Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) not guarantee or warrant the results to be obtained from the Work There is no guarantee of any kind, expressed or implied, regarding the Work or its contents The Work is sold AS IS and WITHOUT WARRANTY You may have other legal rights, which vary from state to state In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents Because some states not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc “Syngress: The Definition of a Serious Security Library™”, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc Brands and product names mentioned in this book are trademarks or service marks of their respective companies PUBLISHED BY Syngress Publishing, Inc Elsevier, Inc 30 Corporate Drive Burlington, MA 01803 Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit Copyright © 2009 by Elsevier, Inc All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication ISBN 13: 978-1-59749-306-2 Publisher: Laura Colantoni Acquisitions Editor: Rachel Roumeliotis Developmental Editor: Matthew Cater Lead Author and Technical Editor: Dale Liu Project Manager: Andre Cuello Page Layout and Art: diacriTech Copy Editors: Audrey Doyle, Charles Roumeliotis Indexer: diacriTech Cover Designer: Michael Kavish For information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Corporate Sales, Elsevier; e-mail: m.pedersen@elsevier.com Library of Congress Cataloging-in-Publication Data Liu, Dale Cisco CCNA/CCENT exam 640-802, 640-822, 640-816 preparation kit / Dale Liu p cm Includes index ISBN 978-1-59749-306-2 Computer networks—Examinations—Study guides Telecommunications engineers—Certification I Title TK5105.5.L567 2009 004.6076—dc22 2009016847 Printed in the United States of America Contributors Naomi J Alpern David Andersson Kimarie Hazelbaker C Eric Irvin Steve Long Johan Loos Renato Martins Kevin Miller Derrick Rountree Robert J Shimonski Scott Sweitzer Acknowledgements I would like to dedicate this book first to the staff, publisher, and editors at Syngress: ■■ Laura Colantoni, Publisher ■■ Matt Cater, Developmental Editor ■■ Rachel Roumeliotis, Senior Acquisitions Editor I thank all of the other contributing authors, editors, and copy editors, without whom this project could not have succeeded! I thank Tommy and the entire staff of the Bull and the Bear Tavern and Eatery, in Houston, Texas, especially Table no 1, where a lot of the book was created and edited; you really have a great place to work! And finally and most importantly, I dedicate this book to Amy Mitamura, my muse, inspiration, support, and in-house editor, whose continued support and understanding were vital for this process to come to completion! I thank you all! —Dale Liu xi About the Authors Lead Author and Technical Editor Dale Liu (MCSE Security, CISSP, MCT, IAM/IEM, CCNA) has been working in the computer and networking field for more than 20 years Dale’s experience ranges from programming to networking to information security and project management He currently teaches networking, routing, and security classes, while working in the field performing security audits and infrastructure design for medium to large companies Dale was the lead author and technical editor for Next Generation SSH2 Implementation: Securing Data in Motion (ISBN: 978-1-59749-283-6, Syngress), lead author and technical editor for Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity, (ISBN: 978-1-59749-418-2, Syngress), technical editor for The IT Regulatory and Standards Compliance Handbook: How to Survive an Information Systems Audit and Assessments (ISBN: 978-1-59749-266-9, Syngress), and a contributing author to Securing Windows Server 2008: Prevent Attacks from Outside and Inside your Organization (ISBN: 978-1-59749-280-5, Syngress) He currently resides in Houston, Texas, with two cats He enjoys cooking and beer brewing with his girlfriend and live-in editor Amy Contributing Technical Editors Brian Barber (Linux+, MCSE, MCSA, MCP+I, MCNE, CNE, CNA-GW) works for the Canada Deposit Insurance Corporation (CDIC) as a project manager and architect for CDIC’s IT service management program His primary areas of interest are operating systems, infrastructure design, multiplatform integration, directory services, and enterprise messaging He is also an experienced instructor and courseware developer In the past he has held the positions of Principal Consultant with Sierra Systems Group Inc., Senior Technical Coordinator at the LGS Group Inc (now a part of IBM Global Services), and Senior Technical Analyst at MetLife Canada He has been co-author, technical editor, or lead author for more than 15 books and xiii xiv About the Authors certification guides Recently, he was a Contributing Technical Editor for Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity (ISBN: 978-1-59749-418-2, Syngress) Luigi DiGrande is a Senior Systems Administrator with Ingres Corporation In his role at Ingres, Luigi supports the global IT infrastructure Luigi specializes in working with Microsoft and Cisco-based systems Luigi has designed and deployed Windows-based systems for over 10 years and has in-depth practical knowledge of how the client and server-based systems operate, ­Windows network and security, Exchange 2003/2007 Contributing Authors Naomi J Alpern currently works for Microsoft as a consultant specializing in Unified Communications She holds many Microsoft certifications, including an MCSE and MCT, as well as additional industry certifications such as Citrix-Certified Enterprise Administrator, CCNA, Security+, Network+, and A+ Since the start of her technical career she has worked in many facets of the technology world, including IT administration, technical training, and, most recently, full-time consulting She likes to spend her time reading cheesy horror and mystery novels, when she isn’t browsing the Web She is also the mother of two fabulous boys, Darien and Justin, who mostly keep her running around like a headless chicken David Andersson (CCNA, MCT, MCSE, CIW Instructor, CIW Security Analyst, Master CIW Administrator, CNA, A+) is a CIS faculty member at the American Public University System David instructs in the Information Technology degree and certificate curriculum, acts as the SME for the security, Cisco, and Microsoft-centric classes and is a key contributor to the classroom and online curriculum development of the Information Technology Program David holds a bachelor’s degree from Indiana University, a master’s degree from Western Kentucky University, a master’s degree from ISIM University, an Ed.S degree from Nova Southeastern University, his doctorate from Northcentral University, and is a member of the ACM and the IEEE David currently resides in the Chicago metro area with his family, Nataliya, Elizabeth, Charles, and Lucy Kimarie Hazelbaker is a technical consultant and trainer specializing in designing, implementing, and troubleshooting local- and wide-area networks, using mostly Cisco devices She has been working in the information ­technology About the Authors industry for more than 20 years and has considerable experience with a variety of hardware, operating systems, and client and server applications Kimarie currently operates her consulting and training business out of northwestern Colorado C Eric Irvin (CISSP, MCITP: Enterprise