Husain Ccna Notes

  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Husain Ccna Notes as PDF for free.

More details

  • Words: 114,460
  • Pages: 386
CCNA Discovery - Working at a Small-toMedium Business or ISP 1 The Internet and Its Uses 1.0 Chapter Introduction 1.0.1 Introduction Page 1: 1.0.1 - Introduction The globalization of the Internet has succeeded faster than anyone could have imagined. The manner in which social, commercial, political, and personal interactions occur is rapidly changing to keep up with the evolution of the Internet. This expansion has created a wider audience and a larger consumer base for whatever message, product, or service can be delivered. Today, there are millions of individuals connected to this global network, and the number is growing. After completion of this chapter, you should be able to: Describe how the Internet is evolving and the various ways that businesses are using the Internet. Describe the importance of standards in the continuing growth of the Internet. Describe the purpose of an Internet Service Provider (ISP) and the services that it offers. Describe the hierarchical structure of the Internet and the purpose of the Point of Presence (POP) and the Internet Exchange Point (IXP). Identify the types of devices used by the ISP to provide services and describe the importance of scalability in the ISP network. Describe the various network support teams that work at an ISP and the roles and responsibilities of each one.

1.1 What is the Internet? 1.1.1 The Internet and Standards Page 1: The Internet is a worldwide, publicly accessible network of networks. It enables individuals and businesses alike, through interconnected computer networks, to share information, resources, and services.

In the beginning, the Internet was used strictly for scientific, educational, and military research. In 1991, regulations changed to allow businesses and consumers to connect as well. The Internet has grown rapidly, and is now global. New technologies are continuously being developed that make the Internet easier and more attractive to use. Online applications are available to the Internet user, including email, web browsing, streaming music and video, gaming, and instant messaging.

The way people interact, share information, and even do business is changing to keep up with the continuous evolution of this global network. The Internet is creating a wider audience and consumer base for whatever message, product, or service can be delivered. For many businesses, having Internet access has become critical, not only for communication but also for day-to-day operation. Some of the business uses of the Internet include:

• • •

E-Commerce Communications Collaboration and training

1.1.1 The Internet and Standards The diagram depicts an individual customer, home office customers, and employees of a business. An intranet cloud is connected to the Internet cloud containing the following business uses: E-commerce, Collaboration and Training, and Communications. E-Commerce Refers to any business that can be conducted over the web. This includes the use of webspace for advertisements, brochures, catalogs, as well as ordering and distribution services. Companies can sell products and services over the Internet from their own websites, through auction sites, or through affiliated websites. Collaboration and Training Refers to creating environments that allow for sharing of documents, presentations, and spreadsheets. Allows for virtual teams of people to work together from remote locations for business and training purposes. Examples include video conferencing, virtual meeting places, virtual classrooms, online learning, online bulletin boards, FTP, and password protected databases and applications. Communications Refers to any electronic method of communication, such as the use of email, instant messaging, and online chat. In addition, many businesses use internal phone systems that operate over the Internet using IP phones and Voice over IP (V o IP) technology to reduce phone costs. Page 2: With the increasing number of new devices and technologies coming online, how is it possible to manage all the changes and still reliably deliver services such as email? The answer is Internet standards.

A standard is a set of rules that determines how something must be done. Networking and Internet standards ensure that all devices connecting to the network use the same set of rules. Using standards, it is possible for different types of devices to send information to each other over the Internet. For example, the way in which an email is formatted, forwarded, and received by all devices is done according to a standard. If one person sends an email via a personal

computer, another person can use a mobile phone to receive and read the email as long as the mobile phone uses the same standards as the personal computer.

An Internet standard is the end result of a comprehensive cycle of discussion, problem solving, and testing. When a new standard is proposed, each stage of the development and approval process is recorded in a numbered Request for Comments (RFC) document so that the evolution of the standard is tracked.

There are thousands of Internet standards that help define the rules for how devices communicate on networks. These different standards are developed, published, and maintained by a variety of different organizations. Because these organizations create and maintain standards, millions of individuals are able to connect to the Internet using a variety of devices, including personal computers, mobile phones, handheld personal digital assistants (PDAs), MP3 players, and even televisions.

1.1.1 The Internet and Standards The diagram depicts a number of statements. A standard is a set of rules. Players from different countries can play a sport together because they all agree to use the same official rules. In the same way, Internet standards make it possible for different types of devices to work together. Examples of where Internet standards are used include the following: HTTP IP Addresses Domain Registries Routing Protocols TCP/IP Transport Protocols FTP DNS WWW HTML Telnet Streaming Video FTP Sites Mobile Computing Email PDA Instant Messaging MP3 Players Cell Phones Internet standards are developed, published, and maintained by many different organizations, such as I S O, IEEE, I C A N N, I A N A, and I E TF.

1.1.2 ISP and ISP Services Page 1: Regardless of the type of device that an individual or business uses to connect to the Internet, the device must connect through an Internet service provider (ISP). An ISP is a company or organization through which a subscriber obtains Internet access. A subscriber can be a business, a private consumer, a government body, or even another ISP.

In addition to offering connection to the Internet, an ISP can offer other services to subscribers, including:

• • • •

• •



Equipment co-location - A business may opt to have some or all internal network equipment physically located on the ISP premises. Web hosting - The ISP provides the server and application software for storing web pages and web content for the business website. FTP - The ISP provides the server and application software for the FTP site of a business. Applications and media hosting - The ISP provides the server and software to allow a business to provide streaming media such as music, video, or applications such as online databases. Voice over IP - A business can save on long distance telephone charges, especially for internal calls between geographically distant offices, by using Voice over IP (VoIP). Technical support - Many businesses do not have the in-house technical expertise to manage large internal networks. Some ISPs provide technical support and consulting services for an additional fee. Point of Presence (POP) - A business has the option of connecting to the ISP through POP, using a variety of access technologies.

1.1.2 I S P and I S P Services The diagram depicts the following business services that are provided by an I S P: FTP Hosting Web Hosting Equipment Co-Location Voice Over IP Technical Support Applications and Media Hosting POP Internet Access Page 2: 1.1.2 I S P and I S P Services The diagram depicts an activity in which you must match the requirements of an end-user to ISP A or ISP B.

ISP A: $40 per month - no monthly contract 10 email accounts Unlimited monthly access 24/7 1-800 support V o IP services $30 per month DSL access 1 GB Web hosting and FTP services ISP B: $80 per month - 2 year contract 30 email accounts Extra for a fee DSL and Cable access Toll-free customer support -24/7 V o IP service - $30 per month 2 GB Web hosting and FTP services Maintains customer equipment on-site Maintains on-line database and security services Video conferencing services for an additional per $15 month Scenario One. A small business needs an ISP to host their informational website. Customers call the company to place their orders. In addition, the business needs V o I P services to reduce longdistance phone charges and FTP services to share and store files. Cost and flexibility are factors as the company plans to grow over the next few years and may require additional services that they do not need presently. Scenario Two. A business with 50 employees would like to offer their employees on-site training with video conferencing. Employees must be able to access an internal company website for training materials and information. All 50 employees require email accounts. Scenario Three. A small business wants to create an e-commerce website that allows for online ordering of their products and services. The e-commerce website must be maintained on the ISP premise. A database is needed to maintain customer records. Technical support and security are major considerations.

1.2 ISPs 1.2.1 Delivering Internet Services to End Users Page 1: To gain access to the Internet, it is first necessary to have a connection to an ISP. ISPs offer various connection options. The main connection methods used by home and small business users are:

Dialup access

Dialup access is an inexpensive option that uses any phone line and a modem. To connect to the ISP, a user calls the ISP access phone number. Dialup is the slowest connection option, and is

typically used by mobile workers and in areas where higher speed connection options are not available.

DSL

Digital subscriber line, or DSL, is more expensive than dialup, but provides a faster connection. DSL also uses telephone lines, but unlike dialup access, DSL provides a continuous connection to the Internet. This connection option uses a special high-speed modem that separates the DSL signal from the telephone signal and provides an Ethernet connection to a host computer or LAN.

Cable modem

A cable modem is a connection option offered by cable television service providers. The Internet signal is carried on the same coaxial cable that delivers cable television to homes and businesses. A special cable modem separates the Internet signal from the other signals carried on the cable and provides an Ethernet connection to a host computer or LAN.

Satellite

Satellite connection is an option offered by satellite service providers. The user's computer connects through Ethernet to a satellite modem that transmits radio signals to the nearest Point of Presence, or POP, within the satellite network.

1.2.1 Delivering Internet Services to End Users The diagram depicts a dialup customer connecting through a dialup modem, and a DSL customer connecting through a DSL modem, a cable customer connecting through a cable modem, and a satellite customer connecting through a satellite modem. The dialup customer is connected to ISP A, the telephone company. Dialup Modem With access speeds around 56 kbps, dialup access is the slowest connection option. For example, downloading a 5MB file using a 56 kbps dialup connection will take approximately twelve minutes. The DSL customer is connected to ISP A, the telephone company. DSL Modem DSL is a broadband technology that provides high speed digital transmission at speeds from 512

kbps and higher. If you were connected at 512 kbps, a 5 MB file would download in approximately one minute. Upload and download speeds vary based on geography, distance from the ISP, and ISP services available. There are many types of DSL. Typically a home user would use Asymmetric Digital Subscriber Line (A DSL), where the download speed is higher than the upload speed. Another type of DSL service is called Symmetric Digital Subscriber Line (SDSL). The upload and download speeds are the same for SDSL, so this service might be more useful for small-to-medium businesses. The cable customer is connected to ISP B, the cable service provider. Cable Modem Cable is also a broadband technology with speeds similar to DSL. Depending on location and ISP, cable service can be purchased from 512 kbps and higher. Unlike DSL, the performance of cable is not affected by the distance from the ISP . Cable is a shared bandwidth service, so as more customers in an area connect and use the Internet, the speed is affected. The satellite customer is connected to ISP C, the satellite service provider. Satellite Modem Satellite Internet access speeds range from 128 kbps to 523 kbps, depending on the subscriber plan. Page 2: Bandwidth is measured in bits per second (bps). Higher bandwidth speeds are measured in kilobits per second (kbps), megabits per second (Mbps), or gigabits per second (Gbps).

There are three main types of high-bandwidth connection options that are used by businesses:







T1 connections transmit data up to 1.544 Mbps. T1 connections are symmetrical, meaning that the upload bandwidth is the same as the download bandwidth. A mediumsized business may need only one T1 connection. E1 is a European standard that transmits data at 2.048 Mbps. T3 connections transmit data up to 45 Mbps. Although considerably more expensive than a T1 connection, larger businesses may need a T3 connection to accommodate the number of employees. Large businesses with multiple locations might use a combination of T1 and T3 lines. E3 is a European standard that transmits data at 34.368 Mbps. Metro Ethernet offers a wide range of high-bandwidth options, including Gbps links. Large companies with many branches in the same city, such as banks, use Metro Ethernet. Metro Ethernet connects the main office location and all the branches using switched technology. Metro Ethernet allows the transfer of large amounts of data faster and less expensively than other high-bandwidth connection options.

1.2.1 Delivering Internet Services to End Users The diagram depicts three high bandwidth business I S P connection options: medium-sized business, large business, and large business with branch offices located in the same city.

Medium-sized business - T1/E1, 1.544 /2.048 Mbps connected to a POP at the ISP. Large business - T3/E3, 44.736 /34.368 Mbps connected to a POP at the ISP. Large business with branch offices in same city - Metro Ethernet 10 Gbps connected to an Ethernet switch at the ISP. Page 3: After the type of connection is established, it is necessary to connect to the ISP to get access to the Internet. Individual computers and business networks connect to the ISP at the POP. POPs are located at the edge of the ISP network and serve a particular geographical region. They provide a local point of connection and authentication (password control) for multiple end users. An ISP may have many POPs, depending on the size of the POP and the area that it services.

Within the ISP network, high-speed routers and switches move data between the various POPs. Multiple links interconnect the POPs to provide alternate routes in case one of the links becomes overloaded with traffic or fails.

1.2.1 Delivering Internet Services to End Users The diagram depicts Company A intranet connected to one of four ISP POP's. Multiple links interconnect the POPs to provide alternate routes in case one of the links becomes overloaded with traffic or fails. 1.2.2 Internet Hierarchy Page 1: The Internet has a hierarchical structure. At the top of this hierarchy are the ISP organizations. The ISP POPs connect to an Internet Exchange Point (IXP). In some countries, this is called a Network Access Point (NAP). An IXP or NAP is where multiple ISPs join together to gain access to each other's networks and exchange information. There are currently over 100 major exchange points located worldwide.

The Internet backbone consists of this group of networks owned by various organizations and interconnected through IXPs and private peering connections.

The Internet backbone is like an information super highway that provides high-speed data links to interconnect the POPs and IXPs in major metropolitan areas around the world. The primary medium that connects the Internet backbone is fiber-optic cable. This cable is typically installed underground to connect cities within continents. Fiber-optic cables also run under the sea to connect continents, countries, and cities.

1.2.2 Delivering Internet Services to End Users The animation depicts Company A in Hong Kong and Company B in New York using an Internet backbone to send messages. The user in New York says, I am sending an email to Mr. Chu in Hong Kong. The data travels from the Company B Intranet in New York, through multiple ISP 2 POP's, to an Internet Exchange Point (IXP), across the Internet backbone to another IXP, through the ISP 1 POP's, to the Company A intranet, to the user in Hong Kong. The user in Hong Kong says, I see I have an email from Company B in New York. Page 2: ISPs are classified into different tiers according to how they access the Internet backbone:







Tier 1 ISPs are the top of the hierarchy. Tier 1 ISPs are huge organizations that connect directly with each other through private peering, physically joining their individual network backbones together to create the global Internet backbone. Within their own networks, the Tier 1 ISPs own the routers, high-speed data links, and other pieces of equipment that join them to other Tier 1 ISP networks. This includes the undersea cables that connect the continents. Tier 2 ISPs are the next tier in terms of backbone access. Tier 2 ISPs can also be very large, even extending across several countries, but very few have networks that span entire continents or between continents. To provide their customers with global Internet access, some Tier 2 ISPs pay Tier 1 ISPs to carry their traffic to other parts of the world. Some Tier 2 ISPs exchange global traffic with other ISPs less expensively through public peering at IXPs. A large IXP may bring together hundreds of ISPs in a central physical location for access to multiple networks over a shared connection. Tier 3 ISPs are the farthest away from the backbone. Tier 3 ISPs are generally found in major cities and provide customers local access to the Internet. Tier 3 ISPs pay Tier 1 and 2 ISPs for access to the global Internet and Internet services.

1.2.2 Delivering Internet Services to End Users The diagram depicts the three tiers of Internet access. The Tier 1 ISP's say, We Tier 1 ISP's own the Internet Backbone together. We can connect anywhere in the world. The Tier 2 ISP D in France says, I pay a Tier 1 ISP for transit services so I can connect to the world. The Tier 2 ISP E in Australia says, I connect to an IXP for access to the world. The Tier 2 ISP F in New Zealand says, There is no IXP near me, so I connect to the world through my private connection with ISP E. The Tier 2 ISP G in the USA says, I connect to an IXP for access to the world. The Tier 3 ISP's say, I pay a Tier 1 or Tier 2 ISP for transit services so that I can reach the world.

1.2.3 Using Tools to Map the Internet Page 1: Network utilities create a map of the various interconnections to visualize how ISP networks interconnect. These utilities also illustrate the speed at which each connecting point can be reached.

The ping command tests the accessibility of a specific IP address. The ping command sends an ICMP (Internet Control Message Protocol) echo request packet to the destination address and then waits for an echo reply packet to return from that host. ICMP is an Internet protocol that is used to verify communications. It measures the time that elapses between when the request packet is sent and the response packet is received. The ping command output indicates whether the reply was received successfully and displays the round-trip time for the transmissions.

To use the ping command, enter the following command at the Cisco command line interface (CLI) router prompt or at the Windows command prompt:

ping

where is the IP address of the destination device.

For example, ping 192.168.30.1.

1.2.3 Identifying the Structure of the Internet The diagram depicts the process of the ping command between hosts H1 and H2. H1, with IP address 192.168.10.1, asks, Is H2 reachable? and sends a ping to H2, IP address 192.168.30.1. The I CMP Echo Request packet travels from H1 through a switch, then two routers and another switch, to H2. H2 responds, Yes I am here, and sends an I CMP Echo Reply back to H1. Page 2: If a packet does not reach the destination, or if delays are encountered along the way, how is it determined where the problem is located or through which routers the packet has passed?

The traceroute utility displays the path that a packet takes from the source to the destination host. Each router that the packet passes through is called a hop. Traceroute displays each hop along the way. It also calculates the time between when the packet is sent and when a reply is received from the router at each hop.

If a problem occurs, use the output of the traceroute utility to help determine where a packet was lost or delayed. The output also shows the various ISP organizations that the packet must pass through during its journey from source to destination.

The Windows tracert utility works the same way. There are also a number of visual traceroute programs that provide a graphical display of the route that a packet takes.

1.2.3 Identifying the Structure of the Internet The diagram depicts an example of a trace-route command through multiple routers from York to London to Paris and then to Rome. The trace-route output shows the path the packets take between York and Rome. Refer to output in the Hands-on Lab: Mapping ISP Connectivity Using Trace-route. Page 3: Lab Activity

Use traceroute to check ISP connectivity through the Internet.

Click the lab icon to begin.

1.2.3 Identifying the Structure of the Internet Link to Hands-on Lab: Mapping ISP Connectivity Using Trace-route Page 4: Packet Tracer Activity

Interpret the output of ping and traceroute.

Click the Packet Tracer icon to begin.

1.2.3 Identifying the Structure of the Internet Link to Packet Tracer Exploration: Interpreting Ping and Trace-route Output

1.3 ISP Connectivity 1.3.1 ISP Requirements Page 1: An ISP requires a variety of devices to accept input from end users and provide services. To participate in a transport network, the ISP must be able to connect to other ISPs. An ISP must also be able to handle large volumes of traffic.

Some of the devices required to provide services include:



• • • •

Access devices that enable end users to connect to the ISP, such as a DSL Access Multiplexer (DSLAM) for DSL connections, a Cable Modem Termination System (CMTS) for cable connections, modems for dialup connections, or wireless bridging equipment for wireless access. Border gateway routers to enable the ISP to connect and transfer data to other ISPs, IXPs, or large business enterprise customers. Servers for such things as email, network address assignment, web space, FTP hosting, and multimedia hosting. Power conditioning equipment with substantial battery backup to maintain continuity if the main power grid fails. High capacity air conditioning units to maintain controlled temperatures.

1.3.1 I S P Requirements The diagram depicts the equipment requirements of an ISP for end user connections. Types of access devices include a DSL access multiplexer (D SLAM), a cable modem termination system (CMTS), a modem bank, and T1/E1. Page 2: ISPs, like other businesses, want to expand so that they can increase their income. The ability to expand their business depends on gaining new subscribers and selling more services. However, as the number of subscribers grows, the traffic on the network of the ISP also grows.

Eventually, the increased traffic may overload the network, causing router errors, lost packets, and excessive delays. In an overloaded network, subscribers can wait for minutes for a web page to load, or may even lose network connection. These customers may choose to switch to a competing ISP to get better performance.

Loss of customers directly translates to loss of income for an ISP. For this reason, it is important that the ISP provides a reliable and scalable network.

Scalability is the capacity of a network to allow for future change and growth. Scalable networks can expand quickly to support new users and applications without affecting the performance of the service being delivered to existing users.

The most scalable devices are those that are modular and provide expansion slots for adding modules. Different modules can have different numbers of ports. In the case of a chassis router, some modules also offer different interface options, allowing for different connection options on the same chassis.

1.3.1 ISP Requirements The diagram depicts the concept of scalability by showing the expansion of an ISP from 150 subscribers to 1,500 subscribers, and the necessity to add extra capacity and services to handle the growth. Page 3: Packet Tracer Activity

Identify appropriate equipment to meet the business needs of ISP customers.

View printable instructions.

Click the Packet Tracer icon to begin.

1.3.1 ISP Requirements Link to Packet Tracer Exploration: Identifying Equipment to Meet Customer Requirements 1.3.2 Roles and Responsibilities within an ISP Page 1: ISP organizations consist of many teams and departments which are responsible for ensuring that the network operates smoothly and that the services are available.

Network support services are involved in all aspects of network management, including planning and provisioning of new equipment and circuits, adding new subscribers, network repair and maintenance, and customer service for network connectivity issues.

When a new business subscriber orders ISP services, the various network support service teams work together to ensure that the order is processed correctly and that the network is ready to deliver those services as quickly as possible.

1.3.2 Roles and Responsibilities within an ISP The diagram depicts images of people representing the following roles and responsibilities of an ISP: Customer Service Order Entry Planning and Provisioning Team On-site Installation Team NOC Team Help Desk Technical Support Page 2: Each of the network support service teams have their own roles and responsibilities:

• • • • •

Customer Service receives the order from the customer and ensures that the specified requirements of the customer are accurately entered into the order tracking database. Planning and Provisioning determines whether the new customer has existing network hardware and circuits and if new circuits need to be installed. The On-site Installation is advised of which circuits and equipment to use and then installs them at the customer site. The Network Operations Center (NOC) monitors and tests the new connection and ensures that it is performing properly. The Help Desk is notified by the NOC when the circuit is ready for operation and then contacts the customer to guide them through the process of setting up passwords and other necessary account information.

1.3.2 Roles and Responsibilities within an ISP The diagram depicts the role each of the network support teams plays, with an example of a customer ordering a T1 circuit for Internet access. The customer says, We want to order a T1 Internet connection. The customer service order entry says, I have entered your T1 order into our system. The Planning and Provisioning Team says, I have checked our network plans. Now I will tell the on-site technician which T1 circuit to use. The On-site Installation Team says, I have connected the T1 circuit at the customer premises.

The NOC Team says, We have tested the T1 Circuit. It is now ready to use. The Help Desk Technical Support says, This is how to access the new T1 connection. Page 3: 1.3.2 Roles and Responsibilities within an ISP The diagram depicts an activity in which you must match the ISP role to its responsibility. ISP Responsibilities. A. Members of this team ensure that the specified requirements of the customer are accurately entered into the order tracking database. B. Members of this team determine whether existing network hardware and circuits are available or whether new circuits need to be installed. C. Members of this team install equipment at the customer site. D. Members of this team monitor and test connections. E. Members of this team guide the customer through the process of setting up passwords and other account information for the new connection. ISP Roles One.Help Desk Team. Two.Planning and Provisioning Team. Three.Onsite Installation Team. Four.Customer Service Team. Five.NOC Team.

1.4 Chapter Summary 1.4.1 Summary Page 1: 1.4.1 Summary Diagram 1, Image The diagram depicts various protocols and devices related to the Internet. Diagram 1 text Many businesses use the Internet for e-commerce, communications, collaboration, and training. Networking and Internet standards ensure that all devices connecting to the network use the same set of rules. By having standards, it is possible for different types of devices to send information to each other over the Internet. Regardless of the type of device that an individual or business wants to use to connect to the Internet, the device must connect through an Internet service provider (ISP). In addition to offering connection to the Internet, an ISP can offer services, such as equipment co-location, Web hosting, FTP hosting, technical support, Voice over IP, applications and media hosting. Diagram 2, Image

The diagram depicts the transfer of data on an Internet backbone. Diagram 2 text Larger businesses typically require more bandwidth and higher-speed connections such as T1/E1, T3/E3, and Metro Ethernet. The ISP POP's connect to an Internet Exchange Point (IXP), a point where multiple ISP's join together to gain access to each others networks and exchange information. The Internet backbone is made up of a group of networks owned by various organizations. The are interconnected through IXP's and private peering connections. ISP's are classified as Tier 1, Tier 2, or Tier 3, according to how they access the Internet backbone. Diagram 3, Image The diagram depicts devices connecting to a NOC using various access methods. Diagram 3 text An ISP requires a number of devices to accept input from end users and provide services, such as access devices, border gateway routers, high end air conditioning units, and power conditioning equipment. The ISP provides a reliable and scalable network. A scalable network can expand quickly to support new users and applications without impacting current performance. Diagram 4, Image The diagram depicts images of employees at an ISP . Diagram 4 text ISP organizations are made up of many teams and departments that have the responsibility of ensuring the smooth operation of the network. ISP network support teams may include a customer service team, a NOC team, an on-site installation team, a planning and provisioning team, and a help desk team.

1.5 Chapter Quiz 1.5.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

1.5.1 Quiz Chapter 1 Quiz: The Internet and Its Uses

1.What is the function of the planning and provisioning team within the ISP organization? A.writing service level agreements. B.answering help desk calls from customers. C.installing customer premises equipment. D.managing the network operations center. E.identifying whether existing network hardware and circuits are available. 2.What are two characteristics of a scalable network? (Choose two.) A.easily overloaded with increased traffic. B.grows in size without impacting existing users. C.is not as reliable as a small network. D.contains modular devices that allow for expansion. E.offers limited number of applications. 3.Why do multiple ISP's connect to an IXP or a NAP? (Choose two.) A.to gain access to each other's networks. B.to provide dial-up access for their customers. C.to access the Internet backbone. D.to create large private networks. E.to secure network transmissions. 4.A network administrator can successfully ping the server at www.cisco.com, but cannot ping the company web server located at an ISP in another city. Which tool or command would help identify the specific router where the packet was lost or delayed? A.ipconfig. B.netstat. C.telnet. D.traceroute. 5.What makes it possible for email to be sent and received on a wide variety of devices, including cell phones, PDAs, laptops, and desktop computers? A.All of the devices run the same operating system software. B.There is a single provider of email server software. C.The devices use the same email client software, so they are compatible. D.Email software is written using standards and protocols that ensure compatibility. 6.Match the ISP service with the description. ISP Service A.Technical Support. B.Application and Media Hosting. C.FTP Hosting. D.Equipment Co-location. Description 1.ISP provides file-server space and access for clients to download the stored files. 2.ISP help desk provides 24-hour assistance to end users. 3.Servers owned by the ISP customer are installed at the ISP facility. 4.Streaming video services provided by the ISP enable customers to view on-line conferences. 7.Which connectivity option would be a good choice for a large university with three campus locations in the same major city? A.cable. B.DSL. C.T1. D.Metro Ethernet.

8.Which statement describes a function provided by Tier 3 Internet Service Providers? A.peer with other similarly sized ISP's to form the global Internet backbone. B.own and operate undersea fiber runs to provide Internet connectivity across oceans. C.connect individuals and small businesses to the Internet. D.provide the link between Tier 2 ISP's and the global Internet backbone. 9.Why do small businesses and individuals choose DSL and cable connectivity instead of T3 connections? A.DSL and cable connectivity offers higher speeds than T3 connections. B.T3 connections do not provide enough upload bandwidth to meet their needs. C.T3 connections are usually more expensive than DSL or cable options. D.T3 connections are less reliable than DSL or cable. 10.This question refers to an exhibit described as follows: Host A is connected to a cloud consisting of six routers, Router A, Router B, Router C, Router D, Router E, and Router F. Host A is directly connected to the cloud via a serial connection to Router A. All routers within the cloud are connected in a ring type topology via serial connections in the following manner; Router A is connected to Routers B and C. Router B is connected to Router E. Router E is connected to Router F. Router F is connected to Router D. Router D is connected to Router C. Router C is then connected back to Router A. A webserver exists outside the cloud and is connected to the cloud via a serial connection to Router F. Below are the router IP addresses: Router A - 192.168.1.1 /24 Router B - 192.168.2.1 /24 Router C - 192.168.3.1 /24 Router D - 192.168.4.1 /24 Router E - 192.168.5.1 /24 Router F - 192.168.6.1 /24 Also in the exhibit includes the tracert output from Host A as follows: C:\>tracert 192.168.100.2 Tracing route to webserver [192.168.100.2] Over a maximum of 30 hops: 1<1ms1ms1ms192.168.1.1 1<5ms5ms5ms192.168.2.1 1<12ms11ms12ms192.168.5.1 1<25ms22ms23ms192.168.6.1 1<30ms30ms30mswebserver [192.168.100.2] Trace complete. C:\> Using the topology description and the output answer the following question. Host A has multiple paths to the web server. Based on the output of the tracert command and the IP addresses that are given, which path was used to reach the destination? A.A,D,G,F B.A,B,D,F C.A,B,E,F D.A,C,G,F

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 2 Help Desk 2.0 Chapter Introduction 2.0.1 Introduction Page 1: 2.0.1 Introduction Providing Internet services is a highly competitive business. Poor services can cause the ISP to lose customers to competing ISP's. Having a good help desk ensures that problems are resolved quickly and to the customers satisfaction. Whether a technician is employed inside the organization as a help desk technician, or as an onsite support technician, they represent the ISP to the customer. After completion of this chapter, you should be able to:

Describe the various roles of help desk and installation technicians. Describe the seven layers of the O S I model and how the O S I model is used in troubleshooting network issues. Identify common tools and diagnostic procedures of help desk technicians. Describe on-site procedures to resolve issues.

2.1 Help Desk Technicians 2.1.1 ISP Help Desk Organization Page 1: Many business operations depend on the connection to the local network and to the Internet. Because of this, solving network problems is a top priority for businesses.

ISPs provide the Internet connection for businesses, and they provide their customers support for problems that occur with Internet connectivity. This support usually includes assistance with customer equipment problems. ISP support is typically provided through the ISP help desk. Whether the problem is connecting to the Internet or getting email, the ISP help desk is usually the first place a user or business turns to for help.

ISP help desk technicians have the knowledge and experience to fix problems and get users connected. ISP help desk technicians provide solutions to customer problems with the goal of network optimization and customer retention.

A good help desk team ensures that problems are resolved quickly and to the satisfaction of the customer. Providing Internet services is a highly competitive business, and poor service can cause the ISP to lose customers to competing ISPs.

2.1.1 ISP Help Desk Organization The diagram depicts a helpdesk technician working with a user over the phone to reset the customers password. The technician says, Good morning, you have reached the help desk. My name is Joan. How may I help you? The customer says, I have a problem with the Internet. The technician says, May I please have your customer information? What is your name and contract number? The customer says, My contract is M A-1955, and my name is Allan Michaels. The technician says, Hi Allan, please describe the problem and I will start a trouble ticket. The customer says, I cannot log in. It keeps giving me a blue box with an error message. The technician says, You may have entered the incorrect password. I can reset it for you. The customer says, OK, thank you. The technician says, Your new password is P A55w 0R D. The system will require you to reset it

again when you log in. Please try it now. The customer says, It is working. Thank you. Page 2: At an ISP, there are usually three levels of customer support:

• • •

Level 1 is for immediate support handled by junior-level help desk technicians. Level 2 handles calls that are escalated to more experienced telephone support. Level 3 is for calls that cannot be resolved by phone support and require a visit by an onsite technician.

In addition to ISPs, many other types of medium to large businesses employ help desk or customer support teams. The titles assigned to the technicians may vary from those described here, although the three-level hierarchy is the most common structure. Depending on the size of the organization, the help desk can consist of one person that performs all three levels of support, or it can be a comprehensive call center with elaborate call routing facilities and escalation rules. Some ISPs and businesses contract out their help desk functions to a third-party call center company, which provides the services of Level 1 and Level 2 technicians.

2.1.1 ISP Help Desk Organization The diagram depicts the process used by a helpdesk to solve a network problem. The problem starts at the Level 1 helpdesk. If Level 1 is able to solve the problem, the issue does not escalate. If the problem is not solved, it is passed to Level 2. If Level 2 is unable to solve the problem, it is passed to Level 3, who must then fix the problem in the field. 2.1.2 Roles of ISP Technicians Page 1: When a user initially contacts the help desk to resolve an issue, the call or message is usually directed to a Level 1 support technician. Level 1 support is usually an entry-level position that provides junior technicians with valuable experience. Many customer issues are resolved by the Level 1 support technician.

Issues that cannot be resolved are sent to Level 2 support, which typically has fewer agents available. The duties and responsibilities of the Level 2 technician are similar to that of the Level 1 technician, but they are at a higher skill level. These agents are expected to solve problems that are more challenging and require more knowledge.

2.1.2 Roles of ISP Technicians The diagram depicts Level 1 and Level 2 support responsibilities.

Level 1 Support Responsibilities Diagnose basic network connectivity issues. Diagnose and document the symptoms of hardware, software, and system problems. Resolve and document any basic user issues. Help customers complete online order forms to attain various systems, services, hardware, software, reports, and entitlements. Escalate unresolved issues to the next level. Level 2 Support Responsibilities Diagnose and solve more difficult network problems. Use diagnostic tools and remote desktop sharing tools to identify and fix problems. Identify when an on-site technician must be dispatched to perform repairs. Page 2: Many larger service providers have expanded their businesses to include managed services or on-site support of a customer network. Organizations that provide managed services are sometimes referred to as Managed Service Providers (MSP). Managed services can be provided by ISPs, telecommunications service providers, or other types of computer and network support organizations. When an ISP is providing managed services, it often requires technicians to visit customer sites for the purpose of installation and support. This type of service represents Level 3 support.

Level 3 support is usually in accordance with a Service Level Agreement (SLA). An SLA resembles an insurance policy, because it provides coverage or service if there is a computer or network problem.

2.1.2 Roles of ISP Technicians The diagram depicts Level 3 support responsibilities. Level 3 Support Responsibilities Diagnose and resolve problems that have been escalated by the Level 1 and Level 2 technicians. Survey network conditions for analysis by a senior network technician. Install and configure new equipment, including customer premise equipment upgrades, when necessary. Page 3: 2.1.2 Roles of ISP Technicians The diagram depicts an activity in which you must match each responsibility to Help Desk Level 1, Help Desk Level 2, or On-site Level 3. Responsibilities One. Surveys and documents current network conditions for analysis by senior level technician. Two. Obtains initial information about customer problems. Three.Performs installation of equipment.

Four. Identifies when a technician must be dispatched to the customer site. Five. Opens the trouble ticket. Six. Uses remote desktop sharing to diagnose and fix difficult problems. 2.1.3 Interacting with Customers Page 1: Help desk technicians may be required to provide phone support, email support, web-based support, online chat support, and possibly on-site support. They are often the first point of contact for frustrated and anxious customers. Until a problem is solved, help desk technicians may continue to get calls and correspondence asking for status updates and time estimates to resolve an issue.

The help desk technician must be able to stay focused in an environment with frequent interruptions and perform multiple tasks efficiently and accurately. It can be difficult to consistently maintain a positive attitude and provide a high level of service. The help desk technician has to have excellent interpersonal skills and effective communication skills, both oral and written. The technician must be able to work independently and as part of a team.

It is important for the help desk technician to be able to handle customer issues with speed, efficiency, and professionalism. Help desk technicians should conduct themselves in accordance with the company's customer service philosophy. A customer service philosophy is an organization-wide ethic shared by everyone from top management to operational staff.

Basic incident management procedures must be followed every time a help desk technician receives a call and begins troubleshooting issues. Incident management includes opening a trouble ticket and following a problem-solving strategy. Problem-solving techniques include using troubleshooting flowcharts, addressing questions in a template format, and maintaining proper ticket escalation procedures.

A help desk script is used by the help desk technician to gather information and cover the important facts about customer incident.

2.1.3 Interacting with Customers The animation depicts the interaction between a help desk technician and a customer when the customer calls with an issue. The following list describes the appropriate way to work with the customer. Be prepared to answer the customer call in accordance with the company customer service policies. Answer the call in a courteous manner and immediately identify yourself and the company. Ask for the customer contact information. Keep the customer informed of what you are doing

and why you need the information. Follow the help desk script. Begin by verifying the information in the customer record. Show empathy for the customer. Make sure the customer understands that you will do everything necessary to solve the problem as quickly as possible. Continue following the script, recording all of the information on the trouble ticket. Always ask for permission to place the customer on hold. Keep the customer informed as to what you are doing and why. Avoid using technical terms or jargon, unless the customer does. Always ask if the customer is comfortable performing a task before instructing them to do so. Communicate what to do in plain language, including all of the necessary steps. Verify that the customer is satisfied and close the trouble ticket. Page 2: In addition to technical ability, help desk technicians must be able to greet customers pleasantly and be professional and courteous throughout the call.

Customer service and interpersonal skills are especially important when handling difficult clients and incidents. The help desk technician must know how to relieve customer stress and respond to abusive customers.

Opening trouble tickets and logging information on the tickets are critical to help desk operation. When there are many calls relating to a single problem or symptom, it is helpful to have information on how the problem was resolved in the past. It is also important to relay to the customer what is being done to solve the problem. Good information on open trouble tickets helps communicate accurate status, both to the customer and other ISP personnel.

2.1.3 Interacting with Customers The diagram depicts the following list of customer service skills: Preparation Courteous greeting Open a trouble ticket Listen to customer Adapt to customer temperament Diagnose a simple problem correctly Log the call Page 3: While many issues can be handled remotely, some problems require an on-site visit to the customer premises to install and troubleshoot equipment. When a technician goes on-site, it is important to represent their organization in a professional manner. A professional knows how to make the customer feel at ease and confident in the technician's skills.

On the first visit to a customer location, it is important for the technician to make a good impression. Personal grooming and the way the technician is dressed are the first things the customer notices. If the technician makes a bad first impression, it may be difficult to change that impression and gain the confidence of the customer. Many employers provide a uniform or have a dress code for their on-site technicians.

The language and attitude of the technician also reflect on the organization that the technician represents. A customer may be anxious or concerned about how the new equipment will operate. When speaking with a customer, the technician should be polite and respectful, and answer all customer questions. If the technician does not know an answer to a customer question or if additional information is required, the technician should write down the customer inquiry and follow up on it as soon as possible.

2.1.3 Interacting with Customers The diagram depicts a person smiling at another person, emphasizing the importance of making a good first impression. Page 4: 2.1.3 Interacting with Customers The diagram depicts an activity in which you must match the following parts of customer support process to each statement. Parts of customer support process. A. Script. B. Customer service philosophy. C. Greeting. D. Listening to the customer. Statements. One. You have reviewed the problem description with the customer and tried to develop an understanding of the situation. Two. A prepared sequence of questions and statements used by the help desk technician to gather information and cover the important parts of a customer incident. Three. Creating a good first impression of the support staff, the support service, and ultimately the entire organization. Four. This is an organization-wide ethic that is shared by everyone from top management to operational staff.

2.2 OSI Model 2.2.1 Using the OSI Model Page 1: When a network connectivity problem is reported to the help desk, many methods are available to diagnose the problem. One common method is to troubleshoot the problem using a layered

approach. A layered approach requires that the network technician be familiar with the various functions that occur as messages are created, delivered, and interpreted by the network devices and hosts on the network.

Moving data across a network is best visualized using the seven layers of the Open Systems Interconnection model, commonly referred to as the OSI model. The OSI model breaks network communications down into multiple processes. Each process is a small part of the larger task.

For example, in a vehicle manufacturing plant, the entire vehicle is not assembled by one person. Rather the vehicle moves from station to station where specialized teams add specific components. The complex task of assembling a vehicle is made easier by breaking it into manageable and logical tasks. This process also makes troubleshooting easier. When a problem occurs in the manufacturing process, it is possible to isolate the problem to the specific task where the defect was introduced, and then fix it.

In a similar manner, the OSI model can be used as a means to focus on a layer when troubleshooting to identify and resolve network problems.

2.2.1 Using the O S I Model The diagram depicts the functions that occur at each layer of the O S I model. Application Layer Defines interfaces between application software and network communication functions. Provides standardized services such as file transfer between systems. Presentation Layer Standardizes user data formats for use between different types of systems. Encodes and decodes user data; encrypts and decrypts data; compresses and decompresses data. Session Layer Manages user sessions and dialogues. Manages links between applications. Transport Layer Manages end-to-end message delivery over the network. Can provide reliable and sequential packet delivery through error recovery and flow control mechanisms. Network Layer Provides logical network addressing. Routes packets between networks based on logical addressing. Data Link Layer Defines procedures for operating the communication links. Detects and corrects frame transmit errors. Adds physical addresses to frame.

Physical Layer Defines physical means of sending data over network devices. Interfaces between network medium and devices. Defines optical, electrical, and mechanical characteristics for both wired and wireless media. Includes all forms of electromagnetic transmission, such as light, electricity, infrared, and radio waves. Page 2: The seven layers of the OSI model are divided into two parts: upper layers and lower layers.

The term upper layer is sometimes used to refer to any layer above the Transport layer of the OSI model. The upper layers deal with application functionality and are generally implemented only in software. The highest layer, the Application layer, is closest to the end user.

The term lower layer is sometimes used to refer to any layer below the Session layer. The combined functionality of the lower layers handles data transport. The Physical layer and the Data Link layer are implemented in both hardware and software. The Physical layer is closest to the physical network medium, or network cabling. The Physical layer actually places information on the medium.

End stations, like clients and servers, usually work with all seven layers. Networking devices are only concerned with the lower layers. Hubs work on Layer 1, switches on Layers 1 and 2, routers on Layers 1, 2 and 3, and firewalls on Layers 1, 2, 3, and 4.

2.2.1 Using the O S I Model The table lists various protocols and technologies, and also the network components, associated with the upper and lower layers of the O S I model. Upper Layers. Layer #: 7. Name: Application. Protocols and technologies: DNS, NFS, DHCP, SNMP, FTP, TFTP, SMTP, POP3, I MAP, HHTP, Telnet. Network components: Network aware applications, email, web browsers and services, file transfer, name resolution. Layer #: 6. Name: Presentation. Protocols and technologies: SSL, shells and redirectors, MIME. Network components: Network aware applications, email, web browsers and services, file transfer, name resolution. Layer #: 5.

Name: Session. Protocols and technologies: NetBIOS, application program interfaces, remote procedure calls (RPCs). Network components: Network aware applications, email, web browsers and services, file transfer, name resolution. Lower Layers. Layer #: 4. Name: Transport. Protocols and technologies: TCP and UDP. Network components: Voice and video streaming mechanisms, firewall, filtering lists. Layer #: 3. Name: Network. Protocols and technologies: IPv4, IPv6, IP NAT. Network components: IP addressing, routing. Layer #: 2. Name: Data Link. Protocols and technologies: Ethernet family, W LAN, Wi Fi, ATM, PPP. Network components: Network interface cards and drivers, network switching, WAN connectivity. Layer #: 1. Name: Physical. Protocols and technologies: Electrical signaling, light wave patterns, radio wave patterns. Network components: Hubs, repeaters, and physical medium, such as copper twisted pair, fiberoptic cable, and wireless transmitters. 2.2.2 OSI Model Protocols and Technologies Page 1: When using the OSI model as a framework for troubleshooting, it is important to understand which functions are performed at each layer, and what network information is available to the devices or software programs performing these functions. For example, many processes must occur for email to successfully travel from the client to the server. The OSI model divides the task of sending and receiving email into smaller, distinct steps that correspond with the seven layers.

Step 1: Upper layers create the data.

When a user sends an email message, the alphanumeric characters within the message are converted to data that can travel across the network. Layers 7, 6, and 5 are responsible for ensuring that the message is placed in a format that can be understood by the application running on the destination host. This process is called encoding. The upper layers then send the encoded messages to the lower layers for transport across the network. Transporting the email to the correct server relies on the configuration information provided by the user. Problems that occur

at the application layer are often related to errors in the configuration of the user software programs.

2.2.2 O S I Model Protocols and Technologies The diagram depicts functions of upper Layers 7, 6 and 5 of the O S I model. Layer 7 - Application Layer An application such as email, initiates the communication process. Layer 6 - Presentation Layer Format and encode the data for transmission. Encrypt and compress the data. Layer 5 - Session Layer Establish and monitor email session with destination. Page 2: Step 2: Layer 4 packages the data for end-to-end transport.

The data that comprises the email message is packaged for network transport at Layer 4. Layer 4 breaks the message down into smaller segments. A header is placed on each segment indicating the TCP or UDP port number that corresponds to the correct application layer application. Functions in the transport layer indicate the type of delivery service. Email utilizes TCP segments, therefore packet delivery is acknowledged by the destination. Layer 4 functions are implemented in software that runs on the source and destination hosts. However, because firewalls often use the TCP and UDP port numbers to filter traffic, problems that occur at Layer 4 can be caused by improperly configured firewall filter lists.

Step 3: Layer 3 adds the network IP address information.

The email data received from the transport layer is put into a packet that contains a header with the source and destination network IP addresses. Routers use the destination address to direct the packets across the network along the appropriate path. Incorrectly configured IP address information on the source or destination system can cause Layer 3 problems to occur. Because routers also use IP address information, router configuration errors can cause problems at this layer.

2.2.2 O S I Model Protocols and Technologies The diagram depicts functions of lower Layers 4 and 3 of the O S I model. Layer 4 - Transport Layer Package Data for transport across the network.

Add TCP and U DP port numbers. Specify reliable delivery of data using TCP. Enable uninterrupted streaming of data using UDP. Layer 3 - Network Layer Route packets between networks. Assign IP addresses. Encapsulate data in packets for transmission. Page 3: Step 4: Layer 2 adds the data link layer header and trailer.

Each network device in the path from the source to the destination, including the sending host, encapsulates the packet into a frame. The frame contains the physical address of the next directly-connected network device on the link. Each device in the chosen network path requires framing so that it can connect to the next device. Switches and network interface cards (NICs) use the information in the frame to deliver the message to the correct destination device. Incorrect NIC drivers, interface cards, and hardware problems with switches can cause Layer 2 problems to occur.

Step 5: Layer 1 converts the data to bits for transmission.

The frame is converted into a pattern of 1s and 0s (bits) for transmission on the medium. A clocking function enables the devices to distinguish these bits as they travel across the medium. The medium can change along the path between the source and destination. For example, the email message can originate on an Ethernet LAN, cross a fiber campus backbone, and cross a serial WAN link until it reaches its destination on another remote Ethernet LAN. Layer 1 problems can be caused by loose or incorrect cables, malfunctioning interface cards, or electrical interference.

At the receiving host, the processes described in steps 1 through 5 are reversed, with the message traveling back up the layers to the appropriate application.

2.2.2 O S I Model Protocols and Technologies The diagram depicts functions of lower Layers 2 and 1 of the O S I model. Layer 2 - Data Link Layer Transmit data to the next directly connected device in the path. Add the hardware address. Encapsulate data in a frame. Layer 1 - Physical Layer

Convert data to bits for transmission. Generate signals and timing. Page 4: 2.2.2 O S I Model Protocols and Technologies The diagram depicts an activity in which you must identify which layer each protocol or technology belongs to. Layers Upper Layers (Application, Presentation, and Session) Data Link Layer Physical Layer Network Layer Transport Layer Protocols and Technologies. A. Network Interface Cards. B. Frames. C. Twisted Pair Cable. D. HTTP. E. Packets. F. Radio Waves. G. FTP. H. IP Addresses. I. Client Software. J. Network Switching. K. Hubs. L. SMTP. M. UDP. N. Port Numbers. O. Ethernet. P. Routing. Q. Repeaters. R. MAC Addresses. S. Electrical Signaling. T. TCP. U. Telnet. 2.2.3 Troubleshooting the OSI Model Page 1: As a theoretical model, the OSI model defines the protocols, hardware, and other specifications that operate at the seven layers.

The OSI model also provides a systematic basis for troubleshooting a network. In any troubleshooting scenario, the basic problem-solving procedure includes the following steps:

1. Define the problem.

2. Isolate the cause of the problem.

3. Solve the problem.

• • • •

Identify and prioritize alternative solutions. Select one alternative as the solution. Implement the solution. Evaluate the solution.

If an identified solution does not fix the problem, undo any changes and proceed to the next possible solution. Go through the steps until a solution works.

In addition to the basic problem-solving procedures, the OSI model can be used as a guideline for troubleshooting. Using a layered model, there are three different troubleshooting approaches that a technician can use to isolate the problem:







Bottom-Up - The bottom-up approach starts with the physical components of the network and works its way up the layers of the OSI model. Bottom-up troubleshooting is an effective and efficient approach for suspected physical problems. Top-Down - The top-down approach starts with the user application and works its way down the layers of the OSI model. This approach starts with the assumption that the problem is with the application and not the network infrastructure. Divide-and-Conquer - The divide-and-conquer approach is generally used by more experienced network technicians. The technician makes an educated guess targeting the problem layer and then based on the observed results, moves up or down the OSI layers.

Using the OSI model as a guide, the help desk technician can query the customer to help define the problem and isolate the cause.

2.2.3 Troubleshooting using the O S I Model The diagram identifies how the O S I model is used as a framework for troubleshooting network problems. Layer 5-7: Upper Layers

Can your browser open this website? Layer 4: Transport Layer Do you have a firewall configured on your PC? Layer 3: Network Layer Can you ping your default gateway? Layer 2: Data Link Layer Is the link light lit on your Network Interface Card? Layer 1: Physical Layer Is your network cable plugged in and secure? Page 2: The help desk technician usually has a standard checklist or script to follow when troubleshooting a problem. Often the script takes a bottom-up approach to troubleshooting. This is because physical problems are usually the simplest to diagnose and repair, and the bottom-up approach starts with the Physical Layer.

Layer 1 Troubleshooting

The technician starts with Layer 1 issues first. Remember, Layer 1 deals with the physical connectivity of the network devices. Layer 1 problems often involve cabling and electricity, and are the reasons for many help desk calls. Some of the more common Layer 1 problems include:

• • • • • • •

Device power turned off Device power unplugged Loose network cable connection Incorrect cable type Faulty network cable Faulty wireless access point Incorrect wireless settings, such as the SSID

To troubleshoot at Layer 1, first check that all devices have the proper electrical supply, and that the devices are turned on. This may seem to be an obvious solution, but many times the person reporting the problem may overlook a device that is within the network path from source to destination. If there are any LEDs that display the status of the connectivity, verify with the customer that they are indicating correctly. If on-site, visually inspect all network cabling and reconnect cables to ensure a proper connection. If the problem is with wireless, verify that the wireless access point is operational and that wireless settings are configured correctly.

When remotely troubleshooting a problem, the technician should advise the caller through each step, what to look for, and what to do if an error is found. If it is determined that all Layer 1 issues have been addressed, it is time to travel up the OSI model to Layer 2.

2.2.3 Troubleshooting using the O S I Model The diagram focuses on Layer 1 physical issues of cabling and power. Displayed is the back of a Cisco 1841 router with integrated 4-port Ethernet switch. Also included are an Ethernet cable, console cable, serial cable, and power cord. Page 3: Layer 2 Troubleshooting

Network switches and host NICs perform Layer 2 functions. Layer 2 problems can be caused by faulty equipment, incorrect device drivers, or an improperly configured switch. When remotely troubleshooting a problem, it may be difficult to isolate a Layer 2 problem.

An on-site technician can check whether the NIC is installed and working properly. Reseating the NIC, or replacing a suspected faulty NIC with a known good NIC, helps to isolate the problem. The same process can be done with any network switch.

Layer 3 Troubleshooting

At Layer 3, the technician needs to investigate the logical addressing used in the network, such as the IP address scheme. If the network is using IP addressing, the technician verifies that the device has the proper settings, such as:

• • • •

IP address within the assigned network Correct subnet mask Correct default gateway Other settings as required, such as DHCP or DNS

At Layer 3, several utilities can assist with the troubleshooting process. Three of the most common command line tools are:

ipconfig - Shows IP settings on the computer

ping - Tests basic network connectivity

tracert - Determines if the routing path between the source and destination is available

Most network problems can usually be resolved using these Layer 1, 2, and 3 troubleshooting techniques.

2.2.3 Troubleshooting using the O S I Model The diagram depicts outputs for ipconfig, ping, and trace-route commands. Page 4: Layer 4 Troubleshooting

If Layers 1 through 3 all appear to be operating normally and the technician can successfully ping the IP address of the remote server, it is time to check the higher layers. For example, if a network firewall is used along the path, it is important to check that the application TCP or UDP port is open and no filter lists are blocking traffic to that port.

Layers 5 through 7 Troubleshooting

The technician should also check the application configuration. For example, if troubleshooting an email issue, ensure that the application is configured with the correct sending and receiving email server information. It is also necessary to ensure that domain name resolution is functioning as expected.

For remote technicians, higher layer issues can be checked by using other network utility tools, such as a packet sniffer, to view traffic as it crosses the network. A network application, such as Telnet, can also be used to view configurations.

2.2.3 Troubleshooting using the O S I Model The diagram depicts an E-mail Accounts dialog box with the email server name and user name specified.

Page 5: 2.2.3 Troubleshooting using the O S I Model The diagram depicts an activity in which you must identify the appropriate layer that each of the network issues belongs to. Layers. Layers 7-5 (upper layers). Layer 4. Layer 3. Layer 2. Layer 1. Network Issue Scenarios One.An email client is configured with bad sending and receiving server information. Two.A faulty NIC is installed on a client device. Three.A badly terminated cable is connecting a host device to a switch. Four.A PC is configured with a bad subnet mask. Five.A firewall is blocking all HTTP traffic using port 80.

2.3 ISP Troubleshooting 2.3.1 Help Desk Troubleshooting Scenarios Page 1: The number and types of calls received by the help desk can vary extensively. Some of the most common calls include problems with email, host configuration, and connectivity.

Email Issues

• • • •

Can receive but not send Can send but not receive Cannot send or receive Nobody can reply to messages

A common cause of many email problems is using the wrong POP, IMAP, or SMTP server names. It is best to check with the email administrator to confirm the proper name of the POP or IMAP server and SMTP server. In some cases, the same server name for both POP/IMAP and SMTP are used. Also, confirm that the username and password are correct. Since the password is not usually displayed, it is a good idea to carefully re-enter it.

When troubleshooting these issues over the phone, it is important to step the customer through the configuration parameters carefully. Many customers are unfamiliar with the terminology and

the settings of the various configuration parameters. If possible, connect to the customer device via remote management software. This allows the technician to perform the necessary steps for the customer.

2.3.1 Help Desk Troubleshooting Scenarios The diagram depicts a Level 1 service call concerning email issues. The technician says, Good morning. My name is Jill. How may I help you? The customer says, My service agreement number is 4567. I can send email, but I cannot receive any email. The technician says, Let me look up your account information. I will be with you momentarily. If you can send email, then your connection is fine. It must be your POP settings. This is how you fix the problem. The customer says, Yes, I am now receiving email. Thank you. The technician says, I will close the ticket. Have a great day. Page 2: Host Configuration Issues

A common issue that can prevent connectivity to the Internet or other network resources is improperly configured host addressing information. This can include an incorrect IP address, subnet mask, or default gateway.

In environments where the IP addressing information is manually configured, it is possible that the IP configuration was simply entered incorrectly. In environments where hosts are configured to dynamically receive an IP address from an assignment server, such as a DHCP server, the server may fail or become unreachable due to network issues.

If a host is configured to receive an address dynamically, and an assignment server is unavailable or unreachable, a link-local address will be automatically assigned to the local host by the operating system. IPv4 addresses in the address block 169.254.0.1 to 169.254.255.254 (169.254.0.0 /16) are designated as link-local addresses. A link-local process will randomly select an IP address within the 169.254.0.0/16 range. But what prevents two hosts from randomly selecting the same IP address?

Once the link-local process selects an IP address, it sends an ARP query with that IP onto the network to see if any other devices are using that address. If there is no response, the IP address is assigned to the device, otherwise another IP address is selected, and the ARP query is repeated. Microsoft refers to link-local addresses as Automatic Private IP Addressing (APIPA).

If multiple hosts on the same network obtain a link-local address, client/server and peer-to-peer applications between those hosts will work properly. However, because link-local addresses are in the private Class B address space, communication outside of the local network is not possible.

When troubleshooting both manually and dynamically configured hosts, use the host command ipconfig /all to verify that the host is using the appropriate IP configuration.

2.3.1 Help Desk Troubleshooting Scenarios The diagram depicts two small local networks, A. and B, each with a switch and four hosts. There is a DHCP server on each LAN segment. The servers are connected to a router that is connected to the Internet cloud. The DHCP server located on local network A is down. All hosts on this network have received self-assigned private link-local addresses in the 169.254.0.0 /16 range. Microsoft refers to linklocal addresses as Automatic Private IP Addressing (A. P IP A). All hosts are able to communicate locally, but are unable to access hosts on other networks. The router does not forward link-local addresses. The DHCP server on the local network B is operating normally. All hosts have received proper addressing information and are able to communicate locally and across the Internet. Page 3: Customer Connectivity Issues Connectivity problems are more common with new customers trying to connect for the first time. However, sometimes existing customers encounter connectivity issues. First-time customers may have problems with installing the hardware as well as software configuration settings. Existing customers notice connectivity problems when they cannot open a web page or connect to instant messaging or email.

There are many reasons why a customer has no connectivity, including the following:

• • • • • •

Delinquent payments for services Hardware failures Physical layer failures Incorrect application settings Missing application plug-ins Missing applications

In many cases, the problem is simply a faulty cable, or a cable plugged into an incorrect port. These types of issues can be resolved by checking the cable connection or replacing the cable.

Other problems, such as software issues, may be more difficult to detect. One example is an incorrectly loaded TCP/IP stack, preventing IP from operating correctly. The TCP/IP stack can be tested and verified using a loopback address. The loopback is a special address, the reserved IPv4 address 127.0.0.1, which hosts use to direct traffic to themselves. The loopback address creates a shortcut method for TCP/IP applications and services that run on the same device to communicate.

You can ping the loopback address to test the configuration of TCP/IP on the local host. If you are unable to get a response when pinging the loopback address, suspect an improperly configured or installed TCP/IP stack.

Addresses 127.0.0.0 through 127.255.255.255 are reserved for testing purposes. Any address within this block will loop back within the local host. No address within this block should ever appear on any network. Despite the fact that the entire 127.0.0.0/8 network range is reserved, the only address typically used for loopback testing is the 127.0.0.1 address.

2.3.1 Help Desk Troubleshooting Scenarios The diagram depicts a Level 1 service call concerning network connectivity issues. The technician says, Good morning, my name is Jill. How may I help you? The customer says, My name is Billy. My service agreement number is 998, and I cannot connect to anything. The technician says, Please hold for one minute while I retrieve your information. The technician says, OK, when did you first notice the problem? The customer says, Today, after I moved my computer desk to clean the floors. The technician says, Is the link light on your computer network card illuminated? The customer says, No, and the cable looks twisted. The technician says, OK, do you have another cable to replace the damaged one? The customer says, Yes. Hold one minute. The customer says, OK, it looks fine now. Thanks for your assistance. The technician says, Great. I will close the trouble ticket. Have a great day. Page 4: Packet Tracer Activity

Troubleshoot and resolve a network connectivity issue.

Click the Packet Tracer icon to begin.

2.3.1 Help Desk Troubleshooting Scenarios Link to Packet Tracer Exploration: Troubleshooting and Resolving Network Issues 2.3.2 Creating and Using Help Desk Records Page 1: When a Level 1 help desk technician receives a call, there is a process followed to gather information. There are also specific systems for storing and retrieving relevant information. It is extremely important to gather the information correctly in the event that a call has to be escalated to Layer 2 or require an on-site visit.

The information gathering and recording process starts as soon as the technician answers the phone. When the customer identifies who they are, the technician accesses the relevant customer information. Typically, a database application is used to manage the customer information.

The information is transferred to a trouble ticket, or incident report. This document can be a piece of paper in a paper filing system or an electronic tracking system designed to follow the troubleshooting process from beginning to end. Each person who works on the problem is expected to record what was done on the trouble ticket. When an on-site call is required, the trouble ticket information can be converted to a work order that the on-site technician can take to the customer site.

When a problem is resolved, the solution is documented in the customer work order or trouble ticket, and in a knowledge-base document for future reference.

Occasionally, the Level 1help desk technician may receive a call that cannot be resolved quickly. In this instance, the technician is responsible for passing the call to a Level 2 technician who is more qualified to resolve the issue. Passing the call to a higher level technician is known as the call escalation process.

Both Level 1 and Level 2 help desk technicians attempt to solve customer problems using the telephone, web tools, and possibly remote desktop sharing applications.

2.3.2 Creating and Using Help Desk Records The diagram depicts a work order document. Page 2:

If the help desk technicians are not able to fix the problem remotely, it is often necessary to send a Level 3 on-site technician to the customer premise location. It is the job of the on-site technician to visit the customer premise to physically work on the problem equipment. The help desk technician can make an appointment with the customer for the on-site technician to perform the repairs, or it may be the responsibility of the on-site technician to arrange the appointment.

To properly troubleshoot the problem, the on-site technician reviews the trouble ticket to see what was previously done. This review gives the technician some background information and a logical starting point. It also helps the technician decide which tools and supplies to bring, rather than having to leave the customer site to obtain supplies.

On-site technicians typically work on the network at the customer location, although there are instances where the technician is unable to make the needed repairs and must bring the damaged equipment back to the ISP site for additional troubleshooting.

2.3.2 Creating and Using Help Desk Records The diagram depicts images of network troubleshooting tools. Crimpers - Used to crimp the connector to the cable. Cable - Used to run new cable or replace old cable. Connectors - Used to make new cables or replace broken connectors. Multimeter - Used to measure the difference in electrical potential between two points in an electric circuit. Laptop - used to test the network through various utility programs. Linksys Router - Used to connect multiple wired and wireless computers to a single network. Floppy Disk - Used for boot disks. Cell Phone - Used for calling the office, setting up and confirming appointments. 2.3.3 Customer Site Procedures Page 1: There are four steps an on-site technician performs before beginning any troubleshooting or repair at the customer site:

Step 1. Provide proper identification to the customer.

Step 2. Review the trouble ticket or work order with the customer to verify that the information is correct.

Step 3. Communicate the current status of any identified problems and the actions the technician expects to take at the customer site that day.

Step 4. Obtain permission from the customer to begin the work.

The technician must verify all items on the trouble ticket. Once the technician is familiar with all issues, the work can begin. The technician is responsible for checking all device and network settings, and running any necessary utilities. The technician may also have to swap out suspected faulty hardware with known good hardware to determine if a hardware problem exists.

2.3.3 Customer Site Procedures The diagram depicts an on-site technician working with a customer. Page 2: When performing any troubleshooting tasks the customer site, especially when installing new or replacing existing equipment, it is important to minimize the risk of injury by following good safety practices. Many employers offer safety training as part of their employee services.

Ladders

Use ladders to reach high locations to install networking cable and to install or troubleshoot wireless access points in places that are difficult to reach. To reduce the risk of falling off the ladder or dropping equipment while climbing on the ladder, work with a partner whenever possible.

High or Dangerous Locations

Sometimes network equipment and cables are located in high and dangerous places, such as on the side of a building, on roof tops, or in an internal structure such as an elevator shaft, that is not accessible by a ladder. Work performed at this type of location must be done very carefully. Using a safety harness reduces the risk of falling.

Electrical Equipment

If there is a risk of damaging or coming in contact with any electrical lines when handling hardware, consult with the electrician of the customer about measures that can be taken to reduce

the risk of electrical shock. Coming in contact with electrical equipment may result in serious personal injury.

Awkward Spaces

Network equipment is often located in narrow and awkward spaces. Ensure that the work area is properly lighted and ventilated. Determine the best way to lift, install, and remove equipment to minimize the risks.

Heavy Equipment

Networking devices can be large and heavy. Plan to have the correct equipment and trained personnel when heavy equipment needs to be installed or moved at a customer site.

2.3.3 Customer Site Procedures The diagram depicts images of customer site safety related issues, including ladders, high or dangerous locations, electrical equipment, and heavy equipment. Page 3: After the technician makes any configuration changes or installs new equipment, the technician must observe the results to ensure proper operation. When finished, the technician communicates the nature of the identified problem to the customer, what solution was applied, and any followup procedures. Before the problem can be considered fully resolved, the technician must obtain the acceptance of the customer. The technician can then close the trouble ticket and document the solution.

A copy of the documentation is left with the customer. The document includes the original help desk call problem and the actions taken to solve the problem. The technician records the solution, and the customer acceptance is indicated on the trouble ticket. For future reference, the technician also records the problem and the solution in the help desk documentation and FAQs.

In some cases, an on-site technician can uncover network problems that require upgrades or reconfiguration of the network devices. When this occurs, it may be outside of the scope of the original trouble ticket. These issues are usually communicated to both the customer and the ISP network personnel for further action.

2.3.3 Customer Site Procedures The diagram depicts an on-site technician working with a customer.

2.4 Chapter Summary 2.4.1 Summary Page 1: 2.4.1 Summary Six Diagrams, Slider Graphic Diagram 1, Image The diagram depicts a flowchart of the process used by a helpdesk to solve a network problem. Diagram 1 text Help desk technicians provide solutions to customers network problems. User support usually exists at three levels: Tier 1, Tier 2, and Tier 3. Incident management is the basic procedure followed when a help desk technician initiates the standard problem solving processes. Help desk operation relies on opening trouble tickets and logging information. Diagram 2, Image The diagram depicts an on-site technician working with a customer. Diagram 2 text Customer service and interpersonal skills are important when handling difficult clients and incidents. Skills required by help desk technicians for successful communication include: Preparation Courteous greeting Listening to the customer Adapting to customer temperament Correctly diagnosing a simple problem Logging the call Diagram 3, Image The diagram depicts the layers of the O S I model. Diagram 3 text A layered approach is used for troubleshooting. The O S I Model breaks the task of network communications down into multiple processes. Each process is a small part of the larger task. The seven layers of the O S I reference model can be divided into two categories: upper and lower layers. Diagram 4, Image The diagram depicts protocols, technologies, and components associated with each layer. Diagram 4 text

Upper layers consist of any layer above the Transport Layer and are implemented in software. Lower layers consist of the Transport, Network, Data Link, and Physical Layers and handle data transport functions. Using the O S I model, the help desk technician can troubleshoot using the following approaches: bottom-up, top-down, or divide-and-conquer. Diagram 5, Image The diagram depicts a work order. Diagram 5 text Some of the most common customer service calls are about email and connectivity issues. Information gathered from the customer is transferred to the trouble ticket. Diagram 6, Image The diagram depicts an on-site technician working with a customer. Diagram 6 text Level 1 and Level 2 help desk technicians attempt to solve customer problems over the telephone, web, or remote desktop sharing applications. Sometimes it is necessary to dispatch a Level 3 on-site technician. It is important to document the solution in the customer work, the trouble ticket, and in a knowledge-base document for future reference.

2.5 Chapter Quiz 2.5.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

2.5.1 - Quiz Chapter 2 Quiz: Help Desk 1.Identify the network function listed below with the correct layer to which it belongs. (Answer will be either the Transport Layer or the Network Layer.) A.packages data in segments for transmission. B.routes packets between networks. C.encapsulates data in packets for transmission. D.uses UDP for realtime data streaming. E.adds port numbers. F.adds IP addresses to data packets. 2.Using a systematic troubleshooting approach, a help desk technician suspects a problem at Layer 3 of the O S I model. Which two questions could be asked to isolate the problem to Layer

3? (Choose two.) A.Is your PC configured for DHCP? B.Can you browse to www.cisco.com? C.Is your network cable plugged in? D.Can you ping your default gateway? E.Do you see a link light on your network card? 3.Identify the questions in the correct order if a help desk technician is using a bottom-up approach to troubleshooting. (For example, Question 1 would refer to the first question a help desk technician would ask, Question 2 would refer to the second question a help desk technician would ask, etc.) a.Is your network cable securely connected? b.What mail server is listed in the outgoing server setting? c.Is your Windows firewall blocking port 25? d.Do you see a link light on your network card? e.What is the subnet mask on Local Area Connection 2? 1.Question 1 2.Question 2 3.Question 3 4.Question 4 5.Question 5 4.A customer call has been escalated to an on-site technician because the level 1 and 2 technicians could not determine the problem. Which three tasks would be performed by the onsite technician? (Choose three.) A.open the trouble ticket and enter customer information. B.replace faulty cables or connections. C.check to see if the ISP email server is working. D.correct PC network settings and run any necessary utilities. E.swap out suspected faulty hardware with known good hardware. F.check the customer account payment status. 5.Which two actions should be taken after a customer problem is resolved by the ISP help desk? (Choose two.) A.delete the trouble ticket from the database. B.document the solution in the trouble ticket or work order. C.escalate the trouble ticket to Level 2 for future reference. D.file a work order for customer notification. E.copy the solution into a knowledge-base document for future reference. 6.Which two scenarios are common causes of physical network connectivity problems? (Choose two) A.monitor unplugged. B.Ethernet cable plugged into wrong port. C.incorrect default gateway. D.unassigned IP address. E.faulty Ethernet cable. 7.Match the network component or function to its associated layer (Physical, Data link or Network) a.twisted-pair cable. b.IP Address.

c.routing. d.switching. e.MAC Address. f.repeater. 8.What two tasks should an on-site technician perform before beginning any troubleshooting or repair at the customer site? (Choose two.) A.review the trouble ticket with the customer to verify the information is correct. B.take damaged equipment to the ISP site for repair. C.document the troubleshooting tasks performed and the solution. D.provide identification, including name and place of employment. E.examine cabling to determine if it is faulty or connected into the wrong port. 9.Match the technical skill to the appropriate help desk activity. Technical Skill a.Make notes regarding the resolution of a help desk case. b.Answer a call in a friendly, professional manner. c.Speak in a calm, reassuring manner. d.Get all relevant information from the customer. e.Use analytical tools to provide a problem resolution. Help Desk Activity 1.diagnosing a problem correctly. 2.adapting to customer temperament. 3.providing a courteous greeting. 4.logging the call. 5.listening to customer. 10.An ISP customer calls to report that the web server web-s1.cisco.com is not reachable through a web browser. The technician uses command line utilities to verify the problem and to begin the troubleshooting process. Based on the results shown below, what two things can be determined about the problem? (Choose two.) D:\>ping web-sl.cisco.com Unknown host web-sl.Cisco.com D:\>ping 192.168.0.10 Pinging 192.168.0.10 with 32 bytes of data: Reply from 192.168.0.10 bytes=32 time<10ms TTL=128 Repiy from 192.168.0.10 bytes=32 time<10ms TTL=128 Repiy from 192.168.0.10 bytes=32 time<10ms TTL=128 Reply from 192.168.0.10 bytes=32 time<10ms TTL=128 Ping statistics for 192.168.0.10: Packets: Sent = 4, Received = 4.; Lost = 0 <0>: loss>. Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms A.The web server at 192.168.0.10 is reachable from the source host. B.There is a problem with the web server software on web-s1.cisco.com. C.A router is down between the source host and the server web-s1.cisco.com. D.DNS cannot resolve the IP address for the server web-s1.cisco.com.

