- •Warning and Disclaimer
- •Feedback Information
- •Trademark Acknowledgments
- •About the Author
- •About the Technical Reviewers
- •Dedication
- •Acknowledgments
- •Contents at a Glance
- •Contents
- •Icons Used in This Book
- •Command Syntax Conventions
- •Cisco’s Motivation: Certifying Partners
- •Format of the CCNA Exams
- •What’s on the CCNA Exams
- •ICND Exam Topics
- •Cross-Reference Between Exam Topics and Book Parts
- •CCNA Exam Topics
- •INTRO and ICND Course Outlines
- •Objectives and Methods
- •Book Features
- •How This Book Is Organized
- •Part I: LAN Switching
- •Part II: TCP/IP
- •Part III: Wide-Area Networks
- •Part IV: Network Security
- •Part V: Final Preparation
- •Part VI: Appendixes
- •How to Use These Books to Prepare for the CCNA Exam
- •For More Information
- •Part I: LAN Switching
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Brief Review of LAN Switching
- •The Forward-Versus-Filter Decision
- •How Switches Learn MAC Addresses
- •Forwarding Unknown Unicasts and Broadcasts
- •LAN Switch Logic Summary
- •Basic Switch Operation
- •Foundation Summary
- •Spanning Tree Protocol
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Spanning Tree Protocol
- •What IEEE 802.1d Spanning Tree Does
- •How Spanning Tree Works
- •Electing the Root and Discovering Root Ports and Designated Ports
- •Reacting to Changes in the Network
- •Spanning Tree Protocol Summary
- •Optional STP Features
- •EtherChannel
- •PortFast
- •Rapid Spanning Tree (IEEE 802.1w)
- •RSTP Link and Edge Types
- •RSTP Port States
- •RSTP Port Roles
- •RSTP Convergence
- •Edge-Type Behavior and PortFast
- •Link-Type Shared
- •Link-Type Point-to-Point
- •An Example of Speedy RSTP Convergence
- •Basic STP show Commands
- •Changing STP Port Costs and Bridge Priority
- •Foundation Summary
- •Foundation Summary
- •Virtual LANs and Trunking
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of Virtual LAN Concepts
- •Trunking with ISL and 802.1Q
- •ISL and 802.1Q Compared
- •VLAN Trunking Protocol (VTP)
- •How VTP Works
- •VTP Pruning
- •Foundation Summary
- •Part II: TCP/IP
- •IP Addressing and Subnetting
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •IP Addressing Review
- •IP Subnetting
- •Analyzing and Interpreting IP Addresses and Subnets
- •Math Operations Used to Answer Subnetting Questions
- •Converting IP Addresses from Decimal to Binary and Back Again
- •The Boolean AND Operation
- •How Many Hosts and How Many Subnets?
- •What Is the Subnet Number, and What Are the IP Addresses in the Subnet?
- •Finding the Subnet Number
- •Finding the Subnet Broadcast Address
- •Finding the Range of Valid IP Addresses in a Subnet
- •Finding the Answers Without Using Binary
- •Easier Math with Easy Masks
- •Which Subnet Masks Meet the Stated Design Requirements?
- •What Are the Other Subnet Numbers?
