Transceivers are used to connect one physical media type to another. Com-

mon examples include AUI to RJ45 and fiber to RJ45. Repeaters are used to amplify the signal, extending the length of a network segment. Hubs are multiport repeater wiring concentrators used in star and broadcast topologies. ❑ Layer-2 devices make filtering decisions based on the physical MAC addresses

in the frame, and are used to segment collision domains (reducing collisions and increasing performance). Bridges and switches are layer-2 devices. ❑ Layer-2 devices filter unicast messages, but flood broadcast/multicast messages. ❑ Layer-3 devices—routers—are used to move traffic between networks and

split broadcast domains. ❑ Routers strip off the frame and make filtering decisions based on the layer-3

address in the packet. If a route is found in the route table, the packet is then reframed and sent out the correct port. If there is no entry in the route table, the packet is dropped. ❑ Route tables are built statically or dynamically. Static tables are created and

updated manually, while routing protocols are used to dynamically update tables. ❑ Security devices include firewalls and IDS/IPS. Firewalls permit or block traffic

between networks based on layer-3 addresses and layer-4 port numbers. IDSs monitor network traffic and notify administrators when an attack is in progress. If the system takes action to prevent the attack, it is known as an IPS.

94

Chapter 3:

Network Media and Devices

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Network Media 1. A network designer is asked to recommend a media type. The customer desires a Fast Ethernet network, but wishes to keep costs at a minimum. Which of the following media types should be recommended? A. Cat 3 UTP B. Cat 5 UTP C. SMF D. MMF 2. Concerning coax cabling, which of the following statements is true? A. Thinnet is capable of bandwidth speeds of up to 100 Mbps, and has a maximum segment length of 500 meters. B. Thicknet is capable of bandwidth speeds of up to 100 Mbps, and has a maximum segment length of 500 meters. C. Thinnet is capable of bandwidth speeds of up to 10 Mbps, and has a maximum segment length of 185 meters. D. Thicknet is capable of bandwidth speeds of up to 10 Mbps, and has a maximum segment length of 185 meters. 3. A customer maintains a twisted pair network. The customer wishes to attain Fast Ethernet speeds, and wishes to take steps to prevent EMI as much as possible. Which cable type would you recommend? A. Cat 5 UTP B. Cat 5e UTP C. Cat 5 STP D. SMF 4. Which of the following is a true statement concerning the UTP cable connection between a PC and a switch? A. Pin 1 on the PC end is set to receive and is connected to pin 1 on the switch end. B. Pin 3 on the PC end is set to receive and is connected to pin 3 on the switch end.

Self Test

95

C. Pin 1 on the PC end is set to transmit and is connected to pin 3 on the switch end. D. Pin 3 on the PC end is set to transmit and is connected to pin 1 on the switch end. E. None of the above. 5. Which of the following is a true statement concerning the UTP cable connection between two hubs? A. Pin 1 on one end is set to receive and is connected to pin 3 on the other end. B. Pin 1 on one end is set to receive and is connected to pin 1 on the other end. C. Pin 3 on one end is set to transmit and is connected to pin 3 on the other end. D. None of the above. 6. Which cable type would be used to connect a PC to a router? A. Straight-through B. Crossover C. Rollover D. None of the above 7. Which cable type would be used to connect a router to a switch? A. Straight-through B. Crossover C. Rollover D. None of the above 8. A straight-through cable is created using the 568B standard. Which of the following correctly describes the color-coded cable layout within the connector (from left to right, with the tab down)? A. White-green, green, white-orange, blue, white-blue, orange, white-brown, brown B. White-green, green, white-blue, blue, white-orange, orange, white-brown, brown C. White-orange, orange, white-green, blue, white-blue, green, white-brown, brown D. White-orange, orange, white-blue, blue, white-green, green, white-brown, brown

Network Devices 9. A network technician is asked to diagnose network performance issues. An examination of the network shows new hubs were daisy-chained into the existing segment to allow for new users recently. Which of the following is true? A. The addition of hubs extends the collision domain, increasing the probability and frequency of collisions and slowing performance. B. The addition of hubs segments collision domains, decreasing the probability and frequency of collisions and slowing performance.

96

Chapter 3:

Network Media and Devices

C. The network performance issues will take care of themselves, as some time will be needed for the daisy-chained hubs to learn the MAC addresses of connected devices. D. Daisy-chaining new hubs into the segment has no effect on performance. 10. A network administrator adds a bridge to an existing network segment to increase performance. When the first unicast frame is received by the bridge, what action does it take? A. The frame is filtered based on the address table. B. The frame is kept on the source segment. C. The frame is flooded to the segment on the opposite side of the bridge. D. The frame is discarded, but the addresses are added to the MAC table. 11. A frame is received on switch port 3, and is addressed to the system on switch port 4. Assuming the switch has already built its CAM table, which of the following are true? (Choose two.) A. The switch floods the message to all ports. B. The switch opens the connection to port 4 only and delivers the frame. C. The connection between ports 3 and 4 is allowed to use 100 percent of the available bandwidth. D. The connection between ports 3 and 4 shares the available bandwidth with all connected devices. 12. A broadcast frame is received on switch port 3. Assuming the switch has already built its CAM table, which of the following is true? A. The switch floods the message to all ports. B. The switch discards the frame since switches do not forward broadcast messages. C. Broadcast frames are not sent by PCs. D. None of the above are true. 13. A broadcast frame is received by a router port. Which of the following is true? A. The router floods the broadcast frame to all ports. B. The router discards the frame. C. Broadcast messages are not delivered to routers. D. None of the above are true. 14. Which network device monitors network traffic for network attack signatures and notifies administrators when an attack is in progress? A. An IPS B. An IDS C. A firewall D. None of the above

Self Test

97

15. Which network device monitors network traffic for network attack signatures and is capable of stopping the attack in progress? A. An IPS B. An IDS C. A firewall D. None of the above

98

Chapter 3:

Network Media and Devices

SELF TEST ANSWERS ✓ B. Category 5 UTP best fits the scenario. Cat 5 UTP is the minimum cable requirement for 1. ® Fast Ethernet. ® ˚ A. Cat 3 UTP is only rated for 10 Mbps bandwidth speeds. C and D. Both SMF and MMF will comply with the bandwidth requirements; however, fiber is typically more expensive than UTP. ✓ C. Both statements match thinnet characteristics. 2. ® ® ˚ A, B, and D. These answers do not match thinnet and thicknet characteristics. Both can only transmit at 10 Mbps, at 185- and 500-meter segment lengths, respectively. ✓ C. STP has a metal shield around the twisted pairs to mitigate against EMI. 3. ® ® ˚ A and B. UTP has no protection against EMI. D. SMF is a fiber, not a twisted pair, cable. ✓ E. NIC pinouts have pins 1 and 2 set to transmit, and 3 and 6 set to receive. Since both 4. ® devices have different pinouts, a straight-through (pin 1 to 1, 2 to 2, and so on) cable would be used. ® ˚ A and B. Pin 1 on the PC NIC is set to transmit, not receive. C and D. The pinouts listed indicate a crossover cable. ✓ A. Hub port pinouts have pins 1 and 2 set to receive, and 3 and 6 set to transmit. Since 5. ® both devices have different pinouts, a straight-through (pin 1 to 1, 2 to 2, and so on) cable would be used. ® ˚ B. The pinout listed indicates a straight-through cable. C. Pin 3 on hub ports is set to receive. D is incorrect. ✓ B. PCs and routers have the same pinout; therefore, a crossover cable should be used. 6. ® ® ˚ A. A straight-through cable will not work between two devices of the same pinout. C. Rollover cables are used between a PC and a router/switch console port. D is incorrect. ✓ A. Switches and routers have different pinouts; therefore, a straight-through cable should 7. ® be used. ® ˚ B. A crossover cable will not work between two devices of different pinouts. C. Rollover cables are used between a PC and a router/switch console port. D is incorrect. ✓ C. This represents the correct pinout for an RJ45 connector using 568B. 8. ® ® ˚ A, B, and D. These choices do not represent the correct color-code pinout. ✓ A. Hubs are layer-1 devices, which increase the size of the collision domain, and degrade 9. ® performance. ® ˚ B. Layer-1 devices do not segment collision domains. C. Hubs do not learn, nor recognize, MAC addresses. D. Adding hubs decreases network performance.

Self Test Answers

99

✓ C. Bridges must first learn where devices are before filtering frames. Since the table is 10. ® empty at first, the bridge floods all the frames. ® ˚ A. Initially the table is empty, so the frame cannot be filtered. B. The bridge does not keep frames on a single segment until the table is built. D. Bridges do not discard frames. ✓ B and C. Switches provide 100 percent of the bandwidth to all connected hosts. 11. ® ® ˚ A. Switches do not flood unicast messages. D. Switches provide 100 percent of available bandwidth to all connected hosts. ✓ A. Switches flood broadcast frames. 12. ® ® ˚ B. Switches do not discard broadcast frames. C. PCs do send broadcast messages—and quite often! D is incorrect. ✓ B. Routers do not forward broadcast messages. After opening the frame to determine if the 13. ® router itself is to take action on it, the router will discard the packet. ® ˚ A. Routers do not forward broadcast frames. C. Broadcast messages are delivered to every device on the network segment, including the router. D is incorrect. ✓ B. Intrusion detection systems monitor and compare network traffic against attack 14. ® signatures and create notifications when an attack is in progress. ® ˚ A. IPSs not only monitor traffic, but can take action to prevent the attack. C. Firewalls permit or block traffic, based on a defined list of layer-3 source addresses and port numbers from an administrator. D is incorrect. ✓ A. IPSs not only monitor traffic, but can take action to prevent the attack. 15. ® ® ˚ B. IDSs monitor and compare network traffic against attack signatures, and create notifications when an attack is in progress. However, they cannot take action to prevent attacks. C. Firewalls permit or block traffic, based on a defined list of layer-3 source addresses and port numbers from an administrator. D is not correct.

This page intentionally left blank

4 Ethernet Fundamentals

CERTIFICATION OBJECTIVES 4.01

Ethernet History

4.02

Ethernet Characteristics

4.03

Ethernet Standards

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

102

Chapter 4:

Ethernet Fundamentals

W

ith many variations and forms, Ethernet has become the most widely implemented networking technology in modern networks. Ethernet is a term used to describe a specific conglomeration of layer-2 technologies, media access methods, addressing, and functionality. Originally designed for smaller internal LAN implementation, Ethernet’s new standards and capabilities have moved it to the forefront of almost any networking need— including even MAN/WAN connections! In this chapter, we’ll examine how an Ethernet network looks and functions, as well as what it takes to put it all together. We’ll first start with a brief history discussion, followed by Ethernet frame types and addressing. After determining what a frame looks like in Ethernet and how addressing works, we’ll delve into Ethernet’s media access method, CSMA/CD. (Another media access method, CSMA/CA, is also covered here.) Finally, we’ll wrap up the chapter by examining the various Ethernet standards definitions, including both the physical and logical characteristics of each.

CERTIFICATION OBJECTIVE 4.01

Ethernet History In the early 1970s, researchers at the University of Hawaii began studying a unique problem: how to allow two or more systems access to the same media without their individual signals interfering with each other. The problem was fairly clear. Suppose a computer sends an electrical signal on a cable. Since it is a shared media, all systems receive the signal. Conversely, if a signal is placed on the cable by two systems at the same time, the electrical charge will be doubled and unreadable. If you further complicate the problem by choosing a wireless media, a whole host of other problems are also introduced—for example, if a system wishes to send, how does it sense if the media is cleared? To answer this dilemma, ALOHAnet was born. ALOHAnet was actually created on a wireless network concept. The addressing, frame type, and media access considerations of building this, at the time, were monstrous undertakings. However, the computer science department at the University of Hawaii came up with a method for all systems to share the wireless media, without interfering with each other. Although at the time it was not designated as Ethernet, the technology was born and, rapidly, spread to other media types and implementations.

Ethernet Characteristics

103

The first real Ethernet standard was born from a consortium of industry leaders. Digital Equipment Company, Intel, and Xerox (DIX) used the work and findings already accomplished by ALOHAnet to publish the first Ethernet standard. Released as an open standard—allowing others to improve on and add to it—DIX Ethernet transmitted data at 10 Mbps over thicknet cabling, with an overall network range of almost 2 kilometers. DIX Ethernet rapidly outgrew its humble origins and, together with the advent of more and better media, the need for new standardization grew. Starting in 1980, the Institute of Electrical and Electronic Engineers (IEEE) began work on defining new Ethernet standards. Over time, they developed new, better, and faster means for implementing Ethernet’s functionality and, in 1985, released the 802 series. Named the 802 series because the standards begin with an 802, these are the most popular LAN standards worldwide today. The specifics of both initial and newer IEEE 802 standards are covered later in this chapter.

CERTIFICATION OBJECTIVE 4.02

Ethernet Characteristics Every networking technology has unique characteristics that describe its functionality, and Ethernet is no different. Ethernet networks have distinctive frame types, media access methods, and data flow, and as the most common LAN technology in modern networks today, it’s important to understand how Ethernet works. In this section, we’ll cover Ethernet’s defining characteristics.

Frame Types and Addressing During our discussion on the OSI Reference Model and the TCP/IP stack, we learned that layer 2 requires specification on a specific frame type and physical addressing scheme. In other words, systems within a segment expect bits to fall in a specific order, so they can make a determination on addresses, port numbers, and others. Each frame is made up of bits divided into specific areas known as fields. A field contains a certain number of bits and tells the recipient a specific piece of information—such as address, protocol type, and so on. As bits arrive at an NIC interface one at a time, the NIC looks for them to fall into precise fields, depending on the frame type chosen.

104

Chapter 4:

Ethernet Fundamentals

Frame Types All frames, regardless of type, usually have some fields in common. Most frames begin with some sort of “start of frame” notification, followed by addresses and a small type field. Lastly, the frame finishes with the data payload and a Frame Check Sequence (FCS) field. The preamble, or “start of frame” notification, notifies systems connected to the media that a frame is incoming. Source and destination physical addresses, generally the next two fields, let systems know who the frame is from and to whom it is intended. The Type field, not present or used in all frame types, simply notifies the recipient system of which network layer protocol (IP, IPX, AppleTalk, or another) is being delivered. The data payload contains the original data, as well as (oftentimes) some padding bits to fulfill transmission size requirements. Lastly, the FCS field provides a means for the end station to verify the frame contents. A cyclic redundancy check (CRC) is run before the frame is transmitted, and the value is placed in the FCS field. On the recipient end, the CRC is run again and checked against the FCS. If the values don’t match, then it indicates the frame is bad. The world of Ethernet includes several different frame types. Luckily, though, implementation of Ethernet has resulted in only three major frame types—and they are so closely related they are often used interchangeably. The initial Ethernet frame was developed by Xerox, and then later changed and adapted by IEEE during the 1980s up through its final revision in 1997. The frame types, and included fields, can be seen in Figure 4-1.

FIGURE 4-1

Ethernet frame types

DIX (Ethernet II) Preamble Frame notification 8 bytes

Destination Recipient address 6 bytes

Source Sending address 6 bytes

Type Layer-3 protocol 2 bytes

Data/Pad

FCS

46–1500 bytes

CRC 4 bytes

IEEE 802.3 Preamble Synchronize 7 bytes

SFD Begin frame 1 byte

Destination Recipient address 6 bytes

Source Sending address 6 bytes

Length Length of frame 2 bytes

Data/Pad

FCS

46–1500 bytes

CRC 4 bytes

Preamble

SFD

Destination

Source

Data/Pad

FCS

Synchronize 7 bytes

Begin frame 1 byte

Recipient address 6 bytes

Sending address 6 bytes

Length/ Type Length or type 2 bytes

46–1500 bytes

CRC 4 bytes

Revised 802.3

Ethernet Characteristics

105

Ironically enough, the first Ethernet frame type is commonly known as Ethernet II and is still the most common frame type used. Also known as the DIX frame, it differs from the later IEEE standards in two small ways. First, the preamble and start of frame delimiter fields are found in only one field, known simply as the preamble. In later IEEE frame types, the bit pattern was split to designate both a preamble and a start of frame delimiter. Regardless of Ethernet II or IEEE frame, the bit pattern is the same—and always 1 byte. Second, the Type field in the DIX frame displays only that: the type of Network layer protocol held within the frame. In later frame specifications, the Type field could also be used to show the total length of the entire Ethernet frame. If this option was chosen, making the field a Length/Type field, another header would have to be added just before the data payload to identify the Network layer protocol. When sending IP packets, Ethernet frames could use two different headers for this purpose: the IEEE 802.2 Logical Link Control (LLC) header or the IEEE Subnetwork Access Protocol (SNAP) header. So how, exactly, is an NIC to determine whether the Length/Type field is for the length of the frame or the network protocol contained inside? The answer has to do with the numerical value within the field. If the value is 1536 in decimal (equating 0600 in hex) or less, then the field is used for length and the NIC must look for protocol type information in either the 802.2 or SNAP header. If the value is greater than 1536, then the numerical value equates to a specific network protocol type. For example, the numerical value of 2048 (hex value 0800) says, “This frame is transporting an IP packet.” The data payload field also warrants some discussion—it is, after all, the reason the frame is created in the first place. The data payload in an Ethernet frame can be as small as 46 bytes, and as large as 1500. If the upper layer protocol does not place at least 46 bytes in the payload field, the source host will fill the additional space with extra bytes. These extra bytes are known as padding, and do not affect the transmission nor the data itself. Lastly, the term Maximum Transmission Unit (MTU) refers to the largest frame size a particular communications protocol can support. The larger the MTU, the more efficiently bandwidth is used. The MTU size can be manually set (forced) on a segment, but you must use caution when doing so since larger MTU sizes can adversely affect some devices. While some transmission types have a fixed size (ATM cells are always 53 bytes, for instance), Ethernet frames can vary in size depending on what is being delivered. The minimum size—64 bytes—is specified to allow for collision detection, while the maximum size—1518 bytes—keeps devices and media complying with the standard from becoming overwhelmed.

106

Chapter 4:

Ethernet Fundamentals

You should know all three frame types, as well as the fields. Pay special attention to the Length/Type field (0600 or less is the length), and the use of

LLC or SNAP subheaders. You should also know the minimum and maximum size of an Ethernet frame—from 64 to 1518 bytes.

Addressing Addressing in Ethernet has very little to do with which systems receive the frame, but everything to do with which systems actually open and process it. This may seem confusing, but if you consider what we’ve already learned about Physical layer devices, it makes perfect sense. Older Ethernet implementations made use of coax cabling and T connectors, effectively connecting all devices to the same copper cable—an electrical shock (signal) from one device shocks all devices on the cable. Remember hubs do much the same thing, aggregating all wiring to a single point, ensuring all devices connected to the hub receive all messages from every other device. Therefore, on a lot of networks, every computer receives every message, regardless of who it was originally intended (and addressed) for. In short, addressing in Ethernet does not define who receives the message—it defines who is supposed to open the message. Quite obviously, every device on a segment must have a unique physical address. Ethernet networking makes use of the MAC address, burned into every NIC, to determine who is to process the frame. MAC addresses are 48 bits in length and are unique to each NIC. To ensure each NIC has an exclusive address, IEEE assigns an exclusive number, known as the Organizationally Unique Identifier (OUI), for the first half of the MAC address for each vendor. As the vendor produces NICs, the OUI makes up the first half (3 bytes, 12 bits, or 6 hex digits) of the address of the card, with the last half being assigned in any means the vendor chooses. When an Ethernet frame is built, the source and destination address fields are 48 bits in length to accommodate the Mac address of the sender and intended recipient. The address placed in this field determines the type of address the frame is being sent to. Ethernet and IP makes use of three types of addresses: unicast, multicast, and broadcast. Unicast messages are addressed to a single device. In other words, in a unicast frame, the MAC address in the destination field matches only one NIC on the network segment. All devices might receive the frame, but as they examine the destination MAC address in the destination field, only the NIC matching the address

Ethernet Characteristics

107

will process it—all others dump the frame. Examples of a unicast message would be a SYN packet sent from one computer to another on the same network segment. Broadcast addresses are just as easy to understand. In a broadcast frame, the destination address is always FF:FF:FF:FF:FF:FF, and its intent is to ensure all recipients open and process the frame. Broadcast messages are sent quite often in networking for fairly obvious purposes. For example, when a system turns on and requests an IP address using DHCP, it obviously does not know where the DHCP server is located. So, it sends a broadcast message to all devices on the segment, knowing only the DHCP server will respond. Broadcast traffic is a necessary evil on your network segments. However, it should be controlled as much as possible. Not only does broadcast traffic flood your network and take up valuable bandwidth, it also slows each device, requiring processing cycles for each host to examine the packet. Multicast addresses fall somewhere in between unicast and broadcast. The destination field of a multicast frame always begins with 01:00:5E, with the last half of the address being a unique number. Multicast addresses allow a specific subset of hosts of the same type—or those running a unique application—on a segment to communicate with each other. For example, some routers communicate with multicast messages. The message may travel through the network, with all hosts seeing it, but only router NICs will process them. As another example, many online games make use of multicast—with only the systems running the game application processing and sending the multicast addresses. Figure 4-2 displays these addresses in action. When Computer A turns on and asks for an IP address, it crafts the DHCP packet using a broadcast address in the frame. In the bottom portion of the figure, Computer A is carrying on a conversation directly with Computer B using a unicast addressed frame. Additionally, the routers are communicating using a multicast addressed frame. Since a hub is in place, all systems are receiving all frames, but the addresses are directing which recipient will open them.

Media Access The problem of shared media access—how to ensure two devices do not transmit data across the same shared media at the same time—was presented in the first section of this chapter. If two devices attempt to send a message at the same time, a collision is said to have occurred. Consequently, a collision domain is simply a group of devices that can collide with each other. As a general rule, the smaller the collision domain, the faster and better your network performance. Ethernet networks are

108

Chapter 4:

Ethernet Fundamentals

FIGURE 4-2

An Ethernet addressing example

Broadcast: DHCP

A

B

C

B

C

Unicast: to B

A

Media & direction Hub Workstation

Frame checked

known as contention-based networks since each device must contend for the network media, and therefore collisions can occur. Ethernet standards cover two different methods to control shared media access, and to attempt to handle collisions: Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) and Carrier Sense Multiple Access / Collision Detection

Ethernet Characteristics

109

(CSMA/CD). Carrier sense means the host listens to the media for a quiet moment (a time slot where no one else is using the media), while multiple access implies more than one system can access the same media. The collision avoidance and collision detection portions define how the hosts proactively or reactively respond to collisions. CSMA/CA (collision avoidance) is the media access method used in wireless networking and, judging by its name, you can probably guess it is decidedly proactive in its attempts to deal with collisions. In a CSMA/CA network, a system first listens to the media to determine if it is clear to send. If so, the host sends a Ready To Send (RTS) signal to all devices, alerting them that it is about to send a message. The RTS message contains a timer function that lets all systems know how long the host believes it will need to transmit its message. So long as no one else sends an RTS during that time frame, the host can send its message without fear of collision. After the frame is sent, the host waits for an acknowledgment. If the acknowledgment does not return, the host knows to resend. This method has the benefit of avoiding almost all collisions. However, performance on larger networks quickly reaches a plateau, and the overhead required for this implementation makes it a poor choice on most wired networks. IEEE defined CSMA/CD as the media access method on wired Ethernet networks. Collision detection is reactive in nature, assuming collisions will occur and defining a method to deal with them. In a CSMA/CD network, a device with a message to send first listens to the wire, waiting for a time when no other device is sending a message—in other words, when there is no electrical charge on the wire. If the line is clear, the device begins to send its signal; if not, it waits until the line is clear. When two systems send at the same time, they both register an increase of voltage on the line, indicating a collision. Both systems then send a jam signal (a 48-bit signal, with all 1’s turned on—equating to FF:FF:FF:FF:FF:FF) to let all systems on the segment know a collision has occurred. All systems then run a timing algorithm that provides a random wait time before retransmitting. The intent is that the two systems with messages to send will not wind up with the same timer and, thus, will not collide with each other when they attempt to retransmit. There is no guarantee which system will wind up transmitting first; however, CSMA/CD does provide a means to ensure they will not transmit at the same time. Considering how CSMA/CD works, it is of vital importance that the sending host can register a collision before it is finished transmitting a frame. If the collision signal does not return in time for the original host to realize it is part of the collision, it will not resend its frame, causing all sorts of transmission delays and problems. Round-trip time (RTT) and Ethernet’s 5-4-3 rule are important considerations in regards to media access.

110

Chapter 4:

Ethernet Fundamentals

Make sure you understand how CSMA/CD works. Remember, systems involved with a collision send a jam signal (48 bits, all set to 1’s) and run a timing

algorithm to generate random times before attempting retransmission, preventing both systems from transmitting at the same time again.

RTT refers to the total amount of time it takes for a message to travel from a sending host to the recipient and back. For Ethernet and CSMA/CD to work properly, the signal indicating a collision has occurred must have enough time to travel back to the sending machine before the frame has completely left the NIC. Consider Figure 4-3 for a moment. When system A sends the signal, the bits begin to travel through the media. At the far end, system B begins sending, thinking the media is cleared because it has not sensed PC A’s message on the wire yet. A collision then occurs when, just after beginning to send its bits, system B notices an increase in voltage on the wire. PC B now knows it is part of the collision and will need to retransmit its data. However, this increase in voltage (shown with the dotted line in Figure 4-3) must also have time to travel back through the wire for PC A to recognize the collision has occurred—remember, from PC A’s perspective, the collision occurred at the “far end” of the network. If PC A completes its transmission before the increase in voltage is registered at its NIC, it does not know it was part of the collision and won’t retransmit the lost data. In other words, RTT must be kept low enough that the signal indicating a collision has occurred must have time to travel

FIGURE 4-3

Collisions and round-trip time A

Jam signal Transmission Workstation

Hub Collision

B

Ethernet Characteristics

111

from just outside system B’s interface all the way back to system A while system A is still delivering bits. A general rule in place within Ethernet to accomplish this is the “5-4-3” rule. The rule states that, from a sending device to a recipient, the message cannot pass over more than 5 total segments within one collision domain. These five segments are connected over no more than 4 repeaters (Physical layer devices) and, of those five segments, only 3 of them are allowed to be “populated.” An example of the 5-4-3 rule can be viewed in Figure 4-4. Obviously, RTT and the 5-4-3 rule are important considerations when designing your network. Remember the 5-4-3 rule only applies within a single collision domain. If you use a bridge or a switch to split the collision domain, you begin a new 5-4-3 area. With the actions CSMA/CD takes to respond to collisions in mind, it’s easy to see why keeping your collision domains small is beneficial in your network design. The fewer devices you have contending for the media, the fewer collisions you have and, therefore, the less time your segment spends sending jam signals and running timing algorithms. Collision domains are segmented and controlled with layer-2 devices.

FIGURE 4-4

The 5-4-3 rule

Hub/Repeater User Segment

112

Chapter 4:

Ethernet Fundamentals

For example, consider a small network with ten systems connected to a hub. All ten devices are contending for the same media (the layer-1 hub does nothing but aggregate the wires) and can collide with each other, so the collision domain is 10. Suppose we take the same systems, but use a bridge and two hubs instead—depicted in Figure 4-5. A bridge splits collision domains in half, reading the destination MAC address and making a decision whether to keep the message on the originating side, or to let it pass over to the other side of the bridge. Therefore, computers on side A can collide with themselves, but not with computers on side B. The collision domains are now sized to five. Assuming the same network described above, suppose we instead replaced the bridge and hubs with one switch. Switches are, in effect, a bunch of bridges in a box and create a collision domain on each port. In this instance, no collisions can occur since each device is separated into its own collision domain. Examine Figure 4-6 for a depiction of this topic. More information on using switches within your network, to segment collision domains and move traffic efficiently and quickly, is covered throughout this book.

Data Flow Lastly, it is of vital importance—both for the exam and on the job—that you have a solid understanding of data flow through a network, Ethernet or not. Understanding what the data looks like at various stages of its delivery greatly simplifies troubleshooting and increases understanding of networking in general. To clarify,

FIGURE 4-5 A

Collision domains using a bridge

Collision domain Small hub Bridge Workstation

B

Ethernet Characteristics

FIGURE 4-6

Collision domains using a switch

113

Switch Collision domain Workstation Each network segment is its own collision domain.

consider the network shown in Figure 4-7. In our example, PC1 is sending a message to PC2. Both systems are on Ethernet segments and, for the sake of this discussion, Ethernet networks are used throughout the path. As PC1 prepares the data to send, moving through the TCP/IP stack, it reaches the Internet layer and determines it needs a destination IP address for the recipient. A DNS request is sent to find the correct IP address (which turns out FIGURE 4-7

Network data flow

PC2 IP: 195.250.5.100 MAC 00:00:08:AA:BB:CC RTR2 ETH1 Port: IP: 195.200.5.1 MAC 00:00:05:AA:BB:CC

4

3

RTR1 ETH1 Port: IP: 195.150.5.1 MAC 00:00:03:AA:BB:CC

2

1 RTR3 ETH1 Port: IP: 195.250.5.1 MAC 00:00:07:AA:BB:CC

RTR2 ETH0 Port: IP: 195.150.5.2 MAC 00:00:04:AA:BB:CC

RTR3 ETH0 Port: IP: 195.200.5.2 MAC 00:00:06:AA:BB:CC

PC1 IP: 195.100.5.100 MAC 00:00:01:AA:BB:CC

RTR1 ETH0 Port: IP: 195.100.5.1 MAC 00:00:02:AA:BB:CC

114

Chapter 4:

Ethernet Fundamentals

to be 195.250.5.100), the packet is built, and then handed to the Network Access layer for framing. In Ethernet, the MAC address is used for source and destination addresses within the frame, and PC1 needs a Physical layer address within its own Ethernet segment, to send the frame to. So, PC1 broadcasts an ARP request, asking “Who has the MAC address for the IP 195.250.5.100?” Since the destination IP address is not a part of PC1’s network (195.100.5.0), the router port answers the ARP request, providing its MAC as the delivery destination. PC1 then builds a frame using its MAC address (00:00:01:AA:BB:CC) as the source, with the router port (00:00:02:AA:BB:CC) as the destination. The frame, shown in Figure 4-8, is then placed on the wire. The switch reads the destination MAC address as it receives the frame and opens a pathway to the router’s port. The router port receives the frame and begins reading the destination MAC address as well. Since it is intended for the router, the router opens the frame, and discards the header and trailer, leaving only the packet. It then reads the destination IP address and compares it to an internal table. Noticing a route to the end destination exists by sending the packet through the ETH1 port, the router then goes through the same process as PC1: find a destination MAC address and build a frame for delivery in ETH1’s local network. After ARPing for a MAC address, the router builds a new frame and sends it out ETH1. The new frame appears in Figure 4-9. Notice the packet (containing the IP address) doesn’t change; however, the frame has new source and destination addresses. Inside ETH1’s network, the sending device is ETH1, and the destination device is RTR2’s ETH0 port!

Ethernet Frame at Stage 1:

FIGURE 4-8 PREAMBLE

FCS

The frame at Stage 1 Source MAC: Destination MAC: Source IP: 00:00:01:AA:BB:CC 00:00:02:AA:BB:CC 195.100.5.100

PC1’s MAC address

RTR1’s ETH0 MAC address

PC1’s IP address

Source IP: 195.100.5.1

PC2’s IP address

TCP Header

DATA and PAD

Ethernet Characteristics

115

Ethernet Frame at Stage 2:

FIGURE 4-9 PREAMBLE

FCS

The frame at Stage 2 Source MAC: Destination MAC: Source IP: 00:00:03:AA:BB:CC 00:00:04:AA:BB:CC 195.100.5.100

RTR1’s ETH1 MAC address

RTR2’s ETH0 MAC address

PC1’s IP address

Source IP: 195.100.5.1

TCP Header

DATA and PAD

PC2’s IP address

This process of the frame being stripped off, ARPing for a new destination MAC, and rebuilding occurs at each link in the delivery chain. The frame at Stages 3 and 4 is shown in Figure 4-10. When the frame is finally delivered to PC2, the frame and packet headers are removed and the Transport layers between the two systems can begin talking. Ethernet Frame at Stage 3:

FIGURE 4-10

FCS

PREAMBLE

The frame at Stages 3 and 4

Source MAC: Destination MAC: Source IP: 00:00:05:AA:BB:CC 00:00:06:AA:BB:CC 195.100.5.100

RTR2’s ETH1 MAC address

RTR3’s ETH0 MAC address

PC1’s IP address

Source IP: 195.100.5.1

TCP Header

DATA and PAD

PC2’s IP address

Ethernet Frame at Stage 4: FCS

PREAMBLE

Source MAC: Destination MAC: Source IP: 00:00:07:AA:BB:CC 00:00:08:AA:BB:CC 195.100.5.100

RTR3’s ETH1 MAC address

CertCam

PC2’s MAC address

PC1’s IP address

Source IP: 195.100.5.1

TCP Header

DATA and PAD

PC2’s IP address

A multimedia demonstration of data flow through a network can be found on the CD accompanying this book.

116

Chapter 4:

Ethernet Fundamentals

Make sure you’re very familiar with the data flow steps shown here. You’ll be asked to fill in frame fields and to decipher different message types during an information exchange (unicast, multicast,

and broadcast).The frame header and trailer is discarded at each router and replaced by a new frame for the destination port. Don’t forget the DNS and ARP messages sent before the frame is ever built.

CERTIFICATION OBJECTIVE 4.03

Ethernet Standards Ethernet has grown to more than just a small internal layer-2 LAN technology. In modern networking, Ethernet can run lengthy distances, cross over a variety of media, and move at insanely fast bandwidth speeds. Part of Ethernet’s success story has to do with the standards released early on by IEEE, ANSI, EIA, and TIA regarding its development. In this section, we’ll cover IEEE’s networking standards—paying particular attention to those dealing with Ethernet—and wrap things up by taking a look at the various Physical layer standards for each Ethernet implementation. As stated earlier in this chapter, IEEE released—and continues to work on— several standards regarding LAN networking. The IEEE 802 series provided a physical blueprint for several network models, including Ethernet. These standards defined the physical and logical topologies, the media used, the equipment needed, and many other characteristics defining a specific network model. The 802 series provides Physical and Data Link layer specifications for building a network. They are listed in Table 4-1. Considering the wide variety of media choices and the advent of full duplex– capable networking devices, it’s easy to see the need for standards in regards to Ethernet. For the most part, Ethernet framing, addressing, and media access stay the same regardless of the standard in play. However, everything else is up for grabs. The Physical layer portions of these standards were expressed in another format. Also considered as cable standards, many of the more common cable specifications

Ethernet Standards

TABLE 4-1

LAN Network Standards

Standard

Description

Maximum Speed

802.3

Ethernet

802.3(u)

117

Topology

Media

10 Mbps

Physical: Bus/star Logical: Bus

Coax or twisted pair

Fast Ethernet

100 Mbps

Physical: Star Logical: Bus

Twisted pair

802.3(ab)

Gigabit Ethernet

1000 Mbps (250 Mbps per pair)

Physical: Star Logical: Bus

Twisted pair

802.3(z)

Gigabit Ethernet

1000 Mbps

Physical: Star Logical: Bus

Twisted pair

802.4

Token bus

4 Mbps

Physical: Bus Logical: Ring

Coax

802.5

Token ring

4 Mbps 16 Mbps

Physical: Ring Logical: Ring

Twisted pair

802.11(a)

Wireless

54 Mbps

Wireless (5GHz)

802.11(b)

Wireless

11 Mbps

Wireless (2.4GHz)

802.11(g)

Wireless

54 Mbps

Wireless (2.4GHz)

are listed in Table 4-2. Physical layer specifications always follow the same format: Speed, Transmission Type, and Cable Type/Attenuation Rating. For example, consider these two standards: ■ 10base2

10 Mbps, baseband transmission, thinnet cabling up to 185 meters

■ 100baseTX

100 Mbps, baseband transmission, twisted pair cabling

Applying the same “formula,” it’s relatively easy to decipher which speed, transmission type, and cable type are specified with each standard.

Here’s a quick tip for learning the cable specifications—if the last digit is a T, the cable type is twisted pair. If it’s a number, it’s coax cabling. If it’s

anything else, it’s fiber.The only exception to this rule is CX, which is a specialized coax or twisted pair cable.

118

Chapter 4:

Ethernet Fundamentals

TABLE 4-2

Physical Layer Standards

Standard

Maximum Speed

Maximum Segment Length

Cable Type

10base2

10 Mbps

185 meters

Thinnet coax

10base5

10 Mbps

500 meters

Thicknet coax

10baseT

10 Mbps

100 meters

UTP (Cat 3 or higher)

10baseFL

10 Mbps

2000 meters

Multi mode fiber

100baseT4

100 Mbps

100 meters

UTP (Cat 3 or higher)

100baseTX

100 Mbps

100 meters

UTP (Cat 5 or higher)

100baseFX

100 Mbps

412 meters

Multi mode fiber

10,000 meters

Single mode fiber

1000baseCX

1 Gbps

25 meters

Coax

1000baseT

1 Gbps

100 meters

UTP (Cat 5 or higher)

1000baseLX

1 Gbps

550 meters

Multi mode fiber

5000 meters

Single mode fiber

1000baseSX

1 Gbps

500 meters

Multi mode fiber

These physical standards define not only the cable type, but the transmission method used to achieve a certain specification. For example, You should be very both 100baseTX and 100baseT4 transmit at familiar with the networking standards 100 Mbps, and both use twisted pair. However, and Physical layer specification from TX uses only two pairs running at full duplex, Tables 4-1 and 4-2. while T4 uses all four pairs at half duplex. Because it spreads the data transmission bandwidth over all four pairs, T4 can make use of lower category cabling. 100baseTX, the most common Fast Ethernet specification, requires Category 5 or higher cabling, while 100baseT4 requires only Category 3. To view how both sets of standards work with each other, consider the 802.3 standard. The Ethernet standard, 802.3 defined the first Ethernet network. Original 802.3 networks ran at 10 Mbps over coax cabling, with devices connecting using T connectors. The cable specification used for these networks was either 10base2 or 10base5. Rapidly, the standard evolved to allow for star configurations on twisted pair cabling, but still maintain the half duplex, speed, and attenuation restrictions as the original. Rapidly evolving, Ethernet users soon demanded more bandwidth, and there were plenty of options, and media types, available. Fast Ethernet, running at 100 Mbps, came about with the 802.3(u) standard. Using at least Category 5 cabling (Category 5e is preferred), the 802.3u standard

Ethernet Standards

119

accomplished 100 Mbps speeds over copper cabling using a variety of different techniques, depending on the Physical layer specification chosen (100baseTX or 100baseT4). The 802.3z standard pushed Ethernet’s bandwidth limits even further, using long wavelength (LX) or short wavelength (SX) light signaling over multi mode cabling. A gigabit speed standard over copper came about with the 802.3ab standard, using 1000baseT cabling. The gigabit speed is accomplished by transmitting 250 Mbps over each pair, giving a total of 1000 Mbps.

INSIDE THE EXAM Ethernet History The ALOHAnet was the first attempt at multiple system access to a shared media. The first real Ethernet standard was born from a consortium of industry leaders: Digital Equipment Company, Intel, and Xerox (DIX). DIX Ethernet transmitted data at 10 Mbps over thicknet coax cabling, with an overall network footprint of almost 2 kilometers. IEEE began work on various networking standards, including Ethernet, in 1980.

Ethernet Characteristics Frames are a series of bits, received in an expected order and separated into fields. Ethernet has three main frame types: DIX (Ethernet II), 802.3, and 802.3 revised. If the Length/Type field entry is 1536 (0600) or less in the 802.3 frames, the field indicates length. 1537 or more indicates a layer-3 protocol type. The MTU size on Ethernet is 1518 bytes. Ethernet is a contention-based specification, and care should be taken to reduce the size of collision domains. Layer-2 devices— bridges and switches—are used to segment

collision domains. Ethernet used Carrier Sense Multiple Access Collision Detection (CSMA/CD) as its media access method, while wireless uses CSMA/CA. Devices involved in a collision send jam signals, and then run a timing algorithm before transmitting again.

Ethernet Standards Ethernet standards define the Physical and Data Link specifications necessary for networking. IEEE 802.3 standards define Ethernet networking. Various physical specifications for cabling exist—such as 10baseT, 100baseTX, and 1000baseLX— and follow the same format: speed (in Mbps), transmission type (Baseband), and cable type/distance rating. The Ethernet standard chosen defines the speed while the Physical layer specification defines the transmission method involved. Ethernet runs at 10 Mbps, Fast Ethernet runs at 100 Mbps, and Gigabit Ethernet runs at 1000 Mbps. These data rates are achieved using a variety of cable types and duplex options.

120

Chapter 4:

Ethernet Fundamentals

CERTIFICATION SUMMARY Researchers at the University of Hawaii created the first Ethernet-like network (ALOHAnet). Digital Equipment Company, Intel, and Xerox (DIX) used the work and findings already accomplished by ALOHAnet to publish the first Ethernet standard. Released as an open standard, DIX Ethernet transmitted data at 10 Mbps. In 1980, IEEE began work on several network specifications, including the 802.3 series—defining Ethernet layer 1 and layer 2 standards for vendors. All frames, regardless of type, begin with some sort of “start of frame” notification, followed by addresses, a small Type field, a data payload, and a Frame Check Sequence (FCS) field. The three major Ethernet frame types are DIX (or Ethernet II), 802.3, and 802.3 revised. The Length-Type field entry indicates either the length of the frame (1536 or less in decimal) or the type of network protocol being transmitted (1537 or higher). If the length is indicated, a second subheader—such as LLC or SNAP—must be present to indicate the layer-3 protocol contained in the payload. Ethernet uses 48-bit MAC addresses. Each MAC address is unique due to the OUI—the first half of the address assigned by IEEE. Within Ethernet, MAC addresses are used as either unicast, broadcast, or multicast addresses. A unicast message is addressed to one host. A broadcast message is addressed to all systems on the segment (FFFF.FFFF.FFFF). A multicast address uses a special address that is only recognized by a specific subset of hosts on the segment. A collision domain is a group of systems, sharing the same media, which are capable of colliding with each other. Collision domains should be kept small, and can be segmented with bridges and switches. Within a collision domain, Ethernet uses CSMA/CD as a media access method. Within CSMA/CD, systems listen for a clear line, and then attempt to transmit. If a collision occurs, both systems send jam signals, and then run a random timing algorithm to avoid colliding again. CSMA/ CA is used on wireless and employs an RTS signal with a timer to avoid collisions. Ethernet standards include the 802.3 series, as well as several Physical layer cable specifications. The Ethernet standard is 802.3 and runs at 10 Mbps over 10base2, 10base5, or 10baseT. Fast Ethernet is 802.3u and runs at 100 Mbps over 100baseT, 100baseTX, or 100baseFX. Gigabit Ethernet is 802.3z and runs at 1000 Mbps over various copper and fiber cabling.

Two-Minute Drill

✓

121

TWO-MINUTE DRILL Ethernet History ❑ ALOHAnet was the first attempt at Ethernet-type messaging. ❑ Digital Equipment Company, Intel, and Xerox (DIX) published the first

Ethernet standard. ❑ IEEE began work on networking standards, including Ethernet, in 1980.

The Ethernet series is the 802.3 specifications.

Ethernet Characteristics ❑ Frames include fields for preambles, addresses, length/types, data payloads,

and FCS. ❑ The DIX, or Ethernet II, frame is the most common frame type in use. ❑ CSMA/CD is the media access method used by Ethernet. ❑ Ethernet nodes, wanting to transmit, first listen to the wire to determine if it

is clear. During transmission, if another device attempts to transmit, a collision occurs. Both devices involved in the transmission send a jam signal, and then wait a random amount of time (due to an algorithm) before attempting to transmit again. ❑ Round-trip time (RTT) and the 5-4-3 rule ensure collisions are properly

detected. Within a single collision domain, a message cannot cross over more than five segments connected by four repeaters if more than three of the segments are populated.

Ethernet Standards ❑ IEEE 802.3 standards define layer-1 and layer-2 specifications for Ethernet.

802.3 is Ethernet, 802.3u is Fast Ethernet, and 802.3z is Gigabit Ethernet. ❑ The Physical layer, cable, and specifications for networking define the speed,

transmission type, and cable type/maximum segment length. 10baseT and 100baseT both define baseband transmission of twisted pair cabling, but at different speeds. ❑ Cable specifications also require a specific cable grade to accomplish their

transmission speed. 100baseT4 can make use of lower grade cabling while 100baseTX requires Category 5 or higher.

122

Chapter 4:

Ethernet Fundamentals

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Ethernet History 1. Which organization defined the first Ethernet standard? A. IEEE B. ISO C. ANSI D. DIX

Ethernet Characteristics 2. Which frame field is responsible for error checking? A. Preamble B. SFD C. FCS D. Length/Type 3. Which frame type uses a preamble with an SFD? A. DIX B. 802.3 C. Token ring D. None of the above 4. Which frame type uses a Length/Type field? A. DIX B. 802.3 revised C. Token ring D. None of the above 5. While examining an 802.3 Ethernet frame from a packet capture, you notice the entry in the Length/Type field is 0800 (in hex). Which of the following are true? (Choose two.) A. The entry indicates the length of the frame. B. The entry indicated the layer-3 protocol being transported.

Self Test

123

C. The frame is 0800 bits in length. D. The frame is transporting an IP packet. 6. What is the MTU for Ethernet? A. 1500 B. 1518 C. 1536 D. 1537 7. The MAC address of your NIC is 0A:12:3C:4B:67:DE. Which of the following represents the Organizationally Unique Identifier? A. 0A:12:3C B. 4B:67:DE C. 12:3C:4B D. 3C:4B:67 8. Twenty hosts are connected to a hub. Host A sends a unicast message to Host B. Which of the following is NOT true? A. Only Host B opens and processes the message. B. All hosts receive the message. C. All hosts open and process the message. D. The destination address field holds Host B’s MAC address. 9. Your network has 20 computers connected to a hub. You wish to increase performance by reducing the size of the collision domain. Which of the following devices can be used to do this? (Choose all that apply.) A. A hub B. A bridge C. A switch D. None of the above 10. How does CSMA/CD react to collisions? A. All systems jam the network, and then all begin transmitting again. B. Hosts involved in a collision send an RTS signal indicating a time frame in which to retransmit. C. Hosts involved in the collision send a jam signal, and then run an algorithm before retransmitting. D. Collisions do not occur on CSMA/CD.

124

Chapter 4:

Ethernet Fundamentals

11. Which of the following correctly describes the 5-4-3 rule within Ethernet? A. 5 hosts per segment, 4 total segments, 3 repeaters B. 5 repeaters, 4 total segments, 3 hosts per segment C. 5 segments total, 4 repeaters, 3 segments must be unpopulated D. 5 segments total, 4 repeaters, 3 segments can be populated 12. On an Ethernet network, PC1 sends a message to PC2. The message must cross two routers along the pathway. Which of the following statements are true concerning the communication between PC1 and PC2? A. The frame header changes twice during the time it is sent from PC1 to finally reaching its destination at PC2. B. The frame header changes three times during the time it is sent from PC1 to finally reaching its destination at PC2. C. The packet header changes at each router in the delivery path. D. The packet header never changes during the delivery path. E. PC1 broadcasts a DNS message to determine PC2’s MAC address before building the frame. F. PC1 broadcasts an ARP request to determine PC2’s MAC address before building the frame.

Ethernet Standards 13. Which IEEE standard equates to Fast Ethernet? A. 802.3 B. 802.3u C. 802.3z D. 802.4 14. Which of the following is NOT true regarding 10base2? A. Data is transmitted up to 10 Mbps. B. Data is sent using baseband transmission. C. The cable type is thinnet coaxial. D. The cable type is thicknet coaxial. 15. What is the maximum segment length on 10baseT? A. 100 meters B. 185 meters

Self Test

C. 500 meters D. 10 meters 16. Which Ethernet standard refers to Fast Ethernet over fiber cabling? A. 10base5 B. 100baseT C. 100baseFX D. 100baseTX

125

126

Chapter 4:

Ethernet Fundamentals

SELF TEST ANSWERS Ethernet History ✓ D. Digital Equipment Company, Intel, and Xerox teamed up for the first standard. 1. ® ® ˚ A. IEEE did create Ethernet standards, but they were not the first. B. ISO created the OSI Reference Model, not the first Ethernet standard. C. ANSI is incorrect—normally associated with ASCII code and other standards.

Ethernet Characteristics ✓ C. The Frame Check Sequence (FCS) field provides a CRC or checksum for error 2. ® checking. ® ˚ A. The preamble indicates a frame is coming. B. The start frame delimiter indicates the preamble is finishing and the next bits begin the frame. D. Length/type indicates the length of frame or type of layer-3 protocol transmitted. ✓ B. The 802.3 frame has an SFD after the preamble. 3. ® ® ˚ A, C, and D. None of these frame types has an SFD. ✓ B. The 802.3 revised frame type has a Length/Type field. 4. ® ® ˚ A, C, and D. DIX frames have only a Type field. Token ring and “none of the above” are incorrect choices. ✓ B and D. If the entry is larger than 0600, it indicates the layer-3 protocol being transmitted. 5. ® IP equates to 0800 in hex. ® ˚ A and C. Because the entry is larger than 0600, neither of these can be true. ✓ B. 1518 is the largest allowable Ethernet frame size. 6. ® ® ˚ A, C, and D. None of these choices equates to Ethernet’s largest frame size. 1536 is the maximum allowable number in the Length/Type field indicating the length of the frame. ✓ A. The OUI is the first half of a MAC address. 7. ® ® ˚ B, C, and D. These choices are not the first half of the MAC address. ✓ C. Only the host the unicast message is addressed to will open and process the message. 8. ® ® ˚ A, B, and D. All hosts receive the message since they are all connected to a layer-1 device. Only Host B will open and process the message since the destination address field matches its MAC address. ✓ B and C. Layer-2 devices are used to split collision domains. Bridges and switches are 9. ® layer-2 devices. ® ˚ A. Hubs are layer-1 devices and extend collision domains. D is incorrect.

Self Test Answers

127

✓ C. In CSMA/CD, systems involved in a collision send a jam signal to indicate a collision 10. ® to all devices. They then run a timer algorithm, allowing them to retransmit at a random time interval. ® ˚ A, B, and D. Only systems involved in the collision send a jam signal. RTS messages are sent on CSMA/CA, not CSMA/CD. Collisions do occur on CSMA/CD. ✓ D. The 5-4-3 rule is implemented to keep RTT within acceptable bounds for collision 11. ® detection. One collision domain can have 5 segments connected with 4 repeating devices, with 3 populated segments. ® ˚ A, B, and C. These choices are incorrect, based on the 5-4-3 rule. ✓ B, D, and F. The frame header is removed and replaced by each router along the pathway. 12. ® Therefore, the frame header will change three times during delivery (one header from PC1, one from the first router, and a final header from the second router). The packet information is never stripped off until it reaches its final destination. Finally, PC1 broadcasts an ARP message for PC2’s IP address, looking for a MAC. The router will respond. ® ˚ A, C, and E. These are all false statements.

Ethernet Standards ✓ B. Fast Ethernet is defined by the 802.3u standard. 13. ® ® ˚ A. 802.3 defines Ethernet at 10 Mbps. C. 802.3z defines Gigabit-speed Ethernet. D. 802.4 defines token bus. ✓ D. The thicknet cabling standard is 10base5, not 10base2. 14. ® ® ˚ A, B, and C. All are correct. 10base2 equates to 10-Mbps baseband data transmission over thinnet coax cabling. ✓ A. The 10baseT maximum segment length is 100 meters. 15. ® ® ˚ B. Thinnet cabling (10base2) has a maximum segment length of 185 meters. C. Thicknet cabling (10base5) has a maximum segment length of 500 meters. D. 10 meters is incorrect and does not match a standard. ✓ C. Fast Ethernet runs at 100 Mbps. The only standard listed that complies with the speed 16. ® and fiber cable type is 100baseFX ® ˚ A. 10base5 is coax running at 10 Mbps. B. 100baseT runs on copper (twisted pair) cabling. D. 100baseTX runs on copper (twisted pair) cabling.

This page intentionally left blank

5 Switching: Moving Data Inside Your Network CERTIFICATION OBJECTIVES 5.01

Switch Fundamentals

5.02

Switch Design Considerations

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

130

Chapter 5:

Switching: Moving Data Inside Your Network

C

ustomers looking for a modern network want several things, and chief among them are speed, reliability, and services. To provide the benefits of 100 percent bandwidth availability, collision avoidance, duplexing, and other services, most modern LANs are built on switching. While switches were introduced in Chapter 3, this chapter’s main goal is to provide a bedrock of information that can be used to discuss switch configuration later. Topics covered include everything from switch basics (modes of operation and startup functions) to discussions of advanced features, such as broadcast loop prevention and virtual networking. This chapter provides the perfect backdrop to later chapters on Cisco switch configuration.

CERTIFICATION OBJECTIVE 5.01

Switch Fundamentals An important part of almost every modern Ethernet LAN installation, switches are one of the most important network devices for new network technicians—and CCENT candidates—to know about. Switches provide high-speed data transport inside our network, allow for virtual broadcast domains to control traffic, and help secure network traffic from observers. In this section, we’ll cover some basic fundamentals of switches, including the switch’s physical appearance and basic functions, the modes switches are capable of working in, and what happens when you power on the switch.

Physical Features Switches come in a wide variety of styles, colors, and models. Cisco provides two major brands of switches: the Linksys and Catalyst brands. Generally, Linksys switches are used in personal systems to connect a home network, while Catalyst switches are used in commercial LAN implementations. Since the CCENT exam concentrates on the Catalyst series, most of the descriptions of switch physical characteristics come from Catalyst switches. As seen in Figure 5-1, a typical switch (Catalyst included) usually has the following common features: ■ An LED panel ■ A series of ports (aka interfaces) for host connections ■ An uplink port (or two), generally separated from the host interfaces

Switch Fundamentals

Interface LEDs

FIGURE 5-1

The physical features of a switch

131

1

2 3

4 5

6 7

8 9

10 11

12

SYST RPS

System indicator LEDs

STAT DUPLX SPEED

Mode LEDs

MODE

Mode button

Uplink ports

The LED panel on a Catalyst switch contains two system indicator lamps, and three mode indicator lamps. The system indicator lamps are the SYST (System) and RPS (Redundant Power Supply) LEDs. The SYST LED indicates the overall system status. The RPS LED shows the status of the redundant power supply—if one is even present. The LED status and meaning of both system indicator lamps are listed in Table 5-1. Generally speaking, with LEDs green equates to good while amber equates to bad. If you see amber in the system indicator LEDs, don’t panic! Usually the fix is fairly simple. If the SYST lamp is amber, turn the device off and on again. If the RPS lamp is solid amber, press the Standby/Active button—it should return to green. If either fix fails, you may have a problem requiring Cisco’s help, so give them a call.

TABLE 5-1

Switch System Indicator LED Status

LED

Color

Status

SYST

Off

Switch is not powered on.

Green

Powered on, IOS is loaded, and switch is functioning normally.

Amber

POST failed, IOS did not load, and switch is not functioning.

Off

RPS is not functioning or connected.

Green

RPS is connected and ready to provide power. (Blinking green indicates it is providing power to another device.)

Amber

RPS is in a fault or standby condition.

Blinking Amber

Internal power has failed and RPS is providing power to the device.

RPS

132

Chapter 5:

Switching: Moving Data Inside Your Network

The mode lamps indicate the LED mode the switch is operating in. The LED mode has nothing to do with switch operation—no matter what mode you choose to display the LEDs in, the switch will continue to forward frames, as it was intended and configured to do—and is changed by pressing a mode button on the front of the switch. The LED modes simply provide a quick means for administrators to discover information about the switch. Additionally, each host interface port has LEDs, and the LED mode affects how each is displayed. LED modes and their effect on interface LEDs are listed in Table 5-2. The LEDs on individual switch interfaces provide a quick means of troubleshooting for administrators and technicians. Lastly, most modern switches have at least one uplink port. These ports can be RJ45, twisted pair, or fiber, depending on which module is purchased and installed on the router. If the port is RJ45, it will have a different pinout than the rest of the switch interfaces, to allow a straight-through cable to be used between a directly connected switch or hub. If the uplink port is fiber (ST or SC), the module has a transceiver on the interior of the switch, to transform the bits from electric to light and vice versa. In any case, the uplink ports are there for convenience sake. They don’t necessarily have to be used when daisy-chaining devices; it’s just good design practice. Most Catalyst switches not only autonegotiate for speed and duplex, but they’re also capable of detecting which cable type is connected to the interface. If you mess up and connect the wrong cable between switches (for instance, use a straight-through instead of a crossover), no problem—the switch simply changes the pinout to match it and you’re off and running.

TABLE 5-2

Switch Mode LEDs

LED Mode

Interface LED Color

Status

STAT

Off

Not in use, or administratively down

Green

Link present. Blinking green indicates activity.

Green/amber

Excessive collisions and jabber errors are creating a link fault.

Amber

Port is blocked by Spanning Tree Protocol (STP). Blinking amber indicates activity on the blocked port.

Off

Half Duplex

Green

Full Duplex

Off

10 Mbps

Green

100 Mbps

DUPLX SPEED

Blinking green 1000 Mbps (gigabit speed)

Switch Fundamentals

133

Switch Initialization Functions With all the features switches can provide for a network, it is sometimes a daunting task—especially as a new networker—to install a new switch on the network. Several questions come to mind: “What is needed to connect it? What configuration do I need to set up? How do I proceed?” Thankfully, installing a switch is a relatively easy task (configuration is covered later in this book). Simply taking the switch out of the box, plugging in the power supply, and connecting the hosts is all that needs to be done. Most modern switches allow for autonegotiation of speed and duplex, and can even overcome the wrong cable type connection to the host! While this is an easy task, it is important that CCENT candidates be very familiar with how a Catalyst switch operates at bootup.

While this section concentrates on switches, remember that bridges can also perform some of these functions. Bridges also split collision domains, build and update port address tables, and improve performance. However, switches do provide one additional

benefit bridges do not: a switch allows for simultaneously delivery of frames. In other words, a switch is capable of forwarding two frames at the same time on its media backbone, providing a significant speed advantage.

For all intents and purposes, a switch is much like a computer and performs many of the same tasks your PC does at bootup. The first step in the switch boot process is a simple power on self test (POST). Exactly as on a PC, the POST checks to ensure memory, processing, and physical components are connected and functioning. LEDs on the front of the switch indicate the boot process, and POST errors will be displayed there. For example, on a PC a POST problem normally is indicated by a beep or a series of beeps. As stated earlier, a POST problem with a switch results in an amber SYST LED. After the POST runs, a bootstrap program is called from a read-only memory (ROM) location. The bootstrap looks for the Cisco Internetwork Operating System (IOS) in flash memory and loads it into RAM. The next step calls for the configuration files to be loaded from a special storage location known as NVRAM. After the IOS and configuration files are loaded and active, the switch can begin work.

134

Chapter 5:

Switching: Moving Data Inside Your Network

Cisco’s operating system, for both routers and switches, is known as the IOS. Originally, Cisco had two different operating systems available for switches: the IOS and the Catalyst Operating System (CatOS). However, modern Cisco switches have dropped the CatOS in favor of the IOS. After the operating system and configuration file, if any, is loaded, the switch begins to read and forward frames. The switch can receive three types of frames: unicast, multicast, and broadcast. As discussed earlier, switches filter unicast messages to the appropriate port, while flooding multicast and broadcast messages. Surprisingly, though, when the switch is first deployed it floods all the frames it receives. The reason for this is quite simple: initially the switch doesn’t know where everyone is located. Before a switch can determine which port to send an incoming frame to, it must first build something called a content addressable memory (CAM) table. The CAM table, also known as a port address table, contains a list of MAC addresses mapped to specific interfaces on the switch and is built as frames are received by the switch. The source MAC address in each received frame is added to the CAM table and, as the table populates, the switch learns to which interface to send the frames. At power up, the switch’s CAM table is empty. As the first frame enters through an interface, the switch writes the source MAC address and interface mapping in the CAM table. The frame is then flooded to all ports. This process is repeated until the switch receives a frame with a destination address already in the CAM table. With an entry in the table already, the switch knows which interface to open for the frame delivery. This process holds true even when a hub or switch is connected to a switch port—the CAM table simply matches all the connected MAC addresses on the distant end hub or switch to that one interface. See Figure 5-2 for an example of correct CAM table entries.

Make sure you understand how switches operate at startup. You can expect a few questions on the boot process as well as how frames are treated within a startup switch. Remember, initially the

CAM table is empty, so all frames are flooded until the interface to MAC address pairings are learned.The table is built by recording the source address of frames as they enter the interface.

Switch Fundamentals

135

FIGURE 5-2 CAM Table

CAM table entries

INT 3

INT 0

INT 0

00:00:01:AA:BB:CC

INT 1

00:00:02:AA:BB:CC

INT 2

00:00:03:AA:BB:CC

INT 3

00:00:04:AA:BB:CC 00:00:05:AA:BB:CC

INT 2 INT 1

PC5 00:00:05:AA:BB:CC

PC4 00:00:04:AA:BB:CC

PC3 00:00:03:AA:BB:CC

PC2 00:00:02:AA:BB:CC

PC1 00:00:01:AA:BB:CC

The question then becomes, “So what happens when a host is moved from one port to another? If the CAM table has old information in it, won’t frames be delivered to the wrong interface?” To answer this, consider how the table updates itself. We already know the switch reads the source MAC address and equates it to the interface on which the frame was received. However, this process doesn’t end as soon as the MAC address is added—it continues for every frame received. The switch looks at the incoming frame and compares its source MAC address and incoming port with the CAM table. If there is no entry, it simply adds the pair to the table. If the entry does exist, it verifies that the pair matches. If the new frame entered is on a different interface than the one listed in the table, the switch updates the information. In other words, the CAM table is dynamic, updated constantly, and allows for systems to be seamlessly added and removed from the switch, as well as to be moved from port to port. For clarification, consider an example. Earlier in the week, a switch was installed and all hosts were connected and powered on. At that time, PC 1 was connected to port 1 and the port address table entry showed 0A:0B:0C:12:34:56 as being located on port 1. So, all messages with the destination address 0A:0B:0C:12:34:56 were sent to interface 1. Later in the week, a user moves to another office and changes PC 1’s location, placing it on port 5. When PC 1 sends its first frame, the switch

136

Chapter 5:

Switching: Moving Data Inside Your Network

compares the source MAC address, 0A:0B:0C:12:34:56, with the port information it has in the table, port 1. Since the message originated from port 5, the port address table is updated and PC 1 will receive all messages on the correct port. CAM tables can also be configured manually. Be very careful in doing so, as pesky users have a habit of changing your physical network configuration without your knowledge or approval!

Duplex and Speed Aside from the collision domain segmentation and bandwidth speed allocation benefits, switches offer two additional advantages over hubs in network design. First, switches provide the option of using full duplex. All data communication, regardless of media, media access method, or data type, works in one of three different transmission methods: simplex, half duplex, or full duplex. Simplex transmissions travel in one direction only, while half duplex transmissions can travel in both directions. Full duplex adds the ability for data to travel in both directions simultaneously. Quite obviously, this provides a big boost in bandwidth and, for all practical purposes, eliminates collisions. Secondly, switches allow for devices of different speeds to communicate with each other. On most modern switches, systems at 10 Mbps, 100 Mbps, and 1000 Mbps can all communicate freely over the same device. The switch can operate using store and forward, allowing the frame to be slowed down or sped up on transmission to the destination interface. Many hair-pulling troubleshooting adventures have resulted from autonegotiation problems. One workaround many network administrators use is to manually configure either the switch or the NIC to a speed/duplex setting. See Chapter 9 for more information on this. Both duplex and bandwidth speed settings are assigned per interface, and can be manually configured or left to autonegotiation. During the development of the 802.3u standard, IEEE established the principles for autonegotiation on switch interfaces to allow for backwards compatibility to 10 Mbps. By default, every interface on a Catalyst switch is set to autonegotiate, based on the IEEE standard. When a host is connected to an interface, the switch and the host NIC exchange information to discover the speed settings and automatically agree to use the fastest available. Next, both devices determine whether full duplex is enabled on

Switch Fundamentals

137

each device. After some time (less than 30 seconds), the communications process is enabled and the port goes live. This works wonderfully, so long as both devices are set to autonegotiate. If, however, either the NIC or the switch interface is not set for autonegotiate, the process cannot maneuver the best duplex and speed settings for the connection. In this case, the device that is performing autonegotiate simply defaults to a standard, based on the speed of the connection. If the speed is determined to be less than 1000 Mbps (gigabit), the connection is set to half duplex. If the connection speed equates to gigabit, the duplex setting defaults to full duplex. If speed can’t be determined at all, the device goes to the basics: 10 Mbps at half duplex.

Be sure to know the basics on autonegotiation: speed < gigabit = half duplex, speed > or = gigabit = duplex. If the speed can’t be determined at all, it defaults to 10 Mbps at half duplex. If you keep in mind that higher speeds require duplex and,

normally speaking, simplifying things always helps in troubleshooting (IOW—defaulting to the simplest transmission method available), you should have no problems with these questions.

Switch Modes As already covered in Chapter 3, all switches read MAC addresses to make filtering decisions on incoming frames. However, the method in which they go about forwarding the frames determines which mode the switch is operating in. Some read just a portion of the frame, while others examine the entire thing, and each switching mode has its benefits and drawbacks. Switches operate in three different modes: cut through, store and forward, and fragment free. Switches operating in cut through mode forward frames as quickly as possible. As a frame arrives, the switch reads only enough bits to discover the destination address in the correct field of the frame. Once the destination address is determined, the switch makes a quick comparison to its CAM table and opens the pathway to the destination port. The frame is then sent to the destination port while bits are still being received on the original port. Obviously, this mode of switching is very fast—frames are forwarded almost as soon as they enter their switch port—but it does have one glaring disadvantage. Because the switch only reads to the destination address, cut through mode results

138

Chapter 5:

Switching: Moving Data Inside Your Network

in the forwarding of frames that contain errors. Remember from Chapter 4, the FCS field in an Ethernet frame provides for error checking on the recipient end. Because the switch doesn’t read to the FCS field, it forwards frames that are too short (runts) and too long (giants). This results in retransmission requests and a host of other headaches for your systems—and network—to deal with. By default, most switches used to operate in cut through mode. Of late, however, most newer switches, including Catalyst switches, default to store and forward due to the prevalence of hosts running at different bandwidth speeds and duplex settings. The second switch mode operates much differently. In store and forward mode, the switch accepts the entire frame before it allows even a single bit to be transmitted through the destination port. Although it slows things down—latency added to the transmission of the frame is obvious—this method provides two distinct benefits. First, store and forward allows the switch the opportunity to verify that frames are error-free. By taking the entire frame in before transmitting the first bit, the switch can verify the FCS field before sending, making sure no bad frames are propagated through the network. If the frame is found to be erroneous, the switch simply discards it. Secondly, store and forward allows for systems operating at different bandwidth speeds to communicate on the same switch. For example, assume a switch is rated 10/100 and two hosts are connected; one running at 10 Mbps, the other running at 100 Mbps. If the faster machine sends a message to the slower machine without store and forward, the slower machine would quickly become overwhelmed. With store and forward, the entire frame is brought into the switch, and then transmitted at the appropriate speed for the destination port. The third switch mode is somewhat of a compromise between cut through and store and forward. Fragment free switch mode forwards the frame after receiving the first 64 bytes. Much Be sure you can identify like cut through, this mode opens a pathway to the functions, benefits, and drawbacks the destination port before all the frame’s bits of each switch processing mode. are received; however, it adds the benefit of cutting down on the number of erroneous frames propagated by the switch. Reading the first 64 bytes of the frame allows the switch to determine most collision-type errors within the frame and, much like store and forward, if the frame is in question, the switch can discard it.

Switch Design Considerations

139

CERTIFICATION OBJECTIVE 5.02

Switch Design Considerations Understanding what the switch looks like and how it operates is only a first step. Applying this knowledge to LAN design and switch placement is just as important. Using a fully switched network can greatly improve performance and strengthen security. However, there are several considerations to keep in mind while designing and building the network. In this section, we’ll cover switch installation, broadcast loop mitigation, and VLANs.

Switch Installation and Connections Network design, with regard to switches, requires consideration of segment lengths, data bandwidth needs, cost, performance, and reliability. Using switches instead of hubs negates much of the 5-4-3 rule discussed earlier and provides for the maximum segment length on each cable run; however, designers still need to stay within rated segment lengths. Bandwidth requirements can vary wildly within a single network—segments serving users don’t necessarily require the same bandwidth and segments connecting a server farm to the network, for example. Cost, performance, and reliability generally are closely related since increasing performance and redundancy increases the price paid.

The CCENT exam doesn’t spend a whole lot of time on network design. However, you should still be familiar with Cisco’s design methodology and the role each switch plays. Plus, you will be expected to know how to determine how many collision and broadcast domains exist

in a network diagram. Remember, switch ports equate to a single collision domain, while router ports equate to a broadcast domain. Don’t forget VLANs act as their own broadcast domain as well—see Chapter 9 for more information.

With these considerations in mind, Cisco defines three separate roles for switches within a network: access, distribution, and core. The idea behind Cisco’s design is to increase performance, security, and reliability while reducing cost, equipment,

140

Chapter 5:

Switching: Moving Data Inside Your Network

and confusion as much as possible. Access layer switches are used to connect hosts to the network. Distribution layer switches provide an aggregation point for the access layer switches. Core layer switches, if needed, are very high-end high-bandwidth devices providing aggregation points for distribution switches in a large enterprise network. The concept behind the three layers is relatively simple: hosts must connect to switches, and those switches should not be connected together. Data that travels from one switch to another should go through an aggregation point (a high-bandwidth switch), and have redundant paths available, should a problem occur. This concept reduces the amount of cabling required to provide for maximum performance and redundancy while increasing performance networkwide. For example, consider the network portrayed in Figure 5-3. Most networks are designed with redundancy in mind. Multiple pathways to the end station eliminate the worry of a single cable fault gumming up the works. In Figure 5-3, redundancy is provided by using distribution layer switches. If the access switches were connected redundantly, much more cabling would be needed, thereby reducing the number of interfaces on the access switch to which hosts could connect. In this case, if you fully meshed the access switches, each switch would use three ports for connectivity to other switches. It’s much more efficient to use the up-layer distribution switch and have data travel from access switch to access switch—utilizing only two ports per switch.

Looping and STP Cisco offers a great switched network design, but a few other considerations and potential problems must still be taken into account when designing your network. As discussed earlier, switches flood all broadcast traffic. Suppose, whether by accident or by design, a network is built connecting several switches in a loop, as FIGURE 5-3

Distribution layer switches

A Cisco switched network design Access layer switches

Switch Design Considerations

FIGURE 5-4

141

Host A

Broadcast loops

Switch A

Switch D

Switch B

Switch C

seen in Figure 5-4. If Host A sends a broadcast message to switch A, the switch will, in turn, flood it out every available port. The broadcast message, received by switches B and D, will also flood the broadcast out their ports. Switch C—and A (again)—receive the broadcast and flood it again. This process can repeat for eternity. In other words, if a broadcast message enters a switched network that is built with redundant connections, it will loop indefinitely. This problem can be avoided in two ways. The first is to simply design the network in such a way as to avoid broadcast loops. If the designer does not connect switches together redundantly in the first place, then broadcast looping does not occur. This sounds simple enough but, over time, accidents happen. Whether planned or not—with the addition of a switch here, and a new segment there—before you know it, a redundant loop is in place. Not to mention, most designers and customers prefer redundancy in their networks, so avoiding loops via this method is, oftentimes, impossible. The second method to head off broadcast looping deals with the functioning and makeup of the Catalyst switches themselves. Spanning Tree Protocol (STP) runs on all Catalyst switches by default—meaning that if you do not wish to use it, you must turn it off. STP defeats broadcast loops by allowing switches to negotiate a solution. STP switches elect a “root bridge” within the network and, after gathering enough data, an interface (or a few) is then The CCENT exam does put into a blocking state. This not cover STP extensively. You’ll need to shuts down the port and stops know what it is and the basics of how the broadcast from perpetuating it works, but nothing more.The CCNA through the network. STP is ICND2 exam covers this information. dynamic, so if it turns out the

142

Chapter 5:

Switching: Moving Data Inside Your Network

port is needed at a later time (say, a link going down elsewhere in the network caused a need for the redundant path to be opened), STP will put it back in a forwarding state. For instance, in the network depicted in Figure 5-4, STP would block one of the ports connecting two of the switches together.

VLANs Another switch technology that affects network design is the concept of virtual LANs (VLANs). A VLAN is exactly what it sounds like: a broadcast domain created not by routers and physical networking, but by the assignment of devices to a virtual network. VLANs can quickly become confusing and bothersome— especially when troubleshooting or monitoring network traffic (sniffing). However, VLANs offer several benefits. Some of the more important reasons for using VLANs within a network design are: ■ VLANs can segment broadcast domains without the need for purchasing new

devices (routers). ■ VLANs can improve performance on hosts, reducing their processing

overhead by limiting the broadcast messages, and separating traffic types. ■ VLANs provide better security by separating devices, and their message traffic.

Remember from Chapter 4, a broadcast domain is basically a network created and bordered by routers. A broadcast from one device in the LAN is transmitted to all devices in the LAN and stops at the router. A virtual LAN works in much the same fashion, except the VLAN is created by joining a group of switch ports together and properly configuring the switch. While normally all ports on a switch would belong to a single broadcast domain, the switch can be configured to treat them as separate networks (broadcast domains). Additionally, using VLANs can improve performance by restricting other data flow through your network. For all practical purposes, when a VLAN is created, it is as if the devices within it are on completely separate networks, with no connectivity whatsoever between them. In other words, devices in one VLAN cannot talk to devices in another—the switch will not allow the traffic to mix between the two. Administrators may use this to their advantage, separating data traffic types for maximum performance benefit. For example, VoIP traffic from IP phones could be in a separate network than data traffic from hosts, and/or traffic from critical hosts requiring preferential treatment could be separated from “normal” data traffic. Security-wise, this presents a lot of flexibility in network design, allowing administrators to group hosts based on the task or data security level instead of just the physical location.

Switch Design Considerations

Make sure you are very familiar with the key concepts regarding VLANs: they are created on switches, create multiple broadcast domains within a single LAN, provide better performance by reducing/restricting broadcast traffic, and present greater security options. Many CCENT questions require you to identify

143

data traffic patterns within a network diagram, and VLANs will definitely be a part of that. Remember that a message sent by a member of a VLAN can only be received by other members of that same VLAN—unless a router is installed to allow for cross-VLAN traffic.

For clarification sake, consider an example. Suppose a network administrator is examining the network in Figure 5-5. The top of Figure 5-5 shows a switch, using a default configuration, with four hosts connected to it. All four of these hosts belong to the same broadcast domain. If Host A sends a broadcast frame, the switch will flood the message and all hosts will receive it. On its own, this works fine, with one exception—the customer does not want Hosts C and D to view messages to or from Host A or B. The bottom of Figure 5-5 shows the same network, except this time the Default configuration

FIGURE 5-5

VLAN switching

Host A

Host B

Host C

Host D

With VLANs

Host A VLAN 1

Host B VLAN 1

Host C VLAN 2

Host D VLAN 2

144

Chapter 5:

Switching: Moving Data Inside Your Network

administrator has configured the switch to say, “Hosts A and B are in Virtual LAN 1. Hosts C and D are in Virtual LAN 2.” In this instance, if Host A sends a broadcast frame, only Host B will receive it. The switch still floods the frame, but only within the broadcast domain (VLAN) Host A is connected to. It should be noted that, while VLANs are treated as completely separate physical networks (virtually), it is possible to have multiple VLANs on your network and allow communication between them. In the physical realm, to connect networks you’d need a router and, since VLANs are treated as separate physical networks, the same thing applies in this scenario. If you have multiple VLANs and want them to communicate with each other, the traffic must go through a router.

INSIDE THE EXAM Switch Fundamentals Be familiar with the switch LEDs and the bootup process. The exam will have several questions regarding the treatment of frames by a switch, so it is essential to understand CAM (or port address, if you prefer) table updates and frame treatment before, during, and after. Additionally, switches provide for simultaneous frame delivery. Duplex operations eliminate collisions and increase bandwidth, and most modern switches can use autonegotiation for both speed and duplex. You should be able to identify characteristics of cut through, store and forward, and fragment free switching modes.

Switch Design Considerations The exam won’t pester you with a lot of design questions, but you will be faced with

a variety of network diagrams to decipher. Be familiar with Cisco’s switched network design terminology, but don’t expect very many questions dealing directly with it. You should be intently focused on how switches learn MAC address locations, build the CAM table, and handle different message types (unicast, multicast, and broadcast). Be prepared to identify basic features of STP and loop avoidance in a fully switched, redundant network. Not much was covered here on the inner workings of STP because, frankly, you won’t be asked much about it— that’s a topic for the ICND2 exam. Lastly, be aware of what VLANs are and what their effect is on data traffic. Keep in mind that they not only control broadcast propagation, but separate traffic altogether—as if the devices are on totally separate networks.

Certification Summary

145

CERTIFICATION SUMMARY Switches provide better network performance, split and manage collision domains, and result in better security on the network. Switch LEDs provide a host of information on system status. Initially flooding frames, switches quickly build a port address (or CAM) table that maps the source MAC address to its arrival interface. This table allows the switch to provide 100 percent bandwidth between hosts, delivering the message to only the port the destination address is intended for. Switches also allow for best duplex and speed options on a network. IEEE autonegotiation sets up the highest available bandwidth speed and makes every attempt to run at full duplex between the host and the switch. Switch modes include cut through (fastest, but with most errors), store and forward (the default behavior; slower but with no bad frames delivered), or fragment free (the compromise version; it reads the first 64 bytes of the frame before sending). Broadcast loops within a fully switched environment are mitigated by STP. Ports are put in either a forwarding or a blocking state, depending on the network discovery by STP running on all switches. VLANs can also be used to contain broadcast traffic (for security reasons as well). Devices within a VLAN (a defined group of switch ports) can only transmit data to members of their own VLAN.

146

Chapter 5:

✓

Switching: Moving Data Inside Your Network

TWO-MINUTE DRILL Switch Fundamentals ❑ Switch system indicator LEDs show the status of the switch and the redun-

dant power supply. The LED mode indicators affect how the interface LEDs display information. ❑ Switch ports can be half or full duplex, and can run at multiple speeds. IEEE

autonegotiation between the switch and the host NIC determines the fastest bandwidth rate and always attempts full duplex. ❑ Switches run a POST at bootup. If the IOS does not load properly, the SYST

LED will glow amber. ❑ Switches filter unicast messages and flood multicast and broadcast messages.

Unicast messages are flooded only until the CAM table is updated to reflect the destination MAC address / interface pairing. ❑ Unicast messages are filtered based on entries in the CAM, or port address,

table. The table is built and updated dynamically by comparing the source MAC address and incoming interface pairing with the table. If there is no entry, the pair is added. If there is an entry, the information is updated if necessary. ❑ Cut through switching mode begins delivering the message as soon as the

destination address is discovered (while bits are still incoming to the switch). This results in faster processing, but the delivery of more erroneous frames (runts and so on). Fragment free reads the first 64 bytes and then begins delivering the frame. ❑ Store and forward brings the entire frame into the switch and examines it

before opening the correct interface for delivery. This adds to latency, but does not transmit erroneous frames and allows for devices of different bandwidth speeds and duplex setting to communicate over the same switch. This is the current default setting for most switches.

Switch Design Considerations ❑ Proper design for a fully switched network includes three types of switches.

Access layer switches are used to connect hosts, distribution layer switches are used to connect access switches together (for redundancy), and core layer switches provide high-bandwidth aggregation for distribution layer switches in large networks.

Two-Minute Drill

147

❑ STP is used to automatically protect against routing loops in a switched

network. Interfaces are placed in either a forwarding or blocking state in order to successfully block broadcast propagation. ❑ Administrators create VLANs by grouping switch ports together. The group of

ports is treated as a completely separate physical network, limiting broadcasts and preventing traffic from traveling into or out of it.

148

Chapter 5:

Switching: Moving Data Inside Your Network

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Switch Fundamentals 1. You connect a host to a switch and the switch LED mode is set to DUPLX. The host is only capable of half duplex. After the connection is negotiated, how should the interface LED appear? A. Amber B. Green C. Green/amber D. Off 2. A switch is powered on for the first time. Ten devices, Hosts A through J, are connected to the switch. Host A sends a unicast message to Host B. Which of the following are true? (Choose two.) A. The switch records the destination MAC address in the frame and the incoming interface pair in the port address table. B. The switch records the source MAC address in the frame and the incoming interface pair in the port address table. C. The frame is flooded to all devices connected to the switch. D. The frame is sent only to Host B. 3. Hosts A through J have been connected to a switch for some time, with each device connected to a matching port—Host A is on port 1, Host B on port 2, and so on. A user moves his system and connects Host A to interface 12. Immediately after the connection, Host A sends a unicast message to Host B. Which of the following are true? A. When the frame enters the switch, it is flooded to all interfaces. B. When the frame enters the switch, it is sent directly to interface 2, and no other. C. After this unicast message is sent, frames addressed to Host A will continue to be sent to interface 1. D. After this unicast message is sent, frames addressed to Host A will be sent to interface 12. 4. A host using a 10/100 NIC is connected to a Catalyst switch. The switch interface is configured for autonegotiate, but the NIC is not. Assuming speed can be determined by the switch, which of the following will autonegotiation default to for this scenario? A. 10 Mbps, half duplex B. 10 Mbps, full duplex

Self Test

149

C. 100 Mbps, half duplex D. 100 Mbps, full duplex 5. Host A and Host B are connected to the same switch, and Host A sends a message to Host B. When the switch starts receiving the bits, it reads the destination MAC address, determines the port Host B is on, and immediately opens a channel to that port while bits are still being received. Which switch mode is being used? A. Cut through B. Store and forward C. Fragment free D. Full duplex 6. Host A and Host B are connected to the same switch, and Host A sends a message to Host B. When the switch starts receiving the bits, it reads the first 64 bytes, determines the port Host B is on, and opens a channel to that port while bits are still being received. Which switch mode is being used? A. Cut through B. Store and forward C. Fragment free D. Full duplex 7. You have 10-Mbps and 100-Mbps hosts throughout your network. A new trainee asks you which switching method is used on your switches. Which is the correct response? A. Cut through B. Store and forward C. Fragment free D. Full duplex

Switch Design Considerations 8. Refer to Figure 5-6. Which of the following statements are true? A. Hosts A and B are in the same collision domain. B. Hosts A and B are in different collision domains. C. Hosts C and D are in the same collision domain. D. Hosts C and D are in different collision domains. E. Hosts A, B, C, and D are in the same broadcast domain. F. Hosts A, B, C, and D are in different broadcast domains.