E.The default gateway between the source host and the server at 192.168.0.10 is down. 11.What does a successful ping response from the 127.0.0.1 loopback address on a host indicate? A.The default gateway is configured correctly. B.The TCP/IP stack loaded correctly. C.The DNS server address is correctly configured. D.The DHCP configuration loaded correctly. 12.Which range of addresses is referred to as link-local addresses? A.127.0.0.0/16 B.192.168.1.0/24 C.169.254.0.0/16 D.10.0.0.0/16

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 3 Planning a Network Upgrade 3.0 Chapter Introduction 3.0.1 Introduction Page 1: 3.0.1 - Introduction As a business grows, it may also outgrow its network, requiring a network upgrade. A careful look at the current network, as well as the new requirements in equipment and configurations, can help ensure a smooth network upgrade with minimum disruption. After completion of this chapter, you should be able to: Perform a customer site survey. Describe the importance of planning when beginning a network upgrade. Describe physical topology considerations when upgrading a network. Describe structured cabling. Describe network configuration and interaction of network devices. Describe other considerations when planning an upgrade.

3.1 Documenting the Existing Network 3.1.1 Site Survey Page 1: When a small company grows rapidly, the original network that supports the company often cannot keep pace with the expansion. Employees at the company may not realize how important it is to plan for network upgrades. The business may just add network hardware devices of varying quality from different manufacturers and different network connection technologies to connect new users. The quality of the current network may become degraded as each new user is added, until it can no longer support the level of network traffic that the users generate.

When the network starts to fail, most small businesses look for help to redesign the network to meet the new demands. An ISP or managed service provider may be called in to provide advice, and to install and maintain the network upgrade.

Before a network upgrade can be properly designed, an on-site technician is dispatched to perform a site survey to document the existing network structure. It is also necessary to investigate and document the physical layout of the premises to determine where new equipment can be installed.

3.1.1 - Documenting the Existing Network The diagram depicts an original, small network with several wireless clients and several wired clients connected to an ISR, which in turn connects via the modem to the ISP . When the network is expanded, there is an addition of many wired clients connected via hubs. Original Network. Network is performing optimally for the number of users. Expanded Network. Network performance is degraded due to the increased number of users without the addition of appropriate devices and proper planning. Page 2: A site survey provides the network designer important information and creates a proper starting point for the project. It shows what is already on site, and gives a good indication as to what is needed.

Important pieces of information that can be gathered during a site survey include:

• • • • • • • • •

Number of users and types of equipment Projected growth Current Internet connectivity Application requirements Existing network infrastructure and physical layout New services required Security and privacy considerations Reliability and uptime expectations Budget constraints

It is a good idea to obtain a floor plan, if possible. If a floor plan is not available, the technician can draw a diagram indicating the size and location of all rooms. An inventory of existing network hardware and software is also useful to provide a baseline of requirements for the upgrade.

A sales representative may also accompany the technician to the site to interview the customer. The sales representative may ask a series of questions to gather information about the network upgrade needs of the business.

3.1.1 - Documenting the Existing Network The diagram depicts questions that may be used to gather information in a site survey. Number of Hosts and Users How many network users, printers, and servers will the network support? To determine the number of network users that the network must support, be sure to consider the number of users that will be added over the next 12 months, and how many network printers and network servers the network has to accommodate. Internet Service and Equipment How does your business connect to the internet? Does the ISP provide the equipment or do you own it? Often when using a high speed internet connection such as DSL or cable, the service provider owns the equipment needed to connect to the internet (e.g. a DSL router or cable modem). If the connectivity is upgraded, the equipment that provides the connectivity may also need to be upgraded or replaced. Existing Network Devices How many networking devices are installed on your network? What functions do they perform? Understanding the existing number and types of networking equipment that are currently installed is critical to being able to plan for the upgrade. It is also necessary to document any configurations that are loaded on the existing devices. Security Requirements Do you have a firewall in place to protect your network? When a private network connects to the internet, it opens physical links to more than 50,000 unknown networks and all their unknown users. While this connectivity brings exciting opportunities for information sharing, it also brings threats to information not meant for sharing. Integrated Services Routers incorporate firewall features along with other functionality. Application Requirements What applications does the network need to support? Do you require services for applications such as IP telephony or videoconferencing? It is important to identify the needs of particular applications, especially voice and video. These applications may require additional network device configuration and new ISP services to support the necessary quality. Wireless Requirements Would you like a wired, wireless, or wired + wireless local-area network (LAN)? How many square feet must the wireless LAN (W LAN) cover? It is possible to connect computers, printers, and other devices to the network using a traditional wired network (10 /100) switched Ethernet), a wireless only network (802.11x), or to implement a combination of wired and wireless networking. Each wireless access point, which connects the wireless desktop and laptop computers to the network, has a given range. To estimate the number of access points that are required, it is necessary to have the number of square feet and the physical characteristics of the location that the wireless network must cover.

Page 3: The technician should be prepared for anything when doing the site survey. Networks do not always meet local codes of practice in terms of electrical, building, or safety regulations, nor adhere to any standards.

Sometimes networks grow haphazardly over time and end up being a mixture of technologies and protocols. The technician should be careful not to offend the customer by expressing an opinion about the quality of the existing installed network.

When visiting the customer premises, the technician should do a thorough overview of the network and computer setup. There may be some obvious issues such as unlabeled cables, poor physical security for network devices, lack of emergency power, or lack of an uninterruptible power supply (UPS) for critical devices. These conditions are noted in the site survey report, in addition to the other requirements gathered from the survey and the customer interview.

When the site survey is completed, it is important that the technician review the results with the customer to ensure that nothing is missed and that there are no errors. If everything is accurate, the site survey provides an excellent basis for the new network design.

3.1.1 - Documenting the Existing Network The diagram depicts an example of requirements of a network and the physical layout of the network. Customer Requirements. Requirement:Number of users. Answer:19 users. Requirement:Service provider equipment. Answer:Service provider owns DSL equipment. Requirement:Firewall. Answer:Integrated firewall. Requirement:Local servers. Answer:Plan to have file server on site. Requirement:Web or email servers. Answer:None. Requirement:Applications requirements. Answer:Word processing, spreadsheets, graphics, and plan to use IP phones. Requirement:Wired / Wireless. Answer:Both are required. Requirement:Number of wired desktops. Answer:15 computers. Requirement:Number of printers. Answer:No network printers. Requirement:Wireless laptops.

Answer:Four laptops. Requirement:W LAN area. Answer:Offices occupy 15,000 square feet. Network Design The physical network design is based on the answers to the above questions. The design includes an integrated router connected to a switch for wired user access, and a server and wireless router for wireless user access. The integrated router is connected to a DSL modem which connects to the ISP . 3.1.2 Physical and Logical Topologies Page 1: Both the physical and logical topology of the network must be documented. A physical topology is the actual physical location of cables, computers, and other peripherals. A logical topology documents the path that data takes through the network and where network functions, like routing, occur. A technician gathers this information during the site survey to create the physical and logical topology map.

In a wired network, the physical topology map consists of the wiring closet and the wiring to the individual end-user stations. In a wireless network, the physical topology consists of the wiring closet and an access point. Because there are no wires, the physical topology contains the wireless signal coverage area.

The logical topology is generally the same for a wired and wireless network. It includes the naming and Layer 3 addressing of end stations, router gateways, and other network devices, regardless of the physical location. It indicates the location of routing, network address translation, and firewall filtering.

3.1.2 - Physical and Logical Topologies The diagram depicts the physical and logical topologies of a network. The physical topology is the actual physical location of cables, computers, and other peripherals. The logical topology consists of consolidated areas, functions, and logical addressing. Page 2: To develop a logical topology requires understanding the relationship between the devices and the network, regardless of the physical cabling layout. There are several topological arrangements possible. Examples include star, extended star, partial mesh, and full mesh topologies.

Star Topologies

With a star topology, each device is connected via a single connection to a central point. The central point is typically a switch or a wireless access point. The advantage of a star topology is that if a single connecting device fails, only that device is affected. However, if the central device, such as the switch, fails, then all connecting devices lose connectivity.

An extended star is created when the central device in one star is connected to a central device of another star, such as when multiple switches are interconnected, or daisy-chained together.

Mesh Topologies

Most Core Layers in a network are wired in either a full mesh or a partial mesh topology. In a full mesh topology, every device has a connection to every other device. While full mesh topologies provide the benefit of a fully redundant network, they can be difficult to wire and manage and are more costly.

For larger installations, a modified partial mesh topology is used. In a partial mesh topology, each device is connected to at least two other devices. This arrangement creates sufficient redundancy, without the complexity of a full mesh.

Implementing redundant links through partial or full mesh topologies ensures that network devices can find alternate paths to send data in the event of a failure.

3.1.2 - Physical and Logical Topologies The diagram depicts four topological arrangements of star and mesh topologies. Star Topology Each host computer is connected via a single connection to a central point. The central point is typically a switch or a wireless access point. Extended Star Topology The extended star is created when the central device in the star is connected to a central device of another star as illustrated by multiple switches being interconnected. Full Mesh Topology In the full mesh topology graphic, every switch has a connection to every other switch creating a fully redundant network. Partial Mesh Topology In a partial mesh topology, each switch is connected to at least two other switches. This arrangement creates some redundancy without the complexity of a full mesh.

3.1.3 Network Requirements Documentation Page 1: Along with creating the topology maps for the existing network, it is necessary to obtain additional information about the hosts and networking devices that are currently installed. This information is recorded on a brief inventory sheet. The technician also documents any growth that the company anticipates in the near future.

This information helps the network designer determine what new equipment is required, and the best way to structure the network to support the anticipated growth.

The inventory sheet of the installed devices includes:

• • • • • • • • • • •

Device name Date of purchase Warranty information Location Brand and model Operating system Logical addressing information Gateway Method of connectivity Virus Checker Security information

3.1.3 - Network Requirements Documentation The diagram depicts a network with three PCs connected to an ISR, connected to a modem, connected to an ISP cloud. The following is an example of documentation for one of the PC's. Device name: Host 1. Date of purchase: Dec 2007. Warranty information: 3-year extended. Location: Office R13. Brand: X Y Z-Com. Model: ZX1200. Operating system: Linux. I P Address: 172.16.32.101 /24. Gateway: 172.16.32.10. Connectivity: 10 /100 Ethernet. Virus Checker: Installed. Firewall: Installed.

Page 2: Packet Tracer Activity

Create a logical and physical network diagram.

View printable instructions.

Click the Packet Tracer icon to begin.

3.1.3 - Network Requirements Documentation Link to Packet Tracer Exploration: Creating Network Diagrams

3.2 Planning 3.2.1 Network Upgrade Planning Phases Page 1: A network upgrade requires extensive planning. Just like any project, a need is identified and then a plan outlines the process from beginning to end. A good project plan helps identify any strengths, weaknesses, opportunities, or threats (SWOT). The plan clearly defines the tasks, and the order in which the tasks are to be completed.

Examples of good planning:

• • •

Sports teams follow game plans Builders follow blueprints Ceremonies or meetings follow agendas

A network that is a patchwork of devices strung together, using a mixture of technologies and protocols, is usually an indicator of poor initial planning. These types of networks are susceptible to downtime, and are difficult to maintain and troubleshoot.

3.2.1 - Network Upgrade Planning Phases The diagram depicts images of network planning. Page 2: Planning a network upgrade begins after the site survey and the resulting report are completed. There are five distinct phases.

Phase 1: Requirements Gathering

After all of the information has been gathered from the customer and the site visit, it is analyzed to determine the network requirements. This analysis is done by the design team at the ISP, which creates an Analysis Report.

Phase 2: Selection and Design

Devices and cabling are selected based on the requirements outlined in the Analysis Report. Multiple design options are created and regularly shared with other members on the project. This phase allows team members to view the network from a documentation perspective and evaluate trade-offs in performance and cost. It is during this step that any weaknesses of the design can be identified and addressed.

Also during this phase, prototypes are created and tested. A prototype is a good indicator of how the new network will operate.

When the design is approved by the customer, implementation of the new network can begin.

Phase 3: Implementation

If the first two steps are done correctly, the implementation phase is more likely to be performed without incident. If there are tasks that have been overlooked in the earlier phases, they must be corrected during implementation. Creating an implementation schedule that allows time for unexpected events, keeps disruption for the customer to a minimum. Staying in constant communication with the customer during the installation is critical to the success of the project.

3.2.1 - Network Upgrade Planning Phases The diagram depicts images of an on-site technician. Page 3: Phase 4: Operation

The network is brought into service in what is called a production environment. Prior to this step, the network is considered to be in a testing or implementation phase.

Phase 5: Review and Evaluation

After the network is in operation, the design and implementation must be reviewed and evaluated. For this process, the following steps are recommended:

Step 1: Compare the user experience with the goals in the documentation, and evaluate if the design is right for the job.

Step 2: Compare the projected designs and costs with the actual deployment. This evaluation ensures that future projects will benefit from the lessons learned on this project.

Step 3: Monitor the operation and record changes. It is important that the system is always fully documented and accountable.

Careful planning at each phase ensures that the project goes smoothly and that the installation is successful. On-site technicians are often included in the planning, because they participate in all phases of the upgrade.

3.2.1 - Network Upgrade Planning Phases The diagram depicts images of network planning. Page 4: 3.2.1 - Network Upgrade Planning Phases The diagram depicts an activity in which you must determine which phase each action is part of.

Phases. Phase 1: Requirements Gathering. Phase 2: Selection and Design. Phase 3: Implementation. Phase 4: Operation. Phase 5: Review and Evaluation. Actions. A.An Analysis Report is created. B.The network is actively working in a production environment. C.Actual user experiences on the upgraded network are compared with the goals in the documentation. D.Prototypes of the selected devices and cables are created. E.A schedule is created and followed, allowing for additional time for unexpected events. Constant communication with the customer is required. 3.2.2 Physical Environment Page 1: One of the first things that the network designer does to select the equipment and design of the new network is to examine the existing network facilities and cabling. The facilities include the physical environment, the telecommunication room, and the existing network wiring. A telecommunications room, or wiring closet, in a small, single-floor network is usually referred to as the Main Distribution Facility (MDF).

The MDF typically contains many of the network devices, including switches or hubs, routers, and access points. It is where all of the network cable concentrates to a single point. Many times, the MDF also contains the Point of Presence (POP) of the ISP, where the network makes the connection to the Internet through a telecommunications service provider.

If additional wiring closets are required, they are referred to as Intermediate Distribution Facilities (IDFs). IDFs are typically smaller than the MDF, and connect to the MDF.

Many small businesses do not have a telecommunications room or closet. Network equipment may be located on a desk or other furniture, and wires could be just lying on the floor. Network equipment must always be secure. As a network grows, a telecommunications room is critical to the security and reliability of the network.

3.2.2 - Physical Environment The diagram depicts a floor plan for a physical building environment of a network. The focus is on the telecommunications room, or wiring closet, in a corner of the building. A more detailed diagram is provided of the telecommunications room showing an equipment

rack, vertical and horizontal patch panels and associated cabling, telephone wiring hub, U P S, and a wall-mounted equipment rack. Tip Popup I S O standards refer to MDFs and I DFs using different terminology. MDFs and I DFs can also be referred to as wiring closets. MDF = Building Distributors I DF = Floor Distributors 3.2.3 Cabling Considerations Page 1: When the existing cabling is not up to specification for the new equipment, new cabling must be planned for and installed. The condition of the existing cabling can quickly be determined by the physical inspection of the network during the site visit. When planning the installation of network cabling, there are four physical areas to consider:

• • • •

User work areas Telecommunications room Backbone area Distribution area

There are many different types of cable found in the networking environment, and some are more common than others:







Shielded twisted pair (STP) - Usually Category 5, 5e, or 6 cable that has a foil shielding to protect from outside electromagnetic interference (EMI). In an Ethernet environment, the distance limitation is approximately 328 feet (100 meters). Unshielded twisted pair (UTP) - Usually Category 5, 5e, or 6 cable that does not provide extra shielding from EMI, but it is inexpensive. Cable runs should avoid electrically noisy areas. In an Ethernet environment, the distance limitation is approximately 328 feet (100 meters). Fiber-optic cable - A medium that is not susceptible to EMI, and can transmit data faster and farther than copper. Depending on the type of fiber optics, distance limitations can be several miles (kilometers). Fiber-optic can be used for backbone cabling and high-speed connections.

In addition to these three commonly-used cabling types, coaxial is also used in networking. Coaxial is not typically used in LANs, but it is widely used in cable modem provider networks. Coaxial has a solid copper core with several protective layers including polyvinyl chloride (PVC), braided wire shielding, and a plastic covering. Distance is several miles (kilometers). Limitations depend on the purpose of the connection.

3.2.3 - Cabling Considerations The diagram depicts the four main physical areas to consider when planning for the cabling of a network, and the type of hardware and cabling that may be used. Telecommunications Room - Switches, patch panels, and patch cables Backbone Area - Vertical or backbone cabling Distribution Area - Horizontal cabling User Work Area - PCs and patch cables In the diagram, the switch in the telecommunications room connects to the backbone area and other telecommunications rooms. The patch panel in the telecommunications room connects to the distribution area, and then to the user work area. Page 2: There are several organizations in the world that provide LAN cabling specifications.

The Telecommunications Industry Association (TIA) and the Electronic Industries Alliance (EIA) worked together to provide the TIA/EIA cable specifications for LANs. Two of the most common TIA/EIA cable specifications include the 568-A and 568-B standards. Both of these standards typically use the same Cat 5 or Cat 6 cable, but with a different termination color code.

There are three different types of twisted pair cables that are used in networks:

• • •

Straight-through - Connects dissimilar devices, such as a switch and a computer, or a switch and a router. Crossover - Connects similar devices, such as two switches or two computers. Console (or Rollover) - Connects a computer to the console port of a router or switch to do initial configuration.

Another cable type that is common in networks is a serial cable. A serial cable is typically used to connect the router to an Internet connection. This Internet connection may be to the phone company, the cable company, or a private ISP.

3.2.3 - Cabling Considerations The diagram depicts three types of cable to connect hosts and networking devices in a simple network. Crossover cable - Connects switches and hubs Straight-through cable - Connects hosts, such as PC's, servers, and router interfaces, to switches and hubs Console cable - Connects PC's to network device console for administration

3.2.4 Structured Cable Page 1: When designing a structured cable project, the first step is to obtain an accurate floor plan. The floor plan allows the technician to identify possible wiring closet locations, cable runs, and which electrical areas to avoid.

After the technician has identified and confirmed the locations of network devices, it is time to draw the network on the floor plan. Some of the more important items to document include the following:

• • • • • • • •

Patch cable - Short cable from the computer to the wall plate in the user work area Horizontal cable - Cable from the wall plate to the IDF in the distribution area Vertical cable - Cable from the IDF to the MDF in the backbone area of the business Backbone cable - Network part that handles the major traffic Location of wiring closet - Area to concentrate the end-user cables to the hub or switch Cable management system - Trays and straps used to guide and protect cable runs Cable labeling system - Labeling system or scheme to identify cables Electrical considerations - Outlets and other items to support the electrical requirements of the network equipment

3.2.4 - Structured Cable The diagram depicts a 3-D version of a structured cable design. The following areas and components are shown: work area, telecommunications room, equipment rack, patch panel, vertical cabling, horizontal cabling, and a telephone wiring hub with a link to PSTN. Page 2: Lab Activity

Evaluate a floor plan and propose upgrades to accommodate extra floor space.

Click the lab icon to begin.

3.2.4 - Structured Cable Link to Hands-on Lab: Evaluating a Cabling Upgrade Plan

3.3 Purchasing and Maintaining Equipment

3.3.1 Purchasing Equipment Page 1: As the ISP team plans the network upgrade, issues related to purchasing new equipment and the maintenance of new and existing equipment must be addressed. There are generally two options for obtaining new equipment:

• •

Managed service - The equipment is obtained from the ISP through a lease or some other agreement, and the ISP is responsible for updating and maintaining the equipment. In-house - The customer purchases the equipment, and the customer is responsible for the updates, warranties, and maintenance of the equipment.

When acquiring equipment, cost is always a major factor. A good cost analysis of the various options provides a sound basis for the final decision.

If a managed service is chosen, there are lease costs and possibly other service costs as outlined in the Service Level Agreement (SLA).

If the equipment is purchased outright, the customer should be aware of the price of the equipment, warranty coverage, compatibility with existing equipment, and update and maintenance issues. All of these must be analyzed to determine the cost-effectiveness of the purchase.

3.3.1 - Purchasing Equipment The diagram depicts the factors to be considered when purchasing equipment to be managed inhouse versus equipment to be a managed service by an ISP . Considerations In-house Type of equipment Equipment location I T organization staffing Network design Maintenance requirements Managed Services Initial evaluation and choice of service provider Requirements definition Ongoing evaluation of service provider Costs In-house Equipment purchasing or leasing

I T organization staffing Training costs Multiple vendor costs and building Hardware repairs and upgrades Software release upgrades Telephone line charges Redundancy and reliability requirements Managed Services Single, predictable monthly recurring bill Minimal up front costs Control and Responsibility In-House You have most of the control and responsibility for managing and maintaining your network system Managed Services Delegate the level of network management to a qualified service provider, based on your needs Keep your core business processes in-house Maintain control of work flow in your organization Set service-level agreements (S L A) with a service provider Reliability In-House You are responsible for keeping your network system available to employees, customers, and partners at all times Managed Services Service providers can guarantee availability up to 99.999 percent A 24-hour help desk is available for remote-access users Service provider management is transparent to end users End-user Experience In-House Users are unaware whether network is managed by the company or an external partner Managed Services Users are unaware whether network is managed by the company or an external partner 3.3.2 Selecting Network Devices Page 1: After analyzing requirements, the design staff recommends the appropriate network devices to connect and support the new network functionality.

Modern networks use a variety of devices for connectivity. Each device has certain capabilities to control the flow of data across a network. A general rule is that the higher the device is in the OSI model, the more intelligent it is. What this means is that a higher level device can better analyze the data traffic and forward it based on information not available at lower layers. As an example, a Layer 1 hub can forward data only out of all ports, while a Layer 2 switch can filter

the data and send it only out of the port that is connected to the destination based on the MAC address.

As switches and routers evolve, the distinction between them may seem blurred. One simple distinction remains: LAN switches provide connectivity within the local-area networks of the organization, while routers interconnect local networks and are needed in a wide-area network environment.

In addition to switches and routers, there are other connectivity options available for LANs. Wireless access points allow computers and other devices, such as handheld IP phones, to wirelessly connect to the network or share broadband connectivity. Firewalls guard against network threats and provide security and network control and containment.

Integrated Service Routers (ISRs) are network devices that combine the functionality of switches, routers, access points, and firewalls into the same device.

3.3.2 - Selecting Network Devices The diagram depicts a group of home office, branch office, and enterprise-level routers. 3.3.3 Selecting LAN Devices Page 1: Although both a hub and a switch can provide connectivity at the Access Layer of a network, switches should be chosen for connecting devices to a LAN. Switches are more expensive than hubs, but the enhanced performance makes switches more cost-effective. A hub is generally chosen as a networking device only within a very small LAN, a LAN that requires little throughput requirements, or when finances are limited.

When selecting a switch for a particular LAN, there are a number of factors to consider. These factors include, but are not limited to:

• • • •

Speed and the types of ports and interfaces involved Expandability Manageability Cost

Speed and Types of Ports and Interfaces

Choosing Layer 2 devices that can accommodate increased speeds allows the network to evolve without replacing the central devices.

When selecting a switch, choosing the appropriate number and type of ports is critical.

Network designers should consider carefully how many twisted pair (TP) and fiber-optic ports are needed. It is also important to estimate how many more ports will be required to support network expansion.

3.3.3 - Selecting LAN Devices The diagram depicts two LAN's, each with four hosts, one using a hub and another using a switch. Page 2: Expandability

Networking devices come in both fixed and modular physical configurations. Fixed configurations have a specific type and number of ports or interfaces. Modular devices have expansion slots that provide the flexibility to add new modules as requirements evolve. Most modular devices come with a minimum number of fixed ports and expansion slots.

A typical use of an expansion slot is to add fiber-optic modules to a device originally configured with a number of fixed TP ports. Modular switches can be a cost-effective approach to scaling LANs.

Manageability

A basic, inexpensive switch is not configurable. A managed switch that uses a Cisco IOS feature set allows control over individual ports or over the switch as a whole. Controls include the ability to change the settings for a device, add port security, and monitor performance.

For example, with a managed switch, ports can be turned on or off. In addition, administrators can control which computers or devices are allowed to connect to a port.

3.3.3 - Selecting LAN Devices The diagram depicts four images representing variables involved in selecting networking devices: type of ports, speed required, expandability, and manageability. Page 3: Cost

The cost of a switch is determined by its capacity and features. The switch capacity includes the number and types of ports available and the overall throughput. Other factors that affect the cost are network management capabilities, embedded security technologies, and advanced switching technologies.

Using a simple cost-per-port calculation, it may initially appear that the best option is to deploy one large switch at a central location. However, this apparent cost savings may be offset by the expense of the longer cable lengths required to connect every device on the LAN to one switch. This option should be compared with the cost of deploying a number of smaller switches connected by a few long cables to a central switch.

Deploying a number of smaller devices, instead of a single large device, also has the benefit of reducing the size of the failure domain. A failure domain is the area of the network affected when a piece of networking equipment malfunctions or fails.

After the LAN switches are selected, determine which router is appropriate for the customer.

3.3.3 - Selecting LAN Devices The diagram depicts two LAN designs. The first is a star topology with a local network that includes eight hosts that are connected by one large central switch. The second is an extended star topology with multiple switches that are connected by a central switch. Page 4: Packet Tracer Activity

Explore different LAN switch options.

Click the Packet Tracer icon to begin.

3.3.3 - Selecting LAN Devices Link to Packet Tracer Exploration: Exploring Different LAN Switch Options 3.3.4 Selecting Internetworking Devices Page 1: A router is a Layer 3 device. It performs all tasks of devices in lower layers and selects the best route to the destination based on Layer 3 information. Routers are the primary devices used to interconnect networks. Each port on a router connects to a different network and routes packets between the networks. Routers have the ability to break up broadcast domains and collision domains.

When selecting a router, it is necessary to match the characteristics of the router to the requirements of the network. Factors for choosing a router include:

• • •

Type of connectivity required Features available Cost

Connectivity

Routers interconnect networks that use different technologies. They can have both LAN and WAN interfaces.

The LAN interfaces of the router connect to the LAN media. The media is typically UTP cabling, but modules can be added for using fiber optics. Depending on the series or model of router, there can be multiple interface types for connecting LAN and WAN cabling.

3.3.4 - Selecting Internetworking Devices The diagram depicts two images of interconnection. In the first image, a router interconnects two LAN's. One LAN is connected using a switch, the other is connected using a hub. In the second image, a router interconnects a switched LAN to a WAN (Internet). Page 2:

Features

It is necessary to match the characteristics of the router to the requirements of the network. After analysis, the business management may determine that it needs a router with specific features. In addition to basic routing, features include:

• • • • • •

Security Quality of Service (QoS) Voice over IP (VoIP) Network Address Translation (NAT) Dynamic Host Configuration Protocol (DHCP) Virtual Private Network (VPN)

Cost

Budget is an important consideration when selecting internetwork devices. Routers can be expensive, and additional modules, such as fiber optic modules, can increase the cost.

An Integrated Service Router (ISR) is a relatively new technology that combines multiple services into one device. Before the introduction of the ISR, multiple devices were required to meet the needs of data, wired, wireless, voice, video, firewall, and VPN technologies. The ISR was designed with multiple services to accommodate the demands of small- to medium-sized businesses and branch offices of large organizations. With an ISR, an organization can quickly and easily enable end-to-end protection for users, applications, network endpoints, and wireless LANs. In addition, the cost of an ISR can be less than if the individual devices were purchased separately.

3.3.4 - Selecting Internetworking Devices The diagram depicts the following integrated services router features: Security Wireless Access Point VPN DHCP NAT Intrusion Detection Voice-over-IP Quality of Service Page 3: Packet Tracer Activity

Explore different internetworking device options.

Click the Packet Tracer icon to begin.

3.3.4 - Selecting Internetworking Devices Link to Packet Tracer Exploration: Exploring Internetworking Devices 3.3.5 Network Equipment Upgrades Page 1: Many small networks were initially built using a low-end integrated router to connect wireless and wired users. These routers are designed to support small networks, usually consisting of a few wired hosts and possibly four or five wireless devices. When a small business outgrows the capabilities of their existing network devices, it is necessary to upgrade to more robust devices. Within this course, examples of these devices are the Cisco 1841 ISR and the Cisco 2960 Switch.

The Cisco 1841 is designed to be a branch office or medium-sized business router. As an entrylevel multiservice router, it offers a number of different connectivity options. It is modular in design and can deliver multiple security services.

3.3.5 - Network Equipment Upgrades The diagram depicts the back of an 1841 I S R and the front of a 2960 24-port switch. If available, refer to audio recordings for a description of the interfaces. Page 2: Some of the features of the Catalyst 2960 switches are:

• • • •

Entry-level, enterprise-class, fixed-configuration switching that is optimized for Access Layer deployments Fast Ethernet and Gigabit Ethernet to desktop configurations Ideal for entry-level enterprise, mid-market, and branch-office environments Compact size for deployments outside of the wiring closet

These switches can provide the high speeds and high-density switching capabilities that the smaller ISRs with integrated switching cannot. They are a good option when upgrading networks built with either hubs or small ISR devices.

The Cisco Catalyst 2960 Series Intelligent Ethernet Switches are a family of fixed-configuration, standalone devices that provide Fast Ethernet and Gigabit Ethernet connectivity to the desktop.

3.3.5 - Network Equipment Upgrades The diagram depicts a stack of switches that are different models in the Cisco Catalyst 2960 Series. 3.3.6 Design Considerations Page 1: Purchasing network devices and installing cables are only the beginning of the network upgrade process. Networks must also be reliable and available. Reliability can be achieved by adding redundant components to the network, such as two routers instead of one. In this instance, alternate data paths are created, so if one router is experiencing problems, the data can take an alternate route to arrive at the destination.

An increase in reliability leads to improved availability. For example, telephone systems require five-9s of availability. This means that the telephone system must be available 99.999% of the time. Telephone systems cannot be down, or unavailable, for more than .001% of the time.

Fault tolerance systems are typically used to improve network reliability. Fault tolerance systems include devices such as a UPS, multiple AC power supplies, hot-swappable devices, multiple interface cards, and backup systems. When one device fails, the redundant or backup system takes over to ensure minimal loss of reliability. Fault tolerance can also include backup communication links.

3.3.6 - Design Considerations The diagram depicts fault tolerance through redundant network link connections. The network has four Access Layer switches, each with host PC's attached. A failure of any of the Access Layer switches can affect the PC's that are directly connected. Two central switches connect the Access Layer switches with multiple links for redundancy. The failure of either of the central switches does not stop network operation. Page 2: IP Addressing Plan

Planning for a network installation must include planning the logical addressing. Changing the Layer 3 IP addressing is a major issue when upgrading a network. If the structure of the network

is going to be changed in the upgrade, the IP address scheme and network information may need to be altered.

The plan should include every device that requires an IP address, and account for future growth. The hosts and network devices that require an IP address include:

• • • • • •

User computers Administrator computers Servers Other end devices such as printers, IP phones, and IP cameras Router LAN interfaces Router WAN (serial) interfaces

There are other devices that may need an IP address to access and manage them. These include:

• •

Standalone switches Wireless Access Points

For example, if a new router is introduced to the network, each interface on that router can be used to create additional networks, or subnets. These new subnets need to have the proper IP address and subnet mask calculated. Sometimes, this means having to assign a totally new addressing scheme to the network.

After all of the planning and design phases are complete, the upgrade proceeds to the implementation phase, in which the actual network installation begins.

3.3.6 - Design Considerations The diagram depicts an example of hosts found on a network using an IP addressing plan. Router Interfaces (Count the number of interfaces, and not the number of routers) Printers IP Phones (Count other specialty IP devices as well) Switch Management Addresses Administration Users General Users Servers

3.4 Chapter Summary

3.4.1 Summary Page 1: 3.4.1 - Summary Four Diagrams, Slider Graphic Diagram 1, Image The diagram depicts an example of requirements gathered in an interview. Diagram 1 text A network technician must perform a site survey to document the existing network structure before a network upgrade can be planned. Documentation to include a physical and logical topology map and an inventory sheet of all equipment. Gather customer network requirements through surveys and interviews. Diagram 2, Image The diagram depicts images of network planning. Diagram 2 text If a network upgrade is necessary, a plan should be in place, with consideration of the strengths, weaknesses, opportunities, or threats (SWOT) of the network installation. There are five phases of a network upgrade: requirements gathering, selection and design, implementation, operation, and review and evaluation. Examining the network facilities includes the physical environment, the telecommunication rooms (MDF and I DF), as well as existing network wiring. Diagram 3, Image The diagram depicts the physical building environment of a network. Diagram 3 text When cabling, there are four physical areas to consider: work area, distribution area, telecommunications room area, and the backbone area. When determining cabling needs, it is necessary to keep in mind the work area, the type of cable used, and the purpose of the cable. Structured cabling projects deal with the placement of cables, the location of wiring closets, cable management, and electrical considerations. Diagram 4, Image The diagram depicts network devices. Diagram 4 text When new equipment is used for network upgrade, there are two purchase options: managed service and in-house customer purchased. A device that functions at higher O S I layers is generally considered a more intelligent device. When upgrading network devices, cost and expandability are important factors to consider.

3.5 Chapter Quiz

3.5.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

3.5.1 - Quiz Chapter 3 Quiz: Planning a Network Upgrade 1.What three types of network documentation does a technician need to complete before designing a new network? (Choose three) A.cut sheet. B.inventory sheet. C.site survey report. D.standards evaluation. E.topology maps. F.upgrade initiative. 2.What should the on-site technician do immediately after completing the site survey? A.begin scheduling the work for the network upgrade. B.order the networking devices and software required. C.review the survey results with the network designer. D.review the survey results with the customer to ensure accuracy. 3.Which three steps must be completed before implementation of the new network can begin? (Choose three) A.The network is brought into a production environment. B.Projected designs and costs are compared with actual deployment. C.Prototypes are created and tested. D.An Analysis Report is generated. E.The design is approved by the customer. F.The operation of the network upgrade is monitored. 4.What are two characteristics of horizontal cabling? (Choose two) A.It terminates at a face plate in the user work area. B.It connects directly to a switch or router in the MDF. C.It terminates at a patch panel in the I DF or MDF. D.It connects two networking devices located in different I DF's. E.It connects the PC to the face plate. 5.When designing a structured cable project, why is it important to obtain an accurate floor plan? (Choose three) A.to design the Layer 3 addressing. B.to share the conduit with existing electrical wiring. C.to identify possible wiring closet locations. D.to determine the number of host devices needed. E.to avoid areas with electrical equipment or wiring. F.to estimate how much cable will be required.

6.Match the cable type to the appropriate description. Cable Types a.patch cable. b.horizontal cable. c.vertical cable. d.cable-containment system. Descriptions 1.cable from the I DF to the MDF in the organizations backbone area. 2.a series of trays and straps used to guide and protect cable runs. 3.short cable from the computer to the wall plate in the user work area. 4.cabling from the wall plate to the I DF in the distribution area. 7.Why is it important to consider the size of failure domains when upgrading a network? A.Creating large failure domains reduces the number of IP broadcast domains. B.Small failure domains reduce the number of users affected when a network device malfunctions. C.Large failure domains usually improve the network reliability and reduce downtime. D.It requires fewer networking devices to create small failure domains than large ones. 8.Why would a managed-service customer want to have an SLA with the ISP? A.to ensure that equipment ordered from vendors is delivered on time. B.to provide extended warranties for customer-installed networking equipment. C.to guarantee customer premises wiring meets all required standards. D.to have a written agreement of what services the ISP will provide. 9.Where would the on-site technician record information about the brand, model, and operating system of the hosts and networking devices installed on the network be located? A.topology map. B.inventory sheet. C.office floorplan. D.analysis report. 10.ISP is recommending a Cisco 1841 ISR to upgrade a small business customer LAN. Why is an ISR a good choice for a small business customer? (Choose two) A.An ISR often costs less than a stand-alone router and a LAN switch solution. B.The ISR eliminates the need for on-site email or web servers. C.ISR's combine routing, switching, and wireless capabilities in a single device. D.ISR's are a good choice because small businesses usually do not require firewall security. E.Because the ISR features are limited to routing and switching, they are easier to configure.

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 4 Planning the Addressing Structure 4.0 Chapter Introduction 4.0.1 Introduction Page 1: 4.0.1 - Introduction As small-to-medium-sized business networks expand to meet the challenges of new applications and services, they often outgrow their initial design. A key factor when planning the network upgrade is network addressing. Creating a flexible, scalable IP addressing structure able to support new growth is critical to the success of the upgraded network. After completion of this chapter, you should be able to: Describe how IP addressing is implemented in the LAN. Subnet a given network to allow for efficient use of IP address space. Explain how Network Address Translation (NAT) and Port Address (PAT) are used in a network.

4.1 IP Addressing in the LAN 4.1.1 Review of IP Addresses Page 1: One of the most important aspects of communications on an internetwork is the IP addressing scheme.

IP addressing is the method used to identify hosts and network devices. As the Internet grew over time and the number of hosts connected to it increased, IP addressing schemes had to adapt to cope with the growth.

While IP addressing schemes have had to adapt, the basic IP address structure for IPv4 remains the same. To send and receive messages on an IP network, every network host must be assigned a unique 32-bit IP address. Because large binary numbers are difficult for people to read and

understand, IP addresses are usually displayed in dotted-decimal notation. In dotted-decimal notation, each of the four octets is converted to a decimal number separated by a decimal point. For example, the IP address:

11000000.10101000.00000001.01101010

is represented as 192.168.1.106 in dotted-decimal notation.

4.1.1 - Review of IP Addresses The animation depicts how an IP address is expressed in dotted decimal notation. An IP address is a 32-bit logical network address. 32 bits are difficult to read, so the address is split into four octets, converted to base 10, and the octets are separated by dots. This is known as dotted-decimal notation. Page 2: IP addresses are hierarchical. A hierarchy is like a family tree with parents at the top and children connected to them below. For a network, this means that part of the 32-bit number identifies the network (parent), while the rest of the bits identify the host (child). In the early days of the Internet, there were so few organizations needing to connect to the Internet, that networks were assigned by only the first 8 bits (first octet) of the IP address. This left the remaining 24 bits to be used for local host addresses.

The 8-bit network designation made sense at first, because originally people thought that the Internet would be made up of a few very large universities, governments, and military organizations. Using only 8 bits for the network number enabled the creation of 256 separate networks, each containing over 16 million hosts. It soon became apparent that more organizations, and eventually individuals, were connecting to the Internet to do research and to communicate with others. More networks were required, and a way to assign more network numbers had to be created.

4.1.1 - Review of IP Addresses The animation depicts a network and the host hierarchy of the IP address. IP addresses are hierarchical. In this example, the network is identified by the first three octets, and the host is identified by the fourth octet. Page 3: To create more possible network designations, the 32-bit address space was organized into five classes. Three of these classes, A, B, and C, provide addresses that can be assigned to individual

hosts or networks. The other two classes, D and E, are reserved for multicast and experimental use.

Until this change, routers examined only the first 8-bits of an IP address for the network ID. Class B networks, however, use the first 16 bits to identify the network. Class C networks use the first 24 bits to identify the network. With this addition, routers needed to be programmed to look beyond the first 8 bits to identify class B and C networks.

It was decided to divide the networks in a manner that would make it easy for routers and hosts to determine the correct number of network ID bits. The class of a network is indicated by the values of the first few bits of the IP address, called the high-order bits. If the first bit is 0, the network is a Class A, and the first octet represents the network ID. When the first bit is 1, the router examines the second bit. If that bit is 0, the network is a Class B, and the router uses the first 16 bits for the network ID. If the first three bits are 110, it indicates a Class C address. Class C addresses use the first 24 bits, or three octets, to designate the network. Dividing the original 8-bit network into smaller network classes increased the number of available network designations from 256 to over two million.

4.1.1 - Review of IP Addresses The diagram depicts five network address classes: Class A, B, C, D, and E. Class A The first octet denotes the network address, and the last three octets are the host portion. Any IP address where the first bit of the first octet is 0 is a Class A. Class A addresses can have a decimal value within the first octet ranging between 1 and 126. These addresses are typically used for networks with more than 65,534 hosts. The Class A address 127 is reserved for loopback testing. Class B The first two octets denote the network address, and the last two are the host portion. Any IP address where the first two bits of the first octet are 10 is a Class B. Class B addresses can have a decimal value within the first octet ranging between 128 and 191. These addresses are typically used for networks that have between 255 and 65,534 hosts. Class C The first three octets denote the network address, and the last one is the host portion. Any IP address where the first three bits of the first octet are 110 is a Class C. Class C addresses can have a decimal value within the first octet ranging between 192 and 223. These addresses are typically used for networks with 254 or less hosts. Class D Used for multicast addressing. Any IP address where the first four bits of the first octet are 1110 is a Class D. Class D addresses can have a decimal value between 224 and 239. Class E Reserved for future experimental usage and broadcasting. Any IP address where the first five bits of the first octet are 11110 is a Class E. Class E addresses can have a decimal value between 240 and 255.

Page 4: In addition to creating separate classes, the Internet Engineering Task Force (IETF) decided to reserve some of the Internet address space for use by private networks. Private networks have no connection to public networks. Private network addresses are not to be routed across the Internet. This allows multiple networks in various locations to use the same private addressing scheme without creating addressing conflicts.

The use of private address space reduced the number of unique registered IP addresses that were assigned to organizations.

A single Class A address, 10.0.0.0, was reserved for private use. In addition, address space in classes B and C was also set aside for private networks.

Most networks today use a private address structure. Most consumer networking devices, by default, give out private addresses through DHCP. Only the devices that connect directly to the Internet are assigned registered Internet routable addresses.

4.1.1 - Review of IP Addresses The diagram depicts a table with private IP Address information for each class, A. through E. Class A private addresses. Address range: 10.0.0.0 to 10.255.255.255. Default Subnet Mask: 255.0.0.0. Number of Networks: 1. Hosts per Network: 16,777,214. Total Hosts: 16,777,214. Class B private addresses. Address range: 172.16.0.0 to 172.31.255.255. Default Subnet Mask: 255.255.0.0. Number of Networks: 16. Hosts per Network: 65,534. Total Hosts: 1,048,544. Class C private addresses. Address range: 192.168.0.0 to 192.168.255.255. Default Subnet Mask: 255.255.255.0. Number of Networks: 256. Hosts per Network: 254. Total Hosts: 65,024. The diagram shows a new ISR with internal wired and wireless clients. The New ISR is connected to an ISP router. The ISP gives a public address to the external interface of the New

ISR, for example 209.165.201.14. The internal wireless ISR connects to New ISR with a private default gateway address of 192.168.1.1. Client private IP addresses are from 192.168.1.101 to 192.168.1.150. 4.1.2 Subnetting a Network Page 1: Networks continued to grow and connect to the Internet throughout the 1980s and into the 1990s, with many organizations adding hundreds, and even thousands, of hosts to their network. An organization with thousands of hosts should have been well served by a Class B network, however, there were some problems.

First, organizations with thousands of hosts rarely had them all in one place. Some organizations wanted to separate individual departments from each other for security or management purposes. Second, a primary type of packet forwarded on a network is the broadcast packet. Broadcast packets are forwarded to all hosts within a single logical network. With thousands of hosts on a single network sending broadcast traffic, and limited bandwidth available, network performance significantly decreased as more hosts were added.

To solve these problems, the organizations leading the development of the Internet chose to partition their networks into mini-networks, or subnetworks, using a process called subnetting. How can a single IP network get split into multiple networks so that each subnet is treated as a separate network?

RFC 917, Internet Subnets, defines the subnet mask as the method routers use to isolate the network portion from an IP address. When a router receives a packet, it uses the destination IP address in the packet and the subnet masks associated with the routes in its routing table to determine the appropriate path on which to forward the packet.

The router reads the subnet mask from left to right, bit by bit. If a bit in the subnet mask is set to 1, it indicates that the value in that position is part of the network ID. A 0 in the subnet mask indicates that the value in that position is part of the host ID.

4.1.2 - Subnetting a Network The diagram depicts a table with information about each network address class, A. through E. Class A. Has a first octet range of decimal 1-127. Binary 00000000-01111111. Decimal subnet of 255.0.0.0. 128 possible networks, 16,777,214 hosts. Used for commercial purposes.

Address range is 1.0.0.1 to 126.255.255.254. (Class A address 127.0.0.0 is reserved for loopback testing). Class B. Has a first octet range of decimal 128-191. Binary 10000000-10111111. Decimal subnet of 255.255.0.0. Possible 16,384 networks, 65,534 hosts. Used for commercial purposes. Address range is 128.0.0.1 to 191.255.255.254. Class C. Has a first octet range of decimal 192-223. Binary 11000000-11011111. Decimal subnet of 255.255.255.0. Possible 2,097,152 networks, 254 hosts. Used for commercial purposes. Address range is 192.0.0.1 to 223.255.255.254. Class D. Has a first octet range of decimal 224-239. Binary 11100000-11101111. Reserved for multicast purposes. Class E. Has a first octet range of decimal 240-255. Binary 11110000-11110111. Reserved for experimental use. Note: All zeros (0) and all ones (1) are invalid host addresses. Page 2: In the original IP address hierarchy, there are two levels: a network and a host. In a classful addressing scheme, the first three leading bit values are used to determine that an IP address is either a Class A, B, or C. When an address is identified by class, the number of bits that make up the network ID and the number of bits that make up the host ID are known. The default subnet masks for the network classes are:

Class A 255.0.0.0

Class B 255.255.0.0

Class C 255.255.255.0

Subdividing a classful network adds a level to the network hierarchy. Now there are three levels: a network, a subnetwork, and a host. How can the subnet mask be modified to indicate the new hierarchical level?

A single Class A, B, or C network address space can be divided into multiple subnetworks by using bits from the host address space to designate the subnet ID. As an example, an organization using a Class C address space has two offices in different buildings. To make the network easier to manage, the network administrators want each location to have a logically separate network. Taking two bits from the host address increases the subnet mask length from the default 24 bits to 26 bits, or 255.255.255.192.

When bits are borrowed from the host portion of the address to identify the subnet, fewer bits are available for individual hosts. If two bits are used for the subnet ID, only six bits are left in the host portion of the address.

4.1.2 - Subnetting a Network The diagram depicts an IP address hierarchy of a network with subnets and hosts. A customer router with two subnets, internal wired and wireless clients, is connected to an ISP router and an internal wireless router. A network hierarchy illustrates that the customer router with two subnets represent the entire customer network. The internal wired and wireless local networks represent subnets and the PC's and routers within each of the subnet represent hosts. Page 3: With traditional classful subnetting, the same number of host bits is used to designate the subnet ID for all the resulting subnetworks. This type of subnetting always results in a fixed number of subnets and a fixed number of hosts per subnet. For this reason, this is known as fixed-length subnetting.

The decision about how many host bits to use for the subnet ID is a big planning decision. There are two considerations when planning subnets: the number of hosts on each network, and the number of individual local networks needed. The table for the subnet possibilities for the 192.168.1.0 network shows how the selection of a number of bits for the subnet ID affects both the number of possible subnets and the number of hosts that can be in each subnet.

One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s and the all-1s. An address with all 0s in the host portion of the address is an invalid host address and usually refers to the entire network or subnetwork. An address with all 1s in the host portion is used as the local network broadcast address. When a network is subnetted, each subnet contains an all-0s and an all-1s host address that cannot be used for individual host addresses.

4.1.2 - Subnetting a Network The diagram depicts the process of dividing the IP address hierarchy for classful subnetting. Subnetting the 192.168.1. 0 network: 11000000 10101000 00000001 hhhhhhhh Subnet I D Bits 0 Host I D Bits 8 Number of Subnets 1 Number of Hosts 254 Bit pattern hhhhhhhh Subnet I D bits = 0, the network has one subnet. Subnet I D Bits 1 Host I D Bits 7 Number of Subnets 2 Number of Hosts 126 Bit pattern s hhhhhhh As soon as one of the host bits is designated as a subnet bit, the network will have two subnets. Remember, in binary, a bit can have two states, 1 or 0, so the number of subnets is 2^s. Subnet I D Bits 2 Host I D Bits 6 Number of Subnets 4 Number of Hosts 62 Bit pattern ss hhhhhh Subnet I D Bits 3 Host I D Bits 5 Number of Subnets 8 Number of Hosts 30 Bit pattern sss hhhhh Subnet I D Bits 4 Host I D Bits 4 Number of Subnets 16 Number of Hosts 14 Bit pattern ssss hhhh Notice the inverse relationship between the number of subnets and the number of hosts. Subnet I D Bits 5 Host I D Bits 3 Number of Subnets 32 Number of Hosts 6 Bit pattern sssss hhh The question asked in the diagram is as follows: Our example network has fewer than six hosts in it. If we had to really subnet this network, would we choose to break it into two subnets, or would we choose to break it into the number of subnets that support 6 hosts? Subnet I D Bits 6 Host I D Bits 2

Number of Subnets 64 Number of Hosts 2 Bit pattern ssssss hh 4.1.3 Custom Subnet Masks Page 1: When a network is partitioned, the router must use a modified or custom subnet mask to distinguish the subnets from each other.

A default subnet mask and a custom subnet mask differ from each other in that the default subnet masks only change on octet boundaries. For instance, the default subnet mask for a Class A network is 255.0.0.0. Custom subnet masks take bits from the host ID portion of the IP address and add them to the default subnet mask.

To create a custom subnet mask, the first question to answer is how many bits to take from the host ID to add to the subnet mask? The number of bits to borrow to meet a specific number of subnets can be determined by the math equation: 2^n, where n equals the number of bits borrowed.

If three subnets are required, there must be enough subnet bits to allow for three unique subnet addresses.

For example, if starting with a Class C address, such as 192.168.1.0, there are only eight host bits to borrow from. Each bit can only be a 1 or a 0. To allow for three subnets, at least two of the eight bits must be borrowed. This creates four subnets total:

00 - 1st subnet

01 - 2nd subnet

10 - 3rd subnet

11 - 4th subnet

In the above example, two bits were borrowed, 2^2 = 4 or 2 x 2 = 4, so four subnets were created. If between five and eight subnets were needed, then three bits would be required (2^3 = 8 or 2 x 2 x 2).

The number of bits selected for the subnet ID affects both the number of possible subnets and the number of hosts that can be in each subnet.

4.1.3 - Custom Subnet Masks The diagram depicts the process of borrowing one bit from the host portion of network address 192.168.1.0 /24 to create two subnets. The four columns are headed Subnet, Network Address, Host Range, and Broadcast Address. SubnetNetwork Address Host RangeBroadcast Address 0192.168.1.0 /25192.168.1.0 to .126192.168.1.127 1192.168.1.128 /25192.168.1.129 to .254192.168.1.255 The resulting addressing scheme shows the range of host addresses and the broadcast address for each subnet. Page 2: With classed subnetting, the number of bits required for the subnet ID depends on two factors: the number of subnets created and the number of hosts per subnet.

In classed, or fixed-length, subnetting, all subnets must be the same size, which means that the maximum number of hosts that each subnet can support is the same for all subnets created. The more bits that are taken for the subnet ID, the fewer bits left for host IDs.

The same base equation, 2^n, with a slight modification, can be used to determine the number of host IDs available based on the number of host bits remaining. Because each subnet has two host addresses that are reserved, the all-0s and all-1s addresses, the equation to determine the number of hosts supported is modified to 2^n - 2.

After it is determined how many bits make up the subnet address, all devices on the network are informed of the subdivision by the subnet mask. With the subnet mask, it is possible to tell which subnet an IP address is in and to design simple classful subnetted IP address schemes.

4.1.3 - Custom Subnet Masks The diagram depicts the process of borrowing two bits from the host portion of network address 192.168.1.0 /24 to create four subnets. The four columns are headed Subnet, Network Address, Host Range, and Broadcast Address.

SubnetNetwork Address Host RangeBroadcast Address 0192.168.1.0 /26192.168.1.0 to .62192.168.1.63 1192.168.1.64 /26192.168.1.65 to .126192.168.1.127 2192.168.1.128 /26192.168.1.129 to .190192.168.1.191 3192.168.1.192 /26192.168.1.193 to .254192.168.1.255 Page 3: Subnetting solved a number of problems that existed with the original classed network address spaces. It permitted organizations that owned a class A, B, or C address to subdivide their address space into smaller local subnets to more efficiently assign addresses. However, subnetting is also important in helping to minimize traffic loads and for adding security measures between networks.

An example of a situation that might require subnetting is an ISP customer that has outgrown its initial network installation. In this network, the original small, integrated wireless router is overloaded with traffic from both wired and wireless users. Because of its relatively small size, a Class C address space is used to address the network.

One possible solution to the problem of the overloaded network is to add a second networking device, such as a larger integrated service router (ISR). When adding a device, it is a good practice to place the wired and wireless users on separate local subnetworks to increase security. The original wireless router can still be used to provide the wireless users with connectivity and security on one network. Hubs or switches connecting the wired users can then be directly connected to the new ISR using a different network. The ISR and the wireless router can then be directly connected with a third network.

This new network configuration requires that the existing Class C network be divided into at least three subnetworks. Using classful subnetting, at least two bits must be taken from the host portion of the address to meet the customer requirements. This subnetting scheme results in the creation of four individual networks, each with 62 available host addresses (64 possible addresses, minus the all-0s and all-1s addresses).

4.1.3 - Custom Subnet Masks The diagram depicts an original ISR with internal wired clients representing a single network. This ISR changes to a new ISR. A wireless ISR is added for wireless clients, which splits the network into two subnets. Page 4: 4.1.3 - Custom Subnet Masks The diagram depicts an activity in which you must determine the network address in binary and

decimal for each IP address presented. IP Address One. Host address: 10.80.130.194 Subnet Mask: 255.255.254.0 Host address in binary: 00001010-01010000-10000010-11000010 Subnet Mask in binary: 11111111-11111111-11111110-00000000 What is the network address in binary? What is the network address in decimal? IP Address Two. Host address: 10.207.88.219 Subnet Mask: 255.255.255.224 Host address in binary: 00001010-11001111-01011000-11011011 Subnet Mask in binary: 11111111-11111111-11111111-11100000 What is the network address in binary? What is the network address in decimal? IP Address Three. Host address: 10.238.110.142 Subnet Mask: 255.255.128.0 Host address in binary: 00001010-11101110-01101110-10001110 Subnet Mask in binary: 11111111-11111111-10000000-00000000 What is the network address in binary? What is the network address in decimal? Page 5: Packet Tracer Activity

Subnet a network to meet the requirements of multiple LANs.

Click the Packet Tracer icon to begin.

4.1.3 - Custom Subnet Masks Link to Packet Tracer Exploration: Implementing an IP Addressing Scheme 4.1.4 VLSM and Classless Inter-Domain Routing (CIDR) Page 1: The original classful subnetting design required that all subnets of a single classed network be the same size. This was because routers did not include subnet mask information in their routing updates. A router programmed with one subnet address and mask on an interface automatically applied that same mask to the other network subnets in its routing table. This limitation required planning for fixed-length subnet masks in the IP addressing scheme.

However, fixed-length subnet masks can waste a significant number of IP addresses. For example, an organization with one site has approximately 8,000 hosts and three other locations with 1,000, 400, and 100 hosts, respectively. With a fixed-length subnet mask, each subnet would have to support at least 8,000 hosts, even the one assigned to the location needing only 100 addresses.

Variable length subnet masking (VLSM) helps to solve this issue. VLSM addressing allows an address space to be divided into networks of various sizes. This is done by subnetting subnets. To accomplish this, routers today must receive routing information that includes the IP address of the network, and the subnet mask information which indicates the number of bits that make up the network portion of the IP address. VLSM saves thousands of IP addresses that would be wasted with traditional classful subnetting.

In addition to VLSM, Classless Inter-Domain Routing (CIDR) was proposed in RFC 1519 and accepted. CIDR ignores network classes based on the value of the high-order bits. CIDR identifies networks based solely on the number of bits in the network prefix, which corresponds to the number of 1s in the subnet mask. An example of an IP address written using CIDR notation is 172.16.1.1/16, where the /16 represents the number of bits in the network prefix.

4.1.4 - VLSM and Classless Inter-Domain Routing (C I D R) The diagram depicts a comparison of fixed length subnet masking and variable length subnet masks (VLSM). There are four subnets, 1, 2, 3, and 4, have 8,000, 1,000, 400, and 100 hosts, respectively. In the fixed length subnet masking diagram, starting with network I D 172.16.0.0 and a fixed mask of 255.255.224.0 ( /19), this creates eight subnets of 8,190 hosts each. This is efficient for Subnet 1 with 8,000 hosts, but wastes a large number of addresses for the other three subnets. The VLSM diagram shows that Subnet 1 can still use a 255.255.224.0 ( /19) mask, and Subnet 2 can use a 255.255.252.0 ( /22) mask for a maximum number of 1,022 hosts. Subnet 3 can use a 255.255.254.0 ( /23) mask for a maximum number of 510 hosts, and Subnet 4 can use a 255.255.255.128 ( /25) mask for a maximum number of 126 hosts. The remaining addresses can be used elsewhere or for future expansion. Page 2: CIDR protocols freed routers from using only the high-order bits to determine the network prefix. Removing that restriction eliminated the need to allocate registered IP addresses by address class.

Before CIDR, an ISP requiring 3,000 host addresses could request either a full Class B address space or multiple Class C network addresses to meet its requirements. With a Class B address space, the ISP would waste thousands of registered addresses. If it requested multiple Class C

addresses, it could be difficult to design the ISP network so that no single section required more than 254 host addresses. Routing tables containing many Class C addresses can also get large and difficult to manage.

By ignoring the traditional address classes, CIDR enables the ISP to request a block of addresses based on the number of host addresses it requires. Supernets, created by combining a group of Class C addresses into one large block, enable addresses to be assigned more efficiently. An example of a supernet is 192.168.0.0/19. Using the first 19 bits of the IP address for the network prefix enables this supernet to contain 8,190 possible host addresses. An ISP can use a supernet as one large network or divide it into as many smaller networks as needed to meet its requirements.

In this example of a supernet, the private Class C address of 192.168.0.0 is used. In reality, most networks that use private addressing use either the Class A or B reserved addresses and subnetting. Although classed addressing and fixed-length subnet masking are becoming less common, it is important to understand how these addressing methods work. Many devices still use the default subnet mask if no custom subnet mask is specified.

4.1.4 - VLSM and Classless Inter-Domain Routing (C I D R) The diagram depicts information about the C I D R standard. C I D R (RFC 1519) allowed for: More efficient use of IPv4 address space Prefix aggregation, which reduced the size of routing tables 4.1.5 Communicating Between Subnets Page 1: When a network is split into subnets, each subnet is actually a completely separate network. Therefore, for a device in one subnet to communicate with a device in another subnet, a router is required because routers connect networks.

To determine how many hosts are needed in each subnet, it is necessary to include the router interface, or gateway interface, and the individual host devices. Each router interface must have an IP address in the same subnet as the host network attached to it.

In some instances, it may be necessary to connect two routers, such as when connecting the Linksys device and the 1841 ISR. This configuration must ensure that interfaces on routers that connect to each other are assigned IP addresses in the same network or subnet. Here the common link shows the two routers connected on the 192.168.1.16/29 subnet with host IP addresses of 192.168.1.17/29 and 192.168.1.18/29.

4.1.5 Communicating Between Subnets The animation depicts how router interfaces are to be accounted for when determining IP addresses to be included in the subnets. Page 2: Packet Tracer Activity

Modify the addresses, subnet masks, and device default gateways to enable routing between subnets.

Click the Packet Tracer icon to begin.

4.1.5 Communicating Between Subnets Link to Packet Tracer Exploration: Communicating Between Subnets Page 3: Lab Activity

Create an IP addressing scheme for a small network.

Click the lab icon to begin.

4.1.5 Communicating Between Subnets Link to Hands-on Lab: Subnetting a Network

4.2 NAT and PAT 4.2.1 Basic Network Address Translation (NAT) Page 1: Routers are required to route between subnets on an internal network, regardless of whether the IP address range is public or private. However, if the address range is private, private networks cannot be routed across the public Internet. Therefore, how do host devices using a private

addressing scheme communicate across the Internet? Network Address Translation (NAT) must be enabled on the device connecting the private network to the ISP network.

NAT allows a large group of private users to access the Internet by sharing one or more public IP addresses. Address translation is similar to how a telephone system works in a company. As a company adds employees, at some point, they no longer run a public phone line directly to each employee desk. Instead, they use a system that allows the company to assign each employee an extension number. The company can do this because not all employees use the phone at the same time. Using private extension numbers enables the company to purchase a smaller number of external phone lines from the phone company.

NAT works similarly to a company phone system. Saving registered IP addresses is one of the main reasons that NAT was developed. NAT can also provide security to PCs, servers, and networking devices by withholding their actual IP host addresses from direct Internet access.

4.2.1 - Basic Network Address Translation (NAT) The animation depicts the function of Network Address Translation (NAT). NAT is required between the local private network and the public Internet. NAT allows many users in a private network to use a few public IP addresses. In the diagram, five public Internet addresses are used by the customer router, which is attached to the ISP . The internal wired and wireless subnets have 40 private users that can use of the external public addresses to access the Internet. Page 2: The main advantages of NAT are that IP addresses can be re-used and many hosts on a single LAN can share globally unique IP addresses. NAT operates transparently and helps shield users of a private network against access from the public domain.

In addition, NAT hides private IP addresses from public networks. The advantage to this is that NAT operates much like an access control list, not allowing outside users to access internal devices. The disadvantage is that additional configurations are required to allow access from legitimate, external users.

Another disadvantage is that NAT has an impact on some applications that have IP addresses in their message payload, because these IP addresses must also be translated. This translation increases load on the router and hinders network performance.

4.2.1 - Basic Network Address Translation (NAT) The diagram depicts a table with the advantages and disadvantages of NAT. Advantages of NAT

Public IP address sharing Transparent to end users Improved Security LAN expandability or scalability Local control including ISP connectivity Disadvantages of NAT Incompatibility with certain applications Hinders legitimate remote access Performance reduction caused by increased router processing 4.2.2 IP NAT Terms Page 1: When configuring NAT on a router, there are a few terms that help explain how the router accomplishes NAT:



• •

• • •

Inside local network - Refers to any network connected to a router interface that is part of the privately addressed LAN. Hosts on inside networks have their IP addresses translated before they are transmitted to outside destinations. Outside global network - Any network attached to the router that is external to the LAN and does not recognize the private addresses assigned to hosts on the LAN. Inside local address - Private IP address configured on a host on an inside network. The address must be translated before it can travel outside the local network addressing structure. Inside global address - IP address of an inside host as it appears to the outside network. This is the translated IP address. Outside local address - Destination address of the packet while it is on the local network. Usually, this address is the same as the outside global address. Outside global address - Public IP address of an external host. The address is allocated from a globally routable address or network space.

4.2.2 - IP NAT Terms The diagram depicts the process by which NAT translates private IP addresses. The gateway router translates the private IP address to a public IP address from the NAT address pool before sending it on the outside network. When the remote server replies, it uses the translated address as the destination address of the packet. The gateway router receives the packet and translates the destination address back to the inside private address. Page 2: 4.2.2 - IP NAT Terms The diagram depicts an activity in which you must determine if the Address Type for each

source and destination of an ISP and a LAN is one of the following NAT terms: A.Inside Local B.Outside Local C.Inside Global D.Outside Global Host, H 1, is the internal LAN host with private IP address 192.168.1.106. Host, H 2, is the external ISP server with public IP address 209.165.200.226. Match the Inside and Outside options to the correct Address Type. Remember, devices from the LAN are inside. On the inside network, IP addresses are local. On the outside network, IP addresses are global. ISP One.Source - IP Address: translated Two.Destination - IP Address: 209.165.200.226 LAN One.Source - IP Address: 192.168.1.106 Two. Destination - IP Address: 209.165.200.226 4.2.3 Static and Dynamic NAT Page 1: Addresses can be assigned dynamically. Dynamic NAT allows hosts on a private network that have private IP addresses to access a public network, such as the Internet. Dynamic NAT occurs when a router assigns an outside global address from a pre-defined address, or pool of addresses, to an inside private network device.

As long as the session is open, the router watches for the inside global address and sends acknowledgments to the initiating inside device. When the session ends, the router simply returns the inside global address to the pool.

4.2.3 - Static and Dynamic NAT The diagram depicts an animation of a dynamic NAT. Inside Local Addresses 192.168.1.106 Outside Global Addresses 209.165.200.226 IP addresses on the LAN, such as 192.168.1.0, are translated dynamically to any one of these globally unique IP addresses, 209.165.201.0 /27. Page 2:

One of the advantages of using NAT is that individual hosts are not directly accessible from the public Internet. But what if one or more of the hosts within a network are running services that need to be accessed from Internet connected devices and devices on the local private LAN?

One way to provide access to a local host from the Internet is to assign that device a static address translation. Static translations ensure that an individual host private IP address is always translated to the same registered global IP address. It ensures that no other local host is translated to the same registered address.

Static NAT allows hosts on the public network to access selected hosts on a private network. If a device on the inside network needs to be accessible from the outside, use static NAT.

Both static and dynamic NAT can be configured at the same time, if necessary.

4.2.3 - Static and Dynamic NAT The diagram depicts an animation of a static NAT. Inside Local Addresses 192.168.1.106 Outside Global Addresses 209.165.200.226 Before translation, the permanently assigned IP Address is 192.168.1.106. After translation the permanently assigned IP address is 209.165.202.129. The destination address in the packets from external hosts is 209.165.202.129. The router translates the address to the internal address of the host, which is 192.168.1.106. Page 3: Packet Tracer Activity

Examine the contents of the IP header as traffic crosses the NAT border.

Click the Packet Tracer icon to begin.

4.2.3 - Static and Dynamic NAT Link to Packet Tracer Exploration: Examining Network Address Translation (NAT) 4.2.4 Port-based Network Address Translation (PAT)

Page 1: When an organization has a very small registered IP address pool, or perhaps even just a single IP address, it can still enable multiple users to simultaneously access the public network with a mechanism called NAT overload, or Port Address Translation (PAT). PAT translates multiple local addresses to a single global IP address.

When a source host sends a message to a destination host, it uses an IP address and port number combination to keep track of each individual conversation with the destination host. In PAT, the gateway translates the local source address and port combination in the packet to a single global IP address and a unique port number above 1024. Although each host is translated into the same global IP address, the port number associated with the conversation is unique.

Responding traffic is addressed to the translated IP address and port number used by the host. A table in the router contains a list of the internal IP address and port number combinations that are translated to the external address. Responding traffic is directed to the appropriate internal address and port number. Because there are over 64,000 ports available, a router is unlikely to run out of addresses, which could happen with dynamic NAT.

4.2.4 - Port-based Network Address Translation (PAT) The diagram depicts a local network with 40 private users and one public address. Page 2: Because each translation is specific to the local address and local port, each connection, which generates a new source port, requires a separate translation. For example, 10.1.1.1:1025 requires a separate translation from 10.1.1.1:1026.

The translation is only in place for the duration of the connection, so a given user does not keep the same global IP address and port number combination after the conversation ends.

Users on the outside network cannot reliably initiate a connection to a host on a network that uses PAT. Not only is it impossible to predict the local or global port number of the host, but a gateway does not even create a translation unless a host on the inside network initiates the communication.

4.2.4 - Port-based Network Address Translation (PAT) The diagram depicts the TCP process using PAT. The user PC attaches a port number to its source IP address to be included in the outbound

request. The destination is a web server, and the destination address has well-known port 80 attached. The gateway router receives the request and translates the source IP address to the one available public IP address. It then chooses an available port number from the available ports, which is any port greater than 1024, and binds it to the public IP address before forwarding the packet. The server responds, sending it to the same IP address and port combination that sent it. The gateway receives the response and recognizes the IP address and port combination. It translates the combination to the correct IP address and binds it to the original port number that the communication loop can be closed. Page 3: Lab Activity

Determine the number of Port Address Translations being performed.

