Dear Reader,Thank you for choosing CCNA: Cisco Certified Network Associate Fast Pass, Third Edition.This book is part of a family of premium quality Sybex books, all written by outstandingauthors who combine practical experience with a gift for teaching.Sybex was founded in 1976. More than thirty years later, we’re still committed to producingconsistently exceptional books. With each of our titles we’re working hard to set a new standardfor the industry. From the paper we print on, to the authors we work with, our goal is to bringyou the best books available.I hope you see all that reflected in these pages. I’d be very interested to hear your commentsand get your feedback on how we’re doing. Feel free to let me know what you think aboutthis or any other Sybex book by sending me an email at email@example.com, or if you thinkyou’ve found a technical error in this book, please visit http://sybex.custhelp.com.Customer feedback is critical to our efforts at Sybex.Best regards, Neil Edde Vice President and Publisher Sybex, an Imprint of Wiley
AcknowledgmentsThanks to Jeff Kellum, who always keeps me working hard and makes sure I am headed in theright direction. This is no easy task for Jeff! And thanks to Christine O’Connor, who somehow made sense of my work and helped meput it together in a great, easy to study format. Thank you both!
About the AuthorTodd Lammle, CCSI, CCNA/CCNP/CCSP, MCSE, CEH/CHFI, FCC RF Licensed, is theauthority on Cisco Certification internetworking. He is a world renowned author, speaker,trainer and consultant. Todd has over 25 years of experience working with LAN’s, WAN’s andlarge licensed and unlicensed Wireless networks. He is president of GlobalNet Training andConsulting, inc, a network integration and training firm based in Dallas. You can reach Toddthrough his forum at www.lammle.com.
Contents at a GlanceIntroduction xxiChapter 1 Describe how a network works 1Chapter 2 Configure, verify, and troubleshoot a switch with VLANs and interswitch communications 65Chapter 3 Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network. 143Chapter 4 Configure, verify, and troubleshoot basic router operation and routing on Cisco devices 189Chapter 5 Explain and select the appropriate administrative tasks required for a WLAN 285Chapter 6 Identify security threats to a network and describe general methods to mitigate those threats 303Chapter 7 Implement, verify, and troubleshoot NAT and ACLs in a medium-sized Enterprise branch office network. 319Chapter 8 Implement and verify WAN links 351Appendix A About the Companion CD 379Glossary 383Index 445
ContentsIntroduction xxiChapter 1 Describe how a network works 1 1.1 Describe the purpose and functions of various network devices 2 Exam Essentials 5 1.2 Select the components required to meet a network specification 6 Exam Essentials 8 1.3 Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network 8 Exam Essentials 10 1.4 Describe common networked applications including web applications 10 Telnet 11 File Transfer Protocol (FTP) 11 Trivial File Transfer Protocol (TFTP) 12 Network File System (NFS) 12 Simple Mail Transfer Protocol (SMTP) 12 Line Printer Daemon (LPD) 12 X Window 12 Simple Network Management Protocol (SNMP) 12 Domain Name Service (DNS) 13 Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol (BootP) 13 Exam Essentials 14 1.5 Describe the purpose and basic operation of the protocols in the OSI and TCP models 15 The Layered Approach 15 Advantages of Reference Models 16 The OSI Reference Model 16 Exam Essentials 19 1.6 Describe the impact of applications (Voice over IP and Video over IP) on a network 19 Transmission Control Protocol (TCP) 19 User Datagram Protocol (UDP) 22 Exam Essentials 24 1.7 Interpret network diagrams 25 Getting CDP Timers and Holdtime Information 25 Gathering Neighbor Information 26 Documenting a Network Topology Using CDP 31 Exam Essentials 33
xii Contents 1.8 Determine the path between two hosts across a network 34 Exam Essentials 38 1.9 Describe the components required for network and Internet communications 39 Exam Essentials 42 1.10 Identify and correct common network problems at layers 1, 2, 3, and 7 using a layered model approach 43 Determining IP Address Problems 46 Exam Essentials 50 1.11 Differentiate between LAN/WAN operation and features 51 Ethernet Networking 52 Defining WAN Terms 55 WAN Connection Types 56 WAN Support 57 Exam Essentials 60 Review Questions 61 Answers to Review Questions 63Chapter 2 Configure, verify, and troubleshoot a switch with VLANs and interswitch communications 65 2.1 Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts 68 Straight-Through Cable 68 Crossover Cable 68 Rolled Cable 69 Exam Objectives 72 2.2 Explain the technology and media access control method for Ethernet networks 72 Half- and Full-Duplex Ethernet 74 Ethernet at the Data Link Layer 75 Ethernet at the Physical Layer 77 Exam Objectives 80 2.3 Explain network segmentation and basic traffic management concepts 80 Routers 81 Switches 81 Bridges 82 Exam Objectives 82 2.4 Explain basic switching concepts and the operation of Cisco switches 82 Limitations of Layer 2 Switching 83 Bridging vs. LAN Switching 84 Three Switch Functions at Layer 2 84 Exam Objectives 88
Contents xiii2.5 Perform and verify initial switch configuration tasks, including remote access management 88 Catalyst Switch Configuration 89 Exam Objectives 922.6 Verify network status and switch operation using basic utilities (including: ping, traceroute, Telnet, SSH, arp, ipconfig), SHOW & DEBUG commands 92 Checking Network Connectivity 93 Verifying Cisco Catalyst Switches 95 Exam Objectives 982.7 Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures 99 Exam Objectives 1002.8 Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q) 100 VTP Modes of Operation 101 Exam Objectives 1032.9 Describe how VLANs create logically separate networks and the need for routing between them 103 Broadcast Control 105 Security 105 Flexibility and Scalability 106 Exam Objectives 1092.10 Configure, verify, and troubleshoot VLANs 109 Assigning Switch Ports to VLANs 111 Exam Objectives 1122.11 Configure, verify, and troubleshoot trunking on Cisco switches 112 Trunking with the Cisco Catalyst 3560 Switch 113 Defining the Allowed VLANs on a Trunk 114 Changing or Modifying the Trunk Native VLAN 115 Exam Objectives 1162.12 Configure, verify, and troubleshoot interVLAN routing 116 Exam Objectives 1212.13 Configure, verify, and troubleshoot VTP 123 Troubleshooting VTP 126 Exam Objectives 1282.14 Configure, verify, and troubleshoot RSTP operation 128 Exam Objectives 1302.15 Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network 130