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Extended ping Command
- •Distance Vector Concepts
- •Distance Vector Loop-Avoidance Features
- •Route Poisoning
- •Split Horizon
- •Split Horizon with Poison Reverse
- •Hold-Down Timer
- •Triggered (Flash) Updates
- •RIP and IGRP
- •IGRP Metrics
- •Examination of RIP and IGRP debug and show Commands
- •Issues When Multiple Routes to the Same Subnet Exist
- •Administrative Distance
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Link-State Routing Protocol and OSPF Concepts
- •Steady-State Operation
- •Loop Avoidance
- •Scaling OSPF Through Hierarchical Design
- •OSPF Areas
- •Stub Areas
- •Summary: Comparing Link-State and OSPF to Distance Vector Protocols
- •Balanced Hybrid Routing Protocol and EIGRP Concepts
- •EIGRP Loop Avoidance
- •EIGRP Summary
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Route Summarization and Variable-Length Subnet Masks
- •Route Summarization Concepts
- •VLSM
- •Route Summarization Strategies
- •Sample “Best” Summary on Seville
- •Sample “Best” Summary on Yosemite
- •Classless Routing Protocols and Classless Routing
- •Classless and Classful Routing Protocols
- •Autosummarization
- •Classful and Classless Routing
- •Default Routes
- •Classless Routing
- •Foundation Summary
- •Advanced TCP/IP Topics
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Scaling the IP Address Space for the Internet
- •CIDR
- •Private Addressing
- •Network Address Translation
- •Static NAT
- •Dynamic NAT
- •Overloading NAT with Port Address Translation (PAT)
- •Translating Overlapping Addresses
- •Miscellaneous TCP/IP Topics
- •Internet Control Message Protocol (ICMP)
- •ICMP Echo Request and Echo Reply
- •Destination Unreachable ICMP Message
- •Time Exceeded ICMP Message
- •Redirect ICMP Message
- •Secondary IP Addressing
- •FTP and TFTP
- •TFTP
- •MTU and Fragmentation
- •Foundation Summary
- •Part III: Wide-Area Networks
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of WAN Basics
- •Physical Components of Point-to-Point Leased Lines
- •Data-Link Protocols for Point-to-Point Leased Lines
- •HDLC and PPP Compared
- •Looped Link Detection
- •Enhanced Error Detection
- •Authentication Over WAN Links
- •PAP and CHAP Authentication
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •ISDN Protocols and Design
- •Typical Uses of ISDN
- •ISDN Channels
- •ISDN Protocols
- •ISDN BRI Function Groups and Reference Points
- •ISDN PRI Function Groups and Reference Points
- •BRI and PRI Encoding and Framing
- •PRI Encoding
- •PRI Framing
- •BRI Framing and Encoding
- •DDR Step 1: Routing Packets Out the Interface to Be Dialed
- •DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing Process
- •DDR Step 3: Dialing (Signaling)
- •DDR Step 4: Determining When the Connection Is Terminated
- •ISDN and DDR show and debug Commands
- •Multilink PPP
- •Foundation Summary
- •Frame Relay
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Frame Relay Protocols
- •Frame Relay Standards
- •Virtual Circuits
- •LMI and Encapsulation Types
- •DLCI Addressing Details
- •Network Layer Concerns with Frame Relay
- •Layer 3 Addressing with Frame Relay
- •Frame Relay Layer 3 Addressing: One Subnet Containing All Frame Relay DTEs
- •Frame Relay Layer 3 Addressing: One Subnet Per VC
- •Frame Relay Layer 3 Addressing: Hybrid Approach
- •Broadcast Handling
- •Frame Relay Service Interworking
- •A Fully-Meshed Network with One IP Subnet
- •Frame Relay Address Mapping
- •A Partially-Meshed Network with One IP Subnet Per VC
- •A Partially-Meshed Network with Some Fully-Meshed Parts
- •Foundation Summary
- •Part IV: Network Security
- •IP Access Control List Security
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Standard IP Access Control Lists
- •IP Standard ACL Concepts
- •Wildcard Masks
- •Standard IP ACL: Example 2
- •Extended IP Access Control Lists
- •Extended IP ACL Concepts
- •Extended IP Access Lists: Example 1
- •Extended IP Access Lists: Example 2
- •Miscellaneous ACL Topics
- •Named IP Access Lists
- •Controlling Telnet Access with ACLs
- •ACL Implementation Considerations
- •Foundation Summary
- •Part V: Final Preparation
- •Final Preparation
- •Suggestions for Final Preparation
- •Preparing for the Exam Experience
- •Final Lab Scenarios
- •Scenario 1
- •Scenario 1, Part A: Planning
- •Solutions to Scenario 1, Part A: Planning
- •Scenario 2
- •Scenario 2, Part A: Planning
- •Solutions to Scenario 2, Part A: Planning
- •Part VI: Appendixes
- •Glossary
- •Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
- •Chapter 1
- •“Do I Know This Already?” Quiz
- •Chapter 2
- •“Do I Know This Already?” Quiz
- •Chapter 3
- •“Do I Know This Already?” Quiz
- •Chapter 4
- •“Do I Know This Already?” Quiz
- •Chapter 5
- •“Do I Know This Already?” Quiz
- •Chapter 6
- •“Do I Know This Already?” Quiz
- •Chapter 7
- •“Do I Know This Already?” Quiz
- •Chapter 8
- •“Do I Know This Already?” Quiz
- •Chapter 9
- •“Do I Know This Already?” Quiz
- •Chapter 10
- •“Do I Know This Already?” Quiz
- •Chapter 11
- •“Do I Know This Already?” Quiz
- •Chapter 12
- •“Do I Know This Already?” Quiz
- •Using the Simulation Software for the Hands-on Exercises
- •Accessing NetSim from the CD
- •Hands-on Exercises Available with NetSim
- •Scenarios
- •Labs
- •Listing of the Hands-on Exercises
- •How You Should Proceed with NetSim
- •Considerations When Using NetSim
- •Routing Protocol Overview
- •Comparing and Contrasting IP Routing Protocols
- •Routing Through the Internet with the Border Gateway Protocol
- •RIP Version 2
- •The Integrated IS-IS Link State Routing Protocol
- •Summary of Interior Routing Protocols
- •Numbering Ports (Interfaces)
116 Chapter 4: IP Addressing and Subnetting
Step 5 Declare the number of subnets, which is 2number-of-subnet-bits – 2.
