CCNA BY SALIM

Chapter 8

VLAN Operation
8.1) VLAN Operation Overview
A Virtual LAN (VLAN) is a broadcast domain created based on the functional, security, or other requirements, instead of the physical locations of the devices, on a switch or across switches. With VLANs, a switch can group different interfaces into different broadcast domains. Without VLANs, all interfaces of a switch are in the same broadcast domain; switches connected with each other are also in the same broadcast domain, unless there is a router in between. Different ports of a switch can be assigned to different VLANs. A VLAN can also span multiple switches.

The advantages of implementing VLAN are:

It can group devices based on the requirements other than their physical locations. It breaks broadcast domains and increases network throughput. It provides better security by separating devices into different VLANs. Since each VLAN is a separate broadcast domain, devices in different VLANs cannot listen or respond to the broadcast traffic of each other. Inter-VLAN communication can be controlled by configuring access control lists on the router or Layer 3 switch connecting the VLANs.

VLANs can be configured using one of the following two methods: 8.1. A) Static VLAN
Assigning VLANs to switch ports based on the port numbers.

101

CCNA BY SALIM
It is easier to set up and manage.

8.1. B) Dynamic VLAN

Assigning VLANs to switch ports based on the MAC addresses of the devices connected to the ports. A VLAN management application is used to set up a database of MAC addresses, and configure the switches to assign VLANs to the switch ports dynamically based on the MAC addresses of the connected devices. The application used by Cisco switches is called VLAN Management Policy Server (VMPS). Cisco switches support a separate instance of spanning tree and a separate bridge table for each VLAN.

A VLAN = A Broadcast Domain = Logical Network (Subnet)

VLAN Operation

102

CCNA BY SALIM

Each logical VLAN is like a separate physical bridge. VLANs can span across multiple switches. Trunks carry traffic for multiple VLANs. Trunks use special encapsulation to distinguish between different VLANs.

VLAN Membership Modes

103

CCNA BY SALIM

8.2) VLAN Trunking

There are two different types of links in a switched network:

Access link
A link that is part of only one VLAN. Therefore, a port connecting to an access link can be a member of only one VLAN.

Trunk link
A 100 Mbps or 1000 Mbps point-to-point link that connects switches or routers, and carries frames of different VLANs. Therefore, a port connecting to a trunk link can be a member of multiple VLANs. All VLANs are configured on a trunk link by default. VLAN Trunking, by making use of frame tagging, allows traffic from different VLANs to transmit through the same Ethernet link (trunk link) across switches. VLAN Trunking identifies the VLAN from which a frame is sent by tagging the frame with the source VLAN ID (12-bit long). This feature is known as frame tagging or frame identification. With frame tagging, a switch knows which ports it should forward a broadcast frame (forward out the ports which have the same VLAN ID as the source VLAN ID). It also knows which bridge table it should use for forwarding a unicast frame (since a separate bridge table is used for each VLAN).

104

CCNA BY SALIM
A frame tag is added when a frame is forwarded out to a trunk link, and is removed when the frame is forwarded out to an access link. Therefore, any device attached to an access link is unaware of its VLAN membership.

8.2. A) Trunking protocols

Cisco switches support two trunking protocols:

Inter-switch Link (ISL)

It is a Cisco proprietary VLAN trunking protocol and can only be used between Cisco switches or switches supporting ISL. It encapsulates a frame by an ISL header and trailer. An ISL header is 26 bytes long and contains the 12-bit VLAN ID, MAC addresses of the sending and the receiving switch, and some other information. An ISL trailer is 4 bytes long and contains the CRC of the frame. It supports a separate instance of spanning tree for each VLAN by using a Cisco proprietary feature called Per-VLAN Spanning Tree (PVST+). Different instances of spanning tree allow the STP parameters of different VLANs to be configured independently. For example, we can break a network loop by blocking different links for different VLANs instead of blocking the same link for all VLANs, so that the available bandwidth can be used more efficiently.

IEEE 802.1q
It is the IEEE standard trunking protocol. It inserts a 4-byte header to the middle of the original Ethernet header. The 802.1q header contains the 12-bit VLAN ID and some other information.

Ethernet frame without 802.1Q header

Destination Addresses (6 bytes) Source addresses (6 bytes) Type (2 bytes) Data (46-1500bytes) FCS (4 bytes)

Ethernet frame with 802.1Q header

Destination Addresses (6 bytes) (4 bytes) Source addresses 802.1Q header Type (2 bytes) Data (46-1500bytes) FCS (4 bytes)

105

CCNA BY SALIM
(6 bytes)

Recalculation of the FCS is required after the insertion of the 802.1q header as the original header has been changed. It did not support a separate instance of spanning tree for each VLAN originally. However, Cisco switches can use PVST+ with 802.1q to support this feature. IEEE has also defined a new specification called 802.1S, which can be used with 802.1q to support multiple instances of spanning tree. It defines one VLAN as the native VLAN. It does not insert 802.1q header into the frames sent from the native VLAN over a trunk link. The default native LAN is VLAN 1. Since 802.1q is defined as a type of Ethernet frame, it does not require that every device on a link understands 802.1q. By defining a trunk port as a member of the native VLAN, any Ethernet device (even if it does not understand 802.1q) connected to the trunk port can read frames for the native VLAN. Both sides of a trunk link must agree on which VLAN is used as the native VLAN. Otherwise, the trunk will not operate properly.

