10089.book Page i Monday, July 23, 2007 3:17 PM Advance Praise “Todd’s methods of discussing topics are tactfully approached so they are not confusing to the reader, and his explanations are clear and easy to understand.” —Amazon Reader Review “I passed my CCNA on the first try after reading this book thoroughly …If you read the book and all the review questions and written labs at the end of each chapter, you will be well prepared for the exam.” —Amazon Reader Review “This is a great book! Todd Lammle has the ability to make complex topics simple Cisco books are essential once you’ve mastered networking basics, but there is nothing like Sybex for learning the concepts from A to Z.” —Amazon Reader Review “Todd has been an authority in this field for as long as I can remember His style of writing keeps the book from becoming a sleep aid and provides nuts and bolts information that is both excellent real-world reference and directly relevant to exam objectives If you are considering taking the CCNA exam, you would be ill advised to not give this book a thorough read.” —Amazon Reader Review “This is the first book review I have ever written on Amazon I’ve been in the computer/network support field for many years, but had almost no contact with Cisco equipment I basically knew the ‘enable’ and ‘config’ Cisco commands I had originally planned on shelling out the $3000 to take a CCNA boot camp, but decided that that was way too much money So I bought this book instead … took a week off from work (which I would have done anyway for the class), and went at it My homegrown boot camp paid off because I passed the exam on the first try, saving almost $2900!” —Amazon Reader Review “This is the best technical book I have ever read!!” —Amazon Reader Review “This book is excellent resource for preparation for CCNA certification It has needed information regarding the Cisco’s objective Sample test and Bonus Test give extra knowledge for exam’s question Users have more knowledge and practice of test exams I will recommend this book for anyone who does not have any knowledge of CCNA material.” —Amazon Reader Review 10089.book Page ii Monday, July 23, 2007 3:17 PM “I’ve recently passed the CCNA exam with 985 out of 1000 points and Todd Lammle’s book was my only study material (along with a Cisco 2500 router) “It covers all relevant topics in such an easy-to-understand way and gives you a great networking/Cisco knowledge to build upon Even now, while I’m pursuing other certifications, it serves as an irreplaceable reference Every chapter concludes with review questions, hands-on exercises or labs to give you the opportunity of applying your new skills in realworld scenarios and the CD provides additional sample tests and flashcards to consolidate your knowledge “By reading the book twice and doing all the exercises you will be able to answer just about any question you may encounter on the exam Highly recommended!” —Amazon Reader Review “I had made three previous attempts using Cisco Press but could not get over the hump Needless to say I was getting pretty discouraged However, I had heard good things about the Sybex book by Todd Lammle and decided to give it a try It was the best thing I could have done The book read great and it explained the required concepts and topics very well The review questions and Hand-on Labs at the end of each chapter were also very helpful “I took the test last weekend and passed!! “Thank you!!” —Amazon Reader Review “Good exam prep I read this book and with only slight network experience was able to pass the CCNA.” —Amazon Reader Review “There isn’t much more I can say about this book than has already been said I used Todd’s guide to help me pass the CCNA in 2000 and am using him again to recertify Just an excellent book Period.” —Amazon Reader Review “This book covered everything I needed to pass the exam, with hands-on experience, and the bonus material What a great written book this is The best I have ever read “I recommend this book highly!!” —Amazon Reader Review 10089.book Page iii Monday, July 23, 2007 3:17 PM CCNA : ® Cisco® Certified Network Associate Study Guide Sixth Edition Todd Lammle Wiley Publishing, Inc 10089.book Page iv Monday, July 23, 2007 3:17 PM Acquisitions Editor: Jeff Kellum Development Editor: Toni Zuccarini Ackley Technical Editor: Patrick J Conlan Production Editor: Sarah Groff-Palermo Copy Editor: Judy Flynn Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Executive Publisher: Joseph B Wikert Vice President and Publisher: Neil Edde Media Project Supervisor: Laura Atkinson Media Development Specialist: Josh Frank Media Quality Assurance: Angie Denny Book Designers: Judy Fung and Bill Gibson Compositor: Craig Woods, Happenstance Type-O-Rama Proofreader: Nancy Riddiough Indexer: Ted Laux Anniversary Logo Design: Richard Pacifico Cover Designer: Ryan Sneed Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-11008-9 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books Library of