150

Chapter 5:

FIGURE 5-6

A switched network

Switching: Moving Data Inside Your Network

Switch Hub Workstation

Host A Host B VLAN 1 VLAN 1 Host D Host E Host C VLAN 1 VLAN 1 VLAN 1

Host F Host G Host H VLAN 2 VLAN 2 VLAN 2

9. Hosts A, B, C, and D are all connected directly to a switch with no additional configuration. Which of the following statements are true? (Choose all that apply.) A. There is one collision domain. B. There are four collision domains. C. There is one broadcast domain. D. There are four broadcast domains. 10. According to Cisco design theory for a fully switched network, hosts do not connect directly to which type(s) of switch(es)? (Choose all that apply.) A. Access B. Core C. Distribution D. Cut through E. Fragment free 11. Refer to Figure 5-6. Assuming all CAM tables are up-to-date, if Host A sends a broadcast message, which of the following are true statements? (Choose all that apply.) A. Host B will receive the message. B. Hosts C and D will receive the message. C. Hosts E and F will receive the message. D. Hosts G and H will receive the message. E. The broadcast message is not propagated by the switch.

Self Test

151

12. Refer to Figure 5-6. Assuming all CAM tables are up-to-date, if Host A sends a unicast message to Host E, which of the following are true statements? A. Hosts B and E will receive the message. B. Hosts C and D will receive the message. C. Hosts E and F will receive the message. D. Only Host E will receive the message. E. The switch cannot forward the message. 13. Refer to Figure 5-6. Assuming all CAM tables are up-to-date, if Host A sends a unicast message to Host F, which of the following are true statements? A. Hosts B and F will receive the message. B. Hosts G and H will receive the message. C. Hosts E and F will receive the message. D. Only Host F will receive the message. E. The switch cannot forward the message. 14. A trainee is examining a switch. Port 1 is directly connected to another switch; however, the port’s LED is solid amber. The trainee asks if this is a problem. You determine the LED mode is set to STAT. Which of the following is the correct response? A. This is not a problem since all ports are amber in STAT mode. B. This is a problem since no port should ever appear amber. C. This is a problem. STP has the port in a forwarding state. D. This is not a problem. STP has the port in a blocking state.

152

Chapter 5:

Switching: Moving Data Inside Your Network

SELF TEST ANSWERS Switch Fundamentals ✓ D. If the LED mode is set to duplex, there are only two options: green for full duplex, and 1. ® off for half duplex. ® ˚ A. Amber LEDs do not appear when the mode is set to duplex. B. Green LEDs indicate a full duplex connection when the mode is set to duplex. C. Green/amber LEDs do not appear when the mode is set to duplex ✓ B and C. As frames enter a newly powered on switch, the CAM table is empty. The switch 2. ® records the source address, and its originating interface, in the table and floods the message. ® ˚ A. Recording the destination address with an incoming interface would not work. Switches record the source address. D. A switch will flood any unicast message it receives that does not match an entry in the CAM table. ✓ B and D. Moving Host A to a different port would not affect the delivery of frames with a 3. ® destination MAC for Host B—still on port 2. As the first message from Host A is received, the CAM table will update to the new port (12). ® ˚ A. Only three types of frames are flooded by switches: broadcast, multicast, and frames without a matching entry in the CAM table. Since B is still in the CAM table, the message would be delivered appropriately. C. The CAM table is updated to Host A’s new port number immediately after the frame enters the switch. ✓ C. If speed is determined to be less than gigabit, the switch always defaults to half duplex. 4. ® ® ˚ A, B, and D. None of the remaining options are correct. ✓ A. Cut through switches begin delivering the frame as soon as a destination address is 5. ® discovered. ® ˚ B. Store and forward switches receive the entire frame before forwarding, injecting additional latency but examining it for errors. C. Fragment free reads the first 64 bytes of the frame before delivering it, thus reducing collision errors and bad frame propagation. D. Full duplex does not apply in this scenario. ✓ C. Fragment free reads the first 64 bytes of the frame before delivering it, thus reducing 6. ® collision errors and bad frame propagation. ® ˚ A. Cut through switches begin delivering the frame as soon as a destination address is discovered. B. Store and forward switches receive the entire frame before forwarding it, thus injecting additional latency but examining it for errors. D. Full duplex does not apply in this scenario.

Self Test Answers

153

✓ B. Store and forward switches receive the entire frame before forwarding, injecting additional 7. ® latency but examining it for errors. This allows devices of different speeds/duplex settings to communicate over the same switch. ® ˚ A. Cut through switches begin delivering the frame as soon as a destination address is discovered. C. Fragment free reads the first 64 bytes of the frame before delivering it, thus reducing collision errors and bad frame propagation. D. Full duplex does not apply in this scenario.

Switch Design Considerations ✓ A, D, and E. Hosts A and B are connected to a hub, putting them both in the same 8. ® collision domain. Hosts C and D have individual links to the switch, putting them in different collision domains. Hosts A, B, C, and D are all in the same VLAN, putting them all in the same broadcast domain. ® ˚ B, C, and F. Hosts on a hub are in the same collision domain. C. Each host connected to a switch is in its own collision domain. F. A VLAN is designed to create a broadcast domain. ✓ B and C. Each switch port represents a separate collision domain. Switches do not split 9. ® broadcast domains. ® ˚ A and D. These are incorrect choices. ✓ B and C. Hosts do not directly connect to core or distribution layer switches. 10. ® ® ˚ A. Access switches provide direct access to users. D and E. These are switch modes, not design layers. ✓ A and B. Hosts A, B, C, and D are all in VLAN 1, putting them all within the same 11. ® broadcast domain. ® ˚ C and D. Hosts F, G, and H are in VLAN 2, putting them in different broadcast domains. E. This is not a true statement. ✓ A. Hosts A and B are connected to a hub; therefore, each device receives every message 12. ® from the other, regardless of the address. Once the switch receives the frame, it forwards it to Host E’s port only. ® ˚ B and C. The switch forwards the frame to only Host E’s port, based on the CAM table entry. D. Host B will also receive the message since it is connected to the same hub as Host A. It will not process it, however. E. This is not a true statement. ✓ E. Host F is in a different VLAN; therefore, the switch will not deliver the frame. 13. ® ® ˚ A, B, C, and D. These are incorrect choices. ✓ D. Solid amber in STAT mode indicates a port has been placed in a blocking state by the 14. ® Spanning Tree Protocol, as designed. ® ˚ A. All ports should NOT appear amber in STAT mode. B. Ports CAN be amber in STAT mode. When STP is doing its job, a blocking state port prevents routing loops. C. Ports in a forwarding state are green.

This page intentionally left blank

6 Routing Essentials and IP Addressing

CERTIFICATION OBJECTIVES 6.01

Routing Fundamentals

6.02

An Introduction to IP Addressing

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

156

Chapter 6:

Routing Essentials and IP Addressing

D

ata requests are destined for one of two locations—either for a resource inside your network, or for a resource outside your network. Switches do a wonderful job of moving data around inside the network, but they can’t move anything outside the network. In this chapter, we’ll concentrate on what it takes to get data out of your network by discussing and examining the fundamentals and concepts of routing. To understand routing, we’ll first cover routing logic and data flow, followed by a basic discussion on routed and routing protocols. The next section describes how network boundaries are defined with an introduction to IP addressing. Lastly, we’ll take a look at some network layer utilities and their functions.

CERTIFICATION OBJECTIVE 6.01

Routing Fundamentals The basic fundamentals of routing revolve around network traffic destined for a foreign address. In other words, the destination device is not in the same network as the requesting system. LAN devices are not intended for this function—they only know about addresses inside the network. For clarification (continuing with the post office example we’ve used thus far), suppose you write a letter to a friend who lives in a different city. The letter is addressed with a name, street address, city, and ZIP code. It would be ridiculous to assume your local postal clerk will fire up his trusty postal wagon and hand deliver the message. In part, because it would be horribly inefficient and slow, but also because your postal clerk simply doesn’t know where your friend lives. The postal clerk’s job is to deliver messages on his route—in a neighborhood he knows about. Imagine how difficult his job would be if he were required to know the location of every address on the planet. When the clerk receives a message that isn’t intended for his neighborhood, he doesn’t know what to do with it. So, he takes it to someone who does—the post office. In this example, the clerk is acting like your LAN devices. They recognize specific MAC addresses (like the name, street, and city on the front of an envelope), but if it’s not inside their network (neighborhood) the message can’t be delivered. To deliver it, the devices send the message a location within their network (your local post office) that is capable of finding the correct route to the end destination. In other words, to get a message out of your network, you need a physical address inside your network to deliver it to. Once the message has a starting point, routing logic begins.

Routing Fundamentals

157

Routing Logic and Data Flow As stated earlier, before routing logic even comes into play, the data must be received by the router. After the data is received, the router makes a determination as to routing and proceeds to the next step—encapsulating the packet for delivery in the new network. Examining data flow and routing logic is most easily accomplished by considering an example and watching the data flow between two systems. See Figure 6-1 for an overview of this example.

FIGURE 6-1

PC3 195.250.5.200

PC4 195.250.5.200

A routing logic example

Serial 0: 195.170.5.1 Ethernet 0: 195.250.5.1

Serial 1

Serial 1 RTR1

RTR4

RTR3

RTR2

Ethernet 0: 195.100.5.1

Serial 1 Serial 0: 195.200.5.2

Serial 0: 195.150.5.2

PC2 195.100.5.200

PC1 195.100.5.100

158

Chapter 6:

Routing Essentials and IP Addressing

In our example, PC1 composes a message for PC4. PC1 then passes the message through the TCP/IP stack and, at the Internet layer, the IP address 195.250.5.200 is placed in the IP header. The packet is then passed to the Network Access layer, at which point a physical address must be determined for the address assigned in the Internet layer. The PC looks at the destination address and quickly determines that the packet is not intended for any device on this network by comparing it to its own (195.100.5.100 and 195.250.5.200 are not on the same network). PC1 then encapsulates the packet and places the default gateway MAC address in the header. The frame, appearing in Figure 6-2, is then sent out the port, and the switch merrily passes it on to the router. You may be asking yourself, “So how does the sending system find these addresses (IP and MAC) to build the frame with?” The answer has to do with two protocols: DNS and ARP. DNS (Domain Name System) resolves an IP address for a fully qualified domain name. In our example, suppose PC1 was attempting to surf a web page hosted by PC4. As the request is passed through the layers, it pauses at layer 3 while a separate DNS request is sent out. The DNS request queries for the IP address of the system hosting the web site that PC1 is searching for. When it gets its answer, DNS returns the IP and it is added to the frame. ARP (Address Resolution Protocol) then kicks in to resolve a MAC address for the IP address it now knows. Your system now has the IP address of PC4 and the MAC address of a system inside your network (your router’s physical address) to deliver the message to. There are actually a wide variety of methods to find the IP address of the end destination. Your PC checks its hosts file first, then its local DNS cache, before ever sending a request packet. Some systems, and networks, also use WINS (Windows Internet Name Service) to resolve IP addresses, while others provide different means. Lastly, ARP isn’t used on every message sent.The MAC address matching the IP address is stored in a cache on your machine, known as the ARP table. If the IP to MAC pairing is in the table, your machine does not need to send an ARP message. When the router port (195.100.5.1) receives the frame, it first checks the MAC address to verify the frame was intended for it. Next, the router checks

FIGURE 6-2

Frame 1

Source: Preamble PC1 MAC Address

Destination: Source: Router Port 195.100.5.100 MAC Address

Destination: 195.250.5.200

Data

F C S

Routing Fundamentals

159

the FCS field and, if the frame is verified, the header and FCS are removed. The destination IP address from the remaining packet header is then compared to a route table within the router. If there is no route in the table to which the packet can be sent, it is discarded. If there is a route in the table, the router then has to encapsulate the packet for the next network and send it out the appropriate port. The relevant route tables are listed in Table 6-1. In our example, Router 1 (RTR1) examines its route table and finds an entry for the target network. The entry tells the router that, to get to network 195.250.5.0, send the packet out the interface named Serial 1. Next, in another exceedingly important item, the table provides the address of the next router on the pathway: 195.150.5.2. This is such an important step because devices on any LAN can only receive messages intended for something on that LAN. The next hop address gives RTR1 an address on the next network link to forward the packet to. RTR1 performs an ARP request to find the next hop’s physical address, and then, in the last action step, encapsulates the packet based on the layer-2 technology used on the 195.150.5.0 network. This process is repeated for each router until the packet is finally delivered to the recipient station. In review, the steps a router takes are: 1. Verify the frame is addressed for the router port on which it was received, and that the FCS field is correct.

TABLE 6-1

Route Table Sample

RTR1 Route Table Destination Network

Out (Interface)

Next Hop (IP Address)

195.250.5.0

Serial 1

195.150.5.2

Destination Network

Out (Interface)

Next Hop (IP Address)

195.250.5.0

Serial 1

195.170.5.1

Destination Network

Out (Interface)

Next Hop (IP Address)

195.250.5.0

Serial 1

195.200.5.2

Destination Network

Out (Interface)

Next Hop (IP Address)

195.250.5.0

Ethernet 0

N/A

RTR2 Route Table

RTR3 Route Table

RTR4 Route Table

160

Chapter 6:

Routing Essentials and IP Addressing

2. Remove the frame header and trailer, and compare the destination layer-3 address in the packet header to the route table. 3. If the address does not match an entry, discard the packet. If it does match an entry, forward the packet to the appropriate interface for delivery. 4. Encapsulate the packet based on the layer-2 technology on the interface and apply the correct Physical layer address to deliver the new frame to the next hop address.

You must be very familiar with routing logic and the steps routers take when receiving a packet for delivery. Scenario-based exam questions will be

much easier to tackle if you know the steps described earlier and understand the basics of route tables.

Finally, we have one last, but extremely important, note on route tables and routing logic left to cover. As you’ll learn later in this chapter (and book), network addresses are defined by the number of bits in the network portion of the IP address. When a route is placed in a route table, the prefix tells the router how many bits to match between the packet’s destination address and the entry in the route table. A prefix appears as a “/” followed by a number. The number corresponds to the number of bits in the network portion of the address (IP addressing, subnets, and prefix numbers are covered in greater detail later in this chapter). The entry with the most matching bits always wins. For example, suppose three packets arrive at a router for delivery, addressed 10.5.1.1, 10.5.15.20, and 10.5.1.100. As these packets arrive, the router compares them to its route table entries, which are 10.5.1.1 /32 – Serial 0, 10.5.0.0 /20 – Serial 1, and 10.5.0.0 /23 – Serial 2. At first glance, it seems very confusing, but not when you look at the addresses as bits instead of decimals. One packet—10.5.1.1—is relatively easy to route because there is an entry in the route table that says, “If all 32 bits match these numbers ‘10.5.1.1,’ send it out interface S0.” The other two packets need to be taken down to bits to decide which interface will receive them. The bits for both addresses look like this: 10.5.15.20 = 00001010. 00000101. 00001111. 00010100 10.5.1.100 = 00001010. 00000101. 00000001. 01101000

Routing Fundamentals

161

The route table entries state the following: 10.5.0.0 /20 = If the first 20 bits equate to 00001010. 00000101. 0000, send the packet out interface S1. 10.5.0.0 /23 = If the first 23 bits equate to 00001010. 00000101. 0000000, send the packet out interface S2. An examination of the bits for both addresses shows that the 10.5.1.100 address has more bits in common with the 10.5.0.0 /23 route entry; therefore, it will be routed out interface S2. The 10.5.15.20 address does not match up as well with the same route entry, because it differs at the 21st bit (the route table entry is looking for a zero in that position, based on the prefix noted). The most bits it matches up with is to the 20th position, which matches the route table entry 10.5.0.0 /20.

The concept of matching the greatest number of bits in the route table to determine the correct interface on which to send the message is an integral part of the exam. You must be very familiar with how to do this. Many times, relying on just the decimal values will quickly become

overly confusing. Your best bet is to take the addresses to bits and note which address matches the largest amount of bits from left to right.There is no easy way to do this—you simply must practice, practice, and practice some more.

To correctly determine which interface a router is going to use for a particular packet, you must first decide to never look at decimals again. It’s such an important concept that I’m breaking the unwritten rule about writing it in first person to ensure you, CCENT candidate, understand this point clearly. If you wish to be a successful networking professional, and pass the CCENT exam, from this point forward you can never look at numbers in an IP address again. You will ALWAYS and ONLY look at the bits. Numbers will confuse and frustrate your efforts, but bits never lie. Yes, it takes longer—because you’ll have a lot of translating and math to do—but if you take the time for conversion and look at the bits instead of the decimals, it’s impossible to miss test questions. Math operations on translating decimal IP addresses to binary are covered in Chapter 7. When faced with a challenge like this (determining which route table entry will be used), look at the address like a router looks at it—in bits. First, translate the

162

Chapter 6:

Routing Essentials and IP Addressing

route entry to bits and count over the correct number of bits based on the prefix listed. Next, translate your address to bits and then line them up underneath. The entry with the most bits matching from left to right will be used. Another important entry you’ll see in a route table is the default route. The default route basically gives the router a place to send packets that it doesn’t have a clue about. For example, if your router has one port to the Internet, you might configure route entries for inside your network, then tell the router—through a default route—to send all other requests (in other words, all packets with routes not listed in the route table) to the Internet. Default routes must be manually added to the route table, and are covered in Chapter 10.

Routed and Routing Protocols The routing logic covered above relies on two separate, but equally important, thought processes. The first revolves around network definition—just how does a router know where one network ends and another begins? The second centers on the route table itself—how does the router learn which routes to put in its table? The first question can be answered with a discussion on routed protocols, and the second on routing protocols. To learn what routed protocols are and how they function, first consider the protocols and addressing used in layer 2—where routing does not exist. Ethernet uses MAC addressing in its frames to send messages. As stated before, MAC addressing is a flat model, meaning devices communicating using a physical MAC address must know, or have a way of knowing, the exact physical address of the intended recipient. Simply put, with a flat model, each device must know the address of every other device. Considering the billions of systems on the Internet, it’s easy to see why a flat model simply won’t work. A hierarchical model using logical addressing, however, provides a much better solution. Logical addressing actually provides two things within every single address—an address for an individual host and the network on which the host resides. In other words, when a layer-3 device receives a packet with a logical address, it uses the network portion of the address to route to the destination network, and the host portion to find the individual system on that network. By splitting the address between network and host, devices can use the logical address much like the ZIP code on a letter, quickly making hierarchical routing decisions along the way.

Routing Fundamentals

163

Routed protocols provide a method for a packet to be sent outside the sending device’s network because they make use of logical addresses. In short, they are simply those protocols that can be routed. A hierarchical logical addressing model provides a way to determine where networks begin and where they end, and routed protocols include these addresses in their packet headers. Routed protocol examples include IP, IPX, DECnet, and AppleTalk.

Be sure you know what routed protocols are and do, and are familiar with some examples of them. IP, IPX, AppleTalk, and DECnet all provide a

means to address both the host and the network to which the host belongs. In short, remember that routed protocols use logical addresses.

While routed protocols and logical addressing define network boundaries and allow for packets to be routed, the question of how route tables are built and maintained within routers remains to be answered. The two main methods of building route tables are statically and dynamically. Static routing simply means routes are manually entered into the route table. With static routing, administrators add and delete routes as needed. The benefits of static routing include: ■ Less overhead on the router’s CPU

There is no need to compute routes for the table if they are manually entered and maintained.

■ Less bandwidth usage on the network

No route advertisements need to be

sent from router to router. ■ Security

If routes can only be added or deleted manually by an administrator, there is less chance the route table can be poisoned by an outside influence.

Obviously, though, this method has its disadvantages. If route tables are statically built and maintained, any change to an existing network causes problems. In other words, routers will continue to forward traffic to a network that is down because the manually maintained route tables tell them to. If the administrator does not have a thorough understanding of the network, or is slow to react to network changes, network traffic can be disrupted for long periods of time. Therefore, static routing is not recommended, or even feasible, for large networks.

164

Chapter 6:

Routing Essentials and IP Addressing

Dynamic routing, on the other hand, is an excellent choice for large networks. In dynamic routing, routers learn about network routes and update their tables automatically. New network routes are added, outages are dropped or rerouted, and changes are updated on-the-fly, based on how a particular routing protocol functions. Routing protocols define how route tables are built, and are characterized by the methods used to exchange routing information between routers, the metrics used to determine routes, and the amount of time it takes for the network to converge. The two major categories of routing protocols are distance vector and link state. Regardless of which type of protocol is used, oftentimes a router will receive two (or more) routes to the same network. Quite common, due to the redundancy built into most networks, multiple route updates to the same network are ranked using two main methods: administrative distance or metric comparison. The administrative distance (AD) is a term and mechanism used on Cisco routers to rank routes according to how they were learned—the lower the administrative distance, the better the route. For example, a route learned from the RIP routing protocol has an AD of 120, while a route learned from OSPF would Remember the benefits have an AD of 110. If both route updates were and disadvantages of static routing, and for the same network ID, the router would put commit Table 6-2 to memory. Be sure the OSPF learned route in the table since Cisco to remember that the lower the AD, the trusts OSPF updates more than RIP updates. better the route. Administrative distances (listed in Table 6-2) should be committed to memory. If two updates are received by the router to the same network, and both have the same AD, then the router turns to metrics to determine the best path. The router

TABLE 6-2

Administrative Distances

Route Type

Administrative Distance

Directly Connected Network

0

Static Route

1

EIGRP

90

IGRP

100

OSPF

110

IS-IS

115

RIP (and RIPv2)

120

Unknown

255

Routing Fundamentals

165

will compare both updates and choose the best path to put in the route table based on whatever metric the routing protocol uses. Some routing protocols only use one metric, while others combine many metrics into their decision process. Examples of metrics include hop count, bandwidth, and reliability.

Distance Vector Routing Protocols Routers using distance vector protocols exchange information only with their directly connected neighbor routers—in other words, distance vector protocols only talk to routers they are directly connected to. Distance vector protocols exchange their entire route tables on a regular timed basis, regardless of whether any changes occur or not, and this information is exchanged as a network broadcast message. These protocols use only hop count as a metric—in a distance vector router, if two routes to the same destination are found, the router adds only the one with the shortest hop count to the destination. Distance vector routing protocols are very easy to implement, and work well on small networks; however, they are not recommended for large networks due to the concept of “routing by rumor.” (See Figure 6-3 for more information.) Routing by rumor is so named because distance vector routers do not learn about routes from the router “owning” the network. Rather, they learn about it from some other router’s table. In Figure 6-3, router A learns about the routes on

FIGURE 6-3

Message to RTR B: Network 172.21.0.0 is no longer available.

Distance vector routing

RTR A

RTR B

RTR C

RTR D 172.18.0.0

172.16.0.0

172.17.0.0

172.19.0.0

172.20.0.0

172.21.0.0

166

Chapter 6:

Routing Essentials and IP Addressing

router C because router B told him about it. If changes occur on router C’s end of the network, router A won’t know about it until router B sends him an update. Since route tables in distance vector are exchanged on a regular timed basis (every 30 seconds), if the change occurs just after an update is sent to router B, it could be quite a while before router A learns of the change. Additionally, router C won’t necessarily update router B as soon as the change occurs—it will wait to send the update on the next timed update cycle. Between these two problems, convergence time (the time it takes a network to respond to a network change) on a distance vector network is greatly slowed. Examples of distance vector routing protocols include RIP, Ripv2, and IGRP.

Link State Routing Protocols The second major category of routing protocols is link state. Link state protocols are considerably better choices than distance vector for a couple of reasons. First, link state routers do not waste bandwidth by sending the entire route table back and forth. Instead, link state protocols only send updates when a route changes, and these updates are sent multicast, not broadcast. These updates are known as, surprisingly enough, link state advertisements (LSAs). As soon as a network drops or is added, the router sends LSAs to all routers within the area. Each router then makes the appropriate update to its table, and sends an acknowledgment of receipt—something distance vector routers do not do. This brings us to the second major advantage link state protocols have over distance vector: convergence time. Link state networks converge much faster than a distance vector network— sometimes within just a few seconds! Since routers hear about route updates almost as soon as they occur, and hear it directly from the router who “owns” the network, convergence is very fast. Link state protocols are also capable of using many different metrics in determining routes. For clarification, consider Figure 6-4. A message received by RTR 1 headed to network 192.168.5.0 has two possible pathways—out Serial 0 or Serial 1. The pathway from Serial 0 to the network goes through only two routers (hop count of 2), but each link in the chain is only 56 Kbps. The pathway from Serial 1 to the network goes through three routers (hop count of 3), but each link along the chain is T1 (1.544 Mbps) or better. If the network is using distance vector routing, and RTR 1 receives a message intended for network 192.168.5.0, it always sends the message out interface Serial 0 due to hop count—two hops are less than three; therefore, it’s a better route. However, the speeds of each link actually make the Serial 1 pathway a better choice. Link state protocols would take this into account and the message would be sent out Serial 1, reaching the intended recipient faster.

Routing Fundamentals

167

FIGURE 6-4

A link state route example

RTR 1

S0

56Kbps

S1

1.544 Mbps

RTR 2

56Kbps

RTR 3

1.544 Mbps

RTR 4

RTR 4 1.544 Mbps

192.168.5.0

RTR 5

Examples of link state protocols include OSPF and IS-IS.

You must be able to compare and contrast the characteristics of distance vector and link state protocols, as well as identify examples of each. Distance vector protocols use hop count as a metric, converge slowly, and exchange

their entire route tables on timed intervals only to their directly connected neighbors. Link state protocols use several different metrics (including bandwidth), converge very quickly, and send LSAs throughout the network as soon as a route changes.

Routing protocols allow routers to dynamically advertise and learn about routes, as well as determine which are the most efficient routes to an end destination. Distance vector protocols require less router CPU processing cycles, but do not work

168

Chapter 6:

Routing Essentials and IP Addressing

well on larger networks, and do not acknowledge routing updates. Link state protocols are more memory- and CPU-intensive, but converge much faster, and only send updates when a network change occurs. More information on routing protocols, and configuration steps concerning them, will be covered later in Chapter 10. There is a third routing protocol type, known as a Hybrid. EIGRP acts like a distance vector protocol, but takes advantage of some link state characteristics as well. CertCam

A multimedia demonstration comparing Distance Vector to Link State protocols can be found on the CD accompanying this book.

CERTIFICATION OBJECTIVE 6.02

An Introduction to IP Addressing The most common routed protocol in networking today, Internet Protocol (IP), is part of the TCP/IP suite and is, by far, the most important area of study for a potential CCENT candidate. As stated in the previous section, routed protocols provide a means to address both the individual system and the network to which it is a part. IP will be covered throughout the remainder of this book; however, this section is dedicated to introducing basic IP address concepts and understanding how they define network boundaries. In these pages, we’ll cover IP address construction, classes of IP addresses, and the concept of public and private addressing.

IP Address Construction Though most entry-level networking technicians are probably familiar with how an IP address looks, they may not know how it’s actually put together. Typically, IP addresses are displayed in dotted decimal notation, and appear as four numbers separated by dots. This is helpful to us since people generally can remember and work with numbers. However, IP addresses aren’t actually made up of numbers. They are made up of bits that happen to add up to the numbers displayed in the dotted decimal format. Each number of an IP address is made up of eight individual bits, and the number values that can be created by these eight bits range from 0 to 255.

An Introduction to IP Addressing

169

Sooner or later, you’ll come across an IP address that doesn’t look anything like what we’re discussing here.The focus of this section—as well as the book and CCENT exam—is IP version 4 (IPv4). IP version 6 (IPv6) is the newest version of IP addressing and will soon become a part of your networking experience. For now, you’ll see and work with IPv4, more so than any other routed protocol. Keep in mind, too, that the exam concentrates on it. For example, consider the address 10.1.2.3. In binary, this address is actually 00001010.00000001.00000010.00000011. Each decimal number is made up of 8 bits, known as an octet, and each octet is referred to by the portion of the address it makes up. The bits creating the number 10 belong to the first octet, while the bits creating the numbers 1, 2, and 3 are in the second, third, and fourth octets, respectively. Additionally, the bits within an IP address are further divided into two sections—the network portion and the host portion. The network bits are used to identify the network the message is intended for, and the host bits are used to identify the individual host on the network. Of the 32 bits available, at least eight of them must belong to the network portion, while at least 2 must belong to the host portion. In the preceding example, if the first eight bits belong to the network portion, then the message would be for the computer addressed “1.2.3” on the “10” network. All computers belonging to this network must have an IP address that begins with 10, and their host bits must not be the same as any other system on the network. For example, 10.1.2.4, 10.1.2.5, and 10.200.50.8 are all on the same network. A computer addressed 11.1.2.3 would not be on the same network because the network bits don’t match. See Figure 6-5 for more clarification. A key concept for CCENT candidates, as well as for networkers in general, is simple: if the network bits on two addresses do not match, then the two messages are intended for two separate networks. This may seem like an obvious statement, but

Network Bits

FIGURE 6-5

IP addresses: The network bits

Host Bits

10.1.2.4

: 00001010.

00000001. 00000010. 00000100

10.1.2.5

: 00001010.

00000001. 00000010. 00000101

10.200.50.8 : 00001010.

11001000. 00110010. 00001000

11.1.2.3

00000001. 00000010. 00000011

: 00001011.

170

Chapter 6:

Routing Essentials and IP Addressing

it’s only obvious when the network bits happen to fall on a dot. In other words, if 8, 16, or 24 bits belong to the network portion, it’s easy to tell because the numbers simply look different. However, what if there were nine bits in the network portion? Consider the following example for a little more clarity on the subject. Imagine there are two devices—one addressed for 10.200.15.1 and one addressed for 10.12.15.1. At first glance, it may appear that these two systems belong to the same network, but the question that must first be answered is, do the same number of bits in both addresses belong to the network portion? If both systems use only the first eight bits, then yes, both would be in the same network. However, what if both systems used the first ten bits? If you examined the first ten bits of both addresses, they are different, meaning they’re both in different networks—or subnets. See the top portion of Figure 6-6 for more information. Lastly, the host bits within a 32-bit IP address can represent two separate items: a host address and a broadcast address. A host address is simply a device within the network, and as long as at least one bit is turned on (1) the address is useable on the network. Many times, though, it’s imperative that a message be sent to every device on the network. In this instance, if all host bits are turned on, the message is sent to every device on the network. If all host bits are set to 1’s, the address is known as a broadcast address. Conversely, if all host bits are set to 0’s, the address represents the network. For example, if the network portion of the address 10.1.2.3 took up only the first octet, the network address would be 10.0.0.0 (all host bits set to 0’s) while the broadcast address would be 10.255.255.255 (all host bits set to 1’s). Refer to the bottom half of Figure 6-6 to see how the bits line up for each address.

FIGURE 6-6

IP addresses: Comparing network bits

Comparing Network Bits Network Bits

Host Bits

10.200.15.1 : 00001010. 11

001000. 00000010. 00000100

10.12.15.1

001100. 00000010. 00000101

: 00001010. 00

Network ID and Broadcast Address Bits Network Bits Host Bits Network ID : 00001010.

00000000. 00000000. 00000000 = 10.0.0.0

10.12.15.1

11111111. 11111111. 11111111 = 10.255.255.255

: 00001010.

An Introduction to IP Addressing

It is absolutely essential that you thoroughly understand the concepts in this section. Review the construction of IP addresses and be sure you understand network versus host bits. If the network bits match, then the systems are on the same network. Make sure you understand how host bits determine the type of address: if

171

all host bits are set to 0’s (network address), all set to 1’s (broadcast address), or anything in between (useable addresses for hosts on the network). Lastly, and very importantly, remember that IP addresses are actually made of BITS, not numbers… If you just look at numbers, you’ll miss questions on the test.

IP Address Classes With 32 bits to manipulate into different combinations, IPv4 provides for 4,294,967,296 possible unique addresses. Initially, this seemed like plenty of address space, but organizing such a large pool of possible addresses still remained to be figured out. The entire concept of routing is based on the same principle, discussed several times in this book, as the ZIP code system used by the post office. Therefore, some organization in assigning IP addresses to businesses and ISP’s is essential—if there were no organization and addresses were simply handed out at random, routing would break down. The answer, at least at first, was to divide the IP address space into logical easy-to-recognize assigned classes and to have a central authority track and assign address allocation. In RFC 791, the IP address space was divided into three classes, with each one providing space for a particular need. Throughout the years, several entities (such as ICANN) have controlled the allocation of these classes based on need and availability. Class A addresses were to be handed out for large networks, Class B networks went to intermediate organizations, and Class C addresses were for smaller networks. The organization of addresses into classes followed a very logical—if not practical in the long run—method. The logic behind the decision is listed in Table 6-3. Class A addresses were assigned to allow for very large networks. Large networks would need an extraordinary amount of host addresses, so the decision was made to allocate only the first octet to the requesting organization. For example, suppose a government entity requested a Class A address. ICANN would assign the first eight bits, leaving the last 24 up to the network owner to assign as host addresses.

172

Chapter 6:

Routing Essentials and IP Addressing

TABLE 6-3

IP Address Classes

Class Network Bits Host Bits

Available Host Addresses Per Network

Intended Use

24

A

First 8 bits

Last 24 bits

16, 777, 214 (2 –2) Large Networks (ISPs, and so on)

B

First 16 bits

Last 16 bits

65,534 (216–2) 8

Intermediate Networks

C

First 24 bits

Last 8 bits

D

At least 8

Depends on # N/A of network bits

Reserved for Multicast

E

At least 8

Depends on # N/A of network bits

Reserved for Experimental Use

254 (2 –2)

Small Networks

If the address assigned was the 9 network, 9.0.0.0, the owner could not change the first eight bits, but could manipulate the last 24 to assign individual host addresses. Every computer in the network would begin with the number 9 in the first octet (hosts could be addressed 9.0.0.1 through 9.255.255.254). The same logic applies for Class B and C networks, only with different numbers of network bits assigned. If an organization received a Class B network, ICANN would assign the first two octets, leaving the last two for hosts. If it were a Class C network, the first three octets would be assigned, leaving only the last one for hosts. For example, an assignment of the Class B network 188.77.0.0, leaves 188.77.0.1 through 188.77.255.254 as possible host addresses for the administrator to assign. So long as a computer’s address begins with 188.77 in the first two octets, it would belong to the network. A Class C example, 195.95.100.0, would leave only the last octet—195.95.100.1 through 195.95.100.254—available for hosts. You may notice in Table 6-3 that the formula for finding out how many host addresses are available includes a “–2.” Why not just 2n?, you may ask. Remember from our previous discussion that host bits can be all 0’s, all 1’s, or anything in between. All 0’s indicates the network address, while all 1’s indicates the broadcast address.Therefore, out of every grouping of host bits, two addresses cannot be used—the network and broadcast addresses. After developing the logic behind classes, the task of actually dividing up the IP address space became paramount. It could have been done in several ways, but the agreement reached in RFC 791 won out. This agreement stated that the arrangement of the first octet determined to which class an address belonged.

An Introduction to IP Addressing

173

Since the first octet began with 00000000 and ended with 11111111, it seemed logical that some definable pattern in the arrangement of those bits could be used to satisfy the end goal. If you follow the arrangements of bits to represent decimals, you discover a repeatable pattern that makes dividing the address space easy. The first arrangement of bits is 00000000, followed by 00000001, 00000010, 00000011, and so on. This pattern repeats until you have 01111111, making an easily definable range. In other words, if the first bit of an IP address is 0, the address is in Class A. Class A addresses range from 1 (00000001) to 127 (01111111). The next two classes were just as easy to create. Following the pattern, the next available number looks like this in binary: 10000000. Instead of the address starting with a 0, Class B addresses start with a 10. Filling in the range, you get 10000000– 10111111.Therefore, the decimal range for a Class B address is 128–191. Class C addresses begin with 110, and range from 11000000–11011111, which equates to 192–223. The number ranges for IP address classes are listed in Table 6-4. Note: You’ll notice the range for Class A does not include 0 or 127.These address ranges are reserved and cannot be allocated for public use; therefore, they are not listed in the valid range shown here. Additionally, the default subnet masks are listed for reference here only—subnetting and subnet masks will be covered in Chapter 7.

The information in Table 6-3 and Table 6-4 should be committed to memory.You need to be able to identify which class an IP address is in based on the

TABLE 6-4

IP Address Class Ranges

Class A

Leading Bits

first octet number, as well as to define the number of hosts available, number ranges, default subnet masks, and leading bits for all classes on the exam.

First Octet Range Hosts per Network Default Subnet Mask

0

1–126

16,777,214

B

10

128–191

65,534

C

110

192–223

254

255.0.0.0 255.255.0.0 255.255.255.0

174

Chapter 6:

Routing Essentials and IP Addressing

IP Address Technologies While this arrangement of IP addressing seems entirely logical, simple, and useable, it does have many inherent flaws. For instance, suppose you have a small network of 300 users. If you went to ICANN looking for address space, you would have to purchase a Class B—a Class C (254 useable addresses) simply wouldn’t provide enough addresses. This would satisfy your needs; however, 65,234 addresses would be wasted. You only needed and used 300, but the other 65,234 addresses still belong to your network and, effectively, cannot be used by anyone else. Obviously, this problem—along with reserving ranges for specific uses—rapidly saw IP address space deplete. Several technologies were developed at the outset (and along the way) to help remedy this problem. Technologies include subnetting, Network Address Translation (NAT), Classless Inter-Domain Routing (CIDR), and IP version 6. It has been said the original developers of internetworking and IP didn’t have any idea how large and ubiquitous it would become. Want proof? Consider the reserved address 127.0.0.1—commonly referred to as the loopback address. The loopback address was built into every TCP/IP-enabled device to test the TCP/IP binding to the NIC. In other words, an entire Class A address range was set aside, wasting 16,777,213 addresses, so we could ping ourselves. Subnetting basically allows an administrator to simply borrow host bits to create smaller networks (called subnets) out of one larger address range. For one example, consider a business needing two separate small networks, with between 20 and 30 users on each. In this instance, even though one Class C would provide plenty of addresses, you’d still need to purchase two separate network ranges. This would waste address space, add confusion, and make for additional route advertisements, slowing down the system as a whole. With subnetting, however, an administrator can purchase one Class C and simply tell the router, “Instead of paying attention to only the first 24 bits, now pay attention to the first 26 bits and count them all as network bits.” In Figure 6-7, the Class C address 200.200.200.0 is being subnetted to create two new subnets. Notice how the original network/host boundary is simply moved over by two bits. In the bottom half of the figure, the administrator then simply changes those bit values to create two different networks (subnets) for use in his design—200.200.200.128 and 200.200.200.64. By taking two bits from the host range and counting them as network bits, the administrator can create two new subnets, and assign hosts to either. As long as the two new network bits match (for instance, they are both 10 on one network

An Introduction to IP Addressing

FIGURE 6-7

Before Subnetting: 200.200.200.0

175

Network Bits: Host Bits: 11001000. 11001000. 11001000. 00000000

A subnet sample Original dividing line was here. After Subnetting:

Network Bits: Host Bits: 11001000. 11001000. 11001000. 00 000000 Dividing line has been moved to here.

New Subnets Created:

Network Bits:

Host Bits:

200.200.200.64

11001000. 11001000. 11001000. 01 000000

200.200.200.128

11001000. 11001000. 11001000. 10 000000

and 01 on the other) in the address, then the address belongs to the same network. Change either of the two bits, and you’re in a new subnet. Figure 6-8 shows the network after subnetting, with each subnet assigned appropriately. By manipulating the newly available network bits, the administrator can conserve IP address space, reduce route advertisements, and save a lot of money in the process! Subnetting is covered in much greater detail later in the book. FIGURE 6-8

A subnet example

Network ID: 200.200.200.64

Internet

Network ID: 200.200.200.128

176

Chapter 6:

Routing Essentials and IP Addressing

Lastly, two terms are associated with subnetting: classful and classless. Classful refers to the treatment of every IP address within the class system discussed earlier. In other words, only the default subnet masks and classes are used. Classless refers to the use of subnetting to define network IDs. For example, in classful routing, the address 17.5.4.3 would automatically belong to the 17.0.0.0 network, based on what we know about Class A addresses and their default subnet masks. However, in classless routing, we would need the subnet mask, along with the IP address, to determine which network the system was on. Routing protocols that are considered to be classful do not recognize subnets, while those that are classless can use subnetting.

Subnetting is covered later in the book; however, the details in this section deserve attention and memorization. Be sure you understand the concept of simply borrowing bits from the host field and assigning them to the network field to create subnets. Each subnet has a unique set of bits that

identifies it—all hosts on that subnet will have the same matching network and subnet bits. Lastly, and quite obviously, borrowing bits from the host field increases the number of networks (subnets) you can have, but reduces the number of hosts allowed on each.

Another technology in place to help stem the tide of depleting IP address space is private addressing and Network Address Translation. The idea for private addressing was simple: business and home networks don’t necessarily need public IP addresses for every device in their network. Private addresses were created to allow administrators to create subnets and assign host addresses inside their enterprise networks without wasting public address space. Private addresses are not routed through border routers to the Internet. In other words, devices with private IP addresses cannot connect directly to the Internet, and computers outside the local network cannot connect directly to a device with a private IP. Additionally, multiple businesses can use the same private IP address range since their networks will never be routed out to the Internet. Private addresses also provide additional security for hosts on your network. Since the addresses are not routed outside the network, no one from the Internet can access the systems from the outside—any return messages from an attempt to connect would simply be dropped at the border router. RFC 1918 created private address ranges within each IP address class for internal networks. The private IP address ranges are listed in Table 6-5.

An Introduction to IP Addressing

TABLE 6-5

Private IP Address Ranges

Network Class

Private Address Range

A

10.0.0.0

B

172.16.0.0 through 172.31.0.0

C

192.168.0.0 through 192.168.255.0

177

Another address you might recognize is the Automatic Private Internet Protocol Addressing (APIPA) range. Created through a different RFC than the other ranges (RFC 3300 as opposed to RFC 1918), APIPA addresses (169.254.0.0) are used on a variety of different operating systems to automatically assign IP addresses in the event a DHCP server cannot be found. The idea is that, without a DHCP server, all systems booting in the network would randomly choose an address in the same subnet (169.254.0.0/24). APIPA addresses can also be used as a troubleshooting indicator, having become a tell-tale sign that something is wrong between the PC and the DHCP server. Using private addressing inside the enterprise network does help conserve IP address space, but it’s only half the story. A technology is available that permits the use of private addressing while simultaneously allowing devices in your network to connect to the Internet. Network Address Translation (NAT) is a service that runs on a router, firewall, or server, and is used to translate private IP addresses into useable public IP addresses. NAT maps private IP addresses to public addresses and keeps track of sessions, allowing networkers to use one public IP address to represent many private addresses behind it. NAT can be implemented in several methods, but the basic concept behind it is relatively simple to understand. As shown in Figure 6-9, a system inside the network initiates a request for a web page on the Internet. The request is sent to the default gateway (router) where it is intercepted by NAT. NAT maps the internal private IP address to a public IP address, records the session, and sends the request out using the public address. When the answer is returned, NAT sends the message to the internal client. This not only hides the internal network from the Internet, but allows multiple internal systems to use a single external IP address. NAT can be implemented statically or dynamically, and can use a single public address or a pool of addresses. In static NAT, mappings from private to public are manually defined in a list created and maintained by the administrator, something which is also known as one-to-one. In dynamic NAT, the administrator assigns a

178

Chapter 6:

Routing Essentials and IP Addressing

FIGURE 6-9

P: Sr 199 c P .5 or 5.8 Sr t: .5, cI 45 D P: 34 es Sr 220 4, t I c P .1 D P: 5 es 2 or .1 t P 20 t: 2.7 80 7 or .15 , ,D D t: .12 80 .7 es est 7 t P IP or : 1 t: 9 45 9.5 3 4 5. 4 8.5

Web Server: 220.15.12.77

NAT, Running on the Router, Presents a Single Public Address: 199.55.8.5

Sr cI

Network Address Translation

Src IP: 220.15.12.77, Dest IP: 172.16.10.5 Src Port: 80, Dest Port: 45344

Src IP: 172.16.10.5, Dest IP: 220.15.12.77 Src Port: 45344, Dest Port: 80

Private Address Inside: 172.16.10.5

single address, or a pool of addresses, and the NAT service takes care of mapping as requests come in. Dynamic NAT is also known as many-to-one and can be implemented in two different methods. In one method, standard dynamic NAT, message requests are handled dynamically, but only one at a time. As a request comes in and is mapped to a public IP address, no other internal machine can use that address until the initial request has been fulfilled and the address is freed for use. The second method—Port Address Translation (PAT)—also keeps track of the port numbers in the session request.

Be sure to memorize the private IP address ranges and know their basic characteristics. Remember, private addresses cannot be routed out of your

network, and systems with a private address cannot be accessed from outside the network.

An Introduction to IP Addressing

NAT and PAT configuration will be covered later, but for now make sure you understand the basics of the technology. NAT allows privately addressed systems inside your network to access

179

the public Internet, and (if so configured) vice versa. It also provides additional security by masking the true source of Internet requests.

This allows multiple systems to use the same public IP address at the same time. NAT and PAT configuration on routers is covered later in Chapters 9 and 10. The third technology in place to mitigate against IP address depletion is Classless Inter-Domain Routing (CIDR). In short, CIDR eliminates the old class system of IP address allocation and provides two important advantages. The first is the ability to acquire and use only the amount of IP addresses needed, and the second is to represent multiple subnets with a single route advertisement. CIDR representation is often used in place of subnet masks in displaying and referring to networks within a subnetted environment. For example, the default subnet mask for the Class B address 135.17.0.0 is 255.255.0.0. In CIDR, this same advertisement can be sent and referred to as 135.17.0.0 /16. The number after the “/” refers to the number of bits belonging to the network portion of the address. In modern networking, both subnet masks and CIDR notation are used interchangeably. The last technology in place to mitigate against IP address depletion is IP version 6. IPv6 is not commonly seen in today’s networks, but its implementation is all but inevitable. While IPv4 addresses are 32 bits in length and have four octets, IPv6 addresses are 128 bits long and have 16 octets. IPv6 addresses are displayed in hex digits separated by colons—for example 0000:0000:0000:0000: FFFF:FFFF:AABB:0102. The additional bits provide for an unbelievable amount of addresses (over 1038), as well as several additional benefits (Quality of Service features, a higher degree of security, and so on). IPv6 addressing is not covered heavily on the exam; however, you should be able to compare basic features of both IPv4 and IPv6.

180

Chapter 6:

Routing Essentials and IP Addressing

INSIDE THE EXAM Routing Fundamentals Many CCENT questions on routing logic and fundamentals will be simultaneously simple and confusing. To ensure you’re prepared, be sure you can re-create the steps a router takes when receiving a packet for delivery, and be prepared for several questions concerning the function of the route table. Pay particular attention to the concept of the largest prefix match. The exam will also require you to identify and describe routed and routing protocols. Be prepared to compare and contrast each.

An Introduction to IP Addressing You must be very well versed in IP address construction for the exam. Remember that, even though they are displayed in dotted decimal format, IP addresses are actually 32 bits, divided into octets and separated by dots. Each octet can be arranged to display numbers from 0 to 255. IP addresses have two subsections—the

network portion and the host portion. If all host bits are set to 0’s, the address shows the network ID. If all host bits are set to 1’s, the address is the broadcast address for the subnet. Any combination of host bits in between is a valid address for the network. Several questions will concentrate on these three options. Be prepared to not only identify classful addressing but to apply the information within a scenario or simulation question. Be sure you understand how many octets are available on each class for host addresses, and be prepared to identify and use each class’s private address range. While not heavily tested on the exam, you should be able to identify IP address depletion technologies and describe their basic function. Be sure to review and understand basic NAT and PAT functions and purposes. Lastly, make sure you can recognize and identify IPv6 characteristics.

CERTIFICATION SUMMARY The steps a router takes when receiving a packet for delivery are: Check the FCS, discard the old frame header, and verify the destination IP address against the route table. If there is a match, create a new frame header and trailer for the packet, and send it out the appropriate port. If there is no match, discard the packet. You must also be prepared for several questions concerning the function of the route table. Remember, if there is no entry in the route table, the packet is dropped. If there is an

Certification Summary

181

entry in the route table, the router will forward the packet out the interface with the most matching bits. Routed protocols contain logical addresses and can be routed to an end destination. Examples include IP, IPX, DECnet, and AppleTalk. Routing protocols define how route tables are built and how routers share information with one another. Static routing requires manual updates and has several advantages and disadvantages, while dynamic routing uses routing protocols. Distance vector routing protocols use only hop count as a metric and work well on small networks. Examples include RIP, RIPv2, and IGRP. Link state routing protocols converge much faster, use a variety of metrics in determining route entries, and send LSAs when network outages and changes occur. Examples include OSPF and IS-IS. IP addressing is probably one of the most tested areas of study on the exam. Familiarity with the concepts in this chapter is essential to success on the exam. Remember and study IP address construction: displayed in dotted decimal format, IP addresses are actually 32 bits, divided into octets and separated by dots. Each octet can be arranged to display numbers from 0 to 255. IP addresses have two subsections—the network portion and the host portion. If all host bits are set to 0’s, the address shows the network ID. If all host bits are set to 1’s, the address is the broadcast address for the subnet. Any combination of host bits in between is a valid address for the network. Several questions will concentrate on these three options. The CCENT exam will require you to identify IP address classes, as well as the private ranges within each class. Class A addresses begin with 1–126 and each network can host over 16 million addresses. Class A’s have a default subnet mask of 255.0.0.0 and the private address range is 10.0.0.0. Class B addresses begin with 128–191 and each network can host over 65,000 addresses. Class B’s have a default subnet mask of 255.255.0.0, and the private address range is 172.16–31.0.0. Class C addresses begin with 192–223 and each network can host 254 addresses. Class C’s have a default subnet mask of 255.255.255.0 and the private address range is 192.168.0–255.0. Technologies to combat IP address depletion include subnetting, NAT, CIDR, and IPv6. Subnetting allows an administrator to borrow host bits to create smaller networks (called subnets) out of one larger address range. Classful refers to the treatment of every IP address within the class system discussed earlier. In other words, only the default subnet masks and classes are used. Classless refers to the use of subnetting to define network IDs. Routing protocols that are considered to be classful do not recognize subnets, while those that are classless can recognize subnetting.

182

Chapter 6:

Routing Essentials and IP Addressing

You should be very familiar with fundamentals regarding private addressing: devices with private IP addresses cannot connect directly to the Internet; computers outside the local network cannot connect directly to a device with a private IP; multiple businesses can use the same private IP address range; and private addressing and NAT provide additional security for hosts on your network. Network Address Translation (NAT) is a service used to translate private IP addresses into useable public IP addresses. NAT maps private IP addresses to public addresses and keeps track of sessions, allowing networkers to use one public IP address to represent many private addresses behind it. PAT adds the port numbers to the session track, allowing better security and permitting multiple systems to connect simultaneously. CIDR eliminates the old class system of IP address allocation and provides two important advantages. The first is the ability to acquire and use only the amount of IP addresses needed, and the second is to represent multiple subnets with a single route advertisement. CIDR representation is often used in place of subnet masks in displaying and referring to networks within a subnetted environment. The number after the “/” refers to the number of bits belonging to the network portion of the address. In modern networking, both subnet masks and CIDR notation are used interchangeably. IPv6 addresses are 128 bits long and have 16 octets. IPv6 addresses are displayed in hex digits separated by colons—for example, 0000:0000:0000:0000:FFFF:FFFF: AABB:0102. The additional bits provide for over 1038 addresses, as well as several additional benefits (Quality of Service features, and so on).

Two-Minute Drill

✓

183

TWO-MINUTE DRILL Routing Fundamentals ❑ To determine which interface to send an incoming message out, the router

compares the destination IP address to its route table. If there is no match, the packet is discarded. If there is a match, the route table entry matching the most number of bits from left to right when compared with the address is used to route the packet. ❑ When a message is received by a router, it checks the FCS field and discards

the header and trailer. The destination IP address in the packet header is then examined and compared against the route table. The packet is then reframed and sent out the appropriate port. ❑ Routed protocols are used to transport data to end systems due to the hierar-

chical, logical addressing found in their header. Examples are IP, IPX, DECnet, and AppleTalk. ❑ Static routing requires the administrator to add and remove route table entries

manually. Its advantages include less router CPU overhead, less bandwidth usage on the network, and better security. Its disadvantage is very slow convergence— network outages have to be manually updated in all route tables. ❑ Routing protocols define how route tables are built, which metrics are used to

determine routes, and how routers communicate with each other. ❑ Distance vector routing protocols use hop count as their only metric and

trade their entire route table on a timed repeating basis to their directly connected neighbor. “Routing by rumor” makes for long convergence times. Examples include RIP, RIPv2, and IGRP. ❑ Link state routing protocols use a variety of metrics to compare routes and only

send LSAs when a network change occurs. Convergence is much faster with a link state protocol, and they are generally better choices for large networks. Examples include OSPF and IS-IS.

An Introduction to IP Addressing ❑ IPv4 addresses are displayed in dotted decimal notation, but are actually

made up of 32 bits. Each 8-bit section is referred to as an octet, and numbers can range from 0 to 255. IP addresses have two sides—the network portion and the host portion.

184

Chapter 6:

Routing Essentials and IP Addressing

❑ If all host bits are set to 0’s, the address is the network ID. If all host bits are

set to 1’s, the address is the broadcast address for the network. Any other combination of host bits creates a useable host address on the network. ❑ Class A addresses are identified in the first octet by numbers ranging from 1

to 126. Class A’s assign only the first octet, leaving the last three for host bits, and can support 16,777,214 hosts per network. The default subnet mask is 255.0.0.0. ❑ Class B addresses are identified in the first octet by numbers ranging from

128 to 191. Class B’s assign the first two octets, leaving the last two for host bits, and can support 65,534 hosts per network. The default subnet mask is 255.255.0.0. ❑ Class C addresses are identified in the first octet by numbers ranging from

192 to 223. Class C’s assign the first three octets, leaving the last octet for host bits, and can support 254 hosts per network. The default subnet mask is 255.255.255.0. ❑ Public addresses can be accessed from any system on the Internet. Private

addresses are used inside a network (intranet) and require NAT to access outside, public resources. The private address ranges are 10.0.0.0, 172.16-31.0.0, and 192.168.0-255.0. ❑ Network Address Translation (NAT) is a service that maps private IP ad-

dresses to public addresses and keeps track of sessions. NAT allows many private IP addresses to be hidden behind one or several public addresses. Port Address Translation (PAT) also keeps track of the port numbers in the session request. This allows multiple systems to use the same public IP address at the same time ❑ IPv6 is the next generation of IP addressing. IPv6 addresses are 128 bits long

with 16 octets, and are displayed as hex digits separated by colons.

Self Test

185

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Routing Fundamentals 1. Which of the following is/are true regarding router operation? A. Routers work at layer 3 only. B. Routers work at layers 1, 2, and 3 to accomplish their tasks. C. Routers only examine layer-3 addresses. D. Routers must examine the layer-2 address to accept the frame first, and then afterward will look at the layer-3 address. 2. True/False: The destination device is separated from the sending device by four routers. The largest PDU that makes it intact across all four routers is the original frame. A. True B. False 3. Which of the following is/are true regarding route tables? A. The next hop address is irrelevant to router operation. B. The next hop address is used to find an address for the new layer-2 frame header. C. The next hop address is used to accept routing updates only. D. If there is no entry for the packet’s destination network address, the packet will be forwarded out the closest matching interface. E. If there is no entry for the packet’s destination network address, the packet will be discarded. 4. A router receives a message addressed 172.16.15.75. The relevant route table entries are 172.16.0.0 /20 – Serial 0, 172.16.0.0 /23 – Ethernet 0, and 172.16.15.64 /26 – Ethernet 1. Which interface will the router forward the packet to? A. Serial 0. B. Serial 1. C. Ethernet 0. D. Ethernet 1. E. None of the above. The packet will be dropped.

186

Chapter 6:

Routing Essentials and IP Addressing

5. Which of the following is/are considered routed protocols? A. RIP B. IP C. OSPF D. DECnet E. IS-IS 6. Which of the following is NOT an advantage of static routing? A. Less overhead on router CPU B. Less bandwidth usage on the network C. More bandwidth usage on the network D. Greater security 7. Which of the following is/are considered to be a distance vector protocol? A. RIP B. RIPv2 C. IGRP D. EIGRP E. OSPF 8. Which of the following is/are considered to be a link state protocol? A. RIP B. RIPv2 C. IGRP D. EIGRP E. OSPF 9. Link state routing protocols have which of the following characteristics? A. They use hop count as a metric to determine routes. B. They use multiple metrics to determine routes. C. They exchange routing information only with their directly connected neighbor routers. D. They exchange routing information directly from other routers throughout the network.

Self Test

187

An Introduction to IP Addressing 10. PC1 has an IP address of 10.1.1.5, and PC2 has an IP address of 10.1.2.5. Which of the following statements is true regarding these two systems? A. If classful addressing is used, both PCs always belong to the same network ID. B. If classful addressing is used, both PCs do not belong to the same network ID. C. If classless addressing is allowed, both PCs may be on the same network ID. D. If classless addressing is allowed, both PCs are never on the same network ID. 11. You are examining a network ID of 172.16.1.0 /24. Which of the following is a useable host address on this network? A. 176.16.1.1 B. 172.16.1.254 C. 172.16.1.0 D. 172.16.1.255 12. What is the valid number range for the first octet of a Class B network? A. 0–126. B. 127–191 C. 128–191 D. 128–192 E. 192–223 13. PC1 has an IP address of 172.16.12.5. PC2 is on a separate network subnet. Assuming there is no subnetting (that is, only classful addressing is used), which of the following addresses could PC2 use? A. 172.16.250.5 B. 172.17.12.5 C. 172.16.0.1 D. 220.220.200.255 E. 8.255.255.0 14. How many hosts can be served on a Class B network? A. 16,777,214 B. 65,534 C. 32,766 D. 254

188

Chapter 6:

Routing Essentials and IP Addressing

15. You have enabled PAT on an exterior router, using a single public IP address: 220.220.220.5. Three requests come from internal clients headed to public Internet sites. The requests are listed here: PC1 – Source IP: 172.16.5.1, source port 10000, destination port 80 PC2 – Source IP: 172.16.5.2, source port 10001, destination port 80 PC3 – Source IP: 172.16.5.3, source port 8888, destination port 80 The first response to the router from the Internet contains the following information: Source/Destination IP: 88.55.6.3 / 220.220.220.5 Source / Destination Port: 80 / 10001 To which PC will PAT send the response? A. PC1. B. PC2. C. PC3. D. None. PAT will not relay responses back to the network.

Self Test Answers

189

SELF TEST ANSWERS Routing Fundamentals ✓ B and D. All devices must work at the Physical layer, and the router must also examine 1. ® the layer-2 address to determine if the frame is intended for it or not. After the frame’s physical address is verified, the router moves up to layer 3 and examines the IP address. ® ˚ A and C. When a device is said to work at a given layer, it means the device works at all layers up to that level. Routers work at layer 3; therefore, they perform functions at layers 1 through 3. ✓ B. Frame headers and trailers are removed and discarded at each router, then rebuilt for the 2. ® next link in the chain. ® ˚ A. The statement is false. ✓ B and D. When the router makes a decision as to which interface to send a message out, 3. ® it performs an ARP to determine the Physical layer address for the new frame. If there is no matching entry in the route table, packets are discarded. ® ˚ A, C, and E. Next hop addresses are used by routers to determine the address for the new frame and are not used solely for routing updates. Packets with no matching entry in the route table are discarded, not forwarded. ✓ D. If you translate 172.16.15.75 into binary, it matches 26 bits in the last route table entry, 4. ® as opposed to only 20 in the first two. ® ˚ A, B, C, and E. Since the address bits match more of the last route entry, it will be chosen over the first two. The packet will not be dropped because there is a route table entry for it. ✓ B and D. IP and DECnet are routed protocols since they both contain logical addresses in 5. ® their headers. ® ˚ A, C, and E. RIP, OSPF, and IS-IS are all routing protocols. ✓ C. Static routing does not use routing updates; therefore, there is less traffic on the network, 6. ® not more. ® ˚ A, B, and D. All of these choices are true regarding static routing. ✓ A, B, and C. RIP, RIPv2, and IGRP are all distance vector protocols. 7. ® ® ˚ D and E. EIGRP and OSPF are considered link state protocols. ✓ D and E. EIGRP and OSPF are considered link state protocols. 8. ® ® ˚ A, B, and C. RIP, RIPv2, and IGRP are all distance vector protocols. ✓ B and D. Link state protocols use multiple metrics in determining and ranking routes. 9. ® LSAs are sent directly to all routers within the network, not just to directly connected neighbor routers. ® ˚ A and C. These are untrue statements.

190

Chapter 6:

Routing Essentials and IP Addressing

An Introduction to IP Addressing ✓ A and C. Classful addressing means the addresses always stay within their class. Since both 10. ® addresses begin with 10, they are Class A addresses in the same network. If classless addressing is allowed, the class can be subnetted. If the 10.0.0.0 is properly subnetted, both devices could be on the same network ® ˚ B and D. These are untrue statements. Classful addressing places both devices on the same network (10.0.0.0), and subnetting could allow both to be on the same network. ✓ A and B. This network has only the last octet available for host bits. As long as they are 11. ® not all 1’s or all 0’s, the address is a valid host address. ® ˚ C and D. 172.16.1.0 has all host bits turned off (network ID), while 172.16.1.255 has all host bits turned on (broadcast address). ✓ C. The first octet of a Class B address falls in the 128–191 range. 12. ® ® ˚ A, B, D, and E. These are not valid ranges for Class B addresses. ✓ B and E. If the network bits are different, then the address is a valid choice. 13. ® ® ˚ A and C. Both of these addresses have the same network bits in common with PC1’s address, therefore they cannot be on a separate network. D. 200.220.200.255 is indeed on a separate network, but it is a broadcast address and cannot be assigned to PC2 (all host bits are turned on in the Class C address). ✓ B. Class B networks can host 65,534 addresses. 14. ® ® ˚ A. This is the number of addresses hosted by a Class A network. C. This choice does not match any IP address class. D. This is the number of addresses hosted by a Class C network. ✓ B. This request will go to PC2 since the destination port matches PC2’s original request. 15. ® ® ˚ A and C. The destination port does not match PC1’s, nor PC3’s, request. D. This is a false statement.

7 IP Address Subnetting

CERTIFICATION OBJECTIVES 7.01

Foundation Skills

✓

7.02

Subnet Essentials

Q&A

7.03

Subnet Masks

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

192

Chapter 7:

IP Address Subnetting

F

undamental routing and IP address characteristics were introduced and discussed in Chapter 6; however, only a broad overview on the subject of subnetting was given. Considering subnetting is one of the most heavily tested areas of study for a CCENT candidate, this chapter is dedicated to subnet definitions and tasks. We’ll start with an overview of some basic foundational skills, followed by a brief definition of subnets and a discussion on why they are needed. Lastly, we’ll cover subnet creation, application, and tasks.

CERTIFICATION OBJECTIVE 7.01

Foundation Skills Before you delve into what subnet masks are and how they are used on a network, some basic skills must first be mastered. After all, you certainly wouldn’t ask someone to take apart a car engine without first teaching them how to use the tools needed to loosen or tighten its nuts and bolts. So in this section, we don’t spend a lot of time on subnets, per se, but rather on the nuts and bolts behind the subnet mask.

Binary Math Sometimes the word “foundational” (or “fundamental”) gets overused, and as a result simply doesn’t carry as much meaning. In this particular case, though, the word could not be more apropos. Binary math is an absolutely essential skill that you MUST learn—not only to pass the CCENT exam, but to succeed in a networking career of any kind. When you consider that networked computers communicate in binary, it becomes obvious why you need to be very skilled in this particular operation. You’ll need to know three major tasks in detail about binary math: converting binary to decimal, converting decimal to binary, and determining the number of combinations a specific number of binary digits provides. While binary math seems very confusing to some people, it’s actually very much like what you learned in grade school. Decimal numbering is unbelievably easy but, if you try real hard, you can make grade school numbering difficult, too. The trick is to see the mechanics behind both numbering systems, apply simple logic, and view them using common sense.

Foundation Skills

193

You probably now take for granted that a decimal number is simply a number: When you look at the number 255, for instance, you just know that it’s two hundred and fifty-five. In reality though, it is a value from a base 10 system. Decimal numbers are arranged in columns, and we learned in school that the numeric value in each column represents a 10x equivalent. For example, the number 255 actually means two hundreds (2 × 102) + five tens (5 × 101) + 5 ones (5 × 100): 200 + 50 + 5. In short, to compute a decimal number, you simply multiply whatever value appears in a position by 10 (the base) raised to the appropriate power, and then add them up at the end. Binary math works exactly the same way, except the base number is 2, not 10, and the position values can only be 1 (on) or 0 (off). Binary numbers are displayed in columns, just like decimal numbers—and, just like decimals, each position in a binary number has more “value” than those positions to the right. For instance, to continue the earlier decimal example, 50 is more valuable than five, because the “5” value in that position is raised by 101. In comparison, within the binary number 11, the “1” on the left holds more value because it is raised by 21. Binary place values are displayed in Table 7-1. To calculate the decimal equivalent of a binary number, you simply do the same thing you did in grade school, replacing the base value 10 with 2: 1. Multiply the value in the rightmost position by 1 (20). 2. Move one position to the left and multiply that value by 2 (21). 3. Move one position to the left and multiply that value by 4 (22). 4. Repeat for each position entry, incrementing the exponent by one each time and multiplying. 5. Add all the values together. The result will be the decimal equivalent. For example, let’s translate the binary number 11001101 to its decimal equivalent. As shown in Table 7-2, if you follow the preceding steps and place the values in their appropriate places, the answer is relatively easy.

TABLE 7-1

Binary Place Values

Base Position

27

26

25

24

23

22

21

20

Decimal Value

128

64

32

16

8

4

2

1

194

Chapter 7:

TABLE 7-2

A Binary Example

IP Address Subnetting

Base Position

27

26

25

24

23

22

21

20

Decimal Value

128

64

32

16

8

4

2

1

Binary Number

1

1

0

0

1

1

0

1

Decimal Equivalent

128 +

64 +

0+

0+

8+

4+

0+

1

= 205

The rightmost value was turned on, as were the third, fourth, seventh, and eighth positions. By adding the values in each of those positions, the decimal equivalent of 11001101 is 205. This same process works regardless of how many digits display in the binary stream. In other words, binary doesn’t display a number in 8-bit sectors only. Binary numbers can have as little as one digit, and up to an infinite number. For every position added to the left, simply double the value—the 9th place value would be 256, the 10th 512, the 11th 1024, and so on. For example, the decimal equivalent of the binary number 1100 is 12 (8 + 4 + 0 + 0), and the binary number 100000001 would be 257 (256 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1).

Review this section on binary math and practice, practice, practice. You simply cannot pass the CCENT exam without a solid understanding of binary numbering.

Before you know it, you will recognize binary numbering very quickly.The better you are with binary math and conversion, the better you will do on the test.

Going from binary to decimal is only one side of the equation—moving from decimal to binary is just as important a skill. However, moving from decimal to binary is also very simple. To convert a decimal to binary: 1. Determine the highest bit position that is equal to, or lower than, your target and turn it on. 2. Subtract the bit value from the original number and compare it to the next position to the right. 3. If the remainder is larger than the value in this position, turn the bit on and repeat step 2. If it is lower, turn the bit to 0 and move one position to the right. 4. Repeat this process until the remainder is 0. As soon as the remainder hits 0, turn all remaining bits off.

Foundation Skills

TABLE 7-3

Decimal to Binary—Step 1

195

29

28

27

26

25

24

23

22

21

20

512

256

128

64

32

16

8

4

2

1

1

To see this in action, let’s convert the decimal number 578 into binary. First, the highest bit value that is equal to, or lower than, 578 is the 10th position (29). Turning it on and drawing out the bits, we start with the numbers shown in Table 7-3. In step 2, we subtract 512 from 578, leaving a remainder of 66. Moving on to step 3, we compare 66 to the next value to the right: 256. Since 256 is larger than 66, we turn that position off, and move one position to the right. At this stage, we get that shown in Table 7-4. We repeat the process for each place value. Compare 66 to the position and if the position value is higher, turn it to zero and repeat. If it is lower, turn it to 1, subtract the value from 66 and repeat. Going through each remaining position, we find: ■ 128 is larger, so it is set to 0. ■ 64 is smaller, so set it to 1, subtract 64 from 66 (leaving a remainder of 2),

and move to the right. ■ 32, 16, 8, and 4 are all larger than 2, so set them to 0’s. ■ 2 is equal to 2, so set this position to 1 and subtract 2 from 2, leaving a

remainder of 0. Turning all the remaining bits off, we finally are left with our answer: The binary equivalent of decimal 578 equals 1001000010 (as shown in Table 7-5). The last pure binary math skill to learn is determining the number of combinations a specific number of binary digits provides. The easiest answer to this question is to provide the following, very basic, formula: the total number of combinations available is equal to 2n, where n is the number of bits given. For example, suppose you have only one bit. The total number of combinations is 2 (21): 0 or 1. Two bit positions provide four (22) different combinations: 00, 01, 10, and 11. TABLE 7-4

Decimal to Binary—Step 2

29

28

27

26

25

24

23

22

21

20

512

256

128

64

32

16

8

4

2

1

1

0

196

Chapter 7:

TABLE 7-5

Decimal to Binary—Final Step

IP Address Subnetting

29

28

27

26

25

24

23

22

21

20

512

256

128

64

32

16

8

4

2

1

1

0

0

1

0

0

0

0

1

0

Three positions provide eight (23) combinations: 000, 001, 010, 011, 100, 101, 110, and 111. This process moves on and on as the number of available bits increases, doubling with each additional bit. If you list the combinations in columnar format, as with Figure 7-1, the pattern becomes fairly clear. The available combinations per bits available, up to 12, are listed in Table 7-6. One confusing thing about binary—especially in regards to subnetting—is comparing the decimal value of each position with the actual number of combinations available. For example, the first bit position has a decimal value of 1, but has two combinations: 0 and 1.The second bit position has a decimal value of 2, but has four combinations: 00, 01, 10, and 11. Be sure you do not get the bit position value confused with the number of combinations it provides.

FIGURE 7-1

128 64 32 16 8 4 2 1 0

Bit patterns

1 0 0 0 1 1 0

When counting in binary, always start to the right and move to the left, alternating 0 and 1. You’ll quickly notice a pattern evolving in the bit columns.

1 1 0 0 0 0 0 1 0 1 0 0 1 1 1 0 0 1 0 1 1 1 0 1 1 1

This column alternates 0 to 1 This column alternates 00 to 11 This column alternates 0000 to 1111

Foundation Skills

TABLE 7-6

Bit Combination Values

Number of Bits 1

2

3

4

5

6

7

8

9

10

Number of Combinations

4

8

16

32

64

128

256

512

1024 2048 4096

2

11

197

12

Boolean AND Operations Another binary skill is the recognition of Boolean operations in regards to IP addressing. Boolean operations are an integral part of computing at every level. In the world of binary math skills for IP subnetting, though, we’re most interested in the Boolean AND operation. Every Boolean operation has two inputs and one output. A Boolean AND takes two inputs, compares them, and comes out with an output like that in Table 7-7. Just as with binary numbering, if you try real hard, you can easily overcomplicate all Boolean operations, and the AND is no exception. However, keeping things simple works very well, and there is no reason to overcomplicate this operation. In short, a Boolean AND simply multiplies the values. Anything multiplied by zero is zero, and anything multiplied by one is itself. Whenever you perform a Boolean AND on any two binary inputs, simply multiply them. As you’ll see, this operation comes into play later when comparing a subnet mask to an IP address. To perform this operation, you simply place the IP address bits above the subnet bits and perform a Boolean AND on each pair. The result is the network ID. For example, an AND performed on the address 172.16.5.1 with a subnet mask of 255.255.255.0 is displayed in Figure 7-2.

INPUTS

TABLE 7-7

Boolean AND Operations

OUTPUT

0

0

0

0

1

0

1

0

0

1

1

1

198

Chapter 7:

IP Address Subnetting

172.16.5.19 : 10101100. 00010000. 00000101. 00010011 255.255.255.0 : 11111111. 11111111. 11111111. 00000000 Boolean AND result : 10101100. 00010000. 00000101. 00000000

FIGURE 7-2

A Boolean AND operation

This operation, 0 x 1, came out to 0

This operation, 1 x 1, came out to 1

EXERCISE 7-1 Binary Math Skills This exercise will help reinforce basic binary math and Boolean AND concepts. 1. Convert the IP address 172.16.99.15 to its binary equivalent. First, remembering that each number is a combination of eight bits, create four, eight-bit tables displaying the place values. Each table should look like this: 128

64

32

16

8

4

2

1

Next, place each table under its corresponding number, and convert the decimal to binary in each by following the steps from the text. For the first octet, 172, the highest bit position equal to or lower than 172 is 128, so we turn that bit on. Subtracting 128 from 172, we have a remainder of 44. The next bit position, 64, is larger than 44, so we turn it off. The table now looks like this: 128

64

1

0

32

16

8

4

2

1

The next bit position, 32, is less than 44, so we turn it on, subtract 32 from 44, and are left with a remainder of 12. Repeating the same process again, 16 is turned off (larger than 12) and 8 is turned on. Subtracting 8 from 12, we get a remainder of 4, which is equivalent to the next bit position. After subtracting, we have a remainder of 0, so all remaining bits are turned off. The table now looks like this: 128

64

32

16

8

4

2

1

1

0

1

0

1

1

0

0

Subnet Essentials

199

Repeat the same steps for each number, and the 32 bits of the IP address will show: 10101100.00010000.01100011.00001111. 2. A computer’s IP address and subnet mask are 132.25.43.16 and 255.255.240.0, respectively. Perform a Boolean AND between the two to determine which network ID the PC belongs to. Remember, Boolean ANDing is simply multiplication. First, convert both the IP address and subnet mask to binary, using the previous steps, then place the IP address immediately above the subnet mask, matching up the bits. It should look something like this: IP Address : 10000100. 00011001. 00101011. 00010000 Subnet Mask : 11111111. 11111111. 11110000. 00000000

Start at the leftmost bit and multiply the pair, carrying the value down. In this case, 1 × 1 = 1. Following this procedure for each bit pair, your result should look like this: IP Address : 10000100. 00011001. 00101011. 00010000 Subnet Mask : 11111111. 11111111. 11110000. 00000000 Network ID

: 10000100. 00011001. 00100000. 00000000

Convert the result, 10000100.00011001.00100000.00000000, to decimal, and the network ID to which the computer belongs will be 132.25.32.0.

CERTIFICATION OBJECTIVE 7.02

Subnet Essentials Mastering the basic math skills for subnetting is a good first step, but it’s also important to understand why subnetting is needed in the first place. Knowing why you do it makes learning the “how” easy. In this section, we’ll cover the various tasks you’ll be expected to perform while subnetting—both on the exam and in your day-to-day duties as a networker—starting with an explanation of why we need subnetting in the first place.

200

Chapter 7:

IP Address Subnetting

As an example, Figure 7-3 shows a simple network, connecting a small business to the Internet. Without subnetting, an administrator would need to purchase four separate public IP address ranges—and one of them would have to be a Class B (Network 1 needs 300 addresses, and a Class C can’t support that). Obviously, this would result in an incredible cost and an unbelievable amount of wasted space—especially when you consider one of those networks (Network 2) only needs two addresses! Subnetting lets us provide for our needs while conserving address space, reducing route advertisements, containing broadcast domain growth, and supplying low-level security.

Subnet Definition and Construction As covered earlier, an IP address is made up of two parts: the network portion and the host portion. What has not been covered in detail is what actually defines where the line is drawn between network and host bits. In other words, by itself an IP address only provides the address to one, and only one, system—it needs something else to define where the network bits end and where the host bits begin. The subnet mask, combined with an IP address, provides this information to routers and hosts. A subnet mask is made up of a consecutive series of 1’s from left to right. Considering network bits follow from left to right, this construction pattern makes perfect sense. When a router examines a subnet mask and an IP address, it stops counting bits as soon as it sees the first 0, and therefore knows when to stop paying FIGURE 7-3

300 Hosts

A network diagram 1 151 Hosts

3

50 Hosts

4

2

Subnet Essentials

201

attention to bits. Since subnet masks are always a series of 1’s from left to right, the decimals corresponding to the bit pattern are unique. The values in Table 7-8 are the only values that can possibly be displayed as part of a subnet mask.

Commit Table 7-8 to memory. Not only will you see questions on identifying useable subnet masks, but knowing the bit values in depth will allow

you to quickly apply and answer questions. Time is your biggest enemy on the exam, and memorizing these values gives you an advantage.

In classful addressing, it’s very easy to tell which bits are network and which ones are hosts, because each class has its own default subnet mask. The default subnet mask for Class A, B, and C networks is 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. A quick check of Table 7-8 reveals 255 as the largest number you can create within an octet, by turning all the bits in the octet on (1). For example, a Class A default subnet mask of 255.0.0.0 actually reads 11111111.00000000.00000000.00000000. This, in effect, tells the router to pay attention to the first eight bits, and ignore the rest—they’re host bits. In short, default subnet masks always draw the line on octet boundaries.

TABLE 7-8

Subnet Mask Octet Values

Subnet Decimal Value

Bit Alignment

0

00000000

128

10000000

192

11000000

224

11100000

240

11110000

248

11111000

252

11111100

254

11111110

255

11111111

202

Chapter 7:

IP Address Subnetting

However, subnet masks are not restricted to the octet boundary. Take a look at Table 7-8 once again and you’ll notice the subnet values only fall on octet boundaries in two instances: 0 and 255. Every other subnet entry ends somewhere in the middle. This indicates a very important concept of subnetting: you can borrow as few or as many bits as necessary to satisfy any need. The steps for borrowing bits and creating subnet masks are covered in the next section.

Subnet Mask Creation Steps A subnet is nothing more than a smaller portion of a larger address space treated as its own separate network, and is created by borrowing bits originally assigned to the host portion of an address and reassigning them. Subnet masks are created, too, for the express purpose of reassigning these bits, and they can be created in all sorts of ways. Thankfully, the method discussed here contains steps that are simple and easy to follow. The five steps to create a subnet mask are: 1. Determine the network class. 2. Determine how many bits are needed to comply with the scenario (subnets versus hosts required). 3. Count off the bits and draw the line. 4. Turn the bits to the left of the line on (1’s). 5. Convert the binary number to decimal—the result is the subnet mask. The first step in our process is to determine the network class. Remembering what was already covered in Chapter 6 about IP address classes, we know each class has a predetermined default subnet mask, and that default mask tells us which bits we must work with. In other words, by determining the network class, we know which octets are already part of the network portion, as well as how many bits we have available to work with. Whatever the network class is, just remember that you can’t mess with those bits that are already assigned. Knowing this gives us a starting point—a line from which to move. While this method for creating subnet masks is simple, tried and true, and works for many students, it is not the only method. Every class and book on subnetting has a different take on it and every student learns it their own way. A good idea, both for this exam and for your day-to-day duties, is to use a subnet calculator to check your work, and to practice, practice, and practice some more!

Subnet Essentials

203

Two tasks are actually involved in step 2. First, determine whether the scenario calls for subnets or hosts, then determine how many bits are needed to answer the question. The reason you need to define whether you’re searching for subnets or hosts is that the formula for figuring out the number of bits you need differs for each. Remember, you’re borrowing (and leaving) bits from the host field to reassign to the network side. Therefore, the more bits you borrow, the more subnets you can create, but the number of hosts that can be supported on each subnet decreases! If the scenario calls for creating subnets, the formula is simple: 2n => the number you need, where n is the number of bits. If the scenario calls for supporting hosts, the formula used to determine the number of bits you need is 2n – 2 => the number you need, where n is the number of bits. For example, suppose you have a scenario that calls for creating 15 subnets. Plugging this into the formula, 2n => 15, we find you would need 4 bits. However, if the scenario called for creating subnets capable of supporting 15 hosts each, we would get a different answer. Plugging this into the formula, we have 2n – 2 => 15, and you would need to leave at least 5 bits in the host field. The numbers of bits required to comply with a subnetting scenario are listed in Table 7-9. At this point in every subnetting class, most students ask the same question: “Why subtract 2 from the number when the question asks for hosts?” The answer has to do with something we’ve already learned. Remember there were three arrangements of host bits discussed earlier: all 0’s, all 1’s, and any arrangement in between. If the host bits are all turned off (0’s), the address is the network ID; if they are all turned on (1’s), this is the broadcast address; and any combination in between is a viable address. The reason, then, that 2 is subtracted from the formula is quite evident:

TABLE 7-9

Number of Bits Required

With __ Bits

You Can Create __ Subnets

Or Support __ Hosts

1

2

0

2

4

2

3

8

6

4

16

14

5

32

30

6

64

62

7

128

126

8

256

254

204

Chapter 7:

IP Address Subnetting

you cannot assign the network ID nor the broadcast address to a host. No matter how many bits are left in the host field, those two combinations must be reserved.

Commit Tables 7-8 and 7-9 to memory and remember how to calculate the number of bits needed for both hosts and subnets. Keep in mind that if you have

more bits to work with, the numbers simply double (9 bits provides 512 subnets, or 510 hosts, and so on).

Lastly, there is one final note on step 2 that is very important. When calculating the number of bits needed to create subnets, sometimes the formula is not 2n, but the same as the formula for the hosts: 2n – 2 => the number you need. This is due to the concept of the zero subnet and the broadcast subnet. The zero subnet is the first open subnet, created with the first combination of bits available (all 0’s), while the broadcast subnet is the last subnet available, created by the final combination of bits (all 1’s). The problem with using either is best described with an example. Suppose you have a private network address of 192.168.1.0 and are tasked with subnetting it in half. To do so, you borrow one bit and create two subnets; one with the subnet bit set to 0, and the other set to 1. After applying the subnet mask, you find the first subnet ID has the same address structure as the original classful network ID: 192.168.1.00000000 before subnetting; and 192.168.1.0000000 after subnetting. The broadcast address of the second subnet presents the same problem: 192.168.1.11111111 before subnetting looks the same as the broadcast address 192.168.1.11111111 after subnetting. Not too long ago, these two subnets simply weren’t used, to avoid confusion. However, on most modern networks and routers, subnet zero and the broadcast address are useable. Unless otherwise indicated on the exam or by your network design, use 2n when calculating the number of bits required for subnets.