802.1Q Trunking

106

CCNA BY SALIM

107

CCNA BY SALIM

8.3) Importance of Native VLANs

802.1Q Frame

108

CCNA BY SALIM

8.4) Per-VLAN Spanning Tree

ISL Tagging

109

CCNA BY SALIM

ISL Encapsulation

VTP Protocol Features

A messaging system that advertises VLAN configuration information

110

CCNA BY SALIM
domain Maintains VLAN configuration consistency throughout a common administrative Sends advertisements on trunk ports only

8.5) VTP Modes Server

Creates VLANs Modifies VLANs Deletes VLANs Sends/forwards advertisements Synchronizes Saved in NVRAM

Client
Forwards advertisements Synchronizes Not saved in NVRAM Creates VLANs Modifies VLANs

Transparent

111

CCNA BY SALIM
Deletes VLANs Forwards advertisements Does synchronize Saved in NVRAM

not

VTP Operation
VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.

VTP Pruning
Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN

112

CCNA BY SALIM

Practicals P.1) Switch Inter VLAN(Virtual Local Area Network) Configuration LAB 3550 Switch 3560 Switch

Chapter 9

Introduction of CISCO IOS IPsec

113

CCNA BY SALIM
IPSec is an industry-wide standard suite of protocols and algorithms that allows for secure data transmission over an IP-based network that functions at the layer 3 network layer of the OSI model. IPSec cant be used to encrypt non-IP traffic. This means that if you run into a situation where you have to encrypt non-IP traffic, youll need to create a GRE tunnel for it and then use IPSec to encrypt that tunnel

IP Sec Transforms
An IPSec transform specifies a single security protocol with its corresponding security algorithm; without these transforms, IPSec wouldnt be able to give us its glory. Its very important to understand the security protocols and the supporting encryption and hashing algorithms that IPSec relies upon.

9.2) Security Protocols

The two primary security protocols used by IPSec :

Authentication Header (AH) Encapsulating Security Payload (ESP)

9.2.A) Authentication Header (AH)

The AH protocol provides authentication for the data and the IP header of a packet using a one-way hash for packet authentication.

Working mechanism :
The sender generates a one-way hash; then the receiver generates the same one-way hash. If the packet has changed in any way, it wont be authenticated and will be dropped. So basically, IPSec relies upon AH to guarantee authenticity. AH checks the entire packet, but it doesnt offer any encryption services.

9.2.B) Encapsulating Security Payload (ESP)

ESP will provide confidentiality, data origin authentication, connectionless integrity, antireplay service, and limited traffic-flow confidentiality by defeating traffic flow analysis.

Four components of ESP:

Confidentiality :

114

CCNA BY SALIM
Confidentiality is provided through the use of symmetric encryption algorithms like DES or 3DES. Confidentiality can be selected separately from all other services, but the confidentiality selected must be the same on all endpoints of your VPN. Data origin authentication and connectionless integrity : Data origin authentication and connectionless integrity are joint services offered as an option in conjunction with the likewise optional confidentiality. Anti-replay service : You can only use the anti-replay service if data origin authentication is selected. Antireplay election is based upon the receiver, meaning the service is effective only if the receiver checks the sequence number. In case you were wondering, a replay attack is when a hacker nicks a copy of an authenticated packet and later transmits it to the intended destination. When the duplicate, authenticated IP packet gets to the destination, it can disrupt services and other ugly stuff. The Sequence Number field is designed to foil this type of attack. Traffic flow : For traffic flow confidentiality to work, you have to have tunnel mode selected. And its most effective if its implemented at a security gateway where tons of traffic amasses a situation that can mask the true source-destination patterns of bad guys trying to breach your networks security.

Chapter 10

More Practical on Cisco Routers

10.1) IOS Back-up and Restore Configuration

115

CCNA BY SALIM
20.0.0.1 S0/0

1700A

Sw itch

F0/0 10.0.0.1

Internet

Ba ck-up TFTP se rve r 10.0.0.3

10.0.0.4

10.2) IOS Back-up command

Install TFTP server (use solarwind.exe 3rd Party tool) in local machine 1700A#show flash 1700A#copy flash: tftp: Source file name: xxxxxxxxxx Remote host: 10.0.0.3 Destination file name: xxxxxxxxxx (same source file name)

10.3 Configuration Back-up command 10.4) Erase Starting configuration command

1700A#erase startup configuration

10.5) Restore IOS configuration commane

If we are already erase the starting configuration. So router doesnt boot from flash rom because of to change the RX Boot mode. Router>en Router#config t

116

CCNA BY SALIM
Router(config)#config-register 0X2101 Router(config)#exit Router#reload Few second to reload Router(config)#interface F0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#^Z Router#ping 10.0.0.3 Router#copy tftp: flash: Host: 10.0.0.3 Source file name: xxxxxxxxxx Same name to transfer: xxxxxxxxxx erase :yes

10.6) Configuration restores command

Router#copy tftp: startup configuration Source address: 10.0.0.3 Source file name: AAAA

10.7) Change Normal mode command

Router(config)#config-register 0X2102 Router#reload

10.8) Password Recovery Configuration

Router>en Router#config t Router(config)#line console 0

117

CCNA BY SALIM
Router(config-line)#password 123 Router(config-line)#login Password recovery steps Switch off our Router then on Press Control+Break Rommon 1 >confreg 0X2142 (to by pass the NVRAM) Rommon 2 >reset Would u like to default configuration ? No Router#show running configuration Router#show startup configuration To see a Password Router#show ver Router#config t Router(config)#config-register 0X2102 Router(config)#exit Router#reload No

10.9) Secure Shell

Secure She ll Se rve r 20.0.0.1 S0/0

F0/0 10.0.0.1

Internet

10.0.0.3

10.0.0.4

10.10) Configuration Back-up

118

CCNA BY SALIM

20.0.0.2 S0/0

1700B

Internet

F0/0 30.0.0.1

Back-up FTP server 10.0.0.3

10.0.0.4

Remot Back-up FTP Server 30.0.0.2

10.11) SYSLOG Server Configuration

119

CCNA BY SALIM

20.0.0.2 S0/0

1700B

Internet

F0/0 30.0.0.1

Syslog Server 30.0.0.2 10.0.0.3 10.0.0.4

10.12) Dynamic Host Configuration Protocol Configuration LAB

Router do not forward the broadcast packet across the network.Its send a packet to unicast.