Congress Cataloging-in-Publication Data is available from the publisher TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission Cisco and CCNA are registered trademarks of Cisco Systems, Inc All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book 10 10089.book Page v Monday, July 23, 2007 3:17 PM To Our Valued Readers: Thank you for looking to Sybex for your CCNA exam prep needs We at Sybex are proud of our reputation for providing certification candidates with the practical knowledge and skills needed to succeed in the highly competitive IT marketplace This latest edition of the best-selling CCNA: Cisco Certified Network Associate Study Guide reflects our commitment to provide CCNA candidates with the most up-to-date, accurate, and accessible instructional material on the market As with previous editions, Todd and the editors have worked hard to ensure that the study guide you hold in your hands is comprehensive, in-depth, and pedagogically sound We’re confident that this book will exceed the demanding standards of the certification marketplace and help you, the CCNA certification candidate, succeed in your endeavors As always, your feedback is important to us If you believe you’ve identified an error in the book, please visit the Customer Support section of the Wiley website And if you have general comments or suggestions, feel free to drop me a line directly at nedde@wiley.com At Sybex, we’re continually striving to meet the needs of individuals preparing for certification exams Good luck in pursuit of your CCNA certification! Neil Edde Publisher—Certification Sybex, an Imprint of Wiley 10089.book Page vi Monday, July 23, 2007 3:17 PM 10089.book Page vii Monday, July 23, 2007 3:17 PM Acknowledgments Monica Lammle’s writing style and voice, editing ability, encouragement, and dedication to ensuring that my books are concise yet highly readable has been invaluable to the success of this and many other projects She brings clarity and life to what can truly be some very arcane and difficult material! Mr Patrick Conlan has got to be the personification of perseverance—he’s a rock! Patrick literally hashed and rehashed each topic in this guide with me at all hours of the day and night—scrutinizing the material until we both agreed it was verifiably solid He was so instrumental in the development of this book that I hired him at GlobalNet Training to work as a course developer and trainer! You’re going to be hearing a lot more from Mr Conlan in the technical instruction and writing arena in the future for sure Daniel Aguilera, who has worked with me at GlobalNet Training for seven years, also worked diligently, helping me put together the bonus exams you’ll find on the CD (so be sure to give him a call if you happen to find a problem ) Dan possesses both the intelligence and optimism required to be a great source of encouragement and a deep reservoir of problemsolving ability whenever I found myself discouraged or burned out Toni Zuccarini Ackley was the main editor of this—the newest book in the Sybex Cisco series Thank you Toni for having the patience of Job, and for working so hard on this book with me I’m so happy (and relieved) that you took on the job and, most of all, that you didn’t run screaming from the room the next day! Jeff Kellum is instrumental to my success in the Cisco world and is my acquisitions editor Jeff, thanks for your guidance and continued patience Although we work well together and put out fantastic material, I am sure he groans when he sees my name on caller ID! In addition, Sarah Groff-Palermo was an excellent production editor and she worked really hard to get the book done as quickly as possible, without missing the small mistakes that are so easy to over look Judy Flynn was the copy editor and she showed me that you can actually write a book and still have patience, be helpful but yet work extremely hard to get this book out on the shelves as fast as possible, and for that I thank you tremendously Both Sarah and Judy worked very hard editing the book for what will hopefully turn out to be a great guide to lead you on your journey toward becoming a CCNA Finally a big thanks to Craig Woods and Happenstance-Type-O-Rama, and the CD team: Laura Atkinson, Josh Frank, and Angie Denny 10089.book Page viii Monday, July 23, 2007 3:17 PM 10089.book Page ix Monday, July 23, 2007 3:17 PM Contents at a Glance Introduction xxiii Assessment Test xxxiii Chapter Internetworking Chapter Introduction to TCP/IP Chapter Subnetting, Variable Length Subnet Masks (VLSMs), and Troubleshooting TCP/IP 111 Cisco’s Internetworking Operating System (IOS) and Security Device Manager (SDM) 171 Chapter Managing a Cisco Internetwork 251 Chapter IP Routing 327 Chapter Enhanced IGRP (EIGRP) and Open Shortest Path First (OSPF) 417 Chapter Layer Switching and Spanning Tree Protocol (STP) 493 Chapter Virtual LANs (VLANs) 551 Chapter 10 Security 609 Chapter 11 Network Address Translation (NAT) 669 Chapter 12 Cisco’s Wireless Technologies 