xiv Contents 2.16 Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.) 130 Configuring Trunk Ports 132 Port Security 135 Exam Objectives 136 Review Questions 137 Answers to Review Questions 141Chapter 3 Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network. 143 3.1 Describe the operation and benefits of using private and public IP addressing 145 IP Terminology 146 Network Addresses: Special Purpose 148 Private IP Addresses 149 Exam Objectives 150 3.2 Explain the operation and benefits of using DHCP and DNS 150 Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol (BOOTP) 150 Exam Objectives 152 3.3 Configure, verify, and troubleshoot DHCP and DNS operation on a router (including CLI/SDM) 153 Using DNS to Resolve Names 154 Exam Objectives 156 3.4 Implement static and dynamic addressing services for hosts in a LAN environment 156 Bringing Up an Interface 159 Exam Objectives 161 3.5 Calculate and apply an addressing scheme, including VLSM IP addressing design, to a network 161 VLSM Design 162 Exam Objectives 163 3.6 Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment 163 Summarization 170 Exam Objectives 171 3.7 Describe the technological requirements for running IPv6 in conjunction with IPv4 (including protocols, dual stack, tunneling, etc) 171 Why Do We Need IPv6? 172 The Benefits and Uses for IPv6 172
Contents xv Dual Stacking 173 6to4 Tunneling 174 Exam Objectives 175 3.8 Describe IPv6 addresses 175 Shortened Expression 176 Address Types 177 Special Addresses 178 Exam Objectives 178 3.9 Identify and correct common problems associated with IP addressing and host configurations 179 Determining IP Address Problems 182 Exam Objectives 184 Review Questions 185 Answers to Review Questions 188Chapter 4 Configure, verify, and troubleshoot basic router operation and routing on Cisco devices 189 4.1 Describe basic routing concepts (including packet forwarding, router lookup process) 191 Using DNS to Resolve Names 193 Exam Objectives 195 4.2 Describe the operation of Cisco routers (including router bootup process, POST, router components) 195 The Router Boot Sequence 196 Managing Configuration Register 197 Exam Objectives 199 4.3 Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts 199 Straight-Through Cable 199 Crossover Cable 200 Rolled Cable 200 Router WAN Connections 203 Serial Transmission 203 Data Terminal Equipment and Data Communication Equipment 204 Exam Objectives 205 4.4 Configure, verify, and troubleshoot RIPv2 205 Exam Objectives 208 4.5 Access and utilize the router to set basic parameters (including CLI/SDM) 208 Overview of Router Modes 209 Defining Router Terms 210 Gathering Basic Routing Information 210 Router and Switch Administrative Configurations 211
xvi Contents Hostnames 211 Banners 212 Setting Passwords 213 Descriptions 218 Exam Objectives 219 4.6 Connect, configure, and verify the operational status of a device interface 219 Bringing Up an Interface 222 Viewing, Saving, and Erasing Configurations 225 Verifying Your Configuration 226 Exam Objectives 233 4.7 Verify device configuration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities 233 Checking Network Connectivity 234 Exam Objectives 238 4.8 Perform and verify routing configuration tasks for a static or default route given specific routing requirements 238 Exam Objectives 242 4.9 Manage IOS configuration files (including save, edit, upgrade, restore) 242 Backing Up the Cisco Router Configuration 242 Restoring the Cisco Router Configuration 244 Erasing the Configuration 245 Exam Objectives 246 4.10 Manage Cisco IOS 246 Verifying Flash Memory 247 Backing Up the Cisco IOS 248 Restoring or Upgrading the Cisco Router IOS 249 Exam Objectives 249 4.11 Compare and contrast methods of routing and routing protocols 250 Routing Protocols 251 Exam Objectives 252 4.12 Configure, verify, and troubleshoot OSPF 252 Configuring OSPF Areas 254 The show ip ospf Command 255 The show ip ospf database Command 256 The show ip ospf interface Command 257 The show ip ospf neighbor Command 258 Debugging OSPF 259 Exam Objectives 261 4.13 Configure, verify, and troubleshoot EIGRP 261 Verifying EIGRP 262 Exam Objectives 266
Contents xvii 4.14 Verify network connectivity (including: using ping, traceroute, and Telnet or SSH) 266 4.15 Troubleshoot routing issues 267 Exam Objectives 271 4.16 Verify router hardware and software operation using the SHOW and DEBUG commands 271 Using the ping Command 272 Using the traceroute Command 274 Debugging 275 Using the show processes Command 277 Exam Objectives 278 4.17 Implement basic router security 278 Exam Objectives 281 Review Questions 282 Answers to Review Questions 284Chapter 5 Explain and select the appropriate administrative tasks required for a WLAN 285 5.1 Describe standards associated with wireless media (including IEEE WI-FI Alliance, ITU/FCC) 286 The 802.11 Standards 288 Exam Objectives 289 5.2 Identify and describe the purpose of the components in a small wireless network (including SSID, BSS, ESS) 290 2.4GHz (802.11b) 290 2.4GHz (802.11g) 291 5GHz (802.11a) 292 Exam Objectives 293 5.3 Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point 293 Service Sets 294 Exam Objectives 295 5. 4 Compare and contrast wireless security features and capabilities of WPA security (including open, WEP, WPA-1/2) 296 Open Access 297 WPA or WPA 2 Pre-Shared Key 298 Exam Objectives 299 5.5 Identify common issues with implementing wireless networks (including Interface, Miss configuration) 299 Review Questions 300 Answers to Review Questions 302