10.13) IPv6 with GRE (Generic Routing Encapsulation) Tunnel Configuration LAB 10.14) IPV6 Routing Configuration

CISCO DEFINATIONS
ADSP AEP - AppleTalk Data Stream Protocol - AppleTalk Echo Protocol

120

CCNA BY SALIM
AFP AFP APPN ARB ARIS ARLL ARP ASP ATM BGP BOOTP BPDU CIDR CIR CPE DARPA DEMARC DHCP DHCP DSAP EIT/TIA - AppleTalk Filling Protocol - AppleTalk Filling Protocol - Advanced Peer-to-Peer Net-working - Area Border router. - Aggregate Route-Based Switching. - Advanced Run-Length Limited - Address Resolution Protocol - AppleTalk Session Protocol - Asynchronous Transfer Mode - Border Gateway Protocol - Bootable Protocol - Bridge Protocol Data Unit - Classes Inter-Domain Routing - Committed Information Rate - Customer Permises Equipment - Defense Advanced Research Projects Agency - Demarcation - Dynamic Host Configuration Protocol - Dynamic Host Configuration Protocol - Destination Service Access Point - Electronics Industry Association /

Telecommunications Industry Association EGP EBGP EIGRP FCS FDM - Exterior Gateway Protocol - External Border Gateway Protocol - Enhanced Interior Gateway Routing Protocol - Frame Check Sequence - Fequency- Division Multiplexing

121

CCNA BY SALIM
FTP GPS HDLC HTTP - File Transfer Protocol - Global Positioning Services - High-level Data Link Control - Hypertext Transfer Protocol

HTTPS - Hypertext Transfer Protocol Secure ICMP ICS IGMP IGRP - Internet Control Message Protocol - Internet Connection Sharing - Internet Group Management Protocol - Interior Gateway Routing Protocol

IMAP4 - Internet Message Access Protocol, Version 4 INARP - Inverse ARP IOS ISDN IP LCP LDAP LMI LPD LPR - Internetwork Operating System - Integrated Services Digital Network - Internet Protocol - Link Control Protocol - Lightweight Directory Access Protocol - Local Management Interface - Line Printer Daemon - Line Printer Remote

MMDS - Multipoint Microwave Distribution System NBP NCP NDS NNTP NTP NVRAM OSPF - Name Binding Protocol - NetWare Core Protocol - NetWare Directory Service - Network News Transfer Protocol - Network Time Protocol - Nonvolatile RAM - Open Shortest Path First

122

CCNA BY SALIM
OUI PAP POP PPP PPPoA PPPoE PPTP PVC Proxy ARP RAID RARP RAS RDP RIP RTMP SAP SCP SFTP SLIP SMB STP SMTP SNAP SNMP SSAP SSH STP - Organizationally Unique Identifier - Printer Access Protocol - Point Of Presence (Post Office Protocol) - Point-to-Point Protocol - Point-to-Point Protocol over ATM - Point-to-Point Protocol Ethernet - Point-to-Point Tunneling Protocol - Permanent Virtual Circuit - Proxy Address Resolution Protocol - Redundant Array of Inexpensive (Independent) Disks - Reverse Address Resolution Protocol - Windows Remote Access Service - Remote Desktop Protocol - Routing Information Protocol - Routing Table Maintenance Protocol - Service Advertising Protocol - Secure Copy Protocol - Secure File Transfer Protocol - Serial Line Internet Protocol - Server Message Block - Spanning Tree Protocol - Simple Mail Transfer Protocol - Sub-Network Access Protocol - Simple Network Management Protocol - Source Service Access Point - Secure Shell - Spanning Tree Protocol

123

CCNA BY SALIM
SVC TDM TDM TELNET TFTP UDP - Switched Virtual Circuit - Time Division Multiplexed - Time-Division Multiplexing - Terminal Emulation - Trivial File Transfer Protocol - User Datagram Protocol

VLANs- Virtual LANs VLSM WLAN ZIP IETF VPN NAS LNS PPP ISAKMP PPTP L2TP L2TPv3 MPLS L2F - Variable Length Subnet Masking - Wireless LAN - Zone Information Protocol - Internet Engineering Task Force - Virtual private networks - Network Access server - L2TP Network Server - Point-to-Point Protocol - Internet Security Association and Key Management Protocol - point-to-point tunneling protocol - Layer 2 Tunnelling Protocol - Layer 2 Tunnelling Protocol version 3 - Multi-protocol label switching - Layer 2 Forwarding

VPDN
PPTP

- virtual private dial-up network

- Point-to-Point Tunneling Protocol

124

CCNA BY SALIM

CCNA Question and Answers

1, What is difference between Switch & Hub?
Switch: Switches operate at Layer 2 Data Link Layer Address Learning Forward / Filter decision using MAC address Loop Avoidance Breakup collision domains Switches create separate collision domains but a single broadcast domain Hub: Hub operates at Layer 1 Physical Layer No Filtering No Addressing Hub creates single collision domain and single broadcast domain Make forwarding to all the ports when signal is arrived

2, What is PING utility?

