Cisco Networking/CCENT/Collection

Cisco CCENT

edit

Learning Guide

edit

This learning guide supports the Wikiversity course Cisco CCENT, available at http://en.wikiversity.org/wiki/Cisco_Networking/CCENT.

Overview

edit

Cisco Networking/CCENT/Collection/Sidebar

Cisco Certified Entry Networking Technician (CCENT) includes ability to install, operate and troubleshoot a small enterprise branch network, including basic network security.[1]

This course comprises 15 lessons covering Cisco networking. Each lesson includes a combination of Wikipedia and Cisco readings, YouTube videos, and hands-on learning activities. The course also assists learners in preparing for Cisco CCENT (Interconnecting Cisco Networking Devices Part 1) certification.

Preparation

edit

This is a fourth-semester, college-level course. Learners should already be familiar with introductory computer networking concepts and Internet protocols.

Lessons

edit
  1. Networking Models
  2. Ethernet LANs
  3. IP Addressing
  4. Subnetting
  5. Lab Setup
  6. IOS Basics
  7. Remote Management
  8. Network Services
  9. Static Routing
  10. Dynamic Routing
  11. Switching
  12. VLANs
  13. Security
  14. Access Control Lists
  15. Troubleshooting

See Also

edit

Bibliography

edit
  • Cisco: 100-101 ICND1 Exam Topics
  • Cisco: ICND1 Study Material
  • Cannon, Kelly and Caudle, Kelly (2009). CCNA Guide to Cisco Networking Fundamentals. Cengage. ISBN 9781418837051
  • Cisco: Internetworking Technology Handbook
  • Lammle, T. (2013). CCENT Study Guide: Exam 100-101 (ICND1). Wiley. ISBN 9781118749685
  • Odom, W. (2013). CCENT/CCNA ICND1 100-101 Official Cert Guide. Cisco. ISBN 9781587143854

References

edit
  Completion status: this resource is considered to be complete.

Lesson 1 - Networking Models

edit

This lesson covers the TCP/IP and OSI networking models and encapsulation concepts.

Objectives and Skills

edit

Objectives and skills for the TCP/IP and OSI networking models portion of Cisco CCENT certification include:[1]

  • Describe the purpose and basic operation of the protocols in the OSI and TCP/IP models
  • Recognize the purpose and functions of various network devices such as routers, switches, bridges and hubs
  • Identify common applications and their impact on the network
  • Predict the data flow between two hosts across a network

Readings

edit
  1. Wikipedia: OSI model
  2. Wikipedia: Internet protocol suite
  3. Wikipedia: Encapsulation (networking)
  4. Cisco: Internetworking Basics

Multimedia

edit
  1. YouTube: The OSI Model - CompTIA Network+ N10-005 - 1.1
  2. YouTube: The OSI Model in the Real World - CompTIA Network+ N10-005: 1.2
  3. YouTube: The TCP/IP Model - CompTIA Network+ N10-005: 1.1
  4. YouTube: Networking Protocols - CompTIA Network+ N10-005: 1.6
  5. YouTube: Network Layers - OSI, TCP/IP Models - Part 1
  6. YouTube: Network Layers - OSI, TCP/IP Models - Part 2
  7. YouTube: Network Layers - OSI, TCP/IP Models - Part 3

Activities

edit
  1. Review OSI Components. Describe the purpose and basic operation of the layers in the OSI and TCP/IP models.
  2. Draw your own personal reference chart comparing the Internet protocol suite four-layer model to the OSI seven-layer model.
  3. Use Wireshark to capture network traffic on your school, work, or home network. Identify the protocols in use on the network at each layer of the OSI and TCP/IP models.
  4. Use Wireshark to capture network traffic on your school, work, or home network. Identify the protocol data unit headers and layer interaction as data is encapsulated from segment to packet to frame for transmission as bits.

Lesson Summary

edit
  • The Open Systems Interconnection model (OSI Model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard for the underlying internal structure and technology.[2]
  • The OSI model is a seven-layer model containing Physical, Data Link, Network, Transport, Session, Presentation, and Application layers.[3]
  • The OSI model layers are numbered from the bottom up:[4]
    • 7 - Application
    • 6 - Presentation
    • 5 - Session
    • 4 - Transport
    • 3 - Network
    • 2 - Data Link
    • 1 - Physical
  • The OSI model is maintained by the International Organization for Standardization (ISO).[5]
  • The OSI Physical layer transmits and receives raw bit streams over a physical medium.[6]
  • The OSI Data Link layer reliably transmits data frames between two nodes connected by a physical layer.[7]
  • The OSI Network layer manages packet addressing, routing, and traffic control.[8]
  • The OSI Transport layer ensures reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing.[9]
  • The OSI Session layer manages information exchange between two nodes, including authentication and authorization.[10]
  • The OSI Presentation layer manages translation (formatting) of data, including character encoding, data compression, and encryption/decryption.[11]
  • The OSI Application layer provides APIs (application programming interfaces) to support resource sharing, remote file access, directory services, virtual terminals, etc.[12]
  • The Internet protocol suite is the set of communications protocols used for the Internet and similar networks.[13]
  • The Internet protocol suite is a four-layer model containing Link, Internet, Transport, and Application layers.[14]
  • The Internet protocol suite is maintained by the Internet Engineering Task Force (IETF).[15]
  • The Link layer contains communication technologies for a local network.[16]
  • The Internet layer connects local networks, thus establishing internetworking.[17]
  • The Transport layer handles host-to-host communication.[18]
  • The Application layer contains all protocols for specific data communications services on a process-to-process level.[19]
  • The Internet protocol suite protocols are deliberately not as rigidly designed into strict layers as in the OSI model.[20]
  • The Internet Link layer includes the OSI Data Link and Physical layers, as well as parts of OSI's Network layer.[21]
  • The Internet internetworking layer (Internet layer) is a subset of the OSI Network layer.[22]
  • The Internet Transport layer includes the graceful close function of the OSI Session layer as well as the OSI Transport layer.[23]
  • The Internet Application layer includes the OSI Application layer, Presentation layer, and most of the Session layer.[24]
  • Internet Link layer protocols include Ethernet, Wi-Fi, and PPP.[25]
  • Internet internetworking layer (Internet layer) protocols include IP, ICMP and IGMP.[26]
  • Internet Transport layer protocols include TCP and UDP.[27]
  • Internet Application layer protocols include HTTP and SMTP, [28]

Key Terms

edit
adjacent-layer interaction
Each lower layer provides a service to the layer or layers above it.[29]
bit
The OSI Physical layer protocol data unit.[30]
deencapsulation
Each layer interprets and removes header (and sometimes trailer) control information before passing a PDU to the layer above.[31]
encapsulation
Each lower layer adds header (and sometimes trailer) control information to the PDU received from the layer above.[32]
frame
The OSI Data Link layer protocol data unit.[33]
networking model
A conceptual model that describes and represents network function, exemplified by the OSI model and the Internet Protocol Suite.[34]
packet
The OSI Network layer protocol data unit.[35]
protocol data unit (PDU)
Information that is delivered as a unit among peer entities of a network and that may contain control information, such as address information, or user data.[36]
same-layer interaction
Each layer communicates with its corresponding layer on the receiving node.[37]
segment
The OSI Transport layer protocol data unit.[38]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. The Open Systems Interconnection model (OSI Model) is _____.
    The Open Systems Interconnection model (OSI Model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard for the underlying internal structure and technology.
  2. The OSI model is a _____-layer model containing _____ layers.
    The OSI model is a seven-layer model containing Physical, Data Link, Network, Transport, Session, Presentation, and Application layers.
  3. The OSI model layers are numbered from the bottom up as:
    The OSI model layers are numbered from the bottom up as

    7 - Application
    6 - Presentation
    5 - Session
    4 - Transport
    3 - Network
    2 - Data Link
    1 - Physical

  4. The OSI model is maintained by _____.
    The OSI model is maintained by the International Organization for Standardization (ISO).
  5. The OSI Physical layer _____.
    The OSI Physical layer transmits and receives raw bit streams over a physical medium.
  6. The OSI Data Link layer _____.
    The OSI Data Link layer reliably transmits data frames between two nodes connected by a physical layer.
  7. The OSI Network layer _____.
    The OSI Network layer manages packet addressing, routing, and traffic control.
  8. The OSI Transport layer _____.
    The OSI Transport layer ensures reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing.
  9. The OSI Session layer _____.
    The OSI Session layer manages information exchange between two nodes, including authentication and authorization.
  10. The OSI Presentation layer _____.
    The OSI Presentation layer manages translation (formatting) of data, including character encoding, data compression, and encryption/decryption.
  11. The OSI Application layer _____.
    The OSI Application layer provides APIs (application programming interfaces) to support resource sharing, remote file access, directory services, virtual terminals, etc.
  12. The Internet protocol suite is _____.
    The Internet protocol suite is the set of communications protocols used for the Internet and similar networks.
  13. The Internet protocol suite is a _____-layer model containing _____ layers.
    The Internet protocol suite is a four-layer model containing Link, Internet, Transport, and Application layers.
  14. The Internet protocol suite is maintained by _____.
    The Internet protocol suite is maintained by the Internet Engineering Task Force (IETF).
  15. The Link layer _____.
    The Link layer contains communication technologies for a local network.
  16. The Internet layer _____.
    The Internet layer connects local networks, thus establishing internetworking.
  17. The Transport layer _____.
    The Transport layer handles host-to-host communication.
  18. The Application layer _____.
    The Application layer contains all protocols for specific data communications services on a process-to-process level.
  19. The Internet protocol suite protocols are _____ as in the OSI model.
    The Internet protocol suite protocols are deliberately not as rigidly designed into strict layers as in the OSI model.
  20. The Internet Link layer includes the OSI _____.
    The Internet Link layer includes the OSI Data Link and Physical layers, as well as parts of OSI's Network layer.
  21. The Internet internetworking layer (Internet layer) is a subset of the OSI _____ layer.
    The Internet internetworking layer (Internet layer) is a subset of the OSI Network layer.
  22. The Internet Transport layer includes the graceful close function of the OSI _____ layer as well as the OSI _____ layer.
    The Internet Transport layer includes the graceful close function of the OSI Session layer as well as the OSI Transport layer.
  23. The Internet Application layer includes the OSI _____.
    The Internet Application layer includes the OSI Application layer, Presentation layer, and most of the Session layer.
  24. Internet Link layer protocols include _____.
    Internet Link layer protocols include Ethernet, Wi-Fi, and PPP.
  25. Internet internetworking layer (Internet layer) protocols include _____.
    Internet internetworking layer (Internet layer) protocols include IP, ICMP and IGMP.
  26. Internet Transport layer protocols include _____.
    Internet Transport layer protocols include TCP and UDP.
  27. Internet Application layer protocols include _____.
    Internet Application layer protocols include HTTP and SMTP.

Assessments

edit

See Also

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.

Lesson 2 - Ethernet LANs

edit

This lesson covers Ethernet LANs.


Objectives and Skills

edit

Objectives and skills for the Ethernet LANs and Devices portion of Cisco CCENT certification include:[1]

  • Select the components required to meet a given network specification
  • Identify the appropriate media, cables, ports, and connectors to connect Cisco network devices to other network devices and hosts in a LAN
  • Determine the technology and media access control method for Ethernet networks

Readings

edit
  1. Wikipedia: Ethernet
  2. Wikipedia: Ethernet frame
  3. Wikipedia: Hierarchical internetworking model
  4. Cisco: Introduction to LAN Protocols
  5. Cisco: Ethernet Technologies

Multimedia

edit
  1. YouTube: Ethernet Standards - CompTIA Network+ N10-006 - 5.4
  2. YouTube: Collision Domains and Broadcast Domains - CompTIA Network+ N10-005: 1.4
  3. YouTube: Crossover and Straight Through Cables - CompTIA Network+ N10-005: 3.1
  4. YouTube: Media Distance and Speed Limitations - CompTIA Network+ N10-005: 3.1
  5. YouTube: MAC Address Formats - CompTIA Network+ N10-005: 1.3
  6. YouTube: Understanding Unicast, Multicast, and Broadcast - CompTIA Network+ N10-005: 1.3
  7. YouTube: Wireless Connections - CompTIA Network+ N10-006 - 2.7
  8. Cisco: Introduction to LAN Switches
  9. YouTube: Hubs, Switches, and Routers

Activities

edit
  1. Review TechRepublic: Five Free Apps for Diagramming Your Network. Examine your school, work, or home network and draw a network diagram that documents the network infrastructure. Include all networks, routers, switches, and access points in the building.
  2. For the network diagram above, identify the cable categories and data link technologies in use. Which links are copper, which are fiber, and which are wireless? Which categories of copper and which types of fiber are installed? Which protocols / bandwidth speeds are in use (100BASE-T, 1000BASE-T, 802.11a/b/g/n/ac, etc.)? Which links are half-duplex and which links are full duplex?
  3. Enhance the network diagram above by adding IP addresses and MAC addresses to all devices. How many collision domains are included? How many broadcast domains are included?

Lesson Summary

edit
  • Ethernet networking devices include repeaters and hubs, bridges and switches, access points, and routers.[2]
  • Repeaters and hubs function at the physical layer, forwarding bits to all connected devices.[3]
  • Bridges and switches function at the data link layer, forwarding frames only to one or multiple devices that need to receive it.[4]
  • Access points function at the data link layer, acting as a bridge between wired and wireless networks.[5]
  • Routers function at the network layer, forwarding packets between computer networks.[6]
  • An Ethernet frame is preceded by a preamble and start frame delimiter (SFD), which are both part of the Ethernet packet at the physical layer. Each Ethernet frame starts with an Ethernet header, which contains destination and source MAC addresses as its first two fields. The middle section of the frame is payload data including any headers for other protocols (for example, Internet Protocol) carried in the frame. The frame ends with a frame check sequence (FCS), which is a 32-bit cyclic redundancy check used to detect any in-transit corruption of data.[7]
  • A collision domain is a section of a network connected by a shared medium or through repeaters where data packets can collide with one another when being sent. A collision occurs when more than one device attempts to send a packet on a network segment at the same time.[8]
  • A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer, either within the same network segment or bridged to other network segments.[9]
  • Bridges and switches separate collision domains.[10]
  • Routers separate broadcast domains.[11]
  • Access layer devices connect end-workstations and servers, and may or may not provide layer 3 switching services.[12]
  • Distribution layer devices connect, route, and filter access layer devices.[13]
  • Core layer devices provide high-speed, highly-redundant forwarding services to move packets between distribution-layer devices in different regions of the network.[14]

Key Terms

edit
1000BASE-T
A term describing various technologies for transmitting Ethernet frames over category 5 or better twisted pair cables at a rate of one gigabit per second,[15]
100BASE-T
A term describing any of several Fast Ethernet standards for transmitting Ethernet frames over category 5 or better twisted pair cables at a rate of 100 Mbit/s.[16]
10BASE-T
A term describing technologies for transmitting Ethernet frames of category 3 or better twisted pair cables at a rate of 10 Mbit/s.[17]
bridge
A device that connects two network segments, typically by operating transparently and deciding on a packet-by-packet basis whether or not to forward from one network segment to the other.[18]
broadcast address
A logical address at which all devices connected to a multiple-access communications network are enabled to receive datagrams.[19]
category 3 cable
An unshielded twisted pair cable used in telephone wiring designed to reliably carry data up to 10 Mbit/s.[20]
category 5 cable
A twisted pair cable for carrying signals with performance of up to 100 MHz and is suitable for 10BASE-T, 100BASE-TX (Fast Ethernet), and 1000BASE-T (Gigabit Ethernet).[21]
category 6 cable
A cable standard provides performance of up to 250 MHz and is suitable for 10BASE-T, 100BASE-TX (Fast Ethernet), 1000BASE-T/1000BASE-TX (Gigabit Ethernet), and 10GBASE-T (10-Gigabit Ethernet).[22]
crossover cable
A type of Ethernet cable used to connect computing devices together directly, most often used to connect two devices of the same type, such as two computers or two switches to each other.[23]
carrier sense multiple access with collision detection (CSMA/CD)
A media access control method in which a transmitting data station detects other signals while transmitting a frame, and stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame.[24]
Ethernet
A family of computer networking technologies for local area networks (LANs) and metropolitan area networks (MANs) commercially introduced in 1980 and first standardized in 1983 as IEEE 802.3.[25]
Ethernet address
See MAC address.[26]
Fast Ethernet
See 100BASE-T.[27]
Frame Check Sequence
A 32-bit cyclic redundancy check used to detect any in-transit corruption of data.[28]
full-duplex
A system that allows communication in both directions simultaneously.[29]
Gigabit Ethernet
See 1000BASE-T.[30]
half-duplex
A system that provides communication in both directions, but only one direction at a time (not simultaneously).[31]
hub
A device used to connect multiple Ethernet devices together at the physical layer and make them act as a single network segment.[32]
Institute of Electrical and Electronics Engineers (IEEE)
The organization responsible for the standards defining the physical layer and data link layer's media access control (MAC) of wired Ethernet.[33]
media access control (MAC) address
A unique identifier assigned to network interfaces for communications on the physical network segment.[34]
multicast address
A logical identifier for a group of hosts in a computer network, that are available to process datagrams or frames intended to be sent to a group of destination hosts simultaneously.[35][36]
network interface card (NIC)
Also known as network interface controller, a computer hardware component that connects a computer to a computer network.[37]
organizationally unique identifier (OUI)
A 24-bit number that uniquely identifies a vendor, manufacturer, or other organization globally or worldwide, and used as the first three octets of a MAC address.[38]
RJ-11 (Registered Jack-11)
A 6 position 2, 4 or 6 contact modular connector typically used for phone cable connections[39]
RJ-45 (Registered Jack-45)
An 8 position 8 contact modular connector typically used for network cable connections.[40]
repeater
See hub.[41]
rollover cable
A type of null-modem cable that is often used to connect a computer terminal to a router's console port.[42]
router
A networking device that forwards data packets between computer networks.[43]
straight-through cable
A type of Ethernet cable used to connect devices of different types together, such as a computer to a network switch or hub.[44]
switch
A computer networking device that connects devices together on a computer network, by using packet switching to receive, process and forward data to one or multiple devices that need to receive it.[45]
unicast address
A unique address identifying a single network destination for a transmission.[46]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Ethernet networking devices include _____, _____, _____, and _____.
    Ethernet networking devices include repeaters and hubs, bridges and switches, access points, and routers.
  2. Repeaters and hubs function at the _____ layer, forwarding _____ to _____.
    Repeaters and hubs function at the physical layer, forwarding bits to all connected devices.
  3. Bridges and switches function at the _____ layer, forwarding _____ only to _____.
    Bridges and switches function at the data link layer, forwarding frames only to one or multiple devices that need to receive it.
  4. Access points function at the _____ layer, acting as a _____ between _____.
    Access points function at the data link layer, acting as a bridge between wired and wireless networks.
  5. Routers function at the _____ layer, forwarding _____ between _____.
    Routers function at the network layer, forwarding packets between computer networks.
  6. An Ethernet frame is preceded by _____, which are both part of the Ethernet packet at the _____ layer.
    An Ethernet frame is preceded by a preamble and start frame delimiter (SFD), which are both part of the Ethernet packet at the physical layer.
  7. Each Ethernet frame starts with _____, which contains _____ as its first two fields.
    Each Ethernet frame starts with an Ethernet header, which contains destination and source MAC addresses as its first two fields.
  8. The middle section of an Ethernet frame is _____ including _____.
    The middle section of an Ethernet frame is payload data including any headers for other protocols (for example, Internet Protocol) carried in the frame.
  9. The Ethernet frame ends with _____.
    The Ethernet frame ends with a frame check sequence (FCS), which is a 32-bit cyclic redundancy check used to detect any in-transit corruption of data.
  10. A collision domain is _____.
    A collision domain is a section of a network connected by a shared medium or through repeaters where data packets can collide with one another when being sent. A collision occurs when more than one device attempts to send a packet on a network segment at the same time.
  11. A broadcast domain is _____.
    A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer, either within the same network segment or bridged to other network segments.
  12. Bridges and switches separate _____ domains.
    Bridges and switches separate collision domains.
  13. Routers separate _____ domains.
    Routers separate broadcast domains.
  14. Access layer devices connect _____, and may or may not provide _____.
    Access layer devices connect end-workstations and servers, and may or may not provide layer 3 switching services.
  15. Distribution layer devices connect, route, and filter _____.
    Distribution layer devices connect, route, and filter access layer devices.
  16. Core layer devices provide high-speed, highly-redundant forwarding services to move packets between _____.
    Core layer devices provide high-speed, highly-redundant forwarding services to move packets between distribution-layer devices in different regions of the network.

Assessments

edit

See Also

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Wikipedia: Ethernet
  3. Wikipedia: Ethernet hub
  4. Wikipedia: Network switch
  5. Wikipedia: Wireless access point
  6. Wikipedia: Router (computing)
  7. Wikipedia: Ethernet frame
  8. Wikipedia: Collision domain
  9. Wikipedia: Broadcast domain
  10. Wikipedia: Collision domain
  11. Wikipedia: Broadcast domain
  12. Wikipedia: Hierarchical internetworking model
  13. Wikipedia: Hierarchical internetworking model
  14. Wikipedia: Hierarchical internetworking model
  15. Wikipedia: Gigabit Ethernet
  16. Wikipedia: Fast Ethernet
  17. Wikipedia: Ethernet over twisted pair
  18. Wikipedia: Bridging (networking)
  19. Wikipedia: Broadcast address
  20. Wikipedia: Category 3 cable
  21. Wikipedia: Category 5 cable
  22. Wikipedia: Category 6 cable
  23. Wikipedia: Ethernet crossover cable
  24. Wikipedia: Carrier sense multiple access with collision detection
  25. Wikipedia: Ethernet
  26. Wikipedia: Ethernet
  27. Wikipedia: Fast Ethernet
  28. Wikipedia: Ethernet frame
  29. Wikipedia: Duplex (telecommunications)
  30. Wikipedia: Gigabit Ethernet
  31. Wikipedia: Duplex (telecommunications)
  32. Wikipedia: Ethernet hub
  33. Wikipedia: IEEE 802.3
  34. Wikipedia: MAC address
  35. Wikipedia: Multicast address
  36. Wikipedia: Multicast
  37. Wikipedia: Network interface controller
  38. Wikipedia: Organizationally unique identifier
  39. Wikipedia: Registered jack
  40. Wikipedia: Registered jack
  41. Wikipedia: Ethernet hub
  42. Wikipedia: Rollover cable
  43. Wikipedia: Router (computing)
  44. Wikipedia: Ethernet crossover cable
  45. Wikipedia: Network switch
  46. Wikipedia: Unicast

Lesson 3 - IP Addressing

edit

This lesson covers IP addressing.


