- •Warning and Disclaimer
- •Feedback Information
- •Trademark Acknowledgments
- •About the Author
- •About the Technical Reviewers
- •Dedication
- •Acknowledgments
- •Contents at a Glance
- •Contents
- •Icons Used in This Book
- •Command Syntax Conventions
- •Cisco’s Motivation: Certifying Partners
- •Format of the CCNA Exams
- •What’s on the CCNA Exams
- •ICND Exam Topics
- •Cross-Reference Between Exam Topics and Book Parts
- •CCNA Exam Topics
- •INTRO and ICND Course Outlines
- •Objectives and Methods
- •Book Features
- •How This Book Is Organized
- •Part I: LAN Switching
- •Part II: TCP/IP
- •Part III: Wide-Area Networks
- •Part IV: Network Security
- •Part V: Final Preparation
- •Part VI: Appendixes
- •How to Use These Books to Prepare for the CCNA Exam
- •For More Information
- •Part I: LAN Switching
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Brief Review of LAN Switching
- •The Forward-Versus-Filter Decision
- •How Switches Learn MAC Addresses
- •Forwarding Unknown Unicasts and Broadcasts
- •LAN Switch Logic Summary
- •Basic Switch Operation
- •Foundation Summary
- •Spanning Tree Protocol
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Spanning Tree Protocol
- •What IEEE 802.1d Spanning Tree Does
- •How Spanning Tree Works
- •Electing the Root and Discovering Root Ports and Designated Ports
- •Reacting to Changes in the Network
- •Spanning Tree Protocol Summary
- •Optional STP Features
- •EtherChannel
- •PortFast
- •Rapid Spanning Tree (IEEE 802.1w)
- •RSTP Link and Edge Types
- •RSTP Port States
- •RSTP Port Roles
- •RSTP Convergence
- •Edge-Type Behavior and PortFast
- •Link-Type Shared
- •Link-Type Point-to-Point
- •An Example of Speedy RSTP Convergence
- •Basic STP show Commands
- •Changing STP Port Costs and Bridge Priority
- •Foundation Summary
- •Foundation Summary
- •Virtual LANs and Trunking
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of Virtual LAN Concepts
- •Trunking with ISL and 802.1Q
- •ISL and 802.1Q Compared
- •VLAN Trunking Protocol (VTP)
- •How VTP Works
- •VTP Pruning
- •Foundation Summary
- •Part II: TCP/IP
- •IP Addressing and Subnetting
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •IP Addressing Review
- •IP Subnetting
- •Analyzing and Interpreting IP Addresses and Subnets
- •Math Operations Used to Answer Subnetting Questions
- •Converting IP Addresses from Decimal to Binary and Back Again
- •The Boolean AND Operation
- •How Many Hosts and How Many Subnets?
- •What Is the Subnet Number, and What Are the IP Addresses in the Subnet?
- •Finding the Subnet Number
- •Finding the Subnet Broadcast Address
- •Finding the Range of Valid IP Addresses in a Subnet
- •Finding the Answers Without Using Binary
- •Easier Math with Easy Masks
- •Which Subnet Masks Meet the Stated Design Requirements?
- •What Are the Other Subnet Numbers?