Click the lab icon to begin.

4.2.4 - Port-based Network Address Translation (PAT) Link to Hands-on Lab: Determining PAT Translations. 4.2.5 IP NAT Issues Page 1: People access the Internet from private networks without ever realizing that the router is using NAT. However, an important issue with NAT is the additional workload necessary to support IP address and port translations.

Some applications increase the workload of the router, because they embed an IP address as part of the encapsulated data. The router must replace the source IP addresses and port combinations that are contained within the data, and the source addresses in the IP header.

With all this activity taking place within a router, NAT implementation requires good network design, careful selection of equipment and accurate configuration.

NAT has become so commonplace in integrated networking devices used in homes and small businesses, that for some people, configuring it is a matter of selecting a check box. As

businesses grow and require more sophisticated gateway and routing solutions, device configurations for NAT become more complex.

4.2.5 - IP NAT Issues The diagram depicts examples of networking. Page 2: Subnetting networks, private IP addressing, and the use of NAT were developed to provide a temporary solution to the problem of IP address depletion. These methods, though useful, do not create more IP addresses. As a response to address depletion, IPv6 was proposed in 1998 with RFC 2460.

Although its primary purpose was to solve IPv4 IP address depletion, there were other good reasons for its development. Since IPv4 was first standardized, the Internet has grown significantly. This growth has uncovered advantages and disadvantages of IPv4, and the possibility for upgrades to include new capabilities.

A general list of improvements that IPv6 proposes are:

• • • • •

More address space Better address space management Easier TCP/IP administration Modernized routing capabilities Improved support for multicasting, security, and mobility

The development of IPv6 is designed to address as many of these requests and problems as possible.

4.2.5 - IP NAT Issues The diagram depicts a timeline for the evolution of IP from IPv4 to IPv6. 1981 RFC 791 defined (IPv4) 1984 RFC 917 defined IP subnetting 1993 RFC 1519 defined C I D R 1996 RFC 1918 defined private IP addressing 1998 RFC 2460 defined IPv6 1998 to Present - transition from IPv4 to IPv6 (ongoing) Page 3:

With IPv6, IP addresses are 128 bits with a potential address space of 2^128. In decimal notation, that is approximately a 3 followed by 38 zeroes. If IPv4 address space was represented by a small marble, then IPv6 address space is represented by a volume almost equivalent to the planet Saturn.

Working with 128-bit numbers is difficult, so the IPv6 address notation represents the 128 bits as 32 hexadecimal digits, which are further subdivided into eight groups of four hexadecimal digits, using colons as delimiters. The IPv6 address has a three-part hierarchy. The global prefix is the first three blocks of the address and is assigned to an organization by an Internet names registry. The subnet and the interface ID are controlled by the network administrator.

Network administrators will have some time to adjust to this new IPv6 structure. Before the widespread adoption of IPv6 occurs, network administrators still need a way to more efficiently use private address spaces.

4.2.5 - IP NAT Issues The animation depicts an explanation of IPv6 address notation. IPv6 addresses are 128 bits long. The IPv6 address can be shown in dotted decimal notation using 16 8-bit hexadecimal blocks. The standard IPv6 notation uses eight 16-bit hexadecimal blocks separated by colons, as shown in the example: 2001:0db8:3c55:0015:0000:0000:a.bcd:ff13 The first three blocks represent the Global Prefix, the next block is the Subnet, and the last four blocks are the Interface Identifier. Consecutive blocks of all-zeros are contiguous zeros. They can be removed from the IP address and replaced with a double colon, as shown in the example: 2001:0db8:3c55:0015::a.bcd:ff13

4.3 Chapter Summary 4.3.1 Summary Page 1: 4.3.1 - Summary Diagram 1, Image The diagram depicts a network with subnets. Diagram 1 text Interfaces on network devices connected to the Internet need to have a unique IP address, to send and receive messages over internetworks. IP addresses are organized into network classes, A, B, C, D, and E, and are conserved by the

creation of private IP address space. A network can be divided into subnets. Classful subnetting uses the extension of the subnet mask. Classless IP addressing, part of a method called classless inter-domain routing (C I D R), uses a flexible method of subnetting with variable length subnet masks (VLSM). Diagram 2, Image The diagram depicts a table with subnet information. Diagram 2 text Subnet masks allow further subdivision of networks by extending the number of bits used. A subnet I D is created by splitting the host I D into two parts, a subnet I D and a new host I D. The number of bits in the subnet I D determines the number of subnets there can be in a network. Communication between subnets requires routing. Diagram 3, Image The diagram depicts a network with inside and outside addresses. Diagram 3 text NAT enables a large group of private users to access the Internet by sharing a small pool of public IP addresses, thereby reducing the consumption of globally unique IP addresses. Inside addresses are IP addresses for private network devices. Outside addresses are IP addresses for public network devices. Local addresses are IP addresses in packets that are still in the private network. Global addresses are IP addresses that cross to the outside network. A packet that has been translated and is in the outside network will list an inside-global IP address as source, and an outside-global IP address as destination. Diagram 4, Image The diagram depicts a network with wired and wireless subnets. Diagram 4 text Static NAT is for permanent one-to-one translations from a specific inside-local IP address to a specific inside-global IP address. Dynamic NAT assigns inside-global IP addresses on a first-come, first-served basis from an available pool of IP addresses to a designated network or sub-network. PAT can be used to add a port number to the IP address for specific connections. Network devices that use NAT translate addresses on every packet. This can significantly increase processing work load. IPv6 incorporates a 128-bit addressing scheme, whereas IPv4 uses 32-bits.

4.4 Chapter Quiz 4.4.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

4.4.1 - Quiz Chapter 4 Quiz: Planning the Addressing Structure 1.Which three addresses are valid subnetwork addresses when 172.25.15.0 /24 is further subnetted by borrowing an additional four bits? (Choose three.) A.172.25.15.0 B.172.25.15.8 C.172.25.15.16 D.172.25.15.40 E.172.25.15.96 F.172.25.15.248 2.What are three advantages of NAT? (Choose three.) A.conserves registered public IP addresses. B.reduces CPU usage on customer routers. C.creates multiple public IP addresses. D.hides private LAN addressing from the Internet. E.permits LAN expansion without additional public IP addresses. F.improves the performance of border routers. 3.What is the default subnet mask for the address 172.31.18.222? A.255.0.0.0 B.255.255.0.0 C.255.255.255.0 D.255.255.255.254 E.255.255.255.255 4.What are the high order binary numbers that begin a Class C address? A.000 B.001 C.010 D.110 5.Host A is configured with IP address 192.168.75.34 and Host B is configured with IP address 192.168.75.50. Each are using the same subnet mask of 255.255.255.240 but are not able to ping each other. What networking device is needed for these two hosts to communicate? A.switch B.hub C.server D.router 6.What two pieces of information can be derived from the IP address 192.168.42.135 /24? (Choose two.) A.This is a Class C address because the high order bits are 110. B.The default subnet mask is 255.255.255.0. C.The host portion is represented by the third and fourth octets. D.The second high-order bit is a 0 so this is a Class B address. E.This host address belongs to the parent 192.168.0.0 network. F.This is one host address out of a possible 65,534 addresses.

7.What subnet mask is indicated by the network address 172.16.4.8 /18? A.255.255.0.0 B.255.255.192.0 C.255.255.240.0 D.255.255.248.0 E.255.255.255.0 8.Match the IP address to the appropriate description. IP Address A.127.0.0.0 B.223.14.6.95 C.191.82.0.0 D.255.255.0.0 E.124.255.255.255 F.224.100.35.76 G.61.0.0.255 Description 1.Class C host address 2.loopback testing address 3.Class B network address 4.multicast address 5.Class A host address 6.Class B subnet mask 7.Class A broadcast address 9.Use the following network topology information to answer the question below. There is an inside local network consisting of a webserver, S2 192.168.1.10 and host, H1 192.168.1.106. Both devices are connected to a switch then a router which is performing NAT. The router is using the NAT address pool of 209.165.202.129 and 209.165.202.130. The router from the inside local network is connected to an ISP router via a serial connection. This connection represents the outside global network. The ISP router is connected to a remote server, S1 209.165.200.226. The web server S2 needs to be accessible from the Internet. Which NAT option will provide a method for outside hosts to access S2? A.dynamic NAT using a NAT pool. B.static NAT. C.port address translation. D.dynamic NAT with overload. 10.When a network administrator applies the subnet mask 255.255.255.248 to a Class B address, for any given subnet, how many IP addresses are available to be assigned to devices? A.6 B.30 C.126 D.254 E.510 F.1022 11.An ISP customer has obtained a Class C network address. The network technician needs to create five usable subnets, with each subnet capable of containing at least 20 host addresses. What is the appropriate subnet mask to use? A.255.255.255.0 B.255.255.255.192 C.255.255.255.224

D.255.255.255.240 12.Determine whether each statement is a characteristic of IPv4 or IPv6. A.uses a 32-bit B.is usually expressed in dotted decimal notation. C.contains a 24-bit global prefix. D.is usually expressed in hexadecimal notation. E.is in widespread use on the Internet. F.uses a 128-bit address. 13.What concept is used to reduce router table complexity by aggregating multiple network addresses? A.supernetting B.subnetting C.NAT D.classless addressing

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 5 Configuring Network Devices 5.0 Chapter Introduction 5.0.1 Introduction Page 1: 5.0.1 - Introduction One network infrastructure is now expected to support enhanced integrated applications, like voice and video, for more users than ever before. The underlying routing and switching technologies must provide the foundation for a wide range of business applications. Network engineers and technicians set up and configure the routers and switches that provide LAN and WAN connectivity and services. After completion of this chapter, you should be able to: Configure a router with an initial configuration. Use Cisco Security Device Manager to configure a Cisco ISR with LAN connectivity, Internet connectivity, and NAT. Configure a Cisco router for LAN connectivity, Internet connectivity and NAT using the Cisco I O S C L I. Configure a WAN connection from a customer premise to an ISP . Describe, setup, and configure a stand-alone LAN switch.

5.1 Initial ISR Router Configuration 5.1.1 ISR Page 1: The Cisco Integrated Services Router (ISR) is one of the most popular networking devices to meet the growing communications needs of businesses. The ISR combines features such as routing and LAN switching functions, security, voice, and WAN connectivity into a single device. This makes the ISR ideal for small to medium-sized businesses and for ISP-managed customers.

The optional integrated switch module allows small businesses to connect LAN devices directly to the 1841 ISR. With the integrated switch module, if the number of LAN hosts exceeds the number of switch ports, additional switches or hubs can be connected in a daisy chain to extend the number of LAN ports available. If the switch module is not included, external switches are connected to the router interfaces of the ISR.

The ISR routing function allows a network to be broken into multiple local networks using subnetting and supports internal LAN devices connecting to the Internet or WAN.

5.1.1 - ISR The diagram depicts four types of routers, as follows: Cisco 800 series ISR Designed for small offices and home-based users 1 WAN Supports 4 10 /100 Mbps Combines data, security, and wireless services Provides services at broadband speeds Cisco 3800 series ISR Designed for medium to large businesses and enterprise branch offices Supports up to 2 10/100/1000 Mbps router ports Supports up to 112 10 /100 Mbps switch ports Supports 240 Cisco IP phone users Combines data, security, voice, video, and wireless service Provides services at broadband speeds using DSL, cable and T1/E1 connections Cisco 1800 series ISR Designed for small to medium businesses and small enterprise branch offices Supports up to 8 10 /100 Mbps router ports Supports 8 10 /100 Mbps switch ports Combines data, security, and wireless services Provides services at broadband speeds using DSL, cable and T 1 /E 1 connections Cisco 2800 series ISR Designed for small to medium businesses and small enterprise branch offices Supports up to 2 10/100/1000 Mbps router ports Supports up to 64 10 /100 Mbps switch ports Supports 96 Cisco IP phone users Combines data, security, voice, video, and wireless services Provides services at broadband speeds using multiple T 1 /E 1 connections Page 2: 5.1.1 - ISR The diagram depicts the front and rear view of a Series ISR: Model 1841. Front view The 1841 is a relatively low cost ISR designed for small to medium-sized businesses and small enterprise branch offices. It combines the features of data, security, and wireless services with the addition of a wireless module. The L E D's indicate the following information: System Power L E D (SYS-PWR) Indicates power is received and that the internal power supply is functional. L E D is solid green. System Activity (SYS ACT) A blinking L E D indicates the system is actively transferring packets.

Rear View The 1841 ISR uses modules that allow for different configurations of ports. The following components are found on the router: Modular Slot 1 with a High-speed WAN Interface Card (H WIC) Modular slots can be used for different types of interfaces. The H WIC shown here provides serial connectivity over a wide-area network. Console Port This port is used to configure the ISR via a directly connected host. Auxiliary Port This port is used to configure the ISR via a modem connection. Single Slot USB Port The USB Flash feature allows users to store images and configurations and boot directly via USB Flash memory. Fast Ethernet Ports These ports provide 10 /100 Mbps connectivity for local area networks. Compact Flash Module This removable module is used to store the Cisco I O S and other operating software for the ISR. Modular Slot 0 with a Four Port Ethernet Switch Modular slots can be used for different types of interfaces. The four port Ethernet card shown here provides LAN connectivity to multiple devices. Page 3: The Cisco Internetwork Operating System (IOS) software provides features that enable a Cisco device to send and receive network traffic using a wired or wireless network. Cisco IOS software is offered to customers in modules called images. These images support various features for businesses of every size.

The entry-level Cisco IOS software image is called the IP Base image. The Cisco IOS IP Base software supports small to medium-sized businesses and supports routing between networks.

Other Cisco IOS software images add services to the IP Base image. For example, the Advanced Security image provides advanced security features, such as private networking and firewalls.

Many different types and versions of Cisco IOS images are available. Images are designed to operate on specific models of routers, switches, and ISRs.

It is important to know which image and version is loaded on a device before beginning the configuration process.

5.1.1 - ISR The diagram depicts a flow chart of I O S Software A.IP Base flows to Advanced Security, IP Voice, and Service Provider Services. B.Advanced Security flows to Advanced IP Services. C.IP Voice flows to S P Services. D.Service Provider Services flows to Enterprise Services. E.S P Services flows to both Advanced IP Services and Enterprise Services. F.Advanced IP Services flows to Advanced Enterprise Services. G.Enterprise Services flows to Advanced Enterprise Services. 5.1.2 Physical Setup of the ISR Page 1: Each ISR is shipped with the cables and documentation needed to power up the device and begin the installation. When a new device is received, it is necessary to unpack the device and verify that all the hardware and equipment is included.

Items shipped with a new Cisco 1841 ISR include:

• • • • • • •

RJ-45 to DB-9 console cable DB-9 to DB-25 modem adapter Power cord Product registration card, called the Cisco.com card Regulatory compliance and safety information for Cisco 1841 routers Router and Security Device Manager (SDM) Quick Start guide Cisco 1800 Series Integrated Services Router (Modular) Quick Start guide

5.1.2 - Physical Setup of the ISR The diagram depicts components of a Cisco ISR. Black power supply cord Serial port adapter for converting a 25-pin serial port (DB-25) on a PC or a modem to a 9-pin serial port (DB-9) in order to connect the console cable. Cisco documentation and software CD. Blue console cable to connect the PC or modem to the device console port in order to monitor or configure the device. Page 2:

To install a new Cisco 1841 ISR requires special tools and equipment, which most ISPs and technician labs usually have available. Any additional equipment required depends on the model of the device and any optional equipment ordered.

Typically, the tools required to install a new device include:

• • •

PC with a terminal emulation program, such as HyperTerminal Cable ties and a No. 2 Phillips screwdriver Cables for WAN interfaces, LAN interfaces, and USB interfaces

It may also be necessary to have equipment and devices required for WAN and broadband communication services, such as a modem. Additionally, Ethernet switches may be required to connect LAN devices or expand LAN connectivity, depending on whether the integrated switch module is included and the number of LAN ports required.

5.1.2 - Physical Setup of the ISR The diagram depicts components needed to set up the Cisco ISR. PC with Terminal Emulation Program Cable ties and Number 2 Phillips Screwdriver WAN Interface Cable LAN Interface Cable U S B Interface Cable Ethernet Switch Modem Page 3: Before beginning any equipment installation, be sure to read the Quick Start guide and other documentation that is included with the device. The documentation contains important safety and procedural information to prevent accidental damage to the equipment during installation.

Follow these steps to power up an 1841 ISR.

1. Securely mount and ground the device chassis, or case.

2. Seat the external compact flash card.

3. Connect the power cable.

4. Configure the terminal emulation software on the PC and connect the PC to the console port.

5. Turn on the router.

6. Observe the startup messages on the PC as the router boots up.

5.1.2 - Physical Setup of the ISR The diagram depicts steps for setting up an ISR. Step 1 Cisco routers and ISR's can be wall-mounted, set on a shelf or desktop, or installed in a rack. Step 2 Seat the external compact flash memory card into the slot. Be certain that it is firmly seated and verify that the eject button is fully extended. The eject button is usually located to the left of the slot. Step 3 Connect the power cable to the device and then to a reliable power source. Routers and networking devices are usually connected to an uninterruptible power supply that contains a battery. This ensures that the device does not fail if the electricity goes off unexpectedly. Step 4 On a PC, configure the terminal emulating software with required settings for communication with a Cisco router. Connect the PC running the emulation program to the console port of the ISR using the console that came with the device. Step 5 Turn the ISR on using the power switch located on the rear of the device. Step 6 Observe the start-up messages as they appear in the terminal program window. These messages are generated by the routers operating system. 5.1.3 Bootup Process Page 1: The router bootup process has three stages.

1. Perform Power-on self test (POST) and load the bootstrap program.

The POST is a process that occurs on almost every computer when it boots up. POST is used to test the router hardware. After POST, the bootstrap program is loaded.

2. Locate and load the Cisco IOS software.

The bootstrap program locates the Cisco IOS software and loads it into RAM. Cisco IOS files can be located in one of three places: flash memory, a TFTP server, or another location indicated in the startup configuration file. By default, the Cisco IOS software loads from flash memory. The configuration settings must be changed to load from one of the other locations.

3. Locate and execute the startup configuration file or enter setup mode.

After the Cisco IOS software is loaded, the bootstrap program searches for the startup configuration file in NVRAM. This file contains the previously saved configuration commands and parameters, including interface addresses, routing information, passwords, and other configuration parameters.

If a configuration file is not found, the router prompts the user to enter setup mode to begin the configuration process.

If a startup configuration file is found, it is copied into RAM and a prompt containing the host name is displayed. The prompt indicates that the router has successfully loaded the Cisco IOS software and configuration file.

5.1.3 - Boot Up Process The diagram depicts three stages of the boot up process. Stage 1 ROMPOSTPerform PostPerform POST ROMBootstrapLoad BootstrapExecute Bootstrap Loader Console screen output: System Bootstrap, Version 12.3 (8r)T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/1684K bytes of memory. Stage 2 The I O S can be loaded from Flash or a TFTP server. FlashCisco Internetwork Operating SystemLocate and load Operating system TFTP ServerCisco Internetwork Operating SystemLocate and load Operating system Console screen output: System Bootstrap, Version 12.3 (8r)T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Self decompressing the image: ### [OK] Stage 3 The configuration file can be loaded from NV RAM, a TFTP server or the console. NV RAM Configuration, then Locate, load, and execute the Configuration file or enter "setup" mode TFTP Server Configuration, then Locate, load, and execute the Configuration file or enter "setup" mode Console Configuration, then Locate, load, and execute the Configuration file (configuration commands entered from the console host keyboard) or enter "setup" mode Console screen output: System Bootstrap, Version 12.3 (8r) T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image: ### [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set fourth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR Sec . 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec . 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco I O S Software, 1840 Software (C1841-IP BASE-M), Version 12.3 (14) T7, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team Image text-base: 0x6007D180, data-base: 0x61400000 Port Statistics for unclassified packets is not turned on. Cisco 1841 (revision 5.0) with 114688K /16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial (sync/async) network interface(s) 191K bytes of NV RAM/ 31360K bytes of ATA CompactFlash (Read/Write) Cisco I O S Software, 1841 Software (C1841-IP BASE-M), Version 12.3 (14) T7, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c)1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team

---System Configuration Dialog--Continue with configuration dialog? [yes/no]: no Page 2: To avoid the loss of data, it is important to have a clear understanding of the difference between the startup configuration file and the running configuration file.

Startup Configuration File

The startup configuration file is the saved configuration file that sets the properties of the device each time the device is powered up. This file is stored in non-volatile RAM (NVRAM), meaning that it is saved even when power to the device is turned off.

When a Cisco router is first powered up, it loads the Cisco IOS software to working memory, or RAM. Next, the startup configuration file is copied from NVRAM to RAM. When the startup configuration file is loaded into RAM, the file becomes the initial running configuration.

Running Configuration File

The term running configuration refers to the current configuration running in RAM on the device. This file contains the commands used to determine how the device operates on the network.

The running configuration file is stored in the working memory of the device. Changes to the configuration and various device parameters can be made when the file is in working memory. However, the running configuration is lost each time the device is shut down, unless the running configuration is saved to the startup configuration file.

Changes to the running configuration are not automatically saved to the startup configuration file. It is necessary to manually copy the running configuration to the startup configuration file.

When configuring a device via the Cisco command line interface (CLI) the command copy running-config startup-config, or the abbreviated version copy run start, saves the running configuration to the startup configuration file. When configuring a device via the Cisco SDM GUI, there is an option to save the router running configuration to the startup configuration file each time a command is completed.

5.1.3 - Boot Up Process The animation depicts the startup config being copied from NV RAM to the RAM. Tip Popup Information Warning: Making a spelling mistake when typing startup-config in the copy command could lead to copying the running configuration to a different file name. This may result in the loss of configuration changes when the router is reloaded. Page 3: After the startup configuration file is loaded and the router boots successfully, the show version command can be used to verify and troubleshoot some of the basic hardware and software components used during the bootup process. The output from the show version command includes:

• • • • • • •



The Cisco IOS software version being used. The version of the system bootstrap software, stored in ROM memory, that was initially used to boot the router. The complete filename of the Cisco IOS image and where the bootstrap program located it. Type of CPU on the router and amount of RAM. It may be necessary to upgrade the amount of RAM when upgrading the Cisco IOS software. The number and type of physical interfaces on the router. The amount of NVRAM. NVRAM is used to store the startup-config file. The amount of flash memory on the router. Flash is used to permanently store the Cisco IOS image. It may be necessary to upgrade the amount of flash when upgrading the Cisco IOS software. The current configured value of the software configuration register in hexadecimal.

The configuration register tells the router how to boot up. For example, the factory default setting for the configuration register is 0x2102. This value indicates that the router attempts to load a Cisco IOS software image from flash and loads the startup configuration file from NVRAM. It is possible to change the configuration register and, therefore, change where the router looks for the Cisco IOS image and the startup configuration file during the bootup process. If there is a second value in parentheses, it denotes the configuration register value to be used during the next reload of the router.

5.1.3 - Boot Up Process The animation highlights the following information that is displayed when the show version command is issued. I O S Version I O S (t) 2500 Software (C2500-I-L),Version 12.0 (17a), RELEASE SOFTWARE (fc1) Bootstrap Version

ROM:system Bootstrap, Version 11.0 (10c), SOFTWARE BOOTFLASH :3000 Bootstrap Software (I G S-BOOT-R), Version 11.0 (10c), RELEASE SOFTWARE (fc1) I O S image file System image file is "flash:c2500-i-l.120-17a.bin" Model and CPU Cisco 2500 (68030 processor (revision N) Amount of RAM With 2048K/2048K Number and type of interfaces 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) Amount of NV RAM 32K bytes of non-volatile configuration memory. Amount of flash 8192K bytes of processor board system flash (Read ONLY) Configuration register Configuration register is 0x2102 More Information Popup The configuration register tells the router how to boot. There are many possible settings for the configuration register. The most common ones are: 0x2102 - Factory default setting for Cisco routers (load the I O S image from flash and load the startup config file from NV RAM) 0x2142 - Router ignores the contents of Non-Volatile RAM (NV RAM) 0x2120 - Router boots into ROMmon mode Page 4: There are times when the router does not successfully boot. This failure can be caused by a number of factors, including a corrupt or missing Cisco IOS file, an incorrect location for the Cisco IOS image specified by the configuration register, or inadequate memory to load a new Cisco IOS image. If the router fails to boot the IOS, it then boots up in ROM monitor (ROMmon) mode. ROMmon software is a simple command set stored in read only memory (ROM) that can be used to troubleshoot boot errors and recover the router when the IOS is not present.

When the router boots up to ROMmon mode, one of the first steps in troubleshooting is to look in flash memory for a valid image using the dir flash: command. If an image is located, attempt to boot the image with the boot flash: command.

rommon 1>boot flash:c2600-is-mz.121-5

If the router boots properly with this command, there are two possible reasons why the Cisco IOS image did not load from flash initially. First, use the show version command to check the configuration register to ensure that it is configured for the default boot sequence. If the configuration register value is correct, use the show startup-config command to see if there is a boot system command that instructs the router to use a different location for the Cisco IOS image.

5.1.3 - Boot Up Process The diagram depicts the output of the show startup-config command. The boot system commands in the startup config file determine the sequence the router uses to locate the I O S and boot. Boot system flash 1841-ad v Ip services k9-mz.124-10b.bin Boot system tftp 1841-ad v Ip services k9-mz.124-10b.bin 192.168.1.1 Boot system rom Page 5: Lab Activity

Power up an ISR and view the router system and configuration files using show commands.

Click the lab icon to begin.

5.1.3 - Boot Up Process Link to Hands-on Lab: Powering Up an Integrated Services Router 5.1.4 Cisco IOS Programs Page 1: There are two methods to connect a PC to a network device to perform configuration and monitoring tasks: out-of-band management and in-band management.

Out-of-band Management

Out-of-band management requires a computer to be directly connected to the console port or auxiliary port (AUX) of the network device being configured. This type of connection does not

require the local network connections on the device to be active. Technicians use out-of-band management to initially configure a network device, because until properly configured, the device cannot participate in the network. Out-of-band management is also useful when the network connectivity is not functioning correctly and the device cannot be reached over the network. Performing out-of-band management tasks requires a terminal emulation client installed on the PC.

In-band Management

Use in-band management to monitor and make configuration changes to a network device over a network connection. For a computer to connect to the device and perform in-band management tasks, at least one network interface on the device must be connected to the network and be operational. Either Telnet, HTTP or SSH can be used to access a Cisco device for in-band management. A web browser or a Telnet client program can be used to monitor the network device or make configuration changes.

5.1.4 - Cisco I O S Programs The diagram depicts an out-of-band and in-band router configuration. Out-of-band Router Configuration PC connected to router via console port. PC connected via PSTN link to router auxiliary port. In-band Router Configuration PC connected to router via Ethernet interface. PC connected via WAN or Internet to a serial interface of a router. Page 2: The Cisco IOS command line interface (CLI) is a text-based program that enables entering and executing Cisco IOS commands to configure, monitor, and maintain Cisco devices. The Cisco CLI can be used with either in-band or out-of-band management tasks.

Use CLI commands to alter the configuration of the device and to display the current status of processes on the router. For experienced users, the CLI offers many time-saving features for creating both simple and complex configurations. Almost all Cisco networking devices use a similar CLI. When the router has completed the power-up sequence, and the Router> prompt appears, the CLI can be used to enter Cisco IOS commands.

Technicians familiar with the commands and operation of the CLI find it easy to monitor and configure a variety of different networking devices. The CLI has an extensive help system that assists users in setting up and monitoring devices.

5.1.4 - Cisco I O S Programs The diagram depicts the output on a Hyper-Terminal showing the use of the command line interface (C L I) to access the serial 0 /1 /0 interface of the router to configure it. Router > Router > enable Router # configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router (config) # interface serial 0 /1 /0 Router (config-if) # Page 3: In addition to the Cisco IOS CLI, other tools are available to assist in configuring a Cisco router or ISR. Security Device Manager (SDM) is a web-based GUI device management tool. Unlike CLI, SDM can be used only for in-band management tasks.

SDM Express simplifies the initial router configuration. It uses a step-by-step approach to create a basic router configuration quickly and easily.

The full SDM package offers more advanced options, such as:

• • • •

Configuring additional LAN and WAN connections Creating firewalls Configuring VPN connections Performing security tasks

SDM supports a wide range of Cisco IOS software releases and is available free of charge on many Cisco routers. SDM is pre-installed on the flash memory of the Cisco 1800 Series ISR. If the router has SDM installed, it is good practice to use SDM to perform the initial router configuration. This configuration is done by connecting to the router via a preset network port on the router.

5.1.4 - Cisco I O S Programs The diagram depicts the opening windows of the Cisco SDM Express and Cisco Router and Security Device Manager (SDM). Page 4: Not all Cisco devices support SDM. In addition, SDM does not support all the commands that are available through the CLI. Consequently, it is sometimes necessary to use the CLI to

complete a device configuration that is started using SDM. Familiarity with both methods is critical to successfully support Cisco devices.

5.1.4 - Cisco I O S Programs The diagram compares the following features of Cisco I O S C L I and Cisco SDM: user interface, router configuration method, enterprise in Cisco device configuration, help features, router Flash memory requirements, availability, and when used. User Interface Cisco I O S C L I: Terminal emulation software Telnet session Cisco SDM: Web-based browser Router Configuration Method Cisco I O S C L I: Text-based Cisco commands Cisco SDM: G U I buttons and text boxes Expertise in Cisco Device Configuration Cisco I O S C L I: Depends on configuration task Cisco SDM: Do not need knowledge of the C L I commands Help Features Cisco I O S C L I: Command prompt based Cisco SDM: GUI based on-line help and tutorials Router Flash Memory Requirements Cisco I O S C L I: Covered by I O S image Cisco SDM: 6 MB of free memory Availability Cisco I O S C L I: All Cisco devices Cisco SDM: Cisco 830 Series through Cisco 7301 When Used Cisco I O S C L I: Cisco Device does not support Cisco SDM Configuration task not supported by Cisco SDM Cisco SDM: Performing the initial configuration on an SDM equipped device Step through configuration of devices without C L I knowledge required

Page 5: 5.1.4 - Cisco I O S Programs The diagram depicts an activity in which you must determine when to use C L I or SDM based on the following descriptions. Descriptions One.Used to configure a Cisco router with both in-band and out-of-band management. Two.Used for initial configuration of a Cisco router using a Web-based G U I. Three.Used to configure a Cisco router with limited knowledge of I O S commands. Four.Supported, by default, on all Cisco I O S routers.

5.2 Using Cisco SDM Express and SDM 5.2.1 Cisco SDM Express Page 1: When adding a new device to a network, it is critical to ensure that the device functions correctly. The addition of one poorly configured device can cause an entire network to fail.

Configuring a networking device, such as a router, can be a complex task, no matter which tool is used to enter the configuration. Therefore, follow best practices for installing a new device to ensure that all device settings are properly configured and documented.

5.2.1 - Cisco SDM Express The diagram depicts the best practices and details for Cisco SDM Express. Best Practice 1: Obtain and document all information before beginning the configuration. Details: Name assigned to device Location where it will be installed User names and passwords Types of connections required (LAN and WAN) IP address information for all network interfaces, including IP address, subnet mask, and default gateway DHCP server settings Network Address Translation Settings Firewall settings Best Practice 2: Create a network diagram showing how cables will be connected. Details: Label the diagram with the interface designation and address information

Best Practice 3: Create a checklist of configuration steps. Details: Mark off each step as it is successfully completed Best Practice 4: Verify the configuration using a network simulation Details: Test before it is place on the running network Best Practice 5: Update the network documentation and keep a copy in a safe place. Details: Save on a server Print and keep in a file cabinet Page 2: Cisco SDM Express is a tool bundled within the Cisco Router and Security Device Manager that makes it easy to create a basic router configuration. To start using SDM Express, connect an Ethernet cable from the PC NIC to the Ethernet port specified in the quick start guide on the router or ISR being configured.

SDM Express uses eight configuration screens to assist in creating a basic router configuration:

• • • • • • • •

Overview Basic Configuration LAN IP Address DHCP Internet (WAN) Firewall Security Settings Summary

The SDM Express GUI provides step-by-step guidance to create the initial configuration of the router. After the initial configuration is completed, the router is available on the LAN. The router can also have a WAN connection, a firewall, and up to 30 security enhancements configured.

5.2.1 - Cisco SDM Express The diagram depicts a router deployment using SDM Express, which is ideal for non-expert users. The SDM disk will guide the user through the setup of the router. 5.2.2 SDM Express Configuration Options

Page 1: The SDM Express Basic Configuration screen contains basic settings for the router that is being configured. The following information is required:

• • • •

Host name - The name assigned to the router being configured. Domain name for the organization - An example of a domain name is cisco.com, but domain names can end with a different suffix, such as .org or .net. Username and password - The username and password used to access SDM Express to configure and monitor the router. The password must be at least six characters long. Enable secret password - The password that controls user access to the router, which affects the ability to make configuration changes using the CLI , Telnet, or the console ports. The password must be at least six characters long.

5.2.2 - SDM Express Configuration Options The diagram depicts the Cisco SDM Express Wizard Window with the Basic Configuration option highlighted. Page 2: The LAN configuration settings enable the router interface to participate on the connected local network.



IP address - Address for the LAN interface in dotted-decimal format. It can be a private IP address if the device is installed in a network that uses Network Address Translation (NAT) or Port Address Translation (PAT).

It is important to take note of this address. When the router is restarted, this address is the one used to access SDM Express, not the address that was provided in the Quick Start guide.

• • •

Subnet mask - Identifies the network portion of the IP address. Subnet bits - Number of bits used to define the network portion of the IP address. The number of bits can be used instead of the subnet mask. Wireless parameters - Optional. Appear if the router has a wireless interface, and Yes was clicked in the Wireless Interface Configuration window. Specifies the SSID of the wireless network.

5.2.2 - SDM Express Configuration Options The diagram depicts the Cisco SDM Express Wizard Window with the LAN IP Address option highlighted.

Page 3: DHCP is a simple way to assign IP addresses to host devices. DHCP dynamically allocates an IP address to a network host when the host is powered up, and reclaims the address when the host is powered down. In this way, addresses can be reused when hosts no longer need them. Using SDM Express, a router can be configured as a DHCP server to assign addresses to devices, such as PCs, on the internal local network.

To configure a device for DHCP, select the Enable DHCP Server on the LAN Interface checkbox. Checking this box enables the router to assign private IP addresses to devices on the LAN. IP addresses are leased to hosts for a period of one day.

DHCP uses a range of allowable IP addresses. By default, the valid address range is based on the IP address and subnet mask entered for the LAN interface.

The starting address is the lowest address in the IP address range. The starting IP address can be changed, but it must be in the same network or subnet as the LAN interface.

The ending IP address is the highest address in the IP address range and it can be changed to decrease the pool size. It must be in the same network as the IP starting address.

5.2.2 - SDM Express Configuration Options The diagram depicts the Cisco SDM Express Wizard Window with the DHCP option highlighted. Page 4: Additional DHCP configuration parameters include:

• • •

Domain name for the organization - This name is given to the hosts as part of the DHCP configuration. Primary domain name server - IP address of the primary DNS server. Used to resolve URLs and names on the network. Secondary domain name server - IP address of a secondary DNS sever, if available. Used if the primary DNS server does not respond.

Selecting Use these DNS values for DHCP clients enables the DHCP server to assign DHCP clients with the configured DNS settings. This option is available if a DHCP server has been enabled on the LAN interface.

5.2.2 - SDM Express Configuration Options The diagram depicts the Cisco SDM Express Wizard Window with the DHCP option highlighted and the DNS section filled in. Page 5: 5.2.2 - SDM Express Configuration Options The diagram depicts an activity in which you must match each configuration parameter from the SDM Express to each type of information that must be entered. Configuration Parameters. A.Secondary DNS Server Address. B.Domain Name. C.Host Name. D.Enable Secret Password. E.Primary DNS Server Address. F.Starting IP Address. G.Subnet Bits. Information One.IP Address of server to use to resolve name if first configured server is not available. Two.The registered name assigned to the organization, such as cisco.com. Three.The name assigned to the device by an administrator. Four.Controls user access to make configuration changes through Telnet or the console. Five.The IP address of the first server hosts can use to resolve names. Six.First IP address in the range assigned to hosts by the DHCP server. Seven.Designates the portion of the IP address that represents the network and subnetwork. 5.2.3 Configuring WAN Connections Using SDM Express Page 1: Configuring an Internet (WAN) Connection

A serial connection can be used to connect networks that are separated by large geographic distances. These WAN network interconnections require a telecommunications service provider (TSP).

Serial connections are usually lower speed links, compared to Ethernet links, and require additional configuration. Prior to setting up the connection, determine the type of connection and protocol encapsulation required.

The protocol encapsulation must be the same at both ends of a serial connection. Some encapsulation types require authentication parameters, like username and password, to be configured. Encapsulation types include:

• • •

High-Level Data Link Control (HDLC) Frame Relay Point-to-Point Protocol (PPP)

5.2.3 - Configuring WAN Connections Using SDM Express The diagram depicts the three encapsulation types, HDLC, Frame Relay, and P P P, available on the Add Serial 0 /1 /0 Connection window, and a brief description of each. High-Level Data Link Control (HDLC) A bit-orientated Data Link Layer protocol developed by the International Standards Organization (I S O). Frame Relay A packet-switch Data Link Layer protocol that handles multiple virtual circuits, meaning that the circuit connections are temporarily built up and torn down based on need. The D L C I is a required number, supplied by the service provider to identify the virtual circuit. Point-to-Point Protocol (P P P) Commonly used to establish a direct connection between two devices. It can connect computers using serial cable, phone line, trunk line, cellular telephone, specialized radio links, or fiber-optic links. Most Internet service providers use PPP for customer dial-up access to the Internet. There are features of PPP to allow authentication before a connection is made. PPP username and passwords can be setup using SDM. Page 2: The WAN configuration window has additional WAN parameters.

Address Type List

Depending on the type of encapsulation selected, different methods of obtaining an IP address for the serial interface are available:



Static IP address - Available with Frame Relay, PPP, and HDLC encapsulation types. To configure a static IP address, enter the IP address and subnet mask.



• •

IP unnumbered - Sets the serial interface address to match the IP address of one of the other functional interfaces of the router. Available with Frame Relay, PPP, and HDLC encapsulation types. IP negotiated - The router obtains an IP address automatically through PPP. Easy IP (IP Negotiated) - The router obtains an IP address automatically through PPP.

5.2.3 - Configuring WAN Connections Using SDM Express The diagram depicts an Add Serial 0 /1 /0 Connection window being configured using the encapsulation type, HDLC, and the address type, IP Unnumbered. Page 3: Lab Activity

Configure an ISR using Cisco SDM Express

Click the lab icon to begin.

5.2.3 - Configuring WAN Connections Using SDM Express Link to Hands-on Lab: Configuring an ISR with Cisco SDM Express 5.2.4 Configuring NAT Using Cisco SDM Page 1: Either Cisco SDM Express or Cisco SDM can be used to configure a router.

SDM supports many of the same features that SDM Express supports; however, SDM has more advanced configuration options. For this reason, after the router basic configuration is completed using SDM Express, many users switch to SDM. For example, enabling NAT requires the use of SDM.

The Basic NAT Wizard configures Dynamic NAT with PAT, by default. PAT enables the hosts on the internal local network to share the single registered IP address assigned to the WAN interface. In this manner, hosts with internal private addresses can have access to the Internet.

Only the hosts with the internal address ranges specified in the SDM configuration are translated. It is important to verify that all address ranges that need access to the Internet are included.

Steps for configuring NAT include:

Step 1. Enable NAT configuration using SDM.

Step 2. Navigate through the Basic NAT Wizard.

Step 3. Select the interface and set IP ranges.

Step 4. Review the configuration.

5.2.4 - Configuring NAT Using Cisco SDM The diagram depicts the steps to use Cisco SDM to configure dynamic NAT on a Cisco ISR Router. Step 1. Enable NAT Configuration using SDM. Choose Configure, then NAT, then Basic NAT. Then click Launch the selected task. Step 2.Navigate through the Basic NAT Wizard. Step 3. Choose the interface that connects to the Internet or the ISP . This interface should have the public registered address assigned to it. Next, select the IP address range of the internal network addresses that should be translated to the public registered address. Step 4. Review Configuration. Click Finish, if the configuration is satisfactory. Page 2: Lab Activity

Configure Dynamic NAT using the Cisco SDM basic NAT wizard.

Click the lab icon to begin.

5.2.4 - Configuring NAT Using Cisco SDM Link to Hands-on Lab: Configuring Dynamic NAT with SDM

5.3 Configuring a Router Using IOS CLI 5.3.1 Command Line Interface Modes Page 1: Using the Cisco IOS CLI to configure and monitor a device is very different from using SDM. The CLI does not provide step-by-step configuration assistance; therefore, it requires more planning and expertise to use.

CLI Command Modes

The Cisco IOS supports two levels of access to the CLI: user EXEC mode and privileged EXEC mode.

When a router or other Cisco IOS device is powered up, the access level defaults to user EXEC mode. This mode is indicated by the command line prompt:

Router>

Commands that can be executed in user EXEC mode are limited to obtaining information about how the device is operating, and troubleshooting using some show commands and the ping and traceroute utilities.

To enter commands that can alter the operation of the device requires privileged level access. Enable the privileged EXEC mode by entering enable at the command prompt and pressing Enter.

The command line prompt changes to reflect the mode change. The prompt for privileged EXEC mode is:

Router#

To disable the privileged mode and return to user mode, enter disable at the command prompt.

Both modes can be protected with a password, or a username and password combination.

5.3.1 - Command Line Interface Modes The diagram depicts HyperTerminal window Cisco I O S C L I Command Modes, focusing on the user-mode prompt and privileged-mode prompt, as follows: User-Mode Prompt: router > Privileged-Mode Prompt: router # Page 2: Various configuration modes are used to set up a device. Configuring a Cisco IOS device begins with entering privileged EXEC mode. From privileged EXEC mode, the user can access the other configuration modes.

In most cases, commands are applied to the running configuration file using a terminal connection. To use these commands, the user must enter global configuration mode.

To enter global configuration, type the command configure terminal or config t. Global configuration mode is indicated by the command line prompt:

Router(config)#

Any commands entered in this mode take effect immediately and can alter the operation of the device.

From global configuration mode, the administrator can enter other sub-modes.

Interface configuration mode is used to configure LAN and WAN interfaces. To access interface configuration mode, from global configuration type the command interface [type] [number]. Interface configuration mode is indicated by the command prompt:

Router(config-if)# Another commonly used sub-mode is the router configuration submode represented by the following prompt:

Router(config-router)# This mode is used to configure routing parameters.

5.3.1 - Command Line Interface Modes The diagram depicts Hyper Terminal window Configuration Modes, focusing on the following modes: Command to Enter Global Configuration Mode: configure terminal Command to Enter Interface Configuration Sub-Mode: interface fast ethernet 0 /1 Using the help command to search commands: IP address, question mark Page 3: E-Lab Activity

Using the Cisco CLI explore the various configuration modes.

Click the lab icon to begin.

5.3.1 - Command Line Interface Modes Link to E-Lab: Entering Command Modes 5.3.2 Using the Cisco IOS CLI Page 1: The Cisco IOS CLI is full of features that help in recalling commands needed to configure a device. These features are one reason why network technicians prefer to use the Cisco IOS CLI to configure routers.

The context-sensitive help feature is especially useful when configuring a device. Entering help or the ? at the command prompt displays a brief description of the help system.

Router# help

Context-sensitive help can provide suggestions for completing a command. If the first few characters of a command are known but the exact command is not, enter as much of the command as possible, followed by a ?. Note that there is no space between the command characters and the ?.

Additionally, to get a list of the parameter options for a specific command, enter part of the command, followed by a space, and then the ?. For example, entering the command configure followed by a space and a ? shows a list of the possible variations. Choose one of the entries to complete the command string. Once the command string is completed, a appears. Press Enter to issue the command.

If a ? is entered and nothing matches, the help list will be empty. This indicates that the command string is not a supported command.

5.3.2 - Using the Cisco I O S C L I The diagram depicts the Hyper Terminal window focusing on the following text: Commands available to complete initial command fragment using a question mark for help: Router # con, question mark, configure connect Page 2: Users sometimes make a mistake when typing a command. The CLI indicates if an unrecognized or incomplete command is entered. The % symbol marks the beginning of an error message. For example, if the command interface is entered with no other parameters, an error message displays indicating an incomplete command:

% Incomplete command

Use the ? to get a list of the available parameters.

If an incorrect command is entered, the error message would read:

% Invalid input detected

It is sometimes hard to see the mistake within an incorrectly entered command. Fortunately, the CLI provides an error indicator. The caret symbol (^) appears at the point in the command string

where there is an incorrect or unrecognized character. The user can return to the point where the error was made and use the help function to determine the correct command to use.

5.3.2 - Using the Cisco I O S C L I The diagram depicts the Hyper Terminal window showing the difference between an incomplete command and a misspelled command. Also shown is the use of help, question mark, after the main command (with a space) to determine appropriate secondary entries. Page 3: Another feature of the Cisco IOS CLI is the ability to recall previously typed commands. This feature is particularly useful for recalling long or complex commands or entries.

The command history is enabled by default and the system records 10 command lines in the history buffer. To change the number of command lines the system records during a session, use the terminal history size or the history size command. The maximum number of command lines is 256.

To recall the most recent command in the history buffer, press Ctrl-P or the Up Arrow key. Repeat this process to recall successively older commands. To return to a more recent command in the history buffer, press Ctrl-N or the Down Arrow key. Repeat this process to recall successively more recent commands.

The CLI recognizes partially typed commands based on their first unique character. For example, type int instead of interface. If a short cut, such as int is entered, pressing the Tab key will automatically complete the entire command entry of interface.

On most computers, additional select and copy functions are available using various function keys. A previous command string may be copied and then pasted or inserted as the current command entry.

5.3.2 - Using the Cisco I O S C L I The diagram depicts the Hyper Terminal window showing the show history command and listing previous commands issued. Page 4: 5.3.2 - Using the Cisco I O S C L I The diagram depicts an activity in which you must match each keystroke combination to its

function. Keystroke combinations. A.Ctrl-P, or up-arrow key. B.Ctrl-N, or down arrow key. C.Show history. D.Terminal history size number-of-lines. E.TAB. Definitions. One.Steps backwards through the command history. Two.Steps forward through the command history. Three.Shows the contents of the command buffer. Four.Sets the command buffer size. Five.Completes a command entry. Page 5: Packet Tracer Activity

Explore the features of the Cisco IOS CLI.

Click the Packet Tracer icon to begin.

5.3.2 - Using the Cisco I O S C L I Link to Packet Tracer Exploration: Exploring the Cisco I O S C L I 5.3.3 Using Show Commands Page 1: The Cisco IOS CLI includes show commands that display relevant information about the configuration and operation of the device.

Network technicians use the show commands extensively for viewing configuration files, checking the status of device interfaces and processes, and verifying the device operational status. Show commands are available whether the device was configured using the CLI or SDM.

The status of nearly every process or function of the router can be displayed using a show command. Some of the more popular show commands are:

• • • • • •

show running-config show interfaces show arp show ip route show protocols show version

5.3.3 - Using Show Commands The diagram depicts the following show commands. Show running-config R1 # show running-config Some output omitted Building configuration Current configuration: 1063 bytes Version 12.4 Service timestamps debug date time m sec Service timestamps log date time m sec No service password-encryption Host name R 1 Enable secret 5 $1$i6w9$dvdpVM6zV10E^tSLdkR5/ No IP domain lookup Interface FastEthernet 0 /0 Description LAN 192.168.1.0 default gateway Ip address 192.168.1.1 255.255.255.0 Duplex auto Speed auto Interface FastEthernet 0 /1 No I P address Shutdown Duplex auto Speed auto Interface Serial 0 /0/ 0 Description WAN link to R 2 Encapsulation ppp Clock rate 64000 No fair-queue Interface Serial 0 /0 /1 No IP address shutdown Interface V lan 1 No IP address Router rip Version 2 Network 192.168.1.0

Network 192.168.2.0 Banner m o td ^C Unauthorized Access Prohibited ^ C Ip http server Line con 0 Password cisco Login Line a u x 0 Line v t y 0 4 Password cisco login Show interfaces R1 # show interfaces < Some output omitted > FastEthernet0 /0 is up, line protocol is up Hardware is Gt96k F E, address is 001b.5325.256e (b I a 001b.5325.256e Internet address is 192.168.1.1 /24 M T U 1500 bytes, BW 100000 k bit, D L Y 100 u sec, Reliability 255 /255, t x load 1 /255, r x load 1 /255 Encapsulation A R P A, loopback not set Keep alive set (10 sec) Full-duplex, 100Mb/s, 100Base TX/FX ARP type: ARP, ARP timeout 04:00:00 Last input 00:00:17, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); total output drops: 0 Queueing strategy: fifo Output queue: 0 /40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 196 packets input, 31850 bytes Received 181 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watch dog 0 input packets with dribble condition detected 392 packets output, 35239 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out FastEthernet0/1 is administratively down, line protocol is down Serial 0 /0 /0 is up, line protocol is up Hardware is GT96K serial Internet address is 192.168.2.1 /24 MTU 1500 bytes, BW 1544 k bit, D L Y 20000 u sec, Reliability 255 /255, tx load 1/255, rx load 1 /255 Encapsulation PPP, LCP Listen, loopback not set Keepalive set (10 sec) Last input 00:00:02, output 00:00:03, output hang never

Last clearing of "show interface" counters 00:51:52 Input queue: 0/75/0/0 (size/max/drops/flushes); total output drops: 0 Queueing strategy: fifo Output queue: 0 /40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 401 packets input, 27437 bytes, 0 no buffer Received 293 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 389 packets output, 26940 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 output buffer failures, 0 output buffers swapped out 6 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Serial0/0/1 is administratively down, line protocol is down Show arp R1 # show arp Protocol AddressAge (min) Hardware AddrTypeInterface Internet 172.17.0.1-001b.5325.256eA R P A FastEthernet 0 /0 Internet 172.17.0.212000b.db04.a5cdA R P A FastEthernet0 /0 Show IP route R1 # show IP route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - E I GRP, Ex - E I GRP external, O - O SPF, I A - O SPF inter area N1 - O SPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - O SPF external type 1, E2 - O SPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - O D R, P - periodic downloaded static route Gateway of last resort is not set C192.168.1.0 /24 is directly connected, FastEthernet0/0 C192.168.2.0 /24 is directly connected, Serial0/0/0 R192.168.3.0 /24 [120 /1] via 192.168.2.2, 00:00:24, Serial0/0/0 Show protocols R1 # show protocols Global values : Internet Protocol routing is enabled FastEthernet0 /0 is up, line protocol is up Internet address is 192.168.1.1 /24 FastEthernet 0 /1 is administratively down, line protocol is down FastEthernet 0 /1 /0 is up , line protocol is down FastEthernet 0 /1 /1 is up , line protocol is down FastEthernet 0 /1 /2 is up , line protocol is down FastEthernet 0 /1 /3 is up , line protocol is down Serial 0 /0 /0 is up , line protocol is up Internet address is 192.168.2.1 /24 Serial 0 /0 /1 is administratively down, line protocol is down

V lan 1 is up, line protocol is down Show version R1# show version < Some output omitted> Cisco l O S Software , 1841 Software (C1841-AD V IP SERVICESK9-M) , Version 12.4(l O b) , RELEASE SOFTWARE (f c3) Technical Support: http://www.cisco.com/tech support copyright (c) 1986-2007 by Cisco Systems , Inc. Compiled Fri 19-Jan-07 15 :15 by prod_reI_team ROM: System Bootstrap, Version 12.4 (13r) T , RELEASE SOFTWARE (fc1) R1 uptime is 43 minutes System returned to ROM by reload at 22:05:12 U TC Sat Jan 5 2008 System image file is "flash:c1841-ad v I p servicesk9-mz.124-10b.bin" Cisco 1841 (revision 6.0) with 174080K/22528K bytes of memory . Processor board 10 FTX1111WOQF 6 FastEthernet interfaces 2 Serial (sync/async) interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled. 191 K bytes of N V RAM. 62720 K bytes of A T A CompactFlash (Read/Write) Configuration register is O x 2l02 Page 2: E-Lab Activity

Use the show run and show interface commands to answer questions about the router configuration.

Click the lab icon to begin.

5.3.3 - Using Show Commands Link to E-Lab: Viewing the Router Interface Information Page 3: Packet Tracer Activity

Use Cisco IOS show commands on a router located at the ISP.

Click the Packet Tracer icon to begin.

5.3.3 - Using Show Commands Link to Packet Tracer Exploration: Using the Cisco I O S Show Commands 5.3.4 Basic Configuration Page 1: The initial configuration of a Cisco IOS device involves configuring the device name and then the passwords that are used to control access to the various functions of the device.

A device should be given a unique name as one of the first configuration tasks. This task is accomplished in global configuration mode with the following command.

Router(config)# hostname [name]

When the Enter key is pressed, the prompt changes from the default host name, which is Router, to the newly configured host name.

The next configuration step is to configure passwords to prevent access to the device by unauthorized individuals.

The enable password and enable secret commands are used to restrict access to privileged EXEC mode, preventing unauthorized users from making configuration changes to the router.

Router(config)# enable password [password]

Router(config)# enable secret [password]

The difference between the two commands is that the enable password is not encrypted by default. If the enable password is set, followed by the enable secret password, the enable secret command overrides the enable password command.

5.3.4 - Basic Configuration The diagram depicts an example of a basic router configuration, including the following types of commands: set device name, enable password, and enable encrypted password. Set Device Name Router (config) # host name Tokyo Router Tokyo Router (config) # Enable Password Router (config) # enable password san-fran Enable Encrypted Password Router (config) # enable secret password1 2 3 Page 2: Other basic configurations of a router include configuring a banner, enabling synchronous logging, and disabling domain lookup.

Banners

A banner is text that a user sees when initially logging on to the router. Configuring an appropriate banner is part of a good security plan. At a very minimum, a banner should warn against unauthorized access. Never configure a banner that welcomes an unauthorized user.

There are two types of banners: message-of-the-day (MOTD) and login information. The purpose for two separate banners is to be able to change one without affecting the entire banner message.

To configure the banners, the commands are banner motd and banner login. For both types, a delimiting character, such as a #, is used at the beginning and at the end of the message. The delimiter allows the user to configure a multiline banner.

If both banners are configured, the login banner appears after the MOTD but before the login credentials.

Synchronous Logging

The Cisco IOS software often sends unsolicited messages, such as a change in the state of a configured interface. Sometimes these messages occur in the middle of typing a command. The message does not affect the command, but can cause the user confusion when typing. To keep the unsolicited output separate from the typed input, the logging synchronous command can be entered in global configuration mode.

Disabling Domain Lookup

By default, when a host name is entered in enable mode, the router assumes that the user is attempting to telnet to a device. The router tries to resolve unknown names entered in enable mode by sending them to the DNS server. This process includes any words entered that the router does not recognize, including mistyped commands. If this capability is not wanted, the no ip domain-lookup command turns off this default feature.

5.3.4 - Basic Configuration The diagram depicts a New Connection SSH HyperTerminal window showing the following banner m o td # command: R1 (config) # banner m o td # Enter TEXT message. End with the character #. ***** WARNING!! Unauthorized Access Prohibited! ! ***** # Page 3: There are multiple ways to access a device to perform configuration tasks. One of these ways is to use a PC attached to the console port on the device. This type of connection is frequently used for initial device configuration.

Setting a password for console connection access is done in global configuration mode. These commands prevent unauthorized users from accessing user mode from the console port.

Route(config)# line console 0

Router(config)# password [password]

Router(config)# login

When the device is connected to the network, it can be accessed over the network connection. When the device is accessed through the network, it is considered a vty connection. The password must be configured on the vty port.

Route(config)# line vty 0 4

Router(config)# password [password]

Router(config)# login

0 4 represents 5 simultaneous in-band connections. It is possible to set a different password for each connection by specifing specific line connection numbers, such as line vty 0.

To verify that the passwords are set correctly, use the show running-config command. These passwords are stored in the running-configuration in clear text. It is possible to set encryption on all passwords stored within the router so that they are not easily read by unauthorized individuals. The global configuration command service password-encryption ensures that all passwords are encrypted.

Remember, if the running configuration is changed, it must be copied to the startup configuration file or the changes are lost when the device is powered down. To copy the changes made to the running configuration back to the stored startup configuration file, use the copy run start command.

5.3.4 - Basic Configuration The diagram depicts an example of a basic router configuration, including the following types of commands: console password, which is the password for a host with an out-of-band direct connection to the router console port, virtual terminal password, which is the password for a host with an in-band connection to a router over the network, and perform password encryption. Console Password Router (config) # line console 0 Router (config-line) # password cisco Router (config-line) # login Virtual Terminal Password Router (config) # line v t y 0 4 Router (config-line) # password cisco Router (config-line) # login

Perform Password Encryption Router (config) # service password-encryption Page 4: Packet Tracer Activity

Use Cisco IOS CLI to perform an initial router configuration.

Click the Packet Tracer icon to begin.

5.3.4 - Basic Configuration Link to Packet Tracer Exploration: Performing an Initial Router Configuration. 5.3.5 Configuring An Interface Page 1: To direct traffic from one network to another, router interfaces are configured to participate in each of the networks. A router interface connecting to a network will typically have an IP address and subnet mask assigned that is within the host range for the connected network.

There are different types of interfaces on a router. Serial and Ethernet interfaces are the most common. Local network connections use Ethernet interfaces.

WAN connections require a serial connection through an ISP. Unlike Ethernet interfaces, serial interfaces require a clock signal to control the timing of the communications, called a clock rate. In most environments, data communications equipment (DCE) devices, such as a modem or CSU/DSU, provide the clock rate.

When a router connects to the ISP network using a serial connection, a CSU/DSU is required if the WAN is digital. A modem is required if the WAN is analog. These devices convert the data from the router into a form acceptable for crossing the WAN, and convert data from the WAN into an acceptable format for the router. By default, Cisco routers are data terminal equipment (DTE) devices. Because the DCE devices control the timing of the communication with the router, the Cisco DTE devices accept the clock rate from the DCE device.

Though uncommon, it is possible to connect two routers directly together using a serial connection. In this instance, no CSU/DSU or modem is used, and one of the routers must be configured as a DCE device to provide clocking. If the router is connected as the DCE device, a clock rate must be set on the router interface to control the timing of the DCE/DTE connection.

5.3.5 - Configuring An Interface The diagram depicts a router (D T E) connected to a CSU /DSU (D C E) which connects to another CSU /DSU (D C E) across the Internet via a transmission line. The second CSU /DSU (D C E) connects to a second router (D T E). Page 2: Configuring an interface on the router must be done in global configuration mode. Configuring an Ethernet interface is very similar to configuring a serial interface. One of the main differences is that a serial interface must have a clock rate set if it is acting as a DCE device.

The steps to configure an interface include:

Step 1. Specify the type of interface and the interface port number.

Step 2. Specify a description of the interface.

Step 3. Configure the interface IP address and subnet mask.

Step 4. Set the clock rate, if configuring a serial interface as a DCE.

Step 5. Enable the interface.

After an interface is enabled, it may be necessary to turn off an interface for maintenance or troubleshooting. In this case, use the shutdown command.

When configuring the serial interface on a 1841, the serial interface is designated by 3 digits, C/S/P, where C=Controller#, S=Slot# and P=Port#. The 1841 has two modular slots. The designation Serial0/0/0 indicates that the serial interface module is on controller 0, in slot 0, and that the interface to be used is the first one (0). The second interface is Serial0/0/1. The serial

module is normally installed in slot 0 but may be installed in slot 1. If this is the case, the designation for the first serial interface would be Serial0/1/0 and the second would be Serial0/1/1.

For built in ports, such as the FastEthernet ports the designation is 2 digits, C/P, where C=Controller#, and P=Port#. The designation Fa0/0 represents controller 0 and interface 0.

5.3.5 - Configuring An Interface The diagram depicts basic configuration commands for a FastEthernet and Serial interface: Router (config) # interface fastethernet 0 /0 Router (config-if) # description connection to Admin LAN Router (config-if) # IP address 192.168.2.1 255.255.255.0 Router (config-if) # no shutdown Router (config-if) # exit Router (config) # interface serial 0 /0 /0 Router (config-if) # description connection to Router 2 Router (config-if) # IP address 192.168.1.125 255.255.255.0 Router (config-if) # clock rate 64000 Router (config-if) # no shutdown More Information Popup On serial links that are directly interconnected, as in a lab environment, one side must be considered a D C E and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command. The available clock rates in bits per second are 1200, 2400, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, or 4000000. Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface. The commands that are used to set a clock rate and enable a serial interface are in the diagram. Page 3: E-Lab Activity

Configure the serial interfaces on two routers.

Click the icon to begin.

5.3.5 - Configuring An Interface Link to E-Lab: Configuring a Serial Interface on Routers for Communication. Page 4:

Packet Tracer Activity

Configure the Ethernet and Serial interfaces of a router.

Click the Packet Tracer icon to begin.

5.3.5 - Configuring An Interface Link to Packet Tracer Exploration: Configuring Ethernet and Serial Interfaces. Page 5: Lab Activity

Configure basic settings on a router using the Cisco IOS CLI.

Click the lab icon to begin.

5.3.5 - Configuring An Interface Link to Hands-on Lab: Configuring Basic Router Settings with the Cisco I O S C L I. 5.3.6 Configuring a Default Route Page 1: A router forwards packets from one network to another based on the destination IP address specified in the packet. It examines the routing table to determine where to forward the packet to reach the destination network. If the router does not have a route to a specific network in its routing table, a default route can be configured to tell the router how to forward the packet. The default route is used by the router only if the router does not know where to send a packet.

Usually, the default route points to the next hop router on the path to the Internet. The information needed to configure the default route is the IP address of the next hop router, or the interface that the router uses to forward traffic with an unknown destination network.

Configuring the default route on a Cisco ISR must be done in global configuration mode.

Router(config)# ip route 0.0.0.0 0.0.0.0 [next-hop-IP-address]

or

Router(config)# ip route 0.0.0.0 0.0.0.0 [interface-type] [number]

5.3.6 - Configuring a Default Route The diagram depicts the configuration of a default route. Router 1 S 0 /0 /0 interface, with IP address 192.168.1.4, is connected to Router 2 S 0 /0 /1 interface, with IP address 192.168.1.5. Configure a Default Route Router 1 (config) # IP route 0.0.0.0 0.0.0.0 192.168.1.5 OR Router 1 (config) # IP route 0.0.0.0 0.0.0.0 S 0 /0 /0 Page 2: Packet Tracer Activity

Configure a default route on routers in a medium-sized business network topology.

Click the Packet Tracer icon to begin.

5.3.6 - Configuring a Default Route Link to Packet Tracer Exploration: Configuring a Default Route. 5.3.7 Configuring DHCP Services Page 1: The Cisco IOS CLI can be used to configure a router to function as a DHCP server.

Using a router configured with DHCP simplifies the management of IP addresses on a network. The administrator needs to update only a single, central router when IP configuration parameters

change. Configuring DHCP using the CLI is a little more complex than configuring it using SDM.

There are eight basic steps to configuring DHCP using the CLI.

Step 1. Create a DHCP address pool.

Step 2. Specify the network or subnet.

Step 3. Exclude specific IP addresses.

Step 4. Specify the domain name.

Step 5. Specify the IP address of the DNS server.

Step 6. Set the default gateway.

Step 7. Set the lease duration.

Step 8. Verify the configuration.

5.3.7 - Configuring DHCP Services The diagram depicts eight steps used to configure DHCP services. Step 1: Create DHCP Address Pool Router (config) # ip dhcp pool LAN-address Router (dhcp-config) # Navigate to the privileged EXEC mode, enter the password if prompted and then enter the global configuration mode. Now create a name for the DHCP server address pool. More than one address pool can exist on a router. The Cisco I O S C L I will enter the DHCP pool configuration mode. Use these commands: Router> enable

Router # configure terminal Router (config) # ip dhcp pool LAN-address Router (config) # ip dhcp pool LAN-address Router(dhcp-config) # This example created an address pool named LAN-address. Step 2: Specify the Network or Subnet Router (dhcp-config) # network 172.16.0.0 255.255.0.0 Specify the network or subnet network number and the subnet mask of the DHCP address pool. Use this command: Router (dhcp-config) # network 172.16.0.0 255.255.0.0 Depending on the version of I O S, the subnet mask may also be specified using the prefix convention /16. Step 3: Exclude IP Addresses Router (config) # ip dhcp excluded-address 172.16.1 .100 172.16.1 .103 Recall that the DHCP server assumes that all other I P addresses in a DHCP address pool subnet are available for assigning to DHCP clients. Exclude addresses from the pool so the DHCP server does not allocate those I P addresses. If a range of addresses is to be excluded, only the starting address and ending address need to be entered. Use this command: Router (config) # ip dhcp excluded-address 172.16.1 .100 172.16.1 .103 The example shown excludes the four addresses, 172.16.1 .100, 172.16.1 .101, 172.16.1 .102, and 172.16.1 .103 from being given out to hosts by DHCP. These addresses can be statically assigned by the administrator. Step 4: Specify the Domain Name Router (dhcp-config) # domain-name cisco.com Now specify the domain name for the client. Use this command: Router(dhcp-config)# domain-name cisco.com Clients in this example will receive the domain name cisco.com as part of their DHCP configuration. Domain name is an optional DHCP configuration parameter and is not necessary for DHCP to function. The network administrator can provide information as to whether or not a domain name is necessary. Step 5: DNS Server IP Address Router (dhcp-config) # dns-server 172.16.1 .103 172.16.2 .103 Now specify the IP address of a DNS server that is available to a DHCP client. One P address is required. Up to eight IP addresses can be configured on one line. If listing more than one DNS Server list the servers in order of importance. Use this command: Router (dhcp-config) # dns-server 172.16.1 .103 172.16.2 .103 In this example, there are two DNS servers that clients can use, a primary server and a secondary server. At least one DNS server must be configured for hosts to resolve host names and U RLs in order to access services on the network. Step 6: Set the Default Gateway Router (dhcp-config) # default-router 172.16.1 .100

Now specify the IP address of the default router for the DHCP clients on the network. Typically this will be the LAN I P of the router. This command will set the default gateway for the client devices on the network that will be using DHCP. After a DHCP client has booted, the client begins sending packets to its default router. The IP address must be on the same subnet as the client I P addresses given out by the router. One I P address is required. Use this command: Router (dhcp-config) # default-router 172.16.1 .100 Clients in this example use the router interface 172.16.1 .100 as their default gateway. Step 7: Set the Lease Duration Router (dhcp-config) # lease {days [hours] [minutes] | infinite} Router (dhcp-config) # end DHCP gives out IP address information each time a host powers on and connects to the network. The default time that a client IP address is reserved for a specific host is one day. If the host does not renew its address, then the reservation ends and the IP address is again available to be given out through DHCP. It is possible to change the lease timer to a longer period of time, if necessary. This is the last step in configuring a DHCP service on a router. Use the end command to finish the DHCP configuration and return to the Global configuration mode. Use these commands: Router (dhcp-config) # lease {days [hours] [minutes] | infinite} Router (dhcp-config) # end Step 8: Verify the Configuration Router# show running-config Verify the DHCP configuration by viewing the running-configuration. To do this use the command: Router # show running-config Here is an example of the DHCP part of the configuration running on a DHCP enabled router: ip dhcp pool LAN-addresses domain-name cisco.com network 172.16.0.0 255.255.0.0 ip dhcp excluded-address 172.16.1 .100 172.16.1 .103 dns-server 172.16.1 .103 172.16.2 .103 default-router 172.16.1 .100 lease infinite When the configuration is correct, copy the running-configuration to the startup-configuration. Page 2: Packet Tracer Activity

Configure a router as a DHCP server for attached clients.

Click the Packet Tracer icon to begin.

5.3.7 - Configuring DHCP Services Link to Packet Tracer Exploration: Configuring a Cisco Router as a DHCP server Page 3: Lab Activity

Use the Cisco SDM and IOS CLI to configure a router as a DHCP server.

Click the lab icon to begin.

5.3.7 - Configuring DHCP Services Link to Hands-on Lab: Configuring DHCP with SDM and the Cisco I O S C L I 5.3.8 Configuring Static NAT Using Cisco IOS CLI Page 1: NAT enables hosts with internal private addresses to communicate on the Internet. When configuring NAT, at least one interface must be configured as the inside interface. The inside interface is connected to the internal, private network. Another interface, usually the external interface used to access the Internet, must be configured as the outside interface. When devices on the internal network communicate out through the external interface, the addresses are translated to one or more registered IP addresses.

There are occasions when a server located on an internal network must be accessible from the Internet. This accessibility requires that the server has a specific registered address that external users can specify. One way to provide this address to an internal server is to configure a static translation.

Static NAT ensures that addresses assigned to hosts on the internal network are always translated to the same registered IP address.