Step 6 Declare the number of hosts per subnet, which is 2number-of-host-bits – 2.
What Is the Subnet Number, and What Are the IP Addresses in the Subnet?
One of the most common situations you face is after you know an IP address and subnet mask and you must answer questions about them. The question might be straightforward, like “What is the subnet number?”, or it might be more subtle, like “Which of the following IP addresses are in the same subnet as the stated address?”. In either case, if you can dissect an IP address as described in this chapter, you can answer any variation on this type of question.
In the next several sections, you will learn how to derive the subnet number and the subnet broadcast address. After deriving these two values, you can easily find the range of valid IP addresses in the subnet.
Finding the Subnet Number
Earlier, you learned that computers perform a Boolean AND of the address and mask to find the subnet number. Tables 4-10 through 4-14 show the Boolean AND process for the five examples used in the preceding section.
Table 4-10 Boolean AND Calculation for the Subnet with Address 8.1.4.5, Mask 255.255.0.0
Address |
8.1.4.5 |
0000 1000 0000 0001 0000 0100 0000 0101 |
|
|
|
Mask |
255.255.0.0 |
1111 1111 1111 1111 0000 0000 0000 0000 |
|
|
|
AND Result |
8.1.0.0 |
0000 1000 0000 0001 0000 0000 0000 0000 |
|
|
|
Table 4-11 Boolean AND Calculation for the Subnet with Address 130.4.102.1, Mask 255.255.255.0
Address |
130.4.102.1 |
1000 0010 0000 0100 0110 0110 0000 0001 |
|
|
|
Mask |
255.255.255.0 |
1111 1111 1111 1111 1111 1111 0000 0000 |
|
|
|
AND Result |
130.4.102.0 |
1000 0010 0000 0100 0110 0110 0000 0000 |
|
|
|
Table 4-12 Boolean AND Calculation for the Subnet with Address 199.1.1.100, Mask 255.255.255.0
Address |
199.1.1.100 |
1100 0111 0000 0001 0000 0001 0110 0100 |
|
|
|
Mask |
255.255.255.0 |
1111 1111 1111 1111 1111 1111 0000 0000 |
|
|
|
AND Result |
199.1.1.0 |
1100 0111 0000 0001 0000 0001 0000 0000 |
|
|
|
Analyzing and Interpreting IP Addresses and Subnets 117
Table 4-13 Boolean AND Calculation for the Subnet with Address 130.4.102.1, Mask 255.255.252.0
Address |
130.4.102.1 |
1000 0010 0000 0100 0110 0110 0000 0001 |
|
|
|
Mask |
255.255.252.0 |
1111 1111 1111 1111 1111 1100 0000 0000 |
|
|
|
AND Result |
130.4.100.0 |
1000 0010 0000 0100 0110 0100 0000 0000 |
|
|
|
Table 4-14 Boolean AND Calculation for the Subnet with Address 199.1.1.100, Mask 255.255.255.224
Address |
199.1.1.100 |
1100 0111 0000 0001 0000 0001 0110 0100 |
|
|
|
Mask |
255.255.255.224 |
1111 1111 1111 1111 1111 1111 1110 0000 |
|
|
|
AND Result |
199.1.1.96 |
1100 0111 0000 0001 0000 0001 0110 0000 |
|
|
|
Although these tables show the answers, they do not show the process. The steps taken to complete the tables are as follows:
Step 1 You start with the decimal address and mask stated in the question.
Step 2 You convert the two numbers to binary, as shown in all five examples.
Step 3 Each bit is ANDed with the bit in the same position in the other number (in other words, a bitwise Boolean AND), giving the result of the Boolean AND.