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Extended ping Command
- •Distance Vector Concepts
- •Distance Vector Loop-Avoidance Features
- •Route Poisoning
- •Split Horizon
- •Split Horizon with Poison Reverse
- •Hold-Down Timer
- •Triggered (Flash) Updates
- •RIP and IGRP
- •IGRP Metrics
- •Examination of RIP and IGRP debug and show Commands
- •Issues When Multiple Routes to the Same Subnet Exist
- •Administrative Distance
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Link-State Routing Protocol and OSPF Concepts
- •Steady-State Operation
- •Loop Avoidance
- •Scaling OSPF Through Hierarchical Design
- •OSPF Areas
- •Stub Areas
- •Summary: Comparing Link-State and OSPF to Distance Vector Protocols
- •Balanced Hybrid Routing Protocol and EIGRP Concepts
- •EIGRP Loop Avoidance
- •EIGRP Summary
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Route Summarization and Variable-Length Subnet Masks
- •Route Summarization Concepts
- •VLSM
- •Route Summarization Strategies
- •Sample “Best” Summary on Seville
- •Sample “Best” Summary on Yosemite
- •Classless Routing Protocols and Classless Routing
- •Classless and Classful Routing Protocols
- •Autosummarization
- •Classful and Classless Routing
- •Default Routes
- •Classless Routing
- •Foundation Summary
- •Advanced TCP/IP Topics
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Scaling the IP Address Space for the Internet
- •CIDR
- •Private Addressing
- •Network Address Translation
- •Static NAT
- •Dynamic NAT
- •Overloading NAT with Port Address Translation (PAT)
- •Translating Overlapping Addresses
- •Miscellaneous TCP/IP Topics
- •Internet Control Message Protocol (ICMP)
- •ICMP Echo Request and Echo Reply
- •Destination Unreachable ICMP Message
- •Time Exceeded ICMP Message
- •Redirect ICMP Message
- •Secondary IP Addressing
- •FTP and TFTP
- •TFTP
- •MTU and Fragmentation
- •Foundation Summary
- •Part III: Wide-Area Networks
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of WAN Basics
- •Physical Components of Point-to-Point Leased Lines
- •Data-Link Protocols for Point-to-Point Leased Lines
- •HDLC and PPP Compared
- •Looped Link Detection
- •Enhanced Error Detection
- •Authentication Over WAN Links
- •PAP and CHAP Authentication
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •ISDN Protocols and Design
- •Typical Uses of ISDN
- •ISDN Channels
- •ISDN Protocols
- •ISDN BRI Function Groups and Reference Points
- •ISDN PRI Function Groups and Reference Points
- •BRI and PRI Encoding and Framing
- •PRI Encoding
- •PRI Framing
- •BRI Framing and Encoding
- •DDR Step 1: Routing Packets Out the Interface to Be Dialed
- •DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing Process
- •DDR Step 3: Dialing (Signaling)
- •DDR Step 4: Determining When the Connection Is Terminated
- •ISDN and DDR show and debug Commands
- •Multilink PPP
- •Foundation Summary
- •Frame Relay
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Frame Relay Protocols
- •Frame Relay Standards
- •Virtual Circuits
- •LMI and Encapsulation Types
- •DLCI Addressing Details
- •Network Layer Concerns with Frame Relay
- •Layer 3 Addressing with Frame Relay
- •Frame Relay Layer 3 Addressing: One Subnet Containing All Frame Relay DTEs
- •Frame Relay Layer 3 Addressing: One Subnet Per VC
- •Frame Relay Layer 3 Addressing: Hybrid Approach
- •Broadcast Handling
- •Frame Relay Service Interworking
- •A Fully-Meshed Network with One IP Subnet
- •Frame Relay Address Mapping
- •A Partially-Meshed Network with One IP Subnet Per VC
- •A Partially-Meshed Network with Some Fully-Meshed Parts
- •Foundation Summary
- •Part IV: Network Security
- •IP Access Control List Security
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Standard IP Access Control Lists
- •IP Standard ACL Concepts
- •Wildcard Masks
- •Standard IP ACL: Example 2
- •Extended IP Access Control Lists
- •Extended IP ACL Concepts
- •Extended IP Access Lists: Example 1
- •Extended IP Access Lists: Example 2
- •Miscellaneous ACL Topics