PING Packet Internet Gopher A utility that verifies connections to one or more remote hosts. The ping command uses the ICMP echo request and echo reply packets to determine whether a particular IP system on a network is functional. Ping is useful for diagnosing IP network or router failures.

3, What is a VLAN? What does VLAN provide?

VLAN Virtual Local Area Network

Vlan is a logical grouping or segmenting a network connected to administratively defined ports on a switch, they provide Broadcast control, Security and Flexibility.

125

CCNA BY SALIM

4,What is Subnetting? Why is it used?

Used in IP Networks to break up larger networks into smaller sub-networks. It is used to reduce network traffic, optimized network performance, and simplifies management i.e. to identify and isolate network problems.

5, Difference between the Communication and Transmission?

Communication is the process of sending and receiving data by means of a data cable that is connected externally. Transmission means the transfer of data from the source to the destination.

6, What is RAID?
A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (striping & parity).

7, What are 10Base2, 10Base5 and 10BaseT Ethernet LANs?

10Base2 an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling, with a contiguous cable segment length of 200 meters (185mts). Known as Thin-net. 10Base5 an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling, with a contiguous cable segment length of 500 meters. Known as Thick-net. 10BaseT an Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses two pairs of twisted-pair baseband signaling, with a contiguous cable segment length of 100 meters.

8, What are the two types of Transmission Technology available?

Point to Point and Broadcast

9, What is point-to-point protocol?

An industry standard suite of protocols for the use of point-to-point links to transport multiprotocol data-grams.

10, What are the possible ways of data exchange?

Simplex Half-duplex Full-duplex

126

CCNA BY SALIM

11, What is difference between Baseband and Broadband Transmission?

In a baseband transmission, the entire bandwidth of the cable is consumed by a single signal. In broadband transmission, signals are sent on multiple frequencies, allowing multiple signals to be sent simultaneously.

12, What is Protocol Data Unit?

The processes at each layer of the OSI model.
Layers Transport Network Data Link Physical PDU Segments Packets/Datagrams Frames Bits

13, What are major types of Networks and explain?

Peer-to-Peer Network Computers can act as both servers sharing resources and as clients using the resources. Server-based Network Provide centralized control of network resources and rely on server computers to provide security and network administration

13a, What is Passive Topology?

When the computers on the network simply listen and receive the signal, they are referred to as passive because they dont amplify the signal in any way.

14, What is Mesh Network?

A network in which there are multiple network links between computers to provide multiple paths for data to travel.

15, How Gateway is different from Routers?

Gateway

A device connected to multiple physical TCP/IP networks capable of routing or delivering IP packets between them. 127

CCNA BY SALIM Router Its a layer 3 device that connects 2 different networks and routes packets of data from one network to another. It breaks up Broadcast domain as well as Collision Domain.

16, What is B-router?

Its a Hybrid device that combines the features of both bridges and routers.

17, What is Subnet?

A subdivision of an IP network.

18, What is Frame relay, in which layer it comes?

Frame relay is an industry standard, shared access, switched Data Link Layer encapsulation that services multiple virtual circuits and protocols between connected mechanisms. Frame relay is a packet-switched technology.

19, What is Terminal Emulation, in which layer it comes?

The use of software, installed on PC or LAN server, that allows the PC to function as if it were dumb terminal directly attached to a particular type of mainframe. Telnet is also called as terminal emulation. It belongs to application layer.

20, What is Beaconing?

An FDDI frame or Token Ring frame that points to serious problem with the ring, such as a broken cable. The beacon frame carries the address of the station thought to be down.

21, What are NetBIOS and NetBEUI?

NetBIOS Network Basic Input / Output System An application-programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send data-grams between nodes on a network. NetBEUI NetBIOS Extended User Interface An improved version of the NetBIOS protocol, a network protocol native to Microsoft Networking. It is usually used in small, department-size local area networks (LANs) of 1 to 200 clients. It can use Token Ring source routing as its only method of routing.

128

CCNA BY SALIM

22,What is Cladding?
A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.

23,What is Attenuation?
In communication weakening or loss of signal energy, typically caused by distance.

24,What is MAC address?

The address for a device as it is identified at the Media Access Control (MAC) layer in the network architecture. MAC address is usually stored in ROM on the network adapter card and is unique.

25,What is ICMP?
ICMP Internet Control Message Protocol It is a Network Layer Internet protocol, which can report errors and status information. We can use the ping command to send ICMP echo request messages and record the receipt of ICMP echo reply messages. With these messages, we can detect network or host communication failures and troubleshoot common TCP/IP connectivity problems.

26,What is difference between ARP and RARP?

ARP Address Resolution Protocol The protocol that traces IP addresses to MAC addresses. RARP Reverse Address Resolution Protocol The protocol within the TCP/IP stack that maps MAC addresses to IP addresses.

27,What is the difference between TFTP and FTP application layer protocols?
TFTP Trivial File Transfer Protocol A stripped down version of FTP, easy to use and fast. TFTP has no Directory browsing, o Authentication and insecure it can only send and receive files. FTP File Transfer Protocol The TCP/IP protocol used for transmitting files between network nodes. FTP allows access to both Directories and files, manipulating directories, typing file contents and copying files between hosts.

129

CCNA BY SALIM

28,Explain 5-4-3 rule?

In a Ethernet network, between any two points on the network, there can be no more than five network segments or four repeaters, and of those five segments only three of segments can be populated.

29,What MAU?
MAU Multistation Access Unit

30,What is the difference between routable and non- routable protocols?

Routable protocols can work with a router and can be used to build large networks. NonRoutable protocols are designed to work on small, local networks and cannot be used with a router.

31,What is logical link control?

