- •Warning and Disclaimer
- •Feedback Information
- •Trademark Acknowledgments
- •About the Author
- •About the Technical Reviewers
- •Dedication
- •Acknowledgments
- •Contents at a Glance
- •Contents
- •Icons Used in This Book
- •Command Syntax Conventions
- •Cisco’s Motivation: Certifying Partners
- •Format of the CCNA Exams
- •What’s on the CCNA Exams
- •ICND Exam Topics
- •Cross-Reference Between Exam Topics and Book Parts
- •CCNA Exam Topics
- •INTRO and ICND Course Outlines
- •Objectives and Methods
- •Book Features
- •How This Book Is Organized
- •Part I: LAN Switching
- •Part II: TCP/IP
- •Part III: Wide-Area Networks
- •Part IV: Network Security
- •Part V: Final Preparation
- •Part VI: Appendixes
- •How to Use These Books to Prepare for the CCNA Exam
- •For More Information
- •Part I: LAN Switching
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Brief Review of LAN Switching
- •The Forward-Versus-Filter Decision
- •How Switches Learn MAC Addresses
- •Forwarding Unknown Unicasts and Broadcasts
- •LAN Switch Logic Summary
- •Basic Switch Operation
- •Foundation Summary
- •Spanning Tree Protocol
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Spanning Tree Protocol
- •What IEEE 802.1d Spanning Tree Does
- •How Spanning Tree Works
- •Electing the Root and Discovering Root Ports and Designated Ports
- •Reacting to Changes in the Network
- •Spanning Tree Protocol Summary
- •Optional STP Features
- •EtherChannel
- •PortFast
- •Rapid Spanning Tree (IEEE 802.1w)
- •RSTP Link and Edge Types
- •RSTP Port States
- •RSTP Port Roles
- •RSTP Convergence
- •Edge-Type Behavior and PortFast
- •Link-Type Shared
- •Link-Type Point-to-Point
- •An Example of Speedy RSTP Convergence
- •Basic STP show Commands
- •Changing STP Port Costs and Bridge Priority
- •Foundation Summary
- •Foundation Summary
- •Virtual LANs and Trunking
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of Virtual LAN Concepts
- •Trunking with ISL and 802.1Q
- •ISL and 802.1Q Compared
- •VLAN Trunking Protocol (VTP)
- •How VTP Works
- •VTP Pruning
- •Foundation Summary
- •Part II: TCP/IP
- •IP Addressing and Subnetting
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •IP Addressing Review
- •IP Subnetting
- •Analyzing and Interpreting IP Addresses and Subnets
- •Math Operations Used to Answer Subnetting Questions
- •Converting IP Addresses from Decimal to Binary and Back Again
- •The Boolean AND Operation
- •How Many Hosts and How Many Subnets?
- •What Is the Subnet Number, and What Are the IP Addresses in the Subnet?
- •Finding the Subnet Number
- •Finding the Subnet Broadcast Address
- •Finding the Range of Valid IP Addresses in a Subnet
- •Finding the Answers Without Using Binary
- •Easier Math with Easy Masks
- •Which Subnet Masks Meet the Stated Design Requirements?
- •What Are the Other Subnet Numbers?
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Extended ping Command
- •Distance Vector Concepts
- •Distance Vector Loop-Avoidance Features
- •Route Poisoning
- •Split Horizon
- •Split Horizon with Poison Reverse
- •Hold-Down Timer
- •Triggered (Flash) Updates
- •RIP and IGRP
- •IGRP Metrics
- •Examination of RIP and IGRP debug and show Commands
- •Issues When Multiple Routes to the Same Subnet Exist
- •Administrative Distance
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Link-State Routing Protocol and OSPF Concepts
- •Steady-State Operation
- •Loop Avoidance
- •Scaling OSPF Through Hierarchical Design
- •OSPF Areas
- •Stub Areas
- •Summary: Comparing Link-State and OSPF to Distance Vector Protocols
- •Balanced Hybrid Routing Protocol and EIGRP Concepts
- •EIGRP Loop Avoidance
- •EIGRP Summary
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Route Summarization and Variable-Length Subnet Masks
- •Route Summarization Concepts
- •VLSM
- •Route Summarization Strategies
- •Sample “Best” Summary on Seville
- •Sample “Best” Summary on Yosemite
- •Classless Routing Protocols and Classless Routing
- •Classless and Classful Routing Protocols
- •Autosummarization
- •Classful and Classless Routing
- •Default Routes
- •Classless Routing
- •Foundation Summary
- •Advanced TCP/IP Topics
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Scaling the IP Address Space for the Internet
- •CIDR
- •Private Addressing
- •Network Address Translation
- •Static NAT
- •Dynamic NAT
- •Overloading NAT with Port Address Translation (PAT)
- •Translating Overlapping Addresses
- •Miscellaneous TCP/IP Topics