- •Named IP Access Lists
- •Controlling Telnet Access with ACLs
- •ACL Implementation Considerations
- •Foundation Summary
- •Part V: Final Preparation
- •Final Preparation
- •Suggestions for Final Preparation
- •Preparing for the Exam Experience
- •Final Lab Scenarios
- •Scenario 1
- •Scenario 1, Part A: Planning
- •Solutions to Scenario 1, Part A: Planning
- •Scenario 2
- •Scenario 2, Part A: Planning
- •Solutions to Scenario 2, Part A: Planning
- •Part VI: Appendixes
- •Glossary
- •Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
- •Chapter 1
- •“Do I Know This Already?” Quiz
- •Chapter 2
- •“Do I Know This Already?” Quiz
- •Chapter 3
- •“Do I Know This Already?” Quiz
- •Chapter 4
- •“Do I Know This Already?” Quiz
- •Chapter 5
- •“Do I Know This Already?” Quiz
- •Chapter 6
- •“Do I Know This Already?” Quiz
- •Chapter 7
- •“Do I Know This Already?” Quiz
- •Chapter 8
- •“Do I Know This Already?” Quiz
- •Chapter 9
- •“Do I Know This Already?” Quiz
- •Chapter 10
- •“Do I Know This Already?” Quiz
- •Chapter 11
- •“Do I Know This Already?” Quiz
- •Chapter 12
- •“Do I Know This Already?” Quiz
- •Using the Simulation Software for the Hands-on Exercises
- •Accessing NetSim from the CD
- •Hands-on Exercises Available with NetSim
- •Scenarios
- •Labs
- •Listing of the Hands-on Exercises
- •How You Should Proceed with NetSim
- •Considerations When Using NetSim
- •Routing Protocol Overview
- •Comparing and Contrasting IP Routing Protocols
- •Routing Through the Internet with the Border Gateway Protocol
- •RIP Version 2
- •The Integrated IS-IS Link State Routing Protocol
- •Summary of Interior Routing Protocols
- •Numbering Ports (Interfaces)
Chapter 11 541
23.Router R1 has two BRI interfaces. Configure a dialer profile such that R1 can dial any of six different remote routers using any of the B channels on either BRI. Assume that all traffic is interesting. You may ignore the static route commands needed to send the packets out the correct interface. Do not use any SPIDs, and do not use CHAP. For other parameters not listed, you can make up values.
Answer:
dialer-list 2 protocol ip permit
!
interface dialer 0 encapsulation ppp
dialer map ip 172.16.2.1 broadcast 15551111111 dialer map ip 172.16.2.2 broadcast 15552222222 dialer map ip 172.16.2.3 broadcast 15553333333 dialer map ip 172.16.2.4 broadcast 15554444444 dialer map ip 172.16.2.5 broadcast 15555555555 dialer map ip 172.16.2.6 broadcast 1555666666 dialer-group 2
dialer pool 3
!
interface bri0 encapsulation ppp dialer pool-member 3
!
interface bri1 encapsulation ppp dialer pool-member 3
Chapter 11
“Do I Know This Already?” Quiz
1.Which of the following defines a protocol used between the Frame Relay DTE and the Frame Relay switch in the service provider’s network?
Answer: C. The LMI manages the link between the DTE and the switch, including notices when a VC comes up or goes down.
2.Which of the following defines a protocol or feature that matters to what the provider might do inside its network but that is transparent to the DTE/router using the Frame Relay service?
Answer: F. FRF.5 service interworking defines how a provider can use an ATM network between the Frame Relay switches. The routers outside the Frame Relay cloud cannot tell, and do not care, if FRF.5 is used or not.
3.What does DLCI stand for?
Answer: A
542Appendix A: Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
4.Imagine two Cisco routers, R1 and R2, using a Frame Relay service. R1 connects to a switch that uses LMI type ANSI T1.617, and R2 connects to a switch that uses ITU Q.933a. What can R1 and R2 configure for the LMIs to work correctly?
Answer: C, F. The correct keywords are in answer C. However, the routers autodetect the LMI type by default, so not bothering to configure the LMI also works.
5.FredCo has five sites, with routers connected to the same Frame Relay network. Virtual circuits (VCs) have been defined between each pair of routers. What is the fewest subnets that FredCo could use on the Frame Relay network?