One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802 standard. This sublayer is responsible for error detection but not correction, flow control and framing.

32,What is Virtual Channel?

A logical circuit that is created by Virtual channel links. It carries data between two endpoints in a network. The other name for Virtual Channel is Virtual Circuit.

33,What is Virtual Path?

Along any transmission path from a given source to a given destination, a group of virtual circuits can be grouped together into what is called path.

34,What is multicast routing?

Sending a message to a group multicast address is called multicasting, and its routing algorithm is called multicast routing.

35,What is IGP (Interior Gateway Protocol)?

Any protocol used by an internetwork to exchange routing data within an autonomous system. E.g. RIP, IGRP and OSPF.

36,What is EGP (Exterior Gateway Protocol)?

It is the protocol the routers in neighboring autonomous systems use to identify the set of networks that can be reached within or via each autonomous system.

37,What is Autonomous System?

130

CCNA BY SALIM
A group of Networks under mutual administration that share the same routing methodology. Autonomous Systems are subdivided by Areas and must be assigned an individual 16-bit number by the IANA.

38,What is BGP (Border Gateway Protocol)?

It is a protocol used to advertise the set of networks that can be reached within an autonomous system. BGP enables this information to be shared with the autonomous system. This is newer than EGP (Exterior Gateway Protocol).

39,What is Gateway-to-Gateway protocol?

It is a protocol formerly used to exchange routing information between Internet core routers.

40,What is Kerberos?
An authentication mechanism used to verify user or host identity. Kerberos uses encryption to prevent intruders from discovering passwords and gaining unauthorized access to files.

41,What is OSPF (Open Shortest Path First)?

OSPF is the first Open Standard Link State Routing Protocol.

Its a Classless Routing Protocol meaning when updates are sent they send both IP address and Subnet mask.
Administrative Distance is 110. Metric used is Cost i.e. Cost= 108 --------------Bandwidth OSPF uses algorithm to build Routing Table called Dijisktra. Sends only Incremental and Triggered updates. Route updates sent within the routers will be secured with the help of MD5 encrypted password. Routing updates are sent as Multicast addresses i.e. 224.0.0.5 SPF (all OSPF routers) 224.0.0.6 Designated router and Backup Designated router OSPF maintains 3 types of Routing table i.e. Routing Table (Dijisktra), Topology Table (SPF) and Neighborship Table. In OSPF Routers can be connected in two methods i.e. Point-to-Point Link Point to Multipoint Link

131

CCNA BY SALIM
In OSPF a single large Autonomous system is break into small areas. There should be atleast one area by name Area 0. Its called as Backbone Area. The Router that connects more than one Area is called as Area Border Routers. The Router that connects to other Autonomous system is called as Autonomous System Boundary Router. Router ID If the priority is set 1 to all the routers then there is a tie in priority, in this case it will check if there is any loopback address is given to any router if not the router with highest value of IP address will be elected as Router ID. This router will be then called as Designated Router and the router with less value of IP address after Designated Router will be called as Backup Designated Router. If a Router has all interfaces existing in single area than that router is called as Internal Router. Whenever a router send routing updates to DR and BDR it uses Destination address as 224.0.0.6 and when DR send updates to all the routers it uses Destination address as 224.0.0.5.

In OSPF routing updates are called as Link State Advertisements.

If an OSPF router wants to send updates to other OSPF router then it should carry 3 requirements i.e. Hello Packets Received It contains Area Id, Uptime, Password, Hello Interval, Dead Interval, Neighborship Table and Router Id. Point-to-Point Link Halo Interval 10 Dead Interval 40 Point to Multipoint Link Halo Interval 30 Dead Interval 120

Adjacency Built If both router interfaces belongs to same Area, same Password then Hallo and Dead Intervals should be set same. Neighborship Built If both routers are adjacent to each other then Neighborship is built in Routers. When one routerRA sends updates i.e. Link State Advertisements to other routerRB it will send that update to Topology Database of routerRB and will run an algorithm SPF on routerRB to create a new Topology Table. After that Dijisktra Algorithm is run to find the best path and that entry will be put in Routing Table.

132

CCNA BY SALIM
The router when sends Hallo packets to other router a Neighborship Table is set on that Router.

42,What is SLIP (Serial Line Internet Protocol)?

An industry standard serial encapsulation for point-to-point connections that supports only a single routed protocol, TCP/IP.

43,What is RIP (Routing Information Protocol)?

Rip run on any Routers hence called as Open Standard Distance Vector Routing Protocol. Its a classful routing protocol meaning when updates are sent they send only IP address but not subnet mask. Administrative Distance is 120. Metric used is Hop counts (number of routers to cross to reach the destination). Rip uses algorithm name Bellman Ford Algorithm to determine the best path selection. Supports maximum 15 Hops. Supports 6 paths if there is a tie in metric i.e. same metric. RIP Timers Route update timer 30seconds Route invalid timer 180 seconds Holddown timer 180 seconds Route flush timer 240 seconds

45,What is the HELLO protocol used for?

The HELLO protocol uses time instead of distance to determine optimal routing. It is an alternative to the Routing Information Protocol.

46,What is the difference between interior and exterior neighbor gateways?

Interior gateways connect LANs of one organization, whereas exterior gateways connect the organization to the outside world.

47,What protocol do DNS name servers use?

DNS uses UDP for communication between servers. It offers a connectionless datagram service that guarantees neither delivery nor correct sequencing of delivered packets (much like IP).

133

CCNA BY SALIM

48,What is a DNS resource record?

A resource record is an entry in a name server's database. There are several types of resource records used, including name-to-address resolution information. Resource records are maintained as ASCII files.