Objectives and Skills

edit

Objectives and skills for the IP addressing portion of Cisco CCENT certification include:[1]

  • Describe the operation and necessity of using private and public IP addresses for IPv4 addressing
  • Identify the appropriate IPv4 addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
  • Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment
  • Describe the technological requirements for running IPv6 in conjunction with IPv4
    • Dual stack
  • Describe IPv6 addresses
    • Global unicast
    • Multicast
    • Link local
    • Unique local
    • EUI 64
    • Auto-configuration

Readings

edit
  1. Wikipedia: IP address
  2. Wikipedia: Private network
  3. Wikipedia: Neighbor Discovery Protocol
  4. Cisco: Internet Protocols
  5. Wikipedia: IP multicast
  6. Cisco: IPv6

Multimedia

edit
  1. YouTube: Understanding IP Classes - CompTIA Network+ N10-005: 1.3
  2. YouTube: Classless Inter-Domain Routing - CompTIA Network+ N10-005: 1.3
  3. YouTube: An overview of IPv4 and IPv6 - CompTIA Network+ N10-005: 1.3
  4. YouTube: Understanding APIPA - CompTIA Network+ N10-005: 1.3
  5. Cisco: Understanding the TCP/IP Internet Layer
  6. Cisco: Introducing IPv6
  7. Cisco: Transitioning to IPv6

Activities

edit
  1. Research IPv4 address classes. Build a table of valid public and private IPv4 address ranges. Then search the Internet for 'verify valid ip address'. Create and test various addresses to see if they are valid or invalid. Does the validator you are using correctly identify public, private, multicast, and experimental address ranges?
  2. Search the Internet for 'what is my ip'. Identify your public IPv4 address and your public IPv6 address, if you have one. Visit ARIN.net:WhoisRWS or your local regional Internet registry and look up the address registration for your IP addresses. Then search the Internet for 'IPv6 test'. Use several websites to test your IPv6 Internet connection.
  3. Review Jacob Salmela: Earning IPv6 Certification from Hurricane Electric and the walkthroughs for Newbie and Explorer. Then visit Hurricane Electric: IPv6 Certifications. Register for free IPv6 certification testing and complete the Newbie and Explorer certifications.
  4. Play the Cisco Binary Game. Practice until you can consistently achieve a high score.

Lesson Summary

edit
  • An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.[2]
  • The IP address space is managed by the Internet Assigned Numbers Authority (IANA) and delegated to five regional Internet registries (RIRs).[3]
  • The regional Internet Registries are:[4]
    • African Network Information Center (AFRINIC) for Africa
    • American Registry for Internet Numbers (ARIN) for the United States, Canada, several parts of the Caribbean region, and Antarctica.
    • Asia-Pacific Network Information Centre (APNIC) for Asia, Australia, New Zealand, and neighboring countries
    • Latin America and Caribbean Network Information Centre (LACNIC) for Latin America and parts of the Caribbean region
    • Réseaux IP Européens Network Coordination Centre (RIPE NCC) for Europe, Russia, the Middle East, and Central Asia
  • An IP address serves two principal functions: host or network interface identification and location (network) addressing.[5]
  • In both IPv4 and IPv6 the high order (leftmost) bits represent the network address and the low order (rightmost) bits represent the host address.[6]
  • IPv4 addresses are 32-bit numbers, typically expressed in dotted-decimal notation such as 198.51.100.1.[7]
  • In IPv4 dotted-decimal notation, each of the four decimal numbers represents eight bits, with decimal values ranging from 0 to 255.[8]
  • IPv4 initially used classful addressing, with fixed network and host address sizes.[9]
  • Under class-based addressing, the first octet defined the network and host address sizes as:[10]
    • Class A (0 - 127) - 8 bits network, 24 bits host
    • Class B (128 - 191) - 16 bits network, 16 bits host
    • Class C (192 - 223) - 24 bits network, 8 bits host
    • Class D (224 - 239) - Multicast addresses (not used for host addressing)
    • Class E (240 - 255) - Experimental (reserved)
  • Class-based addressing was replaced with Classless Inter-Domain Routing (CIDR) using variable-length subnet masking (VLSM) in 1993.[11]
  • Variable-length subnet masks are defined using either dotted-decimal notation such as 255.255.255.0, or prefix notation, such as /24.[12]
  • Private IPv4 address ranges are defined in RFC 1918 as:[13]
    • 10.0.0.0/8
    • 172.16.0.0/12
    • 192.168.0.0/16
  • Private networks typically connect to the Internet through network address translation (NAT) or using some kind of proxy server.[14]
  • An IPv4 link-local address block is defined as 169.254.0.0/16.[15]
  • IPv4 Link-local addresses are used for automatic address assignment in the absence of a static or dynamic address.[16]
  • Microsoft refers to automatic address assignment as APIPA.[17]
  • IPv4 supports unicast, broadcast, and multicast addressing.[18]
  • IPv6 addresses are 128-bit numbers, typically expressed in hexadecimal notation such as 2001:db8:0:1234:0:567:8:1[19]
  • In IPv6 addresses, one or more consecutive groups of zero value may be replaced with a single empty group using two consecutive colons (::), such as 2001:db8::1234:0:567:8:1, ::1, or :: (zero).[20]
  • In IPv6 hexadecimal notation, each of the hexadecimal groups represents 16 bits, with hexadecimal values ranging from 0 to FFFF.[21]
  • Private IPv6 addresses, known as unique local addresses, may be defined using the prefix fc00::/7.[22]
  • IPv6 link-local addresses are automatically generated for all interfaces, regardless of static or dynamic address, using the prefix fe80::/10.[23]
  • IPv6 multicast addresses use the prefix ff00::/8.[24]
  • IPv6 supports unicast, multicast, and anycast addressing.[25]
  • IPv6 replaces broadcast addressing with multicast to the specially-defined all-nodes multicast address.[26]
  • IPv6 uses the Neighbor Discovery Protocol in place of ARP and defines five ICMPv6 packet types for the purpose of router solicitation, router advertisement, neighbor solicitation, neighbor advertisement, and network redirects.[27]
    • Router Solicitation (RS) - Used by hosts to locate routers on an attached link.
    • Router Advertisement (RA) - Used by routers to advertise their presence or in response to a Router Solicitation message.
    • Neighbor Solicitation (NS) - Used by hosts to determine the link layer address of a neighbor.
    • Neighbor Advertisement (NA) - Used by hosts to respond to a Neighbor Solicitation message.
    • Redirect - Used by routers to inform hosts of a better first hop router for a destination.
  • Mechanisms to transition from IPv4 to IPv6 include dual stack, tunneling, and translation.[28]

Key Terms

edit
all-nodes multicast address
The IPv6 multicast address ff02::1, used to address all nodes on the local network segment.[29]
all-routers multicast address
The IPv6 multicast address ff02::2, used to address all routers on the local network segment.[30]
anycast
A network addressing and routing methodology in which datagrams from a single sender are routed to nearest node in a group of potential receivers, all identified by the same destination address.[31]
ARP (Address Resolution Protocol)
A telecommunication protocol used for resolution of network layer addresses into link layer addresses.[32]
default router (default gateway)
The node that is assumed to know how to forward packets on to other networks.[33]
dual stack
IP implementations that provide both IPv4 and IPv6 protocol stacks in the same network node.[34]
Duplicate Address Detection (DAD)
A test for the uniqueness of an IP address using ARP (IPv4) or Neighbor Solicitation and Neighbor Advertisement (IPv6) messages.[35]
EUI-64
A MAC address used in IPv6, generated by translating MAC-48 or EUI-48 addresses into 64-bit values.[36]
IETF (Internet Engineering Task Force)
The organization that develops and promotes voluntary Internet standards.[37]
IPv4 address exhaustion
The depletion of the pool of unallocated Internet Protocol Version 4 (IPv4) addresses[38]
link-local
A network address that is valid only for communications within the network segment (link) or the broadcast domain that the host is connected to.[39]
solicited-node multicast address
An IPv6 multicast address created by combining the prefix ff02::1:ff00:0/104 with the last 24 bits of a unicast or anycast address, used by NDP for Neighbor Solicitation messages.[40]
subnet router anycast address
The lowest IPv6 address within each subnet prefix, used to contact the nearest router.[41]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. An Internet Protocol address (IP address) is a _____ assigned to _____.
    An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.
  2. The IP address space is managed by _____ and delegated to five _____.
    The IP address space is managed by the Internet Assigned Numbers Authority (IANA) and delegated to five regional Internet registries (RIRs).
  3. The regional Internet Registries are:
    The regional Internet Registries are:

    African Network Information Center (AFRINIC) for Africa
    American Registry for Internet Numbers (ARIN) for the United States, Canada, several parts of the Caribbean region, and Antarctica.
    Asia-Pacific Network Information Centre (APNIC) for Asia, Australia, New Zealand, and neighboring countries
    Latin America and Caribbean Network Information Centre (LACNIC) for Latin America and parts of the Caribbean region
    Réseaux IP Européens Network Coordination Centre (RIPE NCC) for Europe, Russia, the Middle East, and Central Asia

  4. An IP address serves two principal functions: _____ and _____.
    An IP address serves two principal functions: host or network interface identification and location (network) addressing.
  5. In both IPv4 and IPv6 the _____ bits represent the _____ address and the _____ bits represent the _____ address.
    In both IPv4 and IPv6 the high order (leftmost) bits represent the network address and the low order (rightmost) bits represent the host address.
  6. IPv4 addresses are _____-bit numbers, typically expressed in _____ notation such as _____.
    IPv4 addresses are 32-bit numbers, typically expressed in dotted-decimal notation such as 198.51.100.1.
  7. In IPv4 dotted-decimal notation, each of the _____ decimal numbers represents _____ bits, with decimal values ranging from _____ to _____.
    In IPv4 dotted-decimal notation, each of the four decimal numbers represents eight bits, with decimal values ranging from 0 to 255.
  8. IPv4 initially used classful addressing, with _____.
    IPv4 initially used classful addressing, with fixed network and host address sizes.
  9. Under class-based addressing, the first octet defined the network and host address sizes as:
    Under class-based addressing, the first octet defined the network and host address sizes as:

    Class A (0 - 127) - 8 bits network, 24 bits host
    Class B (128 - 191) - 16 bits network, 16 bits host
    Class C (192 - 223) - 24 bits network, 8 bits host
    Class D (224 - 239) - Multicast addresses (not used for host addressing)
    Class E (240 - 255) - Experimental (reserved)

  10. Class-based addressing was replaced with _____ using _____ in 1993.
    Class-based addressing was replaced with Classless Inter-Domain Routing (CIDR) using variable-length subnet masking (VLSM) in 1993.
  11. Variable-length subnet masks are defined using either _____, or _____.
    Variable-length subnet masks are defined using either dotted-decimal notation such as 255.255.255.0, or prefix notation, such as /24.
  12. Private IPv4 address ranges are defined in RFC 1918 as:
    Private IPv4 address ranges are defined in RFC 1918 as:

    10.0.0.0/8
    172.16.0.0/12
    192.168.0.0/16

  13. Private networks typically connect to the Internet through _____.
    Private networks typically connect to the Internet through network address translation (NAT).
  14. The IPv4 link-local address block is defined as _____.
    The IPv4 link-local address block is defined as 169.254.0.0/16.
  15. IPv4 Link-local addresses are used for _____.
    IPv4 Link-local addresses are used for automatic address assignment in the absence of a static or dynamic address.
  16. Microsoft refers to automatic address assignment as _____.
    Microsoft refers to automatic address assignment as APIPA.
  17. IPv4 supports _____, _____, and _____ addressing.
    IPv4 supports unicast, broadcast, and multicast addressing.
  18. IPv6 addresses are _____-bit numbers, typically expressed in _____ notation such as _____.
    IPv6 addresses are 128-bit numbers, typically expressed in hexadecimal notation such as 2001:db8:0:1234:0:567:8:1.
  19. In IPv6 addresses, one or more consecutive groups of zero value may be replaced with _____.
    In IPv6 addresses, one or more consecutive groups of zero value may be replaced with a single empty group using two consecutive colons (::), such as 2001:db8::1234:0:567:8:1, ::1, or :: (zero).
  20. In IPv6 hexadecimal notation, each of the hexadecimal groups represents _____, with hexadecimal values ranging from _____ to _____.
    In IPv6 hexadecimal notation, each of the hexadecimal groups represents 16 bits, with hexadecimal values ranging from 0 to FFFF.
  21. Private IPv6 addresses, known as unique local addresses, may be defined using the prefix _____.
    Private IPv6 addresses, known as unique local addresses, may be defined using the prefix fc00::/7.
  22. IPv6 link-local addresses are automatically generated for all interfaces, regardless of static or dynamic address, using the prefix _____.
    IPv6 link-local addresses are automatically generated for all interfaces, regardless of static or dynamic address, using the prefix fe80::/10.
  23. IPv6 multicast addresses use the prefix _____.
    IPv6 multicast addresses use the prefix ff00::/8.
  24. IPv6 supports _____, _____, and _____ addressing.
    IPv6 supports unicast, multicast, and anycast addressing.
  25. IPv6 replaces broadcast addressing with _____.
    IPv6 replaces broadcast addressing with multicast to the specially-defined all-nodes multicast address.
  26. IPv6 uses _____ in place of ARP and defines five ICMPv6 packet types for the purpose of _____.
    IPv6 uses the Neighbor Discovery Protocol in place of ARP and defines five ICMPv6 packet types for the purpose of router solicitation, router advertisement, neighbor solicitation, neighbor advertisement, and network redirects.

    Router Solicitation (RS) - Used by hosts to locate routers on an attached link.
    Router Advertisement (RA) - Used by routers to advertise their presence or in response to a Router Solicitation message.
    Neighbor Solicitation (NS) - Used by hosts to determine the link layer address of a neighbor.
    Neighbor Advertisement (NA) - Used by hosts to respond to a Neighbor Solicitation message.
    Redirect - Used by routers to inform hosts of a better first hop router for a destination.

  27. Mechanisms to transition from IPv4 to IPv6 include _____, _____, and _____.
    Mechanisms to transition from IPv4 to IPv6 include dual stack, tunneling, and translation.

Assessments

edit

See Also

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.

Lesson 4 - Subnetting

edit

This lesson covers subnetting.


Objectives and Skills

edit

Objectives and skills for the subnetting portion of Cisco CCENT certification include:[1]

  • Identify the appropriate IPv4 addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment

Readings

edit
  1. Wikipedia: Subnetwork
  2. Wikipedia: IPv4 subnetting reference
  3. Wikipedia: Classless Inter-Domain Routing
  4. Wikipedia: Supernetwork
  5. Cisco: IP Addressing and Subnetting for New Users

Multimedia

edit
  1. YouTube: Binary Math - CompTIA Network+ N10-005: 1.3
  2. YouTube: Subnetting - CompTIA Network+ N10-005: 1.3
  3. YouTube: Subnetting, Cisco CCNA, Binary Numbers - Part 1
  4. YouTube: Subnetting, Cisco CCNA, Binary Numbers - Part 2
  5. YouTube: Subnetting, Cisco CCNA, Binary Numbers - Part 3
  6. YouTube: Subnetting, Cisco CCNA, Binary Numbers - Part 4
  7. YouTube: Subnetting Cisco CCNA - Part 1 The Magic Number
  8. YouTube: Subnetting Cisco CCNA - Part 2 The Magic Number
  9. YouTube: Subnetting Cisco CCNA - Part 3 The Magic Number
  10. YouTube: Subnetting Cisco CCNA - Part 4 The Magic Number
  11. YouTube: Subnetting Cisco CCNA - Part 5 The Magic Number
  12. YouTube: Subnetting Cisco CCNA - Part 6 The Magic Number

Activities

edit
  1. Review 3com: Understanding IP Addressing: Everything You Ever Wanted To Know. Complete all exercises in Appendix B (page 57).
  2. Review EasySubnetting.com subnetting resources and complete multiple subnetting exercises.
  3. Generate practice subnetting questions using the TunnelsUp: Subnet Calculator.
  4. Play the Cisco: Subnet Troubleshooting Game and practice until you can consistently achieve a high score.
  5. Play the Subnetting.net Subnetting Game and practice until you can consistently achieve a high score.
  6. Play the Insite: Cisco Subnet Slingshot Game and practice until you can consistently achieve a high score.
  7. Review Subnet Ninja: Subnetting How To Guide and verify your answers with the Subnet Calculator
  8. Check your Subnets and Masks Online with this Subnetting Calculator and verify that your subnet masks and CIDR is correct.

Lesson Summary

edit
  • A subnetwork, or subnet, is a logical, visible subdivision of an IP network.[2]
  • The practice of dividing a network into two or more networks is called subnetting.[3]
  • An IP address has two fields, a network prefix and a host identifier.[4]
  • The network prefix is identified using CIDR notation.[5]
  • In IPv4, the network prefix may also be identified using a 32-bit subnet mask in dotted-decimal notation.[6]
  • A network is divided into two or more subnetworks by dividing the host identifier field into separate subnet number and host identifier fields.[7]
  • All hosts on a subnetwork have the same network prefix.[8]
  • Traffic between subnets is exchanged through a router.[9]
  • The first address on any given IPv4 network or subnet is reserved for the network itself.[10]
  • The last address on any given IPv4 network or subnet is reserved for broadcast.[11]
  • The separation of the network prefix/subnet number from the host identifier is performed by a bitwise AND operation between the IP address and the (sub)network mask.[12]
  • The number of subnetworks created by subnetting can be calculated as 2n, where n is the number of bits used for subnetting.[13]
  • The number of available hosts on each subnet can be calculated as 2n-2, where n is the number of bits available for the host identifier.[14]
  • Traditionally, the first network, known as subnet zero, and the last network, known as the all-ones subnet, were not used on production networks. This practice was declared obsolete by RFC 1878 in 1995.[15]
  • The goal of Classless Inter-Domain Routing was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses.[16]
  • Classless Inter-Domain Routing is based on variable-length subnet masking (VLSM), which allows a network to be divided into variously sized subnets, providing the opportunity to size a network more appropriately for local needs.[17]
  • The benefits of supernetting are conservation of address space and efficiencies gained in routers in terms of memory storage of route information and processing overhead when matching routes.[18]

Key Terms

edit
binary mask
Data that is used for bitwise operations to set multiple bits either on, off or inverted in a single bitwise operation.[19]
bitwise AND
A binary operation that takes two representations of equal length and performs the logical AND operation on each pair of corresponding bits. The result in each position is 1 if the first bit is 1 and the second bit is 1; otherwise, the result is 0.[20]
broadcast address
A logical address at which all devices connected to a multiple-access communications network are enabled to receive datagrams. In IPv4 networks, the broadcast address is the all-ones address, the last address on the network subnet.[21]
network address
The address of a network or subnetwork. In IPv4 networks. the network address is the all-zeros address, the first address on the network subnet.[22]
prefix mask
A subnet mask specified in CIDR notation.[23]
provider-independent address space
A block of IP addresses assigned by a regional Internet registry (RIR) directly to an end-user organization.[24]
routing table
A data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics (distances) associated with those routes.[25]
subnet
A logical, visible subdivision of an IP network.[26]
subnet address
A logically visible subdivision of an IP network.[27]
subnet mask
A bitmask that encodes the (sub)network prefix length in dotted-decimal notation, starting with a number of 1 bits equal to the prefix length, ending with 0 bits, and encoded in four-part dotted-decimal format.[28]
subnetting
The practice of dividing a network into two or more networks.[29]
supernet
An Internet Protocol (IP) network that is formed from the combination of two or more networks (or subnets) with a common Classless Inter-Domain Routing (CIDR) prefix.[30]
variable-length subnet masks (VLSM)
Used to divide a network into variously sized subnets, as opposed to fixed-length subnet masks used in classful addressing.[31]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. A subnetwork, or subnet, is _____.
    A subnetwork, or subnet, is a logical, visible subdivision of an IP network.
  2. The practice of dividing a network into two or more networks is called _____.
    The practice of dividing a network into two or more networks is called subnetting.
  3. An IP address has two fields, _____ and _____.
    An IP address has two fields, a network prefix and a host identifier.
  4. The network prefix is identified using _____.
    The network prefix is identified using CIDR notation.
  5. In IPv4, the network prefix may also be identified using _____.
    In IPv4, the network prefix may also be identified using a 32-bit subnet mask in dotted-decimal notation.
  6. A network is divided into two or more subnetworks by _____.
    A network is divided into two or more subnetworks by dividing the host identifier field into separate subnet number and host identifier fields.
  7. All hosts on a subnetwork have _____.
    All hosts on a subnetwork have the same network prefix.
  8. Traffic between subnets is exchanged _____.
    Traffic between subnets is exchanged through a router.
  9. The first address on any given IPv4 network or subnet is _____.
    The first address on any given IPv4 network or subnet is reserved for the network itself.
  10. The last address on any given IPv4 network or subnet is _____.
    The last address on any given IPv4 network or subnet is reserved for broadcast.
  11. The separation of the network prefix/subnet number from the host identifier is performed by _____.
    The separation of the network prefix/subnet number from the host identifier is performed by a bitwise AND operation between the IP address and the (sub)network mask.
  12. The number of subnetworks created by subnetting can be calculated as _____.
    The number of subnetworks created by subnetting can be calculated as 2n, where n is the number of bits used for subnetting.
  13. The number of available hosts on each subnet can be calculated as _____.
    The number of available hosts on each subnet can be calculated as 2n-2, where n is the number of bits available for the host identifier.
  14. Traditionally, the first network, known as _____, and the last network, known as _____, were not used on production networks. This practice was _____.
    Traditionally, the first network, known as subnet zero, and the last network, known as the all-ones subnet, were not used on production networks. This practice was declared obsolete by RFC 1878 in 1995.
  15. The goal of Classless Inter-Domain Routing was to _____.
    The goal of Classless Inter-Domain Routing was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses.
  16. Classless Inter-Domain Routing is based on _____.
    Classless Inter-Domain Routing is based on variable-length subnet masking (VLSM), which allows a network to be divided into variously sized subnets, providing the opportunity to size a network more appropriately for local needs.
  17. The benefits of supernetting are _____.
    The benefits of supernetting are conservation of address space and efficiencies gained in routers in terms of memory storage of route information and processing overhead when matching routes.