Configuring NAT and static NAT using the Cisco IOS CLI requires a number of steps.

Step 1. Specify the inside interface.

Step 2. Set the primary IP address of the inside interface.

Step 3. Identify the inside interface using the ip nat inside command.

Step 4. Specify the outside interface.

Step 5. Set the primary IP address of the outside interface.

Step 6. Identify the outside interface using the ip nat outside command.

Step 7. Define the static address translation.

Step 8. Verify the configuration.

5.3.8 - Configuring Static NAT Using Cisco I O S C L I The diagram depicts the steps used to configure static NAT using Cisco I O S C L I. Step 1: Specify the inside interface Router (config) # interface fastethernet 0 /0 To begin configuring NAT services on a Cisco router navigate to the privileged EXEC mode, enter the password if prompted to and then enter the global configuration mode. Specify which interface is connected to the inside local network. Doing this enters the interface configuration mode. Use these commands: Router> enable Router# configure terminal Router (config) # interface fastethernet 0 /0 Step 2: Set the primary IP address of the inside interface Router (config-if) # ip address 172.31.232.182 255.255.255.0 Use this command to set the primary IP address for the inside interface: Router (config-if) # ip address 172.31.232.182 255.255.255.0 Step 3: Identify the inside interface using the IP nat inside command Router (config-if) # ip nat inside Router (config-if) # no shutdown Router (config-if) # exit Now identify this interface as the interface connected to the inside of the network and then exit

the configuration of the inside interface and return to configuration mode. Use these commands: Router (config-if) # ip nat inside Router (config-if) # no shutdown Router (config-if) # exit Step 4: Specify the outside interface Router (config) # interface serial 0 /0 Configure the outside interface. Specify the interface connecting to the Internet Service Provider and return to the interface configuration mode. Use this command: Router (config) # interface serial 0 /0 Step 5: Set the primary IP address of the outside interface Router (config-if) # ip address 209.165.201.1 255.255.255.252 Now identify this interface as the interface connected to the outside of the network and then exit the configuration of the outside interface and return to configuration mode. Use these commands: Router (config-if) # ip address 209.165.201.1 255.255.255.252 Step 6: Identify the outside interface using the IP nat outside command Router (config-if) # ip nat outside Router (config-if) # no shutdown Router (config-if) # exit Now identify this interface as the interface connected to the outside of the network and then exit the configuration of the outside interface and return to configuration mode. Use these commands: Router (config-if) # ip nat outside Router (config-if) # no shutdown Router (config-if) # exit Step 7: Define the static address translation Router (config) # ip nat inside source static 172.31.232.14 209.165.202.130 Router (config) # exit Use this command to create the translation: Router (config) # I P nat inside source static 172.31.232.14 209.165.202.130 In this example, a server with the inside address 172.31.232.14 is always translated to the external address 209.165.202.130. Use this command to create the translation. When finished, exit the global configuration mode. Step 8: Verify the configuration show running-config Verify the static NAT configuration. Use this command: show running-config Here is an example: interface fastethernet 0 /0 ip address 172.31.232.182 255.255.255.0 ip nat inside interface serial 0 /0

ip address 209.165.201.1 255.255.255.252 ip nat outside ip nat inside source static 172.31.232.14 209.165.202.130 Be sure to save the running-configuration to the startup-configuration. Page 2: There are several router CLI commands to view NAT operations for verification and troubleshooting.

One of the most useful commands is show ip nat translations. The output displays the detailed NAT assignments. The command shows all static translations that have been configured and any dynamic translations that have been created by traffic. Each translation is identified by protocol and its inside and outside local and global addresses.

The show ip nat statistics command displays information about the total number of active translations, NAT configuration parameters, how many addresses are in the pool, and how many have been allocated.

Additionally, use the show run command to view NAT configurations.

By default, if dynamic NAT is configured, translation entries time out after 24 hours. It is sometimes useful to clear the dynamic entries sooner than 24 hours. This is especially true when testing the NAT configuration. To clear dynamic entries before the timeout has expired, use the clear ip nat translation * command in the enable mode. Only the dynamic translations are removed from the table. Static translations cannot be cleared from the translation table.

5.3.8 - Configuring Static NAT Using Cisco I O S C L I The diagram depicts a man sitting at his workstation verifying NAT operations by entering the show I P nat translations and using the router C L I interface. The output from the show IP nat statistics command displays detailed NAT assignments. The command shows all static translations that have been configured and any dynamic translations that have been created by traffic. Each translation is identified by a protocol, and its inside and outside local and global addresses. The show IP nat statistics command displays information about the total number of active translations, NAT configuration parameters, how many addresses are in the pool, and how many have been allocated. Page 3:

Packet Tracer Activity

Configure static NAT on a router.

Click the Packet Tracer icon to begin.

5.3.8 - Configuring Static NAT Using Cisco I O S C L I Link to Packet Tracer Exploration: Configuring Static NAT on a Cisco Router. Page 4: Lab Activity

Configure PAT using Cisco SDM and static NAT using Cisco IOS CLI.

Click the lab icon to begin.

5.3.8 - Configuring Static NAT Using Cisco I O S C L I Link to Hands-on Lab: Configuring PAT with SDM and Static NAT using Cisco I O S Commands. 5.3.9 Backing Up a Cisco Router Configuration Page 1: After a router is configured, the running configuration should be saved to the startup configuration file. It is also a good idea to save the configuration file in another location, such as a network server. If the NVRAM fails or becomes corrupt and the router cannot load the startup configuration file, another copy is available. There are multiple ways that a configuration file can be saved.

One way configuration files can be saved to a network server is using TFTP. The TFTP server must be accessible to the router via a network connection.

Step 1. Enter the copy startup-config tftp command.

Step 2. Enter the IP address of the host where the configuration file will be stored.

Step 3. Enter the name to assign to the configuration file or accept the default.

Step 4. Confirm each choice by answering yes.

The running configuration can also be stored on a TFTP server using the copy running-config tftp command.

To restore the backup configuration file, the router must have at least one interface configured and be able to access the TFTP server over the network.

Step 1. Enter the copy tftp running-config command.

Step 2. Enter the IP address of the remote host where the TFTP server is located.

Step 3. Enter the name of the configuration file or accept the default name.

Step 4. Confirm the configuration filename and the TFTP server address.

Step 5. Using the copy run start command, copy the running-configuration to the startupconfiguration file to ensure that the restored configuration is saved.

When restoring your configuration, it is possible to copy the tftp file to the startup configuration file. However, this does require a router reboot in order to load the startup configuration file into the running configuration.

5.3.9 - Backing Up a Cisco Router Configuration The diagram depicts the process of copying the configuration to and from a TFTP server by saving and restoring a configuration.

Saving a Configuration HyperTerminal window Router # copy startup-config tftp Address or name of remote host [ ]? 10.1 0.10.1 Destination filename [router-config]? tokyo.2 Write file tokyo.2 to 10.1 0.10.1 [confirm] Writing tokyo.2 !!!!!! [OK] Router # Restoring a Configuration HyperTerminal window Router # copy tftp running-config Address or name of remote host [ ]? 131.108.2.155 Source filename [ ]? tokyo.2 Destination filename [running-config]? y Accessing tftp://131.108.2.155/ tokyo.2 Page 2: Another way to create a backup copy of the configuration is to capture the output of the show running-config command. To do this from the terminal session, copy the output, paste it into a text file, and then save the text file.

The following steps are used to capture the configuration from a HyperTerminal screen.

Step 1. Select Transfer.

Step 2. Select Capture Text.

Step 3. Specify a name for the text file to capture the configuration.

Step 4. Select Start to start capturing text.

Step 5. Use the show running-config command to display the configuration on the screen.

Step 6. Press the spacebar when each "-More -" prompt appears.

After the complete configuration has been displayed, the following steps stop the capture.

Step 1. Select Transfer.

Step 2. Select Capture Text.

Step 3. Select Stop.

After the capture is complete, the configuration file must be edited to remove extra text, such as the "building configuration" Cisco IOS message. Also, the no shutdown command must be added to the end of each interface section. Click File > Save to save the configuration. The configuration file can be edited from a text editor such as Notepad.

The backup configuration can be restored from a HyperTerminal session. Before the configuration is restored, any other configurations should be removed from the router using the erase startup-config command at the privileged EXEC prompt. The router is then restarted using the reload command.

The following steps copy the backup configuration to the router.

Step 1. Enter router global configuration mode.

Step 2. Select Transfer > Send Text File in HyperTerminal.

Step 3. Select the name of the file for the saved backup configuration.

Step 4. Restore the startup configuration with the copy run start command

5.3.9 - Backing Up a Cisco Router Configuration The diagram depicts a Hyper Terminal window with the Transfer dropdown selected, then Capture Text, then Stop, to stop menu item open. Output from commands previously entered are captured.

Page 3: Packet Tracer Activity

Back up the running configuration to a TFTP server.

Click the Packet Tracer icon to begin.

5.3.9 - Backing Up a Cisco Router Configuration Link to Packet Tracer Exploration: Backing Up a Cisco Router Configuration to a TFTP Server. Page 4: Lab Activity

Use HyperTerminal to save and load the running configuration.

Click the lab icon to begin.

5.3.9 - Backing Up a Cisco Router Configuration Link to Hands-on Lab: Managing Router Configuration Files Using HyperTerminal. Page 5: Lab Activity

Use TFTP to save and load the running configuration.

Click the lab icon to begin.

5.3.9 - Backing Up a Cisco Router Configuration Link to Hands-on Lab: Managing Router Configuration Files Using TFTP

5.4 Connecting the CPE to the ISP 5.4.1 Installing the CPE Page 1: One of the main responsibilities of an on-site network technician is to install and upgrade equipment located at a customer home or business. Network devices installed at the customer location are called customer premises equipment (CPE) and include devices such as routers, modems, and switches.

The installation or upgrade of a router can be disruptive for a business. Many businesses rely on the Internet for their correspondence and have e-commerce services that must be accessed during the day. Planning the installation or upgrade is a critical step in ensuring successful operation. Additionally, planning enables options to be explored on paper, where it is easy and inexpensive to correct errors.

The ISP technical staff usually meets with business customers for planning. During planning sessions, the technician determines the configuration of the router to meet customer needs and the network software that may be affected by the new installation or upgrade.

The technician works with the IT personnel of the customer to decide which router configuration to use and to develop the procedure that verifies the router configuration. From this information, the technician completes a configuration checklist.

The configuration checklist provides a list of the most commonly configured components. It typically includes an explanation of each component and the configuration setting. The list is a tool for ensuring that everything is configured correctly on new router installations. It is also helpful for troubleshooting previously configured routers.

There are many different formats for configuration checklists, including some that are quite complex. ISPs should ensure that support technicians have, and know how to use, router configuration checklists.

5.4.1 - Installing the C P E The diagram depicts blank work order form with a brief description of the following fields. Date and Work Order Used to record the date that the configuration checklist is issued Used to record a number used to track the contract work

ISP Contact The name and telephone number of the ISP representative if any questions or concerns arise Customer The name of the company or customer. Customer Contact The name and telephone number of the person at the customer site responsible for the project. Router Manufacturer and Model The router manufacturer and model number Router Serial Number The router serial number Configured Basic Parameters Check here to confirm that basic router parameters are configured. Cisco SDM can be used to configure basic parameters, if supported by the device. Configured Global Parameters Check here to confirm that the global parameters are configured. Including: host name of the router, a privilege mode password, and disabling the router from recognizing typing mistakes as commands. Configured Fast Ethernet LAN Interfaces Check here to confirm that the Fast Ethernet LAN interfaces have been configured. Configured WAN Interfaces Check here to confirm that the WAN interfaces have been configured Configured Command-Line Access to the Router Check here to confirm that the parameters used to control Cisco I O S C L I access to the router have been configured. This includes: the interval of time that the EXEC command interpreter waits until user input is detected. Configured Static Routes Check here to confirm that the static routes are configured. An ISP may use a separate sheet to detail each static route configured. Static routes are manually configured on the router and must be changed manually if new routes are required. Configured Dynamic Routing Protocols Check here to confirm that the dynamic routing protocols are configured. In dynamic routing, the network protocol adjusts the path automatically, based on network traffic or topology. Changes in dynamic routes are shared with other routers in the network. Configured Security Features Check here to confirm that security features on the router are configured. The Cisco SDM configuration tool makes it easy to configure the basic security features. To configure security features using the Cisco I O S C L I requires an in-depth knowledge of the Cisco I O S security commands. Page 2: When new equipment is required, the devices are typically configured and tested at the ISP site before being installed at the customer site. Anything that is not functioning as expected can be replaced or fixed immediately. If a router is being installed, the network technician makes sure that the router is fully configured and that the router configuration is verified.

When the router is known to be configured correctly, all network cables, power cables, management cables, manufacturer documentation, manufacturer software, configuration documentation, and the special tools needed for router installation are assembled. An inventory

checklist is used to verify that all necessary equipment needed to install the router is present. Usually, the network technician signs the checklist, indicating that everything has been verified. The signed and dated inventory checklist is included with the router when it is packaged for shipping to the customer premises.

The router is now ready to be installed by the on-site technician. It is important to find a time that provides the minimum amount of disruption. It may not be possible to install or upgrade network equipment during normal business hours. If the installation will cause the network to be down, the network technician, the ISP sales person, and a representative of the company prepare a router installation plan. This plan ensures that the customer experiences a minimum of disruption in service while the new equipment is installed. Additionally, the router installation plan identifies who the customer contact is and what the arrangements are for access to the site after business hours. As part of the installation plan, an installation checklist is created to ensure that equipment is installed appropriately.

5.4.1 - Installing the C P E The diagram depicts images of the installation planning process with the customer and installation of the router following the plan. Page 3: The on-site network technician must install the router at the customer premises using the router installation plan and checklist. When installing customer equipment, it is important to complete the job in a professional manner. This means that all network cables are labeled and fastened together or run through proper cable management equipment. Excess lengths of cable are coiled and secured out of the way.

Documentation should be updated to include the current configuration of the router, and network diagrams should be updated to show the location of the equipment and cables installed.

After the router is successfully installed and tested, the network technician completes the installation checklist. The completed checklist is then verified by the customer representative. The verification of the router installation often involves demonstrating that the router is correctly configured and that services that depend on the router work as expected.

When the customer representative is satisfied that the router has been correctly installed and is operational, the customer signs and dates the checklist. Sometimes there is a formal acceptance document in addition to the checklist. This procedure is often called the sign-off phase. It is critical that the customer representative signs off on the job, because the ISP can then bill the customer for the work.

5.4.1 - Installing the C P E The diagram depicts images of the completion of the checklist and review of the installation with a customer representative. Obtaining the customer acceptance of the new equipment and approval of the installation is also depicted. Page 4: Installation Documentation

When customer equipment is configured and installed on the customer premises, it is important to document the entire process. Documentation includes all aspects of equipment configuration, diagrams of equipment installation, and checklists to validate the correct installation. If a new configuration is needed, the documentation is compared with the previous router configuration to determine if and how the new configuration has changed. Activity logs are used to track modifications and access to equipment. Properly maintained activity logs help when troubleshooting problems.

The technician starts documenting the work during router installation. All cables and equipment are correctly labeled and indicated on a diagram to simplify future identification.

The technician uses the installation and verification checklist when installing a router. This checklist displays the tasks to be completed at the customer premises. The checklist helps the network technician avoid errors and ensures that the installation is done efficiently and correctly.

A copy of the final documentation is left with the customer.

5.4.1 - Installing the C P E The diagram depicts images related to router installation documentation. Verify Checklists Document any installation modifications that were not part of the original installation plan. Clearly label all cables for future identification. Finally, verify the install by using the installation checklist. Update Network Diagrams Update any network diagrams to include any changes made during the installation. This is an example of a network diagram created using Microsoft Visio. Prepare Activity Logs Use activity logs to document when modifications are made so they can be used to determine if a configuration activity has contributed to a network problem.

5.4.2 Customer Connections over a WAN Page 1: New equipment at the customer site must be connected back to the ISP to provide Internet services. When customer equipment is upgraded, it is sometimes necessary to also upgrade the type of connectivity provided by the ISP.

Wide Area Networks

When a company or organization has locations that are separated by large geographical distances, it may be necessary to use the telecommunications service provider (TSP) to interconnect the LANs at the different locations. The networks that connect LANs in geographically separated locations are referred to as wide area networks (WANs).

TSPs operate large regional networks that can span long distances. Traditionally, TSPs transported voice and data communications on separate networks. Increasingly, these providers are offering converged information network services to their subscribers.

Individual organizations usually lease connections through the TSP network. Although the organization maintains all the policies and administration of the LANs at both ends of the connection, the policies within the communications service provider network are controlled by the ISP.

ISPs sell various types of WAN connections to their clients. WAN connections vary in the type of connector used, in bandwidth, and in cost. As small businesses grow, they require the increased bandwidth offered by some of the more expensive WAN connections. One of the jobs at an ISP or medium-sized business is to assess what type of WAN connection is needed.

5.4.2 - Customer Connections over a WAN The diagram depicts two LANs connected via a WAN link using CSU/DSU equipment. Page 2: There are three types of serial WAN connections.

Point-to-Point

A point-to-point connection is a predefined communications path from the customer premises through a TSP network. It is a dedicated circuit with fixed bandwidth available at all time. Pointto-point lines are usually leased from the TSP. These lines are often called leased lines. Point-topoint connections are typically the most expensive of the WAN connection types, and are priced based on the bandwidth required and the distance between the two connected points. An example of a point-to-point WAN connection is a T1 or E1 link.

Circuit-Switched

A circuit-switched connection functions similarly to the way a phone call is made over a telephone network. When making a phone call to a friend, the caller picks up the phone, opens the circuit, and dials the number. The caller hangs up the phone when finished and the closes the circuit. An example of a circuit-switched WAN connection is an ISDN or dialup connection.

Packet-Switched

In a packet-switched connection, networks have connections into the TSP switched network. Many customers share this TSP network. Instead of the circuit being physically reserved from source to destination, as in a circuit-switched network, each customer has its own virtual circuit. A virtual circuit is a logical path between the sender and receiver, not a physical path. An example of a packet-switched network is Frame Relay.

5.4.2 - Customer Connections over a WAN The diagram depicts the following types of WAN connections: point-to-point, circuit-switched, and packet-switched. Point-to-Point A host is connected to a switch which is connected to a router, which is connected to another router via a WAN link, which is connected to a switch, which is connected to a host. Circuit-Switched An I S D N circuit-switched network showing three customer sites connected using D C E equipment. The I S D N circuit switched network is represented by a cloud of switches with paths (circuits) connecting the customer sites together. These circuits are established as needed and disassembled when not. Packet-Switched Customer A, Site 1, 2, and 3 and Customer B, Site 1 and 2 are all connected to each other via D C E equipment. Any of these sites can communicate with any of the other sites. Paths of traffic flow may not be the same for all packets in a message. The Frame Relay network circuits are virtual and are shared with other customers. 5.4.3 Choosing a WAN Connection

Page 1: When choosing a WAN, the decision is largely dependent on the bandwidth and cost of the WAN connection. Smaller businesses are not able to afford some of the more expensive WAN connection options, such as SONET or ATM WAN connections. They usually install the less expensive DSL, cable, and T1 connections. In addition, higher bandwidth WAN connections may not be available in geographically isolated locations. If the offices supported are close to an urban center, there are more WAN choices.

Another factor that affects the decision on which WAN to choose is how the business plans to use the connection. If the business provides services over the Internet, it may require higher upstream bandwidth. For example, if a business hosts a web server for an e-commerce business, it needs enough upstream bandwidth to accommodate the number of external customers that visit its site. On the other hand, if the business uses an ISP to manage its e-commerce site, the business does not need as much upstream bandwidth.

For some businesses, the ability to get a service level agreement (SLA) with their WAN connection affects their decision. Less expensive WAN connections like dialup, DSL, and cable typically do not come with an SLA, whereas more expensive connections do.

5.4.3 - Choosing a WAN Connection The diagram depicts a table with information about various types of WAN connections. Connection: Dialup Bandwidth: Up to 56 Kbps Cost: Low Connection: Frame Relay Bandwidth: 128 Kbps - 512 Kbps Cost: Low - Medium Connection: DSL (note 1) Bandwidth: 128 Kbps -6+ Mbps¹ Cost: Low Connection: Cable (note 1) Bandwidth: 128 Kbps -10+ Mbps¹ Cost: Low Connection: Fractional T1 Bandwidth: 64 Kbps - 1.544 Mbps Cost: Low - Medium Connection: T1/E1 Bandwidth: 1.544/2.048 Mbps Cost: Medium

Connection: Fractional T3 Bandwidth: 1.544Mbps - 44.736 Mbps Cost: Medium - High Connection: T3/E3 Bandwidth: 44.736/34.368 Mbps Cost: High Connection: SONET Bandwidth: 51.840 Mbps - 9953.280 Mbps Cost: High - Very High Connection: ATM Bandwidth: 622 Mbps Cost: Very High * This list is a small subset of available options available from an ISP or Telco provider. Availability varies by provider and location. Note: Upstream bandwidth is typically slower than the listed downstream bandwidth Page 2: There are many things to consider when planning a WAN upgrade. The ISP initiates the process by analyzing the customer needs and reviewing the available options. A proposal is then generated for the customer. The proposal addresses the existing infrastructure, the customer requirements, and possible WAN options.

Existing Infrastructure

This is an explanation of the current infrastructure being used by the business. It helps the customer understand how the existing WAN connection provides services to their home or business.

Customer Requirements

This section of the proposal describes why a WAN upgrade is necessary for the customer. It outlines where the current WAN connection does not meet the customer needs. It also includes a list of requirements that the new WAN connection must meet to satisfy the current and future customer requirements.

WAN Options

This is a list of all the available WAN choices with the corresponding bandwidth, cost, and other features that are applicable for the business is included in the proposal. The recommended choice is indicated, including possible other options.

The WAN upgrade proposal is presented to the business decision-makers. They review the document and consider the options. When they have made their decision, the ISP works with the customer to develop a schedule and coordinate the WAN upgrade process.

5.4.3 - Choosing a WAN Connection The diagram depicts a man explaining WAN connection options. Page 3: Lab Activity

Complete a WAN upgrade plan based on the business scenario presented.

Click the lab icon to begin.

5.4.3 - Choosing a WAN Connection Link to Hands-on Lab: Planning a WAN upgrade 5.4.4 Configuring WAN Connections Page 1: How a WAN is configured depends on the type of WAN connection required. Some WAN connections support Ethernet interfaces. Other WAN connections support serial interfaces.

Leased-line WAN connections typically use a serial connection, and require a channel service unit and data service unit (CSU/DSU) to attach to the ISP network. The ISP equipment needs to be configured so that it can communicate through the CSU/DSU to the customer premises.

For a serial connection, it is important to have a preconfigured clock rate that is the same on both ends of the connection. The clock rate is set by the DCE device, which is typically the CSU/DSU. The DTE device, typically the router, accepts the clock rate set by the DCE.

The Cisco default serial encapsulation is HDLC. It can be changed to PPP, which provides a more flexible encapsulation and supports authentication by the remote device.

5.4.4 - Configuring WAN Connections The diagram depicts a WAN connection between a customer ISR router and customer CSU/DSU, and between an ISP ISR router and an ISP CSU/DSU using P P P encapsulation. Customer Cisco ISR router connects to a customer CSU/DSU, which is connected to a WAN cloud. The WAN cloud connects to ISP CSU/DSU, which is connected to the ISP Cisco ISR Router. Customer Cisco ISR Router Router > enable Router # configure terminal Enter configuration commands, one per line. End with CNTL/Z, Router (config) # interface serial 0 /0 Router (config-if) # ip address 192.168.2.125 255.255.255.0 Router (config-if) # encapsulation ppp Router (config-if) # no shutdown ISP Cisco ISR Router Router > enable Router # configure terminal Enter configuration commands, one per line. End with CNTL/Z, Router (config) # interface serial 0 /0 Router (config-if) # ip address 192.168.2.123 255.255.255.0 Router (config-if) # encapsulation ppp Router (config-if) # no shutdown Page 2: Packet Tracer Activity

Configure a serial WAN connection from a Cisco ISR to a CSU/DSU at an ISP.

Click the Packet Tracer icon to begin.

5.4.4 - Configuring WAN Connections Link to Packet Tracer Exploration: Configuring a PPP Connection Between a Customer and an ISP .

5.5 Initial Cisco 2960 Switch Configuration

5.5.1 Standalone Switches Page 1: Although the integrated swith module of the 1841 ISR is adequate for connecting a small number of hosts to the LAN, it may be necessary to add larger, more capable switches to support additional users as the network grows.

A switch is a device that directs a stream of messages from one port to another based on the destination MAC address within the frame. A switch cannot route traffic between two different local networks. In the context of the OSI model, a switch performs Layer 2 functions. Layer 2 is the Data Link Layer.

Several models of Ethernet switches are available to meet various user requirements. The Cisco Catalyst 2960 Series Ethernet switch is designed for the networks of medium-sized businesses and branch offices.

The Catalyst 2960 Series of switch are fixed-configuration, standalone devices that do not support modules or flash card slots. Because the physical configuration cannot change, fixedconfiguration switches must be chosen based on the required number and type of ports. 2960 Series switches can provide 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity. These switches use Cisco IOS software and can be configured using a GUI-based Cisco Network Assistant or through the CLI.

5.5.1 - Standalone Switches The diagram depicts several switches and information about each. Cisco 2960 Fast Ethernet Switch 8 Fast Ethernet ports One dual purpose Gigabit Ethernet uplink port The Gigabit Ethernet uplink port can support a 10 /100 /1000 copper cable or a fiber based S F P connector. This switch does not require a fan Cisco 2960 Gigabit Ethernet Switch 7 Gigabit Ethernet ports One dual purpose Gigabit Ethernet uplink port The Ethernet uplink port can support a 10 /100 /1000 copper cable or a fiber based small formfactor pluggable (S F P) connector. This switch does not require a fan Cisco Catalyst 2960-24TT 24 10 /100 ports 2 10 /100 /1000 uplink ports Cisco Catalyst 2960-24TC

24 10 /100 ports 2 dual-purpose uplink ports Cisco Catalyst 2960-48TT 48 10 /100 ports 2 10 /100 /1000 uplink ports Cisco Catalyst 2960-48TC 44 10 /100 /1000 ports 4 dual-purpose uplink ports Cisco Catalyst 2960G-24TC 24 10 /100 /1000 ports 4 dual-purpose uplink ports Cisco Catalyst 2960G-48TC 44 10 /100 /1000 ports 4 dual-purpose uplink ports Page 2: 5.5.1 - Standalone Switches The diagram depicts the front and rear view of a switch. Brief descriptions are given for various components of the switch. 2960 Series Switch Cisco Catalyst 2960 Series Intelligent Ethernet Switches are suitable for small and medium-sized networks. They provide 10 /100 Fast Ethernet and 10 /100 /1000 Gigabit Ethernet LAN connectivity. Front View Status L E D's SYST L E D Shows whether the system is receiving power and is working properly. Green: The system is working properly. Amber: The system is receiving power but is not working properly. RPSLED The redundant power system (R P S) L E D shows the R P S status. Green: The R P S is connected and ready to provide back-up power, if required. Blinking green: The R P S is connected but is unavailable because it is providing power to another device. Amber: The R P S is in standby mode or in a fault condition. Blinking amber: The internal power supply in a switch has failed, the R P S is providing power to the switch. Mode Button and Port Status L E D Port L E D's display information about the switch and about the individual ports. Mode Button

The mode button is used to select one of the port modes: status mode, duplex mode, or speed mode. To select or change a mode, press the Mode button until the desired mode is highlighted. The purpose of the L E D is dependent upon the port mode setting. Port Status, or STAT, the Default Port Mode Off: No link, or port was administratively shut down. Green: Link present. Blinking green: Port is transmitting or receiving data. Alternating green-amber: Link fault. Error frames can affect connectivity, and errors such as excessive collisions, C R C errors, and alignment and jabber errors are monitored for a link-fault indication. Amber: Port is blocked by Spanning Tree Protocol (S T P) and is not forwarding data. Blinking amber: Port is blocked by STP but continues to transmit and receive inter-switch information messages. Duplex L E D Port duplex mode, or D U P L X, is either full duplex or half duplex. Off: Port is operating in half duplex. Green: Port is operating in full duplex. Speed L E D SPEED mode: The 10 /100 ports, 10 /100 /1000 ports and S P F module ports operating speeds. For 10 /100 ports: Off: Port is operating at 10 Mbps Green: Port is operating at 100 Mbps. For 10 /100 /1000 ports: Off: Port is operating at 10 Mbps. Green: Port is operating at 100 Mbps. Blinking green: Port is operating at 1000 Mbps. 10 /100 and 10 /100 /1000 Ports The 10 /100 Ethernet ports can be set to support speeds of 10 or 100 Mbps. The 10 /100 /1000 ports operate at 10, 100, or 1000 Mbps S F P Ports A Gigabit capable Ethernet S F P port can be used to support fiber and copper transceivers modules. The fiber transceivers support fiber-optic cables. The copper transceivers support Category 5 cables with R J-45 connectors. The ability to plug into the Gigabit Ethernet S F P ports allows the fiber and copper transceivers to be easily replaceable in the field should a connection go bad. Rear View All of the Ethernet ports are located on the front of the 2960. The back of the 2960 contains the power plug, the console port, and the fan ventilation. Console Port Used to connect the switch to a PC by means of a R J-45-to-D B-9 cable. Used for out-of-band management tasks. Page 3:

All switches support both half-duplex or full-duplex mode.

When a port is in half-duplex mode, at any given time, it can either send or receive data but not both. When a port is in full-duplex mode, it can simultaneously send and receive data, doubling the throughput.

Both the port and the connected device must be set to the same duplex mode. If they are not the same, a duplex mismatch occurs, which can lead to excessive collisions and degraded communication.

The speed and duplex can be set manually, or the switch port can use autonegotiation. Autonegotiation allows the switch to autodetect the speed and duplex of the device that is connected to the port. Autonegotiation is enabled by default on many Cisco switches.

For autonegotiation to be successful, both devices must support it. If the switch is in autonegotiation mode and the connected device does not support it, the switch uses the speed of the other device (10, 100, or 1000) and is set to half-duplex mode. Defaulting to half duplex can create problems if the non-autonegotiating device is set to full duplex.

If the connected device does not autonegotiate, manually configure the duplex settings on the switch to match the duplex settings on the connected device. The speed parameter can adjust itself, even if the connected port does not autonegotiate.

5.5.1 - Standalone Switches The diagram depicts a half-duplex and a full-duplex transmission. Half-Duplex A server and a switch exchange information. Only one device can send at any one time. Full-Duplex A server and a switch- exchange information. Both devices can send and receive at the same time. Page 4: Switch settings, including the speed and duplex port parameters, can be configured using the Cisco IOS CLI. When configuring a switch using the Cisco IOS CLI, the interface and command structure is very similar to the Cisco routers.

As with the Cisco routers, there is a variety of choices for the Cisco IOS image for switches. The IP-base software image is supplied with the Cisco Catalyst 2960 switch. This image provides the switch with basic switching capabilities and IP services. Other Cisco IOS software images supply additional services to the IP-base image.

5.5.1 - Standalone Switches The diagram depicts Image of a flowchart. IP Services provided by the IP Base flow to Enterprise Services and Advanced IP Services, which then both flow to Advanced Enterprise Services. 5.5.2 Power Up the Cisco 2960 Switch Page 1: Powering up a Cisco 2960 switch is similar to powering up a Cisco 1841 ISR.

The three basic steps for powering up a switch include:

Step 1. Check the components.

Step 2. Connect the cables to the switch.

Step 3. Power up the switch.

When the switch is on, the power-on self-test (POST) begins. During POST, the LEDs blink while a series of tests determine that the switch is functioning properly.

POST is completed when the SYST LED rapidly blinks green. If the switch fails POST, the SYST LED turns amber. When a switch fails POST, it is necessary to return the switch for repairs.

When all startup procedures are finished, the Cisco 2960 switch is ready to configure.

5.5.2 - Power Up the Cisco 2960 Switch The diagram depicts steps to power up a switch.

Step 1 - Check the Components Ensure all the components that came with the Cisco 2960 switch are available. These include the console cable, power cord, Ethernet cable, and switch documentation. Step 2 - Connect the Cables to the Switch Connect the PC to the switch with a console cable and start a terminal emulation session. Connect the A C power cord to the switch and to a grounded A C outlet. Step 3 - Power up the switch Some Cisco switch models do not have an on/off switch. The 2960 switch powers up as soon as the power cord is connected to the electrical power. Page 2: Lab Activity

Power up a Cisco 2960 switch.

Click the lab icon to begin.

5.5.2 - Power Up the Cisco 2960 Switch Link to Hands-on Lab: Powering Up a Switch. 5.5.3 Initial Switch Configuration Page 1: There are several ways to configure and manage a Cisco LAN switch.

• • • • •

Cisco Network Assistant Cisco Device Manager Cisco IOS CLI CiscoView Management Software SNMP Network Management Products

Some of these methods use IP connectivity or a web browser to connect to the switch, which requires an IP address. Unlike router interfaces, switch ports are not assigned IP addresses. To use an IP-based management product or Telnet session to manage a Cisco switch, it is necessary to configure a management IP address on the switch.

If the switch does not have an IP address, it is necessary to connect directly to the console port and use a terminal emulation program to perform configuration tasks.

5.5.3 - Initial Switch Configuration The diagram depicts brief descriptions of various network management options. Cisco Network Assistant PC-based network management G U I application optimized for LANs of small and mediumsized businesses Offers centralized management of Cisco switches through a user-friendly G U I Used to configure and manage groups of switches or standalone switches Available at no cost and can be downloaded from Cisco website Device Manager Web browser based software that is stored in the switch memory Web interface that offers quick configuration and monitoring Used to fully configure and monitor a switch Access through a web browser or by using Telnet or S S H from a remote PC Cisco I O S C L I Based on Cisco I O S software and enhanced to support desktop-switching features Used to fully configure and monitor the switch and members in a group of switches from the C L I Access by connecting the PC directly to the switch console port or by using Telnet from a remote PC CiscoView Displays the switch image used to set configuration parameters and to view switch status and performance information Purchased separately and it can be a standalone application or part of a Simple Network Management Protocol (S N M P) platform Simple Network Management Protocol Managed from an S N M P-compatible management station Examples of S N M P-compatible management stations are H P OpenView or SunNet Manager Typically utilized at large companies Page 2: The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic security information before being connected to the network.

The commands to configure the host name and passwords on the switch are the same commands used to configure the ISR. To use an IP-based management product or Telnet with a Cisco switch, configure a management IP address.

To assign an address to a switch, the address must be assigned to a virtual local area network VLAN interface. A VLAN allows multiple physical ports to be grouped together logically. By default, there is one VLAN, preconfigured in the switch, VLAN1, that provides access to management functions.

To configure the IP address assigned to the management interface on VLAN 1, enter global configuration mode.

Switch>enable

Switch#configure terminal

Next, enter the interface configuration mode for VLAN 1.

Switch(config)#interface vlan 1

Set the IP address, subnet mask, and default gateway for the management interface. The IP address must be valid for the local network where the switch is installed.

Switch(config-if)#ip address 192.168.1.2 255.255.255.0

Switch(config-if)#exit

Switch(config)#ip default-gateway 192.168.1.1

Switch(config)#end

Save the configuration by using the copy running-configuration startup-configuration command.

5.5.3 - Initial Switch Configuration The diagram depicts C L I commands used to configure some basic switch parameters. Switch> enable Switch # configure terminal Switch (config) # interface v lan 1 Switch (config-if) # ip address 192.168.1.2 255.255.255.0 Switch (config-if) # no shut down Switch (config-if) # exit Switch (config) # ip default-gateway 192.168.1.1 Switch (config) # end Switch # copy running-config startup-config Page 3: E-Lab Activity

Configure the basic settings on a Cisco Catalyst switch.

Click the lab icon to begin.

5.5.3 - Initial Switch Configuration Link to E-Lab: Configuring a Cisco 2960 Switch. Page 4: Packet Tracer Activity

Perform a basic switch configuration.

Click the Packet Tracer icon to begin.

5.5.3 - Initial Switch Configuration Link to Packet Tracer Exploration: Performing an Initial Switch Configuration. 5.5.4 Connecting the LAN Switch to the Router Page 1:

Connect the Switch to the Network

To connect the switch to a router, use a straight-through cable. LED lights on the switch and router indicate that the connection is successful.

After the switch and router are connected, determine if the two devices are able to exchange messages.

First, check the IP address configuration. Use the show running-configuration command to verify that the IP address of the management interface on the switch VLAN 1 and the IP address of the directly connected router interface are on the same local network.

Then test the connection using the ping command. From the switch, ping the IP address of the directly connected router interface. Repeat the process from the router by pinging the management interface IP address assigned to the switch VLAN 1.

If the ping is not successful, verify the connections and configurations again. Check to ensure that all the cables are correct and that the connections are seated.

After the switch and router are successfully communicating, individual PCs can be connected to the switch using straight-through cables. These cables can be directly connected to the PCs, or can be used as part of the structured cabling leading to wall outlets.

5.5.4 - Connecting the LAN Switch to the Router Hosts H 1, H 2, and H 3 are connected to a 2960-24TT switch. The switch is connected to an 1841 router. Link between H3 and 2960-24TT Switch Connect PC's to the switch using a straight-through Ethernet cable. Green Lights of 2960-24TT Switch The port lights on the switch will blink green when the connection is up and running. Link between 1841 and 2960-24TT Switch Connect the router to the switch using a straight-through Ethernet cable. Page 2:

Switch ports can be an entry point to the network by unauthorized users. To prevent this, switches provide a feature called port security. Port security limits the number of valid MAC addresses allowed per port. The port does not forward packets with source MAC addresses that are outside the group of defined addresses.

There are three ways to configure port security.

Static

MAC addresses are manually assigned using the switchport port-security mac-address [macaddress] interface configuration command. Static MAC addresses are stored in the address table and added to the running configuration.

Dynamic

MAC addresses are dynamically learned and stored in the address table. The number of addresses learned can be controlled. By default, the maximum number of MAC addresses learned per port is one. Addresses that are learned are cleared from the table if the port is shutdown or if the switch is restarted.

Sticky

Similar to dynamic, except that the addresses are also saved to the running configuration.

Port security is disabled by default. If port security is enabled, a violation will result in the port being shutdown. For example, if dynamic port security is enabled and the maximum number of MAC addresses per port is one, the first address learned becomes the secure address. If another workstation attempts to access the port with a different MAC address, a security violation occurs.

There is a security violation when either of these situations occurs:



The maximum number of secure MAC addresses has been added to the address table, and a device with a MAC address that is not in the address table attempts to access the interface.



An address learned or configured on one secure interface is seen on another secure interface in the same VLAN.

Before port security can be activated, the port must be set to access mode with the switchport mode access command.

5.5.4 - Connecting the LAN Switch to the Router The diagram depicts the following configuration commands for port security: configure static port security, configure dynamic port security, and configure sticky port security. Configure Static Port Security Cisco I O S C L I Command Syntax Enter global configuration mode: S 1 # configure terminal Specify the type and number of the physical interface to configure, for example fastEthernet F A 0 /18. And enter interface configuration mode: S1 (config) # interface fastEthernet 0 /18 Set the interface mode to: access. An interface in the dynamic desirable default mode cannot be configured as a secure port: S 1 (config) # switchport mode access Enable port security on the interface: S 1 (config-if) # switchport-security mac-address Return to privileged EXEC mode: S 1 (config-if) # end Configure Dynamic Port Security Cisco I O S C L I Command Syntax Enter global configuration mode. S 1 # configure terminal Cisco I O S C L I Command Syntax Specify the type and number of the physical interface to configure, for example fastEthernet F A 0 /18. And enter interface configuration mode: S 1 (config) # interface fastEthernet 0 /18 Set the interface mode to: access. An interface in the dynamic desirable default mode cannot be configured as a secure port: S 1 (config ) # switchport mode access Enable port security on the interface: S 1 (config-if) # switchport-security Return to privileged EXEC mode: S 1 (config-if) # end Configure Sticky Port Security

Enter global configuration mode. S 1 # configure terminal Specify the type and number of the physical interface to configure. S 1 (config) # interface fastEthernet 0/18 Set the interface mode to: access. S 1 (config) # switchport mode access Enable port security on the interface: S 1 (config-if) # switchport-security Set the maximum number of secure addresses to 50. S 1 (config-if) # switchport port-security maximum 50 Enable sticky learning of MAC address S 1 (config-if) # switchport port-security Mac-address sticky Return to privileged EXEC mode: S 1 (config-if) # end More Information Popup Port security is similar to MAC-address filtering on the Linksys device. Only secure MAC addresses, learned dynamically or manually configured, are permitted to send and receive messages over the network. Page 3: To verify port security settings for the switch or the specified interface, use the show portsecurity interface interface-id command. The output displays the following:

• • • •

Maximum allowed number of secure MAC addresses for each interface Number of secure MAC addresses on the interface Number of security violations that have occurred Violation mode

Additionally, the show port-security address command displays the secure MAC addresses for all ports, and the show port-security command displays the port security settings for the switch.

If static port security or sticky port security is enabled, the show running-config command can be used to view the MAC address associated with a specific port. There are three ways to clear a learned MAC address that is saved in the running configuration:



• •

Use the clear port-security sticky interface [port-number] access to clear any learned addresses. Next, shutdown the port using the shutdown command. Finally, re-enable the port using the no shutdown command. Disable port security using the no switchport port-security interface command. Once disabled, re-enable port security. Reboot the switch.

Rebooting the switch will only work if the running configuration is not saved to the startup configuration file. If the running configuration is saved to the startup configuration file, that will eliminate the need for the switch to relearn addresses when the system reboots. However, the learned MAC address will always be associated with a particular port unless the port is cleared using the clear port-security command or disabling port security. If this is done, be sure to resave the running configuration to the startup configuration file to prevent the switch from reverting to the original associated MAC address upon reboot.

If there are any ports on a switch that are unused, best practice is to disable them. It is simple to disable ports on a switch. Navigate to each unused port and issue the shutdown command. If a port needs to be activated, enter the no shutdown command on that interface.

In addition to enabling port security and shutting down unused ports, other security configurations on a switch include setting passwords on vty ports, enabling login banners, and encrypting passwords with the service password-encryption command. For these configurations, use the same Cisco IOS CLI commands as those used to configure a router.

5.5.4 - Connecting the LAN Switch to the Router The diagram depicts terminal windows that contains the information when verifying port security settings and verifying secure MAC addresses. Verify Port Security Settings Switch # show port-security interface fastEthernet 0 /18 The output is available in the Hands-on Lab: Configuring the Cisco 2960 switch. Verify Secure MAC Addresses Switch # show port security address Secure Mac Address Table V lanMac Address TypePortsRemaining Age (mins) 99050.B A A6.06 C ESecureConfigured F A 0 /18Total Addresses in System (excluding one mac per port):0 Max addresses limit in System (excluding one mac per port):8320 Page 4: Packet Tracer Activity

Configure and connect the switch to the LAN using a configuration checklist.

Click the Packet Tracer icon to begin.

5.5.4 - Connecting the LAN Switch to the Router Link to Packet Tracer Exploration: Connecting a Switch Page 5: Lab Activity

Configure and connect the Cisco 2960 switch.

Click the lab icon to begin.

5.5.4 - Connecting the LAN Switch to the Router Link to Hands-on Lab: Configuring the Cisco 2960 Switch 5.5.5 Cisco Discovery Protocol Page 1: Cisco Discovery Protocol (CDP) is an information-gathering tool used on a switch, ISR, or router to share information with other directly connected Cisco devices. By default, CDP begins running when the device boots up. It then sends periodic messages, known as CDP advertisements, onto its directly connected networks.

CDP operates at Layer 2 only and can be used on many different types of local networks, including Ethernet and serial networks. Because it is a Layer 2 protocol, it can be used to determine the status of a directly connected link when no IP address has been configured, or if the IP address is incorrect.

Two Cisco devices that are directly connected on the same local network are referred to as being neighbors. The concept of neighbor devices is important to understand when interpreting the output of CDP commands.

Information gathered by CDP includes:

• • • • •

Device identifiers - Configured host name Address list - Layer 3 address, if configured Port identifier - Directly connected port; for example, serial 0/0/0 Capabilities list - Function or functions provided by the device Platform - Hardware platform of the device; for example, Cisco 1841

The output from the show cdp neighbors and show cdp neighbors detail commands displays the information that a Cisco device collects from its directly connected neighbors.

Viewing CDP information does not require logging in to the remote devices. Because CDP collects and displays a lot of information about directly connected neighbors, and no login is required, it is usually disabled in production networks for security purposes. Additionally, CDP consumes bandwidth and can impact network performance.

5.5.5 - Cisco Discovery Protocol The diagram depicts a host, H 2, connected to a switch with network address 172.16.1.0 /24, which is connected to the F A 0 /0 of router, R 2, with the IP address 172.16.1 .1/ 24. R 2 is connected via S 0 /0 /0 with the address 172.16.2.2 /24 to S 0 /0 /1 of router R 1 with the address 172.16.2 .1 /24. R 1 is connected via F A 0 /0 with the address 172.16.3.1 /24 to a switch, which is connected to host, H 1. R 2 is connected via S 0 /0 /1 D C E with the address 192.168.1.2 /24 to router, R 3, with the address 192.168.1.1 /24. R 3 is connected via F A 0 /0 with address 192.168.2.1 /24 to a switch, which is connected to host, H 3. Show C D P Neighbors R3 # show c d p neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Hose, I - I GMP, r - Repeater, P - phone Device IDLocal IntrfceHoldtimeCapabilityPlatformPort ID Switch F A S 0 /0133S IWS-C2950-2F A S 0 /11 R 2 S e r 0 /0 /149R S I Cisco 1841 S e r 0 /0 /1 Show C D P Neighbors Detail R 3 # show c d p neighbors detail Device I D: R 2 Entry address(es): IP address: 192.168.1.2 Platform: Cisco 1840, Capabilities: Router Switch I G M P Interface: Serial 0 /0 /1, port ID (outgoing port): Serial 0 /0 /1 Holdtime : 161 sec Version:

Cisco I S O Software, 1840 Software (C1841-AD V I PSERVICESK-9M), Version 12.4 (10b), RELEASE SOFTWARE (fc3) Technical support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco System, Inc. Compiled Fri 19-Jun-07 15:15 by prod_rel_team Advertisement version: 2 VTP Management Domain: Device ID: s 3 Entry address(es): Platform: Cisco WS-C2950-24, Capabilities: Switch I G M P Interface: FastEthernet 0 /0, Port I D (outgoing port): FastEthernet 0 /11 Holdtime : 148 sec Version: Cisco Internetwork Operating System Software I S O c2950 Software (c2950-I6Q4L2-M), Version 12.1 (9) E A1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by Cisco System, Inc. Compiled Wed 24-Apr-02 06:57 by antonio Advertisement version: 2 Protocol Hello: OUI=0x0000C, protocol ID=0x0112; payload l e n=27, Value=00000000FFFFFFFF0 10231FF000000000000000AB769F6C0FF0000 VTP Management Domain: "C C N A3" Duplex: full R3# Show Disabling and Enabling C D P To disable CDP globally use R 3 (config) # no c d p run or, to disable CDP on only an interface R3 (config-if) # no cdp enable If C D P is disabled globally, it must be enabled globally and per interface with the following two commands: Router (config), c d p run Router (config-if), c d p enable Page 2: Packet Tracer Activity

Use the CDP show commands to discover information about devices in the network.

Click the Packet Tracer icon to begin.

5.5.5 - Cisco Discovery Protocol Link to Packet Tracer Exploration: Using C D P as a Network Discovery Tool

5.6 Chapter Summary 5.6.1 Summary Page 1: 5.6.1 - Summary Diagram 1, Image The diagram depicts the components of a router. Diagram 1 text The key components on a Cisco 1841 ISR are: H WIC slots Compact flash module U S B port Dual 10 /100 fast Ethernet ports Console and auxiliary ports System Power L E D The router bootup process has three stages: 1.Performing the POST. 2.Locating and Loading the I O S software. 3.Locating and executing the startup configuration file. There are two possible methods to connect a PC to a network device for configuration and monitoring tasks, in-band and out-of-band management. Diagram 2, Image The diagram depicts packaging for Cisco Router and Security Device Manager (SDM), and Cisco SDM Express software. Diagram 2 text Cisco Router and Security Device Manager (SDM) is a graphical user interface (G U I) tool that can be used to configure, monitor, and maintain Cisco devices. Cisco SDM is the recommended way to configure a new Cisco ISR. The Cisco I O S command line interface (C L I) is a text-based program that enables the entering and executing of Cisco I O S commands to configure, monitor, and maintain Cisco devices. The Cisco I O S C L I is used for the advanced configuration of Cisco devices and to configure older devices that do not support SDM. The configuration checklist job aid is an important tool to help ensure that the customer gets the configuration they want. Diagram 3, Image The diagram depicts a Cisco SDM Express Wizard form. Diagram 3 text

SDM Express is a tool bundled within the Cisco Router and Security Device Manager that makes it easy to create a basic router configuration. SDM is a more advanced G U I interface with more configuration options available. Both SDM and SDM Express use G U I-based configuration Wizards to simplify the configuration of the Cisco devices. Some of the features that can be configured include: basic configuration, LAN IP configurations, DHCP, WAN IP configurations and NAT. Diagram 4, Image The diagram depicts output in an S S H HyperTerminal window. Diagram 4 text The C L I does not provide step-by-step configuration assistance; therefore it requires more planning and expertise to complete. The privileged exec, global config and interface modes are all used when configuring a router using the Cisco I O S C L I. Context-sensitive help can provide suggestions for completing a command as well as determining additional command parameters. Diagram 5, Image The diagram depicts output in an S S H HyperTerminal window. Diagram 5 text The I O S show commands are a fundamental tool for verifying and troubleshooting router configurations. The startup configuration file is stored on the device in NV RAM and is loaded into working memory and begins device operation. The running configuration is the set of commands that is currently active in the device RAM. I O S C L I can be used to configure basic router setting including router name, password, and banners. It can also be used to configure serial and Ethernet interfaces, DHCP, and NAT. Diagram 6, Image The diagram depicts a WAN. Diagram 6 text A WAN connection is a type of network connection that can send a network signal over long distances. There are three types of serial WAN connections: point-to-point, circuit switched and packet switched. Choosing the correct WAN involves planning and consideration. Cisco devices can be configured remotely across a WAN connection using Telnet or S S H. S S H is the preferred method. Some WAN connections support Ethernet interfaces. Other WAN connections support serial interfaces. Diagram 7, Image The diagram depicts components of a switch. Diagram 7 text The key components of a Cisco Catalyst 2960 Series Switch are: 24 10 /100 Ethernet Ports Port Status L E D's Mode button Console port Dual Purpose 10 /100 /1000 or S F P port

Cisco I O S LAN-based Software Image The 2960 supports port autonegotiation of duplex and speed. Diagram 8, Image The diagram depicts switch configuration information. Diagram 8 text When configured with an IP address, interface V LAN 1 allows you to remotely manage the switch using S S H or other TCP/IP applications such as network management software. A basic switch configuration includes switch name and encrypted passwords used to access the switch and the Cisco C L I configuration commands. Port security limits the number of valid MAC addresses allowed per port and can be configured statically, dynamically, or dynamic sticky.

5.7 Chapter Quiz 5.7.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

5.7.1 - Quiz Chapter 5 Quiz: Configuring Network Devices 1.When configuring an ISR device using Cisco SDM Express Wizard, what does setting the Enable Secret Password field accomplish? a.ensures that authorization must be granted before accessing the Internet. b.blocks unauthorized users from accessing the LAN. c.controls access to user executable mode. d.controls access to privileged mode. 2.When using Cisco SDM, which WAN encapsulation type can be configured to require a username and password before a connection is granted? a.high-level data link control (HDLC). b.frame relay. c.point-to-point protocol (P P P). d.A T M P V C. 3.What speed and duplex setting will result on a Catalyst switch if it is set to auto-negotiate speed and duplex and is connected to a 100 Mbps port on a device that does not support autonegotiation? a.10 half duplex b.10 full duplex c.100 half duplex d.100 full duplex

4.Which method can be used to configure a Cisco Catalyst switch before an IP address has been applied to the management interface? a.Cisco I O S C L I using V lan 1. b.Cisco I O S C L I using console port. c.Cisco device manager using console port. d.CiscoView software using V lan 1. 5.What is a secure way that a client can connect to a device in-band for the purpose of remote monitoring and administration? a.Telnet b.HTTP c.S S H d.console port 6.Which type of wide area network (WAN) connection uses packet switched networks? a.I S D N b.dial-up c.frame relay d.point-to-point 7.A small company with two offices in the same building is requesting advice on WAN connections. Which two questions would give a technician information to base a recommendation? (Choose two.) a.What operating system is being used? b.How much money has the customer budgeted to spend on the WAN connection? c.What type of e-mail client software is used by the employees? d.Are the computers laptops or workstations? e.Are the company web servers located in the building or at the ISP? 8.What is one fundamental difference between Cisco's C L I versus the SDM interface? a.The SDM interface can be used with both in-band and out-of-band management. b.The C L I interface can be used with both in-band and out-of-band management. c.The SDM interface requires a terminal emulation program on the PC. d.The C L I interface cannot be used over a Telnet connection. 9.Which two statements describe the command history feature? (Choose two.) a.It requires configuration of a history buffer before it can be used. b.It displays the most recently entered command strings in the current mode. c.It saves the output from the most recent show commands. d.It displays the last five commands that were entered in global configuration mode. e.It can be accessed by using the up and down arrow keys. 10.Which router mode displays a prompt of Router#? a.global configuration mode b.privileged EXEC mode c.setup mode d.user EXEC mode 11.In which two cases would out-of-band management of a router be required? (Choose two.) a.when accessing a customer router from the ISP to monitor the normal operation. b.to access and configure the router before the IP network is operational. c.to correct an error that has shutdown the network interfaces on a router.

d.when the NAT translation configuration settings are incorrect. e.to back up the running configuration on a tftp server. 12.Which two statements describe the result of entering the ip route 0.0.0.0 0.0.0.0 192.168.1.1 command on a router? (Choose two.) a.The router is not able to reach the 192.168.1.0 network. b.All packets received by the router are sent to the address 192.168.1.1. c.The remote network 192.168.1.0 can be reached using any interface. d.A default static route is added to the routing table. e.If a route to a destination network is not known, the packet is sent to 192.168.1.1. 13.Identify the category where each command belongs. Commands enable ip address 172.16.1.1 255.255.255.0 show ip route ping no shutdown configure terminal show interfaces interface fastethernet 0 /0 Categories a.Used to change router modes or sub-modes. b.Used by administrator to verify or monitor router operation. c.Affects the operation of the network. 14.What is the purpose of assigning an IP address to the interface V LAN 1 on the Cisco switch? a.to be able to telnet to the switch to manage and configure it. b.to enable the switch to route between networks. c.to create a new IP local network on the switch. d.to permit IP packets to be forwarded by the switch. 15.Match each step of the router bootup process to the correct order of operation. Operations locate the I O S load the bootstrap program load the I O S load the configuration file/enter setup mode locate the configuration file perform POST Steps Step 1 Step 2 Step 3 Step 4 Step 5 Step 6

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 6 Routing 6.0 Chapter Introduction 6.0.1 Introduction Page 1: 6.0.1 - Introduction Small business networks rely on routing to connect their users with the Internet. As these networks grow, routing becomes an integral piece of the LAN infrastructure as well. Dynamic routing protocols enable routers to react quickly when links fail, or previously used routes become unavailable. Network engineers and technicians select, configure, and troubleshoot routing operation within the LAN and WAN. After completion of this chapter, you should be able to: Describe the purpose and function of dynamic routing and the protocols used to implement it. Configure RIP v2 dynamic routing using the Cisco I O S. Describe the use of exterior routing protocols across the Internet. Enable BGP on a customer site router.

6.1 Enabling Routing Protocols 6.1.1 Routing Basics Page 1: As the internal network of an organization grows, it may be necessary to break up the network into multiple smaller networks for security or organizational purposes. This division is often accomplished by subnetting the network. Subnetting requires a router to pass traffic from one subnet to another.

To direct messages across networks so that they arrive at the correct destination, a router uses a table containing all the locally connected networks and the interfaces that are connected to each network. Each interface belongs to a different IP network.

A router determines which route, or path, to use by looking up the information stored in its routing table. The routing table also contains information about routes that the router can use to reach remote networks which are not locally attached.

Routes can be statically assigned to a router by an administrator, or routes can be dynamically given to the router by another router via a routing protocol.

6.1.1 - Routing Basics The animation depicts a router using a routing table to decide the best route for a packet. There are several interconnected routers, which a packet must travel through to get to its destination. Routing tables at each router along the way are used to forward packets from a local host on Network 1 to a remote host on Network 3. Host H1 says, "I want to send a message to H3 on Network 3." The packet says, "Network 3 is not a directly connected network. I will take my default route!" Router R6 says, "Network 3 is directly connected to me, so I will deliver the packet."

Page 2: A router uses a routing table to determine where to send packets. The routing table contains a set of routes. Each route describes which gateway or interface the router uses to reach a specified network.

A route has four main components:

• • • •

Destination value Subnet mask Gateway or interface address Route cost or metric

When a router receives a packet, the router examines the destination IP address in that packet to determine where to forward the packet. The router then looks for a matching destination value in the routing table.

Each destination value within the route table refers to a destination network address. The destination IP address within a packet, however, consists of both a network address and a host address. For the router to determine if its table contains a route to the destination network, it must determine there is a match between the IP network address and one of the destination

values in the routing table. This means the router must determine which bits of the IP address represent the network and which bits represent the host.

The router looks up the subnet mask assigned to each potential route in the table. The router applies each subnet mask to the destination IP address in the packet. The resulting network address is then compared to the network address of the route in the table. If a match is found, the packet is forwarded out the correct interface or to the appropriate gateway. If the network address matches more than one route in the routing table, the router uses the route that has the most specific, or longest, network address match.

Sometimes there is more than one route to the destination network. In this case, routing protocol rules determine which route the router uses.

If none of the route entries match, the router directs the message to the gateway specified by its default route, if a default route is configured. Otherwise, the packet is simply dropped.

6.1.1 - Routing Basics The diagram depicts a network, and shows the following three processes used to determine the path a packet takes to get to its destination: applies subnet mask, examines routing table, and forwards packets. The following information is used for all processes: Gateway of last resort is 172.16.3.1 to network 0.0.0.0 S172.17.0.0 /16 [1 /0] via 172.16.3.1 172.16.0.0 /16 is variably subnetted, 4 subnets, 2 masks S172.16.236.0 /24 -1 /0= via 172.16.3.1 S 172.16.0.0 /16 [1 /0] via 172.16.3.1 C 172.16.1.0 /24 is directly connected, FastEthernet0 /0 C 172.16.3.0 /24 is directly connected, FastEthernet0 /1 172.22.0.0/24 is subnetted, 1 subnets S 172.22.1.0 [1 /0] via 172.16.1.1 S* 0.0.0.0 /0 [1 /0] via 172.16.3.1 Process 1 - Applies Subnet Mask Router applies each subnet mask to the destination IP address to find the network address with the longest match. 172.16.236.101 longest match: 172.16.236.0 255.25.255.0 Process 2 - Examines Routing Table Router compares the resulting network address to the routing table entries. S 172.16.236.0 /24 [1 /0] via 172.16.3.1 Process 3 - Forwards Packet Router sends the packet out the correct interface to reach the next-hop address for the destination

network. C 176.16.3.0 /24 is directly connected, FastEthernet0 /1 Page 3: On a Cisco router, the Cisco IOS command show ip route displays the routes in the routing table. Several types of routes can appear in the routing table.

Directly Connected Routes

When the router powers up, the configured interfaces are enabled. As the interfaces become operational, the router stores the directly attached, local-network addresses as connected routes in the routing table. On Cisco routers, these routes are identified in the routing table with the prefix C. The routes are automatically updated whenever the interface is reconfigured or shut down.

Static Routes

A network administrator can manually configure a static route to a specific network. A static route does not change until the administrator manually reconfigures it. These routes are identified in the routing table with the prefix S.

Dynamically Updated Routes (Dynamic Routes)

Dynamic routes are automatically created and maintained by routing protocols. Routing protocols exchange routing information with other routers in the network. Dynamically updated routes are identified in the routing table with the prefix that corresponds to the type of routing protocol that created the route. For example, R is used for the Routing Information Protocol (RIP).

Default Route

The default route is a type of static route that specifies the gateway to use when the routing table does not contain a path for the destination network. It is common for default routes to point to the next router in the path to the ISP. If a subnet has only one router, that router is automatically the default gateway, because all network traffic to and from that local network has no option but to travel through that router.

Routing tables do not contain end-to-end information about the entire path from a source network to a destination network. They only contain information about the next hop along that path. The next hop is typically a directly-connected network within the routing table.

In the case of a static route, the next hop could be any IP address, as long as it is reachable by that router. Eventually the message gets passed to a router that is directly connected to the destination host and the message is delivered. Routing information between all the intermediate routers on a path is in the form of network addresses not specific hosts. It is only in the final router that the destination address in the routing table points specifically to a host computer rather than a network.

6.1.1 - Routing Basics The diagram depicts a command prompt window, displaying the results of the show ip route command. Some of the key points have been highlighted, as follows. Gateway of last resort - Gateway of last resort is 192.168.1.2 to network 0.0.0.0 Directly Connected Route - C 172.16.0.0 /16 is directly connected, FastEthernet0 Static Route - S 10.10.10.0 [1 /0] via 192.168.1.2 Dynamically Updated Route - R 192.168.2.0 /24 [120 /1] via 192.168.1.2, 00:00:23. The R stands for the RIP routing protocol. Default Route - S * 0.0.0.0 /0 [1 /0] via 192.168.1.2 Page 4: Configuring Static Routes

Static routes are manually configured by a network administrator. Configuring a static route on a Cisco router requires these steps:

Step 1. Connect to the router using a console cable.

Step 2. Open a HyperTerminal window to connect with the first router that you want to configure.

Step 3. Enter privileged mode by typing enable at the R1> prompt. Note how the > symbol changes to a # to indicate that privilege mode is being used. R1>enable R1#

Step 4. Enter global configuration mode.

R1#config terminal R1(config)#

Step 5. Use the ip route Cisco IOS command to configure the static route, with the following format. ip route [destination_network] [subnet_mask] [gateway_address]

or

ip route [destination_network] [subnet_mask] [exit_interface]

For example, to enable router 1 (R1) to reach a host on network 192.168.16.0, the administrator configures a static route on R1 with the following Cisco IOS command in global configuration mode:

R1(config)#ip route 192.168.16.0 255.255.255.0 192.168.15.1

or

R1(config)#ip route 192.168.16.0 255.255.255.0 S0/0/0

To enable two-way communication with a host on network 192.168.16.0, the administrator also configures a static route on router 2 (R2).

Because static routes are configured manually, network administrators must add and delete static routes to reflect any changes in network topology. On small networks, static routes require very little maintenance because there are not many possible changes. In a large network, manually maintaining routing tables could require significant administrative time. For this reason, larger networks generally use dynamic routing rather than static routes.

6.1.1 - Routing Basics The diagram depicts static route configurations. The network has two hosts separated by routers. The IP route commands are entered on each router to configure a static route to the opposite LAN using the next hop IP address. There are two routers on the network, R1 and R2. R1 is connected to R2. The R1 IP is 192.168.15.2. The R2 IP is 192.168.15.1. R1 has one host connected, network: 192.168.14.0. R2 has one host connected, Network: 192.168.16.0. Router R1 R1 (config) # ip route 192.168.16.0 255.255.255.0 192.168.15.1 Router R2 R2 (config) # ip route 192.168.14.0 255.255.255.0 192.168.15.2 Page 5: Packet Tracer Activity

Manually configure and reconfigure static routes.

Click the Packet Tracer icon to begin.

6.1.1 - Routing Basics Link to Packet Tracer Exploration: Configuring Static and Default Routes 6.1.2 Routing Protocols Page 1: Routes can change very quickly. Problems with cables and hardware failures can make destinations unreachable through the designated interface. Routers need to be able to quickly update routes in a way that does not depend on the administrator to make the changes manually.

Routers use routing protocols to dynamically manage information received from their own interfaces and from other routers. Routing protocols can also be configured to manage manually entered routes.

Dynamic routing makes it possible to avoid the time-consuming process of configuring static routes. Dynamic routing enables routers to react to changes in the network and to adjust their routing tables accordingly, without the intervention of the network administrator.

A dynamic routing protocol learns all the available routes, places the best routes into the routing table, and removes routes when they are no longer valid. The method that a routing protocol uses to determine the best route is called a routing algorithm. There are two main classes of routing algorithms: distance vector and link state. Each type uses a different method for determining the best route to a destination network.

Whenever the topology of a network changes because of reconfiguration or failure, the routing tables in all the routers must also change to reflect an accurate view of the new topology. When all the routers in a network have updated their tables to reflect the new route, the routers are said to have converged.

The specific routing algorithm that is being used is a very important factor in dynamic routing. For two routers to exchange routes, they must be using the same routing protocol and therefore the same routing algorithm.

6.1.2 - Routing Protocols The animation depicts the use of routing updates There are two routers, R1 and R2, each with a network attached (R1, 10.10.1.0, R2: 10.20.1.0). Each router initially knows about the network that is directly connected to it. After a routing update, a router learns about the network attached to the other router. Page 2: The distance vector routing algorithm periodically passes copies of the routing table from router to router. These regular updates between routers communicate topology changes.

The distance vector algorithm evaluates the route information it receives from other routers using two basic criteria:

• •

Distance - How far away is the network from this router? Vector - In which direction should the packet be sent to reach this network?

The distance component of a route is expressed in terms of a route cost, or metric, that can be based on the following items:

• • • • • •

Number of hops Administrative cost Bandwidth Transmission speed Likelihood of delays Reliability

The vector, or direction, component of a route is the address of the next hop along the path to the network named in the route.

An analogy for distance vectors are the highway signs found at intersections. A sign points toward a destination and indicates the distance that must be traveled to reach that destination. Further down the highway, another sign points toward the same destination, but now the distance remaining to that destination is shorter. As long as the distance is shorter, the traffic is on the best path.

6.1.2 - Routing Protocols The diagram depicts the use of Distance Vector Routing Protocols There are two routers, R1 and R2, each with a network attached (R1, 10.20.1.0, R2: 10.30.1.0, E O). R2 sends R1 a copy of its entire routing table, so it has knowledge of the rest of the network. R2 says, "Here is a copy of my routing table for you." R1 says, "Thanks! Now I know Network 10.30.1.0 is a distance of 1 hop away from me in the direction of R2!" R2 Routing Table Network - 10.20.1.0 Gateway - S0 Metric - 0 Network - 10.30.1.0 Gateway - E0 Metric - 0 A street sign in the diagram reads, as follows: Distance (Metric) - Network 10.30.1.0 1 Vector (Direction) - Use Exit R2 Page 3: Each router that uses distance vector routing communicates its routing information to its neighbors. Neighbor routers share a directly connected network. The interface that leads to each directly connected network has a distance of 0.

Each router receives a routing table from its neighbor routers. For example, R2 receives information from R1. R2 adds to the metric, in this case the hop count, to show that there is now one more hop to get to the destination network. Then R2 sends this new routing table to its neighbors, including R3. This step-by-step process occurs in all directions between neighbor routers.

Eventually, each router learns about other more-remote networks based on the information that it receives from its neighbors. Each of the network entries in the routing table has an accumulated distance vector to show how far away that network is in a given direction.

As the distance vector discovery process continues, routers discover the best path to destination networks based on the information they receive from each neighbor. The best path is the path with the shortest distance or smallest metric.

Routing table updates also occur when the topology changes, for example, when a new network is added or when a router fails, causing a network to become unreachable. As with the network discovery process, topology change updates proceed step-by-step by sending copies of routing tables from router to router.

6.1.2 - Routing Protocols The diagram depicts the use of distance vector routing protocols. The entire routing table is passed to neighboring routers on the network, so all routers have a complete list of routes on the network. The caption reads, "Distance vector protocols periodically pass the entire routing table." Page 4: 6.1.2 - Routing Protocols For each of the routers on the network, choose the best path, based on hop count, to the destination Ethernet network. If directly connected, choose exit interface. The network consists of six routers, R1, R2, R3, R4, R5, and R6, and three switches, S1, S2, and S3. R1 is connected to R2 via serial link (Network: 10.10.2.0). R2 is connected to R3 via serial link (Network: 10.10.3.0). R2 is connected to R5 via serial link (Network: 10.10.5.0). R3 is connected to R4 via serial link (Network: 10.10.7.0). R4 is connected to R6 via serial link (Network: 10.10.8.0). R5 is connected to R6 via serial link (Network: 10.10.9.0). R1 has S1 attached with three v connected (Network: 10.10.1.0). R3 has S2 attached with three hosts connected (Network: 10.10.6.0).

R6 has S3 attached with two hosts connected (Network: 10.20.1.0). R5 is connected to the Internet via serial2. Page 5: Lab Activity

Create a network topology diagram based on the output of the show ip route command.