49,BOOTP helps a diskless workstation boot. How does it get a message to the network looking for its ip address?
A protocol used primarily on TCP/IP networks to configure diskless workstations. BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a server that gives it the IP address.

50,What is anonymous FTP and why would you use it?

Anonymous FTP enables users to connect to a host without using a valid login and password. Usually, anonymous FTP uses a login called anonymous or guest, with the password usually requesting the user's ID for tracking purposes only. Anonymous FTP is used to enable a large number of users to access files.

51,How do Data Link layer addresses and Network addresses differ? Give a description of each.
Besides the names suggesting that addresses reside at different layers, other differences do exist. Data Link layer addresses are assigned by the manufacturer and identify the actual hardware device. A Network layer address is a logical address assigned by the network administrator to identify a device running a Network layer protocol, such as IP.

52,What are the differences or similarities, if any, between repeaters, hubs, and concentrators?
First, they are all Physical layer devices. Repeaters regenerate and amplify the signal traveling on the wire to extend the normal distance limitation of the signal. A repeater can connect two network segments. A hub and a concentrator are the same thing, with hub being the more common term used today. Hubs are repeaters with 824 ports. When one machine attached to the hub sends anything over the network, all the devices attached to the hub receive that signal.

53,Describe, in general terms, the reasons for implementing LAN segmentation.

It confines user traffic to a segment and addresses and solves distance limitation problems. Segmentation also cuts down on the traffic generated by broadcasts and multicasts, and thereby increases performance. Because of the reduction of the size of the segment, collisions and overall traffic also are reduced.

134

CCNA BY SALIM

54,Which of the three switching methods is fastest, and why?

Cut-Through switching is the fastest method because the switches read only the first six bytes of the frame before forwarding it.

55,What services do bridges and switches provide?

Bridges and switches can determine whether a frame is destined for the local network segment or needs to be forwarded to another network segment based on the destination MAC address.

56,What would be the best network segmentation device if you wanted to connect two dissimilar networks, such as Ethernet and Token-Ring?
A,A bridge or a switch B,A concentrator or a hub C,A router D,A gateway Answer A is incorrect because bridges and switches cant perform protocol translation. Answer B is incorrect because neither a concentrator nor a hub can segment a network. Answer C is correct because routers can provide translation between dissimilar protocols, among other things. Answer D is incorrect because a gateway functions as a translator, not a segmentation device.

57,Why is overhead or latency associated with routers? (Choose all that apply.)
A,Routers must work at layer 3, which is inherently slower. B,Routers must examine the frame header before passing it. C,Routers must hold a frame for a given period of time for security purposes. D,Routers must translate the signal, but then the signal can cut through directly. Answer A is correct because resolving those addresses is more time consuming. Answer B is correct because the router must examine and consider the frame header detail before passing it, which slows processing. Answers C and D are incorrect because they are simply not accurate. 58,Which of the following represents Physical layer devices? A,Repeaters, bridges, and concentrators B,Repeaters, hubs, and concentrators C,Repeaters, routers, and bridges

135

CCNA BY SALIM
D,Repeaters, routers, and switches Answer B is correct because repeaters, hubs, and concentrators comprise the only combination that resides at the Physical layer. Answers A, C, and D are combinations of devices that reside at different layers. 59,How do routers make routing decisions? A,They build tables and make their decisions based on those tables. B,They perform lookups and make their decisions dynamically with discovery. C,They use hello packets to discover routes on the fly. D,They query NetBIOS cache for the appropriate paths. Answer A is correct because routing decisions are made based on the contents of routing tables. Answer B is incorrect because routers are incapable of making decisions without tables already in place. Answer C is incorrect because hello packets are used to calculate routes when new routers are added to a network. Answer D is incorrect because it is simply inaccurate. 60,Choose the devices that are used for Data Link layer segmentation. A,Concentrators and switches B,Routers and bridges C,Bridges and switches D,Bridges and hubs Answer A is incorrect because concentrators reside at the Physical layer and switches at the Data Link layer. Answer B is incorrect because routers are level 3 devices and bridges are level 2 devices. Answer C is correct because bridges and switches reside at the Data Link layer. Answer D is incorrect because bridges reside at the Data Link layer and hubs at the Physical layer. 61,What is an advantage of having a VLAN (Virtual LAN)? A,Traffic control between VLANs is processor intensive. B,Broadcasts of multicast traffic are contained within one VLAN. C,Theyre more flexible because they enable device assignment only on a port-by-port basis. D,With VLANs, users are not inherently isolated by group. Answer A is incorrect because there is nothing more or less processor intensive about VLANs. Answer B is incorrect because there is no such thing as a broadcast of multicast traffic; the words broadcast and multicast are mutually exclusive. Answer C is correct because VLANs extend the flexibility of LANs by enabling the port-by-port isolation of users and assignment to distinct VLANs if desired. Answer D is incorrect because VLANs by their definition segment workgroups. 62,Which two characteristics describe Store and Forward switching?