Admin, MCSE, MCSA, CCNA) is a Security Engineering Analyst for Blue Cross and Blue Shield of Alabama, and consultant for IrvTech, LLC He specializes in security project management, as well as end-user security awareness, and security compliance assurance He specializes in Cisco routers, switches, and VPN solutions His focus is in providing business-enablement solutions that provide functionality and security to the customers of his organization Eric holds a bachelor’s degree from Amridge University, and is a member of Infragard and the Information Systems Security Association He volunteers his security background with local municipal government organizations Eric currently resides in Birmingham, Alabama Steve Long is a senior software engineer/systems analyst with Wilmington Trust Steve has more than 14 years of database and application design and development experience He currently provides database and application support to trading applications and processes using Microsoft technologies He also serves as technical lead on significant projects in addition to lending his infrastructure, project management, and business process expertise to all initiatives Before making a full-time switch to the information technology field, Steve spent a number of years working in the accounting field Steve holds a bachelor’s degree from Goldey-Beacom College in Wilmington, Delaware, and a Client/Server Technology certification from Pennsylvania State University He is currently working toward his graduate degree at Goldey-Beacom Johan Loos (Network+, Security+, MCT, MCITP, MCSE 2003 Security, CCNA, SCNA, GCWN, CEH) is an independent trainer/consultant at Access Denied, a company based in Belgium He has several years of experience as a trainer and consultant His specialization is security and he is involved in security projects for medium and enterprise-sized companies He lives with his wife Anja and their son Stef Renato Martins (PMP, SCJP, SCWCD, ITIL Foundation MCSE, MCSA, MCPD, MCDBA, MCITP, MCTS, MCSD, MCAD, IBM Soa Designer, IBM  DB2 DBA + Developer, IBM Portal Admin) has extensive teaching and information technology industry experience Renato has created ­training material for xv xvi About the Authors programming (Delphi, ASP), database (SQL Server), and ­operating system (Windows Server) courses He has been teaching at official training centers and universities since 1998 Renato has worked as a developer/architect for Griaule Biometrics, creating image processing and fingerprint recognition solutions In 2004, he joined IBM and worked on its services division in Brazil for more than 3 years He moved to IBM’s software group in Ireland, in mid-2008, where he currently provides level support for Lotus and Websphere products Kevin Miller (CCNP, CCSP, CCDP, JNCIA-SSL, MCSE) is a Network Architect with Herman Miller Inc., an international office furniture manufacturer From his home office in Huntsville, Alabama, he provides network management, design, and support services throughout Herman Miller’s network His primary areas of expertise include Cisco routing and switching, firewalls, wireless and web content services, as well as Juniper’s SSL concentrators Kevin’s background includes significant experience with both VPN and Quality of Service technology He was a contributing author to Juniper(r) Networks Secure Access SSL VPN Configuration Guide (ISBN: 978-1-59749200-3, Syngress) Derrick Rountree (CCNP, MCSE, MCT, CCEA, SSCP) has been in the IT industry for more than 15 years He has a Bachelors of Science in Electrical Engineering degree Derrick has held positions as a network administrator, IT consultant, and QA engineer He has contributed to multiple Syngress publications in the areas of computer hardware and Citrix certification Robert J Shimonski (MCSE, etc) is an entrepreneur, a technology consultant, and a published author with more than 20 years of experience in business and technology Robert’s specialties include designing, deploying, and managing networks, systems, virtualization, storage-based technologies, and security analysis Robert also has many years of diverse experience deploying and engineering mainframes and Linux- and Unix-based systems such as Red Hat and Sun Solaris Robert has in-depth work-related experience with and deep practical knowledge of globally deployed Microsoft- and Ciscobased systems and stays current on the latest industry trends Robert consults with business clients to help forge their designs, as well as to optimize their networks and keep them highly available, secure, and disaster free Robert was the technical editor for and a contributing author to Sniffer Pro Network Optimization & Troubleshooting Handbook (ISBN: 978-1931836-57-9, Syngress), the technical editor for Security+ Study Guide and DVD ­Training System (ISBN: 978-1-931836-72-2, Syngress), lead author About the Authors and ­technical editor for Network+ Study Guide & Practice Exams: Exam N10-003 (ISBN: 978-1-931836-42-5, Syngress), and technical editor for and a contributing author to Building DMZs for Enterprise Networks (ISBN: 9781-931836-88-3, Syngress) Robert was most recently a contributing author to Microsoft Vista for IT Security Professionals (ISBN: 978-1-59749-139-6), a contributing author to The Real MCTS/MCITP Configuring Microsoft Windows Vista Client Exam 70-620 Prep Kit (ISBN: 978-1-59749-233-1, Syngress), and technical reviewer for The Real MCTS/MCITP Windows Server 2008 Configuring Active Directory Exam 70-640 Prep Kit, (ISBN: 978-1-59749-235-5, Syngress) Robert can be found online at www.shimonski.com Scott Sweitzer (CCNA, CCAI, MCSE, MCSA, MCITP, MCTS, MCP+I, MCT, A+, Network+, Server+, INet+, HTI+, DHTI+) is a senior analyst at Ricoh He currently works with career changing students providing Microsoft training in Indianapolis, Indiana His specialties include Cisco routers and LAN switches, Microsoft Windows NT4-2008, Virtualization, and Update services He also works with home technology integration projects In addition Scott is the owner of consulting companies MicrosoftITPros com and TrainingMicrosoft.net, where he works with the small and medium business market Scott’s background also includes positions as a Department Chair Technology Programs at Indiana Business College and systems engineer at the Systems House Scott and his family live in a suburb of Indianapolis xvii Chapter Introduction to Networking E x a m o b j e c tives in this chap ter Networking Hardware Network Types Networking Topologies IEEE Basic Networking Concepts VoIP 21 25 30 31 40 Introduction To have a successful career as a Cisco Certified Network Associate (CCNA), it is imperative that you understand the terminology used by individuals in the field of networking To communicate effectively with peers and staff, you need to have a firm grasp on concepts and jargon you will be exposed to as a CCNA Understanding basic terms and concepts will be essential for any individual trying to become successful in the field of networking An in-depth understanding of basic networking concepts is critical for any individual trying to pass the CCNA certification exam Successful CCNAs will need to be able to identify hardware associated with common networks, such as switches and routers CCNAs also need to have a firm grasp of concepts such as Ethernet networks, Network Topologies