Click the lab icon to begin.

6.1.2 - Routing Protocols Link to Hands-on Lab: Creating a Network Diagram from Routing Tables 6.1.3 Common Interior Routing Protocols Page 1: Routing Information Protocol (RIP) is a distance vector routing protocol that is used in thousands of networks throughout the world. It was initially specified in RFC 1058.

Characteristics of RIP include:

• • • •

Is a distance vector routing protocol Uses hop count as the metric for path selection Defines a hop count greater than 15 as an unreachable route Sends routing table contents every 30 seconds

When a router receives a routing update with a change, it updates its routing table to reflect that change. If the router learns a new route from another router, it increases the hop count value by one before adding that route to its own routing table. The router uses the local network address of the directly connected router that sent the update as the next hop address.

After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates, called triggered updates, are sent independently of the regularly scheduled updates that RIP routers forward.

6.1.3 - Common Interior Routing Protocols The diagram depicts the use of RIP to obtain routing updates. RIP gathers information from its routing table, and passes it to each router. The routers then update their routing tables with the up-to-date information. The network consists of three routers, R1, R2, and R3. R1 is connected to R2 via serial link (R1: S0 /0, R2:S0 /0). R2 is connected to R3 via serial link (R2: S0 /1, R3: S0 /1). R1 has network 10.1.0.0 attached to F A 0 /0. R3 has network 10.4.0.0 attached to F A 0 /0. The serial link between R1 and R2 is Network 10.2.0.0. The serial link between R2 and R3 is Network 10.3.0.0. R1 Routing Table Network - 10.1.0.0 Interface - F A 0 /0 Hop - 0 Network - 10.2.0.0 Interface - S0/0/0 Hop - 0 Network - 10.3.0.0 Interface - S0/0/0 Hop - 1 Network - 10.4.0.0 Interface - S0/0/0 Hop - 2 R2 Routing Table Network - 10.2.0.0 Interface - S0/0/0 Hop - 0 Network - 10.3.0.0 Interface - S0/0/1 Hop - 0 Network - 10.1.0.0 Interface - S0/0/0 Hop - 1 Network 10.4.0.0 Interface - S0/0/1 Hop - 1 R3 Routing Table Network - 10.3.0.0 Interface - S0/0/1 Hop - 0 Network 10.4.0.0 Interface - F A 0 /0 Hop - 0 Network 10.2.0.0 Interface S0/0/1 Hop - 1 Network 10.1.0.0 Interface S0/0/1 Hop - 2

Page 2: Routing Information Protocol (RIP)

RIP is simple and easy to implement. These advantages make RIP a widely used and popular routing protocol.

RIP has several disadvantages:

• •



Allows a maximum of 15 hops, so it can only be used for networks that connect no more than 16 routers in a series. Periodically sends complete copies of the entire routing table to directly connected neighbors. In a large network, this can cause a significant amount of network traffic each time there is an update. Converges slowly on larger networks when the network changes.

There are currently two versions of RIP available: RIPv1 and RIPv2. RIPv2 has many advantages over RIPv1 and is usually used unless the equipment cannot support RIPv2. The most significant difference between RIP versions 1 and 2 is that RIPv2 can support classless routing, because it includes the subnet mask information in routing updates. RIPv1 does not send subnet mask information in the updates; therefore, it must rely on the classful default subnet masks.

6.1.3 - Common Interior Routing Protocols The diagram depicts the disadvantages associated with RIP, which are as follows: 15 Hops - No more than 15 hops! Routing Table Updates - All routers periodically send their complete routing tables to their directly connected neighbors. Slow Convergence - Slow to converge in large networks. Page 3: Enhanced Interior Gateway Routing Protocol (EIGRP)

EIGRP is a Cisco-proprietary, enhanced distance vector routing protocol. EIGRP was developed to address some of the limitations of other distance vector routing protocols, such as RIP. These limitations include the use of the hop count metric and the maximum network size of 15 hops.

EIGRP uses a number of metrics, including a configured bandwidth value and the delay encountered when a packet travels a particular route.

The characteristics of EIGRP are:

• • •

Uses a variety of metrics to calculate the cost of a route Combines the next hop and metric features of distance vector protocols with additional database and update features Has a maximum hop count of 224 hops

Unlike RIP, EIGRP does not rely only on the routing table in the router to hold all the information it needs to operate. EIGRP creates two additional database tables: the neighbor table and the topology table.

The neighbor table stores data about the neighboring routers that are on directly connected local networks. This neighbor table includes information such as the interface IP addresses, interface type, and bandwidth.

EIGRP builds the topology table from each of the advertisements of its neighbors. The topology table contains all the routes advertised by the neighbor routers. EIGRP depends on a routing algorithm called Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network and to install this route into the routing table. The topology table enables a router running EIGRP to find the best alternate path quickly when a network change occurs. If no alternate route exists in the topology table, EIGRP queries its neighbors to find a new path to the destination.

Unlike RIP, which is limited to small simple networks of less than 15 hops, EIGRP is ideal for larger, more complex networks up to 224 hops in size that require fast convergence.

6.1.3 - Common Interior Routing Protocols The diagram depicts the use of EIGRP to obtain routing updates. EIGRP only updates when a router is initially added or when there is topology change to the network. The exchange between the routers is as follows: One.Hello packet from R1 to R2, "This is R1, who is on the link?" Two.Update packet from R2 to R1, "I am on the link. Here is my routing information." Three.Ack packet from R1 to R2, "Thank you for the routing information." Four.Update packet from R1 to R2,"Here is my routing information." Five.Ack packet from R2 to R1, "Thank you for the routing information."

Six.Converged The caption reads, "After the initial exchange, routing updates are only sent when a route metric changes." Page 4: Link-state Protocol

Routers that use the distance vector routing algorithm have little information about distant networks and none about distant routers. The link-state routing algorithm maintains a full database of distant routers and how they interconnect.

Link-state routing uses the following features:

• •

• •

Routing table - List of the known paths and interfaces. Link-state advertisement (LSA) - Small packet of routing information that is sent between routers. LSAs describe the state of the interfaces (links) of a router and other information, such as the IP address of each link. Topological database - Collection of information gathered from all the LSAs received by the router. Shortest Path First (SPF) algorithm - Calculation performed on the database that results in the SPF tree. The SPF tree is a map of the network as seen from the point of view of the router. The information in this tree is used to build the routing table.

When LSAs are received from other routers, the SPF algorithm analyzes the information in the database to construct the SPF tree. Based on the SPF tree, the SPF algorithm then calculates the shortest paths to other networks. Each time a new LSA packet causes a change to the link-state database, SPF recalculates the best paths and updates the routing table.

6.1.3 - Common Interior Routing Protocols The animation depicts the use of link-state routing protocols. There are three routers. Each router maintains its own link-state database. A network on one of the routers goes down. The router passes link-state updates to the other routers. The caption reads, "Link-State protocols pass updates when a links state changes." Page 5: OSPF

Open Shortest Path First (OSPF) is a non-proprietary, link-state routing protocol described in RFC 2328. The characteristics of OSPF are:

• • • • •

Uses the SPF algorithm to calculate the lowest cost to a destination Sends routing updates only when the topology changes; does not send periodic updates of the entire routing table Provides fast convergence Supports Variable Length Subnet Mask (VLSM) and discontiguous subnets Provides route authentication

In OSPF networks, routers send link-state advertisements to each other when a change occurs, for example, when a new neighbor is added, or when a link fails or is restored.

If the network topology changes, the routers affected by the change send update LSAs to the rest of the network. All routers update their topology databases accordingly, regenerate their SPF trees to find new shortest paths to each network, and update their routing tables with the changed routes.

OSPF requires more router resources, such as RAM and CPU processing power, and is an advanced networking protocol that requires an experienced support staff.

6.1.3 - Common Interior Routing Protocols The diagram depicts the use of the SPF algorithm, which is applied when O S P F is the routing protocol used. There are three O S P F routers that receive the L S A and update the link-state database. They then perform the Shortest Path First (SPF) algorithm to create the SPF Tree. The best routes are then installed in the routing table. The caption reads, "O S P F Uses Dijkstras SPF Algorithm." 6.1.4 Routing Within an Organization Page 1: Each routing protocol uses different metrics. The metric used by one routing protocol is not comparable to the metric used by another routing protocol. Two routing protocols might choose different paths to the same destination because they use different metrics. For example, RIP chooses the path with the fewest number of hops, whereas EIGRP chooses the path based on the highest bandwidth and least delay.

Metrics used in IP routing protocols include:

• • • • • •

Hop count - Number of routers a packet must traverse. Bandwidth - Bandwidth of a specific link. Load - Traffic utilization of a specific link. Delay - Time a packet takes to traverse a path. Reliability -- Probability of a link failure, based on the interface error count or previous link failures. Cost - Determined by either the Cisco IOS application or the network administrator to indicate preference for a route. Cost can represent a metric, a combination of metrics, or a policy.

It is possible to have more than one routing protocol enabled on a single router. Additionally, a network administrator may choose to configure static routes to a specific destination. If a router has two different paths to a destination based on two different routing protocols and their metrics, how does the router know which path to use?

The router uses what is known as the administrative distance (AD). The AD represents the "trustworthiness" of the route. The lower the AD, the more the trustworthy the route. For example, a static route has an AD of 1, whereas a RIP-discovered route has an AD of 120. Given two separate routes to the same destination, the router chooses the route with the lowest AD. When a router has the choice of a static route and a RIP route, the static route takes precedence. Additionally, a directly connected route with an AD of 0 takes precedence over a static route with an AD of 1.

6.1.4 - Routing within an Organization The diagram depicts a table with various route sources, their administrative distances, and the default metrics used. Route Source: Connected Administrative Distance: 0 Default Metric: 0 Route Source: Static Administrative Distance: 1 Default Metric: 0 Route Source: E I G R P Summary Route Administrative Distance: 5 Default Metric: N/A Route Source: External BGP Administrative Distance: 20 Default Metric: Value assigned by Admin Route Source: Internal EIGRP Administrative Distance: 90 Default Metric: Bandwidth, Delay

Route Source: IGRP Administrative Distance: 100 Default Metric: Bandwidth, Delay Route Source: OSPF Administrative Distance: 110 Default Metric: Link cost (Bandwidth) Route Source: IS-IS Administrative Distance: 115 Default Metric: Link cost (Value assigned by admin) Route Source: Internal RIP Administrative Distance: 120 Default Metric: Hop count Route Source: External EIGRP Administrative Distance: 170 Default Metric: N/A Route Source: Internal BGP Administrative Distance: 200 Default Metric: Value assigned by Admin Page 2: Sometimes it is necessary to use multiple routing protocols, for example, when merging two preexisting networks. However, when initially designing a network, it is recommended that only one routing protocol be enabled for the entire network. Having one protocol makes it easier to support and troubleshoot the network. Deciding which type of routing protocol to select can be difficult even for expert network designers.

Small networks with only one gateway to the Internet can probably use static routes. Such a topology rarely needs dynamic routing.

As an organization grows and adds routers to its network topology, RIPv2 can be used. It is easy to configure and works well in small networks. When a network begins to exceed 15 routers, RIP is no longer a good choice.

For larger networks, EIGRP and OSPF are commonly used, but there is no simple principle that makes it obvious to choose one over the other. Each network has to be considered independently. The three main criteria to consider are:

• • •

Ease of management - What information does the protocol keep about itself? Which show commands are available? Ease of configuration - How many commands does the average configuration require? Is it possible to configure several routers in the network with the same configuration? Efficiency - How much bandwidth does the routing protocol use while it is in a steady state, and how much could it use when converging in response to a major network event?

6.1.4 - Routing within an Organization The diagram depicts several types of organizations, ranging from a small organization to a global enterprise, and some characteristics of routing protocols that may be used. Small Organization - Small offices may not use routing at all. An Internet connection may be all the routing that takes place. Small to Medium Organization - For a small to medium sized business, static routing may be used. In this example a Linksys router and a Cisco 1841 Series I S R have a static route configured between them. Medium Organization - In a medium business similar to the one show here, RIP v2 and some static routing are good options. Large Organization - Large businesses may switch over to EIGRP or OSPF. Very Large Organization - Very large businesses with multi-vendor equipment use OSPF. EIGRP is a proprietary Cisco Protocol. Global Enterprise - World class enterprises may find that they adopt a routing solution similar to that used by an ISP. 6.1.5 Configuring and Verifying RIP Page 1: RIP is a popular distance vector protocol supported by most routers. It is an appropriate choice for small networks containing multiple routers. Before configuring RIP on a router, think about the networks a router serves, and the interfaces on the router that connect to these networks.

The figure shows three routers. Each router serves a separate private local network, so there are three LANs. The routers are also connected by separate networks, so there are a total of six networks shown.

With this topology, R1 does not automatically know how to reach the 10.0.0.0/8 network, or the 192.168.4.0/24 network. R1 is only able to reach those networks after RIP routing is properly configured. Once RIP routing is configured, R2 and R3 will forward routing updates to R1 containing information on the availability of the 10.0.0.0/8 and 192.168.4.0/24 networks.

Before configuring RIP, assign an IP address and enable all the physical interfaces that will participate in routing.

For the most basic RIPv2 configuration, there are three commands to remember:

Router(config)#router rip

Router (config-router)#version 2

Router(config-router)#network [network_number]

Enter the router rip command in global configuration mode to enable RIP on the router. Enter the network command from router configuration mode to tell the router which networks are part of the RIP routing process. The routing process associates specific interfaces with the network numbers specified, and begins to send and receive RIP updates on these interfaces.

6.1.5 - Configuring and Verifying RIP The diagram depicts five steps required to configure RIP on a router. Three routers, R1, R2, and R3, are interconnected. Each router has a local network attached. R1 is connected to R2 via Ethernet link (Network: 192.168.0.0 /24). R1 is connected to R3 via Serial link (network: 192.168.1.0 /24). R1 has network 172.16.0.0 /16 attached with two Hosts connected to a switch. R3 is connected to R2 via Serial link (network: 192.168.2.0 /24). R2 has network 192.168.4.0 /24 attached with two Hosts connected to a switch. R3 has network 10.0.0.0 /8 attached with two Servers connected to a Switch. R1 is directly connected to 172.16.0.0 /16, 192.168.1.0 /24 and 192.168.0.0 /24 networks. It does not have any information about networks 10.0.0.0 or 192.168.4.0. R2 directly connected to 192.168.0.0 /24, 192.168.2.0 /24, and 192.168.4.0 /24. It does not have any information about networks 10.0.0.0 or 172.16.0.0. Step 1 - Configure the Serial Interface Address R1 has three interfaces to configure. Serial 0/0/0 links to R3. Fastethernet 0/0 links to R2. Fastethernet0 /1 links to the 172.16.0.0 /16 production network. Configure Serial 0/0/0 first. The following are the commands required to configure the serial interface address. R1> enable R1 # configure terminal R1 (config) # interface serial0/0/0 R1 (config-if) # I p address 192.168.1.2 255.255.255.0

Step 2 - Configure the Fast Ethernet Interface For each of the three interfaces, assign a previously unused IP address from the network that the interface connects to. Fastethernet 0 /0 points to R2 and is on the 192.168.0.0/24 network. Assign this interface the first useable IP address from that network. The following are the commands required to configure the Fastethernet Interface R1 (config-if) # interface fastethernet 0 /0 R1 (config-if) # ip address 192.168.0.1 255.255.255.0 Step 3 - Configure the last Interface on R1 The following are the commands required to configure the Fastethernet 0/1 interface. R1 (config-if) # interface fastethernet 0 /1 R1 (config-if) # Ip address 172.16.245.254 255.255.0.0 Step 4 - Implement RIP Specify RIP version 2 and tell the router which networks it can advertise. Use the network command for each directly connected network. R1 connects to three networks, so those networks are entered here. The following are the commands required to implement rip on the router. R1 (config) # router rip R1 (config-router) # version 2 R1 (config-router) # network 192.168.1.0 R1 (config-router) # network 192.168.0.0 R1 (config-router) # network 172.16.0.0 R1 (config-router) # exit Step 5 - Complete the Configuration of Routers R2 and R3 The following are the RIP command sequences for the remaining two routers, R2 and R3. R2 RIP command sequence R2 (config) # router rip R2 (config-router) # version 2 R2 (config-router) # network 192.168.2.0 R2 (config-router) # network 192.168.0.0 R2 (config-router) # network 192.168.4.0 R2 (config-router) # exit R3 RIP command sequence R3 (config) # router rip R3 (config-router) # version 2 R3 (config-router) # network 192.168.2.0 R3 (config-router) # network 192.168.1.0 R3 (config-router) # network 10.0.0.0 R3 (config-router) # exit Page 2:

After a configuration is done, it is a good idea to compare the running configuration with an accurate topology diagram to verify the network numbers and interface IP addresses. This is good practice because it is easy to make a simple data entry error.

There are several ways to verify that RIP is functioning properly in the network. One way to verify that routing is working properly is to ping devices on remote networks. If the ping is successful, it is likely that routing is working.

Another method is to run the IP routing verification commands show ip protocols and show ip route at the CLI prompt.

The show ip protocols command verifies that RIP routing is configured, that the correct interfaces are sending and receiving RIP updates, and that the router is advertising the correct networks.

The show ip route command shows the routing table, which verifies that routes received by RIP neighbors are installed in the routing table.

The debug ip rip command can be used to observe the networks advertised in the routing updates as they are sent and received. Debug commands display router activity in real time. Because debug activity uses router processor resources, debugging should be used with care in a production network, because it can affect network operation.

6.1.5 - Configuring and Verifying RIP The diagram depicts output for the following commands used in troubleshooting: show ip route, show ip protocols, and debug ip rip commands. Output from these commands is found in the Hands-on Lab: Configuring and Verifying RIP. Page 3: Packet Tracer Activity

Configure and verify RIP.

Click the Packet Tracer icon to begin.

6.1.5 - Configuring and Verifying RIP Link to Packet Tracer Exploration: Configuring RIP Page 4: Lab Activity

Configure and verify RIP.

Click the lab icon to begin.

6.1.5 - Configuring and Verifying RIP Link to Hands-on Lab: Configuring and Verifying RIP

6.2 Exterior Routing Protocols 6.2.1 Autonomous Systems Page 1: The Internet routing architecture has evolved over the years into a distributed system of interconnected networks. The Internet is now so vast and involves so many networks that it is impossible for a single organization to manage all the routing information needed to reach every destination around the world.

Instead, the Internet is divided up into collections of networks called Autonomous Systems (AS), which are independently controlled by different organizations and companies.

An AS is a set of networks controlled by a single administrative authority using the same internal routing policy throughout. Each AS is identified by a unique AS number (ASN). ASNs are controlled and registered on the Internet.

The most common example of an AS is the ISP. Most businesses connect to the Internet through an ISP, and so become part of the routing domain of that ISP. The AS is administered by the ISP and, therefore, not only includes its own network routes but also manages the routes to all the business and other customer networks that are connected to it.

6.2.1 - Autonomous Systems The diagram depicts an autonomous system. A cloud with six interconnected routers inside. The caption reads, "Autonomous System = Networks under a single administration." Page 2: The same ASN applies to all network devices within the AS routing domain.

ISP A is an AS whose routing domain includes a local business that directly connects to that ISP for Internet access. The business does not have a separate ASN. Instead, it uses the ASN of ISP A (ASN 100) in its routing information.

Also shown is a large global business with corporate offices located in Hong Kong and New York. Because they are located in different countries, each office connects to a different local ISP for Internet access. This means that the business is connected to two ISPs. Which AS does it belong to and which ASN does it use?

Because the company communicates through both ISP B and ISP C, this causes routing confusion in terms of connectivity. Traffic from the internet does not know which AS to use to reach the large global business. To solve the problem, the business registers as an AS in its own right and is assigned an ASN of 400.

6.2.1 - Autonomous Systems The diagram depicts the interconnection of autonomous systems. There are four clouds, Cloud1 through Cloud4, each with a network inside. Cloud1 contains ISP A (A S 100). Cloud2 contains ISP B (A S 200). Cloud3 contains I S P C (A S 300). Cloud4 contains a large global business (A S 400). Gateway routers on the edge of each cloud are interconnected. Page 3: 6.2.1 - Autonomous Systems The diagram depicts an activity in which you must determine what type of autonomous system number each of the networks described below require. The options are shared, meaning the network uses the A S N of the ISP, or private, meaning the network uses a private A S number. One.A home business connects to Internet through ISP. Two.A large business with offices in multiple countries connects to local ISP's. Three.A medium business has connectivity to the Internet provided by two ISP's. Four.A large business in New York with two connections to the same ISP. Five.A small ISP has one connection to the Internet through a large international ISP. 6.2.2 Routing Across the Internet

Page 1: Interior Gateway Protocols (IGPs) are used to exchange routing information within an AS or individual organization. The purpose of an interior routing protocol is to find the best path through the internal network. IGPs run on the routers inside an organization. Examples of IGPs are RIP, EIGRP, and OSPF.

By contrast, exterior gateway protocols (EGPs) are designed to exchange routing information between different autonomous systems. Because each AS is managed by a different administration and may use different interior protocols, networks must use a protocol that can communicate between diverse systems. The EGP serves as a translator for ensuring that external routing information gets successfully interpreted inside each AS network.

EGPs run on the exterior routers. These are the routers that are located at the border of an AS. Exterior routers are also called border gateways, or boundary routers.

Unlike interior routers, which exchange individual routes with each other using IGPs, exterior routers exchange information about how to reach various networks using exterior protocols. Exterior routing protocols seek to find the best path through the Internet as a sequence of autonomous systems.

The most common exterior routing protocol on the Internet today is Border Gateway Protocol (BGP). It is estimated that 95% of autonomous systems use BGP. The most current version of BGP is version 4 (BGP-4), for which the latest description is provided in RFC 4271.

6.2.2 - Routing Across the Internet The diagram depicts the interconnection of networks using Border Gateway Protocol (BGP). There are three clouds, 1, 2, and 3, each with a network. There are three exterior gateway routers running the exterior gateway protocol - BGP, which connects each of the clouds internal networks to the outside via another A S. Each of the exterior routers has one or more internal routers connected. The Cloud1 (A S 100) internal routers are running Interior gateway protocol OSPF. The Cloud1 exterior gateway router connects to Cloud3 (A S 300). The Cloud2 (A S 200) internal router is running interior gateway protocol - EIGRP. The Cloud2 exterior gateway router connects to Cloud1 (AS 100). The Cloud3 (A S 300) internal router is running interior gateway protocol - RIP. The Cloud3 exterior gateway router connects to Cloud1 (A S 100). Page 2: Each AS is responsible for informing other autonomous systems about which networks they can reach through that AS. Autonomous systems exchange this reachability information with each other through exterior routing protocols that run on dedicated routers called border gateways.

Packets are routed across the Internet in several steps.

1. The source host sends a packet destined for a remote host located in another AS.

2. Because the destination IP address of the packet is not a local network, the interior routers keep passing the packet along their default routes, until eventually it arrives at an exterior router at the edge of the local AS.

3. The exterior router maintains a database for all the autonomous systems with which it connects. This reachability database tells the router that the path to the destination network passes through several autonomous systems, and that the next hop on the path is through a directly connected exterior router on a neighboring AS.

4. The exterior router directs the packet to its next hop on the path, which is the exterior router at the neighboring AS.

5. The packet arrives at the neighboring AS, where the exterior router checks its own reachability database and forwards the packet to the next AS on the path.

6. The process is repeated at each AS until the exterior router at the destination AS recognizes the destination IP address of the packet as an internal network in that AS.

7. The final exterior router then directs the packet to the next hop interior router listed in its routing table. From then on, the packet is treated just like any local packet and is directed through interior routing protocols through a series of internal next hops until it arrives at the destination host.

6.2.2 - Routing Across the Internet The diagram depicts packets being routed over the Internet. Four clouds, 1 - 4, each have a network. There are four exterior gateway routers, one on each cloud, which connect to an internal router. Cloud1 has a switch with one host attached (A S 100). Cloud2 has a router connected to a switch with one host attached (A S 200). Cloud3 has a router connected to a switch with one host attached (A S 300). Cloud4 has four interconnected routers, two each with a switch and host attached (A S 400).

The source host on Cloud2 (A S 200) with IP address 172.23.16.8 is sending data to a host on Cloud4 (A S 400) with the IP address 192.168.32.1. The following are the seven required steps. Step 1 - The source host in A S 200 sends a packet destined for 192.168.32.1. Step 2 - Since the packets destination IP address is not a local network, the interior routers keep passing the packet to their default routes, until eventually it arrives at a border gateway at the edge of the A S 200. Step 3 - The border gateway maintains a reachability database for all the A S's with which it connects. This database tells the border gateway that the 192.168.32.0 network is located within A S 400. Step 4 - The border gateway directs the packet to its next hop on the path, which is the border gateway at A S 400. Step 5 - The packet arrives at the A S 400 border gateway, which recognizes the packets destination IP as an internal network in A S 400. The border gateway then directs the packet to the next hop interior router listed in its routing table. Step 6 - From then on, the packet is treated just like any local packet and is directed through interior routing protocols through a series of next hops towards the destination network. Step 7 - The packet arrives at a router that is directly connected to network 192.168.32.0 and is successfully forwarded to the destination host 192.168.32.1. 6.2.3 Exterior Routing Protocols and the ISP Page 1: EGPs provide many useful features for ISPs. Exterior protocols allow traffic to be routed across the Internet to remote destinations. They also provide the method by which ISPs can set and enforce policies and local preferences so that the traffic flow through the ISP is efficient and that none of the internal routes are overloaded with transit traffic.

Business customers insist on reliability for their Internet service. ISPs must make sure that the Internet connection for those customers is always available. They do this by providing backup routes and routers in case the regular route fails. During normal conditions, the ISP advertises the regular route to other autonomous systems. If that regular route fails, the ISP sends an exterior protocol update message to advertise the backup route instead.

6.2.3 - Exterior Routing Protocols and the ISP The diagram depicts the use of exterior routing protocols. A cloud representing ISP A (A S 100) has six interconnected routers, all running OSPF. There are three gateway routers all running BGP, each with a business customer attached. Business Customer 1 is running RIP, Business Customer 2 is running EIGRP, and Business Customer 3 has a private intranet. With multiple interconnected internal routers, ISP A (A S 100) can provide backup routes for its customers in case a regular route fails. Page 2: The flow of messages in the Internet is called traffic. Internet traffic can be categorized in one of two ways:

• •

Local traffic - Traffic carried within an AS that either originated in that same AS, or is intended to be delivered within that AS. This is like local traffic on a street. Transit traffic - Traffic that was generated outside that AS and can travel through the internal AS network to be delivered to destinations outside the AS. This is like through traffic on a street.

The flow of traffic between autonomous systems is carefully controlled. It is important to be able to limit or even prohibit certain types of messages from going to or from an AS for security reasons or to prevent overloading.

Many autonomous systems network administrators choose not to carry transit traffic. Transit traffic can cause routers to overload and fail if those routers do not have the capacity to handle large amounts of traffic.

6.2.3 - Exterior Routing Protocols and the I S P The diagram depicts the use of policies for determining if an A S can be used for transit traffic. There are six interconnected routers. The Gateway Router from A S 100 connects to Gateway Router1 for A S 200 and to Gateway Router1 for A S 300. The second A S 200 and A S 300 gateway routers connect to the gateway router for A S 400. A S100 Router says, "My Administrator has set a policy to always go through A S 300 to reach A S 400." A S200 Router1 says, " My Administrator has set a policy to block all transit traffic." Packets from A S 100 to a destination host within A S 200 will be allowed, but traffic destined for an A S other than A S 200 will be blocked. 6.2.4 Configuring and Verifying BGP Page 1: When an ISP puts a router at a customer location, they usually configure it with a default static route to the ISP. Sometimes, an ISP may want the router to be included in its AS and to participate in BGP. In these instances, it is necessary to configure the customer premise router with the commands necessary to enable BGP.

The first step in enabling BGP on a router is to configure the AS number. This step is done with the command: router bgp [AS_number]

The next step is to identify the ISP router that is the BGP neighbor with which the customer premises equipment (CPE) router exchanges information. The command to identify the neighbor router is: neighbor [IP_address] remote-as [AS_number]

When an ISP customer has its own registered IP address block, it may want the routes to some of its internal networks to be known on the Internet. To use BGP to advertise an internal route, the network address needs to be identified. The format of the command is: network [network_address]

When the CPE is installed and the routing protocols are configured, the customer has both local and Internet connectivity. Now the customer is able to fully participate in other services that the ISP offers.

The IP addresses used for BGP are normally registered, routable addresses that identify unique organizations. In very large organizations, private addresses may be used in the BGP process. On the Internet, BGP should never be used to advertise a private network address.

6.2.4 - Configuring and Verifying BGP The diagram depicts the commands necessary to configure BGP on a customer router. There are two routers, SP1 and C1. ISP Router SP1 is connected to Business Customer router C1 via (SP1: S0/0/0: 1 0.1 0.10.10). C1 has network 172.19.0.0 attached. The commands required on C1 to advertise the customer network via BGP are as follows: C1> enable C1 # configure terminal C1 (config) # router bgp 100 C1 (config-router) # neighbor 1 0.1 0.10.10 remote-a s 100 C1 (config-router) # network 172.19.0.0 C1 (config-router) # end C1 # Page 2: Lab Activity

Configure BGP on the external gateway router.

Click the lab icon to begin.

6.2.4 - Configuring and Verifying BGP Link to Hands-on Lab: Configuring BGP with Default Routing

6.3 Chapter Summary 6.3.1 Summary Page 1: 6.3.1 - Summary Diagram 1, Image The diagram depicts the use of routing tables. Diagram 1 text Routing is used to forward messages to the correct destination. Routing can be dynamic or static. Dynamic routing requires the use of routing protocols to exchange route information between routers. Examples of dynamic routing include: distance vector routing protocols, and link state routing protocols. Diagram 2, Image The diagram depicts a routing on a network. Diagram 2 text Distance vector routing protocols calculate the direction and distance to any network. Routing tables and updates are sent periodically to neighbors. Link state protocols update nodes with information on the state of the link. These routing protocols reduce routing loops and network traffic. Choose the routing protocol for an organization based on ease of management, ease of configuration, and efficiency. Diagram 3, Image The diagram depicts interconnection between autonomous systems. Diagram 3 text The Internet is divided up into collections of networks called autonomous systems. Within an autonomous system, interior gateway routing protocols are used, such as RIP, E I G R P and O S P F. Between autonomous systems, exterior gateway routing functions are required. Exterior Gateway Protocols (EGP's) run on exterior routers, or border gateways, that are located at the border of an AS. The most common EGP is Border Gateway Protocol (BGP). Diagram 4, Image The diagram depicts an ISP using an exterior protocol.

Diagram 4 text BGP functions like a distance-vector protocol. From this database, direction and distance to a destination network are determined. Exterior protocols enable traffic to be routed across the Internet to remote destinations. Exterior protocols provide the method by which ISP's can set and enforce policies and local preferences for traffic flow efficiency.

6.4 Chapter Quiz 6.4.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

6.4.1 - Quiz Chapter 6 Quiz: Routing 1.Which two are characteristics of interior routers? (Choose two.) a.use BGP routing protocols b.use IGP routing protocols c.known as border gateways d.exchange local routes e.route between autonomous systems 2.What two methods are used to allow remote networks to be added to a routing table? (Choose two.) a.entered by an administrator b.learned through a routing protocol c.exported from the MAC address table d.imported from Flash memory on the router e.learned through address translation f.learned by NIC's broadcasting their network number 3.Where does the router get information about the best path to send a packet destined for a host located on a remote network? a.from the I O S stored in Flash memory b.from the routing table stored in RAM c.from the configuration file stored in RAM d.from the IP packet being transmitted 4.What two statements are true about transit traffic? (Choose two.) a.All ISP's must allow transit traffic. b.Transit traffic can overload an Internet router. c.Transit traffic is destined for a network contained within the same A S. d.ISP's cannot allow transit traffic from one A S to another.

e.Transit traffic travels through an A S to reach a remote A S. 5.A customer router is configured to use BGP to exchange routes with a directly connected neighbor router. What is identified by the remote A S number in the command neighbor 209.165.201.1 remote-a s 200? a.the local router A S number b.the directly connected router A S number c.the number of hops to the remote A S d.the transit A S to use to get to the neighbor 6.Match the term to its definition. Terms AS ASN ISP IGP EGP Definitions a.an example is BGP b.a provider of Internet access c.examples include RIP, EIGRP, and OSPF d.a group of networks administered by a single entity e.a registered number that identifies a particular set of networks 7.A new network is to be configured on a router. Which of the following tasks must be completed to configure this interface and implement dynamic IP routing for the new network? (Choose three.) a.Select the routing protocol to be configured. b.Assign an IP address and subnet mask to the interface. c.Update the ip host configuration information with the device name and new interface IP address. d.Configure the routing protocol with the new network IP address. e.Configure the routing protocol with the new interface IP address and subnet mask. f.Configure the routing protocol in use on all other enterprise routers with the new network information. 8.What is the purpose of the network command used in the configuration of the RIP routing protocol? a.It specifies RIP v2 as the routing protocol. b.It enables the use of VLSM. c.It specifies the fastest path to the destination route. d.It specifies which interfaces will exchange RIP routing updates. e.It activates RIP for all routes that exist within the enterprise network. 9.To ensure proper routing in a network, the network administrator should always check the router configuration to verify that appropriate routes are available. The commands on the top will allow the network administrator to view the router configuration for the information needed. Match each command to its result. Commands a.debug ip rip b.show ip protocols c.show running-config d.show ip route e.show interfaces

Results a.displays current configuration information for configured routing protocols and interfaces b.checks to see that the interfaces are up and operational c.displays the networks advertised in the updates as the updates are sent and received d.verifies the routing protocol process running and that the correct networks are advertised e.verifies that routes received are installed in the routing table 10.A network engineer is configuring a new router. The interfaces have been configured with IP addresses but no routing protocols or static routes have been configured yet. What routes are present in the routing table? a.default routes b.broadcast routes c.direct connections d.No routes. The routing table is empty. 11.Which of the following tasks are completed by routing protocols? (Choose three.) a.learning the available routes to all destinations b.providing an addressing scheme for identifying networks c.informing LAN hosts of new default gateway addresses d.placing the best route in the routing table e.removing routes from the routing table when they are no longer valid f.carrying user data to the destination network 12.Which network devices are used in the Internet to route traffic between autonomous systems? a.border gateway routers b.interior routers c.Internet hosts d.service provider switches 13.Which is an example of a routing protocol used to exchange information between autonomous systems? a.OSPF b.BGP c.EIGRP d.RIP

End

Search | Glossary Course Index:

CCNA Discovery - Working at a Small-toMedium Business or ISP 7 ISP Services 7.0 Chapter Introduction 7.0.1 Introduction Page 1: 7.0.1 - Introduction An ISP offers many network services to its customers. Often it is necessary for the ISP help desk technician and network support technician to help customers resolve issues with these services. In order to do this, it is necessary to know the underlying protocols and functions of the services that the ISP provides. After completion of this chapter, you should be able to: Describe the network services provided by an ISP. Describe the protocols that support the network services provided by an ISP. Describe the purpose, function, and hierarchical nature of the Domain Name System (DNS). Describe and enable common services and their protocols.

7.1 Introducing ISP Services 7.1.1 Customer Requirements Page 1: After the connection is made to the ISP, the business or customer must decide which services they need from the ISP.

ISPs serve several markets. Individuals in homes make up the consumer market. Large, multinational companies make up the enterprise market. In between are smaller markets, such as small- to medium-sized businesses, or larger nonprofit organizations. Each of these customers have different service requirements.

Escalating customer expectations and increasingly competitive markets are forcing ISPs to offer new services. These services enable the ISPs to increase revenue and to differentiate themselves from their competitors.

Email, web hosting, media streaming, IP telephony, and file transfer are important services that ISPs can provide to all customers. These services are critical for the ISP consumer market and for the small- to medium-sized business that does not have the expertise to maintain their own services.

7.1.1 - Customer Requirements The diagram depicts some of the services of an ISP, which include a file server farm, web server farm, and email server farm. The ISP router is connected to the Internet that has multiple home and business networks connected. Page 2: Many organizations, both large and small, find it expensive to keep up with new technologies, or they simply prefer to devote resources to other parts of the business. ISPs offer managed services that enable these organizations to have access to the leading network technologies and applications without having to make large investments in equipment and support.

When a company subscribes to a managed service, the service provider manages the network equipment and applications according to the terms of a service level agreement (SLA). Some managed services are also hosted, meaning that the service provider hosts the applications in its facility instead of at the customer site.

The following are three scenarios that describe different ISP customer relationships:



Scenario 1 - The customer owns and manages all their own network equipment and services. These customers only need reliable Internet connectivity from the ISP.



Scenario 2 - The ISP provides Internet connectivity. The ISP also owns and manages the network connecting equipment installed at the customer site. ISP responsibilities include setting up, maintaining, and administering the equipment for the customer. The customer is responsible for monitoring the status of the network and the applications, and receives regular reports on the performance of the network.



Scenario 3 - The customer owns the network equipment, but the applications that the business relies on are hosted by the ISP. The actual servers that run the applications are located at the ISP facility. These servers may be owned by the customer or the ISP, although the ISP maintains both the servers and the applications. Servers are normally kept in server farms in the ISP network operations center (NOC), and are connected to the ISP network with a high-speed switch.

7.1.1 - Customer Requirements The diagram depicts three scenarios of networks that use the services of an ISP, which include a file server farm, web server farm, email server farm, and co-located servers.

The I S P router is connected to the Internet that has multiple home and business networks connected. The home and business networks are dependent on the I S P; some require all services, and some only require the high-speed Internet connection that the ISP offers. One.The first scenario shows a business that maintains all its servers on the premises and relies on the ISP for high-speed connection. Two.The second scenario shows a home network that relies on the ISP for all its services. Three.The third scenario shows another business that maintains its co-located servers at the ISP, and relies on the ISP for high speed connection. 7.1.2 Reliability and Availability Page 1: Creating new services can be challenging. Not only must ISPs understand what their customers want, but they must have the ability and the resources to provide those services. As business and Internet applications become more complex, an increasing number of ISP customers rely on the services provided or managed by the ISP.

ISPs provide services to customers for a fee and guarantee a level of service in the SLA. To meet customer expectations, the service offerings have to be reliable and available.

Reliability

Reliability can be measured in two ways: mean time between failure (MTBF) and mean time to repair MTTR. Equipment manufacturers specify MTBF based on tests they perform as part of manufacturing. The measure of equipment robustness is fault tolerance. The longer the MTBF, the greater the fault tolerance. MTTR is established by warranty or service agreements.

When there is an equipment failure, and the network or service becomes unavailable, it impacts the ability of the ISP to meet the terms of the SLA. To prevent this, an ISP may purchase expensive service agreements for critical hardware to ensure rapid manufacturer or vendor response. An ISP may also choose to purchase redundant hardware and keep spare parts on site.

Availability

Availability is normally measured in the percentage of time that a resource is accessible. A perfect availability percentage is 100%, meaning that the system is never down or unreachable. Traditionally, telephone services are expected to be available 99.999% of the time. This is called the five-9s standard of availability. With this standard, only a very small percentage (0.001%) of

downtime is acceptable. As ISPs offer more critical business services, such as IP telephony or high-volume retail sale transactions, ISPs must meet the higher expectations of their customers. ISPs ensure accessibility by doubling up on network devices and servers using technologies designed for high availability. In redundant configurations, if one device fails, the other one can take over the functions automatically.

7.1.2 - Reliability and Availability The diagram depicts the high availability configuration for access to some of the services of an ISP, which include a file server farm, web server farm, and email server farm. There are two routers into the ISP and multiple paths to each service. Spare parts kept on hand to prevent downtime. Both routers are connected to the Internet with multiple home and business networks connected to the ISP through the Internet.

7.2 Protocols That Support ISP Services 7.2.1 Review of TCP/IP Protocols Page 1: Today, ISP customers are using mobile phones as televisions, PCs as telephones, and televisions as interactive gaming stations with many different entertainment options. As network services become more advanced, ISPs must accommodate these customer preferences. The development of converged IP networks enables all of these services to be delivered over a common network.

To provide support for the multiple end-user applications that rely on TCP/IP for delivery, it is important for the ISP support personnel to be familiar with the operation of the TCP/IP protocols.

ISP servers need to be able to support multiple applications for many different customers. For this support, they must use functions provided by the two TCP/IP transport protocols, TCP and UDP. Common hosted applications, like web serving and email accounts, also depend on underlying TCP/IP protocols to ensure their reliable delivery. In addition, all IP services rely on domain name servers, hosted by the ISPs, to provide the link between the IP addressing structure and the URLs that customers use to access them.

7.2.1 - Review of TCP/IP Protocols This animation depicts the process of network services. A network topology, consisting of a router which connects two hosts, H1 and H2, to the Internet. The ISP has a web server, housing many websites, and a mail server, connected to the Internet. The two hosts are running multiple processes by using a variety of network services such as web browsing, instant messaging, email services, and streaming media, such as video and music. The captions in the diagram are as follows:

"Each stream goes to one interface on the router. How does it get to the right application?" "And how does data get transmitted reliably?" "...or without the potential delay caused by reliability?" "TCP or U D P manage process-to-process communication between hosts across an Internetwork." Page 2: Clients and servers use specific protocols and standards when exchanging information. The TCP/IP protocols can be represented using a four-layer model. Many of the services provided to ISP customers depend on protocols that reside at the Application and Transport layers of the TCP/IP model.

Application Layer Protocols

Application Layer protocols specify the format and control the information necessary for many of the common Internet communication functions. Among these protocols are:

• • • • •

Domain Name System (DNS) - Resolves Internet names to IP addresses. HyperText Transfer Protocol (HTTP) -Transfers files that make up the web pages of the World Wide Web. Simple Mail Transfer Protocol (SMTP) - Transfers mail messages and attachments. Telnet - Terminal emulation protocol that provides remote access to servers and networking devices. File Transfer Protocol (FTP) - Transfers files between systems interactively.

Transport Layer Protocols

Different types of data can have unique requirements. For some applications, communication segments must arrive in a specific sequence to be processed successfully. In other instances, all the data must be received for any of it to be of use. Sometimes, an application can tolerate the loss of a small amount of data during transmission over the network.

In today's converged networks, applications with very different transport needs may be communicating on the same network. Different Transport Layer protocols have different rules to enable devices to handle these diverse data requirements.

Additionally, the lower layers are not aware that there are multiple applications sending data on the network. Their responsibility is to get the data to the device. It is the job of the Transport Layer to deliver the data to the appropriate application.

The two primary Transport Layer protocols are TCP and UDP.

7.2.1 - Review of TCP/IP Protocols The chart depicts the four layers of the TCP/IP protocol. A brief description about the individual protocols associated with each layer is given. Application Layer Name System: DNS - Domain Name System (or Service) Translates domain names, such as cisco.com, into IP addresses Host Config: BOOTP - Bootstrap Protocol Enables a diskless workstation to discover its own IP address, the IP address of a BOOTP server on the network, and a file to be loaded into memory to boot the machine BOOTP is being superseded by DHCP DHCP - Dynamic Host Configuration Protocol Dynamically assigns I P addresses to client stations at start-up Allows the addresses to be re-used when no longer needed Email SMTP - Simple Mail Transfer Protocol Enables clients to send email to a mail server Enables servers to send email to other servers POP - Post Office Protocol version 3 (POP3) Enables clients to retrieve email from a mail server Downloads email from the mail server to the desktop I MAP - Internet Message Access Protocol Enables clients to access email stored on a mail server Maintains email on the server File Transfer FTP - File Transfer Protocol Sets rules that enable a user on one host to access and transfer files to and from another host over a network A reliable, connection-oriented, and acknowledged file delivery protocol TFTP - Trivial File Transfer Protocol A simple, connectionless file transfer protocol A best-effort, unacknowledged file delivery protocol Utilizes less overhead than FTP Web

HTTP - Hypertext Transfer Protocol Set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web Transport Layer UDP - User Datagram Protocol Enables a process running on one host to send packets to a process running on another host Does not confirm successful datagram transmission TCP - Transfer Control Protocol Enables reliable communication between processes running on separate hosts Reliable, acknowledged transmissions that confirm successful delivery Internet Layer IP - Internet Protocol Receives message segments from the transport layer Packages messages into packets Addresses packets for end-to-end delivery over an Internetwork NAT - Network Address Translation Translates I P addresses from a private network into globally unique public IP addresses ARP - Address Resolution Protocol Provides dynamic address mapping between an I P address and a hardware address IP support ICMP - Internet Control Message Protocol Provides feedback from a destination host to a source host about errors in packet delivery Routing Protocols RIP - Routing Information Protocol Distance Vector routing protocol Metric based on hop count Version 2 supports VLSM and C I D R OSPF - Open Shortest Path First Link State routing protocol Hierarchical design based on areas Open standard interior routing protocol EIGRP - Enhanced Interior Gateway Routing Protocol Cisco Proprietary Routing Protocol Uses composite metric based on bandwidth, delay, load, reliability and MTU BGP - Border Gateway Protocol BGP4 latest version External Routing Protocol used between ISP's Routes between Autonomous Systems Network Access Layer PPP - Point-to-Point Protocol Provides a means of encapsulating packets for transmission over a serial link Ethernet

Defines the rules for wiring and signaling standards of the Network Access Layer Interface Drivers Provides instruction to a machine for the control of a specific interface on a network device Page 3: The TCP/IP model and the OSI model have similarities and differences.

Similarities

• • •

Use of layers to visualize the interaction of protocols and services Comparable Transport and Network layers Used in the networking field when referring to protocol interaction

Differences





OSI model breaks the function of the TCP/IP Application Layer into distinct layers. The upper three layers of the OSI model specify the same functionality as the Application Layer of the TCP/IP model. The TCP/IP suite does not specify protocols for the physical network interconnection. The two lower layers of the OSI model are concerned with access to the physical network and the delivery of bits between hosts on a local network.

The TCP/IP model is based on actual developed protocols and standards, whereas the OSI model is a theoretical guide for how protocols interact.

7.2.1 - Review of TCP/IP Protocols The diagram compares the O S I Reference Model and the TCP/IP Model. O S I Reference Model Layers 7: Application, 6: Presentation Session, and 5: Session are compared to TCP/IP Model - Application Layer. O S I Reference Model Layer 4: Transport is compared to TCP/IP Model - Transport Layer. O S I Reference Model Layer 3: Network is compared to TCP/IP Model - Internet Layer. O S I Reference Model Layers 2: Data Link, and 1: Physical are compared to TCP/IP Model Network Access Layer.

7.2.2 Transport Layer Protocols Page 1: Different applications have different transport needs. There are two protocols at the Transport Layer: TCP and UDP.

TCP

TCP is a reliable, guaranteed-delivery protocol. TCP specifies the methods hosts use to acknowledge the receipt of packets, and requires the source host to resend packets that are not acknowledged. TCP also governs the exchange of messages between the source and destination hosts to create a communication session. TCP is often compared to a pipeline, or a persistent connection, between hosts. Because of this, TCP is referred to as a connection-oriented protocol.

TCP requires overhead, which includes extra bandwidth and increased processing, to keep track of the individual conversations between the source and destination hosts and to process acknowledgements and retransmissions. In some cases, the delays caused by this overhead cannot be tolerated by the application. These applications are better suited for UDP.

UDP

UDP is a very simple, connectionless protocol. It provides low overhead data delivery. UDP is considered a "best effort" Transport Layer protocol because it does not provide error checking, guaranteed data delivery, or flow control. Because UDP is a "best effort" protocol, UDP datagrams may arrive at the destination out of order, or may even be lost all together. Applications that use UDP can tolerate small amounts of missing data. An example of a UDP application is Internet radio. If a piece of data is not delivered, there may only be a minor effect on the quality of the broadcast.

7.2.2 - TCP The diagram depicts the TCP/IP Model with different protocols for each layer linked to a protocol from the layer below. For example, protocols found at the Application Layer use the services of protocols found at the Transport Layer. This diagram illustrates the dependency of protocols at the different layers. Application Layer. Protocols: FTP, HTTP (www), SMTP email, DNS, TFTP. Transport Layer. Protocol TCP linked to FTP, HTTP (www), SMTP email, DNS. Protocol U D P linked to DNS, TFTP.

Internet Layer. Protocol IP linked to TCP, U D P. Network Access Layer. Internet - linked to IP. Private Network - linked to IP. Page 2: Applications, such as databases, web pages, and email, need to have all data arrive at the destination in its original condition, for the data to be useful. Any missing data can cause the messages to be corrupt or unreadable. These applications are designed to use a Transport Layer protocol that implements reliability. The additional network overhead required to provide this reliability is considered a reasonable cost for successful communication.

The Transport Layer protocol is determined by the type of application data being sent. For example, an email message requires acknowledged delivery and therefore would use TCP. An email client, using SMTP, sends an email message as a stream of bytes to the Transport Layer. At the Transport Layer, the TCP functionality divides the stream into segments.

Within each segment, TCP identifies each byte, or octet, with a sequence number. These segments are passed to the Internet Layer, which places each segment in a packet for transmission. This process is known as encapsulation. At the destination, the process is reversed, and the packets are de-encapsulated. The enclosed segments are sent through the TCP process, which converts the segments back to a stream of bytes to be passed to the email server application.

7.2.2 - TCP The animation depicts the TCP/IP encapsulation process by showing an example of how the TCP/IP sends and receives data over a network. In the network topology, a host, H1, is connected to a switch, then a router, which in turn connects to the Internet cloud. From the Internet cloud there is another router connected, then a switch until reaching a server. Data begins at the Application Layer and works its way down to the Network Access Layer. The following process is described in the diagram: One.Application Layer sends a stream of data to TCP. Two.TCP divides application data stream into segments and passes segments to I P. Three.IP creates datagrams or packets, and passes them to the Network Access Layer for transmission. Four.The Network Access Layer frames the packets for conversion to electrical signals. Five.The destination host (in this case the Server) reverses the process to get data back to the Application Layer.

From bottom to top, the layers that form the data are as follows: Network Access, (Packets), Internet, (Segments), Transport, (Stream), and Application. Page 3: Before a TCP session can be used, the source and destination hosts exchange messages to set up the connection over which data segments can be sent. The two hosts use a three step process to set up the connection.

In the first step, the source host sends a type of message, called a Synchronization Message, or SYN, to begin the TCP session establishment process. The message serves two purposes: • •

It indicates the intention of the source host to establish a connection with the destination host over which to send the data. It synchronizes the TCP sequence numbers between the two hosts, so that each host can keep track of the segments sent and received during the conversation.

For the second step, the destination host replies to the SYN message with a synchronization acknowledgement, or SYN-ACK, message.

In the last step, the sending host receives the SYN-ACK and it sends an ACK message back to complete the connection setup. Data segments can now be reliably sent.

This SYN, SYN-ACK, ACK activity between the TCP processes on the two hosts is called a three-way handshake.

7.2.2 - TCP The animation depicts the TCP connection process. A three-way handshake must take place for two hosts to establish a connection using TCP. The user types the URL, www.cisco.com. The four layers of the TCP/IP Model appears above both the source (client) and the destination (server). The following process is described in the diagram: One.Connection Request from Source (SYN message). Two.Destination Accepts Connection (SYN-ACK message). Three.Connection set up complete (ACK message). Four.Source to Destination connection between processes. Page 4:

When a host sends message segments to a destination host using TCP, the TCP process on the source host starts a timer. The timer allows sufficient time for the message to reach the destination host and for an acknowledgement to be returned. If the source host does not receive an acknowledgement from the destination within the allotted time, the timer expires, and the source assumes the message is lost. The portion of the message that was not acknowledged is then re-sent.

In addition to acknowledgement and retransmission, TCP also specifies how messages are reassembled at the destination host. Each TCP segment contains a sequence number. At the destination host, the TCP process stores received segments in a buffer. By evaluating the segment sequence numbers, the TCP process can confirm that there are no gaps in the received data. When data is received out of order, TCP can also reorder the segments as necessary.

7.2.2 - TCP The animation depicts the acknowledgement and re-transmission of a TCP operation. A timer is used to send packets on TCP. If a packet is sent and the ACK is received before timer runs out, the transmission continues. If a packet is sent and no ACK is received before timer runs out, the retransmission of the packet occurs. In this case, the timer expires, then is restarted and the segment is resent. This process is repeated until all segments have been successfully sent and acknowledged. 7.2.3 Differences Between TCP and UDP Page 1: UDP is a very simple protocol. Because it is not connection-oriented and does not provide the sophisticated retransmission, sequencing, and flow control mechanisms of TCP, UDP has a much lower overhead.

UDP is often referred to as an unreliable delivery protocol, because there is no guarantee that a message has been received by the destination host. This does not mean that applications that use UDP are unreliable. It simply means that these functions are not provided by the Transport Layer protocol and must be implemented elsewhere if required.

Although the total amount of UDP traffic found on a typical network is often relatively low, Application Layer protocols that do use UDP include:

• • • • •

Domain Name System (DNS) Simple Network Management Protocol (SNMP) Dynamic Host Configuration Protocol (DHCP) RIP routing protocol Trivial File Transfer Protocol (TFTP)



Online games

7.2.3 - Differences Between TCP and U D P The diagram depicts a network using U D P to send packets across the network. The network is using the TCP/IP Model as a reference for sending and receiving data. There is a caption that reads, "U D P simply packages data and sends it". Page 2: The main differences between TCP and UDP are the specific functions that each protocol implements and the amount of overhead incurred. Viewing the headers of both protocols is an easy way to see the differences between them.

Each TCP segment has 20 bytes of overhead in the header that encapsulates the Application Layer data. This overhead is incurred because of the error-checking mechanisms supported by TCP.

The pieces of communication in UDP are called datagrams. These datagrams are sent as "best effort" and, therefore, only require 8 bytes of overhead.

7.2.3 - Differences Between TCP and U D P The diagram depicts the structure of a TCP segment and a U D P datagram. The numbers after each field below represent the number of bits in the particular field. TCP Segment - 20 Bytes of Overhead. Source Port (16). Destination Port (16). Sequence Number (32). Acknowledgement number (32). Header Length (4). Reserved (6). Code bits (6). Window (16). Checksum (16). Urgent (16). Options (0 or 32, if any). APPLICATION LAYER DATA (size varies). U D P Datagram - 8 Bytes of Overhead. Source Port (16). Destination Port (16). Length (16). Checksum (16). APPLICATION LAYER DATA (size varies).

Page 3: 7.2.3 - Differences Between TCP and U D P The diagram depicts an activity in which you must determine if each of the following characteristics are TCP or U D P . One. Connectionless Two. Three-way Handshake Three. HTTP Four. Sequenced Message Segments Five. Less Overhead Six. No Acknowledgement of Receipt Seven. Reliable Transport Protocol Eight. V o I P Nine. TFTP 7.2.4 Supporting Multiple Services Page 1: The task of managing multiple simultaneous communication processes is done at the Transport Layer. The TCP and UDP services keep track of the various applications that are communicating over the network. To differentiate the segments and datagrams for each application, both TCP and UDP have header fields that can uniquely identify these applications for data communications purposes.

A source port and destination port are located in the header of each segment or datagram. Port numbers are assigned in various ways, depending on whether the message is a request or a response. When a client application sends a request to a server application, the destination port contained in the header is the port number that is assigned to the application running on the server. For example, when a web browser application makes a request to a web server, the browser uses TCP and port number 80. This is because TCP port 80 is the default port assigned to web-serving applications. Many common applications have default port assignments. Email servers that are using SMTP are usually assigned to TCP port 25.

As segments are received for a specific port, TCP or UDP places the incoming segments in the appropriate queue. For instance, if the application request is for HTTP, the TCP process running on a web server places incoming segments in the web server queue. These segments are then passed up to the HTTP application as quickly as HTTP can accept them.

Segments with port 25 specified are placed in a separate queue that is directed toward email services. In this manner, Transport Layer protocols enable servers at the ISP to host many different applications and services simultaneously.

7.2.4 - Supporting Multiple Services The diagram depicts how TCP queues segments according to port numbers. At the Internet Layer, data is in the form of packets, and there is no differentiation between information destined for applications using different ports. At the Transport Layer, data is separated into segments according to the destination port number, and passed on to the Application Layer where data takes the form of data streams. Page 2: In any Internet transaction, there is a source host and a destination host, normally a client and a server. The TCP processes on the sending and receiving hosts are slightly different. Clients are active and request connections, while servers are passive, and listen for and accept connections.

Server processes are usually statically assigned well-known port numbers from 0 to 1023. Wellknown port numbers enable a client application to assign the correct destination port when generating a request for services.

Clients also require port numbers to identify the requesting client application. Source ports are dynamically assigned from the port range 1024 to 65535. This port assignment acts like a return address for the requesting application. The Transport Layer protocols keep track of the source port and the application that initiated the request, so that when a response is returned, it can be forwarded to the correct application.

7.2.4 - Supporting Multiple Services The diagram depicts the U D P and TCP Protocols and corresponding port numbers of the Application Layer of the TCP/IP Model, as well as how they link to the lower layers. The focus is on the Transport Layer. Application HTTP, Port 80 SMTP, Port 25 DNS, Port 53 Transport TCP linked to HTTP, SMTP U D P linked to DNS Transport Layer Table of Well-known Ports Destination Port Number - 20 Abbreviation - FTP Data Definition - File transfer Protocol (for data transfer) Destination Port Number - 21 Abbreviation - FTP Control Definition - File Transfer Protocol (to establish connection)

Destination Port Number - 23 Abbreviation - Telnet Definition - Teletype Network Destination Port Number - 25 Abbreviation - SMTP Definition - Simple Mail Transfer Protocol Destination Port Number - 53 Abbreviation - DNS Definition - Domain Name Service Destination Port Number - 69 Abbreviation - TFTP Definition - Trivial File Transfer Protocol Destination Port Number - 80 Abbreviation - HTTP Definition - HyperText Transfer Protocol Destination Port Number - 110 Abbreviation - POP3 Definition - Post Office Protocol (version 3) Destination Port Number - 137 Abbreviation - NBNS Definition - Microsoft NetBIOS Name Service Destination Port Number - 143 Abbreviation - I MAP4 Definition - Internet Message Access Protocol (version4) Destination Port Number - 161 Abbreviation - SNMP Definition - Simple Network Management Protocol Destination Port Number - 443 Abbreviation - HTTPS Definition - Hypertext Transfer Protocol Secure Destination Port Number - 546 Abbreviation - DHCP Client Definition - Dynamic Host Configuration Protocol (Client) Destination Port Number - 547 Abbreviation - DHCP Server Definition - Dynamic Host Configuration Protocol (Server) Internet IP linked to TCP, U D P Network Access Network linked to IP

Page 3: The combination of the Transport Layer port number and the Network Layer IP address of the host uniquely identifies a particular application process running on an individual host device. This combination is called a socket. A socket pair, consisting of the source and destination IP addresses and port numbers, is also unique and identifies the specific conversation between the two hosts.

A client socket might look like this, with 7151 representing the source port number:

192.168.1.1:7151

The socket on a web server might be:

10.10.10.101:80

Together, these two sockets combine to form a socket pair:

192.168.1.1:7151, 10.10.10.101:80

With the creation of sockets, communication endpoints are known so that data can move from an application on one host to an application on another. Sockets enable multiple processes running on a client to distinguish themselves from each other, and multiple connections to a server process to be distinguished from each other.

7.2.4 - Supporting Multiple Services The animation depicts the creation of socket pairs. There are two hosts, one sending and one replying. A table shows the Sending and Receiving IP address and Port Numbers on each host. Host1, the source, makes the following request: Source - IP: 192.168.1.1, Port: 7151 Destination - IP: 1 0.1 0.10.101, Port: 80 Host2, the web server destination, makes the following reply:

Source - IP: 1 0.1 0.10.101, Port: 80 Destination - IP: 192.168.1.1, Port: 7151 The socket for Host1 is 192.168.1.1:7151. The socket for Host2 is 1 0.1 0.10.101:80. The socket pair is 192.168.1.1:7151, 10.10.10.101:80 As a socket pair, they are used to enable communication between Host1 and Host2. The caption reads, "A socket pair connects the local host to the destination service."

7.3 Domain Name System 7.3.1 TCP/IP Host Name Page 1: Communication between source and destination hosts over the Internet requires a valid IP address for each host. However, numeric IP addresses, especially the hundreds of thousands of addresses assigned to servers available over the Internet, are difficult for humans to remember. Human-readable domain names, like cisco.com, are easier for people to use. Network naming systems are designed to translate human-readable names into machine-readable IP addresses that can be used to communicate over the network.

Humans use network naming systems every day when surfing the web or sending email messages, and may not even realize it. Naming systems work as a hidden but integral part of network communication. For example, to browse to the Cisco Systems website, open a browser and enter http://www.cisco.com in the address field. The www.cisco.com is a network name that is associated with a specific IP address. Typing the server IP address into the browser brings up the same web page.

Network naming systems are a human convenience to help users reach the resource they need without having to remember the complex IP address.

7.3.1 - TCP/IP Host Name The diagram depicts the use of a naming system instead of IP addresses. There is an Inside network and an Outside network. The Inside network has two workstations: wkst1 with the IP: 192.168.1.50, and wkst2 with the IP: 192.168.1.51. There are also two servers: srv1 with the IP: 192.168.1.20, and srv2 with the IP: 192.168.1.21. The servers are connected through a router to the Outside network. The Outside network has an ISP with one web server - www.cisco.com, IP: 209.165.201.3. Page 2: In the early days of the Internet, host names and IP addresses were managed through the use of a single HOSTS file located on a centrally administered server.

The central HOSTS file contained the mapping of the host name and IP address for every device connected to the early Internet. Each site could download the HOSTS file and use it to resolve host names on the network. When a host name was entered, the sending host would check the downloaded HOSTS file to obtain the IP address of the destination device.

At first, the HOSTS file was acceptable for the limited number of computer systems participating in the Internet. As the network grew, so did the number of hosts needing name-to-IP translations. It became impossible to keep the HOSTS file up to date. As a result, a new method to resolve host names to IP addresses was developed. DNS was created for domain name to address resolution. DNS uses a distributed set of servers to resolve the names associated with the numbered addresses. The single, centrally administered HOSTS file is no longer needed.

However, virtually all computer systems still maintain a local HOSTS file. A local HOSTS file is created when TCP/IP is loaded on a host device. As part of the name resolution process on a computer system, the HOSTS file is scanned even before the more robust DNS service is queried. A local HOSTS file can be used for troubleshooting or to override records found in a DNS server.

7.3.1 - TCP/IP Host Name The diagram depicts a Windows H O S T S file. The comment section is highlighted and has the following caption, "Commented out documentation about working with H O S T S files." The IP addresses are highlighted, with the following caption, "IP address mapped to names." Page 3: Lab Activity

Set up name resolution using the HOSTS file.

Click the lab icon to begin.

7.3.1 - TCP/IP Host Name Link to Hands-on Lab: Editing the H O S T S File in Windows 7.3.2 DNS Hierarchy

Page 1: DNS solves the shortcomings of the HOSTS file. The structure of DNS is hierarchical, with a distributed database of host name to IP mappings spread across many DNS servers all over the world. This is unlike a HOSTS file, which requires all mappings to be maintained on one server.

DNS uses domain names to form the hierarchy. The naming structure is broken down into small, manageable zones. Each DNS server maintains a specific database file and is only responsible for managing name-to-IP mappings for that small portion of the entire DNS structure. When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation.

DNS is scalable because host name resolution is spread across multiple servers.

7.3.2 - DNS The diagram depicts the process involved for a host to receive a web page when a URL is entered from the host. There is one host connected to a DNS server, and a web server (www.cisco.com). www.cisco.com, 209.165.200.226 www.netacad.com, 209.165.202.130 The client says, "What is the IP address for www.cisco.com?" The DNS server says, "The IP address is 209.165.200.226." The client says "Can I have your web page?" The web server says, "Sure, here it is!" Page 2: DNS is made up of three components.

Resource Records and Domain Namespace

A resource record is a data record in the database file of a DNS zone. It is used to identify a type of host, a host IP address, or a parameter of the DNS database.

The domain namespace refers to the hierarchical naming structure for organizing resource records. The domain namespace is made up of various domains, or groups, and the resource records within each group.

Domain Name System Servers

Domain name system servers maintain the databases that store resource records and information about the domain namespace structure. DNS servers attempt to resolve client queries using the domain namespace and resource records it maintains in its zone database files. If the name server does not have the requested information in its DNS zone database, it uses additional predefined name servers to help resolve the name-to-IP query.

Resolvers

Resolvers are applications or operating system functions that run on DNS clients and DNS servers. When a domain name is used, the resolver queries the DNS server to translate that name to an IP address. A resolver is loaded on a DNS client, and is used to create the DNS name query that is sent to a DNS server. Resolvers are also loaded on DNS servers. If the DNS server does not have the name-to-IP mapping requested, it uses the resolver to forward the request to another DNS server.

7.3.2 - DNS The diagram depicts a client, using a client resolver, connected to a DNS server, using a server resolver. The DNS server maintains the resource records, domain space, and houses the table below with the following information: www.cisco.com = 209.165.200.226 www.netacad.com = 209.165.202.130 Page 3: DNS uses a hierarchical system to provide name resolution. The hierarchy looks like an inverted tree, with the root at the top and branches below.

At the top of the hierarchy, the root servers maintain records about how to reach the top-level domain servers, which in turn have records that point to the second-level domain servers.

The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are:

.au - Australia

.co - Colombia

.com - a business or industry

.jp - Japan

.org - a nonprofit organization

Under top-level domains are second-level domain names, and below them are other lower level domains.

7.3.2 - DNS The diagram depicts DNS tree structure components in a hierarchical manner, from top to bottom, as follows: Root - Managed by Registration Authority (ROOT of the DNS Structure) Level 1 Branch 1 - com, (Top level domain) Level 1 Branch 2 - gov (Top level domain) Level 1 Branch 3 - mil (Top level domain) Level 1 Branch 4 - int/net/org/edu (Top level domain) Level 2 Branch 1 - cisco (second level domain) Level 2 Branch 2 - nasa (second level domain) Level 2 Branch 3 - army (second level domain) Level 2 Branch 4 - redcross (second level domain) Page 4: The root DNS server may not know exactly where the host H1.cisco.com is located, but it does have a record for the .com top-level domain. Likewise, the servers within the .com domain may not have a record for H1.cisco.com either, but they do have a record for the cisco.com domain. The DNS servers within the cisco.com domain do have the record for H1.cisco.com and can resolve the address.

DNS relies on this hierarchy of decentralized servers to store and maintain these resource records. The resource records contain domain names that the server can resolve, and alternate servers that can also process requests.

The name H1.cisco.com is referred to as a fully qualified domain name (FQDN) or DNS name, because it defines the exact location of the computer within the hierarchical DNS namespace.

7.3.2 - DNS The diagram depicts a tree structure used to describe the DNS hierarchy. Root - Managed by Registration Authority Level 1 Branch 1 - com Level 2 Branch 1 - cisco Level 3 Branch 1 - Managed by Cisco Level 3 Branch 2 - Managed by Cisco Level 3 Branch 3 - H1 Level 1 Branch 2 - gov Level 2 Branch 1 - nasa Level 1 Branch 3 - mil Level 2 Branch 1 - army Level 1 Branch 4 - int/net/org/edu Level 2 Branch 1 - redcross 7.3.3 DNS Name Resolution Page 1: When a host needs to resolve a DNS name, it uses the resolver to contact a DNS server within its domain. The resolver knows the IP address of the DNS server to contact because it is preconfigured as part of the host IP configuration.

When the DNS server receives the request from the client resolver, it first checks the local DNS records it has cached in its memory. If it is unable to resolve the IP address locally, the server uses its resolver to forward the request to another preconfigured DNS server. This process continues until the IP address is resolved. The name resolution information is sent back to the original DNS server, which uses the information to respond to the initial query.

During the process of resolving a DNS name, each DNS server caches, or stores, the information it receives as replies to the queries. The cached information enables the DNS server to reply more quickly to subsequent resolver requests, because the server first checks the cache records before querying other DNS servers.

DNS servers only cache information for a limited amount of time. DNS servers should not cache information for too long because host name records do periodically change. If a DNS server had old information cached, it may give out the wrong IP address for a computer.

7.3.3 - DNS Name Resolution The diagram depicts five steps of the DNS resolution process. In the diagram, there are four name servers (cisco, COM, edu, Stanford), one web server, and a client. Step 1: Local Recursive Query Resolver sends a recursive DNS query to the local DNS server asking for the IP address of the web server. Cisco.com is the fully qualified domain name of the remote host. The local DNS server looks in its DNS zone database and its DNS cache to see if it has that name mapping recorded. It does not find it. Step 2: Root Domain Iterative Query The local DNS server then sends an iterative DNS query to one of the preconfigured root servers asking for the DNS servers that maintain the .com top-level domain. The root DNS server replies back with the list of .com top-level domain DNS servers. The local DNS server then stores the location of the .com DNS servers in its DNS cache. Step 3: Top Level Domain Iterative Query The local DNS server then sends an iterative DNS query to one of the .com servers asking for the DNS servers that manage the cisco.com second level domains. The .com server replies back with the list of DNS servers that maintain the cisco.com second level domain. The local DNS server then stores the location of the cisco.com DNS servers in its DNS cache. Step 4: Second Level Domain Iterative Query The local DNS server then sends an iterative DNS query to one of the cisco.com DNS servers asking for the IP address of webserver.cisco.com. The cisco.com DNS server replies back with the IP address mapping for webserver.cisco.com. The local DNS server then stores the resources record in its local DNS cache. Step 5: Local Response The Local DNS server then sends the reply back to the client with the IP address of webserver.cisco.com. The client then uses the IP address to connect to the remote web server and requests the web page. Page 2: Lab Activity

Examine the interface of a Windows DNS server to view the cached information from a DNS lookup.