xviii ContentsChapter 6 Identify security threats to a network and describe general methods to mitigate those threats 303 6.1 Describe today’s increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats 304 Recognizing Security Threats 305 Exam Objectives 307 6.2 Explain general methods to mitigate common security threats to network devices, hosts, and applications 308 Cisco’s IOS Firewall 308 Basic and Advanced Traffic Filtering 309 Exam Objectives 309 6.3 Describe the functions of common security appliances and applications 310 Security Appliances 310 Lock and Key (Dynamic ACLs) 310 Reflexive ACLs 310 Time-Based ACLs 311 Remarks 311 Context-Based Access Control (Cisco IOS Firewall) 313 Authentication Proxy 314 Exam Objectives 314 6.4 Describe security recommended practices, including initial steps to secure network devices 314 Exam Objectives 315 Review Questions 316 Answers to Review Questions 318Chapter 7 Implement, verify, and troubleshoot NAT and ACLs in a medium-sized Enterprise branch office network. 319 7.1 Describe the purpose and types of ACLs 320 Exam Objectives 321 7.2 Configure and apply ACLs based on network filtering requirements (including CLI/SDM) 322 Standard IP Access Lists 322 Extended Access Lists 329 Exam Objectives 335 7.3 Configure and apply ACLs to limit telnet and SSH access to the router using (including: SDM/CLI) 335 Secure Shell (SSH) 336 Exam Objectives 337 7. 4 Verify and monitor ACLs in a network environment 337 Exam Objectives 339
Contents xix 7.5 Troubleshoot ACL issues 340 7.6 Explain the basic operation of NAT 340 Types of Network Address Translation 341 Exam Objectives 342 7.7 Configure NAT for given network requirements using (including CLI/SDM) 342 Static NAT Configuration 342 Dynamic NAT Configuration 343 PAT (Overloading) Configuration 343 Configuring NAT using the SDM 344 Exam Objectives 345 7.8 Troubleshoot NAT issues 345 Exam Objectives 346 Review Questions 347 Answers to Review Questions 349Chapter 8 Implement and verify WAN links 351 8.1 Describe different methods for connecting to a WAN 352 Exam Objectives 355 8.2 Configure and verify a basic WAN serial connection 355 Serial Transmission 355 Data Terminal Equipment and Data Communication Equipment 356 High-Level Data-Link Control (HDLC) Protocol 357 Configuring HDLC on Cisco Routers 358 Point-to-Point Protocol (PPP) 358 Configuring PPP on Cisco Routers 359 Exam Objectives 360 8.3 Configure and verify Frame Relay on Cisco routers 360 Frame Relay Implementation and Monitoring 360 Exam Objectives 365 8.3 Troubleshoot WAN implementation issues 366 Mismatched IP Addresses 367 Troubleshooting Frame Relay Networks 368 Exam Objectives 369 8.4 Describe VPN technology (including importance, benefits, role, impact, components) 370 Exam Objectives 371 8.5 Configure and verify a PPP connection between Cisco routers 371 Verifying PPP Encapsulation 372 Debugging PPP Authentication 373 Exam Objectives 374 Review Questions 375 Answers to Review Questions 378
xx ContentsAppendix A About the Companion CD 379 What You’ll Find on the CD 380 Sybex Test Engine 380 PDF of Glossary of Terms 380 Adobe Reader 380 Electronic Flashcards 381 System Requirements 381 Using the CD 381 Troubleshooting 382 Customer Care 382Glossary 383Index 445
IntroductionWelcome to the exciting world of Cisco certification! You have picked up this book becauseyou want something better; namely, a better job with more satisfaction. Rest assured that youhave made a good decision. Cisco certification can help you get your first networking job, ormore money and a promotion if you are already in the field. Cisco certification can also improve your understanding of the internetworking of morethan just Cisco products: You will develop a complete understanding of networking and howdifferent network topologies work together to form a network. This is beneficial to every net-working job and is the reason Cisco certification is in such high demand, even at companieswith few Cisco devices. Cisco is the king of routing and switching, the Microsoft of the internetworking world. TheCisco certifications reach beyond the popular certifications, such as the MCSE, to provide youwith an indispensable factor in understanding today’s network—insight into the Cisco worldof internetworking. By deciding that you want to become Cisco certified, you are saying thatyou want to be the best—the best at routing and the best at switching. This book will lead youin that direction.How Is This Book Organized?This book is organized according to the official objectives list prepared by Cisco for the CCNAexam. The chapters correspond with the eight broad categories: Describe how a network works. Configure, verify and troubleshoot a switch with VLANs and interswitch communications. Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network. Configure, verify, and troubleshoot basic router operation and routing on Cisco devices. Explain and select the appropriate administrative tasks required for a WLAN. Identify security threats to a network and describe general methods to mitigate those threats. Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network. Implement and verify WAN links. Within each chapter, the individual exam objectives are each addressed. Each section of achapter covers one exam objective. For each objective, the critical information for that examobjective is first presented, and then there are several Exam Essentials for each exam objective.Additionally, each chapter ends with a section of Review Questions. Here is a closer look ateach of these components:Exam Objective The individual exam objective sections present the greatest level of detail oninformation that is relevant to the CCNA exam. This is the place to start if you’re unfamiliarwith or uncertain about the technical issues related to the objective.