On the exam and on the job, use 2n when: using a classless routing protocol (RIPv2, OSPF, or EIGRP), the ip subnet zero is configured on the router(s), Variable Length Subnet

Masking (VLSM) is used, or unless otherwise indicated. Use 2n – 2 when: using a classful routing protocol (RIP or IGRP), or when no ip subnet-zero is configured on the router(s).

Subnet Essentials

205

After step 2, the rest of the creation process is a snap. In step 3, simply draw a line based on the number of bits determined in step 2. If you’re creating subnets, count from left to right. If creating hosts, then from right to left. For example’s sake, assume you needed to borrow three bits to create subnets with. Since network bits always run from left to right, count over three bits and draw the line, as shown here: xxx|xxxxx. If you need to leave three bits to support hosts with, count from right to left and draw the line: xxxxx|xxx. The last two steps are also straightforward. In step 4, turn all bits to the left of the line to 1’s (and all bits to the right of the line to 0’s), and then in step 5 you simply add them up. Continuing with the examples, if you borrowed three bits to create subnets, the octet would appear as 111|00000. The decimal equivalent (step 5) would then be 224. If you left three bits to support hosts, the octet would appear as 11111|000, with the decimal equivalent being 248. To further clarify the subnet mask creation steps, let’s consider an example. Suppose you are given the network ID 177.15.0.0 and are asked to generate a subnet mask creating at least 17 subnets. The steps to create this subnet mask are: 1. Determine the network class: 177.15.0.0 falls in the Class B range (128–191). The default subnet mask is 255.255.0.0, leaving the last two octets available. 2. Determine how many bits are needed to comply with the scenario: The scenario is asking to create subnets, so the formula used is 2n => 17. The number of bits needed is five, which will create up to 32 subnets. Four bits is too few, only creating up to 16 subnets. 3. Count off the bits and draw the line: Since we are creating subnets, count from the left (starting where the default subnet mask ends) and draw the line. The default subnet mask was 255.255.0.0, so our new line would be 11111111.11111111.xxxxx|xxx.xxxxxxxx (where the X’s represent the bits we have available to us). 4. Turn the bits to the left of the line on (1’s), and the result will be 11111111.11111111.11111|000.00000000. 5. Convert the binary to decimal: 255.255.248.0. The subnet mask of 255.255.248.0 for the Class B address 177.15.0.0 will create up to 32 subnets, complying with the scenario constraints. By using 5 of the available 16 bits to create subnets, we find 11 bits are left in the host field. So, how many hosts will each of these 32 subnets support? The answer can be found in the formula discussed earlier: (2n – 2). Plugging the 11 bits into the equation (211 – 2), we find each subnet can support up to 2046 hosts.

206

Chapter 7:

IP Address Subnetting

Practice, practice, practice creating subnet masks for any given scenario, changing out the network class, and the amount of subnets/hosts required. Many questions on the exam will ask you to identify the correct subnet mask for a given situation. Many others will try to

confuse you, providing an answer that states “None of the above” or “Cannot comply with the scenario.” Always check to verify that the subnets you create can support the number of hosts the scenario calls for. Use 2n – 2 for hosts, and 2n for subnets, when verifying your numbers.

CERTIFICATION OBJECTIVE 7.03

Subnet Masks Subnet masks provide a means to separate network bits from host bits in an IP address, and the steps for creating a subnet mask are relatively easy. The CCENT exam also covers many other tasks involving subnet masks. This section examines each task, providing the steps and tips necessary to be successful on the exam.

Decoding Subnet Information Both on the exam and on the job, one of the most important skills a new networking professional needs to master is decoding information from an IP address or network range and a subnet mask pair. The relevant subnet information includes the subnet ID, the broadcast address, and the useable host range, as shown in Table 7-10.

TABLE 7-10

Subnet Information

Bit Values Subnet ID First Useable Address Last Useable Address Broadcast Address

Decimal Value

Subnet Masks

207

For example, on the exam, several questions will provide an IP address and subnet mask and ask which addresses can be assigned to a system on the same subnetwork as the original system. Learning how to decode the relevant information is the focus of this section and involves four very simple steps: 1. Perform a Boolean AND between the address and subnet mask to determine the subnet ID the address belongs to. 2. Determine the broadcast address by turning all host bits to 1’s. 3. Determine the first useable address by using the first available combination of host bits (rightmost bit turned on, all other bits turned off). 4. Determine the last useable address by using the last available combination of host bits (rightmost bit turned off, all others turned on). As with the subnet mask creation steps, decoding subnet information is best described with a scenario. Suppose you are given the IP address 199.58.7.37 and a subnet mask of 255.255.255.240. In step 1, you simply perform a Boolean AND to determine the subnet ID the address is on. In this case, the answer is: 199.58.7.37 : 11000111. 00111010. 00000111. 0010 0101 255.255.255.240 : 11111111. 11111111. 11111111. 1111 0000 Boolean AND result : 11000111. 00111010. 00000111. 0010 0000 Network Bits

Host Bits

Notice there are four host bits left in the subnet. Manipulating these bits allows us to answer the remaining portions of the question: Subnet ID First useable address Last useable address Broadcast address

: : : :

11000111. 00111010. 00000111. 0010 11000111. 00111010. 00000111. 0010 11000111. 00111010. 00000111. 0010 11000111. 00111010. 00000111. 0010 Network Bits: Must remain the same for each entry

0000 0001 1110 1111

Host Bits: Change for each entry

208

Chapter 7:

IP Address Subnetting

Filling the information in, the chart looks like Table 7-11.

Ensure you are very familiar with decoding the subnet ID, broadcast address, and useable address

range. Practice filling in the table for various combinations of IP addresses and subnet masks.

Applying Subnet Masks Up to this point, each section has dealt with a single entity—either creating a single subnet mask to fit a given scenario, or decoding subnet information from an IP address and subnet mask pair. However, the entire point of creating a subnet mask is to divide the larger address space into smaller networks and to apply them within the design. This section deals with creating a subnet mask for a given situation, and then applying it to a network. Creating the subnet mask defines the bits available for subnets and hosts, and the arrangement of these subnet bits uniquely defines each subnet. So long as the bits to the left of the line match, all addresses belong to that subnet—change a single bit and you’ve moved to a new subnet. Additionally, the subnets created are referred to by their position in a range. The first subnet is created with the first combination of subnet bits (all 0’s). The second is created with the next combination available, and so on and so on all the way to the last (all 1’s). CCENT questions will sometimes not only ask you to decode subnet information for a subnet, but they’ll ask for the information from a specific subnet within a range. To calculate and apply a subnet mask to an enterprise network, first create the subnet mask, then manipulate the subnet bits one at a time. For each subnet created, fill in the information as shown in Table 7-11. Manipulating the subnet bits to create subnets works exactly like the manipulation of host bits to create unique

TABLE 7-11

Decoded Subnet Information

Bit Values

Decimal Value

11000111. 00111010. 00000111. 0010 0000

199.58.7.32

First Useable Address 11000111. 00111010. 00000111. 0010 0001

199.58.7.33

Last Useable Address 11000111. 00111010. 00000111. 0010 1110

199.58.7.46

Broadcast Address

199.58.7.47

Subnet ID

11000111. 00111010. 00000111. 0010 1111

Subnet Masks

209

addresses for systems—turn on the rightmost bit first, then alternate to the left, filling in the combinations as you go. For clarification, let’s consider an example (see Figure 7-4). You are provided with an IP network address of 199.100.100.0 and are asked to subnet the address range accordingly. First, follow the steps to create the subnet mask: 1. Determine the network class: 199.100.100.0 falls in the Class C range. The default subnet mask is 255.255.255.0, leaving the last octet available. 2. Determine how many bits are needed to comply with the scenario. Examining the diagram, the scenario calls for at least three subnets. Using 2n, we need at least two bits to create subnets with. This leaves six bits for the host field, which should be enough for the scenario—the largest network calls for 50 hosts, and six bits will support 62 hosts (26 – 2 = 62) 3. Count off the bits and draw the line. Since we are creating subnets, count from the left (starting where the default subnet mask ends) and draw the line. The default subnet mask was 255.255.255.0, so our new line would be 11111111.11111111.11111111. xx | xxxxxx. 4. Turn the bits to the left of the line on (1’s). The result will be 11111111.11111111.11111111.11 | 000000. 5. Convert the binary to decimal: 255.255.255.192.

FIGURE 7-4 37 Hosts

A subnet mask application network

15 Hosts

50 Hosts

210

Chapter 7:

IP Address Subnetting

Next, examine the available subnet bits. You cannot touch any of the first three octets, and have only the remaining two borrowed subnet bits to manipulate. The four combinations of these bits are 00, 01, 10, and 11. Applying these combinations to the subnet bits and leaving all host bits set to 0’s, we arrive at the four subnets we can create, shown in Figure 7-5. All that’s left is to apply the steps to decode relevant information for each subnet. The bit values and decimal equivalents are shown in Table 7-12. To see the subnets in action, refer to Figure 7-6.

Make sure you can identify information relative to each individual subnet. For example, you may be asked to

identify the useable address range of the third subnet, or the broadcast address for the zero subnet.

Subnetting Tips Lastly in this chapter, while subnet tasks are relatively easy once the mechanics are understood, they are time-consuming, and the CCENT exam simply doesn’t provide a lot of time for experimentation and math. The purpose of this section is to provide a few tips to help speed things up. As mentioned before, time is the biggest enemy on the exam, and anything you can use to speed up your efforts is welcome. Briefly covered earlier, CIDR introduced the concept of prefix use instead of subnet masks. A prefix is a forward slash, followed by the number of bits that belong to the network portion, and understanding their relationship to subnet masks is vital.

FIGURE 7-5

Subnets

First Subnet Second Subnet Third Subnet Fourth Subnet

: : : :

11000111. 01100100. 01100100. 00 11000111. 00111010. 00000111. 01 11000111. 00111010. 00000111. 10 11000111. 00111010. 00000111. 11 Original Network Bits: Must remain the same for each entry

000000 000000 000000 000000

Host Bits: Set to 0’s

Subnet Bits: Each change is a new network

Subnet Masks

Bit Values

Decimal Value

First Subnet ID

11000111. 01100100. 01100100. 00 000000

199.100.100.0

First Address

11000111. 01100100. 01100100. 00 000001

199.100.100.1

Last Address

11000111. 01100100. 01100100. 00 111110

199.100.100.62

Broadcast Address Second Subnet ID

11000111. 01100100. 01100100. 00 111111

199.100.100.63

11000111. 01100100. 01100100. 01 000000

199.100.100.64

First Address

11000111. 01100100. 01100100. 01 000001

199.100.100.65

Last Address

11000111. 01100100. 01100100. 01 111110

199.100.100.126

Broadcast Address Third Subnet ID

11000111. 01100100. 01100100. 01 111111

199.100.100.127

11000111. 01100100. 01100100. 10 000000

199.100.100.128

First Address

11000111. 01100100. 01100100. 10 000001

199.100.100.129

Last Address

11000111. 01100100. 01100100. 10 111110

199.100.100.190

Broadcast Address Fourth Subnet ID

11000111. 01100100. 01100100. 10 111111

199.100.100.191

11000111. 01100100. 01100100. 11 000000

199.100.100.192

First Address

11000111. 01100100. 01100100. 11 000001

199.100.100.193

Last Address

11000111. 01100100. 01100100. 11 111110

199.100.100.254

Broadcast Address

11000111. 01100100. 01100100. 11 111111

199.100.100.255

TABLE 7-12

Applying Subnet Masks

FIGURE 7-6

Subnets in action

211

37 Hosts Possible Addresses: 199.100.100.1 – 199.100.100.62 Broadcast Address: 199.100.100.63 199.100.100.0

15 Hosts Possible Addresses: 199.100.100.65 – 199.100.100.126 Broadcast Address: 199.100.100.127 199.100.100.64

50 Hosts Possible Addresses: 199.100.100.129 – 199.100.100.190 Broadcast Address: 199.100.100.191 199.100.100.128

212

Chapter 7:

IP Address Subnetting

A subnet mask of 255.192.0.0, for instance, would have a prefix listing of /10: the eight bits in the first octet, combined with the two bits (128 and 64) from the second octet. The reverse should be just as readily apparent. A prefix of /26 is equivalent to 255.255.255.192: the first three octets combined with the first two of the fourth translate to the subnet mask listed. Whether listed as a subnet mask or as a prefix, both indicate the same thing: the number of bits belonging to the network portion of the address. Examples of prefix listings and subnet mask comparisons are shown in Table 7-13.

Memorizing prefix matches to subnet masks is a very good idea and can help out quite a bit, especially on

scenario-type questions. So, be sure to understand how prefixes and subnet masks match up.

Another tip, in order to conserve what time you have on the exam, is to take advantage of the “easy” sections of the subnet mask and concentrate your efforts on the portion of the IP address and subnet mask that is more difficult. Suppose you have an IP address of 188.58.67.12 with a subnet mask of 255.255.240.0. To find the network ID, a Boolean AND is performed between the two, with the resulting bits providing the answer. However, the subnet mask numbers of 255 and 0 are easy—a 255 means all the bits in the octet above are part of the network ID, while a 0 means all the bits in the octet above can be ignored.

TABLE 7-13

Subnet Mask and Prefix Comparison

Subnet Mask

Prefix

255.0.0.0

/8

255.128.0.0

/9

255.255.0.0

/16

255.255.192.0

/18

255.255.240.0

/20

255.255.255.0

/24

255.255.255.192

/26

255.255.255.252

/30

Subnet Masks

213

How does this help on the exam? Instead of wasting time with the “easy octets,” you only need to concentrate on the odd octet—in this case, the 240 octet. In the preceding example, you don’t need to waste time doing a Boolean AND on the first, second, or fourth octets since the 255 and the 0 tell you their status already—188 and 58 are in the network portion, 12 is not. This leaves only the third octet requiring math operations—67 in the IP address and 240 in the subnet mask. A final tip on applying subnet masks and speeding up your efforts has to do with something called the magic number. The magic number refers to the place value on the octet where the subnet mask line is drawn. Each subnet created will be a multiple of that number, greatly simplifying the time needed to decode information. For instance, in the preceding example, the subnet line was drawn after the 26th bit, providing two bits with which to create subnets. Looking at the place values, the line is drawn on the bit position equating to 64: 128 64 | 32 16 8 4 2 1. Therefore, all subnets will be a multiple of 64: 0, 64, 128, 192. This shortcut works no matter where the line is drawn. Suppose, for instance, your subnet mask number was 252. Extrapolating the number across an octet, we find the line is drawn on the sixth bit, valued at 4: 128 64 32 16 8 4 | 2 1. All subnets created using this mask will be multiples of 4: 0, 4, 8, 12, 16, and so on. Using the magic number can also help find the broadcast address and useable address ranges very quickly. The broadcast address for any subnet is the last combination of host bits available before moving to a new subnet. Meaning, of course, it is the decimal number immediately preceding the next subnet ID. Consider, for example, the Class C address 192.168.1.0 subnetted with a mask of 255.255.255.252. After applying the steps already covered, the magic number is determined to be 4, as shown in Figure 7-7. The subnets that can be created are multiples of 4, and the first four are listed here: 192.168.1.0, 192.168.1.4, 192.168.1.8, and 192.168.1.12. To find the broadcast address of the third octet, just remember that it is the last address in this subnet— one before the next subnet ID: 192.168.1.11. After filling in the information in Table 7-14, the principle becomes readily apparent. Subnet Mask 252 draws the line here

FIGURE 7-7

The magic number

192.168.1. 255.255.255.

128 X 1

64 X 1

32 X 1

16 X 1

8 X 1

4 X 1

2 X 0

Magic Number

1 X 0

214

Chapter 7:

TABLE 7-14

A Magic Number Sample

IP Address Subnetting

Subnet ID

First Address

Last Address

Broadcast Address

192.168.1.0

192.168.1.1

192.168.1.2

192.168.1.3

192.168.1.4

192.168.1.5

192.168.1.6

192.168.1.7

192.168.1.8

192.168.1.9

192.168.1.10

192.168.1.11

192.168.1.12

192.168.1.13

192.168.1.14

192.168.1.15

...

...

...

...

192.168.1.252

192.168.1.253

192.168.1.254

192.168.1.255

The magic number is only a tip if it helps you on the exam. If this, or any other tip, doesn’t help, then stick with the bits—they never lie. Remember, all subnets created will be a multiple of the

magic number. Be familiar with Tables 7-13 and 7-14, and be prepared to see several questions on the exam regarding this section.

EXERCISE 7-2 Decoding and Applying Subnet Information These last exercises show how to decode what type of address is displayed, as well as how to apply subnetting to a scenario. 1. You are given the following address: 199.162.13.63 /29. Which type of address is this? What is the network ID, broadcast address, and useable host address range for this subnet? First, examine the prefix and note where the network bits end. Five bits have been borrowed from the fourth octet to create subnets with (the equivalent subnet mask would be 255.255.255.248). Since the first three octets are already part of the network ID (making use of the tip on “easy” subnet numbers, we know all octets with a 255 use all their bits in the network field), we can concentrate on the last octet.

Subnet Masks

215

By performing a Boolean AND, described in an earlier exercise, we find the subnet this particular address is on to be 199.162.13.56: Subnet Boundary Classful Boundary IP Address : 11000111. 10100010. 00001101. 00111 111 Subnet Mask : 11111111. 11111111. 11111111. 11111 000 Network ID

: 11000111. 10100010. 00001101. 00111 000 Subnet Bits Magic Number

Additionally, we see the magic number is 8, and only three bits are left in the host field. Since all host bits are set to 1’s in the original address, this must be the broadcast address for the “56” subnet. Another quick way to tell would be to use the magic number to see all subnets and derive the information from there. Since the magic number is 8, all subnets will be a multiple of 8: 199.162.13.0, 199.162.13.8, 199.162.13.16, …199.162.13.56, 199.162.13.64, and so on. Since the next subnet after 56 is 64, the decimal number immediately before that—63—would be the broadcast address for the 56 network. 2. You are provided a Class A address of 17.0.0.0. Your new network will have 87 subnets, and each subnet must be capable of supporting at least 2000 hosts each. Can the address space be subnetted to adequately fulfill the requirement? Which subnet mask will you use? What is the relevant information for the fifth subnet? First, we need to answer whether the address space will support the requirement. A Class A has the first octet set, providing the last three (24 bits) for hosts. Needing 87 subnets and no mention of restrictions on subnet zero, we can use 2n => 87 to determine the number of subnet bits we need to borrow from these bits. Working the formula, we find seven bits (27 = 128) will work, leaving 17 bits for hosts on each subnet. Since 217 is a much larger number than 2000 (the number of hosts each subnet is required to support), the address space will suffice. Next, to determine the subnet mask, go through the five steps discussed earlier. We’ve already determined the network class and found how many bits we need to borrow (steps 1 and 2). In step 3, we count off the bits. Since we are creating subnets, we count from the left, starting immediately after the first subnet and draw

216

Chapter 7:

IP Address Subnetting

the line seven bits over. Following steps 4 and 5, we turn on the bits to the left and add everything up. Our subnet mask will be 255.254.0.0: Step 3: Seven bits from this line in this direction XXXXXXXX. XXXXXXX X.XXXXXXXX. XXXXXXXX Classful Bits Subnet Bits

Host Bits

Step 4: 11111111. 1111111 0.00000000. 00000000 255 . 254 . 0 . 0 Subnet Mask Line

Finally, to answer the last portion of the question, we’ll make use of the magic number. Looking at where the subnet line is drawn, we find the magic number is 2. Since all subnets will be multiples of two, we simply go to the fifth subnet: 17.0.0.0, 17.2.0.0, 17.4.0.0, 17.6.0.0, and the fifth subnet, 17.8.0.0. Filling in the table from our previous example, we find the relevant information displayed for the fifth subnet (see Table 7-15). 3. You are provided with a Class C address of 199.54.12.0. Your new network will have 17 subnets, and each subnet must be capable of supporting at least 20 hosts each. Can the address space be subnetted to adequately fulfill the requirement? Which subnet mask will you use? What is the relevant information for the fifth subnet? First, we need to determine whether the address space will support the requirement. A Class C has the first three octets set, providing only the last—eight bits—for hosts. Needing 17 subnets and no mention of restrictions on subnet zero, we can use 2n => 17 to determine the number of subnet bits we need to borrow from these bits. Working the formula, we find we need to borrow five bits (25 = 32), leaving three bits for hosts on each subnet. Since 23 (8) is a smaller number than 20 (the number of hosts each subnet is required to support), the address space will not suffice. TABLE 7-15

The Subnet Exercise Answer

Subnet ID

First Host Address

Broadcast Last Host Address Address

17.8.0.0

17.8.0.1

17.8.255.254

17.8.255.255

Subnet Masks

217

INSIDE THE EXAM Foundation Skills The biggest challenge with binary math questions, and scenarios requiring binary skills, is not the math itself but the time allotted. Binary math is fairly easy, but it can take a lot of time. The best way to prepare for the exam is to practice binary conversion as much as possible, and simply memorize common combinations and tips. Be sure you know the place values for each position in an octet, remembering that every bit added doubles the total amount of combinations (for example, adding a ninth bit moves the combinations from 256 to a total of 512). Practice manipulating bits up to an octet range. If you convert decimal 1 through 7 to “see” the bits, the pattern will become evident; with 1’s moving from right to left in a repeating pattern.

Subnet Essentials Remember what a subnet mask is designed to do: define the network portion of an IP address through the Boolean AND process. The series of 1’s from left to right can only create a specific range of numbers: 0, 128, 192, 224, 240, 248, 252, 254, or 255. Also, remember the default subnet masks for Class A, B, and C are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. The default masks provide a starting point for subnetting by determining which octets are already parts of the network portion, as well as how many bits are left to work with.

Practice creating and applying subnet masks, as well as decoding relevant information from an IP address and subnet pair. This cannot be stressed enough: if you are not very comfortable with subnetting, you simply will not pass the exam. Review this section and practice as much as possible for the exam. You cannot practice enough on this topic. Remember, if the scenario calls for creating subnets, the formula is simple: 2n => the number you need, where n is the number of bits. If the scenario calls for supporting hosts, the formula used to determine the number of bits you need is 2n – 2 => the number you need, where n is the number of bits. Review and commit to memory Tables 7-1, 7-8, and 7-9, and practice subnetting often before challenging the exam. Lastly in this section, keep in mind that all subnets are numbered in order of their appearance in the bit order. The zero subnet (all subnet bits set to 0) is first, followed by the second subnet (all 0’s with the rightmost subnet bit turned on), and so on. The process ends with the broadcast subnet as the last subnet, created by the final combination of bits (all 1’s). If you are using a classful routing protocol, or the no ip subnet zero command is configured, you cannot use either of these subnets (hence, the 2n – 2). (Continued)

218

Chapter 7:

IP Address Subnetting

INSIDE THE EXAM Subnet Tasks The exam will have several questions that require applying a subnet mask to a scenario. Practice decoding relevant information— subnet ID, the broadcast address, and the useable host range—from IP address range and subnet mask pairs. The four steps for doing so are simple: perform a Boolean AND between the address and subnet mask to determine the subnet ID the address belongs to; determine the broadcast address by turning all host bits to 1’s; determine the first useable address by using the first available combination of host

bits (rightmost bit turned on; all other bits turned off); determine the last useable address by using the last available combination of host bits (rightmost bit turned off; all others turned on). Finally, try to use the subnetting tips available. Memorize and practice prefix to subnet mask comparison. Remember when subnetting that you only need to Boolean AND the subnet octets that are NOT 0 or 255, and also that the magic number can make long scenario questions easier to deal with.

CERTIFICATION SUMMARY Basic binary math skills are essential to your success. Make sure you have plenty of practice converting from binary to decimal and from decimal to binary—especially within an octet (eight-bit) range. Additionally, be sure you understand the number of combinations you can achieve given a specific number of bits (2n) as well as how bits are manipulated to achieve these combinations: Start with the rightmost bit turned off, then on for the first two combinations (0 and 1), and repeat with each position to the left (00, 01, 10, 11, for example). Boolean AND operations use two inputs and only provide a 1 when both inputs are also 1. In short, the answer equates to basic multiplication—anything multiplied by 0 is a 0. Boolean ANDing is used by routers and hosts to determine the network portion of an IP address. If any of the bits in the network portion don’t match, the address is for a different subnet. The subnet mask is a 32-bit binary number, made up of a series of 1’s from left to right. It is used to determine which portion of an IP address belongs to the network. The only numbers that can possibly be part of a subnet mask are 0, 128, 192, 224, 240, 248, 252, 254, and 255. The default subnet masks for Class A, B, and C are

Certification Summary

219

255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. By determining the network class, we know which octets are already part of the network portion, as well as how many bits we have available to work with. The five steps to create a subnet mask are: 1) determine the network class; 2) determine how many bits are needed to comply with the scenario (subnets versus hosts required); 3) count off the bits and draw the line; 4) turn the bits to the left of the line on (1’s); and 5) convert the binary number to decimal—the result will be the subnet mask. In step 2, if the scenario calls for creating subnets, the formula is simple: 2n => the number you need, where n is the number of bits. If the scenario calls for supporting hosts, the formula used to determine the number of bits you need is 2n – 2 => the number you need, where n is the number of bits. Review and commit to memory Tables 7-1, 7-8, and 7-9, and practice subnetting often before taking the exam. Remember, the zero subnet is the first open subnet, created with the first combination of bits available (all 0’s), while the broadcast subnet is the last subnet available, created by the final combination of bits (all 1’s). If you are using a classful routing protocol, or the no ip subnet zero command is configured, you cannot use either of these subnets (hence, the 2n – 2). Many CCENT questions and scenarios will be based on decoding information from an IP address or network range and a subnet mask pair. The relevant subnet information includes the subnet ID, the broadcast address, and the useable host range. Be prepared to decode information to compare to alternatives—for example, to determine whether a given IP address belongs to the same subnet as another host. The four steps to decode the relevant information are: 1) perform a Boolean AND between the address and subnet mask to determine the subnet ID the address belongs to; 2) determine the broadcast address by turning all host bits to 1’s; 3) determine the first useable address by using the first available combination of host bits (rightmost bit turned on; all other bits turned off); and 4) determine the last useable address by using the last available combination of host bits (rightmost bit turned off; all others turned on). To calculate and apply a subnet mask to an enterprise network, first create the subnet mask, then manipulate the subnet bits one at a time (all the host bits will always be zeroes when determining a subnet ID). Manipulating the subnet bits to create subnets works exactly like the manipulation of host bits to create unique addresses for systems—turn on the rightmost bit first, and then alternate to the left, filling in the combinations as you go. A prefix is a forward slash, followed by the number of bits that belong to the network portion, and understanding their relationship to subnet masks is vital. Be sure you can easily match a prefix to a matching subnet mask. Lastly, don’t forget to take advantage of the easy subnet numbers (0 and 255) and the magic number when subnetting.

220

Chapter 7:

✓

IP Address Subnetting

TWO-MINUTE DRILL Foundation Skills ❑ Binary numbering works exactly like decimal numbering, except the base

is 2 (not 10) and digits can only be on (1) or off (0). Place value doubles as each position is moved from right to left. Within an eight-bit octet, the place values are 128, 64, 32, 16, 8, 4, 2, and 1. ❑ To calculate the decimal equivalent of a binary number, follow these simple

steps: 1) Multiply the value in the rightmost position by 1 (20). 2) Move one position to the left and multiply that value by 2 (21). 3) Move one position to the left and multiply that value by 4 (22). 4) Repeat for each position entry, incrementing the exponent by one each time and multiplying. 5) Add all the values together. The result will be the decimal equivalent. ❑ Binary numbers can have as little as one digit, up to an infinite number. For

every position added to the left, simply double the value—the ninth place value would be 256, the tenth 512, the eleventh 1024, and so on. ❑ To convert a decimal to binary, follow these simple steps: 1) Determine the

highest bit position that is equal to, or lower than, your target and then turn it on. 2) Subtract the bit value from the original number and compare it to the next position to the right. 3) If the remainder is larger than the value in this position, turn the bit on and repeat step 2. If it is lower, turn the bit to 0 and move one position to the right. 4) Repeat this process until the remainder is 0. As soon as the remainder hits 0, turn all remaining bits off. ❑ The total number of combinations available for a given number of binary

digits is equal to 2n, where n is the number of bits given. ❑ A Boolean AND takes two inputs, compares them, and comes out with an

output based on the comparison: if the two inputs are both 1’s, the output is a 1, but if either (or both) is a 0, then the output is a zero. Boolean AND is used to match a subnet mask to an IP address—the output is the network ID.

Subnet Essentials ❑ A subnet mask is made up of a consecutive series of 1’s from left to right and is

used to define where the network bits end and where the host bits begin within an IP address. When a router examines a subnet mask and an IP address, it stops counting bits as soon as it sees the first 0.

Two-Minute Drill

221

❑ The only decimal values allowed within a subnet mask are 0, 128, 192, 224,

240, 248, 252, 254, and 255. ❑ The default subnet mask for Class A, B, and C networks is 255.0.0.0,

255.255.0.0, and 255.255.255.0, respectively. In classful addressing, the line is always drawn on octet boundaries; however, subnet masks are not restricted to the octet boundary: you can borrow as few or as many bits as you need to satisfy any need. ❑ The five steps to create a subnet mask are the following. 1) Determine the

network class. 2) Determine how many bits are needed to comply with the scenario (subnets versus hosts required). 3) Count off the bits and draw the line. 4) Turn the bits to the left of the line on (1’s). 5) Convert the binary number to decimal. The result will be the subnet mask. (Always check to verify that the subnets you create can support the number of hosts the scenario calls for.) ❑ If the scenario calls for creating subnets, the formula is simple: 2n => the

number you need, where n is the number of bits. If the scenario calls for supporting hosts, the formula used to determine the number of bits you need is 2n – 2 => the number you need, where n is the number of bits. ❑ Due to the concept of the zero subnet and the broadcast subnet, sometimes

the formula is not 2n, but the same as the formula for hosts: 2n – 2 => the number you need. The zero subnet is the first open subnet, created with the first combination of bits available (all 0’s), while the broadcast subnet is the last subnet available, created by the final combination of bits (all 1’s). ❑ On the exam and on the job, use 2n when: using a classless routing protocol

(RIPv2, OSPF, or EIGRP); the ip subnet zero is configured on the router(s); Variable Length Subnet Masking (VLSM) is used; or unless otherwise indicated. Use 2n – 2 when using a classful routing protocol (RIP or IGRP), or when no ip subnet zero is configured on the router(s).

Subnet Masks ❑ The relevant subnet information that can be decoded from an IP address

range and a subnet mask includes the subnet ID, the broadcast address, and the useable host range. ❑ To decode the relevant information involves the following steps. 1) Perform a

Boolean AND between the address and subnet mask to determine the subnet

222

Chapter 7:

IP Address Subnetting

ID the address belongs to. 2) Determine the broadcast address by turning all host bits to 1’s. 3) Determine the first useable address by using the first available combination of host bits (rightmost bit turned on; all other bits turned off). 4) Determine the last useable address by using the last available combination of host bits (rightmost bit turned off; all others turned on). ❑ Subnets created are referred to by their position in a range. The first subnet is

created with the first combination of subnet bits (all 0’s). The second is created with the next combination available, and so on and so on all the way to the last (all 1’s). To calculate and apply a subnet mask to an enterprise network, first create the subnet mask, then manipulate the subnet bits one at a time. ❑ A prefix is a forward slash, followed by the number of bits that belong to the

network portion, and understanding their relationship to subnet masks is vital. ❑ To conserve time, take advantage of the “easy” sections of the subnet mask

and concentrate your efforts on the portion of the IP address and subnet mask that is more difficult. The subnet mask numbers of 255 and 0 are easy—a 255 means all the bits in the octet above are part of the network ID, while a 0 means all the bits in the octet above can be ignored. ❑ The magic number refers to the place value on the octet where the subnet

mask line is drawn. Each subnet created will be a multiple of that number, greatly simplifying the time needed to decode information. Using the magic number can also help find the broadcast address and useable address ranges very quickly. The broadcast address for any subnet is the last combination of host bits available before moving to a new subnet.

Self Test

223

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Foundation Skills 1. What is the binary equivalent of the decimal number 235? A. 11011011 B. 10101011 C. 11101010 D. 11101011 2. How many binary digits are needed to create 1024 combinations? A. 8 B. 9 C. 10 D. 11 3. What is the binary equivalent for the decimal number 122? A. 01111010 B. 01111011 C. 10111010 D. 10111011 4. What is the decimal equivalent for the binary number 10011011? A. 153 B. 155 C. 183 D. 185 5. What is the decimal equivalent for the binary octets 01101111.11100011.11110000.11111110? A. 112.227.240.254 B. 111.226.240.254 C. 111.227.242.254 D. 111.227.240.254

224

Chapter 7:

IP Address Subnetting

6. When performing a Boolean AND between the octets 10010111 and 11111000, what is the outcome? A. 00000111 B. 11111000 C. 10011000 D. 10010000

Subnet Essentials 7. Which of the following are valid subnet masks for a Class B address space? A. 255.254.0.0 B. 255.255.0.0 C. 255.255.245.0 D. 255.255.254.0 E. 255.255.192.224 8. Your network design calls for 17 subnets supporting at least 35 hosts each. Your company provides the 135.72.0.0 address space. Which subnet mask would you create to satisfy the requirement? A. 255.255.252.0 B. 255.255.254.0 C. 255.255.248.0 D. 255.255.240.0 9. A customer asks you to create a subnet mask for their network, making sure address space is conserved as much as possible. Each subnet must support at least 12 hosts, and the address space given is 199.16.7.0. Which of the following answers best fits the customer’s needs? A. 255.255.255.248, creating 14 subnets and providing 14 hosts per subnet B. 255.255.255.240, creating 14 subnets and providing 14 hosts per subnet C. 255.255.255.240, creating 16 subnets and providing 14 hosts per subnet D. 255.255.255.224, creating eight subnets and providing 30 hosts per subnet 10. You are subnetting the Class B address space 187.77.0.0 on a RIPv1 network. You need to create at least 16 subnets. Which subnet mask best complies with the scenario needs? A. 255.255.224.0 B. 255.255.240.0 C. 255.255.248.0 D. 255.255.252.0

Self Test

225

11. Using a Class C address space of 199.88.77.0, you are asked to create a subnet mask for the new network design. Each subnet must be capable of supporting at least 20 hosts. Which subnet mask best complies with the request, and how many subnets can be created? A. 255.255.255.192, creating four subnets B. 255.255.255.224, creating eight subnets C. 255.255.255.240, creating 16 subnets D. 255.255.255.248, creating 32 subnets

Subnet Masks 12. You have subnetted a Class B address space of 137.99.0.0 using a subnet mask of 255.255.252.0. What is the broadcast address of the third subnet in your design? A. 137.99.12.255 B. 137.99.15.255 C. 137.99.8.255 D. 137.99.11.255 13. You have subnetted a Class A address space of 17.0.0.0 using a subnet mask of 255.248.0.0. Which of the following addresses are useable host addresses for the second subnet? A. 17.0.8.255 B. 17.0.14.255 C. 17.0.11.255 D. 17.0.15.255 E. 17.0.19.255 14. You have subnetted a Class C address space of 220.55.66.0 using a subnet mask of 255.255.255.192. What is the useable address range for the first subnet? A. 220.55.66.0 through 220.55.66.63 B. 220.55.66.0 through 220.55.66.62 C. 220.55.66.1 through 220.55.66.63 D. 220.55.66.1 through 220.55.66.62 15. A host on a subnet has an IP address of 125.35.88.7 and a subnet mask of 255.255.240.0. What is the broadcast address for the subnet the host belongs to? A. 125.35.88.255 B. 125.35.94.255 C. 125.35.95.255 D. 125.35.255.255

226

Chapter 7:

IP Address Subnetting

SELF TEST ANSWERS Foundation Skills ✓ D. 11101011 is the correct answer. Following the steps at the beginning of the chapter, the bit 1. ® positions turned on would be 128+64+32+0+8+0+2+1. ® ˚ A. 11011011 is equivalent to 219. B. 10101011 equates to 171. C. 11101010 equates to 234. ✓ C. Ten binary digits provide 1024 combinations (210 = 1024). 2. ® ® ˚ A. Eight binary digits provide 256 combinations (28 = 256). B. Nine binary digits provide 512 combinations (29 = 512). D. Eleven binary digits provide 2048 combinations (211 = 2048). ✓ A. 01111010 equates to 122: 0 + 64 + 32 + 16 + 8 + 0 + 2 + 0 = 122. 3. ® ® ˚ B, C, and D. These answers do not match the decimal number 122. ✓ B. 10011011 equates to 155: 128 + 0 + 0 + 16 + 8 + 0 + 2 + 1 = 155. 4. ® ® ˚ A, C, and D. The binary equivalent of each of these answers does not match the decimal number 155. ✓ D. 01101111.11100011.11110000.11111110 equates to 111.227.240.254: 0 + 64 + 32 + 0 + 5. ® 8 + 4 + 2 + 1 = 111, 128 + 64 + 32 + 0 + 0 + 0 + 2 + 1 = 227, 128 + 64 + 32 + 16 + 0 + 0 + 0 + 0 = 240, 128 + 64 + 32 + 16 + 8 + 4 + 2 + 0 = 254. ® ˚ A, B, and C. These answers do not match. ✓ D. When performing a Boolean AND between both octets, put one above the other and 6. ® simply multiply each pair. The result is 10010000. ® ˚ A, B, and C. These answers do not match the Boolean AND result.

Subnet Essentials ✓ B and D. 255.255.0.0 is the default subnet mask for a Class B address space, and 7. ® 255.255.254.0 is a valid subnet mask. ® ˚ A. 255.254.0.0 will not work because it is smaller than the default mask for a Class B. C. 255.255.245.0 will not work because 245 is not allowed (it is not a consecutive series of 1’s) within a subnet mask. E. 255.255.192.224 is incorrect because the subnet mask must always be a series of consecutive 1’s from left to right. ✓ C. Following the five steps to create a subnet mask, 255.255.248.0 is the correct choice. 8. ® The Class B address space has a default mask of 255.255.0.0, and we need to borrow five bits to accomplish the task (2n => # subnets needed, and 25 complies). Counting from left to right, starting with the 17th bit (due to the default mask), the line is drawn after the 21st bit. Setting

Self Test Answers

227

all bits to 1 on the left of the line, we have 11111111.11111111.11111000.00000000, which equates to 255.255.248.0. ® ˚ A, B, and D. These choices are incorrect and do not comply with the scenario needs. ✓ C. 255.255.255.240 is the best choice, providing the best “subnets needed to hosts 9. ® supported” range. The 240 mask creates 16 subnets, leaving four bits for up to 14 hosts. ® ˚ A. 255.255.255.248 would not work since it only leaves three bits for hosts (six hosts on each subnet). B. 255.255.255.240 is the correct mask, but it creates 16 (2n) subnets, not 14. D. 255.255.255.224 would work in the scenario, creating enough subnets and supporting enough clients; however, it wastes quite a few addresses. The scenario called for only 12 hosts per subnet, and conserving address space as much as possible. Therefore, only four bits (14 hosts) are needed in the host field, not five (30 hosts). ✓ C. Because the network uses a classful routing protocol (RIPv1), you cannot use the zero 10. ® subnet or the broadcast subnet. Therefore, the formula for determining the number of bits to borrow becomes 2n – 2 => the number needed, and not 2n. Needing to borrow five bits puts the subnet mask at 255.255.248.0. ® ˚ A. 255.255.224.0 will not create enough subnets. B. 255.255.240.0 will not create enough subnets (cannot use the zero or broadcast subnet here). D. 255.255.252.0 will create too many subnets. ✓ B. To support at least 20 hosts per subnet, you must leave at least 5 bits (2n – 2 => hosts 11. ® supported), meaning you can only borrow three bits to create subnets with. With three bits, you can create eight subnets, with each subnet supporting up to 30 hosts. 255.255.255.224 is the correct subnet mask. ® ˚ A. 255.255.255.192 will create four subnets, but leaves too many bits in the host field (six). C and D. Neither choice leaves enough bits in the host field to comply with the scenario.

Subnet Masks ✓ D. The 255.255.252.0 subnet mask for 137.99.0.0 borrows six bits from the host field. The 12. ® third combination of these bits equates to the “8” subnet (000000|xx is the first, 000001|xx is the second, and 000010|xx is the third, where the x’s represent the two host bits in the third octet). To find the broadcast address, all host bits must be set to 1’s: 000010|11.11111111. This equates to 137.99.11.255. ® ˚ A. Since all host bits are NOT set to 1’s, 137.99.12.255 is simply a host address on the fourth subnet (000011|00.11111111). B. 137.99.15.255 is the broadcast address for the fourth subnet (000011|11.11111111). C. Since all host bits are NOT set to 1’s, 137.99.8.255 is a host address on the third octet (000010|00.11111111).

228

Chapter 7:

IP Address Subnetting

✓ A, B, and C. The magic number created by the 255.248.0.0 subnet mask is 8 (in the second 13. ® octet). The second subnet is 17.8.0.0, with a useable range of 17.8.0.1 through 17.15.254. ® ˚ D and E. 17.0.15.255 and 17.0.19.255 do not fall within the useable range. ✓ D. The subnet mask of 255.255.255.192 borrows the first two bits from the last octet. 14. ® The first subnet is the zero subnet, and the second is the 220.55.66.64 subnet. The relevant information regarding the first subnet is the subnet ID (220.55.66.0), the useable range (220.55.66.1 through 220.55.66.62), and the broadcast address (220.55.66.63). ® ˚ A, B, and C. These choices do not fall within the useable range. ✓ C. A Boolean AND between the IP address 125.35.88.7 and the subnet mask of 15. ® 255.255.240.0 shows the subnet ID as 125.35.80.0. Turning on all the remaining host bits, we have 125.35.01011111.11111111, which equates to 125.35.95.255. ® ˚ A, B, and D. These choices do not reflect the broadcast address of the proper subnet ID.

8 Interfacing with Cisco Devices

CERTIFICATION OBJECTIVES 8.01

The IOS and Configuration Files

8.02

The CLI

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

230

Chapter 8:

Interfacing with Cisco Devices

U

p to now, most of this book has explored general networking concepts, which are applicable whether you are taking a Cisco exam or learning basic networking for any job in information technology (IT). In this chapter, though, we finally get Cisco-centric. We’ll cover some basics on Cisco devices, briefly describing device characteristics, and define the differences between the device’s operating system and its configuration files. The chapter will conclude with a discussion of the methods used to access and update configuration files, including structure and syntax.

CERTIFICATION OBJECTIVE 8.01

The IOS and Configuration Files A Cisco router or switch is, for all intents and purposes, a computer. Granted, it’s a very specialized computer, performing very specific functions, but it’s a computer nonetheless. Like every computer, these devices have a CPU, both temporary (active) memory and long-term storage areas, expansion bays, and a variety of chipsets to accomplish their tasks. The methods for accessing and managing these devices are somewhat different than the point-and-click GUI method used on most Windows machines, but the thought process remains the same. Additionally, just like with a computer, these devices follow a specific boot process when power is applied. So, before covering the IOS and configuration files, it’s important you learn the boot process for Cisco devices.

The Boot Process Before the boot process can be fully understood, it’s helpful to know the memory locations that play a role in it. Whether it be a Cisco switch or a router, a Cisco device has four major areas of memory: RAM, Flash, ROM, and NVRAM. Random access memory (RAM) is used on a switch or router exactly as on a computer—for working storage—and is volatile in nature, clearing as soon as the device is rebooted or loses power. Flash memory is a permanent storage location (on a chip or removable card) and is used to store operating system images. Read-only memory (ROM) is another permanent memory location within the switch or router that holds

The IOS and Configuration Files

231

a bootstrap program. The bootstrap program is loaded immediately after power on self test (POST) at power up and finds the proper operating system image to load. Finally, non-volatile RAM (NVRAM) is another permanent storage location within the device that holds the configuration file used when the device is powered on. Table 8-1 summarizes this information.

Commit Table 8-1 to memory. Know what “lives” in each storage location, as well as the steps taken to load

and execute the IOS and configuration files. You will definitely be asked about it on the exam.

As covered earlier in Chapter 5, Cisco switches follow a specific boot process at power up. Routers follow much the same process, but a few key differences exist. The steps a router takes to boot can be seen in Figure 8-1. After the POST, the router checks ROM and loads the bootstrap program into RAM and executes it. The bootstrap program’s job is to find a bootable IOS and load it into memory. After the operating system is loaded and running, bootstrap hands over control to it. Taking a small step back, one very important function within the boot process that warrants more discussion is the selection of an IOS from which to boot. When your home PC boots up, it runs a POST, and then follows a prescribed path to search for a bootable partition. Your BIOS settings might prescribe, for example, that the system check the CD drive for a bootable partition first, before checking the hard drive. Once a bootable partition is found, the operating system (OS) loads into memory, and you begin accessing the system, running applications and functions. Cisco devices boot in much the same method, but instead of configuring BIOS settings to determine the boot order, Cisco devices use something called a configuration register and the boot system command.

TABLE 8-1

Cisco Device Memory Locations

Memory Location

RAM

Flash

Purpose

Running configuration

IOS image(s) Bootstrap and Startup ROMMON OS configuration

ROM

NVRAM

232

Chapter 8:

FIGURE 8-1

The router boot process

Interfacing with Cisco Devices

POST

ROM: Load bootstrap into RAM and execute Check ROM for IOS Check TFTP for IOS Check Flash for IOS

RAM Bootstrap Bootstrap searches for an IOS to boot

IOS

Find startup configuration in NVRAM Find startup configuration from TFTP Find startup configuration from Console

IOS now needs a configuration file

Running Configuration

The configuration register setting is a hexadecimal number that tells the device where to look for an IOS image to load. It appears as a four-digit number, starting with 210 and ending with a hex digit ranging from 0 to F. The last hex digit in the series determines where the device looks for an IOS. If the last digit is a 0, the system ignores Flash memory and boots directly into a barebones operating system known as ROMMON. If it is set to 1, the system will boot using the first IOS found in Flash memory. Finally, if it is set to anything else, the system will again look in Flash for an IOS to boot from, but it will take into account the boot system command. The boot system command is placed in the router’s configuration file and will instruct the router where to look for its IOS image. Typically, you will want the router to boot from Flash memory using the entry: boot system flash. By default, the configuration register is set to 2102, which tells the device to check for boot system commands. If they do not exist, the system boots the first IOS found in Flash memory. Another important setting to remember is 0x2142. This configuration register functions the same way as the default, loading the first IOS found in Flash memory. However, it does not load a configuration file; instead, the device enters the System Configuration dialog, otherwise known as setup. 0x2142 is most often used during password recovery.

The IOS and Configuration Files

233

If you happen to see the boot: cannot open “flash:” error message during a boot, it means a boot system command has been entered incorrectly. Check the spelling on the filename referenced by the command—a single letter, period, or dash out of place will point to a file that simply isn’t present in Flash! If no boot system command exists, the system simply uses the first IOS copied into Flash. The system keeps track of the order that files were copied into memory via an incrementing number, so the IOS file with the lowest number is considered first. However, if multiple boot system commands exist, it will attempt each one, in order, until a suitable IOS is found. The syntax for the command is boot system location filename IPaddress. Examples of the boot system command are summarized in Table 8-2.

Commit to memory the three configuration register settings (0, 1, and 2, or above) and their meaning. Remember, the configuration register is set by the config-register command and,

by default, is set to 2102. Configuration register 2142 is used during password recovery. Be sure to memorize the proper syntax for the boot system command as well as its application.

Note: More information on setting the configuration register and using the boot system command will be covered in Chapter 10. Assuming an appropriate IOS image is located and installed, the IOS next searches for a configuration file to load and run. If a configuration file exists, a copy will be stored in NVRAM. The file’s name is startup-config, and it contains all the settings previously configured and saved on the router by the administrator. If the file does not exist, the IOS will load a file called setup, which, amazingly enough,

TABLE 8-2

Boot System Commands

Command

Application

boot system flash

Boot the first IOS file found in Flash.

boot system flash filename Boot the IOS named filename from Flash. boot system tftp filename 172.16.1.5

Boot the IOS named filename from the tftp server addressed 172.16.1.5.

234

Chapter 8:

Interfacing with Cisco Devices

runs a step-by-step setup program for the administrator. More information on IOS options, setup, and the configuration file will be covered later. Finally, regarding the boot process, one other “operating system” should be considered. Have you ever turned on your PC only to find the dreaded “blue screen of death”? Have you ever come across a system that just simply wouldn’t boot, or locked up so often it was virtually non-useable? Most of us have, and many times these systems need to be reloaded from scratch with a new operating system. Sometimes, it seems, operating systems or their storage locations simply corrupt and need to be replaced. As a computer itself, a router is no different. Sometimes the Flash memory holding the IOS image gets corrupted, or a bad copy of the IOS image is placed into Flash. In either case, it would certainly be nice to have an option to replace or repair the image installation. Thankfully, Cisco designed that very option with something called the ROM Monitor. ROMMON OS is a barebones basic operating system kept in ROM memory. Administrators can manipulate the configuration register setting to boot into this operating system for repair purposes, or during password recovery. ROMMON does not allow very much usability, and is only to be used in emergency circumstances. Booting into ROMMON allows administrators to copy new images into memory, recover from passwords, and reset configuration register settings.

ROMMON is used for password recovery and emergency IOS restore operations, and resides in ROM. To boot into ROMMON, the configuration register setting must

have a boot field of “0”. Lastly, older routers used a version of this known as Boot ROM (or RxBoot—boot helper). This older version is not used on newer routers.

The Cisco IOS Configuring and accessing the router is very important, but we first need to cover the basics of what the operating system is, where you can find it, and how to gather information about it. Obviously the commands and many of the activities listed in this section cannot be accomplished until the router or switch is installed and properly configured, which we don’t cover until Chapters 9 and 10. However, it is vital to cover the IOS and its relevant information first, even if it means going over

The IOS and Configuration Files

235

a command or two you cannot use until later. In other words, you need to know what the IOS is and how to manage it before you learn the configuration steps necessary to get it working. Depending on the IOS version installed, services and features differ from router to router. Some versions, for instance, may provide better debug functions, command sets, or compatibility features than others. If you find yourself searching for a command that doesn’t seem to be available, or attempting a service that doesn’t seem to work, check your IOS version number—you may simply need to load a newer IOS version. Cisco’s operating system, the IOS, works much like any other operating system on any other computer. It recognizes inputs, provides output, and keeps track of peripheral devices and bus settings. Additionally, the IOS provides the framework for security and management configuration settings. Operating systems for computers are fairly easy to distinguish—Windows XP is obviously different from Windows 2000 Professional or Windows 95, for instance. Just as Microsoft releases new operating systems from time to time, Cisco’s Internetwork Operating System (IOS) has gone through several upgrades and stages; however, it’s a little more difficult to tell them apart. When a new IOS is released, it’s not given a new name, but rather a new version number. The naming convention for each new version of the Cisco IOS provides quite a bit of information. Each portion of the name signifies specific information, as shown in Figure 8-2. After the router is up and running, the command show version can be used to check the version number your router is using. A sample output, with key information highlighted, is provided here: classRTR1#show version Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(1c), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport

FIGURE 8-2

The IOS naming convention

c2801-ipbase-mz.124-1c.bin

Feature Set Hardware Platform

Version and Release

File Format

236

Chapter 8:

Interfacing with Cisco Devices

Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 26-Oct-05 08:42 by evmiller ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) classRTR1 uptime is 1 minute System returned to ROM by power-on System image file is "flash:c2801-ipbase-mz.124-1c.bin" Cisco 2801 (revision 7.0) with 114688K/16384K bytes of memory. Processor board ID FTX1120Z0T9 2 FastEthernet interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 62720K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102

The show version command holds a lot of information about your router. The IOS version number, as well as the bootstrap version number, is listed here. Loads of information about the system boot procedure is also listed, including system uptime (since last power off), the reason and time for the last reload of the IOS, and the source of the current IOS. This command output also displays information about the system itself: the amount of RAM, the interfaces available, and the amount of NVRAM and Flash memory available. Finally, the configuration register setting is also displayed.

Know what information can be gathered from a show version command output. Go over the sample output provided and make sure you

can pick out the relevant information, especially keying on the configuration register, the IOS version, and the latest reload information.

You can upgrade your IOS version by copying a new version into Flash (assuming you have room for it), and then reloading the router to boot into the new version. Additionally, you can easily copy your existing IOS to a separate storage location, for disaster recovery purposes. To place the existing IOS into a remote storage location, or to grab a new version for Flash memory, simply use the copy source destination command in conjunction with an accessible TFTP server, where source and destination refer to the storage location, and sometimes the name, of the file you wish to copy.

The IOS and Configuration Files

237

Backing up your IOS image, or loading a new image to the router, is relatively simple, provided you understand a couple of basics regarding TFTP. TFTP is very picky and will only transfer the exact file you specify—one letter or character misspelled and it’s all over. Additionally, TFTP allows no directory browsing—if you wish to pull a file from the TFTP server, you must know the exact syntax of its name. So, before running the copy command, use the show flash command to see the filenames contained in Flash memory. Your IOS file will end in “.bin” and contain a long string of characters that look something like this: c2801-ipbase-mz.124-1c.bin. Once you know the name of the IOS image to back up, simply type the command copy flash tftp. The router will prompt you for the name of the file you wish to TFTP to the server. You can either type the name in or simply cut and paste by selecting the name from the show flash command earlier. Next, you input the IP address of the TFTP server and the destination filename (note that it does NOT have to be the same as the original, although it’s best to leave it that way). As the file copies, a series of exclamation marks (!) will display its progress. A sample output from this process is listed here: classRTR1#show flash -#- --length-- -----date/time------ path 1 13932728 May 18 2007 13:20:58 +00:00 c2801-ipbase-mz.124-1c.bin <<<<..Output Truncated ..>>>> 9 416354 May 18 2007 13:41:04 +00:00 sslclient-win-1.1.3.173.pkg 39768064 bytes available (24244224 bytes used) classRTR1#copy flash tftp Source filename []? c2801-ipbase-mz.124-1c.bin Address or name of remote host []? 172.16.1.6 Destination filename [c2801-ipbase-mz.124-1c.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!! <<<<..Output Truncated ..>>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! 13932728 bytes copied in 39.980 secs (348492 bytes/sec)

To load a new IOS image to the router, simply follow the process in reverse. This time, the command syntax is copy tftp flash. The router will first prompt for the TFTP IP address, and then ask for the name of the file you wish to import. Be sure the name is typed or pasted exactly as it appears on the TFTP server. If you are copying a file with the same name as one already existing in Flash, the router will ask if you wish to delete the original file. Once again, exclamation marks (!) will indicate the progress.

238

Chapter 8:

Interfacing with Cisco Devices

Familiarize yourself with backing up IOS images as well as copying new images to the router. Remember the show flash command not only displays the files located in Flash, but also shows

the amount of memory available.The copy source destination command lets you copy IOS and configuration files from one location to another, both inside and outside of the router.

Moving IOS and configuration files to and from a router or switch can be done with TFTP or FTP. In modern networks concerned with security, FTP is the preferred choice. On the exam, you’re much more likely to be asked about TFTP, though.

Configuration Files Having the operating system on the router or switch is only half the battle—you need a configuration file to tell the IOS how to operate! While your computer loads an operating system and then waits for your input, Cisco devices load an operating system and a configuration file. While the operating system provides the framework for system interaction and the overall functions the device is capable of performing, the configuration file provides the specifics needed to get the job done. For example, the operating system provides a method to recognize the device is a router with Ethernet and serial ports, but the configuration file provides the addresses and security settings for those interfaces. The configuration file provides settings on everything from interface addresses and communications specifics to passwords and protocol specifics. Configuration files are called by the IOS after bootup, and their settings are loaded into memory. Cisco devices actually have two configuration files—the startup configuration and the running configuration. The startup configuration, known as startup-config, is the configuration the router or switch pulls from NVRAM at boot. All configuration information placed into the startup-config remains, even when the router or switch loses power. The purpose of the startup-config is simple and obvious—without it, administrators would have to retype all configuration information every time the device powered off! In other words, changes are not made to the startup-config. You can copy a new configuration file in its place, but once the file is copied into NVRAM, it remains the same.

The IOS and Configuration Files

239

The only time a Cisco device does not start with the startup-config file is when no startup-config exists in the first place, or if it is told to ignore the startup configuration. For example, when you first purchase a new switch or router, it has no configuration on it. Administrators may also decide, for a variety of reasons, to delete the startupconfig file altogether and start from scratch. To delete the startup-config file, administrators can use the erase nvram command (older versions of this command include write erase and erase startup-config). After deleting the startupconfig, the administrator needs to either power cycle the device or issue the reload command. If no startup-config exists, the device will default into Setup mode, asking a variety of questions to lead the administrator through configuring the device. Administrators can also enter Setup mode by typing the command setup from Privileged mode. Setup mode prompts with simple questions, asking for a response on a given configuration item. The answer can be typed in or, by simply pressing ENTER, the administrator can accept the default values, displayed in brackets ([]). While this is a simple process, setup does not allow you to go backward—once a configuration option has been entered, you cannot go back to it. Therefore, if you make a mistake during setup, use CTRL-C to abort and then restart the script. After setup finishes, and all configuration options have been entered, the system will display the configuration being created. At this point, the configuration is neither applied nor saved. It is simply waiting for a decision from the administrator. After the display, the user has three options. Choosing option 0 deletes the setup configuration and returns the user to Privileged mode. Option 1 returns to the beginning of the setup script. Finally, option 2 saves the configuration file into NVRAM and RAM (effectively activating it), returning the user to Privileged mode. More on setup and other configuration options will be covered later in the book. Another built-in setup script for Cisco routers and switches is auto secure. This script runs much like Setup mode, but only concentrates on the security settings for the device—such as enabling a built-in software firewall and disabling unnecessary services on the device. Only available on newer models, auto secure is started by typing auto secure in Privileged mode. On the other hand, all changes to the configuration of a router or switch are done to the running configuration, known as the running-config. The runningconfig actively runs in RAM and starts out exactly the same as the startup-config. Remember, a copy of the startup-config is loaded into RAM at boot—once loaded and activated, it becomes the running configuration. Even though they start exactly

240

Chapter 8:

Interfacing with Cisco Devices

the same, the running configuration and the startup configuration do not necessarily hold the same settings 100 percent of the time. Any changes to the configuration are done to the running-config, and those changes go into effect the moment the administrator makes the change. To ensure the changes remain after power off, you must first copy the running-config over the existing startup-config. The command to do this, amazingly enough, is copy running-configuration startup-configuration.

Be sure you understand the differences between the startup configuration file and the running configuration file. Also, remember changes

made to the running configuration go into effect immediately, and to save the changes you must issue the copy runningconfiguration startup-configuration.

Just as the running-config can be copied to startup-config to save settings, other configuration files can be copied into RAM, and the running-config can be backed up in multiple locations. Remember the copy source destination command? Both running and startup configuration files can be copied to Flash memory, RAM, or an off-device location—such as a TFTP or FTP server, or to a simple text file on a laptop. For example, the running configuration might be copied to a TFTP server for backup purposes using the copy running-config tftp command. A configuration file sitting on a TFTP server may be copied into NVRAM by using the copy tftp nvram command. An important note to keep track of here is the treatment of the file currently resting in the target memory area. Anytime a configuration file is copied into NVRAM (startup-config), the file currently in NVRAM is overwritten. However, this is not true with anything copied into RAM. If a configuration file is copied to RAM (running-config) the file is merged with the file already in RAM. In the merge process, the IOS updates commands in RAM that are different than the incoming file, and adds any new commands found in the new file. However it does not eliminate any commands from the file in RAM that it does not find in the source file. For example, suppose a source file has a command to change the IP address of interface Fast Ethernet 0/0, but does not have any banner commands, while the running configuration of the device does have a banner. When the file is copied into RAM, the IOS will update the interface’s IP address, but will not eliminate

The IOS and Configuration Files

241

the banner command—even though the source file does not have a single banner command in it. In other words, the source file merges with the running config instead of simply overwriting it. Lastly, both configuration files can be known and addressed within commands by more than one method. startup-config and running-config are their most commonly referred to names, but Remember, anything they are also known by other names. Startupcopied to running-config is merged to the config can also be referred to within commands file.The running config is not overwritten! by nvram: or by nvram:startup-config, while running-config can also be referred to as system:running-config. Much more information on updating and managing the startup and running configurations on switches and routers will be covered in subsequent chapters. Battle-hardened Cisco networkers are always looking for shortcuts to get the job done. Less keystrokes typed means more time for sugary snacks. For example, the command write mem can be used to copy the running-config to the startup-config. It’s a lot shorter than the copy running-config startup-config command and, I suppose, “cooler,” too. As a matter of fact, due to the auto complete help function, you can truncate this command to simply wr—thus, copying the configuration by using only two letters! According to Cisco, however, newer IOS versions will stop supporting this command soon.

Access Methods Knowing configuration files hold the settings necessary for the router or switch to function, and that the running configuration is updated by an administrator in real time, an obvious question is raised: How are these changes made to the configuration file? On Cisco devices, the configuration files can be accessed locally or remotely, and using command-line or web-based methods. This section introduces the various methods and features of accessing Cisco devices. The information covered in this introduction will provide the bedrock of information needed for success in later chapters, and in your day-to-day administration. Administrators can access Cisco configuration files in three main ways. First, the administrator can connect directly to the console port on the router or switch. Because it requires local access to the router, only allowing this type of access to the

242

Chapter 8:

Interfacing with Cisco Devices

configuration files is probably the most secure access method available. To access the router or switch using the console port, the administrator connects a rollover cable between a DB-9 connector affixed to a PC’s serial port and the console port on the switch or router. A rollover cable maps pin 1 to pin 8, pin 2 to pin 7, and so on, “rolling over” one end of the cable to the other. The RJ45 connector on one end plugs directly into the console port on the device, while the other plugs into the RJ45 side of the DB-9 connector. The connection for local console access is depicted in Figure 8-3. Once this physical connection is made, the administrator can use a terminal emulation program, such as HyperTerminal or Terra Term, to type in configuration changes. When setting up any terminal emulation program on a console connection, the emulator must be configured properly on the computer’s serial port. The default console settings on a switch or router are: ■ 9600 bits/second ■ No hardware flow control ■ 8-bit ASCII ■ No stop bits ■ 1 parity bit

When using HyperTerminal, Terra Term, or any other emulator, once you attempt to connect over the console port, the system will prompt for the correct communications settings. If you’re using HyperTerminal for the connection, you can simply press the Restore Defaults button to set these. The default console settings in HyperTerminal are displayed in Figure 8-4. Once the communications settings are in place, the emulator allows access to the device.

FIGURE 8-3 Console port

A console connection Rollover cable

DB-9 connector

The IOS and Configuration Files

243

FIGURE 8-4

The default console terminal settings

CertCam

A multimedia demonstration on configuring HyperTerminal for console connections can be found on the CD accompanying this book. While many terminal emulation programs exist, HyperTerminal is probably the most common—due mainly to the fact it is built in to most Windows operating systems. Additionally, HyperTerminal appears most often on the exam.Terra Term can be downloaded for free from www.ayera.com and allows for remote SSH access as well. Either works just as well as the other and is purely a matter of personal preference. Administrators can also access Cisco devices remotely, through telnet or SSH access. A telnet or SSH session between the administrator’s PC and the router or switch provides the same functionality as a console connection. The benefit is that the administrator can access configuration files without local access to the device, from any location inside or outside the network. The drawback, obviously, is security—allowing remote access through any method opens a security concern for your network. If remote access to devices is a necessity, the device must be configured to allow this access, and SSH should be used in place of telnet as much as possible. Telnet runs over port 23 and sends all information in clear text, while SSH uses port 22 and encrypts the session. Lastly, Cisco routers and switches can be updated using web-based access. A graphical user interface (GUI) can be accessed over a web browser using Cisco Router and Security Device Manager (SDM) or Cisco Device Manager (CDM).

244

Chapter 8:

Interfacing with Cisco Devices

Know the different methods of accessing Cisco devices. Local access is the most secure, requiring physical access to the device, and using a rollover cable with a DB-9 connector to the serial port of your laptop. Memorize the default settings required for emulator access over

the console.The benefit of using SSH over telnet in configuring routers or switches remotely is that it encrypts the session, preventing sniffers from stealing passwords, and so on. Finally, web access to configure the devices can be found in SDM (router) and CDM (switch).

SDM is used for router access and configuration, while CDM is used for switches. SDM must be loaded and enabled on the router before use, and provides a simple means to update almost anything you can imagine on the router. More information on accessing and using SDM will be covered in Chapter 10. SDM is addressed in more detail than CDM in this book because it’s covered on the exam. SDM is generally already loaded on most new routers. If you need to install it, though, check www.cisco.com for instructions on how to proceed. After installation, SDM provides a quick and easy way to configure devices. It will infuriate you at first with a lot of prompts and security checks, but once it’s set up, it’s a true time (and sanity) saver.

EXERCISE 8-1 Router Connection Methods—HyperTerminal and Telnet This exercise demonstrates the proper steps needed to establish a connection with a Cisco device—both locally, using the console port, and remotely, using telnet. The local portion of this exercise obviously requires physical access to a router (or switch), along with a cable and a properly equipped system. If you do not have access to all of these, you can still view the configuration by skipping the physical installation of the cable and simply opening and configuring HyperTerminal, as depicted in steps 1 through 4. All other steps in this exercise can be accomplished using the Boson’s NetSim simulator. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click on the LabNavigator button. Next, double-click on Exercise 7-1 and

The IOS and Configuration Files

245

click on the Load Lab button. You can then simply click the 2600-1 router to see the connection, as depicted in steps 5 through 11. 1. After connecting the rollover cable to the console port, and ensuring the DB-9 connector is attached to the serial port of the Windows PC, power on the router. On the PC, choose Start | All Programs | Accessories | Communications | HyperTerminal, as shown in Figure 8-5. 2. Type in Cisco as the name of the connection in the Connection Description dialog box and then click the OK button (see Figure 8-6). 3. Choose COM1 from the drop-down in the Connect To dialog box, and then click OK (see Figure 8-7). 4. Click the Restore Defaults button in the COM1 Properties dialog box (see Figure 8-8). Notice the communications parameters default to those required by Cisco console ports. Click OK. 5. HyperTerminal now opens, displaying the connection to the router (see Figure 8-9). You can now log in to the router, and configuration commands can be entered. Log in using the username Bob and the password CCENT. To enter Privileged mode, type the command enable and press ENTER. Next, type the command show version and press ENTER. FIGURE 8-5

Starting HyperTerminal

246

Chapter 8:

FIGURE 8-6

The Connection Description dialog box

FIGURE 8-7

The Connect To dialog box

FIGURE 8-8

The COM1 Properties dialog box

Interfacing with Cisco Devices

The IOS and Configuration Files

FIGURE 8-9

247

HyperTerminal

6. To leave Privileged mode, type disable and press ENTER, then type exit and press ENTER to exit out of the CLI completely. Close HyperTerminal by clicking the red X at the top right of the window. When asked about disconnecting, click Yes. 7. HyperTerminal will ask if you would like to save the current settings. To avoid setting up the communications parameters again, choose Yes. HyperTerminal saves the connection as Cisco, and places it in the menu group HyperTerminal.

248

Chapter 8:

Interfacing with Cisco Devices

FIGURE 8-10

The HyperTerminal group

8. Access the saved setting by choosing Start | All Programs | Accessories | Communications. Notice that a new group named HyperTerminal appears within the Communications group (see Figure 8-10). When you highlight the HyperTerminal group, Cisco appears. Click Cisco, and HyperTerminal opens with the saved communications parameters. Press ENTER and you can log in to the router again. Note: You can also copy the icon directly to the desktop, for even faster access. Choose Start | All Programs | Accessories | Communications. Select the HyperTerminal group and right-click the saved Cisco settings. Choose Send To…, and then Desktop (create shortcut).The shortcut icon appears on the desktop. Simply double-clicking it will open HyperTerminal, preconfigured for access.

9. To connect to a router using telnet access, choose Start | Run. Type cmd (for command prompt) and press ENTER. 10. In the command prompt, type telnet IPAddress, using the IP address of the router. Provide the same userid and password as before. The prompt changes to the user exec level prompt, letting you know you are in the router. 11. Type enable to move to Privileged mode, and then type show version. To exit, type disable (leaving Privileged mode) and exit (to leave the CLI).

The CLI

249

CERTIFICATION OBJECTIVE 8.02

The CLI Regardless of the access method used, configuration is done by interacting with the IOS and configuration files. Using SDM, this is more or less a point-and-click interface. However, if you connect via the console or remotely (telnet or SSH), interaction with Cisco devices is accomplished through the command-line interface (CLI). The CLI allows administrators to access the IOS and configuration files using a series of commands to accomplish the configuration goal. Much like any other access functionality, the CLI has rules, syntax, and help functions, and these characteristics should be learned before attempting any device configuration.

CLI Modes The CLI is divided into three main modes: User, Privileged, and Configuration. User mode is the first mode a user has contact with after accessing the device. Only basic commands can be used here, and no configuration of the device in any way is allowed. Users in this mode can view configuration settings (using the show command), but cannot change them nor reboot or restart the system. User mode, also known as User EXEC mode, appears immediately after the console or telnet (SSH) session is established, and its prompt is a “>”. The > symbol appears immediately after the router or switch name, as configured by the administrator, and is a quick way for users to tell which mode they’re in. Privileged mode provides many additional options to the user, and is accessed when the user types in the command enable. After entering Privileged mode, also known as Privileged EXEC mode or Enable mode, the prompt changes to a “#” sign. A user in Privileged mode can view system information, restart the system, or enter Configuration mode. Because of its additional abilities, access to Privileged mode is restricted and generally protected via a password. To leave Privileged mode and go back to User mode, use the disable command. The last mode, Configuration mode, allows users to modify the running configuration files on the device. Configuration mode is accessed by the command configure terminal, typed by users already in Privileged mode, and has a wide variety of submodes. Initially, Configuration mode is in Global Configuration mode.

250

Chapter 8:

Interfacing with Cisco Devices

However, as the administrator moves through the configuration file (changing settings on lines, interfaces, and router settings), the configuration submode changes. Each submode is accessed by typing in a particular command, and each has its own prompt. Users start in Global Configuration mode, and commands here affect the entire device. These settings include things such as the device hostname and whether a particular banner will be used or not. From Global Configuration Mode, the user can enter other, more specific areas by typing in the appropriate command. For instance, the command to enter Interface Configuration mode is interface type number, where the type and number arguments point to the individual interface to be configured. Commands issued in this mode only affect this one interface. The command to enter Line Configuration mode is line type number, where type identifies the line type and the number defines which line to configure. Again, these commands do not affect anything on the router other than the line that was specified to enter the Configuration mode. Users do not need to return to Global Configuration mode to move between submodes—simply typing the appropriate command takes you directly from one submode to another. To exit out of a submode back to Global Configuration mode, type the command exit. Obviously, all this moving around between Global, Interface, and Line Configuration modes can get very confusing. Thankfully, the prompt helps identify where you’re at in the configuration. The prompt always appears as the name of the device, followed by a word in parentheses with a pound sign at the end. The word in parentheses refers to the area on the device that is actually being configured. In Global mode, the word is simply config. In Interface mode, the word changes to config-if. In Line mode, it appears as config-line. For clarification, consider the following example. On a router named RTR1, initially upon entering Configuration mode the prompt appears as RTR1(config)#, indicating Global Configuration mode. After assigning a hostname and making other changes that affect the router globally, the administrator decides to change an IP address on the first Ethernet interface. Typing in the command interface fastEthernet0/0, the mode changes to Interface mode, with the prompt now displaying as RTR1 (config-if)#. After configuring the IP address, the administrator decides to update the telnet lines on the device. By typing the command line vty 0 4, the administrator can now update telnet settings, and the prompt changes to RTR1(config-line)#. One last characteristic of CLI modes needs careful consideration before moving forward—how to exit out of a particular mode, and where exiting that mode leaves you within the CLI. For the most part, to exit out of any mode you simply type

The CLI

251

the command exit. When you exit a sub-configuration mode, it takes you back to Global Configuration mode. For example, if you were in Interface Configuration mode (with a command prompt of RTR1(config-if)#) and typed exit, you would return to Global Configuration mode (displaying a command prompt of RTR1(config)# ). If you’re confused about where you are in the configuration, you can use several exit commands until you reach Privileged mode, or simply issue the command end or use the keystroke combination CTRL-Z to exit Configuration mode altogether.

You must have a solid understanding of each mode. Know how each mode is accessed (such as using enable for Privileged access, and configure terminal for Configuration mode) and how to exit from each one (by typing exit or pressing CTRL-C for each configuration mode, or entering disable for Privileged mode). Additionally, pay very close attention to the prompt displayed.

Many times exam writers will attempt to trick you by providing the correct command, but the wrong prompt. For example, you set an IP address on an interface, not globally—therefore, the prompt should be RTR1(config-if)#. Exam questions may change the wording within the parentheses, or even get so granular as to change the # to a > in an effort to trip you up, so memorizing Table 8-3 will help a lot.

Obviously, the CLI can be very confusing. However, knowing the purpose and prompt for each mode makes things a little easier to understand. Simply keep in mind that the prompt displays your location within the CLI, and exit takes you back one level. Table 8-3 summarizes the CLI configuration modes. One frustrating thing about CLI prompts comes into play on large routers or switches with multiple interfaces and lines. Notice that the prompt for a line or interface does not provide any information about which line or interface you’re configuring. For example, configuring interface Ethernet 0 or Serial 0 would show the same prompt: (config-if). A helpful hint when configuring large devices is to perform the configuration offline on a text editor, and then upload later when done. You can also keep track along the way using a notepad and a pencil, but be very careful!

252

Chapter 8:

TABLE 8-3

CLI Modes

Interfacing with Cisco Devices

CLI Mode

Prompt

Entry Command

Exit Command

User EXEC

Hostname>

None—immediately after establishing emulator connection

exit or CTRL-C

Privileged EXEC

Hostname#

enable (from User mode)

disable

Global Config

Hostname (config)#

configure terminal

exit or CTRL-C

Interface Config

Hostname (config-if)#

interface type number (from anywhere

Hostname (config-line)#

line type number

Line Config

Router Config

Hostname protocol (from Global (config-router)# Configuration mode)

(from Privileged mode)

exit or CTRL-C

within config mode) (from anywhere within config mode)

exit or CTRL-C

router routing

exit or CTRL-C

CLI Help Features The CLI is command-driven, meaning a prompt awaits user input. In other words, much like the old DOS days, pictures simply aren’t there to help, and syntax in typing in commands is paramount. Thankfully, the interface has lots of help features built in. Help features within the CLI include the question mark (?), the autocomplete function (TAB), command history, shortcut keys, and error indicators. Literally thousands of command combinations lay within the CLI, and each command can have a number of parameter combinations along with it. New users need to know which commands are even available to them before they can begin to decide how to proceed, not to mention the parameters for each command. Within the CLI, this is the function of the question mark. Typing a question mark from anywhere within the CLI displays every command, or command parameter, available from that particular mode and prompt. If there are more commands than there is screen space to display them, the commands scroll across the screen, ending with a - - More - - entry. Pressing the SPACEBAR scrolls through the remainder of the command options one page at a time, while pressing ENTER displays one line at a time. To exit out of the display, press CTRL-C. A very important note here, though, is that the display only shows the commands from that particular location—a user in User mode, for instance, would not see the commands available in Privileged mode, and a user configuring an interface would

The CLI

253

only see interface commands, not global configuration commands. Additionally, the question mark does not provide the full syntax of the command, only the command itself. To see all the parameters of the command, type the command first, a space, and then a question mark. As the commands scroll up to fill the page, you can press the SPACEBAR to see the next page of options. The question mark help feature is a brilliant display of human intellectualism and engineering, but it does have one uniquely aggravating feature. Every other command in the CLI requires that you press ENTER to activate it. When you press the question mark, however, it immediately begins displaying command options—you don’t have to press ENTER after pressing the “?”.This can sometimes get annoying since the display of commands will stop after you press ENTER. Just keep in mind that the “?” is instantaneous in its response. Additionally, after all the options display, the CLI presents the command as you previously typed it, awaiting a parameter.The idea is it would save time by not requiring you to retype the command. Unfortunately, many people simply start typing the command in again, entering it twice on the same line. Just remember to pause and view the screen before typing anything! For additional clarity, consider an example. Suppose an administrator wanted to set the time on a router to 9:00 A.M., but is unfamiliar with the command syntax to do so. Using the question mark, the commands to do so are readily displayed: classRTR1#? Exec commands: access-enable Create a temporary Access-List entry ///Output truncated /// clear Reset functions clock Manage the system clock classRTR1#clock ? read-calendar Read the hardware calendar into the clock set Set the time and date update-calendar Update the hardware calendar from the clock classRTR1#clock set ? hh:mm:ss Current Time classRTR1#clock set 13:58:22 ? <1-31> Day of the month MONTH Month of the year classRTR1#clock set 13:58:22 4 DEC ? <1993-2035> Year classRTR1#clock set 13:58:22 4 DEC 2007

254

Chapter 8:

Interfacing with Cisco Devices

Notice in the preceding example code that the question mark only displays the information for the area where it was entered. The options for the clock command include read calendar, and set and update calendar, and a short description of each sub-command’s purpose follows. Additionally, after pressing the “?”, the options will display and the CLI will take you right back to the command. In other words, after pressing “?” following the command clock, the options will display, and the CLI will present the command again, waiting for your input: classRTR1#clock ? set update-calendar classRTR1#clock set

Set the time and date Update the hardware calendar from the clock

While the question mark is a fantastic help feature within the CLI, auto complete is just as valuable. Being a command-driven interactive system, the CLI demands perfection. You can’t just get part of the command right, it has to be typed exactly. The auto complete function helps with this problem in two ways: allowing truncated command entry and use of the TAB key. Eliminating the need to remember the full syntax of most commands, auto complete allows administrators to use truncated versions of commands, instead of requiring the full command to be entered. For example, the command to enter Global Configuration mode from Privileged mode, as covered earlier, is configure terminal. Because of auto complete, however, an administrator can simply type conf t to execute the command. Auto complete only needs enough characters to determine which command the administrator is actually attempting to use. If you do not supply enough characters for it to differentiate which command you wish to enter, though, it won’t work. For instance, refer to the preceding example in setting the clock time on a router. At the first prompt, typing in cl would not give the CLI enough information since there are at least two commands that start with “cl” – clear and clock. However, you could type clo and the CLI would know exactly which command you’re referring to, thanks to auto complete. For another example, instead of typing copy running-configuration startup-configuration, you could simply type copy run start. Using auto complete saves a lot of time in switch and router configuration updates. The second auto complete function that helps administrators is the TAB key. If you are unsure of the proper syntax on a particular command, simply type in the first portion of the command and press the TAB key—auto complete then fills in the appropriate syntax for you! Especially when learning your way around the CLI, this

The CLI

255

feature is unbelievably helpful. The use of TAB in learning command syntax is shown in the following: classRTR1#? Exec commands:| access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files auto Exec level Automation bfe For manual emergency modes setting //// Output Truncated //// RTR1#a //// 1) Typed 'a' and pressed TAB... RTR1#a //// 2) CLI returned 'a' because more commands start with a... classRTR1#ac //// 3) Typed 'ac' and pressed TAB... classRTR1#access//// 4) CLI returned as much of the command as it could resolve... classRTR1#access-e //// 5) Typed 'access-e' and pressed TAB... classRTR1#access-enable//// 6) CLI returned the full command, finally having enough unique characters to determine the command

The CLI also stores recently entered commands into a history buffer, for quick recall and use. By default, the history buffer stores ten commands. Administrators configuring a device can move up and down the command history by using the up and down arrow keys. After scrolling through to find the command, administrators can edit it before reissuing (by pressing ENTER). For example, when configuring an access list, the first portion of the command (access-list #) always remains the same. Using the history function, an administrator could simply press the up arrow after entering a command and edit the second half of the command, avoiding having to re-type the first portion over and over again. Both on the exam and in day-to-day administration, using the history buffer can greatly speed things up.

You will need to know every method of CLI help referenced. Be sure to memorize all the keyboard shortcuts and be able to recognize screenshots of the question mark, auto complete, and

TAB functions. Be careful, though: the simulation questions on the exam may not allow any of the help functions, meaning you will need to memorize the exact syntax of all commands.

256

Chapter 8:

Interfacing with Cisco Devices

In another help function available, the CLI provides several keyboard shortcuts. Keyboard shortcuts really work in conjunction with the history buffer, and should be memorized not only for the exam, but also to speed up your administrative efforts. The relevant keyboard shortcuts are displayed in Table 8-4. Some administrators love keyboard shortcuts, while others despise them.Their use is, of course, a matter of personal preference. One interesting note on them, however, deals with the letters appearing after the CTRL keys.The letter indicates what the keystroke actually does: the “p” represents previous, “n” is for next, “b” is for back, and “f ” is for forward. Others include “a” (which is always first and indicates a move to the beginning), “e” (which stands for end), “r” (for redisplay), and “d” (for delete). Finally, what good would help functions be without an indicator of problems? The CLI not only immediately responds with an error message when an erroneous command is entered, but it also provides a carrot (^) indicating where in the command the syntax

TABLE 8-4

CLI Keyboard Shortcuts

Keyboard Shortcut

Result

Up arrow or CTRL-P

Displays the most recent command entered into the CLI. Pressing repeatedly goes back through history until all commands in the buffer have been displayed.

Down arrow or CTRL-N

Moves forward in the history buffer (from past to most recent). If you have moved past a command using the up arrow, this allows you to return.

Left arrow or CTRL-B

Moves the cursor back through the command without deleting characters.

Right arrow or CTRL-F

Moves the cursor forward through the command without deleting characters.

BACKSPACE

Moves the cursor backwards, deleting characters.

CTRL-A

Moves the cursor immediately to the beginning of the command.

CTRL-E

Moves the cursor immediately to the end of the command.

CTRL-R

Redisplays the command and all parameters.

CTRL-D

Deletes a single character.

ESC-B

Moves back an entire word.

ESC-F

Moves forward an entire word.

ESC-D

Deletes an entire word.

The CLI

257

went awry. Granted, this is sometimes as frustrating as it is helpful since the CLI does not provide any indication of what syntax or wording should be there; however, it does help narrow down possible causes of problems. In the following example, for instance, an administrator attempted to assign an IP address to an interface, but mistyped the command syntax. The carrot indicates where the command syntax failed: the last octet of the IP address was not entered. RTR1(config)#int serial 0/3/0 RTR1(config-if)#ip address 172.16.11 255.255.255.0 ^ % Invalid input detected at '^' marker. RTR1(config-if)#

CertCam

A multimedia demonstration on basic CLI help functions can be found on the CD accompanying this book.