703 Chapter 13 Internet Protocol Version (IPv6) 739 Chapter 14 Wide Area Networks 773 Chapter 67 Glossary 851 Index 911 10089.book Page x Monday, July 23, 2007 3:17 PM 10089bindex.fm Page 958 Tuesday, July 24, 2007 9:38 AM 958 STUN (Serial Tunnel) technology – switchport trunk command STUN (Serial Tunnel) technology, 904 subarea nodes, 904 subareas, 904 subchannels, 904 subcommands, 184 subinterfaces CLI prompts for, 183 defined, 904 Frame Relay, 806–808, 840–841, 840 VLANs, 575 subnet addresses, 904 subnet masks defined, 904 need for, 115–116 VLSMs, 137–138 subnet-zero command, 113, 142 subnets and subnetting, 112–113 CIDR, 116–118 Class A addresses, 134–136 Class B addresses, 127–133 Class C networks, 118–127, 120, 122 creating, 114–115 defined, 904–905 exam essentials, 158 ip subnet-zero, 113 review questions, 161–167 subnet masks for, 115–116 summarization, 147–150, 147, 149 summary, 157–158 VLANs, 575 written labs, 158–160, 168–169 Subnetwork Architecture Protocol (SNAP), 900 subscribers to group addresses, 101 successor routes, 421 summarization defined, 905 EIGRP, 423–424, 424 process, 147–150, 147, 149 summary-address eigrp command, 475 summary route configuration, 474–476, 475–476 Super Frames (SFs), 900 sustainable cell rate (SCR), 899 SVCs (switched virtual circuits) defined, 905 Frame Relay, 801 switch blocks, 905 switch fabrics, 905 switch ports access lists, 634–636 VLANs, 570–571 switch processors (SPs), 901 switched LANs, 905 Switched Multimegabit Data Service (SMDS), 900 Switched Port Analyzer (SPAN), 901 switched virtual circuits (SVCs) defined, 905 Frame Relay, 801 switches, 10, 10 vs bridges, Catalyst See Catalyst switch configuration Data Link layer, 25–26, 26 defined, 905 vs hubs, 26 layer See layer switching for network segmentation, 6, switchport command, 570–571 switchport access command, 571–572 switchport mode command, 571–572 switchport nonegotiate command, 527, 572 switchport port-security command, 503–504 switchport port-security aging command, 536 switchport port-security mac-address command, 521 switchport trunk command, 566 10089bindex.fm Page 959 Tuesday, July 24, 2007 9:38 AM switchport trunk allowed command – Telnet protocol switchport trunk allowed command, 573 switchport trunk encapsulation command, 572 switchport trunk native command, 574 switchport voice vlan command, 587 symmetrical DSL, 782 syn packet acknowledgments, 82 Synchronous Data Link Control (SDLC), 899 Synchronous Digital Hierarchy (SDH), 899 Synchronous Optical Network (SONET), 901 synchronous transmissions, 905 Synchronous Transport Module Level (STM-1), 904 syslog protocol, 905 system LED, 516–517, 516 System Network Architecture (SNA), 900 T T-connectors, 38 T reference points, 905 T1 WANs, 905 T3 WANs, 905 Tab command, 187 tables for VLSMs, 140–144, 141, 143, 145 TACACS+ (Terminal Access Controller Access Control System), 905 tagged traffic, 905 TAs (terminal adapters), 906 TCP (Transmission Control Protocol), 75–77 defined, 906 destination ports, 81–82 key concepts, 79 port numbers, 80–82, 80 959 segment format, 75–77, 75 source ports, 80–81 syn packet acknowledgments, 82 TCP/IP (Transmission Control Protocol/Internet Protocol) defined, 906 and DoD model, 68–70, 69–70 exam essentials, 102 host-to-host layer protocols TCP, 75–77, 75 UDP, 77–79, 78 Internet layer protocols, 83 ARP, 90–92, 90 ICMP, 87–90, 87, 89 IP, 84–87, 84, 86 RARP, 91, 92 IP addresses See IP addresses process/application layer protocols, 70–74 review questions, 104–109 summary, 101 written labs, 102–103, 110 TCP SYN flood attacks, 612 TDM (Time Division Multiplexing), 906 TE (terminal equipment) devices defined, 906 TE1, 906 TE2, 906 telco abbreviation, 906 telephony, VLANs, 586–588 telnet command, 214–215 Telnet protocol, 71, 295–296, 316 closing sessions, 298–299 for configuration information, 214–215 connections, 297 defined, 906 IP access lists, 625–626 with multiple devices, 297 10089bindex.fm Page 960 Tuesday, July 24, 2007 9:38 AM 960 10Base2 technology – Transmission Power Control (TPC) passwords, 197–198, 295–296 for router connections, 174 SDM for, 299–300, 299–300 users, 297–298 10Base2 technology, 38 10Base5 technology, 38 10BaseT technology, 38, 852 Teredo, 755 Terminal Access Controller Access Control System (TACACS+), 905 terminal adapters (TAs), 906 terminal emulation defined, 906 Telnet, 71 terminal equipment (TE) devices defined, 906 TE1, 906 TE2, 906 terminal history size command, 189 terminal monitor command, 395 testing NAT, 677–679, 678–679 TFN (Tribe Flood Network) attacks, 612 TFTP (Trivial File Transfer Protocol), 71 copying with, 264–265, 275–276 defined, 906 TFTP hosts, 906 tftp-server command, 266 thicknet, 38, 906 thin protocols, 77 thinnet, 38, 906 this network or segment address, 96 thrashing of MAC tables, 505 threats, security, 611–613 three-layer hierarchical model, 46–49, 47 three-way handshakes, 17, 906 time-based access lists, 615, 637–638 Time Division Multiplexing (TDM), 906 time-range command, 637–638 Time