and Protocols The field of networking is constantly being revised and updated with newer, more efficient technologies For this reason, it is also imperative that CCNAs keep abreast of the latest trends in the field, such as 802.11n, Voice over Internet Protocol (VoIP), and IPv6 Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit Copyright © 2009 by Syngress Press Inc All rights of reproduction in any form reserved CHAPTER 1: Introduction to Networking Cisco tends to be a leader in implementing new technologies in their hardware and software products Cisco will therefore expect that individuals who pass their CCNA examination will have a grasp on the latest ­technology This is one of the many reasons that the CCNA certification is widely respected and coveted by many people within the industry To pass the certification exam and become a successful CCNA, it is essential to have a solid understanding of networking vocabulary and concepts Networking Hardware A number of different devices are available to run a network In this section, we will take a look at the different types of devices, cabling, and new wireless technologies to assist you in understanding what devices accomplish what connectivity in the network To understand the technology, we need a brief understanding of the seven-layer Open System Interconnect (OSI) model that helps us to understand where each device is, see Chapter for more detail on the OSI model The seven layers of the OSI model are shown in Table 1.1 Each networking item will work at one or more of the OSI layers, and we will define them Exam Warning Cisco places a lot of emphasis on the matching of devices to their OSI layer Some ­devices will be described in an obscure manner, and you will have to identify the device Pay close attention to the multiple ways some devices will be defined in this chapter Table 1.1   OSI Model Layers Layer Function Application Protocols that affect data like FTP, HTTP, SMTP, and so forth Presentation Compression of data, code conversion, and encryption Session Handshaking and virtual circuit setup Transport TCP and UDP ports and segmenting of data Network IP, routing, and creation of packets Data link MAC/physical address and creation of Frames Physical Cable, NIC, and breaking of frames into the bits that get transferred over the media 816 Appendix: Self Test is input into an MD5 algorithm and will provide an encryption key This is then used to send authentication information between Routers and Since CHAP uses encryption, it is inherently secure Incorrect Answers & Explanations: A, B, C Answer A is incorrect, because although Two-Fish is a 128-bit block cipher that does provide a layer of security, Two-Fish is not used with CHAP, whereas MD5 is Answer B is incorrect, because although a numbering system is used for the challenge and response set, there is no “sequence” of numbers that provide a layer of security Answer C is incorrect, because you not need a certificate AES encryption is not used and PAP is absolutely not secure When PAP is used over a WAN connection, the username and password are sent by the other configured router without using encryption, and all credentials are sent in clear text 18 You are working on your company’s network When asked to deploy an authentication scheme that can help secure a PPP-based link, you ­decide to use PAP Based on the diagram in Figure 16.9, what should you be concerned with when deploying PAP over an unsecured PPP link? Figure 16.9 Viewing PAP Used on a PPP Link PAP WAN Router Name–router Password–password Credentials sent in cleartext Router Name–router Password–password Accept or Reject A The passwords for both Router and Router are easily guessed B Credentials are broadcast to all routers configured on the WAN, instead of to a single peer C Passwords are sent in clear text and can easily be captured by malicious users D Routers and cannot communicate over the WAN link without the use of Frame Relay Chapter 16: Configuring PPP and CHAP Correct Answer & Explanation: C Answer C is correct, because when PAP is used over a WAN connection the username and password are sent by the dialing router without encryption Incorrect Answers & Explanations: A, B, D Answer A is incorrect, because although the passwords configured may be easily guessed (or cracked) this has nothing to with why PAP should or should not be used The passwords can be changed without issue; the true problem here is that PAP sends any configured credentials in clear text Answer B is incorrect, because PAP (or PPP) does not “broadcast” credentials to all devices connected on a network; a peer system is used Answer D is incorrect, because the medium (or connection method) chosen does not play a part in why PAP would or wouldn’t be secure and its inherent problems with security The WAN connection type is inconsequential to the question itself 19 You are a consulting engineer working on a WAN issue for a client The client’s systems are antiquated and use SLIP You have a requirement to upgrade to PPP to support multiprotocol transmissions What other reasons would you use PPP over SLIP? (Choose all that apply.) A You want to use PPP instead of SLIP as PPP can operate at the transport layer B You want to use PPP instead of SLIP as SLIP does not function with TCP/IP C You want to use PPP instead of SLIP as PPP is more stable D You want to use PPP instead of SLIP as PPP has error-checking features included Correct Answers & Explanations: C, D Answers C and D are correct, because PPP works at the data link layer, is more stable than SLIP, and has error-checking features included Do note that both SLIP and PPP encapsulate datagrams and other network layer protocol information over point-to-point links, and that PPP negotiation consists of three phases: LCP, Authentication, and NCP Incorrect Answers & Explanations: A, B Answer A is incorrect, because PPP does not operate at the transport layer of the OSI model Answer B is incorrect, because SLIP does work with TCP/IP, although this has nothing to with why you would want to use PPP instead SLIP would not be used simply because it does not function with any other protocol stack except for TCP/IP 817 818 Appendix: Self Test 20 You are a Cisco engineer and you need to configure PPP on a set of routers PPP can be configured to work at which OSI model layer for Internet access? A Data link C Physical B Network D Application Correct Answer & Explanation: A Answer A is correct, because PPP works at the data link layer Do not be confused by the words Internet access, as this may lead you to believe this is a Layer operation Incorrect Answers & Explanations: B, C, D Answer B is incorrect, because PPP functions primarily at the data link layer and works within the network layer, with IPCP as an example Answer C is incorrect, because although physical connections are made via media (e.g., a modem), the physical connection is not where PPP would operate Answer D is incorrect, because PPP functions only at the lower layers of the OSI model Index 10/100 switching, 448, 448f 802.1Q, 556, 578, 579 802.5 token ring protocols, 30–31 A AARP See AppleTalk address resolution protocol ABM See Asynchronous balanced mode ABR See Area border router Access control entries (ACE), 342, 344, 345 definition and order, 334 IP criteria, 334–341 matching using