- •Internet Control Message Protocol (ICMP)
- •ICMP Echo Request and Echo Reply
- •Destination Unreachable ICMP Message
- •Time Exceeded ICMP Message
- •Redirect ICMP Message
- •Secondary IP Addressing
- •FTP and TFTP
- •TFTP
- •MTU and Fragmentation
- •Foundation Summary
- •Part III: Wide-Area Networks
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Review of WAN Basics
- •Physical Components of Point-to-Point Leased Lines
- •Data-Link Protocols for Point-to-Point Leased Lines
- •HDLC and PPP Compared
- •Looped Link Detection
- •Enhanced Error Detection
- •Authentication Over WAN Links
- •PAP and CHAP Authentication
- •Foundation Summary
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •ISDN Protocols and Design
- •Typical Uses of ISDN
- •ISDN Channels
- •ISDN Protocols
- •ISDN BRI Function Groups and Reference Points
- •ISDN PRI Function Groups and Reference Points
- •BRI and PRI Encoding and Framing
- •PRI Encoding
- •PRI Framing
- •BRI Framing and Encoding
- •DDR Step 1: Routing Packets Out the Interface to Be Dialed
- •DDR Step 2: Determining the Subset of the Packets That Trigger the Dialing Process
- •DDR Step 3: Dialing (Signaling)
- •DDR Step 4: Determining When the Connection Is Terminated
- •ISDN and DDR show and debug Commands
- •Multilink PPP
- •Foundation Summary
- •Frame Relay
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Frame Relay Protocols
- •Frame Relay Standards
- •Virtual Circuits
- •LMI and Encapsulation Types
- •DLCI Addressing Details
- •Network Layer Concerns with Frame Relay
- •Layer 3 Addressing with Frame Relay
- •Frame Relay Layer 3 Addressing: One Subnet Containing All Frame Relay DTEs
- •Frame Relay Layer 3 Addressing: One Subnet Per VC
- •Frame Relay Layer 3 Addressing: Hybrid Approach
- •Broadcast Handling
- •Frame Relay Service Interworking
- •A Fully-Meshed Network with One IP Subnet
- •Frame Relay Address Mapping
- •A Partially-Meshed Network with One IP Subnet Per VC
- •A Partially-Meshed Network with Some Fully-Meshed Parts
- •Foundation Summary
- •Part IV: Network Security
- •IP Access Control List Security
- •“Do I Know This Already?” Quiz
- •Foundation Topics
- •Standard IP Access Control Lists
- •IP Standard ACL Concepts
- •Wildcard Masks
- •Standard IP ACL: Example 2
- •Extended IP Access Control Lists
- •Extended IP ACL Concepts
- •Extended IP Access Lists: Example 1
- •Extended IP Access Lists: Example 2
- •Miscellaneous ACL Topics
- •Named IP Access Lists
- •Controlling Telnet Access with ACLs
- •ACL Implementation Considerations
- •Foundation Summary
- •Part V: Final Preparation
- •Final Preparation
- •Suggestions for Final Preparation
- •Preparing for the Exam Experience
- •Final Lab Scenarios
- •Scenario 1
- •Scenario 1, Part A: Planning
- •Solutions to Scenario 1, Part A: Planning
- •Scenario 2
- •Scenario 2, Part A: Planning
- •Solutions to Scenario 2, Part A: Planning
- •Part VI: Appendixes
- •Glossary
- •Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
- •Chapter 1
- •“Do I Know This Already?” Quiz
- •Chapter 2
- •“Do I Know This Already?” Quiz
- •Chapter 3
- •“Do I Know This Already?” Quiz
- •Chapter 4
- •“Do I Know This Already?” Quiz
- •Chapter 5
- •“Do I Know This Already?” Quiz
- •Chapter 6
- •“Do I Know This Already?” Quiz
- •Chapter 7
- •“Do I Know This Already?” Quiz
- •Chapter 8
- •“Do I Know This Already?” Quiz
- •Chapter 9
- •“Do I Know This Already?” Quiz
- •Chapter 10
- •“Do I Know This Already?” Quiz
- •Chapter 11
- •“Do I Know This Already?” Quiz
- •Chapter 12
- •“Do I Know This Already?” Quiz
- •Using the Simulation Software for the Hands-on Exercises
- •Accessing NetSim from the CD
- •Hands-on Exercises Available with NetSim
- •Scenarios
- •Labs
- •Listing of the Hands-on Exercises
- •How You Should Proceed with NetSim
- •Considerations When Using NetSim
- •Routing Protocol Overview
- •Comparing and Contrasting IP Routing Protocols
- •Routing Through the Internet with the Border Gateway Protocol
- •RIP Version 2
- •The Integrated IS-IS Link State Routing Protocol
- •Summary of Interior Routing Protocols
- •Numbering Ports (Interfaces)
292 Chapter 8: Advanced TCP/IP Topics
Foundation Summary
The “Foundation Summary” section lists the most important facts from the chapter. Although this section does not list everything that will be on the exam, a well-prepared CCNA candidate should at a minimum know all the details in each Foundation Summary before taking the exam.