Assessments

edit

See Also

edit

References

edit
  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.

Lesson 5 - Lab Setup

edit

This lesson covers lab setup using GNS3.


Objectives and Skills

edit

Objectives and skills for for Cisco CCENT certification are covered in detail in other lessons. This lesson helps you:

  • Set up a lab environment to practice hands-on activities with Cisco routing and switching using GNS3.

Readings

edit
  1. Wikipedia: Graphical Network Simulator-3
  2. SourceForge: GNS3 Tutorial

Multimedia

edit
  1. YouTube: GNS3 Tutorial - Installing, configuring, then tweaking GNS3 on Windows 7
  2. YouTube: How to Set Up GNS3

Activities

edit
  1. Review SourceForge: GNS3 Tutorial. Download and install GNS3 on your system.
  2. Review GNS3: Cisco IOS Images, GNS3: Adding IOS Images, and GNS3: Hardware Emulated by GNS3. Add one or more Cisco router IOS images to Dynamips/GNS3. Be sure to include an image from the 2600, 3600, or 3700 series that supports a Network Module slot to allow for both routing and switching configurations.
    1. Add a router image.
    2. Add the router image again as an EtherSwitch router.
  3. Test GNS3 router support.
     
    1. Add a router to a new GNS3 project.
    2. Start the device.
    3. View the console to confirm that it started correctly.
    4. Show the running configuration using the following command.
      show running-config
  4. Test GNS3 virtual PC support.
     
    1. Add a router to a new GNS3 project or use the project created above.
    2. Add a VPCS PC to the project.
    3. Add a link to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0.
    4. Start the devices.
    5. Open the console for PC1. Set the IP address for PC1 using the following command.
      ip 192.168.1.11 255.255.255.0 192.168.1.1
    6. Open the console for R1. Set the IP address for R1 using the following commands.
      enable
      configure terminal
      interface fastethernet0/0
      ip address 192.168.1.1 255.255.255.0
      no shutdown
      exit
      exit
    7. Open the console for PC1. Ping R1 using the following command.
      ping 192.168.1.1
  5. Test GNS3 EtherSwitch router support.
     
    1. Add an EtherSwitch router to a new GNS3 project.
    2. Add two VPCS PCs to the project.
    3. Add links to connect the following.
      • PC1 Ethernet0 <-> ESW1 FastEthernet1/1.
      • PC2 Ethernet0 <-> ESW1 FastEthernet1/2.
    4. Start the devices.
    5. Open the console for PC1. Set the IP address for PC1 using the following command.
      ip 192.168.1.11 255.255.255.0 192.168.1.1
    6. Open the console for PC2. Set the IP address for PC2 using the following command.
      ip 192.168.1.12 255.255.255.0 192.168.1.1
    7. Using the console for PC1, ping PC2 using the following command.
      ping 192.168.1.12
    8. Using the console for PC2, ping PC1 using the following command.
      ping 192.168.1.11
    9. If the pings are not successful, try replacing the EtherSwitch router with an Ethernet hub or switch and repeat the tests.

Lesson Summary

edit
  • GNS3 is a graphical network simulator supporting a variety of products from vendors including Alcatel-Lucent, Arista, Cisco, Extreme Networks, Fortigate, Juniper, Microtik, and Vyatta.[1]
  • GNS3 is available for Windows, Linux, and macOS platforms.[2]
  • The standard GNS3 Windows installation package includes WinPcap, Wireshark, Dynamips, QEMU, and VPCS Virtual PC Simulator.[3]
  • WinPcap provides a packet-capture and filtering engine for Windows systems.[4]
  • Libpcap provides a packet-capturing and filtering engine for Unix-like systems.[5]
  • Wireshark is a free and open-source packet analyzer.[6]
  • Dynamips is an emulator computer program that was created to emulate Cisco routers.[7]
  • QEMU (Quick Emulator) is a free and open-source hosted hypervisor that performs hardware virtualization, and is used by GNS3 to run Cisco ASA, PIX and IDS, as well as conventional operating systems.[8][9]
  • VPCS provides a simulated command-line interface for hosts connected to routers in a GNS3 / Dynamips network.[10]
  • The GNS3 installation package does not include Cisco IOS images. IOS images must be loaded separately after GNS3 is installed.
  • GNS3 cannot run Cisco switch IOS images, but does support EtherSwitch network modules to provide switching configurations on supported routers.[11]
  • GNS3 support for EtherSwitch network modules includes Cisco routers from the 2600, 3600, and 3700 series.[12]
  • The GNS3 user interface includes windows for node types, network topology, topology summary, and the Dynagen console for Dynamips.[13]
  • Each IOS image must be loaded into GNS3 and configured with an Idle PC value before it can be used in a network topology.[14]
  • After adding devices to a network topology, the devices must be started in order to access the device console.[15]
  • Consoles are accessed through terminal emulation, Telnet, or SSH connections.[16]
  • Network topologies may be saved and opened using the GNS3 File menu.[17]

Key Terms

edit
ping
A computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer and back.[18]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. GNS3 is a graphical network simulator supporting a variety of products from vendors including _____.
    GNS3 is a graphical network simulator supporting a variety of products from vendors including Alcatel-Lucent, Arista, Cisco, Extreme Networks, Fortigate, Juniper, Microtik, and Vyatta.
  2. GNS3 is available for _____ platforms.
    GNS3 is available for Windows, Linux, and macOS platforms.
  3. The standard GNS3 Windows installation package includes _____.
    The standard GNS3 Windows installation package includes WinPcap, Wireshark, Dynamips, QEMU, and VPCS Virtual PC Simulator.
  4. WinPcap provides _____.
    WinPcap provides a packet-capture and filtering engine for Windows systems.
  5. Libpcap provides _____.
    Libpcap provides a packet-capturing and filtering engine for Unix-like systems.
  6. Wireshark is _____.
    Wireshark is a free and open-source packet analyzer.
  7. Dynamips is _____.
    Dynamips is an emulator computer program that was created to emulate Cisco routers.
  8. QEMU (Quick Emulator) is _____.
    QEMU (Quick Emulator) is a free and open-source hosted hypervisor that performs hardware virtualization, and is used by GNS3 to run Cisco ASA, PIX and IDS, as well as conventional operating systems.
  9. VPCS provides _____.
    VPCS provides a simulated command-line interface for hosts connected to routers in a GNS3 / Dynamips network.
  10. The GNS3 installation package does not include _____.
    The GNS3 installation package does not include Cisco IOS images. IOS images must be loaded separately after GNS3 is installed.
  11. GNS3 cannot run _____, but does support _____.
    GNS3 cannot run Cisco switch IOS images, but does support EtherSwitch network modules to provide switching configurations on supported routers.
  12. GNS3 support for EtherSwitch network modules includes Cisco routers from the _____ series.
    GNS3 support for EtherSwitch network modules includes Cisco routers from the 2600, 3600, and 3700 series.
  13. The GNS3 user interface includes windows for _____.
    The GNS3 user interface includes windows for node types, network topology, topology summary, and the Dynagen console for Dynamips.
  14. Each IOS image must be loaded into GNS3 and configured with _____ before it can be used in a network topology.
    Each IOS image must be loaded into GNS3 and configured with an Idle PC value before it can be used in a network topology.
  15. After adding devices to a network topology, the devices must be _____.
    After adding devices to a network topology, the devices must be started in order to access the device console.
  16. Consoles are accessed through _____.
    Consoles are accessed through terminal emulation, Telnet, or SSH connections.
  17. Network topologies may be saved and opened using _____.
    Network topologies may be saved and opened using the GNS3 File menu.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.

Lesson 6 - IOS Basics

edit

This lesson covers basic router and switch configuration using IOS commands.


Objectives and Skills

edit

Objectives and skills for the IOS basics portion of Cisco CCENT certification include:[1]

  • Configure and verify utilizing the CLI to set basic Router configuration
    • Hostname
    • banner
    • motd
    • Local user & password
    • Enable secret password
    • Console logins
    • exec-timeout
    • service password encryption
    • copy run start

Readings

edit
  1. Wikipedia: Cisco IOS
  2. Cisco: IOS and Configuration Basics
  3. Cisco: Using the Command-Line Interface in Cisco IOS Software
  4. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Multimedia

edit
  1. YouTube: Cisco IOS CLI for Beginners - Part 1
  2. YouTube: Cisco IOS CLI for Beginners - Part 2
  3. YouTube: Cisco IOS CLI for Beginners - Part 3
  4. YouTube: Cisco IOS CLI for Beginners - Part 4
  5. YouTube: Cisco Router IOS - Command Line basics

Examples

edit

Global Configuration

edit

enable

edit

To enter privileged EXEC mode, or any other security level set by a system administrator, use the enable EXEC command.[2]

enable

disable

edit

To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, enter the disable EXEC command.[3]

disable

configure terminal

edit

To enter global configuration mode, use the configure terminal command in privileged EXEC mode.[4]

configure terminal

exit

edit

To exit any configuration mode to the next highest mode in the CLI mode hierarchy, use the exit command in any configuration mode. To close an active terminal session by logging off the router, use the exit command in EXEC mode.[5][6]

exit

hostname

edit

To specify or modify the hostname for the network server, use the hostname command in global configuration mode.[7]

hostname <name>

ip domain-name

edit

To configure the domain name server (DNS) domain name, use the ip domain-name command in global configuration mode.[8]

ip domain-name <domain-name>
edit

To define and enable a customized banner to be displayed before the username and password login prompts, use the banner login global configuration command.[9]

banner login #<message>#
edit

To define and enable a message-of-the-day (MOTD) banner, use the banner motd global configuration command.[10]

banner motd #<message>#

Command Sequence

edit

A global configuration command sequence to enable privileged EXEC mode, enter global configuration mode, specify a hostname and banner messages, exit global configuration mode, disable privileged EXEC mode, and log off the router is:

enable
configure terminal
hostname router
ip domain-name example.com
banner login #Authorized users only!#
banner motd #System maintenance will occur on Friday!#
exit
disable
exit

Password Configuration

edit

line

edit

To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[11]

line console 0

password

edit

To specify a password on a line, use the password command in line configuration mode.[12]

password <password>

login

edit

To enable password checking at login, use the login command in line configuration mode.[13]

login

username

edit

To establish a username-based authentication system, use the username command in global configuration mode.[14]

username <name> password <password>

login local

edit

To enable username and password checking at login, use the login local command in line configuration mode.[15]

login local

exec-timeout

edit

To set the interval that the EXEC command interpreter waits until user input is detected, use the exec-timeout line configuration command.[16]

exec-timeout <minutes>

enable password

edit

To set a local clear-text password to control access to various privilege levels, use the enable password command in global configuration mode.[17]

enable password <password>

enable secret

edit

To specify an additional layer of security over the enable password command, use the enable secret command in global configuration mode.[18]

enable secret <password>

service password-encryption

edit

To encrypt passwords, use the service password-encryption command in global configuration mode.[19]

service password-encryption

Command Sequence

edit

A command sequence to configure passwords might be similar to the following.

enable
configure terminal

line console 0
password letmein
login
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

A command sequence to configure usernames and passwords might be similar to the following.

enable
configure terminal

username admin1 password secret1
username admin2 password secret2

line console 0
login local
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

Configuration Management

edit

show running-config

edit

To display the contents of the current running configuration file or the configuration for a specific module, Layer 2 VLAN, class map, interface, map class, policy map, or virtual circuit (VC) class, use the show running-config command in privileged EXEC mode.[20]

show running-config
show run

show startup-config

edit

The show startup-config command displays the startup configuration file contained in NVRAM or specified by the CONFIG_FILE environment variable.[21]

show startup-config
show start

copy

edit

To copy any file from a source to a destination, use the copy command in privileged EXEC or diagnostic mode.[22]

copy <source> <destination>
copy running-config startup-config
copy run start

erase

edit

To erase a file system or all files available on a file system, use the erase command in privileged EXEC or diagnostic mode.[23]

erase {/all nvram: | file-system: | startup-config}
erase startup-config

reload

edit

To reload the operating system, use the reload command in privileged EXEC or diagnostic mode.[24]

reload

Command Sequence

edit

A command sequence to manage device configuration might be similar to the following.

enable
show run
copy run start
show start
reload

Activities

edit
  1. Connect to a Cisco router and practice using IOS commands.
     
    1. Review TechRepublic: 10 Commands You Should Master When Working with the Cisco IOS.
    2. Add a router to a new GNS3 project and start the device.
    3. Open the console for the router and practice using the following commands.
      • ?
      • show running-config
      • show interface
      • show ip interface
      • show ip interface brief
      • show ip route
      • show version
  2. Configure a router hostname, banner login, and banner motd messages.
     
    1. Add a router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • hostname
      • banner login
      • banner motd
      • exit
    3. Exit the router console session and open the console again to test the configuration.
  3. Configure router console password security.
     
    1. Add a router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • line console 0
      • password
      • login
      • exec-timeout
      • enable secret
      • service password-encryption
      • exit
    3. Verify the configuration using the following command.
      • show running-config
    4. Exit the router console session and open the console again to test the configuration.
  4. Configure router console username and password security.
     
    1. Add a router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • username
      • line console 0
      • login local
      • exec-timeout
      • enable secret
      • service password-encryption
      • exit
    3. Verify the configuration using the following command.
      • show running-config
    4. Exit the router console session and open the console again to test the configuration.
  5. Manage router configuration.
     
    1. Use one or more of the router configurations above and manage the configuration using the following commands.
      • enable
      • show running-config
      • copy running-config startup-config
      • show startup-config
      • reload
    2. After restarting the router, verify the configuration using the following command.
      • show running-config
    3. Clear the router configuration using the following commands.
      • erase startup-config
      • reload
    4. After restarting the router, verify the configuration using the following command.
      • show running-config

Lesson Summary

edit
  • Cisco IOS (originally Internetwork Operating System) is software used on most Cisco Systems routers and network switches.[25]
  • IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system.[26]
  • Cisco IOS command modes determine the commands and privilege level of the current user.[27]
  • User EXEC mode allows connection to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information. User EXEC mode is indicated by a Router> prompt.[28]
  • Privileged EXEC mode allows all EXEC commands available on the system. Privileged EXEC mode is indicated by a Router# prompt.[29]
  • Global Configuration mode commands allow configuration of the system as a whole, and access to specific configuration modes and submodes. Global Configuration mode is indicated by a Router(config)# prompt.[30]
  • ROM Monitor mode is used for system diagnostics or when a valid system image is not found. ROM Monitor mode is indicated by a rommon1> prompt.[31]
  • Setup mode is an interactive sequence that allows first-time configuration of devices.[32]
  • More than 100 detail configuration modes and submodes are available for different interfaces and protocols.[33]
  • Almost every configuration command also has a no form used to disable the feature or function.[34]
  • Context-sensitive help is available by entering ? in any command mode.[35]
  • To enter privileged EXEC mode, or any other security level set by a system administrator, use the enable EXEC command.[36]
  • To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, enter the disable EXEC command.[37]
  • To enter global configuration mode, use the configure terminal command in privileged EXEC mode.[38]
  • To exit any configuration mode to the next highest mode in the CLI mode hierarchy, use the exit command in any configuration mode.[39]
  • To close an active terminal session by logging off the router, use the exit command in EXEC mode.[40]
  • To specify or modify the hostname for the network server, use the hostname command in global configuration mode.[41]
  • To configure the domain name server (DNS) domain name, use the ip domain-name command in global configuration mode.[42]
  • To define and enable a customized banner to be displayed before the username and password login prompts, use the banner login global configuration command.[43]
  • To define and enable a message-of-the-day (MOTD) banner, use the banner motd global configuration command.[44]
  • To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[45]
  • To specify a password on a line, use the password command in line configuration mode.[46]
  • To enable password checking at login, use the login command in line configuration mode.[47]
  • To establish a username-based authentication system, use the username command in global configuration mode.[48]
  • To enable username and password checking at login, use the login local command in line configuration mode.[49]
  • To set the interval that the EXEC command interpreter waits until user input is detected, use the exec-timeout line configuration command.[50]
  • To set a local clear-text password to control access to various privilege levels, use the enable password command in global configuration mode.[51]
  • To specify an additional layer of security over the enable password command, use the enable secret command in global configuration mode.[52]
  • To encrypt passwords, use the service password-encryption command in global configuration mode.[53]
  • To display the contents of the current running configuration file or the configuration for a specific module, Layer 2 VLAN, class map, interface, map class, policy map, or virtual circuit (VC) class, use the show running-config command in privileged EXEC mode.[54]
  • The show startup-config command displays the startup configuration file contained in NVRAM or specified by the CONFIG_FILE environment variable.[55]
  • To copy any file from a source to a destination, use the copy command in privileged EXEC or diagnostic mode.[56]
  • To erase a file system or all files available on a file system, use the erase command in privileged EXEC or diagnostic mode.[57]
  • To reload the operating system, use the reload command in privileged EXEC or diagnostic mode.[58]