wildcard masks, 334–339 ports, 339–340, 340t protocol, 339 QoS information, 340–341 state information, 341 wildcard shortcuts, 339 removing an, 346, 348 sequence number, renumbering, 350–351 Access control lists (ACLs), 332–341 applying, 351–358 controlling access via SNMP, 355 to interface, 352–353 to terminal line, 353–354 comments, 351 configuration, verifying, 362–363 debugging, 367–369 dynamic, 360 enhancements, 358–361 extended, 343–345 hardware processing, 358 IPv6, 415–417 named access lists, 347–350 with NAT, 355–356 numbered, limitations of, 345–347 operation, feature order of, 366–367 pitfalls with, 365–366 reflexive, 359–360 standard, 342–343 time-based, 358–359 troubleshooting, 361–369, 367f turbo, 358 types of, 332–333 using controlling route distribution, 356–357, 356f using hit counters, 363–364 using log output, 364–365 VPN with, 357–358, 357f access-list command, 130 ACE See Access control entries Acknowledgement (ACK) packets, 56, 67, 299, 305 ACLs See Access control lists Address resolution protocol (ARP), 55, 65–66, 106, 551 Administrative distance, 198, 199t, 291, 293 routing protocol, 173, 173t ADSL See Asymmetric digital ­subscriber line ADSL transmission unit-remote (ATU-R), 603 Aggregating addresses, 405–406, 406f Aging time, 466 CAM, 497 defining, 467f Anycast address, 392, 404–405, 405f APIPA See Automatic private internet protocol addressing AppleTalk address resolution protocol (AARP), 34 Application layer protocol, of TCP/ IP protocol, 69–77 Application program interface (API), 59 Application-specific integrated ­circuit (ASIC) chips, 358 Area border router (ABR), 186, 237, 238f Areas, 186–187 ARP See Address resolution protocol ASBR See Autonomous system boundary router ASes See Autonomous systems Asymmetric digital subscriber line (ADSL), 602, 603 Asymmetric switching, 448, 448f Asynchronous balanced mode (ABM), 648 Asynchronous transfer mode (ATM), 578, 597, 604–605 ATM See Asynchronous transfer mode Attachment unit interface (AUI), Authentication, 212, 305–308 MD5 See Message Digest authentication neighbor, 305 open shortest path first (OSPF), 251–257 plain text See plain text ­authentication point-to-point protocol (PPP), 630 Automatic private internet protocol addressing (APIPA), 22–23 Autonomous system boundary router (ASBR), 237–238 Autonomous systems (ASes), 181, 186, 286, 288f, 293 Auxiliary port, 146 819 820 Index B Backbone router, 237 Backup designated router (BDR), 187, 245 banner command, 155 Basic rate interchange (BRI), 601 Bellman–Ford algorithm, 174, 198 BIA See Burned in address Binary decimal conversions, 89–96, 296 for hostID, 97–101 for networkID, 96–101 successive divisions method, 95–96 Bit, 77 boot command, 476, 483 Boot process, 473f, 477f, 483, 484f, 486f Bootstrap protocol (BOOTP), 38 Bpdus See Bridge protocol data units BRI See Basic rate interchange Bridge ID, 503 Bridge port, 506–507 Bridge protocol data units (Bpdus), 502, 519–520 Bpdu guard, 515 Bridges, 18 Broadcast, 106 address, 391 domains, 453–454, 550–551, 577 frames, 18 traffic, Brouter, 20 Burned in address (BIA), 9, 52 Bus adapter, Bus network topology, 26, 27f C Cable modem, 603 Cable testers, 13, 14 Cabling, 3–8 CAM See Content-addressable memory Campus area networks (CANs), 24, 24f CANs See Campus area networks Carrier sense multiple access/collision avoidance (CSMA/CA), 62 Carrier sense multiple access/­ collision detection (CSMA/ CD), 4, 52, 61, 62, 446 Carrierless amplitude/phase (CAP), 603 CBAC See Context-based access control Certified fiber-optic technician (CFOT), Challenge handshake authentication protocol (CHAP), 630, 632, 639, 640f configuring and implementing, 641–644, 642f troubleshooting, 644–646 Channel service unit (CSU), CHAP See Challenge handshake authentication protocol Checksum, 75 CIDR See Classless interdomain routing CIFS See Common internet file system Circuit-switched, 599 Cisco Catalyst 2950 switch, 454, 461f, 474, 478 See also Switches LEDs on, 455f recovering password on, 486–488 Cisco Catalyst switches See Switches Cisco Network Assistant, 458–461, 460f switchports, 460f, 461f Cisco PIX firewall, 128 Cisco router See Router Class D addresses, 64, 65 Classless interdomain routing (CIDR), 83, 117–118, 297, 298 clear commands, 429, 481–482, 481f, 564–565 clear mac-address-table command, 449, 450f clear port-security all command, 482 Clear to send (CTS), CLEAR VTP COUNTERS command, 564 Clock rate, 5, 610 Cluster management suite (CMS), 471 Coaxial cable RG-11, RG-54, Collision domains, 18, 61, 446, 452 switchport with, 452, 453f Collision light, 18 Collisions, 452 Command-line interface (CLI), 343, 361, 472 Common internet file system (CIFS), 70 Common spanning tree (CST), 517 Conduits, 12 Configuration register, 159, 159t Connection-oriented protocol, 56 Console port, 146 Content-addressable memory (CAM), 448–449 aging time, 497 table and frame forwarding, 496, 497f Context-based access control (CBAC), 359, 360 Convergence, 173, 505 copy command, 152 copy flash tftp command, 473 copy running-config startupconfig command, 472, 479 copy running-config tftp command, 478 copy tftp startup-config command, 478 Core layer router, 614–619 CRC See Cyclic redundancy ­checking CSMA/CA See Carrier sense multiple access/collision a­ voidance CSMA/CD See Carrier sense multiple access/collision detection CST See Common spanning tree CSU See Channel service unit CTS See Clear to send Customer premise equipment (CPE), 598 Customer service unit/data service unit (CSU/DSU), 598, 605, 611 Cut-through switching, 447, 489 Cyclic redundancy checking (CRC), 51, 75, 447 Index D DAD See Duplicate address ­detection Data circuit terminating equipment (DCE), 610 clock rate setting on, 610 Data link layer, 50–53, 447f, 450 devices, 51 LLC, 53 MAC, 51–52 Data terminal equipment (DTE), 5, 610 output of show controllers command, 5f, 6f Datagrams, 63 DCE See Data circuit terminating equipment debug command, 222–224, 272–273, 314–315, 332, 361, 367, 429–430, 535 debug dialer events command, 648 debug ip eigrp command, 314, 317 debug ip eigrp notifications command, 315, 317 debug ip ospf command, 273 debug ip packet command, 367, 368 debug ip rip command, 222, 224 debug ip routing command, 224 debug isdn events command, 648 debug isdn q931 command, 648 debug ppp authentication command, 649 debug ppp chap command, 650 debug ppp errors command, 649 debug ppp negotiations command, 638, 649 debug ppp packet command, 649 Decimals to binaries, converting See Binary decimal ­conversions DECnet packet, 332 Dedicated circuit, 600 Default gateway, 172 Demarcation point, 599 Denial of service (DoS) attack, 465 Department of Defense Advance Research Project Agency (DAPRPA) network, 60 Department of Defense (DoD) model, 48 Designated router (DR), 187, 244–245 Destination unreachable message, 64 DHCP See Dynamic host configuration protocol Dial-on-demand routing (DDR), 608 Differentiated services code point (DSCP), 332, 340, 341, 450 Diffusing update algorithm (DUAL), 183, 287, 291, 300, 302–303, 316 Digital Equipment Corporation, 496 Digital Intel Xerox (DIX), 4, 8, 65 Digital subscriber line (DSL), 57, 598, 602–603 Digital subscriber line access multiplexer (DSLAM), 603 Discrete MultiTone (DMT), 603 Distance vector, 198 DNS See Domain naming system Domain naming system (DNS), 39–40, 69, 73, 108, 109 IPv6 mappings, 413–415 