xxii IntroductionExam Essentials Here you are given a short list of topics that you should explore fully beforetaking the test. Included in the Exam Essentials areas are notations of the key information youshould take out of the exam objective section.Review Questions This section ends every chapter and provides 10 questions to help yougauge your mastery of the chapter.Cisco—A Brief HistoryMany readers may already be familiar with Cisco and what they do. However, those of youwho are new to the field, just coming in fresh from your MCSE, and those of you who maybehave 10 or more years in the field but wish to brush up on the new technology may appreciatea little background on Cisco. In the early 1980s, Len and Sandy Bosack, a married couple who worked in different com-puter departments at Stanford University, were having trouble getting their individual systemsto communicate (like many married people). So in their living room they created a gatewayserver that made it easier for their disparate computers in two different departments to com-municate using the IP protocol. In 1984, they founded cisco Systems (notice the small c) witha small commercial gateway server product that changed networking forever. Some peoplethink the name was intended to be San Francisco Systems but the paper got ripped on the wayto the incorporation lawyers—who knows? In 1992, the company name was changed to CiscoSystems, Inc. The first product the company marketed was called the Advanced Gateway Server (AGS). Thencame the Mid-Range Gateway Server (MGS), the Compact Gateway Server (CGS), the IntegratedGateway Server (IGS), and the AGS+. Cisco calls these “the old alphabet soup products.” In 1993, Cisco came out with the amazing 4000 router and then created the even moreamazing 7000, 2000, and 3000 series routers. These are still around and evolving (almostdaily, it seems). Cisco has since become an unrivaled worldwide leader in networking for the Internet.Its networking solutions can easily connect users who work from diverse devices on disparatenetworks. Cisco products make it simple for people to access and transfer information withoutregard to differences in time, place, or platform. In the big picture, Cisco provides end-to-end networking solutions that customers can use tobuild an efficient, unified information infrastructure of their own or to connect to someone else’s.This is an important piece in the Internet/networking–industry puzzle because a common architec-ture that delivers consistent network services to all users is now a functional imperative. BecauseCisco Systems offers such a broad range of networking and Internet services and capabilities, userswho need to regularly access their local network or the Internet can do so unhindered, makingCisco’s wares indispensable. Cisco answers this need with a wide range of hardware products that form information net-works using the Cisco Internetwork Operating System (IOS) software. This software providesnetwork services, paving the way for networked technical support and professional services tomaintain and optimize all network operations.
Introduction xxiii Along with the Cisco IOS, one of the services Cisco created to help support the vast amountof hardware it has engineered is the Cisco Certified Internetwork Expert (CCIE) program, whichwas designed specifically to equip people to effectively manage the vast quantity of installedCisco networks. The business plan is simple: If you want to sell more Cisco equipment and havemore Cisco networks installed, ensure that the networks you install run properly. Clearly, having a fabulous product line isn’t all it takes to guarantee the huge success thatCisco enjoys—lots of companies with great products are now defunct. If you have complicatedproducts designed to solve complicated problems, you need knowledgeable people who arefully capable of installing, managing, and troubleshooting them. That part isn’t easy, so Ciscobegan the CCIE program to equip people to support these complicated networks. This pro-gram, known colloquially as the Doctorate of Networking, has also been very successful,primarily due to its extreme difficulty. Cisco continuously monitors the program, changingit as it sees fit, to make sure that it remains pertinent and accurately reflects the demands oftoday’s internetworking business environments. Building upon the highly successful CCIE program, Cisco Career Certifications permit youto become certified at various levels of technical proficiency, spanning the disciplines of net-work design and support. So, whether you’re beginning a career, changing careers, securingyour present position, or seeking to refine and promote your position, this is the book for you!Cisco’s Network Support CertificationsInitially, to secure the coveted Cisco CCIE certification, you took only one test and then youwere faced with the (extremely difficult) hands-on lab, an all-or-nothing approach that madeit tough to succeed. In response, Cisco created a series of new certifications to help you get the coveted CCIEas well as aid prospective employers in measuring skill levels. With these new certifications,which make for a better approach to preparing for that almighty lab, Cisco opened doors thatfew were allowed through before. This book covers everything CCNA related. For up-to-date information on Todd Lammle Cisco Authorized CCNA CCNP, CCSP, CCVP, and CCIE boot- camps, please see www.lammle.com and/or www.globalnettraining.com.Cisco Certified Network Associate (CCNA)The CCNA certification was the first in the new line of Cisco certifications and was theprecursor to all current Cisco certifications. Now you can become a Cisco Certified NetworkAssociate for the meager cost of this book and either one test at $150 or two tests at $125each—although the CCNA exams are extremely hard and cover a lot of material, so you haveto really know your stuff! Taking a Cisco class or spending months with hands-on experienceis not out of the norm. And once you have your CCNA, you don’t have to stop there—you can choose to con-tinue with your studies and achieve a higher certification, called the Cisco Certified Network
xxiv IntroductionProfessional (CCNP). Someone with a CCNP has all the skills and knowledge he or sheneeds to attempt the Routing and Switching CCIE lab. Just becoming a CCNA can land youthat job you’ve dreamed about.Why Become a CCNA?Cisco, not unlike Microsoft and Novell (Linux), has created the certification process to giveadministrators a set of skills and to equip prospective employers with a way to measure skillsor match certain criteria. Becoming a CCNA can be the initial step of a successful journeytoward a new, highly rewarding, and sustainable career. The CCNA program was created to provide a solid introduction not only to the Cisco Inter-network Operating System (IOS) and Cisco hardware, but also to internetworking in general,making it helpful to you in areas that are not exclusively Cisco’s. At this point in the certificationprocess, it’s not unrealistic that network managers—even those without Cisco equipment—require Cisco certifications for their job applicants. If you make it through the CCNA and are still interested in Cisco and internetworking,you’re headed down a path to certain success.What Skills Do You Need to Become a CCNA?To meet the CCNA certification skill level, you must be able to understand or do the following: A CCNA certified professional can install, configure, and operate LAN, WAN, and wire- less access services securely, as well as troubleshoot and configure small to medium net- works (500 nodes or fewer) for performance. This knowledge includes, but is not limited to, use of these: IP, IPv6, EIGRP, RIP, RIPv2, OSPF, serial connections, Frame Relay, cable, DSL, PPPoE, LAN switching, VLANs, Ethernet, security, and access lists. Be sure and check my web site at www.lammle.com for the latest Cisco CCNA objectives and other Cisco exams, objectives and certifications that can change on a moments notice.How Do You Become a CCNA?The way to become a CCNA is to pass one little test (CCNA Composite exam 640-802).Then—poof!—you’re a CCNA. True, it can be just one test, but you still have to possessenough knowledge to understand what the test writers are saying. However, Cisco has a two-step process that you can take in order to become a CCNA thatmay or may not be easier than taking one longer exam (this book is based on the one-stepmethod 640-802; however, this book has all the information you need to pass all three exams. The two-step method involves passing the following: Exam 640-822: Interconnecting Cisco Networking Devices 1(ICND1) Exam 640-816: Introduction to Cisco Networking Devices 2 (ICND2)