Step 4 You convert the Boolean AND result back to decimal.
The last step in this process, converting the binary number back to decimal, is the step that causes most of the problems for people new to subnetting. In some cases, the conversion is simple. For instance, in the first example, the subnet mask is 255.255.0.0. Because the mask has only 255s, or 0s in decimal, the boundary between the subnet and host fields is on a byte boundary as well—between the second and third bytes in this case. So the conversion from binary back to decimal for the result of the Boolean AND—0000 1000 0000 0001 0000
0000 0000 0000—typically does not pose a problem.
The confusion typically arises when the boundary between the subnet and host part of the address is in the middle of a byte, which occurs when the subnet mask has a value besides 0 or 255 decimal. For example, with 130.4.102.1, mask 255.255.252.0, the first 6 bits of the third octet comprise the subnet field, and the last 2 bits of the third octet, plus the entire fourth octet, comprise the host field. The problem that some people experience is that they try to convert the 6-bit subnet part from binary to decimal and the 10-bit host part to decimal. However, when converting binary to decimal, to find the dotted decimal IP address you always convert the entire octet—even if part of the octet is in the subnet part of the address and part is in the host part of the address.
118 Chapter 4: IP Addressing and Subnetting
So, in this example, the subnet number (130.4.100.0) in binary is 1000 0010 0000 0100 0110 0100 0000 0000. The entire third octet is shown in bold, which converts to 100 in decimal. When you convert the whole number, each set of 8 bits is converted to decimal, giving you 130.4.100.0.
Finding the Subnet Broadcast Address
The subnet broadcast address, sometimes called the directed broadcast address, can be used to send a packet to every device in a single subnet. However, few tools and protocols use the subnet broadcast address anymore. However, by calculating the subnet broadcast address, you can easily calculate the largest valid IP address in the subnet, which is an important part of answering subnetting questions.
There is a binary math operation to calculate the subnet broadcast address. However, there is a much easier process, especially if you already have the subnet number in binary:
Change all the host bit values in the subnet number to binary 1s.
You can examine the simple math behind calculating the subnet broadcast address in Tables 4-15 through 4-19. The host parts of the addresses, masks, subnet numbers, and broadcast addresses are in bold.
Table 4-15 Calculating the Broadcast Address: Address 8.1.4.5, Mask 255.255.0.0
Address |
8.1.4.5 |
0000 1000 0000 0001 0000 0100 0000 0101 |
|
|
|
Mask |
255.255.0.0 |
1111 1111 1111 1111 0000 0000 0000 0000 |
|
|
|
AND Result |
8.1.0.0 |
0000 1000 0000 0001 0000 0000 0000 0000 |
|
|
|
Broadcast |
8.1.255.255 |
0000 1000 0000 0001 1111 1111 1111 1111 |
|
|
|
Table 4-16 Calculating the Broadcast Address: Address 130.4.102.1, Mask 255.255.255.0
Address |
130.4.102.1 |
1000 0010 0000 0100 0110 0110 0000 0001 |
|
|
|
Mask |
255.255.255.0 |
1111 1111 1111 1111 1111 1111 0000 0000 |
|
|
|
AND Result |
130.4.102.0 |
1000 0010 0000 0100 0110 0110 0000 0000 |
|
|
|
Broadcast |
130.4.102.255 |
1000 0010 0000 0100 0110 0110 1111 1111 |
|
|
|
Table 4-17 Calculating the Broadcast Address: Address 199.1.1.100, Mask 255.255.255.0
Address |
199.1.1.100 |
1100 0111 0000 0001 0000 0001 0110 0100 |
|
|
|
Mask |
255.255.255.0 |
1111 1111 1111 1111 1111 1111 0000 0000 |
|
|
|
AND Result |
199.1.1.0 |
1100 0111 0000 0001 0000 0001 0000 0000 |
|
|
|
Broadcast |
199.1.1.255 |
1100 0111 0000 0001 0000 0001 1111 1111 |
|
|
|
Analyzing and Interpreting IP Addresses and Subnets 119
Table 4-18 Calculating the Broadcast Address: Address 130.4.102.1, Mask 255.255.252.0
Address |
130.4.102.1 |
1000 0010 0000 0100 0110 0110 0000 0001 |
|
|
|
Mask |
255.255.252.0 |
1111 1111 1111 1111 1111 1100 0000 0000 |
|
|
|
AND Result |
130.4.100.0 |
1000 0010 0000 0100 0110 0100 0000 0000 |
|
|
|
Broadcast |
130.4.103.255 |
1000 0010 0000 0100 0110 0111 1111 1111 |
|
|
|
Table 4-19 Calculating the Broadcast Address: Address 199.1.1.100, Mask 255.255.255.224
Address |
199.1.1.100 |
1100 0111 0000 0001 0000 0001 0110 0100 |
|
|
|
Mask |
255.255.255.224 |
1111 1111 1111 1111 1111 1111 1110 0000 |
|
|
|
AND Result |
199.1.1.96 |
1100 0111 0000 0001 0000 0001 0110 0000 |
|
|
|
Broadcast |
199.1.1.127 |
1100 0111 0000 0001 0000 0001 0111 1111 |
|
|
|
By examining the subnet broadcast addresses in binary, you can see that they are identical to the subnet numbers, except that all host bits have a value of binary 1 instead of binary 0. (Look for the bold digits in the examples.)