Answer: A. A single subnet can be used in any Frame Relay topology, but with a full mesh, a single subnet can be used with no tricky issues related to routing protocols.
6.BarneyCo has five sites, with routers connected to the same Frame Relay network. VCs have been defined between each pair of routers. Barney, the president of the company, will fire anyone who configures Frame Relay without using point-to-point subinterfaces. What is the fewest subnets that BarneyCo could use on the Frame Relay network?
Answer: D. BarneyCo has a total of ten VCs. With all of them configured on point-to- point subinterfaces, you need ten subnets, because you need one subnet per VC.
7.BettyCo has five sites, with routers connected to the same Frame Relay network. VCs have been defined between each pair of routers. Betty, the president of the company, will fire anyone who configures anything that could just as easily be left as a default. Which of the following configuration commands, configured for the Frame Relay network, would get the engineer fired?
Answer: C, D, E. The lmi-type defaults to autodetect, which works fine. inverse-arp is on by default on the physical interface, so there is no need to turn it on (answer E), and there is no need for static maps (answer D).
8.WilmaCo has some routers connected to a Frame Relay network. R1 is a router at a remote site, with a single VC back to WilmaCo’s headquarters. The R1 configuration currently looks like this:
interface serial 0/0
ip address 10.1.1.1 255.255.255.0 encapsulation frame-relay
Wilma, the president, has heard that point-to-point subinterfaces are cool, and she wants you to change the configuration to use a point-to-point subinterface. Which of the following commands do you need to use to migrate the configuration?
Answer: A, E. The IP address moves to the subinterface, so it needs to be removed from the serial interface first (answer A). The encapsulation stays on the physical interface. The frame-relay interface-dlci command must be used on the subinterface so that the router knows which DLCI goes with which subinterface—even if only one DLCI exists.
Chapter 11 543
9.WilmaCo has another network, with a main site router that has ten VCs connecting to the ten remote sites. Wilma now thinks that multipoint subinterfaces are even cooler than point-to-point. The current main site router’s configuration looks like this:
interface serial 0/0
ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay
Wilma wants you to change the configuration to use a multipoint subinterface. Which of the following do you need to use to migrate the configuration? (Note: DLCIs 101 through 110 are used for the ten VCs.)
Answer: F. You can code DLCI only on a frame-relay interface-dlci command, and you need one for each VC under the multipoint interface.
10.Which of the following commands lists the information learned by Inverse ARP?
Answer: F
Q&A
1.What two WAN data-link protocols define a method of announcing the interface’s Layer 3 addresses to other devices attached to the WAN?
Answer: PPP and Frame Relay. PPP uses control protocols specific to each Layer 3 protocol supported. Frame Relay uses Inverse ARP.
2.Explain the purpose of Inverse ARP, as well as how it uses Frame Relay broadcasts.
Answer: A router discovers the Layer 3 address(es) of a router on the other end of a VC when that other router sends an Inverse ARP message. The message is not a broadcast.
3.Would a Frame Relay switch connected to a router behave differently if the IETF option were deleted from the encapsulation frame-relay ietf command on that attached router?
Would a router on the other end of the VC behave any differently if the same change were made?
Answer: The switch does not behave differently. The other router, however, must also use IETF encapsulation. Otherwise, the routers will not look at the correct fields to learn the packet type.
4.What does NBMA stand for? Does it apply to X.25 networks or Frame Relay networks?
Answer: NBMA stands for nonbroadcast multiaccess. X.25 and Frame Relay are NBMA networks. Multiaccess really means that more than two devices are connected to the data link, because many other devices may be reached by a single device. For instance, Router1 might have a PVC to Router2 and Router3, making it multiaccess.
544Appendix A: Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
5.Which layer or layers of OSI are most closely related to the functions of Frame Relay? Why?