Dotted decimal, 33, 37, 389 notation, 34 DR See Designated router DRAM See Dynamic randomaccess memory DSCP See Differentiated services code point DTE See Data terminal equipment DUAL See Diffusing update ­algorithm Dual stacking, 393–394 configuring on Cisco routers, 394 Duplicate address detection (DAD), 407 Dynamic ACLs, 360 Dynamic address assignment, 124 Dynamic host configuration protocol (DHCP), 37–39, 78, 106, 513, 551, 577 for IPv6, 409–410 relay server, 39 Dynamic random-access memory (DRAM), 157, 479 Dynamic routing protocols, 356 Dynamic VLANs, 552 E EAI/TAI 232 standard, 611–612 EIA cable See Electronics industry alliance cable EIGRP See Enhanced interior gateway routing protocol Election process, 245–246 Electronics industry alliance (EIA) cable, 568-A and 568-B, 12, 13t Enable mode See Privileged exec mode Encapsulation, 49 encapsulation command, 586 Enhanced interior gateway routing protocol (EIGRP), 55, 169, 182–184, 191, 315, 317–318, 356, 613 advantages, 284–288 authentication, 305–308 automatic redistribution, 293, 294 autonomous systems in, 286, 288f, 293 auto-summarization in, 294f configuring, 184, 288–294, 318–319 debug commands, 314–315 disadvantages, 288 DUAL, 287, 291, 300, 302–303, 316 enabling, 288–290 features, 284, 285 implementing, 283–320 MD5 authentication for, 306–308 metrics, 287, 291, 302 neighbor router discovery/recovery, 286, 299–300 packets, 287, 303–305, 317 PDMs, 284, 300, 303, 317 route summarization in, 294–295, 295f, 316 routing metrics, 182 routing table, 291, 301–302 routing updates, 183 RTP, 287–288, 316 821 822 Index troubleshooting, 313–315, 320 verifying, show commands for, 308–313, 319–320 erase startup-config command, 472, 564 Ethernet, 3–5, 497 bridge, 496 frame forwarding, 496, 536 problems with loops in, 498–500 standards of, 4, 7t VLAN protocols ISL, 578 802.1Q, 578 EUI-64 addresses, 411–412 exec commands, 149, 151 Extended IP ACLs, 343–345 Extended VLANs, 553 F FastEthernet, 266, 360 FCS See Frame check sequence FDDI networks See Fiber distributed data interface networks Feasible distance (FD), 300, 312, 313 Feasible successors, 300, 312 Fiber distributed data interface (FDDI) networks, 52, 578 Fiber-optic cable, 7–8 File transfer protocol (FTP), 59, 72, 107 Flexible packet matching (FPM), 360–361 FPM See Flexible packet matching Fragment-free switching, 447, 489 Frame check sequence (FCS), 499 Frame format, 67 Frame forwarding, 496, 536 CAM and, 497f Frame relay, 605–607 header information, 606t Frames, 76 FTP See File transfer protocol G Gateway services for netware (GSNW), 59 Gateways, 37, 58 Global configuration mode, 153–155, 163, 288, 289, 316, 554, 558, 560, 584, 586, 642 commands available in, 153–155 global debug PPP authentication command, 649 Global unicast address space, 401–402 H Hardware address, 52 HDLC See High level data link control protocol Headquarters (HQ) router, 288, 289, 291 Hello packets, 242, 299, 304, 311, 316 Hello protocol, 242–243 High level data link control (HDLC) protocol, 607, 609–610, 629, 634, 637, 648 Hop count, 178 Host ID, 85, 86, 102–106 decimal to binary, 96–101 hostname command, 155 hostname name_of_host ­command, 472 Hosts, 73 HTTP server disabling, 476 enabling, 471, 476 Hub, 18, 446, 446f and spoke topology, 613–621, 614f core layer router, 614–619 perimeter router, 614 Hybrid routing protocols, 176–177 HyperTerminal, 147–149, 456–457 Hypertext markup language (HTML) document, 72 Hypertext transfer protocol (HTTP), 59, 72 I IANA See Internet assigned numbers authority IBM See International Business Machines ICMP See Internet control message protocol IEEE See Institute of Electrical and Electronics Engineers IGRP See Interior gateway routing protocol In-band signaling, 604 Institute of Electrical and ­Electronics Engineers (IEEE), 30–31 Integrated services digital network (ISDN), 597, 601–602, 629, 645, 647–649 Interface configuration mode, 130, 288, 316 interface range command, 354 Interior gateway routing protocol (IGRP), 175, 181–182, 191, 284, 286, 293 routing metric, 181 routing updates, 181 Internal router, 237 International Business Machines (IBM), 70 International Organization for Standardization (ISO), 48 International Telecommunication Union (ITU), 599 Internet assigned numbers authority (IANA), 68, 340 Internet control message protocol (ICMP), 53, 64, 339, 365, 366, 407 Internet group management protocol (IGMP), 64–65 Internet layer, 49, 63–66 Internet message access protocol (IMAP), 59 Internet operating system (IOS), 332, 333, 340, 350, 351, 358, 361, 496, 535 Internet protocol See IP Internet protocol control protocol (IPCP), 631 Internet protocol version address See IPv4 address Internet protocol version address See IPv6 address Internet service provider (ISP), 122, 603 Internetwork operating system (IOS), 145, 155, 160, 162, 293, 295, 474f, 475f, 476f, 483 managing, 155, 164 software, 473 Index Internetwork packet exchange (IPX), 33, 182 access list, 332, 333 errors, 513 protocol, 632 Inter-switch link (ISL), 518, 556, 578, 579 Inter-VLAN routing, 585 configuration isolating broadcast traffic, 588 router on a stick, 585–586, 586f IP See also TCP/IP connection, 146 header, 450–452 multicast group or host group, 65 ip access-group command, 362, 363 IP address command, 586 IP addresses, 34–36, 84–85, 97, 102, 199 assignment methods dynamic, 124 static, 124 transparent, 124 class A, 104 class B, 104–105 class C, 105, 106 class D, 105 class E, 105 creation of, 86 IPv4, 34–36 IPv6, 36 limits of, 109 matching using wildcard masks, 334–337 ranges of, 22–24, 35t ip nat command, 130, 131 ip nat inside destination command, 131 ip nat inside source command, 132 ip nat outside source command, 133 ip protocols command, 200 ip route command, 586, 587f, 613 ip summary-address command, 199, 199f ip unnumbered command, 613, 618 IPCP See Internet protocol control protocol IPv4 address, 63, 85 anycast, 392 broadcast, 391 configuring and implementing, 393 IPv6 differences from, 387–392 IPv6 interoperability with, 392–398 dual-stacks, 393–394 overlay tunneling, 395–398 mapped, 400 multicast, 391 unicast, 391 IPv6 address, 398–406 ACLs, 405–406 address space, 400–403 global unicast, 401–402 link-local unicast, 402–403 unique local unicast, 403 anycast, 392, 404–405 clear commands for troubleshooting, 429 configuring and implementing, 393 debug commands for troubleshooting, 429–430 DNS mappings, 392, 404–405 in dotted decimal and binary formats, 387, 387f enabling and configuring, 393 EUI-64, 411–412 in hexadecimal and binary ­formats, 389, 389f interoperability with IPv4, 392–398 dual-stacks, 393–394 overlay tunneling, 395–398 link-local, 405–406 multicast, 391, 403–404 OSPF, 422–424 RIP, 419–422 show running-config ­command for verifying, 425–428 stateless autoconfiguration of, 407–408 unicast, 391 unnumbered command, 413 IPX See Internetwork packet ­exchange ISP See Internet service provider L LAN See Local area network LAN emulation (LANE) protocol See LANE LANE, 557, 578 LAPB See Link access procedure, balanced protocol LAPD See Link access procedure D protocol Last mile, 598 Latency, 447 Layer switches, 450–451, 451f Layer switches, 451–452, 452f Layer tunneling protocol (L2TP), 51 LCP See Link control protocol LEAP See Lightweight extensible authentication protocol Least significant bit (LSB) mode, 52 LEDs See Light-emitting diodes