Introduction xxv I can’t stress this enough: It’s critical that you have some hands-on experience with Ciscorouters. If you can get a hold of some 1841 or 2800 series routers, you’re set. But if you can’t,I’ve worked hard to provide hundreds of configuration examples throughout this book to helpnetwork administrators (or people who want to become network administrators) learn whatthey need to know to pass the CCNA exam. Since the new 640-802 exam is so hard, Cisco wants to reward you for taking the two testapproach. Or so it seems anyways. If you take the ICND1 exam, you actually receive a certificationcalled the CCENT (Cisco Certified Entry Networking Technician). This is one step towards yourCCNA. To achieve your CCNA, you must still pass your ICND2 exam. Again, this book was written for the CCNA 640-802 Composite exam – one exam and youget your certification. For Cisco Authorized hands-on training with CCSI Todd Lammle, please see www.globalnettraining.com. Each student will get hands-on experience by configuring at least three routers and two switches—no sharing of equipment!Where Do You Take the Exams?You may take the CCNA exam at any Pearson VUE authorized center (www.vue.com) or call(877) 404-EXAM (3926). To register for a Cisco Certified Network Associate exam:1. Determine the number of the exam you want to take. (The CCNA exam number is 640-802.)2. Register with the nearest Pearson VUE testing center. At this point, you will be asked to pay in advance for the exam. At the time of this writing, the exams are $125 each and must be taken within one year of payment. You can schedule exams up to six weeks in advance or as late as the same day you want to take it—but if you fail a Cisco exam, you must wait five days before you will be allowed to retake the exam. If something comes up and you need to cancel or reschedule your exam appointment, contact Pearson VUE at least 24 hours in advance.3. When you schedule the exam, you’ll get instructions regarding all appointment and cancella- tion procedures, the ID requirements, and information about the testing-center location.Tips for Taking Your CCNA ExamThe CCNA test contains about 55 questions or more, to be completed in about 90 minutes orless. This can change per exam. You must get a score of about 85% to pass this exam, butagain, each exam can be different. Many questions on the exam have answer choices that at first glance look identical—especiallythe syntax questions! Remember to read through the choices carefully, because close doesn’t cut it.If you get commands in the wrong order or forget one measly character, you’ll get the questionwrong. So, to practice, do the hands-on exercises at the end of the chapters over and over againuntil they feel natural to you.
xxvi Introduction Also, never forget that the right answer is the Cisco answer. In many cases, more thanone appropriate answer is presented, but the correct answer is the one that Cisco recommends.On the exam, it always tells you to pick one, two or three, never “choose all that apply”. The CCNA 640-802 exam includes the following test formats: Multiple-choice single answer Multiple-choice multiple answer Drag-and-drop Fill-in-the-blank Router simulations In addition to multiple choice. fill-in-the-blank and drag and drop response questions, Cisco Career Certifications exams may include performance simulation exam items. Here are some general tips for exam success: Arrive early at the exam center, so you can relax and review your study materials. Read the questions carefully. Don’t jump to conclusions. Make sure you’re clear about exactly what each question asks. When answering multiple-choice questions that you’re not sure about, use the process of elimination to get rid of the obviously incorrect answers first. Doing this greatly improves your odds if you need to make an educated guess. You can no longer move forward and backward through the Cisco exams, so double- check your answer before clicking Next since you can’t change your mind. After you complete an exam, you’ll get immediate, online notification of your pass or fail sta-tus, a printed Examination Score Report that indicates your pass or fail status, and your examresults by section. (The test administrator will give you the printed score report.) Test scores areautomatically forwarded to Cisco within five working days after you take the test, so you don’tneed to send your score to them. If you pass the exam, you’ll receive confirmation from Cisco,typically within two to four weeks.How to Contact the AuthorYou can reach CCSI Todd Lammle through GlobalNet Training Solutions, Inc. (www.globalnettraining.com), his training and systems Integration Company in Dallas,Texas—or through his online forum at www.lammle.com.The CCNA Exam ObjectivesCisco has posted eight categories with specific objectives within each category. As was men-tioned, these exam objectives form the outline for this book. Following are Cisco’s objectivesfor the CCNA: Describe how a network works Describe the purpose and functions of various network devices Select the components required to meet a network specification
Introduction xxviiUse the OSI and TCP/IP models and their associated protocols to explain how data flowsin a networkDescribe common networked applications including web applicationsDescribe the purpose and basic operation of the protocols in the OSI and TCP modelsDescribe the impact of applications (Voice Over IP and Video Over IP) on a networkInterpret network diagramsDetermine the path between two hosts across a networkDescribe the components required for network and Internet communicationsIdentify and correct common network problems at layers 1, 2, 3 and 7 using a layeredmodel approachDifferentiate between LAN/WAN operation and featuresConfigure, verify and troubleshoot a switch with VLANs and interswitch communicationsSelect the appropriate media, cables, ports, and connectors to connect switches to othernetwork devices and hostsExplain the technology and media access control method for Ethernet networksExplain network segmentation and basic traffic management conceptsExplain basic switching concepts and the operation of Cisco switchesPerform and verify initial switch configuration tasks including remote access managementVerify network status and switch operation using basic utilities (including: ping, tracer-oute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commandsIdentify, prescribe, and resolve common switched network media issues, configurationissues, auto negotiation, and switch hardware failuresDescribe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)Describe how VLANs create logically separate networks and the need for routingbetween themConfigure, verify, and troubleshoot VLANsConfigure, verify, and troubleshoot trunking on Cisco switchesConfigure, verify, and troubleshoot interVLAN routingConfigure, verify, and troubleshoot VTPConfigure, verify, and troubleshoot RSTP operationInterpret the output of various show and debug commands to verify the operational statusof a Cisco switched networkImplement basic switch security (including: port security, trunk access, management vlanother than vlan1, etc.)