Click the lab icon to begin.

7.3.3 - DNS Name Resolution Link to Hands-on Lab: Examining Cached DNS Information on a Windows DNS Server Examine the interface of a Windows DNS server to view the cached information from a DNS lookup.

Page 3: In the early implementations of DNS, resource records for hosts were all added and updated manually. However, as networks grew and the number of host records needing to be managed increased, it became very inefficient to maintain the resource records manually. Furthermore, when DHCP is used, the resource records within the DNS zone have to be updated even more frequently. To make updating the DNS zone information easier, the DNS protocol was changed to allow computer systems to update their own record in the DNS zone through dynamic updates.

Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. To use dynamic update, the DNS server and the DNS clients, or DHCP server, must support the dynamic update feature. Dynamic updates on the DNS server are not enabled by default, and must be explicitly enabled. Most current operating systems support the use of dynamic updates.

7.3.3 - DNS Name Resolution The diagram depicts the use of dynamic update. The topology consists of a DHCP client, H1, connected to a DHCP server and a DNS server. Two scenarios are then given, identifying each step with arrows pointing to the appropriate devices. Client Updates Host Record DHCP clients capable of dynamically updating their own DNS host record do the following: One.The client requests an address from a DHCP server. (IP lease request) Two.The DHCP server assigns an IP address to the client. (IP lease acknowledgement) Three.The client registers its DNS host record with the configured DNS server. (DNS dynamic update of H1 name) Four.The DHCP server registers the pointer (PTR) name for the client. (DNS dynamic update of pointer (PTR) name) DHCP Updates Host Record Some older operating systems do not support dynamic updating DNS. For these operating systems, you can configure some DHCP servers to dynamically update on behalf of the client. The process of using DHCP to update DNS for the client is as follows: One.The client requests an address from a DHCP server. (IP lease request) Two.The DHCP server assigns an IP address to the client. (IP lease acknowledgement) Three.The DHCP server registers a DNS host record with the configured DNS server on behalf of the client. (DNS dynamic update of H1 name) Four.The DHCP server registers the (PTR) name for the client. (DNS dynamic update of pointer (PTR) name) Page 4: DNS servers maintain the zone database for a given portion of the overall DNS hierarchy. Resource records are stored within that DNS zone.

DNS zones can be either a forward lookup or reverse lookup zone. They can also be either a primary or a secondary forward or reverse lookup zone. Each zone type has a specific role within the overall DNS infrastructure.

Forward Lookup Zones

A forward lookup zone is a standard DNS zone that resolves fully qualified domain names to IP addresses. This is the zone type that is most commonly found when surfing the Internet. When typing a website address, such as www.cisco.com, a recursive query is sent to the local DNS server to resolve that name to an IP address to connect to the remote web server.

Reverse Lookup Zones

A reverse lookup zone is a special zone type that resolves an IP address to a fully qualified domain name. Some applications use reverse lookups to identify computer systems that are actively communicating with them. There is an entire reverse lookup DNS hierarchy on the Internet that enables any publicly registered IP address to be resolved. Many private networks choose to implement their own local reverse lookup zones to help identify computer systems within their network. Reverse lookups on IP addresses can be found using the ping -a [ip_address] command.

Primary Zones

A primary DNS zone is a zone that can be modified. When a new resource record needs to be added or an existing record needs to be updated or deleted, the change is made on a primary DNS zone. When you have a primary zone on a DNS server, that server is said to be authoritative for that DNS zone, since it will have the answer for DNS queries for records within that zone. There can only be one primary DNS zone for any given DNS domain; however, you can have a primary forward and primary reverse lookup zone.

Secondary Zones

A secondary zone is a read-only backup zone maintained on a separate DNS server than the primary zone. The secondary zone is a copy of the primary zone and receives updates to the zone information from the primary server. Since the secondary zone is a read-only copy of the zone, all updates to the records need to be done on the corresponding primary zone. You can also have secondary zones for both forward and reverse lookup zones. Depending on the availability

requirements for a DNS zone, you may have many secondary DNS zones spread across many DNS servers.

7.3.3 - DNS Name Resolution The diagram depicts a Windows Command Prompt window with examples of the commands for forward lookup zones and reverse lookup zones. Forward Lookup Zones The ping netacad.net command is entered, and shows that the host is reachable as there is 0% packet loss. C: \ > ping netacad.net Pinging netacad.net.escxi.loc [64.102.240.242] with 32 bytes of data: <> Ping statistics for 64.102.240.242: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss). Reverse Lookup Zones The ping 64.102.240.242 command is entered, and shows that the host is reachable as there is 0% packet loss. C: \ > ping -a 64.102.240.242 Pinging bsm-rtp-002-int.cisco.com [64.102.240.242] with 32 bytes of data: <> Ping statistics for 64.102.240.242: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss). Page 5: Lab Activity

Using a Windows server, create primary and secondary DNS zones.

Click the lab icon to begin.

7.3.3 - DNS Name Resolution Link to Hands-on Lab: Creating Primary and Secondary Forward Lookup Zones Using a Windows server, create primary and secondary DNS zones. 7.3.4 Implementing DNS Solutions Page 1: There is more than one way to implement DNS solutions.

ISP DNS Servers

ISPs typically maintain caching-only DNS servers. These servers are configured to forward all name resolution requests to the root servers on the Internet. Results are cached and used to reply to any future requests. Because ISPs typically have many customers, the number of cached DNS lookups is high. The large cache reduces network bandwidth by reducing the frequency that DNS queries that are forwarded to the root servers. Caching-only servers do not maintain any authoritative zone information, meaning that they do not store any name-to-IP mappings directly within their database.

Local DNS Servers

A business may run its own DNS server. The client computers on that network are configured to point to the local DNS server rather than the ISP DNS server. The local DNS server may maintain some authoritative entries for that zone, so it has name-to-IP mappings of any host within the zone. If the DNS server receives a request that it cannot resolve, it is forwarded. The cache required on a local server is relatively small compared to the ISP DNS server because of the smaller number of requests.

It is possible to configure local DNS servers to forward requests directly to the root DNS server. However, some administrators configure local DNS servers to forward all DNS requests to an upstream DNS server, such as the DNS server of the ISP. In this way, the local DNS server benefits from the large number of cached DNS entries of the ISP, rather than having to go through the entire lookup process starting from the root server.

7.3.4 - Provisioning DNS Services The diagram depicts the hierarchy of two DNS servers, Local DNS Server and ISP DNS Server, that are separated by a firewall. The IS DNS Server is connected to the Internet. The following information is included for the local DNS server and for the ISP DNS server: Local DNS Server Maintained by the organization The Local DNS Server is responsible for name-to-IP mappings of all internal machines All external name resolution requests are forwarded to the ISP DNS server or the root server ISP DNS Server Typically a caching-only server All name resolution requests are forwarded to the root server Page 2:

Losing access to DNS servers affects the visibility of public resources. If users type in a domain name that cannot be resolved, they cannot access the resource. For this reason, when an organization registers a domain name on the Internet, a minimum of two DNS servers must be provided with the registration. These servers are the ones that hold the DNS zone database. Redundant DNS servers ensure that if one fails, the other one is available for name resolution. This practice provides fault tolerance. If hardware resources permit, having more than two DNS servers within a zone provides additional protection and organization.

It is also a good idea to make sure that multiple DNS servers that host the zone information are located on different physical networks. For example, the primary DNS zone information can be stored on a DNS server on the local business premises. Usually the ISP hosts an additional secondary DNS server to ensure fault tolerance.

DNS is a critical network service. Therefore, DNS servers must be protected using firewalls and other security measures. If DNS fails, other web services are not accessible.

7.3.4 - Provisioning DNS Services The diagram depicts the implementation of DNS solutions. A network with three internal DNS servers is protected by a firewall. The internal DNS servers send external queries outside of the firewall to a caching-only DNS server. Outside of the firewall, there is an unprotected DNS server connected to the network, which is accessible from the Internet.

7.4 Services and Protocols 7.4.1 Services Page 1: In addition to providing private and business customers with connectivity and DNS services, ISPs provide many business-oriented services to customers. These services are enabled by software installed on servers. Among the different services provided by ISPs are:

• • • • • •

email hosting website hosting e-commerce sites file storage and transfer message boards and blogs streaming video and audio services

TCP/IP Application Layer protocols enable many of these ISP services and applications. The most common TCP/IP Application Layer protocols are HTTP, FTP, SMTP, POP3, and IMAP4.

Some customers have greater concern about security, so these Application Layer protocols also include secure versions such as FTPS and HTTPS.

7.4.1 - Services The diagram depicts some of the services which an ISP may provide, including a file servers, mail servers, and web servers. Customers are able to access these services through the Internet. Page 2: 7.4.1 - Services The diagram depicts an activity in which you must determine which of the four protocols are required for each of the three types of servers. One server will have two protocols. Servers A.File Server B.Mail Server C.Web Server Protocols One.FTP Two.SMTP Three.I MAP Four.HTTP 7.4.2 HTTP and HTTPS Page 1: HTTP, one of the protocols in the TCP/IP suite, was originally developed to enable the retrieval of HTML-formatted web pages. It is now used for distributed, collaborative information sharing. HTTP has evolved through multiple versions. Most ISPs use HTTP version 1.1 to provide webhosting services. Unlike earlier versions, version 1.1 enables a single web server to host multiple websites. It also permits persistent connections, so that multiple request and response messages can use the same connection, reducing the time it takes to initiate new TCP sessions.

HTTP specifies a request/response protocol. When a client, typically a web browser, sends a request message to a server, HTTP defines the message types that the client uses to request the web page. It also defines the message types that the server uses to respond.

Although it is remarkably flexible, HTTP is not a secure protocol. The request messages send information to the server in plain text that can be intercepted and read. Similarly, the server responses, typically HTML pages, are also sent unencrypted.

For secure communication across the Internet, Secure HTTP (HTTPS) is used for accessing or posting web server information. HTTPS can use authentication and encryption to secure data as it travels between the client and server. HTTPS specifies additional rules for passing data between the Application Layer and the Transport Layer.

7.4.2 - Supporting HTTP and HTTPS The diagram depicts a client request for data from the HTTP server. There is a TCP connection from the client to the server. The server is listening on Port 80. The HTTP server then sends a response back to the client. Page 2: When contacting an HTTP server to download a web page, a uniform resource locator (URL) is used to locate the server and a specific resource. The URL identifies:

• • •

Protocol being used Domain name of the server being accessed Location of the resource on the server, such as http://example.com/example1/index.htm

Many web server applications allow short URLs. Short URLs are popular because they are easier to write down, remember, or share. With a short URL, a default resource page is assumed when a specific URL is typed. When a user types in a shortened URL, like http://example.com, the default page that is sent to the user is actually the http://example.com/example1/index.htm web page.

7.4.2 - Supporting HTTP and HTTPS The diagram depicts the different parts of the following URL: http://example.com/example1/home.htm Protocol - http The http protocol that is being used to send the request. This can also be https or ftp. Domain Name - example.com The domain name is example.com, which sent to the DNS server for resolution to an IP address. Folder - example1 The folder on the web server where the resource is stored. Resource - home.htm The actual resource or file that is being requested. Page 3:

HTTP supports proxy services. A proxy server allows clients to make indirect network connections to other network services. A proxy is a device in the communications stream that acts as a server to the client and as a client to a server.

The client connects to the proxy server and requests from the proxy a resource on a different server. The proxy connects to the specified server and retrieves the requested resource. It then forwards the resource back to the client.

The proxy server can cache the resulting page or resource for a configurable amount of time. Caching enables future clients to access the web page quickly, without having to access the actual server where the page is stored. Proxies are used for three reasons:

• • •

Speed - Caching allows resources requested by one user to be available to subsequent users, without having to access the actual server where the page is stored. Security - Proxy servers can be used to intercept computer viruses and other malicious content and prevent them from being forwarded onto clients. Filtering - Proxy servers can view incoming HTTP messages and filter unsuitable and offensive web content.

7.4.2 - Supporting HTTP and HTTPS The diagram depicts an initial request and subsequent request on a proxy server. Initial Request An HTTP client requests the website, www.cisco.com. Through a TCP connection to the proxy server, the client request is sent as a proxy request to the HTTP server, which is listening on Port 80. The HTTP server sends a response the proxy server, which then sends a response back to the client. Subsequent Request An HTTP client requests the same website, www.cisco.com. Through a TCP connection to the proxy server, the client request is received. The proxy server this time does not need to send the request on to the HTTP server. But since the website was accessed before, the proxy server sends a cached response to the HTTP client. Page 4: HTTP sends clear text messages back and forth between a client and a server. These text messages can be easily intercepted and read by unauthorized users. To safeguard data, especially confidential information, some ISPs provide secure web services by using HTTPS. HTTPS is HTTP over secure socket layer (SSL). HTTPS uses the same client request-server response process as HTTP, but the data stream is encrypted with SSL before being transported across the network.

When the HTTP data stream arrives at the server, the TCP layer passes it up to SSL in the Application Layer of the server, where it is decrypted.

The maximum number of simultaneous connections that a server can support for HTTPS is less than that for HTTP. HTTPS creates additional load and processing time on the server due to the encryption and decryption of traffic. To keep server performance up, HTTPS should only be used when necessary, such as when exchanging confidential information.

7.4.2 - Supporting HTTP and HTTPS The diagram depicts the use of HTTPS for encrypted data transmission. An HTTPS client sends a request to an HTTPS server through a TCP connection. Both the request from the client and response from the server are encrypted. The HTTPS server has a caption that reads, "Listens on Port 443". Page 5: 7.4.2 - Supporting HTTP and HTTPS The diagram depicts an activity in which you must determine if each of the following characteristics describes HTTP and HTTPS. One. Low C P U overhead Two. Secured using SSL Three. Not Secure Four. For confidential data Five. High C P U overhead Six. For non-confidential data 7.4.3 FTP Page 1: FTP is a connection-oriented protocol that uses TCP to communicate between a client FTP process and an FTP process on a server. FTP implementations include the functions of a protocol interpreter (PI) and a data transfer process (DTP). PI and DTP define two separate processes that work together to transfer files. As a result, FTP requires two connections to exist between the client and server, one to send control information and commands, and a second one for the actual file data transfer.

Protocol Interpreter (PI)

The PI function is the main control connection between the FTP client and the FTP server. It establishes the TCP connection and passes control information to the server. Control information

includes commands to navigate through a file hierarchy and renaming or moving files. The control connection, or control stream, stays open until closed by the user. When a user wants to connect to an FTP server there are five basic steps:

Step 1. The user PI sends a connection request to the server PI on well-known port 21.

Step 2. The server PI replies and the connection is established.

Step 3. With the TCP control connection open, the server PI process begins the login sequence.

Step 4. The user enters credentials through the user interface and completes authentication.

Step 5. The data transfer process begins.

Data Transfer Process

DTP is a separate data transfer function. This function is enabled only when the user wants to actually transfer files to or from the FTP server. Unlike the PI connection, which remains open, the DTP connection closes automatically when the file transfer is complete.

7.4.3 - Supporting FTP The diagram depicts how a user and server interact during the FTP process. The User FTP-Process and the Server FTP-process steps are outlined. User FTP One. User Interface Two. User Protocol Interpreter (user-P I) Three. User Data Transfer Process Four. Client File System Server FTP One. Server Protocol Interpreter (server-P I) Two. Server Data Transfer Process Three. Server File System The control connection between the user-P I and server-P I uses TCP port 21. The data connection between user the data transfer process and server data transfer process uses TCP port 20.

Page 2: The two types of data transfer connections supported by FTP are active data connections and passive data connections.

Active Data Connections

In an active data connection, a client initiates a request to the server and opens a port for the expected data. The server then connects to the client on that port and the file transfer begins.

Passive Data Connections

In a passive data connection, the FTP server opens a random source port (greater than 1023). The server forwards its IP address and the random port number to the FTP client over the control stream. The server then waits for a connection from the FTP client to begin the data file transfer.

ISPs typically support passive data connections to their FTP servers. Firewalls often do not permit active FTP connections to hosts located on the inside network.

7.4.3 - Supporting FTP The diagram depicts passive and active data transfer connections supported by FTP. A client is connected to a server. Active Connection Server initiates the data transfer connection. A user requests data transfer, the server P I instructs the server-DTP to connect to the user-DTP. The user-DTP listens for the connection from the server DTP. Passive Connection Client initiates the data transfer connection. A user-P I connects to the server-P I and instructs the server-DTP to be passive. The server-P I replies with its IP address and a dynamic port number that the client is to use the data transfer. The server-DTP then listens for a connection from the client-DTP. 7.4.4 SMTP, POP3, and IMAP4 Page 1:

One of the primary services offered by an ISP is email hosting. Email is a store-and-forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers. ISPs often maintain mail servers that support many different customer accounts.

Email clients communicate with mail servers to send and receive email. Mail servers communicate with other mail servers to transport messages from one domain to another. An email client does not communicate directly with another email client when sending email. Instead, both clients rely on the mail server to transport messages. This is true even when both users are in the same domain.

Email clients send messages to the email server configured in the application settings. When the server receives the message, it checks to see if the recipient domain is located on its local database. If it is not, it sends a DNS request to determine the mail server for the destination domain. When the IP address of the destination mail server is known, the email is sent to the appropriate server.

Email supports three separate protocols for operation: SMTP, POP3, and IMAP4. The Application Layer process that sends mail, either from a client to a server or between servers, implements SMTP. A client retrieves email using one of two Application Layer protocols: POP3 or IMAP4.

7.4.4 - Supporting SMTP, POP3, I MAP The diagram depicts the use of an email server for storing and forwarding emails. A client from ISP A (sender) is sending an email to a client from ISP B (recipient). The sender sends the email to the ISP A email Server. The ISP A email server passes the email to the ISP B email server using the SMTP protocol. The recipient retrieves the email from the ISP B email server using either the I MAP or POP3 protocol. Page 2: SMTP transfers mail reliably and efficiently. For SMTP applications to work properly, the mail message must be formatted properly and SMTP processes must be running on both the client and server.

SMTP message formats require a message header and a message body. While the message body can contain any amount of text, the message header must have a properly formatted recipient email address and a sender address. Any other header information is optional.

When a client sends email, the client SMTP process connects with a server SMTP process on well-known port 25. After the connection is made, the client attempts to send mail to the server

across the connection. When the server receives the message, it either places the message in a local account or forwards the message using the same SMTP connection process to another mail server.

The destination email server may not be online or may be busy when email messages are sent. Therefore, SMTP spools messages to be sent at a later time. Periodically, the server checks the queue for messages and attempts to send them again. If the message is still not delivered after a predetermined expiration time, it is returned to the sender as undeliverable.

7.4.4 - Supporting SMTP, POP3, I MAP The animation depicts the use of email servers for storing and forwarding emails. A client from ISP A (sender) is sending an email to a client from ISP B (recipient). The picture shows how the sender sends the email to the ISP A email server on Port 25 (SMTP). The ISP A email server states, "I have received a message that I must forward to another mail server." The ISP A email server then passes the email to the ISP B email server using SMTP. The ISP B email server states, "I have received a message for one of my email accounts. I will store it until the user requests it." The recipient will retrieve the email from the ISP B email server. Page 3: One of the required fields in an email message header is the recipient email address. The structure of an email address includes the email account name or an alias, in addition to the domain name of the mail server. An example of an email address:

[email protected].

The @ symbol separates the account and the domain name of the server. When a DNS server receives a query for a name with an @ symbol, that indicates to the DNS server that it is looking up an IP address for a mail server.

When a message is sent to [email protected], the domain name is sent to the DNS server to obtain the IP address of the domain mail server. Mail servers are identified in DNS by an MX record indicator. MX is a type of resource record stored on the DNS server. When the destination mail server receives the message, it stores the message in the appropriate mailbox. The mailbox location is determined based on the account specified in the first part of the email address, in this case, the recipient account. The message remains in the mailbox until the recipient connects to the server to retrieve the email.

If the mail server receives an email message that references an account that does not exist, the email is returned to the sender as undeliverable.

7.4.4 - Supporting SMTP, POP3, I MAP The diagram depicts the different parts of an email address. recipient @cisco.com recipient - The name of the account created on the mail server. cisco.com - The domain name of the email server where the message must be delivered. Page 4: Post Office Protocol - Version 3 (POP3) enables a workstation to retrieve mail from a mail server. With POP3, mail is downloaded from the server to the client and then deleted on the server.

The server starts the POP3 service by passively listening on TCP port 110 for client connection requests. When a client wants to make use of the service, it sends a request to establish a TCP connection with the server. When the connection is established, the POP3 server sends a greeting. The client and POP3 server then exchange commands and responses until the connection is closed or aborted.

Because email messages are downloaded to the client and removed from the server, there is not a centralized location where email messages are kept. Because POP3 does not store messages, it is undesirable for a small business that needs a centralized backup solution.

POP3 is desirable for an ISP, because it alleviates their responsibility for managing large amounts of storage for their email servers.

7.4.4 - Supporting SMTP, POP3, I MAP The animation depicts the protocol exchange between the client and the server using the POP3 protocol. To retrieve emails from an email server, the recipient in the animation states, "Get Mail". The recipient sends a request to the email server on Port 110 using POP3. The email server receives the request and messages are downloaded and removed from the server. The server then sends the emails to the recipient and deletes them off of the server. Page 5:

Internet Message Access Protocol (IMAP4) is another protocol that describes a method to retrieve email messages. However, unlike POP3, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. Users view copies of the messages in their email client software.

Users can create a file hierarchy on the server to organize and store mail. That file structure is duplicated on the email client as well. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server.

For small- to medium-sized businesses, there are many advantages to using IMAP. IMAP can provide long-term storage of email messages on mail servers and allows for centralized backup. It also enables employees to access email messages from multiple locations, using different devices or client software. The mailbox folder structure that a user expects to see is available for viewing regardless of how the user accesses the mailbox.

For an ISP, IMAP may not be the protocol of choice. It can be expensive to purchase and maintain the disk space to support the large number of stored emails. Additionally, if customers expect their mailboxes to be backed up routinely, that can further increase the costs to the ISP.

7.4.4 - Supporting SMTP, POP3, I MAP The animation depicts the protocol exchange between the client and the server using the I MAP protocol. To retrieve emails from an email server, the recipient in the animation states, "Get Mail". The recipient sends a request to the email server on Port 143 using I MAP4. The email server receives the request and messages are downloaded and retained on the server. The server then sends the emails to the recipient while keeping them on the server.

7.5 Chapter Summary 7.5.1 Summary Page 1: 7.5.1 - Summary Diagram 1, Image The diagram depicts UDP and TCP ports in relation to the TCP/IP Model. Diagram 1 text Supporting Multiple Services TCP is a connection-oriented protocol. TCP is used if data packets require guaranteed delivery and must be acknowledged.

UDP is a connectionless protocol. UDP is used if data packets do not require guaranteed delivery. The TCP and UDP protocols use port numbers to map data packets to a specific application, or process that is running on a server. TCP and UDP ports enable network servers to quickly and reliably respond to many simultaneous requests for data that are initiated by and destined to separate applications. Diagram 2, Image The diagram depicts the DNS tree structure. Diagram 2 text The native TCP/IP naming system relies on a file called a HOSTS file and contains the name and IP address of known hosts. DNS is a hostname resolution system that solves the shortcomings of the HOSTS file for name resolution. The structure of DNS is hierarchical and DNS database files are distributed among root, toplevel domains, second level domains, and sub domains. Diagram 3, Image The diagram depicts a Windows Command Prompt window. Diagram 3 text Dynamic Updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. DNS zones can be either Forward lookup, or Reverse lookup zones. They can also be either a primary or secondary zones. Many ISP's offer caching-only DNS servers. An organization may run its own DNS server that can either point to the caching-only server or directly to the root server for name resolution. Diagram 4, Image The diagram depicts a client sending a request over a TCP connection to an HTTP server that is listening on port 80. Diagram 4 text The most common services that are used on the Internet include FTP, FTPS, SMTP, POP3, I MAP4, HTTP, and HTTPS. HTTP and HTTPS are used for web server services; HTTPS is a secure version of HTTP which uses SSL. An ISP supports HTTPS by providing high-performance web servers to support HTTPS encryption and decryption demands. Diagram 5, Image The diagram depicts a sender sending email to a recipient and the protocols used along the way. Diagram 5 text FTP is used for file transfer services. The ISP can support active and passive FTP connections. Active connections require the server to initiate the connection. Passive connection require the host to initiate the connection Email utilizes three different protocols. SMTP is used to send email. POP3 and I MAP are both used to retrieve email.

7.6 Chapter Quiz 7.6.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

7.6.1 - Quiz Chapter 7 Quiz: ISP Services 1.Which layer of the four-layer TCP/IP model encapsulates datagrams for transmission on physical media? a.application b.Internet c.network access d.transport 2.Which three application-layer protocols use UDP as the transport protocol? (Choose three.) a.DNS b.ICMP c.HTTP d.SNMP e.TFTP f.SMTP 3.Which two protocols define how an e-mail client retrieves mail from the server? (Choose two.) a.FTP b.HTTP c.I MAP d.POP3 e.SMTP f.Telnet 4.An e-mail client connection downloads all messages and then deletes them from the e-mail server. Which type of client connection does this by default? a.I MAP b.POP1 c.POP3 d.SMTP 5.Within FTP, which connection type closes automatically when the file transfer is complete? a.UDP session b.control stream c.protocol interpreter d.data transfer process

6.What DNS zone resolves fully qualified domain names to IP addresses using a local DNS server? a.dynamic lookup b.forward lookup c.resource record d.reverse lookup 7.What are two common DNS lookup methods? (Choose two.) a.using ISP-caching DNS servers b.configuring a HOST file on each computer c.statically assigning DNS information to hosts d.using a DNS server located on company premises e.having a company-registered top-level domain (TLD) 8.Identify the characteristic to the protocol it describes (TCP or UDP). guaranteed delivery does not require acknowledgments breaks data into segments retransmits lost data connectionless unreliable 9.An IP packet arrives at a server addressed to TCP port 21. Which application-layer service is the destination of the packet? a.HTTP b.HTTPS c.FTP d.I MAP e.POP3 10.Employees of a small auto repair company frequently access the same automobile parts supplier website to find videos that show how to install a new part. Often three or four employees are viewing the same video file or graphic from different PCs. What service can the ISP provide to the auto repair company to improve the response for this application, as well as other Internet applications? a.a local DNS server b.a HTTPS server c.a proxy server d.a video streaming server 11.Why is it important for the source and destination hosts to synchronize sequence numbers during the TCP three-way handshake? (Choose two.) a.to enable the host to identify which application is the destination of the segments b.so both hosts can keep track of the segments sent and acknowledged c.to create a socket pair for communicating between the hosts d.to provide destination information to the network devices in the path e.to identify lost segments that must be retransmitted f.to indicate when the IP address of the host has been translated

End

CCNA Discovery - Working at a Small-toMedium Business or ISP 8 ISP Responsibility 8.0 Chapter Introduction 8.0.1 Introduction Page 1:

8.0.1 - Introduction As the reliance on network services increases, the ISP must provide, maintain, secure, and recover critical business services. The ISP develops and maintains security policies and procedures for their customers along with disaster recovery plans for their network hardware and data. After completion of this chapter, you should be able to: Describe ISP security policies and procedures. Describe the tools used in implementing security at the ISP . Describe the monitoring and managing of the ISP . Describe the responsibilities of the ISP with regard to maintenance and recovery.

8.1 ISP Security Considerations 8.1.1 ISP Security Services Page 1: Any active Internet connection for a computer can make that computer a target for malicious activity. Malware, or malicious software such as a computer virus, worm, or spyware, can arrive in an email or be downloaded from a website. Problems that cause large-scale failures in ISP networks often originate from unsecured desktop systems at the ISP customer locations.

If the ISP is hosting any web or e-commerce sites, the ISP may have confidential files with financial data or bank account information stored on their servers. The ISP is required to maintain the customer data in a secure way.

ISPs play a big role in helping to protect the home and business users that use their services. The security services that they provide also protect the servers that are located at the service provider premise. Service providers are often called upon to help their customers secure their local networks and workstations to reduce the risks of compromise.

There are many actions that can be taken both at the local site and the ISP to secure operating systems, data stored on operating systems, and data transmitted between computer systems.

8.1.1 - ISP Security Services The diagram depicts a man sitting at his work station typing in his user name and password. In the foreground there is a sinister looking character holding up a laptop displaying the user name and password. Page 2:

If an ISP is providing web hosting or email services for a customer, it is important that the ISP protect that information from malicious attack. This protection can be complicated because ISPs often use a single server, or cluster of servers, to maintain data that belongs to more than one customer.

To help prevent attacks on these vulnerabilities, many ISPs provide managed desktop security services for their customers. An important part of the job of an on-site support technician is to implement security best practices on client computers. Some of the security services that an ISP support technician can provide include:

• • • • • •

Helping clients to create secure passwords for devices Securing applications using patch management and software upgrades Removing unnecessary applications and services that can create vulnerabilities Ensuring applications and services are available to the users that need them and no one else Configuring desktop firewalls and virus-checking software Performing security scans on software and services to determine vulnerabilities that the technician must protect from attack

8.1.1 - ISP Security Services The diagram depicts a Windows Log On window and the System Properties window with the Automatic Updates tab selected. There is a brief description for each of the following security practices: Password Security, Extraneous Services, Patch Management, Application Security, User Rights, and Security Scanning. Password Security Choose a complex password. A complex password consists of a mix of upper case characters, lower case characters, numbers, and symbols. A complex password should be at least eight characters in length and never be based on a dictionary word or personal information that someone may be able to guess. It is also recommended that passwords be changed periodically. Software exists that can allow a hacker to crack passwords by trying every possible combination of letters, numbers, and symbols to figure out passwords. By changing your password periodically, brute force password cracking is less of an issue because by the time the hacker cracks the password, the password should already be changed to something different. Extraneous Services One of the most common methods used to compromise a computer system is to exploit unconfigured or misconfigured services. The nature of a service is it listens for requests from external computer systems. If the service has a known exploitable flaw due to not being configured or being configured incorrectly, then a hacker or a worm can compromise that service and gain access to the computer system that the service is running on. As a best practice, remove or disable all unnecessary services. For services that are necessary or cannot be uninstalled, make sure you follow the best practices in any configuration guides for

that particular service. Patch Management New security exploits are constantly being identified for operating systems almost every day. All it takes is a simple search online and you may be able to find sites that list various exploitable vulnerabilities for virtually every operating system that is available today. Operating system developers release updates regularly - daily in some cases. It is important to regularly review and install security updates for your operating systems. Most intrusions by a hacker or infections from worms and viruses can be prevented by patching the operating system regularly. Application Security Unpatched and unnecessary applications installed on an operating system can increase the risk of being compromised. Just as the operating system needs to be patched regularly, so do the installed applications. Internet based applications, such as Internet browsers and email applications, are the most important applications to constantly patch, since these applications are the most targeted type of application. User Rights On a typical modern operating system there are multiple levels of access to the operating system. When a user account has administrative access to the operating system, malware can more easily infect the computer system. This is due to the unrestricted access to the file system and system services. Normal user accounts do not have the ability to install new applications since the accounts do not have access to areas of the file system and system files that are necessary to install most applications. As a result, normal users are not as susceptible to malware infections that try to install or access certain areas of the file system. As a best practice, users should only have the level of access required to perform their normal daily work. Administrative access should only be used on occasion to perform functions that are not permitted as a normal user. Security Scanning There are many tools that can help you secure your operating system. Most security scanning tools review many system security weaknesses and report back on how to rectify the problems the software found. Some of the more advanced scanning software packages go beyond the typical operating system security scans and look at the software and services that are running on a computer and suggest ways to protect the entire system from attack. Tip Popup Microsoft has a freely downloadable tool called the Microsoft Baseline Security Analyzer (M B S A) that examine everything from user account security to installed windows services and even checks to see the current patch level of you operating system. Another popular utility creating for scanning for vulnerabilities is the Nessus Vulnerabilities Scanner. This scanning tool is not specific to Windows so it scans for vulnerabilities on a variety of different platforms. Many other tools are available online. Usually, it is best to use more than one tool to examine the security of your system to get the best overall results.

8.1.2 Security Practices Page 1: It is critical that ISPs have measures in place to protect the information of its customers from malicious attack. Common data security features and procedures include:

• • • •

Encrypting data stored on server hard drives Using permissions to secure access to files and folders Permit or deny access based on the user account or group membership Assign different levels of access permission based on the user account or group membership

When assigning permissions to files and folders, a security best practice is to apply permissions based on the "principle of least privilege". This means giving users access to only those resources that are required for them to be able do their job. It also means giving the appropriate level of permission, for example read-only access or write access.

8.1.2 - Security Practices The diagram depicts a My Documents Properties window showing the security tab. Page 2: Authentication, Authorization, and Accounting (AAA) is a three-step process used by network administrators to make it difficult for attackers to gain access to a network.

Authentication requires users to prove their identity using a username and password. Authentication databases are typically stored on servers that use the RADIUS or TACACS protocols.

Authorization gives users rights to access specific resources and perform specific tasks.

Accounting tracks which applications are used and the length of time that they are used.

For example, authentication acknowledges that a user named "student" exists and is able to log on. Authorization services specify that user student can access host server XYZ using Telnet.

Accounting tracks that user student accessed host server XYZ using Telnet on a specific day for 15 minutes.

AAA can be used on various types of network connections. AAA requires a database to keep track of user credentials, permissions, and account statistics. Local authentication is the simplest form of AAA and keeps a local database on the gateway router. If an organization has more than a handful of users authenticating with AAA, the organization must use a database on a separate server.

8.1.2 - Security Practices The diagram depicts the use of Authentication, Authorization, and Accounting (AAA) on a network. A RADIUS authentication server on an internal network is connected to a router acting as a gateway to an ISP . A host, labeled Attacker, is also connected to the ISP and makes a network access attempt. Inside the network there are three hosts, two desktop PCs, and one laptop. The two internal desktop PCs are labeled Legitimate Network Access Attempt and the internal laptop is labeled Attacker Network Access Attempt. The external PC attached to the IS cloud is also labeled Attacker Network Access Attempt. Unauthorized users may attempt to access network resources, either from inside or outside of the network. All clients attempting to log in are challenged by the AAA authentication service on the RADIUS server. The authentication service verifies the username and password using a database of valid users. An authenticated user is authorized to use specific services in the network. The external and internal attackers are denied access. When a user logs out, the accounting service records where the user has been, what they have done, and how long they used a network service. 8.1.3 Data Encryption Page 1: ISPs must also be concerned with securing data that is transmitted to and from their servers. By default, data sent over the network is unsecured and transmitted in clear text. Unauthorized individuals can intercept unsecured data as it is being transmitted. Capturing data in transit bypasses all file system security that is set on the data. There are methods available to protect against this security issue.

Encryption

Digital encryption is the process of encrypting all transmitted data between the client and the server. Many of the protocols used to transmit data offer a secure version that uses digital

encryption. As a best practice, use the secure version of a protocol whenever the data being exchanged between two computers is confidential.

For example, if a user must submit a username and password to log on to an e-commerce website, a secure protocol is required to protect the username and password information from being captured. Secure protocols are also needed any time a user must submit a credit card or bank account information.

When surfing the Internet and viewing publicly accessible websites, securing the transmitted data is not necessary. Using a secure protocol in this situation can lead to additional computational overhead and slower response time.

8.1.3 - Data Encryption The diagram depicts scenarios of two types of data transfer security: clear text and encrypted data. Clear Text A user, at his workstation, is logging onto a web server. His logon is user name: john, and password: Pot@+oe5. A hacker is accessing the same web server. After intercepting the clear text user name and password, he is able to log in to the server. Encrypted Data A user, at his workstation, is logging onto a web server. His logon is user name: john, password: ***. A hacker is accessing the same web server. After intercepting the encrypted user name and password, he is unable to decipher the user name and password and cannot log on to the server. Page 2: There are many network protocols used by applications. Some offer secure versions and some do not:







Web servers - Web servers use HTTP by default, which is not a secure protocol. Using HTTPS, which uses the secure socket layer (SSL) protocol, enables the exchange of data to be performed securely. Email servers - Email servers use several different protocols, including SMTP, POP3, and IMAP4. When a user logs on to an email server, POP3 and IMAP4 require a username and password for authentication. By default, this information is sent without security and can be captured. POP3 can be secured by using SSL. SMTP and IMAP4 can use either SSL or Transport Layer Security (TLS) as a security protocol. Telnet servers - Using Telnet to remotely log into a Cisco router or switch creates an unsecure connection. Telnet sends authentication information and any commands a user types across the network in clear text. Use the Secure Shell (SSH) protocol to authenticate and work with the router or switch securely.





FTP servers - FTP is also an unsecure protocol. When logging into an FTP server, authentication information is sent in clear text. FTP can use SSL to securely exchange authentication and data. Some versions of FTP can also use SSH. File servers - File servers can use many different protocols to exchange data, depending on the computer operating system. In most cases, file server protocols do not offer a secure version.

IP Security (IPSec) is another Network Layer security protocol that can be used to secure any Application Layer protocol used for communication. This includes file server protocols that do not offer any other security protocol version.

8.1.3 - Data Encryption The diagram depicts a list of secure (encrypted) and unsecure (unencrypted) protocols. A host is connected to a server and is using the following protocols: Web Encryption. Unsecure: HTTP. Secure: HTTPS. Email Encryption. Unsecure: SMTP, POP3, I MAP4. Secure: SMTP with SSL or TLS, POP3 with SSL, I MAP4 with SSL or TLS. Telnet Encryption. Unsecure: Telnet. Secure: SSH. File Transfer Encryption. Unsecure: FTP. Secure: FTPS. IP Sec Encryption. Unsecure: Any application. Secure: Application with IP Sec . Page 3: Lab Activity

Perform the data security tasks needed to analyze and secure local and transmitted data.

Click the lab icon to begin.

8.1.3 - Data Encryption Link to Hands-on Lab: Securing Local Data and Transmitted Data.

8.2 Security Tools 8.2.1 Access Control Lists and Port Filtering Page 1: Even with the use of AAA and encryption, there are still many different types of attacks that an ISP must protect against. ISPs are especially vulnerable to denial-of-service (DoS) attacks, because the ISP may host sites for many different registered domain names that may or may not require authentication. Currently, there are three key types of DoS attacks.

DoS

A standard DoS attack is when a server or service is attacked to prevent legitimate access to that service. Some examples of standard DoS attacks are SYN floods, ping floods, LAND attacks, bandwidth consumption attacks, and buffer overflow attacks.

DDoS

A distributed denial-of-service (DDoS) attack occurs when multiple computers are used to attack a specific target. The attacker has access to many compromised computer systems, usually on the Internet. Because of this, the attacker can remotely launch the attack. DDoS attacks are usually the same kinds of attacks as standard DoS attacks, except that DDoS attacks are run from many computer systems simultaneously.

DRDoS

A distributed reflected denial-of-service (DRDoS) attack occurs when an attacker sends a spoofed, or mock, request to many computer systems on the Internet, with the source address modified to be the targeted computer system. The computer systems that receive the request respond. When the computer systems respond to the request, all the requests are directed at the target computer system. Because the attack is reflected, it is very difficult to determine the originator of the attack.

8.2.1 - Access Control Lists and Port Filtering The diagram depicts scenarios of three types of denial of service attacks: D o S, D D o S, and D

R D o S. Denial of Service (D o S) attack An attacker computer uses a D o S attack on a file server to deny legitimate user traffic. Distributed Denial of Service (D D o S) Attack An attacker computer uses a control command to order a number of compromise computers to launch a synchronized remote controlled attack on a target server to deny legitimate user traffic. Distributed Reflected Denial of Service (D R D o S) Attack An attacker computer uses a spoof request on a number of unknowing computers which then unknowingly respond to the spoof request thus launching a D R D o S attack on a target server to deny legitimate user traffic. Page 2: ISPs must be able to filter out network traffic, such as DoS attacks, that can be harmful to the operation of their network or servers. Port filtering and access control lists (ACL) can be used to control traffic to servers and networking equipment.

Port Filtering

Port filtering controls the flow of traffic based on a specific TCP or UDP port. Many server operating systems have options to restrict access using port filtering. Port filtering is also used by network routers and switches to help control traffic flow and to secure access to the device.

Access Control Lists

ACLs define traffic that is permitted or denied through the network based on the source and destination IP addresses. ACLs can also permit or deny traffic based on the source and destination ports of the protocol being used. Additonally, ICMP and routing update traffic can be controlled using ACLs. Administrators create ACLs on network devices, such as routers, to control whether or not traffic is forwarded or blocked.

ACLs are only the first line of defense and are not enough to secure a network. ACLs only prevent access to a network; they do not protect the network from all types of malicious attacks.

8.2.1 - Access Control Lists and Port Filtering The diagram depicts scenarios of the use of security methods for port filtering and Access Control Lists.

Port Filtering A router with port filtering allows traffic on web port 80. The router denies traffic on Telnet port 23 and denying traffic on SSH port 22. A port filter can be implemented to prevent access to all other ports, except web port 80. If a user tries to connect to the server using any other port, such as Telnet on TCP port 23, the user is denied access. This protects the server from being compromised. Access Control Lists An access control list on a router allowing traffic from Network A to go through to Network C, but deny traffic Network A to go to Network B. Using an access control list, all computers on Network A are denied access to all computers on Network B. Network A is specified as the source network and Network B as the destination network. Traffic is denied if it meets those conditions. This still allows the computers on Network A to talk to the server on Network C. Page 3: Lab Activity

Determine where to implement ACLs and port filters to help protect the network.

Click the lab icon to begin.

8.2.1 - Access Control Lists and Port Filtering Link to Hands-on Lab: Planning for Access Lists and Port Filters 8.2.2 Firewalls Page 1: A firewall is network hardware or software that defines which traffic can come into and go out of sections of the network and how traffic is handled.

ACLs are one of the tools used by firewalls. ACLs control which type of traffic is allowed to pass through the firewall. The direction the traffic is allowed to travel can also be controlled. In a medium-sized network, the amount of traffic and networking protocols needing to be controlled is quite large, and firewall ACLs can become very complicated.

Firewalls use ACLs to control which traffic is passed or blocked. They are constantly evolving as new capabilities are developed and new threats are discovered.

Different firewalls offer different types of features. For example, a dynamic packet filter firewall or stateful firewall keeps track of the actual communication process occurring between the source and destination devices. It does this by using a state table. When a communication stream is approved, only traffic that belongs to one of these communication streams is permitted through the firewall. The Cisco IOS Firewall software is embedded in the Cisco IOS software and allows the user to turn a router into a network layer firewall with dynamic or stateful inspection.

Firewalls are constantly evolving as new capabilities are developed and new threats are discovered. The more functionality embedded in a firewall, the more time it takes for packets to be processed.

8.2.2 - Firewalls The diagram depicts an inspection by a dynamic or a stateful firewall. Dynamic or Stateful Packet Firewall Host, H1, in on an internal network and is connected via Ethernet to a router with an integrated firewall, which is connected to an external network cloud via a serial connection. External Host, H2, is connected via serial connection to the same cloud. And an external server is connected via serial connection to the cloud. H1 sends a FTP packet, as it passes through the firewall, the firewall says, "I will add this conversation to my database." The packet continues on to its destination, the server. The server replies with an FTP packet. When the packet passes through the firewall, the firewall says, "This conversation is in my database. This packet is allowed." The packet continues on to its destination H1. H2 sends an FTP packet through the cloud. As it passes through the firewall, the firewall says, "This conversation is not in my database and is not allowed." The packet is dropped. Page 2: Firewalls can provide perimeter security for the entire network and for internal local network segments, such as server farms.

Within an ISP network or a medium-sized business, firewalls are typically implemented in multiple layers. Traffic that comes in from an untrusted network first encounters a packet filter on the border router. Permitted traffic goes through the border router to an internal firewall to route traffic to a demilitarized zone (DMZ). A DMZ is used to store servers that users from the Internet are allowed to access. Only traffic that is permitted access to these servers is permitted into the DMZ. Firewalls also control what kind of traffic is permitted into the protected, local network itself. The traffic that is allowed into the internal network is usually traffic that is being sent due to a specific request by an internal device. For example, if an internal device requests a web page from an external server, the firewall permits the requested web page to enter the internal network.

Some organizations can choose to implement internal firewalls to protect sensitive areas. Internal firewalls are used to restrict access to areas of the network that need to have additional protection. Internal firewalls separate and protect business resources on servers from users inside the organization. Internal firewalls prevent external and internal hackers, as well as unintentional internal attacks and malware.

8.2.2 - Firewalls The diagram depicts trusted network servers, a demilitarized zone (DMZ), and an untrusted network. Three servers, labeled accounting, human resources, and sales, are collectively labeled (Trusted) Network Servers. The servers connect to an internal firewall. The internal firewall has a mail server and web server that are collectively labeled the DMZ. The internal firewall is connected to a Border (Cisco I O S Firewall), which in then connected to the Internet which is labeled Untrusted Network. Page 3: Packet Tracer Activity

In this activity, you are a technician who provides network support for a medium-sized business. The business has grown and includes a research and development department working on a new, very confidential project. The livelihood of the project depends on protecting the data used by the research and development team. Your job is to install firewalls to help protect the network, based on specific requirements.

Click the Packet Tracer icon to begin.

8.2.2 - Firewalls Link to Packet Tracer Exploration: Planning Network-based Firewalls 8.2.3 IDS and IPS Page 1: ISPs also have a responsibility to prevent, when possible, intrusions into their networks and the networks of customers who purchase managed services. There are two tools often utilized by ISPs to accomplish this.

Intrusion Detection System (IDS)

An IDS is a software- or hardware-based solution that passively listens to network traffic. Network traffic does not pass through an IDS device. Instead, the IDS device monitors traffic through a network interface. When the IDS detects malicious traffic, it sends an alert to a preconfigured management station.

Intrusion Prevention System (IPS)

An IPS is an active physical device or software feature. Traffic travels in one interface of the IPS and out the other. The IPS examines the actual data packets that are in the network traffic and works in real time to permit or deny packets that want access into the network

IDS and IPS technologies are deployed as sensors. An IDS or an IPS sensor can be any of the following:

• • •

Router configured with Cisco IOS version IPS Appliance (hardware) specifically designed to provide dedicated IDS or IPS services Network module installed in an adaptive security appliance (ASA), switch, or router

IDS and IPS sensors respond differently to incidences detected on the network, but both have roles within a network.

8.2.3 - I D S and I P S The diagram depicts examples an intrusion detection system (I D S) and an intrusion prevention system (I P S). Intrusion Detection System An I D S is connected to a switch, which is situated in line between a firewall and corporate network. The switch is also connected to a management station. The firewall is connected to the Internet on the other side of the network. Any intrusion from outside the network is detected by the I D S and an alert is sent to the management system. Network traffic from outside the firewall does not pass through the I D S device. Intrusion Prevention System An I P S sits in line between the firewall and corporate network. The firewall connects to the Internet on the other side of the network. All network traffic from outside the firewall must pass through the I P S device. Any intrusion from outside the network is stopped by the I P S. Page 2:

IDS solutions are reactive when it comes to detecting intrusions. They detect intrusions based on a signature for network traffic or computer activity. They do not stop the initial traffic from passing through to the destination, but react to the detected activity.

When properly configured, the IDS can block further malicious traffic by actively reconfiguring network devices, such as security appliances or routers, in response to malicious traffic detection. It is important to realize that the original malicious traffic has already passed through the network to the intended destination and cannot be blocked. Only subsequent traffic is blocked. In this regard, IDS devices cannot prevent some intrusions from being successful.

IDS solutions are often used on the untrusted perimeter of a network, outside of the firewall. Here the IDS can analyze the type of traffic that is hitting the firewall and determine how attacks are executed. The firewall can be used to block most malicious traffic. An IDS can also be placed inside the firewall to detect firewall misconfigurations. When the IDS sensor is placed here, any alarms that go off indicate that malicious traffic has been allowed through the firewall. These alarms mean that the firewall has not been configured correctly.

8.2.3 - I D S and I P S The diagram depicts an I D S used to protect a network. An IDS is connected to a switch, which is situated in line between the firewall router and an internal router. On the outside of the firewall router is the Internet, and on the inside of the internal router is the target. The switch is also connected to a management station. An intruder starts an attack on the target computer from the Internet. The IDS sensor detects the attack and sends an alert to the management station. The management station updates the port filter on the firewall router to prevent any future attack traffic. Page 3: IPS

Unlike IDS solutions, which are reactive, IPS solutions are proactive. They block all suspicious activity in real time. An IPS is able to examine almost the entire data packet from Layer 2 to Layer 7 of the OSI model. When the IPS detects malicious traffic, it blocks the malicious traffic immediately. The IPS then sends an alert to a management station about the intrusion. The original and subsequent malicious traffic is blocked as the IPS proactively prevents attacks.

An IPS is an intrusion detection appliance, not software. The IPS is most often placed inside the firewall. This is because it can examine most of the data packet and, therefore, be used to protect server applications if malicious traffic is being sent. The firewall typically does not examine the entire data packet, whereas the IPS does. The firewall drops most of the packets that are not allowed, but may still allow some malicious packets through. The IPS has a smaller number of packets to examine, so it can examine the entire packet. This allows the IPS to immediately stop

new attacks that the firewall was not originally configured to deny. IPS can also stop attacks that the firewall is unable to deny based on limitations of the firewall.

8.2.3 - I D S and I P S The diagram depicts an I P S used to protect a network. An I P S is located between the firewall and the internal router. On the outside of the firewall router is the Internet, and on the inside of the internal router is the target. The sensor is also connected to a switch which connects to the management station. When an attacker sends an attack through the Internet to the target computer, the I P S sensor blocks the attack and sends an alert via the switch to the management station. Page 4: 8.2.3 - I D S and I P S The diagram depicts an activity in which you must determine which characteristics and features belong to I D S and to I P S. Which is a feature of an I D S solution? (Choose one.) A.All network traffic must pass through an I D S device to enter the network. B.I D S detects malicious traffic through passive traffic monitoring. C.I D S prevents intrusions by blocking all malicious activity before it makes it into the network. D.I D S notifies the attacker that they are generating malicious traffic and will be blocked if it continues. Which three statements about I P S solutions are true? (Choose three.) A.I P S solutions actively block malicious activity by being in-line with the traffic. B.I P S solutions analyze only Layer 7 of the O S I Model to identify malicious activity. C.I P S solutions protect the network from worms, viruses, malicious applications, and vulnerability exploits. D.I P S solutions proactively protect against malicious activity. 8.2.4 Wireless Security Page 1: Some ISPs offer services to create wireless hot spots for customers to log on to wireless localarea networks (WLANs). A wireless network is easy to implement, but is vulnerable when not properly configured. Because the wireless signal travels through walls, it can be accessed outside the business premises. A wireless network can be secured by changing the default settings, enabling authentication, or enabling MAC address filtering.

Changing Default Settings

The default values for the SSID, usernames, and passwords on a wireless access point should be changed. Additionally, broadcasting of the SSID should be disabled.

Enabling Authentication

Authentication is the process of permitting entry to a network based on a set of credentials. It is used to verify that the device attempting to connect to the network is trusted. There are three types of authentication methods that can be used:

• •



Open authentication - Any and all clients are able to have access regardless of who they are. Open authentication is most often used on public wireless networks. Pre-shared key (PSK) - Requires a matching, preconfigured key on both the server and the client. When connecting, the access point sends a random string of bytes to the client. The client accepts the string, encrypts it (or scrambles it) based on the key, and sends it back to the access point. The access point gets the encrypted string and uses its key to decrypt (or unscramble) it. If they match, authentication is successful. Extensible Authentication Protocol (EAP) - Provides mutual, or two-way, authentication and user authentication. When EAP software is installed on the client, the client communicates with a backend authentication server, such as RADIUS.

Enabling MAC Address Filtering

MAC address filtering prevents unwanted computers from connecting to a network by restricting MAC addresses. It is possible, however, to clone a MAC address. Therefore, other security measures should be implemented along with MAC address filtering.

8.2.4 - Wireless Security The diagram depicts scenarios of three types of wireless security: Open Authentication, Preshared Keys (PSK), and Extensive Authentication Protocol (E A P). Open Authentication A laptop wirelessly uses open authentication to connect to a wireless router that connects to a server. The laptop says, "Hi, I know your name, Can I connect? The router says, "Sure, access granted." Pre-shared Keys A woman at a laptop uses PSK to connect to a wireless router that connects to a server. The laptop says, "Hi, I would like to connect." The router says, "You can connect, but only if you know the secret key."

Extensible Authentication Protocol A woman at a laptop uses E A P to connect to a wireless router that connects to an authentication server. The laptop says, "Hi, I am user:x y z, password:cisco and I would like to connect." The router says, "I will forward your request." The authentication server says, "user: x y z, password: cisco connect to Router A is verified." Page 2: It is important to set encryption on transmitted packets sent across a wireless network. There are three major encryption types for wireless networks:







WEP - Wired Equivalent Privacy (WEP) provides data security by encrypting data that is sent between wireless nodes. WEP uses a 64, 128, or 256 bit pre-shared hexadecimal key to encrypt the data. A major weakness of WEP is its use of static encryption keys. The same key is used by every device to encrypt every packet transmitted. There are many WEP cracking tools available on the Internet. WEP should be used only with older equipment that does not support newer wireless security protocols. WPA - Wifi Protected Access (WPA) is a newer wireless encryption protocol that uses an improved encryption algorithm called Temporal Key Integrity Protocol (TKIP). TKIP generates a unique key for each client and rotates the security keys at a configurable interval. WPA provides a mechanism for mutual authentication. Because both the client and the access point have the key, it is never transmitted. WPA2 - WPA2 is a new, improved version of WPA. WPA2 uses the more secure Advanced Encryption Standard (AES) technology.

8.2.4 - Wireless Security The diagram depicts examples of two types of security methods: Wired Equivalent Privacy (W E P) and Wi Fi Protected Access (WPA/WPA2) Wired Equivalent Privacy A laptop wirelessly connects to a wireless router using W E P . The router says, "Your W E P key does match. You are allowed to connect." Another laptop tries to wirelessly connect to a wireless router. The router says, "Your W E P key does not match. You are not allowed to connect." Wi Fi Protected Access A laptop wirelessly connects to a wireless router using WPA/WPA2. The router says, "Your WPA key does match. You are allowed to connect." Another laptop tries to wirelessly connect to a wireless router. The router says, "Your WPA key does not match. You are not allowed to connect." A third laptop tries to wirelessly connect to a wireless router. The router says, "Your WPA key has expired. You are not allowed to connect."

Page 3: Packet Tracer Activity

In this activity, you will configure WEP security on both a Linksys wireless router and a workstation.

*Note: WPA is not supported by Packet tracer at this time. However, WEP and WPA are enabled by a similar process.

Click the Packet Tracer icon to begin.

8.2.4 - Wireless Security Link to Packet Tracer Exploration: Configuring W E P on a Wireless Router 8.2.5 Host Security Page 1: Regardless of the layers of defense that exist on the network, all servers are still susceptible to attack if they are not properly secured. ISP servers are especially vulnerable because they are generally accessible from the Internet. New vulnerabilities for servers are discovered every day, so it is critical for an ISP to protect its servers from known and unknown vulnerabilities whenever possible. One way they accomplish this is by using host-based firewalls.

A host-based firewall is software that runs directly on a host operating system. It protects the host from malicious attacks that might have made it through all other layers of defense. Hostbased firewalls control inbound and outbound network traffic. These firewalls allow filtering based on a computer address and port, therefore offering additional protection over regular port filtering.

Host-based firewalls typically come with predefined rules that block all incoming network traffic. Exceptions are added to the firewall rule set to permit the correct mixture of inbound and outbound network traffic. When enabling host-based firewalls, it is important to balance the need to allow the network resources required to complete job tasks, with the need to prevent applications from being left vulnerable to malicious attacks. Many server operating systems are preconfigured with a simple host-based firewall with limited options. More advanced third-party packages are also available.

ISPs use host-based firewalls to restrict access to the specific services a server offers. By using a host-based firewall, the ISP protects their servers and the data of their customers by blocking access to the extraneous ports that are available.

8.2.5 - Host Security The diagram depicts a secure router connected to a secure switch that is connected to a host that has host-based firewall. The secure switch is also connected to a secure server which also has a host-based firewall. Page 2: ISP servers that utilize host-based firewalls are protected from a variety of different types of attacks and vulnerabilities.

Known Attacks

Host-based firewalls recognize malicious activity based on updatable signatures or patterns. They detect a known attack and block traffic on the port used by the attack.

Exploitable Services

Host-based firewalls protect exploitable services running on servers by preventing access to the ports that the service is using. Some host-based firewalls can also inspect the contents of a packet to see if it contains malicious code. Web and email servers are common targets for service exploits, and can be protected if the host-based firewall is capable of performing packet inspection.

Worms and Viruses

Worms and viruses propagate by exploiting vulnerabilities in services and other weaknesses in operating systems. Host-based firewalls prevent this malware from gaining access to servers. They can also help prevent the spread of worms and viruses by controlling outbound traffic originating from a server.

Back Doors and Trojans

Back doors and Trojan Horses allow hackers to remotely gain access to servers on a network. The software typically works by sending a message to let the hacker know of a successful infection. It then provides a service that the hacker can use to gain access to the system. Hostbased firewalls can prevent a Trojan from sending a message by limiting outbound network access. It can also prevent the attacker from connecting to any services.

8.2.5 - Host Security The diagram depicts scenarios for host-based firewalls that are used to protect a server. Known Attacks A hacker attacks a server with a host-based firewall via the Internet using a known attack. The host-based firewall says, "I recognize that. You are blocked." Protect servers from many known attacks by specifically blocking the traffic over ports that are known to be associated with malicious activity. Exploitable Services A hacker attacks a server with a host-based firewall via the Internet using an attack on web service. The host based firewall says, "You are not permitted on that port. You are blocked." Protect exploitable services running on servers by preventing access to the ports that the service is using. Worms and Viruses A hacker attacks a server with a host-based firewall via the Internet using a blaster worm. The host based firewall says, "I have detected a worm and will remove it!" Prevents this malware from being able to access servers over the network and can also help prevent the spread of worms and viruses by controlling outbound traffic that originates from a server. Back Doors and Trojans A hacker attacks a server with a host-based firewall via the Internet using a Trojan client trying to connect to server. The host-based firewall says, "I am detecting a connection to an unauthorized service and will deny it." Prevent the back door or Trojan from sending a message by limiting outbound network access, or prevent the attacker from connecting to the service created by the software. Page 3:

In addition to host-based firewalls, anti-X software can be installed as a more comprehensive security measure. Anti-X software protects computer systems from viruses, worms, spyware, malware, phishing, and even spam. Many ISPs offer customers anti-X software as part of their comprehensive security services. Not all anti-X software protects against the same threats. The ISP should constantly review which threats the anti-X software actually protects against and make recommendations based on a threat analysis of the company.

Many anti-X software packages allow for remote management. This includes a notification system that can alert the administrator or support technician about an infection via email or pager. Immediate notification to the proper individual can drastically reduce the impact of the infection. Using anti-X software does not diminish the number of threats to the network but reduces the risk of being infected.

Occasionally infections and attacks still occur and can be very destructive. It is important to have an incident management process to track all incidences and the corresponding resolutions to help prevent the infection from reoccurring. Incident management is required by ISPs that manage and maintain customer data, because the ISP has committed to the protection and the integrity of the data they host for their customers. For example, if the ISP network was the target of a hacker and, as a result, thousands of credit card numbers that were stored in a database that the ISP manages were stolen, the customer would need to be notified so that they could notify the card holders.

8.2.5 - Host Security The diagram depicts a PC with the term "Virus Alert" in red on the screen. Page 4: Lab Activity

Recommend an anti-X software package for a small business.

Click the lab icon to begin.

8.2.5 - Host Security Link to Hands-on Lab: Researching an Anti-X Software Product

8.3 Monitoring and Managing the ISP

8.3.1 Service Level Agreements Page 1: An ISP and a user usually have a contract known as a service level agreement (SLA). It documents the expectations and obligations of both parties. An SLA typically includes the following parts:

• • • • • • • •

Service description Costs Tracking and reporting Problem management Security Termination Penalties for service outages Availability, performance, and reliability

The SLA is an important document that clearly outlines the management, monitoring, and maintenance of a network.

8.3.1 - Service Level Agreements The diagram depicts a Service Level Agreement (SLA), and a brief description of each part. Service Description Defines the range of services that an ISP will provide. Includes the service amount or service volume and the times when the service is and is not covered by the SLA. Availability, Performance and Reliability Availability - hours and days per month per year that service is available. Performance - a measure of service capability expectations during peak data volumes. Reliability - An example of this is the rule of five-9s, which states that the system should be operational 99.999% of the time. Tracking and Reporting Defines how often reports, such as performance reports, will be provided to the customer. Includes a written explanation of what level of network service users are experiencing. Problem Management Response time - a measure of how fast an ISP can respond to unexpected events that cause the service to stop. Defines the process that will be used to handle and resolve unplanned incidents. Defines what the different levels of problem are and who should be called for each problem level. Security Defines security measures that are the ISP responsibilities versus customer responsibilities. Determines how network services that the ISP offers fit within the security policies of the

customer and the ISP. Termination Defines termination agreement and costs if services are terminated early. Typically SLA's are renegotiated annually and coincide with the budget cycle of the customer. Penalties for Service Outages Describes the penalties for a network service failure. This is especially important if the ISP is providing services critical for business operation. Costs Describes the charges to the customer by defining services rather than equipment. The ISP is able to cost out the services needed and the customer only pays for the services they use. Page 2: Lab Activity

Examine an SLA and practice interpreting the sections of the SLA.

Click the lab icon to begin.

8.3.1 - Service Level Agreements Link to Hands-on Lab: Interpreting a Service Level Agreement 8.3.2 Monitoring Network Link Performance Page 1: The ISP is responsible for monitoring and checking device connectivity. This responsibility includes any equipment that belongs to the ISP and equipment at the customer end that the ISP agreed to monitor in the SLA. Monitoring and configuration can be performed either out-of-band with a direct console connection, or in-band using a network connection.

Out-of-band management is useful in initial configurations if the device is not accessible via the network, or if a visual inspection of the device is necessary.

Most ISPs are not able to visually inspect or have physical access to all devices. An in-band management tool allows for easier administration because the technician does not require a physical connection. For this reason, in-band management is preferred over out-of-band management for managing servers and networking devices that are accessible on the network. Additionally, conventional in-band tools can provide more management functionality than may

be possible with out-of-band management, such as an overall view of the network design. Traditional in-band management protocols include Telnet, SSH, HTTP, and Simple Network Management Protocol (SNMP).

There are many embedded tools, commercial tools, and shareware tools available that use these management protocols. For example, HTTP access is through a web browser. Some applications, such as Cisco SDM, use this access for in-band management.

8.3.2 - Monitoring Network Link Performance The diagram depicts a scenario of in-band and out-of-band monitoring and management being used on a network. The ISP connects to a gateway router which connects to a switch that then connects to several servers and hosts on a subnet. When the management station is connected as one of the hosts within the subnet, it is considered in-band monitoring and managing network devices while on the network. When the management station is connected directly to the gateway device (router), it is considered out-of-band monitoring and managing network devices while consoled into the router. Page 2: Lab Activity

Download, install, and then conduct a network capture with Wireshark.

Click the lab icon to begin.

8.3.2 - Monitoring Network Link Performance Link to Hands-on Lab: Conducting a Network Capture with Wireshark 8.3.3 Device Management Using In-band Tools Page 1: After a new network device is installed at the customer premise, it must be monitored from the remote ISP location. There are times that minor configuration changes need to be made without the physical presence of a technician at the customer site.

A Telnet client can be used over an IP network connection to connect to a device in-band for the purpose of monitoring and administering it. A connection using Telnet is called a Virtual

Terminal (VTY) session or connection. Telnet is a client/server protocol. The connecting device runs the Telnet client. To support Telnet client connections, the connected device, or server, runs a service called a Telnet daemon.

Most operating systems include an Application Layer Telnet client. On a Microsoft Windows PC, Telnet can be run from the command prompt. Other common terminal emulation applications that run as Telnet clients are HyperTerminal, Minicom, and TeraTerm. Devices such as routers run both the Telnet client and the Telnet daemon, and can act as either the client or server.

After a Telnet connection is established, users can perform any authorized function on the server, just as if they were using a command line session on the server itself. If authorized, users can start and stop processes, configure the device, and even shut down the system.

A Telnet session can be initiated using the router CLI with the telnet command followed by the IP address or domain name. A Telnet client can connect to multiple servers simultaneously. On a Cisco router, the keystroke sequence Ctrl-Shift-6 X to toggles between Telnet sessions. Additionally, a Telnet server can support multiple client connections. On a router acting as a server, the show sessions command displays all client connections.

8.3.3 - Device Management Using In-Band Tools The diagram depicts examples of telnetting across a LAN and across a WAN. Telnetting across a LAN A PC is connected to a switch which is connected to a router. The PC can telnet to the router via the switch which is LAN-based in-band management. Telnetting across a WAN A PC is connected to a WAN or Internet cloud which is connected to a router. The PC can telnet to the router via the cloud which is WAN-based in-band management. Page 2: Lab Activity

Use Telnet to manage remote network devices.

Click the lab icon to begin.

8.3.3 - Device Management Using In-Band Tools Link to Hands-on Lab: Managing Remote Network Devices with Telnet Page 3: While the Telnet protocol supports user authentication, it does not support the transport of encrypted data. All data exchanged during a Telnet session is transported as plain text across the network. This means that the data can be intercepted and easily understood, including the username and password used to authenticate the device.

If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure method for server access. SSH provides secure remote login and other network services. It also provides stronger authentication than Telnet and supports the transport of session data using encryption. As a best practice, network professionals should always use SSH in place of Telnet whenever possible.

There are two versions of the SSH server service. Which SSH version is supported depends on the Cisco IOS image loaded on the device. There are many different SSH client software packages available for PCs. An SSH client must support the SSH version configured on the server.

8.3.3 - Device Management Using In-Band Tools The diagram depicts examples of an unsecured and secured Telnet. Telnet - Unsecured A network technician PC, a hacker PC, and a remote router are connected to a network cloud. Using Telnet the hacker is able to intercept the username and password as the technician logs into the remote router. SSH - Secured A network technician PC, a hacker PC, and a remote router are connected to a network cloud. Using SSH, the hacker is not able to intercept the username and password as the technician logs into the remote router. Page 4: Lab Activity

Configure a remote router using SSH.

Click the lab icon to begin.

8.3.3 - Device Management Using In-Band Tools Link to Hands-on Lab: Configuring a Remote Router Using SSH 8.3.4 Using SNMP and Syslog Page 1: SNMP is a network management protocol that enables administrators to gather data about the network and corresponding devices. SNMP management system software is available in tools such as CiscoWorks. There are free versions of CiscoWorks available for download on the Internet. SNMP management agent software is often embedded in operating systems on servers, routers, and switches.

SNMP is made up of four main components:

• • • •

Management station - Computer with the SNMP management application loaded that is used by the administrator to monitor and configure the network. Management agent - Software installed on a device managed by SNMP. Management Information Base (MIB) - Database that a device keeps about itself concerning network performance parameters. Network management protocol - Communication protocol used between the management station and the management agent.

8.3.4 - Using SNMP and Syslog The diagram depicts a scenario of a network using various MIBs. A network cloud is connected via serial link to a gateway router. The gateway router is labeled Management Agent and Router MIB. The gateway router is connected to a switch labeled Management Agent and Switch MIB. The switch is connected to several hosts and servers. One of the servers is labeled Central MIB and one of the hosts is labeled Management Station Network Management Protocol. Page 2: The management station contains the SNMP management applications that the administrator uses to configure devices on the network. It also stores data about those devices. The management station collects information by polling the devices. A poll occurs when the management station requests specific information from an agent.

The agent reports to the management station by responding to the polls. When the management station polls an agent, the agent calls on statistics that have accumulated in the MIB.

Agents can also be configured with traps. A trap is an alarm-triggering event. Certain areas of the agent are configured with thresholds, or maximums, that must be maintained, such as the amount of traffic that can access a specific port. If the threshold is exceeded, the agent sends an alert message to the management station. Traps free the management station from continuously polling network devices.

Management stations and managed devices are identified by a community ID, called a community string. The community string on the SMNP agent must match the community string on the SMNP management station. When an agent is required to send information to a management station due to a poll or trap event, it will first verify the management station using the community string.