EXERCISE 8-2 Basic CLI Usage This exercise demonstrates the use of CLI help functions, and provides practice for backing up configuration files to an external TFTP server. You’ll perform this lab using Boson’s NetSim simulator. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 8-2 and then click the Load Lab button. This will load the appropriate configurations for the switch and host, providing the TFTP services needed. You will use the 2600-1 router for this exercise. 1. After establishing a connection, as described in Exercise 8-1, log in to the router using username Bob and password CCENT. Enter Privileged mode using the enable command. 2. Enter the command show running-config to see the running configuration on the router. As the display fills up the screen, - - More - - will show at the bottom. Press the ENTER key and the display will move forward by one line. Press the SPACEBAR to move forward an entire page. When the full configuration has been displayed, the prompt will reappear. 3. Type sh run and press ENTER. Auto complete has enough information to understand the truncated version of the command show running-config, and displays the configuration again. When - - More - - appears again, press CTRL-C to exit back to the prompt.

258

Chapter 8:

Interfacing with Cisco Devices

4. Type sh at the command prompt and then press TAB. Auto complete fills in the rest of the show command and awaits input. Type a single question mark - ? - to view all possible parameters for the show command. Note that all command options immediately begin scrolling down the screen for your review (there is no need for you to press ENTER after the question mark—the commands simply start scrolling immediately after the question mark is entered). You can scroll through the listing using the SPACEBAR and ENTER keys. 5. Type sh v? at the prompt. Auto complete and the ? together display all parameters for the show command that begin with the letter v. Type sh version to see the relevant information about this router’s IOS, NVRAM, and Flash. 6. Enter sh runing, purposefully misspelling the command. The CLI will show a carrot indicating a syntax error. classRTR1#sh runin ^ % Invalid input detected at '^' marker.

7. Enter the command copy run start. The running configuration is copied over the startup-config file stored in NVRAM. 8. Enter the command copy start TFTP to create a backup copy of the startup configuration. When prompted, enter the IP address of your TFTP server (192.168.1.11), and press ENTER to accept the default destination filename. A series of exclamation marks (!) notifies you of the progress. (Note: PC1 is acting as the TFTP server in this exercise. If you have access to your own equipment, or otherwise configure a simulator for this exercise, please remember to use the IP address of your TFTP server.) 9. Log out of the router and CLI session.

Comparing the Router and Switch CLI In a final note, this entire discussion on Cisco’s IOS and the CLI is intended as a bridge—an introduction to the features and functions you’ll find on any Cisco device. For exam purposes, and in your day-to-day administration, keep in mind that there are, obviously, differences in the CLI on a router and a switch. Since they are both different devices accomplishing different tasks, it makes perfect sense that some commands that apply on a switch cannot be used at all on a router. For instance, a command to create a VLAN is applicable for a switch, but makes no sense on a router. In other examples,

The CLI

259

the clock rate command on a router’s serial port cannot be used on a switch (since the switch does not even have serial connectors!), and the commands to implement routing protocols are intended, obviously, for a router and not a switch. Other examples include the show mac address-table command on a switch, versus the show ip route command on a router—neither makes sense on the other device.

All the tips and commands shown so far in this section apply to either device, but be prepared to differentiate between applicable commands for a specific

device. Most of these should be readily apparent—VLANs are only created on switches and the clock rate is only set on routers—but others can be fairly tricky.

Aside from the commands themselves, slight differences exist between the CLI on a router and a switch. For the most part, however, almost everything we’ve covered so far has been applicable to both devices. Some common features of the CLI of either device are: ■ The instances in which the device enters Setup mode and the procedures for

it are the same. ■ User and Privileged modes both appear, as well as the commands to enter and exit them (configure terminal, exit, disable, and end). ■ Configuration of passwords and remote connectivity security (SSH), as well as

common configuration settings—such as the device hostname and interface descriptions. ■ Certain interface designations—speed and duplex, as well as how to enable or disable the interface (shutdown or no shutdown). ■ All CLI help functions.

Examples of areas where the two devices differ in CLI and IOS are also apparent. The questions asked in Setup mode, the configuration of IP addresses, and the configuration options for various ports (AUX and serial) that appear on a router and not a switch are all examples of differences between the two. Again, most of these should be obvious and common sense. While comparing the two can be made tricky (and the exam will try to do so), pausing to think about the command or IOS function should make your answer very easy to find!

260

Chapter 8:

Interfacing with Cisco Devices

INSIDE THE EXAM The IOS and Configuration Files Lots more about the IOS and configuration files will be covered later. The purpose of this section is to introduce concepts about both that apply no matter what you are configuring. Test-wise, be sure you know the boot process and the storage locations within a router: RAM, ROM, NVRAM, and Flash. Memorize which files are stored in each location, and be able to differentiate between the two different configuration files: runningconfig and startup-config. Remember, if a startup-config does not exist, the router will boot into Setup mode. The barebones IOS known as ROMMON can be used to reset the configuration register. The running-config cannot be deleted; however, the startup-config can be deleted using several commands. After deleting the startup configuration, you must power cycle or use the reload command. Be sure you know the naming convention for IOS filenames, and practice the show version command. You will definitely be asked to decode information from the show version output. Additionally, be prepared to answer questions on backing up the IOS and configuration files to a TFTP server, and returning them to Flash or NVRAM, using the copy command. Access to the configuration files is either local via the console or remote, using telnet, SSH, or SDM/CDM. Local console

connections require a serial port, rollover cable, DB-9 connector, and a terminal emulator, such as HyperTerminal. Be sure to memorize the default settings for a session over the console port. Telnet runs over port 23 and is sent in clear text, while SSH runs on port 22 and is encrypted. SDM is the web-based interface used to access the router.

The CLI Be prepared to see numerous questions regarding the basic concepts of the CLI. Know the modes inside and out, and be prepared to identify them based on prompt and type of command entered. Also, definitely know what steps to take to exit out of a mode. Lastly, be very familiar with the help functions within the CLI. Remember the question mark shows all commands from the location where it is typed. Auto complete allows for truncated command entries, so long as enough characters have been entered to allow the CLI to determine a unique command from the list of available options. TAB can be used to complete the command’s syntax on the display in much the same way. Ten commands are stored by default in history, and keyboard shortcuts also provide for faster administration and configuration. Also, remember what the carrot is used for within the CLI—displaying the location of the error within the syntax.

Certification Summary

261

CERTIFICATION SUMMARY Cisco devices use the configuration register (set using the config-register command) and the boot system command to determine boot order, much like the BIOS settings on a PC. Random access memory (RAM) holds the runningconfig and is volatile in nature, clearing as soon as the device is rebooted or loses power. Flash memory is a permanent storage location, on a chip or removable card, used to store operating system images. Read-only memory (ROM) is another permanent memory location within the switch or router that holds a bootstrap program. Non-volatile RAM (NVRAM) is another permanent storage location within the device and holds the startup-config file. If the startup-config file does not exist, the IOS will load a file called setup, which runs a step-by-step setup program for the administrator. ROMMON is a barebones basic operating system kept in ROM memory that can be used if Flash is corrupted. Administrators can manipulate the configuration register setting to boot into this operating system for repair purposes, or during password recovery. To boot into ROMMON, the configuration register setting must have a boot field of “0”. The IOS recognizes inputs, provides output, keeps track of peripheral devices and bus settings, and provides the framework for security and management configuration settings. Each portion of the name for each new version of the Cisco IOS signifies specific information: hardware platform, feature set, file format, and version. The command show version can be used to check the version number your router is using, and displays information about the IOS version number, bootstrap version number, system uptime, reason and time for the last reload of the IOS, and the source of the current IOS. This command output also displays information about the amount of RAM, the interfaces available, and the amount of NVRAM and Flash memory available, as well as the configuration register setting. Backup IOS and configuration files are stored offline using the copy source destination command and, usually, TFTP. Cisco devices contain two configuration files: the startup configuration and the running configuration. The startup-config is the configuration the device pulls from NVRAM at boot. All configuration information placed into the startup-config remains, even when the router or switch loses power. The running-config actively runs in RAM. Any changes to the running-config go into effect the moment the administrator makes the change. To ensure the changes remain after power off, use copy running-configuration startup-configuration. Configuration files can be accessed locally or remotely, and using command-line or web-based methods. Connecting directly to the console port on the router or

262

Chapter 8:

Interfacing with Cisco Devices

switch requires a rollover cable, a DB-9 connector affixed to a computer’s serial port and the console port on the switch or router, and a terminal emulator program. The default console settings on a switch or router are 9600 bits/second, No hardware flow control, 8-bit ASCII, No stop bits, and 1 parity bit. A telnet or SSH session between the administrator’s PC and the router or switch provides the same functionality as a console connection. Telnet runs over port 23 and sends all information in clear text, while SSH uses port 22 and encrypts the session. SDM is used for web-based router access and configuration. The CLI is divided into three main modes: User, Privileged, and Configuration. User mode allows only basic commands (only viewing settings) and its prompt is a “>”. Privileged mode—aka Enable mode—offers many additional options to the user, and is accessed when the user types in the command enable. The prompt for Enable mode changes to a “#” sign. A user in Privileged mode can view system information, restart the system, or enter Configuration mode. To leave Privileged mode and go back to User mode, the command to use is disable. Configuration mode, also known as Global Configuration mode, allows users to modify the running configuration files on the device and is accessed with the command configure terminal. Users start in Global Configuration mode, and commands here affect the entire device. From Global Configuration, the user can enter other submodes for a specific configuration. The prompt always appears as the name of the device, followed by a word in parentheses with a pound sign at the end. The word in parentheses refers to the area on the device that is actually being configured. In Global mode, the word is simply config. In Interface mode, the word changes to config-if. In Line mode, it appears as config-line. To exit out of a submode back to Global Configuration mode, type the command exit. You can use several exit commands until you reach Privileged mode, or simply issue the command end or use the keystroke combination CTRL-Z to exit Configuration mode altogether. Typing a question mark from anywhere within the CLI displays every command, or command parameter, available from that particular mode and prompt. Eliminating the need to remember the full syntax of most commands, auto complete allows administrators to use truncated versions of commands, instead of requiring the full command to be entered. If you are unsure of the proper syntax on a particular command, simply type in the first portion of the command and press the TAB key. The CLI also stores recently entered commands into a history buffer, for quick recall and use. By default, the history buffer stores ten commands. Lastly, the CLI provides several keyboard shortcuts. Keyboard shortcuts really work in conjunction with the history buffer, and should be memorized for the exam.

Two-Minute Drill

✓

263

TWO-MINUTE DRILL The IOS and Configuration Files ❑ The configuration register and the boot system command control the boot

sequence for Cisco devices much like the BIOS does on computers. ❑ ROM holds the bootstrap program and the ROMMON basic OS. It is the

first memory area touched at bootup. ROMMON is only used when Flash memory is corrupted, the IOS files themselves are corrupted, or the administrator purposely changes the configuration register (for password reset). ❑ Flash memory, accessed second in the boot order, is permanent and holds the

IOS, while NVRAM is permanent and contains the startup configuration file. RAM is volatile in nature and holds the running configuration. ❑ The show version command displays the version number of the IOS

running on the device. It also displays the system uptime, the reasons for the last reload, the source of the current IOS, the amount of NVRAM and Flash memory, and the configuration register setting. ❑ To copy IOS and/or configuration files, use the command copy source destination. The source or destination can be the name of a file (running

configuration or startup configuration, for instance), a memory location (such as Flash), or an external storage server (TFTP). When using TFTP, the name syntax must be entered exactly. ❑ The show flash command displays all files located in Flash, as well as

available memory. ❑ All changes to the configuration on a Cisco device are made, in real time, to

the running configuration. To make changes permanent, the running configuration must be stored in NVRAM by issuing the command copy running-config startup-config. ❑ Access methods include local, via the console, and remote, via telnet, SSH,

or SDM. Console access requires a rollover cable, DB-9 connector, and a serial port on a system. A terminal emulator program can then be run to enter configuration commands. The communication parameters for this connection are 9600 bits per second (baud), No hardware flow control, 8-bit ASCII, No stop bits, and 1 parity bit.

264

Chapter 8:

Interfacing with Cisco Devices

❑ Telnet remote access is simple and runs over port 23, sending everything in

clear text. If security is a concern, SSH, running on port 22, encrypts the session. SDM is used to connect using a web browser.

The CLI ❑ The CLI has three main modes: User, Privileged, and Configuration. The

command to enter Privileged mode (aka EXEC mode) from the User mode is enable. Entering Privileged mode changes the prompt from a “>” to a “#”. To leave Privileged mode, use disable or exit. ❑ Enter Configuration mode from Privileged mode using the command configure terminal. Configuration starts in Global Configuration mode

and has several submodes. Each mode—Global, Interface, or Line—is identified by the prompt: (config) indicates Global, (config-if) indicates Interface, and (config-line) is Line. To exit any submode back to Global Configuration mode, use the command exit. CTRL-Z or the end command exits out of Configuration mode altogether. ❑ Help features within the CLI include the question mark (?), the autocom-

plete function (TAB), command history, shortcut keys, and error indicators. ❑ Entering a ? anywhere in the CLI displays all command or parameter possibil-

ities from that point. Prefacing the ? with a letter or series of letters displays all options beginning with the letter(s). ❑ Auto complete lets you truncate commands when configuring the device.

You need only provide enough characters to uniquely identify the command or parameter from other options. ❑ The TAB key automatically completes the remainder of the command syntax

when pressed. ❑ Ten commands are kept by default in the history buffer. History is accessed

by using the arrow keys (up and down keys scroll through the history). Other shortcut keys let administrators move through commands swiftly.

Self Test

265

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

The IOS and Configuration Files 1. Cisco routers and switches use two configuration files. Where is the configuration file used at device bootup stored? A. RAM B. ROM C. Flash D. NVRAM 2. While configuring a Cisco router, you decide you want the device to boot from ROMMON, ignoring any IOS images in Flash memory. Which configuration register should be used? A. 2100 B. 2101 C. 2102 D. 2103 3. The configuration register on your switch is set to 0x2102, and you want the system to boot from the IOS image c2900-ipbase-mz.124-1c.bin stored on the TFTP server located at 172.17.5.5. Which boot system command should you use? A. boot system tftp 172.17.5.5 B. boot system c2900-ipbase-mz.124-1c.bin tftp 172.17.5.5 C. boot system tftp c2900-ipbase-mz.124-1c.bin 172.17.5.5 D. None of the above. The config register 2102 does not allow the use of boot system commands. 4. If a router does not have a startup configuration stored in NVRAM, what happens when it is booted? A. The system boots into ROMMON. B. The system boots directly into Privileged mode. C. The system boots into Setup mode, prompting the user for basic configuration information. D. Nothing. Without a startup configuration, the boot process cannot occur.

266

Chapter 8:

Interfacing with Cisco Devices

5. After configuring a switch and saving the configuration to startup-config, the administrator discovers an error has been made in the configuration. Which of the following command entries removes the saved configuration and boots the switch into Setup mode? A. erase nvram, followed by reload B. delete nvram, followed by reload C. erase startup-config, followed by restart D. delete startup-config, followed by restart 6. Which command displays the version number and filename of the IOS image running on the device? A. show running-config B. show startup-config C. show ios D. show version 7. Which command is used to create an offline backup copy of the IOS image named c2801ipbase-mz.124-1c.bin? A. copy c2801-ipbase-mz.124-1c.bin tftp B. copy tftp c2801-ipbase-mz.124-1c.bin C. copy tftp flash D. copy flash tftp 8. You have a laptop with a free serial port. Which of the following is/are necessary to establish a connection to the console port on a Cisco device? A. A terminal emulator application B. A straight-through cable C. A crossover cable D. A rollover cable E. A DB-9 connector 9. Which of the following is true regarding remote configuration access methods to a Cisco device? A. Telnet, using port 22, requires a login and is a secure access method. B. Telnet, using port 23, requires a login and is a secure access method. C. SSH, using port 23, encrypts all communication. D. SSH, using port 22, encrypts all communication.

Self Test

267

10. The current configuration on a router has an access list with the number 101 and no banner. You create a new empty configuration on a TFTP server, with only the banner command configured. A copy tftp run command is issued at the router. Which of the following correctly describes the outcome? A. Since the new configuration file is empty except for the banner command, the copy command will not function. B. Since the new configuration file is empty except for the banner command, the copy command will function, but the router will no longer function: its configuration file will be replaced with the empty one. C. The new configuration file will be merged with the current running configuration. The access list will be removed and the banner command will be added. D. The new configuration file will be merged with the current running configuration. The access list will remain and the banner command will be added.

The CLI 11. Which CLI modes let you use the show running-config command? A. User B. Privileged C. Global Configuration D. Setup E. All of the above 12. A network trainee asks for your assistance in configuring a switch. The prompt displayed is RTR1(config-line)# and the trainee wishes to return to Privileged mode. Which of the following actions would return the session to Privileged mode? A. Using keystroke combination ESC-Z B. Using keystroke combination CTRL-Z C. Typing exit and pressing ENTER D. Typing end and pressing ENTER 13. How many commands are held in the history buffer on a Cisco device by default? A. 10. B. 20. C. An unlimited number. The history buffer holds all configuration commands entered until a power cycle of the device. D. None. History must be enabled before storing commands.

268

Chapter 8:

Interfacing with Cisco Devices

14. An administrator is configuring a Cisco device and has pressed the up arrow three times, moving backward through the command history buffer. Which keystroke entry can be pressed to move forward in the buffer? A. Left arrow B. Down arrow C. CTRL-B D. CTRL-N 15. Which of the following commands copies the current configuration to the startup configuration? A. copy running-config startup-config B. copy running-config nvram C. copy run start D. copy system:running-config nvram:startup-config E. All of the above

Self Test Answers

269

SELF TEST ANSWERS The IOS and Configuration Files ✓ D. The startup configuration is used during the device bootup process and is stored in 1. ® NVRAM—a non-volatile storage location retaining all information after power off. ® ˚ A. RAM is volatile and is used to store the running configuration. B. ROM holds a bootstrap program and the ROMMON basic operating system. C. Flash memory holds a copy of the IOS. ✓ A. The config-register command is used to set the configuration register on a Cisco 2. ® device. If the configuration register is set to 0x2100, the system ignores Flash and boots directly into ROMMON. ® ˚ B. If the configuration register is set to 2101, the system boots the first IOS image found in Flash. C and D. If the configuration register is set to 2102 or higher, the system uses the boot system commands to determine where to boot. ✓ C. The correct syntax for this scenario is boot system tftp c2900-ipbase3. ® mz.124-1c.bin 172.17.5.5. ® ˚ A and B. These answers do not match the correct syntax. D. This is a false statement—the 2102 configuration register does allow for this operation. ✓ C. Setup mode prompts administrators, step by step, for basic configuration settings when 4. ® a startup configuration file cannot be found. ® ˚ A. The router will only boot into ROMMON when the IOS is corrupt or the configuration register is set to 2100—the presence of a startup configuration file is irrelevant to this process. B. A Cisco device never boots directly into Privileged mode. D. This is a false statement. ✓ A. erase nvram removes the startup-config file, while reload reboots the system. 5. ® ® ˚ B. delete nvram is not a CLI command. C and D. restart is not a CLI command. ✓ D. show version displays the version number, filename, amount of memory remaining 6. ® in NVRAM and RAM, the uptime, and the reason for the last reload. ® ˚ A, B, and C. These commands are not correct. ✓ D. The proper syntax for the copy command is copy source destination. The 7. ® command copy flash tftp immediately prompts the user for the TFTP server address and the name of the file to be copied. ® ˚ A, B, and C. The syntax of these commands is incorrect. ✓ A, D, and E. To use the console port, attach the DB-9 connector to the serial port of the 8. ® laptop, and then connect a rollover cable between the console port and the DB-9 connector. A terminal emulator application is needed to send configuration commands. ® ˚ B and C. These are the wrong cable types.

270

Chapter 8:

Interfacing with Cisco Devices

✓ D. SSH uses port 22 and encrypts the communication session. 9. ® ® ˚ A. Telnet does not use port 22. B. Telnet uses port 23, but is not considered a secure access method since all data is transmitted in clear text. C. SSH does not use port 23. ✓ D. Copying a configuration into RAM always results in a merge. Commands appearing in 10. ® the current configuration, but not in the new file, will remain. Commands appearing in the new file but not in the current configuration will be added. If a command appears in both, the new file command is the one chosen. ® ˚ A and B. Both these answers assume the running configuration is replaced by the new file. Copying into RAM merges files; it doesn’t replace them. C. When merging files, the new file does not remove commands that already exist in the current configuration.

The CLI ✓ A and B. You can run the show running-config command in both User and 11. ® Privileged (Enable) modes. ® ˚ C and D. The show running-config command is not available in these modes. E. This choice is incorrect. ✓ B and D. Both CTRL-Z and end break out of Configuration mode altogether. 12. ® ® ˚ A. ESC-Z is not a correct keystroke combination. C. Typing exit would only bring the user back one level—to Global Configuration mode. ✓ A. History holds ten commands in the buffer by default. 13. ® ® ˚ B. This is an incorrect number. C and D. These are false statements. ✓ B and D. Both the down arrow and CTRL-N will move you forward in the command history. 14. ® ® ˚ A and C. Neither command choice is correct. ✓ E. All of the commands will result in the running configuration being copied to the startup 15. ® configuration. ® ˚ A, B, C, and D. All are correct choices; therefore, “All of the above” is the correct option.

9 Cisco Switch Configuration

CERTIFICATION OBJECTIVES 9.01

About Cisco Switches

9.02

Initial Configuration

9.03

Securing the Configuration

9.04

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Interface Configuration Two-Minute Drill Self Test

272

Chapter 9:

Cisco Switch Configuration

I

know what you’re thinking, and it comes down to one small word: finally. Finally, after all the theory, all the background, all the endless discussion, acronyms, terms, tables, and figures, we’ve finally arrived at something a little more hands-on: a section that’s just a little more…tactile in nature. Yes, my friend, you’ve earned your way to where the rubber meets the proverbial road. You know what the network is, how it works, and what data packets look and act like during an information exchange. So, in this section, you finally get the chance to apply that knowledge and learn how to configure Cisco’s layer-2 device. This section is all about configuring the Cisco switch within a small standard network. We’ll start by discussing some basics on Cisco switches themselves, followed by a discussion about setup and initial configuration steps. We then wrap up the chapter by covering various troubleshooting methods and techniques to verify configuration operation and repair problems. This chapter is, of course, aimed at pointing out the important aspects of the configuration for your test, but it can also hopefully be used as a good guide for configuring your switches in a production environment.

CERTIFICATION OBJECTIVE 9.01

About Cisco Switches Believe it or not, Cisco is not the only company on the planet making switches! Ready for another shocker? Cisco makes more than one brand of switch as well! Obviously, since the CCENT is a Cisco-oriented exam, it would behoove you to know a little about the Cisco product line and some basics on differentiating between the various brands and usage. This section isn’t intended to turn you into a Cisco salesperson, but it will provide the basics for any exam question you may encounter on this test, and might even help you in future decisions as a network administrator.

Models Cisco has two major brands of switches, and several models within each brand. The first brand, Linksys, was designed mainly for home use. This is not to say Linksys switches cannot, will not, or should not be found on business networks—more

About Cisco Switches

273

than likely you will see one or two on a business network from time to time. Linksys switches forward traffic and provide the same bandwidth and performance benefits of any switch. However, Linksys switches were designed for a home user to simply open, plug in, and turn on. They were designed to handle a smaller network load and are, relatively speaking, a little easier to configure, but may not have all the features that other Cisco switches do. While it is important to know of Linksys switches and their usage, the CCENT exam does not cover their configuration. Considering that Linksys holds a remarkable 40 percent market share in the home wireless market, you’ve more than likely seen a blue-bordered Linksys device in someone’s home. Linksys switches are great devices and work well. Their configuration is simple, and they can be managed by a GUI interface and displayed and accessed through a simple web browser, much like SDM and CDM. If you see one on your business network, or hear someone asking to use one, don’t panic. It may turn out to be a good decision! The Catalyst brand, on the other hand, was created for larger enterprise-type networks. Catalyst switches provide a wide variety of functions available to the administrator, and come in a huge array of sizes and shapes, with each model having a series number assigned to it. The particular Catalyst switch you decide to purchase depends on both your needs and your pocketbook, and obviously each model may contain specific hardware and configuration options that simply aren’t available in other models. Generally speaking, the lower series numbers (such as 2960 and 3750) are used as access layer switches, while higher numbers (such as 4500 and 6500) move up into the distribution and core layers. You’ll probably recognize access layer switches easily, but larger, more complex switches may have a variety of large card slots for scalability and multiple interface types. The configuration examples used throughout this chapter are created on a Cisco Catalyst 2960 switch; however, they apply to any switch in the Catalyst family. For example, the numbering scheme used to configure a specific interface on a 2960 works the same on other Catalyst models. Interfaces on Catalyst switches are numbered x/y, with x being the card number and y being the individual interface on that card. The numbering always starts with 0 and increments from top to bottom for cards and from left to right for interfaces. A 2960 access switch only has one “card” of interfaces and, therefore, will always start interface numbering 0/y. From left to right on the switch, the first port would be numbered 0/1, the second 0/2, and so on.

274

Chapter 9:

Cisco Switch Configuration

If you ever get a chance to work with the higher-end switches, the numbering scheme can get even more confusing. Not only does the interface have a card and interface number on these larger switches, it can also have a sub-card number.The 8540 switch, for example, has around 13 card slots. Each card slot can contain a single line of interfaces, or can be broken up into sub-cards. In this instance, the numbering scheme would be x/s/y, where s would be the sub-card number. For instance, if you were looking (left to right) at the third interface on the second sub-card found on the third card (from the top), the interface number would be 2/1/2—the first 2 corresponds to the third card from the top, the 1 corresponds to the second sub-card, and the last 2 corresponds to the third interface on the sub-card.

Physical Characteristics The physical attributes of Linksys and Catalyst switches can vary widely. Linksys switches are generally smaller and have a blue border around them, while Catalyst switches are larger and provide a wider variety of interfaces, or ports, on the device. Since Catalyst switches are covered on the exam, we’ll focus our attention on their physical characteristics. The face of a Catalyst switch holds the same LEDs and features as those covered in Chapter 4. A Catalyst switch face holds a mode button and five system diagnostic LEDs (SYST, RPS, STAT, DUPLX, and SPEED), but no power on button. To turn the switch on or off, simply plug in the electrical cord or remove it. The switch face also contains connection interface ports for use in connecting to PCs, and may contain one or more uplink interfaces. The uplink interfaces can be the same duplex and speed as the connection interfaces, or a completely different physical uplink altogether. For example, on one switch the connection interfaces might be standard RJ45 10- to 100-Mbps ports, with an RJ45 uplink port capable of up to gigabit speeds. On another switch, the uplink port might even be an SC or ST fiber connector. The configuration and layout of the uplink ports and connection interfaces can vary greatly and depend on the model of Catalyst switch purchased. Lastly, each interface on the front of the switch has an individual LED, and each bank of interfaces has a label. The interface LED (off, green, or amber) indicates the status of the port itself (the meaning of each setting is listed in Table 5-2 in Chapter 5). The label indicates the speed at which the ports can be run. A label of 10/100, for example, signifies that the ports can run at 10baseT or 100baseTX Ethernet. A label of 10/100/1000 indicates the port can go up to gigabit speeds.

Initial Configuration

275

Cisco actually supports two operating systems for its switches: the IOS and the Catalyst Operating System.The IOS is the most familiar and can be found on almost every switch you encounter in day-to-day operations.The Catalyst Operating System, also known as Cat OS, is still made available on some of the higher-end switches, but is not covered on the exam.Two terms associated with this are hybrid and native. A hybrid switch supports both operating systems, while a native switch is an IOS-only device.

CERTIFICATION OBJECTIVE 9.02

Initial Configuration If you take a Catalyst switch out of the box, plug in the electrical cord, and connect systems to interfaces, it will work just fine. Catalyst switches have enough of a default configuration already installed to allow basic switching logic to perform without any intervention on the part of the administrator. Frames will be passed, the CAM table will be built, collision domains will be split, and 100 percent of bandwidth will be made available to each system directly connected. However, the default configuration settings do not account for other features commonly needed in a business network. VLANs, individual port settings, and security are all examples of configuration entries an administrator may wish for the switch. This section covers the configuration of the 2960 access layer switch in a typical business environment—from the initial steps through the more “advanced” settings an administrator may require.

Configuration questions may come in the form of multiple choice, or as part of a simulation. Pay very close

attention to the exact syntax of each command since the help functions may not be available on simulation questions.

The first step in configuring the switch is, obviously, accessing the CLI. In Chapter 8, we covered the various methods for connecting to a Cisco device for management purposes. Right out of the box, the only way to enter the CLI on a switch is to connect via the console port on the rear of the device, using the DB-9

276

Chapter 9:

Cisco Switch Configuration

connector, a rollover cable, the serial port on a computer, and some form of terminal emulator (such as HyperTerminal). After the physical connection is made, and the steps covered in Chapter 8 have been followed, the switch can be powered on.

Using the System Configuration Dialog As discussed previously, when no configuration file exists in NVRAM, the switch defaults to the System Configuration dialog, also known as Setup mode. Setup mode only allows for basic configuration settings and, for the most part, is not used by the majority of administrators. However, since it is addressed on the exam and many newer administrators use it for familiarity purposes, it warrants some discussion here. When the switch powers up, a variety of information is displayed. As the operating system loads, a series of #’s will display across the screen, followed by the name of the IOS file loaded into memory. Afterward, the IOS version is displayed, as well as information gathered from POST (Base Ethernet MAC address, part numbers, model numbers, and serial numbers). Finally, a prompt appears, asking if you would like to enter setup. Answering “yes” puts you into Setup mode (a “no” provides a User mode prompt): Would you like to enter the initial configuration dialog? [yes/ no]: yes At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]:

At this point, the system is in setup mode; however, two different methods can be used for setup. In the first, Basic management setup, the system only prompts for the most basic of settings. In the second, Extended setup mode, the system will also prompt for the setting on each individual port. The only difference between the two options is that extended setup provides individualized interface configuration, while basic does not. Answering “yes” to the question provides the following output: Configuring global parameters: Enter host name [Switch]: SW1 /// Notice by default, the name is 'Switch' /// The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after

Initial Configuration

277

entered, becomes encrypted in the configuration. Enter enable secret: CCENT The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: Cisco The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: CCENT Configure SNMP Network Management? [no]: Current Interface Summary Any interface listed with OK? Value 'NO' does not have a valid configuration Interface IP Address OK? Method Status Protocol Vlan1 unassigned NO unset up up FastEthernet0/1 unassigned YES unset up up <<<< Output Truncated >>>>

Remember, you can enter Setup mode in two ways: first, if there is no configuration in NVRAM (startup configuration), and second, you can enter Setup mode at any time by entering the

command setup in Privileged mode. Within Setup, remember that default entries are surrounded by brackets, and extended setup provides configuration options for each interface, while basic does not.

In the preceding example, the hostname of the device was changed from the default (Switch) to SW1. Notice that settings providing a default require only a single press of the ENTER key. Other options set include a few passwords, and an opportunity to enable SNMP settings. A summary of the interfaces is then displayed, followed by three options: [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:

By default, pressing ENTER will result in the new configuration being saved. Entering a 0 dumps the configuration and provides a command prompt. An entry of 1 simply starts setup all over again.

278

Chapter 9:

Cisco Switch Configuration

Sometimes, for a fresh start on a switch, administrators will erase the startup configuration (using the erase startup-config command) and use the reload command to reboot the system. When doing so, the switch IOS will sometimes prompt you with a message stating, “System configuration has changed. Save?(yes/no)” Choosing “yes” copies the running configuration back into NVRAM as startup-config before rebooting. If your intent is to clear the configuration altogether, make sure you choose “no.” CertCam

A multimedia demonstration on the System Configuration Dialogue can be found on the CD accompanying this book.

Basic Configuration Options While the System Configuration dialog is a perfectly acceptable way to configure basic settings on a switch, it’s not the preferred method for configuration. More often than not, switches used in a production environment require more than just the basics. Therefore, since these settings must be made from the command line anyway, most administrators skip setup altogether and go directly to the command line. During a typical configuration, administrators will assign a hostname, create banners, apply security settings, configure access methods, and configure interfaces.

Hostnames and Banners Hostnames and banners are two of the basic settings administrators start out with. The hostname is simply a name that can be used to identify the switch within the prompt and is assigned, amazingly enough, using the hostname name command, where “name” is the hostname you wish to use for the device. Three types of banners can be configured: Message Of The Day (MOTD), Login, and Exec. The MOTD banner is shown before login, and is typically used for temporary messages of importance. The Login banner is displayed before every login as well, immediately following the MOTD. Its main purpose is to show permanent messages (such as “Unauthorized Access is Prohibited”). Finally, the Exec banner displays after login, and is intended for messages that should not be shared with unauthorized users. To configure a banner, use the command banner type delimiter <ENTER> message delimiter <ENTER>. The type parameter indicates MOTD, Exec, or Login (MOTD is the default entry). The delimiter is any character chosen to begin and end the message entry. An example of the hostname and banner commands in a basic configuration is shown next: Switch>enable Switch#configure terminal Switch (config)# hostname CCENTSwitch CCENTSwitch (config)# banner #

Initial Configuration

279

Enter TEXT message. End with character '#'. Welcome to CCENT Switch! Please prepare to login.. # CCENTSwitch (config)# banner login # Enter TEXT message. End with character '#'. Warning! Unauthorized Access is Prohibited! # CCENTSwitch (config)# banner exec 7 Enter TEXT message. End with character '7'. Greetings, authorized user! Remember to phone notify (555-1234) all configuration changes 7 CCENTSwitch (config)# end

Some items of interest from the previous code listing include the prompt and the banner command usage. Notice the prompt changes immediately as soon as the hostname command was issued. The first banner command did not make use of a type parameter and, therefore, defaulted to the MOTD. The banner exec 7 example at the end shows that you can use any character as a delimiter (in this case, a 7). A user logging in to this switch would see the MOTD first, followed by the login banner. After entering Exec mode, the last banner would be displayed, as shown next: CCENTSwitch con0 is now available Press RETURN to get started. Welcome to the CCENTSwitch! Please prepare to login.. Warning! Unauthorized Access is Prohibited! CCENTSwitch>enable Password: Greetings, authorized user! Remember to phone notify (555-1234) all configuration changes

Notice how the prompt changed from Switch to CCENTSwitch instantly? This is an important point for two reasons: first, you’ll need to know what the prompt will look like after entering a hostname command, and second, it demonstrates that configuration changes go into effect (on the running-config) immediately. Also, remember that, by default, the banner command sets the

MOTD and other banner types, and the delimiter can be any character you choose. Lastly, keep in mind that as soon as the delimiter character appears in the message, the banner stops. Questions on the exam will attempt to confuse you with delimiter use, throwing in characters you might not associate with a delimiter, like a period. Additionally, pay attention to the order in which the banners are displayed.

280

Chapter 9:

Cisco Switch Configuration

History and Logging Synchronous Two optional, yet common, configuration commands during the initial stages are history size and logging synchronous. As discussed in Chapter 8, the history buffer holds previous commands for recall, using the arrow keys or other keystroke combinations. By default, the buffer saves ten commands, and the contents of the entire buffer can be viewed using the show history command. The buffer size can be changed using the history size x command, where x is the size of the buffer. It’s important to note that this command is assigned on either the console or telnet/SSH line within the CLI. In other words, a user connecting over telnet would have the history buffer that was assigned to the telnet lines, while a user connecting over the console might have an entirely separate buffer size. If an administrator wants a different buffer size during a specific session, the Privileged mode command terminal history size x will set the buffer size for that single session only. For example, if the global command history size 15 was entered on the console, the buffer would save the last 15 commands for recall. If an administrator wanted to move that up to 20, he could enter the terminal history size 20 command and, during that session, would be able to recall the last 20 commands. The logging synchronous command is used for convenience and clarity’s sake. During any session over the console, all syslog messages are displayed in real time. In other words, sometimes right in the middle of typing in a command a syslog message might appear. For example, in Figure 9-1, the history size command was used to change the buffer to 15 for console connections. After pressing CTRL-Z to end the configuration, the user attempted to type show running-config. Notice the FIGURE 9-1

Console syslog messages

A Syslog message interrupts the show running-config command

Securing the Configuration

281

syslog message, notifying that the configuration has been changed from the console, displays right in the middle of the command. By default, syslog messages aren’t displayed on remote connections (telnet). If you wish to be bothered by these messages during a session, you’ll need to enter the terminal monitor and logging on commands. Obviously, this can be very confusing—not to mention aggravating—especially during long syntax-heavy command entries. To avoid this, the logging synchronous command can be entered on the console line to prevent syslog messages from displaying until they are called for. An example of the history and logging synchronous commands is shown next. Note that the auto complete help function is used for both the configure terminal and line console 0 commands. Switch#conf t Enter configuration commands, one per line. Switch(config)#line con 0 Switch(config-line)#history size 25 Switch(config-line)#logging synchronous

Be very familiar with the difference between the history size and terminal history size commands, as well as where they are applied—in Line Configuration mode, not Global Configuration mode. Additionally,

CertCam

End with CNTL/Z.

remember to view the entire contents of the buffer by using the command show history. Lastly, be sure to understand the usage of logging synchronous and its effect on syslog messages.

A multimedia demonstration on basic switch commands can be found on the CD accompanying this book.

CERTIFICATION OBJECTIVE 9.03

Securing the Configuration During an initial configuration, one of the most important steps is securing the settings. In modern networking, security is not an afterthought to be applied later, but a concern from the get-go, requiring attention and dedication. Common configuration

282

Chapter 9:

Cisco Switch Configuration

options for security include passwords, setting access method parameters, and interface security settings.

Passwords A variety of passwords must be configured during a CLI session. Usernames and passwords can be created to guard general access to the device. Passwords can also be applied to protect Privileged mode access, regardless of the access method (console, telnet, or SSH), using the enable and enable secret passwords. Additionally, passwords can be assigned to protect each individual access line as well. Regardless of the password assigned, it’s important to note that passwords and authentication only work if a login is required in the first place. This may seem like an obvious statement—and it is—but there are instances where its applicability makes perfect sense, and the combination of requiring a login and setting a password become frustrating. For example, to require a login on any line, the command login is issued on that line’s configuration prompt. However, if you configure the line to force a login, but do not specify a password, users attempting to log in will receive an error message stating, “Password required, but none set.” On the other hand, assigning a password, using the password command, but not requiring a login is a waste of character space and typing—for obvious reasons.

Pay close attention to the login and login local settings on questions and simulations on the exam.The login command requires that a password be set, and uses the password defined on the line configuration prompt.The login

local command uses the username/ password pairs defined elsewhere in the global configuration. Lastly, the presence— or absence—of login can be the answer you’re looking for!

Finally, the login command can be applied in two ways. First, it can mean, “Use the password assigned specifically to this line, as defined in the configuration.” In this instance, the password assigned to the line applies for every connection made on that line, no matter which user attempts to connect. In other words, there is one password, known by all users, allowing access to the devices. The second method involves the command login local, which means, “Before granting access, use the username and password pairs defined elsewhere in the configuration.” In this instance, a unique username and password pair is defined for each user. Connecting to the line, the user would have to provide a username and password matching the

Securing the Configuration

283

pair in order to proceed. Additionally, various permissions can be assigned to each of these usernames, providing granularity of access for security-minded administrators. If the decision is made to add usernames and passwords, users accessing the device would first be required to authenticate before even receiving a User mode prompt. To create a username and password, issue the command username name password password. For example, the command username CCENT_User1 password Cisco would create a username of CCENT_User1 with a password of Cisco. To force the use of local username and password combinations for authentication, enter the command login local on the line. For example, the following code requires that the person attempting to connect to the device over the console to know the username is Bob, with a password of Cisco, while those connecting via telnet would simply need to know the password Telnet. Switch# configure terminal Enter configuration commands, one per line. Switch(config)# username Bob password Cisco Switch(config)# line console 0 Switch(config-line)# login local Switch(config-line)# line vty 0 4 Switch(config-line)# password Telnet Switch(config-line)# login

End with CNTL/Z.

After closing the session in the console and reconnecting, you can see the username and password being enforced: User Access Verification Username: Bob Password: Switch>

After protecting access to the device by assigning passwords to individual access lines, two other passwords can be used to protect the CLI itself. Both Enable mode passwords force a user to cite a password to move from User mode to Privileged mode (aka, Enable mode). The first is known as the enable password, and is set using the Global Configuration command enable password password. The second is known as the enable secret and is set using the Global Configuration command enable secret password. As always, to remove either command from the configuration, you simply use the “no” version of each: no enable password or no enable secret. Either can be used to protect Privileged mode access; however, the enable secret is a considerably better choice. Note: You can assign an unencrypted version of the enable secret by adding the “0” parameter before the password (enable secret 0 password). By default, the parameter is set to 5 (for MD5 hash). A “0” setting tells the switch not to run a hash on the password.

284

Chapter 9:

Cisco Switch Configuration

Security-wise, cracking the passwords on a Cisco device is not very difficult, and there are several freely downloadable tools to help do just that. On the job, it’s much more important to control access to the configuration in the first place. We’re not saying you should forgo passwords; just don’t rely on them alone for security. Protect the switch with good physical security, and assign strong console and SSH connection options. Otherwise, you might as well e-mail the passwords to a bulletin board. The simple enable password is displayed in the configuration as a clear-text string. The enable secret, however, is stored in the configuration as a hidden MD5 hash. Obviously, this provides additional security by hiding the actual password from observers of the configuration file. It’s important to note that the password is not actually encrypted. Rather, the switch performs a mathematical function (the MD5 hash) on the password and stores the result in the configuration file. Additionally, if both the enable password and enable secret are entered into the configuration, the switch will always use the enable secret. For these reasons, most administrators forgo the enable password command, using only enable secret. All passwords—with the notable exception of the enable secret—are displayed in the configuration in clear text. You can choose to hide the passwords from plain sight by issuing the Global Configuration command service passwordencryption. This command will deter casual snooping of the passwords, but it is a very weak encryption and is easily breakable. If you issue the service password-encryption command, all passwords are immediately encrypted, and displayed as such within the configuration. If you issue a no service password-encryption command, the passwords will still be displayed in their encrypted form. However, once you change a password, the clear text version will appear.

Be very familiar with all aspects of passwords: how they are set and enforced, how they appear within a configuration (both before and after a service password-encryption

CertCam

command), and how they are encrypted (or hashed). Pay particular attention to the interplay between the enable password and enable secret, as well as the difference between login and login local.

A multimedia demonstration on basic CLI security steps can be found on the CD accompanying this book.

Securing the Configuration

285

exec-timeout Passwords and good physical security work well for securing access methods; however, regardless of whether the session is established locally over the console or remotely using telnet, an additional thought regarding passwords and access should come to mind: An inactive session should not be left open indefinitely. By default, an inactive open session disconnects automatically after five minutes. This can be changed using the exec-timeout x y command, where x is the number of minutes and y is the number of seconds. Entering the command exec-timeout 0 0 ensures that the switch will never time out the session, regardless of activity. Oftentimes, security and usability are at opposite ends of the spectrum, and the exec-timeout command is no exception. Administrators don’t like their sessions timing out on them while they’re troubleshooting or configuring, and will configure the exec-timeout 0 0 command to prevent just that. However, it’s a horrible security practice. If you see it in your configuration, replace the command with something a little more stringent.

EXERCISE 9-1 Basic Switch Configuration This exercise demonstrates the steps an administrator would take during an initial, basic configuration on a Catalyst 2960 switch. You’ll perform this lab using Boson’s NetSim simulator. This exercise has you configure a Catalyst 2960 switch from scratch. After powering on the device, you’ll skip Setup mode and begin entering configuration commands manually. We’ll configure hostname, banners, and password settings. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 9-1 and then click the Load Lab button. 1. Power on the 2960-1 switch, choose “No” when asked to start Setup, and move to Global Configuration mode. a. At the top of the simulator in the menu bar, click the eSwitches icon and choose 2960-1. b. When the prompt asks you if you’d like to enter the System Configuration dialog, reply “no.” c. At the User prompt, enter Privileged EXEC mode by typing enable. d. Enter Global Configuration mode by typing configure terminal.

286

Chapter 9:

Cisco Switch Configuration

2. Configure the hostname, MOTD, and login banners. a. Enter hostname CCENTSwitch. b. Notice the prompt immediately changes to reflect the new hostname. Type banner MOTD # and press ENTER, and then type This is the Message of the Day! # and press ENTER. c. Type banner login # and press ENTER, and then type This is the login banner! # and press ENTER. 3. Configure the enable password of “Cisco” and an enable secret of “CCENT”. Assign a password (Cisco) to the vty (telnet) lines. Add a username of Bob with a password of CCENT, and force console users to access with the username and password pair. a. Type enable password Cisco and press ENTER, and then type enable secret CCENT and press ENTER. b. Type line vty 0 15 and press ENTER to enter Line Configuration mode on the telnet lines, and then enter the password and login requirements by typing password Cisco and pressing ENTER. c. Type login and press ENTER. d. Type exit and press ENTER to drop back to Global Configuration mode, then enter username Bob password CCENT and press ENTER to create the pair. e. Type line console 0 and press ENTER to enter Line Configuration mode for the console, and then force the use of usernames and passwords by typing login local and pressing ENTER. 4. Exit out of the configuration to verify the entries. a. Type end and press ENTER, or use CTRL-Z to exit back to Privileged mode. b. Type show running-config and then press ENTER. c. Press the SPACEBAR to move through the configuration. Notice the commands you have entered. Also note all passwords displayed in clear text, with the exception of the enable secret. 5. Configure password encryption and verify. a. Type configure terminal and press ENTER to enter Global Configuration mode again. b. Type service password-encryption and press ENTER, and then exit back to Privileged mode using CTRL-Z. c. Type show running-config and press ENTER. d. Press the SPACEBAR to move through the configuration. Notice all passwords are now displayed in encrypted format.

Securing the Configuration

287

6. Save your configuration. a. Type copy run start and press ENTER to save the configuration to NVRAM. b. Accept the default name by pressing ENTER again. c. Verify your saved configuration by typing show startup-config and pressing ENTER. Press the SPACEBAR to move through the configuration.

Configuring SSH Access methods to the switch include local and remote options. As covered earlier, telnet provides a very easy way to access the device remotely, and configuring access is relatively easy using the login and password command. However, telnet sends all information—including the defined username and password—in clear text, presenting an obvious security problem. A better option, should the decision be made to allow remote access in the first place, is to configure and use SSH. SSH runs over port 22 (telnet uses port 23), and encrypts the communications path between both systems. Unlike telnet, which can provide access using only a password, SSH works on a client-server basis, and requires a username and a password. This username and password combination can be stored locally on the switch, or on a separate server—referred to as an Authentication, Authorization, and Accounting (AAA) server. The easiest, and most common, application is configuring local usernames and passwords. Before getting frustrated attempting to install SSH on your production Catalyst switch, keep a couple of things in mind. Remember, SSH support is a feature, like anything else.Therefore, you must ensure your switch (or router) IOS supports it. Check for “k9” or “k8” somewhere in the IOS filename (show version), then check for the filename ending in “.bin” about halfway down the display. Another, perhaps easier, method to check for SSH support is to simply press the question mark (?) at a Global Configuration mode prompt. If the command crypto does not appear, your IOS won’t support SSH. Configuring SSH is fairly simple, but requires setting several configuration options on the switch. First, and obviously, usernames and passwords must be created. Second, the vty lines—those access lines set aside for remote CLI access— must be configured using the login local command and the transport input telnet ssh command. By default, all vty lines accept telnet, and this command is needed to allow SSH access. Optionally, you can omit the telnet parameter, which forces remote sessions to use SSH; telnet connections are no longer accepted.

288

Chapter 9:

Cisco Switch Configuration

The third and fourth steps are necessary for the generation of the SSH public and private keys. SSH uses these keys to encrypt the communications process. Once they are created, the private key stays on the switch while a copy of the public key must be placed on any client device connecting to the switch. To create the keys, a domain name must be created. In the third step, the ip domain-name name.extension (where name is the domain name and extension is the threeletter DNS extension) command defines a DNS domain name for the device. In the fourth step, the crypto key generate rsa command actually creates the public and private keys required for SSH to work (using the hostname and domain name). For example, the following code demonstrates the steps required to set up SSH on a switch, using the domain name of sample.com.

Be very familiar with the steps for setting up SSH.They do not necessarily need to be followed in any particular order (for example, you could create the usernames last), but they must all be completed for SSH to work. Pay close attention to the syntax and use of

the transport input telnet ssh command. Remember that omitting the telnet parameter results in the switch allowing SSH access ONLY—furthering your security. Lastly, be sure to remember how to view your public key.

CCENTSwitch# configure terminal CCENTSwitch (config)# username Bob password Barker CCENTSwitch (config)# username Cindy password Cisco CCENTSwitch (config)# line vty 0 15 CCENTSwitch (config-line)# login local CCENTSwitch (config-line)# transport input telnet ssh CCENTSwitch (config-line)# exit CCENTSwitch (config)# ip domain-name sample.com CCENTSwitch (config)# crypto key generate rsa The name for the keys will be: CCENTSwitch.sample.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys …[OK] 00:05:14: %SSH-5-ENABLED: SSH 1.99 has been enabled CCENTSwitch (config)# end

Securing the Configuration

289

After SSH is enabled and the keys are created, you can view the public key using the command show crypto key mypubkey rsa. The resulting display will show lines of code that make up the key. Each client connecting to the switch will need a copy of this key; the copy can either be added to the client beforehand or handed out by the switch when the client connects. Several SSH client software packages can be installed on client laptops for using SSH. Putty is a free, and rather popular, application that provides SSH client services.To connect, open Putty (or whatever client you have installed), and connect to the switch, using the IP address or hostname. You’ll be prompted for a username and password. Once logged in, the public key will be delivered and voilà!

EXERCISE 9-2 SSH Configuration This exercise demonstrates the steps an administrator would take to configure SSH access for the switch. You’ll perform this lab using Boson’s NetSim simulator. After powering on the device, you’ll log in using the username and password defined in Exercise 9-1. After entering configuration mode, you’ll add another username and password pair, as well as a domain name for the device. You’ll then force local authentication and SSH access on the vty lines. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 9-1 and then click the Load Lab button. 1. Power on the 2960-1 switch and enter Global Configuration mode. a. At the top of the simulator in the menu bar, click the eSwitches icon and choose 2960-1. b. Log in by typing Bob and CCENT as the username and password. c. Type enable and then press ENTER, followed by entering CCENT as the password. d. Enter Global Configuration mode by typing configure terminal, and then press ENTER. 2. Create a second username (Cindy) and password (Cisco) pair, and then add a domain name of sample.com for the switch. a. Type username Cindy password Cisco, and then press ENTER. b. Create the domain name by typing ip domain-name sample.com, and then press ENTER.

290

Chapter 9:

Cisco Switch Configuration

3. Force login local and SSH on all vty lines. a. Type line vty 0 15, and then press ENTER to enter Line Configuration mode for the telnet lines. Then type login local and press ENTER to force local authentication. b. Type transport input ssh and then press ENTER to force SSH use. 4. Create the keys needed for SSH use. a. Type exit, and then press ENTER to drop back to Global Configuration mode. Afterward, type crypto key generate rsa, and press ENTER to create the keys. b. Enter 1024 for the key size. c. After the keys have been generated, use CTRL-Z to exit back to Privileged mode. 5. Verify SSH configuration. a. Type show running-config, and then press ENTER. b. Press the SPACEBAR to move through the configuration, taking note of the configuration commands you just entered. c. Type show crypto key mypubkey rsa and then press ENTER to view the public key, verifying creation. 6. Save the configuration. a. Type copy run start and then press ENTER to save the configuration to NVRAM. b. Accept the default name by pressing ENTER again. c. Verify your saved configuration by typing show startup-config and pressing ENTER. d. Press the SPACEBAR to move through the configuration.

CERTIFICATION OBJECTIVE 9.04

Interface Configuration Once the basic configuration and security parameters have been set, it’s time to turn your attention to other configuration options. The switch may or may not need an IP address, interfaces may need speed, duplex and VLAN settings enabled, and ports

Interface Configuration

291

(active or inactive) may require additional security. The settings are all, of course, optional. However, in a production environment, most are used (not to mention heavily tested!).

VLAN1 and the Switch IP Address For the second time in this chapter, I can guess what you’re thinking: “Hey, wait a minute! You said switches work at layer 2. Why would I need to install an IP address on a layer-2 device?” Excellent question, with a correspondingly excellent answer: If you wish to use applications that make use of layer 3 to manage and access the switch, such as telnet, SNMP, and CDM, the switch needs an IP address. In other words, if you want to use telnet or SSH to connect remotely to the switch, there must be a unique IP address for the application to connect to. Much like configuring the TCP/IP properties on a PC, assigning an IP address can be done two ways: statically or dynamically. If you are assigning a static address, the switch will require an IP address, a subnet mask, and a default gateway (you can also optionally configure a DNS server as well). Also, much like configuring a PC, you’ll need to tell the switch which interface to use. Typically, you should use a special virtual interface, created specifically for this purpose, known as the VLAN 1 interface. The VLAN 1 interface provides a single IP address for the default VLAN to which every interface belongs: VLAN 1. In short, this virtual interface was created specifically to act as the Ethernet port for the switch as a whole. By default, the VLAN 1 interface does not have an IP address and is disabled. To use it, you must assign the appropriate TCP/IP options and enable the interface with the command no shutdown. The following code demonstrates how to assign an IP address to the VLAN 1 interface. CCENTSwitch# configure terminal CCENTSwitch (config)# interface vlan 1 CCENTSwitch (config-if)# ip address 192.168.1.5 255.255.255.0 CCENTSwitch (config-if)# no shutdown %05:15:12: %LINK-3-UPDOWN: Interface Vlan 1, changed state to up %05:15:13: %LINEPROTO-5_UPDOWN: Line protocol on Interface Vlan1, changed state to up CCENTSwitch (config-if)# exit CCENTSwitch (config)# ip default-gateway 192.168.1.1

Notice that the IP address and subnet mask are assigned on the Interface configuration prompt for VLAN 1, while the default gateway address is configured from the Global Configuration prompt. The no shutdown command is used to enable the interface and is, of course, entered on the interface configuration prompt for Vlan1. Should you choose to disable the interface, use the shutdown command.

292

Chapter 9:

Cisco Switch Configuration

It’s a relatively simple task, but be sure you know how to assign a management IP address to the switch using the Vlan1 interface. Pay close attention to the syntax of each command, as well as the configuration mode on which it is entered.

Lastly, don’t forget Vlan1 is disabled by default. For the IP address to do any good at all, whether assigned statically or via DHCP, you’ll need to enable the interface with the no shutdown command.

If your network is using DHCP for IP address assignment, you can simply tell the switch to pull an address automatically from the DHCP server. The preceding steps still apply and are the same, with only two changes. First, instead of using ip address address subnetmask, use the ip address dhcp command. Second, do not configure the ip default-gateway command (the DHCP server will supply the correct gateway). On a final note, the show command can be used to verify proper IP address and VLAN 1 interface settings. Viewing the IP address is different depending on the method in which it was configured. If you statically assign the address, you can use the show running-config command to see the address within the configuration. However, if the address is dynamically assigned using DHCP, you must use the show dhcp lease command. Lastly, a show interface vlan 1 command will display the IP address as well as the state of the interface. If all is well, the interface will display the message “VLAN 1 is up, line protocol is up.” If the no shutdown command has not been entered, it will display the text “Administratively down.”

Know how to verify IP address assignment within the switch. Also, remember “administratively down”

indicates the interface needs the no shutdown command assigned in order to function.

Speed, Duplex, and Descriptions While interfaces on a Catalyst switch do not need any additional configuration to work (they pass traffic right out of the box), sometimes administrators manually assign speed and duplex settings, as well as define a description on “important” ports.

Interface Configuration

293

Interfaces on a Catalyst switch are, by default, configured to autonegotiate speed and duplex with the device connecting through the port. However, it’s occasionally a good idea to manually set these options. Additionally, adding a description can help in troubleshooting and during installation. The commands used to configure interfaces are duplex {auto | full | half}, speed {10 | 100 | 1000 | auto}, and description text. Each command is entered individually on each port. For one or two interfaces this isn’t a problem, but many times you’ll wish to apply certain configuration options to an entire range of ports on the switch. For this, you can use the interface range type port-range command. Use of these commands is demonstrated in the following code. CCENTSwitch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CCENTSwitch(config)#interface FastEthernet 0/1 CCENTSwitch(config-if)#duplex full CCENTSwitch(config-if)#speed 100 CCENTSwitch(config-if)#description File Server port CCENTSwitch(config-if)#exit CCENTSwitch(config)#interface range FastEthernet 0/5 - 10 CCENTSwitch(config-if-range)#description Connection ports to users CCENTSwitch(config-if-range)#^Z

In this example, we set the speed and duplex on our first port (FastEthernet 0/1) and added a description (File Server port). After exiting the Interface Configuration mode on the first port, the interface range FastEthernet 0/5 - 10 command was used to assign a description to ports 5–10. We could have individually gone to each interface prompt and assigned them, but you can see how the range provides a much quicker way of getting things done. After all your interface settings are entered, use the show interfaces status command to verify: CCENTSwitch#show interfaces Port Name Status Fa0/1 File Server port Fa0/2 Fa0/3 Fa0/4 Fa0/5 Connection ports Fa0/6 Connection ports ////Output Truncated //// Fa0/10 Connection ports Fa0/11 Fa0/12 ////Output Truncated ////

status Vlan Duplex notconnect 1 notconnect 1 notconnect 1 notconnect 1 notconnect 1 notconnect 1 notconnect notconnect connected

1 1 1

Speed full auto auto auto auto auto

Type 100 auto auto auto auto auto

10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX

auto auto a-full

auto auto a-100

10/100BaseTX 10/100BaseTX 10/100BaseTX

294

Chapter 9:

Cisco Switch Configuration

Take note of several items in this output. First, notice the difference between FastEthernet 0/1, which we manually adjusted settings for, and FastEthernet 0/2, which was left with the defaults. The “auto” on interface 2 indicates the port is not in use and is awaiting an autonegotiation with a connecting system, while interface 1 shows the manually defined settings—even without a device connected to it! Ports 5 through 10 reflect the description assigned by the interface range FastEthernet 0/5 - 10 command, although the description is truncated due to space. Finally, port 12 displays an active interface. A system has connected to the interface and the switch has autonegotiated full duplex at 100 Mbps (the “a-” indicates autonegotiation).

Familiarize yourself with the interface configuration commands listed here, and make sure you know how

to decipher information gleaned from a show interfaces status command.

VLAN Configuration In Chapter 8, we covered the basics of VLANs—what they are, what they do, and why you would use them. Surprisingly, creating a VLAN is relatively simple. First, a determination needs to be made as to which role within the VLAN world the interface will fill. An interface can be configured to send and receive traffic within a single VLAN, or it can be set to send and receive traffic for multiple VLANs. The single VLAN setup is most common and is the focus of the CCENT exam (working within multiple VLANs is known as VLAN trunking, and is covered in (McGraw-Hill’s CCNA Cisco Certified Network Associate Study Guide (640-802) book). Next, simply create a VLAN and then add interfaces to it. To create the VLAN, use the Global Configuration mode command vlan vlan-id, where vlan-id is a number between 2 and 1001. Optionally, you can also use the command name vlan-name, where vlan-name is a more descriptive text string for your VLAN. To add an interface to the newly created VLAN, use the switchport access vlan vlan-id command on each interface. Optionally, you can also use the switchport mode access command to ensure the interface does not attempt to go into trunking mode.

Interface Configuration

295

By default, VLANs are “named” VLANXXXX, where the XXXX is the number of the VLAN. Administrators frequently make use of the name vlan-name command to clear up any confusion. You may also have noticed the somewhat strange number range given for the creation of VLANs. VLAN 1 is reserved, of course, and VLANs 1002–1005 are used for token ring. For example’s sake, suppose you were charged with creating a new VLAN on your switch for accounting department employees. Each accounting department employee will use interfaces 5 through 10—the other interfaces will be available for “regular” network users. To demonstrate this process, the following code creates a new VLAN (numbered 50), with a descriptive name of “Accounting vlan,” and assigns interfaces 5 through 10. CCENTSwitch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CCENTSwitch(config)# vlan 50 CCENTSwitch(config-vlan)# name Accounting vlan CCENTSwitch(config-vlan)# exit CCENTSwitch(config)# interface range FastEthernet 0/5 – 10 CCENTSwitch(config-if)# switchport access vlan 50 CCENTSwitch(config-if)# switchport mode access CCENTSwitch(config-if)# end

To verify VLAN creation, use the show running-config or show vlan brief command. The running configuration will show interface membership in a VLAN on a per-interface basis, while the VLAN brief display shows all VLANs on the switch, as well as their interface ranges. Samples of both commands appear in the following: CCENTSwitch# show running-config ////Output Truncated //// interface Fast Ethernet0/5 switchport access vlan 50 switchport mode access interface Fast Ethernet0/6 switchport access vlan 50 switchport mode access ! CCENTSwitch# show vlan brief

296

VLAN

Chapter 9:

Cisco Switch Configuration

Name

Status

Ports

1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, <<>>

50

Accounting vlan

active

Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10

1002

fddi-default

act/unsup

1003

token-ring-default

act/unsup

1004

fddinet-default

act/unsup

1002

trnet-default

act/unsup

CCENTSwitch# show running-config ////Output Truncated //// interface Fast Ethernet0/5 switchport access vlan 50 switchport mode access ! interface Fast Ethernet0/6 switchport access vlan 50 switchport mode access ! ////Output Truncated //// CCENTSwitch# show vlan brief VLAN Name

Status

Ports

1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, <<>>

50

Accounting vlan

active

Fa0/5,Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10

1002

fddi-default

act/unsup

1003

token-ring-default

act/unsup

1004

fddinet-default

act/unsup

1002

trnet-default

act/unsup

Interface Configuration

Make sure you are very comfortable with creating VLANs and assigning interfaces to them. As always, be sure you pay attention to which configuration mode you are in before

297

attempting commands. Lastly, review the output of both the show runningconfig and show vlan brief commands for verifying VLAN assignment and use.

EXERCISE 9-3 Interface and VLAN Configuration This exercise demonstrates the steps an administrator would take to configure interface settings for a switch. You’ll perform this lab using Boson’s NetSim simulator. After powering on the device, you’ll log in using the username and password defined in Exercise 9-1. After entering configuration mode, you’ll add a management IP address to the VLAN 1 interface, manually adjust the speed and duplex settings on an interface, create a VLAN, and add interfaces to the VLAN. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 9-3, and then click the Load Lab button. 1. Power on the 2960-2 switch and enter Global Configuration mode. a. At the top of the simulator in the menu bar, click the eSwitches icon and choose 2960-2. b. Log in by typing Bob and CCENT as the username and password. c. Type enable and then press ENTER, followed by entering CCENT as the password. d. Enter Global Configuration mode by typing configure terminal and then pressing ENTER. 2. Enter a default gateway address, then enter VLAN 1 Interface Configuration mode. Assign an IP address and enable the interface. a. Type ip default-gateway 172.16.1.1 and then press ENTER.

298

Chapter 9:

Cisco Switch Configuration

b. Type interface vlan1 and then press ENTER. Afterward, assign an IP address to it by typing ip address 172.16.1.5 255.255.0.0 and pressing ENTER. c. Enable the interface by typing no shutdown and pressing ENTER. 3. Manually assign a speed of 100 Mbps and a duplex setting of “full” to interface1–5, and add the description Server Ports. a. Type interface range FastEthernet 0/1 - 5 and then press ENTER. b. Type speed 100, press ENTER, then type in duplex full and press ENTER. c. Assign the description by typing description Server Ports and then pressing ENTER. 4. Create VLAN 100 and name it “Server VLAN.” Add ports 1 through 5 to the VLAN, ensuring each will remain in non-trunking mode. a. Type exit and press ENTER to return to Global Configuration mode. b. Type vlan 100 and press ENTER, then type in name Server Vlan and press ENTER to create the VLAN and add the name. c. Add the interfaces by typing interface range FastEthernet 0/1 - 5 and pressing ENTER, switchport access vlan 100 and pressing ENTER, and then switchport mode access and pressing ENTER. 5. Verify the VLAN creation and save the configuration. a. Exit back to Privileged mode using CTRL-Z. b. Type show running-config and press ENTER. c. Press the SPACEBAR to move through the configuration. Verify all commands in VLAN creation and interface settings. d. Type show vlan brief and press ENTER to verify interface membership and VLAN settings. e. Type copy run start and press ENTER to save the configuration to NVRAM. Accept the default name by pressing ENTER again. f. Verify your saved configuration by typing show startup-config and pressing ENTER. Press the SPACEBAR to move through the configuration.

Interface Configuration

299

Port Security One immutable truth about every interface on the switch is that regardless of what configuration has been set, the port is either in use or it isn’t. On ports that are in use, we’ve discussed adding descriptions on each port (to help the administrator) and VLAN configurations (for security and broadcast control purposes). However, we haven’t discussed anything regarding unused ports at all. For ports that have a system connected to them, an additional configuration option—port security—is available. For those without a system connected, a couple of additional configuration options are recommended for security purposes. Unused interfaces invite use. In other words, if your users have access to the switch (or in some cases, your administrators) and they notice an open port, it’s only a matter of time before they attempt to use it. Unlike the VLAN 1 interface discussed earlier, every other interface on a Catalyst switch begins in an enabled state by default (the no shutdown command is set on each interface). Ports will also attempt to autonegotiate almost everything by default—duplex, speed, even something called VLAN trunking. Obviously, if you have security in mind, leaving these ports open and available is inviting trouble. To secure these unused ports: 1. Disable each unused interface using the shutdown command. 2. Enter the switchport mode access command on each interface. (This prevents VLAN trunking.) 3. Place each unused port in a VLAN that does not exist (using the switchport access vlan vlan-id command). Additional configuration can further secure the interfaces on the switch. Suppose you expect only certain systems to access your switch, and you wish to prevent foreign devices (such as an attacker’s laptop or PC) from connecting. In this instance, you can assign port security to each interface on the switch. Port security on an interface allows only the MAC address specified by the administrator, and no other. If a foreign, undefined MAC address connects to the interface, it will not allow the traffic to be sent. The steps for assigning port security to an interface are: 1. Place the interface in switchport mode access using the switchport mode access command. 2. Enable port security using the switchport port-security command.

300

Chapter 9:

Cisco Switch Configuration

3. Allow only the MAC addresses specified, using either the switchport port-security mac-address address or the switchport port-security mac-address sticky command. 4. (Optional) Specify the number of MAC addresses allowed to use the interface with the switchport port-security maximum number command. 5. (Optional) Specify the action taken when a foreign MAC address attempts to use the interface with the switchport port-security violation [protect | restrict | shutdown] command. Placing the port in access mode prevents VLAN trunking. After enabling port security in step 2, you can either manually define which MAC addresses can use the interface, or allow the switch to dynamically learn, and keep track of, connected devices with the “sticky” parameter. An interface in port security using “sticky learning” learns the MAC address from the first frame received on the interface, assigning it as the only one able to use the port. The optional configuration settings define how many can use Review the information the port (the default is one) and what action in Table 9-1 and memorize the actions to take if a violation occurs (the default is port a switch can take on a port security shutdown). The actions available in the case of violation. a violation are summarized in Table 9-1. A sample configuration for port security is shown next. In the sample, interface 15 will only allow frames with the source MAC address of 0101.AABB.1234. Interface 16 will learn which MAC address is connected to it, and will only allow frames from that MAC.

TABLE 9-1

Port Security Violation Actions

Option

Action

Protect

Drops illegal traffic.

Restrict

Drops illegal traffic. Sends and logs SNMP messages.

Shutdown

Drops illegal traffic. Sends and logs SNMP messages. Disables the interface.

Interface Configuration

301

CCENTSwitch# configure terminal CCENTSwitch(config)# interface FastEthernet 0/15 CCENTSwitch(config-if)# switchport mode access CCENTSwitch(config-if)# switchport port-security CCENTSwitch(config-if)# switchport port-security mac-address 0101.AABB.1234 CCENTSwitch(config-if)# interface FastEthernet 0/16 CCENTSwitch(config-if)# switchport mode access CCENTSwitch(config-if)# switchport port-security CCENTSwitch(config-if)# switchport port-security mac-address sticky CCENTSwitch(config-if)# end

Verification of port security is done with the show running-config and show port-security interface interface# commands. The running configuration will, obviously, show the commands assigned to each interface, while the show port-security interface output will display the state of the interface. If all is well, the interface will display “Port Status: Secure-up.” If a violation has occurred, resulting in the interface being disabled, the display will read “Port Status: Secure-shutdown.” Additionally, the output shows the maximum number of addresses allowed, as well as how many were manually entered or learned by “sticky” methods.

Review the steps for implementing port security and know which commands are used in the process. Make sure you understand the difference

CertCam

between manual configuration and “sticky” learning, as well as how to use the optional commands.

A multimedia demonstration on configuring port security options on switches can be found on the CD accompanying this book. Finally, after all configuration options are in place, save and test your configuration. After using the copy run start command to save the settings to NVRAM, try out the functions, testing to see what works and what doesn’t. If possible, this should be done off the network in a lab, to iron out problems before they are interjected into the production network.

302

Chapter 9:

Cisco Switch Configuration

INSIDE THE EXAM About Cisco Switches Linksys switches are designed for home use, while Catalyst brands are used within business enterprise networks. Numbering for interfaces on Catalyst switches is always x/y, with x being the card number and y being the individual interface on that card. The numbering always starts with 0 and increments from top to bottom for cards and from left to right for interfaces. Lastly, five system LEDs (SYST, RPS, STAT, DUPLX, and SPEED) are found on the switch, and each bank of interfaces is labeled to indicate capability. Also, remember the basics of switch LEDs: green is good, amber is bad, the SYST lamp indicates the overall health of the switch, and the STAT lamp means the individual port LEDs represent each port’s status.

Initial Configuration Although not the preferred method, setup (System Configuration dialog) can be used to initially configure the switch. Extended setup allows for interface settings, while basic management setup does not. After setup, three options appear: 0 drops the configuration and presents an IOS prompt, 1 begins setup all over again, and 2 saves the configuration, exiting to a prompt. Be sure you know the three types of banners (MOTD, Login, and Exec) and how they are displayed. Also, remember the delimiter

can be any character, and as soon as it is entered in the text, the banner stops. Review the history size and logging synchronous commands, as well as the terminal history size.

Securing the Configuration Pay close attention to the login and login local settings on questions and simulations on the exam, and be sure you know the difference between the enable password and enable secret. Be sure to review the service password encryption command as well. The exectimeout command is used to determine how long an unused session is allowed to remain open, and SSH should be configured to protect remote access sessions from interception. Be very familiar with the steps for setting up SSH, and don’t forget you can eliminate the use of telnet altogether with the transport input ssh command.

Interface Configuration Be prepared to see numerous questions on interface configuration, including IP addresses on VLAN1, speed and duplex, and port security. Pay close attention to all command syntax, as well as the configuration mode they must be entered on. Be sure to review the information in Table 9-1 about port security violations.

Certification Summary

303

CERTIFICATION SUMMARY Cisco has two major brands of switches and several models within each brand. The Catalyst brand was created for larger enterprise-type networks, and comes in a huge array of sizes and shapes, with each model having a series number assigned to it. Interfaces on Catalyst switches are numbered x/y, with x being the card number and y being the individual interface on that card. The numbering always starts with 0 and increments from top to bottom for cards and from left to right for interfaces. A 2960 access switch only has one “card” of interfaces and, therefore, will always start interface numbering 0/y. The face of a Catalyst switch holds a mode button and five system diagnostic LEDs, but no power button (to turn the switch on or off, simply plug in the electrical cord or remove it). A label on each bank of interfaces indicates the speed at which the ports can be run. A label of 10/100 signifies the ports can run at 10baseT or 100baseTX Ethernet. A label of 10/100/1000 indicates the port can go up to gigabit speeds. Right out of the box, the switch will pass frames and provide service. However, basic configuration is generally needed. VLANs, individual port settings, and security are all examples of configuration entries an administrator may wish for the switch. Configuration questions may come in the form of multiple choice questions or as part of a simulation. Pay very close attention to the exact syntax of each command since the help functions may not be available on simulation questions. When no configuration file exists in NVRAM, the switch defaults to the System Configuration dialog, also known as Setup mode. Setup mode only allows for basic configuration settings and, for the most part, is not used by most experienced administrators. The two different setup modes are Basic management setup (the system only prompts for basic settings) and Extended setup mode (the system also prompts for interface settings). After setup, you can choose to drop the configuration and return to a prompt, restart setup altogether, or save the configuration settings to NVRAM. During a typical configuration, administrators will assign a hostname, create banners, apply security settings, configure access methods, and configure interfaces. The hostname is simply a name that can be used to identify the switch within the prompt and is assigned using the hostname command. To configure a banner, use the command banner type delimiter, press ENTER, then type your message. When you are done with the message in full, type the delimiter character and press ENTER again. The three types of banners that can be configured are Message of The Day (MOTD), Login, and Exec. The MOTD banner is shown before login, and is typically

304

Chapter 9:

Cisco Switch Configuration

used for temporary messages of importance. The Login banner is displayed before every login as well, immediately following the MOTD. Finally, the Exec banner displays after login, and is intended for messages that should not be shared with unauthorized users. The delimiter is any character chosen to begin and end the message entry. Other optional commands include history size and logging synchronous. Usernames and passwords can be created using the command username name password password. The enable password is set using the Global Configuration command enable password password, while the enable secret is set using the Global Configuration command enable secret password. To remove either from the configuration, use the “no” version of each command. Either can be used to protect Privileged mode access; however, the enable secret is encrypted (MD5 hash) within the configuration and is a considerably better choice. Other security configuration concerns include inactive open sessions and the configuration of SSH. You can change the time an inactive open session disconnects using the exec-timeout x y command. Configure SSH by creating usernames and passwords, setting login local and transport input telnet ssh on all vty lines (you can omit the “telnet” parameter to force SSH only), creating a domain name using the ip domain-name name.extension command, and generating the crypto keys with crypto key generate rsa. Interface configuration includes assigning a management address, speed, duplex, description, VLAN configuration, and port security settings. A management address is assigned statically or dynamically using ip address address subnetmask or ip address dhcp, respectively, on the VLAN1 interface. Speed, duplex, and description commands can be placed on individual ports or ranges using the interface range type port-range command. To enable VLANs, first create the VLAN (vlan vlan-id), then assign interfaces to the VLAN (switchport access vlan vlan-id). Optionally, you can also use the command name vlan-name to add a more descriptive text string for your VLAN. To secure these unused ports, disable each unused interface using the shutdown command, enter the switchport mode access command on each interface (prevents VLAN trunking), and place each unused port in a VLAN that does not exist (using the switchport access vlan vlan-id command). Assigning port security additionally secures the device, allowing only known MAC addresses to connect. Commands used include switchport mode access, switchport port-security, switchport port-security macaddress option, switchport port-security maximum number, and switchport port-security violation option. If a port security violation occurs, the switch can drop traffic, send and log SNMP messages, or disable the interface altogether.

Two-Minute Drill

✓

305

TWO-MINUTE DRILL About Cisco Switches ❑ Linksys switches are for residential use, while Catalyst brands are more suited

for business implementation. ❑ Catalyst interfaces are numbered x/y, where x is the card number and y is the

interface on that card. 2960 switches only have one card in them, so interfaces are numbered 0/1, 0/2, and so on. ❑ Each bank of interfaces includes a label indicating speed and capability. 10/100

indicates 10baseT or 100baseTX autonegotiation capability. Uplink interfaces are generally in a separate bank and have a different label (at higher speeds).

Initial Configuration ❑ When no configuration file exists in NVRAM, the switch defaults to the Sys-

tem Configuration dialog, also known as Setup mode. Basic management setup only prompts for basic settings, while Extended setup mode prompts for settings on each individual port. ❑ After setup completes, by default, pressing ENTER (Option 2) will result in the

new configuration being saved. Entering a 0 dumps the configuration and provides a command prompt. An entry of 1 simply starts setup all over again. ❑ Use the hostname name command to assign a hostname to the switch.

Banners are applied by typing banner type delimiter and pressing then typing your message. After the message is typed in full, type the delimiter character and press ENTER again. The delimiter can be any character. ENTER,

❑ The three types of banners are Message of The Day (MOTD), which is

shown before login, the Login banner (displayed before every login, as well as immediately following the MOTD), and the Exec banner (displayed after login). Login is used for permanent messages (such as “Unauthorized Access is Prohibited”), while Exec is intended for messages that should not be shared with unauthorized users. ❑ The history buffer size can be changed using the history size x com-

mand, where x is the size of the buffer. The terminal history size x command will set the buffer size just for the single session. ❑ The logging synchronous command can be entered on the console

line to prevent syslog messages from displaying until they are called for.

306

Chapter 9:

Cisco Switch Configuration

Securing the Configuration ❑ To require a login on any line, the command login is issued on that line’s

configuration prompt. Using login local forces the user to know a username and password locally defined on the device, using the username name password password command. ❑ The enable password is set using the Global Cconfiguration command en-

able password password. The enable secret is set using the Global Configuration command enable secret password. The enable is stored in clear text, while the enable secret is hashed using MD5. You can use service password-encryption to encrypt the enable password (as well as line passwords); however, its encryption is very weak. ❑ Use the exec-timeout x y command, where x is the number of minutes

and y is the number of seconds, to control how long an inactive session will remain open. ❑ Telnet uses port 23 and is clear text. SSH uses port 22 and is encrypted, using

a client-server agreement with a public and private key. Configure SSH by creating usernames and passwords, set login local and transport input telnet ssh on all vty lines, create a domain name using the ip domain-name name.extension command, and generate the crypto keys using crypto key generate rsa. ❑ Omitting “telnet” from the transport input telnet ssh command

forces remote users to connect via SSH. To view the public key created, use the command show crypto key mypubkey rsa.

Interface Configuration ❑ Assign a management IP address to the VLAN1 management interface using

the ip address address subnetmask interface command and the ip default-gateway ipaddress Global Configuration command. If the switch is pulling a DHCP address, use the ip address dhcp command instead and do not configure the default gateway command (the DHCP server will supply the correct gateway). Lastly, be sure to enter no shutdown on the interface (VLAN1 is disabled by default). ❑ To verify IP address assignment, use the show running-config com-

mand to see the address within the configuration (if the address is assigned using DHCP, you must use the show dhcp lease command). A show interface vlan1 command will also display the IP address, as well as

Two-Minute Drill

307

the state of the interface. If the no shutdown command has not been entered, it will display “Administratively down.” ❑ The commands used to configure interfaces are duplex {auto | full |

half}, speed {10 | 100 | 1000 | auto}, and description text. Each command is entered individually on each interface. To apply them to several interfaces at once, use the interface range type port-range command. ❑ On a show interfaces status command output, “auto” and “auto”

display in the Duplex and Speed columns on unused ports without a manual configuration—manually defined ports will show their duplex and speed settings. When a port is in use, an “a-” indicates autonegotiation with an end system. ❑ To create a VLAN, use the Global Configuration mode command vlan

vlan-id, where vlan-id is a number between 2 and 1001 (1 is the management interface and 1002–1005 is reserved for token ring). Optionally, you can also use the command name vlan-name, where vlan-name is a more descriptive text string for your VLAN. ❑ To add an interface to the newly created VLAN, use the switchport

access vlan vlan-id command on each interface. Optionally, you can also use the switchport mode access command to ensure the interface does not attempt to go into trunking mode. ❑ To verify VLAN creation, use the show running-config or show

vlan brief command. The running configuration will show interface membership in a VLAN on a per-interface basis, while the VLAN brief display shows all VLANs on the switch, as well as their interface ranges. ❑ To secure unused ports, disable each unused interface using the shutdown

command, enter the switchport mode access command on each interface (prevents VLAN trunking), and place each unused port in a VLAN that does not exist (using the switchport access vlan vlan-id command). ❑ Assigning port security restricts use of the port to the MAC address you specify,

or the first MAC address the switch learns about on the interface. To assign port security to an interface, place the interface in switchport mode access and enable port security using the switchport port-security command. Next, allow only the MAC addresses specified, using either the switchport port-security mac-address address command or the switchport port-security mac-address sticky command.

308

Chapter 9:

Cisco Switch Configuration

❑ The “sticky” parameter on a port security setting tells the switch to record

the source MAC address of the first frame to enter the interface. This address “sticks” as the only allowable secured address on the interface—all other frames with a different source MAC will be discarded. ❑ Optionally, you can specify the number of MAC addresses allowed to use the

interface with the switchport port-security maximum number command, and specify the action taken when a foreign MAC address attempts to use the interface with the switchport port-security violation [protect | restrict | shutdown] command. ❑ Port security violation actions can include shutting the port down altogether,

discarding traffic, and/or sending SNMP messages. ❑ Verification of port security is done with the show running-config and

show port-security interface interface# commands. The running configuration shows the commands assigned to each interface, while the show port-security interface output will display the state of the interface. If all is well, the interface will display “Port Status: Secureup.” If a violation has occurred, resulting in the interface being disabled, the display will read “Port Status: Secure-shutdown.”

Self Test

309

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

About Cisco Switches 1. You wish to configure the speed and duplex settings for a port on your Catalyst 2960 switch. The interface is the fifth from the left. Which Global Configuration command will put you in the correct interface configuration mode to enter the new settings? A. interface FastEthernet 5 B. interface FastEthernet 0/5 C. interface FastEthernet 5/0 D. interface FastEthernet 1/5

Initial Configuration 2. An administrator wants to use the System Configuration dialog to set up the switch, and intends on assigning manual speed settings on each interface. After clearing NVRAM and restarting the system, a message asking, “Would you like to enter basic management setup [yes|no]?” appears. How should the administrator answer? A. Yes, because he wishes to use setup to configure the device. B. Yes, because Basic management setup allows interface configuration settings. C. No, because the message is referring to the management interface and not a setup mode. D. No, because Basic management mode does not allow for interface configuration. 3. Examining the output of a show running-config command, you notice this command: banner login welcome to Switch12. Please prepare to login

What message will display when the switch is accessed from the console? A. welcome to Switch12. Please prepare to login B. welcome to Switch12. C. welcome to Sw D. None of the above.