xxviii Introduction Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network. Describe the operation and benefits of using private and public IP addressing Explain the operation and benefits of using DHCP and DNS Configure, verify and troubleshoot DHCP and DNS operation on a router.(including: CLI/SDM) Implement static and dynamic addressing services for hosts in a LAN environment Calculate and apply an addressing scheme including VLSM IP addressing design to a network Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment Describe the technological requirements for running IPv6 in conjunction with IPv4 (including: protocols, dual stack, tunneling, etc.) Describe IPv6 addresses Identify and correct common problems associated with IP addressing and host configurations Configure, verify, and troubleshoot basic router operation and routing on Cisco devices Describe basic routing concepts (including: packet forwarding, router lookup process) Describe the operation of Cisco routers (including: router bootup process, POST, router components) Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts Configure, verify, and troubleshoot RIPv2 Access and utilize the router to set basic parameters.(including: CLI/SDM) Connect, configure, and verify operation status of a device interface Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities Perform and verify routing configuration tasks for a static or default route given specific routing requirements Manage IOS configuration files. (including: save, edit, upgrade, restore) Manage Cisco IOS Compare and contrast methods of routing and routing protocols Configure, verify, and troubleshoot OSPF Configure, verify, and troubleshoot EIGRP Verify network connectivity (including: using ping, traceroute, and telnet or SSH) Troubleshoot routing issues Verify router hardware and software operation using SHOW & DEBUG commands. Implement basic router security
Introduction xxixExplain and select the appropriate administrative tasks required for a WLANDescribe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)Identify and describe the purpose of the components in a small wireless network (Includ-ing: SSID, BSS, ESS)Identify the basic parameters to configure on a wireless network to ensure that devicesconnect to the correct access pointCompare and contrast wireless security features and capabilities of WPA security (includ-ing: open, WEP, WPA-1/2)Identify common issues with implementing wireless networks. (Including: Interface, Missconfiguration)Identify security threats to a network and describe general methods to mitigate those threatsDescribe todays increasing network security threats and explain the need to implementa comprehensive security policy to mitigate the threatsExplain general methods to mitigate common security threats to network devices, hosts,and applicationsDescribe the functions of common security appliances and applicationsDescribe security recommended practices including initial steps to secure network devicesImplement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branchoffice networkDescribe the purpose and types of ACLsConfigure and apply ACLs based on network filtering requirements.(including: CLI/SDM)Configure and apply an ACLs to limit telnet and SSH access to the router using (including:SDM/CLI)Verify and monitor ACLs in a network environmentTroubleshoot ACL issuesExplain the basic operation of NATConfigure NAT for given network requirements using (including: CLI/SDM)Troubleshoot NAT issuesImplement and verify WAN linksDescribe different methods for connecting to a WANConfigure and verify a basic WAN serial connectionConfigure and verify Frame Relay on Cisco routersTroubleshoot WAN implementation issuesDescribe VPN technology (including: importance, benefits, role, impact, components)Configure and verify a PPP connection between Cisco routers
CCNA : ® Cisco® CertiﬁedNetwork Associate Fast Pass Third Edition
Chapter Describe how a network works 1 THE CISCO CCNA EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE: 1.1 Describe the purpose and functions of various network devices 1.2 Select the components required to meet a network specification 1.3 Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network 1.4 Describe common networked applications including web applications 1.5 Describe the purpose and basic operation of the protocols in the OSI and TCP models 1.6 Describe the impact of applications (Voice over IP and Video Over IP) on a network 1.7 Interpret network diagrams 1.8 Determine the path between two hosts across a network 1.9 Describe the components required for network and Internet communications 1.10 Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach 1.11 Differentiate between LAN/WAN operation and features
Welcome to the exciting world of internetworking. This first chapter will really help you understand the basics of internet- working by focusing on how to connect networks using Ciscorouters and switches. First, you need to know exactly what an internetwork is. You create aninternetwork when you connect two or more LANs or WANs via a router and configure a log-ical network addressing scheme with a protocol such as the Internet Protocol (IP). I’m also going to dissect the Open Systems Interconnection (OSI) model and describe eachpart to you in detail because you need a good grasp of it for the solid foundation you’ll buildyour networking knowledge upon. The OSI model has seven hierarchical layers that weredeveloped to enable different networks to communicate reliably between disparate systems.Since this book is centering upon all things CCNA, it’s crucial for you to understand the OSImodel as Cisco sees it. Since there are a bunch of different types of devices specified at the different layers of theOSI model, it’s also very important to understand the many types of cables and connectorsused for connecting all those devices to a network. We’ll go over cabling Cisco devices, dis-cussing how to connect to a router or switch (along with Ethernet LAN technologies) and evenhow to connect a router or switch with a console connection. For up-to-the-minute updates on the CCNA objectives covered by this chapter, please see www.lammle.com and/or www.sybex.com.1.1 Describe the purpose and functionsof various network devicesIt is likely that at some point you’ll have to break up one large network into a bunch of smallerones because user response will have dwindled to a slow crawl as the network grows and grows.And with all that growth, your LAN’s traffic congestion has reached epic proportions. Theanswer to this is breaking up a really big network into a number of smaller ones—somethingcalled network segmentation. You do this by using devices like routers, switches, and bridges. Figure 1.1 displays a net-work that’s been segmented with a switch so each network segment connected to the switchis now a separate collision domain. But make note of the fact that this network is still onebroadcast domain.