8.3.4 - Using SNMP and Syslog The diagram depicts how SNMP is used. An ISP managed network is connected to the Internet. A web server with an SNMP agent with the address 192.168.1.10 is attached to the switch. This ISP server is hosting the customers web site. A server labeled central MIB and an SNMP Management station with the address 192.168.1.5 are also attached to the switch. A user calls reporting a problem. The man sitting at the ISP SNMP Management station says, "My customer called and their web server is really slow!" The management station sends a request to the agent for connection statistics and includes the community string (get 192.168.1.10 2 # B719). The man sitting at the SNMP management station says, "How many users are on their webserver?" The web server with the agent says, "Does my community string match 2 # B719? Is 192.168.1.5 an IP address I know? Yes." The agent verified the community string and IP address. Agent sends the statistics for the number of connections. The man sitting at the management station says, "10,000 users? No wonder this web server is slow." Page 3: Storing device logs and reviewing them periodically is an important part of network monitoring. Syslog is the standard for logging system events. Like SNMP, syslog is an Application Layer protocol that enables devices to send information to a syslog daemon that is installed and running on a management station.

A syslog system is composed of syslog servers and syslog clients. These servers accept and process log messages from syslog clients. A syslog client is a monitored device that generates and forwards log messages to syslog servers.

Log messages normally consist of a ID, type of message, a time stamp (date, time), which device has sent the message, and the message text. Depending on which network equipment is sending the syslog messages, it can contain more items than those listed.

8.3.4 - Using SNMP and Syslog The diagram depicts the use of Syslog. A network technician is using a management station to view Syslog messages stored on a Syslog server. The information is a table with query type and query results based on entries stored on the Syslog server. The Syslog messages come from routers, Internet based systems, and switches. The clients send messages to the Syslog server.

8.4 Backups and Disaster Recovery 8.4.1 Backup Media Page 1: Network management and monitoring software helps ISPs and businesses identify and correct network issues. This software can also help to correct the causes of network failures, such as those caused by malware and malicious activity, network functionality, and failed devices.

Regardless of the cause of failure, an ISP that hosts websites or email for customers must protect the web and email content from being lost. Losing the data stored on a website could mean hundreds, or even thousands, of hours recreating the content, not to mention the lost business that results from the downtime while the content is being restored.

Losing email messages that were stored on the ISP email server could potentially be devastating for a business that relies on the data within the emails. Some businesses are legally required to maintain records of all email correspondence, so losing email data is not acceptable.

Data backup is essential. The job of an IT professional is to reduce the risks of data loss and provide mechanisms for quick recovery of any data that is lost.

8.4.1 - Backup Media The diagram depicts a brief description for each of the following data loss conditions. Hardware Failure As hardware ages the probability of hardware failure and other loss increases. Hardware failure usually means a lot of lost data. Recovering from hardware failure requires replacing the failed hardware and restoring all the data from a current backup.

User Error User error includes accidentally overwriting a file, deleting an important file, editing a file incorrectly, or deleting important information within a file. This type of data loss often represents a higher impact to the user than to the company. The company will typically loose productivity time while the user recreates or retrieves the lost data. With user error, generally a specific file or folder must be retrieved from a backup source. Theft Thieves target laptops, memory sticks, CD's and DVD's, tapes, or other data storage devices. When taking company data off site, create backup copies of all data. Keep careful track of portable data sources. It is also a good idea to encrypt all data on portable devices so that it is of no use to the thief. Malicious Activity Viruses and hackers can destroy data. Some viruses target specific types of files to corrupt. Some viruses can effect the hard drive that the data is stored on and can cause the drive to be inaccessible. Additionally, hackers can manipulate data, such as defacing a website to gain exposure. Operating System Failure A bad patch or driver update could result in serious operating system failure, preventing access to needed data. With backed up operating system files, the operating system can often be restored at a functional level. However, a reinstallation may be necessary and possibly a full restore of all the missing data. Page 2: When an ISP needs to back up its data, the cost of a backup solution and its effectiveness must be balanced. The choice of backup media can be complex because there are many factors that affect the choice.

Some of the factors include:

• • • • •

Amount of data Cost of media Performance of media Reliability of media Ease of offsite storage

There are many types of backup media available, including tapes, optical discs, hard disks, and solid state devices.

8.4.1 - Backup Media The diagram depicts images of backup media.

Page 3: Tape remains one of the most common types of backup media available. Tapes have large capacities and remain the most cost-effective media on the market. For data volumes in excess of a single tape, autoloaders and libraries can swap tapes during the backup procedure, allowing the data to be stored on as many tapes as required. These devices can be expensive and are not typically found in small to medium-sized businesses. However, depending on the volume of data, there may be no alternative other than an autoloader or library.

Tape media is prone to failure, and tape drives require regular cleaning to maintain functionality. Tapes also have a high failure rate because they wear out through use. Tapes should only be used for a fixed amount of time before removing them from circulation. Some of the different types of tapes are:

• • • •

Digital data storage (DDS) Digital audio tape (DAT) Digital linear tape (DLT) Linear tape-open (LTO)

Each type has different capacities and performance characteristics.

Optical Media Discs

Optical media is a common choice for smaller amounts of data. CDs have a storage capacity of 700 MB, DVDs can support up to 8.5 GB on a single-sided dual layer disc, and HD-DVD and Blu-Ray discs can have capacities in excess of 25 GB per disc. ISPs may use optical media for transferring web content data to their customers. Customers may also use this media to transfer website content to the ISP web hosting site. Optical media can easily be accessed by any computer system with a CD or DVD drive.

8.4.1 - Backup Media The diagram depicts images of a tape and an optical disc. Page 4: Hard Disks

Hard disk-based backup systems are becoming more and more popular because of the low cost of high-capacity drives. However, hard disks make offsite storage difficult. Large disk arrays such as direct attached storage (DAS), network attached storage (NAS), and storage area networks (SANs) are not transportable.

Many implementations of hard disk-based backup systems work in conjunction with tape backup systems for offsite storage. Using both hard disks and tapes in a tiered backup solution provides a quick restore time with the data available locally on the hard disks combined with a long-term archival solution.

Solid State Storage Devices

Solid state storage refers to all nonvolatile storage media that does not have any moving parts. Examples of solid state media range from small postage-stamp-sized drives holding 1 GB of data, to router-sized packages capable of storing 1000 GB (1TB) of data.

Solid state devices are ideal when fast storage and retrieval of data is important. Applications for solid state data storage systems include database acceleration, high-definition video access and editing, data retrieval, and SANS. High-capacity solid state storage devices can be extremely expensive, but as the technology matures, the prices will come down.

8.4.1 - Backup Media The diagram depicts images of a hard disc backup and solid state backup media. 8.4.2 Methods of File Backup Page 1: After backup media is chosen, a backup method must be selected.

Normal

A normal, or full, backup copies all selected files, in their entirety. Each file is then marked as having been backed up. With normal backups, only the most recent backup is required to restore files. This speeds up and simplifies the restore process. However, because all data is backed up, a full backup takes the most amount of time.

Differential

A differential backup copies only the files that have been changed since the last full backup. With differential backups, a full backup on the first day of the backup cycle is necessary. Only the files that are created or changed since the time of the last full backup are then saved. The differential backup process continues until another full backup is run. This reduces the amount of time required to perform the backup. When it is time to restore data, the last normal backup is restored and the latest differential backup restores all changed files since the last full backup.

Incremental

An incremental backup differs from a differential backup on one important point. Whereas a differential backup saves files that were changed since the last full backup, an incremental backup only saves files that were created or changed since the last incremental backup. This means that if an incremental backup is run every day, the backup media would only contain files created or changed on that day. Incremental backups are the quickest backup. However, they take the longest time to restore because the last normal backup and every incremental backup since the last full backup must be restored.

8.4.2 - Methods of File Backup The diagram depicts types of file backup. Normal Backup A full backup is completed daily. Differential Backup Only files changed since last full backup are backed up. Incremental Backup Only files changed since last incremental backup are backed up. Page 2: Backup systems require regular maintenance to keep them running properly. There are measures that help to ensure that backups are successful:





Swap media - Many backup scenarios require daily swapping of media to maintain a history of backed up data. Data loss could occur if the tape or disk is not swapped daily. Because swapping the tapes is a manual task, it is prone to failure. Users need to use a notification method, such as calendar or task scheduling. Review backup logs - Virtually all backup software produces logs. These logs report on the success of the backup or specify where it failed. Regular monitoring of backup logs allows for quick identification of any backup issues that require attention.





Perform trial restores - Even if a backup logs shows that the backup was successful, there could be other problems not indicated in the log. Periodically perform a trial restore of data to verify that the backup data is usable and that the restore procedure works. Perform drive maintenance - Many backup systems require special hardware to perform backups. Tape backup systems use a tape backup drive to read and write to the tapes. Tape drives can become dirty from use and can lead to mechanical failure. Perform routine cleaning of the tape drive using designated cleaning tapes. Hard drive-based backup systems can benefit from an occasional defragmentation to improve the overall performance of the system.

8.4.2 - Methods of File Backup The diagram depicts various methods of file back up. Backup room which uses swap media. Back up logs. Restore backup screen. Windows including a defrag window and disk clean up utility. Page 3: Lab Activity

Plan a backup solution for a small business.

Click the lab icon to begin.

8.4.2 - Methods of File Backup Link to Hands-on: Planning a Backup Solution 8.4.3 Cisco IOS Software Backup and Recovery Page 1: In addition to backing up server files, it is also necessary for the ISP to protect configurations and the Cisco IOS software used on networking devices owned by the ISP. The Cisco networking device software and configuration files can be saved to a network server using TFTP and variations of the copy command. The command to save the IOS file is very similar to the command to backup and save a running configuration file.

To back up Cisco IOS software, there are three basic steps:

Step 1. Ping the TFTP server where the file should be saved. This verifies connectivity to the TFTP server. Use the ping command.

Step 2. On the router, verify the IOS image in flash. Use the show flash command to view the filename of the IOS image and file size. Confirm that the TFTP server has enough disk space to store the file.

Step 3. Copy the IOS image to the TFTP server using the command:

Router# copy flash tftp

When using the copy command, the router will prompt the user for the source filename, the IP address of the TFTP server, and the destination filename.

Images stored on the TFTP server can be used to restore or upgrade the Cisco IOS software on routers and switches in a network.

The steps to upgrade an IOS image file on a router are similar to the steps used to backup the file to the TFTP server. Be sure to use the show flash command to verify the bytes available in flash and confirm that there is enough room for the IOS file before starting the upgrade or restore.

To upgrade the Cisco IOS software, use the command:

copy tftp: flash:

When upgrading, the router will prompt the user to enter the IP address of the TFTP server followed by the filename of the image on the server that should be used. The router may prompt the user to erase the flash memory if there is not sufficient memory available for both the old and the new images. As the image is erased from flash, a series of "e"s appears to indicate the erase process. When the new image is loaded, it is verified, and the networking device is ready to be reloaded with the new Cisco IOS image.

If the IOS image is lost and must be restored, a separate process, using the ROMmon mode is required.

8.4.3 - Cisco I O S Software Backup and Recovery The diagram depicts a console session with a scenario that represents the process of backing up the I O S to a TFTP server. The following are the steps and commands in the backup process. Step 1: Ping the TFTP server to verify connectivity. R1 # ping 192.168.20.254 Step 2: On the router, verify the I O S image in flash. Use the show flash command to view the filename of the I O S image and file size. R1 # show flash System flash directory: FileLengthName/status 113832032c1841-I pbase-mz.123-14.T7.bin [13832032 bytes used, 18682016 available, 32514048 total] 32768K bytes of processor board System flash (Read/Write) Step 3: Copy the I O S image to the TFTP server using the copy flash: tftp: command: R1 # copy flash: tftp: Source filename [ ]? c1841-I pbase-mz.123-14.T7.bin Address or name of remote host [ ] 192.168.20.254 Destination filename [c1841-I pbase-mz.123-14.T7.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!! 13832032 bytes copied in 113.061 secs (122341 bytes/sec) [13832032 bytes used, 18682016 available, 32514048 total] 32768K bytes of processor board System flash (Read/Write) Page 2: Lab Activity

Use a TFTP to backup and restore a Cisco IOS image.

Click the lab icon to begin.

8.4.3 - Cisco I O S Software Backup and Recovery Link to Hands-on Lab: Managing Cisco I O S Images with TFTP Page 3:

If the router is set to boot up from flash, but the Cisco IOS image in flash is erased, corrupted, or inaccessible because of lack of memory, the image may need to be restored. The quickest way to restore a Cisco IOS image to the router is by using TFTP in ROM monitor (ROMmon) mode.

The ROMmon TFTP transfer works on a specified LAN port, and defaults to the first available LAN interface. To use TFTP in ROMmon mode, the user must first set a few environmental variables, including the IP address, and then use the tftpdnld command to restore the image.

To set a ROMmon environment variable, type the variable name, an equal sign (=), and the value for the variable. For example, to set the IP address to 10.0.0.1, type IP_ADDRESS=10.0.0.1.

The required environment variables are:

• • • • •

IP_ADDRESS - IP address on the LAN interface IP_SUBNET_MASK - Subnet mask for the LAN interface DEFAULT_GATEWAY - Default gateway for the LAN interface TFTP_SERVER - IP address of the TFTP server TFTP_FILE - Cisco IOS filename on the server

Use the set command to view and verify the ROMmon environment variables.

After the variables are set, the tftpdnld command is entered. As each datagram of the Cisco IOS file is received, an exclamation point (!) is displayed. As the Cisco IOS file is copied, the existing flash is erased. This includes all files that may be present in flash memory, not just the current IOS file. For this reason, it is important to back up these files to a TFTP server for safekeeping, in the event that it becomes necessary to restore the IOS image.

When the ROMmon prompt appears (rommon 1>), the router can be restarted using the reset command or typing i. The router should now boot from the new Cisco IOS image in flash.

8.4.3 - Cisco I O S Software Backup and Recovery The diagram depicts a console session with a router and ROMmon mode prompt. Listed are the commands to set the ROMmon variables and then restore the I O S from a TFTP server. Set Variables: rommon1> IP_ADDRESS=192.168.1.2 rommon2> IP_SUBNET_MASK=255.255.255.0

rommon3> DEFAULT_GATEWAY=192.168.1.1 rommon4> TFTP_SERVER=192.168.1.1 rommon5> TFTP_FILE= c1841-I pbase-mz.123-14.T7.bin Download I O S: Rommon7 > tftpdnld IP_ADDRESS: 192.168.1.2 IP_SUBNET_MASK: 255.255.255.0 DEFAULT_GATEWAY: 192.168.1.1 TFTP_SERVER: 192.168.1.1 TFTP_FILE: c1841-I pbase-mz.123-14.T7.bin Invoke this command for disaster recovery only. WARNING: all existing data in all partitions on flash will be lost! Do you wish to continue? y/n: [n] Receiving c1841-I pbase-mz.123-14.T7.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! File reception completed. Copying file c1841-I pbase-mz.123-14.T7.bin to flash. Erasing flash at 0x607c0000 program flash location 0x605a00000 Page 4: Lab Activity

Use ROMmon and tftpdnld to manage an IOS image.

Click the lab icon to begin.

8.4.3 - Cisco I O S Software Backup and Recovery Link to Hands-on Lab: Managing Cisco I O S Images with ROMMON and TFTP 8.4.4 Disaster Recovery Plan Page 1: Data backup is an important part of any disaster recovery plan. A disaster recovery plan is a comprehensive document that describes how to restore operation quickly and keep a business running during or after a disaster occurs. The objective of the disaster recovery plan is to ensure that the business can adapt to the physical and social changes that a disaster causes. A disaster can include anything from natural disasters that affect the network structure to malicious attacks on the network itself.

The disaster recovery plan can include information such as offsite locations where services can be moved, information on switching out network devices and servers, and backup connectivity options. It is important when building a disaster recovery plan to fully understand the services that are critical to maintaining operation. Services that might need to be available during a disaster include:

• • • • • •

Databases Application servers System management servers Web Data stores Directory

8.4.4 - Disaster Recovery Plan The diagram depicts the network infrastructure of a building labeled Headquarters, and how it directly translates to corresponding backup devices at the back up site. Page 2: When designing a disaster recovery plan, it is important to understand the needs of the organization. It is also important to gain the support necessary for a disaster recovery plan. There are several steps to accomplish designing an effective recovery plan.

• •







Vulnerability assessment - Assess how vulnerable the critical business processes and associated applications are to common disasters. Risk assessment - Analyze the risk of a disaster occurring and the associated effects and costs to the business. Part of a risk assessment is creating a list of the top-ten potential disasters and the effects, including the scenario of the business being completely destroyed. Management awareness - Use the information gathered on vulnerability and risks to get senior management approval on the disaster recovery project. Maintaining equipment and locations in the event of a possible disaster recovery could be expensive. Senior management must understand the possible effect of any disaster situation. Planning group - Establish a planning group to manage the development and implementation of the disaster recovery strategy and plan. When a disaster occurs, be it small or large scale, it is important that individuals understand their roles and responsibilities. Prioritize - Assign a priority for each disaster scenario, such as mission critical, important, or minor, for the business network, applications, and systems.

The disaster recovery planning process should first engage the top managers, and then eventually include all personnel that work with critical business processes. Everyone must be involved and support the plan for it to be successful.

8.4.4 - Disaster Recovery Plan The diagram depicts images representing vulnerability assessment, risk assessment, management awareness, planning group, and prioritizing. Page 3: After the services and applications that are most critical to a business are identified, that information should be used to create a disaster recovery plan. There are five major phases to creating and implementing a disaster recovery plan:

Phase 1 - Network Design Recovery Strategy

Analyze the network design. Some aspects of the network design that should be included in the disaster recovery are:

• • • •

Is the network designed to survive a major disaster? Are there backup connectivity options and is there redundancy in the network design? Availability of offsite servers that can support applications such as email and database services. Availability of backup routers, switches, and other network devices should they fail. Location of services and resources that the network needs. Are they spread over a wide geography?

Phase 2 - Inventory and Documentation

Create an inventory of all locations, devices, vendors, used services, and contact names. Verify cost estimates that are created in the risk assessment step.

Phase 3 - Verification

Create a verification process to prove that the disaster recover strategy works. Practice disaster recovery exercises to ensure that the plan is up to date and workable.

Phase 4 - Approval and Implementation

Obtain senior management approval and develop a budget to implement the disaster recovery plan.

Phase 5 - Review

After the disaster recovery plan has been implemented for a year, review the plan.

8.4.4 - Disaster Recovery Plan The diagram depicts images representing network design recovery strategy, inventory and documentation, verification, approval and implementation, and review. Page 4: 8.4.4 - Disaster Recovery Plan The diagram depicts an activity in which you must match an action associated with each phase of creating a disaster recovery phase. Phases: A. Network Design Recovery Strategy B. Inventory and Documentation C. Approval and Implementation D. Verification E. Review Actions: One. Verify cost estimates of inventory and used services Two. Practice disaster recovery exercises Three. After implementation for a specified period of time, review the plan Four. Develop a budget to implement the recovery plan Five. Determine the availability of backup routers, switches, and other network devices should they fail.

8.5 Chapter Summary 8.5.1 Summary Page 1: 8.5.1- Summary Diagram 1, Image The diagram depicts the My Document Properties window, the Windows login, and the system properties window.

Diagram 1 text Desktop security services for customers, include: creating secure passwords, securing applications with patches and upgrades, removing unnecessary applications, performing security scans and setting appropriate permissions on resources. When assigning permissions to files and folders, a security best practice is to apply permissions based on the principle of least privilege. Diagram 2, Image The diagram depicts an authentication service verifying a username and password on its database of valid users. Diagram 2 text Authentication, authorization, and accounting (AAA) is a three-step process used to monitor and control access on a network. It requires a database to keep track of user credentials, permissions, and account statistics. Digital encryption is the process of encrypting transmitted data between the clients and servers. Many protocols offer secure versions. As a best practice, use the secure version of a protocol whenever the data being exchanged is meant to be confidential. Diagram 3, Image The diagram depicts an example of a denial of service attack and port filtering. Diagram 3 text There are many security threats including D o S, DD o S, D R D o S attacks. Port Filters and Access Lists are used to help protect against security threats. Port filtering can restrict or allow traffic based on TCP or UDP port. Access lists define traffic that is permitted or denied based on IP addresses as well as TCP or UDP ports. Diagram 4, Image The diagram depicts an example of an intrusion detection system and an intrusion prevention system. Diagram 4 text A firewall is network hardware or software that defines what traffic can come into and go out of sections of the network. I D S is a software- or hardware-based solution that passively listens to network traffic. It does not stop the initial traffic from passing through to the destination. I P S is an active physical device or software feature. Traffic actually passes through I P S interfaces and the I P S can block all suspicious activity in real time. A host-based firewall and Anti-X software runs directly on a host operating system and protects the host from malicious attacks that might have made it through all other layers of defense. Diagram 5, Image The diagram depicts examples of in-band monitoring and managing network devices while on the network. Diagram 5 text A service level agreement (SLA) is an agreement between a service provider and a service user that clearly documents the expectations and obligations. ISP's monitor and check connectivity of devices. They accomplish this through in-band or outof-band management. In-band management is preferred for managing servers accessible on the

network. Diagram 6, Image The diagram depicts types of back up media. Diagram 6 text There are several backup solutions available including: tape, optical, hard disk, and solid state media. There are also three methods of backing up data, including: full backup, differential backup, and incremental backup. A combination of all three backup methods is generally recommended. Diagram 7, Image The diagram depicts the headquarters network and how it directly relates to a diagram of the back up site. Diagram 7 text A disaster recovery plan is a comprehensive document that describes how to restore operation quickly and keep a business running during or after a disaster occurs. Assess the vulnerabilities, assess the risk, ensure management awareness, establish a planning group, and prioritize needs when creating a disaster recovery plan.

8.6 Chapter Quiz 8.6.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

8.6.1 - Quiz Chapter 8 Quiz: ISP Responsibility 1.What command can an administrator issue to find the filename of the I O S that is currently running before backing up the I O S to a TFTP server? a.show running-config b.show startup-config c.show sessions d.show flash 2.While downloading an I O S image from a TFTP server, an administrator sees long strings of the letter 'e' output to the console. What does this mean? a.The I O S image is corrupt and is failing error checking. b.There is a communication error between the router and the TFTP server. c.The router is erasing the flash memory. d.The file is being encrypted before being downloaded to the router.

3.Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it? a.authentication b.authorization c.accounting d.assigning permissions 4.Which two statements describe out-of-band network management? (Choose two.) a.does not require a physical connection b.preferred over in-band management for managing services c.used for initial device configuration d.uses a direct console connection e.provides greater functionality than in-band management 5.Which two are duties of an SNMP management agent? (Choose two.) a.collects information for the management station by polling devices b.permits access to devices by assigning each a community ID c.reports to the management station by responding to polls d.runs the applications that the administrator uses to configure devices on the network e.sends an alert message to the management station if a threshold is exceeded 6.What is the "principle of least privilege"? a.the use of only a single server to store shared data for a local network b.all local users should have open access to shared data c.give each user access to only those resources needed to do his or her job d.when more than one user needs access to the same data, access should be first come, first served 7.Match the AAA term to the correct definition. Note that all terms will not be used. AAA Terms a.auditing b.accounting c.authorization d.authentication e.access control f.acknowledgement Definitions a.username and password b.who used what network resource c.rights to a specific network resource 8.When MPLS is configured on a router, what is true about the MTU? a.The MTU size on the serial interface is automatically decreased and must manually be increased. b.The MTU size will not be affected for the WAN and LAN interfaces. c.The MTU size on a LAN interface must be manually increased using the mpls mtu command. d.The MTU size stays the same for both the LAN and WAN interfaces. 9.The CEO of Quickclips, Inc. decides that the company's backup process needs to allow for a very quick restoration of lost data. He is willing to accept a lengthier time for the backup process itself. Which type of backup should be implemented? a.partial b.differential

c.incremental d.full 10.The IT manager performs a full backup on Monday and differential backups on Tuesday, Wednesday, and Thursday. On Friday morning, the server crashes and all of the data must be restored. In which sequence should the backup tapes be restored? a.the full backup tape from Monday, and then differential tapes from Thursday, Wednesday, and Tuesday b.the differential tape from Thursday, and then the full backup tape from Monday c.the full backup tape from Monday, and then the differential tape from Thursday d.only the full backup tape from Monday e.only the differential tape from Thursday 11.Where is the safest place to store backups? a.portable lock box b.locked telecommunications room c.locked server room d.offsite secure facility 12.Which firewall filtering technology keeps track of the actual communication process occurring between the source and destination devices and stores it in a table? a.access-list filtering b.stateful filtering c.URL filtering d.content filtering 13.Why is risk assessment critical to disaster recovery planning? a.It contains management approval to implement the plan. b.It identifies the high priority applications that must be restored quickly. c.It outlines the roles of each member of the disaster recovery team. d.It identifies the likely disasters that could occur and their effect on the business. 14.Why would a business choose an I P S instead of an I D S? (Choose two.) a.An I P S identifies and blocks malicious activity. b.An I P S is installed out-of-band and does not affect network traffic throughput. c.An I D S cannot stop some malicious traffic from getting through. d.An I D S is an in-band device that can affect network traffic. e.An I D S device must be installed outside the firewall to monitor traffic. End

CCNA Discovery - Working at a Small-toMedium Business or ISP 9 Troubleshooting 9.0 Introduction 9.0.1 Introduction Page 1:

9.0.1 - Introduction Troubleshooting configuration or operation problems requires the application of networking knowledge and skills. Employers value networkers who can troubleshoot in an organized manner to identify symptoms, isolate the causes, and fix the problems quickly. Cisco Career Certifications bring valuable, measurable rewards to network professionals and the organizations that employ them. Practicing troubleshooting can help prepare you to successfully obtain a Cisco Certified Entry Networking Technician (CCENT) certification. After completion of this chapter, you should be able to: Use the O S I Model as a framework for troubleshooting network problems. Identify and correct problems with hardware and operation at Layer 1 and Layer 2. Troubleshoot IP addressing problems, including subnet mask, host range errors, DHCP, and NAT issues. Identify and correct problems with RIPv2 configuration and implementation. Explain possible causes of problems occurring with user applications and how to recognize symptoms of DNS failures. Create a plan to prepare to take the I CND1 examination in order to obtain a C CENT certification.

9.1 Troubleshooting Methodologies and Tools 9.1.1 The OSI Model and Troubleshooting Page 1: One of the most important abilities for a network professional to develop is the ability to efficiently troubleshoot network problems. Good network troubleshooters are always in high demand. For this reason, Cisco certification exams measure the ability to identify and correct network problems.

When troubleshooting, many technicians use the OSI and TCP/IP networking models to help isolate the cause of a problem. Logical networking models separate network functionality into modular layers. Each layer of the OSI or TCP/IP model has specific functions and protocols. Knowledge of the features, functions, and devices of each layer, and how each layer relates to the layers around it, help a network technician to troubleshoot more efficiently.

This chapter uses the OSI and TCP/IP models to provide the structure for troubleshooting activities. Before beginning, review the material on the OSI and TCP/IP models in CCNA Discovery: Networking for Home and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP.

9.1.1 - The O S I Model and Troubleshooting The diagram depicts a brief description of the functions and protocols of each layer of the O S I Model and the TCP/IP Model. O S I Model Application Layer Defines interfaces between application software and network communication functions. Provides standardized services such as file transfer between systems. Presentation Layer Standardizes user data formats for use between different types of systems. Encodes and decodes user data; encrypts and decrypts data; compresses and decompresses data. Session Layer Manages user sessions and dialogues. Manages links between applications. Transport Layer Manages end-to-end message delivery over the network. Can provide reliable and sequential packet delivery through error recovery and flow control mechanisms. Network Layer Provides logical network addressing. Routes packets between networks based on logical addressing. Data Link Layer Defines procedures for operating the communication links. Detects and corrects frame transmit errors. Adds physical addresses to frame. Physical Layer Defines physical means of sending data over network devices. Interfaces between network medium and devices. Defines optical, electrical, and mechanical characteristics for both wired and wireless media. Includes all forms of electromagnetic transmission such as light, electricity, infrared, and radio waves. TCP/IP Model Application This layer has the same functionality as the Application, Presentation, and Session Layers of the O S I Model. Transport This layer has the same functionality as the Transport Layer of the O S I Model. Internet This layer has the same functionality as the Network Layer of the O S I Model. Network Access This layer has the same functionality as the Data Link and Physical Layers of the O S I Model.

Page 2: OSI Reference Model as a Troubleshooting Tool

The OSI reference model provides a common language for network technicians and engineers. It is important to understand the functions that occur and the networking devices that operate at each layer of the OSI model.

The upper layers (5-7) of the OSI model deal with specific application functionality and are generally implemented only in software. Problems isolated to these layers can frequently be caused by end-system software configuration errors on clients and servers.

The lower layers (1-4) of the OSI model handle data-transport issues.

The Network Layer (Layer 3) and the Transport Layer (Layer 4) are generally implemented only in software. In addition to software errors on end systems, software configuration errors on routers and firewalls account for many problems isolated to these layers. IP addressing and routing errors occur at Layer 3.

The Physical Layer (Layer 1) and Data Link Layer (Layer 2) are implemented in both hardware and software. The Physical Layer is closest to the physical network medium, such as the network cabling, and is responsible for actually placing information on the medium. Hardware problems and incompatibilities cause most Layer 1 and Layer 2 problems.

9.1.1 - The O S I Model and Troubleshooting The diagram depicts the use of the O S I Model as a troubleshooting tool. Each network device is matched with the O S I Model layers, on which it functions, that could be troubleshooting targets. A Router functions on the following layers: Layer 4: Transport. Layer 3: Network. Layer 2: Data Link. Layer 1: Physical. A Firewall functions on the following layers: Layer 4: Transport. Layer 3: Network. Layer 2: Data Link. Layer 1: Physical.

A Standard Switch functions on the following layers: Layer 2: Data Link. Layer 1: Physical. A Hub functions on the following layer: Layer 1: Physical. An End System functions on the following layers: Layer 7: Application. Layer 6: Presentation. Layer 5: Session. Layer 4: Transport. Layer 3: Network. Layer 2: Data Link. Layer 1: Physical. Page 3: 9.1.1 - The O S I Model and Troubleshooting The diagram depicts an activity in which you must identify which layer each of the following protocols or forms of technology belongs. Layer Options. One.Physical Layer. Two.Data Link Layer. Three.Network Layer. Four.Transport Layer. Five.Upper Layers. Protocols and Forms of Technology. A.Radio waves. B.Hubs. C.Repeaters. D.Twisted pair cable. E.Electrical signaling. F.Ethernet. G.LAN Switching. H.MAC addresses. I.Network interface cards. J.Frames. K.Routing. L.IP addresses. M.Packets. N.Port numbers. O.TCP. P.UDP. Q.Telnet. R.Client software. S.SMTP. T.FTP. U.HTTP.

Page 4: Lab Activity Using the worksheet provided, organize the CCENT objectives by which layer or layers they address.

Click the Lab icon to begin.

9.1.1 - The O S I Model and Troubleshooting Link to Hands-on Lab: Organize the CCENT objectives by O S I Layer 9.1.2 Troubleshooting Methodologies Page 1: There are three main troubleshooting approaches when using network models:

• • •

Top-down Bottom-up Divide-and-conquer

Each method assumes a layered concept of networking. Using one of these troubleshooting methods, a troubleshooter can verify all functionality at each layer until the problem is located and isolated.

Top-down - Starts with the Application Layer and works down. It looks at the problem from the point of view of the user and the application. Is it just one application that is not functioning, or do all applications fail? For example, can the user access various web pages on the Internet, but not email? Do other workstations have similar issues?

Bottom-up - Starts with the Physical Layer and works up. The Physical Layer is concerned with hardware and wire connections. Are cables securely connected? If the equipment has indicator lights, are those lights on or off?

Divide-and-Conquer - Typically troubleshooting begins at one of the middle layers and works up or down from there. For example, the troubleshooter may begin at the Network Layer by verifying IP configuration information.

The structure of these approaches makes them ideally suited for the novice troubleshooter. More experienced individuals often bypass structured approaches and rely on instinct and experience.

9.1.2 - Troubleshooting Methodologies The diagram depicts the operation, suitable cases, advantages and disadvantages, as well as the layers that are involved for each of the following troubleshooting approaches: top-down, divideand-conquer, and bottom-up. If you start at the Application, Presentation, or Session O S I Layers: Troubleshooting Approach: Top-down How it operates: Always starts at the application layer and works its way down until it finds a faulty layer. Cases for which it is suitable: More suitable for simpler problems or those that are suspected to be application/user or upper-layer related. Advantages/ Disadvantages: If the problem turns out to be related to lower layers, you have wasted a lot of time and effort at the upper or application layers. If you start at the Transport, Network, or Data Link O S I Layers: Troubleshooting Approach: Divide-and-conquer How it operates: Based on the circumstances (reported issues) and your experience, you might decide to start at any layer and work up or down the O S I stack. Cases for which it is suitable: Most suitable when you are experienced and the problem has precise symptoms. Advantages/ Disadvantages: It targets the problem layer faster than the other approaches. You need experience to use this approach effectively. If you start at the Physical O S I Layer: Troubleshooting Approach: Bottom-up How it operates: Always starts at the Physical Layer and works its way up until it finds a faulty layer. Cases for which it is suitable: More suited for complex cases. Advantages/ Disadvantages: It is a slow, but solid approach. When the problem is applicationrelated (or upper layer-related), this approach can take a long time. Page 2: 9.1.2 - Troubleshooting Methodologies The diagram depicts an activity with a scenario in which customers report that they are unable to view web pages from a web server located at the ISP . You must determine what category of troubleshooting method was used by the technicians in each of the following scenarios. Troubleshooting Methods.

One.Bottom-up. Two.Top-down. Three.Divide-and-conquer. Troubleshooting Scenarios. A.The technician suspects that a firewall is causing the problem, and checks the firewall configuration. B.The technician checks the cable connections between the web server and the directly connected switch. C.The technician pings the server and then pings the switch located at the customer site. D.The technician calls the customer in order to determine if only web applications are affected. E.The technician checks the lights on the network interface card in the web server. F.The technician verifies that the server has the correct DNS entry and that it is resolving the name. 9.1.3 Troubleshooting Tools Page 1: It is very difficult to troubleshoot any type of network connectivity issue without a network diagram that depicts the IP addresses, IP routes, and devices, such as firewalls and switches. Logical and physical topologies are extremely useful in troubleshooting.

Physical Network Topologies

A physical network topology shows the physical layout of the devices connected to the network. Knowing how devices are physically connected is necessary for troubleshooting problems at the Physical Layer, such as cabling or hardware problems. Physical network topologies typically include:

• • • • • •

Device types Models and manufacturers of devices Locations Operating system versions Cable types and identifiers Cabling endpoints

Logical Network Topologies

A logical network topology shows how data is transferred on the network. Symbols are used to represent network elements such as routers, servers, hubs, hosts, and security devices. Logical network topologies typically include:

• • • • • • •

Device identifiers IP addresses and subnet masks Interface identifiers Routing protocols Static and default routes Data-link protocols WAN technologies

9.1.3 - Troubleshooting Tools The diagram depicts examples of physical and logical topologies. Physical Topology - The actual physical wired topology of the network between the Internet, offices, and classrooms of a school. Routers, servers, printers, and other hosts are connected to the hubs and switches on the network. Logical Topology - Addressing information, such as subnets and broadcast domains, that is necessary on a network. Page 2: In addition to network diagrams, other tools may be needed to effectively troubleshoot network performance issues and failures. Network Documentation and Baseline Tools

Network documentation and baseline tools are available for Windows, Linux, and UNIX operating systems. CiscoWorks can be used to draw network diagrams, keep network software and hardware documentation up to date, and help to cost-effectively measure baseline network bandwidth use. These software tools often provide monitoring and reporting functions for establishing the network baseline.

Network Management System Tools

Network Management System (NMS) tools monitor network performance. They graphically display a physical view of the network devices. If a failure occurs, the tool can locate the source of the failure and determine whether it was caused by malware, malicious activity, or a failed device. Examples of commonly used network management tools are CiscoView, HP Openview, SolarWinds, and WhatsUp Gold.

Knowledge Bases

Network device vendor knowledge bases have become indispensable sources of information. When online knowledge bases are combined with Internet search engines, a network administrator has access to a vast pool of experience-based information.

Protocol Analyzers

A protocol analyzer decodes the various protocol layers in a recorded frame and presents this information in a relatively easy-to-use format. Protocol analyzers can capture network traffic for analysis. The captured output can be filtered to view specific traffic or types of traffic based on certain criteria; for example, all traffic to and from a particular device. Protocol analyzers, such as Wireshark, provide detailed troubleshooting information about the data being communicated on the network. An example of the types of information that can be viewed using a protocol analyzer is the setup and termination of a TCP session between two hosts.

9.1.3 - Troubleshooting Tools The diagram depicts examples of software troubleshooting tools. Baseline Tools. Solar Winds LAN surveyor (Automated Network Mapping Tool). Solar Winds CyberGauge (Bandwidth Monitoring Tool). NMS. WhatsUp Gold NMS Device Status Display. Knowledge Base. Support Tools & Resources web page from the Cisco Systems website. Protocol Analyzer. Wire shark Protocol Analyzer. Page 3: Lab Activity

Use Wireshark to observe the TCP/IP three-way handshake.

Click the Lab icon to begin.

9.1.3 - Troubleshooting Tools Link to Hands-on Lab: Using Wire shark to Observe the TCP/IP Three-way Handshake Page 4: Sometimes failures in the lower layers of the OSI model cannot be easily identified with software tools. In these instances, it may be necessary to use hardware troubleshooting tools, such as cable testers, multimeters, and network analyzers.

Cable Testers

Cable testers are specialized, handheld devices designed for testing the various types of data communication cabling. Cable testers can be used to detect broken wires, crossed-over wiring, shorted connections, and improperly paired connections. More sophisticated testers, such as a time-domain reflectometer (TDR), can pinpoint the distance to a break in a cable. Cable testers can also determine the length of a cable.

Digital Multimeters

Digital multimeters (DMMs) are test instruments that directly measure electrical values of voltage, current, and resistance. In network troubleshooting, most of the multimeter tests involve checking power-supply voltage levels and verifying that network devices are receiving power.

Portable Network Analyzers

By plugging a network analyzer into a switch anywhere on the network, a network engineer can see the average and peak utilization of the segment. The analyzer can also be used to identify the devices producing the most network traffic, analyze network traffic by protocol, and view interface details. Network analyzers are useful when troubleshooting problems caused by malware or denial-of-service attacks.

9.1.3 - Troubleshooting Tools The diagram depicts examples of hardware troubleshooting tools. Multimeter. Fluke 179 Digital Multimeter. Cable Tester. Fluke Networks LinkRunner Pro Tester.

Fluke Networks Cable IQ Qualification Tester. Network Analyzer Fluke Networks Opti-View Series III Integrated Network Analyzer 9.1.4 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.1.

Click the lab icon to download a CCENT Preparation Guide.

9.1.4 - Certification Study Guide Link to Hands-on Lab: CCENT Study Guide 1 Download the CCENT Study Guide for Section 9.1.

9.2 Troubleshooting Layer 1 and Layer 2 Issues 9.2.1 Layer 1 and 2 Problems Page 1: The Physical and the Data Link Layers encompass both hardware and software functions. All network communications rely on the technologies at these layers to function. A network technician must be able to quickly isolate and correct problems occurring at these layers.

The Physical Layer, or Layer 1, is responsible for the physical and electrical specifications for the transmission of bits from one host to another over the physical medium, either wired or wireless. Network problems occurring at Layer 1 can cause the loss of network connectivity, or simply cause network performance to degrade.

The types of problems that occur at Layer 1 are directly related to the type of technology used. For example, Ethernet is a multi-access technology. Ethernet protocols use an algorithm to sense when there are no other signals on the wire to begin a transmission. However, it is possible for two devices to begin sending at the exact same time, causing a collision. When a collision occurs, all devices stop transmitting and wait a random amount of time before transmitting again. Because Ethernet can detect collisions and respond to them, Ethernet is often referred to as Carrier Sense Multiple Access with Collision Detection (CSMA/CD).

However, excessive collisions can cause network performance to degrade. Collisions can be a significant problem on shared media, such as a hub network, more so than on switched ports.

9.2.1 - Layer 1 and 2 Problems The diagram depicts possible causes of problems found on Layer 1, the Physical Layer. Problem: Performance lower than baseline Inadequate cable or poor terminations can result in errors that increase the rate of retransmissions. Electrical interference may cause poor performance over copper links. Cabling that exceeds the recommended standard distance limitations can cause attenuation problems. In a wireless network, interference or a significant increase in traffic can cause network responses to degrade. Problem: Loss of connectivity Intermittent loss can be caused by power-related problems, such as a failing UPS or power supply, resulting in a device reboot or temporary link or device failure. Loose connections and tension on the connectors and wires can also cause intermittent loss. For wireless coverage areas, intermittent connectivity can be caused by overlapping wireless channels. Complete loss can be caused by a cable connection failure or a failed device or interface. Problem: High collision counts Average collision counts on shared media should generally be below 1% of total traffic. Collision-based problems are often traced to a single source, such as a bad uplink cable on a hub or switch port, or a link that is exposed to external electrical noise. Too many hosts on a single shared segment can contribute to high collision rates. Duplex mismatches between devices can cause collisions to be recorded on a switch link. A full-duplex switch port should have no collisions. Problem: Network bottlenecks or congestion When congestion occurs, frames can be dropped. Unexpected high rates of traffic on devices or cables not designed to handle the load can cause congestion. Malware, such as Trojans and worms can cause Layer 1 devices and cabling to become congested. A protocol analyzer can assist in finding the source of high traffic related problems. Problem: High CPU utilization rates High CPU utilization indicates that a device is operating at or exceeding its design limits. CPU overloading can cause a device to shut down or fail. Problem: Console error messages Error messages reported on the device console can indicate a Physical Layer problem. Messages indicating that a device or protocol is down indicate interface or cabling problems. Page 2: The Data Link Layer, or Layer 2, specifies how the data is formatted for transmission over the network media. It also regulates how access to the network is granted. Layer 2 provides the link between the Network Layer software functions and the Layer 1 hardware for both LAN and WAN applications. To effectively troubleshoot Layer 1 and Layer 2 problems, technicians must be familiar with cabling standards, and encapsulation and framing.

After a technician verifies that Layer 1 is functioning, it must be determined if the problem resides in Layer 2 or one of the higher layers. For example, if a host can ping the local loopback address, 127.0.0.1, but cannot access any services over the network, the problem may be isolated to Layer 2 framing issues or a misconfigured interface card. Network analyzers and other online tools can locate the source of a Layer 2 issue. In some instances, a device recognizes that a Layer 2 problem occurred and sends alert messages to the console.

9.2.1 - Layer 1 and 2 Problems The diagram depicts possible causes of problems found on Layer 2, the Data Link Layer. Problem: No functionality or connectivity at the Network Layer or above Misconfigured network cards or faulty NIC drivers can stop the exchange of frames across a link. Encapsulation errors on serial or WAN links can also cause connectivity to fail over operational circuits. Problem: Network operating below baseline performance levels Interfaces dropping frames that exceed the capacity of the interface or have CRC or framing errors can cause poor network performance. These problems can be identified through error counter statistics and console error messages on the switch or router. Faulty NICs, interface errors, and electric noise are common Layer 1 hardware issues that can create Layer 2 framing errors in the network. Problem: Excessive broadcasts Large Layer 2 network segments can contribute to excessive broadcasts. Viruses and worms can add excessive broadcast traffic to the network. Problem: Console error messages Console messages typically occur when the device detects a problem with interpreting incoming frames because of encapsulation or framing problems. Messages also occur when keepalives are expected but do not arrive. The most common console message that indicates a Layer 2 problem is a line protocol down message. Page 3: 9.2.1 - Layer 1 and 2 Problems The diagram depicts an activity in which you must match each Layer 1 or Layer 2 problem to a possible symptom. Each symptom may indicate two possible problems. Symptoms. One. Intermittent loss of connectivity. Two. Excessive collisions on an interface. Three. Console message indicating a protocol is down. Layer 1 or Layer 2 problems. A. Failing UPS or power supply. B. Loose cable. C. Too many hosts on a shared network segment. D. Duplex mismatch.

E. No keepalive signals are being received. F. Encapsulation mismatch. 9.2.2 Troubleshooting Device Hardware and Boot Errors Page 1: Network problems often occur after a device is restarted. Restarts can happen intentionally after an upgrade, or unexpectedly after a power failure. To troubleshoot device hardware failures and boot errors, it is first necessary to review the process that Cisco IOS devices use during startup. The bootup process has three stages:

1. Performing the POST and loading the bootstrap program.

2. Locating and loading the Cisco IOS software.

3. Locating and loading the startup configuration file or entering setup mode.

When booting any Cisco networking device, it is helpful to observe the console messages that appear during the boot sequence. After the Cisco IOS software is loaded, the technician can use commands to verify that the hardware and software are fully operational.

The show version command displays the version of the operating system and whether all interface hardware is recognized.

The show flash command displays the contents of the Flash memory, including the Cisco IOS image file. It also displays the amount of Flash memory currently being used and the amount of memory available.

The show ip interfaces brief command shows the operational status of the device interfaces and IP addresses assigned.

The show running-configuration and show startup-configuration commands verify whether all the configuration commands were recognized during the reload.

When a device fails to boot correctly and creates a network outage, replace the device with a known good device to restore services to end users. After service is restored, then take the time to troubleshoot and repair the failed device.

9.2.2 - Troubleshooting Device Hardware and Boot Errors The diagram depicts the three stages of the boot up process, including the console screen output. Stage 1 ROMPOSTPerform PostPerform POST ROMBootstrapLoad BootstrapExecute Bootstrap Loader Console screen output: System Bootstrap, Version 12.3 (8r) T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/1684K bytes of memory. Stage 2 The I O S can be loaded from Flash or a TFTP server. Flash, Cisco Internetwork Operating System, Locate and load Operating system TFTP Server, Cisco Internetwork Operating System, Locate and load Operating system Console screen output: System Bootstrap, Version 12.3 (8r) T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image: ### [OK] Stage 3 The configuration file can be loaded from NV RAM, a TFTP server or the console. NV RAM Configuration > Locate, load and execute the Configuration file or enter "setup" mode TFTP Server Configuration > Locate, load and execute the Configuration file or enter "setup" mode Console Configuration > Locate, load and execute the Configuration file (configuration commands entered from the console host keyboard) or enter "setup" mode Console screen output: System Bootstrap, Version 12.3 (8r) T8, RELEASE SOFTWARE (fcl) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image: ### [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set fourth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at F A R Sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at D F A R S sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

Cisco I O S Software, 1840 Software (C1841-IP BASE-M), Version 12.3 (14) T7, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team Image text-base: 0x6007D180, data-base: 0x61400000 Port Statistics for unclassified packets is not turned on. Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial (sync/async) network interface(s) 191K bytes of NV RAM/ 31360K bytes of A T A CompactFlash (Read/Write) Cisco I O S Software, 1841 Software (C1841-IP BASE-M), Version 12.3 (14) T7, RELEASE SOFTWEAR (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c)1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team ---System Configuration Dialog--Continue with configuration dialog? [yes/no]: no Page 2: After a router boots successfully, the green LED indicators will display. When errors occur during the bootup process, Cisco devices execute default actions to recover from the errors, such as loading into ROMmon mode. There are five common bootup errors (discussed on this page and the next), that have associated troubleshooting strategies.

Device Fails POST

When a device fails POST, no output appears on the console screen. In addition, system LEDs may change color or blink, depending on the device type. For a description of LED operation, check the documentation provided with the device. If the POST fails, turn off the power, unplug the device, and remove all interface modules. Then reboot the device. If the POST still fails, the device requires service. If it completes the POST successfully without the interface modules installed, an interface module may have failed. Disconnect the power and reinstall each module individually, rebooting each time, to determine which module has failed. When the failed module is identified, replace it with a known good module and restart the device.

Cisco IOS Image in Flash is Corrupt

If the image file in flash is corrupt or missing, the bootloader cannot find a valid Cisco IOS file to load. Some Cisco IOS devices have an image with limited functionality that is loaded and run if no image exists in flash or another specified location. This image is called a boothelper. Boothelper images may not have enough functionality to successfully execute the necessary configuration commands to bring the device back into operation. If there is no boothelper, the device enters ROMmon mode. Use ROMmon commands to reload the correct Cisco IOS image from a TFTP server.

9.2.2 - Troubleshooting Device Hardware and Boot Errors The diagram depicts a table with information regarding the 1841 L E D Indicators on a successful boot. L E D: SYS PWR Color: Green Status: Router has successfully booted up and the software is functional. Slow, steady blinking when system is booting or in the ROM monitor. L E D: STS ACT Color: Green Status: Blinking when packets are transmitted or received on an WAN or LAN interface, or when monitoring system activity. L E D: CF Color: Blinking Green Status: Flash memory is busy. Do not remove the CompactFlash memory card when this light is on. Page 3: Memory is not Recognized or Fails

If there is not enough memory to decompress the image, the device scrolls error messages rapidly or constantly reboots. The device may be able to boot into ROMmon mode by issuing a Ctrl-Break command during startup. In ROMmon mode, commands can be issued to determine the status of the memory. The memory may have to be replaced or increased for the device to function normally.

Interface Modules are not Recognized

Faulty or improperly seated interface modules may not be recognized during the POST and Cisco IOS load. When this occurs, the list of available interfaces displayed by the show version command does not match the physically installed modules. If an interface module is new, check that the module is supported by the Cisco IOS version that is installed and that enough memory exists to support the module. Always power down the device, disconnect the power, and reseat

the module into the device to determine if there is a hardware problem. After reseating, if the module is not recognized during reboot, replace it with a known good module.

Configuration File is Corrupt or Missing

If a valid startup configuration file cannot be found, some Cisco devices execute an autoinstall utility. This utility broadcasts a TFTP request for a configuration file. Other devices immediately enter an initial configuration dialog, known as the setup utility or setup mode. Devices that have the autoinstall utility also enter setup mode if no TFTP server responds after five inquiries. Use either TFTP or manual configuration to reload or recreate the configuration. Devices do not forward traffic until a valid configuration is loaded.

9.2.2 - Troubleshooting Device Hardware and Boot Errors The diagram depicts a COM2-Tera Term VT window boot screen for a Cisco device with the focus on the following error message line. SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE! 9.2.3 Troubleshooting Cable and Device Port Errors Page 1: Router interface errors are often the first symptom of Layer 1 and Layer 2 cabling or connectivity errors. To troubleshoot, begin by examining the statistics recorded on the problematic interface using the show interfaces command and the status of interfaces using the show ip interface brief command.

The output for the show ip interface brief command includes a summary of the device interfaces, including the IP address and interface status.

• • •

Up/up status - indicates normal operation and that both the media and the Layer 2 protocol are functional. Down/down status - indicates that a connectivity or media problem exists. Up/down status - indicates that the media is connected properly, but that the Layer 2 protocol is not functioning or is misconfigured.

Common cable or media issues that can cause a down/down output include:

• • • •

Loose cable or too much tension on the cable - If all the pins cannot make a good connection, the circuit is down. Incorrect termination - Ensure that the correct standard is followed and that all pins are correctly terminated in the connector. Damaged serial interface connector - Pins on the interface connection are bent or missing. Break or short in the cable - If there are problems along the circuit, the interface cannot sense the correct signals.

Common Layer 2 issues that can cause an up/down output include:

• •

Encapsulation is improperly configured. No keepalives are received on the interface.

9.2.3 - Troubleshooting Cable and Device Port Errors The diagram depicts a summary of device interface information. R1 # show I P interface brief Interface I P-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.1 YES manual up up FastEthernet0/1 unassigned YES manual administratively down down Serial0/0/0 192.168.2.1 YES manual up up Serial0/0/1 unassigned YES manual administratively down down V lan1 unassigned YES manual administratively down down Page 2: Occasionally, media errors are not severe enough to cause the circuit to fail, but do cause network performance issues. The show interfaces command provides additional troubleshooting information to help identify these media errors.

Output for the show interfaces command includes:



• •

Excessive Noise - On Ethernet and serial interfaces, the presence of many CRC errors but not many collisions is an indication of excessive noise. CRC errors usually indicate a media or cable error. Common causes include electrical interference, loose or damaged connections, or using the incorrect cabling type. Excessive collisions - Collisions usually occur only on half-duplex or shared-media Ethernet connections. Damaged cables can cause excessive collisions. Excessive runt frames - Malfunctioning NICs are the usual cause of runt frames, but they can be caused by the same issues as excessive collisions.



Late collisions - A properly designed and configured network should never have late collisions. Excessive cable lengths are the most common cause. Duplex mismatches can also be responsible.

9.2.3 - Troubleshooting Cable and Device Port Errors The diagram depicts solutions for various media problems. Media Problem: Excessive Noise Step 1. Use the show interface command to determine the status of the Ethernet interfaces. The presence of many CRC errors but not many collisions is an indication of excessive noise. Step 2. Inspect the cables for damage or sources of interference. Step 3. Verify that the correct cable and termination standard is in use for the speed of the interface. Step 4. If using 1000BASE-TX, make sure that Category 5e or above cabling is being used. Media Problem: Excessive Collisions Step 1. Use the show interface command to check that rate of collisions. The total number of collisions with respect to the total number of output packets should be 1% or less. Step 2. Use a TDR to find any damaged cables. Media Problem: Excessive Runt Frames Step 1. in a shared Ethernet environment, runt frames are almost always caused by collisions. If the collision rate is high, see the "Excessive collisions" problem. Step 2. If runt frames occur when collision rates are not high or in switched Ethernet environment, they are the result of bad software on a NIC. Step 3. Use a protocol analyzer to try to determine the source address of the runt frames. Media Problem: Late Collisions Step 1. Use protocol analyzer to check for late collisions. Late collisions should never occur in a property designed Ethernet network. They usually occur when Ethernet cables are too long or when a duplex mismatch occurs. Step 2. Verify that the diameter of the network is within specification. Page 3: Lab Activity

Use the show ip interface brief and show interfaces commands to identify possible cable or media errors.

Click the Lab icon to begin.

9.2.3 - Troubleshooting Cable and Device Port Errors Link to Hands-on Lab: Identifying Cable and Media Errors

9.2.4 Troubleshooting LAN Connectivity Issues Page 1: LAN troubleshooting usually centers on switches, because the majority of LAN users connect to the network via switch ports. Many of the same Cisco IOS show commands can be used on switches to gather troubleshooting information. In addition, each port on a switch has an LED indicator that provides valuable troubleshooting information.

The first step in troubleshooting LAN connectivity issues is to verify that the switch port connected to the user is active and that the appropriate LED indicators are lit. If there is physical access to the switch, it can save time to look at the port LEDs, which give the link status or indicate an error condition (if red or orange). Check to see that both sides of the connection have a link.

If no link light is present, ensure that the cable is connected at both ends and that it is connected to the correct port. Make sure that both devices are powered up, and that there are no bootup errors on either device. Swap out any patch cables with known good cables and verify that the cable terminations are correct for the type of connectivity desired. If there is still no link light, verify that the port is not administratively shut down. Use the show running-config interface command to show the parameters configured on a switch port:

Switch#sh run interface fastEthernet 4/2

!

interface FastEthernet4/2

shutdown

duplex full

speed 100

end

9.2.4 - Troubleshooting LAN Connectivity Issues The diagram depicts the rear of a switch Catalyst 2950 series indicating the following components: System L E D Redundant Power Supply L E D Mode Button Port Mode L E D's Port Status L E D's Page 2: Even if a link light is present, it does not guarantee that the cable is fully functional. The cable can be damaged, causing intermittent performance problems. Normally, this situation is identified by using Cisco IOS show commands to determine if the port has many packet errors, or if the port constantly flaps (loses and regains a link).

The show version and show interfaces commands executed on a switch provide similar information to the same commands executed on a router. To get a quick view of switch port error statistics, use the show interface port counters errors command.

Duplex mismatches are more common on switches than on routers. Many devices are set to autonegotiate speed and duplex settings. If one device on a link is configured to autonegotiate and the other side is manually configured with speed and duplex settings, mismatches may occur, leading to collisions and dropped packets.

To view the speed and duplex settings on a port and whether manual or autonegotiation features were used, use the show interface port status command.

If the mismatch occurs between two Cisco devices with the Cisco Discovery Protocol (CDP) enabled, there are CDP error messages on the console or in the logging buffer of both devices. CDP is useful to detect errors and port and system statistics on nearby Cisco devices.

To correct duplex mismatch errors, set both devices to autonegotiate speed and duplex. If the negotiation does not produce the desired results, manually configure matching speed and duplex settings on each device.

9.2.4 - Troubleshooting LAN Connectivity Issues The diagram depicts examples of messages that may indicate LAN connectivity issues. Error message indicating that a duplex mismatch is detected. Jun 2 11:16:45 %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet6 /2 (not half duplex), with TB A 04251336 3 /2 (half duplex). Show output indicating that duplex and speed settings were set to auto negotiate. Switch # s h interfaces F A S 6 /1 status Portname Status V lan Duplex Speed Type F A 6 /1 not connect 1 auto auto 10 /100BaseTX Page 3: Packet Tracer Activity

Configure a switched network and troubleshoot duplex mismatches.

Click the Packet Tracer icon to begin.

9.2.4 - Troubleshooting LAN Connectivity Issues Link to Packet Tracer Exploration: Configuring and Troubleshoot a Switched Network Page 4: Lab Activity Troubleshoot LAN connectivity using LEDs and show commands.

Click the Lab icon to begin.

9.2.4 - Troubleshooting LAN Connectivity Issues Link to Hands-on Lab: Troubleshooting LAN Connectivity 9.2.5 Troubleshooting WAN Connectivity Issues Page 1: Troubleshooting a serial WAN connection is different from troubleshooting Ethernet LAN connections. Typically, WAN connectivity relies on equipment and media that is owned and managed by a telecommunications service provider (TSP). Because of this, it is important for

technicians to know how to troubleshoot the customer premises equipment and to communicate the results to the TSP.

Most serial interface and line problems can be identified and corrected using information gathered from the show interfaces serial command. Serial connections may experience problems caused by packet errors, configuration errors, or mismatches in encapsulation and timing. Because serial WAN connections usually rely on a CSU/DSU or modem for timing, these devices must be considered when troubleshooting serial lines. In prototype networks, a router can be configured to provide DCE clocking functions, eliminating the CSU or modem.

To successfully troubleshoot serial WAN connectivity problems, it is important to know the type of modem or CSU/DSU that is installed and how to place the device in a loopback state for testing.

9.2.5 - Troubleshooting WAN Connectivity Issues The diagram depicts a typical WAN topology with core routers and WAN switches. Devices are connected to the WAN switches in the cloud. PCs and dialup modems are connected via an access server. A router and CSU/DSU are connected via a T1 circuit. A PC and cable modem are connected via the cable network. A PC and DSL modem are connected via the PSTN network. Page 2: The interface status line of the show interfaces serial command can display six possible problem states:



Serial x is down, line protocol is down (DTE mode) - When the router serial interface cannot detect any signal on the line, it reports both the line and the Layer 2 protocol down.



Serial x is up, line protocol is down (DTE mode) - If the serial interface does not receive keepalives or if there is an encapsulation error, the Layer 2 protocol is reported down.



Serial x is up, line protocol is down (DCE mode) - In cases where the router is providing the clock signal and a DCE cable is attached, but no clock rate is configured, the Layer 2 protocol is reported down.



Serial x is up, line protocol is up (looped) - It is common practice to place a circuit in a loopback condition to test connectivity. If the serial interface receives its own signals back on the circuit, it reports the line as looped.



Serial x is up, line protocol is down (disabled) - High error rates cause the router to place the line in a protocol disabled mode. This type of problem is usually hardware related.



Serial x is administratively down, line protocol is down - An administratively down interface is one that is configured with the shutdown command. Usually all that is needed to fix this condition is to enter theno shutdown command on the interface. If the interface does not come up using the no shutdown command, check the console messages for a duplicate IP address message. If a duplicate IP address exists, correct the problem and issue theno shutdown command again.



Serial x is up, line protocol is up - The interface is operating as expected.

9.2.5 - Troubleshooting WAN Connectivity Issues The diagram depicts scenarios of WAN situations with possible problems and troubleshooting steps for each. Scenario 1. Serial x is down, line protocol is down (DTE) Possible Problem: Indicates that the router is not sensing a carrier detect signal. Telephone company problem - Line is down or not connected to CSU/DSU. Faulty or incorrect cabling. Hardware failure (CSU/DSU) To Troubleshoot: Step 1. Check the L E D's on the CSU/DSU to see whether the light is active. Step 2. Verify that you are using the proper cable and interface. Step 3. Contact your leased-line or other carrier service to see whether there is a problem. Step 4. Replace the serial interface module with a known good module. Step 5. Replace the CSU/DSU with a known good device. Scenario 2. Serial x is up, line protocol is down (DTE) Possible Problem: Local or remote router is misconfigured. Keepalives are not being sent by the remote router. Failed remote CSU or DSU. Failed local or remote CSU/DSU. To Troubleshoot: Step 1. Put the modem, CSU, or DSU in local loopback mode, and use the show interface serial command to determine whether the line protocol comes up. If the line protocol comes up, a telephone company problem or a failed remote router is probably the cause. Step 2. If the problem appears to be on the remote end, repeat Step 1 on the remote modem, CSU, or DSU. Step 3. Verify all cabling. Make certain that the cable is attached to the correct interface, the correct CSU/DSU, and the correct telephone company network termination point. Step 4. Verify that the encapsulation is correct on both ends of the circuit. Step 5. If the line protocol does not come up in local loopback mode and if there is no encapsulation mismatch, replace failed hardware. Scenario 3. Serial x is up, line protocol is down (DCE) Possible Problem:

Missing clockrate interface configuration command. Failed local or remote CSU/DSU. Failed or incorrect cable. Router hardware failure. To Troubleshoot: Step 1. Add the clockrate interface configuration command on the serial interface. Step 2. Verify that the correct cable is being used. Step 3. If the line protocol is still down, there is a possible hardware failure or cabling problem. Step 4. Replace faulty parts as necessary with known good equipment. Scenario 4. Serial x is up, line protocol is up (looped) Possible Problem: A loop exists in circuit. The sequence number in the keepalive packet changes to a random number when a loop is detected initially. If the same random number is returned over the link, a loop exists. To Troubleshoot: Step 1. Use the show running-config privileged EXEC command. This will enable you to look for any loopback interface configuration command entries. Step 2. If you find a loopback interface configuration command entry, use the no loopback interface configuration command to remove the loop. Step 3. If you do not find the loopback interface configuration command, examine the CSU/DSU to determine whether it is configured in manual loopback mode. If it is, disable manual loopback. Step 4. Reset the CSU/DSU and inspect the line status. If the line protocol comes up, no other action is needed. Step 5. If the CSU/DSU is not configured in manual loopback mode, contact the leased-line or other carrier service for line troubleshooting assistance. Scenario 5. Serial x is up, line protocol is down (disabled) Possible Problem: High error rate because of telecommunications service problem. CSU/DSU hardware problem. Bad router hardware. To Troubleshoot: Step 1. Contact the telecommunications service provider. Step 2. Loop CSU/DSU (DTE loop). If the problem continues, there is likely a hardware problem. If the problem does not continue, the problem is likely with the telephone company. Step 3. Swap out bad hardware as required (CSU/DSU, switch, interface module, or remote router). Scenario 6. Serial x is administratively down, line protocol is down Possible Problem: Router configuration includes the shutdown interface configuration command. Duplicate IP address. To Troubleshoot: Step 1. Check the configuration for the shutdown command. Step 2. Use the no shutdown interface configuration command to remove the shutdown command. Step 3. Verify that there are no identical IP addresses using the show running-config privileged

EXEC command or the show interface EXEC command. Step 4. If there are duplicate addresses, resolve the conflict by changing one of the IP addresses. Page 3: Packet Tracer Activity Troubleshoot WAN encapsulation mismatches.

Click the Packet Tracer icon to begin.

9.2.5 - Troubleshooting WAN Connectivity Issues Link to Packet Tracer Exploration: WAN Encapsulation Mismatches Page 4: Lab Activity Troubleshoot WAN connectivity using LEDs and show commands.

Click the Lab icon to begin.

9.2.5 - Troubleshooting WAN Connectivity Issues Link to Hands-on Lab: Troubleshooting WAN Connectivity 9.2.6 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.2.

Click the lab icon to download a CCENT Preparation Guide.

9.2.6 - Certification Study Guide Link to Hands-on Lab: CCENT Study Guide 2

Download the CCENT Study Guide for Section 9.2.

9.3 Troubleshooting Layer 3 IP Addressing Issues 9.3.1 Review of Layer 3 Functionality and IP Addressing Page 1: Layer 1 networks are created by interconnecting devices using physical media. Layer 2 network protocols are hardware dependent. Ethernet cannot operate over a serial link, nor can serial communications occur using an Ethernet NIC.

Layer 3 (the Network Layer) protocols are not bound to a specific type of media or Layer 2 framing protocol. The same Layer 3 protocols can operate on Ethernet, wireless, serial, or other Layer 2 networks. Layer 3 networks can contain hosts that are connected using different Layer 1 and 2 technologies. The primary functions implemented at Layer 3 of the OSI model are network addressing and routing. Layer 3 networks are referred to as logical networks because they are created only in software.

Today most networks implement the TCP/IP protocols to exchange information between hosts. As a result, much of the focus of troubleshooting Layer 3 problems is concentrated on IP addressing errors and on routing protocol operation.

Troubleshooting Layer 3 problems requires a thorough understanding of network boundaries and IP addressing. Poorly designed and configured IP addressing schemes account for a large number of network performance problems.

9.3.1 - Review of Layer 3 Functionality and IP Addressing The diagram depicts information about the interaction of protocols on Layer 2 and Layer 3. Multiple Layer 2 Protocols Different protocols may be in use for different media. A network comprising of hosts, routers, fiber optic WAN links and satellite dish transmitting to satellites and wireless routers transmitting to laptops. Data Link Layer protocols govern how to format a frame for use on different media. At each hop along the path, an intermediary device accepts frames from one medium, decapsulates the frame and then forwards the packets in a new frame. The headers of each frame are formatted for the specific medium that it will cross. Single Layer 3 Protocol The same Network Layer protocol can be used across different media. A network comprising of hosts, routers, fiber optic WAN links and satellite dish transmitting to satellites and wireless routers transmitting to laptops. Network Layer protocols govern the format of the packet headers as well as the format of the network and host addressing.

Although the frame format may change every time the physical media changes, the format of the Network Layer packet remains the same. Page 2: At Layer 3, each packet must be identified with the source and destination addresses of the two end systems. With IPv4, each packet has a 32-bit source address and a 32-bit destination address in the Layer 3 header.

The IP address identifies not only the individual host, but also the Layer 3 local network on which the host can communicate. A simple IP network can be created by configuring two interconnected hosts with unique addresses that share the same network prefix and subnet mask.

A device must be configured with an IP address to exchange messages using TCP/IP. Individual Layer 3 IP networks encompass a range of IP addresses. These boundaries are determined by the number of bits contained in the network prefix portion of the address. A simple rule is the longer the network prefix, the smaller the range of IP addresses that can be configured on hosts in that IP network.

To troubleshoot Layer 3 problems, an administrator must be able to determine the range of host addresses that belong to each individual IP network. The range of addresses is determined by the number and position of host bits. For example, in a 192.168.1.0/24 network, borrow three bits for subnetting. This leaves 5 bits for host addresses. This creates 8 subnets (2^3=8) and 30 hosts per subnet (2^5 - 2 = 30).

Given the 192.168.1.96/27 subnet, the first host on the subnet will be 192.168.1.97, and the last host will be 192.168.1.126. The broadcast address for this subnet will be 192.168.1.127. This can be seen by looking at the binary of the last octet:

(011 subnet) 96 + (00001 first host) 1 = (01100001) 97 in decimal

(011 subnet) 96 + (11110 last host) 30 = (01111110) 126

(011 subnet) 96 + (11111 broadcast) 31 = (01111111) 127

This example is using a class C address. This same technique can be applied to Class A and Class B addresses. Remember that the location of host bits can extend into more than one octet.