310

Chapter 9:

Cisco Switch Configuration

4. A user wishes to stop syslog messages from interrupting the command prompt display during a console session. Which command accomplishes this? A. Switch(config)# logging synchronous B. Switch(config-if)# logging synchronous C. Switch(config-line)# logging synchronous D. None of the above

Securing the Configuration 5. You examine the output of a show running-config command and notice two commands: enable password Cisco and enable secret CCENT. Later on, you establish a console connection to the switch and are prompted for a password to enter Privileged mode. Which password should you use? A. Cisco B. CCENT C. Both. The enable password is first, followed by the enable secret. D. Both. The enable secret is first, followed by the enable password. E. Neither. Access to a console connection already grants Privileged mode access. 6. After entering the command service password-encryption, you notice all passwords appear in encrypted format within the configuration. You then issue a no service password-encryption command, and save the configuration. The next day, a peer changes the password on the console line, using the command password Cisco. After executing a show running-config, which of the following would be true? A. All passwords, except for the enable secret, will display in clear text. B. All passwords, including the enable secret, will display in clear text. C. All passwords will continue to display in encrypted format. D. The console password will display in clear text, will all others will display encrypted. 7. You wish to force users to authenticate on the console before gaining a command prompt. Which of the following commands are required? A. Switch(config)# username Bob password Cisco B. Switch(config-line)# username Bob password Cisco C. Switch(config)# login D. Switch(config-line)# login E. Switch(config)# login local F. Switch(config-line)# login local

Self Test

311

8. An administrator wishes to force remote access users to connect using SSH. Which command must be entered to disable telnet access and force SSH use? A. The no telnet Global Configuration command B. no telnet in vty Line Configuration mode C. The transport input ssh Global Configuration command D. transport input ssh in vty Line Configuration mode

Interface Configuration 9. An administrator wishes to add a static management IP address to the switch. Which of the following commands is/are required? A. The ip address ip_address subnet_mask Global Configuration command B. ip address ip_address subnet_mask on interface Vlan1 configuration mode C. The ip default-gateway ip_address Global Configuration command D. ip default-gateway ip_address on interface Vlan1 configuration mode 10. A segment of the output from a show interfaces status command is displayed next. Fa0/5 Fa0/6

File Server port

notconnect notconnect

1 1

full auto

100 auto

10/100BaseTX 10/100BaseTX

Which of the following are true regarding the interfaces? A. Autonegotiation has been disabled for interface 5. B. Autonegotiation has been disabled for interface 6. C. The speed 100 and duplex auto commands have been configured for interface 5. D. The speed 100 and duplex full commands have been configured for interface 5. 11. Which command is used to add interfaces to VLAN 5? A. switchport access vlan 5 on each interface B. switchport access vlan 5 in Global Configuration mode, followed by interface range x - y C. switchport access vlan 5 interface range 0 – 24 D. None of the above 12. Which command(s) can be used to view VLAN membership for all VLANs on the switch? A. show vlan brief B. show membership vlan C. show running-config D. None of the above

312

Chapter 9:

Cisco Switch Configuration

13. You wish to configure port security on your switch, allowing the switch to learn which MAC address is connected to each port. After setting the interfaces in switchport mode access and turning on port security with switchport port-security, which command should be entered next? A. switchport port-security mac-address B. switchport port-security mac-address address C. switchport port-security mac-address learn D. switchport port-security mac-address sticky 14. You have configured port security on all interfaces and entered the following command on the interface range: switchport port-security violation restrict. Which of the following actions will be taken if a foreign MAC address attempts to use an interface? A. The interface will be disabled. B. The offending traffic will be discarded. C. An SNMP message is sent and logged. D. The administrator is notified and decides whether to allow the traffic or not. 15. Which command, used to verify port security, can be used to determine if the port has been disabled by a port security violation? A. show running-config B. show port-security violations C. show port-security interface interface# D. debug mac-address table

Self Test Answers

313

SELF TEST ANSWERS About Cisco Switches ✓ B. Numbering on Catalyst 2960 interfaces always starts 0/1, 0/2, and so on. 1. ® ® ˚ A, C, and D. The syntax on these commands is not correct.

Initial Configuration ✓ D. The administrator can use the System Configuration dialog (setup) to configure 2. ® interface settings, but only in extended setup mode. ® ˚ A and B. Answering “Yes” would start in Basic management setup mode, which does not allow interface configuration. C. This statement is not correct. ✓ D. The first character after the banner login command becomes the delimiter. Everything 3. ® following it becomes part of the banner until the delimiter is seen again. In this instance, “w” becomes the delimiter, which would make the message, “elcome to S.” ® ˚ A, B, and C. These answers are incorrect. Everything between the delimiters (w) would be displayed, but nothing else. ✓ C. The command is logging synchronous, and it must be entered in Line 4. ® Configuration mode. ® ˚ A. This is the correct command; however, it is being entered in Global Configuration mode. B. Again, the correct command is entered, but this time in Interface Configuration mode. D. This is a false statement.

Securing the Configuration ✓ B. In the event the enable password and enable secret are both configured on a device, the 5. ® enable secret password is always used. ® ˚ A, C, and D. These statements are false because the enable secret will always be used. E. Access to a console connection does not automatically provide access to Privileged mode— that’s what the enable password or enable secret is for in the first place! ✓ D. After service password-encryption has been entered into a configuration, all 6. ® passwords will remain in encrypted format, even if no service password-encryption is entered later. However, if a password is changed after that, it will display in clear text. ® ˚ A and B. The encrypted versions of the passwords will remain after no service password-encryption until they are changed. The enable secret always displays in encrypted format, regardless. C. Changing a password after no service password-encryption results in a new clear-text entry in the config. ✓ A and F. Username and password pairs are created in Global Configuration mode. Login 7. ® local is required to force users on that line to use their username and password, and is entered in Line Configuration mode.

314

Chapter 9:

Cisco Switch Configuration

® ˚ B. The command is correct, but should be in Global Configuration mode, not Line Configuration mode. C and D. Login does force a password to be used (which would be put on the line with the password password command), but does not force the use of defined username and password pairs. E. This is the correct command, but it is not entered in Global Configuration mode. ✓ D. This is the correct command, and must be entered in Line configuration mode. 8. ® ® ˚ A and B. no telnet is not a valid IOS command. C. This is the correct command, but it’s in the wrong configuration mode.

Interface Configuration ✓ B and C. The IP address must be assigned to the Vlan1 interface, while the default gateway 9. ® address is assigned globally. ® ˚ A and D. These command and configuration mode combinations are not correct. ✓ A and D. The speed 100 and duplex full commands were issued on interface 10. ® FastEthernet 0/5. Assigning these commands disables autonegotiation. ® ˚ B. Interface FastEthernet 0/6 is still in autonegotiation mode, as shown by the “auto” entries in the display. C. The duplex command was not set to “auto,” as shown by the “full” entry in the display. ✓ A. Each interface must be added to the VLAN individually. 11. ® ® ˚ B. The switchport mode access commands are not entered globally. The interface range x – y command should have been entered first. C. This command syntax does not exist. D This choice is not valid. ✓ A and C. show vlan brief displays all VLANs configured on the switch, including 12. ® their membership. show run displays all the commands that create the VLANs, as well as the commands adding the interfaces to them. show vlan brief is more concise, but show run will work as well. ® ˚ B. This command does not exist. D. This choice is not valid. ✓ D. The “sticky” parameter allows the switch to learn and save the source MAC address 13. ® from the first received frame as the only MAC allowed to use the port. ® ˚ A. This command is missing a parameter after “mac-address”. B. This command manually configures an address as the secured MAC. C. This command does not exist. ✓ B and C. The “restrict” option discards offending traffic and sends an SNMP message to 14. ® the monitoring station (as well as logging the event). ® ˚ A. This action is indicative of the “protect” parameter. D. There is no port security violation option to perform this action. ✓ C. After entering this command, the interface display will show “Port Status: Secure-up.” 15. ® If a violation has occurred, it will read “Port Status: Secure-shutdown.” ® ˚ A. show run will display the commands used to enforce port security, but does not indicate the state of the interface. B and D. These commands do not exist.

10 Cisco Router Configuration

CERTIFICATION OBJECTIVES 10.01

First Steps

10.02

Configuration Fundamentals

10.03

Routing Configuration

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

316

Chapter 10:

Cisco Router Configuration

W

hile configuring Catalyst switches is a necessity inside a network, we still need to address layer-3 functionality to get data out of the network. In this chapter, we’ll continue the fun and frivolity of hands-on configuration by diving into the configuration steps needed for your network’s routers. After covering the basics, along with a review of some key concepts, we’ll cover initial configuration, static routing, dynamic routing, and Internet access router configuration using SDM. As always, the chapter, exercises, and discussion points are exam-focused, but can be used as a guideline for production work as well.

CERTIFICATION OBJECTIVE 10.01

First Steps As we learned earlier, routers provide the means to move data out of a network—and for routers to work effectively, the correct configuration options must be installed. Before this can happen, however, it’s helpful to know a little about the devices themselves. In this section, we’ll first cover some basics on Cisco routers, and then follow that with a discussion of installation locations and techniques.

About Cisco Routers Before you plunge headlong into the configuration of routers, it’s beneficial to know a few things about them. Specifically, the physical features of a router, and some basics on the IOS and CLI available on the router, are of vital importance. Physically speaking, it’s impossible to confuse a Cisco router with a Catalyst switch. While the front of the switch presents a bank of interfaces to use for connecting PCs, the front of a router shows no interfaces at all, with only a couple of LEDs available to even indicate whether it’s turned on or not. With a router, the action and focus of your attention is on the back side, not the front. Lastly, and thankfully, there’s not a whole lot of difference between the IOS on a router as compared to that on a switch.

Router Interfaces See Figure 10-1 for a look at the back of a typical Cisco router. Routers usually have four different types of ports on their backside: the Console port, an Auxiliary port, Ethernet ports, and any number of different serial ports. The Console port was covered

First Steps

317

Serial Interfaces

FIGURE 10-1

Router interfaces

Console Port

Serial Interface with CSU/DSU (T1 line)

FastEthernet Ports with ACT and LNK LEDs

On/Off Switch

Aux Port

earlier in Chapters 8 and 9, and the same steps for making a console connection apply here as well. The Auxiliary port is used in conjunction with a modem to allow for remote Console-like connections over a phone line. It’s configured using the line aux 0 command. The other two types of ports are the ones to focus on for the exam, and the only two you can assign IP addresses to. A wide variety of interfaces and options can be added to your Cisco router. On most newer Cisco routers, the basic “shell” comes with two FastEthernet interfaces stacked one on top of another, as shown in Figure 10-1.The interface on the bottom is FastEthernet 0/0, while the one on the top is FastEthernet 0/1. If you purchase a so-called WIC (WAN interface card) to add serial interfaces, the same rule applies: the interface on the bottom will be 0/0, while the top will be 0/1. Ethernet interfaces are used, amazingly enough, to provide services for individual Ethernet networks, and are numbered using the same scheme covered in Chapter 9. Each individual port represents an entirely unique LAN, and must have an address within that subnet’s range. For example, the first Ethernet port might have an address of 192.168.1.1, while the second would have an address in a different subnet (such as 192.168.2.1). Additionally, Ethernet interfaces are listed in the CLI according to their speed. While “regular” 10 Mbps Ethernet ports are accessed by the interface ethernet # command (where # is the port’s number), Fast Ethernet ports are accessed by interface fastethernet #/#, and gigabit ports are accessed by the interface gigabitethernet #/# command.

318

Chapter 10:

Cisco Router Configuration

The LEDs beside the Ethernet ports can help out a lot in quick day-to-day troubleshooting.The ACT light is for “Activity” and should blink when the port is sending and receiving traffic.The LNK light is for “Link” and should remain on, unblinking, if a good connection is present. An ACT light that remains solid indicates a problem—either the link is heavily overused or some Physical-layer problem is creating a loop or short. A flashing LNK light indicates a bad physical connection somewhere along the path (usually at the interface connector itself).

This may seem like a simple concept (and common sense, based on what we already know about routers), but be sure you understand that each port must have an address in a unique subnet.The router should not allow you to add any interface (Ethernet or serial) to a subnet that already has an interface assigned within the range, but scenario questions on this can be rather tricky. A scenario question may present a network

diagram, conceived by a co-worker, asking you to identify true or false questions about it.The diagram may look fine, but after reviewing the subnetting for each address, you’ll find the addresses to be assigned to the interfaces are in the same subnet. For instance, 172.16.16.21 and 172.16.17.21 may appear to be on different subnets; however, if the subnet mask is 255.255.240.0, they are both actually within the same network!

Serial interfaces, while also requiring addresses in a unique subnet, are used to provide access to WAN links for your network. Plenty of choices are available when connecting your LANs across long distances—everything from ISDN and T1 lines (point-to-point connections) to Frame Relay and ATM. (This will all be covered later in Chapter 11.) For some, you’ll need a basic serial interface WIC added to your router, while others will require a built-in CSU/DSU feature, as shown in Figure 10-1 with the T1 serial interface. In either case, while configuring an Ethernet interface basically requires a simple IP address, you’ll be required to take some additional steps with your serial interfaces. First, serial interfaces need a defined frame type. Ethernet interfaces obviously don’t require you to configure a specific frame type—they’re Ethernet ports using Ethernet frames. However, a serial port can be connected to a great variety of

First Steps

319

technologies using several different frame types. For example, on a point-to-point connection, the administrator can choose between the default (HDLC—High-Level Data Link Control) or Point-to-Point (PPP) Protocol.

HDLC is the default frame type on serial point-to-point links, and the frame type must be the same on both ends for communication to work.The clock rate speed command is only assigned at

the DCE end (placing it on both ends will not work), and the DCE end of the cable must be attached to the interface providing clocking.

Two other configuration options on serial interfaces are the bandwidth and clock rate commands. Just as with the frame type, serial interfaces require additional consideration with speed since there are so many different possibilities to choose from. While Ethernet ports run at a predetermined speed (10,100 or 1000 Mbps), serial interfaces can run at a variety of different speeds. To avoid creating a specific serial interface for every single circumstance, Cisco routers use the clock rate speed(kbps) command to define the speed used to transmit. The clock rate command is set in bits per second, and only on the DCE (data communications equipment) end of the connection. Note: You cannot assign just any speed at random to a serial interface—only a few will work.To see the speeds available for the clock rate command, use the CLI help function (question mark) to view all available entries.

If you attempt to put the clock rate command on the DTE (data

terminal equipment) end of the cable, the IOS will silently reject the command.

In other words, you will not get an error message alerting you to a problem—the IOS just simply won’t apply the command.

320

Chapter 10:

Cisco Router Configuration

On any serial link, you need two sides—one to provide a clocking signal, and one to receive and abide by it. The device on point-to-point serial connections providing the clock signal is known as a CSU/DSU, while the device receiving the clock signal (usually a router) is called a DTE. If you connect two routers directly, whether for a lab or in a production environment, the cabling you purchase will be labeled DCE end and DTE end. Be sure to attach the DCE end to the serial interface running the clock rate command or the connection will not work. If you can’t remember which end of the connection is DCE, issue the show controllers command— the display will show which end is connected. Another quick way to determine the DCE end is to simply look at the serial cable itself. The cable will have two connectors on the ends, obviously, to connect with the serial ports on each router, and may also have two connectors facing each other in the middle, joining the two cables together.The connector(s) will be labeled DTE or DCE, showing you the correct side of the cable to connect to the DCE or DTE router serial port. If you ignore the labels and connect the cable backwards (DCE end to DTE and viceversa), the connection will not pass traffic. The second command of note on serial interfaces is the bandwidth speed(kbps) command. While clock rate sets the speed of the connection and is only set on one side of the connection, bandwidth does not affect the actual transmitting speed of the interface at all and can be set on both ends. This command is used by certain routing protocols to calculate best routes. The EIGRP and OSPF routing protocols, for example, use the setting configured with the bandwidth command as part of their metrics, to determine which route is best. By default, all serial interfaces are set to 1544 Kbps (1.544 Mbps), even if there is no bandwidth command set.

The Router IOS Knowing a little bit about the physical makeup of the router itself, and the interfaces you’ll be dealing with, you can move forward in preparing to configure your router, but the IOS and CLI are the keys to the configuration kingdom. As discussed earlier, whether it’s a Catalyst switch or a Cisco router, the IOS and CLI are the primary means of configuring the device. Thankfully, most of what we’ve already covered works exactly the same on a router as it does on a switch. The IOS, CLI, and memory locations are all virtually identical from a switch to a router. Routers store configuration files and IOS images exactly like switches (in NVRAM and Flash, respectively), and use the same commands and techniques to copy and store them. The CLI modes (User, Privileged, Global Configuration,

First Steps

321

and so on) and the methods in which you move around in them also work the same on routers. Many of the configuration options and commands already covered in Chapter 9 for configuring switches also apply to routers. For instance, show, debug, hostname, and banner commands work exactly the same on a router, just as transferring and copying the configuration and IOS files do. The configuration of telnet lines, SSH, passwords, and how to enable or disable an interface (no shutdown and shutdown) are all the same. In fact, it’s probably easier to list the differences in the router CLI when compared to the switch than to go through what is similar. First, of course, the questions asked during setup are different. While, just as with a switch, you can enter setup using the setup command, exit using CTRL-C at any time, and have the same ending options (0, 1, or 2), the System Configuration dialog on a router prompts for additional information, such as routing protocol settings and additional interface configuration steps not needed on a switch. Other differences between the two include the configuration of IP addresses, the interface options available (Auxiliary and serial ports, for example, are typically router concerns, not switch concerns), and slight differences in the commands available.

Be aware of the differences between a router and a switch IOS. For the most part, this will be common sense—commands dealing with switch functions (show mac address-table dynamic and vlan commands, for example)

won’t work on a router, and router commands (show ip route and routing protocol commands, such as rip, eigrp, and network) won’t work on a switch. Simply pay attention to what the scenario calls for and what device you’re working on.

Physical Installation Once you know a little about the physical makeup of the router and understand the basics of the CLI, and as long as you keep in mind what the router is for, the actual physical installation and connections will seem simple and commonsensical. Since routers are used to pass traffic between networks, it should make sense that they are actually installed on the “edge” of the network—whether enterprise or small office/ home office (SOHO). To provide connectivity and services, and depending on the link, other external devices (CSU/DSU or cable/DSL modems) might be needed, or the functions and services may be integrated into the router itself.

322

Chapter 10:

Cisco Router Configuration

As we discussed earlier in this chapter, the serial ports are used for the outside-facing interfaces, while the Ethernet ports connect to switches inside the network, providing access and services to users. For example, consider the simple point-to-point (PTP) network displayed in Figure 10-2. A fairly common network, for a central-to-branch office PTP setup, the central office LAN is connected to the branch office LAN over a leased line connection. The individual systems at each location connect to a switch, which has a connection to the router’s Ethernet ports. The serial port on each router is connected to the line installed by the telco. Depending on the line installed and the router itself, you may additionally need the CSU/DSU on each end (one providing clocking services, as discussed earlier in the chapter). Note: Typically UTP cables are used between end systems and the switch, as well as from the switch to the router, with standard RJ45 connectors.The CSU/ DSU usually plugs into the leased line using an RJ48 connector. It looks very much like an RJ45 connector, but has a different pinout. Several cable types are used to connect a router to a serial connection, each with its own pinout and (sometimes) strange-looking connectors. Which one you choose depends on the network connection at the CSU/DSU. For all intents and purposes, you simply take a look at the port, order the right cable, and plug it in. Pinouts and data terminals are great, but you don’t really need to know what they do and how they work at the WAN end—just pick one that fits the port!

FIGURE 10-2

CSU/DSU can be here...

Router installation

T1 Leased Line (from Telco)

...or built into the router port here

First Steps

323

As another example, consider the basic SOHO or branch network displayed in Figure 10-3. With SOHOs, you generally have two options for building your network: using a modem or an integrated services router. In one option, you can use a cable or DSL modem to connect to the ISP, then use a router and switch behind it. The modem connects to the RG6 cable (or telephone line) on one side, and then uses a UTP cable to connect to the router. On older cable or DSL modems, the pinout on the Ethernet side of the modem is set just like a switch, allowing a straight-through cable to the router (or straight to a PC). On modern systems, though, the port reacts much like Catalyst switches do—automatically adjusting for speed, duplex, and pinouts. The second—and more popular—option makes use of an integrated services device. Basically, instead of using separate devices for each need and function (a modem to receive the signal from the cable company, a router to move packets, and a switch to provide access), one device can be used. The integrated services device can perform the functions of the modem, provide for the routing of packets into and out of the network, and even include a switch on the backside for access ports. Some integrated devices can even include VoIP functions, act as a wireless access point, and provide for encryption. Regardless of which network type you are installing the router in, a few simple steps should be followed to ensure success. First, connect all LAN cables to the appropriate

FIGURE 10-3

Option 1: Using the Cable Modem

Option 2: Using an Integrated Services Device

A basic SOHO network RG6 to ISP Cable/DSL modem UTP to router

Integrated services device performs all functions

PC’s connect directly to Ethernet ports

324

Chapter 10:

Cisco Router Configuration

Ethernet ports. Second, connect the leased line directly to the router’s serial port, or connect the serial port to the CSU/DSU (if used) with an appropriate serial cable. Next, connect to the Console port with the rollover cable and DB9 connector. Finally, connect the power cable between a wall outlet and the router’s power port, and then turn on the router. Technically speaking, it doesn’t really matter which cable you plug in first, so don’t worry too much about the order in which the steps are followed. However, there is one cardinal rule in effect here: always connect the power cord and turn on the router last. Note: More information on WANs, serial cables, and WAN connectivity is covered in Chapter 11.

The information in this section isn’t necessarily provided as “verbatim” testing material. In other words, you shouldn’t be asked for a blanket definition of an integrated services device, or which cable is to be connected first. Instead, concentrate on the overall picture and how the devices are connected: UTP cables go to

Ethernet ports facing inside a network, serial cables connect the router serial port to the leased line directly, or through a CSU/DSU. And always, always remember: never turn on the power supply unless all connections have already been made. In other words, powering on the router is always the last step.

CERTIFICATION OBJECTIVE 10.02

Configuration Fundamentals Just as with Catalyst switches, covered in Chapter 9, certain basic configuration settings and options are configured on almost every router, regardless of network type and installation. Thankfully, most (if not all) of these settings work exactly the same as they do on a switch. A few differences exist, as discussed earlier in this chapter, but for the most part a lot of this section will prove to be review. We’ll start with the initial settings required on the router, then follow up with an overview of configuring static or dynamic routing.

Configuration Fundamentals

325

Initial Settings Just as with a switch, the System Configuration dialog, also known as Setup mode, can be used to configure the basic options on a router. Setup won’t provide all the options you’ll need on your router, nor is it always the preferred method, but it is available, easy, and often used for new administrators. There’s really no need to rehash setup again—since it was covered fairly in depth in Chapter 9—however, a few things should be noted. Setup mode on a router has many similarities with the Catalyst version, but also has its differences. Similarities include its use (basic configuration options), the method for starting (no configuration in NVRAM, or by using the setup command), the method for exiting (CTRL-C), and options at the end (0, 1, and 2). Differences basically come down to the questions asked by setup. For example, setup on a switch asks for a single IP address (VLAN1), while a router setup calls for an IP address on each interface. Setup on some Cisco routers can also call for something known as Cisco Auto Secure—a feature used to automatically set up common security settings on the router. A sample System Configuration dialog on a router is displayed next: --- System Configuration dialog --Would you like to enter the initial configuration dialog? [yes/no]: no At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management setup configures only enough connectivity for management of the system, while extended setup will ask you to configure each interface on the system. Would you like to enter basic management setup? [yes/no]:no First, would you like to see the current interface summary? [yes]: no Configuring global parameters: Enter host name [Router]:CCENTRTR1 The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after it's entered, becomes encrypted in the configuration. Enter enable secret: cisco The enable password is used when you do not specify an enable secret password. It's also used with some older software versions and some boot images. Enter enable password: ccent The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: password

326

Chapter 10:

Cisco Router Configuration

Configure SNMP Network Management? [yes]: no Configure bridging? [no] Configure DECnet? [no] Configure AppleTalk? [no] Configure IP? [yes]: Configure RIP routing? [yes]: Configuring interface parameters: Do you want to configure FastEthernet0/0 interface? [yes]: Use the 100baseTX (RJ45) connector? [yes]: Operate in full-duplex mode? [no]: Configure IP on this interface? [yes]: IP address for this interface: 172.16.1.1 Subnet mask for this interface [255.255.0.0]: 255.255.255.0 Class B network is 172.16.0.0, 24 subnet bits; mask is /24 Do you want to configure FastEthernet0/1 interface? [yes]: <<<>>> Would you like to go through Auto Secure configuration? [yes]: no Auto Secure dialog can be started later using "auto secure" CLI. The following configuration command script was created: hostname rtr enable secret 5 $1$0bri$Y2Iq9S9xs89MrZwu7bRuT/ enable password rrrr line vty 0 4 password tttt no snmp-server ! ip routing no bridge 1 ! interface FastEthernet0/0 no shutdown media-type 100BaseX half-duplex ip address 172.16.1.1 255.255.255.0 no mop enabled <<<>>> [0] Go to the IOS command prompt without saving this config. [1] Return to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:

Lastly, just as with Catalyst switches, all configuration options done with setup can be, and usually are, manually configured within the CLI. The basic commands already discussed in Chapter 8 apply here, including how to move around in the CLI, setting passwords, and configuring telnet, SSH, and console connection parameters,

Configuration Fundamentals

327

for example. All methods for copying and saving configuration files, as well as how to update the IOS, also apply on routers, just as they did with switches.

Review the basic configuration commands in Chapter 8— they are configured exactly the same way

on the router. Also, be sure you understand the difference between setup on a switch versus on a router.

One big difference in a router configuration, compared to a switch, is its treatment of interface configuration. While a switch only needed one IP address configured for the VLAN1 interface, every active interface on a router requires an IP address. As covered earlier, the serial interface requires a little more—a specified encapsulation, if using something other than HDLC, a clock rate on one end of the serial link, and an optional bandwidth command, if necessary. To configure the IP address on, and enable, an Ethernet port, use the ip address IP_Address Subnet_Mask and no shutdown commands. Optionally, you can define a description, duplex, and speed settings just as with a switch. The serial interface configuration is much the same—use the same commands to add an IP address and enable the port, then use clock rate speed on the DCE end and the encapsulation type command, if necessary. A sample configuration is shown next: classRTR1# configure terminal classRTR1(config)# interface FastEthernet 0/0 classRTR1(config-if)# ip address 199.200.1.1 255.255.255.0 classRTR1(config-if)# no shutdown classRTR1(config-if)# int serial 0/0 classRTR1(config-if)# ip address 135.17.0.1 255.255.0.0 classRTR1(config-if)# clock rate 64000 classRTR1(config-if)# no shutdown

EXERCISE 10-1 Basic Router Configuration This exercise walks you through some of the basic configuration options for the router. Use the router simulator included on the CD-ROM, or use a real Cisco router. You can find a picture of the network diagram for the simulator in the Introduction to this book. Access the simulator and click the Lab Navigator button. Double-click Exercise 10-1,

328

Chapter 10:

Cisco Router Configuration

click the Load Lab button, and then the OK button. This will load a basic configuration on devices in the network topology, including IP addresses on the Host PCs. 1. On the 2600-1 router, configure an IP address on Fa0/0. On Serial 0/0, set an IP address and configure clock rate. Enable both interfaces. A. Click the eRouters button and choose 2600-1. B. Go to Privilege EXEC mode and type configure terminal, then type in interface fastethernet0/0 to enter Interface Configuration mode. C. Set the IP address and enable the interface: type ip address 192.168.1.1 255.255.255.0, and then no shutdown. D. Type interface serial0/0 to enter Interface Configuration mode for the serial interface, and then add the IP address with ip address 172.16.0.1 255.255.0.0. E. Type clock rate 64000, and then no shutdown to set clock rate and enable the interface. Use CTRL-Z to exit the configuration. 2. On the 2600-2 router, configure an IP address on Fa0/0. On Serial 0/0, set an IP address and configure clock rate. Enable both interfaces. A. Click the eRouters button and choose 2600-2. B. Go to Privilege EXEC mode and type configure terminal, and then interface fastethernet0/0 to enter Interface Configuration mode. C. Set the IP address and enable the interface by typing ip address 192.168.2.1 255.255.255.0 and then no shutdown. D. Type interface serial0/0 to enter Interface Configuration mode for the serial interface, and then add the IP address with ip address 172.16.0.254 255.255.0.0. E. Type no shutdown to enable the interface. Use CTRL-Z to exit the configuration. 3. On the 2600-2 router, verify the connectivity between the two routers and view the route table. A. Click the eRouters button and choose 2600-2. B. Go to Privilege EXEC mode and type ping 172.16.0.1. The ping should return five exclamation marks (!). C. View the route table by typing show ip route. Notice the two route entries, all with the “C” code meaning directly connected routes.

Configuration Fundamentals

329

Note: We did not go over all the basic commands required for an initial configuration—telnet lines, console settings, passwords, and so on—because they are the same as on the switch.

Configure Routing Basic configurations aside, let’s not forget that the main purpose of a router is routing. Therefore, it makes sense that, at some point, you’ll need to configure routing settings. In Chapter 5, we covered some of the basics of routing logic and protocols, and how the route table is used to determine which route for a given packet is best. Basically speaking, routing tables can be updated in three ways—through directly connected routes, through statically added routes, or by routes learned through the use of a dynamic routing protocol.

Directly Connected Routes The first routes you’ll add to your router table without even knowing you’re doing it. Connected routes are added to the route table for every interface with a correctly configured IP address and subnet mask. In other words, as soon as you add an IP address and subnet mask to an interface, along with the no shutdown command (to enable it), the router adds an entry to its route table for that network. For example, consider the network in Figure 10-4. RTR3 will automatically route packets between the three networks it knows about—172.18.1.0/24, 172.19.1.0/24, and 172.21.1.0/24. These routes are added to the route table as soon as the interface is enabled with the appropriate IP address and subnet mask. As a matter of fact, if your network consists of only one router and is an independent entity—not connected to the Internet or other LAN across a WAN link, there is no need to do anything else: the router will happily move packets between the directly connected networks without any other intervention. This is, however, not common, and other routes are generally needed for proper functioning.

Static Routes The next method used to add routes to a table is static routing. Exactly what it sounds like, static routing basically has the administrator manually define routes using the CLI. The benefit is lower CPU cycles and processing power on the router. The disadvantage, of course, is that any change on the network (a link going down, and so on) must be manually updated on the router, otherwise packets will be misdirected.

330

Chapter 10:

Cisco Router Configuration

172.16.1.0 /24

FIGURE 10-4

A sample network

FastEthernet 0/0 172.16.1.1 Serial 0/0/1 172.17.1.1 24 0/ 17 2.1 7.1 .

Serial 0/1/0 172.18.1.254

4 /2

RTR2

.0 .1 18 2. 17

Serial 0/0/1 172.17.1.254

Serial 0/1/0 172.18.1.1

RTR1

172.19.1.0 /24

RTR3

FastEthernet 0/0 172.20.1.1 Serial 0/1/0 172.19.1.1

172.20.1.0 /24

FastEthernet 0/0 172.21.1.1

Serial 0/0/1 172.19.1.254

172.21.1.0 /24

In Figure 10-5, a packet received by RTR3 intended for 172.16.1.5 would be dropped: The router would compare the destination address to the routing table and, finding no match, discard the packet. To ensure this packet reaches the end destination, you could add a static route to RTR3’s table, telling it to which interface it should forward the packet. Simply allow RTR3 to route the packet to 172.16.1.5 by providing the destination network ID and subnet mask, and the next hop address; the next hop address is the IP address of the destination router point along the pathway to the end destination. To add a static route, use the ip route network_address subnet_mask Next_hop_address command. For example, to allow RTR3 to route packets to the 172.16.1.0 network, use the Global Configuration command ip route 172.16.1.0 255.255.255.0 172.18.1.1. This command basically tells RTR3, “If you receive a packet with a destination IP address in the 172.16.1.0/24 range, send it out interface S0/1/0 to the next hop 172.18.1.1; that router knows where the network resides.” Because the next hop address is in the same address range as the Serial 0/1/0 interface on RTR3, the router knows to send it through that interface to the “1.1” address.

Configuration Fundamentals

FIGURE 10-5

Rest of the network

A default route sample

S0/0 S0/1 172.19.1.1

RTR1

S0/1 172.17.1.1

S0/0 172.17.1.254

S0/1 172.19.1.254

RTR3

Fa0/0

172.18.1.0

CertCam

331

Fa0/0

RTR2

172.16.1.0

A multimedia demonstration on static route configuration can be found on the CD accompanying this book.

Be sure you are very, very familiar with the syntax for adding a static route. Keep in mind that you do not need to know every router port along the path— you only need the address of the next hop. Another thing to watch for is to make sure the next hop address is in the same subnet as the interface on your router (it must

be in the same subnet for your router to ARP for it). Lastly, don’t forget that if you use static routing for your network, you’ll have to ensure that the static routes are added appropriately to every router. In other words, in a scenario/troubleshooting situation, verify that the route is added to each router along the pathway!

A last note worth mentioning with static routes regards administrative distance (AD). In Chapter 6, we learned that administrative distance is used by routers to make a determination as to which route is best. In other words, if the same route is learned by RIP and OSPF, the router will use the route learned from OSPF since its administrative distance is lower. The administrative distance of static routes is 1,

332

Chapter 10:

Cisco Router Configuration

which is the lowest AD—except for directly connected routes. Therefore, if a static route is configured, it will always be used in lieu of any route learned—no matter which protocol it learns it from. The only exception to this rule (a statically defined route being chosen before any learned route) is a backup static route. A backup static route is created by an administrator in the event that a learned route fails: A static route is added to the table as a backup should the RIP, OSPF, or other routing protocol–learned route fail. The backup route should only be used if the learned route fails. However, by default, a statically added route is always used first. To work around this, administrators can manually define the administrative distance of the static route by simply adding the AD to the end of the command. For example, assume the route table is updated with an OSPF learned route to 192.168.1.0, and the administrator wishes to configure a backup route. The administrative distance of OSPF is 110, so to create a backup route, only to be used in the event the OSPF route fails, the administrator must ensure the static route has an AD larger than 110. To accomplish this, the command ip route 192.168.1.0 255.255.255.0 172.16.1.1 150 would create a backup route to the next hop address of 172.16.1.1 with an AD of 150. Because this is larger than the OSPF AD of 110, the backup route to 192.168.1.0 will never be used, unless the OSPF route fails.

You can change the administrative distance on any static route by simply adding it to the end of the command. Sometimes a static route is configured to be used should the learned route fail.This process—a backup static route—is created

by changing the AD for the static route to something higher than the routing protocol in use. For instance, to create a backup static route with an AD of 200, the command would look like this: ip route network_ id subnet_mask next_hop 200.

Default Routes Another common static route added to the table is the default route. Default routes are created to provide a route for all packets that do not match any other route listed in the table. In other words, a default route basically says to the router, “If you receive a packet with a destination address not listed anywhere else in the route table, send it here.” For example, suppose your router sits on the edge, forwarding packets from one network to

Configuration Fundamentals

333

the rest of the world and back. A default route would be all you needed to add to the configuration, telling the router, “Send all outgoing packets through this interface.” A default route is manually added to the route table using the ip route 0.0.0.0 0.0.0.0 next_hop_address command, with the zeroes acting as wildcard characters. To see this in action, consider the network displayed in Figure 10-5. Static routes for each subnet throughout the rest of the enterprise network could be configured individually on RTR2 and RTR3, but if the rest of the enterprise network is large, containing many hundreds of subnets, this could quickly become an overwhelming and daunting task. Instead, a single default route could be used on each router to accomplish the same purpose. On RTR2, the default route added would be ip route 0.0.0.0 0.0.0.0 172.17.1.1 while RTR3 would use ip route 0.0.0.0 0.0.0.0 172.19.1.1.

Remember that a packet received by a router destined for a network that is not in the router’s route table will be discarded.The default route provides a route for all unknown destination networks

with one single command.Typically, this is most often seen on border routers or SOHO installations with one interface to the Internet, but you may encounter this in many scenario questions on the exam.

EXERCISE 10-2 Static Route Configuration This exercise calls for you to add static routes to your routers. Use the router simulator included on the CD-ROM, or use a real Cisco router. You can find a picture of the network diagram for the simulator in the Introduction to this book. Access the simulator and click the Lab Navigator button. Double-click Exercise 10-2, click the Load Lab button, and then the OK button. This will load a basic configuration on devices in the network topology, including IP addresses on the host PCs. 1. On the 2600-1 router, add a static route to the Ethernet network on the far end of the 2600-2 router. Verify the route table. A. Click the eRouters button and choose 2600-1. B. Go to Privilege EXEC mode and type configure terminal, and then ip route 192.168.2.0 255.255.255.0 172.16.0.254. This adds a static route to 192.168.2.0 through the next hop address (serial 0/0 on the 2600-2 router).

334

Chapter 10:

Cisco Router Configuration

C. Check the route table with show ip route and notice the new static route entry. 2. On the 2600-2 router, add a static route to the Ethernet network on the far end of the 2600-1 router. Verify the route table. A. Click the eRouters button and choose 2600-2. B. Go to Privilege EXEC mode and type configure terminal, and then ip route 192.168.1.0 255.255.255.0 172.16.0.1. This adds a static route to 192.168.1.0 through the next hop address (serial 0/0 on the 2600-1 router). C. Check the route table with show ip route and notice the new static route entry.

Dynamic Routing While static routing is relatively simple, it is not the preferred choice for populating the route table. Dynamic routing, using routing protocols to automatically discover, learn, and advertise routes, is a much better choice for most enterprise/business networks. Instead of manually configuring routes using the ip route command, you simply enable routing using a dynamic routing protocol. After just a few configuration options alongside, the router will automatically learn new routes and, perhaps even more importantly, update any changes in the network without your intervention. The router will then share the information in its route table with other routers with a route update. Route updates are sent to all routers in the network with either a broadcast or a multicast message, depending on the routing protocol specified. In Chapter 6, we introduced routing protocols, and covered some of the basics involved with them; however, you’ll need to know a few more things about them in order to succeed on the exam, as well as move forward toward actual configuration. For review purposes, routing protocols are categorized by a number of different functions and terms. As covered in Chapter 6, distance vector protocols (such as RIP) use only the hop count as a metric, whereas link state (and hybrid) protocols can use a variety of different metrics to determine the best route. Routing protocols are also classified as classful (only recognizing the class of an address) or classless (providing subnet mask information with each update and capable of VLSM), and are classed, too, by how they advertise routes and how quickly they can converge. Lastly, a final comparison point with routing protocols has to do with something known as summarization.

Configuration Fundamentals

335

To determine the best path, routers compare the destination address of the packet to a route table. The prefix with the longest match is elected and the packet is sent merrily along its way. Obviously, the longer the route table, the longer it takes to make a match. Therefore, it is in your best interest to keep the route table as short as possible. The method for doing this is known as summarization. Route summarization is a process where multiple routes can be expressed within a single route table entry, and can be automatic or manual. Autosummarization, obviously, advertises summarized routes automatically—in most cases, summarizing on a classful boundary. Manual summarization, usually the preferred choice, lets the administrator decide which summarized routes are advertised and which are not. Along with the comparisons just mentioned and the categories of Distance Vector and Link State, dynamic routing protocols are also classified by how they work in regards to an autonomous system (AS). An autonomous system is a network under a single administrative control. For example, your local school system probably has its own autonomous system, comprised of many LANs strewn about multiple locations. Other autonomous system examples can be business, governmental (such as your state), or even charity internetworks. Routing protocols can be designed and configured to work inside a single AS, or to connect multiple autonomous systems together. A routing protocol working inside a single AS is known as an Interior Gateway Protocol (IGP). A routing protocol used between autonomous systems is called an Exterior Gateway Protocol (EGP). Autonomous systems are assigned a number, called the ASN (autonomous system number), from ICANN (Internet Corporation for Assigned Network Numbers). ASNs are basically controlled and allocated much like public IP address space, ensuring each AS has a unique number, and range in value from 1 through 64,511. The main reason for this has to do with looping. BGP is smart enough, using the ASNs, to ensure a packet does not pass through an AS more than twice. Most routing protocols are IGPs. In fact, there is only one routing protocol that falls in the EGP category. Border Gateway Protocol (BGP) is the only routing protocol that can recognize multiple AS numbers and route between them. All other routing protocols—RIP, RIPv2, EIGRP, IGRP, IS-IS, and OSPF—only work within one AS and are, therefore, categorized as IGPs.

336

Chapter 10:

Cisco Router Configuration

You need to know what an autonomous system is, as well as which category a particular routing protocol falls into (IGP or EGP). Just remember BGP is the only EGP—all others are IGPs.

Additionally, you’ll need to be able to identify how each one works: RIP, RIPv2, and IGRP are distance vector; OSPF and IS-IS are link state; and EIGRP is a “hybrid.”

CERTIFICATION OBJECTIVE 10.03

Routing Configuration After all this hullabaloo, you may find this section to be a little disappointing. Honestly speaking, the build-up for dynamic routing seems a bit over the top—like the hype preceding the latest “monster attacking New York” movie. In reality, though, after everything is said and done, the actual configuration is relatively easy. While we could spend a lot of time showing you every nuance of configuring all the various routing protocols discussed so far, only one of them—RIPv2—is covered in any depth on the exam. So, in this section, we’ll show you how to configure RIPv2, as well as how to set up a basic Internet Access Router. The only routing protocol configuration covered in this section is RIPv2: not because it’s the best protocol on Earth, but mainly because it’s the only protocol you’ll see on the exam. You need not waste valuable neurons memorizing other protocols while studying for the CCENT exam: you’ll need those neurons to keep up with the scintillating plotlines in the movie. However, we do encourage you to check out the other protocols available— especially after your exam is over. Your business network might use RIPv2, but others are much more common. Take the time to experiment and see which one you like—all the while you’ll be learning new things and studying for your ICND2 exam!

Routing Configuration

337

Configuring RIPv2 RIPv2 is a simple distance-vector routing protocol used extensively in smaller networks. It combines the simplicity of an RIP configuration with some of the benefits of more “grown up” protocols. While RIP sends route updates via broadcast messages, it has no VLSM support and cannot perform summarization. RIPv2, on the other hand, sends updates out multicast, supports VLSM (sending subnet mask information with each route update), and can perform manual or auto summarization. It does, however, retain a few of the drawbacks RIP is known for—namely, it still relies on the hop count as its lone metric and is slow to converge. Configuring RIPv2 is a simple process. First, after ensuring all interfaces have the appropriate IP address and subnet mask assigned, issue the router rip Global Configuration command. This tells the router you want to enable RIP as the routing protocol, and returns a prompt showing you are in Routing Configuration mode— the prompt will appear as RTR(config-router)#. Next, issue the version 2 command, which tells the router you wish to use version 2 of the protocol. Finally, tell the router which networks to enable RIP for by issuing the network network_id command. While RIPv2 is generally considered a classless protocol, the network ID is always entered as a classful entry. For example, suppose you subnetted the 172.16.0.0 Class B address space, and assigned 172.16.1.1/24 to one interface and 172.16.2.1/24 to another. The network command issued for RIPv2 would be RTR(config-router)# network 172.16.0.0. Routing updates would automatically be enabled for both interfaces. If you don’t want an interface to provide or receive route updates, you can stop route updates on the interface using the passive-interface interfacetype_# command. For clarification, take a peek at Figure 10-6. In this small network, we’ve decided to implement RIPv2 on our routers, and the following configuration would be placed on RTR2: RTR1# configure terminal RTR1# router rip RTR1(config-router)# version 2 RTR1(config-router)# network 192.168.1.0 RTR1(config-router)# network 172.16.0.0 RTR1(config-router)# CTRL-Z

Notice the configuration only has two entries, even though there are actually three subnets on the router—192.168.1.0, 172.16.1.0, and 172.16.2.0. Remember that RIPv2 only accepts network entries on a classful basis. The route updates from

338

Chapter 10:

Cisco Router Configuration

FIGURE 10-6

Rest of the network

An RIPv2 network

Fa0/0 S0/0 192.168.1.1

RTR1

S0/1 192.168.2.1

S0/0 192.168.2.254

S0/0 192.168.1.254 Fa0/1 172.16.1.1 RTR2

Fa0/1 172.16.2.1

RTR2

this router will include the networks with the subnet masks, but your configuration only needs the classful entries. In fact, if you enter the individual subnet IDs, only the classful portion will “stick.” With these few simple lines, we successfully configure the router to use RIPv2.

You will definitely need to know how to configure RIPv2 on a router. Thankfully, it’s very easy, has only a couple of commands to remember, and shouldn’t be too difficult. Just remember that the

network commands are classful only—

even if you enter one that is not classful, the IOS will store it as classful. If you wish to disable route updates on an interface, use the passive-interface command.

Verifying RIPv2 After configuring RIP (or any routing protocol, for that matter), several commands can be used to verify that it’s working properly. First, you can verify the route table with the show ip route command. A sample output is listed next: classRTR1#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

Routing Configuration

339

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 2 subnets C 172.16.1.0 is directly connected, FastEthernet0/0 R 172.16.2.0 [120/1] via 172.16.3.254, 00:00:17, Serial0/0 C 172.16.3.0 is directly connected, Serial0/0 10.0.0.0/24 is subnetted, 3 subnets C 10.0.1.0 is directly connected, Serial0/1 S 10.0.2.0 [1/0] via 10.0.1.254

Notice the route table displays how the route was learned, using a simple code (“C” for connected, “S” for static, and “R” for RIP). Route table entries also show the next hop address, the outgoing interface, and the subnet mask for the route. Lastly, entries also display the administrative distance and metric for the route. In the second entry, the administrative distance and metric (hop count) is displayed in brackets—120 is the administrative distance for RIP routes, and 1 is the hop count to get to that network. Other commands for displaying the route table include show ip route rip and show ip route network_id. Both commands display more detailed information from the table—the first shows only routes learned via RIP, while the second shows detailed information about the network ID in question. Samples of both commands are shown in the following: classRTR1#show ip route rip 172.16.0.0/24 is subnetted, 2 subnets R 172.16.2.0 [120/1] via 172.16.3.254, 00:00:17, Serial0/0 classRTR1#show ip route 172.16.2.0 Routing entry for 172.16.1.0/24 Known via "rip", distance 120, metric 1 Redistributing via rip Last update from 172.16.3.254 on Serial0/0, 00:00:17 ago

Know how to interpret the information displayed in the route table, paying particular attention to how the route was learned, the administrative distance, the metric, and the next hop address. You’ll not only need to answer explicit questions

about it, but you’ll also need to apply the knowledge in a troubleshooting scenario. Also, be sure you’re familiar with the show ip route rip and show ip route network_id commands.

340

Chapter 10:

Cisco Router Configuration

Other commands for verifying RIP operation include the show ip protocols and debug ip rip commands. show ip protocols displays the details of all the routing protocols running on the router. The debug command, on the other hand, shows RIP messages sent and received from the router, as they occur in real time. Sample outputs from both appear in the following: classRTR# show ip protocols Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2 Interface Send Recv FastEthernet 0/0 2 2 Serial 0/0 2 2 <<<>>> ! The line below shows all the networks RIP is routing for. In effect, all the ! network statements you added Routing for Networks: 172.16.0.0 192.168.1.0 ! The lines below show all the neighbor routers sending updates to this ! router, as well as when they last sent an update. Routing Information Sources: Gateway Distance Last Update 172.16.0.254 120 00:00:22

So much of the information in this output needs to be explored. First, the third line of this truncated output shows how often updates are sent and when the next is due (in our case, 30 seconds and 22 seconds, respectively). Secondly, the output displays the protocol type and (perhaps more importantly here) the version number of the updates being sent. Under the line, “Default version control:…,” the Send

Make sure to familiarize yourself with the output of the show ip protocols command, as well as use of

the debug ip rip command. You will definitely be asked to interpret the output.

Routing Configuration

341

column displays a “2,” letting us know the route is sending RIPv2 updates. If we had forgotten to enter the version 2 command while configuring the router earlier, the Send column would display a 1. Keep in mind that RIPv2 is a different routing protocol than RIPv1, so updates from version 2 would not be received by regular RIP routers. Finally, the display shows the networks being routed, as well as the neighboring routers sending updates to this router. Debug outputs will show both sent and received route updates for RIP. The truncated sample output provided here displays an example of a sent—and then a received—RIPv2 update: classRTR# debug ip rip ! A sent update listing: * Jan 22 09:05:02.331: RIP: sending v2 update to 224.0.0.9 via Serial0/0 (172.16.0.1) * Jan 22 09:05:02.331: RIP: build update entries * Jan 22 09:05:02.331: 192.168.1.0/24 via 0.0.0.0, metric 2, tag 0 ! A received update listing: * Jan 22 09:22:02.751: RIP: received v2 updates from 172.16.0.254 via Serial0/0 * Jan 22 09:05:02.751: 192.168.2.0/24 via 0.0.0.0 in 1 hop classRTR# undebug all All possible debugging has been turned off

Note the sent update listing shows a multicast address (224.0.0.9) as the destination for the update—remember, RIPv2 sends updates multicast instead of broadcast. Also, notice these updates include a /24—RIPv2 sends the subnet mask with its update. Lastly, always turn off debugging with the undebug all or no debug parameter commands when you’re done examining the output. CertCam

A multimedia demonstration of RIPv2 configuration options can be found on the CD accompanying this book.

EXERCISE 10-3 Configuring RIP You’ll perform this lab using Boson’s NetSim simulator. In this exercise, you will configure RIPv2 on two routers and verify the route table. You can find a picture of the network diagram for Boson’s NetSim simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 10-3 and click the Load Lab button. 1. Remove the static route entries on the 2600-1 router and enable RIPv2. A. At the top of the simulator in the menu bar, click the eRouters icon and choose 2600-1.

342

Chapter 10:

Cisco Router Configuration

B. Go to Privilege EXEC mode and type configure terminal, followed by no ip route 192.168.2.0 255.255.255.0 172.16.0.254. C. Enable RIP by typing router rip. D. Enable version 2 by typing the version 2 command. E. Add the appropriate networks to the route by typing network 192.168.1.0 and network 172.16.0.0. 2. Remove the static route entries on the 2600-2 router and enable RIPv2. A. At the top of the simulator in the menu bar, click the eRouters icon and choose 2600-2. B. Go to Privilege EXEC mode and type configure terminal, and then no ip route 192.168.1.1 255.255.255.0 172.16.0.1. C. Enable RIP by typing router rip. D. Enable version 2 by typing the version 2 command. E. Add the appropriate networks to the route by typing network 192.168.2.0 and network 172.16.0.0. 3. Verify RIP on the routers. A. On both routers, use the show ip route command to see the routes learned via RIP. B. Use show ip protocols to verify that version 2 is running. C. Turn on debug ip rip to view the route updates sent and received. D. Type undebug all when finished (to stop debug).

Configuring an Internet Access Router While many routers are used in an enterprise network, connecting several subnets together and requiring the use of some kind of routing protocol, some routers are used solely for providing access to the Internet. With the advent of DSL and cable modems, higher-speed access, at much cheaper rates, became readily available for SOHOs and branch offices (other WAN choices for connecting LANs are covered in Chapter 11). In these instances, an integrated services router is used to provide Internet access.

Routing Configuration

343

So which one is better—cable or DSL? The answer is, “it depends.” Both technologies provide “always on” Internet access and great access speeds. Cable modems generally can provide access from longer distances and have higher data rates, but your connection is always shared. (Because it’s basically a bus network, your throughput will change depending on how many other customers are connecting at the same time.) DSL has a distance restriction (you must be within 18,000 feet of the telco devices), but provides a more guaranteed bandwidth service. Configuring the Internet Access Router is relatively easy and—much like the other routers discussed so far—can be configured using a variety of different methods. You can console in and follow CLI commands, much like we’ve done up to this point, or you can use SDM to configure the device over a web interface. Regardless of the method, the steps for configuring it are the same: 1. Determine the private address range you want to use inside your network. 2. Set up the external interface to use DHCP (most ISPs require your external interface to use DHCP). 3. Configure Port Address Translation (PAT) on the router, allowing your private IP clients to use the Internet. 4. Configure DHCP on the router in order to service your internal clients from the internal-facing Ethernet interface.

It’s extremely important for you to know the technologies used on an Internet Access Router, as well as which interfaces are used for specific DHCP roles. PAT allows internal clients, using private addressing, access to the public Internet, and is not applied to any

interface, per se: interfaces are defined within PAT as internal or external, but PAT is configured globally. The DHCP client is applied to the external interface, while the DHCP server is applied to the internally facing interface.

344

Chapter 10:

Cisco Router Configuration

For the remainder of this section, we’ll discuss configuring the Internet Access Router with SDM, instead of the CLI, for two reasons: first, you’ve already seen the CLI and can maneuver the commands necessary with little problem; and second, SDM is covered on the exam and you’ll need to know how to use it to configure the device. Refer to Figure 10-7 during the rest of this section. For SDM to work, you’ll need to establish connectivity between your laptop and the router itself. To do this, first determine which private address range you wish to use. For example, you may decide to use the 10.0.0.0/8 network, or a subnet like 10.1.1.0/24. In any case, make sure the router interface facing inside your network is assigned an address within the private address range you choose. Additionally, be sure the laptop slated for configuration has an address in the same range. For example, suppose you chose the 10.1.1.0/24 subnet as your range in Figure 10-7. You could assign 10.1.1.1 on FastEthernet 0/0, and 10.1.1.5 on the laptop. Now that you have connectivity between the laptop and the router over the Ethernet network, simply type the IP address of the router port in the address bar of your browser. If SDM is installed, you’ll receive a browser page (after logging in) that looks much like Figure 10-8. From the SDM home page, the rest of the configuration is a breeze.

FIGURE 10-7

Internet

An Internet Access Router RG6 Cable Both Interfaces are in the same subnet

Cable Modem

Fa 0/1

Fa 0/0

Laptop for configuring SDM (must have an IP address in same subnet as the router interface)

UTP Cable to Fast Ethernet Interfaces

Routing Configuration

345

FIGURE 10-8

The SDM home page

If SDM is not installed on your router (or switch), you can easily install it by going to www.cisco.com. Simply go to the SDM section on the site, download the appropriate files (if necessary), and follow the installation instructions. From the home page, click the Configure menu button at the top left of the page. On the page that now appears (Figure 10-9), click the Interfaces And Connections button on the left pane. A screen will appear showing interfaces available for configuration and a small picture of how the network looks on the right side of the screen. Choose the Ethernet (PPPoE or Unencapsulated Routing) radio button, and click the Create New Connection button at the bottom. This will open a WAN Wizard screen to take

346

Chapter 10:

Cisco Router Configuration

FIGURE 10-9

The SDM configuration screen

you, step by step, through the configuration. After clicking Next to start the wizard, perform the following steps: 1. If your ISP uses PPPoE, check the Enable PPPoE Encapsulation radio button. If not, leave it unchecked and click Next. 2. Configure the external Fast Ethernet interface to use DHCP by clicking the Dynamic (DHCP) Client, and then clicking Next. (Note: SDM automatically gives you the external facing interface because we already configured an address on the internal facing interface.) 3. On the next page, click the Port Address Translation check box, ensuring the internal interface is shown in the LAN Interface To Be Translated drop box. (By default, it should be already since SDM is smart enough to know the external interface will be the outside one in PAT.) 4. After clicking Next, a summary page appears. Click Finish to complete this step.

Routing Configuration

347

The last step in configuring the Internet Access Router is setting up DHCP for your internal clients. Just as with the other configuration options, this is a simple step-by-step process: 1. Click the Firewall and ACL button in the left pane of the Configuration page, highlight the DHCP Pools selection just to the right, and click the Add… button at the top right of the screen. The Add DHCP Pool window appears. 2. Type in the network ID and subnet mask that matches what was assigned to the internal interface. In the DHCP Pool section, type in the beginning and ending address to hand out within the range. 3. Make sure the User Defined radio button is selected and type in the lease time you prefer. 4. In the DHCP Options area, type in the DNS and WINS server information, if necessary, as well as the default gateway address (which will be the address of the router port). Click OK. DHCP is now configured on the router. To test its functionality, use ipconfig / release and ipconfig /renew on an internal client to see if the address is pulled correctly. You can verify PAT is functioning by simply opening a web browser and surfing to an Internet web site. If all goes well, PAT is working as designed.

Make sure you know how to set up an Internet Access Router using SDM. The configuration is very easy, but you should still practice as much as

possible before the exam. You’ll most likely encounter this as a simulation question.

For more information on both of these functions, use the show dhcp binding and show ip nat translations commands. The show dhcp binding command displays the IP addresses handed out by the DHCP service running on the router. The show ip nat translations command displays all the NAT translations performed by PAT. You can clear all NAT translations by issuing

348

Chapter 10:

Cisco Router Configuration

the clear ip nat translation * command. A sample output from these commands is displayed in the following: CCENTRTR1# show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/Hardware address/User Name Lease Expiration Type 192.168.1.100 0001.aa12.b345.2d Jan 22 2008 09:22 AM Auto 192.168.1.101 0aa1.3412.cb98.2c Jan 22 2008 09:22 AM Auto CCENTRTR1# show ip nat translations Pro Inside global Inside local Outside local Outside Global tcp 74.22.54.67:35432 192.168.1.100:35432 172.16.1.200:53 172.16.1.200:53 CCENTRTR1# clear ip nat translation * CCENTRTR1# show ip nat translations CCENTRTR1#

Note: The word “translation” in the clear ip nat translation * command is NOT plural. You may see a distracter on the exam showing it incorrectly: clear ip nat translations *. The extra “s” on the end is not necessary here, even though you do see it on the show ip nat translations command.

INSIDE THE EXAM First Steps Make sure you review the key differences between routers and switches, both physically and configuration-wise, before the exam. When faced with these questions, a healthy dose of common sense will usually see you through. Be sure you know the terms DTE, DCE CSU/DSU, and leased line, as well as the commands bandwidth and clock rate speed. The default encapsulation on a point-to-point serial connection is HDLC, but it can be changed to anything you wish using the encapsulation type command. Lastly, make sure to review the physical

installation information. You may see a question or two that asks you to identify cable types, pinouts, and interface types within a network diagram. Always remember that powering on the router is the last step.

Configuration Fundamentals It will prove much easier for you to remember CLI differences between a switch and a router. Remember, differences basically come down to the questions asked by setup. If you drop to the command line for configuration, similarities include how to move around in the CLI, setting passwords, configuring telnet, SSH and

Routing Configuration

349

INSIDE THE EXAM console connection parameters, the methods for copying and saving configuration files, and how to update the IOS. Knowing the show ip route command, and understanding administrative distance in regards to the various route types (static, connected and dynamically learned), is an absolute necessity for you in taking this exam. Remember connected routes are automatically part of the route table, while static and dynamic are added or learned, respectively, based on your configuration and the router’s placement within the network. Static routing results in lower CPU cycles and processing power on the router but any change on the network (a link going down, and so on) must be manually updated. The proper syntax for adding a static route is ip route network_address subnet_mask Next_ hop_address. If a static route is configured, it will always be used in lieu of any route learned, no matter which protocol it learns it from—the administrative distance of a static route is 1. Default routes provide a route for all packets that do not match any other route listed in the table and are added using the ip route 0.0.0.0 0.0.0.0 next_hop_ address command, with the zeroes acting as wildcard characters. Review the terms involving summarization (route summarization, autosummarization, and manual summarization) as well as autonomous system and the two different categories of routing protocols: IGP and EGP.

Remember, the only EGP is Border Gateway Protocol (BGP).

Routing Configuration Make sure you know the key, defining elements of RIPv2 before the exam starts. The configuration is easy enough, using only the router rip , version 2, and network network_id commands. Remember the network commands are always classful; even if you enter the individual subnet IDs, only the classful portion will “stick.” Assuming you do not want an interface to provide—or receive—route updates, however, you can stop route updates on the interface using the passiveinterface interfacetype_# command. Verification for RIP includes the show ip route, show ip route rip, and show ip route network_id commands. Lastly, be sure to review the steps for configuring an Internet Access Router using SDM. The screens are fairly self-explanatory, but be sure you not only know what to click when configuring the interfaces, DHCP and PAT, but also why you are configuring it. To verify DHCP and PAT, use the show dhcp binding and show ip nat translations commands. Additionally, you can verify DHCP by using ipconfig /release and ipconfig / renew on an internal client to see if the address is pulled correctly. You can also verify that PAT is functioning by simply opening a web browser and surfing to an Internet web site.

350

Chapter 10:

Cisco Router Configuration

CERTIFICATION SUMMARY Routers typically have four different types of ports on the back: The Console port, an Auxiliary port, Ethernet ports, and any number of different serial ports. The Ethernet and serial ports are the ones to focus on for the exam, and the only two you can assign IP addresses to. Each individual port represents an entirely unique LAN, and must have an address within that subnet’s range. While “regular” 10-Mbps Ethernet ports are accessed by the interface ethernet # command (where # is the port’s number), Fast Ethernet ports are accessed by interface fastethernet #/#, and gigabit ports are accessed by the interface gigabitethernet #/# command. Serial interfaces are used to provide access to WAN links for your network. (HDLC is the default frame type on serial point-to-point links, and the frame type must be the same on both ends for communication to work.) The clock rate command is only assigned at the DCE end (placing it on both ends will not work), and the DCE end of the cable must be attached to the interface providing clocking. The device on serial point-to-point connections providing the clock signal is known as a CSU/DSU, while the device receiving the clock signal (usually a router) is known as a DTE (data terminal equipment). You must attach the DCE end of a serial cable to the serial interface running the clock rate command, otherwise the connection will not work. If you can’t remember which end of the connection is the DCE, issue the show controllers command. The bandwidth speed(kbps) command does not affect the actual transmitting speed of the interface at all and is used by certain routing protocols (EIGRP and OSPF) to calculate best routes. The IOS, CLI, and memory locations are all virtually identical from a switch to a router. Routers store configuration files and IOS images exactly like switches (in NVRAM and Flash, respectively), and use the same commands and techniques to copy and store them. The CLI modes (User, Privileged, Global Configuration, and so on) and the methods in which you move around in them also work the same on routers. Rules regarding setting passwords, configuring telnet, SSH and console connection parameters, all methods for copying and saving configuration files, and methods for updating the IOS apply to routers just as they did with switches. The router CLI differs in the questions asked during setup, the configuration of IP addresses, the interface options available, and some of the commands available.

Certification Summary

351

Typically, UTP cables are used between end systems and the switch, as well as from the switch to the router, with standard RJ45 connectors. The CSU/DSU usually plugs into the leased line using an RJ48 connector. It looks very much like an RJ45 connector, but has a different pinout. An option for a simple network needing Internet access is an integrated services device. The integrated services device can perform the functions of the modem, provide for routing of packets into and out of the network, and even include a switch on the backside for access ports. Some integrated devices even include VoIP functions, act as a wireless access point, and provide for encryption. To install a router—in any case—connect all cables and turn on the router last. Routing tables can be updated in three ways: with directly connected routes, statically added routes, or routes learned through a dynamic routing protocol. Connected routes are added to the route table for every interface with a correctly configured IP address and subnet mask (along with the no shutdown command). Static has the administrator manually define routes using the ip route network_address subnet_mask Next_hop_address command. The administrative distance of static routes is 1, which is the lowest AD—except for directly connected routes. Therefore, if a static route is configured, it will always be used in lieu of any route learned—no matter which protocol it learns it from. You can change the administrative distance on any static route using the ip route network_id subnet_mask next_hop AdministrativeDistance. Default routes are created to provide a route for all packets that do not match any other route listed in the table. A default route is manually added to the route table using the ip route 0.0.0.0 0.0.0.0 next_hop_address command, with the zeroes acting as wildcard characters. Routing protocols are categorized according to a number of different functions and terms. Distance-vector protocols (such as RIP) use only the hop count as a metric, whereas link state (and hybrid) protocols can employ a variety of different metrics to determine the best route. Routing protocols are also categorized as classful (only recognizing the class of an address) or classless (providing subnet mask information with each update, and capable of VLSM), and are classed, too, by how they advertise routes and how quickly they can converge. In an effort to keep the route table as short as possible, the route summarization process is used where multiple routes can be expressed within a single route table entry, and can be automatic or manual. Autosummarization, just as it sounds, advertises summarized routes automatically—in most cases, summarizing on a classful boundary. Manual summarization, usually

352

Chapter 10:

Cisco Router Configuration

the preferred choice, lets the administrator decide which summarized routes are advertised and which are not. Dynamic routing protocols are also classified by how they work in regards to an autonomous system (AS). An autonomous system is a network under a single administrative control. Routing protocols can be designed and configured to work inside a single AS, or to connect multiple autonomous systems together. A routing protocol working inside a single AS is known as an Interior Gateway Protocol (IGP). A routing protocol used between autonomous systems is called an Exterior Gateway Protocol (EGP). RIP is a simple distance-vector routing protocol that sends route updates via broadcast messages, has no VLSM support, and cannot perform summarization. A better choice, RIPv2 sends updates out multicast, supports VLSM (sending subnet mask information with each route update), and can perform manual or auto summarization. To configure RIPv2, make sure all interfaces have the appropriate IP address and subnet mask assigned, and issue the router rip Global Configuration command. Next, issue the version 2 command, and tell the router which networks to enable RIP for by issuing the network network_id command. (The network ID is always entered as a classful entry. If you enter the individual subnet IDs, only the classful portion will “stick.”) If you do not want an interface to provide or receive route updates, you can stop route updates on the interface using the passive-interface interfacetype_# command. To verify configuration, check the route table with the show ip route command. The route table displays how the route was learned, using a simple code (“C” for connected, “S” for static, and “R” for RIP), the next hop address, outgoing interface, and subnet mask for the route as well as the administrative distance and metric (in brackets). Other commands for displaying the route table include show ip route rip and show ip route network_id. Configuring an Internet Access Router with SDM is a simple process, involving several steps. Determine the private address range you want to use inside your network, set up the external interface to use DHCP (most ISPs require your external interface to use DHCP), configure Port Address Translation (PAT) on the router, letting your private IP clients use the Internet, and configure DHCP on the router, in order to service your internal clients from the internal-facing Ethernet interface. To access SDM, type the IP address of the router port in the address bar of your browser. From the home page, click the Configure menu button at the top left of the page. On the page that now appears (Figure 10-9), click the Interfaces And Connections button on the left pane. Choose the Ethernet (PPPoE or Unencapsulated Routing) radio button, and click the Create New Connection button at the bottom.

Certification Summary

353

After clicking Next to start the wizard, check the Enable PPPoE Encapsulation radio button if your ISP uses PPPoE. If not, leave it unchecked and click Next. Configure the external Fast Ethernet interface to use DHCP by clicking the Dynamic (DHCP) Client, and then clicking Next. On the next page, click the Port Address Translation check box, making sure the internal interface is shown in the LAN Interface To Be Translated drop box. After clicking Next, a summary page appears. Click Finish to complete this step. The last step in configuring the Internet Access Router is setting up DHCP for your internal clients. First, click the Firewall and ACL button in the left pane of the Configuration page, highlight the DHCP Pools selection just to the right, and click the Add… button at the top right of the screen. Type in the network ID and subnet mask, matching what was assigned to the internal interface. In the DHCP pool section, type in the beginning and ending address to hand out within the range. Make sure the User Defined radio button is selected and type in the lease time you prefer. In the DHCP Options area, type in the DNS and WINS server information, if necessary, as well as the default gateway address (which will be the address of the router port), and then click OK.

354

Chapter 10:

✓

Cisco Router Configuration

TWO-MINUTE DRILL First Steps ❑ Router Ethernet ports service internal networks. Fast Ethernet ports are accessed by interface fastethernet #/#, 10-Mbps Ethernet ports are accessed by the interface ethernet # command (where # is the port’s number), and gigabit ports are accessed by the interface gigabit ethernet #/# command. ❑ Serial interfaces are used to provide access to WAN links for your network.

Some will provide a built-in CSU/DSU feature, while others require a separate device. The encapsulation type on the serial interface must be set using the encapsulation type command. HDLC is the default frame type on point-to-point serial links. ❑ The clock rate command is only assigned on one end (the DCE end) of a

point-to-point serial link. The DCE end of the cable must be attached to the interface with clock rate issued. If you can’t remember which end of the connection is DCE, issue the show controllers command. The bandwidth command does not affect data rate speed at all, but is instead used for metric purposes in certain routing protocols. ❑ The differences in the router CLI when compared to the switch are the ques-

tions asked during setup, the configuration of the IP addresses, the interface options offered, and the various commands available. The IOS, CLI, and memory locations are all virtually identical from a switch to a router: routers store configuration files and IOS images exactly like switches, and use the same commands and techniques to copy and store them, the CLI modes (User, Privileged, Global Configuration, and so on) and the methods in which you move around in them also work the same on routers. ❑ When installing a router, always power it on last, after all connections have

been made.

Configuration Fundamentals ❑ When no configuration file exists in NVRAM, the router defaults to the System

Configuration dialog, also known as Setup mode, just like a switch. The commands to start and end setup (setup and CTRL-C, respectively), as well as the options at the end, are also the same as on a switch.

Two-Minute Drill

355

❑ You can update routing tables in three ways: through directly connected

routes, statically added routes, or routes learned through use of a dynamic routing protocol. ❑ Connected routes are added to the route table for every interface with

a correctly configured IP address and subnet mask—as soon as you add an IP address and subnet mask to an interface, along with the no shutdown command (to enable it), the router adds an entry to its route table for that network. ❑ Static routing has the administrator manually define routes using the ip route network_address subnet_mask Next_hop_address com-

mand. The benefit is lower CPU cycles and processing power on the router. The disadvantage is that any change on the network (a link going down, or something else) must be manually updated on the router, otherwise packets will be misdirected. ❑ The administrative distance of static routes is 1, which is the lowest AD—

except for directly connected routes. Therefore, if a static route is configured, it will always be used in lieu of any route learned—no matter which protocol it learns it from. You can change the administrative distance on any static route with the ip route network_id subnet_mask next_hop administrative_distance command. ❑ Default routes are created to provide a route for all packets that do not match

any other route listed in the table. A default route is manually added to the route table using the ip route 0.0.0.0 0.0.0.0 next_hop_ address command. ❑ Dynamic routing uses routing protocols to automatically discover, learn, and advertise routes. Instead of manually configuring routes using the ip route

command, you simply enable routing using a dynamic routing protocol. The router will then share the information in its route table with other routers with a route update, which is sent to all routers in the network with either a broadcast or a multicast message, depending on the routing protocol specified. ❑ Keeping the route table as short as possible is the goal of route summarization—

a process where multiple routes can be expressed within a single route table entry. Autosummarization advertises summarized routes automatically—in most cases, summarizing on a classful boundary. Manual summarization, usually the preferred choice, lets the administrator decide which summarized routes are advertised and which ones are not.

356

Chapter 10:

Cisco Router Configuration

❑ An autonomous system is a network under a single administrative control. A

routing protocol working inside a single AS is known as an Interior Gateway Protocol (IGP), while a routing protocol used between autonomous systems is called an Exterior Gateway Protocol (EGP). All routing protocols are IGPs, except for BGP, which is an EGP.

Routing Configuration ❑ RIPv2 sends updates out multicast, supports VLSM (sending subnet mask

information with each route update), and can perform manual or auto summarization. However, it relies solely on hop count as a metric and is slow to converge. ❑ To configure RIPv2, make sure all interfaces have the appropriate IP address and subnet mask assigned, and issue the router rip Global Configuration command. Next, issue the version 2 command, and then tell the router which networks to enable RIP for by issuing the network network_id

command. The network ID is always entered as a classful entry—if you enter the individual subnet IDs, only the classful portion will be entered in the IOS. You can stop route updates on the interface using the passive-interface interfacetype_# command. ❑ The route table display (from the show ip route command) shows how

the route was learned, using a simple code (“C” for connected, “S” for static, and “R” for RIP). It also displays the next hop address, outgoing interface, and subnet mask for the route, as well as the administrative distance and metric for the route in brackets. ❑ To configure the Internet Access Router using SDM, determine the private

address range you want to use inside your network, set up the external interface to use DHCP (most ISPs require your external interface to use DHCP), configure Port Address Translation (PAT) on the router (letting your private IP clients use the Internet), and configure DHCP on the router (to service your internal clients from the internal-facing Ethernet interface). ❑ To test DHCP functionality, use ipconfig /release and ipconfig /renew on an in-

ternal client to see if the address is pulled correctly. You can verify that PAT is functioning by simply opening a web browser and surfing to an Internet web site. The show dhcp binding and show ip nat translations commands can also be used to verify configuration.

Self Test

357

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

First Steps 1. Which of the following is/are true concerning the configuration of the serial port on a router directly connected to another router? A. An encapsulation type must always be configured. B. An encapsulation type must be configured only if you wish to use an encapsulation type other than HDLC. C. You must configure clock rate on the DCE end. D. Clock rate must be configured on both ends of the connection. E. The bandwidth command must be configured on the DCE end. F. The bandwidth command does not need to be configured. 2. Which command can be used to verify which end of the connection is DCE? A. show interfaces B. show dce C. show serial dce D. show controllers 3. The router and switch CLI are similar in many ways. Which of the following is/are differences? A. Configuring the enable secret B. Questions asked during the System Configuration dialog C. The commands to move through—and exit—CLI modes D. The required amount of configured IP addresses 4. Assume you are installing a small SOHO network. Which interface on the router will be linked to the leased line connected to the Internet? A. Fast Ethernet 0/0 B. Serial 0/0 C. Console D. Aux

358

Chapter 10:

Cisco Router Configuration

Configuration Fundamentals 5. Which of the following is/are true regarding directly connected networks? A. The administrator must use the ip route command to add them to the route table. B. The route is automatically added to the route table as soon as an interface is properly configured and enabled. C. The router cannot forward packets to the network until a routing protocol is enabled. D. The router can forward packets to the network without a routing protocol. 6. You wish to configure a static route to network 192.168.2.0/24. The route must leave interface Serial 0 to the next hop address of 172.16.5.3. Which of the following commands will configure the route? A. ip route 172.16.5.3 192.168.2.0 255.255.255.0 serial 0 B. ip route 192.168.2.0 255.255.255.0 serial 0 172.16.5.3 C. ip route 172.16.5.3 serial 0 192.168.2.0 255.255.255.0 D. ip route 192.168.2.0 255.255.255.0 172.16.5.3 7. Which of the following are link state routing protocols? A. RIP B. RIPv2 C. IGRP D. EIGRP E. OSPF F. IS-IS 8. Which routing protocol is said to converge quickly? A. RIP B. IGRP C. OSPF D. None of the above 9. You are configuring a router for a small network. FastEthernet 0 (Fa0) is connected to 200.5.4.0/24, FastEthernet 1 (Fa1) is connected to 200.5.5.0/24, and Serial 0 (s0) is connected to 190.100.100.0/24—an Internet service provider line through a cable modem. The route table automatically updates for the two directly connected networks. You wish the router to send all other packets through serial0, allowing Internet access for your internal clients. Which of the following configuration commands creates the default route? A. ip route 0.0.0.0 0.0.0.0 serial0 B. ip route 0.0.0.0 0.0.0.0 190.100.100.254

Self Test

359

C. ip route 0.0.0.0 0.0.0.0 200.5.4.254 D. ip route 0.0.0.0 0.0.0.0 200.5.5.254 10. Which of the following routing protocols is/are considered IGPs? A. RIPv2 B. OSPF C. EIGRP D. BGP E. All of the above

Routing Configuration 11. You wish to configure RIPv2 on RTR1, shown in Figure 10-10. You issue the router rip command, and then the version 2 command. You now need to configure the network statements for RIP. Which network commands is correct? A. network 192.168.1.0 B. network 192.168.1.0 255.255.255.0 C. network 172.16.2.0 D. network 172.16.2.0 255.255.255.0 E. network 172.16.3.0 F. network 172.16.3.0 255.255.255.0 G. network 172.16.0.0

FIGURE 10-10

RTR1

Fa1/0 172.16.3.1 255.255.255.0

Fa0/0 192.168.1.1 255.255.255.0

RTR1

Fa0/1 172.16.2.1 255.255.255.0

360

Chapter 10:

Cisco Router Configuration

12. The interfaces on RTR2 have the following addresses: 122.17.8.1, 135.55.4.1, and 199.56.77.1. Which commands is/are required to enable RIPv2 on the router? A. router rip B. router rip version 2 C. version 2 D. network 122.17.0.0 E. network 122.0.0.0 F. network 135.55.4.0 G. network 135.55.0.0 H. network 199.56.77.0 I. network 199.56.77.1 13. You are configuring an Internet Access Router using SDM. Fa0/0 faces inside your network, while Fa0/1 faces the DSL/cable modem. Which of the following is/are true? A. You should configure Fa0/0 as a DHCP client. B. You should configure Fa0/1 as a DHCP client. C. You should enable a DHCP server on Fa0/0. D. You should enable a DHCP server on Fa0/1. 14. You have configured DHCP and PAT on an Internet Access Router using SDM. Which of the following methods will verify that PAT is functioning? A. From an internal client PC, open a browser to a web page on the Internet. B. From an internal client PC, open a browser to a web page inside your network. C. Use the show ip nat translations command. D. Perform an ipconfig /release and an ipconfig /renew. 15. You issue a show ip route command. A sample output is provided next: R

172.16.2.0 [120/1] via 172.16.3.254, 00:00:17, Serial0/0

Which of the following statements is/are true concerning the output shown? A. This is a directly connected route. B. This route was learned via RIP. C. The hop count metric on this route is 120. D. The hop count metric on this route is 1. E. The next hop address is 172.16.3.254.

Self Test Answers

361

SELF TEST ANSWERS ✓ B, C, and F. Serial interfaces do need an encapsulation configured, but by default Cisco 1. ® routers using HDLC. The clock rate must be configured on the DCE end of the connection. The bandwidth command is not necessary, and is only used as a metric by some routing protocols ® ˚ A. HDLC is enabled by default as the encapsulation type on Cisco router serial interfaces. D. You only need to configure the clock rate on one end of the connection. E. bandwidth is an optional command. ✓ D. show controllers will display the DCE end of the connection. 2. ® ® ˚ A. This will display information about the interfaces, but won’t tell which is configured as DCE. B and C. These are not valid commands. ✓ B and D. Routers have different questions during setup. Switches only require a single 3. ® IP address (for VLAN1 interface), while routers need IP addresses configured for each active interface. ® ˚ A and C. Routers and switches have these characteristics in common. ✓ B. Router serial ports are used to connect to leased-line WAN connections. 4. ® ® ˚ A, C, and D. The Ethernet interfaces service your client networks. The Console and Auxiliary ports are used for configuration. ✓ B and D. Directly connected routes are automatically added to the route table as soon as 5. ® the configured interface is enabled with the no shutdown command. Because the routes are in the route table, the router will service these networks. ® ˚ A and C. These statements are false. ✓ D. The correct syntax for a static route entry is ip route destination_network_id 6. ® subnet_mask next_hop_address administrative_distance. ® ˚ A, B, and C. These all exhibit incorrect syntax. ✓ E and F. OSPF and IS-IS are link state protocols. 7. ® ® ˚ A, B, and C. These are distance-vector protocols. D. EIGRP is a hybrid. ✓ C. OSPF converges very quickly. 8. ® ® ˚ A and B. These protocols converge slowly. D. This is a false statement. ✓ B. The syntax to configure a default route is ip route 0.0.0.0 0.0.0.0 next_hop_ 9. ® address. Since the network that serial0 connects to is the 190.100.100.0/24 network, the next hop address must be within that range. ® ˚ A, C, and D. These answers all exhibit incorrect syntax. ✓ A, B, and C. All routing protocols are IGP, except for BGP. 10. ® ® ˚ D. BGP is an EGP protocol. E. This is a false statement.

362

Chapter 10:

Cisco Router Configuration

✓ A and G. RIP only accepts entries on the classful boundary. Typing in the actual address 11. ® of the interface, or of a subnet, would be silently corrected and added to the IOS as the classful entry. ® ˚ B through F. All these answers exhibit incorrect syntax since RIP accepts only on the classful boundary. ✓ A, C, E, G, and H. Configure RIP with the router rip command, and make it RIPv2 12. ® with the version 2 command. Network statements are then added on the classful boundary. ® ˚ B, D, F, and I. All of these display incorrect syntax. ✓ B and C. The internally facing interface services your client PCs and should, therefore, act 13. ® as a DHCP server. The externally facing interface will most likely need to pull and address from the ISP DHCP server. ® ˚ A and D. These are both false statements. ✓ A and C. Surfing to an external web site demonstrates that PAT is functioning well. show 14. ® ip nat translations will display the private-to-public address pairings. ® ˚ B. Opening a web page inside your network would not involve PAT at all. D. This action is a good test to see if DHCP is functioning. ✓ B, D, and E. The “R” indicates that the route was learned through RIP. The information in 15. ® brackets shows the administrative distance and metric, respectively. ® ˚ A and C. Both are false statements. A directly connected route would show “C” as the code. The administrative distance is displayed first in the brackets—the metric is shown second.

11 WANs and WLANs

CERTIFICATION OBJECTIVES 11.01

Wide Area Networking

11.02

Wireless Networking

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

364

Chapter 11:

WANs and WLANs

W

ired LANs are wonderful things, but they do have their disadvantages. First, LANs, by design, only cover short geographical distances. So what happens when your business expands and you need to get data from your office to the far reaches of the globe? This is where the wide area network (WAN) comes into play. WANs provide a way to move data across great distances between LANs and if you are to be a successful networker—and CCENT candidate—you’ll need to know the fundamentals and configuration options for them. The second limitation of wired LANs is the cabling itself. By its very nature, cabling is restrictive and sometimes cumbersome. The answer to many mobility problems within a network can be found in the wireless LAN (WLAN), and—just as with WANs—you’ll need to know quite a bit about them to pass the exam. In this chapter, we cover the fundamentals of WANs and WLANs, providing all the definitions, terminology, theory, and configuration settings you ever wanted to know. The WAN section covers several different WAN connection types, as well as how to configure many settings for various WAN connections. In the WLAN section, we’ll discuss what a wireless LAN is made of, how to install them, and also explore some security basics.