Light-emitting diodes (LEDs) on Cisco Catalyst 2950 switch, 455f port mode, 454, 455t port status, 454, 456 redundant power supply, 454 system, 454, 456 Lightweight extensible authentication protocol (LEAP), 17 Link access procedure, balanced (LAPB) protocol, 612 Link access procedure D (LAPD) protocol, 648 Link control protocol (LCP), 631, 633 Link-local addresses, 412 Link-local unicast address space, 402–403 Link quality report (LQR), 635 Link-state advertisements (LSAs), 176, 242, 243, 284 Link-state database, 235 Link-state routing protocols, 175–176 LLC See Logical link control Local area network (LAN), 16t, 22, 51, 495, 597, 633 private IP address ranges on, 22 Local host address, 20 823 824 Index log-adjacency-changes command, 274 logging buffered command, 647 Logical address, 53 Logical link control (LLC), 53 Loopback address, 20, 104 configuring, 246 RID with single and multiple, 247t Loopback interfaces, 247 configuration of, 252–253 for router 1.1.1.1, 253f, 256f for router 3.3.3.3, 254f, 257f Loopguard, 516 Low-pass (LP) filters, 603 LSAs See Link-state advertisements L2TP See Layer tunneling protocol M MAC See Media access control mac-address-table aging-time command, 466 Mail exchanger (MX), 108, 127 Man in middle attack, 32 Management information base (MIB), 74 Management interface, 146 MANs See Metropolitan area networks match address command, 357 MAU See Media access unit Maximum transmission unit (MTU), 181, 302 MD5 authentication See Message Digest authentication Mean time to recovery (MTTR), 510 Media access control (MAC), 49, 496 address table, 448, 449, 465, 466t, 481f on Cisco catalyst router, 19t clearing, 450f, 482f contents of, 449f, 481f addresses, 10f, 32, 411, 446–449, 468f, 470f, 550, 552 allowing traffic from known, 467–469 dynamic, 465 secured, 466, 470 spoofing, 32 static, 466 switchport with, 468f flooding, 450 VLANs, 552 Media access unit (MAU), 31 used on 802.5 token ring ­protocols, 31 Mesh network topology, 28–29, 29f, 612–613 Message digest (MD5) authentication, 197, 216–220, 257, 283, 317, 584, 639, 641 configuring, 306–308, 306f using show ip virtual-links command, 260 verifying, 224 Metrics, 287, 291, 302 Metropolitan area networks (MANs), 24 Microphone, 57 Microsegmentation, 453 Microsoft challenge handshake authentication protocol (MS-CHAP), 640 Minicom, 149, 457–458 MMF See Multimode fiber Modulator/demodulator (MODEM), 601 WAN connection devices, 611 Most significant bit (MSB), 52 MSAU See Multistation access unit MS-CHAP See Microsoft challenge handshake authentication protocol MSTP See Multiple spanning-tree protocol MTU See Maximum transmission unit Multicast, 105, 107 addresses, 391, 403–404, 404f group, 65 traffic, Multimode fiber (MMF), Multiple spanning-tree protocol (MSTP), 522 Multistation access unit (MSAU), 31 used on 802.5 token ring ­protocols, 31 MX See Mail exchanger N Name binding protocol (NBP), 34 Named access lists, 347–350 NAT See Network address t­ ranslation NBMA network See Nonbroadcast multiple access network NBP See Name binding protocol NCP See Network control protocol Neighbor authentication, 305 Neighbor discovery, 286, 299–300 Neighbor table, 183, 299–300, 313 netstat command, 107, 108 Network address translation (NAT), 22, 76, 122–136 architectures, 125–127 characteristics of, 123–125 dynamic address assignment, 124 static address assignment, 124 transparent address assignment, 124 transparent routing, 124–125 configuration, 123 between private network and internet, 135–136 on Cisco IOS, 129–130 commands, 130–134 deploying, guidelines for, 128–129 disadvantage of, 129 implementation of, 129 phases of address binding, 124–125 address lookup and translation, 125 address unbinding, 125 static, 127–128 traditional, 125–126 using ACLs with, 355–356 variations of, 125–128 verification commands, 134–135 Network addresses, 170 Network basic input/output interface (NetBIOS), 58 Network Box, 599 Network control protocol (NCP), 631, 633 Network ID, 85, 86, 102–106 decimal to binary, 96–101 Index Network interface cards (NICs), 9–11, 31, 50, 556 used on 802.5 token ring ­network, 31 Network interface layer, 60–63 Network intrusion detection system (NIDS), 255 Network layer, 53–55 devices, 54 routing, 55 Network news transfer protocol (NNTP), 72 Network time protocol (NTP), 73, 359 Network topology, 25–29 bus, 26, 27f mesh, 28–29, 29f ring, 27–28, 28f star, 25, 26 star-bus, 26–27, 27f Networking hardware, 2–21 Network/transport protocols, 47 NICs See Network interface cards NIDS See Network intrusion detection system NNTP See Network news transfer protocol no auto-summary command, 295 no command, 153, 345, 352, 354, 367 no debug ip rip command, 222, 224 no show ip rip database command, 220 Nonbroadcast multiple access (NBMA) network, 241–248 Nonvolatile random-access memory (NVRAM), 152 NTP See Network time protocol Numbered ACLs, 351 limitations of, 345–347 O Octet, 85, 102, 104, 105, 109–110 Open routing protocols, 177 Open shortest path first (OSPF), 55, 169, 185–188, 192, 234–239, 332, 422–424 advantages of, 235–239 area, 186–187, 186f attempt state of, 249 authentication, 251–257 configuration, 188, 240 disadvantages of, 239 down state of, 249 exchange state of, 250 ExStart state of, 250 full state of, 249 init state of, 249 Ipv6, 234–239, 422–424 loading state of, 251 presentation layer, 58–59 route cost, 185, 185t stub areas of, 238, 238f troubleshooting, 272–274 two-way state of, 250 verifying configuration of, 257–272 Open system interconnection (OSI) model, 2t, 47, 59, 339, 630–632 network layer, 53–55 overview of, 48–59, 78 physical layer, 50 session layer, 56–58 transport layer, 55–56 Optical carrier (OC), 604 Organizationally unique identifier (OUI), vendor, 32 OSI model See Open system interconnection model OSPF See Open shortest path first ospf log-adjacency-changes command, 274 OUI See Organizationally unique identifier Overlay tunneling, 395–398 configuring IPv6 to IPv4, 395–396 P Packet assembler/disassembler (PAD), 600 Packet Internet Groper (PING), 345 Packets, 76, 78, 287, 303–304, 317 acknowledgement, 299, 305 hello, 299, 304, 311, 316 query, 305 reply, 305 update, 305 Packet-switched network, 599–600 PAD See Packet assembler/ disassembler Partial mesh network, 613 passive-interface command, 209, 227 Password authentication protocol (PAP), 630, 632, 640, 641f PAT See Port address translation PBX See Private branch exchange PC card, bus types, 9t PDMs See Protocol-dependent modules PDUs See Protocol data units Perimeter router, 614 Permanent virtual circuit (PVC), 57 Personal computer (PC) card See PC card Per-VLAN spanning tree (PVST), 518 Physical address, 52 PING See Packet Internet Groper PING commands, 158, 365, 366 Plain old telephone system (POTS), 648 Plain text authentication, 212–216, 214f, 215f, 216f, 251–253 using show ip virtuallinks command, 259–260 Point-to-point connection, 600 Point-to-point protocol (PPP), 51, 353, 607–609, 632 authentication protocols, 630 configuring and implementing, 641–644, 642f debugging, 638–639, 647–650 frame format, 633–635, 633f mapping, to OSI model, 630–631, 631f phases, 635–638 authentication, 635 link dead, 635 link establishment, 635 link termination, 636 network layer protocol configuration, 636 protocol field values, 634 troubleshooting, 644–646 Port address translation (PAT), 122, 126–127 