1.1 Describe the purpose and functions of various network devices 3FIGURE 1.1 A switch can replace the hub, breaking up collision domains. Switch Serial 0 A router creates an internetwork and provides connections to WAN services. Switch Keep in mind that the hub used in Figure 1.1 just extended the one collision domain from theswitch port. Here’s a list of some of the things that commonly cause LAN traffic congestion: Too many hosts in a broadcast domain Broadcast storms Multicasting Low bandwidth Adding hubs for connectivity to the network A bunch of ARP or IPX traffic (IPX is a Novell protocol that is like IP but really, really chatty. Typically, it is not used in today’s networks.) Now routers are used to connect networks together and route packets of data from one net-work to another. Cisco became the de facto standard of routers because of its high-qualityrouter products, great selection, and fantastic service. Routers, by default, break up a broad-cast domain—the set of all devices on a network segment that hear all the broadcasts sent onthat segment. Figure 1.2 shows a router in our little network that creates an internetwork andbreaks up broadcast domains. The network in Figure 1.2 shows that each host is connected to its own collision domain,and the router has created two broadcast domains. And don’t forget that the router providesconnections to WAN services as well! The router uses something called a serial interface forWAN connections, specifically, a V.35 physical interface on a Cisco router.
4 Chapter 1 Describe how a network worksFIGURE 1.2 Routers create an internetwork. Switch Serial 0 A router creates an internetwork and provides connections to WAN services. Switch Breaking up a broadcast domain is important because when a host or server sends a net-work broadcast, every device on the network must read and process that broadcast—unlessyou’ve got a router. When the router’s interface receives this broadcast, it can respond by basi-cally saying, “Thanks, but no thanks,” and discard the broadcast without forwarding it onto other networks. Even though routers are known for breaking up broadcast domains bydefault, it’s important to remember that they break up collision domains as well. There are two advantages of using routers in your network: They don’t forward broadcasts by default. They can filter the network based on layer 3 (Network layer) information (e.g., IP address). Four router functions in your network can be listed as follows: Packet switching Packet filtering Internetwork communication Path selection Remember that routers are really switches; they’re actually what we call layer 3 switches(we’ll talk about layers later in this chapter). Unlike layer 2 switches, which forward or filterframes, routers (layer 3 switches) use logical addressing and provide what is called packetswitching. Routers can also provide packet filtering by using access lists, and when routersconnect two or more networks together and use logical addressing (IP or IPv6), this is called
1.1 Describe the purpose and functions of various network devices 5an internetwork. Last, routers use a routing table (map of the internetwork) to make pathselections and to forward packets to remote networks. Conversely, switches aren’t used to create internetworks (they do not break up broadcastdomains by default); they’re employed to add functionality to a network LAN. The mainpurpose of a switch is to make a LAN work better—to optimize its performance—providingmore bandwidth for the LAN’s users. And switches don’t forward packets to other networksas routers do. Instead, they only “switch” frames from one port to another within theswitched network. By default, switches break up collision domains. This is an Ethernet term used to describea network scenario wherein one particular device sends a packet on a network segment, forc-ing every other device on that same segment to pay attention to it. At the same time, a differentdevice tries to transmit, leading to a collision, after which both devices must retransmit, oneat a time. Not very efficient! This situation is typically found in a hub environment where eachhost segment connects to a hub that represents only one collision domain and only one broad-cast domain. By contrast, each and every port on a switch represents its own collision domain. Switches create separate collision domains but a single broadcast domain. Routers provide a separate broadcast domain for each interface. The term bridging was introduced before routers, switches and hubs were implemented, soit’s pretty common to hear people referring to bridges as switches. That’s because bridges andswitches basically do the same thing—break up collision domains on a LAN (in reality, you can-not buy a physical bridge these days, only LAN switches, but they use bridging technologies, soCisco still calls them multiport bridges). So what this means is that a switch is basically just a multiple-port bridge with more brain-power, right? Well, pretty much, but there are differences. Switches do provide this function,but they do so with greatly enhanced management ability and features. Plus, most of the time,bridges only had 2 or 4 ports. Yes, you could get your hands on a bridge with up to 16 ports,but that’s nothing compared to the hundreds available on some switches! You would use a bridge in a network to reduce collisions within broadcast domains and to increase the number of collision domains in your network. Doing this provides more bandwidth for users. And keep in mind that using hubs in your network can contribute to congestion on your Ethernet network. As always, plan your network design carefully!Exam EssentialsUnderstand the different terms used to describe a LAN. A LAN is basically the same thingas a VLAN, subnet or network, broadcast domain, or data link. These terms all describeroughly the same concept in a different context.
6 Chapter 1 Describe how a network worksRemember the possible causes of LAN traffic congestion. Too many hosts in a broadcastdomain, broadcast storms, multicasting, and low bandwidth are all possible causes of LANtraffic congestion.Understand the difference between a collision domain and a broadcast domain. Collisiondomain is an Ethernet term used to describe a network collection of devices in which one particulardevice sends a packet on a network segment, forcing every other device on that same segment topay attention to it. On a broadcast domain, a set of all devices on a network segment hears allbroadcasts sent on that segment.1.2 Select the components requiredto meet a network specificationAs mentioned in the previous objectives, we use routers, bridges, and switches in an internetwork. Figure 1.3 shows how a network would look with all these internetwork devices in place.Remember that the router will not only break up broadcast domains for every LAN interface,it will break up collision domains as well. When you looked at Figure 1.3, did you notice that the router is found at center stage andthat it connects each physical network together? We have to use this layout because of theolder technologies involved—bridges and hubs. On the top internetwork in Figure 1.3, you’ll notice that a bridge was used to connect the hubsto a router. The bridge breaks up collision domains, but all the hosts connected to both hubsare still crammed into the same broadcast domain. Also, the bridge only created two collisiondomains, so each device connected to a hub is in the same collision domain as every other deviceconnected to that same hub. This is actually pretty lame, but it’s still better than having one colli-sion domain for all hosts. Notice something else: The three hubs at the bottom that are connected also connect to therouter, creating one collision domain and one broadcast domain. This makes the bridged net-work look much better indeed! Although bridges/switches are used to segment networks, they will not iso- late broadcast or multicast packets. The best network connected to the router is the LAN switch network on the left. Why?Because each port on that switch breaks up collision domains. But it’s not all good—all devicesare still in the same broadcast domain. Do you remember why this can be a really bad thing?Because all devices must listen to all broadcasts transmitted, that’s why. And if your broadcastdomains are too large, the users have less bandwidth and are required to process more broad-casts, and network response time will slow to a level that could cause office riots. Once we have only switches in our network, things change a lot! Figure 1.4 shows the net-work that is typically found today.