136

CCNA BY SALIM
A,The entire frame is copied into the buffer. B,The frame is forwarded based on the first six bytes. C,It provides higher throughput. D,It provides error checking. Answers A and D are correct because Store and Forward switching copies the entire frame into the buffer before forwarding, which also provides for error checking. Answers B and C are incorrect because they describe Cut-Through. 63,Which two characteristics describe Cut-Through switching? A,The entire frame is copied into the buffer. B,The frame is forwarded based on the first six bytes. C,It provides higher throughput. D,It provides error checking. Answers B and C are correct because Cut-Through switching provides forwarding based on what is contained in the first six bytes of the frame, which provides higher throughput. Answers A and D are incorrect because they describe Store and Forward switching. 64,Name the Cisco proprietary protocol that allows VLANs to be managed within domains. VTP (VLAN Trunking Protocol) allows multiple VLANs to be managed within a single VTP domain. 65,Name the three VTP modes in which a switch can operate. VTP switches operate in one of three modes: server, client, or transparent. 66,Name the Cisco proprietary protocol used on Fast Ethernet VLAN trunk links. ISL (Inter-Switch Link) protocol is used to encapsulate VLAN traffic over Fast Ethernet trunk links. 67,At what layer of the OSI model do VLANs operate? VLANs operate at layer 2 of the OSI model. 68,To allow Inter-VLAN communication, what does your router require? You need a router that has some kind of viable trunking connection, such as Fast Ethernet (ISL), and must be configured with subinterfaces. 69,Choose one method of decreasing broadcasts across a switched network. A,Set up an Intra-LAN. B,Set up a workgroup banded by a server cluster. C,Set up a VLAN to isolate traffic. D,Set up a firewall to isolate traffic.

137

CCNA BY SALIM

Answers A and B are incorrect because they are simply false. Answer C is correct because each VLAN becomes its own broadcast domain. Answer D is incorrect because a firewall is meant to shelter internal networks from intrusion from the outside. 70,Choose two benefits of VLAN implementation. A,VLANs incorporate only one router per routed subnet. B,VLANs control broadcasts. C,VLANs amplify broadcasts. D,VLANs ease security restrictions. E,VLANs provide increased network security. Answer A is incorrect because routers are not at all necessary for a VLAN to operate. Answers B and E are correct because VLAN implementation controls broadcasts and provides isolation, therefore security. Answers C and D are simply incorrect. 71,What is the purpose of a trunking protocol? A,To connect the backbone of a primary VLAN to the backbone of a secondary VLAN B,For one switch fabric to be integrated with another switch fabric C,For a VLAN on one switch to be linked to a VLAN on another switch D,To enable multiple trunking protocols to communicate Answers A is incorrect because it uses wrong terminology. Answer B is incorrect because switch fabric is a hardware-related component of a switch and belongs to one switch only. Answer C is correct because trunking protocols allow management of VLANs with similar or dissimilar trunking protocols. Answer D is incorrect because a trunking protocol does not enable multiple trunking protocols to communicate. 72,Choose the encapsulation protocol used on Fast Ethernet links. A,Cisco Switch Link B,Dedicated Switch Link C,Inter-Switch Link D,VLAN Switch Link Answer C is correct because Inter-Switch Link protocol is the encapsulation protocol used on Fast Ethernet links. Answers A, B, and D is incorrect because no such links exist. 73,At which layer of the OSI model does ISL function? A,Data Link layer B,Network layer C,Physical layer D,LLC Data Link sublayer

138

CCNA BY SALIM

Answer A is correct because ISL functions at the Data Link layer of the OSI model. Answers B and C are incorrect because ISL does not function at those layers of the OSI model. Answer D is incorrect because the specific sublayer does not have any distinction in this context. 74,Which method is used by VTP to convey VLAN configuration information within its management domain? A,Through directed broadcasts B,Through LSAs local service advertisements C,Through multicast advertisements D,Through port flooding Answer C is correct because multicast advertisement convey configuration information to all connected switches in the same management domain. Answers A, B, and D is incorrect because they do not convey information within management domains. 75,In ATM LANE, what factor determines the type of trunking protocol used? A,The link type B,The encapsulation mode C,The density of VLANs D,The ATM LANE Module type Answer A is correct because the link type determines the type of trunking protocol used. Answers B and C are incorrect because they are simply false. Answer D is incorrect because the ATM LANE Module is a hardware card and does not affect trunking protocols. 76,What is VTP designed to do? A,It enables an administrator to manage VLANs across multiple trunk links. B,It enables an administrator to manage VLANs across dissimilar trunking protocols. C,It enables an administrator to merge the management duties of more than two trunk links together. D,It is used to synchronize VTP advertisements across multiple trunk links. Answer A is incorrect because trunk links do not address the aspect of communication. Answer B is correct because VTP is designed to enable an administrator to manage VLANs running dissimilar trunking protocols. Answer C is incorrect because a trunk link does not necessary entail management duties on its own. Answer D is incorrect because it is simply false. 77,What is a limitation of Intra-VLAN traffic? A,Communication is limited to VLANs directly connected to a router. B,Communication is limited to VLANs off the same switch backplane. C,Communication is limited to devices within the same VLAN.

139

CCNA BY SALIM
D,Communication is limited to devices between VLANs. Answer A is incorrect because VLANs are connected for Inter-VLAN communication. Answer B is incorrect because the backplane is where traffic is actually switched, and it is a hardware component. Answer C is correct because that is the very definition of Intra-VLAN traffic. Answer D is incorrect because VLANs cannot talk to each other without a router. 78,VTP (Virtual Trunking Protocol) exists at which layer and for what purpose? A,Layer 2, to maintain VLAN configuration consistency B,Layer 2, to maintain trunking protocol synchronization C,Layer 2, to maintain domain synchronization D,Layer 3, to maintain access lists Answer A is correct because VTP operates at layer 2 and maintains VLAN configuration consistency. Although the OSI layer is correct, answers B and C are incorrect because the second portion of the answers is incorrect. Answer D is incorrect because VTP and switching do not operate at layer 3 and access lists are maintained on routers. 78,What two basic steps are necessary to create access list filters? The first step is to build the list at global configuration mode using the access-list command followed by an access list number signifying the type. The second step is to apply the list to an interface by using the [protocol type] access-group command followed by the access list number and parameters. 79,Identify the appropriate access list range values used to create access lists. A,IP standard access list = 199 B,IP extended access list = 100199 C,IPX standard access list = 800899 D,IPX extended access list = 900999 E,IPX SAP filter = 10001099 80,What is the purpose of a wildcard mask? To enable an administrator to apply an access list rule to a group of hosts or subnets by masking off bits within an IP address, making the bit positions within the mask variable. 81,Name the access list keywords. any = 0.0.0.0 255.255.255.255 host = specific IP address of an end host (192.16.10.2 0.0.0.0)