Table 8-11 shows the private address space defined by RFC 1918.
Table 8-11 RFC 1918 Private Address Space
Range of IP Addresses |
Class of Networks |
Number of Networks |
|
|
|
10.0.0.0 to 10.255.255.255 |
A |
1 |
|
|
|
172.16.0.0 to 172.31.255.255 |
B |
16 |
|
|
|
192.168.0.0 to 192.168.255.255 |
C |
256 |
|
|
|
Figure 8-20 and Table 8-12 outline some of the terminology used with NAT.
Figure 8-20 Static NAT Terminology
|
|
SA 10.1.1.1 |
|
|
|
SA 200.1.1.1 |
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Server |
|||||
10.1.1.1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Internet |
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NAT |
|
|
|
|
|
|
|
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
170.1.1.1 |
||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10.1.1.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
Inside |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Outside |
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
DA 10.1.1.1 |
|
|
|
|
|
|
DA 200.1.1.1 |
|
|
|
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Inside Local |
|
|
|
|
Inside Global |
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
10.1.1.1 |
|
|
200.1.1.1 |
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
10.1.1.2 |
|
|
200.1.1.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Foundation Summary 293 |
Table 8-12 NAT Addressing Terms |
||
|
|
|
|
Term |
Description |
|
|
|
|
Inside local |
In a typical NAT design, the term “inside” refers to an address used for a |
|
|
host inside an enterprise. An inside local is the actual IP address assigned to |
|
|
a host in the private enterprise network. A more descriptive term might be |
|
|
“inside private,” because when using RFC 1918 addresses in an enterprise, |
|
|
the inside local represents the host inside the enterprise, and it is a private |
|
|
RFC 1918 address. |
|
|
|
|
Inside global |
In a typical NAT design, the term “inside” refers to an address used for a |
|
|
host inside an enterprise. NAT uses an inside global address to represent the |
|
|
inside host as the packet is sent through the outside network, typically the |
|
|
Internet. A NAT router changes the source IP address of a packet sent by an |
|
|
inside host from an inside local address to an inside global address as the |
|
|
packet goes from the inside to the outside network. |
|
|
A more descriptive term might be “inside public,” because when using RFC |
|
|
1918 addresses in an enterprise, the inside global represents the inside host |
|
|
with a public IP address that can be used for routing in the public Internet. |
|
|
|
|
Outside global |
In a typical NAT design, the term “outside” refers to an address used for a |
|
|
host outside an enterprise—in other words, in the Internet. An outside |
|
|
global is the actual IP address assigned to a host that resides in the outside |
|
|
network, typically the Internet. A more descriptive term might be “outside |
|
|
public,” because the outside global represents the outside host with a public |
|
|
IP address that can be used for routing in the public Internet. |
|
|
|
|
Outside local |
In a typical NAT design, the term “outside” refers to an address used for a |
|
|
host outside an enterprise—in other words, in the Internet. NAT uses an |
|
|
outside local address to represent the outside host as the packet is sent |
|
|
through the private enterprise network (inside network). A NAT router |
|
|
changes a packet’s destination IP address, sent from an inside host to the |
|
|
outside global address, as the packet goes from the inside to the outside |
|
|
network. A more descriptive term might be “outside private,” because when |
|
|
using RFC 1918 addresses in an enterprise, the outside local represents the |
|
|
outside host with a private IP address from RFC 1918. |
|
|
|
Example 8-8 shows a typical NAT configuration, as well as some show commands.
Example 8-8 Dynamic NAT Configuration
NAT# show running-config
!
! Lines omitted for Brevity
!
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip nat inside
!
continues
294 Chapter 8: Advanced TCP/IP Topics
Example 8-8 Dynamic NAT Configuration (Continued)
interface Serial0/0
ip address 200.1.1.251 255.255.255.0 ip nat outside
!
ip nat pool fred 200.1.1.1 200.1.1.2 netmask 255.255.255.252 ip nat inside source list 1 pool fred
!
access-list 1 permit 10.1.1.2 access-list 1 permit 10.1.1.1
!
NAT# show ip nat translations
NAT# show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
Ethernet0/0
Hits: 0 Misses: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool fred refcount 0
pool fred: netmask 255.255.255.252
start 200.1.1.1 end 200.1.1.2
type generic, total addresses 2, allocated 0 (0%), misses 0
!
! Telnet from 10.1.1.1 to 170.1.1.1 happened next; not shown
!