Key Terms

edit
command-line interface (CLI)
A means of interacting with a computer program where the user issues commands to the program in the form of successive lines of text.[59]
configuration mode
Allows commands that apply to the system as a whole, accessed using the configure command.[60]
console
The text entry and display interface for system administration messages.[61]
enable mode
Privileged EXEC mode, accessed using the enable command.[62]
host name
A label assigned to a device connected to a computer network and used to identify the device in various forms of electronic communication.[63]
IOS image
A Cisco system software file used to run Cisco routers and switches.[64]
local username
Usernames and passwords stored on the local device using the login local and username commands.[65]
running config file
The current system configuration, stored in RAM.[66]
startup config file
The current system boot configuration, stored in NVRAM.[67]
user mode
User EXEC mode, accessed by logging into a device.[68]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Cisco IOS (originally _____) is _____.
    Cisco IOS (originally Internetwork Operating System) is software used on most Cisco Systems routers and network switches.
  2. IOS is _____.
    IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system.
  3. Cisco IOS command modes _____.
    Cisco IOS command modes determine the commands and privilege level of the current user.
  4. User EXEC mode _____.
    User EXEC mode allows connection to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information.
  5. User EXEC mode is indicated by _____.
    User EXEC mode is indicated by a Router> prompt.
  6. Privileged EXEC mode _____.
    Privileged EXEC mode allows all EXEC commands available on the system.
  7. Privileged EXEC mode is indicated by _____.
    Privileged EXEC mode is indicated by a Router# prompt.
  8. Global Configuration mode commands _____.
    Global Configuration mode commands allow configuration of the system as a whole, and access to specific configuration modes and submodes.
  9. Global Configuration mode is indicated by _____.
    Global Configuration mode is indicated by a Router(config)# prompt.
  10. ROM Monitor mode is used for _____.
    ROM Monitor mode is used for system diagnostics or when a valid system image is not found.
  11. ROM Monitor mode is indicated by _____.
    ROM Monitor mode is indicated by a rommon1> prompt.
  12. Setup mode is _____.
    Setup mode is an interactive sequence that allows first-time configuration of devices.
  13. More than 100 detail configuration modes and submodes are available for _____.
    More than 100 detail configuration modes and submodes are available for different interfaces and protocols.
  14. Almost every configuration command also has _____ used to disable the feature or function.
    Almost every configuration command also has a no form used to disable the feature or function.
  15. Context-sensitive help is available by _____.
    Context-sensitive help is available by entering ? in any command mode.
  16. To enter privileged EXEC mode, or any other security level set by a system administrator, use _____.
    To enter privileged EXEC mode, or any other security level set by a system administrator, use the enable EXEC command.
  17. To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, use _____.
    To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, use the disable EXEC command.
  18. To enter global configuration mode, use _____.
    To enter global configuration mode, use the configure terminal command in privileged EXEC mode.
  19. To exit any configuration mode to the next highest mode in the CLI mode hierarchy, use _____.
    To exit any configuration mode to the next highest mode in the CLI mode hierarchy, use the exit command in any configuration mode.
  20. To close an active terminal session by logging off the router, use _____.
    To close an active terminal session by logging off the router, use the exit command in EXEC mode.
  21. To specify or modify the hostname for the network server, use _____.
    To specify or modify the hostname for the network server, use the hostname command in global configuration mode.
  22. To configure the domain name server (DNS) domain name, use _____.
    To configure the domain name server (DNS) domain name, use the ip domain-name command in global configuration mode.
  23. To define and enable a customized banner to be displayed before the username and password login prompts, use _____.
    To define and enable a customized banner to be displayed before the username and password login prompts, use the banner login global configuration command.
  24. To define and enable a message-of-the-day (MOTD) banner, use _____.
    To define and enable a message-of-the-day (MOTD) banner, use the banner motd global configuration command.
  25. To identify a specific line for configuration and enter line configuration collection mode, use _____.
    To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.
  26. To specify a password on a line, use _____.
    To specify a password on a line, use the password command in line configuration mode.
  27. To enable password checking at login, use _____.
    To enable password checking at login, use the login command in line configuration mode.
  28. To establish a username-based authentication system, use _____.
    To establish a username-based authentication system, use the username command in global configuration mode.
  29. To enable username and password checking at login, use _____.
    To enable username and password checking at login, use the login local command in line configuration mode.
  30. To set the interval that the EXEC command interpreter waits until user input is detected, use _____.
    To set the interval that the EXEC command interpreter waits until user input is detected, use the exec-timeout line configuration command.
  31. To set a local clear-text password to control access to various privilege levels, use _____.
    To set a local clear-text password to control access to various privilege levels, use the enable password command in global configuration mode.
  32. To specify an additional layer of security over the enable password command, use _____.
    To specify an additional layer of security over the enable password command, use the enable secret command in global configuration mode.
  33. To encrypt passwords, use _____.
    To encrypt passwords, use the service password-encryption command in global configuration mode.
  34. To display the contents of the current running configuration file or the configuration for a specific module, Layer 2 VLAN, class map, interface, map class, policy map, or virtual circuit (VC) class, use _____.
    To display the contents of the current running configuration file or the configuration for a specific module, Layer 2 VLAN, class map, interface, map class, policy map, or virtual circuit (VC) class, use the show running-config command in privileged EXEC mode.
  35. The show startup-config command _____.
    The show startup-config command displays the startup configuration file contained in NVRAM or specified by the CONFIG_FILE environment variable.
  36. To copy any file from a source to a destination, use _____.
    To copy any file from a source to a destination, use the copy command in privileged EXEC or diagnostic mode.
  37. To erase a file system or all files available on a file system, use _____.
    To erase a file system or all files available on a file system, use the erase command in privileged EXEC or diagnostic mode.
  38. To reload the operating system, use _____.
    To reload the operating system, use the reload command in privileged EXEC or diagnostic mode.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: Basic Command-Line Interface Commands
  3. Cisco: Basic Command-Line Interface Commands
  4. Cisco: IOS Configuration Fundamentals Command Reference
  5. Cisco: IOS Configuration Fundamentals Command Reference
  6. Cisco: IOS Configuration Fundamentals Command Reference
  7. Cisco: IOS Configuration Fundamentals Command Reference
  8. Cisco: Unity Express 2.0 Command Reference
  9. Cisco: IOS Configuration Fundamentals Command Reference
  10. Cisco: IOS Configuration Fundamentals Command Reference
  11. Cisco: Cisco IOS Terminal Services Command Reference
  12. Cisco: Passwords and Privileges
  13. Cisco IOS Terminal Services Command Reference
  14. Cisco: Passwords and Privileges Commands
  15. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  16. Cisco: IOS Configuration Fundamentals Command Reference
  17. Cisco: Passwords and Privileges Commands
  18. Cisco: Passwords and Privileges Commands
  19. Cisco: Passwords and Privileges Commands
  20. Cisco: IOS Configuration Fundamentals Command Reference
  21. Cisco: IOS Configuration Fundamentals Command Reference
  22. Cisco: IOS Configuration Fundamentals Command Reference
  23. Cisco: IOS Configuration Fundamentals Command Reference
  24. Cisco: IOS Configuration Fundamentals Command Reference
  25. Wikipedia: Cisco IOS
  26. Wikipedia: Cisco IOS
  27. Wikipedia: Cisco IOS
  28. Cisco: IOS Command Modes
  29. Cisco: IOS Command Modes
  30. Cisco: IOS Command Modes
  31. Cisco: IOS Command Modes
  32. Cisco: IOS Command Modes
  33. Cisco: IOS Command Modes
  34. Cisco: IOS and Configuration Basics
  35. Cisco: IOS and Configuration Basics
  36. Cisco: Basic Command-Line Interface Commands
  37. Cisco: Basic Command-Line Interface Commands
  38. Cisco: IOS Configuration Fundamentals Command Reference
  39. Cisco: IOS Configuration Fundamentals Command Reference
  40. Cisco: IOS Configuration Fundamentals Command Reference
  41. Cisco: IOS Configuration Fundamentals Command Reference
  42. Cisco: Unity Express 2.0 Command Reference
  43. Cisco: IOS Configuration Fundamentals Command Reference
  44. Cisco: IOS Configuration Fundamentals Command Reference
  45. Cisco: Cisco IOS Terminal Services Command Reference
  46. Cisco: Passwords and Privileges
  47. Cisco IOS Terminal Services Command Reference
  48. Cisco: Passwords and Privileges Commands
  49. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  50. Cisco: IOS Configuration Fundamentals Command Reference
  51. Cisco: Passwords and Privileges Commands
  52. Cisco: Passwords and Privileges Commands
  53. Cisco: Passwords and Privileges Commands
  54. Cisco: IOS Configuration Fundamentals Command Reference
  55. Cisco: IOS Configuration Fundamentals Command Reference
  56. Cisco: IOS Configuration Fundamentals Command Reference
  57. Cisco: IOS Configuration Fundamentals Command Reference
  58. Cisco: IOS Configuration Fundamentals Command Reference
  59. Wikipedia: Command-line interface
  60. Cisco: IOS Command Reference
  61. Wikipedia: System console
  62. Cisco: IOS Command Reference
  63. Wikipedia: Hostname
  64. Wikipedia: Cisco IOS
  65. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  66. Cisco: IOS and Configuration Basics
  67. Cisco: IOS and Configuration Basics
  68. Cisco: IOS and Configuration Basics

Lesson 7 - Network Services

edit

This lesson covers network services, including DHCP, DNS, NTP, and NAT.


Objectives and Skills

edit

Objectives and skills for the network services portion of Cisco CCENT certification include:[1]

  • Configure and verify DHCP (IOS router)
    • Configuring router interfaces to use DHCP
    • DHCP options (Basic overview and functionality)
    • Excluded addresses
    • Lease time
  • Configure and verify NTP as a client
  • Identify the basic operation of NAT
    • Purpose
    • Pool
    • Static
    • 1 to 1
    • Overloading
    • Source addressing
    • One-way NAT
  • Configure and verify NAT for given network requirements

Readings

edit
  1. Wikipedia: Dynamic Host Configuration Protocol
  2. Wikipedia: DHCPv6
  3. Wikipedia: Domain Name System
  4. Wikipedia: Network Time Protocol
  5. Wikipedia: Network address translation
  6. Cisco: Configuring the Cisco IOS DHCP Client
  7. Cisco: Configuring DNS on Cisco Routers
  8. Cisco: Configuring Network Address Translation
  9. Networking Signal: DHCP Dora Process

Multimedia

edit
  1. YouTube: DHCP Addressing Overview - CompTIA Network+ N10-005: 2.3
  2. YouTube: An Overview of DNS - CompTIA Network+ N10-005: 1.7
  3. YouTube: Configuring a DHCP Server on a Cisco Router
  4. YouTube: Configuring NAT (PAT) on Cisco Routers
  5. Cisco: Internet Connections with NAT and PAT
  6. YouTube: GNS3 Tutorial - Connecting GNS3 Routers to the Internet in Windows 7

Examples

edit

DHCP Client Configuration

edit

ip address dhcp

edit

To assign a dynamic IP address to an interface, use the ip address dhcp command.[2]

ip address dhcp

release dhcp

edit

To release a dynamic IP address, use the release dhcp command.[3]

release dhcp <interface>

renew dhcp

edit

To renew a dynamic IP address, use the renew dhcp command.[4]

renew dhcp <interface>

Command Sequence

edit

A command sequence to assign a dynamic ip address would be similar to the following.

enable
configure terminal
interface fastethernet0/1
ip address dhcp
no shutdown
exit
exit

show ip interface brief

exit

A command sequence to release and renew a dynamic ip address would be similar to the following.

enable
release dhcp fastethernet0/1
show ip interface brief

renew dhcp fastethernet0/1
show ip interface brief

exit

DNS Configuration

edit

ip domain lookup

edit

To enable IP Domain Name System (DNS)-based hostname-to-address translation, use the ip domain lookup command in global configuration mode.[5]

ip domain lookup

ip name-server

edit

To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use the ip name-server command in global configuration mode.[6]

ip name-server <ip address> [<ip address>] [<ip address>] [<ip address>] [<ip address>] [<ip address>]

ip dns server

edit

To enable the Domain Name System (DNS) server on a router, use the ip dns server command in global configuration mode.[7]

ip dns server

Command Sequence

edit

A command sequence to configure the DNS service and verify DNS host name lookup would be similar to the following.

enable
configure terminal
ip domain lookup
ip name-server 8.8.8.8 8.8.4.4
ip dns server
exit

ping en.wikiversity.org
exit

DHCP Server Configuration

edit

ip dhcp excluded-address

edit

To specify the IP addresses that the DHCP Server should not assign to clients, use the ip dhcp excluded-address command in global configuration mode.[8]

ip dhcp excluded-address <start> <end>

ip dhcp pool

edit

To configure the DHCP address pool name and enter DHCP pool configuration mode, use the ip dhcp pool command in global configuration mode.[9]

ip dhcp pool <name>

network

edit

To configure a subnet and mask for the newly created DHCP address pool, use the network command in DHCP pool configuration mode.[10]

network <network> [<mask> | </prefix>]

default-router

edit

To specify a default router for a DHCP client, use the default-router command in DHCP pool configuration mode.[11]

default-router <address> [<address2>] ... [<address8>]

domain-name

edit

To configure a domain name string for the client, use the domain-name command in DHCP pool configuration mode.[12]

domain-name <domain>

dns-server

edit

To configure the DNS IP servers that are available to a DHCP client, use the dns-server command in DHCP pool configuration mode.[13]

dns-server <address> [<address2>] ... [<address8>]

lease

edit

By default, each IP address assigned by a DHCP Server comes with a one-day lease. To change the lease value, use the lease command in DHCP pool configuration mode. [14]

lease [<days> [<hours>] [<minutes>] | infinite]

show ip dhcp

edit

To display DHCP Server information, use the following commands in EXEC mode, as needed:

show ip dhcp pool <name>
show ip dhcp binding
show ip dhcp server statistics

Command Sequence

edit

A command sequence to configure a DHCP server would be similar to the following.

enable
configure terminal
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool local
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name example.com
dns-server 192.168.1.1
lease 1
exit
exit

show ip dhcp pool local
show ip dhcp binding
show ip dhcp server statistics
exit

NTP Configuration

edit

show clock

edit

To display the time and date from the system software clock, use the show clock EXEC command.[15]

show clock

ntp server

edit

To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode.[16]

ntp server <ip address> | <hostname>

show ntp associations

edit

To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.[17]

show ntp associations

Command Sequence

edit

A command sequence to configure and verify an NTP server would be similar to the following.

enable
show clock

configure terminal
ip domain lookup
ntp server us.pool.ntp.org
exit

show clock
show ntp associations
exit

NAT Configuration

edit

ip nat

edit

To designate that traffic originating from or destined for the interface is subject to Network Address Translation ( NAT), use the ip nat command in interface configuration mode.[18]

ip nat <inside | outside>
ip nat inside
ip nat outside

ip nat inside source

edit

To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode.[19]

Static NAT
ip nat inside source static <local-ip> <global-ip>
ip nat inside source static 192.168.1.11 10.11.22.33

Port Static NAT
ip nat inside source static <tcp | udp> <local-ip> <local-port> <global-ip> <global-port>
ip nat inside source static tcp 192.168.1.11 80 172.16.11.1 80

Dynamic NAT
ip nat inside source list <access-list-number> interface <interface> [overload]
ip nat inside source list 1 interface FastEthernet0/1 overload

Dynamic NAT Pool
ip nat inside source list <access-list-number> pool <name>
ip nat inside source list 1 pool global

ip nat pool

edit

To define a pool of IP addresses for Network Address Translation (NAT) translations, use the ip nat pool command in global configuration mode.[20]

ip nat pool <name> <start-ip> <end-ip> netmask <netmask>
ip nat pool <name> <start-ip> <end-ip> prefix-length <prefix-length>
ip nat pool global 10.11.22.33 10.11.22.38 netmask 255.255.255.248
ip nat pool global 10.11.22.33 10.11.22.38 prefix-length 29

access list

edit

To define a standard IP access list, use the standard version of the access-list command in global configuration mode.[21]

access-list <access-list-number> <deny | permit> <source> <source-wildcard>
access-list 1 permit 192.168.1.0 0.0.0.255

Command Sequence

edit

A command sequence to configure dynamic NAT/PAT would be similar to the following.

enable
configure terminal

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
exit

interface FastEthernet0/1
ip address dhcp
ip nat outside
exit

ip nat inside source list 1 interface FastEthernet0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
exit

show running-config
exit

Activities

edit
  1. Configure dynamic client addressing.
     
    1. Add a cloud and a router to a new GNS3 project and start the devices.
    2. Configure the cloud and add a Generic Ethernet NIO interface matching your host computer's Ethernet interface.
    3. Add a link to connect the following.
      • R1 FastEthernet0/1 <-> Cloud1 Ethernet connection
    4. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip address dhcp
      • no shutdown
      • exit
    5. Verify the configuration using the following commands.
      • show ip interface brief
      • show ip default-gateway
  2. Configure host name resolution.
     
    1. Use the router from above and practice using the following commands.
      • enable
      • configure terminal
      • ip domain lookup
      • ip name-server
      • ip dns server
      • exit
    2. Verify the configuration using the following command.
      • ping en.wikiversity.org.
  3. Configure an NTP server.
     
    1. Use the router from above and practice using the following commands.
      • enable
      • show clock
      • configure terminal
      • ntp server
      • exit
    2. Verify the configuration using the following commands.
      • show ntp associations.
      • show clock.
  4. Configure a router as a DHCP server.
     
    1. Use the router from above and practice using the following commands.
      • enable
      • configure terminal
      • ip dhcp excluded-address
      • ip dhcp pool local
      • network
      • default-router
      • domain-name
      • dns-server
      • lease
      • exit
    2. Verify the configuration using the following commands.
      • show ip dhcp pool local
      • show ip dhcp binding
      • show ip dhcp server statistics
    3. Test the configuration by adding a VCPS PC to the project.
    4. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> PC1 Ethernet0
    5. Open the console for PC1. Set the IP address for PC1 using the following commands.
      • ip dhcp
      • ping
  5. Configure a router to provide NAT/PAT.
     
    1. Use the router and PC from above and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip nat
      • access-list
      • ip nat inside source
      • exit
    2. Verify the configuration using the following commands.
      • show running-config
    3. Open the console for PC1 and test the configuration using the following command.
      • ping 8.8.8.8

Lesson Summary

edit
  • Dynamic Host Configuration Protocol is used by hosts to request Internet Protocol parameters from a network server.[22]
  • DHCPv4 operations fall into four basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgement. These points are often abbreviated as DORA (Discovery, Offer, Request, Acknowledgement).[23]
  • DHCPv4 options provided to clients include subnet mask, router (default gateway), domain name server, domain name, lease time, renewal time (T1), rebinding time (T2), and others.[24]
  • Network links without a DHCP server can use DHCP relay agents to receive messages from DHCP clients and forward them to DHCP servers. DHCP servers send responses back to the relay agent, and the relay agent then sends these responses to the DHCP client on the local network link.[25]
  • DHCPv6 operations are similar to DHCPv4, but are described as Solicit, Advertise, Request, and Reply.[26] Renewals are processed with Renew and Reply.[27]
  • Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.[28]
  • DNS distributes the responsibility of assigning domain names and mapping those names to IP addresses. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains.[29]
  • Caching DNS servers cache DNS queries and perform recursive queries to improve efficiency, reduce DNS traffic across the Internet, and increase performance in end-user applications.[30]
  • Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.[31]
  • NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC).[32]
  • Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.[33]
  • To assign a dynamic IP address to an interface, use the ip address dhcp command.[34]
  • To release a dynamic IP address, use the release dhcp command.[35]
  • To renew a dynamic IP address, use the renew dhcp command.[36]
  • To enable IP Domain Name System (DNS)-based hostname-to-address translation, use the ip domain lookup command in global configuration mode.[37]
  • To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use the ip name-server command in global configuration mode.[38]
  • To enable the Domain Name System (DNS) server on a router, use the ip dns server command in global configuration mode.[39]
  • To specify the IP addresses that the DHCP Server should not assign to clients, use the ip dhcp excluded-address command in global configuration mode.[40]
  • To configure the DHCP address pool name and enter DHCP pool configuration mode, use the ip dhcp pool command in global configuration mode.[41]
  • To configure a subnet and mask for the newly created DHCP address pool, use the network command in DHCP pool configuration mode.[42]
  • To specify a default router for a DHCP client, use the default-router command in DHCP pool configuration mode.[43]
  • To configure a domain name string for the client, use the domain-name command in DHCP pool configuration mode.[44]
  • To configure the DNS IP servers that are available to a DHCP client, use the dns-server command in DHCP pool configuration mode.[45]
  • To change the default DHCP lease value, use the lease command in DHCP pool configuration mode.[46]
  • To display DHCP Server information, use the commands show ip dhcp pool <name>, show ip dhcp binding, and show ip dhcp server statistics in EXEC mode, as needed.
  • To display the time and date from the system software clock, use the show clock EXEC command.[47]
  • To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode.[48]
  • To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.[49]
  • To designate that traffic originating from or destined for the interface is subject to Network Address Translation ( NAT), use the ip nat command in interface configuration mode.[50]
  • To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode.[51]
  • To define a pool of IP addresses for Network Address Translation (NAT) translations, use the ip nat pool command in global configuration mode.[52]
  • To define a standard IP access list, use the standard version of the access-list command in global configuration mode.[53]