deploying, guidelines for, 128–129 825 826 Index Port-based security, 465–470 commands used in, 465 switchport, 467, 468 violation mode, 467f, 468f, 469f Port-based VLANs, 551–552 Port numbers, 68 Post office protocol (POP), 71 POTS See Plain old telephone system Power-on self-tests (POSTs), 454 PPP See Point-to-point protocol Presentation layer, 58–59 PRI See Primary rate interchange Primary rate interchange (PRI), 601 Private branch exchange (PBX), 40, 602 Privileged exec mode, 150–153, 163, 367, 463, 564 commands used in, 151–153, 463f Proprietary routing protocols, 177–178 Protocol-based VLANs, 552–553 Protocol data units (PDUs), 53, 74 bit, 77 frames, 76 packets, 76, 78 segments, 75, 78 Protocol-dependent modules (PDMs), 284, 287, 300, 303, 317 Protocol stack, 47, 49 PSTN See Public switched ­telephone network Public switched telephone network (PSTN), 597, 601 Q Query packets, 305 R Random access memory (RAM), 299, 300, 611 Rapid spanning-tree protocol (RSTP), 51, 518 See also Spanning-tree ­protocol (STP) affecting topology, 524–525 Bpdu processing in, 519–520 changing timers, 523 configurations, 523, 526–530, 526f, 538 fast network convergence with, 520–522 interoperability with 802.1d STP, 525–526 port roles, 519 port states, 518 sync process in, 520, 521f Read-only memory (ROM), 52, 159, 611 Ready to send (CTS), Reflexive ACLs, 359–360 Relay server, DHCP, 39 Reliable multicast, 287 Reliable transport protocol (RTP), 183, 287–288, 316 reload cancel command, 347 reload command, 152, 476 Repeaters, 17–18, 446 Reply packets, 305 Request for comments (RFC) See RFC Retransmission time out (RTO), 312 Reverse address resolution protocol (RARP), 65 RFC 1918 IP addresses, 122, 123, 125, 128 RFC 2474, 340 RFC 2475, 341 RFC 791, 85 RG-11 coaxial cable, RG-54 coaxial cable, RID See Router ID Ring network topology, 27–28, 28f RIP, 55, 174, 178, 190, 197, 499, 586, 587f IPv6, 419–422 RIPv2, 107, 169, 179–180, 191, 197, 198, 227 advantages and disadvantages of, 201–203 characteristics of, 198–201 configuring, 180, 203–220, 204t, 227 with MD5 authentication, 218–219f neighbors, 209 with plain text authentication, 214–216f verifying, 220–222, 227 discovers routes, 210–212, 210f routing metric, 179 routing updates, 179 troubleshooting, 222–224, 228 RJ-45 connector, 12 Root bridge election, 503–504 Root ID, 502 Root link query (RLQ) protocol, 512 Root path cost, 503, 504 Root port cost, 504t designated, 505 selection, 504 Root servers, 40 Rootguard, 515–516 Route flush timer, 200 Route holddown timer, 200 Route invalid timer, 200 Route redistribution, 235 Route-switch module, 585 Route summarization See Summary route Route update timer, 200 Router, 20–21, 128, 130, 134, 135, 145 adjacencies, 243–244 definition of, 241 commands, 149–155 configuring backup and restore, 156–158, 164 console port access, 146, 148 dual stacking, 394 register, 159, 159t RIPv2, 180 Telnet access, 146, 148 connecting to, 146 core layer, 614–619 firmware, 161 global configuration mode, 153–155, 163 hyperterminal connection to, 147–149 MAC table on, 19t perimeter, 614 privileged exec mode, 150–153, 163 resetting router password, 160 routing tables, 172, 172f with and without gateway set, 39f terminal lines, types, 353–354 Index troubleshooting, 158–162, 164 connection issues, 158 solving boot problems, 159 user exec mode, 149–150, 163 WAN connection devices, 611 Router configuration mode, 288, 295, 316 Router ID (RID), 246 with single and multiple ­loopbacks, 247t Router on stick, 21 router rip command, 586 Routing, 55, 170, 190 loop, 212 metrics, 173, 178, 179, 181, 185 protocols, 172–173 administrative distance, 173, 173t comparison and contrast of, 188–189, 189t, 192 distance vector, 174 hybrid routing protocols, 176–177 link-state, 175–176 open routing protocols, 177 proprietary, 177–178 updates, 178 tables, 170, 184, 212t on a Cisco router, 172, 172f EIGRP, 291, 301–302 Routing information protocol See RIP RS-232 standard, 611 RSTP See Rapid spanning-tree protocol RTP See Reliable transport protocol S SANs See Storage area networks SDLC See Synchronous data link control SDSL See Symmetric digital ­subscriber line Secure shell (SSH) connection, 146 Segments, 75, 78 Sequenced packet exchange (SPX), 33, 632 Serial line internet protocol (SLIP), 353, 633 Serial lines, Server message block (SMB), 58, 70 Service Set IDentifier (SSID), 15 service timestamp debug datetime command, 647 ­ Session layer, 56–58 Shielded twisted pair (STP) cable, 11 Shortest path first (SPF) algorithm, 235 show access-lists command, 416 show boot command, 482 show command, 150, 152, 257–272, 308–313, 319–320, 349, 362, 367, 479–481, 480f, 562f, 563–564, 588–589 show flash command, 156, 475, 483, 564, 565f show frame-relay map command, 606, 606f show interface command, 426, 479, 646 show interfaces fastethernet 0/1 command, 479 show interfaces vlan vlan_id command, 472 show ip access-list command, 363 show ip eigrp interfaces command, 311, 317 show ip eigrp neighbors command, 311, 317 show ip eigrp neighbors detail command, 312 show ip eigrp topology ­command, 300, 312 show ip eigrp traffic ­command, 313, 317 show ip interface brief command, 618 show ip interface command, 363 show ip nat statistics ­command, 135 show ip ospf border-routers command, 262–263, 264f, 270f show ip ospf database ­command, 263–264, 265f show ip ospf database opaque-area command, 264–266 show ip ospf interface ­command, 266–267, 267f show ip ospf internalstatistics command, 267–268, 269f show ip ospf neighbors ­command, 268–269, 269f show ip ospf remoteneighbor interface ­ ­command, 270 show ip ospf spf-log ­command, 270–272, 271f show ip ospf virtual-links command, 259–260, 259f, 260, 261f, 263f show ip ospf virtual-linksh command, 272, 272f show ip protocols command, 202, 203f, 227, 291–293, 308, 309, 316 show ip rip database ­command, 220, 220f show ip route command, 220, 227, 260f, 261f, 291, 310, 317, 618 show ip route eigrp command, 311, 317 show ipv6 static command, 34 show line command, 354 show logging command, 647 show mac-address-table? command, 448, 449f show mac-address-table aging-time command, 466 show mac-address-table ­command, 448, 449f show mac-address-table count command, 448, 449f show port-security command, 481 show route command, 418 show running-config command, 362, 425–428, 472, 480, 563, 564f show running-configuration interface command, 362 show spanning-tree command, 532 show version command, 332, 473, 476 827 828 Index SHOW VLAN BRIEF command, 561, 562f SHOW VLAN command, 561, 563 show vtp counters command, 588, 589f show vtp status command, 583, 588, 588f Simple mail transfer protocol (SMTP), 58, 71, 107 Simple network management ­protocol (SNMP), 69, 74, 343, 355 Simple password authentication See Plain text authentication Single-mode fiber (SMF), SLIP See Serial line internet protocol Smart Jack, 599, 605 SMB See Server message block SMF See Single-mode fiber Smooth round-trip timer (SRTT), 311 SMTP See Simple mail transfer protocol SNA See Systems network ­architecture SNMP See Simple network management protocol Spanning-tree protocol (STP), 51, 495, 501–503, 537 enhancements to speed convergence, 510–514 for stability, 514–517 features, 511 backbonefast, 512–513, 512f implementing, 514 portfast, 513–514 uplinkfast, 511–512 loop elimination, 505, 536 operation, 507–510, 537 after link failure, 