CERTIFICATION OBJECTIVE 11.01

Wide Area Networking Much like other networking concepts we’ve already talked about, WANs aren’t overly complicated—but you can make them as difficult as you’d like. So, before moving forward, you should have a few basics firmly in mind. Imagine, for example, that you have a business headquartered in Birmingham, Alabama. Over time, your business grows and people in other areas hear about it. Opportunity abounds, so you decide to open a new office. If your new office happens to be next door to your original office, no big deal. But what happens if that abounding opportunity happens to be in Atlanta, Georgia or San Francisco? Obviously, either location presents a problem. You can’t simply drag a cable across all the farmland, interstate roadways, and occasional homes to connect the two offices—and digging a tunnel between the two makes as much sense as a bologna ice cream sundae. So, short of miraculously connecting using smoke signals, or a crazed

Wide Area Networking

365

yet brilliant configuration of mirrors and hand-held laser pointers from the local truck stop, your options for doing it yourself are pretty limited. This is where WANs come into play. Another term you may hear bandied about is the MAN. No, we’re not talking about the charming euphemism for your boss, but rather the metropolitan area network.The line between what defines a MAN and a WAN has blurred to the point that the term MAN isn’t used as much anymore. If you’re ever asked about it, though, it’s simply a WAN that is confined to a smaller geographical location—like a metropolitan area, and so on. (The CAN—campus area network—has a similar definition, but is usually tied to a business or educational system campus instead of a city.)

WAN Fundamentals A WAN is a computer network, spanning a large geographical distance, that’s used to connect multiple LANs together using some form of leased line. In other words, you may own all the equipment and cables inside your LAN, but you’ll have to pay someone else for space on their lines to connect your networks together. Instead of trying to dig tunnels and string lines, you’ll simply pay someone who already has the lines in place! WANs are typically discussed as layer-2 technologies and, in general, are slower than LAN technologies. Many types of WAN transport are available (the choice of which technology to use will be driven by your business needs), but they all fall into two main categories: circuit switched and packet switched. A circuit switched network is designed to set up a physical connection between two communicating entities, which stays up through the duration of the communication session. In other words, if Router A sends a message across a circuit switched network to Router B, the physical connection between the two of them stays open and dedicated to that session until they are done communicating; no other system can use that line until the two routers are done with their conversation. Another way to think of this is to consider the phone in your house. As they say, “back in the day” if someone called your home while you were on the phone with Mom, they got a busy signal: the session between you and Mom is dedicated and cannot be used by anyone else until one of you hangs up. In summary, circuit switched networks are considered to work at layer 1; they don’t particularly care about the data, address, or bits being delivered, they only care about opening and closing a pathway between the two systems. Circuit switched technologies are referred to as point-to-point technologies.

366

Chapter 11:

WANs and WLANs

You’ll need to know the major differences between circuit and packet switched technologies. Circuit switching works at layer 1 and is considered a point-to-point technology, while packet

switching works at layer 2 and is considered multipoint (more than two systems). Also, be sure you can identify the terminology depicted in Figure 11-1.

The advantage in the data networking world is that this session is dedicated to your system(s) and you always have 100 percent of the bandwidth available. The disadvantages are twofold. First, data networking tends to use short bursts, so the pathway may only be used 20 percent of the time. With a dedicated circuit, you’re paying for the bandwidth whether you use it or not. Secondly, circuit switching requires a dedicated point-to-point connection between your central office and your branch offices. With one or two branches, this is no problem, but can you imagine the headache of having 20 branches? In addition, each link would require a separate serial interface on the central office’s router. (With 20 branch offices, you’d need at least 21 interfaces: 20 for the branches and one for the headquarters.) The second major category of WAN service is packet switching. A packet switched network is designed to examine the destination address of data frames and make some kind of a decision about how to forward them. In other words, it’s what we’ve talked about in every chapter of this book! The packet switched network will open each link along the chain just long enough to deliver the frame; the link is then freed for use and the next link picks up where it left off. Packet switched technologies are generally better and faster than circuit switched for WAN data communications. Networking is filled with confusing terms and technologies, and this (WAN technologies) is just another example.The term “packet switching,” in relation to WAN technology, actually doesn’t involve a packet at all. Packet switched WANs use the frame address to determine forwarding paths and, therefore, are considered layer-2 technologies. Despite the fact that a packet is a layer-3 PDU, the WAN is still considered Data Link in nature. So why not name it Frame Switched instead? We don’t know either… Finally, you may need a quick vocabulary lesson to move through the world of WANs. Terms associated with WANs are service provider, telco, demarc, and CPE. A service provider is the company, owning the leased lines or circuits, that provides

Wide Area Networking

367

WAN (and/or Internet access) services. Many businesses rely on the telephone company as their service provider, and the term telco is used as an abbreviation for such. Once the telco is called for installation of services, they will normally show up and install a physical wire into your communications closet, which then plugs into a device. The wire is either the “four-wire” line for typical telephone services or a line terminated with a V.35 or RS-232 connector, and the device it plugs into is the CSU/DSU covered earlier. The demarc is the point in the physical pathway where the telco’s responsibility ends and the customer’s begins. Usually the demarc ends at the cable itself, on the connector just before plugging into the customer premises equipment (CPE). If you think about it, this makes sense—the cabling and the connector belong to the telco, while the router and CSU/DSU belong to the customer. Refer to Figure 11-1 to see these terms illustrated. Note: The lines provided by the telco are considered “long haul” lines, and can stretch for several miles.The lines within the CPE are generally short cables (less than 50 feet). A final consideration on WAN connectivity has to do with the bandwidth speeds. Regardless of the technology type chosen, certain physical layer standards and cabling go along with it. In the early days of networking, a baseline speed of 64 Kbps was chosen—mainly because that was the bandwidth required for a single telephone call—and was given the designation digital signal 0 (DS0). Later WAN link implementations were simply conglomerations of DS0s on a given line, with the number of DS0s multiplied by 64, giving you the total bandwidth available. These lines have specific designations indicating their use in a particular geographical area: “T” lines are United States standards, “E” lines are European, and “J” lines are Japanese. A summary of some of the different lines available, and their respective bandwidths, are listed in Table 11-1.

Telco equipment and lines

FIGURE 11-1

Leased line terminology CSU/DSU

CSU/DSU WAN switches

CPE

CPE demarc

demarc

368

Chapter 11:

TABLE 11-1

WAN Line Options

WANs and WLANs

Line Designation

Bandwidth

DS0

64 Kbps

DS1 (T1)

1.544 Mbps

DS3 (T3)

44.736 Mbps

E1

2.048 Mbps

E3

34.064 Mbps

J1 (Y1)

2.048 Mbps

A few things should be taken note of in Table 11-1. For instance, the “T” lines also have a “DS” designation: the DS1 (T1) line is a combination of 24 DS0s, along with an 8-Kbps control line, while the DS3 (T3) line combines 28 T1 (DS1) lines together. The “E” lines are European standards, but they also work on the DS0 standard: an E1 has 32 DS0s, while the E3 has 16 E1 lines together. The Make sure you memorize Japanese line, J1(Y1), has the same bandwidth the information in Table 11-1. speed as its European counterpart, but uses a Japanese standard instead. The dizzying array of WAN choices can seem daunting at first but, trust us, it’s not that bad. Basically, you simply need to examine your needs and find a technology that meets them—at the best price, of course. In the rest of this section, we’ll cover remote access and point-to-point technologies first, describing terminology and functions as best we can, followed by an in-depth look at the packet switched options available. Along the way, we’ll point out any configuration options you’ll need to know for your router (and the exam), so feel free to return to Chapter 10 if you need a refresher.

Point-to-Point Technologies Point-to-point WAN technologies are relatively easy to understand: you simply call a provider and ask for a “T” (or other) line installation between your headquarters and the branch office. Technicians arrive, drill a hole through the wall, and install a cable that hangs in your communications closet. The cable plugs into the CSU/ DSU, or your router, and you have a dedicated connection between your offices. Of course, you’ll need to know some important points about them for your exam (and on your job).

Wide Area Networking

369

First, keep in mind that these connection types we’ve discussed (T, E, and J lines) all define Physical layer functions—they basically provide a pathway on which bits will travel. As we’ve discussed before, a wide variety of layer-2 encapsulation types can be run across these lines. Thankfully, only two major layer-2 protocols specifically defined for point-to-point connections are covered on the exam: HDLC and PPP. HDLC is a ridiculously easy protocol to understand. First of all, given it’s a pointto-point link, why would a router need to announce the address in frames they send out? The frame will always go to one, and only one, addressee, so HDLC doesn’t really care about an address field. For comparative purposes, remember the frame in Ethernet? There, an address is absolutely mandatory—so the systems can determine who the frame is for. On an HDLC link, this isn’t a concern (an address field is there, but is no longer needed). An HDLC frame is shown in Figure 11-2. Initially used in telco circuits, HDLC originally only serviced one “upper layer” protocol. Cisco, however, correctly thought that multiple layer-3 protocols (IP, IPX, AppleTalk, DECnet, and so on) could be sent across a point-to-point link. They then simply took apart the HDLC frame and added a Type field to let the destination router know which layer-3 protocol to use in order to route the packet. This made the Cisco version of HDLC proprietary, meaning that if you wish to use Cisco’s HDLC, you must have a Cisco router on both ends of the connection. Since the frame was proprietary, but the idea behind it was solid, ITU (International Telecommunications Union) created a nonproprietary version with RFC 1661. Point-to-Point Protocol (PPP) looks and acts exactly like HDLC—same frame, same fields, same rules. The major—and only—real difference between the two is that PPP can be used on any device, whereas a link using Cisco’s HDLC would require only Cisco devices. FIGURE 11-2

Standard HDLC Frame:

An HDLC frame Flag (1 Byte)

Address (1 Byte)

Control (1 Byte)

Data (Varies in size)

FCS (4 Bytes)

Address field is present, but not needed, and there is no Type field to indicate layer-3 protocol

Cisco HDLC Frame (Proprietary): Flag (1 Byte)

Address (1 Byte)

Control (1 Byte)

Type (2 Bytes)

Type field added to indicate layer-3 protocol

Data (Varies in size)

FCS (4 Bytes)

370

Chapter 11:

WANs and WLANs

You’ll need to know the basics of HDLC and PPP, as well as how to configure them. Be sure to remember that HDLC is Cisco proprietary and is the default encapsulation type on serial

point-to-point interfaces—so you don’t need to enable it on back-to-back Cisco links. PPP works just like HDLC, but is not proprietary and is the only choice of the two for non-Cisco devices.

Configuring HDLC or PPP on your router is very simple. First, make sure a proper IP address and subnet mask pair is entered for the serial interface, and that you enable it with the no shutdown command. Next, if your link is back-toback with another router, be sure one end of the link is providing clocking with the clock rate command (if you’re using a T line, the CSU should handle this for you). Finally, enable the encapsulation you prefer with the encapsulation protocol command. If you are using Cisco devices on both ends and wish to use HDLC, you don’t have to configure encapsulation at all—HDLC is the default! If you want to use PPP, simply type encapsulation ppp and voilà! Sample configurations for both appear in the following. As you can see, the configuration is very easy. In fact, there’s really only one way to mess this up, and one BIG thing to remember: you must have the same protocol assigned on both ends! ! This configuration is all that is needed to enable HDLC on a serial interface. RTR1# configure terminal RTR1(config)# interface serial 0/0 RTR1(config-if)# ip address 192.168.1.2 255.255.255.0 RTR1(config-if)# no shutdown ! This configuration is all that is needed to enable PPP on a serial interface. RTR1# configure terminal RTR1(config)# interface serial 0/0 RTR1(config-if)# ip address 192.168.1.2 255.255.255.0 RTR1(config-if)# encapsulation ppp RTR1(config-if)# no shutdown

Note: Remember that, in a back-to-back router scenario (usually in the lab), you’ll need to configure clock rate on one end. bandwidth and description commands are optional, but recommended.

Wide Area Networking

371

Packet Switched Technologies The two major packet switched technologies available for WAN links are frame relay and ATM. Much like with T lines, to use these services you simply find a provider and call them up. Technicians arrive, drop a line (or two) in your communications closet, and you plug in your router. A few configuration commands later and you’re up and running. This section is dedicated to the nuts and bolts of these two technologies.

Frame Relay At this point you might be wondering, “If point-to-point technologies are so readily available and so easy to set up, why bother with anything else?” I’m glad you wondered… Consider our original example, with the headquarters in Birmingham, Alabama, and our abounding-opportunity office in Atlanta, Georgia. A leased line in this circumstance might make sense—we only need a router with a single serial interface on both ends, and setup is easy. But what happens when our opportunity begins abounding in other locations? What if our customer service, products, and down-home atmosphere are so popular we wind up with 50 branch offices? Or 100? The problem with this is twofold. First, our headquarters router would need a separate serial interface for each branch office (try to imagine a router with 100 serial interfaces…). Second, each line comes with a separate cost, making our abounding opportunity wane at the cost of our communications. Suppose, though, a friendly salesperson walks into your office. Mr. Friend tells you he can offer a service that only requires one serial interface on your router. Interested, you ask about bandwidth. He tells you he can guarantee a certain amount of bandwidth to each site at least as fast as what you have with your T lines and, if the service can support it at the time, you’ll get even more for free! Incredulous, you lean back in your chair, awaiting the answer to the question that’ll probably blow the air right out of this utopian WAN connectivity balloon: “How much will it cost?” After you’re awakened with smelling salts, having fallen out of your chair, you ask again and hear the same answer—“It’s much cheaper than what you’re paying now.” Welcome to frame relay!

Pay attention to the function of frame relay and make sure you can identify its alphabet soup (DLCI, PVC, SVC, and CIR).Thankfully, you won’t need

to remember any configuration for frame relay on the exam—just be sure you know how it works.

372

Chapter 11:

WANs and WLANs

Frame relay is a packet switched multi-access layer-2 WAN technology providing long haul data communications to many different endpoints through one physical connection. Sometimes—for bandwidth and load balancing purposes—engineers will have multiple interfaces dedicated to their frame relay “cloud,” but it’s not a requirement. The major difference between the topology of a leased line and a frame relay drop has to do with where the access link terminates. The access link is simply a cable, exactly like the PTP lines described earlier, that connects the router to the frame relay cloud. The difference is, in PTP, the access link cable plugs directly into the router at the distant end—on a frame relay setup, the access link connects directly to a frame relay switch inside the cloud. This switch accepts the frame and makes forwarding decisions through the cloud (a series of other switches) to the end destination switch. That switch then forwards the frame to the router for dissemination into the internal Ethernet network. Routers connected to a frame relay network do not technically realize they are passing the message on to another switching service. From the router’s perspective, each link to a branch office network is a point-to-point connection. Therefore, frame relay works with something known as a virtual circuit (VC). A VC can be preconfigured and always “on” (a permanent virtual circuit [PVC]), or it can be established and terminated when needed (a switched virtual circuit [SVC]). Within these VCs, a special address called a DLCI (Data Link Control Identifier) is used to identify routers on each end. When you negotiate your VCs through a frame relay provider, the contract will stipulate a Committed Information Rate (CIR). The CIR is the minimum bandwidth you’ll receive for your circuits—with more being given when the network can support it! For a visual representation of a frame relay WAN, take a peek at Figure 11-3.

ATM Another packet switched WAN technology doesn’t use frames or packets at all—it uses something called a cell. Asynchronous transfer mode (ATM) is a cell switched WAN transport technology that works much like frame relay. The telephone company—or other provider—builds and operates an ATM cloud, using ATM switches to transport data. Customers connect routers to an ATM switch in the cloud. The switch accepts data from the router and forwards it through the ATM cloud to another ATM switch servicing the destination router. Just as with frame relay, VCs (permanent and switched) are used within the cloud to connect the routers: as far as the route knows, everything is a point-to-point link!

Wide Area Networking

FIGURE 11-3

A frame relay WAN

373

Virtual Circuit To Birmingham Offices

Access Link Frame Relay Switch

To Nashville Offices

To Atlanta Offices

After reading this section, you may be asking yourself, “Why in the world aren’t we using ATM more? After all, it transports data across long distances at very high data rates and offers a world of services and features.”The answer has to do with complexity, cost, and the desire to push Ethernet beyond its humble origins. ATM equipment and services are very expensive compared to Ethernet hubs and switches, and the implementation of the technology has a higher learning curve. Ethernet is simpler, cheaper, and, over time, just as fast. You’ll still find the occasional ATM zealot promoting its advantages, but just remind them that it’s more of a WAN-only choice now: the LAN belongs to Ethernet. The ATM cell is a study in simplicity. While Ethernet and PPP frames can vary in size, depending on the data transported, an ATM cell is always the same size—53 bytes. ATM cells always have a 48-byte data field and a 5-byte header. While frame relay made use of DLCIs for addressing, ATM cell headers have two fields to keep track of VCs: the virtual path identifier (VPI) and the virtual channel identifier (VCI). This simplicity, along with the fiber (SONET) links the cells travel on, allows ATM to reach much higher transport speeds than frame relay. However, it also creates a slight problem. (The ATM cell is shown in Figure 11-4.)

374

Chapter 11:

FIGURE 11-4

An ATM cell

WANs and WLANs

Header (VPI, VCI, and SAR information)

Data (May need padding)

(5 Bytes)

(48 Bytes)

Remembering the maximum size of an Ethernet frame is 1518 bytes, this problem should be fairly evident: Just how does ATM transport 53-byte cells when the Ethernet frame is so much bigger? The answer is a service in ATM called segmentation and reassembly (SAR). SAR is actually fairly simple. The first 48 bytes of the Ethernet frame are segmented and placed into a cell for transport. The next 48 bytes are placed in the next cell, and so on and so on, until all bytes of the original frame have been sent. The destination switch will then reassemble all the segments into another Ethernet frame and deliver them to the destination network.

You’ll only need to know the basics of ATM (SAR, addressing, cell size and function, and so on). No questions

about ATM configuration will be on the exam, so just concentrate on the acronyms and definitions.

Remote Access Technologies Some WAN technologies have many configurations options and concerns, while others do not. The remote access technologies discussed here—PSTN, DSL, and cable modems—are very easy to use, readily available, and relatively cheap. In many cases, these are all the WAN connections you’ll ever want or need.

PSTN and Analog Modems The first, easiest, and probably most common technique for connecting to remote offices is making use of a communications technology that’s been around since 1876. The telephone, invented by Alexander Graham Bell, grew from its humble origins into a worldwide communications network, with lines reaching into most homes and businesses. The public switched telephone network (PSTN) was originally created and used for the transmission of voice waves (translated into analog electrical waves) to be sent across the wires.

Wide Area Networking

375

Knowing the inner workings of the entire system isn’t a necessity in networking, but it does provide some good background information. The telco installs wiring from the central office (CO) to a collection point in a subdivision or city block. This wiring is a simple pair and is known as the local loop. One end is terminated in your home or business, while the other, through the collection point, connects back to the CO. When your voice reaches the far end of your local loop cable, a telco switch converts the waves into a digital signal sending it across “T” lines to a switch servicing the target phone number. That switch performs the process in reverse, sending the signal down the appropriate local loop. Because these lines are so ubiquitous—and they are obviously capable of transmitting digital information—the PSTN is a very simple WAN connection technology. To use the PSTN, you need an analog modem on both ends of the communications line. When the message is sent, the analog modem dials through the local loop to a modem on the distant end. After a brief negotiation (speed and so on) the modems can transmit data. Analog modems modulate a digital signal into an analog format for transmission, and then demodulate it (converting it from analog back to digital) on the other end. While this session is taking place, the line cannot be used for anything else (you cannot make a phone call during the time the modem has “dialed up” something), making this a perfect example of circuit switched technology. The benefit of using modems and the PSTN is simplicity and cost. The drawback is speed and reliability. This access method is also commonly referred to as “dial up” networking.

DSL Another WAN option making use of PSTN lines is digital subscriber line (DSL). Technically speaking, DSL is more of an Internet access method than a WAN technology. However, with the speeds available and with the advent of more and better virtual private network (VPN) options available and the ease of availability, DSL is becoming more and more a go-to choice for businesses. Driven by a demand for better and faster Internet access, the DSL architecture works a little differently than dial up. As Figure 11-5 shows, a new piece of equipment is added to the overall design, to split the data and voice signals. The DSL Access Multiplexer (DSLAM) accepts all voice and data network from local loops. Data signals are split off to the Internet, through the ISP, while voice signals are sent through the regular PSTN switches. This is accomplished due to the frequency ranges used by both: phones use 0–4000Hz, while data signals run at frequencies higher than 4000Hz. This means the same line can be used for voice and data concurrently—a significant advantage over dial up.

376

Chapter 11:

FIGURE 11-5

A DSL architecture

WANs and WLANs

DSL Modem Local Loop

To home PCs and laptops

To home telephones

Data signals (greater than 4000Hz) sent to ISP

Max. distance: 18,000 feet

DSLAM (at CO)

Voice signals (4000Hz or less) sent to PSTN

Be sure to review the information in this section thoroughly before the exam, paying particular attention to the maximum length of the local loop (18,000 feet), the devices

needed for the system to work, the factors affecting speeds in DSL, the ability for voice and data to be sent simultaneously on the same line, and DSL’s “always on” capability.

DSL service offerings come in a variety of speeds and functions, and are usually considered either symmetric or asymmetric. Symmetric DSL means the speeds are the same in both directions, while asymmetric DSL offers different upload and download speeds. Asymmetric DSL is much more common, as most home and small office users tend to need higher download rates than they do for uploads. Regardless of the type chosen, the speed available greatly decreases as the length of the local loop increases—in other words, the farther away you are from the DSLAM, the slower your speeds. If the local loop exceeds 18,000 feet, your DSL will not work at all. Additionally, the quality of the cabling, the CO equipment used (DSLAM model), and the type of DSL service you sign up for all affect the speed you’ll actually receive.

Wide Area Networking

377

There’s an alphabet soup of DSL services to choose from: ADSL, CDSL, VDSL, SDSL, HDSL, and IDSL. Most service requests are for asymmetric lines, with Asynchronous, Consumer, and Very-high-data-rate DSL being the most commonly installed.The last three (Synchronous, High-data-rate, and ISDN DSL) are symmetric in nature and not as common.

Cable Modems While analog modems and DSL made use of phone lines, this particular technology uses a different set of cables—those providing the cable television services to your home or office. In many characteristics, cable data services are much like DSL: they are considered an always-on service, they have high data speed available, and can support asymmetric speeds over a single wire. However, a few differences exist. First, and obviously, cable modems use the RG6 coax cable from a cable television service provider. The signal is carried back to the provider where it is split, much like the DSLAM in DSL. Second, while DSL must contend with local loop distance restrictions, cable service does not have to worry about it—cable services can stretch for very long distances. Of course, as with any service or media, the farther away from the CO you get, the slower your service, but compared to DSL, cable is a much better choice for long-distance runs.

Be sure to review the differences between dial up, DSL, and cable as remote access technologies. Cable and DSL are “always on” technologies, and both are much faster than dial up. Cable

modems can reach higher data rates, but the bandwidth is shared (more users on the line means less available bandwidth). DSL has distance restrictions while dial up and cable do not.

Another key difference has to do with speed and consistency. On one hand, cable services run much faster than DSL, in general. DSL runs at a maximum of somewhere around 1.5-Mbps download, while cable can go as high as 3- to 6-Mbps download. On the other hand, cable services do not provide a consistent data rate throughout the day. Because it is a shared cable (basically a huge bus network), the more users on the cable, the slower the network runs. In other words, if you had a 1.5-Mbps DSL service, you always have 1.5 Mbps, regardless of how many people are surfing. If your cable service promotes itself at 1.5 Mbps, however, you may see that bandwidth drop as more and more systems connect to the cable.

378

Chapter 11:

WANs and WLANs

WAN Configuration Extras As you can see so far, there’s a lot to know about WANs, but most of the configuration steps you’ll need to know for its settings have already been covered earlier in this book. In this section, we simply explore a couple of the more common and useful—and perhaps even optional—configuration options you’ll need to know.

NAT and PAT After expending all the effort, time, and money to provide a WAN link for your users, you may find yourself without the cash to buy them individual public IP address space. As covered earlier, private addressing can be used in its stead, but cannot be routed to and from the Internet. To allow these systems with private IP addresses the ability to surf the Internet, you can use one of two technologies: Network Address Translation (NAT) or Port Address Translation (PAT). In Chapter 10, we configured PAT and discussed some of the basics. Now we’ll dig a little deeper. NAT translates Network-layer private addresses to public addresses, and runs on a router, server, or firewall. Basically, the engineer uses a private address range inside the network and runs NAT between these systems and the Internet. As one of the privately addressed systems attempts to connect to the Internet, the attempt is intercepted and the IP address is swapped for a public IP address. The request is then sent and, when the reply comes back, NAT performs the translation in reverse— sending the data inside to the requesting system. The public address can be a single address or a pool of addresses the NAT service pulls from. PAT runs the same concept—translating private to public addresses—but works just a little differently. It adds the port number to the translation, allowing multiple privately addressed systems to use the same public address simultaneously. Of the two choices, PAT is most often chosen and, as we showed in Chapter 10, is very easy to configure. A sample PAT translation is shown in Figure 11-6. The information shown in the NAT (PAT) translation table from the router demonstrates how PAT works. The table shows two simultaneous translations—one entry for the session depicted in the image, the other for a separate communications process. Notice that the outgoing public IP address remains the same for both requests, with only the source port being different. This way, the router can keep track of the responses by mapping back to the source port number from the original request.

Wide Area Networking

Source Address: 200.55.12.2

FIGURE 11-6

PAT functions

Source Port: 1215

Destination Address: 200.55.12.2

Dest. Port: 1215

D es t 19 Add ina 2. re tio 16 s n 8. s: 1. 25

D Po est. 12 rt: 15

So Po urc 12 rt: e 15 So 19 Add urc 2. re e 16 s 8. s: 1. 25

379

NAT/PAT Translation Table Inside Local

Inside Global

This entry shows the translation above

192.168.1.25:1215

200.55.12.2:1215

This entry shows a second translation, from a different internal client

192.168.1.100:1504

200.55.12.2:1504

Make sure you’re completely familiar with NAT and PAT—how they work, what their various terminology means, and what the packets

look like as they enter and leave the router. Review the SDM configuration of PAT, shown in Chapter 10, before taking your exam.

Regardless of NAT or PAT, you’ll need to know some additional terms (for the exam and for your own configurations). You may have noticed “inside local” and “inside global” listed in the translation table of Figure 11-6. Inside local refers to the private address used in the IP header as a packet moves from an internal host to the router. Inside global refers to the public address NAT uses in place of the internal private address for routing outside the internal network. Lastly, the interfaces on the router are designated as well: the inside interface is the router port facing the internal network, while the outside interface is the port facing the Internet. We’ve already covered configuring PAT on an Internet Access Router in Chapter 10. This information is here for review and to bolster your understanding of the topic.

380

Chapter 11:

WANs and WLANs

Another configuration topic we’ve already covered, but which bears mentioning again here, is DHCP. When you’re setting up your router, be sure to assign DHCP to the correct interface—the one facing the internal network. Believe it or not, over the years more than a few engineers, in a rush to get things up and running, have begun offering their internal IP addresses to the Internet via DHCP! For more info on DHCP, review the configuration steps in Chapter 10 and the basics of the protocol itself in Chapter 3.

CERTIFICATION OBJECTIVE 11.02

Wireless Networking Any book on networking, at any level, that does not address the wireless networking world isn’t worth its salt and, since we happen to feel this is a great book, we’ve dedicated an entire half chapter to the subject! Wireless networking is ubiquitous; not only in the business world but in homes across the nation and world. Wireless is simple, easy, efficient, convenient, and cheap—all you need is an existing network, an access point (referred to as an AP, or sometimes as a Wireless Access Point— WAP), and a wireless network card. It does, however, pose some security concerns and has yet another set of terminology and configuration concerns to remember. In this section, we’ll discuss some basics on how wireless networking functions, followed by a short examination of some installation fundamentals. Finally, we’ll wrap things up with a discussion on wireless security.

Fundamentals Obviously, a wireless LAN (WLAN) is just a tad different than the Ethernet world we’ve been discussing up to now. First and foremost, WLAN obviously has no wires. Since signals are sent via radio frequency (RF) waves over the air and not by electrical signals on the cable, media access now becomes a concern. On Ethernet, CSMA/CD took care of collisions on a shared network, but (more importantly to this discussion) the wiring allowed for full duplex with the right standard in place. WLANs simply can’t do this: If you have two signals transmitting over the same RF frequency, neither can be read. Therefore, WLANs always run at half duplex. However, just as with Ethernet, the WLAN world has its own set of standards to regulate and propagate WLANs. Remember IEEE? This organization was responsible

Wireless Networking

381

for all those 802.3 standards you were forced to memorize earlier, and they’re also responsible for most of the standards associated with WLANs. The 802.11 series are the wireless standards regulating WLANs. Created in 1997, the first version (802.11b) was ratified in 1999. It defined a method for transmission and media access of RF waves at 2.4GHz, running at a maximum speed of 11 Mbps. This standard was quickly followed by 802.11a, which defined RF data signals at 5GHz, running up to 54 Mbps. The 802.11a standard ran faster, but covered a shorter range, and was not compatible with 802.11b networks. Since 802.11b had already “hit the streets” and become accepted as the de facto choice for many networks, the advantage of speed offered by 802.11a could not overcome the noncompatibility problems it had. IEEE is not the only organization involved in wireless standards. ITU-R regulates frequency ranges internationally, the Wi-Fi Alliance certifies products and standards (encouraging the proliferation of WLANs), and the good old FCC regulates communications frequencies within the United States. In short, IEEE created the physical and data link standards for WLANs, but they had to work within the bounds set by ITU-R and the FCC. 802.11g was ratified in 2003 to overcome this problem. Running at the same frequency as 802.11b (2.4GHz), the new standard was backward-compatible with all the devices already running the “b” standard, but offered something the original standard couldn’t—speeds of up to 54 Mbps! 802.11g quickly became the de facto choice for most home and business networks soon after its release. A comparison of the three standards appears in Table 11-2. Another wireless standard of note, not tested on the CCENT exam but very worthy of discussion, is the 802.11n standard. This is the next generation wireless

TABLE 11-2

Wireless Standards

Standard

Speed

Frequency

Key Points

802.11a

54 Mbps

5GHz

Higher speed but shorter range. Not compatible with other standards. 23 channels available (12 non-overlapped).

802.11b

11 Mbps

2.4GHz

Lower speeds but much greater range. 11 channels available (3 non-overlapped).

802.11g

54 Mbps

2.4GHz

High speed, backwards-compatible to “b,” and has long-range capability. 11 channels available (3 non-overlapped).

382

Chapter 11:

WANs and WLANs

standard, still in draft form within IEEE. In fact, it offers so much potential in additional speed and range that vendors are already producing APs and wireless cards to support the standard. Intel, heavily involved in the creation of this new standard, claims real-world speeds of 100 to 140 Mbps and more than twice the range of 802.11g equipment at any given throughput speed. Much of this is due to the way the new standard works. While 802.11b and g use a single antenna for sending and receiving, 802.11n uses a technology called multiple-input multipleoutput (MIMO) over several antennas. The result is more data can be sent and received simultaneously, greatly increasing bandwidth. Again, 802.11n is not tested on the CCENT exam, but you’ll definitely see it on your networks. The method in which WLAN devices encode digital signals into RF waves is actually fairly interesting—if you’re on the geek side of the aisle with the rest of us. First off, the frequency band for any transmission must be “free.” In the United States, the Federal Communications Commission (FCC) regulates radio wave frequencies and assigns them to specific purposes. The FCC defines many different frequency ranges as “unlicensed,” meaning you do not need a license to buy the equipment using this range, nor to start transmitting on it. These are used for all sorts of things, but the three most relevant to our discussion are: ■ Industrial, Scientific, Mechanical (ISM): 900KHz; used for older cordless phones ■ Industrial, Scientific, Mechanical (ISM): 2.4GHz; used for newer cordless

phones, and 802.11b and 802.11g wireless networking ■ Unlicensed National Information Infrastructure (U-NII): 5GHz; used for

newer cordless phones, and 802.11a and 802.11n wireless networking

Be sure you know the frequency ranges, what equipment and specific use they have, and what the band is “named” (ISM or U-NII). Additionally, make sure you know FHSS, DSSS (802.11b), and OFDM (802.11a and 802.11g) are methods to encode data signals to RF waves. If you overlap signals (multiple APs

will overlap their signals by design), be sure each access point uses a unique channel that will not interfere with its overlapping peer AP; non-overlapping channels on DSSS are 1, 6, and 11. Lastly, remember the standards themselves: speeds and frequency ranges for each will be asked.

Wireless Networking

383

In the case of WLAN communications, devices must find a way to manipulate one of these RF frequency bands at 2.4 or 5GHz to represent 1’s and 0’s. Three methods are used to do this: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency Division Multiplexing (OFDM). FHSS “hops” the signal across all available frequencies in the range, basically having each one mark a 0 or 1 depending on their amplitude at any given time, and is not used by current standards. DSSS was designed for use in the 2.4GHz range, and makes use of higher-speed frequencies in conjunction at the originating station to send the message. It’s used by the 802.11b standard. OFDM is the latest method, used in 802.11a, 802.11g, and 802.11n networks, and breaks the signal into multiple sub-signals, which are then transmitted simultaneously. Other than encoding, additional concerns at the Physical layer include wireless speeds and actual coverage area. The actual speeds you get from any given wireless access point (AP) depend greatly on interference and attenuation. Interference should be relatively easy to understand by this point: wireless messages travel over the air, where other RF waves may interfere with their transmittal. For example, if you’re using a 2.4GHz phone right next to your 802.11b access point, or someone fires up a microwave emitting 2.4GHz frequencies nearby, you can expect some data loss from interference. Wireless signals attenuate over distance and due to physical objects between the AP and the client. Basically, the further you get from an access point, the slower your effective data rate. Walls, ceilings, furniture, and the family pet can all also contribute to the attenuation and degradation of the data signal. To boost these speeds, and greatly increase the effective range of your WLAN, use directional antennas instead of the omni-directional, straight up-and-down antenna. In addition to the Physical layer concerns, media access and framing must be addressed. Media access on wireless is accomplished by CSMA/CA (Carrier Sense Multiple Access With Collision Avoidance). Because no physical pathway exists between systems, there is no way for a sending station to realize it is colliding with another system. Therefore, CSMA/CA seeks to avoid all collisions in the first place. This greatly reduces the effective bandwidth of your network (lots of overhead will do that for you), but with wireless it’s truly the only way. The steps taken by a system using CSMA/CA are listed next: 1. Listen to make sure the media is clear (no one else is transmitting). 2. As soon as the line is clear, run a timing algorithm to wait a certain, random amount of time before transmitting. (This is sometimes accompanied by a Ready To Send [RTS] packet.)

384

Chapter 11:

WANs and WLANs

3. As soon as the timer is up, verify the line is still clear and transmit the packet. 4. Wait for an acknowledgment of the frame before transmitting the next one. If none comes, retransmit. Finally, the last fundamental to learn is the two modes in which wireless devices work. In ad hoc mode, systems connect directly to one another, as if they had a direct point-to-point wire between them. Obviously, this does not require an AP, but is limited in distance and use: the two systems can communicate with each other, but not with other systems. In infrastructure mode (by far the most common), systems connect to a wireless network through a wireless access point (WAP). Within infrastructure mode, clients can be serviced in two general ways: Basic Service Set (BSS) and Extended Service Set (ESS). BSS uses a single WAP, while ESS has multiple WAPs to cover a larger distance. A user in an ESS WLAN can move from AP to AP without changing an IP address.

Installing Wireless Networks Now that you have the basics down, the actual mechanics of installing a wireless network are simple. First, if you want your wireless clients to connect to anything other than themselves (and other clients on the same WAP or WAPs), you’ll need to have a working wired network available. This typically provides your wireless clients with access out of the wireless network to the rest of the world. It may sound like an easy task to simply plug an AP into a switch—and it is. However, consider the deployment of an ESS wireless network within an enterprise. Not only will you need to think about physical locations of your APs, but you may be restricted as to which switch ports to use. If your wired enterprise network, for example, uses VLANs and trunking, you’ll need to make sure all your APs are plugged into ports servicing the same VLAN. After you verify your existing network, making sure all the ports your various APs are plugged into belong to the same VLAN and are working, you’ll need to assign an IP address to the AP. Technically, this isn’t necessarily a requirement (WAPs only work up to layer 2); however, the IP address provides for management and other features you’ll need down the road. The IP address (and associated mask, default gateway, DNS servers, and so on) can be manually defined or you can simply configure the WAP to pull one from DHCP. Once you have configured an IP address and other TCP/IP information for the WAP, you’ll need to configure the WLAN basics you wish the WAP to use. Some of the things you’ll need to tell the WAP are what standard to use, what channel to operate on, what transmitting power to use, whether it is alone or part of an ESS, and something known as the service set identifier (SSID). The SSID is simply a text word

Wireless Networking

385

(up to 32 characters) used by clients to identify which network they wish to connect to. There may (and will) be other settings you’ll wish to configure, but initially you should always keep the configuration as simple as possible. Once everything is up, running, and tested, you can come back and add all the features you want. Lastly, it’s time to test everything to see if it works. Power up a system, equipped with a wireless NIC, and attempt to connect to the network. If you happen to be using a Windows machine, the card will configure itself automatically: Microsoft built the Zero Configuration Utility into its operating system for this very purpose. A wireless card on a Windows machine running this service automatically discovers all the wireless networks it can pick up. It then attempts to connect to the strongest signal, moving down the list until it can create a connection. Once the system is connected, you can try an ipconfig /all on the machine to verify it has pulled an IP address. Finally, attempt to surf and/or connect to an internal server. If all goes well, your WLAN is working fine. If your connection does not go through, do some of the following: ■ Check the location of your client machine and the AP. If either is close to

a source of interference—or metal—communications could be adversely influenced. ■ Check your coverage area. If the AP is too far away from the client, or your

coverage area isn’t wide enough, the client cannot connect (many times this can be averted by using directional antennas). ■ Make sure the wireless NIC in your test client is enabled. Laptops have a

special switch or keystroke to enable or disable the wireless card (to save battery power). ■ Check the AP itself. Ensure the firmware (operating system) is loaded and

functioning correctly. Also, check the configuration—things like a MAC filter or simple security setting might be frustrating your test.

Review the troubleshooting tips listed here for wireless.You’ll definitely see them on the exam!

Once your test system connects and you’re sure the system is working correctly, take a stroll. By walking around with a laptop or other wireless device, you may find unexpected “holes” in your coverage area, as well as interference areas you were unaware of. Finally, after getting everything set up and tested, you can add any additional configuration options you’d like (but be sure to test each along the way), starting with security…

386

Chapter 11:

WANs and WLANs

Wireless Security Security on a wireless network may seem like an exercise in futility. In fact, many people would agree that the only way to truly secure a wireless network is to turn the WAP off. Nevertheless, you can still do a few things to make your wireless network fairly secure. Instead of concentrating so much on “totally locking down the network,” think of wireless security steps as more of an irritant to those who wish to break into your network—the more inconvenient and tough you make it, the less likely they’ll hang around in the first place. One of the easiest and most often overlooked security steps with your wireless network is good old physical security. This may seem a weird (and crazy) thing to say when discussing wireless, since by design wireless networks are accessible from anywhere within the coverage range, but that’s exactly the point. If you design your wireless network correctly, and provide for good physical security outside the building, outsider access to your network will be limited to the point of irrelevancy anyway. In other words, if you place your WAPs and directional antennas in such a manner that the RF waves don’t travel out into the parking lot, and you can reasonably expect a guard or employee to ask the stranger leaning against the building with a running laptop what he’s doing, your network is probably in pretty good shape.

Threats and Mitigations Even this, though, isn’t always enough. Despite good physical network design and security, several threats to a wireless network remain, from both inside and outside your network. Employees inside your network are oftentimes more of a risk than anything else. On one hand, an employee may be a willing and purposeful risk, by actively hacking through the network from inside. On the other, they may unwittingly provide access to an external force. By attaching their own rogue WAP inside their office and not configuring security, they might allow access to a hacker who otherwise might not have bothered with your secured network. In addition, a nonsecured WAP basically broadcasts all packets anyway, making it easy for the hacker to sniff the airwaves and steal secrets. Hackers outside the network present the second source of threats. A hacker may simply drive into the parking lot and attempt to break into the network using a laptop in their car. To get access to wireless networks, hackers often drive around with a directional antenna of their own, attempting to find an open AP—a process called war driving. If the hacker cannot find an open access point (one without

Wireless Networking

387

security configured), they may attempt to use a rogue access point. In this threat attack, the hacker simply figures out the SSID and sets up an access point outside your network using the same SSID. Users unwittingly connect to the rogue AP instead of your network AP and the hacker gets to steal secrets again. To mitigate these risks, you have three major options. First, strong mutual authentication can guard against hackers and war driving. Basically, the WAP and the client each hold a key that only the other knows about. These keys are never sent across the airways, meaning hackers cannot steal them. Without the appropriate key to authenticate, the hacker’s attempts to connect will always fail.

Be sure to review the entire section on wireless security before taking the exam. Concentrate on what the threats are and which security method is used to

combat them. Lastly, commit Table 11-3 to memory. You’ll definitely be asked to compare the encryption standards.

Protection against rogue APs (from hackers and unwitting internal employees alike) can be found in intrusion detection systems (IDSs) and intrusion prevention systems (IPSs). Both of these devices can detect and identify rogue APs, allowing the administrator to track down and eliminate the problem. Additionally, Cisco defined a Structured Wireless-Aware Network (SWAN) architecture that can help with this same problem. SWAN contains a host of processes and tools to help administrators eliminate rogues. The third major security option available is encryption. Encrypting your data provides two helpful actions. First, it ensures that the attacker cannot connect to the wireless network without first having the correct key. Second, it eliminates the worry of hackers sniffing traffic—if the packets are encrypted, they can sniff all they want. Four main encryption standards exist—WEP, WPA, WPA2, and a Cisco standard— are defined for wireless networking, and are summarized in Table 11-3. The encryption algorithms actually encrypt the data itself, using complicated mathematical formulas with a set of keys. To exchange these keys securely, both WEP and WPA use a separate protocol called TKIP (Temporal Key Integrity Protocol). TKIP is used to dynamically exchange keys, and is not an encryption algorithm on its own; however, you will see it mentioned on the exam. Lastly, both WEP and WPA use RC4, but WEP’s implementation is much weaker.

388

Chapter 11:

TABLE 11-3

Wireless Encryption Standards

WANs and WLANs

Standard

Authentication

Encryption

Defining Organization

WEP

User – None Device – Yes

Weak (RC4)

IEEE

WPA

User – Yes, using 802.1x Device – Yes

RC4*

Wi-Fi Alliance

WPA2

User – Yes, using 802.1x Device – Yes

AES

IEEE

Cisco

User – Yes, using 802.1x Device – Yes

RC4

Cisco

Wireless Encryption Standards Wired Equivalent Privacy (WEP), while being the first standard released for wireless encryption security, is exactly what it sounds like—a protocol designed to equate the same protection one would expect from a wired network. In other words, a WEP-enabled access point with ten clients would be the equivalent of a hub with ten computers plugged in. Sound secure? Of course it isn’t secure—not by a long shot. WEP was designed for one reason only—to deter casual snooping and sniffing of traffic. For two main reasons, WEP is not considered a strong encryption scheme. First, the keys are static (preconfigured on both the AP and the client systems). This results in keys not being changed frequently and, as a result, it is easier to steal them. Second, the keys are easily broken because they are short (64 bits in length) and reuse an initialization vector with many packets. A hacker, with the right tools and a little bit of patience, can simply sniff enough packets to decode the key. WEP is inherently insecure and doesn’t provide much protection against a hacker who really wants in. In fact, most publications (including this one) recommend you use one of the other encryption standards for your network. So why is WEP still used, and does it have any value? The answers are simplicity, and absolutely yes. WEP is very, very easy to set up, and home users can easily implement it. Secondly, as the old saying goes: Some security is better than no security. By sticking with simplicity, and changing the key fairly frequently, WEP makes a good choice for the average home user. A final reason for using WEP deals with the devices themselves. Older 802.11b equipment can only support WEP, so if your network makes use of this legacy equipment, WEP is your only choice. Outside of this, any business office (whether it’s the HQ or a branch office) should consider a better encryption standard.

Wireless Networking

389

Wi-Fi Protected Access (WPA) was created as a multivendor protocol to fix the problems associated with WEP. WPA uses a dynamically exchanged key, instead of the statically configured one from WEP. While the key in WEP required human intervention to change, being manually entered on both the AP and the client, keys in WPA are dynamically created and shared between the AP and client for each packet sent. This means that, even if an attacker steals a key set, they can only decrypt the single packet encrypted by it. Two final advantages offered by WPA are user authentication and vendor support. While WEP only required the device to authenticate, WPA uses 802.1(x) as an authentication method for users, providing an extra layer of security. Lastly, as an open standard, WPA is supported on almost every commercial AP and wireless NIC, making it an easy choice for security. The last two encryption standards are the Cisco proprietary version and WPA2, both created as interim solutions. The Cisco version was released between WEP and WPA. It works and acts much like WPA, adding user authentication, dynamically exchanging keys, and creating a new encryption key for each packet. However, Cisco’s solution was proprietary, only working on Cisco APs and NICs, leaving room for the Wi-Fi Alliance to create a standard for all wireless vendors: WPA2. Soon after WEP hit the scene and its security holes began to be exploited, IEEE began working on a newer security standard, known as 802.11i. Knowing this would take some time to come about as a ratified standard, the Wi-Fi Alliance created WPA as almost a stopgap between the old nonsecure method (WEP) and the upcoming secure standard (802.11i). Once 802.11i was ratified, the Wi-Fi Alliance joined in and WPA2 was born. As the official 802.11i standard, WPA2 increased the benefits offered with WPA, encrypting with a stronger standard—AES (using longer keys and a stronger algorithm).

Additional Security Options In addition to the encryption standards, most APs allow for other security settings. First, by default, APs broadcast the SSID, sending it out with every packet. Most APs allow the administrator to turn off the SSID broadcast—sometimes known as SSID cloaking. This may help deter the casual snooper, but as soon as a client with a null SSID configured queries the AP, the SSID is delivered anyway. A second, and very popular, security option works much like the port security feature on a Catalyst switch. APs keep track of all the MAC addresses connected and generally have the ability to configure MAC filtering. When MAC filtering is turned on, you can define which MAC addresses are allowed to connect: from that point forward, only MAC addresses on the list are allowed to connect. Of course, a MAC address can be spoofed, but this does provide a little more security on your network.

390

Chapter 11:

WANs and WLANs

Lastly, you can also configure MAC filtering to block a specific address, providing the ability to keep a problem client off the WLAN without adversely affecting other clients.

INSIDE THE EXAM Wide Area Networking Make sure you can differentiate between LAN, MAN, CAN, and WAN. A WAN is a layer-2 network spanning large geographic areas, making use of leased space on a variety of different lines. WANs can be circuit or packet switched, and technologies include the PSTN (dial-up), point-to-point lines (T, E, and J lines), frame relay, and ATM. Remote access technologies such as PSTN, DSL, and cable modems allow access to the Internet, which can be used with a VPN to connect remote offices. Be sure to review the speeds associated with various WAN technologies (DS0s, T1, and T3 in particular), and the vocabulary terms associated with leased lines: telco, CO, demarc, and CPE. Also, don’t forget the two main PTP encapsulation types: HDLC (Cisco proprietary and the default setting) and PPP (open standard used with any vendor router). With frame relay and ATM, stick with the vocabulary and alphabet soup. Terms to remember in frame relay are VC, PVC, SVC, CIR, and DLCI. Terms in ATM include VC, PVC, and SVC as well, but also include VCI, VPI, SONET, and SAR. Frame relay frames are variable in length, while ATM cells are always 53 bytes (5-byte header; 48-byte data). Remember NAT and PAT translate private addresses to a single public address (or from

a pool of public addresses) for Internet access. NAT is always a single-use function (only one private address can use a single public address at any given time), while PAT adds the source port number to the translation, allowing several systems to use the same public IP address simultaneously.

Wireless Networking For wireless exam questions, stick with the fundamentals. Study and memorize the standards (Table 11-2), and review the various organizations (and all frequency ranges) involved with wireless networking. Be sure you understand CSMA/CA, and know the Physical layer standards of FHSS, DSSS, and OFDM. Remember that wireless installations can be ad hoc or infrastructure, with infrastructure running BSS (one AP) or ESS (multiple APs) modes. As far as wireless security is concerned, you should know the internal and external risks involved, as well as the three mitigations for them (encryption, authentication, and intrusion detection/prevention systems). Commit Table 11-3 to memory because you’ll definitely have to compare and contract wireless encryption standards.

Certification Summary

391

CERTIFICATION SUMMARY A WAN is a computer network, spanning a large geographical distance, that’s used to connect multiple LANs together through some form of leased line. WANs are typically discussed as layer-2 technologies and fall into two main categories: circuit switched and packet switched. A circuit switched network is designed to set up a physical connection between two communicating entities, which stays up through the duration of the communication session (layer 1), while packet switched is designed to examine the destination address of data frames and make some kind of a decision on how to forward them. The packet switched network will open each link along the chain just long enough to deliver the frame: the link is then freed for use and the next link picks up where it left off. Terms associated with WANs are the service provider, telco, demarc, and CPE. A service provider (telco) is the company, owning the leased lines or circuits, that provides WAN (and/or Internet access) services. The demarc is the point in the physical pathway where the telco’s responsibility ends and the customer’s begins. The router and CSU/DSU belong to the customer, and are referred to as customer premises equipment (CPE). The lines provided by the telco are considered “long haul” lines, and can stretch for several miles. The lines within the CPE are generally short cables (less than 50 feet). The baseline speed, used for determining WAN connectivity bandwidth, is 64 Kbps and is known as digital signal 0 (DS0). Later WAN link implementations were simply conglomerations of DS0s on a given line, with the number of DS0s multiplied by 64, giving you the total bandwidth available. T1 lines run at 1.544 Mbps, T3s run at 44.736 Mbps, E1s at 2.048 Mbps, and E3s at 34.064 Mbps. Two major layer-2 protocols, specifically defined for point-to-point connections, will be covered on the exam—HDLC and PPP. HDLC is Cisco proprietary and is the default setting on all serial interfaces. PPP is nonproprietary and can be used on any device. You can use the encapsulation type command to set encapsulation on a serial interface. If you set up a back-to-back router-to-router link, you’ll need to configure clock rate on one end. Two major packet switched technologies are available for WAN links: frame relay and ATM. Frame relay is a packet switched multi-access layer-2 WAN technology providing long haul data communications to many different endpoints through one physical connection. The major difference between the topology of a leased line and a frame relay drop has to do with where the access link terminates. The access link is a cable that plugs directly into a frame relay switch inside the cloud. From the router’s perspective, each link to a branch office network is a point-to-point

392

Chapter 11:

WANs and WLANs

connection, known as a virtual circuit (VC). A VC can be preconfigured and always “on”—a permanent virtual circuit (PVC)—or established and terminated when needed—a switched virtual circuit (SVC). DLCI (Data Link Control Identifier) is the “address” used to identify the links. A Committed Information Rate (CIR) is the minimum bandwidth you’ll receive for your circuits—with more being given when the network can support it. Asynchronous transfer mode (ATM) is a cell switched WAN transport technology that works much like frame relay. The ATM cell is always the same size—53 bytes. ATM cells always have a 48-byte data field and a 5-byte header. ATM cell headers have two fields to keep track of VCs: the virtual path identifier (VPI) and the virtual channel identifier (VCI). Segmentation and reassembly (SAR) segments larger Ethernet frames into cells and reassembles them on the destination switch. Engineers can use analog modems to connect across the PSTN. This access method is also commonly referred to as “dial up” networking. DSL also uses the PSTN, but is “always on.” The DSL Access Multiplexer (DSLAM) accepts all voice and data network from local loops. Data signals (higher than 4000Hz) are split off to the Internet, while voice signals (0–4000Hz) are sent through the regular PSTN switches. Symmetric DSL means that the speeds are the same in both directions, while asymmetric DSL offers different upload and download speeds. If the local loop exceeds 18,000 feet, then your DSL will not work at all. Cable modems are also considered an always-on service, with high data speed available, and can support asymmetric speeds over a single wire. Cable service can stretch for very long distances. Cable services do not provide a consistent data rate throughout the day: The more users on the cable, the slower the network runs. To allow systems with private IP addresses the ability to surf to the Internet, you can use one of two technologies: Network Address Translation (NAT) or Port Address Translation (PAT). NAT translates Network layer private addresses to public addresses, and runs on a router, server, or firewall. PAT adds the port number to the translation, allowing multiple privately addressed systems to use the same public address simultaneously. Inside local refers to the private address used in the IP header as a packet moves from an internal host to the router. Inside global refers to the public address NAT used in place of the internal private address for routing outside the internal network. Lastly, the interfaces on the router are designated as well: the inside interface is the router port facing the internal network, while the outside interface is the port facing the Internet. All you need for wireless networking is an existing network, an access point (referred to as an AP, or sometimes as a wireless access point [WAP]), clients with wireless NICs, and a security/services configuration. WLANs always run at half duplex,

Certification Summary

393

and use CSMA/CA for media access. The 802.11 series are the wireless standards regulating WLANs: 802.11a uses the 5GHz range and runs at 54 Mbps, 802.11b uses 2.4GHz at 11 Mbps, and 802.11g uses 2.4GHz at 54 Mbps. The three methods for encoding data signals into RF waves are Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency Division Multiplexing (OFDM). The actual speeds you get from any given wireless access point depend greatly on interference and attenuation. Interference should be relatively easy to understand by this point: Wireless messages travel over the air, where other RF waves may interfere with their transmittal. Wireless networks have two modes: ad hoc and infrastructure. In ad hoc mode, systems connect directly to one another as if they had a direct point-to-point wire between them (they don’t require an AP). In infrastructure mode, systems connect to a wireless network through a wireless access point (WAP). Within infrastructure mode, you have two main methods for servicing clients: Basic Service Set (BSS) and Extended Service Set (ESS). BSS uses a single WAP, while ESS has multiple WAPs to cover a larger distance. A user in an ESS WLAN can move from AP to AP without changing an IP address. The service set identifier (SSID) is a text word (up to 32 characters) used by clients to identify which network they wish to connect to. During installation, always keep the initial configuration as simple as possible. Once everything is up, running, and tested, you can come back and add all the features you want. If your connection does not go through, check the location of your client machine and the AP, as well as your coverage area. Threats to wireless can come from inside or outside. Internal users may unwittingly provide access to the network. Outside, hackers often drive around with a directional antenna of their own, attempting to find an open AP in a process called war driving. To mitigate against these risks, you have three major options available: authentication, IDS and/or IPS, and encryption. Encryption standards include WEP, WPA, WPA2, and a Cisco standard. WEP is considered a weak encryption protocol, sufficient only to deter casual snooping. WPA and WPA2 are recommended options today.

394

Chapter 11:

✓

WANs and WLANs

TWO-MINUTE DRILL Wide Area Networking ❑ A WAN is a computer network, spanning a large geographical distance,

used to connect multiple LANs together using some form of a leased line. A circuit switched WAN is designed to set up a physical connection between two communicating entities, which stays up through the duration of the communication session (layer 1). A packet switched WAN is designed to examine the destination address of data frames and make some kind of a decision on how to forward them. ❑ A service provider (telco) is the company, owning the leased lines or circuits,

that provides WAN (and/or Internet access) services. The demarc is the point in the physical pathway where the telco’s responsibility ends and the customer’s begins. The router and CSU/DSU belong to the customer, and are referred to as customer premises equipment (CPE). ❑ T1 lines run at 1.544 Mbps, T3s run at 44.736 Mbps, E1s run at 2.048 Mbps,

and E3s run at 34.064 Mbps. ❑ Two major layer-2 protocols specifically defined for point-to-point connec-

tions are covered on the exam: HDLC and PPP. HDLC is Cisco proprietary and is the default setting on all serial interfaces. PPP is nonproprietary and can be used on any device. You can use the encapsulation type command to set encapsulation on a serial interface. ❑ Frame relay is a packet switched multi-access layer-2 WAN technology

that provides long haul data communications to many different endpoints through one physical connection. A virtual circuit (VC) defines the connection between the two remote switches. The DLCI (Data Link Control Identifier) is the “address” used to identify the links. A Committed Information Rate (CIR) is the minimum bandwidth negotiated for a circuit. ❑ Asynchronous transfer mode (ATM) is a cell switched WAN transport tech-

nology that uses 53-byte cells (a 48-byte data field and a 5-byte header). Two fields keep track of VCs: the virtual path identifier (VPI) and the virtual channel identifier (VCI). Segmentation and reassembly (SAR) segments larger Ethernet frames into cells and reassembles them on the destination switch. ❑ Analog modems can be used to connect across the PSTN—commonly referred

to as “dial up” networking.

Two-Minute Drill

395

❑ DSL is an “always on” technology, allowing digital and voice signals on the

same line simultaneously (a call and a data session can be run at the same time on the same line). The DSL Access Multiplexer (DSLAM) splits local loop digital signals (higher than 4000Hz) from voice signals (0–4000Hz). Symmetric DSL means the speeds are the same in both directions, while asymmetric DSL offers different upload and download speeds. If the local loop exceeds 18,000 feet, DSL will not work at all. ❑ Cable modems are an always-on service, with high data speeds available, and

can support asymmetric speeds over a single wire. Cable service can stretch for very long distances, but do not necessarily provide a consistent data rate throughout the day: the more users on the cable, the slower the network runs. ❑ NAT translates Network layer private addresses to public addresses, and runs

on a router, server, or firewall. PAT adds the port number to the translation, allowing multiple privately addressed systems to use the same public address simultaneously. Inside local refers to the private address used in the IP header as a packet moves from an internal host to the router. Inside global refers to the public address NAT uses in place of the internal private address for routing outside the internal network.

Wireless Networking ❑ WLANs need an existing network, an access point, clients with wireless

NICs, and an appropriate configuration. WLANs always run at half duplex, and use CSMA/CA for media access. ❑ The 802.11 series makes up the wireless standards regulating WLANs.

802.11a runs at 5GHz, up to 54 Mbps, and is not compatible with other standards. 802.11b runs at 2.4GHz, up to 11 Mbps. 802.11g runs at 2.4GHz, up to 54 Mbps, and is backward-compatible to 802.11b. ❑ The three most common unlicensed frequency bands are 900KHz (older cord-

less phones), 2.4GHz (newer cordless phones and both 802.11b and 802.11g), and 5GHz (newer cordless phones and both 802.11a and 802.11n). ❑ The three methods for encoding are Frequency Hopping Spread Spectrum

(FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency Division Multiplexing (OFDM). ❑ The steps taken by a system using CSMA/CA are 1) listen to make sure the

media is clear (no one else is transmitting); 2) run a timing algorithm to wait

396

Chapter 11:

WANs and WLANs

a certain, random amount of time before transmitting; 3) when the timer is up, verify the line is still clear and transmit the packet; and 4) wait for an acknowledgment of the frame before transmitting the next one: if none comes, retransmit. ❑ In ad hoc mode, systems connect directly to one another, without requiring

an AP. Ad hoc is limited in distance and use: the two systems can communicate with each other, but not to other systems. ❑ In infrastructure mode, systems connect to a wireless network through a wire-

less access point (WAP), allowing access to other resources in the network. Within infrastructure mode, Basic Service Set (BSS) uses a single WAP, and Extended Service Set (ESS) has multiple WAPs to cover a larger distance. A user in an ESS WLAN can move from AP to AP without changing an IP address. ❑ The service set identifier (SSID) is a text word (up to 32 characters) used by

clients to identify which network they wish to connect to. During initial install, always keep the configuration as simple as possible. SSIDs are broadcast by APs. Turning off SSID broadcast is known as SSID cloaking. ❑ War driving is the process of driving around and searching for open access

points to connect to. ❑ The four main encryption standards—WEP, WPA, WPA2, and a Cisco

standard—are defined for wireless. WEP is a weak standard, using a manually defined key set, and is only used to deter casual snooping. It is NOT considered secure. ❑ WPA and WPA2 use dynamically exchanged keys and strong authentication

to address some of the shortcomings of WEP.

Self Test

397

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Wide Area Networking 1. Your business expands and you open a new office in a city several miles away. Your network appears in Figure 11-7. Which of the following statements is/are true regarding your network? A. The area indicated by “A” represents CPE. B. The area indicated by “B” represents CPE. C. The point indicated by “C” represents the demarc. D. The point indicated by “D” represents the demarc. 2. At what speed does a T3 line operate? A. 1.544 Mbps B. 2.048 Mbps C. 34.064 Mbps D. 44.736 Mbps 3. A network engineer connects two routers back to back in a lab configuration. On RTR1, the commands ip address 192.168.1.1 255.255.255.0, encapsulation PPP, clock rate 64000, and no shutdown were entered on the serial interface. On RTR2, the commands ip address 192.168.1.2 255.255.255.0 and no shutdown were added to the serial interface. After verifying the serial cable is correctly installed (DCE end is plugged in on the correct side), a PING sent across the line fails. Why did the PING fail? A. The clock rate 64000 command must be configured on RTR2’s serial interface. B. Both ends of the connection require the bandwidth command.

B

FIGURE 11-7

Question 1, leased line

CSU/DSU

CSU/DSU WAN Switches

A

C

D

398

Chapter 11:

WANs and WLANs

C. The IP addresses are in two different subnets. D. The encapsulation is not set correctly. 4. Your business expands and you open new offices in five other cities several miles away. You have chosen frame relay as your WAN transport technology. Which of the following is/are true regarding your network? A. The router at the headquarters building will require a minimum of five interfaces for WAN connectivity. B. The router at the headquarters building only requires one interface for WAN connectivity. C. The headquarters router uses between one and five different DLCIs when building a frame for WAN transport. D. The headquarters router uses only one DLCI for every frame sent to the WAN. 5. An Ethernet network uses ATM as a WAN transport to another Ethernet network on the far end. A frame of 1500 bytes is sent from a host in one network to a host in the far end network. What does the router do with the packet to send it through the ATM network? A. The router affixes a 53-byte ATM header to the packet and forwards the frame to the ATM switch. B. The router affixes a 5-byte ATM header to the packet and forwards the frame to the ATM switch. C. The packet is segmented into 48-byte segments, and a 5-byte header is added to each new segment. D. The packet is segmented into 5-byte segments, and a 48-byte header is added to each segment. 6. A small business owner wants an always-on Internet service running at high speeds. While researching the options, he finds he is 19,000 feet from the nearest telco switch. Which technology is the best choice for this scenario? A. Dial up, using the PSTN B. Cable modem C. ADSL D. HDSL 7. A user inside your network sends an Internet request. The source address is 172.16.1.5, the source port number is 2553, and the destination IP address is 200.88.90.7. PAT is running on your external router and has 199.55.66.3 as the public IP address assigned for use. Which of the following is/are true regarding the Internet request and PAT? A. 199.55.66.3 is the inside local address. B. 172.16.1.5 is the inside local address. C. When the packet leaves the router for the Internet, the destination address will be changed to 199.55.66.3.

Self Test

399

D. When the packet leaves the router for the Internet, the source address will be changed to 199.55.66.3. E. The destination server will respond to 172.16.1.5, destination port 2553. F. The destination server will respond to 199.55.66.3, destination port 2553.

Wireless Networking 8. Which WLAN standard operates at the 5GHz range, running at speeds up to 54 Mbps? A. 802.11a B. 802.11b C. 802.11g D. 802.11i 9. Which WLAN infrastructure mode allows a client to move throughout the building, passing from one access point to another, without changing IP addresses or losing connectivity? A. BSS B. ESS C. Roaming D. None of the above 10. Which encoding method is used by 802.11b? A. FHSS B. OFDM C. DSSS D. WEP 11. How is media access controlled in wireless networking? A. By CSMA/CA. B. By CSMA/CD. C. By OFDM. D. By DSSS. E. Media access is not a concern, since the transmissions are always full duplex. 12. A computer establishes a connection over wireless with another computer, without the use of an AP. Which of the following is true regarding this connection? A. The connection is in ad hoc mode. B. The connection is in infrastructure mode. C. The systems can communicate with other computers in the network. D. The systems can only communicate with each other.

400

Chapter 11:

WANs and WLANs

13. A client laptop is having trouble communicating over the 802.11b wireless connection. You find the laptop connects fine at your office, but does not communicate well when the user returns to their office. Additionally, no other WLAN users are complaining. What is a possible explanation for the problem? A. The laptop NIC is set to 802.11a. B. The laptop NIC is set to full duplex. C. The AP is too close to a source of interference. D. The user’s office is too close to a source of interference. E. The user’s office is too far away from the AP. 14. After explaining some of the risks involved with wireless networking, the customer asks what methods can be put in place to protect against rogue APs on the network. Which of the following are effective mitigations? A. IDS B. IPS C. SWAN D. Strong authentication E. All of the above 15. What features make WPA a stronger encryption choice than WEP? A. Authentication, using AES B. Authentication, using 802.1x C. Manually assigned keys D. Dynamic key exchange

Self Test Answers

401

SELF TEST ANSWERS ✓ A and C. The CPE normally includes the CSU/DSU, short cabling, and router. The 1. ® demarc is typically at the end of the cable plugging into the CSU/DSU from the telco side. ® ˚ B. This area belongs to the telco (long haul lines and switches). D. This is not the demark. ✓ D. T3 lines operate at 44.736 Mbps. 2. ® ® ˚ A. This is the speed for a T1 line. B. This is the speed for an E1 line. C. This is the speed for an E3 line. ✓ D. HDLC is the default encapsulation on Cisco router serial ports. Because one end was set to 3. ® PPP, the connection will not work. You can either use the no encapsulation ppp command on RTR1 (so both ends will be HDLC) or configure encapsulation ppp on RTR2. ® ˚ A. clock rate is only required on one end of the connection. B. bandwidth is always an optional command. C. Both IPs are in the same subnet (192.168.1.0/24). ✓ B and C. One advantage of using frame relay is that routers only need one physical interface 4. ® to represent many VCs for communication across the cloud. Each VC is identified by DLCI addresses on the routers; therefore, the HQ router would have several DLCIs to choose from when packaging a frame for delivery across the WAN. ® ˚ A. Only one physical interface is required. D. Each VC will have a different DLCI. ✓ C. Segmentation and reassembly on ATM segment a larger Ethernet frame into the 53-byte 5. ® cells ATM uses for transport. A total of 48 bytes are taken and a 5-byte header is added. On the far end switch, all segments are put back together for delivery into the Ethernet network. ® ˚ A and B. ATM only transmits 53-byte cells; therefore, an Ethernet frame cannot simply have a header attached and be sent through. D. This is a false statement. ✓ B. Cable modem service is the only choice that complies with always-on, high speed, and 6. ® distance. ® ˚ A. Dial up is not always on and is a slow choice. C and D. The customer is outside the 18,000 foot restriction for DSL service. ✓ B, D, and F. The inside local address (172.16.1.5) will be swapped for the public IP 7. ® (199.55.66.3) in the source address field of the outgoing frame. The recipient server will answer to 199.55.66.3 using the port number 2553, never seeing that the request came from 172.16.1.5. ® ˚ A. This is the inside global address. C. The destination address will not change—the request is still intended for the server, not the router! E. The destination server will not respond to 172.16.1.5. If PAT is running, it will never see that address—only the public IP PAT is using. ✓ A. 802.11a uses the 5GHz (U-NII) frequency at speeds of up to 54 Mbps. 8. ® ® ˚ B, C, and D. These standards do not use 5GHz.

402

Chapter 11:

WANs and WLANs

✓ B. Extended Service Set is the correct mode, allowing multiple APs within a single network. 9. ® ® ˚ A. Basic Service Set is for only one AP. C and D. These choices are incorrect. ✓ C. 802.11b uses DSSS as an encoding technique. 10. ® ® ˚ A. FHSS is no longer used in modern standards. B. OFDM is used by 802.11g and 802.11n. D. WEP is an encryption standard. ✓ A. CSMA/CA is the media access method used in wireless. 11. ® ® ˚ B. CSMA/CD is used in wired Ethernet networking. C and D. OFDM and DSSS are encoding methods. E. This is a false statement—wireless always runs in half duplex. ✓ A and D. Ad hoc mode directly connects two systems together, as if with a point-to-point 12. ® wire. Ad hoc systems can only communicate with one another—systems on the network are unavailable. ® ˚ B. This is an ad hoc, not an infrastructure, connection. C. This is a false statement. ✓ D and E. The communications problem is being caused by either interference or 13. ® attenuation (distance). ® ˚ A. If the NIC were set to the wrong standard, the system could not connect inside the administrator’s office. B. Wireless NICs cannot be set to full duplex. C. If the AP were at fault, all wireless users would be complaining. ✓ E. All of the choices are effective mitigations against rogue APs. 14. ® ® ˚ A, B, C, and D. All are effective; therefore, the choice should be “All of the above.” ✓ B and D. WPA added authentication using the 802.1x standard, as well as the dynamic 15. ® creation and sharing of keys. ® ˚ A. AES performs encryption. C. WPA uses dynamic key exchange.

12 Applications, Security, and Troubleshooting CERTIFICATION OBJECTIVES 12.01

Application Fundamentals

12.02

Network Security

12.03

Troubleshooting

✓ Q&A

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

Two-Minute Drill Self Test

404

Chapter 12:

Applications, Security, and Troubleshooting

N

ow that you’ve reached the last chapter, we have good news and bad news for you. First, the good news: Congratulations—you’re almost to the finish line! As for the bad news… This last chapter is so packed with information it’s probably going to feel like another entire book to you. Much of the information will be new, while some will be a refresher of things we covered earlier. In any case, this chapter takes a look at the impact that applications have on our network, and how we use some of them. This is followed by a discussion of network security, including threats and mitigations. We then conclude with perhaps the most important topic, test-wise, of the whole book: troubleshooting.

CERTIFICATION OBJECTIVE 12.01

Application Fundamentals After pulling together all the configuration commands, all the theory, and all the aspects of networking equipment and data flow to build a network, it should come as no surprise that the various data and applications running on the network can either contribute to the network’s overall health, or have an adverse effect upon it. In other words, it’s one thing to build a network on paper, it’s another to see it in practice. Some applications won’t work as diagrammed because of some tiny little feature you’ve overlooked. Sometimes data patterns have effects you can’t even begin to plan for until you see them. In this section, we’ll take a look at some of the applications that use the network, and explore things we can do—for and with them—to contribute to the network’s well-being.

Application Needs and Quality If all applications behaved the same, networking would be a piece of cake. Unfortunately, though, applications create all sorts of different traffic patterns, and come with their own set of specific resource needs and requirements in order to function. For example, let’s first consider the perfect network—a utopian creation that could never be. This “Utopianet” of ours contains an unlimited amount of bandwidth, and each application has more than it would ever need dedicated to it. No packets sent by an application on our Utopianet are lost, so there is no need for any retransmissions. Also, packets see almost no delay from sender to recipient

Application Fundamentals

405

and, as packets are received by a system on the Utopianet, what little delay there is between them is constant and set in stone. While this would be a great network for our users, it would be horrible for us as networkers. After all, if it worked that well, we’d be out of a job! In all seriousness, the Utopianet points out the effect our applications have on the network. Some transmit great amounts of data at irregular times, while others send a steady stream. Some require massive amounts of bandwidth for short amounts of time, while others require a smaller bandwidth, but need it constantly available. Some can respond to retransmission requests, recover from errors, and deal with delay issues, while others cannot.

Quality of Service (QoS) The four major areas of concern when planning for, and watching, applications on the network are bandwidth, loss, delay, and jitter. Bandwidth and loss have been covered already throughout the course of this book. When it comes to applications, you’ll need to know what bandwidth requirements each of your applications will need. For example, file transfers require a large amount of bandwidth, while a chat or telnet session requires only a little. Loss refers to the loss of a single (or multiple) packet in a transmission from sender to receiver. Applications using TCP rely on the Transport layer to handle retransmission requests, while others, using UDP, must request these retransmissions themselves. Delay and jitter are new and fairly interesting topics for us. Delay refers to the length of time required for a packet to move from the source to the destination over a network path. Delay is interjected into packet transmittal by a number of different factors—cable lengths, interference, the number of devices between the two systems, and, of course, the bandwidth consumption of other applications—and so these need to be controlled as much as possible. Jitter refers to the variation in packet transmit delay. In other words, packet 1 might experience a delay of 2 microseconds, while packet 2 sees a delay of 5 microseconds. An application may be able to deal with delay just fine, so long as it is constant. Jitter measurements are generally measured as low (better, with little variation in delay) or high (worse, with a wide variation in delay from packet to packet). The unique combination of these four requirements is generally referred to as the Quality of Service (QoS) needs of the application. QoS has become a networking field in and of itself, with entire books written to address it, and a large variety of tools, equipment, and practices created to implement it. The reason for this is twofold: file transfers, e-mail, database maturation, HTTP, HTTPS, and graphics programs increasingly consume bandwidth as they become more and more ubiquitous, and as the integration of voice and video with data increases. Thankfully, on the CCENT

406

Chapter 12:

Applications, Security, and Troubleshooting

exam, you’ll only need to know what it is and why QoS is a concern for network engineers. A good way to understand the QoS needs of applications is to take a look at one that is rapidly finding its way into our networking world: Voice over IP (VoIP).

Voice over IP (VoIP) Instead of keeping voice on separate lines (telephone for voice, networks for data), many companies are now marrying the two. VoIP phones allow speech and sound to be converted into digital bits for delivery across a network (see Figure 12-1 for a visual). So long as bandwidth is available, all traffic—voice and data—can be transmitted across the same wires. VoIP actually only uses a small amount of bandwidth (around 30 Kbps per call), which makes it easy on at least one requirement. However, VoIP adds some other QoS concerns to a network. If you think about a telephone conversation, the QoS concerns about VoIP make perfect sense. Delay and jitter are obvious: anyone who’s ever spoken on a telephone line overseas understands how delay can adversely affect the conversation! VoIP requires very low delay and jitter for it to be effective. In fact, the delay (less than 2 milliseconds) and jitter (less than 30 milliseconds) are generally much lower than other applications.

Be familiar with the four concerns QoS must address. Make sure you understand VoIP’s requirements in

FIGURE 12-1

VoIP transmission

this regard: very low delay and jitter, not a lot of bandwidth, and mediocre concern over loss.

VoIP Phone VoIP CODEC Electrical Analog Signal Converted Signal (Analog to Digital Bits) Frame Header

IP

UDP

Digital Voice

FCS

Application Fundamentals

407

Loss may also seem like a concern—and it is—but it’s not as big a deal as you might think. When you’re having a conversation with a friend or colleague and a loud noise interrupts you, many times you won’t have to ask for the person to repeat what they were saying; humans are simply smart enough to deal with it. On a VoIP phone, lost packets are simply lost. The phones do not bother to ask for retransmissions because the time delays would result in a choppy conversation. In other words, lost packets may sound like a small break in the conversation, but they are generally so small you don’t even notice them. Therefore, there is no need for the application to ask for a retransmission. Video over IP is quickly becoming the “must have” application for today’s networks. Video requires a lot more bandwidth than VoIP, but has many of the same QoS concerns. And if you think bandwidth is a concern now, wait until your customers tell you they not only want video, but high-definition video!

telnet (SSH) While we’ve already covered telnet in general (configuring line vty 0 15 with passwords, login, and so on), the application is so common and so often used, we need to dig into it a little deeper. telnet is used to remotely connect to a router or a switch for configuration or monitoring functions. However, what we haven’t covered up to this point is a telnet session from a router or a switch. Normally, a telnet session is established from a laptop or PC to a router or switch. However, it’s sometimes easier and even better to telnet from a router or switch directly to another router or switch. Whether it’s telnet or SSH, establishing a connection between devices can help eliminate problem areas in your network. For example, you cannot ping or connect to a device in another subnet from your PC, but a telnet session from the router works great in indicating a problem on your end of the network.

You will definitely see suspended telnet/SSH session questions on the exam. Remember, to suspend a session press CTRL-SHIFT-6 and X.To resume a session, type show sessions to find what number session it is, then type resume # (if you just press ENTER after returning from a

suspended session, the most recently closed telnet session will be opened). Additionally, the show sessions output will display an asterisk (*) beside the session that will be returned if the resume command does not have an argument.To close a suspended session, use disconnect #.

408

Chapter 12:

Applications, Security, and Troubleshooting

The other benefit of telnet or SSH from a router or switch is the suspend feature. With suspend, you can open several telnet sessions from one device concurrently, allowing you to troubleshoot and configure things much easier. To open a telnet session from CLI, simply use the telnet ipaddress command, and to suspend it, use CTRL-SHIFT-6 followed by X. Lastly, you can use the resume # command to resume a given suspended connection. An example of this is shown in the following code: RTR1# telnet rtr2 Trying RTR2 (192.168.1.2)… Open User Access Verification Password: RTR2> !!! Notice the prompt changes to RTR2 !!! User now types CTRL-SHIFT-6 and X to suspend the session. The prompt returns !!! to RTR1 RTR1# telnet RTR3 Trying RTR3 (192.168.2.2)… Open User Access Verification Password: RTR3> !!! Prompt now shows RTR3 !!! User now types CTRL-SHIFT-6 and X to suspend the session. The prompt returns !!! to RTR1 RTR1# show sessions Conn Host Address Byte Idle Conn Name 1 RTR2 192.168.1.2 0 0 RTR2 * 2 RTR3 192.168.2.2 0 0 RTR2 RTR1# resume 1 [Resuming connection 1 to RTR2…] !!! The prompt returns to the suspended session on RTR2… RTR2> !!! User now types CTRL-SHIFT-6 and x to suspend the session. The prompt returns !!! to RTR1 RTR1# disconnect 2 Closing connection to RTR3 [confirm] !!!User must press ENTER to confirm

Notice that CTRL-SHIFT-6 X drops the user back to their router, suspending the session. The show sessions display shows all active telnet/ssh sessions, providing the number for the resume command. Additionally, note the asterisk beside session 2: if the administrator uses the resume command with no argument

Application Fundamentals

409

afterward, this is the session the router would default to. On a last note, if the user drops back to their router and immediately hits enter, they will be sent to the most recently suspended telnet session. Want to get really confused on telnet/SSH? Establish a connection to another router, then start and suspend sessions on the remote router… Obviously, you can get telnet crazy—and lost—very easily. Just keep track of the prompt names and you’ll be fine.

EXERCISE 12-1 telnet Sessions This short exercise will help reinforce your knowledge of telnet, using Boson’s NetSim simulator. You can find a picture of the network diagram for the simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 12-2, and then click the Load Lab button. 1. Power on the 2960-1 switch and enter Global Configuration mode. a. At the top of the simulator in the menu bar, click the eSwitches icon and choose 2960-1. b. Log in by typing Bob and CCENT as the username and password. c. Type enable and then press ENTER, followed by entering CCENT as the password. 2. telnet to the 2960-2 switch (SW2). Verify connectivity and then suspend the session. a. Type telnet SW2 and press ENTER. b. Log in using userID Sally and the password Cisco. c. After the prompt changes to SW2#, type show users and press ENTER to see the telnet session logged. d. Suspend the session by pressing CTRL-SHIFT-6 together, then X. The prompt should change back to SW1. 3. Start a second telnet session to the 2600 router (RTR1). Verify connectivity and then suspend the session. a. Type telnet RTR1, and then press ENTER. b. Log in using userID Bob and the password Cisco.

410

Chapter 12:

Applications, Security, and Troubleshooting

c. After the prompt changes to RTR1#, type show users, and then press ENTER to see the telnet session logged. d. Suspend the session by pressing CTRL-SHIFT-6 together, then X. The prompt should change back to SW1. 4. Use show sessions and resume to move between open telnet sessions. Exit from both sessions. a. Type show sessions, press ENTER, and examine the output, which should display both suspended sessions. b. Type resume 2 and press ENTER to resume the connection to RTR1. Notice that the prompt changes to RTR1. c. Type exit and press ENTER to close the connection. The prompt will return to SW1. d. Type disconnect 1 and press ENTER to close the session to SW2.

CERTIFICATION OBJECTIVE 12.02

Network Security Just a few years ago, security was treated as an afterthought. Network engineers didn’t bother with it up-front because it was an annoyance—something that slowed things down and resulted in more user calls to the help desk. In today’s world, though, security has vaulted to the forefront. Hackers today are organized, intelligent, and hard to stop. New attack vectors pop up every day, and companies are spending millions of dollars for professional “white hat” hackers to help secure their networks. In this section, we’ll take a look at some of the threats to network security and some ways to help protect against them.

Threats and Attacks While we’re only providing a brief overview here, covering the basics you’ll need for the exam, an entire series of books could be written on the information covered in this section. The threats to your network are ever-increasing, the attacks used to exploit them are ever-evolving, and your available responses are always changing.