NAT# show ip nat statistics
Total active translations: 1 (0 static, 1 dynamic; 0 extended)
Outside interfaces:
Serial0/0
Inside interfaces:
Ethernet0/0
Hits: 69 Misses: 1
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool fred refcount 1
pool fred: netmask 255.255.255.252
|
start 200.1.1.1 end |
200.1.1.2 |
|
|
|
type generic, total |
addresses 2, allocated 1 (50%), misses 0 |
||
NAT# show ip nat translations |
|
|
||
Pro |
Inside global |
Inside local |
Outside local |
Outside global |
--- |
200.1.1.1 |
10.1.1.1 |
--- |
--- |
Foundation Summary 295
The Destination Unreachable, Time Exceeded, Redirect, and Echo messages are described in Table 8-13.
Table 8-13 |
ICMP Message Types |
|
|
|
|
|
Message |
Purpose |
|
|
|
|
Destination Unreachable |
Tells the source host that there is a problem delivering a packet. |
|
|
|
|
Time Exceeded |
The time it takes a packet to be delivered has expired, so the |
|
|
packet has been discarded. |
|
|
|
|
Redirect |
The router sending this message has received a packet for which |
|
|
another router has a better route. The message tells the sender to |
|
|
use the better route. |
|
|
|
|
Echo |
Used by the ping command to verify connectivity. |
|
|
|
Table 8-14 summarizes some features of TFTP and FTP.
Table 8-14 Comparison of FTP and TFTP
FTP |
TFTP |
|
|
Uses TCP |
Uses UDP |
|
|
Uses robust control commands |
Uses simple control commands |
|
|
Sends data over a TCP connection separate from |
Uses no connections because of UDP |
control commands |
|
|
|
Requires more memory and programming effort |
Requires less memory and programming effort |
|
|
Example 8-9 shows the router configuration required to support ISL encapsulation and forwarding between three VLANs.
Example 8-9 Router Configuration for ISL Encapsulation
interface fastethernet 0.1
ip address 10.1.1.1 255.255.255.0 encapsulation isl 1
!
interface fastethernet 0.2
ip address 10.1.2.1 255.255.255.0 encapsulation isl 2
!
interface fastethernet 0.3
ip address 10.1.3.1 255.255.255.0 encapsulation isl 3
296 Chapter 8: Advanced TCP/IP Topics
Q&A
As mentioned in the Introduction, you have two choices for review questions. The following questions give you a bigger challenge than the exam because they are open-ended. By reviewing with this more-difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of the topics covered in this chapter. The answers to these questions are found in Appendix A.
For more practice with exam-like question formats, including multiple-choice questions and those using a router simulator, use the exam engine on the CD.
1.Define private addressing as defined in RFC 1918.
2.List the range of private networks defined in RFC 1918.
3.Does CIDR affect the size of Internet routing tables? If so, what does it do to those routing tables?
4.Define NAT and explain the basics of its operation.
5.Define the term inside local address in relation to NAT. Use Figure 8-21 to describe the answer.
Figure 8-21 Network for Use in Answering NAT Questions
10.1.1.1 |
200.1.1.1 |
Server |
|
|
Internet
NAT 170.1.1.1
10.1.1.2
6.Define the term inside global address in relation to NAT. Use Figure 8-21 to describe the answer.
7.Create a configuration for NAT overload to a single IP address for the router shown in Figure 8-21.
8.Create a configuration for static NAT, mapping host 10.1.1.1 to 200.1.1.11, for the router shown in Figure 8-21.
Q&A 297
9.Which requires more lines of source code, FTP or TFTP? Explain your answer.
10.Does FTP or TFTP perform error recovery? If so, describe the basics of how this occurs.
11.Describe the process used by IP routers to perform fragmentation and reassembly of packets.
12.How many Class B-style networks are reserved by RFC 1918 private addressing?
13.Describe why ARP requests use an Ethernet broadcast address instead of an Ethernet unicast address.
14.Imagine that host 10.1.1.1 in Figure 8-21 sends a packet to the server at 170.1.1.1 and that the NAT router also happens to fragment the packet. Inside the context of this network, explain how reassembly of the fragments into the original packet occurs.
15.Imagine that R1 has an interface, FastEthernet 0/0, that uses ISL trunking to a switch.
R1 needs to route between VLAN 1 and VLAN 2. Create a valid router configuration.
16.Describe how NAT overload manages to support more than one inside local IP address using a single inside global address.
Cisco Published ICND Exam Topics*
Covered in This Part:
4 Design a simple internetwork using Cisco products
6 Choose WAN protocols to meet design requirements
14Implement simple WAN protocols
15Utilize the OSI model as a guide for systematic network troubleshooting
19Troubleshoot a device as part of a working network
21Perform simple WAN troubleshooting
26Evaluate key characteristics of HDLC, PPP, Frame Relay, DDR, and ISDN technologies * Always re-check www.cisco.com for the latest posted exam topics