509–510 at initial power up, 508–509 operational settings of, 530 port cost, 504t port states, 506–507 problem and solutions, 510, 537 protocol evolution, 517–522 root path cost, 504 timers, 506–507 troubleshooting, 530–534, 538 Spanning trees, 500–501, 500f SPF algorithm See Shortest path first algorithm Spoke router, 619–621 Spoofing, MAC address, 32 SPX See Sequenced packet exchange SSID See Service Set IDentifier Stack, 48 Standard IP ACLs, 342–343 Standards EAI/TAI 232, 611–612 X.25, 612 Star-bus network topology, 26–27, 27f Star network topology, 25, 26 Static address assignment, 124 Storage area networks (SAN), 25, 510 Store-n-forward switching, 447, 489 STP See Spanning-tree protocol STP cable See Shielded twisted pair cable Stub areas of OSPF protocol, 238 Subnet addresses, 116t, 117t Subnet mask, 85–87, 97, 285, 286, 315, 334–336t in IPv4 and IPv6, 36–37 valid and invalid, identification of, 87–89t values on, 87t Subnetting, 110–117 Successive divisions method, 95–96 Summary route, 236 address and mask for, calculating, 296–297 configuring, 297–298 in EIGRP, 294–295, 295f, 316 Switched virtual circuit (SVC), 57, 612 Switches, 18–20 boot process, 473f, 477f, 483, 484f, 486f configuration, 454–472, 489–490 backing up, 478 commands for, 461–464, 464f with port-based security, 465–470 restoring, 478–479 connecting to, 456–461 console port on, 456f layer 2, 450–451, 451f layer 3, 451–452 LEDs on, 454–456 maintaining, 472–479, 490 commands for, 472–478 upgrading firmware, 473–477 managing via Web-based interface, 470–472 modes for command line access, 461–464 password recovering, 486–488 resetting, 485–486 troubleshooting, 479–488, 490 boot problems, solving, 482–485 using clear commands, 481–482, 481f using show commands, 479–481, 480f Switching concepts, 446–447, 489 cut-through, 447, 489 data link layer, 447f, 450 fragment-free, 447, 489 modes, 447 physical layer, 446f store-n-forward, 447, 489 symmetric versus asymmetric, 448 Switchport Cisco Network Assistant, 460f, 461f with collision domain, 452, 453f configuration settings of secured, 470f with fixed MAC address, 468f with no host connected, 470f port-security, 467, 468 SWITCHPORT ACCESS VLAN command, 559 SWITCHPORT MODE ACCESS command, 559 switchport mode trunk command, 576 switchport port-security mac-address command, 468 switchport port-security maximum command, 468 switchport port-security violation command, 468 Index Symmetric digital subscriber line (SDSL), 602 Symmetric switching, 448, 448f Synchronous data link control (SDLC), 609 Synchronous optical network (SONET), 604 Systems network architecture (SNA), 58 T TCP/IP, 33, 47, 49, 69–77, 170 internet layer, 63–66 network interface layer, 60–63 overview of, 60, 79 transport layer, 66–69 TDM See Time-division ­multiplexing Technical Assistance Center (TAC), 535 Telecommunications Industry ­Association (TIA) cable, 40 568-A and 568-B, 12, 13t Telnet, 70–71, 146 terminal monitor command, 647 TFTP See Trivial file transfer ­protocol TIA cable See Telecommunications Industry Association cable Time-based ACLs, 358–359 Time-division multiplexing (TDM), 602 Timers, STP, 506–507 timers basic command, 202 Toll network, 599 Top level domain servers, 40 Topology change notification (TCN) Bpdus, 502 Topology table, 184, 300–301, 312, 316 traceroute command, 158 Transmission control protocol/­ Internet protocol See TCP/IP Transparent address assignment, 124 Transparent routing, 124–125 Transport layer, 49 OSI model, 55–56 TCP/IP model, 66–69 Trivial file transfer protocol (TFTP), 152, 157, 473, 475 copying running configuration to, 478, 478f retrieving configuration file from, 478, 479f Turbo ACLs, 358 Twisted pair cable, 11 standards of, 11t STP, 11 used for 802.5 token ring ­protocols, 31 UTP, 11, 50, 607 U UDP See User datagram protocol undebug ip ospf command, 274 Unicast, 107, 212 traffic, Unidirectional link detection (UDLD), 511, 514, 516, 517 Uninterruptible power supply (UPS), 524 Unique local unicast address space, 403 Unshielded twisted-pair (UTP), 11, 50, 607 Update packets, 305 User datagram protocol (UDP), 55, 107, 339 transport layer, 68–69 User exec mode, 149–150, 163, 461–462 commands used in, 462f password, 462f UTP See Unshielded twisted-pair V Vampire tap, Variable length subnet masking (VLSM), 119–122, 183 Virtual collision detection (VCD), 62 Virtual local area networks See VLANs Virtual private network (VPN), 15, 16t, 598 with ACLs, 357–358, 357f Vlan.dat file, 553, 557, 564, 565 VLAN membership policy server (VMPS), 552 VLAN trunking protocol (VTP), 575–579 broadcast domains, 577 client mode, setting, 580f configuration, 581–585 domain adding switch to, 583 creating, 582, 583 encapsulation methods, 578 modes, 579–581 client, 580, 580f off, 581 server, 579, 580f, 589f transparent, 580, 580f security, 577–578 trunking mode, setting, 577f, 578 verifying and troubleshooting, 583, 588–589 versions of, 581–582, 581f, 582f VLANs, 517, 550–553 adding, 558f, 559, 560 broadcast domains, 550–551 configuration, 553–556, 554f creating, 555, 558 databases, 557–561 deleting, 560, 561f dynamic, 552 extended, 553 frames, 556 FDDI 802.10, 556 inter-switch link (ISL), 556 LANE, 557 802.1Q, 556 hopping, 577 IP address, setting, 551–552, 555f MAC-based, 552 naming and numbering, 553–554 port-based, 551–552 protocol-based, 552–553 security, 551 setting multiple interfaces with, 559f static, 551 troubleshooting, 562–565 829 830 Index types default, 557 FDDI default, 557 FDDInet default, 558 token-ring default, 557 trnet default, 558 verifying, 555, 561 VLSM See Variable length subnet masking VMPS See VLAN membership policy server Voice over internet protocol (VoIP), 40–41, 552, 553, 605 VoIP See Voice over internet ­protocol VPN See Virtual private network VTP See VLAN trunking protocol vtp domain command, 582, 583 vtp mode command, 583 vtp password command, 584 vtp pruneeligible command, 584 vtp pruning command, 584 W WAN See Wide area network Web interface, 146 Cisco Device Manager via, 472f managing switches via, 470–472 WEP See Wired equivalency ­protocol Wide area network (WAN), 23, 47, 353, 356, 597, 629, 630 connection devices, 610–612, 623 defined, 598, 622 encapsulation formats, 607–610, 623 network models, 612–621, 623 hub and spoke topology, 613–621 mesh, 612–613 partial mesh, 613 standards, 611–612 types, 600–607 Wi-Fi protected access (WPA), 16–17, 63 Wildcard mask, 335t, 336t, 338–339 bit matching, 338 IP matching using, 334–338 used on octet boundary, 337 Windows Internet Name Service (WINS), 78 Wired equivalency protocol (WEP), 16, 62 Wireless, 14–15 standards of, 14t Wireless access point (WAP), 15, 21 WPA See Wi-Fi protected access X X.25 standard, 612 Y yum install minicom command, 457 ... imperative that CCNAs keep abreast of the latest trends in the field, such as 802.11n, Voice over Internet Protocol (VoIP), and IPv6 Cisco CCNA/ CCENT Exam 640- 802, 640- 822, 640- 816 Preparation Kit Copyright... individual trying to pass the CCNA certification exam Successful CCNAs will need to be able to identify hardware associated with common networks, such as switches and routers CCNAs also need to have... Client Exam 70-620 Prep Kit (ISBN: 978-1-59749-233-1, Syngress), and technical reviewer for The Real MCTS/MCITP Windows Server 2008 Configuring Active Directory Exam 70 -640 Prep Kit, (ISBN: 978-1-59749-235-5,