Network Security

411

It’s literally impossible to become a security expert in the span of one-third of a chapter. What we can do, though, is hit some of the more important aspects and give you a strong foundation on which to move forward. In the rest of the section, we’ll cover the threats your network faces and some of the attack vectors you may see. If you intend on sticking with the networking field (and, since you’re still reading we can only assume you are), we cannot stress enough how important security is in today’s world—especially if you plan on working on a government or medical facility network. Networks must comply with thousands of standards and manuals to be accredited (if you’re in that arena), and just as many security professionals are trying to get it done. For your own career advancement, outside of the CCENT exam, get a good book on network security and keep up with the latest happenings. In the network security world, threats, vulnerabilities, impacts, and risk are all part of a formula for determining the overall security of the network. There is a strong difference between a threat and a vulnerability, and together with impact they determine risk. The threat is a person or entity that is capable of exploiting a vulnerability on your network. The vulnerability is any security exposure, created by human error or action, hardware, software, or other configuration, that presents a target for a potential threat. The impact is, of course, what happens if the vulnerability is exploited by a threat—Just how much damage can be caused? For any of the three to particularly matter on your network, though, the others have to be present. For example, the threat of an external hacker gaining access to the wireless network I’m using right now is real, and the vulnerability does, indeed, exist. However, the risk is minimal: our wireless network is secured, restricted to the building, and if a hacker was to gain access to the AP, the impact would be minimal to none. The point here is, when it comes to overall security posture, make sure you take all four items into account: if any of the four is zero, then that particular security concern is probably okay. Note: Cisco does not test for knowledge about threat, vulnerability, impact, and risk. The definitions and write-up here are only included for your understanding of the material and to help you in your job. Threats to your network are everywhere. Internal users, external hackers, and viruses are but a few of them. For example, a hacker can attempt to come into the network behind your firewall, using an available wireless connection set

412

Chapter 12:

Applications, Security, and Troubleshooting

up for internal users. Another threat source could come from an unsuspecting telecommuter, working at home on their company laptop and connecting with a DSL line to the Internet. A hacker on the Internet may have a variety of options at his disposal, as home networks typically do not have the same security features as the business network. The telecommuter may take secret files and data home, unknowingly providing an easy target for the hacker, or have his system fall victim to a virus or other hacker script. If the laptop becomes infected and is taken back to the business network, the hacker may now gain a back door entry to the network. Another area to be aware of on your network may not seem very important at first, but it’s probably the most difficult to protect against. Internal computers may not have appropriate virus signatures or security patches, making them vulnerable to virus or attack. If a user connects a modem to their PC, this opens another avenue of attack for a “war dialer” (a program used by hackers to dial multiple numbers in search of a modem), which may be invisible to your monitoring programs (IDs and so on). Lastly, don’t forget the users sitting behind those systems. If you were to ask where the biggest threat to a network resides, most people would likely point to a hacker somewhere in a basement or on a college campus, busily trying to steal secrets and money. However, ask any network security professional and 100 percent of the time (assuming they are good network security professionals) they’ll answer, “A trusted user sitting inside my network.” Many times, engineers spend all their time and energy on protecting the network border from attack—keeping the bad guys outside. Just as much attention, though, should be paid to the threat your internal users present. Why is this such a concern? Simple—they do not have to break in to your network, they’re already there. A user may be disgruntled, opportunistic, or simply fall victim to social engineering (a nontechnical avenue of attack that uses a variety of techniques to manipulate and deceive users into divulging passwords or other secrets). As you can see, threats and vulnerabilities are everywhere and while these were just a few examples, you should be on the lookout for many, many others things. With these threats lurking around, looking for vulnerabilities to exploit, it’s helpful to know which attacks they can use. For the most part, the CCENT exam categorizes network attacks into three main types: access, Denial-of-Service, and reconnaissance. An access attack is designed to steal secrets and data, and can be attempted via social engineering or any number of software applications. Two of the more common access attacks are phishing and scanning. Phishing is the “art” of deceiving a user into freely giving passwords and other secrets by sending illegitimate, yet convincing, e-mails—generally pushing the user to a fake web site. The best defense against any form of social engineering (phishing, piggybacking, and

Network Security

413

so on) is good old education—make sure users are aware of phishing methods and always remind them to never give out passwords! Other access attacks are carried out by a large variety of software tools. Scanners are applications that send TCP/UDP requests to open ports in an attempt to gain access to the system. The responses to these requests can also tell the hacker which operating system the target host is using, as well as which applications are open on it. Denial-of-Service (DoS) attacks are exactly what they sound like—attacks designed to deprive legitimate users access to a resource they are otherwise authorized to access. DOS attacks can be against a single user, computer, resource, or the entire subnet, and can originate from a single source, or from multiple sources (which is known as a Distributed Denial of Service; DDOS). DoS attacks come in many varieties, but three methods are most often used to enact a Denial of Service. Some DoS attacks seek to harm hosts and applications by simply destroying data, while others are designed to cause the host operating system to fail, through a variety of different methods. Finally, some DoS attacks send large amounts of packets to a subnet, flooding it with useless information to the point where the subnet is unusable. The best defense against any DoS attack is good monitoring, using an IDS or IPS. Note: Cisco sometimes refers to DoS attacks as destroyers, crashers, and flooders, respectively.

The CCENT exam doesn’t spend an inordinate amount of time on security, but you will definitely see a few questions from this section. Be sure you know what types of attacks are present (access, DoS, and reconnaissance) and what tools are available (social engineering

and phishing, sniffers and scanners, spyware and malware, and viruses and worms). Lastly, be sure to familiarize yourself with the different attack vectors (such as open wireless access points, vulnerable telecommuters, and internal users) available for a hacker.

The final attack is quite possibly the most concerning. Reconnaissance attacks are designed to simply gather information. The reason these attacks are so problematic is that they are often very difficult to see. For example, one of the easiest things a hacker can do is simply install a sniffer on the network. A sniffer is an application running on a system that captures all packets passing by. Some sniffers are even

414

Chapter 12:

Applications, Security, and Troubleshooting

advanced enough to put together streams of data, pulling passwords and other secrets sent over the line. Spyware and malware are also software tools used by the hacker. Installed on the target system, they keep track of user activity, providing valuable information to the hacker. Reconnaissance attacks can also be accomplished by using a ping sweep. A ping sweep simply sends ECHO requests to every address in a given subnet in an attempt to discover which hosts are active. Finally, another very dangerous software package available for access attacks is known as a keylogger. Keylogger software simply keeps track of every keystroke the user makes. Keyloggers can also be hardware in nature—an internal hacker with physical access to the system can install a small keylogger between the keyboard and system, coming back later to pick it up. In any case, whether through software or hardware, these attacks often run in the background without the engineer even knowing what is going on.

Mitigations While learning about the multiple threats and varied attack vectors aimed squarely at your network may put most sane people into a panic, rest assured—plenty of defense mechanisms are available for your network. The key to network security is not to rely on any one mitigation. Rather, implement as many layers of protection as you can. Cisco refers to this concept as security in depth, but you may also see it written as defense in depth. The idea behind this concept is that you may forget a specific security configuration step on the perimeter, but having multiple levels behind it will more than make up for it. Mitigations in “security in depth” include antivirus programs, intrusion detection, VPNs, and network design. Antivirus applications, obviously, are designed to protect your network and systems against viruses and malware. Many antivirus programs can also protect against spyware and many DoS attacks. Each virus contains a specific signature, due to its makeup and code. Antivirus works by examining files and applications and comparing them against a list of signatures. If the signature appears, the file or application is cleaned up, or placed in quarantine. The key to this level of your defense is twofold. First, the antivirus program is only as good as the signature file itself—keep it up-to-date and you’re well protected. If you are using an outdated signature file, the antivirus program cannot protect against any new viruses. Secondly, the program will only work if it is enabled. This may sound obvious, but it is fairly common to have users disable their antivirus software to speed things up.

Network Security

415

Cisco lumps antivirus into a e-mail/URL filtering are all part of Cisco’s large group of tools referred to as “anti-x.” recommended anti-x package. Antivirus, anti-spyware, anti-spam, and Another mitigation technique available to engineers is intrusion detection and prevention systems. Placed on the network in the best location to see all traffic, intrusion systems monitor all traffic and compare trends to various signature files. Sometimes the system can even perform heuristic analysis on traffic patterns, sending an alarm about new attacks in progress. As covered earlier, IDSs simply look for suspicious traffic patterns and issue an alarm when one is found. IPSs, on the other hand, can be programmed to take action—such as shut down ports and redirect traffic. The third security measure taken in many modern networks is the use of virtual private networks (VPNs). A VPN is a network created by using public lines (the Internet) to transfer encrypted information between a client and a private network securely. A VPN generally requires some form of VPN device on your network (usually in the DMZ) that authenticates requests from clients’ computers out on the Internet. A client computer will then have some form of software application that connects to the VPN device (or server) across the Internet. Once the connection is made and the user (and device) has been authenticated, the VPN device allows the system access to the internal network—as if the computer were sitting on a desk inside the building housing the network—and encrypts the data as it travels across the Internet. VPNs allow secured communications to remote systems (or sites) across the public Internet, providing a simple, easy, and relatively inexpensive method for WAN connectivity. Two major categories of VPNs exist, which are dependent on what the VPNs are used for. An access VPN is used to support a SOHO. In an access VPN, the PC at the home encrypts packets it sends, effectively encrypting everything and creating a tunnel from the PC to the VPN device. The site to site intranet VPN works just a little differently, connecting sites to the central office instead of individual systems. In a site-to-site VPN, a VPN device is installed at the central office and a tunnel is created to a router at branch office locations. Packets travel inside the intranet unencrypted, but are encrypted as they leave the site for the central office. In either case, VPNs are an effective security measure, protecting against outside reconnaissance attacks.

416

Chapter 12:

Applications, Security, and Troubleshooting

Finally, mitigation against network attacks and threats can also come from the design of the network itself. Most network engineers design a DMZ, behind a firewall, for all servers and systems that need to be accessed from outside your network. For example, the network shown in Figure 12-2 has a web server, DNS server, and e-mail server in the DMZ for public access. Any system exposed to the Internet is obviously more at risk than those held inside the network; therefore, the chances they will be hacked are greater. By placing them in the DMZ, the overall risk to the network is minimized—a hacker may get to those servers, but he cannot use them to infiltrate the rest of the network. One of the keys to a good DMZ design is the firewall itself. A hardware device that appears much like a router, the firewall separates networks and only allows traffic defined in a rule set that the administrator manually defines. Until recently, Cisco sold firewall products under the “PIX” designation. Now, Cisco has refined the older PIX firewalls to include a host of other security features, and sells the new device as the Adaptive Security Appliance (ASA). Whether it’s a PIX firewall or an ASA, the administrator will need to define a rule set in order for traffic to securely move through the network.

FIGURE 12-2 DSLAM

Network security example Servers

Wireless Access Point

DMZ

Internal Network

Troubleshooting

417

FIGURE 12-3

A simple firewall

Other traffic concerns: - POP3 or IMAP allowed to internal network, SMTP is not - HTTP allowed to DMZ, internal network, and Internet, depending on source and destination address

SMTP or HTTP traffic intended for DMZ (public) servers

FTP traffic intended for internal network

- SMTP allowed to DMZ from internal or Internet

For example, in Figure 12-3, a firewall running a simple rule set is displayed. Even in this very simple network, though, it’s easy to see where careful planning is required in implementing your firewall rules. For example, your hosts need to send SMTP out, but should not be accepting SMTP requests coming in (e-mail should be coming in through POP or IMAP). In other words, it’s not only knowing what traffic you think you’d like to block or allow; you also need to take into account where the traffic is coming from (source address) and where it is intended (destination address). Note:The ASA can also act as a VPN device.

CERTIFICATION OBJECTIVE 12.03

Troubleshooting Normally, in most texts, troubleshooting information is covered during the configuration of the device. In other words, most of the commands and steps we’ll go over here will be used either during or immediately after the configuration of a device,

418

Chapter 12:

Applications, Security, and Troubleshooting

for testing purposes. This may lead you to wonder why we waited until the very end to cover troubleshooting steps and topics. As we say in the South, “reason being is” you’ll remember it better. A principle of instruction is the law of recency, which states a student will best remember the information presented last. For proof, consider that it is relatively easy for a person to remember a phone number they just dialed, but nearly impossible to remember one dialed a month ago, last week, or even yesterday. Since troubleshooting is covered in so much depth on the CCENT exam, we felt it would be best to list these topics last, combining some of the most important topics for you to remember right at the end. As you read through this section, feel free to refer back to Chapters 9 and 10 to see where the troubleshooting tips would fall in.

Troubleshooting Basics When it comes to troubleshooting and the CCENT exam, there are several keys to focus on, and several things that will help out greatly during the test. First, it’s helpful to understand the troubleshooting process, and why you would need one. It’s also helpful to know what kind of questions are on the exam and how you can best attack them. Some of that information is covered at the beginning of the book, but we’ll go into it a little deeper in this section. Finally in this section, we’ll introduce some of the basic commands and functions you’ll use, no matter whether the scenario concerns a router or a switch. Most of these commands have been introduced and covered in Chapters 8 through 11, but it’s advisable to review them again here.

Process and Fundamentals Whether troubleshooting a host, switch, router, or entire subnet, it’s helpful to have a plan of attack—something to guide your efforts in a logical and ordered manner. Without a process, your efforts may quickly become disjointed and random, possibly causing more damage and inserting more problems along the way! Cisco does not test on any specific troubleshooting process—meaning, you won’t be asked what happens in step 2, or what the name of step 3 is, for example—but following some sort of logical progression will help you succeed on the exam. No magic troubleshooting process will solve all your system’s problems, but a few obvious steps exist along the path, as well as unique differences between troubleshooting on the exam and troubleshooting in real life. For starters, in real life the first question you should ask yourself on any troubleshooting scenario is, “What was the last change to the system?” Almost 100 percent of the time, the last change was what caused the outage. On the exam, you won’t normally see scenarios with a recent change involved. Most, instead, will simply state what the problem is and expect you to figure out what’s wrong, and perhaps to fix it.

Troubleshooting

The only real way to prepare for the troubleshooting scenarios on the exam is to practice. On all questions, though, try to narrow down your target area as much as possible. Remember the data flow through the various models, make sure you are very familiar with

419

show commands, and keep track of any key points listed: interface numbers, VLAN configurations (they LOVE that one), and port security. Lastly, don’t panic! Practice a lot, review data flow, and know your commands. If you do all that, you’ll be fine.

To maneuver your way through the scenarios, stick with a very simple process. First, eliminate the obvious (Physical layer), and understand what the problem actually is. It won’t do you much good to troubleshoot a network if you’re not sure what the problem is in the first place. Read the scenario carefully and be sure of what you’re trying to fix. For example, is connectivity down between a single system and a device, or a host of systems? Use PING and traceroute if the problem is connectivity-oriented to narrow your search diameter, and always follow the data path through the TCP/IP stack based on the data flow patterns we discussed. If you can determine that the problem lies on a specific layer, it will help narrow your search to a single device (a switch for layer 2, a router for layer 3, and so on).

Troubleshooting Commands When facing a problem, use appropriate commands to see what configurations are in place. The key to most troubleshooting problems on the exam can be found with various show, debug, ipconfig and arp commands, with a little ping thrown in for good measure. show and debug will help you on a router or switch, while ipconfig and arp can help a lot on hosts. Compare what you see to what should be there. Knowing what the question is asking for tells you exactly where to look in the displays. While not all inclusive, Table 12-1 summarizes many of the show commands you’ll have at your disposal. You’ll need to know not only how to use these command, but also how to interpret their displays. Be sure to review Chapters 8 through 11, as well as the following router and switch sections, to see these in action. Note: Don’t forget the built-in help features in the CLI when using show commands: auto complete, the question mark (?), and tab can all help complete options you may have forgotten about. Lastly, although debug commands aren’t listed here, don’t discount them. Don’t forget no debug all or undebug all should be issued first if you’re unsure which debug routines are currently running!

420

Chapter 12:

TABLE 12-1

Applications, Security, and Troubleshooting

show Commands

Command

Router

Switch

Usage

show arp (or show ip arp)

x

show cdp

x

x

Shows if CDP is enabled or not

show cdp entry name

x

x

Shows detailed information only on the device name

show cdp interface

x

x

Shows which interfaces are configured with CDP

show cdp neighbors [detail]

x

x

Displays information about Cisco neighbors. Detail provides much more information.

show cdp traffic

x

x

Shows global statistics on CDP traffic

show controllers

x

show dhcp lease

Displays the router’s arp cache

Displays the DTE and DCE end (serial interface running clocking) x

Displays information pulled from a DHCP server (when switch is acting as a DHCP client)

show interfaces

x

x

Displays information on interfaces, including encapsulation type, bandwidth, status codes, descriptions, and IP addresses

show interfaces type description

x

x

Displays a single line of information, including the status

show ip interfaces brief

x

Displays the IP address and status

show ip protocols

x

Displays information on the routing protocol configuration

show ip route

x

Shows the route table (how routes are learned, and so on)

show mac address-table [dynamic|static][address MAC_address][interface type#][vlan vlan-id]

x

Displays the contents of the MAC table in a switch

show process

x

x

Displays the processes running on the device, including CPU utilization

show sessions

x

x

Shows all open/suspended telnet/SSH sessions (the command where does this as well)

show ssh

x

x

Shows all users logged in via SSH

show users

x

x

Shows all users logged in

Troubleshooting

421

Other common commands in tracking down the source of your problem are PING and traceroute. PING on a router works just like it does on a host—a series of ECHO requests are sent to a remote station and the responses are forwarded to indicate network connectivity. If the host is accessible, the TTL hasn’t expired, and the media connection between the two is solid. Thus, the end station will send ECHO replies back to the sending station. On a Cisco router or switch, a successful PING is indicated by exclamation marks (!), while a failed PING displays periods (.). Additionally, Cisco devices allow for something known as an extended PING. An extended PING lets you change the source IP address of the ping request. By default, a PING sent from a router or switch uses the IP address of the outgoing interface as the source for the PING. Therefore, any response is sent to the router or switch directly. Suppose, however, that the router can ping the remote station fine, but a system inside the network cannot. You can then use an extended PING to re-create the problem and, hopefully, discover the error. A sample use of PING and extended PING appears next: RTR1# ping 192.168.1.2 Sending 5, 100byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 RTR1# ping Protocol [ip]: Target IP address: 192.168.1.2 Repeat count [5]: Datagram size [100}: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 192.168.2.200 ////Output truncated //// Type escape sequence to abort. Sending 5, 100 byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4

Note: As with setup, default options for extended PING are in brackets [ ].

422

Chapter 12:

Applications, Security, and Troubleshooting

Make sure you know PING and extended PING. You’ll more than likely need to use them in a troubleshooting scenario, and you may be asked to

interpret the output (an exclamation mark [!] means it was successful, a period [.] means it was not).

traceroute is another helpful tool on Cisco devices (and hosts) that’s used to narrow down your troubleshooting target area. Like PING, traceroute sends echo requests to remote stations. However, it sends them one at a time, decrementing the hop count to 0 with each router it reaches. This results in each router along the way responding with the IP address of the receiving interface. An example of traceroute is displayed in Figure 12-4.

traceroute problems will most likely indicate a problem with the route table on a specific router. After you run traceroute, telnet to the router that is not passing traffic and check the route

table: chances are, that’s where you’ll hit paydirt! Lastly, don’t forget how traceroute works—the receiving interface sends its IP address.

Lastly, keep in mind that troubleshooting in the real world often provides a luxury you simply won’t have on the exam: time. Being that your exam is timed, you probably won’t have many seconds to ponder over error messages and think through scenarios before taking action. So, quickly but thoroughly read the scenario, compare what is going on with what we know about data flow and device configuration, pick a target, and move forward. The answer to most “simlet” (merely displaying various show outputs and asking questions about them) and scenario questions is, usually, fairly evident if you simply take the time to read the question. For example, if the troubleshooting scenario mentions problems at the switch, and that it happens only with one port, you may want to immediately start with commands dealing with that one port: show interfaces, show mac address-table, show port security, and so on. Regardless, be sure to identify what is wrong, isolate your target, view all the information you can, and postulate a root cause (the actual cause of the problem, not just the symptom).

Troubleshooting

FIGURE 12-4

RTR1 Eth0 Port: 192.168.1.1

traceroute

RTR1

S0: 10.10.10.254

S0: 172.16.1.254

RTR2

RTR3

S1: 10.10.10.1

S1: 172.16.1.1

423

RTR3 Eth0 Port: 192.168.100.1

SRV1: 192.168.100.5 255.255.255.0 192.168.100.1

PC1: 192.168.1.5 255.255.255.0 192.168.1.1

RTR1# traceroute 192.168.100.5 Type escape sequence to abort tracing the route to 192.168.100.5 1 10.10.10.254 1 172.16.1.254 1 192.168.100.5

6 msec 6 msec 6 msec

4 msec 4 msec 4 msec

4 msec 4 msec 4 msec

First hop address, RTR2’s Serial 0 interface Second hop address, RTR3’s Serial 0 interface Final hop address, SRV1

Host Troubleshooting In troubleshooting a particular host connectivity problem, keep in mind the things a host needs in order to communicate on the subnet, as well as what it needs to communicate outside its subnet. To do that, remember two important steps in data flow as it moves from the host to its destination: 1. As data moves to the network layer, it needs an IP address. The local host file and cache are checked, then a DNS request is sent to the local DNS server. The IP address is afterward added in the packet header for delivery. 2. The packet is then handed to the Data Link layer for delivery on the local subnet. If the IP address is on the same subnet, an ARP request is broadcast to discover the destination MAC address. If the IP address is not on the same subnet (your host performs the same Boolean AND that a router does to determine the network ID), the frame is sent to the default gateway’s MAC address. Why are these two steps so important? Because they both involve addressing, and data can’t go anywhere without an address. Many host troubleshooting problems can be quickly diagnosed by simply keeping these two steps in mind.

424

Chapter 12:

Applications, Security, and Troubleshooting

For either of these steps to work, however, the host must have its TCP/IP options configured appropriately in the first place. The configuration options needed for a host to communicate are: ■ IP Address

This must be unique.

■ Subnet Mask

This must match the mask used on the subnet.

■ Default Gateway

The IP address of the router port inside the subnet (used for all packets leaving the subnet).

■ DNS Server(s)

This is optional, but needed for name resolution.

This can be accomplished in two main ways. First, the IP address, subnet mask, default gateway, and DNS server can be manually configured on each host. This method is not recommended on any network that is larger than 10 to 15 hosts, for two reasons. Obviously, any time configurations are assigned manually, meaning plenty of opportunities for errors. Plus, manually keeping track of IP addresses across the network is an exercise in futility and insanity. Manual IP address assignment still has its place in networking. While a host’s IP address can be reserved and designated on a DHCP server, ensuring it always has the same address, manual assignment of some hosts, including routers, switches, and certain servers (like the DHCP server itself), is important to ensure stability. Dynamically assigning addresses, using DHCP, is the second, and most common, method. In a DHCP subnet, a server is set up running the DHCP service. The administrator configures the DHCP scope (a range of IP addresses), a subnet mask, a default gateway, and any optional settings (DNS servers, WINS servers, and so on) that a host may need. After setting how long the host may keep an address (lease), the server is authorized and hosts can then automatically pull all the TCP/IP information they need—usually at bootup. The DHCP process uses four packets: a DHCP Discover (broadcast) from the client; a DHCP Offer (from the server, including all the information needed); a DHCP Request (from the client, accepting the offer); and a DHCP Acknowledgment (from the server, acknowledging the transaction). This review of host IP addressing is included here because it will help in troubleshooting connectivity problems. For example, if a host has an appropriate IP address, but the subnet mask or default gateway is incorrect, the host will be able to work with other devices inside the subnet, but cannot get outside. If you keep the two steps mentioned earlier in mind, this makes perfect sense: the frame is used inside the

Troubleshooting

425

network and only needs the MAC address. Any ARP request is broadcast inside the subnet, and the device matching the IP address will respond with its MAC address— including the machine with the incorrect subnet mask/default gateway. In another example, if the IP address configured on the host is not within the same subnet, the problem is a little different. In this scenario, your system can send messages to anything inside the subnet, but cannot receive any messages nor send any outside the subnet. It can send to anything inside the network because the ARP message will return the appropriate MAC address, but any device attempting to initiate communications will send to the default gateway. That is, their ARP will be for an IP address outside the subnet, and so they will always send it to the default gateway. As you can see, a number of connectivity issues (and scenario questions that can be created from them) are involved in host addressing. Troubleshooting them, though, shouldn’t be too difficult. Always check the host’s TCP/IP configuration against a working system (or what you know is supposed to be there) and use PING to find out what the system can communicate with and what it can’t. The most common troubleshooting commands on a Microsoft Windows machine are listed in Table 12-2. TABLE 12-2

Host Troubleshooting Commands

Command

Use

ipconfig

Displays the IP address, subnet mask, and default gateway for all interfaces.

ipconfig /all

Displays all TCP/IP configuration information for all interfaces.

ipconfig /release

Releases DHCP addresses from all interfaces (an ipconfig immediately following will display 0’s for the address).

ipconfig /renew

Requests a new address from DHCP for all interfaces (if this fails, you’ll receive an APIPA address—169.254.x.x).

ipconfig /displaydns

Displays the local DNS cache on the host.

ipconfig /flushdns

Clears the DNS cache on the host.

arp –a

Displays the entire host ARP table (showing IP-to-MAC address pairings).

arp –d IP_Address

Clears the entry for IP_Address from the table. A wildcard (*) used in place of IP_Address will remove all ARP table entries.

nslookup name

Resolves name to an IP address using a DNS request to the local DNS server. Omitting name connects to the DNS server itself, displaying its IP address and providing a prompt for name resolution.

netstat –a

Displays all connections and listening ports.

netstat –r

Displays the route table.

netstat –n

Displays addresses and port numbers in numerical order (“n” may be combined with other arguments).

426

Chapter 12:

Applications, Security, and Troubleshooting

Be sure to go over what each TCP/IP configuration option on a host means and what would happen if they were omitted or incorrectly assigned.

Know the information in Table 12-2 very well: even if you cannot use them on some simulators, you may well be asked to interpret their outcome.

Switch and Router Troubleshooting Troubleshooting Cisco devices is obviously a big part of the exam. Some commands helpful in troubleshooting apply to both, while others are appropriate for only one or the other. This final section is not intended to provide you with the answer to every troubleshooting problem you may come across on the exam or on the job. If it were that easy (answered by only a few paragraphs in the back of a book), there would be no need for network professionals, and you probably wouldn’t be studying for this exam. No, the information in this section is designed to show you the tools available to you for troubleshooting purposes. How you apply them—and how quickly they lead you to the answer—is something only you can determine.

CDP One very powerful protocol that’s helpful in troubleshooting on either a switch or a router is Cisco Discovery Protocol (CDP). CDP is a proprietary protocol, developed by Cisco and running at layer 2, which is used to share and discover information about directly connected Cisco devices. CDP runs by default on Cisco devices and sends brief multicast messages out all interfaces, advertising information about the device. All Cisco devices directly connected then learn about the device and send their own information. Using CDP from a single device, and telneting to each in line for another CDP session to its neighbors, a troubleshooter can quickly build a map of the network. This can be used to confirm network design, or provide the needed information to fix a problem. A couple of show commands can be put into play to view the information a device has learned from its neighbor. The show cdp neighbors command displays a single line of information about the neighboring device, including: ■ Device ID

The hostname of the neighbor device.

■ Local Interface

neighbor.

The interface on the local device that is connected to the

Troubleshooting

427

■ Holdtime

The amount of time—default of 180 seconds—that the local device will retain the information learned via CDP. (If another CDP advertisement is not received before the timer elapses, the information will be purged.)

■ Capabilities

A code listing what type of device it is (“R” for router, “S” for switch, “H” for host, and so on).

■ Platform

The Model and IOS level on the neighbor.

■ Port ID

The interface on the neighboring device sending the CDP advertisement.

To get even more information, use the show cdp neighbors detail command. This displays all the information listed earlier and includes a wealth of other information about the neighboring device. The output of this command includes the IP and MAC addresses of the neighbor device (if applicable), along with a more detailed display of the IOS version and other settings. A sample of these commands is displayed next: Switch1# show cdp neighbors Capability Code: R – Router, T – Trans Bridge, B – Source Route Bridge S – Switch, H – Host, I – IGMP, r –Repeater, P – Phone DeviceID Local Intrfce Holdtme Capability Platform Port ID Switch2 Gig 0/1 166 S WS-C2950-12 Gig 0/2 RTR1 Fas 0/1 88 R 2801 Fas 0/1 Switch1#show cdp neighbors detail //// Displays more information //// ------------------------Device ID: SW2 Entry address(es): Platform: cisco WS-C2950-12, Capabilities: Switch Interface: GigabitEthernet 0/1, Port ID (outgoing port): GigabitEthernet 0/2 Holdtime : 166 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2)

428

Chapter 12:

Applications, Security, and Troubleshooting

Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Mon 02-Feb-04 23:29 by yenanh advertisement version: 2 Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000 0FFFFFFFF010221FF000000000000000F90E22540FF0000 VTP Management Domain: '' Native VLAN: 1 Duplex: full Management address(es): ------------------------Device ID: RTR1 Entry address(es): IP Address: 192.168.1.1 Platform: cisco 2801, Capabilities: Router Interface: FastEthernet 0/1, Port ID (outgoing port): FastEthernet 0/1 Holdtime : 88 sec Version : //// Output Truncated //// Switch1# show cdp entry RTR1 //// This displays same info as //// //// above, but only for RTR1 //// ------------------------Device ID: RTR1 Entry address(es): IP Address: 192.168.1.1 Platform: cisco 2801, Capabilities: Router Interface: FastEthernet 0/1, Port ID (outgoing port): FastEthernet 0/1 Holdtime : 88 sec Version : //// Output Truncated ////

Note: You can use the show cdp entry name command to see only info on the device name.The info displayed is the same as that from show cdp neighbors detail, but only for the device name.

Troubleshooting

You will definitely need to know CDP well—not only what it does and what commands to use for it, but also how to interpret the command output and use it to build/confirm a network diagram. Be sure to remember that show

429

cdp neighbors detail also shows the address(es) of the neighboring devices. In addition, review the show cdp, show cdp interfaces, and show cdp traffic commands as well.

Three other commands can be used to verify CDP on a device. The show cdp command displays whether CDP has been enabled on the device (by default, CDP is enabled). Another command, show cdp interface interface, displays whether cdp has been enabled on each interface (or on the interface specified by the argument). Lastly, show cdp traffic lists global statistics for all CDP advertisements sent and received. These commands can be helpful to you when an expected CDP command does not work, because despite the fact CDP is enabled by default on all interfaces, the administrator can turn it off. Almost every powerful useable tool in networking introduces a security risk, and CDP is no different. Obviously, once access to one Cisco device in your network has been attained, an intruder could quickly build a network diagram using CDP, telnetting from device to device. The decision about whether to run CDP or not lies with each engineer/administrator. However, several options, security-wise, can help you reduce the risk. If the decision is made to disable CDP altogether, the no cdp run Global Configuration command disables it for the entire device: afterward, CDP can be enabled with the cdp run Global Configuration command. If you decide to keep CDP running because of its benefit to administration, Cisco recommends it be disabled on all interfaces that do not have a specific need for it. For example, the switch port connected to a router should continue to send and receive CDP advertisements, but there is no need for all other interfaces to continue sending CDP packets. (An intruder could simply attach to a port and learn all they needed to know about the switch through CDP!) To turn CDP off at a particular interface, use the no cdp enable command in the interface’s configuration mode. CDP can be enabled later using the cdp enable command.

430

Chapter 12:

Applications, Security, and Troubleshooting

EXERCISE 12-2 Using CDP This short exercise will help reinforce your knowledge of telnet using Boson’s NetSim simulator. You can find a picture of the network diagram for the simulator in the Introduction of this book. After starting up the simulator, click the LabNavigator button. Next, double-click Exercise 12-2, and then click the Load Lab button. 1. Power on the 2960-1 switch and enter Global Configuration mode. a. At the top of the simulator in the menu bar, click the eSwitches icon and choose 2960-1. b. Log in by typing Bob and CCENT as the username and password. c. Type enable, and then press ENTER, afterward typing in CCENT as the password. 2. Use CDP commands to view neighbor information. a. Type show cdp neighbors, and then press ENTER. Notice the entries for SW2, SW3 and RTR1. b. Type show cdp neighbors detail and press ENTER to view the address information of both devices. c. Type show cdp entry RTR1 and press ENTER to see information on RTR1 only. 3. Simulate building a network diagram by establishing a telnet session to RTR1, using CDP commands to view devices on the far end of the network. a. Type telnet RTR1, and then press ENTER. b. Log in using userID Sally and password Cisco. c. After the prompt changes to RTR1#, type in show cdp neighbors and press ENTER. Notice the entries for SW1 and RTR2. d. Type show cdp neighbors detail and press ENTER to view the address information of both devices. e. Type show cdp entry RTR2 and press ENTER to see information on RTR2 only. You could continue to build a network diagram by continually telnetting to the next device and using CDP commands to learn about the directly connected devices.

Troubleshooting

431

Interface Status Checking the status of interfaces is a fundamental troubleshooting step on a switch and a router—after all, the interfaces are usually the first thing to eliminate as a problem in any connectivity troubleshooting scenario. Whether on a switch or router, each interface has a line status and a protocol status, indicated in the display as either “up” or “down.” Line status indicates an interface’s Physical layer (layer 1) status, while protocol status indicates the interface’s Data Link layer (layer 2) status. On a switch, the show interfaces and show interfaces description commands display line and protocol status in their output. The combination of line and protocol status indicates different things: ■ If the display shows “Administratively down” and “down,” the shutdown

command has been entered on the interface. ■ If it shows “down” and “down,” there is a Physical layer issue (bad or wrong

cable), a speed mismatch, or the distant end is powered off or missing. ■ If the display shows “up” and “down (err-disabled),” port security has disabled

the interface. ■ If the display shows “up” and “up,” then the interface is running properly.

Note: The show interface status command displays interfaces as either “connected” or “not connected.” Review Chapter 9 for more information on this command output and its applicability here.

You should be familiar with the line and protocol status codes for a switch, but be prepared to use the output of the show interfaces status command (connected or not connected, as well as autonegotiation features) more

on the exam. (Refer to Chapter 9 for a refresher on this command.) One hint to keep in mind: If there is a duplex mismatch on an interface, it will still show up in a connect state (up/up).Traffic will flow, but slowly and with many errors.

432

Chapter 12:

Applications, Security, and Troubleshooting

One final note on switch interface troubleshooting—outside the line and protocol status—is the information displayed in the show interfaces interface command. A sample output is displayed next: Switch1# show interfaces fa0/2 //// Output truncated //// 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored //// Output Truncated //// 0 out errors, 0 collisions, 1 interface resets 0 babbles, 0 late collisions, 0 deferred …

This command output can provide a world of troubleshooting information, especially on the Physical layer side: ■ If there is a large amount of input errors, but few collisions, it indicates a bad

cable or Electro-Magnetic Interference (EMI). ■ If there is a large amount of collisions, it indicates a duplex mismatch. Jabber

(a malfunctioning NIC continuously transmitting corrupted data) or a Denial-of-Service attack may also be the cause. ■ If “late collisions” increase over a short amount of time, it indicates a duplex

mismatch or an attenuation problem.

One thing on the exam is guaranteed: Knowing how to interpret the show interfaces interface

command on a switch will definitely help you in troubleshooting scenarios!

Interface status and codes on a router are just as important, but differ slightly in the commands used to view them, not to mention their display and meaning. Three commands are used to show the interface status on a router: show interfaces interface, show ip interface brief, or show protocols interface. The show interfaces command (the interface type and number argument is optional) works exactly like it did on a switch, displaying a host of information on each interface. The show interfaces brief command displays a summary of the information in a nice columnar layout, while the show protocols interface command reveals the line and protocol status for the

Troubleshooting

433

interface specified. All three commands show the line and protocol status of the interface, and a sample output from each is listed next: RTR1# show protocol fa0/0 FastEthernet0/0 is up, line protocol is up RTR1# show ip interface brief Interface IPAddress OK? FastEthernet0/0 192.168.1.1 FastEthernet0/1 unassigned down down Serial0/0 172.16.1.1 YES

Method Status Protocol YES unset up up YES unset administratively unset up

up

RTR1# show interfaces Serial 0/0 is up, line protocol is up Hardware is GT96K Serial MTU 1500 bytes, BW 1544 Kbit, DLY 2000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set //// Output Truncated //// Last clearing of ‘show interface’ counters never //// Output Truncated //// 5 minute output rate 0bits/sec, 0 packets/sec 117 packets input, 9970 bytes, 0 no buffer Received 70 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 70 packets output, 6617 bytes, 0 underruns 0 output errors, 0 collisions, 5 interface resets

You can pull several nuggets of information from this output. First, note that all three commands display the line and protocol status, just in different ways. Next, the encapsulation type on the serial interface can be derived from the show interfaces command. Additionally, further in the show interfaces output, there is a line reading, “Last clearing of ‘show interface’ counters never.” The counters displayed after this line, including information on traffic into and out of the interface (collisions, runts, errors, and so on), can be reset to 0 with the clear counters interface command. This can be a helpful step in troubleshooting, giving the administrator a clean slate to work with and inspect.

Switch Troubleshooting While all the commands and steps previous worked with either a switch or a router, some commands are useful in troubleshooting that only apply to the switch. Looking back to Chapter 4 for review, switches use destination MAC addresses to make

434

Chapter 12:

Applications, Security, and Troubleshooting

decisions on frame filtering and forwarding. To see the MAC address–to-interface pairings, use the show mac address-table command. The command display shows the VLAN membership of, and MAC addresses attached to, each interface. A “STATIC” entry in the Type column indicates one of two things. First, many frames are destined for the CPU of the switch itself, such as CDP and STP frames. These are always shown as static, and have the CPU listed as the destination port. Secondly, STATIC can indicate port security is enabled on that interface. An entry of “DYNAMIC” indicates that the switch learned the connected MAC addresses itself. Adding the dynamic argument to the command displays only those MAC address–to-interface pairings learned dynamically by the switch. A sample of this command is displayed next: CCENTSwitch# show mac address-table Mac Address Table - - - - - - - - - - - - - - - - - - - - - - - Vlan Mac Address Type -------------------All 0000.0000.0001 STATIC All 0000.0000.0002 STATIC All 0000.0000.0003 STATIC All 0000.0000.0009 STATIC All 0000.0000.0012 STATIC All 0180.c200.000b STATIC All 0180.c200.000c STATIC All 0180.c200.000d STATIC All 0180.c200.000e STATIC 1 00ff.1d4b.e35d DYNAMIC 1 0016.ce47.1e78 DYNAMIC //// Output Truncated //// 1 0015.c538.e3bf STATIC Total MAC Addresses for this criterion: 12 CCENTSwitch# show mac address-table dynamic Mac Address Table - - - - - - - - - - - - - - - - - - - - - - - Vlan Mac Address Type ------------------1 00ff.1d4b.e35d DYNAMIC 1 0016.ce47.1e78 DYNAMIC 1 0016.ce4f.221d DYNAMIC 1 01dd.5011.ab43 DYNAMIC Total MAC Addresses for this criteria: 3

- - - - - - - - - Ports ----CPU CPU CPU CPU CPU CPU CPU CPU CPU Gi0/1 Fa0/1 FA0/12

- - - - - - - - - Ports ----Gi0/1 Fa0/1 Fa0/7 Fa0/10

Troubleshooting

435

The information from this display can be used to help in a variety of host connectivity troubleshooting scenarios. Always check to see if the interface in question is using port security and verify that the MAC address has been properly configured. Also, don’t forget to check the VLAN membership of various interfaces—remember, a host can only communicate with other members of the same VLAN unless a router gets involved. Lastly, to start with a clean slate, use the clear mac address-table command.

Port security settings and VLANs are always favorite interjections on the exam. Be sure to review the various show commands regarding port security and VLANs, as well as the MAC address table itself. And don’t forget, sometimes

clearing out the information altogether and starting from scratch (using clear mac address-table) can be a good place to start! Finally, review the tips listed at the end of this section.They will help in narrowing down the problem.

Finally, if you’ve narrowed the troubleshooting target down to the switch, the following are a few tips that may speed things along for you: ■ Try to use show commands on as narrow a footprint as possible. For example,

if the connectivity issue is through one interface, you might want to concentrate the show commands on that one interface. ■ Check VLAN membership, port security settings, and MAC address table

entries. ■ Verify interface settings (up, down, administratively disabled [shutdown]) to

quickly find problems. ■ Verify speed and duplex settings (the show interfaces status output

displays an “a-” in front of every entry learned through autonegotiation). Duplex mismatches will still work, displaying as up/up, but there will be a large steady increase in collisions. ■ CRC errors indicate layer-1 problems (if CRC grows but collisions do not,

there is a lot of interference on the cable). Collisions and late collisions can indicate duplex mismatches, jabber, or attenuation problems. ■ Always, of course, check the running and startup configuration files to make

sure they are correctly configured.

436

Chapter 12:

Applications, Security, and Troubleshooting

Router Troubleshooting Other than verifying the basics, router troubleshooting on the CCENT exam is relatively easy. In fact, the hardest part is actually determining that the router is the device at fault in the first place. The various commands listed earlier can help eliminate layer-1 and layer-2 issues, while PING and traceroute can be used to uncover routing problems. Once troubleshooting has been narrowed down to the router itself, things get much easier. Keep in mind that the only routing protocol configuration on the exam is RIPv2, so a thorough knowledge of routing logic and RIPv2 configuration should more than adequately prepare you for the exam. The three major commands used to troubleshoot RIP are show ip route, show ip protocols, and debug ip rip. All have been covered previously, but warrant a little more attention for troubleshooting purposes.

For router troubleshooting, follow some of the same steps you would with a switch—verify configuration, check interfaces, and watch for things that seem out of place. Be sure to pay attention to

serial interface configurations in particular, and always verify route tables and RIP operation. Lastly, and always, keep routing logic in mind while troubleshooting.

The show ip route command, as covered earlier in Chapter 10, lists the route table on a router. The relevant information for each route includes the method in which it was learned, the administrative distance, the next hop address, and the local interface packets that will be sent from it. Optional arguments for this command help focus your efforts even more greatly. The command show ip route rip displays only those routes learned via RIP, while show ip route connected displays those routes that are directly connected (directly connected routes are added to the table when an interface is enabled and has an IP address and subnet mask applied). Keep routing logic in mind when examining the output of any of these commands: the router will always send packets to the longest prefix match, the route with the lowest administrative distance will always be chosen, and if no route to the destination subnet exists in the table, the packet is dropped. The show ip protocols and debug ip rip commands are both used to verify RIP configuration. The items to key on in the show ip protocols

Troubleshooting

437

output include the RIP version configured on the router, the networks that RIP is routing for, and the neighboring routers providing RIP updates. The debug ip rip command shows all updates entering and leaving the router. This command output can verify which interfaces are sending and receiving updates. (Remember, an interface can be configured with a passive interface to stop RIP updates.) Aside from troubleshooting RIP, another target on the router is the ARP cache itself. Just like a PC, the router must encapsulate packets into frames for delivery on the destination subnet. As the frame arrives in one router port, the frame is discarded and the destination IP address is examined. After checking the route table to determine which port to send the message out, the router builds a new frame for the outgoing message. Again, just like a PC, the router sends an ARP broadcast into the destination subnet to find the MAC address for the packet’s IP address. The destination host responds with its MAC, the frame is built, and the message is delivered. The router stores this IP-to-MAC pairing in its ARP cache exactly like a PC does. With this in mind, it’s easy to see why examining the ARP cache is an important step in certain connectivity troubleshooting scenarios. All packets sent to hosts within an Ethernet subnet, through one of the router ports, will have a pairing listing in the cache. This is also true for next hop addresses (other router ports) on the far side of Ethernet subnets. Interestingly, though, next hops on the other end of a point-to-point link, using HDLC, will not (and should not) have a pairing listed in the ARP cache—since it is a point-to-point link, there’s no need for an ARP! The show ip arp command displays the router ARP cache, and is shown in the sample output next: RTR1# show Protocol Internet Internet Internet Internet

ip arp Address 192.168.1.5 192.168.1.1 192.168.1.25 192.168.1.25

Age (min) 6 6 -

Hardware Addr 00cc.14a6.12fd 0013.1957.81de 00cc.1477.92e2 0013.1977.92e2

Type ARPA ARPA ARPA ARPA

Interface FastEthernet0/0 FastEthernet0/0 FastEthernet0/1 FastEthernet0/1

The relevant information to be gleaned from the show ip arp output includes the IP and MAC address pairing, the interface the destination host is found on, and the Age column. The IP and MAC pairings are tied, obviously, to hosts in a particular subnet (including other router ports). If the router receives a packet destined for a subnet, it will examine the ARP entries for that interface only. If there is no entry in the ARP cache on that interface, the router will send a new ARP request. The Age column represents one of two things: a number or a dash. If the entry is a number, it indicates how many minutes have passed since the router last

438

Chapter 12:

Applications, Security, and Troubleshooting

received a message from the host. If the entry is a dash, it indicates the MAC address of the interface itself. The reason this particular entry is important should be obvious by this point: if the router receives a packet on one interface that will be sent out of another, it needs the outgoing port’s MAC address as the source MAC for the outgoing frame.

Review the show ip arp command output before the exam. Be sure to remember the key points from this section: a router port on a point-to-point

(HDLC) link will not require (nor show) an entry in the table, and ARP broadcasts are sent by routers just as they are by computers.

Troubleshooting Tips The information presented in this section was not intended to provide sure-fire 100-percent definable answers to questions on the exam. While many questions (multiple choice) will be answered by solid knowledge and memorization of command output and networking knowledge, troubleshooting on the exam will be a different mindset altogether. Instead of memorization and study, troubleshooting requires practice, insight, patience, focus, and—dare we say again—practice. The information presented in this is merely designed to provide insight on ideas and processes you’ll use—the real preparation for troubleshooting on the exam is practice. Use the Boson CD included in this book and, if possible, practice on network lab equipment as much as possible. The following list is added as a helpful start to troubleshooting study. It summarizes a few of the tips we’ve mentioned throughout the book, but—like the rest of this chapter—is not intended as the perfect always-correct answer to all troubleshooting questions on the exam. You will definitely see scenarios that probably were not explicitly depicted in this text (nor any other): Cisco prides itself on its exam content and you’ll quickly learn that once the exam starts. ■ Some questions will require you to fill in information on, or build, a network

diagram. Use your show commands and CDP to fill in the information, and take advantage of telnet/SSH to move throughout the network, as well as traceroute.

Troubleshooting

439

■ Review subnetting many, many times before the exam. You’ll need to

use basic subnetting tasks to figure out correct masks on hosts and router interfaces—especially on point-to-point connections. ■ To figure out if a scenario allows the use of subnet zero (and the “broadcast”

subnet), remember that if the question does not explicitly address it, subnet zero is allowed. In fact, the only scenario question on the exam NOT allowing subnet zero will explicitly mention the no ip subnet-zero command, or use a classful routing protocol (RIP). ■ Always remember switch and router logic, as well as data flow through the

network, when examining a scenario. ■ For connectivity problems involving a switch, don’t forget to check the

VLAN membership and port security settings on each interface in question. ■ Assuming wireless is a portion of the scenario, and ESS is in use, don’t forget

that channels cannot overlap. On a DSSS network with three APs, the nonoverlapping channels are 1, 6, and 11. ■ If you can PING your default gateway, layer 1 and 2 are working correctly.

(According to data flow through a network, this makes perfect sense.) If you cannot ping outside your network, the problem is with layer 3. Use this list as it is intended to give you a few pointers in starting your troubleshooting. After that, use common sense and what you’ve learned in practice. We promise you’ll do just fine!

440

Chapter 12:

Applications, Security, and Troubleshooting

INSIDE THE EXAM Application Fundamentals This is not a heavily tested area on the CCENT exam. You’ll need to know and understand the differences between application needs on the network (things like VoIP requiring little bandwidth, while file transfers require a lot), but nothing in too great a detail. Remember the four major areas of concern for QoS rules and structure on your network: bandwidth, loss, delay, and jitter. You’ll need to know each of these, but especially so in their regards to VoIP. VoIP requires little bandwidth (30 Kbps per call) and low delay and jitter, but can handle packet loss rather easily (so long as it’s not too much packet loss). You can have multiple telnet/SSH sessions from a single router or switch to multiple hosts. To suspend a telnet sessions, press CTRL-SHIFT-6 and X. To resume the sessions, use the show sessions (to find the number referring to the session you wish to go back to) and resume # commands. If you return from a suspended session to the local CLI and simply press ENTER, you will be sent back to the most recently closed telnet session. To close a session, use disconnect #, or type EXIT within the session.

Network Security CCENT is not a security test, and has some of its own terminology and definitions you may not see elsewhere, but you will need to know

the fundamentals. The three attack types are access, DoS, and reconnaissance. Review this section to make sure you can differentiate among the three and know which mitigations are aimed at stopping them. Be sure to review the network diagram shown earlier in Figure 12-2, thinking about where threats are, which attack vectors may be used, and how security in depth (defense in depth) can help prevent them. Cisco defines a group of security mitigations under the anti-x banner, including antivirus, anti-spyware, and anti-spam. Review how antivirus works, especially, and be prepared to see the anti-x term on the test. VPNs are not heavily tested, but you will need to know what they are, how they work, and what role they play in security/remote access. Be sure you know the difference between access and site-to-site intranet VPNs. Access VPNs usually service a single system, with encryption going all the way to the computer’s NIC, while site-to-site only encrypts the data as it travels over the Internet—inside the intranet the data is unencrypted.

Troubleshooting By far, the most agonizing questions you’ll see on the test involve troubleshooting. Attack each question logically, keying on the points brought up in the scenario. Use show and debug as much as possible and compare their

Certification Summary

output to what should be there. Remember data flow through the TCP/IP model and be aware of special settings on interfaces and hosts: VLAN membership, port security, IP addressing, DNS, and ARP. Review the various commands in this section and practice, practice, practice. When using PING/traceroute, keep in mind that a successful PING to your default gateway eliminates layer-1 and -2 problems. On a Cisco device, a successful PING is demonstrated by a ! while an unsuccessful PING displays a period. Extended PING is used to change the source address of the PING: if you simply type PING and press ENTER, you’ll be presented with an opportunity to use extended PING. traceroute problems will most likely indicate layer-3 problems on a router along the path. With traceroute, be sure to remember which addresses the application returns in the display. Review Figure 12-4 for more details. On all host troubleshooting, be sure to check the IP

441

address, subnet mask, default gateway, and DNS server configurations. Be absolutely sure you understand how DNS and ARP contribute to the communications process: DNS provides the IP address as the packet is built, while ARP provides the MAC address for the frame. For switch and router troubleshooting, remember that all CDP commands and most interface commands apply to both. CDP can be used to verify/build network diagrams. Always keep in mind that show cdp neighbors detail will provide the addresses—you’ll definitely be asked about it! With show commands on interfaces, be sure to review all the information in the section before the exam, keying on the line and protocol status, as well as all the counters (collisions, late collisions, runts, and so on) and what problems they indicate. With routers, stick with diagnosing RIP problems and verifying the route and ARP tables.

CERTIFICATION SUMMARY Applications create all sorts of different traffic patterns and come with their own set of specific resource needs and requirements in order to function. Four major areas of concern when planning for applications and their impact on the network are bandwidth, loss, delay, and jitter. Bandwidth is the amount of the available speed an application will require—and how often it will require it. Loss refers to the loss of a single packet or multiple packets in a transmission from sender to receiver. Delay concerns the length of time required for a packet to move from the source to the destination over a network path. Jitter refers to the variation in packet transmit delay. The unique combination of these four requirements is referred to overall as the Quality of Service (QoS) needs of the application.

442

Chapter 12:

Applications, Security, and Troubleshooting

VoIP is a very common application on modern TCP/IP networks requiring specific QoS settings. VoIP only uses a small amount of bandwidth (around 30 Kbps per call), but requires very low delay and jitter (less than 2 milliseconds delay, with less than 30 milliseconds jitter). Loss is not as much of a concern and VoIP packets lost will simply sound like a short break in the conversation. telnet and SSH are used for the remote connection to, and configuration of, routers and switches. Multiple sessions can be created from one router or switch to multiple hosts, and each session can be suspended by pressing CTRL-SHIFT-6 and X. To resume a session, use show sessions to find what number session it is, then resume # (if you just press ENTER after returning from a suspended session, the most recently closed telnet session will be opened). To close a suspended session, use disconnect #. Internal users, external hackers, and viruses are just a few of the threats to a network. Network attacks are categorized into three main types: access, Denial of Service, and reconnaissance. An access attack is designed to steal secrets and data, and can be attempted via social engineering or any number of software applications. Phishing is the “art” of deceiving a user into freely giving passwords and other secrets by sending illegitimate, yet convincing, e-mails—generally pushing the user to a fake web site. The best defense against any form of social engineering (phishing, piggybacking, and so on) is user education. Scanners are applications that send TCP/UDP requests to open ports in an attempt to gain access to the system. The responses to these requests can also tell the hacker which operating system the target host is using, as well as which applications are open on it. Denial-of-Service (DoS) attacks are designed to deprive legitimate users access to a resource they are otherwise authorized permission to, and come in three varieties. The first attempts to destroy information, erasing data and permanently harming applications and hosts, the second is designed to cause the host operating system to fail, and the third sends large amounts of packets into a subnet, flooding it to the point where it is unusable. Cisco sometimes refers to these as destroyers, crashers, and flooders, respectively. The best defense against DoS attacks is good monitoring, using an IDS or IPS. Reconnaissance attacks are designed to simply gather information. A sniffer is an application running on a system that captures all packets passing by. Spyware and malware are installed on the target system, and keep track of user activity, providing valuable information to the hacker. A PING sweep is used to discover active hosts within a subnet, sending ECHO requests to every address in the subnet. Keylogger software simply keeps track of every keystroke the user makes.

Certification Summary

443

Cisco recommends a security posture consisting of multiple layers, and refers to this concept as security in depth. Mitigations in “security in depth” include “anti-x” systems (antivirus and so on), intrusion detection and prevention systems, VPNs, and network design. Signature files on antivirus programs must be kept up-to-date for the application to effectively do its job. Intrusion systems monitor all traffic and compare trends to predefined data traffic patterns. A VPN is a network created by using unsecure public lines (the Internet) to transfer encrypted information between a client and a private network securely. It comes in two varieties. An access VPN is used to support a SOHO, encrypting packets from the computer itself to the VPN device. The site-to-site intranet VPN connects sites to the central office instead of individual systems, creating a tunnel between VPN devices at remote sites and the CO. Data travels unencrypted inside the intranet, but is encrypted for transport across the Internet. Preparation for troubleshooting questions on the exam is best done through practice—on lab equipment or using simulators. Use appropriate commands (show, debug, and so on) to see what configurations are in place and compare them to what is expected, and don’t forget the built-in help features in the CLI: auto complete, the question mark (?), and TAB. To test connectivity, and focus your troubleshooting efforts, use PING and traceroute. A PING to your default gateway eliminates layer-1 and -2 problems, while a PING outside your network eliminates layer-3 troubles. On a Cisco router or switch, a successful PING is indicated by exclamation marks (!), while a failed PING displays periods (.). An extended PING lets you change the source IP address of the PING request. You can then use extended PING to re-create the problem and, hopefully, discover the error. traceroute returns the next hop addresses, one by one, and can be used to discover a layer-3 problem on a router along the path. Hosts need an appropriately configured IP address, subnet mask, default gateway, and DNS server entry(ies) to effectively communicate on a network. If the IP address is not in the same range, the host cannot communicate at all. If the subnet mask or default gateway is wrong, the host can communicate inside the subnet, but not outside. If DNS server entries are missing or wrong, the system cannot connect using an FQDN or web-browsing URL. Commands such as ipconfig, nslookup, netstat, and arp can all be used to discover host TCP/IP configuration information. CDP is a proprietary protocol, developed by Cisco and running at layer 2, which is used to share and discover information about directly connected Cisco devices. CDP runs by default on Cisco devices and sends brief multicast messages out all interfaces, advertising information about the device. Using CDP from a single device, and telneting to each in-line for another CDP session to its neighbors, a troubleshooter

444

Chapter 12:

Applications, Security, and Troubleshooting

can quickly build a map of the network. This can be used to confirm network design, or provide the needed information to fix a problem. Various show commands can be used with CDP—with show cdp neighbors detail even providing the addresses of the connected device. CDP can be disabled globally using no cdp run, but Cisco does not recommend this. Instead, only turn off CDP advertisements on interfaces where they aren’t needed by using no cdp enable. Each interface on a router or switch has a line status and a protocol status, indicated in the display as either “up” or “down,” or administratively disabled (shutdown). Line status indicates an interface’s Physical layer (layer 1) status. Protocol status indicates the interface’s Data Link layer (layer 2) status. On a switch, the show interfaces and show interfaces description commands display line and protocol status in their output. Counter errors displayed in the show interfaces output can indicate EMI problems, duplex mismatches, attenuation errors, or jabbering NICs. Switch-specific troubleshooting commands include the show mac addresstable command, used to see the MAC address–to-interface pairings. It also shows the VLAN membership of, and MAC addresses attached to, each interface. Other noteworthy information includes the Type column: a STATIC entry indicates frames destined for the CPU of the switch itself, or that port security is enabled on the interface. An entry of DYNAMIC indicates the switch learned the connected MAC addresses itself. The only routing protocol configuration on the exam is RIPv2; therefore, all routing protocol troubleshooting will focus on RIP. Three major commands are used to troubleshoot RIP: show ip route, show ip protocols, and debug ip rip.

Two-Minute Drill

✓

445

TWO-MINUTE DRILL Application Fundamentals ❑ Each application presents different requirements to function effectively on a

network. The four major areas of concern are bandwidth, delay, loss, and jitter. ❑ Bandwidth is the amount of the available speed an application will require—

and how often it will require it. Loss refers to the loss of a single packet or multiple packets in a transmission from sender to receiver. ❑ Delay refers to the length of time required for a packet to move from the

source to the destination over a network path. Jitter refers to the variation in packet transmit delay. ❑ The unique combination of bandwidth, loss, delay, and jitter requirements is

referred to overall as the Quality of Service (QoS) needs of the application. ❑ VoIP’s QoS concerns are low bandwidth (around 30 Kbps per call), and

very low delay and jitter (less than 2 milliseconds delay, with less than 30 milliseconds jitter). Loss is not much of a concern. ❑ Multiple telnet sessions can be created from one router or switch to multiple

hosts, and each session can be suspended by pressing CTRL-SHIFT-6 and X. To resume a session, use show sessions to find what number session it is, then resume # (if you just press ENTER after returning from a suspended session, the most recently closed telnet session will be opened). To close a suspended session, use disconnect #.

Network Security ❑ The three main types of network attacks are access, Denial of Service, and

reconnaissance. ❑ An access attack is designed to steal secrets and data, and can be attempted

via social engineering or any number of software tricks. Phishing is deceiving a user into freely giving passwords and other secrets by sending illegitimate, yet convincing, e-mails—generally pushing the user to a fake web site. Scanners are applications that send TCP/UDP requests to open ports in an attempt to gain access to the system. The responses to these requests can also tell the hacker which operating system the target host is using, as well as which applications are open on it.

446

Chapter 12:

Applications, Security, and Troubleshooting

❑ DoS attacks can be designed to destroy data and applications, crash hosts by

targeting the operating system, or flood a subnet with useless information, thus denying access to hosts with legitimate data to transmit. ❑ Reconnaissance attacks are designed to simply gather information. A sniffer

is an application running on a system that captures all packets passing by. Spyware and malware are installed on the target system and are used to keep track of user activity, providing valuable information to the hacker. A PING sweep is used to discover active hosts within a subnet. Keyloggers keep track of the keystrokes made by a user on a host. ❑ VPNs are of two major types. An access VPN is used to support a SOHO,

encrypting everything and creating a tunnel from the PC to the VPN device. The site-to-site intranet VPN connects sites to the central office instead of individual systems, creating a tunnel across the Internet: packets travel inside the intranet unencrypted, but are encrypted as they leave the site for the central office.

Troubleshooting ❑ On a Cisco router or switch, a successful PING is indicated by exclamation

marks (!) while a failed PING displays periods (.). An extended PING lets you change the source IP address of the PING request. ❑ traceroute returns the next hop address of routers along a pathway to the end

destination. ❑ If a host is configured with an IP address not in the subnet range, it cannot

communicate. An improper subnet mask or default gateway setting will allow the system to communicate within the subnet, but not outside it. ❑ CDP runs by default on Cisco devices and sends device information to

directly connected Cisco neighbors. show cdp neighbor and show cdp neighbors detail both display CDP information, but the detail argument also shows the connected device’s address information. ❑ Each interface has a line status and a protocol status, indicated in the

display as either “up,” “down,” or “administratively down” (the shutdown command is issued on the interface). Line status indicates an interface’s Physical layer (layer 1) status, while protocol status indicates the interface’s Data Link layer (layer 2) status.

Two-Minute Drill

447

❑ To see MAC address–to-interface pairings on a switch, use the show mac

address-table command. Port security settings and VLANs are always favorite topics on the exam. ❑ The three major commands used to troubleshoot RIP are show ip route,

show ip protocols, and debug ip rip. ❑ The show ip arp command displays the router ARP cache. Entries will

show hosts, next hop router ports, and the router’s own interfaces. Routers directly connected over an HDLC (point-to-point) link will not show up in the table.

448

Chapter 12:

Applications, Security, and Troubleshooting

SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question.

Application Fundamentals 1. Your customer wishes to implement VoIP on their network. How would VoIP compare to file transfer applications already on the network? A. VoIP will require more bandwidth. B. VoIP will require less bandwidth. C. VoIP requires lower delay and jitter. D. VoIP does not require lower delay and jitter. 2. A user has five open telnet sessions from his router (RTR10) to other devices on the network (devices such as RTR1, RTR2, and so on). While working, the CLI prompt displays RTR2#. How can the user revert back to the local CLI? A. Type resume. B. Type show sessions, then resume #, where # is the session number for the local router (RTR10). C. Type show sessions, then resume *. D. Press CTRL-SHIFT-6 and X.

Network Security 3. Which of the following compares network traffic to predefined data patterns (also known as network traffic pattern signatures) when looking for attacks? A. Antivirus B. IDS C. VPN D. NAT 4. A user on your network receives an e-mail with a link button to what appears to be a legitimate help desk web site. After typing in their userID and password on the site, the connection closes. Which type of network attack was used? A. Access attack, using a scanner B. Reconnaissance attack, using a sniffer C. Access attack, using phishing D. Reconnaissance attack, using a crasher

Self Test

449

5. Which DoS attack erases data and software in an effort to damage hosts? A. Crashers B. Destroyers C. Phishing D. Flooders 6. A customer’s network makes use of a site-to-site VPN. Which of the following is/are true regarding the data sent and received? A. Data is encrypted at the computer sending the message. B. Data is not encrypted within the intranet. C. Data leaving the remote office is not encrypted until it is received by the VPN device at the central office. D. Data leaving the remote office will travel encrypted to the VPN device at the central office. 7. Which security measure is generally used between your private network and the public network to specifically allow or deny traffic to and from various subnets, hosts, and protocols within the network? A. An IDS/IPS B. NAT C. A firewall D. VPN

Troubleshooting 8. A host is experiencing intermittent connectivity problems. You suspect a layer-1 issue since no other host is experiencing any trouble. Which show command on the switch could you use to verify your initial diagnoses? A. show cdp neighbors detail B. show ip arp C. show mac address-table D. show interfaces 9. You issue a PING from the router to test connectivity from a host inside the network to a remote location, for troubleshooting purposes. Which of the following is/are true? A. Pinging from the router interface in the same subnet as the host to the end destination will suffice to demonstrate connectivity from the host to the destination. B. Pinging from the host’s IP address can be done with the extended PING command and is the best way to simulate the problem. C. A successful PING will result in “…..”. D. A successful PING will result in “!!!!!”.

450

Chapter 12:

Applications, Security, and Troubleshooting

10. You issue a traceroute from RTR1 to SRV1 across an enterprise network (displayed in Figure 12-5). Which of the following would you expect to see in the traceroute output? A. 10.10.10.1 B. 10.10.10.254 C. 172.16.1.1 D. 172.16.1.254 E. All of the above 11. A host has the following TCP/IP configuration: IP 172.16.1.5, mask 255.255.0.0, and default gateway 172.16.1.1. The default gateway’s configuration shows 172.16.1.1 /24. The host attempts to communicate with a device addressed 172.16.2.5. Which of the following is/are true regarding this communications attempt? A. The communications attempt will fail. B. The communications attempt will succeed. C. The host will send an ARP request for 172.16.1.1. D. The host will send an ARP request for 172.16.2.5. 12. From a network diagram, you discover a Cisco switch, SW1, that is connected to RTR1’s Fa0/0 port. You wish to find out the loopback address on the switch, as well as its IOS version number. Which command can provide this information? A. show cdp neighbors detail B. show cdp neighbor SW1 C. show neighbor SW1 cdp detail D. show cdp entry SW1 13. The output of a show interfaces command on the router displays the following status for serial 0/0: line status up; protocol status down. Which of the following could this indicate? A. There is a bad cable connection to the serial port. B. The shutdown command has been configured on the interface. FIGURE 12-5

Issuing a traceroute

192.168.1.1

RTR1 PC1: 192.168.1.5 255.255.255.0 192.168.1.1

S1: 10.10.10.1

S0: 10.10.10.254

S0: 172.16.1.254

RTR2

RTR3

S1: 172.16.1.1

192.168.100.1 SRV1: 192.168.100.5 255.255.255.0 192.168.100.1

Self Test

451

C. The interface can pass traffic, but there is a speed or duplex problem. D. HDLC is configured on this interface while PPP is configured on the other end of the connection. 14. A host, connected to Fa0/3 on the Catalyst switch, is having a connectivity problem—no frames seem to be delivered from, or to, the host. After issuing the show mac addresstable command, you see the following entry for Fa0/3: 1 003d.4f52.a7b9 STATIC Fa0/3. Which of the following, gathered for this output, could explain the connectivity issue? A. Fa0/3 has been administratively disabled. B. Fa0/3 is assigned to VLAN1, which is used only for management purposes and the loopback IP address. C. Fa0/3 has port security enabled and the system does not have the proper MAC address. D. None of the above. 15. Your network uses RIPv2 as a routing protocol. A new router added to the network seems to work fine, but the rest of the network does not converge (no other routers update their route tables with the new routes. You issue a show ip protocols command to troubleshoot the router operation. A portion of the output is shown next: Interface Send FastEthernet 0/0

A. B. C. D.

Recv 1

TriggeredRIP Key-chain 2

What is the cause of the problem? RIP-1 is configured on this router. The router is not sending route updates. The router is not receiving updates. The output does not provide enough information to satisfactorily answer the question.

452

Chapter 12:

Applications, Security, and Troubleshooting

SELF TEST ANSWERS ✓ B and C. VoIP has very little bandwidth requirements, but does require low delay and jitter. 1. ® ® ˚ A. File transfer applications—whether HTTP GET requests, FTP, or other programs, generally have very high bandwidth requirements. D. VoIP cannot handle high delay or jitter. ✓ D. Regardless of how many sessions the user has open, pressing CTRL-SHIFT-6 and then X will 2. ® drop the session back to the local router’s CLI. ® ˚ A, B, and C. The user is typing commands within a telnet session on RTR2 (according to the prompt). Any command other than pressing CTRL-SHIFT-6 and X will simply execute on RTR2. (Note: Typing exit would return the user as well, but would terminate the telnet session.) ✓ B. An IDS watches all network traffic and compares it to a signature file of known data 3. ® patterns for various attacks. ® ˚ A. Antivirus programs only check for viruses, and usually are only host-based. C. A VPN is used to securely connect remote stations to the central office over the Internet. D. NAT is used for address translation between private and public networks. ✓ C. Phishing is a social engineering access attack, commonly using e-mail and fake web sites, 4. ® and is designed to get users to willingly turn over their passwords and other information. ® ˚ A. Scanners are programs that send open TCP/UDP requests to a system, looking for attack vectors. B. Sniffers are programs that passively watch traffic for interesting information. D. A crasher is a DoS-type attack designed to crash a system or subnet. ✓ B. Destroyers are designed to harm hosts by erasing data and software. 5. ® ® ˚ A. A crasher causes hosts to fail completely, and may even prevent them from reconnecting. C. Phishing is a social engineering attack. D. Flooders send a large amount of packets to a host, or within a subnet, in an effort to slow communications to a halt. ✓ B and D. A site-to-site VPN does not encrypt data at each computer. Data is unencrypted 6. ® inside the remote office network, and then encrypted for transport across the Internet. The central office VPN device receives the encrypted data, and then decrypts it for delivery inside the intranet. ® ˚ A and C. These statements are false. ✓ D. A firewall is a device that sits between two networks for traffic filtering purposes. The 7. ® administrator must configure a rule set, or many rule sets, on the device to allow traffic to flow. ® ˚ A, B, and C. These are incorrect choices. ✓ D. The show interfaces output will display several counters used to determine layer-1 8. ® problems (input errors, collisions, and so on).

Self Test Answers

453

® ˚ A. This command would display information on directly connected Cisco devices, but would not help troubleshoot this host problem. B. This command displays the arp cache on a router. C. This command is useful on a switch, but only displays the MAC address–to-interface pairings. In this instance, this information would not be particularly useful. ✓ B and D. Extended PING is designed for just such a problem, and successful PINGs always 9. ® return an exclamation mark! ® ˚ A. This would only prove connectivity from the router port itself. There could be any number of reasons why the host couldn’t connect but the router port could (ACLs, firewalls, ARP problems, and so on). C. Periods are used to indicate unsuccessful PINGs. ✓ B and D. traceroute will return the next hop address along the pathway. Since the trace 10. ® started at RTR1, 10.10.10.254 is the address on the first hop, and 172.16.1.254 is the address for the second. ® ˚ A, C, and E. traceroute does not include the “source” IP address for each link. ✓ A and C. The attempt will fail because the request is for a host outside the subnet and the 11. ® sending host has an improperly configured subnet mask. The ARP request will be sent for the default gateway since the packet is intended for another subnet. ® ˚ B and D. These are false statements. ✓ A and D. Both commands display detailed information about SW1. The show cdp 12. ® neighbors detail command will show all neighbors, including SW1. show cdp entry SW1 will display the same detailed information, but only for switch SW1. ® ˚ B and C. These commands have incorrect syntax. ✓ D. Since line status is up, layer-1 issues are good. A protocol status of down indicates a 13. ® layer-2 problem—most likely a mismatch on encapsulation types. ® ˚ A. A bad cable would be a layer-1 problem, and line status is good. B. The shutdown command would result in a line status of “Administratively down” and a protocol status of “down.” C. The interface will not pass traffic with either status of down. ✓ D. The “STATIC” entry indicates the MAC address was manually defined as part of port 14. ® security on the interface. If the system connecting to the switch does not have that MAC address, the interface will not pass traffic. ® ˚ A. This cannot be determined with the provided message output. B. The interface is, indeed, in VLAN1, but VLAN1 is not reserved for management purposes. All interfaces are in VLAN1 by default, so this should have no effect on the system. C. This is a false statement. ✓ A. The router is sending RIP-1 updates, shown by the “1” in the Send column. Since other 15. ® routers are using RIPv2, none of the updates will be recognized by other routers. ® ˚ B, C, and D. These are all false statements.

This page intentionally left blank

Appendix About the CD

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

456

Appendix:

About the CD

T

he CD-ROM included with this book comes complete with 100 unique electronic practice exam questions from the author, the Boson NetSim Limited Edition (LE), CertCam video training narrated by the author, an electronic version of the book, Boson Software utilities, and the Boson Exam Environment (BEE). The software is easy to install on any Windows 98/Me/2000 Pro/XP/Vista computer and must be installed to access the Boson NetSim LE and electronic practice exam features. You may, however, browse the electronic book, CertCams, and Boson utilities directly from the CD without installation.

System Requirements Software requires Windows 98SE or higher and Internet Explorer 5.0 or above and 120MB of hard disk space for full installation. The electronic book requires Adobe Acrobat Reader version 5.0 or higher. To access the CertCams, you must have a Windows-compatible sound card installed and enabled.

Installing and Running the Boson NetSim LE and BEE If your computer CD-ROM drive is configured to auto run, the CD-ROM should automatically start up upon inserting the disc. If the auto run feature did not launch the CD, browse to the CD and click the Setup icon. From the opening screen, you may install the Boson NetSim LE or the BEE by clicking the Install NetSim LE or the Install BEE link. For information about technical support related to the content of the practice exam, see “Book Technical Support” at the end of this appendix. Information about customer support for the Boson Software included on the CD is also shown at the end of the appendix.

Boson NetSim LE The Boson NetSim LE is a restricted version of the Boson NetSim. Boson NetSim is an interactive network simulator that will allow you to simulate a wide variety of tasks as if you were working on a real network. Once you have installed the NetSim LE, you may access it quickly through Start | Programs | Boson Software.

Installing and Running the Boson NetSim LE and BEE

457

Register the Boson NetSim LE The first time the simulator runs it requires registration. Enter your Boson account information along with the activation code found on the CD-ROM sleeve. If you do not have a valid boson.com account, first create one by visiting boson.com/account. Once registration is complete, the software will load. To load any of the labs found in this book, select one of them from the Lab Navigator and click the Load Lab button.

BEE and Practice Exams The BEE is a software-based delivery platform for the electronic practice exams. The electronic practice exams provide you with a simulation of an actual CCNA exam. You have the option to customize your test-taking environment by selecting the number of questions, the type of questions, and the time allowed in order to assist you in your studies. The BEE also allows you to simulate an actual test-taking environment. You also have the option to take exams by chapter or objective and the option to an exam in study mode, including references and answers. This practice exam has been created specifically for McGraw-Hill and is available only by purchasing this McGraw-Hill book.

Installing and Running the BEE To access your practice exam, install the BEE. Then, use the Exam Wizard to create a Boson account. Finally, activate the practice exam using the activation code from the back of the book. Note that an active Internet connection is required for the initial activation and download of the practice exam content.

Accessing Your Practice Exam Follow these steps to access the practice exam on the CD: 1. Install the Exam Engine from the CD menu. 2. The first time you run the software, a wizard will help you create the required Boson account. 3. After creating an account and logging in, the Exam Wizard should start and will guide you through the process of activating and downloading the exam. If the wizard does not automatically start, choose the Exam Wizard option or use the Unlock An Exam option, available through Exam Tools.

458

Appendix:

About the CD

Using the Exam Wizard 1. Select the Activate A Purchased Exam option. 2. Enter your activation key. 3. Select the exam(s) you want to download. Using the Unlock an Exam Tool 1. Select Unlock An Exam. 2. Enter your e-mail address, password, and activation key. 3. Select the My New Exams tab. 4. Select the exam(s) you want to download 5. Click the Download Exam or Download All button.

Electronic Book The entire contents of the Study Guide are provided in PDF format. Adobe’s Acrobat Reader is used to read PDF files and can be downloaded free of charge from www.adobe.com. Simply select the View Book In Electronic Format link from the main CD launch page.

CertCams CertCam custom .AVI clips demonstrate how to perform complex configurations with IOS commands on Cisco routers and Catalyst switches. These clips walk you step-by-step through various system configurations. You can access the clips directly from the CertCam table of contents by selecting the View CertCam Index link on the main CD launch page. Do not try to play the custom .AVI file clips without using the CD-ROM menu program. Each chapter that has CertCams in it references the appropriate link from the screen.

Help Individual help features are available through Boson’s NetSim LE and the BEE. Review the Boson NetSim LE User’s Guide for details on registration and how-to directions on completing the practice labs.

Boson Software Technical Support

459

Removal Installation(s) For BEST results for removal of Windows programs, choose Start | Programs | Control Panel | Add/Remove Programs to remove the NetSim or the practice exam software.

Book Technical Support For questions regarding the technical content of the book, electronic practice exam, the electronic book, or the CertCams, please visit www.mhprofessional.com (click the Computing tab) or e-mail [email protected]. For customers outside the 50 United States, e-mail [email protected].

Boson Software Technical Support For technical problems with the Boson NetSim LE (installation, operation, and removal installations) and the BEE, and for questions regarding the Boson activation, visit www.boson.com, or e-mail [email protected], or follow the help instructions in the help features included with the Boson NetSim LE or BEE.

This page intentionally left blank

Glossary

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

462

Glossary

10base2 Ethernet specification for 50-ohm thin coaxial cable and a signaling rate of 10–megabits of data per second (Mbps) baseband. 10base5 Ethernet specification for 50-ohm thick (standard) baseband coaxial cable and a signaling rate of 10-Mbps baseband. 10base36 Ethernet specification using broadband coaxial cable. Signaling rate is 10 Mbps. 10baseFL Ethernet specification for two pairs of twisted pair (Category 3, 4, or 5) cabling. One pair is used for transmitting data and the other for receiving data. Signaling rate is 10-Mbps baseband. 10baseFX Fast Ethernet specification for two strands of multimode fiber-optic cable per link. Signaling rate is 100-Mbps baseband. Segment length cannot exceed 400 meters. 10baseT; 100baseT; 1000baseT An Ethernet specification able to handle up to 10 Mbps, 10baseT Ethernet imposes differing limitations, depending on the type of physical wire being used and the number of nodes attached to the network. Newer Ethernet standards more common in modern networking are 100baseT, which has a signaling rate of 100 Mbps; or 1000base-T, with a signaling rate of 1000 Mbps. 10baseT and 100baseT use two pair, while 1000baseT uses all four pairs. 100baseTX Fast Ethernet standard developed by the Institute of Electrical and Electronics Engineers (IEEE) using two-pair copper cabling, capable of a speed of 100 Mbps and a cable length of up to 100 meters. This standard uses two of the four available pairs within a Category 5 or higher twisted pair cable. 802.1q VLAN trunking standard developed by IEEE. 802.11a Wireless LAN standard developed by IEEE, using the U-NII spectrum and Orthogonal Frequency Division Multiplexing (OFDM) encoding, at speeds up to 54 Mbps. 802.11b Wireless LAN standard developed by IEEE, using ISM spectrum and Direct Sequence Spread Spectrum (DSSS) encoding, at speeds up to 11 Mbps.

Glossary

463

802.11g Wireless LAN standard developed by IEEE, using the ISM spectrum and OFDM or DSSS encoding, at speeds of up to 54 Kbps. 802.11i Wireless LAN security standard developed by IEEE. Wi-Fi Protected Access Version 2 (WPA2) is the implementation of this standard. Access Control List (ACL) A method of keeping the Internet traffic in check that attempts to flow through a given hub, router, firewall, or similar device. Access control is often accomplished by creating a list specifying the IP addresses, protocols, and/or ports from which permitted traffic can come. The device stops any traffic coming from IP addresses, protocols, or ports not on the ACL. access link The physical serial link connecting frame relay data terminal equipment (DTE) to a switch. access point (AP) A wireless LAN device providing a means for wireless clients to send data to each other and to the rest of a wired network. The access point is connected to both the wireless LAN and the wired Ethernet LAN. acknowledgment (ACK) A notification sent from one network device to another indicating a message or group of messages has been received. activity light A light-emitting diode (LED) illuminated to indicate that a piece of hardware is working, communicating with the network, and/or transmitting data. address A numbering convention to provide a unique identity to each entity or location on the network. This term is also used to identify the numbers assigned to each useable location of memory. address learning A method by which switches and routers determine the unique address number for each device on a network, enabling accurate transmission to and from each node. address resolution A technique for resolving differences between computer addressing schemes; most often used method for mapping Network layer addresses to Data Link layer addresses.

464

Glossary

Address Resolution Protocol (ARP) Defined in RFC 826, ARP is a protocol used to map a known IP address to a physical (MAC) address. To build the frame for transport, the host sends an ARP request (broadcast), asking other hosts if they know the MAC address for a given IP address. The host the IP address belongs to, or the default gateway, will answer with their MAC address. ARP cache can be viewed on a host using arp –a, and on a router using show ip arp. ad hoc mode A mode of operation in a Wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP). Hosts in an ad hoc network can only communicate with the directly connected neighbor. They cannot communicate with other hosts, regardless of their location. administrative distance A metric used by Cisco routers to choose between multiple routes to reach the same destination, when routes were learned by different routing protocols. A lower value indicates a better source of routing information. advertising A process where a router sends routing or service updates at frequent intervals so other routers on the network can maintain tables of usable routes or services. agent A program that reports information to another computer or allows another computer access to the local system. algorithm A set of mathematical rules (logic) for the process of encryption and decryption. Also used for determining the delay of retransmission in the event of a collision. anti-x Cisco term referring to various security tools for preventing attacks. Application layer Layer 7 of the OSI Reference Model. It provides services to end-user applications processes such as file transfer, electronic mail, and terminal emulation. ARP table A list of IP addresses with the corresponding MAC addresses stored on a local computer.

Glossary

465

asymmetric A feature of many Internet access technologies, including DSL, cable, and modems, in which the downstream transmission rate is higher than the upstream transmission rate. asynchronous The lack of an imposed time ordering on a bit stream. Practically, both sides agree to the same speed, but there is no check or adjustment of the rates if they are slightly different. However, because only one byte per transfer is sent, slight differences in clock speed do not affect the communication. asynchronous digital subscriber line (ADSL) A DSL technology providing more bandwidth downstream than upstream. asynchronous transfer mode (ATM) A networking technology which breaks data into fixed-length (53-byte) cells, enabling high-transfer speeds. Widely used for the backbone, or core, of many Internet service provider networks because the fixed-length cells allow processing to occur in hardware, reducing latency. asynchronous transmission The transmission of digital signals without precise clocking or synchronization. authentication Individual identification process, usually based on a username and password. Authentication usually requires something a person has (such as a key, badge, or token), something a person knows (such as a password, ID number, or mother’s maiden name), or something a person is (for example, a photo, fingerprint, or retina scan). When authentication requires two of those three things, it is considered strong authentication. authentication, authorization, and accounting (AAA) Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts, both successful and unsuccessful. authentication header (AH) An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit. authorization To convey official access or legal power to a person or entity.

466

Glossary

autonomous system (AS) A group of networks sharing administration and a common routing strategy. auxiliary port A physical connector on a router designed to be used to allow a remote terminal, or a PC with a terminal emulator, to access a router using an analog modem. backbone The main network connections composing the Internet. Also used to describe the primary infrastructure equipment of a local area network (LAN). backoff The delay in retransmission after a network node determines the physical medium is already in use. Used by contention-based MAC protocols such as Ethernet. balanced hybrid General type of routing protocol algorithm. Cisco classifies Enhanced Interior Gateway Routing Protocol (EIGRP) as using a balanced hybrid algorithm. bandwidth The total throughput capacity of a network link or segment. The total bandwidth speed on a link is often not achieved due to traffic, attenuation, interference, and hardware. Basic Rate Interface (BRI) An ISDN interface for circuit switched communication of voice, video, and data composed of two 64-Kbps bearer (B) channels and one 16-Kbps data (D) channel. Basic Service Set (BSS) A wireless LAN (WLAN) with only one access point. bastion host A computer placed outside a firewall to provide public services to other Internet sites; hardened to resist external attacks. bearer channel (B channel) An ISDN term meaning a full-duplex 64-Kbps channel used for data transmissions. best-effort delivery Describes a network system with no acknowledgment of delivery of data. Used in protocols such as IP and UDP.

Glossary

467

binary A numbering system consisting of two digits: 0 and 1. bitmask A pattern of bits for an IP address. Determines how many digits of the IP address identify the host and how many identify the network. blocked port A security measure in which a specific port is disabled to prevent external users from gaining access to the network through that port. The ports commonly blocked are those typically exploited in attacks. blocked site An external IP explicitly blocked so it cannot connect with hosts internal to the network. Boolean AND Math operation in which two binary numbers are used; 1 AND 1 yields a 1, any other combination will result in a 0. boot field In a Cisco router, the boot field value determines where the system will look for the Internetwork Operating System (IOS) to load. bridge A device used to connect two LANs, or segments of a LAN, so communication is possible without a router. Bridges can only connect networks running the same protocol. broadcast

A network transmission sent to all nodes on a network.

broadcast address A special type of networking address that denotes all nodes on a given network segment. broadcast domain A set of all devices receiving broadcast frames originating from any device within the set—for example, all devices in a VLAN. bus A common physical signal path composed of wires or other media allowing signals to be sent from one part of a computer to another. bus topology a central cable.