Key Terms

edit
inside global
A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.[54]
inside local
The IP address assigned to a host on the inside network.[55]
NAT overload
Allows NAT to translate multiple inside devices to a single address in the pool.[56]
outside global
The IP address assigned to a host on the outside network by the host owner.[57]
outside local
The IP address of an outside host as it appears to the inside network.[58]
PAT
Address translation using only one or a few external addresses to support multiple internal addresses. Also see NAT overload.[59]
stateful DHCPv6
Enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes.[60]
stateless DHCPv6
Uses stateless autoconfiguration (SLAAC) to assign one or more IPv6 addresses to an interface, while it utilizes DHCPv6 to receive additional parameters which may not be available through SLAAC.[61]
Stateless Address Autoconfiguration (SLAAC)
A method by which a node automatically creates a link-local address with the prefix fe80::/64 on each IPv6-enabled interface, even if globally routable addresses are manually configured or obtained through configuration protocols.[62]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Dynamic Host Configuration Protocol is used by hosts to _____.
    Dynamic Host Configuration Protocol is used by hosts to request Internet Protocol parameters from a network server.
  2. DHCPv4 operations fall into four basic phases: _____. These points are often abbreviated as _____.
    DHCPv4 operations fall into four basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgement. These points are often abbreviated as DORA (Discovery, Offer, Request, Acknowledgement).
  3. DHCPv4 options provided to clients include _____.
    DHCPv4 options provided to clients include subnet mask, router (default gateway), domain name server, domain name, lease time, renewal time (T1), rebinding time (T2), and others.
  4. Network links without a DHCP server can use _____ to receive messages from DHCP clients and forward them to DHCP servers.
    Network links without a DHCP server can use DHCP relay agents to receive messages from DHCP clients and forward them to DHCP servers. DHCP servers send responses back to the relay agent, and the relay agent then sends these responses to the DHCP client on the local network link.
  5. DHCPv6 operations are similar to DHCPv4, but are described as _____.
    DHCPv6 operations are similar to DHCPv4, but are described as Solicit, Advertise, Request, and Reply.[26] Renewals are processed with Renew and Reply.
  6. Domain Name System (DNS) is _____.
    Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.
  7. DNS distributes _____. Authoritative name servers are _____.
    DNS distributes the responsibility of assigning domain names and mapping those names to IP addresses. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains.
  8. Caching DNS servers _____.
    Caching DNS servers cache DNS queries and perform recursive queries to improve efficiency, reduce DNS traffic across the Internet, and increase performance in end-user applications.
  9. Network Time Protocol (NTP) is _____.
    Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.
  10. NTP is intended to synchronize all participating computers to _____.
    NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC).
  11. Network address translation (NAT) is _____.
    Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
  12. To assign a dynamic IP address to an interface, use _____.
    To assign a dynamic IP address to an interface, use the ip address dhcp command.
  13. To release a dynamic IP address, use _____.
    To release a dynamic IP address, use the release dhcp command.
  14. To renew a dynamic IP address, use _____.
    To renew a dynamic IP address, use the renew dhcp command.
  15. To enable IP Domain Name System (DNS)-based hostname-to-address translation, use _____.
    To enable IP Domain Name System (DNS)-based hostname-to-address translation, use the ip domain lookup command in global configuration mode.
  16. To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use _____.
    To specify one or more hosts (up to six) that can function as a name server to supply name information for the DNS, use the ip name-server command in global configuration mode.
  17. To enable the Domain Name System (DNS) server on a router, use _____.
    To enable the Domain Name System (DNS) server on a router, use the ip dns server command in global configuration mode.
  18. To specify the IP addresses that the DHCP Server should not assign to clients, use _____.
    To specify the IP addresses that the DHCP Server should not assign to clients, use the ip dhcp excluded-address command in global configuration mode.
  19. To configure the DHCP address pool name and enter DHCP pool configuration mode, use _____.
    To configure the DHCP address pool name and enter DHCP pool configuration mode, use the ip dhcp pool command in global configuration mode.
  20. To configure a subnet and mask for the newly created DHCP address pool, use _____.
    To configure a subnet and mask for the newly created DHCP address pool, use the network command in DHCP pool configuration mode.
  21. To specify a default router for a DHCP client, use _____.
    To specify a default router for a DHCP client, use the default-router command in DHCP pool configuration mode.
  22. To configure a domain name string for the client, use _____.
    To configure a domain name string for the client, use the domain-name command in DHCP pool configuration mode.
  23. To configure the DNS IP servers that are available to a DHCP client, use _____.
    To configure the DNS IP servers that are available to a DHCP client, use the dns-server command in DHCP pool configuration mode.
  24. To change the default DHCP lease value, use _____.
    To change the default DHCP lease value, use the lease command in DHCP pool configuration mode.
  25. To display DHCP Server information, use the commands _____, _____, and _____ in EXEC mode, as needed.
    To display DHCP Server information, use the commands show ip dhcp pool <name>, show ip dhcp binding, and show ip dhcp server statistics in EXEC mode, as needed.
  26. To display the time and date from the system software clock, use _____.
    To display the time and date from the system software clock, use the show clock EXEC command.
  27. To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use _____.
    To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode.
  28. To show the status of Network Time Protocol (NTP) associations, use _____.
    To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.
  29. To designate that traffic originating from or destined for the interface is subject to Network Address Translation ( NAT), use _____.
    To designate that traffic originating from or destined for the interface is subject to Network Address Translation ( NAT), use the ip nat command in interface configuration mode.
  30. To enable Network Address Translation (NAT) of the inside source address, use _____.
    To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode.
  31. To define a pool of IP addresses for Network Address Translation (NAT) translations, use _____.
    To define a pool of IP addresses for Network Address Translation (NAT) translations, use the ip nat pool command in global configuration mode.
  32. To define a standard IP access list, use _____.
    To define a standard IP access list, use the standard version of the access-list command in global configuration mode.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: Configuring the Cisco IOS DHCP Client
  3. Cisco: Configuring the Cisco IOS DHCP Client
  4. Cisco: Configuring the Cisco IOS DHCP Client
  5. Cisco: IOS IP Addressing Services Command Reference
  6. Cisco: IOS IP Configuration Guide
  7. Cisco: IOS Network Management Command Reference
  8. Cisco: Configuring DHCP
  9. Cisco: Configuring DHCP
  10. Cisco: Configuring DHCP
  11. Cisco: Configuring DHCP
  12. Cisco: Configuring DHCP
  13. Cisco: Configuring DHCP
  14. Cisco: Configuring DHCP
  15. Cisco: IOS Configuration Fundamentals Command Reference
  16. Cisco: IOS Configuration Fundamentals Command Reference
  17. Cisco: IOS Configuration Fundamentals Command Reference
  18. Cisco: IOS IP Addressing Services Command Reference
  19. Cisco: IOS IP Addressing Services Command Reference
  20. Cisco: IOS IP Addressing Services Command Reference
  21. Cisco: IOS IP Command Reference
  22. Wikipedia: Dynamic Host Configuration Protocol
  23. Wikipedia: Dynamic Host Configuration Protocol
  24. Wikipedia: Dynamic Host Configuration Protocol
  25. Wikipedia: Dynamic Host Configuration Protocol
  26. Wikipedia: DHCPv6
  27. RFC 3315
  28. Wikipedia: Domain Name System
  29. Wikipedia: Domain Name System
  30. Wikipedia: Domain Name System#Recursive and caching name server
  31. Wikipedia: Network Time Protocol
  32. Wikipedia: Network Time Protocol
  33. Wikipedia: Network address translation
  34. Cisco: Configuring the Cisco IOS DHCP Client
  35. Cisco: Configuring the Cisco IOS DHCP Client
  36. Cisco: Configuring the Cisco IOS DHCP Client
  37. Cisco: IOS IP Addressing Services Command Reference
  38. Cisco: IOS IP Configuration Guide
  39. Cisco: IOS Network Management Command Reference
  40. Cisco: Configuring DHCP
  41. Cisco: Configuring DHCP
  42. Cisco: Configuring DHCP
  43. Cisco: Configuring DHCP
  44. Cisco: Configuring DHCP
  45. Cisco: Configuring DHCP
  46. Cisco: Configuring DHCP
  47. Cisco: IOS Configuration Fundamentals Command Reference
  48. Cisco: IOS Configuration Fundamentals Command Reference
  49. Cisco: IOS Configuration Fundamentals Command Reference
  50. Cisco: IOS IP Addressing Services Command Reference
  51. Cisco: IOS IP Addressing Services Command Reference
  52. Cisco: IOS IP Addressing Services Command Reference
  53. Cisco: IOS IP Command Reference
  54. Cisco: NAT Local and Global Definitions
  55. Cisco: NAT Local and Global Definitions
  56. Cisco: Configuring Network Address Translation
  57. Cisco: NAT Local and Global Definitions
  58. Cisco: NAT Local and Global Definitions
  59. Cisco: IOS Network Address Translation Overivew
  60. Cisco DHCPv6 Based IPv6 Access Services
  61. Cisco DHCPv6 Based IPv6 Access Services
  62. Wikipedia: IPv6 address#Stateless address autoconfiguration

Lesson 8 - Static Routing

edit

This lesson covers static routing.


Objectives and Skills

edit

Objectives and skills for the routing portion of Cisco CCENT certification include:[1]

  • Describe basic routing concepts
    • Packet forwarding
    • Router lookup process
    • Process Switching/Fast Switching/CEF
  • Configure and verify operation status of an Ethernet interface
  • Verify router configuration and network connectivity using
    • ping
      • Extended ping
    • traceroute
    • telnet
    • SSH
    • Show cdp neighbors
  • Configure and verify routing configuration for a static or default route given specific routing requirements

Readings

edit
  1. Wikipedia: Routing
  2. Wikipedia: Static routing
  3. Cisco: Routing Basics

Multimedia

edit
  1. YouTube: Next Hop - CompTIA Network+ N10-005: 1.4
  2. YouTube: Routing Tables - CompTIA Network+ N10-005: 1.4
  3. YouTube: Configuring Routing Tables - CompTIA Network+ N10-005: 2.1
  4. Cisco: Introduction to IP Routing

Examples

edit

Static Routing Configuration

edit

show ip route

edit

To display the current state of the routing table, use the show ip route command in user EXEC or privileged EXEC mode.[2]

show ip route [ip-address]
show ip route

show arp

edit

To display the entries in the Address Resolution Protocol (ARP) table, use the show arp command in user EXEC or privileged EXEC mode.[3]

show arp

ip route

edit

To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.[4]

ip route prefix mask <ip-address | interface-type interface-number> [permanent]
ip route 192.168.3.0 255.255.255.0 192.168.2.2

trace / traceroute

edit

To discover the routes that packets will actually take when traveling to their destination, use the trace / traceroute privileged EXEC command.[5]

trace <destination>
trace 8.8.8.8
traceroute 8.8.8.8

show cdp neighbors

edit

To display detailed information about neighboring devices discovered using Cisco Discovery Protocol (CDP), use the show cdp neighbors privileged EXEC command.[6]

show cdp neighbors
show cdp neighbors detail

Command Sequence

edit

A command sequence to configure static routing might be similar to the following. Routing must typically be configured on source, intermediate, and destination network routers for responses to be received.

enable
configure terminal

ip route 192.168.3.0 255.255.255.0 192.168.2.2
exit

show ip route
ping 192.168.3.1
trace 192.168.3.1

exit

Activities

edit
  1. Complete the Cisco Basic IP Routing Concepts training tutorial.
  2. Observe and test connected routes.
     
    1. Add one router and two VPCS PCs to a new GNS3 project.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • PC2 Ethernet0 <-> R1 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0: 192.168.2.11 255.255.255.0 192.168.2.1
    5. Display the routing table using the following command.
      • show ip route
    6. Test the configuration using the following commands from the router and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
  3. Configure and test static routes.
     
    1. Add two routers and two VPCS PCs to a new GNS3 project.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • PC2 Ethernet0 <-> R2 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0: 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0: 192.168.3.11 255.255.255.0 192.168.3.1
    5. Display the routing tables using the following command.
      • show ip route
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. Only the connected routes should be successful.
      • ping
      • trace
    7. Add static routes using the following commands.
      • R1: ip route 192.168.3.0 255.255.255.0 192.168.2.2
      • R2: ip route 192.168.1.0 255.255.255.0 192.168.2.1
    8. Display the routing tables using the following command.
      • show ip route
    9. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
  4. Configure and test default routes.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • R2 FastEthernet0/1 <-> R3 FastEthernet0/0
      • PC2 Ethernet0 <-> R3 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0: 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
      • R3 FastEthernet0/0: 192.168.3.2 255.255.255.0
      • R3 FastEthernet0/1: 192.168.4.1 255.255.255.0
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0: 192.168.4.11 255.255.255.0 192.168.4.1
    5. Display the routing tables using the following command.
      • show ip route
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. Only the connected routes should be successful.
      • ping
      • trace
    7. Add static routes using the following commands.
      • R2: ip route 192.168.1.0 255.255.255.0 192.168.2.1
      • R2: ip route 192.168.4.0 255.255.255.0 192.168.3.2
    8. Add default routes using the following commands.
      • R1: ip route 0.0.0.0 0.0.0.0 192.168.2.2
      • R3: ip route 0.0.0.0 0.0.0.0 192.168.3.1
    9. Display the routing tables using the following command.
      • show ip route
    10. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
  5. Verify router configuration and network connectivity.
    1. Use one or more of the router configurations from above and practice using the following commands.
      • show running-config
      • show cdp neighbors
      • show ip route
      • ping and extended ping
      • trace or traceroute
      • telnet
      • ssh

Lesson Summary

edit
  • Routing is the process of selecting paths in a network along which to send network traffic.[7]
  • Static routing involves manual updating of routing tables with fixed paths to destination networks.[8]
  • Static routing uses include:[9]
    • Defining an exit point from a router when no other routes are available or necessary.
    • Small networks that require only one or two routes.
    • To provide a failsafe backup in the event that a dynamic route is unavailable.
    • To help transfer routing information from one routing protocol to another.
  • Static routing disadvantages include:[10]
    • Potential for human error
    • Lack of fault tolerance
    • Default prioritization over dynamic routing
    • Administrative overhead
  • To display the current state of the routing table, use the show ip route command in user EXEC or privileged EXEC mode.[11]
  • To display the entries in the Address Resolution Protocol (ARP) table, use the show arp command in user EXEC or privileged EXEC mode.[12]
  • To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.[13]
  • To discover the routes that packets will actually take when traveling to their destination, use the trace / traceroute privileged EXEC command.[14]
  • To display detailed information about neighboring devices discovered using Cisco Discovery Protocol (CDP), use the show cdp neighbors privileged EXEC command.[15]

Key Terms

edit
ARP table
A table of IP and hardware addresses resolved using the Address Resolution Protocol.[16]
Cisco Express Forwarding (CEF)
An advanced layer 3 switching technology used mainly in large core networks or the Internet to enhance the overall network performance.[17]
Internet Control Message Protocol (ICMP)
Used by network devices to send error messages on an IP network.[18]
Layer 3 switch
A device capable of both routing and switching operations using dedicated application-specific integrated circuit (ASIC) hardware.[19]
next-hop router
The next router in the path between source and destination.[20]
outgoing interface
The local network interface used to connect to a next-hop router.[21]
routing table
A data table stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics (distances) associated with those routes.[22]
static route
A manually-configured routing entry.[23]
summary route
A route containing the highest-order bits that match all addresses for a given collection of destination networks.[24]
traceroute
A computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.[25]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Routing is _____.
    Routing is the process of selecting paths in a network along which to send network traffic.
  2. Static routing involves _____.
    Static routing involves manual updating of routing tables with fixed paths to destination networks.
  3. Static routing uses include:
    Defining an exit point from a router when no other routes are available or necessary.

    Small networks that require only one or two routes.
    To provide a failsafe backup in the event that a dynamic route is unavailable.
    To help transfer routing information from one routing protocol to another.

  4. Static routing disadvantages include:
    Potential for human error

    Lack of fault tolerance
    Default prioritization over dynamic routing
    Administrative overhead

  5. To display the current state of the routing table, use the _____ command in user EXEC or privileged EXEC mode.
    To display the current state of the routing table, use the show ip route command in user EXEC or privileged EXEC mode.
  6. To display the entries in the Address Resolution Protocol (ARP) table, use the _____ command in user EXEC or privileged EXEC mode.
    To display the entries in the Address Resolution Protocol (ARP) table, use the show arp command in user EXEC or privileged EXEC mode.
  7. To establish static routes, use the _____ command in global configuration mode. To remove static routes, use the _____ form of this command.
    To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.
  8. To discover the routes that packets will actually take when traveling to their destination, use the _____ privileged EXEC command.
    To discover the routes that packets will actually take when traveling to their destination, use the trace / traceroute privileged EXEC command.
  9. To display detailed information about neighboring devices discovered using Cisco Discovery Protocol (CDP), use the _____ privileged EXEC command.
    To display detailed information about neighboring devices discovered using Cisco Discovery Protocol (CDP), use the show cdp neighbors privileged EXEC command.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.

Lesson 9 - Dynamic Routing

edit

This lesson covers dynamic routing using RIP, EIGRP, and OSPF.


Objectives and Skills

edit

Objectives and skills for the OSPF portion of Cisco CCENT certification include:[1]

  • Differentiate methods of routing and routing protocols
    • Static vs. dynamic
    • Link state vs. distance vector
    • Next hop
    • Ip routing table
    • Passive interfaces (how they work)
  • Configure and verify OSPF (single area)
    • Benefit of single area
    • Configure OSPv2 in a single area
    • Configure OSPv3 in a single area
    • Router ID
    • Passive interface

Readings

edit
  1. Wikipedia: Dynamic routing
  2. Wikipedia: Routing Information Protocol
  3. Wikipedia: Enhanced Interior Gateway Routing Protocol
  4. Wikipedia: Open Shortest Path First
  5. Cisco: Introduction to Dynamic Routing Protocols
  6. Cisco: Routing Information Protocol
  7. Cisco: Enhanced Interior Gateway Routing Protocol
  8. Cisco: Open Shortest Path First

Multimedia

edit
  1. YouTube: Static and Dynamic Routing - CompTIA Network+ N10-005: 1.4
  2. YouTube: Link State, Distance Vector, and Hybrid Routing Protocols - CompTIA Network+ N10-005: 1.4
  3. YouTube: Routing Metrics - CompTIA Network+ N10-005: 1.4
  4. YouTube: Convergence - CompTIA Network+ N10-005: 1.4
  5. YouTube: Understanding RIP - CompTIA Network+ N10-005: 1.4
  6. YouTube: Understanding EIGRP - CompTIA Network+ N10-005: 1.4
  7. YouTube: Understanding OSPF - CompTIA Network+ N10-005: 1.4
  8. Cisco: Introducing the OSPF Protocol
  9. Cisco: OSPF Troubleshooting Neighbor Adjacencies
  10. YouTube: How to configure Routing RIP on Cisco Routers
  11. YouTube: RouterGods - Basic of OSPF configuration on Cisco routers

Examples

edit

RIP Configuration

edit

router rip

edit

To configure the Routing Information Protocol (RIP) routing process, use the router rip command in global configuration mode.[2]

router rip

network

edit

To specify a list of networks for the Routing Information Protocol (RIP) routing process, use the network command in router configuration mode. RIP sends updates to the interfaces in the specified networks.[3]

network <ip-address>
network 192.168.1.0

Command Sequence

edit

A command sequence to configure dynamic routing using RIP might be similar to the following. Routing must typically be configured on source, intermediate, and destination network routers for responses to be received.

enable
configure terminal

router rip
network 192.168.1.0
exit
exit

show ip route
ping 192.168.3.1
trace 192.168.3.1

exit

EIGRP Configuration

edit

router eigrp

edit

To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the router eigrp command in global configuration mode.[4]

router eigrp <autonomous-system-number>
router eigrp 1

network

edit

To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network command in router configuration mode or address-family configuration mode.[5]

network <ip-address> <wildcard-mask>
network 192.168.0.0 0.0.255.255

Command Sequence

edit

A command sequence to configure dynamic routing using EIGRP might be similar to the following. Routing must typically be configured on source, intermediate, and destination network routers for responses to be received.

enable
configure terminal

router eigrp 1
network 192.168.0.0 0.0.255.255
exit
exit

show ip route
ping 192.168.3.1
trace 192.168.3.1

exit

OSPF Configuration

edit

router ospf

edit

To configure an Open Shortest Path First (OSPF) routing process, use the router ospf command in global configuration mode.[6]

router ospf <process-id>
router ospf 1

network area

edit

To define the interfaces on which Open Shortest Path First (OSPF) runs and to define the area ID for those interfaces, use the network area command in router configuration mode.[7]

network <ip-address> <wildcard-mask> area <area-id>
network 192.168.0.0 0.0.255.255 area 0

router-id

edit

To use a fixed router ID, use the router-id command in router configuration mode.[8]

router-id <ip-address>
router-id 192.168.1.1

passive-interface

edit

To disable sending routing updates on an interface, use the passive-interface command in router configuration mode.[9]

passive-interface <interface>
passive-interface FastEthernet 0/1

show ip ospf

edit

To display general information about OSPF routing processes, use the show ip ospf command in EXEC mode.[10]

show ip ospf

ipv6 ospf area

edit

To enable Open Shortest Path First version 3 (OSPFv3) on an interface, use the ip v6 ospf area command in interface configuration mode.[11]

ipv6 ospf <process-id> area <area-id>
ipv6 ospf 1 area 0

Command Sequence

edit

A command sequence to configure dynamic routing using OSPF might be similar to the following. Routing must typically be configured on source, intermediate, and destination network routers for responses to be received.

enable
configure terminal

router ospf 1
network 192.168.0.0 0.0.255.255 area 0
router-id 192.168.1.1
exit

interface fastethernet0/0
ipv6 ospf 1 area 0
exit

interface fastethernet0/1
ipv6 ospf 1 area 0
exit
exit

show ip ospf
show ip route
show ipv6 ospf
show ipv6 route

ping 192.168.3.1
trace 192.168.3.1
ping 2001:db8:1::1
trace 2001:db8:1::1
exit

Activities

edit
  1. Complete the Cisco Open Shortest Path First training tutorial.
  2. Configure and test RIP routing.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • R2 FastEthernet0/1 <-> R3 FastEthernet0/0
      • PC2 Ethernet0 <-> R3 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0 = 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1 = 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0 = 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1 = 192.168.3.1 255.255.255.0
      • R3 FastEthernet0/0 = 192.168.3.2 255.255.255.0
      • R3 FastEthernet0/1 = 192.168.4.1 255.255.255.0
      • PC1 Ethernet0 = 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0 = 192.168.4.11 255.255.255.0 192.168.4.1
    5. Display the routing tables using the following command.
      • show ip route
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. Only the connected routes should be successful.
      • ping
      • trace
    7. Add RIP routing to all routers using the following commands.
      • router rip
      • network
    8. Display the routing tables using the following command.
      • show ip route
    9. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
  3. Configure and test EIGRP routing.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project (or disable RIP from above using no router rip and then skip down to display the routing tables).
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • R2 FastEthernet0/1 <-> R3 FastEthernet0/0
      • PC2 Ethernet0 <-> R3 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0 = 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1 = 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0 = 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1 = 192.168.3.1 255.255.255.0
      • R3 FastEthernet0/0 = 192.168.3.2 255.255.255.0
      • R3 FastEthernet0/1 = 192.168.4.1 255.255.255.0
      • PC1 Ethernet0 = 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0 = 192.168.4.11 255.255.255.0 192.168.4.1
    5. Display the routing tables using the following command.
      • show ip route
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. Only the connected routes should be successful.
      • ping
      • trace
    7. Add EIGRP routing to all routers using the following commands.
      • router eigrp
      • network
    8. Display the routing tables using the following command.
      • show ip route
    9. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
  4. Configure and test OSPF routing.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project (or disable RIP or EIGRP from above using no router rip or no router eigrp and then skip down to display the routing tables).
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • R2 FastEthernet0/1 <-> R3 FastEthernet0/0
      • PC2 Ethernet0 <-> R3 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0 = 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1 = 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0 = 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1 = 192.168.3.1 255.255.255.0
      • R3 FastEthernet0/0 = 192.168.3.2 255.255.255.0
      • R3 FastEthernet0/1 = 192.168.4.1 255.255.255.0
      • PC1 Ethernet0 = 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0 = 192.168.4.11 255.255.255.0 192.168.4.1
    5. Display the routing tables using the following command.
      • show ip route
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. Only the connected routes should be successful.
      • ping
      • trace
    7. Add OSPF routing to all routers using the following commands.
      • router ospf
      • network area
    8. Display the routing tables using the following command.
      • show ip route
    9. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace

Lesson Summary

edit
  • Dynamic or adaptive routing involves automatic updating of routing tables based on information carried by routing protocols.[12]
  • Routing protocols are divided into interior and exterior protocols. Interior protocols are further divided into distance-vector protocols and link-state protocols.[13] Distance-vector routing protocols are simple and efficient in small networks. Larger networks use link-state routing protocols.[14]
  • Distance-vector routing protocols require that a router informs its neighbors of topology changes periodically.[15] Each link is assigned a numeric distance or cost value, and information is shared among neighboring routers to accumulate a total cost to a given destination.[16]
  • Link-state protocols require that a router inform all the nodes in a network of topology changes.[17] Each node shares information regarding the nodes it can connect to with the entire network so that each node can build its own network map and determine for itself the least cost path to any given node.[18]
  • Routing Information Protocol (RIP) is a distance-vector routing protocol which employs the hop count as a routing metric. RIP uses the User Datagram Protocol (UDP) as its transport protocol, and is assigned the reserved port number 520.[19]
  • Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router.[20]
  • Open Shortest Path First (OSPF) is a link-state routing protocol.[21] OSPF does not use a TCP/IP transport protocol (UDP, TCP), but is encapsulated directly in IP datagrams with protocol number 89.[22]
  • OSPFv2 covers IPv4 networks. OSPFv3 adds support for IPv6.[23]
  • To configure the Routing Information Protocol (RIP) routing process, use the router rip command in global configuration mode.[24]
  • To specify a list of networks for the Routing Information Protocol (RIP) routing process, use the network command in router configuration mode. RIP sends updates to the interfaces in the specified networks.[25]
  • To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the router eigrp command in global configuration mode.[26]
  • To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network command in router configuration mode or address-family configuration mode.[27]
  • To configure an Open Shortest Path First (OSPF) routing process, use the router ospf command in global configuration mode.[28]
  • To define the interfaces on which Open Shortest Path First (OSPF) runs and to define the area ID for those interfaces, use the network area command in router configuration mode.[29]
  • To use a fixed router ID, use the router-id command in router configuration mode.[30]
  • To disable sending routing updates on an interface, use the passive-interface command in router configuration mode.[31]
  • To display general information about OSPF routing processes, use the show ip ospf command in EXEC mode.[32]
  • To enable Open Shortest Path First version 3 (OSPFv3) on an interface, use the ip v6 ospf area command in interface configuration mode.[33]

Key Terms

edit
Area Border Router (ABR)
An OSPF router that maintains separate link state databases for each area it serves and maintains summarized routes for all areas in the network.[34]
classful routing protocol
A routing protocol that identifies networks based on the first four bits of the network address.[35]
classless routing protocol
A routing protocol that identifies networks based on the network address and a variable length subnet mask.[36]
convergence
The state of a set of routers that have the same topological information about the internetwork in which they operate.[37]
distance vector
A routing protocol in which each node builds a table of relative distance and/or performance to other networks based on shared routing information.[38]
interior gateway protocol (IGP)
A type of protocol used to exchange routing information between routers within an autonomous system.[39]
link-state
A routing protocol in which every node constructs a map of network connectivity showing which nodes are connected to which other nodes and then each node independently calculates the best logical path from it to every possible destination network..[40]
link-state advertisement (LSA)
The OSPF method of communicating a router's local routing topology to all other local routers in the same OSPF area.[41]
link-state database (LSDB)
Contains descriptions of the topology of the OSPF autonomous system or area.[42]
metric
The distance vector routing protocol measure of distance or performance for each route.[43]
neighbor router ID (RID)
A value used to reference neighbor routers, which will default to neighbor's the highest logical IP address if not explicitly configured.[44]
routed protocol
A protocol is used to deliver network traffic.[45]
routing protocol
A protocol which specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a connected network.[46]
Shortest Path First (SPF) algorithm
An algorithm used to determine the shortest paths from the source node to all other nodes in the connected network.[47]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Dynamic or adaptive routing involves _____.
    Dynamic or adaptive routing involves automatic updating of routing tables based on information carried by routing protocols.
  2. Routing protocols are divided into _____ and _____ protocols. _____ protocols are further divided into _____ protocols and _____ protocols. _____ routing protocols are simple and efficient in small networks. Larger networks use _____ routing protocols.
    Routing protocols are divided into interior and exterior protocols. Interior protocols are further divided into distance-vector protocols and link-state protocols. Distance-vector routing protocols are simple and efficient in small networks. Larger networks use link-state routing protocols.
  3. Distance-vector routing protocols require _____.
    Distance-vector routing protocols require that a router informs its neighbors of topology changes periodically. Each link is assigned a numeric distance or cost value, and information is shared among neighboring routers to accumulate a total cost to a given destination.
  4. Link-state protocols require _____.
    Link-state protocols require that a router inform all the nodes in a network of topology changes. Each node shares information regarding the nodes it can connect to with the entire network so that each node can build its own network map and determine for itself the least cost path to any given node.
  5. Routing Information Protocol (RIP) is _____.
    Routing Information Protocol (RIP) is a distance-vector routing protocol which employs the hop count as a routing metric. RIP uses the User Datagram Protocol (UDP) as its transport protocol, and is assigned the reserved port number 520.
  6. Enhanced Interior Gateway Routing Protocol (EIGRP) is _____.
    Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router.
  7. Open Shortest Path First (OSPF) is _____.
    Open Shortest Path First (OSPF) is a link-state routing protocol. OSPF does not use a TCP/IP transport protocol (UDP, TCP), but is encapsulated directly in IP datagrams with protocol number 89.
  8. OSPFv2 covers _____ networks. OSPFv3 adds support for _____.
    OSPFv2 covers IPv4 networks. OSPFv3 adds support for IPv6.
  9. To configure the Routing Information Protocol (RIP) routing process, use _____.
    To configure the Routing Information Protocol (RIP) routing process, use the router rip command in global configuration mode.
  10. To specify a list of networks for the Routing Information Protocol (RIP) routing process, use _____.
    To specify a list of networks for the Routing Information Protocol (RIP) routing process, use the network command in router configuration mode. RIP sends updates to the interfaces in the specified networks.
  11. To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use _____.
    To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the router eigrp command in global configuration mode.
  12. To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use _____.
    To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network command in router configuration mode or address-family configuration mode.
  13. To configure an Open Shortest Path First (OSPF) routing process, use _____.
    To configure an Open Shortest Path First (OSPF) routing process, use the router ospf command in global configuration mode.
  14. To define the interfaces on which Open Shortest Path First (OSPF) runs and to define the area ID for those interfaces, use _____.
    To define the interfaces on which Open Shortest Path First (OSPF) runs and to define the area ID for those interfaces, use the network area command in router configuration mode.
  15. To use a fixed router ID, use _____.
    To use a fixed router ID, use the router-id command in router configuration mode.
  16. To disable sending routing updates on an interface, use _____.
    To disable sending routing updates on an interface, use the passive-interface command in router configuration mode.
  17. To display general information about OSPF routing processes, use _____.
    To display general information about OSPF routing processes, use the show ip ospf command in EXEC mode.
  18. To enable Open Shortest Path First version 3 (OSPFv3) on an interface, use _____.
    To enable Open Shortest Path First version 3 (OSPFv3) on an interface, use the ip v6 ospf area command in interface configuration mode.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: IOS IP Routing RIP Command Reference
  3. Cisco: IOS IP Routing RIP Command Reference
  4. Cisco: IOS IP Routing EIGRP Command Reference
  5. Cisco: IOS IP Routing EIGRP Command Reference
  6. Cisco: IOS IP Routing OSPF Command Reference
  7. Cisco: IOS IP Routing OSPF Command Reference
  8. Cisco: OSPF Commands
  9. Cisco: IOS IP Routing Protocol-Independent Command Reference
  10. Cisco: OSPF Commands
  11. Cisco: IOS IPv6 Command Reference
  12. Wikipedia: Routing
  13. Wikipedia: Routing
  14. Wikipedia: Routing
  15. Wikipedia: Distance-vector routing protocol
  16. Wikipedia: Routing
  17. Wikipedia: Distance-vector routing protocol
  18. Wikipedia: Routing
  19. Wikipedia: Routing Information Protocol
  20. Wikipedia: Enhanced Interior Gateway Routing Protocol
  21. Wikipedia: Open Shortest Path First
  22. Wikipedia: Open Shortest Path First
  23. Wikipedia: Open Shortest Path First
  24. Cisco: IOS IP Routing RIP Command Reference
  25. Cisco: IOS IP Routing RIP Command Reference
  26. Cisco: IOS IP Routing EIGRP Command Reference
  27. Cisco: IOS IP Routing EIGRP Command Reference
  28. Cisco: IOS IP Routing OSPF Command Reference
  29. Cisco: IOS IP Routing OSPF Command Reference
  30. Cisco: OSPF Commands
  31. Cisco: IOS IP Routing Protocol-Independent Command Reference
  32. Cisco: OSPF Commands
  33. Cisco: IOS IPv6 Command Reference
  34. Wikipedia: Open Shortest Path First
  35. Wikipedia: Classful network
  36. Wikipedia: Classless Inter-Domain Routing
  37. Wikipedia: Convergence (routing)
  38. Wikipedia: Distance-vector routing protocol
  39. Wikipedia: Interior gateway protocol
  40. Wikipedia: Link-state routing protocol
  41. Wikipedia: Link-state advertisement
  42. Wikipedia: Open Shortest Path First
  43. Wikipedia: Routing Information Protocol
  44. Wikipedia: Open Shortest Path First
  45. Wikipedia: Routing protocol
  46. Wikipedia: Routing protocol
  47. Wikipedia: Dijkstra's algorithm

Lesson 10 - Switching

edit

This lesson covers switching.


Objectives and Skills

edit

Objectives and skills for the switching portion of Cisco CCENT certification include:[1]

  • Identify basic switching concepts and the operation of Cisco switches
    • Collision domains
    • Broadcast domains
    • Ways to switch
      • Store
      • Forward
      • Cut through
      • CAM Table
  • Configure and verify initial switch configuration including remote access management
    • hostname
    • mgmt ip address
    • Ip default-gateway
    • local user and password
    • enable secret password
    • console and VTY logins
    • exec-timeout
    • service password encryption
    • copy run start
  • Verify network status and switch operation using basic utilities such as
    • ping
    • telnet
    • SSH

Readings

edit
  1. Wikipedia: Network switch
  2. Cisco: LAN Switching and VLANs
  3. Cisco: Internetwork Design Guide -- LAN Switching

Multimedia

edit
  1. YouTube: Managed vs. Unmanaged Switches - CompTIA Network+ N10-005: 2.1
  2. YouTube: Understanding Spanning Tree Protocol - CompTIA Network+ N10-005: 1.4

Examples

edit
  1. Review Cisco Networking/CCENT/IOS Basics#Global Configuration
  2. Review Cisco Networking/CCENT/IOS Basics#Password Configuration
  3. Review Cisco Networking/CCENT/Remote Management#Line Configuration
  4. Review Cisco Networking/CCENT/Remote Management#Interface Configuration
  5. Review Cisco Networking/CCENT/Remote Management#SSH Configuration
  6. Review Cisco Networking/CCENT/IOS Basics#Configuration Management
  7. Review Cisco Networking/CCENT/Remote Management#Remote Management

Command Sequence

edit

A command sequence to configure a switch might be similar to the following.

enable
configure terminal

hostname switch
ip domain-name example.com

interface vlan 1
ip address 192.168.1.10 255.255.255.0
ip default-gateway 192.168.1.1

username admin password secret

line console 0
login local

line aux 0
login local

line vty 0 4
login local
transport input ssh
exit

enable secret cisco
service password-encryption

crypto key generate rsa
1024
ip ssh version 2

exit
copy run start

Status

edit

show arp

edit

To display the entries in the Address Resolution Protocol (ARP) table, use the show ip arp command in user EXEC or privileged EXEC mode.[2]

show arp
show ip arp

show mac-address-table

edit

Use the show mac-address-table privileged EXEC command to display the MAC address table.[3]

show mac-address-table

Activities

edit
  1. Configure switch console password security.
     
    1. Add an EtherSwitch router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • hostname
      • line console 0
      • password
      • login
      • exec-timeout
      • enable secret
      • service password-encryption
      • exit
    3. Verify the configuration using the following command.
      • show running-config
    4. Exit the router console session and open the console again to test the configuration.
  2. Configure switch vty username and password security.
     
    1. Add a second EtherSwitch router to the project above and start the device.
    2. Add a link to connect the following.
      • ESW1 FastEthernet1/1 <-> ESW2 FastEthernet1/1
    3. Set the following IP addresses and subnet masks.
      • ESW1 VLAN 1: 192.168.1.1 255.255.255.0
      • ESW2 VLAN 1: 192.168.1.2 255.255.255.0
    4. Open the console for both routers and practice using the following commands.
      • enable
      • configure terminal
      • username
      • line vty 0 4
      • login local
      • exit
      • interface vlan 1
      • ip address
      • no shutdown
      • ip default-gateway
    5. Verify the configuration using the following command on both routers.
      • show running-config
      • ping
      • show arp
      • show mac-address-table
    6. Test the configuration using the following command to remotely manage one router from the other.
      • telnet
  3. Configure switch SSH access.
     
    1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • hostname
      • ip domain-name
      • crypto key generate rsa
      • ip ssh version 2
      • line vty 0 4
      • transport input ssh
    2. Verify the configuration using the following command on both routers.
      • show running-config
    3. Test the configuration using the following command to verify that telnet access is no longer supported.
      • telnet
    4. Test the configuration using the following command to remotely manage one router from the other.
      • ssh
    5. Save the configuration using the following command.
      • copy running-config startup-config

Lesson Summary

edit
  • A network switch is a computer networking device that connects devices together on a computer network, by using frame switching to receive, process and forward data to the destination device.[4]
  • A network switch forwards data only to one or multiple devices that need to receive it, rather than broadcasting the same data out of each of its ports.[5]
  • Switches forward frames through one of three methods: store and forward, cut through, and fragment free.[6]
  • Store and forward buffers and verifies each frame before forwarding it.[7]
  • Cut through starts forwarding after the frame's destination address is received.[8]
  • Fragment free checks the first 64 bytes of the frame, to detect collision errors before forwarding occurs.[9]
  • Some switches may support adaptive switching by automatically selecting between the three methods.[10]
  • Switch global configuration is similar to router global configuration, including the enable, disable, configure terminal, exit, hostname, and ip domain-name commands.
  • Switch password configuration is similar to router password configuration, including the password, login, username, login local, exec-timeout, enable password, enable secret, and service password-encryption commands.
  • Switch line configuration is similar to router line configuration, including the show line and line commands.
  • Switch interface configuration is similar to router interface configuration, including the show ip interface, show ip interface brief, interface, ip address, shutdown and no shutdown commands.
  • Switch SSH configuration is similar to router SSH configuration, including the crypto key generate rsa, ip ssh version, and transport input commands.
  • Switch configuration management is similar to router configuration management, including the show running-config, show startup-config, copy, erase, and reload commands.
  • Switch remote management is similar to router remote management, including the telnet and ssh commands.
  • Switch status is tested similar to router status, including the ping and traceroute commands.
  • To enable remote management of a switch, assign an IP address to the management VLAN interface, which by default is VLAN 1.[11]
  • To define a default gateway (router) when IP routing is disabled, use the ip default-gateway command in global configuration mode.[12]
  • To display the entries in the Address Resolution Protocol (ARP) table, use the show ip arp command in user EXEC or privileged EXEC mode.[13]
  • Use the show mac-address-table privileged EXEC command to display the MAC address table.[14]

Key Terms

edit
autonegotiation
An Ethernet procedure by which two connected devices choose common transmission parameters, such as speed, duplex mode, and flow control.[15]
flooding
Sending incoming unknown-destination frames out on all ports.[16]
Spanning Tree Protocol (STP)
A network protocol that ensures a loop-free topology for Ethernet networks and allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling or disabling of these backup links.[17]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. A network switch is _____.
    A network switch is a computer networking device that connects devices together on a computer network, by using frame switching to receive, process and forward data to the destination device.
  2. A network switch forwards data _____.
    A network switch forwards data only to one or multiple devices that need to receive it, rather than broadcasting the same data out of each of its ports.
  3. Switches forward frames through one of three methods: _____, _____, and _____.
    Switches forward frames through one of three methods: store and forward, cut through, and fragment free.
  4. Store and forward _____.
    Store and forward buffers and verifies each frame before forwarding it.
  5. Cut through _____.
    Cut through starts forwarding after the frame's destination address is received.
  6. Fragment free _____.
    Fragment free checks the first 64 bytes of the frame to detect collision errors before forwarding occurs.
  7. Some switches may support adaptive switching by _____.
    Some switches may support adaptive switching by automatically selecting between the three forwarding methods.
  8. Switch global configuration is similar to router global configuration, including the _____ commands.
    Switch global configuration is similar to router global configuration, including the enable, disable, configure terminal, exit, hostname, and ip domain-name commands.
  9. Switch password configuration is similar to router password configuration, including the _____ commands.
    Switch password configuration is similar to router password configuration, including the password, login, username, login local, exec-timeout,enable password, enable secret, and service password-encryption commands.
  10. Switch line configuration is similar to router line configuration, including the _____ commands.
    Switch line configuration is similar to router line configuration, including the show line and line commands.
  11. Switch interface configuration is similar to router interface configuration, including the _____ commands.
    Switch interface configuration is similar to router interface configuration, including the show ip interface, show ip interface brief, interface,ip address, shutdown and no shutdown commands.
  12. Switch SSH configuration is similar to router SSH configuration, including the _____ commands.
    Switch SSH configuration is similar to router SSH configuration, including the crypto key generate rsa, ip ssh version, and transport input commands.
  13. Switch configuration management is similar to router configuration management, including the _____ commands.
    Switch configuration management is similar to router configuration management, including the show running-config, show startup-config, copy, erase, and reload commands.
  14. Switch remote management is similar to router remote management, including the _____ commands.
    Switch remote management is similar to router remote management, including the telnet and ssh commands.
  15. Switch status is tested similar to router status, including the _____ commands.
    Switch status is tested similar to router status, including the ping and traceroute commands.
  16. To enable remote management of a switch, _____.
    To enable remote management of a switch, assign an IP address to the management VLAN interface, which by default is VLAN 1.
  17. To define a default gateway (router) when IP routing is disabled, use _____.
    To define a default gateway (router) when IP routing is disabled, use the ip default-gateway command in global configuration mode.
  18. To display the entries in the Address Resolution Protocol (ARP) table, use _____.
    To display the entries in the Address Resolution Protocol (ARP) table, use the show ip arp command in user EXEC or privileged EXEC mode.
  19. Use the _____ command to display the MAC address table.
    Use the show mac-address-table privileged EXEC command to display the MAC address table.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.

Lesson 11 - VLANs

edit

This lesson covers VLANs and VLAN routing.


Objectives and Skills

edit

Objectives and skills for the VLANs portion of Cisco CCENT certification include:[1]

  • Describe how VLANs create logically separate networks and the need for routing between them
    • Explain network segmentation and basic traffic management concepts
  • Configure and verify VLANs
  • Configure and verify trunking on Cisco switches
    • DTP (topic)
    • Auto-negotiation
  • Configure and verify interVLAN routing (router on a stick)
    • Sub interfaces
    • Upstream routing
    • Encapsulation
  • Configure SVI interfaces.

Readings

edit
  1. Wikipedia: Virtual LAN
  2. Wikipedia: VLAN Trunking Protocol
  3. Wikipedia: IEEE 802.1Q
  4. Wikipedia: Dynamic Trunking Protocol
  5. Wikipedia: Router on a stick
  6. Wikipedia: Switch virtual interface
  7. Cisco: LAN Switching and VLANs
  8. Cisco: EtherSwitch Network Module (ESW) Configuration Example

Multimedia

edit
  1. YouTube: VLANs - CompTIA Network+ N10-005: 1.4
  2. YouTube: Configuring VLANs - CompTIA Network+ N10-005: 2.1
  3. YouTube: VLAN Trunking Protocol - CompTIA Network+ N10-005: 2.1
  4. YouTube: CCNA And CCNP Tutorial: VLAN Trunking Protocol (VTP)
  5. YouTube: Cisco Inter-VLAN Routing on a Stick
  6. YouTube: Switched Virtual Interfaces for Inter-VLAN Routing
  7. YouTube: 802.1Q and Trunking

Examples

edit

Switch Configuration

edit

vlan

edit

To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.[2]

vlan {<vlan-id> | <vlan-range>}
vlan 2

name

edit

To name a VLAN on a switch, use the name command in VLAN configuration mode.[3]

name sale

switchport mode

edit

To set the interface type, use the switchport mode command in interface configuration mode.[4]

switchport mode < access | trunk >
switchport mode access
switchport mode trunk

switchport access vlan

edit

To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.[5]

switchport access vlan <vlan-id>
switchport access vlan 2

switchport trunk

edit

To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.[6]

switchport trunk { native vlan <vlan-id> | allowed vlan <vlan-list> }
switchport trunk native vlan 10
switchport trunk allowed vlan 2-3, 10

show vlan

edit

To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.[7]

show vlan [brief | id <vlan-id> | name <name> [ifindex] | <ifindex>]
show vlan
show vlan brief
show vlan 2
show vlan sales

show interfaces switchport

edit

To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.[8]

show interfaces switchport

Command Sequence

edit

A command sequence to configure a switch for VLAN switching might be similar to the following.

enable
configure terminal
vlan 2 
name sales
vlan 3 
name r&d
exit

interface vlan 1
ip address 192.168.1.10 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1

interface fastethernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
interface range fastethernet1/1 - 2
switchport access vlan 2
interface range fastethernet1/3 - 4 
switchport access vlan 3
exit
exit

show vlan brief
show interface trunk
show interfaces switchport

EtherSwitch Router Configuration

edit

vlan database

edit

To enter VLAN configuration mode on a router with a switch module, use the vlan database command in privileged EXEC mode.[9]

vlan database

vlan (VLAN)

edit

To configure a specific VLAN, use the vlan command in VLAN configuration mode.[10]

vlan <vlan-id> [name <vlan-name>]
vlan 2 name sales

show vlan-switch

edit

To display VLAN information, use the show vlan-switch command in user EXEC or privileged EXEC mode.[11]

show vlan-switch [brief | id <vlan> | name <name>]
show vlan-switch
show vlan-switch brief

show interface trunk

edit

To display the interface-trunk information, use the show interface trunk command in user EXEC or privileged EXEC mode.[12]

show interface [ interface <interface-number> ] trunk [ module <number> | vlan <vlan> ]
show interface trunk 

Command Sequence

edit

A command sequence to configure an EtherSwitch router for VLAN switching might be similar to the following.

enable
vlan database
vlan 2 name sales
vlan 3 name r&d
exit

configure terminal
interface vlan 1
ip address 192.168.1.10 255.255.255.0
no shutdown
ip default-gateway 192.168.1.1

interface fastethernet1/0
switchport mode trunk
interface range fastethernet1/1 - 2
switchport access vlan 2
interface range fastethernet1/3 - 4 
switchport access vlan 3
exit
exit

show vlan-switch brief
show interface trunk

Router Configuration

edit

encapsulation dot1q

edit

To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN, use the encapsulation dot1q command in interface range configuration mode or subinterface configuration mode.[13]

encapsulation dot1q <vlan-id> [native]

show vlans

edit

To display VLAN subinterfaces, use the show vlans command in privileged EXEC mode.[14]

show vlan

Command Sequence

edit

A command sequence to configure a router for VLAN routing might be similar to the following.

enable
configure terminal

interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown

interface fastethernet0/0.2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0

interface fastethernet0/0.3
encapsulation dot1q 3
ip address 192.168.3.1 255.255.255.0

exit
exit

show ip interface brief
show vlans

Switch Virtual Interface Configuration

edit

Command Sequence

edit

A command sequence to configure switch virtual interface (SVI) VLAN routing might be similar to the following.

enable
configure terminal

ip routing

interface vlan 2
ip address 192.168.2.1 255.255.255.0
no shutdown

interface vlan 3
ip address 192.168.3.1 255.255.255.0
no shutdown

exit
exit

show ip route

Activities

edit
  1. Configure and test switching.
     