140

CCNA BY SALIM
82,How does the direction in which an access list is applied affect datagram processing? Access lists applied to an interface in an inbound direction determine whether a datagram received on an interface will be forwarded or blocked. Access lists applied to an interface in an outbound direction determine whether a datagram already received will be forwarded out that interface. 83,What is the access list number range used to identify an IP standard access list? A,0100 B,1100 C,199 D,110 E,101199 Answer C is correct because the correct value range to identify an IP standard access list is 199. Answers A, B, D, and E are incorrect because they are not ranges used to identify an IP standard access list. 84,Write the command that would apply access list 100 to interface E0 in an outbound direction. (Assume you are already at interface configuration mode of the Ethernet interface.) A,IP access-group 100 out B,IP access-list 100 out C,IP access-group 100 in D,IP access-group E0 out Answer A is correct because IP access-group 100 out is the command that would apply access list 100 to interface E0 in an outbound direction. Answers B, C, and D are simply incorrect. 85,Which of the following commands creates a standard IP extended access list that enables ping echo requests to be sent from any host on network 166.10.0.0 to network 155.10.0.0? A,Access-list 12 permit IP 166.10.0.0.0.0.255.255 host 155.10.0.0 B,Access-list 120 permit ICMP 166.10.0.0 0.0.255.155 155.10.0.0 0.0.0.255 eq echo C,Access-list 120 permit 166.10.0.0.0.0.255.255 host 155.10.0.0 D,Access-list 120 permit ICMP 166.10.0.0 0.0.255.255 155.10.0.0 0.0.255.255 eq echo Answer A is incorrect because the access list number is not an extended list number. Also, the protocol type is IP not ICMP, and the destination is specifying the host keyword but using a subnet value instead, which is invalid. Answer B is incorrect because it uses an incorrect inverse

141

CCNA BY SALIM
mask for the destination network. Answer C is incorrect because it does not specify the protocol after the permit statement and also is using the host keyword with the destination network. Answer D is correct because it uses a valid access list number and syntax to forward ICMP echo requests. 86,Write the command to view all access lists created on your router regardless of protocol. A,show access-lists B,show ip access-lists C,show ipx interfaces D,show ipx servers 87,Answer A is correct because show access-lists enables you to view all access lists created on your router regardless of protocol. Answers B, C, and D are incorrect because these commands do not enable you to perform that specific function. Which of the following best describes the function of the following access list line?

A,Access-list 87 permit 145.19.2.1 0.0.0.0 155.6.0.0 0.0.255.255

B,Any host on subnet 155.6.0.0 can access host 145.19.2.1. C,It is an IPX standard access list allowing host 145.19.2.1 to access any host on subnet 155.6.0.0. D,It is an extended IP access list allowing hosts on network 145.19.0.0 to access hosts on network 145.19.0.0, which can access host 155.6.255.255. E,It is an IP standard access list enabling host 145.19.2.1 to access any host on subnet 155.6.0.0. Answers A and C are incorrect because they do not state the actions of this access list correctly. Answer B is incorrect because this is not an IPX standard list. Answer D is correct because it correctly describes the access list behavior. 88,Which of the following commands applies IPX SAP filter 1010 to an interface in the outbound direction? A,IPX access-group 1010 out B,IPX output-sap-filter 1010 C,IPX output sap-filter 1010 D,IPX-sap-filter 1010 out Answer A is incorrect because it is the syntax used to define a standard or extended list. Answer B is correct because it uses the correct syntax. Answer C is incorrect because it is missing the hyphen between the output and sap commands. Answer D is incorrect because it is a completely invalid command.

142

CCNA BY SALIM

89,Which command can you use to display a list of access list filters configured on your router for IP only? A,show IP access-lists B,show access-lists C,show IPX interfaces D,show IPX servers Answer A is correct because show IP access-lists enables you to display a list of access list filters configured on your router for IP only. Answers B, C, and D are incorrect because these commands do not enable that specific function. 90,Write the command to bind IPX extended access list 901 to interface serial 0 on an inbound direction. A,IPX access-group 901 in B,IPX access-group 901 S0 out C,IPX access-group 910 in D,IPX access-group 901 out Answer A is correct because IPX access-group 901 in is the command that will bind the IPX extended access list 901 to interface serial 0 on an inbound direction. Answers B, C, and D are incorrect because they are simply false. 91,Which two of the following commands will enable Telnet traffic from all hosts on network 166.10.0.0 to be forwarded to the Telnet server 137.2.10.1? A,Access-list 110 permit TCP 166.10.0.0 0.0.255.255 host 137.2.10.1 eq Telnet B,Access-list 99 permit TCP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0. eq 23 C,Access-list 110 permit TCP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0 eq 23 D,Access-list 110 permit IP 166.10.0.0 0.0.255.255 137.2.10.1 0.0.0.0. eq 23 Answers A and C are correct. The only difference between the two is that Answer A uses the host keyword and the Telnet keyword instead of a port number. Answer B is incorrect because the access list number is 99, which is used for standard lists. Answer D is incorrect because it uses IP instead of TCP after the permit statement.

143