A type of network design in which all devices are connected to

468

Glossary

cable Transmission medium of optical fiber or copper wire with a protective cover. cable segment bridges.

A section of network cable separated by switches, routers, or

Category 5 cabling (Cat 5) A twisted pair cabling specification used for a variety of Ethernet standards. Cat 5 cabling is the minimum cable standard required for most modern Ethernet networks, such as 100baseT and 100baseTX. Carrier Sense Multiple Access With Collision Avoidance (CSMA/CA) A type of media access method where systems sense the carrier and attempt to avoid collisions, by use of an algorithm, to calculate a delay before sending data. In some cases, CSMA/CA also uses a ready-to-send signal to alert other systems that a transmission is about to begin. Carrier Sense Multiple Access With Collision Detection (CSMA/CD) A type of media access method where systems sense the carrier, transmit when clear, and stop transmission for a random amount of time if signals collide before attempting a retransmission. On a shared medium, collisions are indicated by a spike in voltage on the carrier channel. Challenge-Handshake Authentication Protocol (CHAP) An authentication method where the person logging in uses secret information and some special mathematical operations to come up with a number value. The server he or she is logging in to knows the same secret value and performs the same mathematical operations. If the results match, the person is authorized to access the server. One of the numbers in the mathematical operation is changed after every login to protect against an intruder secretly copying a valid authentication session and replaying it later to log in. channel A communications path between two computers or devices. channel service unit/data service unit (CSU/DSU) Equipment, specific to the general circuit type, that isolates the network from the exchange carrier’s network. Receives the timing, low-level framing information, and data passed from the termination point.

Glossary

469

circuit switching A system in which a dedicated physical path must exist between sender and receiver for the call’s entire duration. Widely used in telephone networks. Cisco Discovery Protocol (CDP) A protocol used by Cisco network devices to inform directly connected neighbor devices that they are operational, and both advertises and receives various information to and from those neighbors. classful routing protocol A protocol where the subnet mask is not sent in with the subnet number. Network boundaries are based on A, B, and C classes. Classless Inter-Domain Routing (CIDR) An addressing scheme that allows one IP address to designate many IP addresses. A CIDR IP address looks like a normal IP address, except that it ends with a slash followed by a number. classless routing protocol A protocol where the mask is sent with the subnet number and is used to determine the network portion of the Internet Protocol (IP) address enabling support of variable-length subnet masking (VLSM). client A computer process that requests a service from another computer and accepts the server’s responses. client/server A network computing system in which individual computers (clients) use a central computer (server) for services such as file storage, printing, and communications. clocking Process of supplying a signal so the receiving device can keep synchronization with the sending device. Signals can be either a part of the signal transitions in the transmitted signal or on a separate pin on a serial cable. clock rate Describes the speed at which bits are encoded by a serial link onto the transmission medium. coaxial (coax) cable A type of cable used in Ethernet networking, with a solid central conductor surrounded by an insulator, which is in turn surrounded by a cylindrical shield woven from fine wires. The shield minimizes electrical and radio frequency interference.

470

Glossary

collision domain A section of the network where nodes compete for access to the same physical transmission medium. This conflict often results in a frame sent by one node’s NIC colliding with a frame sent by another NIC in the same collision domain. collisions In Ethernet, conflicts that occur when two packets are sent over the network simultaneously. The frames from each device cause an increase in voltage when they meet on the physical media; the frames are damaged and are rejected. The transmitting devices automatically resend them at altered timing. command-line interface (CLI) A user interface enabling interaction with the operating system by entering text commands and operational arguments. community string A string used for authentication between the trap message sender (SNMP agent) and the trap recipient (SNMP management station). configuration register A 16-bit user-configurable value to designate how a router functions during initialization. congestion

Traffic in excess of network capacity.

connectionless Data transfer without the previous existence of a circuit. console port Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure, query, and troubleshoot the router/switch by use of a terminal emulator and the CLI. contention Access method in which devices on the network compete for permission to access the physical medium. control messages Exchanged between LAC/LNS pairs. Operate in-band within the tunnel protocol to govern aspects of the tunnel and sessions within the tunnel. convergence Time required for routing protocols to react to changes in the network and update the routing tables so all routers in the network have the same view.

Glossary

471

cost A value, typically based on media bandwidth, that is assigned by a network administrator and used by routing protocols to compare various paths through an internetworked environment. Cost values are used to determine the most efficient path to a particular destination. The lower the cost, the better the path. crossover cable Ethernet cables have multiple wires inside. A portion is dedicated to sending; some are dedicated to receiving. A crossover cable is a special cable in which the receive and send wires cross so the sending leads on one device can directly connect to the receiving leads on the other device. customer premises equipment (CPE) Communications equipment located at the customer site rather than inside the service provider’s network. cut-through switching Internal processing option in which the frame is forwarded after the header is received but before the entire frame is received. data communications equipment (DCE) The devices and connections of a communications network representing the network end of the user-to-network interface. The DCE provides a physical connection to the network and provides a clocking signal used to synchronize transmission between DCE and DTE devices. datagram A packet of data containing information, plus origin and destination addresses, sent as a Network layer unit over a transmission medium without prior establishment of a circuit. Data Link layer Layer 2 of the OSI Reference Model. This layer provides the reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing, network topology, access to the network medium, error detection, the sequential delivery of frames, and flow control. The Data Link layer is composed of two sublayers: the MAC and the LLC. data terminal equipment (DTE) The device at the user end of a usernetwork interface serving as a data source, destination, or both. data transmission speed The number of bits that can travel per second over a network cable, typically measured in bits per second (bps).

472

Glossary

dedicated line A communication line indefinitely reserved for transmission rather than switched as transmissions require. default gateway When individual devices on a network segment send data packets, they check the packet’s destination to determine if the destination is local (meaning, on the same network segment) or not. If the destination is not local, the device forwards it to a node on the network serving as the entrance to all other networks. This node is called the default gateway, and could be any routing device, such as a router or a firewall appliance. default route A routing table entry used to direct packets when there is no explicit route specified. delay The time required for a packet to move from the source to the destination over a network path. Also known as latency. demarc Separation point between the customer’s equipment and the service provider’s equipment. demilitarized zone (DMZ) A partially protected zone on a network, not exposed to the full fury of the Internet, but not fully behind the firewall either. This technique is typically used on parts of the network which must remain open to the public (such as a web server), but must also access trusted resources (such as a database). The point is to allow the inside firewall component, guarding the trusted resources, to make certain assumptions about the impossibility of outsiders forging DMZ addresses. Denial-of-Service (DoS) attack An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks. destination address device printer.

Address of the network device intended to receive data.

A generic term for computer equipment such as a hub, switch, router, or

Glossary

473

dial-up connection A connection between a remote computer and a server that is established using software, a modem, and a telephone line. digital channel A circuit-switched communication path intended to carry digital information in each direction. digital signal level 0 (DS0) A 64-Kbps line or channel of a faster line inside a telecommunications company originally developed to support a single voice call using Pulse Code Modulation. digital subscriber line (DSL) Public network technology providing high bandwidth via conventional telecommunications company local-loop copper wiring over short distances. Normally used for connecting customers to an Internet service provider (ISP). Direct Sequence Spread Spectrum (DSSS) An encoding method for transmission via a wireless LAN. The device uses 1 of 11 nearby frequencies in the 2.4GHz range. distance vector A routing algorithm in which each router sends its entire routing table to its neighbors for each update. Computationally simpler than link-state routing algorithms, but it can be prone to routing loops. Domain Name System (DNS) A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly hierarchical Internet addresses, and vice versa. Domain Name System (DNS) cache poisoning An attack technique that tricks your DNS server into believing it has received authentic information when, in reality, it has been given fraudulent data. Domain Name System (DNS) lookup The DNS act of matching a friendly readable domain name to the corresponding IP address. dotted notation The notation used to write IP addresses as four-decimal numbers separated by dots (periods), sometimes called dotted quad.

474

Glossary

Dynamic Host Configuration Protocol (DHCP) A standard proposed in RFC 1541 for transferring network configuration information from a central server to devices as the devices boot up. This data typically includes a machine’s IP address, which the server can change and allocate automatically under DHCP. DHCP server A device that automatically assigns IP addresses to networked computers from a predetermined pool of numbers. Unused IP addresses are returned to the pool. Using a DHCP server, an administrator normally does not have to get involved with the details of assigning IP addresses to individual clients. dynamic routing Routing that adjusts automatically to changes in traffic patterns or network topology. E1 European equivalent of the T1 line. Composed of 32 64-Kbps channels, with one channel reserved for framing and for other overhead. Uses a rate of 2.048 Mbps. encapsulation The process of attaching a particular protocol header to a unit of data before transmission on the network. Ethernet Baseband LAN specification developed by Xerox Corporation, Intel, and Digital Equipment Corporation. One of the least expensive, most widely deployed networking standards. Uses the CSMA/CD method of media access control. Also known as the 802.3 standard. Ethernet address A unique ID number obtained automatically when an Ethernet adapter (network interface card) is added to a device. This address identifies the machine as a unique communication item and enables direct communications to and from that particular device. Also called the physical address, layer-2 address, and MAC address. event Any network incident that prompts some kind of log entry or other notification. Extended Service Set (ESS) Creating one wireless local area network (WLAN) by combining multiple access points, which allows roaming between access points.

Glossary

475

Extensible Authentication Protocol (EAP) Framework for point-to-point authentication protocols including arbitrary dialog sequences, challenge/response, and clear text. Exterior Gateway Protocol (EGP) A routing protocol that exchanges routing information between autonomous systems. external interface A port intended for connecting to the Internet and any other switches, routers, or servers connected to, but outside, your network. Presents the greatest security risk to your network. external network Any network connecting to yours, with which you have neither a trusted nor a semi-trusted relationship. failover A configuration that allows a secondary device to take over in the event of a malfunction or power loss in the first device, thus allowing normal use to return or continue. fast Ethernet An Ethernet networking system transmitting data at 100 million bits per second (Mbps), ten times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard, it is also known as 100base-T. fiber distributed data interface (FDDI) LAN standard, defined by ANSI X3T9.5, specifying a 100-Mbps token-passing network using fiber-optic cable and a dual-ring architecture for redundancy, with transmission distances of up to two kilometers. file server A dedicated network computer that stores data files so other computers can share access to them. File Transfer Protocol (FTP) over the Internet.

The most common protocol for copying files

filter A set of rules defined to screen network packets based on source address, destination address, or protocol. These rules determine if the packet will be forwarded or discarded.

476

Glossary

filtering process Deciding whether a packet should be allowed or denied. Forwarding will depend on the header or the packet contents and the user-defined policies. filters Small and fast user-defined rules in a firewall that examine packets as they arrive and route or reject the packets based on those rules. firewall Software or hardware components that restrict access between a protected network and the Internet, or between other sets of networks, to block unwanted use or attacks. flash memory Nonvolatile storage that is able to be electrically erased and reprogrammed as desired. flash update Routing update sent asynchronously when a change in the network topology occurs. flat addressing An addressing system that does not incorporate a hierarchy to determine location. flood Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. flow control Technique for ensuring a transmitting device, such as a modem, does not overwhelm a receiving device with data. When the receiving device buffers are full, a message is sent to the sending device to suspend transmission until the data in the buffers is processed. four-wire circuit A line consisting of two twisted-pair wires, where each pair sends data in one direction to create a full-duplex connection from the telecommunications company. forwarding

The process of sending a packet or frame toward the destination.

fragmentation Process of breaking a packet into smaller units when transmitting over a network medium unable to support a transmission unit that is the original size of the packet.

Glossary

477

fragment free switching An internal processing option available on some Cisco LAN switches that allows the first bits of the frame to be forwarded once the first 64 bytes of the frame are received but before the entire frame is received. If the network is properly designed, collision fragments should not occur as a result of this process. frame Logical grouping of information sent as a Data Link layer unit over a transmission medium. Sometimes refers to the header and trailer, used for synchronization and error control, which surround the user data contained in the unit. frame relay An industry-standard switched Data Link layer protocol that handles multiple virtual circuits over a single physical interface. Frequency Hopping Spread Spectrum (FHSS) A wireless LAN (WLAN) data-encoding method not found in modern WLANs, in which consecutive transmissions occur on different nearby frequency bands as compared with the previous transmission. full duplex The capability of a communications device to concurrently send and receive data. The CSMA/CD logic must be disabled on both the sending and receiving devices to allow this type of communication in an Ethernet LAN. full mesh A network topology in which each network node has either a physical circuit or a virtual circuit connecting it to every other node on the network. fully qualified domain name (FQDN) A fully qualified domain name consists of a host and domain name, including a top-level domain such as .com, .net, .mil, .edu, and so on. gateway A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks. graphical user interface (GUI) The visual representation on a computer screen that allows users to view, enter, or change information. It is characterized by icons and commonly utilizes a mouse, in contrast to a command-line interface (CLI), which only uses text.

478

Glossary

half duplex The capability for data transmission between sending and receiving stations in both directions, but only one at a time. header Control information found at the beginning of a communication packet that provides information about the packet such as the computer of origin, the intended recipient, packet size, and destination port. hello packet Multicast packet used by routers for neighbor discovery and recovery. Hello packets indicate that the device is still on the network and operational. Hello protocol Used by OSPF and other routing protocols for establishing and maintaining neighbor relationships. hexadecimal A base-16 numbering system that resembles decimal (base-10) numbering with the digits 0 through 9, but where the decimal equivalents of 10 through 16 are represented in hexadecimal by the letters A through F. hierarchical addressing determine location.

A scheme of addressing utilizing a logical hierarchy to

High-Level Data Link Control (HDLC) A point-to-point and multiparty link-layer technology. Provides reliable acknowledged transfer across dedicated links. HDLC is the default protocol on Cisco protocols. holddown State of a routing table entry in which routers will neither advertise a route nor accept advertisements about a route for a specific length of time. hop

Term describing the passage of a data packet between two network nodes.

hop count Routing metric used to measure the distance between a source and a destination. host A computer connected to the network. host address

Part of an IP address designating which node is being addressed.

Glossary

479

hub A device that serves as a common connection point for multiple devices on a network. Receives signals and forwards them to all the devices connected to it. inactivity timer A timer associated with each switch MAC address table entry that counts time upwards from zero and resets to zero each time the switch receives a frame with the same MAC address. Infrastructure mode A mode of wireless LAN (WLAN) operation allowing clients to send and receive data by utilizing an access point (AP). WLAN clients are only able to communicate with the wired infrastructure as well as one another through the AP. inside global Term referring to the IP address used in the headers of packets sent to and from nodes inside the trusted network when those packets traverse the global (public) Internet. inside local Term referring to the IP address used in the headers of packets sent to and from nodes inside the trusted network when those packets traverse the enterprise (private) part of a network using NAT. Institute of Electrical and Electronics Engineers (IEEE) An organization composed of engineers, scientists, and students who issue standards related to electrical, electronic, and computer engineering. Integrated Services Digital Network (ISDN) A service permitting telephone networks to transmit voice, data, and other traffic typically offered by telephone companies. This service is commonly used as an Internet access technology and for backup purposes. interface A connection between two devices. In routing, a network connection. Interior Gateway Protocol (IGP) An Internet routing protocol used to exchange routing information within an autonomous system. International Organization for Standardization (ISO) An international organization composed of national standards bodies from over 75 countries; developed the OSI Reference Model.

480

Glossary

International Telecommunication Union-Telecommunication (ITU-T) A worldwide telecommunications technology standards organization, formerly called the Consultative Committee for International Telegraph and Telephone (CCITT), that proposes and establishes standards for international telephony. Internet Term used to refer to the global internetwork evolved from ARPANET, which now connects networks worldwide. Internet address class For efficient administration, the entire range of possible 32-bit IP addresses were separated into three classes that represent networks of varying sizes: Class A: If the first octet of an IP address is less than 128, it is a Class A address. A network with a Class A address can have up to about 16 million hosts. Class B: If the first octet of an IP address is from 128 to 191, it is a Class B address. A network with a Class B address can have up to 64,000 hosts. Class C: If the first octet of an IP address is from 192 to 223, it is a Class C address. A network with a Class C address can have up to 254 hosts. Internet Assigned Number Authority (IANA) The central authority charged with assigning parameter values (numbers) to Internet protocols. Currently, IANA manages port numbers 1 through 1023. Internet Control Message Protocol (ICMP) and error messages between nodes on the Internet.

A protocol used to pass control

Internet Corporation for Assigned Names and Numbers (ICANN) A nonprofit private-sector corporation formed by a broad coalition of the Internet’s business, technical, academic, and user communities. Coordinates the technical management of the Internet’s Domain Name System, the allocation of IP address space, the assignment of protocol parameters, and the management of the root server system. Internet Engineering Task Force (IETF) A large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. Internet Protocol (IP) Detailed specifications that control how data packets are formatted and how they move from one networked computer to another.

Glossary

481

Internet Protocol address An IP address is a numeric identifier that represents a computer or device on a TCP/IP network. The devices on the network rely on the address in order to know where to route data. The format of an IP address is a 32-bit number divided into four 8-bit segments, separated by periods. The four segments, called octets, can be represented in binary notation (1’s and 0’s). Because writing numerous 1’s and 0’s is impractical for humans, IP addresses are typically converted to decimal notation when written. In decimal notation, no octet can have a value greater than 255. This is because binary requires nine 1’s and 0’s to express a number greater than 255, and the rules for IP addresses only allow eight. Some portion of any IP address designates a network, and the remaining portion of the address designates a specific device on that network. Internet service provider (ISP) A business, government agency, or educational institution that provides access to the Internet. Internetwork Operating System (IOS) Cisco operating system software. Provides the vast amount of the router or switch features. The remaining features are supplied by the hardware. Internetwork Operating System Image

A file containing the Cisco IOS.

Inter-Switch Link (ISL) Cisco-proprietary protocol used to maintain VLAN information as traffic flows between routers and switches. intranet A self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal. intrusion detection system (IDS) A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported. intrusion prevention system (IPS) A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measures taken to prevent the more significant threats.

482

Glossary

jitter

The variation in packet transmit delay from sender to receiver.

keepalive Messages periodically sent by neighboring routers to let one know the other is still operational. L2TP Network Server (LNS) Operates on any platform capable of PPP termination. Handles the server side of the L2TP protocol. Layer 2 Tunneling Protocol Access Concentrator (LAC) Device attached to one or more PSTN or ISDN lines. Capable of PPP operation and concentrating the Layer 2 Tunneling Protocol (L2TP). The LAC implements the media over which L2TP is to operate to pass traffic to one or more L2TP Network Servers (LNS). It can tunnel any protocol carried within PPP. leased line A serial communications circuit leased for a monthly fee between two points, provided by a service provider, usually a telephone company. light-emitting diode (LED) A small light on a device that indicates the status and other information about equipment such as power on/off and receiving data. Lightweight Directory Access Protocol (LDAP) A protocol for managing information and permissions about authorized users on a network. LDAP is vendorand platform-neutral, meaning it works across otherwise incompatible systems. link state A routing protocol that builds a detailed database that tracks links and their status used to calculate the best routes. local area network (LAN) A computer network confined to a relatively small area such as a single building or campus. local loop A line extending between the telephone subscriber premises to the telephone company. loopback interface A special interface that allows network connections from the device to itself using IP. This enables routing and application testing.

Glossary

483

MAC address A unique 48-bit identifier written as 12 hexadecimal characters grouped in pairs hard-coded into a network interface card (NIC) by its manufacturer, and which does not change. Also referred to as the physical address. Used by switches and other devices to locate specific nodes on the network. Management Information Base (MIB) Database of network management information used and maintained by a network management protocol such as SNMP. Organized in a tree structure that includes public and private branches. media A physical environment through which signals pass. Media Access Control (MAC) Lowest sublayer of the Data Link layer (OSI model layer 2) defined by IEEE. Handles access to shared media. mesh Network topology in which each node on the network has a connection to every other node on the network in a full mesh implementation or to several other nodes in a partial mesh implementation. metric A unit of measure employed to determine the best path for traffic to travel to reach a particular destination used by routing protocol algorithms. modem (modulator/demodulator) A communications device that translates digital signals to analog, transmits the converted signal over a standard telephone line, and then translates the signals back to digital when received. multicast

A single packet sent to a specific subset of network addresses.

multicast address

A single address used to designate multiple network devices.

multimode Fiber-optic cabling with a larger core than single-mode; this enlarged core allows light to enter at multiple angles. This cable type has a lower bandwidth than single-mode fiber but can use a less expensive light source, such as an LED, rather than a laser. multiplexing Technique that allows the simultaneous transmission of multiple logical signals across a single physical channel.

484

Glossary

Multistation Access Unit (MSAU) in a token ring network are connected.

Wiring concentrator where all end stations

National Institute for Standards and Technology (NIST) A division of the U.S. Department of Commerce that publishes open interoperability standards called Federal Information Processing Standards (FIPSs). Part of NIST’s charter is to distribute complete and accurate information about computer security issues to government and the general public. Network Access Server Device providing temporary on-demand point-to-point network access to users. network address The network portion of an IP address. For a Class A network, the network address is the first byte of the IP address; for a Class B network, the network address is the first two bytes; and for Class C, the network address is the first three bytes. The remaining bits are used to identify specific computers, often called hosts. Network Address Translation (NAT) A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way, IP addresses of machines on your internal network are hidden from external users. Network Control Protocol PPP link.

Negotiates the protocol-specific particulars of the

network interface card (NIC) Adapter that provides the physical connection to send and receive data between the computer and the network media. network segment a router. node

Subset of a computer network bounded by a device such as

A device on a network.

non-volatile read access memory (NVRAM) A type of random-access memory (RAM) that retains data when the device is powered off.

Glossary

485

octet A byte. Used instead of “byte” in most IP documents because historically many hosts did not use 8-bit bytes. Open Database Connectivity (ODBC) Set of application programming interface function calls used to access data stored in both relational and nonrelational database management systems. Open System Interconnection (OSI) Reference Model A network architecture framework developed by ISO and ITU-T that describes seven layers. Each layer provides a specific network function. Orthogonal Frequency-Division Multiplexing (OFDM) A data encoding method in WLANs enabling generally higher data-transfer rates than FHSS and DSSS encoding methods. out-of-band signaling Transmission using channels or frequencies outside those normally employed for data transfer. Often used for error reporting. packet A unit of information formatted according to specific protocols that allow precise transmittal of data from one network node to another. (Also called a datagram or a data packet.) Contains a header (container) and a payload (contents). Any IP message larger than 1500 bytes will be fragmented into packets for transmission. packet filtering Controlling access to a network by analyzing the headers of incoming and outgoing packets, and either letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination, source, protocol, and/or port. Packet Internet Groper (PING) Utility that sends an ICMP echo message to determine if a specific IP address is accessible. If the message receives a reply, the address is reachable. password A secret sequence of characters that a user submits to a system for purposes of authentication, validation, or verification.

486

Glossary

Password Authentication Protocol (PAP) A simple PPP authentication mechanism in which the username and password are transmitted in clear text to prove a user’s identity. It compares the username and password to a table listing authorized users. payload

The data contents of a packet excluding the header and trailer.

Point-to-Point Protocol (PPP) Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits. Point-to-Point Tunneling Protocol (PPTP) A VPN tunneling protocol with encryption. The two nodes in a VPN can be connected by using one TCP port for negotiation and authentication and one IP protocol for data transfer. port The logical endpoint for a connection, conceived so computing devices can handle multiple applications over one network connection. Port Address Translation (PAT) A NAT feature where an internal global IP address supports in excess of 65,000 concurrent TCP and UDP connections. prefix notation An addressing scheme that allows one IP address to designate many IP addresses. A CIDR IP address looks like a normal IP address except it ends with a slash followed by a number. Presentation layer Layer 6 of the OSI Reference Model. Concerned with data structures used by programs, this layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system. primary rate interface (PRI) ISDN interface to primary rate access that consists of a single 64-Kbps D channel plus 23 (T1) or 30 (E1) B channels for voice or data. private network address An IP address range intended for use only within the confines of a single organization—and which is not meant to extend beyond the perimeter, or firewall, of the organization.

Glossary

487

protocol A formal set of rules describing data transmission, especially across a network. Determines the type of error checking, the data compression method, how sending the device will indicate completion, how the receiving device will indicate the message was received, and so on. protocol data unit (PDU) A Simple Network Management Protocol (SNMP)compliant request, response, or trap message. The PDU for layer 2 is the frame; for layer 3, the packet; layer 4’s is the segment; and data is the PDU for the uppermost layers. protocol stack Set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI Reference Model. proxy ARP host.

Sends an ARP response on behalf of an end node to the requesting

public switched telephone network (PSTN) The various telephone networks and services operational worldwide. Also called plain old telephone service (POTS). pulse code modulation (PCM) An encoding technique that changes analog voice into a 64-Kbps data stream by sampling with 8-bit resolution at a rate of 8000 times per second. Quality of Service (QoS) A given Quality of Service level is sometimes required for a particular user to be tunneled between an LNS/LAC pair. queue Backlog of packets stored in buffers and waiting to be forwarded over an interface. remote procedure call (RPC) A protocol that allows a client computer to request services from a server, and the server to return the results. repeater A network device that regenerates transmission enabling signals to travel extended cable lengths without losing or distorting data. A repeater can relay messages between subnetworks using different protocols or cable types.

488

Glossary

Request for Comments (RFC) RFC documents describe standards used or proposed for the Internet. Each is identified by a number. reverse lookup; reverse DNS lookup Used to find the domain name associated with an IP address; the opposite of a DNS lookup. ring topology A networking configuration where all nodes are connected in a circle with no terminated ends on the cable. route 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can be entered dynamically or statically. routed protocol

A protocol defining packets able to be routed by a router.

router A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets. Routing Information Protocol (RIP) An Interior Gateway Protocol (IGP) that uses the router hop count and distance vector logic as the metric. Version 1 of this protocol is no longer widely used; version 2 contains more features, including support for variable-length subnet masking (VLSM). routing protocol A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network. RxBoot A limited-function version of the Internetwork Operating System (IOS) that was held in read-only memory in some earlier models of Cisco devices and is capable of performing several seldom needed low-level functions such as loading a new IOS into Flash memory to recover Flash if corrupted or deleted. scalable architecture growth.

Software and/or hardware constructed to allow efficient

Glossary

489

secure channel A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder, delete, insert, or read information. Secure Multipurpose Internet Mail Extensions (S/MIME) A standard for encrypting and authenticating MIME data. Used primarily for Internet e-mail. Secure Sockets Layer (SSL) A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet. Widely used on e-commerce, banking, and other sites requiring privacy. SSL also uses the public/ private key of the server. segment A section or subset of the network. Often a router or other routing device provides the endpoint of the segment. Serial Line Internet Protocol (SLIP) A protocol for exchanging packets over a serial line. server A computer providing services to network users or systems. server-based network A network in which all clients use a dedicated central server for storage, security, and other resources. service set identifier (SSID) A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. session hijacking An attack in which a hacker sends a command to an already established connection between two machines to wrest control of the connection from the machine that initiated it and, thereby, access a server without encountering authentication measures. Simple Mail Transfer Protocol (SMTP) mail between servers.

A protocol for sending electronic

single-mode Fiber-optic cable with a narrow core that allows light to enter at a single angle. The bandwidth for this type of cabling is higher than for multimode fiber but a light source with a narrow spectral width (such as a laser) is required.

490

Glossary

slash notation A method for expressing a binary subnet mask by adding a slash and the number of bits in the network portion of the address. The bits not used in the network address are used to indicate the addresses of specific devices on that subnetwork. Small Computer System Interface (SCSI) A standard for system-level interfacing between intelligent devices such as CD-ROM drives, floppy disks, hard disks, printers, scanners, and a computer that is processor-independent. SOCKS An IETF standard for managing TCP traffic through a proxy server. This protocol also provides a basic firewall as it filters incoming and outgoing packets and hides IP addresses of client applications. spam An electronic version of junk mail; unsolicited commercial e-mail sent to numerous recipients. Spanning Tree Protocol (STP) A protocol enabling a bridge, by use of the Spanning Tree algorithm, to dynamically work around loops in a network topology by exchanging bridge protocol data unit (BPDU) messages with other bridges to detect and remove loops. spoofing A method of falsely identifying the source of data packets. Often used by hackers to make it difficult to trace where an attack originated. star topology A network layout where each node on the network is connected to a center hub. stateful packet filtering Network traffic flow control in which the firewall examines more of the packet’s delivery information and conditions than in basic filtering and maintains a sense of context. static Network Address Translation The ability to have a firewall forward all traffic received on a given port and a given public IP address to a private IP address internal to the network. store-and-forward switching An internal processing method where the entire Ethernet frame must be received by the switch before the frame will be forwarded.

Glossary

491

subnet A subset of a network; typically uses a sequential range of Internet Protocol addresses. subnet mask A numeric value used by networking devices to determine which portion of an Internet Protocol (IP) address is the network portion and which is the host portion. switch A layer-2 device typically containing numerous ports for node connections that filters and forwards packets between LAN segments. Forwarding decisions are based on physical addresses maintained in tables on the device. SYN flood attack A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. In a successful TCP connection: 1. Computer 1 sends SYN (synchronize) packet. 2. Computer 2 acknowledges the connection attempt and sends back a SYN/ACK (synchronize/acknowledge) packet. 3. Computer 1 acknowledges Computer 2’s response. In a SYN flood attack, Computer 1 never acknowledges Computer 2 (the final step never takes place). This forces Computer 2 to wait for 1’s acknowledgment until the system times out and drops the connection. Flooding Computer 2 with a huge number of such incomplete requests keeps the system from servicing legitimate requests.

syslog A protocol used for sending and receiving log information for nodes on a network. telnet A remote control program in which a client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system. timestamping Recording the time, normally in a log file, when an event happens or when information is created or modified. topology The configuration or layout of the wiring of a network.

492

Glossary

Transmission Control Protocol (TCP) A standard enabling a wide variety of network devices to connect and exchange data. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the Internet. Transmission Control Protocol (TCP) handshake A three-step process that computers execute to negotiate a connection with one another. In a successful TCP connection: 1. Computer 1 sends SYN (synchronize) packet. 2. Computer 2 acknowledges the connection attempt and sends back a SYN/ ACK (synchronize/acknowledge) packet. 3. Computer 1 acknowledges Computer 2’s response. Once both computers are synchronized and acknowledged, they begin exchanging data.

Transmission Control Protocol / Internet Protocol (TCP/IP) A widely used networking standard that enables a variety of diverse systems to connect and exchange data. Transport Layer Security (TLS) A standard for encrypting e-mail, web pages, and other stream-oriented information transmitted over the Internet. trunk interface trunking.

A LAN switch interface using either IEEE 802.1Q or ISL

trust Confidence in the identity, integrity, and reliability of a person, company, or other entity. trusted interface The Ethernet port connecting to your internal network. tunnel An encrypted connection forming a point-to-point type connection between sites in which only the sender and the receiver of the data see it in a clear state.

Glossary

493

twisted pair cable A commonly used, inexpensive, and relatively low-speed transmission medium consisting of two insulated wires wound about one another. The wires can be shielded or unshielded. unshielded twisted pair (UTP) A four-pair wire medium used in a variety of networks. The fixed spacing required with coaxial-types between connections is not needed with UTP. User Datagram Protocol (UDP) A set of standards for transmitting data over networks without establishing a connection at the receiving end. A best effort is made to deliver the data, but no checks and verifications are performed to guarantee delivery. Thus, UDP is termed a “connectionless” protocol. UDP is simpler to implement and is used where a small amount of packet loss is acceptable, such as for streaming video and audio. user mode A user interface mode to a router or switch in which the user can enter only nondisruptive EXEC commands to view the current status, but will not allow changes to any operational settings. validation An examination of information provided by a system or user to determine network rights, privileges, or permissions. variable-length subnet masking (VLSM) The capability to specify a different subnet mask for the same Class A, B, or C network number on different subnets. VLSM can help optimize available address space. verification Testing the authenticity of a digital signature to see if it matches an expected result by performing special mathematical operations on data provided by a sender. virtual circuit (VC) Two DTE devices exchanging data directly with one another in the same way as a leased circuit but without a physical circuit. virtual local area network (VLAN) Devices, connected to one or more switches, that are grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.

494

Glossary

virtual private network (VPN) A technology that establishes a tunnel to create a private dedicated leased-line network over the Internet. The data is encrypted so it’s readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect to the company network from remote locations securely. Voice over Internet Protocol (VoIP) A technology capable of transporting voice traffic inside IP packets over an IP network. wide area network (WAN) Two or more LANs connected by a high-speed line across a large geographical area. Wi-Fi Protected Access (WPA) Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients. Wired Equivalent Privacy (WEP) A security standard enabling wireless computing devices to access a network via radio frequencies rather than physical wiring. WEP is not considered strong security although it does authenticate clients to access points, encrypt information transmitted between clients and access points, and check the integrity of each packet exchanged. wireless local area network (WLAN) A computer network confined to a relatively small area such as a single building or campus in which devices connect through high-frequency radio waves using IEEE standard 802.11. X.509v3 An ITU-T standard for digital certificates; an internationally recognized electronic document containing the issuer’s name and digital signature as well as the user’s identifying information, which is used to prove the identity and public key ownership of a communication network. XOR Abbreviation for “exclusive-or,” which is a mathematical operation used to represent the differences between two values. zero subnet In a classful IPv4 subnet, the network number with all binary 0’s in the subnet part of the number. When written in decimal, the zero subnet has the same number as the classful network number.

INDEX

! (exclamation point), 54, 237, 421 * (asterisk), 407 . (dot), 54 ? (question mark), 252–253, 287, 419 [] (brackets), 239 ^ (carrot), 256 “5-4-3” rule, 111 10 Mbps Ethernet ports, 317 10base Ethernet specifications, 456 10BASE2 (thinnet) cables, 72, 74 10BASE5 (thicknet) cables, 72 100base Ethernet specifications, 456 568A (crossover) cables, 76–77, 465 568B (straight-through) cables, 75–77 802.1q VLAN trunking standard, 456 802.11 wireless LAN standards, 116, 456 1000base Ethernet specification, 456

A AAA (authentication, authorization, and accounting), 287, 459 access attacks, 412 Access Control Lists (ACLs), 457 Access layer switches, 140, 273 access links, 372, 457 access points (APs), 380, 383–384, 457 access VPNs, 415 accessing configuration files, 241–248 acknowledgment (ACK) notification, 47, 457 ACLs (Access Control Lists), 457 activity lights, 318, 457 AD (administrative distance), 164, 458 ad hoc mode, 458 Adaptive Security Appliances (ASAs), 416 address learning, 457

address resolution, 457 Address Resolution Protocol (ARP), 114–115, 158, 458, 481 addresses. See also broadcast addresses; IP addresses; MAC addresses classful, 180 defined, 457 destination, 466 Ethernet, 106–107, 468 flat, 470 hierarchical, 472 host, 472 internal physical network, 18 logical, 18, 86, 162 loopback, 174 multicast, 477 port, 134, 144 private network, 176, 480 public, 378 adjacent layer interaction, 20 administrative distance (AD), 164, 458 Advanced Research Projects Agency Network (ARPANET), 32 advertising, defined, 458 agents, defined, 458 aggregation points, 140 AHs (authentication headers), 459 algorithms balanced hybrid, 460 defined, 458 distance vector routing, 165–166, 467 encryption, 387 ALOHAnet, 102, 119 American National Standards Institute (ANSI), 73 analog modems, 374–375 AND operations, 197–199, 217–218, 461

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

496

CCENT Cisco Certified Entry Networking Technician Study Guide

anonymous connection, 40 ANSI (American National Standards Institute), 73 Anti-X, 458 APIPA (Automatic Private Internet Protocol Addressing), 177 Application layer defined, 458 devices, 13, 18–19 DHCP, 37–39 DNS, 34–37 e-mail, 40–41 File Transfer, 39–40 overview, 34 SNMP, 41 Web surfing, 42–46 applications overview, 404–405 QoS, 405–406 SSH, 407–410 VoIP, 406–407 APs (access points), 380, 383–384, 457 ARP (Address Resolution Protocol), 114–115, 158, 458, 481 arp commands, 419, 425 ARP tables, 458 ARPANET (Advanced Research Projects Agency Network), 32 AS (autonomous systems), 335, 460 ASAs (Adaptive Security Appliances), 416 ASCII code, 14 ASN (autonomous system number), 335 asterisk (*), 407 asymmetric, defined, 376 asymmetric DSL, 459 asynchronous, defined, 459 asynchronous DSL, 459 asynchronous transfer mode (ATM), 372–374, 459 asynchronous transmission, 459 ATM (asynchronous transfer mode), 372–374, 459 attenuation, 70–71 authentication, 39, 459 authentication, authorization, and accounting (AAA), 287, 459

authentication headers (AHs), 459 authorization, 459 auto complete function, 252, 254, 260 auto secure setup script, 239 Automatic Private Internet Protocol Addressing (APIPA), 177 autonegotiation, 136–137 autonomous system (AS), 335, 460 autonomous system number (ASN ), 335 autosummarization, 335 auxiliary ports, 317, 460

B B channels (bearer channels), 460 backbones, 80, 460 backoff, 460 BACKSPACE shortcut, 256 backup static routes, 332 balanced hybrid algorithm, 460 bandwidth, 4, 460 bandwidth command, 319, 348, 370 bandwidth speed(kbps) command, 320 banner command, 241, 279 banner type delimiter command, 278 banners, 278–279 Basic management setup mode, 276 Basic Rate Interface (BRI), 460 Basic Service Set (BSS), 384, 460 bastion hosts, 460 Bayonet Neill-Concelman (BNC), 72, 78 bearer channels (B channels), 460 Bell, Alexander Graham, 374 best-effort delivery, 460 BGP (Border Gateway Protocol), 335, 336 binary math, 192–197, 461 bit values, 201, 210 bitmasks, 461 bits defined, 3 IP address, 161, 169 blocked ports, 461 blocked sites, 461

Index

BNC (Bayonet Neill-Concelman), 72, 78 Boolean AND operations, 197–199, 217–218, 461 boot: cannot open “flash:” error message, 233 boot field value, 461 boot process, 230–234 Boot ROM operating system, 234 boot system commands, 231–233 bootable partitions, 231 bootstrap programs, 133 Border Gateway Protocol (BGP), 335, 336 Boson CD, 438 Boson’s NetSim simulator, 341 brackets ([]), 239 branch offices, 10 BRI (Basic Rate Interface), 460 bridges defined, 18, 461 overview, 81–85 versus switches, 133 broadcast addresses defined, 461 overview, 107 subnetting, 203, 210 broadcast domains, 86, 142, 461 broadcast messages, 165 broadcast network transmission, 461 broadcast subnets, 204, 217 BSS (Basic Service Set), 384, 460 bus topology, 5, 7, 461 buses, defined, 461 bytes, defined, 3–4

C cable modems, 377 cable segments, 462 cable, vs. DSL, 343 cables Cat 5, 118–119, 462 coaxial, 71–72, 74, 106, 463 crossover, 76–77, 465 defined, 462 fiber, 71, 77–78

497

rollover, 76, 242 SMF, 78, 483 straight-through, 75–77 thicknet, 72 thinnet, 72, 74 twisted pair, 73–74, 487 UTP, 487 caching, 36 CAM (content addressable memory), 134, 136, 144 Canonical Name (CNAME) record type, 36 capabilities code, 427 Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA), 108, 383, 462 Carrier Sense Multiple Access/Collision Detection (CSMA/CD), 108–109, 119, 462 carrot (^), 256 Cat 5 (Category 5) cables, 118–119, 462 Catalyst switches configuring SSH, 287 difference from Cisco router, 316 overview, 130–132, 273–275, 302 port security, 299 Category 5 (Cat 5) cables, 118–119, 462 CCENTSwitch, 279 CDM (Cisco Device Manager), 243 CDP (Cisco Discovery Protocol), 426–430, 463 cdp commands, 428–429 cell switching technologies, 9 central office (CO), 375 Challenge-Handshake Authentication Protocol (CHAP), 462 channel service unit/data service unit (CSU/DSU) equipment, 318, 320, 462 channels bearer, 460 defined, 462 digital, 467 secure, 483 CHAP (Challenge-Handshake Authentication Protocol), 462 CIDR (Classless Inter-Domain Routing), 174, 179, 463 CIR (Committed Information Rate), 372 circuit switching, 9, 365–366, 463

498

CCENT Cisco Certified Entry Networking Technician Study Guide

Cisco Auto Secure feature, 325 Cisco Device Manager (CDM), 243 Cisco Discovery Protocol (CDP), 426–430, 463 Cisco router configuration, 315–362 certification summary, 350–353 default routes, 332–334 directly connected routes, 329 dynamic routing, 334–336 initial settings, 325–329 Internet access router, 342–350 overview, 315–316 physical installation, 321–324 RIPv2, 337–342 router interfaces, 316–320 router IOS, 320–321 static routes, 329–332 cladding, 78 classful routing protocol, 171–173, 217, 463 classful subnetting, 176 Classless Inter-Domain Routing (CIDR), 174, 179, 463 classless routing protocol, 463 classless subnetting, 176 clear commands, 433, 435 clear ip nat translation * command, 348, 350 clear-text strings, 284 CLI. See command-line interface CLI help function, 319 clients, defined, 463 client/server systems, 463 clock command, 254 clock rate, 259, 370, 463 clock rate command, 319, 320 clock rate speed command, 319, 327, 348 clocking, 463 CNAME (Canonical Name) record type, 36 CO (central office), 375 coaxial (coax) cables, 71–72, 74, 106, 463 collision domains, 82, 107, 464 collisions, 107, 109–110, 464 color codes, cabling, 76–77 command history, 252 command syntax, 254, 257, 302

command-line interface (CLI) defined, 464 help features, 252–258 memory location of, 320 methods, 320–321 modes, 249–252, 320–321 overview, 249 router versus switch, 258–260 commands, troubleshooting, 419–423 Committed Information Rate (CIR), 372 community strings, 464 conf t command, 254 config-register command, 233 configuration files accessing, 241–248 CLI, 249 overview, 238–241, 260 Configuration mode, 249–250 configuration registers, 231–232, 234, 464 configuration submodes, 250 configure terminal command, 249, 251, 254, 281 congestion, 464 connectionless data transfer, 40, 464 connections, switch, 139–140 connectors, 74, 76–77 console port, 242, 464 Console port, on Cisco router, 317 content addressable memory (CAM), 134, 136, 144 contention, 7, 108, 464 control messages, 464 convergence, 464 copper cables, 71–77 copy commands, 236–238, 240–241, 254, 260, 301 core layer switches, 140, 273 cost, defined, 465 CPE (customer premises equipment), 367, 465 CRC (cyclic redundancy check), 104 crossover (568A) cables, 76–77, 465 crypto commands, 287–288 CSMA/CA (Carrier Sense Multiple Access/ Collision Avoidance), 108, 383, 462 CSMA/CD (Carrier Sense Multiple Access/ Collision Detection), 108–109, 119, 462

Index

CSU/DSU (channel service unit/data service unit), 318, 320, 462 CTRL shortcuts, 256 customer premises equipment (CPE), 367, 465 cut-through switching, 137, 465 cyclic redundancy check (CRC), 104

D data communications equipment (DCE), 465 data flow Ethernet, 112–116 routing, 157–162 data layers, 14–15. See also Application layer; Presentation layer; Session layer Data Link Control Identifier (DLCI), 372 Data Link layer defined, 465 devices, 13, 18 Ethernet standards, 116 overview, 13–17, 21 protocol status, 431 data payload field, 105 data terminal equipment (DTE), 465 data transmission speed, 465 datagrams, 465 DCE (data communications equipment), 465 DDOS (Distributed Denial of Service), 413 debug commands, 340, 419, 436, 440 debug ip rip command, 340 decimal numbering, 192–193, 196, 210 decoding, 206–208 dedicated lines, 466 default console settings, 242 default gateways configuration option, 424 defined, 466 ICMP, 54 NAT, 177 switch IP addresses, 291 default routes, 162, 332–334, 466 default subnet masks, 173, 179, 201–202

499

defense in depth concept, 414 delay, 405, 440, 466 delimiter character, 279 delivery layers. See also Data Link layer; Network layer; Physical layer demarc, 367, 466 demilitarized zone (DMZ) networks, 87, 466 demodulation, 375 Denial-of-Service (DoS) attacks, 413, 466 description command, 370 description text command, 293 destination addresses, 466 Destination Unreachable ping response, 55 device interfacing CLI help features, 252–258 modes, 249–252 overview, 249 router versus switch, 258–260 configuration files access methods, 241–248 overview, 238–241 IOS boot process, 230–234 fundamentals, 234–238 overview, 230 overview, 229 devices defined, 466 by layer, 13 network bridges, 81–85 configuring, 88–90 hubs, 81 NICs, 79–80 overview, 79 repeaters, 80–81 routers, 85–86 security, 87–88 switches, 81–85 transceivers, 80 DHCP (Dynamic Host Configuration Protocol), 37–39, 347, 468

500

CCENT Cisco Certified Entry Networking Technician Study Guide

DHCP Acknowledgements, 424 DHCP Requests, 424 DHCP servers, 468 DHCP subnets, 424 dial-up connections, 467 digital channels, 467 Digital Equipment Company, Intel, and Xerox (DIX), 103, 105, 119 digital signal level 0 (DS0), 367, 467 digital signals, 375 digital subscriber line (DSL), 343, 375–377, 459, 467 direct sequence spread spectrum (DSSS), 383, 467 disable command, 249, 251 disconnect # command, 407, 440 distance vector routing algorithm, 165–168, 467 Distributed Denial of Service (DDOS), 413 distribution layer switches, 140, 273 DIX (Digital Equipment Company, Intel, and Xerox), 103, 105, 119 DLCI (Data Link Control Identifier), 372 DMZ (demilitarized zone) networks, 87, 466 Domain Name System (DNS), 34–37, 158, 424, 467 DoS (Denial-of-Service) attacks, 413, 466 dot (.), 54 dotted notation, 168, 467 DS0 (digital signal level 0), 367, 467 DSL (digital subscriber line), 343, 375–377, 459, 467 DSL Access Multiplexer (DSLAM), 375 DSLAM (DSL Access Multiplexer), 375 DSSS (direct sequence spread spectrum), 383, 467 DTE (data terminal equipment), 320, 465 duplex, 5, 136–137 duplex {auto | full | half} command, 293 duplex operations, 144 duplex transmission, 4 DUPLX LED mode, 132 DYNAMIC entry, 434 Dynamic Host Configuration Protocol (DHCP), 37–39, 347, 468 dynamic ports, 51 dynamic routing, 86, 164, 334–336, 468

E E1 lines, 468 EAP (Extensible Authentication Protocol), 469 echo replies, 54 echo requests, 54 EGP (Exterior Gateway Protocol ), 335, 336, 469 EIA/TIA (Electronic Industries Alliance and Telecommunications Industry Association), 76 EIGRP routing protocol, 320 electromagnetic interference (EMI), 71, 432 Electronic Industries Alliance and Telecommunications Industry Association (EIA/TIA), 76 e-mail protocols, 40–41 EMI (electromagnetic interference), 71, 432 enable command, 249, 251 enable commands, 283–284 Enable mode, 249, 283 encapsulation, 11, 20, 468 encapsulation commands, 370 encapsulation type command, 327, 348 encryption, 14, 387–389 end command, 251 erase commands, 239, 278 error indicators, 252 error recovery, 49 ESC shortcuts, 256 ESS (extended service set), 384, 468 ETH1 ports, 114 Ethernet addresses, 106–107, 468 data flow, 112–116 defined, 468 fast, 469 frame types, 103–106 history of, 102–103 media access, 107–112 overview, 56, 101 router ports, 80 segments, 57 standards, 116–119

Index

Ethernet II, 105 events, 468 exclamation point (!), 54, 237, 421 exclusive-or (XOR), 488 Exec banner, 278 exec-timeout commands, 285–287, 302 exit command, 251 extended service set (ESS), 384, 468 Extended setup mode, 276 Extensible Authentication Protocol (EAP), 469 Exterior Gateway Protocol (EGP), 335, 336, 469 external interfaces, 469 external networks, 469

F failover, 469 fast Ethernet, 317, 469 FCC (Federal Communications Commission), 382 FCS (Frame Check Sequence), 16, 104, 159 FDDI (fiber distributed data interface), 469 Federal Communications Commission (FCC), 382 FHSS (frequency hopping spread spectrum), 383, 471 fiber cables, 71, 77–78 fiber distributed data interface (FDDI), 469 fiber modules, 80 fields, defined, 103 file servers, defined, 469 File Transfer Protocol (FTP), 39–40, 469 filtering process, 79, 470 filters, 469–470 firewalls, 18, 87, 470 flash memory, 230, 232, 470 flash updates, 470 flat addressing, 470 flooding, 79, 85, 470 flow control, 50, 470 forward slash, 210 forwarding, 470 four-wire circuits, 470 FQDNs (fully qualified domain names), 35, 471 fragment free switching, 138, 471

501

fragmentation, 470 Frame Check Sequence (FCS), 16, 104, 159 frame headers, 116 frame relay technology, 371–372, 471 frame trailers, 116 frame types, 318–319 frames, 21, 103–106, 471 frequency hopping spread spectrum (FHSS), 383, 471 FTP (File Transfer Protocol), 39–40, 469 full duplex, 118, 136, 471 full mesh, 471 fully qualified domain names (FQDNs), 35, 471

G gateways, 18, 471 gigabit speed, 119 Global Configuration mode, 249–251, 254, 287, 291 graphical user interfaces (GUIs), 243, 471

H hackers, 386, 410 half duplex, 118, 137, 472 HDLC (High-Level Data Link Control), 319, 369, 389, 472 headers, 20, 472 hello packets, 472 Hello protocol, 472 hexadecimal system, 3, 472 hierarchical addressing, 163, 472 High-Level Data Link Control (HDLC), 319, 369, 389, 472 history buffer, 255 history size command, 280–281 holddown, 472 holdtime, 427 hop count, 472 hops, 472 host addresses, 472 host bits, 170–171 hostname commands, 278–279

502

CCENT Cisco Certified Entry Networking Technician Study Guide

hosts defined, 2, 472 troubleshooting, 423–426 HTML (Hyper Text Markup Language), 42 HTTP (Hyper Text Transport Protocol), 42 HTTPS (Hyper Text Transport Protocol over SSL), 42 hubs defined, 473 media devices, 81 overview, 17 Hybrid protocol type, 168 hybrid topology, 6 Hyper Text Markup Language (HTML), 42 Hyper Text Transport Protocol (HTTP), 42 Hyper Text Transport Protocol over SSL (HTTPS), 42 HyperTerminal program, 242–243, 260

I IANA (Internet Assigned Number Authority), 474 ICANN (Internet Corporation for Assigned Names and Numbers), 335, 474 ICMP (Internet Control Message Protocol), 54–56, 474 IDSs (intrusion detection systems), 88, 387, 475 IEEE (Institute of Electrical and Electronics Engineers), 103, 473 IEEE 802 series, 116, 456–457 IETF (Internet Engineering Task Force), 474 IGP (Interior Gateway Protocol), 335, 336, 473 IMAP4 (Internet Message Access Protocol), 41 inactivity timers, 473 Industrial, Scientific, Mechanical (ISM) frequency range, 382 information, defined, 3 Infrastructure mode, 473 initialization functions, 133–136 inside global, 379, 473 inside local, 379, 473

installing switches, 139–140 wireless LANs, 384–385 Institute of Electrical and Electronics Engineers (IEEE), 103, 473 Integrated Services Digital Network (ISDN), 9, 473 interface configuration commands, 294 Interface Configuration mode, 250–251 Interface configuration prompt, 291 interface ethernet # command, 317 interface fastethernet #/# command, 317 interface fastEthernet0/0 command, 250 interface gigabitethernet #/# command, 317 interface mapping, 134 Interface mode, 250 interface numbers, 274 interface range commands, 293–294 interface status, 431–433 interface type number command, 250 interfaces, defined, 473 interfacing. See device interfacing Interior Gateway Protocol (IGP), 335, 336, 473 internal physical network addresses, 18 International Organization for Standardization (ISO), 11, 473 International Telecommunications Union (ITU), 369, 474 Internet access router, 342–350 Internet address classes, 171–173, 217, 474 Internet Assigned Number Authority (IANA), 474 Internet Control Message Protocol (ICMP), 54–56, 474 Internet Corporation for Assigned Names and Numbers (ICANN), 335, 474 Internet, defined, 474 Internet Engineering Task Force (IETF), 474 Internet Message Access Protocol (IMAP4), 41 Internet Protocol (IP). See also IP addresses; Transmission Control Protocol/Internet Protocol defined, 474 headers, 158

Index

host portion, 180, 200 network portion, 180, 200 overview, 54–56 versions, 169 Internet service providers (ISPs), 366–367, 475 Internetwork Operating System (IOS) boot process, 230–234 versus CLI, 259 defined, 475 overview, 234–238 switch initialization, 133 Inter-Switch Link (ISL) protocol, 475 intranets, 415, 475 intrusion detection systems (IDSs), 88, 387, 475 intrusion prevention systems (IPSs), 88, 387, 475 IOS. See Internetwork Operating System IP. See Internet Protocol ip address IP_Address Subnet_Mask command, 327 IP addresses. See also subnets classes, 171–173, 217, 474 constructing, 168–171 defined, 475 host troubleshooting, 424 overview, 168 switch, 291 technologies, 174–180 ip commands, 38, 288, 292 ip route 0.0.0.0 0.0.0.0 next_hop_address command, 333, 349 ip route 172.16.1.0 255.255.255.0 172.18.1.1 command, 330 ip route 192.168.1.0 255.255.255.0 172.16.1.1 150 command, 332 ip route command, 334 ip route network_address subnet_mask Next_hop_ address command, 330 ip route network_id subnet_mask next_hop 200 command, 332 ipconfig commands, 419, 425 IPSs (intrusion prevention systems), 88, 387, 475 ISDN (Integrated Services Digital Network), 9, 473 ISL (Inter-Switch Link) protocol, 475

503

ISM (Industrial, Scientific, Mechanical) frequency range, 382 ISO (International Organization for Standardization), 11, 473 ISPs (Internet service providers), 366–367, 475 ITU (International Telecommunications Union), 369, 474

J jabber, 432 jam signals, 109 jitter, 405, 440, 476

K keepalive, 476 keyboard shortcuts, 256 Keylogger software, 414

L L2TP Network Servers (LNS), 476 LAC (Layer 2 Tunneling Protocol Access Concentrator), 476 LANs. See local area networks Layer 2 Tunneling Protocol Access Concentrator (LAC), 476 layers, see names of specific layers LDAP (Lightweight Directory Access Protocol), 476 leased lines, 37, 322, 372, 476 LEDs (light-emitting diodes), 132, 274, 302, 476 Length/Type field, 105, 119 light-emitting diodes (LEDs), 132, 274, 302, 476 Lightweight Directory Access Protocol (LDAP), 476 line aux 0 command, 317 line commands, 250, 281 Line Configuration mode, 250, 281 line status, 431 link state, 166–168, 476 link state advertisements (LSAs), 166

504

CCENT Cisco Certified Entry Networking Technician Study Guide

Linksys switches, 130, 272–274, 302 LLC (Logical Link Control) header, 105 LNK light, 318 LNS (L2TP Network Servers), 476 local area networks (LANs) defined, 476 devices, 156 networking, 116 overview, 8 local interfaces, 426 local loops, 476 location terminology, 10 logging commands, 280–281 logic flow, 157–162 logical addresses, 18, 86, 162 Logical Link Control (LLC) header, 105 logical topologies, 7, 21 Login banner, 278 login commands, 282–283, 287 long haul lines, 367 long wavelength (LX), 119 loopback addresses, 174 loopback interfaces, 476 looping, 140–141 loss, 405, 407, 440 LSAs (link state advertisements), 166 LX (long wavelength), 119

M MAC (Media Access Control), 477 MAC addresses bridges, 83 defined, 477 Ethernet, 106 host troubleshooting, 425 LAN devices, 156 network data flow, 114 port security, 299–300 routed protocols, 162 router troubleshooting, 437

routing logic, 158 switch initialization, 134 magic number, 213 Mail Exchanger (MX) record type, 36 malware, 414 Management Information Base (MIB), 41, 477 MANs (Metropolitan Area Networks), 8 manual summarization, 335 Maximum Transmission Unit (MTU), 105 MD5 hash, 284 Media Access Control (MAC), 477 media, transmission. See transmission media mesh topology, 6, 477 Message of The Day (MOTD) banners, 278 metric, defined, 477 Metropolitan Area Networks (MANs), 8 MIB (Management Information Base), 41, 477 MIMO (multiple-input multiple-output), 382 MMF (multi mode fiber) cables, 78 mnemonics, 13, 20 modal dispersion, 78 modems analog, 374–375 cable, 377 defined, 477 modulation, 375 modulator/demodulators. See modems MOTD (Message of The Day) banners, 278 MSAUs (Multistation Access Units), 7, 478 MTU (Maximum Transmission Unit), 105 multi mode fiber (MMF) cables, 78 multicast addresses, 477 multicast, defined, 477 multicast messages, 106–107 multicast traffic, 85 multicast updates, 166 multimode, defined, 477 multiple-input multiple-output (MIMO), 382 multiplexing, 51–55, 477 Multistation Access Units (MSAUs), 7, 478 MX (Mail Exchanger) record type, 36

Index

N Name server (NS) record type, 36 name vlan-name command, 294–295 NAT. See Network Address Translation National Institute for Standards and Technology (NIST), 478 NetSim simulator, 341 netstat commands, 425 Network Access layer, 56–57, 158 Network Access Servers, 478 Network Address Translation (NAT) defined, 478 dynamic, 177–178 overview, 378–380 static, 177 network addresses, defined, 478 network bits, 169–170, 205 Network Control Protocol, 478 network devices bridges, 81–85 configuring, 88–90 hubs, 81 NICs, 79–80 overview, 79 repeaters, 80–81 routers, 85–86 security, 87–88 switches, 81–85 transceivers, 80 network diagrams, overview of, 89 network interface cards (NICs), 79–80, 136–137, 478 Network layer firewalls, 87 overview, 13, 16 private addresses, 378 network media. See media, transmission network network_id command, 337, 349 network security mitigations, 414–417 threats and attacks, 410–414 network segments, 478

505

network/host boundary, 174 networks, see also names of specific networks categories of, 8–10 definitions, 2–4 local area, 8 OSI reference model components, 17–19 functions, 11–12 overview, 11 PDUs, 19–21 overview, 2–10 topologies, 5–7 wide area, 8–10 NICs (network interface cards), 79–80, 136–137, 478 NIST (National Institute for Standards and Technology), 478 N(N–1)/2 formula, 6 no cdp commands, 429 no debug parameter command, 341 no enable commands, 283 no ip commands, 37, 204, 217, 439 no service password-encryption command, 284 no shutdown command, 291–292, 299, 370 nodes, defined, 478 noise immunity, 71 non-volatile read access memory (NVRAM), 231, 240, 260, 478 noshutdown command, 329 NS (Name server) record type, 36 nslookup name command, 425 NVRAM (non-volatile read access memory), 231, 240, 260, 478 nvram commands, 241

O octets, 169, 202, 212–213, 479 ODBC (Open Database Connectivity), 479 OFDM (Orthogonal Frequency-Division Multiplexing), 383, 479 Open Database Connectivity (ODBC), 479

506

CCENT Cisco Certified Entry Networking Technician Study Guide

Open System Interconnection (OSI) Reference Model defined, 479 functions, 11–12 layers, 13–17 network components, 17–19 overview, 11 protocol data units, 19–21 versus TCP/IP, 32–34 ordered data transfers, 48 Organizationally Unique Identifiers (OUIs), 106 Orthogonal Frequency-Division Multiplexing (OFDM), 383, 479 OSI Reference Model, Open System Interconnection Reference Model OSPF routing protocol, 320 OUIs (Organizationally Unique Identifiers), 106 out-of-band signaling, 479 outside interfaces, 379

P packet filtering, 479 Packet Internet Groper (PING), 479 packet switching technologies ATM, 372–374 flooding and filtering, 79 frame relay, 371–372 overview, 9, 366 packets, 479 padding, 105 PAP (Password Authentication Protocol), 480 passive-interface command, 338 passive-interface interfacetype_# command, 337, 349 Password Authentication Protocol (PAP), 480 password command, 282 passwords defined, 479 switch configuration, 282–284 PAT (Port Address Translation), 178–179, 343, 378–380, 480

payloads, 480 PCI boards, 79 PCM (pulse code modulation), 481 PCMCIA cards, 79 PDUs (protocol data units), 19–21, 481 permanent virtual circuits (PVCs), 372 phishing, 412 Physical layer devices, 13, 17 Ethernet standards, 116, 119 functions, 369 line status, 431 overview, 13, 16 troubleshooting, 419 physical media. See media, transmission physical topologies, 5–6, 21 PING (Packet Internet Groper), 479 ping command line tool, 54 pinouts, 74–75 pins, 74 place values, 217 plain old telephone system (POTS), 9 Point-to-Point Protocol (PPP), 56, 369, 389, 480 Point-to-Point Tunneling Protocol (PPTP), 480 point-to-point WAN technologies, 368–370 POP3 (Post Office Protocol version 3), 40 Port Address Translation (PAT), 178–179, 343, 378–380, 480 port addresses, 134, 144 port numbers, 47, 51–53 port security, 299–302, 435 port shutdown, 300 ports auxiliary, 460 blocked, 461 defined, 480 dynamic, 51 registered, 51 POST (power on self test), 133, 231 Post Office Protocol version 3 (POP3), 40 POTS (plain old telephone system), 9

Index

power on self test (POST), 133, 231 PPP (Point-to-Point Protocol), 56, 369, 389, 480 PPTP (Point-to-Point Tunneling Protocol), 480 preamble notification, 104 prefix notation, 160, 210, 212, 218, 480 Presentation layer, 13–14, 480 primary rate interface (PRI), 480 private keys, 288 private network addresses, 176, 480 Privileged EXEC mode, 249 Privileged mode, 239, 251–252, 277, 282 Protect option, 300 protocol data units (PDUs), 19–21, 481 protocol stacks, 4, 481 protocol status, 431 protocol suites, 4 protocols, see also names of specific protocols, 3–4, 481 proxies, 18 proxy ARP, 481 PSTNs (public switched telephone networks), 374–375, 389, 481 public addresses, 378 public keys, 288 public switched telephone networks (PSTNs), 374–375, 389, 481 pulse code modulation (PCM), 481 Putty application, 289 PVCs (permanent virtual circuits), 372

Q Quality of Service (QoS), 9, 405–406, 481 question mark (?), 252–253, 287, 419 queues, defined, 481

R radio frequency (RF), 3, 380 radio frequency interference (RFI), 71 random access memory (RAM), 230, 260 read-only memory (ROM), 133, 230–231, 234, 260

507

Ready To Send (RTS) signal, 109, 383 redundancy, 140–141 Redundant Power Supply (RPS) indicator lamp, 131 registered ports, 51 reload command, 239, 260, 278 remote access WAN technologies cable modems, 377 DSL, 375–377 PSTN, 374–375 remote procedure call (RPC) protocol, 481 repeaters, 17, 80–81, 481 Reply from ______ ping response, 55 Request for Comments (RFC) documents, 33, 171, 482 Request Timed Out ping response, 55 resolvers, 36 Restore Defaults button, 242 Restrict option, 300 resume commands, 407–408, 440 retransmission requests, 138 reverse lookup, 482 RF (radio frequency), 3, 380 RFC (Request for Comments) documents, 33, 171, 482 RFI (radio frequency interference), 71 RG6 coax cable, 376 ring topology, 6, 482 RIP (Routing Information Protocol), 439, 482 RIPv2, 337–342 RJ45 connectors, 322 RJ48 connectors, 322 rollover cables, 76, 242 ROM (read-only memory), 133, 230–231, 234, 260 ROMMON operating system, 232, 234, 260 root bridge, 141 round-trip time (RTT), 109 route summarization, 335 route tables, 86, 160, 162 route updates, 334 routed protocol, 53, 163, 482 router rip command, 337, 349

508

CCENT Cisco Certified Entry Networking Technician Study Guide

routers. See also Cisco router configuration defined, 18, 482 media devices, 85–86 troubleshooting CDP, 426–430 interface status, 431–433 overview, 436–438 routing defined, 482 logic and data flow, 157–162 overview, 155–156 protocols distance vector, 165–166 link state, 166–168 overview, 162–165 Routing Information Protocol (RIP), 439, 482 routing protocol, 53, 164–165, 482 RPC (remote procedure call) protocol, 481 RPS (Redundant Power Supply) indicator lamp, 131 RTS (Ready To Send) signal, 109, 383 RTT (round-trip time), 109 running config file, 238–239, 241, 260 RxBoot, 482

S same layer interaction, 20 SAR (segmentation and reassembly), 374 SC (stick and click) connectors, 78 scalable architecture, 482 scanning, 412–413 SCSI (Small Computer System Interface), 484 SDM (Security Device Manager), 243, 343–346 secure channels, 483 Secure Multipurpose Internet Mail Extensions (S/MIME), 483 Secure Sockets Layer (SSL), 42, 483 security devices for, 87–88 network mitigations, 414–417 threats, 410–414

switch settings descriptions, 292–294 duplex, 292–294 exec-timeout, 285–287 IP addresses, 290–292 overview, 281 passwords, 282–284 port security, 299–302 speed, 292–294 SSH, 287–290 VLAN, 294–298 wireless LAN encryption standards, 388–389 options, 389–390 threats and mitigations, 386–388 Security Device Manager (SDM), 243, 343–346 security in depth concept, 414 segmentation, 15 segmentation and reassembly (SAR), 374 segments, 483 sequence numbering system, 15, 47–49 serial interfaces, 318–319, 370 Serial Line Internet Protocol (SLIP), 56, 483 server-based networks, defined, 483 servers, defined, 483 service password-encryption command, 284 service providers, 366–367, 475 service set identifiers (SSIDs), 384, 389, 483 session hijacking, 483 Session layer, 13–15 setup, 232, 276–278 setup command, 239, 321 setup file, 233 Setup mode, 239, 260, 276 short wavelength (SX), 119 shortcut keys, 252 show cdp commands, 426–427, 429, 440 show controllers command, 320 show crypto key mypubkey rsa command, 289 show dhcp binding command, 347, 349 show dhcp lease command, 292 show flash command, 237

Index

show history command, 280–281 show interfaces commands, 292–294, 431–433, 435 show ip commands, 259, 432, 436–437 show ip nat translations command, 347, 349 show ip protocols command, 340 show ip route command, 338, 348, 349 show ip route network_id command, 339, 349 show ip route rip command, 339, 349 show mac address-table command, 259, 422, 434 show port-security commands, 301, 422 show protocols interface command, 432 show running-config command, 280, 292, 295, 297, 301 show sessions command, 407–408, 440 show version command, 235–236, 260 show vlan brief command, 295, 297 shutdown command, 291, 327 Shutdown option, 300 Simple Mail Transfer Protocol (SMTP), 40–41, 483 Simple Network Management Protocol (SNMP), 41 simplex transmission, 4 single mode fiber (SMF) cables, 78, 483 slash notation, 484 SLIP (Serial Line Internet Protocol), 56, 483 Small Computer System Interface (SCSI), 484 small offices/home offices (SOHOs), 10 SMF (single mode fiber) cables, 78, 483 S/MIME (Secure Multipurpose Internet Mail Extensions), 483 SMTP (Simple Mail Transfer Protocol), 40–41, 483 SNA (System Network Architecture) model, 32 SNAP (Subnetwork Access Protocol) headers, 105 sniffers, 413 SNMP (Simple Network Management Protocol), 41 SOA (Start of Authority) record type, 36 SOCKS, 484 SOHOs (small offices/home offices), 10 spam, 484 Spanning Tree Protocol (STP), 140–141, 484 speed {10 | 100 | 1000 | auto} command, 293 SPEED LED mode, 132 speed, switch, 136–137

509

spoofing, 484 spyware, 414 SSH, 287–290 SSIDs (service set identifiers), 384, 389, 483 SSL (Secure Sockets Layer), 42, 483 star topology, 6, 484 Start of Authority (SOA) record type, 36 startup-config file, 233, 238–239, 241, 260, 277–278 STAT LED mode, 132 stateful packet filtering, 484 STATIC entry, 434 static IP addresses, 37, 291 static NAT, 484 static routing, 86, 163 backup static routes, 332 Cisco router configuration, 329–332 stick and click (SC) connectors, 78 store-and-forward switching, 138, 484 STP (Spanning Tree Protocol), 140–141, 484 straight-through (568B) cables, 75–77 Structured Wireless-Aware Networks (SWANs), 387 sub-card numbers, 274 subnet bits, 197, 200, 208 subnet octets, 218 subnets binary math, 192–197 Boolean AND operations, 197–199 constructing, 200–202 decoding information, 206–208 defined, 485 masks applying, 208–210 creating, 202–206 defined, 485 overview, 174–176, 191 tips, 210–218 Subnetwork Access Protocol (SNAP) headers, 105 summarization, route, 335 SVCs (switched virtual circuits), 372 SWANs (Structured Wireless-Aware Networks), 387 switch interfaces, 137 switch IP addresses, 290–292

510

CCENT Cisco Certified Entry Networking Technician Study Guide

switched virtual circuits (SVCs), 372 switches versus bridges, 133 configuring characteristics, 274–275 initial steps, 275–281 models, 272–274 overview, 271 defined, 485 designing, 139–141 duplex, 136–137 initialization functions, 133–136 media devices, 81–85 modes, 137–138 overview, 129–130 physical features, 130–132 securing descriptions, 292–294 duplex, 292–294 exec-timeout, 285–287 overview, 281 passwords, 282–284 port security, 299–302 speed, 292–294 SSH, 287–290 switch IP addresses, 290–292 VLAN, 294–298 troubleshooting CDP, 426–430 interface status, 431–433 overview, 433–435 switchport commands, 294 SX (short wavelength), 119 symmetric DSL, 376 SYN (synchronization request) segments, 47 SYN flood attacks, 485 SYN/ACK (synchronization/acknowledgment) segments, 47 synchronization request (SYN) segments, 47 synchronization/acknowledgment (SYN/ACK) segments, 47

syslog, 485 system (SYST) indicator lamps, 131 system boot procedure, 235–236 System Configuration dialog. See Setup mode System Network Architecture (SNA) model, 32 system:running-config command, 241

T T connectors, 9, 72, 106 TAB functions, 255 TCP (Transmission Control Protocol), 486 TCP/IP. See Transmission Control Protocol/Internet Protocol telco, 367 Telecommunications Industry Association, the Electronic Industries Alliance (TIA/EIA), 73 telecommuters, 412 telnet, 287, 407–410, 485 telnet ipaddress command, 407 telnet parameter, 287, 288 Temporal Key Integrity Protocol (TKIP), 387 terminal emulation program, 242 terminal history size 20 command, 280 terminal history size command, 281 terminal history size x command, 280 terminal monitor command, 281 terminators, 6 Terra Term, 242 TFTP (Trivial File Transfer Protocol), 39, 40, 237 thicknet (10BASE5) cables, 72 thinnet (10BASE2) cables, 72, 74 throughput, 4 Thunderbird e-mail application, 14 TIA/EIA (Telecommunications Industry Association, the Electronic Industries Alliance), 73 timestamping, 485 TKIP (Temporal Key Integrity Protocol), 387 TLS (Transport Layer Security), 486 token passing logical topology, 7, 83 token ring networks, 83

Index

top-level domains, 35 topologies, see also names of specific topologies, 5–7, 485 traceroute command, 54 transceivers, 17, 80 translational bridges, 83 Transmission Control Protocol (TCP), 486 Transmission Control Protocol/Internet Protocol (TCP/IP) Application layer DHCP, 37–39 DNS, 34–37 e-mail, 40–41 FTP, 39–40 overview, 34 SNMP, 41 Web surfing, 42–46 defined, 486 Network Access layer IP and ICMP, 54–56 Network Access layer, 56–57 overview, 53 versus OSI reference model, 32–34 overview, 31–34 Transport layer multiplexing, 51–53 port numbers, 51–53 TCP, 47–50 UDP, 50–51 transmission media copper cabling, 71–77 defined, 3, 477 fiber cabling, 77–78 overview, 70 shared access, 107–112 terminology, 70–71 transmit pins, 75 transport input commands, 287–288, 302 Transport layer multiplexing, 51–53 overview, 13, 15, 46 port numbers, 51–53

511

QoS, 405 security devices, 87 TCP, 47–50 User Datagram, 50–51 Transport Layer Security (TLS), 486 Trivial File Transfer Protocol (TFTP), 39, 40, 237 troubleshooting commands, 419–423 host, 423–426 overview, 417–419 router, 426–433, 436–438 switch, 426–435 tips for, 438–441 trunk interfaces, 486 trust, defined, 486 trusted interfaces, 486 tunnels, defined, 486 twist ratio, 73 twisted pair cables, 73–74, 487 Type field, 104 type parameter, 278–279

U UDP (User Datagram Protocol), 46, 50–51, 487 undebug all command, 341 unicast messages, 106 Uniform Resource Locators (URLs), 42 U-NII (Unlicensed National Information Infrastructure), 382 Unlicensed National Information Infrastructure (U-NII), 382 unshielded twisted pair (UTP) cables, 487 uplink interfaces, 274 uplink ports, 132 URLs (Uniform Resource Locators), 42 User Datagram Protocol (UDP), 46, 50–51, 487 User EXEC mode, 249 user mode, 283, 487 username name password password command, 283 UTP (unshielded twisted pair) cables, 487

512

CCENT Cisco Certified Entry Networking Technician Study Guide

V validation, defined, 487 variable-length subnet masking (VLSM), 204, 487 VCIs (virtual channel identifiers), 373 VCs (virtual circuits), 372, 487 verification, defined, 487 version 2 command, 337, 341, 349 virtual channel identifiers (VCIs), 373 virtual circuits (VCs), 372, 487 virtual local area networks (VLANs), 142–144, 294–299, 487 virtual path identifiers (VPIs), 373 virtual private networks (VPNs), 10, 375, 389, 415, 488 VLAN trunking, 294, 299–300 vlan vlan-id command, 294 VLAN1 interface, 290–292 VLANs (virtual local area networks), 142–144, 294–299, 487 VLSM (variable-length subnet masking), 204, 487 Voice over Internet Protocol (VoIP), 51, 406–407, 488 VoIP (Voice over Internet Protocol), 51, 406–407, 488 VPIs (virtual path identifiers), 373 VPNs (virtual private networks), 10, 375, 389, 415, 488

W WAN interface card (WIC), 317 WANs. See wide area networks WAPs (wireless access points), 380, 384 war driving, 386 web surfing protocols, 42–46 well-known port numbers, 51 WEP (Wired Equivalent Privacy), 388–389, 488 WIC (WAN interface card), 317 wide area networks (WANs) defined, 488

NAT, 378–380 overview, 8–10, 364–368 packet switched technologies ATM, 372–374 frame relay, 371–372 PAT, 378–380 point-to-point technologies, 368–370 remote access technologies cable modems, 377 DSL, 375–377 PSTN, 374–375 Wi-Fi Protected Access (WPA), 389, 488 Windows Internet Name Service (WINS), 158 Wired Equivalent Privacy (WEP), 388–389, 488 wireless access points (WAPs), 380, 384 wireless encryption standards, 388–389, 488 wireless LANs (WLANs) defined, 488 installing, 384–385 overview, 380–384 security encryption standards, 388–389 options, 389–390 threats and mitigations, 386–388 WLANs. See wireless LANs World Wide Web (WWW), 42 WPA (Wi-Fi Protected Access), 389, 488 write commands, 239, 241 WWW (World Wide Web), 42

X X.509v3 standard, 488 XOR (exclusive-or), 488

Z Zero Configuration Utility, 385 zero subnets, 204, 210, 217, 488 zones, defined, 36

[ THE BEST ]

in Microsoft Certification Prep

VISIT MHPROFESSIONAL.COM TO READ SAMPLE CHAPTERS AND LEARN MORE.

THE BEST IN SECURITY CERTIFICATION PREP

CISSP Certification All-in-One Exam Guide, 4th Ed. Shon Harris

CISA Certified Information Systems Auditor All-in-One Exam Guide Shon Harris

Mike Meyers’ CompTIA Security+ Certification Passport, 2nd Ed. T.J. Samuelle

CompTIA® Security+ All-in-One Exam Guide, 2nd Ed. Greg White, Art Conklin, et al.

To learn more about McGraw-Hill’s broad certification publishing program, visit mhprofessional.com/certification.

MHPROFESSIONAL.COM

LICENSE AGREEMENT THIS PRODUCT (THE “PRODUCT”) CONTAINS PROPRIETARY SOFTWARE, DATA AND INFORMATION (INCLUDING DOCUMENTATION) OWNED BY THE McGRAW-HILL COMPANIES, INC. (“McGRAW-HILL”) AND ITS LICENSORS. YOUR RIGHT TO USE THE PRODUCT IS GOVERNED BY THE TERMS AND CONDITIONS OF THIS AGREEMENT AND IS FURTHER SUBJECT TO THE TERMS AND CONDITIONS CONTAINED IN EACH OF APPLICABLE LICENSOR’S LICENSE AGREEMENT (each an “LLA”) INCLUDED AS PART OF THE PRODUCT. LICENSE: Throughout this License Agreement, “you” shall mean either the individual or the entity whose agent opens this package. You are granted a non-exclusive and non-transferable license to use the Product subject to the following terms: (i) If you have licensed a single user version of the Product, the Product may only be used on a single computer (i.e., a single CPU). If you licensed and paid the fee applicable to a local area network or wide area network version of the Product, you are subject to the terms of the following subparagraph (ii). (ii) If you have licensed a local area network version, you may use the Product on unlimited workstations located in one single building selected by you that is served by such local area network. If you have licensed a wide area network version, you may use the Product on unlimited workstations located in multiple buildings on the same site selected by you that is served by such wide area network; provided, however, that any building will not be considered located in the same site if it is more than five (5) miles away from any building included in such site. In addition, you may only use a local area or wide area network version of the Product on one single server. If you wish to use the Product on more than one server, you must obtain written authorization from McGraw-Hill and pay additional fees. (iii) You may make one copy of the Product for back-up purposes only and you must maintain an accurate record as to the location of the back-up at all times. COPYRIGHT; RESTRICTIONS ON USE AND TRANSFER: All rights (including copyright) in and to the Product are owned by McGraw-Hill and its licensors. You are the owner of the enclosed disc on which the Product is recorded. You may not use, copy, decompile, disassemble, reverse engineer, modify, reproduce, create derivative works, transmit, distribute, sublicense, store in a database or retrieval system of any kind, rent or transfer the Product, or any portion thereof, in any form or by any means (including electronically or otherwise) except as expressly provided for in this License Agreement and each LLA. You must reproduce the copyright notices, trademark notices, legends and logos of McGraw-Hill and its licensors that appear on the Product on the back-up copy of the Product which you are permitted to make hereunder. All rights in the Product not expressly granted herein are reserved by McGraw-Hill and its licensors. TERM: This License Agreement is effective until terminated. It will terminate if you fail to comply with any term or condition of this License Agreement and each LLA. Upon termination, you are obligated to return to McGraw-Hill the Product together with all copies thereof and to purge all copies of the Product included in any and all servers and computer facilities. DISCLAIMER OF WARRANTY: THE PRODUCT AND THE BACK-UP COPY ARE LICENSED “AS IS.” McGRAW-HILL, ITS LICENSORS AND THE AUTHORS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE RESULTS TO BE OBTAINED BY ANY PERSON OR ENTITY FROM USE OF THE PRODUCT, ANY INFORMATION OR DATA INCLUDED THEREIN AND/OR ANY TECHNICAL SUPPORT SERVICES PROVIDED HEREUNDER, IF ANY (“TECHNICAL SUPPORT SERVICES”). McGRAW-HILL, ITS LICENSORS AND THE AUTHORS MAKE NO EXPRESSOR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT TO THE PRODUCT. McGRAW-HILL, ITS LICENSORS, AND THE AUTHORS MAKE NO GUARANTEE THAT YOU WILL PASS ANY CERTIFICATION EXAM WHATSOEVER BY USING THIS PRODUCT. NEITHER McGRAW-HILL, ANY OF ITS LICENSORS NOR THE AUTHORS WARRANT THAT THE FUNCTIONS CONTAINED IN THE PRODUCT WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE PRODUCT WILL BE UNINTERRUPTED OR ERROR FREE. YOU ASSUME THE ENTIRE RISK WITH RESPECT TO THE QUALITY AND PERFORMANCE OF THE PRODUCT. LIMITED WARRANTY FOR DISC: To the original licensee only, McGraw-Hill warrants that the enclosed disc on which the Product is recorded is free from defects in materials and workmanship under normal use and service for a period of ninety (90) days from the date of purchase. In the event of a defect in the disc covered by the foregoing warranty, McGraw-Hill will replace the disc. LIMITATION OF LIABILITY: NEITHER McGRAW-HILL, ITS LICENSORS NOR THE AUTHORS SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS BUT NOT LIMITED TO, LOSS OF ANTICIPATED PROFITS OR BENEFITS, RESULTING FROM THE USE OR INABILITY TO USE THE PRODUCT EVEN IF ANY OF THEM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL APPLY TO ANY CLAIM OR CAUSE WHATSOEVER WHETHER SUCH CLAIM OR CAUSE ARISES IN CONTRACT, TORT, OR OTHERWISE. Some states do not allow the exclusion or limitation of indirect, special or consequential damages, so the above limitation may not apply to you. U.S. GOVERNMENT RESTRICTED RIGHTS: Any software included in the Product is provided with restricted rights subject to subparagraphs (c), (1) and (2) of the Commercial Computer Software-Restricted Rights clause at 48 C.F.R. 52.227-19. The terms of this Agreement applicable to the use of the data in the Product are those under which the data are generally made available to the general public by McGraw-Hill. Except as provided herein, no reproduction, use, or disclosure rights are granted with respect to the data included in the Product and no right to modify or create derivative works from any such data is hereby granted. GENERAL: This License Agreement and each LLA constitute the entire agreement between the parties relating to the Product. The terms of any Purchase Order shall have no effect on the terms of this License Agreement or any LLA. In the event of any conflict between the terms of this License Agreement and any LLA, the terms of the applicable LLA shall govern. Failure of McGraw-Hill to insist at any time on strict compliance with this License Agreement shall not constitute a waiver of any rights under this License Agreement. This License Agreement shall be construed and governed in accordance with the laws of the State of New York. If any provision of this License Agreement is held to be contrary to law, that provision will be enforced to the maximum extent permissible and the remaining provisions will remain in full force and effect.