NOTE In case you want to know, to derive the broadcast address using Boolean math, start with the subnet number and mask in binary. Invert the mask (change all the 1s to 0s and all the 0s to 1s), and then do a bitwise Boolean OR between the two 32-bit numbers. (An OR yields a 0 when both bits are 0 and yields a 1 in any other case.) The result is the subnet broadcast address.
Finding the Range of Valid IP Addresses in a Subnet
You also need to be able to figure out which IP addresses are in a particular subnet and which are not. You already know how to do the hard part of finding that answer! You know that in any subnet, two numbers are reserved. The two reserved numbers are the subnet number itself and the subnet broadcast address. The subnet number is the numerically smallest number in the subnet, and the broadcast address is the numerically largest number. So the range of valid IP addresses starts with 1 more than the subnet number and ends with the address that is 1 less than the broadcast address. It’s that simple!
Here’s a formal definition of the “algorithm” to find the first and last IP addresses in a subnet when you know the subnet number and broadcast addresses:
■For the first valid IP address, copy the subnet number, but add 1 to the fourth octet.
■For the last valid IP address, copy the subnet broadcast address, but subtract 1 from the fourth octet.
120 Chapter 4: IP Addressing and Subnetting
■ The range of valid IP addresses starts with the first number and ends with the last. Tables 4-20 through 4-24 summarize the answers for the five examples used in this section.
Table 4-20 Subnet Chart: 8.1.4.5/255.255.0.0 |
|
|
|
|
||
|
|
|
|
|
|
|
|
Octet |
|
1 |
2 |
3 |
4 |
|
|
|
|
|
|
|
|
Address |
|
8 |
1 |
4 |
5 |
|
|
|
|
|
|
|
|
Mask |
|
255 |
255 |
0 |
0 |
|
|
|
|
|
|
|
|
Subnet Number |
|
8 |
1 |
0 |
0 |
|
|
|
|
|
|
|
|
First Address |
|
8 |
1 |
0 |
1 |
|
|
|
|
|
|
|
|
Broadcast |
|
8 |
1 |
255 |
255 |
|
|
|
|
|
|
|
|
Last Address |
|
8 |
1 |
255 |
254 |
|
|
|
|
|
|
|
Table 4-21 Subnet Chart: 130.4.102.1/255.255.255.0
Octet |
1 |
2 |
3 |
4 |
|
|
|
|
|
Address |
130 |
4 |
102 |
1 |
|
|
|
|
|
Mask |
255 |
255 |
255 |
0 |
|
|
|
|
|
Subnet Number |
130 |
4 |
102 |
0 |
|
|
|
|
|
First Address |
130 |
4 |
102 |
1 |
|
|
|
|
|
Broadcast |
130 |
4 |
102 |
255 |
|
|
|
|
|
Last Address |
130 |
4 |
102 |
254 |
|
|
|
|
|
Table 4-22 Subnet Chart: 199.1.1.100/255.255.255.0
Octet |
1 |
2 |
3 |
4 |
|
|
|
|
|
Address |
199 |
1 |
1 |
100 |
|
|
|
|
|
Mask |
255 |
255 |
255 |
0 |
|
|
|
|
|
Subnet Number |
199 |
1 |
1 |
0 |
|
|
|
|
|
First Address |
199 |
1 |
1 |
1 |
|
|
|
|
|
Broadcast |
199 |
1 |
1 |
255 |
|
|
|
|
|
Last Address |
199 |
1 |
1 |
254 |
|
|
|
|
|