To Live (TTL) defined, 907 IP header, 85 timers CDP for, 283–284 RIP, 383 token buses, 907 token passing access method, 907 Token Ring Interface Processor (TRIP), 907 Token Ring technology, 907 tokens, 907 toll networks defined, 907 WANs, 775 topology databases, 446, 907 documenting, 292–294, 292, 294 EIGRP tables, 420, 425 Topology View screen, 540, 540 Total length field, 85 TPC (Transmission Power Control), 710 traceroute command defined, 907 ICMP, 88, 152, 215 for network connectivity, 307–308 traffic flow, ESP for, 827 traffic information, CDP for, 289 transferring files, 71–72 transforms, IPSec, 826–827 translation timeout in NAT, 678 Transmission Control Protocol See TCP (Transmission Control Protocol) Transmission Control Protocol/Internet Protocol See TCP/IP (Transmission Control Protocol/ Internet Protocol) Transmission Power Control (TPC), 710 10089bindex.fm Page 961 Tuesday, July 24, 2007 9:38 AM transparent bridging – unified wireless solution transparent bridging defined, 907 operation, 25 transparent mode in VTP, 565 Transport layer, 16–17 acknowledgments, 21, 21 connection-oriented communication, 17–20, 18–19 defined, 907 flow control, 17 port numbers, 45, 45 windowing, 20–21, 20 traps defined, 907 SNMP, 73 Tribe Flood Network (TFN) attacks, 612 TRIP (Token Ring Interface Processor), 907 Trivial File Transfer Protocol (TFTP), 71 copying with, 264–265, 275–276 defined, 907 Trojan horse attacks, 613 troubleshooting connectivity, 308–310 debug ip rip for, 397–398 Frame Relay, 811–813, 812 IP addresses, 150–157, 150, 153–157 NAT, 677–679, 678–679 OSPF, 471–473, 472–474 show ip protocols for, 394–395 VTP, 583–586 trunk command, 571–572 trunk links defined, 907 VLANs, 560–561, 561 trunk ports, 512, 571–574 Trunk Up-Down (TUD) protocol, 907 trust exploitation attacks, 613 trusted networks, 611 TTL (Time to Live) 961 defined, 907 IP header, 85 TUD (Trunk Up-Down) protocol, 907 tunneling, 35 defined, 908 IPv6 migration, 754–755, 755 quality of service in, 832–836, 832–835 2.4GHz wireless, 708–709, 708, 711–712 1242AP router configuration, 361–362 2500 routers configuration, 259–260 2600 routers bringing up, 177–179 configuration, 259 interfaces and connections, 174, 174 2800 routers bringing up, 175–177 interfaces and connections, 174–175, 174 Type field in Ethernet frames, 36 Type of Service field, 85 U U reference points, 908 UDP (User Datagram Protocol), 77–78 defined, 908 key concepts, 79 port numbers, 80–82, 80 segment format, 78–79, 78 undebug all command, 309 unicasts, 100 defined, 908 IPv6, 742, 744 unidirectional shared trees, 908 unified wireless solution, 712–714, 713 AWPP, 718 MESH and LWAPP, 716–717, 717–718 10089bindex.fm Page 962 Tuesday, July 24, 2007 9:38 AM 962 UNII (Unlicensed National Information Infrastructure) – VIP (Virtual IP) function security, 718–721 split-MAC architecture, 715–716, 715 UNII (Unlicensed National Information Infrastructure), 706, 706, 709–710, 710 unique local addresses, 745 universal bit, 35 unnumbered frames, 908 unreliable protocols, 77 unshielded twisted-pair (UTP) defined, 908 Ethernet, 37, 41, 42 untrusted networks, 611 updates with holddown timers, 382 upgrading IOS, 265–266, 268–270, 314 UplinkFast feature, 513, 524 Urgent pointer field, 76 URLs in IFS, 267 use-tacacs command, 194 User Datagram Protocol (UDP), 77–78 defined, 908 key concepts, 79 port numbers, 80–82, 80 segment format, 78–79, 78 user EXEC mode, 184 user mode, 180–181 username command, 225–226, 791, 818 usernames FTP, 71 PPP, 791 SDM, 226–227 WANs, 818 users, Telnet, 297–298 UTP (unshielded twisted-pair) wiring defined, 908 Ethernet, 37, 41, 42 V V.24 standard, 788 V.35 standard, 788 valid host IDs Class A addresses, 97 Class B addresses, 98 Class C addresses, 98 variable bit rate (VBR) class, 908 variable-length subnet masks See VLSMs (variable-length subnet masks) variance command, 442 VBR (variable bit rate) class, 908 VCCs (virtual channel connections), 908 VDSL (Very High Data Rate Digital Subscriber Line), 784 verifying configurations Catalyst switches, 528–534 EIGRP, 438–443 IOS, 214–223, 222–223 IP routing, 373–374, 393–398 NAT, 676 OSPF, 457–462 OSPFv3, 763–766 PPP encapsulation, 792–793, 792–793 RIP routing tables, 387–389 RIPng, 760–763 router, 275, 373–374 flash memory, 263–264 Versatile Interface Processor (VIP), 908 version command, 391 Version field, 85 Very High Data Rate Digital Subscriber Line (VDSL), 784 viewing configurations, 213–214 violation command, 522, 536 VIP (Versatile Interface Processor), 908 VIP (Virtual IP) function, 908 10089bindex.fm Page 963 Tuesday, July 24, 2007 9:38 AM virtual channel connections (VCCs) – vtp mode client command virtual channel connections (VCCs), 908 virtual circuits defined, 908 Frame Relay, 801 port numbers, 80 TCP, 75 Virtual IP (VIP) function, 908 virtual LANs See VLANs (virtual LANs) virtual private networks (VPNs), 825–826 configuration, 828–836, 828–835 defined, 909 IPSec for, 826–836 quality of service across tunnels, 832–836, 832–835 virtual