    1. Add an EtherSwitch router and four VPCS PCs to a new GNS3 project and start the devices.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> ESW1 FastEthernet1/1
      • PC2 Ethernet0 <-> ESW1 FastEthernet1/2
      • PC3 Ethernet0 <-> ESW1 FastEthernet1/3
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/4
    3. Set the following IP addresses and subnet masks.
      • ESW1 VLAN1: 192.168.1.10 255.255.255.0
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0
      • PC2 Ethernet0: 192.168.1.12 255.255.255.0
      • PC3 Ethernet0: 192.168.1.13 255.255.255.0
      • PC4 Ethernet0: 192.168.1.14 255.255.255.0
    4. Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
      • ping
  2. Configure and test VLAN switching.
     
    1. Using the project from above, create the following VLANs.
      • VLAN 2: sales, FastEthernet1/1, FastEthernet1/2
      • VLAN 3: r&d, FastEthernet1/3, FastEthernet1/4
    2. Open the console for the switch and practice using the following commands.
      • enable
      • vlan database
      • vlan
      • exit
      • configure terminal
      • interface
      • switchport access
    3. Verify the configuration using the following commands.
      • show running-config
      • show vlan-switch
    4. Test the configuration using the following command on the switch and the PCs. Test all switch and PC addresses. Only connections on the same VLAN should be successful.
      • ping
  3. Configure and test VLAN routing.
     
    1. Add a router to the project from above and start the device.
    2. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> ESW1 FastEthernet1/0
    3. Set the following IP addresses, subnet masks, and default gateways for the switch and PCs.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/0.2: 192.168.2.1 255.255.255.0
      • R1 FastEthernet0/0.3: 192.168.3.1 255.255.255.0
      • ESW1 VLAN1: 192.168.1.10 255.255.255.0 192.168.1.1
      • PC1 Ethernet0: 192.168.2.11 255.255.255.0 192.168.2.1
      • PC2 Ethernet0: 192.168.2.12 255.255.255.0 192.168.2.1
      • PC3 Ethernet0: 192.168.3.13 255.255.255.0 192.168.3.1
      • PC4 Ethernet0: 192.168.3.14 255.255.255.0 192.168.3.1
    4. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • encapsulation
      • ip address
      • exit
    5. Verify the configuration using the following commands.
      • show ip interface brief
      • show vlans
    6. Open the console for the switch and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip address
      • ip default-gateway
      • switchport mode trunk
      • exit
    7. Verify the configuration using the following commands.
      • show vlan-switch
      • show interface trunk
    8. Test the configuration using the following commands on the router, switch, and the PCs. Test all router, switch, and PC addresses. All tests should be successful.
      • ping
      • trace
  4. Configure and test switch virtual interface (SVI) routing.
     
    1. Remove the router from the project above.
    2. Set the following IP addresses and subnet masks for the switch.
      • ESW1 VLAN2: 192.168.2.1 255.255.255.0
      • ESW1 VLAN3: 192.168.3.1 255.255.255.0
    3. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • interface
      • ip address
      • exit
      • ip routing
    4. Verify the configuration using the following commands.
      • show ip route
    5. Test the configuration using the following commands on the switch and the PCs. Test all switch and PC addresses. All tests should be successful.
      • ping
      • trace

Lesson Summary

edit
  • A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[15]
  • Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.[16]
  • VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.[17]
  • VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.[18]
  • IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.[19]
  • Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.[20]
  • A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.[21]
  • Switch port mode settings available are:[22]
    • Access - Puts the Ethernet port into permanent nontrunking mode.
    • Trunk - Puts the Ethernet port into permanent trunking mode.
    • Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
    • Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
    • Nonegotiate - Disables DTP.
  • Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.[23]
  • A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.[24]
  • A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.[25]
  • To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.[26]
  • To name a VLAN on a switch, use the name command in VLAN configuration mode.[27]
  • To set the interface type, use the switchport mode command in interface configuration mode.[28]
  • To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.[29]
  • To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.[30]
  • To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.[31]
  • To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.[32]

Key Terms

edit
access interface
A network link carrying a single VLAN, without VLAN tagging.[33]
trunk interface
A network link with VLAN tagging, able to carry multiple VLANs.[34]
trunking administrative mode
The configured port trunking setting.[35]
trunking operational mode
The current trunking behavior of a given port after negotiating with the neighboring port.[36]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. A virtual LAN (VLAN) is _____.
    A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
  2. Managed switches can _____.
    Managed switches can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.
  3. VLANs allow network administrators to _____.
    VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch.
  4. VLAN Trunking Protocol (VTP) is _____.
    VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.
  5. IEEE 802.1Q is _____.
    IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
  6. Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is _____.
    Under IEEE 802.1Q, the maximum number of VLANs on a given Ethernet network is 4,094.
  7. A VLAN ID is added only if _____. If the frame is to be forwarded out a port configured as an access link, the _____.
    A VLAN ID is added only if the frame is forwarded out a port configured as a trunk link. If the frame is to be forwarded out a port configured as an access link, the ISL encapsulation is removed.
  8. Switch port mode settings available are:
    Switch port mode settings available are:

    Access - Puts the Ethernet port into permanent nontrunking mode.
    Trunk - Puts the Ethernet port into permanent trunking mode.
    Dynamic Auto - Makes the Ethernet port willing to convert the link to a trunk link. This is the default mode for all Ethernet ports.
    Dynamic Desirable - Makes the port actively attempt to convert the link to a trunk link.
    Nonegotiate - Disables DTP.

  9. Dynamic Trunking Protocol (DTP) is _____.
    Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used.
  10. A "router on a stick", is _____.
    A "router on a stick", is a router that has a single physical or logical connection to a network, and is often used to forward traffic between locally attached hosts on separate logical routing domains or to facilitate routing table administration, distribution and relay.
  11. A switched virtual interface (SVI) is _____.
    A switched virtual interface (SVI) is a VLAN of switch ports represented by one interface to a routing or bridging system. An SVI cannot be activated unless associated with a physical port.
  12. To add a VLAN and enter config-VLAN submode on a switch, use the _____ command in global configuration mode.
    To add a VLAN and enter config-VLAN submode on a switch, use the vlan command in global configuration mode.
  13. To name a VLAN on a switch, use the _____ command in VLAN configuration mode.
    To name a VLAN on a switch, use the name command in VLAN configuration mode.
  14. To set the interface type, use the _____ command in interface configuration mode.
    To set the interface type, use the switchport mode command in interface configuration mode.
  15. To set the VLAN when the interface is in access mode, use the _____ command in interface configuration or template configuration mode.
    To set the VLAN when the interface is in access mode, use the switchport access vlan command in interface configuration or template configuration mode.
  16. To set the trunk characteristics when the interface is in trunking mode, use the _____ command in interface configuration mode.
    To set the trunk characteristics when the interface is in trunking mode, use the switchport trunk command in interface configuration mode.
  17. To display VLAN information on a switch, use the _____ command in privileged EXEC mode.
    To display VLAN information on a switch, use the show vlan command in privileged EXEC mode.
  18. To display the administrative and operational status of a switching (nonrouting) port, use the _____ command in user EXEC or privileged EXEC mode.
    To display the administrative and operational status of a switching (nonrouting) port, use the show interfaces switchport command in user EXEC or privileged EXEC mode.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: IOS LAN Switching Command Reference
  3. Cisco: IOS LAN Switching Command Reference
  4. Cisco: IOS Interface and Hardware Component Command Reference
  5. Cisco: IOS Interface and Hardware Component Command Reference
  6. Cisco: IOS Interface and Hardware Component Command Reference
  7. Cisco: IOS LAN Switching Command Reference
  8. Cisco: IOS Interfaces and Hardware Component Command Reference
  9. Cisco: IOS LAN Switching Command Reference
  10. Cisco: IOS LAN Switching Command Reference
  11. Cisco: IOS LAN Switching Command Reference
  12. Cisco: IOS LAN Switching Command Reference
  13. Cisco: IOS LAN Switching Command Reference
  14. Cisco: IOS LAN Switching Command Reference
  15. Wikipedia: Virtual LAN
  16. Wikipedia: Virtual LAN
  17. Wikipedia: Virtual LAN
  18. Wikipedia: VLAN Trunking Protocol
  19. Wikipedia: IEEE 802.1Q
  20. Wikipedia: Virtual LAN
  21. Wikipedia: Virtual LAN
  22. Wikipedia: Dynamic Trunking Protocol
  23. Wikipedia: Dynamic Trunking Protocol
  24. Wikipedia: Router on a stick
  25. Wikipedia: Switch virtual interface
  26. Cisco: IOS LAN Switching Command Reference
  27. Cisco: IOS LAN Switching Command Reference
  28. Cisco: IOS Interface and Hardware Component Command Reference
  29. Cisco: IOS Interface and Hardware Component Command Reference
  30. Cisco: IOS Interface and Hardware Component Command Reference
  31. Cisco: IOS LAN Switching Command Reference
  32. Cisco: IOS Interfaces and Hardware Component Command Reference
  33. Wikipedia: Virtual LAN
  34. Wikipedia: Virtual LAN
  35. Wikipedia: Dynamic Trunking Protocol
  36. Wikipedia: Dynamic Trunking Protocol

Lesson 12 - Security

edit

This lesson covers security.


Objectives and Skills

edit

Objectives and skills for the security portion of Cisco CCENT certification include:[1]

  • Configure and verify network device security features
    • Device password security
    • Enable secret vs. enable
    • Transport
      • Disable telnet
      • SSH
    • VTYs
    • Physical security
    • Service password
    • Describe external authentication methods
  • Configure and verify switch port security
    • Sticky mac
    • MAC address limitation
    • Static/dynamic
    • Violation modes
      • Err disable
      • Shutdown
      • Protect restrict
    • Shutdown unused ports
    • Err disable recovery
    • Assign unused ports in unused VLANs
    • Putting Native VLAN to other than VLAN 1

Readings

edit
  1. Wikipedia: Network security
  2. Wikipedia: Access control
  3. Wikipedia: MAC filtering
  4. Cisco: How to secure your Cisco Catalyst switch
  5. Cisco: Security Checklist

Multimedia

edit
  1. Cisco: Hardening Cisco IOS Devices
  2. Cisco: Securing Cisco LAN Switches

Examples

edit

Device Security

edit
  1. Review Cisco Networking/CCENT/IOS Basics#Password Configuration
  2. Review Cisco Networking/CCENT/Remote Management#Line Configuration
  3. Review Cisco Networking/CCENT/Remote Management#Interface Configuration
  4. Review Cisco Networking/CCENT/Remote Management#SSH Configuration

Port Security Configuration

edit

Note: The following commands are not supported by NM-16ESW network modules. See Cisco: EtherSwitch Network Module 802.1x Authentication for an alternative. Port security is included in the Cisco CCENT exam, but 802.1x implementation is not.

switchport port-security

edit

To enable port security on an interface, use the switchport port-security command in interface configuration mode.[2]

switchport port-security

switchport port-security mac-address

edit

To add a MAC address to the list of secure MAC addresses, use the switchport port-security mac-address command in interface configuration mode.[3]

switchport port-security mac-address { <mac-addr> | sticky [<mac-addr>] [ vlan <vlan> [voice] | <vlan-list> ] }
switchport port-security mac-address 1a:6f:7c:8e:2h:3a
switchport port-security mac-address default

switchport port-security maximum

edit

To set the maximum number of secure MAC addresses on a port, use the switchport port-security maximum command in interface configuration mode.[4]

switchport port-security maximum <maximum> [ vlan <vlan> | <vlan-list> ]
switchport port-security maximum 1 

switchport port-security violation

edit

To set the action to be taken when a security violation is detected, use the switchport port-security violation command in interface configuration mode.[5]

switchport port-security violation { shutdown | restrict | protect }
switchport port-security violation shutdown
switchport port-security violation restrict
switchport port-security violation protect

show port-security

edit

To display port-security settings for an interface or for the switch, use the show port-security command in global configuration mode.[6]

show port-security [interface interface_id] [address]
show port-security
show port-security interface fastethernet 1/1
show port-security address

Command Sequence

edit

A command sequence to configure port security might be similar to the following.

enable
configure terminal

interface range fa1/0 - 15
switchport port-security mac-address sticky
switchport port-security maximum 1
switchport port-security violation restrict
exit
exit

show port-security
show port-security address
exit

Activities

edit
  1. Configure and verify device security.
     
    1. Add a router, an EtherSwitch router, and four VPCS PCs to a new GNS3 project and start the devices.
    2. Add links to connect the following.
      • R1 FastEthernet0/0 <-> ESW1 FastEthernet1/0
      • PC1 Ethernet0 <-> ESW1 FastEthernet1/1
      • PC2 Ethernet0 <-> ESW1 FastEthernet1/2
      • PC3 Ethernet0 <-> ESW1 FastEthernet1/3
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/4
    3. Set the following IP addresses, subnet masks, and default gateways for the switch and PCs.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • ESW1 VLAN1: 192.168.1.10 255.255.255.0 192.168.1.1
      • PC1 Ethernet0: 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0: 192.168.1.12 255.255.255.0 192.168.1.1
      • PC3 Ethernet0: 192.168.1.13 255.255.255.0 192.168.1.1
      • PC4 Ethernet0: 192.168.1.14 255.255.255.0 192.168.1.1
    4. Add username and password security to the console, aux, and vty lines, add a password to protect global configuration mode, and encrypt all passwords on both routers using the following commands.
      • enable
      • configure terminal
      • username
      • line
      • login local
      • enable secret
      • service password-encryption
    5. Allow only SSH connections to the vty lines of both routers using the following commands.
      • hostname
      • ip domain-name
      • crypto key generate rsa
      • ip ssh version 2
      • line vty 0 4
      • transport input ssh
    6. Verify the configuration on both routers using the following command.
      • show running-config
    7. Exit the router console session and open the console again to test the configuration.
    8. Exit the router console session and open a console on the aux line to test the configuration.
    9. Test vty configuration using the following command to verify that telnet access is no longer supported.
      • telnet
    10. Test vty configuration using the following command to remotely manage one router from the other.
      • ssh
  2. Configure and verify switch port security. Note: EtherSwitch routers do not support the switchport port-security command. Use a Cisco switch, if available, or review CiscoSkills.net: Configuring Port Security.
     
    1. Add dynamic port security and limit connections to only 1 allowed device per port in restricted mode using the following commands.
      • switchport port-security mac-address
      • switchport port-security maximum
      • switchport port-security violation
    2. Shutdown unused ports.
    3. Verify the configuration using the following commands.
      • show port-security
      • show port-security address
    4. Test the configuration by pinging all four PCs. The test should be successful for all devices.
    5. Remove and add links to connect the following.
      • PC3 Ethernet0 <-> ESW1 FastEthernet1/4
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/3
    6. Test the configuration by pinging all four PCs. The test should be successful for PC1 and PC2, and unsuccessful for PC3 and PC4.
    7. Verify the configuration using the following commands.
      • show port-security
      • show port-security address
    8. Remove and add links to connect the following.
      • PC3 Ethernet0 <-> ESW1 FastEthernet1/3
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/4
    9. Test the configuration by pinging all four PCs. The test should be successful for all devices.
  3. Configure VLAN security.
     
    1. Use the configuration from above. Change the native VLAN to VLAN 10, put existing devices in VLAN 10, and assign unused ports to VLAN 99 using the following commands on the EtherSwitch router.
      • enable
      • vlan database
      • vlan
      • exit
      • configure terminal
      • interface range
      • switchport access
    2. Test the configuration by pinging all four PCs. The test should be successful for all devices.
    3. Remove and add links to connect the following.
      • PC4 Ethernet0 <-> ESW1 FastEthernet1/5
    4. Test the configuration by pinging all four PCs. The test should be successful for PC1, PC2, and PC3, and unsuccessful for PC4.
    5. Configure the router to access the EtherSwitch router on VLAN 10 using the following commands.
      • enable
      • configure terminal
      • interface
      • encapsulation
      • exit
    6. Test the configuration by pinging the switch from the router. The test should be successful.

Lesson Summary

edit
  • Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources.[7]
  • Network security requires physical security, access control, authentication, and authorization.[8]
  • Cisco IOS supports Authentication, Authorization, and Accounting (AAA) using either RADIUS or TACACS+ protocols.[9]
  • MAC filtering is a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.[10]
  • MAC filtering can be circumvented by identifying a valid MAC through observation and then spoofing one's own MAC into a validated one.[11]
  • MAC spoofing may done in the Windows Registry or by using command-line tools on a Linux platform.[12]
  • Cisco Catalyst switches support MAC filtering on a port-by-port basis using port security.[13]
  • Port security may be configured statically with a list, dynamically based on the first given number of addresses detected, or a combination of these two methods.[14]
  • When port security is configured, the default settings are to allow only one MAC address per port, and to shut down the port if the allowed number of addresses is exceeded.[15]
  • Rather than shutting down the port, the port security violation mode may be set to restrict access and send an SNMP alert.[16]
  • Port security shutdown ports may also be set to recover automatically using the errdisable recovery cause psecure-violation command in global configuration mode.[17]
  • The default erridsable recovery time is 300 seconds. This may be altered using the errdisable recovery interval command.[18]
  • Port security dynamic MAC addresses are not remembered by default. They may be added to the running configuration by enabling sticky mode.[19]
  • To enable port security on an interface, use the switchport port-security command in interface configuration mode.[20]
  • To add a MAC address to the list of secure MAC addresses, use the switchport port-security mac-address command in interface configuration mode.[21]
  • To set the maximum number of secure MAC addresses on a port, use the switchport port-security maximum command in interface configuration mode.[22]
  • To set the action to be taken when a security violation is detected, use the switchport port-security violation command in interface configuration mode.[23]
  • To display port-security settings for an interface or for the switch, use the show port-security command in global configuration mode.[24]
  • Additional switch security options include shutting down unused ports, assigning unused ports to unused VLANs, and setting the native VLAN to a VLAN other than 1.[25]

Key Terms

edit
AAA
An acronym for authentication, authorization, and accounting, which generically refers to a protocol used for this purpose.[26]
RADIUS (Remote Authentication Dial-In User Service)
A networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.[27]
TACACS+ (Terminal Access Controller Access-Control System Plus
A protocol developed by Cisco and released as an open standard that handles authentication, authorization, and accounting (AAA) services.[28]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Network security consists of _____.
    Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources.
  2. Network security requires _____.
    Network security requires physical security, access control, authentication, and authorization.
  3. Cisco IOS supports Authentication, Authorization, and Accounting (AAA) using _____.
    Cisco IOS supports Authentication, Authorization, and Accounting (AAA) using either RADIUS or TACACS+ protocols.
  4. MAC filtering is _____.
    MAC filtering is a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
  5. MAC filtering can be circumvented by _____.
    MAC filtering can be circumvented by identifying a valid MAC through observation and then spoofing one's own MAC into a validated one.
  6. MAC spoofing may done _____.
    MAC spoofing may done in the Windows Registry or by using command-line tools on a Linux platform.
  7. Cisco Catalyst switches support MAC filtering on a port-by-port basis using _____.
    Cisco Catalyst switches support MAC filtering on a port-by-port basis using port security.
  8. Port security may be configured _____.
    Port security may be configured statically with a list, dynamically based on the first given number of addresses detected, or a combination of these two methods.
  9. When port security is configured, the default settings are _____.
    When port security is configured, the default settings are to allow only one MAC address per port, and to shut down the port if the allowed number of addresses is exceeded.
  10. Rather than shutting down the port, the port security violation mode may be set to _____.
    Rather than shutting down the port, the port security violation mode may be set to restrict access and send an SNMP alert.
  11. Port security shutdown ports may also be set to _____.
    Port security shutdown ports may also be set to recover automatically using the errdisable recovery cause psecure-violation command in global configuration mode.
  12. The default errdisable recovery time is _____ seconds. This may be altered using the _____ command.
    The default errdisable recovery time is 300 seconds. This may be altered using the errdisable recovery interval command.
  13. Dynamic addresses are not remembered by default. They may be added to the running configuration by enabling _____ mode.
    Dynamic addresses are not remembered by default. They may be added to the running configuration by enabling sticky mode.
  14. To enable port security on an interface, use the _____ command in interface configuration mode.
    To enable port security on an interface, use the switchport port-security command in interface configuration mode.
  15. To add a MAC address to the list of secure MAC addresses, use the _____ command in interface configuration mode.
    To add a MAC address to the list of secure MAC addresses, use the _____ command in interface configuration mode.
  16. To set the maximum number of secure MAC addresses on a port, use the _____ command in interface configuration mode.
    To set the maximum number of secure MAC addresses on a port, use the switchport port-security maximum command in interface configuration mode.
  17. To set the action to be taken when a security violation is detected, use the _____ command in interface configuration mode.
    To set the action to be taken when a security violation is detected, use the switchport port-security violation command in interface configuration mode.
  18. To display port-security settings for an interface or for the switch, use the _____ command in global configuration mode.
    To display port-security settings for an interface or for the switch, use the show port-security command in global configuration mode.
  19. Additional switch security options include _____, _____, and _____.
    Additional switch security options include shutting down unused ports, assigning unused ports to unused VLANs, and setting the native VLAN to a VLAN other than 1.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.