Answer: OSI Layers 1 and 2 are most closely related to the functions of Frame Relay. Frame Relay refers to well-known physical layer specifications. Frame Relay defines headers for delivery across the Frame Relay cloud, but it provides no addressing structure to allow VCs among many different Frame Relay networks. Thus, it is not considered to match OSI Layer 3 functions. With the advent of Frame Relay SVCs, it could be argued that Frame Relay performs some Layer 3-like functions.
6.When Inverse ARP is used by default, what additional configuration is needed to get IGRP routing updates to flow over each VC, assuming IGRP has already been configured correctly?
Answer: No additional configuration is required. The forwarding of broadcasts as unicasts can be enabled on each VC and protocol for which Inverse ARP is received.
7.Define the attributes of a partial-mesh and full-mesh Frame Relay network.
Answer: In a partial-mesh network, not all DTEs are directly connected with a VC. In a full-mesh network, all DTEs are directly connected with a VC.
8.What key pieces of information are required in the frame-relay map statement?
Answer: The pieces of information required are the Layer 3 protocol, the next-hop router’s Layer 3 address, the DLCI to reach that router, and whether to forward broadcasts. Frame Relay maps are not required if Inverse ARP is in use.
9.Create a configuration for Router1 that has Frame Relay VCs to Router2 and Router3 (DLCIs 202 and 203, respectively) on Router1’s Serial1 interface. Use any IP addresses you like. Assume that the network is not fully meshed.
Answer:
interface serial 1 encapsulation frame-relay
interface serial 1.1 point-to-point ip address 168.10.1.1 255.255.255.0 frame-relay interface-dlci 202 interface serial 1.2 point-to-point ip address 168.10.2.1 255.255.255.0 frame-relay interface-dlci 203
This is not the only valid configuration given the problem statement. However, because there is not a full mesh, point-to-point subinterfaces are the best choice. Cisco encapsulation is used by default. The LMI type is autosensed.
Chapter 11 545
10.What show command tells you when a PVC became active? How does the router know what time the PVC became active?
Answer: The show frame-relay pvc command lists the time since the PVC came up. You can subtract this time from the current time to derive the time at which the VC came up. The router learns about when PVCs come up and go down from LMI messages.
11.What show command lists Frame Relay information about mapping? In what instances does the information displayed include the Layer 3 addresses of other routers?
Answer: show frame-relay map lists Frame Relay information about mapping. The mapping information includes Layer 3 addresses when multipoint subinterfaces are used or when no subinterfaces are used. The two cases in which the neighboring routers’ Layer 3 addresses are shown are the two cases in which Frame Relay acts like a multiaccess network. With point-to-point subinterfaces, the logic works like a point-to-point link, in which the next router’s Layer 3 address is unimportant to the routing process.
12.True or false: The no keepalive command on a Frame Relay serial interface causes no further Cisco-proprietary keepalive messages to be sent to the Frame Relay switch.
Answer: False. This command stops LMI status inquiry messages from being sent. They are defined in Frame Relay Forum standards. Cisco sends proprietary keepalive messages on point-to-point serial and LAN interfaces.
13.What debug option shows Inverse ARP messages?
Answer: debug frame-relay events shows Inverse ARP messages, as shown in Example 11-18.
14.True or false: The Frame Relay map configuration command allows more than one Layer 3 protocol address mapping on the same configuration command.
Answer: False. The syntax allows only a single network layer protocol and address to be configured.
15.What is the name of the field that identifies, or addresses, a Frame Relay virtual circuit?
Answer: The data-link connection identifier (DLCI) is used to identify a VC. The number may be different on either side of the VC.
16.Describe the difference between FRF.5 and FRF.8 service interworking.
Answer: FRF.5 defines how Frame Relay switches can use an ATM VC between each other inside a service provider’s network. FRF.8 defines how two DTEs, like routers, can communicate with one router using a Frame Relay VC and the other router using an ATM VC. With FRF.5, the endpoint DTEs both connect to a Frame Relay cloud. With FRF.8, one DTE is directly connected to an ATM network.