rings, 908 vlan command, 568–569, 585 VLAN IDs, 909 VLAN Management Policy Server (VMPS) service, 559, 909 VLAN Trunk Protocol See VTP (VLAN Trunk Protocol) VLANs (virtual LANs), 552 broadcast control, 554 configuration, 568–570 inter-VLAN routing, 575–580, 576–578, 580, 588–597 switch port assignments, 570–571 trunk ports, 571–574 voice, 586–588 defined, 909 dynamic, 559 exam essentials, 598 flexibility and scalability, 555–558, 556–557 frame tagging, 561–562 identifying, 559–563, 561 ISL for, 562 membership, 558–559 operation, 552–554, 553 963 review questions, 600–606 routing between, 567–568, 567–568 security, 555 static, 558–559 summary, 597–598 trunk links, 560–561, 561 VTP for See VTP (VLAN Trunk Protocol) written lab, 599, 607 VLSMs (variable-length subnet masks), 137–138, 137 benefits, 139 defined, 909 designing, 138–139, 138 EIGRP, 418–419, 423–424, 423–424 implementing, 139–144, 141–147 RIPv1 vs RIPv2, 391–392 VMPS (VLAN Management Policy Server) service, 559, 909 voice configuration, 586–588 voice traversal with firewalls, 614 VPN Connection Information screen, 829, 829 VPNs (virtual private networks), 825–826 configuration, 828–836, 828–835 defined, 909 IPSec for, 826–836 quality of service across tunnels, 832–836, 832–835 VTP (VLAN Trunk Protocol), 563–564 configuration, 580–583 defined, 909 importance, 565 modes of operation, 564–565, 564 pruning, 565–566 troubleshooting, 583–586 vtp domain command, 581 vtp mode client command, 582 10089bindex.fm Page 964 Tuesday, July 24, 2007 9:38 AM 964 vtp mode server command – wireless networks vtp mode server command, 581, 585 vtp password command, 581–582 VTP transparent mode, 565, 909 VTY access lists for, 625–626 passwords for, 295 vty command, 195 W WAN Wizard, 353–358, 353–358 WANs (wide area networks), 774–775 cabling, 779–782, 780–781, 785–786, 786 connection types, 775–776, 776 defined, 909 DSL, 782–785, 782, 784 DTE and DCE for, 786, 786 exam essentials, 836–837 Frame Relay See Frame Relay hands-on lab, 838–841, 849 HDLC for, 787, 787 PPP for, 788–789, 788 authentication, 790–794, 813–818, 813–816 configuration, 791–792 debugging, 793–796, 794–795 encapsulation, 792–795, 792–794 LCP options, 789 sessions, 790 PPPoE for, 796–797, 818–822, 819–822 review questions, 842–848 summary, 836 support, 777–779 terminology, 775 written lab, 837 WCS (Wireless Control System), 713–714 well-known port numbers, 80 WEP (Wired Equivalency Protocol), 719–720 Wi-Fi Alliance, 706 Wi-Fi Protected Access (WPA), 720 wildcards for access lists, 620–622 for default routes, 374 defined, 909 OSPF, 450–453, 452 Window field, 76 windowing defined, 909 Transport layer, 20–21, 20 Windows Registry, hexadecimal addresses in, 93 WINS (Windows Internet Name Service), 909 WinSock interface, 909 Wired Equivalency Protocol (WEP), 719–720 Wireless Control System (WCS), 713–714 Wireless Express Security screen, 724, 724 Wireless Interfaces screen, 725–726, 725–726 wireless networks, 704 802.11 standards, 706–712, 708–710, 712 AWPP, 718 configuration, 721–728, 722–728 exam essentials, 729 MESH and LWAPP, 716–717, 717–718 overview, 704–706, 706 review questions, 731–736 security, 718–721 split-MAC architecture, 715–716, 715 summary, 729 10089bindex.fm Page 965 Tuesday, July 24, 2007 9:38 AM Wireless Security setting – zones unified solution, 712–714, 713 written labs, 730, 737 Wireless Security settings, 727, 727 workgroup layer, 48 workgroup layers, 909 workgroup switching, 909 WPA (Wi-Fi Protected Access), 720 written labs access lists, 655–656, 667 EIGRP and OSPF, 477–478, 491 internetworking, 50–55, 53, 62–66 IOS, 234, 249 IP routing, 402–403, 415 IPv6 protocol, 767, 772 layer switching and STP, 542, 550 management, 313, 325 NAT, 688–689, 701 subnetting, 158–160, 168–169 TCP/IP, 102–103, 110 965 VLANs, 599, 607 WANs, 837 wireless networks, 730, 737 X X.25 standard defined, 910 for Frame Relay, 798 X Window system defined, 910 purpose, 72 Z ZIP (Zone Information Protocol), 910 ZIP storms, 910 zones, 910 10089bperfcard.fm Page Monday, July 23, 2007 7:16 PM CCNA: Cisco Certified Network Associate Study Guide CCNA Exam 640-802 Objectives OBJECTIVE CHAPTER Describe How A Network Works Describe the purpose and functions of various network devices Select the components required to meet a network specification Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network Describe common networked applications including web applications Describe the purpose and basic operation of the protocols in the OSI and TCP models 1, Describe the impact of applications (Voice Over IP and Video Over IP) on a network 1, Interpret network diagrams 1, Determine the path between two hosts across a network Describe the components required for network and Internet communications Identify and correct common network problems at layers 1, 2, and using a layered model approach 1, Differentiate between LAN/WAN operation and features Configure, verify and troubleshoot a switch with VLANs and interswitch communications 1, 14 Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts 1, Explain the technology and media access control method for Ethernet networks Explain network segmentation and basic traffic management concepts 1, Explain basic switching concepts and the operation of Cisco switches Perform and verify initial switch configuration tasks including remote access management Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands 8, Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures 8, Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q) 10089bperfcard.fm Page Monday, July 23, 2007 7:16 PM OBJECTIVE CHAPTER Describe how VLANs create logically separate networks and the need for routing between them Configure, verify, and troubleshoot VLANs Configure, verify, and troubleshoot trunking on Cisco switches Configure, verify, and troubleshoot interVLAN routing Configure, verify, and troubleshoot VTP Configure, verify, and troubleshoot RSTP operation Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network Describe the operation and benefits of using private and public IP addressing 2, Explain the operation and benefits of using DHCP and DNS Configure, verify and troubleshoot DHCP and DNS operation on a router (including: CLI/SDM) Implement static and dynamic addressing services for hosts in a LAN environment Calculate and apply an addressing scheme including VLSM IP addressing design to a network Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment Describe the technological requirements for running IPv6 in conjunction with IPv4 (including: protocols, dual stack, tunneling, etc) 13 Describe IPv6 addresses 13 Identify and correct common problems associated with IP addressing and host configurations Configure, verify, and troubleshoot basic router operation and routing on Cisco devices Describe basic routing concepts (including: packet forwarding, router lookup process Exam objectives are subject to change at any time without prior notice and at Cisco’s sole discretion Please visit Cisco’s website (www.cisco.com/web/learning) for the most current listing of exam objectives 10089bperfcard.fm Page Monday, July 23, 2007 7:16 PM OBJECTIVE CHAPTER Describe the operation of Cisco routers (including: router bootup process, POST, router components) Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts Configure, verify, and troubleshoot RIPv2 Access and utilize the router to set basic parameters (including: CLI/SDM) 4, 6, Connect, configure, and verify operation status of a device interface 4, 6, Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities 4, 6, Perform and verify routing configuration tasks for a static or default route given specific routing requirements 6, Manage IOS configuration files (including: save, edit, upgrade, restore) Manage Cisco IOS Compare and contrast methods of routing and routing protocols 6, Configure, verify, and troubleshoot OSPF 6, Configure, verify, and troubleshoot EIGRP 6, Verify network connectivity (including: using ping, traceroute, and telnet or SSH) 4, 5, 6, Troubleshoot routing issues 4, 6, Verify router hardware and software operation using SHOW & DEBUG commands 4, 6, Implement basic router security Explain and select the appropriate administrative tasks required for a WLAN 6, 7, 10 Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC) 12 Identify and describe the purpose of the components in a small wireless network (Including: SSID, BSS, ESS) 12 Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point 12 Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2) 12 10089bperfcard.fm Page Monday, July 23, 2007 7:16 PM OBJECTIVE CHAPTER Identify common issues with implementing wireless networks (Including: Interface, Miss configuration) Identify security threats to a network and describe general methods to mitigate those threats 12 Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats 10 Explain general methods to mitigate common security threats to network devices, hosts, and applications 10 Describe the functions of common security appliances and applications 10 Describe security recommended practices including initial steps to secure network devices Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network 10 Describe the purpose and types of ACLs 10 Configure and apply ACLs based on network filtering requirements (including: CLI/SDM) 10 Configure and apply an ACLs to limit telnet and SSH access to the router using (including: SDM/CLI) 10 Verify and monitor ACLs in a network environment 10 Troubleshoot ACL issues 10 Explain the basic operation of NAT 11 Configure NAT for given network requirements using (including: CLI/SDM) 11 Troubleshoot NAT issues Implement and verify WAN links 11 Describe different methods for connecting to a WAN 14 Configure and verify a basic WAN serial connection 14 Configure and verify Frame Relay on Cisco routers 14 Troubleshoot WAN implementation issues 14 Describe VPN technology (including: importance, benefits, role, impact, components) 14 Configure and verify a PPP