9.3.1 - Review of Layer 3 Functionality and IP Addressing The diagram depicts representations of subnetting and address scheme. Subnetting On a 24-bit network portion address, three bits are borrowed from the host portion to provide eight subnets. The following example shows subnetting the 192.168.1.0 /24 into eight /27 subnets, numbered 0-7. 192.168.1.0 (/24)Address:11000000.10101000.00000001.00000000 255.255.255.0Mask:11111111.11111111.11111111.00000000 0192.168.1.0 (/27)Address:11000000.10101000.00000001.00000000 255.255.255.0Mask:11111111.11111111.11111111.11100000 1192.168.1.32 (/27)Address:11000000.10101000.00000001.00100000 255.255.255.0Mask:11111111.11111111.11111111.11100000 2192.168.1.64 (/27)Address:11000000.10101000.00000001.01000000 255.255.255.0Mask:11111111.11111111.11111111.11100000 3192.168.1.96 (/27)Address:11000000.10101000.00000001.01100000 255.255.255.0Mask:11111111.11111111.11111111.11100000 4192.168.1.128(/27)Address:11000000.10101000.00000001.10000000 255.255.255.0Mask:11111111.11111111.11111111.11100000 5192.168.1.160 (/27)Address:11000000.10101000.00000001.10100000 255.255.255.0Mask:11111111.11111111.11111111.11100000 6192.168.1.192 (/27)Address:11000000.10101000.00000001.11000000 255.255.255.0Mask:11111111.11111111.11111111.11100000 7192.168.1.224 (/27)Address:11000000.10101000.00000001.11100000 255.255.255.0Mask:11111111.11111111.11111111.11100000 Addressing Scheme The table has examples of addressing schemes for eight networks. Subnet: 0. Network Address: 192.168.1.0. Host Range: 192.168.1.1 - 192.168.1.30. Broadcast Address: 192.168.1.31. Subnet: 1. Network Address: 192.168.1.32 /27. Host Range: 192.168.1.33 - 192.168.1.62. Broadcast Address: 192.168.1.63. Subnet: 2. Network Address: 192.168.1.64 /27. Host Range: 192.168.1.65 - 192.168.1.94. Broadcast Address: 192.168.1.95. Subnet: 3. Network Address: 192.168.1.96 /27. Host Range: 192.168.1.97 - 192.168.1.126. Broadcast Address: 192.168.1.127. Subnet: 4. Network Address: 192.168.1.128 /27.

Host Range: 192.168.1.129 - 192.168.1.158. Broadcast Address: 192.168.1.159. Subnet: 5. Network Address: 192.168.1.160 /27. Host Range: 192.168.1.161 - 192.168.1.190. Broadcast Address: 192.168.1.191. Subnet: 6. Network Address: 192.168.1.192 /27. Host Range: 192.168.1.193 - 192.168.1.222. Broadcast Address: 192.168.1.223. Subnet: 7. Network Address: 192.168.1.224 /27. Host Range: 192.168.1.225 - 192.168.1.254. Broadcast Address: 192.168.1.255. Page 3: 9.3.1 - Review of Layer 3 Functionality and IP Addressing The diagram depicts an activity in which you must use the network address and the subnet mask to define the range of hosts, the broadcast address, and the next network address. The Help option following the scenario explains the process. Network Address in decimal: 10.55.119.128. Subnet Mask in decimal: 255.255.255.128. Network address in binary: 00001010.00110111.01110111.10000000. Subnet Mask in binary: 11111111.11111111.11111111.10000000. One.What is the first usable host IP address in decimal: (first octet? second octet? third octet? fourth octet?). Two.What is the last usable host IP address in decimal: (first octet? second octet? third octet? fourth octet?). Three.What is the broadcast address in decimal: (first octet? second octet? third octet? fourth octet?). Four.What is the next network address in decimal: (first octet? second octet? third octet? fourth octet?). Help Option The range of host addresses within a subnet is dependent upon the number and location of host bits. Class C example: 192.168.1.32 / 27 Written in binary: IP: 11000000.10101000.00000001.00100000 SM: 11111111.11111111.11111111.11100000 According to the subnet mask (SM), the first 27 bits of the IP address are part of the network, leaving five bits to indicate a unique host. A host IP address cannot have all 1s or all 0s in the host portion. All 1s in the host bits is the broadcast address for that subnet.

First available IP: 11000000.10101000.00000001.00100001 192. 168. 1. 33 Last available IP: 11000000.10101000.00000001.00111110 192. 168. 1. 62 Broadcast IP: 11000000.10101000.00000001.00111111 192. 168. 1. 63 Class A example: 1 0.1 0.64.0 / 19 Written in binary: IP: 00001010.00001010.01000000.00000000 SM: 11111111.11111111.11100000.00000000 According to the subnet mask, the first 19 bits of the IP address are part of the network, leaving 13 bits to indicate a unique host. A host IP address cannot have all 1s or all 0s in the host portion. All 1s in the host bits is the broadcast address for that subnet. First available IP: 00001010.00001010.01000000.00000001 1 0.1 0.6 4. 1 ( third octet = 64 + 0) Last available IP: 00001010.00001010.01011111.11111110 1 0.1 0.9 5. 254 (third octet = 64 + 31) Broadcast IP: 00001010.00001010.01011111.11111111 1 0.1 0.9 5. 255 (third octet = 64 + 31) Page 4: Packet Tracer Activity

Troubleshoot a small network.

Click the Packet Tracer icon to begin.

9.3.1 - Review of Layer 3 Functionality and IP Addressing Link to Packet Tracer Exploration: Troubleshooting a Small IP Network 9.3.2 IP Design and Configuration Issues Page 1:

If IP addressing is assigned in a random manner, it is difficult to determine where a source or destination address is located. Today, most networks employ a hierarchical IP addressing scheme. Hierarchical IP addressing schemes offer many advantages, including smaller routing tables that require less processing power. Hierarchical IP addressing also creates a more structured environment that is easier to document, troubleshoot, and expand.

However, a poorly planned hierarchical network, or a badly documented plan, can create problems, such as overlapping subnets or incorrectly configured subnet masks on devices. These two conditions account for many IP addressing and routing issues within networks.

An overlapping subnet occurs when the address range of two separate subnets include some of the same host or broadcast addresses. Overlapping is usually a result of poor network documentation or by accidentally entering the incorrect subnet mask or network prefix. Overlapping subnets do not always cause a complete network outage. They may only affect a few hosts, depending on where the misconfigured subnet mask is placed.

9.3.2 - IP Design and Configuration Issues The diagram depicts a hierarchical IP addressing scheme. The gateway router, which connects to the Internet, is on a network with a 16-bit network portion. The three routers coming from the gateway router have 22-bit network portion addressing schemes. The networks, which connect to the routers, all have 24-bit network portion addresses. Page 2: Cisco IOS software does permit you to configure an IP address from overlapping subnets on two different interfaces. However, the router does not activate the second interface.

For example, the router R1 interface Fast Ethernet 0/0 is configured with an IP address and subnet mask on the 192.168.1.0/24 network. If Fast Ethernet 0/1 is configured with an IP address on the 192.168.1.0/30 network, an overlapping error message appears. If there is an attempt to enable the interface with the no shutdown command, a second error message appears. No traffic is forwarded through the interface. The output from the show ip interface brief command shows that the second interface configured for the 192.168.1.0/24 network, FastEthernet 0/1, is down.

It is important to verify the status of the interfaces after making configuration changes. An interface that remains administratively down after the no shutdown command is issued can indicate an IP addressing problem.

9.3.2 - IP Design and Configuration Issues The diagram depicts examples of messages that may indicate overlapping IP addresses are assigned to interfaces. Configuration Error Messages with overlapping IP addresses R1 (config) # interface FastEthernet0 /1 R1 (config-if) # I P address 192.168.1.2 255.255.255.252 192.168.1.0 overlaps with FastEthernet0 /0 R1 (config) # no shutdown 192.168.1.0 overlaps with FastEthernet0 /0 FastEthernet0/1: incorrect IP address assignment Show Output R1 (config) # show IP interface brief {output omitted} FastEthernet0 /1 192.168.1.2 YES manual administratively down down Page 3: Although Cisco IOS software has safeguards to ensure that overlapping subnets are not configured on multiple interfaces of the same device, it does not prevent overlapping subnets from being configured on different devices or on hosts within the network.

A poorly configured subnet mask can cause some hosts on a network to not have access to network services. Subnet mask configuration errors can also present a variety of symptoms that may not be easily identified.

9.3.2 - IP Design and Configuration Issues The diagram depicts examples of misconfigured subnet masks that affect network communication. Two LANs separated by a router. One LAN contains host H1 and H1 which connect to a switch which connects to the router which separates the two LANs. The other LAN contains two servers, SV1 and unnamed, which connect to a switch which connects to the router which separates the two LANs. The router also connects to the internet. Issue 1 H2 (192.168.0.42 /27) says, "I requested a web page from SV1, but have not received it." SV1 (192.168.0.5/ 24) in the other LAN says, "192.168.0.42 is on my 192.168.0.0 /24 network, but has not responded to my ARP request; therefore I cannot respond." A Server is Only Accessible by Hosts on the Same Subnet A server on one of the subnets is manually configured using the default /24 network prefix instead of the /27. This misconfiguration causes the server to determine that all hosts on the various subnets are on the same Layer 3 network that the server is on. The server does not send any traffic to the default gateway for any hosts on the /27 subnets. Check server configurations if this symptom occurs.

Issue 2 H1 (192.168.0.43 /24) says, "I need a web page from IP address 200.200.1.1. I have forwarded my request to the gateway." H2 (192.168.0.41 /14) says, "I need a web page from SV1. SV1 is on my network. I can ARP for the MAC address." Hosts Get Responses from Internet Servers, but Not Servers on Another Subnet A host or group of hosts are configured with a /24 subnet mask that causes an overlap with the server network subnet addresses. Each host correctly determines that Internet addresses are not on their local Layer 3 network, and sends the traffic to the default gateway. The hosts incorrectly determine that internal server addresses are on their local network, and use ARP to attempt to get the server MAC addresses. Check DHCP server configurations and host configurations when this symptom is evident. A network sniffer can be used to show the ARP frames. Issue 3 H2 (192.168.0.42 /24) says, "According to the IP information, the DNS server is on my local network, but I am unable to reach the DNS server to resolve hostnames." Hosts are Unable to Get Responses from Internet Servers or Servers on Another Subnet, Using Hostnames A host or group of hosts are configured with a /24 subnet mask that causes an overlap with the server network subnet addresses, including the DNS server. Subnet mask errors on hosts do not usually affect Internet connectivity; however, if the subnet mask error causes the host subnet to overlap the subnet containing the DNS server, the host(s) will not be able to contact the DNS server. Without DNS, no IP addresses can be resolved and all services that rely on DNS cannot be accessed. Check host and DNS configurations if unable to access the Internet. Issue 4 The router between the two subnets says, "I have received a packet for destination 192.168.0.51, but that does not match any route in my routing table. I cannot forward this packet." Some Hosts Can Get Responses from Internet Servers and Servers on Other Subnets, but Others Cannot The subnet mask configuration error occurs on a router interface that serves as a default gateway for one of the /27 subnets. If the router interface is incorrectly configured with a /28 subnet mask, the route entered in the routing table will not include all hosts on the /27 subnet. Hosts with addresses on the lower portion of range that are within the /28 subnet IP address boundaries will be able to send and receive through the router. Those with address in the top half of the range can send packets to remote destinations, but when the responses return, the router does not have a route to the destination IP addresses. Always verify all connected routes in the routing table using the show IP route command. Page 4: Click the Activity icon to begin.

9.3.2 - IP Design and Configuration Issues Link to Simulation GUI: Troubleshoot an IP Addressing Issue

9.3.3 IP Address Planning and Allocation Issues Page 1: Poor address allocation planning can cause other problems. Often, an administrator underestimates the potential for growth when designing subnets. As a result, the IP subnetting scheme does not allow for enough host addresses in each subnet. One indication of a subnet having too many hosts is when some hosts are unable to receive an IP address from the DHCP server.

When a host running Microsoft Windows does not receive an address from a DHCP server, it automatically assigns itself an address on the 169.254.0.0 network. If this occurs, use the show ip dhcp binding command to check whether the DHCP server has available addresses .

Another indication of not enough IP addresses is an error message on a host stating that duplicate IP addresses exist. If a host device is turned off when the DHCP lease expires, the address is returned to the DHCP pool and can be issued to another host. When the original lease holder is turned back on, it requests a renewal of its previous IP address. In a Microsoft Windows network, both hosts report a duplicate IP address error.

9.3.3 - IP Address Planning and Allocation Issues The diagram depicts a message regarding IP address planning. R1 # show IP dhcp binding Binding from all pools not associated with VRF: IP addressClient-ID/Lease expirationType Hardware address User name 192.168.10.10100.e018.5bdd.35Oct 03 2007 06:14 PMAutomatic 192.168.10.11100.d0d0.d817.e6Oct 03 2007 06:18 PMAutomatic Page 2: 9.3.3 - IP Address Planning and Allocation Issues The diagram depicts an activity in which you much use the the network address and the subnet mask in decimal and binary to determine the number of hosts. Scenario Network Address in decimal: 10.0.0.0 Subnet Mask in decimal: 255.255.254.0 Network address in binary: 00001010.00000000.00000000.00000000. Subnet Mask in binary: 11111111.11111111.11111110.10000000 What are the number of hosts?

Page 3: Lab Activity

Create an IP addressing scheme that allows for 20% growth in the number of attached hosts.

Click the Lab icon to begin.

9.3.3 - IP Address Planning and Allocation Issues Link to Hands-on Lab: Designing an IP Subnetting Scheme for Growth 9.3.4 DHCP and NAT Issues Page 1: DHCP can create another level of complication when troubleshooting network issues. If hosts are configured to use DHCP and are not able to connect to the network, verify that IP addressing is assigned using the Windows command, ipconfig /all. If hosts are not receiving IP addressing assignments, it is necessary to troubleshoot the DHCP configuration.

Regardless of whether the DHCP service is configured on a dedicated server or on the router, the first step in troubleshooting is to check the physical connectivity. If a separate server is used, check that the server is receiving network traffic. If the DHCP service is configured on a router, use the show interfaces command on the router to confirm that the interface is operational. If the interface connected to the host network is down, the port does not pass traffic, including DHCP requests.

Next, verify that the DHCP server is correctly configured and has available IP addresses to lease. After this is confirmed, check for any address conflicts. Address conflicts can occur even if there are available addresses within the DHCP pool. This can happen if a host is statically configured with an address that is also contained in the range of the DHCP pool.

Use the show ip dhcp conflict command to display all address conflicts recorded by the DHCP server. If an address conflict is detected, the address is removed from the pool and not assigned until an administrator resolves the conflict.

If none of these steps diagnoses the problem, test to ensure that the issue is actually with DHCP. Configure a host with a static IP address, subnet mask, and default gateway. If the workstation is unable to reach network resources with a statically configured IP address, the root cause of the problem is not DHCP. At this point, network connectivity troubleshooting is required.

9.3.4 - DHCP and NAT Issues The diagram depicts a Windows cmd.exe window showing the ipconfig /all command. Page 2: DHCP is a broadcast protocol, which means that the DHCP server must be reachable through a broadcast message. Because routers normally do not forward broadcasts, either the DHCP server must be on the same local network as the hosts or the router must be configured to relay the broadcast messages.

A router can be configured to forward all broadcast packets, including DHCP requests, to a specific server using the ip helper-address command. This command allows a router to change the destination broadcast addresses within a packet to a specified unicast address:

Router(config-if)# ip helper-address x.x.x.x

Once this command is configured, all broadcast packets will be forwarded to the server IP address specified in the command, including DHCP requests.

When a router forwards address requests, it is acting as a DHCP relay agent. If DHCP relay is not operational, no hosts can obtain an IP address. When no hosts can obtain an IP address from a DHCP server that is located on another network, verify that the helper address is configured correctly on the router.

9.3.4 - DHCP and NAT Issues The diagram depicts examples of how DHCP relay operates. DHCP Problem Router, R1, connects to a WAN via D C E. R1 also connects to network 192.168.10.0 /24 via F A 0 /0 with the link address 192.168.10.1/24 to the F A 0 /1 port of switch S1. S1 (192.168.10.2 / 24) connects via F A 0 /2 to host, PC1, (192.168.10.10 /24). R1 also connects to network 192.168.11.0 /24 via F A 0 /1 to the F A 0 /1 port of switch S2 with the link address 192.168.11.1 /24. S2 (192.168.11.2 /24) connects via F A 0 /24 to DHCP server (192.168.11.5 / 24). PC1 says, "Looking for a DHCP server ..."

R1 says, "Sorry, I can not forward any broadcasts outside of your network subnet ..." Host Problem (PC1) C:\Documents and Settings\Administrator>ip config /release Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP address. . . . . . . . . . . . : 0.0.0.0 Subnet mask . . . . . . . . . . . : 0.0.0.0 Default gateway . . . . . . . . . : C:\Documents and Settings\Administrator>ip config /renew Windows IP Configuration An error occurred while renewing interface Local Area Connection : unable to contact your DHCP server. Request has timed out. C:\Documents and Settings\Administrator> Relay Config Router, R1, connects to a WAN via D C E. R1 also connects to network 192.168.10.0/24 via F A 0 /0 with the link address 192.168.10.1 /24 to the F A 0 /1 port switch of S1. S1 (192.168.10.2/24) connects via F A 0 /2 to host, PC1, (192.168.10.10/ 24). R1 also connects to network 192.168.11.0/24 via F A 0 /1 to the F A 0 /1 port of switch, S2, with the link address 192.168.11.1/24. S2 (192.168.11.2 /24) connects via F A 0 /24 to DHCP server (192.168.11.5 / 24). R1 # config t R1 (config) # interface F A 0 /0 R1 (config-if) # IP helper-address 192.168.11.5 R1 (config) # end Host Renew C:\Documents and Settings\Administrator>ip config /release Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : C:\Documents and Settings\Administrator>ip config /renew Windows IP Configuration Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : IP address. . . . . . . . . . . . : 192.168.10.11 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 C:\Documents and Settings\Administrator> Page 3: If the hosts on the internal network are assigned private addresses, NAT is required to communicate with the public network. Usually the first indication that there is a NAT problem is that users cannot reach sites located on the Internet. There are three types of address translation: static, dynamic, and PAT. Two common types of configuration errors affect all three translation methods.

Incorrect Designation of Inside and Outside Interfaces

It is critical that the correct interfaces are designated as the inside or outside interface for NAT. In most NAT implementations, the inside interface connects to the local network, which uses private IP address space. The outside interface connects to the public network, usually the ISP. Verify this configuration using the show running-config interfacecommand.

Incorrect Assignment of Interface IP Address or Pool Addresses

In most NAT implementations, the IP address pool and static NAT translation entries must use IP addresses that are on the same local IP network as the outside interface. If not, addresses are translated, but no route to the translated addresses are found. Check the configuration to verify that all the translated addresses are reachable. When the address translation is configured to use the outside interface address in PAT, make sure that the interface address is on the correct network and is configured with the proper subnet mask.

Another common issue is that when dynamic NAT or PAT is enabled, external users are no longer able to connect to internal devices. If external users must be able to reach specific servers on the internal network, be sure that static translations are configured.

9.3.4 - DHCP and NAT Issues The diagram depicts dynamic NAT configuration commands. access-list 1 permit 192.168.0.0 0.0.255.255 !-Defines which addresses are eligible to be translated

ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240 !-Defines a pool of addresses named NAT-POOL2 to be used in NAT translation ip nat inside source list 1 pool NAT-POOL2 overload !-Binds the NAT pool with ACL1 interface serial 0/0/0 ip nat inside !-Identifies interface Serial 0/0/0 as an inside NAT interface interface serial 0/1/0 ip nat outside !-Identifies interface Serial 0/1/0 as an outside NAT interface Page 4: If you are certain that NAT is configured correctly, it is important to verify that NAT is operational.

One of the most useful commands when verifying NAT operation is the show ip nat translations command. After viewing the existing translations, clear them using the clear ip nat translation * command. Be aware that clearing all IP translations on a router may disrupt user services. Then use the show ip nat translations command again. If new translations appear, there may be another problem causing the loss of Internet connectivity.

Verify that there is a route to the Internet for the translated addresses. Use traceroute to determine the path the translated packets are taking and verify that the route is correct. Also, if possible, trace the route to a translated address from a remote device on the outside network. This can help isolate the next troubleshooting target. There may be a routing problem on the router where the trace output stops.

9.3.4 - DHCP and NAT Issues The diagram depicts NAT configurations and output. A LAN with two PCs, 192.168.10.10 and 192.168.10.11, are connected to a switch which is also connected to router, R2, using its F A 0 /0 with IP address 192.168.10.1. Serial 0/1/0 of R2 is connected to the Internet cloud with an IP address of 209.165.200.225. NAT Overload access-list 1 permit 192.168.10.0 0.0.0.0.255 ip nat inside source list 1 interface serial 0/1/0 overload interface fastethernet0/0 ip nat inside interface serial 0/1/0 ip nat outside NAT Translations R2 # show IP nat translations ProInside globalInside localOutside local tcp209.165.200.225:16642192.168.10.10:16642209.165.200.254:80

tcp209.165.200.225:62452192.168.10.11:62452209.165.200.254:80 Outside global 209.165.200.254:80 209.165.200.254:80 R2 # show IP nat translations verbose Pro Inside global Inside local Outside local Outside global tcp 209.165.200.225:16642 192.168.10.10:16642 209.165.200.254:80 209.165.200.254:80 create 00:01:45, use 00:01:43 timeout :86400000, left 23:58:16, Map-Id (In) :1, flags: extended, use count: 0, entry- id: 4, 1c_entries : 0 tcp 209.165.200.225:62452 192.168.10.11:62 452 209.165.200.254:80 209.165.200 .254:80 create 00:00:37, use 00:00:35 timeout:86400000, left 23:59:24, Map-Id (In): 1, flags: extended, use count : 0, entry-id : 5, lc_entries: 0 R2 # Cleared NAT R2 # clear IP nat translation * R2 # show IP nat translations R2 # Page 5: Packet Tracer Activity Use show commands to troubleshoot DHCP and NAT.

Click the Packet Tracer icon to begin.

9.3.4 - DHCP and NAT Issues Link to Packet Tracer Exploration: Troubleshooting DHCP and NAT 9.3.5 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.3.

Click the lab icon to download a CCENT Preparation Guide.

9.3.5 - Certification Study Guide Link to Hands-on-Lab: CCENT Study Guide 3

9.4 Troubleshooting Layer 3 Routing Issues 9.4.1 Layer 3 Routing Issues Page 1: Layer 3 encompasses the addressing of networks and hosts, and the protocols that route packets between networks.

Most networks have a number of different types of routes, including a combination of static, dynamic, and default routes. Problems with routing can cause network failures or adversely affect network performance. These problems can be the result of manual route entry errors, routing protocol configuration and operation errors, or failures at lower layers of the OSI model.

To troubleshoot Layer 3 problems, it is important to understand how routing works, including how each type of route functions and is configured.

You may want to review the materials and activities in CCNA Discovery: Networking for Home and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP on routing and routing protocols before continuing with this chapter.

9.4.1 - Layer 3 Routing Issues The diagram depicts symptoms for issues on Layer 3, the Network Layer. Layer 3: Network routing issues. Symptoms. Network failure. Network performance below baseline. Page 2: The status of a network can change frequently for a variety of reasons, including:

• • • •

An interface fails. A service provider drops a connection. The available bandwidth is overloaded. An administrator enters an incorrect configuration.

When there is a change in the network status, routes can be lost, or an incorrect route can be installed into the routing table.

The primary tool to use when troubleshooting Layer 3 routing problems is the show ip route command. This command displays all the routes the router uses to forward traffic. The routing table consists of route entries from the following sources:

• • •

Directly connected networks Static routes Dynamic routing protocols

Routing protocols choose which routes are preferred based on route metrics. Directly connected networks have a metric of 0, static routes also have a default metric of 0, and dynamic routes have various routing metrics, depending on the routing protocol used.

If there is more than one route to a specific destination network, the route with the lowest administrative distance (AD) is installed into the routing table.

Any time a routing problem is suspected, use the show ip route command to ensure that all the expected routes are installed in the routing table.

9.4.1 - Layer 3 Routing Issues The diagram depicts a table with administrative distance and default metric information about various route sources. Route Source: Connected Administrative Distance: 0 Default Metric(s): 0 Route Source: Static Administrative Distance: 1 Default Metric(s): 0 Route Source: EIGRP Summary Route Administrative Distance: 5 Default Metric(s): N/A Route Source: External BGP Administrative Distance: 20 Default Metric(s): Value assigned by Admin

Route Source: Internal EIGRP Administrative Distance: 90 Default Metric(s): Bandwidth Delay Route Source: IGRP Administrative Distance:100 Default Metric(s): Bandwidth, Delay Route Source: OSPF Administrative Distance: 110 Default Metric(s): Link cost (bandwidth) Route Source: IS-IS Administrative Distance: 115 Default Metric(s): Link cost (Value assigned by admin) Route Source: RIP Administrative Distance: 120 Default Metric(s): Hop count Route Source: External EIGRP Administrative Distance: 170 Default Metric(s): N/A Route Source: Internal BGP Administrative Distance: 200 Default Metric(s): Value assigned by Admin Page 3: Connected Route Problems

Directly connected routes are automatically installed in the routing table when an IP address is configured on an interface, and the interface is enabled using the no shutdown command. If a directly connected route does not appear in the table, use the show interfaces or show ip interface brief command to verify that an address is assigned and that the interface is in an up/up state.

Static and Default Route Problems

When a static or default route does not appear in the routing table, the problem is most likely a configuration error. Static and default routes must use either an exit interface or the IP address of a next hop router. Static routing errors sometimes occur because the next hop address is not in the correct IP address range of any directly connected network. Verify that the configuration statements are correct and that the exit interfaces used by the routes are in an up/up state.

Dynamic Route Problems

There are many different types of problems that can cause dynamic routes to not appear in the routing table. Because dynamic routing protocols exchange route tables with all other routers in the network, a missing route could be caused by a misconfiguration on one or more of the routers on the path to the destination.

9.4.1 - Layer 3 Routing Issues The diagram depicts an Edit Router C Window with the focus on the following information. R - RIP Directly Connected Route C 172.16.0.0 /16 is directly connected, Fast Ethernet 0 10.0.0.0 /24 is subnetted, 1 subnets Static Route S 10.10.10.0 [1 /0] via 192.168.1.2 Dynamically Updated Route R 192.168.2.0 / 24 [120 /1] via 192.168.1.2, 00:00:23 Default Route S* 0.0.0.0 /0 [1 /0] via 192.168.1.2 Gateway of last resort is 192.168.1.2 to network 0.0.0.0 Page 4: Packet Tracer Activity Use routing table principles to solve a routing problem.

Click the Packet Tracer icon to begin.

9.4.1 - Layer 3 Routing Issues Link to Packet Tracer Exploration: Applying Routing Table Principles 9.4.2 Dynamic Routing Errors Page 1:

Routing table updates usually occur when a new network is configured or an already configured network becomes unreachable.

If directly connected routes appear in the router table, the routing table is accessed and changed only if the directly connected interface changes states. If static or default routes are configured, the routing table changes only if new routes are specified or if the exit interface specified in the static or default route changes states.

Dynamic routing protocols automatically send updates to other routers in the network. If dynamic routing is enabled, a router accesses and changes its own routing table any time a change is reported in an update from a neighboring router.

RIP is a dynamic routing protocol used in small- to medium-sized LANs. When troubleshooting issues specific to RIP, check the versioning and configuration statements.

It is always best to use the same version of the routing protocol on all routers. Although RIPv1 and RIPv2 are compatible, RIPv1 does not support classless routing or variable length subnet masks (VLSM). This can create issues if both RIPv1 and RIPv2 are configured to run on the same network. Additionally, while RIPv2 automatically listens for both RIPv1 and RIPv2 updates from neighbors, RIPv1 does not listen for RIPv2 updates.

Routing problems also occur if there are incorrect or missing network statements. The network statement does two things:

• •

It enables the routing protocol to send and receive updates on any local interfaces that belong to that network. It includes that network in its routing updates to its neighboring routers.

A missing or incorrect network statement results in inaccurate routing updates and can prevent an interface from sending or receiving routing updates.

9.4.2 - Dynamic Routing Errors The diagram depicts an example of a router configuration. Router, R1, is part of a complex network which uses VLSM and static routes. R1 has two local networks attached, 172.30.1.0 /24 and 172.30.2.0 /24. The WAN serial link to R2 is network 209.165.200.228 /30. The RIP portion of the show running-config command output on R1 is as follows:

router RIP version 2 network 172.30.0.0 network 209.165.200.0 no auto-summary ! Page 2: Many tools exist for troubleshooting dynamic routing issues.

TCP/IP utilities, such as ping and traceroute, are used to verify connectivity. Telnet can be used to verify connectivity and make configuration changes. Cisco IOS show commands display a snapshot of a configuration or the status of a particular component. The Cisco IOS command set also includes various debug commands.

Debug commands are dynamic and provide real-time information on traffic movement and the interaction of protocols. For example, the debug ip rip command displays the exchange of RIP routing updates and packets as they occur.

Debug functions use a significant portion of CPU resources and can slow or stop normal router operations. For this reason, use debug commands to isolate problems, not to monitor normal network operation.

9.4.2 - Dynamic Routing Errors The diagram depicts Router, R1, is connected via S0/0/0 to S0/0/0 ofR2 with the link network address 172.20.1.0 /30. R1 is connected via F A 0 /0 to network 192.168.1.0 /24. R2 is connected via F A 0 /0 to network 192.168.2.0 /24. RIP-related command output for R1 is as follows: Command 1: show IP protocols Default version control: send version 2, receive version 2 Routing for Networks: 172.20.0.0 192.168.1.0 Command 2: show running-config interface FastEthernet0/0 description LAN gateway for 192.168.1.0 IP address 192.168.1.1 255.255.255.0

duplex auto interface Serial0/0/0 IP address 172.20.1.1 255.255.255.252 no fair-queue ! Router rip version 2 passive-interface FastEthernet0/0 network 172.20.0.0 network 192.168.1.0 ! Banner m o td # Unauthorized use prohibited # ! Command 3: show interfaces MTU 1500 bytes, BW 100000 Kbit, D L Y 100 u sec, Auto-duplex, Auto speed, 100BaseTX/FX Command 4: show IP interface FastEthernet0/0 Multicast reserved groups joined: 224.0.0.9 Serial0/0/0 Multicast reserved groups joined: 224.0.0.9 Command 5: show IP route R192.168.2.0 [120/1] via 172.20.1.2, 00:00:04, Serial0/0/0 Command 6: debug IP rip * Sep 12 21:09:16.399:RIP: received v2 update from 172.20.1.2 on Serial0/0/0 Page 3: Packet Tracer Activity Subnet an address space, configure devices, and use combination of RIPv2 and static routing to provide connectivity between remote hosts.

Click the Packet Tracer icon to begin.

9.4.2 - Dynamic Routing Errors Link to Packet Tracer Exploration: Configuring RIPv2 (Challenge) Page 4: Lab Activity

Troubleshoot a RIP router network configured with errors.

Click the Lab icon to begin.

9.4.2 - Dynamic Routing Errors Link to Hands-on Lab: Correcting RIPv2 Routing Problems 9.4.3 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.4.

Click the lab icon to download a CCENT Preparation Guide.

9.4.3 - Certification Study Guide Link to Hands-on Lab: CCENT Study Guide 4 Download the CCENT Study Guide for Section 9.4.

9.5 Troubleshooting Layer 4 and Upper Layer Issues 9.5.1 Layer 4 Traffic Filtering Errors Page 1: Layer 4, the Transport Layer, is considered a transition between the upper and lower layers of the OSI model. Layer 4 is responsible for transporting data packets and specifies the port number used to reach specific applications. Layer 4 network problems can arise at the edge of the network where security technologies are examining and modifying the traffic. Many problems are caused by firewalls that are configured to deny traffic based on port numbers, even though this traffic should be forwarded.

Layer 4 supports both UDP and TCP traffic. Some applications use TCP, some use UDP, and some use both. When denying traffic based on the port number, it is necessary to specify the transport protocol used. Some engineers are unsure of which transport protocol is used by specific applications and therefore deny the port number for both TCP and UDP traffic. This practice may unexpectedly deny traffic that should be allowed.

Firewalls are also often configured to deny everything except the applications specified in the permit statements. If traffic that should be permitted is not included in the firewall statements, or if a new application is added to the network without a corresponding permission being added to the firewall, filtering problems occur.

A common indication of Layer 4 problems is users reporting that some web services, especially video or audio, are not reachable.

Verify that the ports being permitted and denied by the firewall are the correct ones for the applications. For a better understanding of which ports correspond to specific applications, review the information on TCP, UDP, and ports in CCNA Discovery: Networking for Home and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP.

9.5.1 - Layer 4 Traffic Filtering Errors The diagram depicts symptoms for issues on Layer 4, the Transport Layer. The table describes the abbreviation and definition for well-known ports. Layer 4: Transport Layer Problems. Symptoms. Intermittent network problems Security problems Trouble reaching some web sites or other network-based applications and services. Well-known Ports Destination port number: 20 Abbreviation: FTP Data Definition: File Transfer Protocol (for data transfer) Destination port number: 21 Abbreviation: FTP Control Definition: File Transfer Protocol (to establish connection) Destination port number: 23 Abbreviation: TELNET Definition: TELetype NETwork Destination port number: 25 Abbreviation: SMTP Definition: Simple Mail Transfer Protocol Destination port number: 53 Abbreviation: DNS Definition: Domain Name Service Destination port number: 67

Abbreviation: DHCP v4 Client Definition: Dynamic Host Configuration Protocol (Client) Destination port number: 68 Abbreviation: DHCP v4 Server Definition: Dynamic Host Configuration Protocol (Server) Destination port number: 69 Abbreviation: TFTP Definition: Trivial File Transfer Protocol Destination port number: 80 Abbreviation: HTTP Definition: Hypertext Transfer Protocol Destination port number: 110 Abbreviation: POP3 Definition: Post Office Protocol (version 3) Destination port number: 137 Abbreviation: NBNS Definition: Microsoft NetBIOS Name Service Destination port number: 143 Abbreviation: I MAP4 Definition: Internet Message Access Protocol (version 4) Destination port number: 161 Abbreviation: SNMP Definition: Simple Network Management Protocol Destination port number: 443 Abbreviation: HTTPS Definition: Hypertext Transfer Protocol Secure Page 2: 9.5.1 - Layer 4 Traffic Filtering Errors The diagram depicts an activity in which you must match the protocol name to the port number. Port Numbers A. 21 B. 53 C. 161 D. 67 E. 110 F. 23 G. 80 H. 25 I. 143 Protocol Names

One. FTP Two. Telnet Three. SMTP Four. HTTP Five. POP3 Six. I MAP4 Seven. DNS Eight. DHCP Nine. SNMP 9.5.2 Troubleshooting Upper Layer Problems Page 1: Most of the upper layer protocols provide user services that are typically used for network management, file transfer, distributed file services, terminal emulation, and email. Protocols at these layers are often referred to as TCP/IP Application Layer protocols, because the TCP/IP model Application Layer encompasses the upper three layers of the OSI model.

The most widely known and implemented TCP/IP Application Layer protocols include:

• • • • • • • • • • • •

Telnet - Enables users to establish terminal session connections with remote hosts. HTTP - Supports the exchange of text, graphic images, sound, video, and other multimedia files on the web. FTP - Performs interactive file transfers between hosts, using TCP. TFTP - Performs basic interactive file transfers typically between hosts and networking devices, using UDP . SMTP - Supports basic email message delivery services. POP3 - Connects to mail servers and downloads email to a client application. IMAP4 - Enables email clients to retrieve messages and store email on servers. SNMP - Collects information from managed devices. NTP - Provides updated time to hosts and network devices. DNS - Maps IP addresses to the names assigned to hosts. SSL - Provides encryption and security for HTTP transactions. SSH - Provides secure remote terminal access to servers and networking devices.

9.5.2 - Troubleshooting Upper Layer Problems The diagram depicts protocols used on the upper layers of the O S I Model: Layer 5, the Session Layer, Layer 6, the Presentation Layer, and Layer 7, the Application Layer. The upper layers of the O S I model are referred to as the TCP/IP Application Layer protocols. TCP/IP Application Layer protocols. HTTP. Telnet. FTP. TFTP. SMTP.

POP3. I MAP4. SNMP. NTP. DNS. SSL. SSH. Page 2: It can be difficult to isolate problems to the upper layers, especially if the client configuration does not reveal any obvious problems. To determine that a network problem is with an upper layer function, start by eliminating basic connectivity as the source of the problem.

Using the "divide and conquer" method of troubleshooting, begin with verifying Layer 3 connectivity.

Step 1. Ping the host default gateway.

Step 2. Verify end-to-end connectivity.

Step 3. Verify the routing configuration.

Step 4. Ensure that NAT is working correctly.

Step 5. Check for firewall filter rules.

If the problem exists on a remote network, end-to-end connectivity cannot be verified because there is no control over all the connections. For this reason, it is possible that even though the configurations on the local devices are correct, there is still a problem with the remote network. Be sure to check with the ISP to ensure that their network connection is up and operational.

If all these steps are completed successfully, and it is verified that the end-to-end connectivity is not the issue, but the end device is still not operating as expected, the problem has been isolated to the upper layers.

9.5.2 - Troubleshooting Upper Layer Problems The diagram depicts the process for troubleshooting the upper layers. Step 1. Ping the host default gateway. If both the host and the server can successfully ping their default gateways, Layer 1 and Layer 2 services are functioning properly and Layer 3 local network connectivity exists. If the ping to the local default gateway address fails, troubleshoot Layers 3, 2, and 1 to locate the source of the problem. Step 2. Verify end-to-end connectivity. Ping or telnet from the host to a remote server or networking device. If successful, Layer 3 routing is operating correctly. When Layers 1, 2, and 3 are functioning properly, the issue must exist at a higher layer. If this ping is unsuccessful, it is necessary to troubleshoot the routing, NAT and firewall configurations to ensure proper packet delivery. Step 3. Verify the routing configuration. Ensure that the routing configuration is correct and that routes are updating as expected. If the routing table does not contain expected routes, troubleshoot and fix the routing configuration and attempt Step 2 again. If still unable to ping, check the NAT configuration. Step 4. Ensure that NAT is working correctly. When there is a problem reaching services on a remote network, such as over the Internet, NAT may not be functioning correctly. Use the show IP nat translations command to verify that translations are occurring. Clear the NAT translations with the clear IP nat translation * command and try to access the external resource again. If still not successful, check the configuration of the inside and outside interfaces. When the NAT configuration has been verified, attempt Step 2 again. If still unable to ping, check for firewall filter rules. Step 5. Check for firewall filter rules. Even though there is IP connectivity between a source and a destination, problems may still exist for a specific upper layer protocol, such as FTP, HTTP, or Telnet. These protocols ride on top of the basic IP transport but are subject to protocol-specific problems relating to packet filters and firewalls. Verify that the necessary ports are permitted on all firewalls. Page 3: Upper layer problems prevent services from being provided to application programs. A problem at the upper layers can result in unreachable or unusable resources, even when the lower layers are functional. It is possible to have full network connectivity, but the application cannot provide data.

Problems with upper layer functions usually affect just a few applications, perhaps even only one. It is not unusual for a help desk technician to get a call from a user who cannot receive email, although all other applications are functioning correctly.

Misconfigured client applications account for the majority of upper layer network problems. When an incorrect email or FTP server is specified, the client cannot find and retrieve information. When more than one application is affected, the upper layer problem may be attributed to a DNS server issue.

To verify that DNS is functioning correctly and can resolve server addresses, use the Windows command nslookup. If DNS is not working as expected, ensure that the correct DNS server address is configured on the host. When hosts receive DNS server information from a DHCP server, verify that the DHCP server has the correct IP address for the DNS server.

If the DNS server is operational and reachable, check for DNS zone configuration errors. Look for a typographical error in an address or name within the files.

9.5.2 - Troubleshooting Upper Layer Problems The diagram depicts symptoms for issues for the upper layers of the O S I Model: Layer 7, Application, Layer 6, Presentation, and Layer 5, Session. Upper Layer Problems. Symptoms: User complains about slow application performance Application error message Unable to access application services, such as FTP Unable to access Web services Page 4: The upper layers are responsible for encryption and compression. A mismatch between the way a client encrypts or compresses the data and the way the server interprets it can cause applications to not function or to function poorly.

When a problem occurs on a single host or workstation, it may be a problem with the way the information is being interpreted in the host software. Browser plug-in programs, such as Adobe Reader, often perform upper layer functions. These programs must be kept updated for web pages to display correctly.

Using an incorrect protocol to request data can cause a web page to be unreachable. For example, it may be necessary to specify https:// on the browser address line, rather than http:// to retrieve an SSL-protected web page.

9.5.2 - Troubleshooting Upper Layer Problems The diagram depicts a Firefox browser window with a "Server not found" error message. 9.5.3 Using Telnet to Check Upper Layer Connectivity Page 1:

Telnet is an excellent tool to use when troubleshooting problems with upper layer functions. Using Telnet to access the networking devices enables the technician to enter commands on each device as if they were locally attached. In addition, the ability to reach devices using Telnet indicates that the lower layer connectivity exists between the devices.

However, Telnet is an insecure protocol, which means that all data communicated can be captured and read. If there is a possibility that communications can be intercepted by unauthorized users, Secure Shell (SSH) protocol should be used instead. SSH is a more secure method for remote device access.

Most newer versions of the Cisco IOS software contain an SSH server. In some devices, this service is enabled by default. Other devices require the SSH server to be manually enabled.

Cisco IOS devices also include an SSH client that can be used to establish SSH sessions with other devices. Similarly, a remote computer with an SSH client can be used to start a secure CLI session. SSH client software is not provided by default on all computer operating systems. The technician may need to acquire, install, and configure SSH client software on the computer.

Review the material in CCNA Discovery: Working at a Small-to-Medium Business or ISP on configuring and using SSH.

9.5.3 - Using Telnet to Check Upper Layer Connectivity The diagram depicts an example of using Telnet to check an upper level connection. A Telnet client with a virtual terminal application window is connected via the internet to a Telnet server. Telnet provides a way to use a computer, connected via the network, to access a network device as if the keyboard and monitor were directly connected to the device. Page 2: Lab Activity

Access networking devices using Telnet and SSH.

Click the Lab icon to begin.

9.5.3 - Using Telnet to Check Upper Layer Connectivity Link to Hands-on Lab: Using Telnet and SSH to Access Networking Devices 9.5.4 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.5.

Click the lab icon to download a CCENT Preparation Guide.

9.5.4 - Certification Study Guide Link to Hands-on Lab: CCENT Study Guide 5 Download the CCENT Study Guide for Section 9.5.

9.6 Preparing for Cisco Certification 9.6.1 Knowledge, Skills and Abilities Page 1: The Cisco Certified Entry Networking Technician (CCENT) certification validates the skills required for entry-level network support positions, the starting point for many successful careers in networking. CCENT certification is the first step toward achieving CCNA certification (Cisco Certified Network Associate), which covers medium-size enterprise branch networks that have more complex connections. To obtain CCENT certification, a candidate must pass the ICND1 examination at a Cisco Certified Testing Center.

The ICND1 exam (640-822) tests the ability to install, operate, and troubleshoot a small branch office network. The exam includes topics on networking fundamentals:

• • • • • • • •

Connecting to a WAN Basic security and wireless concepts Routing and switching TCP/IP and OSI models IP addressing WAN technologies Operating and configuring Cisco IOS devices Configuring RIPv2, static and default routing

• •

Implementing NAT and DHCP Configuring simple networks

Mastering a Cisco certification exam is not an easy task. Cisco has maintained the difficulty of the CCNA exam series by changing the exam requirements regularly. Some candidates pass the exam the first time; many pass it after multiple attempts, while some do not pass it. Good preparation is the best way to ensure that you pass the exam the first time.

9.6.1 - Knowledge, Skills, and Abilities The diagram depicts the steps to take to become CCENT and CCNA certified. Option 1 - CCENT/CCNA Certification Take and pass: ICND1 640-822 Exam, CCNA Discovery: Networking for Home and Small Businesses, CCNA Discovery: Working at a Small-to-Medium Business or ISP, to become CCENT Certified. Then take and pass: ICND2 640-816 Exam, CCNA Discovery: Introducing Routing and Switching in the Enterprise, CCNA Discovery: Designing and Supporting Computer Networks, to become CCNA Certified. Option 2 - CCNA Certification Take and pass the CCNA 640-802 Exam, CCNA Discovery: Networking for Home and Small Businesses, CCNA Discovery: Working at a Small-to-Medium Business or ISP, CCNA Discovery: Introducing Routing and Switching in the Enterprise, CCNA Discovery: Designing and Supporting Computer Networks, to become CCNA Certified. Page 2: Before preparing for any certification examination, it is important to understand the purpose of the exam. Cisco certification examinations are designed to measure the knowledge, skills, and abilities of an individual in a defined area of expertise. The exams use a combination of techniques to enable a candidate to demonstrate readiness to perform various networking tasks. The exam can contain multiple choice questions, various exercises, and simulated network configuration tasks. Each question or task is designed to address a specific objective. The Cisco certification website lists the objectives for the ICND1 exam.

Cisco certification website

9.6.1 - Knowledge, Skills, and Abilities The diagram depicts a brief description of the knowledge, skills, and abilities that are required to pass the certification exams. Knowledge Knowledge statements are typically factual or procedural in nature. They are related directly to the performance of a function. Skills Skill statements refer to the capability to manually, verbally, or mentally manipulate data or things to achieve a desired result. Skills can be measured by a performance test where quantity and quality of performance are tested, usually within an established time limit. Examples of skill related tasks include skill in typing or skill in operating a vehicle. Abilities Ability statements refer to the power to perform an observable activity at the present time. This means that abilities have been proven through activities or behaviors that are similar to those required on the job. An example is the ability to plan and organize work. 9.6.2 Networking Knowledge, Skills and Abilities Page 1: To perform most networking tasks, some knowledge must be recalled from memory. This type of knowledge is made up of facts. When studying for a certification exam, identify the pertinent facts associated with each exam objective. Some individuals find it useful to create flashcards to help memorize these facts. While there may be a few questions on the exam that require the basic factual answers, more often the factual knowledge is needed to diagnose or solve a networking problem.

9.6.2 - Networking Knowledge, Skills, and Abilities The diagram depicts examples of the type of questions used to test knowledge. In a RIP network, what is the maximum number of hops a packet can take before a destination becomes unreachable? Which routing protocols use a distance vector algorithm? How does a switch determine which port to use to reach a destination? Where is the startup configuration stored on a Cisco router? Page 2: Many skills are required when performing networking tasks. Some skills are fairly easy, such as creating and terminating a crossover cable. Other skills are more difficult, such as mastering IP subnetting.

The mastery of networking skills requires practice. Lab and Packet Tracer activities are designed to provide a structured practice environment for learners.

Cisco certifications measure and validate the networking skills of an individual based on how they interact with Cisco networking devices. Because of this, it is very important to practice with Cisco IOS software. Many exam tasks require the interpretation of Cisco IOS command output, especially the output of the various show commands.

9.6.2 - Networking Knowledge, Skills, and Abilities The diagram depicts a sample question that is designed to test the IP addressing skills of the candidate. It also requires the candidate to be familiar with configuring Cisco I O S software. Sample Question: Refer to the exhibit below. Which Cisco I O S command will assign the first usable IP address in the subnetwork to FastEthernet0/1 of R T A? Exhibit: The host, PC-A, (IP 172.18.16.230/22) is connected to a switch which is connected to the router F A 0 /1 interface. S0/1 of the router is connected to the Internet cloud. Command One.R T A (config-if) # ip address 172.18.13.1 255.255.254.0. Command Two.R T A (config-if) # ip address 172.18.14.1 255.255.252.0. Command Three.R T A (config-if) # ip address 172.18.14.1 255.255.255.252. Command Four.R T A (config-if) # ip address 172.18.16.1 255.255.252.0. Command Five.R T A (config-if) # ip address 172.18.16.1 255.255.252.252. Command Six.R T A (config-if) # ip address 172.18.16.229 255.255.255.252. Page 3: The ability to plan, organize, execute, and problem solve is critical to the success of an entrylevel network technician. In a certification exam environment, these abilities are usually measured using configuration and troubleshooting tasks. Effort is made when designing the exams to simulate conditions that an individual would find when performing an actual networking job. These conditions can be presented on the exam using scenarios or simulations.

Preparing for a scenario-based or simulation task is not as simple as memorizing a fact or practicing a specific skill. These types of tasks require an individual to apply both the facts and skills to solve a problem or meet a stated requirement.

One of the best ways to develop troubleshooting abilities is to start by analyzing what knowledge and skills are needed in order to perform specific networking tasks. When the necessary information is identified, anticipate what would happen if that information was not known. Make a list of the possible outcomes and determine what skills could be used to identify and correct any problems that may be created. That sounds difficult, but here are a few examples to consider: •

What would happen if a network technician did not know the correct number of host addresses available using a specific subnet mask? How could the problems be identified and corrected?



What problems might arise in a RIPv2 network that has more than 15 hops from a source to a destination address? What would be a symptom of this problem? How could the problem be corrected?

9.6.2 - Networking Knowledge, Skills, and Abilities The diagram depicts areas of analysis that should be considered when studying the RIP routing protocol: the information needed, possible outcomes, and possible symptoms of problems. Task: Configure RIPv2 to route network traffic Information needed Steps to configure RIPv2 routing. One.Log into the router. Two.Enter privileged mode. Three.Enter configuration mode. Four.Enable RIP. Five.Enable version 2. Six.Configure a network statement for each connected network that participates in RIP. Cisco I O S commands to enable RIPv2 routing. One.Config t. Two.Router rip. Three.Version 2. Four.Network [address]. Five.Copy running-config startup-config. Network addresses for each connected network. Methods to verify if RIPv2 is configured correctly and working. One.Use show running-configuration command. Two.Use show IP route command. Three.Ping from a host to a remote IP address on another network. Four.Trace the route through the router to a remote IP address. Five.Use debug to verify the RIPv2 routing updates are being sent and received. Possible incorrect outcomes if I do no posses the necessary knowledge I cannot enter configuration mode to being the configuration I forgot to configure version 2 or add the network statement I do not configure all the networks I enter the wrong IP address information I cannot verify if RIPv2 is operating correctly Possible symptoms of problems Cannot ping hosts on other networks Cannot trace route through the router No routes appear in routing table of router Page 4: 9.6.2 - Networking Knowledge, Skills, and Abilities The diagram depicts an activity in which you must determine if each of the following tasks

belongs in the knowledge, skills, or ability category. Tasks. One.Troubleshoot a non-functioning network. Two.Calculate an IP subnet. Three.Configure an IP address on a router interface. Four.Plan the implementation of a new router. Five.List two distance vector routing protocols. Six.Build a Category 5 crossover cable. Seven.Design an IP address scheme. Eight.Explain the meaning of the term NAT. Page 5: Lab Activity

Identify the knowledge, skills, and abilities needed to perform the lab tasks.

Click the Lab icon to begin.

9.6.2 - Networking Knowledge, Skills, and Abilities Link to Hands-on Lab: Identifying Necessary Knowledge, Skills, and Abilities 9.6.3 Making the Commitment Page 1: Getting ready to take a certification exam can be an overwhelming task. There is much information to review, many skills to practice, and pressure to succeed. Just like installing a network for a customer, exam preparation is more successful if it is broken down into a series of smaller steps:

1. Making the commitment.

2. Creating a plan.

3. Practicing test taking.

After you complete these steps, you are ready to begin the exam preparation.

9.6.3 - Making the Commitment The diagram depicts an image of the certification pyramid offered by Cisco, from bottom to top, as follows: CCENT CCNA CCNP CCIE Page 2: The first step to obtaining a Cisco certification is making the commitment to devote the time and effort necessary to prepare for the examination. This commitment needs to be assigned a top priority, because it will take time that was previously used for other activities.

In addition to taking time, preparing for a certification exam requires concentration. Find a place at home or at school where you can study for long periods of time uninterrupted. Trying to learn and practice networking skills can be extremely difficult if other distractions are present.

Having the right equipment and resources is also important. Make sure that you have access to a computer, the on-line course materials, and Packet Tracer software. Discuss with your instructor how to schedule lab time to practice your skills on actual equipment. Find out if remote lab access over the Internet is available in your area.

Inform friends and family of your commitment to obtaining the CCENT certification. Explain to them that their assistance and support are needed during the exam preparation. Even if they have no understanding of networking, they can help you study with flashcards or ask practice questions. At a minimum, they can help by respecting your need for uninterrupted study time. If others in your class are preparing for the exam at the same time, it may be helpful to organize a study group.

9.6.3 - Making the Commitment This image depicts two students studying. 9.6.4 Creating a Plan Page 1: After you have made the commitment to dedicate the time necessary to prepare to take the ICND1 examination, the next step is creating a plan. A certification preparation plan includes

information on how you intend to prepare, a schedule of dates and times, and a list of the resources.

There are two ways to approach studying for a certification exam: individually or in a group. Many people find that creating a study group helps them to focus better on the material and keep to a schedule.

When studying with a partner or in a group, it is critical for all participants to know how to contact each other, the schedule and place for meetings, and other pertinent information. It may be necessary to assign members of the group different responsibilities, such as:

• • • • •

Obtaining and distributing study materials Scheduling lab time Ensuring all necessary supplies are available Keeping track of the group progress Finding answers to problems

Studying alone might make the coordination of resources easier, but it does not diminish the importance of a good plan.

9.6.4 - Creating a Plan The diagram depicts a checklist, as follows: Exam Preparation Checklist Obtaining and distributing study materials Scheduling lab time Ensuring all necessary supplies are available Keeping track of the group progress Finding answers to problems Page 2: Set a realistic target date for taking the exam based on the amount of time that is available each week to dedicate to the preparation.

Use smaller amounts of time for fact memorization, and larger blocks of time for practicing skills. It can be frustrating to begin a lab or skill practice exercise and not have sufficient time scheduled to complete it.

The Cisco Press CCENT study guide entitled "31 Days to the CCENT" can be used to structure a schedule. The book takes each exam objective and highlights the important information to study. It contains references to the sections and topics in the CCNA Discovery: Networking for Home and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP curriculum that need to be reviewed and practiced.

A good way to create a schedule is to record all of the available time on a calendar. Then assign each block of time to a specific task, such as "learn OSI model layers and their functions" or "practice IP subnetting." When all tasks are entered, determine when to schedule the exam.

9.6.4 - Creating a Plan This image depicts networking professionals configuring or designing networks. Page 3: Investigate all the tools and resources that are available to help you study. The ICND1 tests the knowledge and skills obtained during this course, in addition to all the content from CCNA Discovery: Networking for Home and Small Businesses. Access to the online curriculum, labs, and Packet Tracer activities is critical to successful preparation.

In addition to these tools, many other study aids exist on the Cisco Learning Network. The link for the Cisco Learning Network is:

Cisco Learning Network

Cisco Press publishes a number of books that cover the CCENT exam objectives. These books can be purchased through the Cisco Marketplace Bookstore.

Cisco Marketplace Bookstore

After the necessary materials have been gathered, it is important to organize them. Reviewing and practicing the CCENT knowledge and skills can be difficult if it is approached in a haphazard manner. It is easier to recall and use information if it is learned and practiced in an organized framework.

9.6.4 - Creating a Plan The diagram depicts the CCNA Prep Center home page.

9.6.5 Practicing Test Taking Page 1: Recalling and performing networking skills in a formal testing environment is different from doing the same functions in a classroom or at home. It is important to understand the format of the exam and how it is administered.

Visit the Testing Center Before taking the exam, visit the testing center and see how the exam is administered. Ask questions about what to expect. Some testing centers provide each examinee with a separate testing room; others have larger areas where a number of people are taking exams at the same time. Find out what is permitted to bring into the room and, more importantly, what items are not permitted. Visit the Cisco certification website to find the nearest testing center.

Format of the Examination Certification exams are given online, similar to the manner in which Networking Academy assessments are delivered. There are, however, some differences:



• • •

Survey questions may be presented before the actual examination begins. It is important to answer these questions truthfully. The survey questions have no impact on the content of the examination or on your final score. Certification exams are timed. The time remaining is displayed on the screen so that you can decide how long to spend on each question or task. There may be many different types of questions or tasks on the same examination. You cannot go back to a previous question after moving to the next one.

There is no way to skip a question or mark a question for review. If you do not know an answer, it is best to guess the answer and move on to the next question.

9.6.5 - Practicing Test Taking This image depicts an individual studying along with a pyramid figure displaying various Cisco certifications. Page 2: Cisco certification exams include the following test formats:

• • • • • • •

Multiple-choice single answer Multiple-choice multiple answer Drag-and-drop Fill-in-the-blank Testlet Simlet Simulations

Before taking the exam, become familiar with how all question types function, especially the testlet, simlet, and simulation tool. This practice enables you to focus on the exam questions rather than on how to correctly use the tools. Practice the exam tutorial found on the Cisco Learning Network website until you are comfortable with the format and operation of each type of question and task.

9.6.5 - Practicing Test Taking This image depicts students in a learning institution along with the Cisco pyramid displaying various Cisco certifications. Page 3: Lab Activity

Use the Cisco Learning Network website to find study materials and tools to help prepare for the CCENT exam.

Click the lab icon to begin.

9.6.5 - Practicing Test Taking Link to Hands-on Lab: Exploring the CCNA Prep Center Page 4: Although nothing substitutes for the experience of taking the actual exam, it is often helpful to take practice exams. The Cisco Learning Network provides sample tests for the ICND1 exam that include multiple choice questions. If studying for the exam with other students, create practice questions and share them. In addition, there are commercially available practice exams that can be purchased and downloaded from the Internet.

Cisco certifications include tasks that simulate the operation of Cisco routers and switches. It is recommended that you repeat all Packet Tracers and Labs in this course in preparation for the

ICND1 exam. However, just reading the curriculum and practicing the labs may not be adequate preparation for the types of integrated tasks that appear on a certification exam. It is important to investigate what might happen if there is an error in the setup or configuration of a device. Much can be learned by creating error situations and observing the changes in command output and device operation. Many of the scenario questions and tasks on the ICND1 exam are based on troubleshooting network problems.

9.6.5 - Practicing Test Taking The diagram depicts an example of a certification exam simulation question. A brief description is given for several windows, as well as the control buttons. Several windows are open on a desktop. Router - This window displays a terminal emulation screen. It is used to enter C L I commands to make changes to device configuration and to display output. Topology - This window displays the topology of the network and provides additional context for the simulation. Instructions - This window provides instructions on how to complete the simulation. Control buttons - These are control buttons that open and activate the various simulation windows. Page 5: Packet Tracer Activity

Use Telnet and other tools to troubleshoot problems in a small network.

Click the Packet Tracer icon to begin.

9.6.5 - Practicing Test Taking Link to Packet Tracer Exploration: CCENT Troubleshooting Challenge 9.6.6 Certification Study Guide Page 1: CCENT Study Guide

Click the lab icon to download a CCENT Preparation Guide for section 9.6.

Click the lab icon to download a CCENT Preparation Guide.

9.6.6 - Certification Study Guide Link to downloadable CCENT Preparation Guide - Preparing for the ICND1 Exam Please see your instructor for further information. Page 2: CCENT Study Guide

In addition to the previous Study Guide topics, the CCENT Certification also covers Wireless LANs (WLANs). This topic is covered in CCNA Discovery: Networking for Home and Small Businesses. For your convenience a Study Guide for WLANs is included here.

Click the lab icon to download a CCENT Study Guide for WLANs.

9.6.6 - Certification Study Guide Link to Hands-on Lab: CCENT Study Guide 6 Download the CCENT Study Guide for Section 9.6.

9.7 Chapter Summary 9.7.1 Summary Page 1: 9.7.1 - Summary Diagram 1, Image The diagram depicts the layers of the O S I Model and the TCP/IP Model. Diagram 1 text Each layer of the OSI or TCP/IP model has specific functions and protocols. Knowledge of the features, functions and devices of each layer, and how each layer relates to the layers around it, help a network technician to troubleshoot more efficiently. The upper layers, Layers 5-7, of the O S I Model deal with specific application functionality and are generally implemented only in software. The lower layers, Layers 1-4, of the O S I Model handle data transport and physical networking functions. There are three main troubleshooting approaches when using network models: Top-down Bottom-up Divide-and-conquer

Diagram 2, Image The diagram depicts software tools used to troubleshoot a network. Diagram 2 text Tools that assist with network troubleshooting include: Network Diagrams and Documentation Network Documentation and Baseline Tools Network Management Systems Knowledge Bases Protocol Analyzers Sometimes failures in the lower layer of the O S I Model cannot be easily identified with software tools. In these instances, it may be necessary to use hardware troubleshooting tools, such as cable testers, multimeters, and network analyzers. Diagram 3, Image The diagram depicts Layer 1 and Layer 2 issues. Diagram 3 text The Physical and the Data Link Layers encompass both hardware and software functions. The Physical Layer, or Layer 1, is responsible for the physical and electrical specifications for the transmission of bits from one host to another over the physical medium, either wired or wireless. Layer 1 Problems include: Cable type, length and termination problems Duplex mismatches Interfaces and noise that disrupts transmissions Device hardware and boot errors Router interface errors are often the first symptom of Layer 1 and Layer 2 cabling or connectivity errors. Devices L E D's provide valuable troubleshooting information that can be used to identify the cause of connectivity issues. Diagram 4, Image The diagram depicts output information for Layer 2 issues. Diagram 4 text The Data Link Layer, or Layer 2, specifies how the data is formatted for transmission over the network media. It also regulates how access to the network is granted. Layer 2 provides the link between the Network Layer software functions and the Layer 1 hardware for both LAN and WAN applications. Layer 2 Problems include: Encapsulation mismatches No keepalives generated or received Timing problems on WAN connections The show version , show interfaces and show interface brief commands provide troubleshooting information to isolate and identify Layer 1 and Layer 2 issues. Diagram 5, Image The diagram depicts a table of addressing schemes at Layer 3. Diagram 5 text The primary functions implemented at Layer 3 of the O S I Model are network addressing and

routing. Poorly designed and configured IP addressing schemes, especially overlapping subnet addresses, account for a large number of network performance problems. Overlapping subnets can be caused by careless address assignment or by improperly configured subnet masks on devices. Problems obtaining an IP address from a DHCP server can cause PC clients to automatically configure an address on the 169.254.0.0 network. NAT configuration and operation issues can cause Internet sites to be unreachable from the privately addressed LAN. Diagram 6, Image The diagram depicts routing information used at Layer 3. Diagram 6 text Most networks have a number of different types of routes, including a combination of static, dynamic, and default routes. Problems with routing can be the result of manual route entry errors, routing protocol configuration and operation errors, or failures at lower layers of the O S I Model. The primary tool to use when troubleshooting Layer 3 routing problems is the show IP route command. The routing table consists of route entries from the following sources: Directly connected networks Static routes Dynamic routing protocols Problems that occur with RIPv2 routing include: Version not specified causing version mismatch between routers. Misconfigured or missing network statements Improperly configured interface IP addresses Diagram 7, Image The diagram depicts the transport of data on a network at Level 4. Diagram 7 text Layer 4 is responsible for transporting data packets and specifies the port number used to reach specific applications. Firewall and port filtering rules that permit or deny the incorrect ports can cause needed services to be unreachable from client computers. Upper Layer services include DNS name resolution, encryption and compression. Errors occurring with these functions can cause end-user applications to be unusable. The Windows command nslookup can provide information to assist with troubleshooting DNS failures. Diagram 8, Image The diagram depicts the CCENT and CCNA certification process. Diagram 8 text The Cisco Certified Entry Networking Technician (CCENT) certification validates the skills required for entry-level network support positions, the starting point for many successful careers in networking. To obtain CCENT certification, a candidate must pass the ICND1 (640-822) examination which tests the ability to install, operate, and troubleshoot a small branch office network. Cisco certifications measure and validate the networking skills of an individual based on how they interact with Cisco networking devices. Many exam tasks require the interpretation of Cisco I O S command output, especially the output of the various show commands.

Just like installing a network for a customer, exam preparation is more successful if it is broken down into a series of smaller steps: One.Making the commitment. Two.Creating a plan. Three.Practicing test taking.

9.8 Chapter Quiz 9.8.1 Quiz Page 1: Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

9.8.1 - Quiz Chapter 9 Quiz: Troubleshooting 1.Match the tool to its correct testing description. Tools cable tester digital multimeter network analyzer network management system protocol analyzer Testing Description checks power-supply voltage levels and verifies that network devices are receiving power graphically displays a physical view of network devices and can locate the source of a failed device identifies devices producing the most network traffic, analyzes network traffic by protocol, and views interface details detects broken wires, crossed-over wiring, shorted connections and improperly paired connections filters traffic that meets certain criteria so that all traffic between two devices can be captured 2.A network administrator is troubleshooting connectivity issues with a router and finds that the S 0 /0 /0 interface IP address has been improperly configured. At what layer of the O S I model is this problem occurring? A.Layer 1 B.Layer 3 C.Layer 4 D.Layer 7 3.Match the pairs of devices to the UTP cable type that connects them. Choose either straightthrough cable or crossover cable for each pair of devices. Devices

host to switch hub to switch router to switch router F A 0 /0 to host hub to router switch to switch Cable types Straight-through Cable Crossover Cable 4.Match each network situation to its associated O S I layer. Choose either Layer 1 or Layer 2 for each network situation. Network Situation excessive broadcast encapsulation error loose cable connection fluctuating power supply serial 0 /0 /0 is up, protocol is down misconfigured NIC incorrect cable type damaged serial interface connector Layers Layer 1 Layer 2 5.This question depicts a network topology appearing as follows: A "Headquarters Office" is connected to router RTA. RTA is connected via S 0 /0 /0 to the S 0 /0 /0 of router RTB. RTB is connected to the Branch Office. A network administrator is troubleshooting the connectivity between the headquarters and the branch office. Which important troubleshooting information can the administrator get from the output of the show interface serial 0 /0 /0 command? A.encapsulation type B.CSU/DSU type C.CSU/DSU timing D.routing protocol type 6.Which interface status indicates a high error rate? A.Serial 0 /0 /0 is down, line protocol is down. B.Serial 0 /0 /0 is up, line protocol is down. C.Serial 0 /0 /0 is up, line protocol is down (looped). D.Serial 0 /0 /0 is up, line protocol is down (disabled). E.Serial 0 /0 /0 is administratively down, line protocol is down. 7.Hosts on the LAN are able to communicate with hosts on the same LAN, but are unable to connect outside the network. What is the possible problem? Use the output from RouterA below to answer this question. RouterA(config)# ip dhcp pool LANpool RouterA(dhcp-config)# network 192.168.1.0 255.255.255.240 RouterA(dhcp-config)# default-router 192.168.1.30 RouterA(dhcp-config)# dns-server 192.168.1.2 RouterA(dhcp-config)# end %SYS-5-CONFIG_I: Configured from console by console RouterA(config)# show ip dhcp binding IP AddressClient-ID/Lease expiration Type Hardware address 192.168.1.400D0.BCBD.993BFeb 01 2008 8:15 AM Automatic 192.168.1.500D0.D30B.C23EFeb 01 2008 9:25AM Automatic 192.168.1.70001.C91C.D0ECFeb 01 2008 10:21 AM Automatic

A.The pool command is not applied to an interface. B.The DNS address is misconfigured. C.The DHCP address is missing. D.The default gateway address is on a different network. 8.What can be concluded from the output of the debug ip rip command? (Choose two) R1# debug ip rip RIP protocol debugging is on R1# 8d05h: RIP sending v1update to 255255255 255 via FastEthernet0/0 (172.16.1.1) 8d05h: RIP: build update entries 8d05h: network 10.0.0.0 metric 1 8d05h: network 192.168.1.0 metric 2 8d05h: RIP: sending v1 update 255.255.255 255 via Serial0/0/0 (l0.0.8.1) 8d05h: RIP: build update entries 8d05h: network 172.16.0.0 metric 1 R1# 8d05h: RIP: received v1 update via 10.0.15.2 on Serial0/0/0 8d05h: 192.168.1.0 in 1 hops 8d05h: 192.168.168.0 in 16 hops (inaccessible) A.The 10.0.0.0 network is two hops from R1. B.A ping to 192.168.168.10 will be successful. C.R1 sent information about five destinations in the update. D.R1 sent a RIP broadcast on F A 0 /0 that advertises two networks. E.R1 has received updates from one router at source address 10.0.15.2. 9.This question depicts a network topology appearing as follows: Router R1 is connected via F A 0 /0 to switch Sw1 on 192.168.1.1/24. SW1 is connected to host H1. R1 is also connected via F A 0 /1 to switch Sw2 on 192.168.2.1/24. SW2 is connected to host H2 and DHCP server with the address 192.168.2.3/24. Output from R1 appears as follows: R1(config)#interface f a 0 /0 R1(config-if)#ip helper-address 192.168.2.3 What is the result of the command that is issued on R1? A.The 192.168.1.0 network will not receive any DHCP requests B.DHCP acknowledgements will be issued from the 192.168.1.0 network C.Switch SW2 is acting as a DHCP relay agent for the 192.168.1.0 network D.DHCP requests are forwarded to 192.168.2.3 10.This question depicts a network topology appearing as follows: Router R1 is connected via a serial connection to router R2. R2 is connected via F a 0 /0 with the address 192.168.1.1 to a host with the address 192.168.1.20. R1 is also connected via serial connection to R3. R3 is connected to a host with the address 192.168.3.16. Pings from 192.168.1.20 to 192.168.1.1 successful Pings from 192.168.1.20 to 192.168.3.16 successful Telnets from 192.168.1.20 to 192.168.3.16 unsuccessful Based on the results from the troubleshooting commands, what is one possible problem? A.An incorrect IP address was assigned. B.The packets may be blocked by a firewall.

C.The routing protocol was not configured correctly. D.There is a Layer 2 encapsulation error.

End

Related Documents

Husain Ccna Notes
June 2020 6
Ccna Study Notes
November 2019 4
Husain Randathani
December 2019 13
Dr.izzat Husain
December 2019 25