Lesson 13 - Access Control Lists

edit

This lesson covers access control lists.


Objectives and Skills

edit

Objectives and skills for the access control lists portion of Cisco CCENT certification include:[1]

  • Describe the types, features, and applications of ACLs
    • Standard (editing and sequence numbers)
    • Extended
    • Named
    • Numbered
    • Log option
  • Configure and verify ACLs in a network environment
    • Named
    • Numbered
    • Log option
  • Configure and verify ACLs to filter network traffic
  • Configure and verify ACLs to limit telnet and SSH access to the router

Readings

edit
  1. Wikipedia: Access control list
  2. Cisco: Configuring IP Access Lists

Multimedia

edit
  1. YouTube: Access Control Lists - CompTIA Network+ N10-005: 5.2
  2. Cisco: Introducing Access Control List Operation
  3. YouTube: CCNA CCENT Video Boot Camp: Applying ACLs (Or Not!)
  4. YouTube: Access-List Tutorial

Examples

edit

access-list (IP standard)

edit

To define a standard IP access list, use the standard version of the access-list command in global configuration mode.[2]

access-list <access-list-number> {deny | permit} <source> [<source-wildcard>] [log]
access-list 1 deny 127.0.0.0 0.255.255.255 log
access-list 1 permit any

access-list (IP extended)

edit

To define an extended IP access list, use the extended version of the access-list command in global configuration mode.[3]

access-list <access-list-number> [dynamic <dynamic-name> [timeout <minutes>]] {deny | permit} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [log | log-input]]
access-list 101 permit tcp host 192.168.1.2 host 192.168.1.1 eq telnet
access-list 101 deny tcp any any eq telnet log
access-list 101 permit ip any any

ip access-list

edit

To define an IP access list by name, use the ip access-list command in global configuration mode.[4]

ip access-list {standard | extended} access-list-name

ip access-list standard block-private
deny 10.0.0.0 0.255.255.255 log

ip access-list extended filter-ssh
permit tcp host 192.168.1.2 host 192.168.1.1 eq 22
deny tcp any any eq 22 log
permit ip any any

ip access-group

edit

To control access to an interface, use the ip access-group command in interface configuration mode.[5]

ip access-group {<access-list-number> | <access-list-name>}{in | out}
ip access-group 1 out
ip access-group block-private out
ip access-group 101 in
ip access-group filter-ssh in

show access-lists

edit

To display the contents of current access lists, use the show access-lists privileged EXEC command.[6]

show access-lists [<access-list-number> | <access-list-name>]
show access-lists
show access-lists 1
show access-lists block-private

show ip access-lists

edit

To display the contents of all current IP access lists, use the show ip access-list EXEC command.[7]

show ip access-lists [access-list-number | access-list-name]
show ip access-lists 1
show ip access-lists block-private

Command Sequence

edit

A command sequence to configure port security might be similar to the following.

enable
configure terminal

access-list 1 deny 10.0.0.0 0.255.255.255 log
access-list 1 deny 172.16.0.0 0.15.255.255 log
access-list 1 deny 192.168.0.0 0.0.255.255 log
access-list 1 permit any

access-list 101 permit tcp host 192.168.1.2 host 192.168.1.1 eq 22
access-list 101 deny tcp any any eq 22 log
access-list 101 permit ip any any

interface fastethernet 0/0
ip access-group 101 in

interface fastethernet 0/1
ip access-group 1 out

exit
exit

show access-lists
show ip interface
exit

Activities

edit
  1. Complete the Cisco Access Lists training tutorial.
  2. Configure numbered standard ACLs to filter network traffic.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project.
    2. Add links to connect the following.
      • PC1 Ethernet0 <-> R1 FastEthernet0/0
      • R1 FastEthernet0/1 <-> R2 FastEthernet0/0
      • R2 FastEthernet0/1 <-> R3 FastEthernet0/0
      • PC2 Ethernet0 <-> R3 FastEthernet0/1
    3. Start the devices.
    4. Set the following IP addresses, subnet masks, and for the PCs, default gateways
      • R1 FastEthernet0/0 = 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1 = 192.168.2.1 255.255.255.0
      • R2 FastEthernet0/0 = 192.168.2.2 255.255.255.0
      • R2 FastEthernet0/1 = 192.168.3.1 255.255.255.0
      • R3 FastEthernet0/0 = 192.168.3.2 255.255.255.0
      • R3 FastEthernet0/1 = 192.168.4.1 255.255.255.0
      • PC1 Ethernet0 = 192.168.1.11 255.255.255.0 192.168.1.1
      • PC2 Ethernet0 = 192.168.4.11 255.255.255.0 192.168.4.1
    5. Add static routes or dynamic OSPF routing to connect all devices.
    6. Display the routing tables using the following command.
      • show ip route
    7. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    8. Add a numbered standard ACL to filter network traffic and prevent hosts on the different subnets from connecting to hosts on other subnets. Practice using the following commands.
      • access-list
      • ip access-group
      • show access-lists
      • show ip interface
    9. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All PC-to-router and router-to-router tests should be successful. The PC-to-PC test should fail.
      • ping
      • trace
  3. Configure numbered extended ACLs to filter network traffic.
     
    1. Remove all ACLs from the configuration above. Verify the configuration using the following command.
      • show access-lists
    2. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    3. Add a numbered extended ACL that permits ICMP connections to routers, but prevents ICMP connections to other network hosts. Allow all other IP traffic. Practice using the following commands.
      • access-list
      • ip access-group
      • show access-lists
      • show ip interface
    4. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All PC-to-router and router-to-router tests should be successful. The PC-to-PC test should fail.
      • ping
      • trace
  4. Configure named standard ACLs to filter network traffic.
     
    1. Remove all ACLs from the configuration above. Verify the configuration using the following command.
      • show access-lists
    2. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    3. Add a named standard ACL to filter network traffic and prevent hosts on the different subnets from connecting to hosts on other subnets. Practice using the following commands.
      • access-list
      • ip access-group
      • show ip access-lists
      • show ip interface
    4. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All PC-to-router and router-to-router tests should be successful. The PC-to-PC test should fail.
      • ping
      • trace
  5. Configure named extended ACLs to filter network traffic.
     
    1. Remove all ACLs from the configuration above. Verify the configuration using the following command.
      • show access-lists
    2. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    3. Add a named extended ACL that permits ICMP connections to routers, but prevents ICMP connections to other network hosts. Allow all other IP traffic. Practice using the following commands.
      • access-list
      • ip access-group
      • show ip access-lists
      • show ip interface
    4. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All PC-to-router and router-to-router tests should be successful. The PC-to-PC test should fail.
      • ping
      • trace
  6. Configure ACLs to limit telnet and SSH access to the router.
    1. Remove all ACLs from the configuration above. Verify the configuration using the following command.
      • show access-lists
    2. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    3. Configure R2 to accept vty connections. Test the configuration using the following command from both routers. Both connections should be successful.
      • telnet
    4. Add an extended ACL that permits Telnet and SSH connections from R1 to R2, but prevents any other Telnet or SSH connections. Allow all other IP traffic. Practice using the following commands.
      • access-list
      • ip access-group
      • show ip access-lists
      • show ip interface
    5. Test the configuration using the following commands from both routers. The connection from R1 to R2 should be successful. The connection from R3 to R2 should fail.
      • telnet
    6. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace

Lesson Summary

edit
  • An access control list refers to rules that are applied to port numbers or IP addresses that are available on a host, each with a list of hosts and/or networks permitted to use the service.[8]
  • Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.[9]
  • To define a standard IP access list, use the standard version of the access-list command in global configuration mode.[10]
  • Access lists may be configured to specifically permit or deny network traffic.[11]
  • Access lists end with an implicit deny all. Only traffic explicitly permitted by the access list will be allowed.[12]
  • Standard access lists filter based on source IP address.[13]
  • Standard numbered access lists are numbered from 1 to 99 or from 1300 to 1999.[14]
  • Access list wildcard masks are applied to IP addresses similar to the way subnet masks are applied, but with an opposite design. Subnet masks use 1-bits to identify the network. Access list wildcard masks use 1-bits to identify the host addresses to be filtered.[15]
  • To define an extended IP access list, use the extended version of the access-list command in global configuration mode.[16]
  • Extended access lists filter based on source and destination IP addresses, protocols, and port numbers.[17]
  • Extended numbered access lists are numbered from 100 to 199 or from 2000 to 2699.[18]
  • The log access-list command option causes an informational logging message about the packet that matches the entry to be sent to the console.[19]
  • To define an IP access list by name, use the ip access-list command in global configuration mode.[20]
  • To control access to an interface, use the ip access-group command in interface configuration mode.[21]
  • Access lists filter either inbound or outbound traffic based on the ip access-group options of in or out.[22]
  • To display the contents of current access lists, use the show access-lists privileged EXEC command.[23]
  • To display the contents of all current IP access lists, use the show ip access-list EXEC command.[24]

Key Terms

edit

Included in Lesson Summary

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. An access control list refers to _____.
    An access control list refers to rules that are applied to port numbers or IP addresses that are available on a host, each with a list of hosts and/or networks permitted to use the service.
  2. Access control lists can generally be configured to _____, and in this context they are similar to _____.
    Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.
  3. To define a standard IP access list, use _____.
    To define a standard IP access list, use the standard version of the access-list command in global configuration mode.
  4. Access lists may be configured to specifically _____ or _____ network traffic.
    Access lists may be configured to specifically permit or deny network traffic.
  5. Access lists end with _____. Only traffic _____ will be allowed.
    Access lists end with an implicit deny all. Only traffic explicitly permitted by the access list will be allowed.
  6. Standard access lists filter based on _____.
    Standard access lists filter based on source IP address.
  7. Standard numbered access lists are numbered _____ or _____.
    Standard numbered access lists are numbered from 1 to 99 or from 1300 to 1999.
  8. Access list wildcard masks are applied to IP addresses similar to the way subnet masks are applied, but _____. Subnet masks use 1-bits to identify _____. Access list wildcard masks use 1-bits to identify _____.
    Access list wildcard masks are applied to IP addresses similar to the way subnet masks are applied, but with an opposite design. Subnet masks use 1-bits to identify the network. Access list wildcard masks use 1-bits to identify the host addresses to be filtered.
  9. To define an extended IP access list, use _____.
    To define an extended IP access list, use the extended version of the access-list command in global configuration mode.
  10. Extended access lists filter based on _____.
    Extended access lists filter based on source and destination IP addresses, protocols, and port numbers.
  11. Extended numbered access lists are numbered _____ or _____.
    Extended numbered access lists are numbered from 100 to 199 or from 2000 to 2699.
  12. The log access-list command option causes _____.
    The log access-list command option causes an informational logging message about the packet that matches the entry to be sent to the console.
  13. To define an IP access list by name, use _____.
    To define an IP access list by name, use the ip access-list command in global configuration mode.
  14. To control access to an interface, use _____.
    To control access to an interface, use the ip access-group command in interface configuration mode.
  15. Access lists filter either inbound or outbound traffic based on _____.
    Access lists filter either inbound or outbound traffic based on the ip access-group options of in or out.
  16. To display the contents of current access lists, use _____.
    To display the contents of current access lists, use the show access-lists privileged EXEC command.
  17. To display the contents of all current IP access lists, use _____.
    To display the contents of all current IP access lists, use the show ip access-list EXEC command.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.

Lesson 14 - Troubleshooting

edit

This lesson covers troubleshooting.


Objectives and Skills

edit

Objectives and skills for the troubleshooting portion of Cisco CCENT certification include:[1]

  • Troubleshoot and correct common problems associated with IP addressing and host configurations
  • Troubleshoot and resolve VLAN problems
    • Identify that VLANs are configured
    • Verify port membership is correct
    • Correct IP address is configured
  • Troubleshoot and resolve trunking problems on Cisco switches
    • Verify correct trunk states
    • Verify correct encapsulation is configured
    • Correct VLANs are allowed
  • Troubleshoot and resolve ACL issues
    • Verify statistics
    • Verify permitted networks
    • Verify direction
      • Interface
  • Troubleshoot and resolve Layer 1 problems
    • Framing
    • CRC
    • Runts
    • Giants
    • Dropped Packets
    • Late Collisions
    • Input/Output errors

Readings

edit
  1. Wikipedia: Troubleshooting
  2. Cisco: Troubleshooting Ethernet
  3. Cisco: Troubleshooting Tools

Multimedia

edit
  1. YouTube: The Network Troubleshooting Process - CompTIA Network+ N10-005: 1.8
  2. YouTube: Switch and Routing Diagnostics - CompTIA Network+ N10-005: 2.1
  3. YouTube: Troubleshooting Switch Loops - CompTIA Network+ N10-005: 2.5
  4. YouTube: Troubleshooting Network Cabling - CompTIA Network+ N10-005: 2.5
  5. YouTube: Troubleshooting Port Configuration - CompTIA Network+ N10-005: 2.5
  6. YouTube: Troubleshooting VLAN Assignments - CompTIA Network+ N10-005: 2.5
  7. YouTube: Troubleshooting Bad Fiber Modules - CompTIA Network+ N10-005: 2.5
  8. YouTube: Troubleshooting Mismatched MTUs - CompTIA Network+ N10-005: 2.5
  9. YouTube: Troubleshooting Power Failures - CompTIA Network+ N10-005: 2.5
  10. YouTube: Troubleshooting Routing - CompTIA Network+ N10-005: 2.5
  11. YouTube: Troubleshooting Subnet Masks and Gateways - CompTIA Network+ N10-005: 2.5
  12. YouTube: Troubleshooting Duplicate IP Addresses - CompTIA Network+ N10-005: 2.5
  13. YouTube: Troubleshooting DNS - CompTIA Network+ N10-005: 2.5
  14. YouTube: Cisco Troubleshooting Exercise

Examples

edit

IP Addressing

edit

show interfaces

edit

To display statistics for all interfaces configured on the router or access server, use the show interfaces command in privileged EXEC mode.[2]

show interfaces

Review

edit
  1. Review Cisco Networking/CCENT/Remote Management#show ip interface
  2. Review Cisco Networking/CCENT/Remote Management#show ip interface brief
  3. Review Cisco Networking/CCENT/Static Routing#show ip route
  4. Review Cisco Networking/CCENT/Switching#show arp
  5. Review Cisco Networking/CCENT/IOS Basics#show running-config
  6. Review Cisco Networking/CCENT/IOS Basics#show startup-config
  7. Review Cisco Networking/CCENT/Remote Management#ping
  8. Review Cisco Networking/CCENT/Static_Routing#trace / traceroute
  9. Review Cisco Networking/CCENT/Remote Management#telnet

VLANs

edit
  1. Review Cisco Networking/CCENT/VLANs#show vlan
  2. Review Cisco Networking/CCENT/VLANs#show interface trunk
  3. Review Cisco Networking/CCENT/VLANs#show interfaces switchport

Access Control Lists

edit
  1. Review Cisco Networking/CCENT/Access Control Lists#show access-lists
  2. Review Cisco Networking/CCENT/Access Control Lists#show ip access-lists
  3. Review Cisco Networking/CCENT/Remote Management#show ip interface

Layer 1 Problems

edit
  1. Review #show interfaces
  2. Review Cisco Networking/CCENT/Static Routing#show cdp neighbors

Activities

edit
  1. Troubleshoot and correct common problems associated with IP addressing and host configurations.
     
    1. Add two routers to a new GNS3 project and start the devices.
    2. Set the router global, password, interface, line, and remote management configurations to various matching and mismatched configurations.
    3. Practice verifying and troubleshooting the configurations using the following commands.
      • show interfaces
      • show ip interface
      • show ip interface brief
      • show ip route
      • show arp
      • show running-config
      • show startup-config
      • ping
      • trace / traceroute
      • telnet
      • ssh
  2. Troubleshoot and resolve VLAN and trunking problems.
     
    1. Add a router, an EtherSwitch router and four VPCS PCs to a new GNS3 project and start the devices.
    2. Set the VLANs, port membership, encapsulation, trunking, and IP addressing to various matching and mismatched configurations.
    3. Practice verifying and troubleshooting the configurations using the following commands.
      • show vlan
      • show interface trunk
      • show interfaces switchport
  3. Troubleshoot and resolve ACL issues.
     
    1. Add three routers and two VPCS PCs to a new GNS3 project and start the devices.
    2. Configure IP addressing and static or dynamic routing to connect all devices.
    3. Test the configuration using the following commands from the routers and the PCs. Test all router and PC addresses. All tests should be successful.
      • ping
      • trace
    4. Configure standard and extended ACLs to various matching and mismatched configurations.
    5. Practice verifying and troubleshooting the configurations using the following commands.
      • show access-lists
      • show ip access-lists
      • show ip interface
  4. Troubleshoot and resolve Layer 1 problems.
     
    1. Add two routers to a new GNS3 project and start the devices.
    2. Set the link between the devices to various matching and mismatched configurations.
    3. Practice verifying and troubleshooting Layer 1 problems using the following commands.
      • shutdown
      • no shutdown
      • show interfaces
      • show cdp neighbors

Lesson Summary

edit
  • Troubleshooting is a logical, systematic search for the source of a problem so that it can be solved, and so the product or process can be made operational again.[3]
  • Troubleshooting requires identification of the malfunction(s) or symptoms within a system. Then, experience is commonly used to generate possible causes of the symptoms. Determining the most likely cause is a process of elimination - eliminating potential causes of a problem. Finally, troubleshooting requires confirmation that the solution restores the product or process to its working state.[4]
  • A basic principle in troubleshooting is to start from the simplest and most probable possible problems first.[5]
  • Serial substitution involves checking each component in a system one by one, substituting known good components for each potentially suspect one.[6]
  • Bisection involves separating a larger system into two or more subsystems to isolate and identify problems and causes.[7]
  • One of the core principles of troubleshooting is that reproducible problems can be reliably isolated and resolved.[8]
  • Intermittent problems are often the result of components that are thermally sensitive, because the resistance of a circuit varies with the temperature of the conductors in it.[9]
  • Troubleshooters must always consider the possibility that there is more than one fault causing a given system failure.[10]
  • Troubleshoot common problems associated with IP addressing and host configurations using the show interfaces, show ip interface, show ip interface brief, show ip route, show arp, show running-config, show startup-config, ping, trace / traceroute, telnet, and ssh commands.
  • Troubleshoot VLAN and trunking problems using the show vlan, show interface trunk, and show interfaces switchport commands.
  • Troubleshoot ACL issues using the show access-lists, show ip access-lists, and show ip interface commands.
  • Troubleshoot Layer 1 problems using the show interfaces and show cdp neighbors commands.

Key Terms

edit
CRC (cyclic redundancy check)
An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.[11]
duplex mismatch
A condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex.[12]
error disabled (err-disabled)
A error situation detected on a port, resulting in the software shutting down that port.[13]
giant
An Ethernet frame that is longer than the IEEE standard 1,518 bytes.[14]
late collision
A collision that occurs more than 64 octets into the frame.[15]
runt
An Ethernet frame that is less than the IEEE 802.3's minimum length of 64 octets.[16]
up and up
Refers to the two interface states of line status and protocol status both being enabled.[17]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Troubleshooting is _____.
    Troubleshooting is a logical, systematic search for the source of a problem so that it can be solved, and so the product or process can be made operational again.
  2. Troubleshooting requires _____.
    Troubleshooting requires identification of the malfunction(s) or symptoms within a system. Then, experience is commonly used to generate possible causes of the symptoms. Determining the most likely cause is a process of elimination - eliminating potential causes of a problem. Finally, troubleshooting requires confirmation that the solution restores the product or process to its working state.
  3. A basic principle in troubleshooting is to _____.
    A basic principle in troubleshooting is to start from the simplest and most probable possible problems first.
  4. Serial substitution involves _____.
    Serial substitution involves checking each component in a system one by one, substituting known good components for each potentially suspect one.
  5. Bisection involves _____.
    Bisection involves separating a larger system into two or more subsystems to isolate and identify problems and causes.
  6. One of the core principles of troubleshooting is that _____.
    One of the core principles of troubleshooting is that reproducible problems can be reliably isolated and resolved.
  7. Intermittent problems are often the result of _____.
    Intermittent problems are often the result of components that are thermally sensitive, because the resistance of a circuit varies with the temperature of the conductors in it.
  8. Troubleshooters must always consider the possibility that _____.
    Troubleshooters must always consider the possibility that there is more than one fault causing a given system failure.
  9. Troubleshoot common problems associated with IP addressing and host configurations using the _____ commands.
    Troubleshoot common problems associated with IP addressing and host configurations using the show interfaces, show ip interface, show ip interface brief, show ip route, show arp, show running-config, show startup-config, ping, trace / traceroute, telnet, andssh commands.
  10. Troubleshoot VLAN and trunking problems using the _____ commands.
    Troubleshoot VLAN and trunking problems using the show vlan, show interface trunk, and show interfaces switchport commands.
  11. Troubleshoot ACL issues using the _____ commands.
    Troubleshoot ACL issues using the show access-lists, show ip access-lists, and show ip interface commands.
  12. Troubleshoot Layer 1 problems using the _____ commands.
    Troubleshoot Layer 1 problems using the show interfaces and show cdp neighbors commands.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.