connection between Cisco routers 14 Exam objectives are subject to change at any time without prior notice and at Cisco’s sole discretion Please visit Cisco’s website (www.cisco.com/web/learning) for the most current listing of exam objectives 10089bmedinst.qxd:Layout 7/23/07 7:18 PM Page B T he Absolute Best CCNA Package on the Market! Get ready for Cisco’s new CCNA exam (640-802) with the most comprehensive and challenging sample tests anywhere! The Sybex Test Engine features: All the review questions, as covered in each chapter of the book Four full-length bonus exams with challenging questions representative of those you’ll find on the real exam, available only on the CD An Assessment Test to narrow your focus to certain objective groups Use the electronic flashcards for PCs or Palm devices to jog your memory and prep last minute for the exam! Reinforce your understanding of key concepts with these hardcore flashcard-style questions Download the flashcards to your Palm device and go on the road Now you can study for the CCNA exam any time, anywhere Search through the complete book in PDF! Access the entire CCNA: Cisco Certified Network Associate Study Guide, complete with figures and tables, in electronic format Search the CCNA: Cisco Certified Network Associate Study Guide chapters to find information on any topic in seconds Reinforce what you’ve learned with over an hour’s worth of useful audio and video files designed to enhance your learning experience The complete CCNA study solution from Sybex ® ® CCNA: Cisco® Certified Network Associate Study Guide, Sixth Edition, Exam 640-802 978-0-470-11008-9 • US $49.99 • In-depth coverage of every exam objective, expanded coverage on key topics in the current version of the exam, plus updates that reflect technology developments over the past year • Enhanced CD contains over an hour of useful video and audio files, as well as the Sybex Test Engine, flashcards, and entire book in PDF format CCNA: Cisco® Certified Network Associate Study Guide Deluxe, Fifth Edition, Exam 640-802 978-0-470-11009-6 • US $99.99 • Bonus CD includes a fully functional version of the popular network simulator, CCNA Virtual Lab, Platinum Edition, allowing the reader to perform numerous labs—a value of over $150 U.S.! • Contains over an hour of video instruction from the author, as well as 30 minutes of audio, in addition to the Sybex Test Engine and flashcards CCNA: Cisco Certified Network Associate Fast Pass, Third Edition 978-0-470-18571-1 • US $29.99 • Organized by objectives for quick review and reinforcement of key topics • CD contains two bonus exams, handy flashcard questions, and a searchable PDF of Glossary of Terms Todd Lammle’s CCNA IOS Commands Survival Guide 978-0-470-17560-6 • US $29.99 • Highlights the hundreds of IOS commands needed to pass the exam and that Cisco networking professionals need to know to perform their jobs • Detailed examples of how to use these commands provide a quick reference guide for CCNA candidates Visit www.sybex.com Wiley, Sybex, and related logos are registered trademarks of John Wiley & Sons, Inc and/or its affiliates CCNA is a registered trademark of Cisco Systems, Inc 10089bmeddis.fm Page Monday, July 23, 2007 7:15 PM Wiley Publishing, Inc End-User License Agreement READ THIS You should carefully read these terms and conditions before opening the software packet(s) included with this book “Book” This is a license agreement “Agreement” between you and Wiley Publishing, Inc “WPI” By opening the accompanying software packet(s), you acknowledge that you have read and accept the following terms and conditions If you not agree and not want to be bound by such terms and conditions, promptly return the Book and the unopened software packet(s) to the place you obtained them for a full refund License Grant WPI grants to you (either an individual or entity) a nonexclusive license to use one copy of the enclosed software program(s) (collectively, the “Software,” solely for your own personal or business purposes on a single computer (whether a standard computer or a workstation component of a multi-user network) The Software is in use on a computer when it is loaded into temporary memory (RAM) or installed into permanent memory (hard disk, CD-ROM, or other storage device) WPI reserves all rights not expressly granted herein Ownership WPI is the owner of all right, title, and interest, including copyright, in and to the compilation of the Software recorded on the physical packet included with this Book “Software Media” Copyright to the individual programs recorded on the Software Media is owned by the author or other authorized copyright owner of each program Ownership of the Software and all proprietary rights relating thereto remain with WPI and its licensers Restrictions On Use and Transfer (a) You may only (i) make one copy of the Software for backup or archival purposes, or (ii) transfer the Software to a single hard disk, provided that you keep the original for backup or archival purposes You may not (i) rent or lease the Software, (ii) copy or reproduce the Software through a LAN or other network system or through any computer subscriber system or bulletinboard system, or (iii) modify, adapt, or create derivative works based on the Software (b) You may not reverse engineer, decompile, or disassemble the Software You may transfer the Software and user documentation on a permanent basis, provided that the transferee agrees to accept the terms and conditions of this Agreement and you retain no copies If the Software is an update or has been updated, any transfer must include the most recent update and all prior versions Restrictions on Use of Individual Programs You must follow the individual requirements and restrictions detailed for each individual program in the About the CD-ROM appendix of this Book or on the Software Media These limitations are also contained in the individual license agreements recorded on the Software Media These limitations may include a requirement that after using the program for a specified period of time, the user must pay a registration fee or discontinue use By opening the Software packet(s), you will be agreeing to abide by the licenses and restrictions for these individual programs that are detailed in the About the CD-ROM appendix and/or on the Software Media None of the material on this Software Media or listed in this Book may ever be redistributed, in original or modified form, for commercial purposes Limited Warranty (a) WPI warrants that the Software and Software Media are free from defects in materials and workmanship under normal use for a period of sixty (60) days from the date of purchase of this Book If WPI receives notification within the warranty period of defects in materials or workmanship, WPI will replace the defective Software Media (b) WPI AND THE AUTHOR(S) OF THE BOOK DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SOFTWARE, THE PROGRAMS, THE SOURCE CODE CONTAINED THEREIN, AND/OR THE TECHNIQUES DESCRIBED IN THIS BOOK WPI DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE ERROR FREE (c) This limited warranty gives you specific legal rights, and you may have other rights that vary from jurisdiction to jurisdiction Remedies (a) WPI’s entire liability and your exclusive remedy for defects in materials and workmanship shall be limited to replacement of the Software Media, which may be returned to WPI with a copy of your receipt at the following address: Software Media Fulfillment Department, Attn.: CCNA®: Cisco® Certified Network Associate Study Guide, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, or call 1800-762-2974 Please allow four to six weeks for delivery This Limited Warranty is void if failure of the Software Media has resulted from accident, abuse, or misapplication Any replacement Software Media will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer (b) In no event shall WPI or the author be liable for any damages whatsoever (including without limitation damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising from the use of or inability to use the Book or the Software, even if WPI has been advised of the possibility of such damages (c) Because some jurisdictions not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation or exclusion may not apply to you U.S Government Restricted Rights Use, duplication, or disclosure of the Software for or on behalf of the United States of America, its agencies and/or instrumentalities “U.S Government” is subject to restrictions as stated in paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause of DFARS 252.227-7013, or subparagraphs (c) (1) and (2) of the Commercial Computer Software - Restricted Rights clause at FAR 52.227-19, and in similar clauses in the NASA FAR supplement, as applicable General This Agreement constitutes the entire understanding of the parties and revokes and supersedes all prior agreements, oral or written, between them and may not be modified or amended except in a writing signed by both parties hereto that specifically refers to this Agreement This Agreement shall take precedence over any other documents that may be in conflict herewith If any one or more provisions contained in this Agreement are held by any court or tribunal to be invalid, illegal, or otherwise unenforceable, each and every other provision shall remain in full force and effect ... the CD, you’ll be more than prepared for the exam CCNA: Cisco Certified Network Associate Study Guide in PDF Sybex offers the CCNA Exam 640- 802 Study Guide in PDF on the CD so you can read the... need to pass all three exams The two-step method involves passing the following: Exam 640- 822: Interconnecting Cisco Networking Devices 1(ICND1) Exam 640- 816: Introduction to Cisco Networking Devices... need to know to pass the CCNA exam Since the new 640- 802 exam is so hard, Cisco wants to reward you for taking the two-test approach Or so it seems If you take the ICND1 exam, you actually receive