1.2 Select the components required to meet a network specification 7FIGURE 1.3 Internetworking devices Bridge Switch RouterFIGURE 1.4 Switched networks creating an internetwork Router
8 Chapter 1 Describe how a network works Here, I’ve placed the LAN switches at the center of the network world so that the routers areconnecting only logical networks together. If I implemented this kind of setup, I’ve created virtualLANs (VLANs). But it is really important to understand that even though you have a switched net-work, you still need a router to provide your inter-VLAN communication, or internetworking. Obviously, the best network is one that’s correctly configured to meet the business require-ments of the company it serves. LAN switches with routers, correctly placed in the network,are the best network design. This book will help you understand the basics of routers andswitches, so you can make tight, informed decisions on a case-by-case basis. Let’s go back to Figure 1.4. Looking at the figure, how many collision domains and broad-cast domains are in this internetwork? Hopefully, you answered nine collision domains andthree broadcast domains! The broadcast domains are definitely the easiest to see because onlyrouters break up broadcast domains by default. And since there are three connections, thatgives you three broadcast domains. But do you see the nine collision domains? Just in casethat’s a no, I’ll explain. The all-hub network is one collision domain; the bridge networkequals three collision domains. Add in the switch network of five collision domains—one foreach switch port—and you’ve got a total of nine. So now that you’ve gotten an introduction to internetworking and the various devices thatlive in an internetwork, it’s time to head into internetworking models.Exam EssentialsUnderstand which devices create a LAN and which separate and connect LANs. Switchesand bridges are used to create LANs. While they do separate collision domains, they do notcreate separate LANs (collision domain and LAN are not the same concept). Routers are usedto separate LANs and connect LANs (broadcast domains).Understand the difference between a hub, a bridge, a switch, and a router. Hubs create onecollision domain and one broadcast domain. Bridges break up collision domains but create onelarge broadcast domain. They use hardware addresses to filter the network. Switches are really justmultiple-port bridges with more intelligence. They break up collision domains but create one largebroadcast domain by default. Switches use hardware addresses to filter the network. Routers breakup broadcast domains (and collision domains) and use logical addressing to filter the network.1.3 Use the OSI and TCP/IP models andtheir associated protocols to explainhow data flows in a networkThe Department of Defense (DoD) model is basically a condensed version of the OSI model—it’s composed of four, instead of seven, layers: Process/Application layer Host-to-Host layer
Use the OSI and TCP/IP models and their associated protocols 9 Internet layer Network Access layer Figure 1.5 shows a comparison of the DoD model and the OSI reference model. As you can see,the two are similar in concept, but each has a different number of layers with different names.FIGURE 1.5 The DoD and OSI models When the different protocols in the IP stack are discussed, the layers of the OSI and DoD models are interchangeable. In other words, the Internet layer and the Network layer describe the same thing, as do the Host-to-Host layer and the Transport layer. A vast array of protocols combine at the DoD model’s Process/Application layer to inte-grate the various activities and duties spanning the focus of the OSI’s corresponding top threelayers (Application, Presentation, and Session). We’ll be looking closely at those protocols inthe next part of this chapter. The Process/Application layer defines protocols for node-to-nodeapplication communication and also controls user-interface specifications. The Host-to-Host layer parallels the functions of the OSI’s Transport layer, defining pro-tocols for setting up the level of transmission service for applications. It tackles issues such ascreating reliable end-to-end communication and ensuring the error-free delivery of data. Ithandles packet sequencing and maintains data integrity. The Internet layer corresponds to the OSI’s Network layer, designating the protocols relat-ing to the logical transmission of packets over the entire network. It takes care of the address-ing of hosts by giving them an IP (Internet Protocol) address, and it handles the routing ofpackets among multiple networks. At the bottom of the DoD model, the Network Access layer monitors the data exchangebetween the host and the network. The equivalent of the Data Link and Physical layers of the
10 Chapter 1 Describe how a network worksOSI model, the Network Access layer oversees hardware addressing and defines protocols forthe physical transmission of data. The DoD and OSI models are alike in design and concept and have similar functions insimilar layers. Figure 1.6 shows the TCP/IP protocol suite and how its protocols relate to theDoD model layers.FIGURE 1.6 The TCP/IP protocol suite In the following sections, we will look at the different protocols in more detail, starting withthe Process/Application layer protocols.Exam EssentialsRemember that the OSI/DoD model is a layered approach. Functions are divided intolayers, and the layers are bound together. This allows layers to operate transparently to eachother, that is, changes in one layer should not impact other layers.1.4 Describe common networkedapplications including web applicationsIn this section, I’ll describe the different applications and services typically used in IP net-works. The following protocols and applications are covered in this section: Telnet FTP
1.4 Describe common networked applications including web applications 11 TFTP NFS SMTP LPD X Window SNMP DNS DHCP/BootPTelnetTelnet is the chameleon of protocols—its specialty is terminal emulation. It allows a user on aremote client machine, called the Telnet client, to access the resources of another machine, theTelnet server. Telnet achieves this by pulling a fast one on the Telnet server and making the clientmachine appear as though it were a terminal directly attached to the local network. This projectionis actually a software image—a virtual terminal that can interact with the chosen remote host. These emulated terminals are of the text-mode type and can execute refined proceduressuch as displaying menus that give users the opportunity to choose options and access theapplications on the duped server. Users begin a Telnet session by running the Telnet client soft-ware and then logging in to the Telnet server. The problem with Telnet is that all data, even login data, is sent in clear text. This can bea security risk. And if you are having problems telnetting into a device, you should verify thatboth the transmitting and receiving device have telnet services enabled. Lastly, by default,Cisco devices allow five simultaneous telnet sessions.File Transfer Protocol (FTP)File Transfer Protocol (FTP) is the protocol that actually lets us transfer files, and it canaccomplish this between any two machines using it. But FTP isn’t just a protocol; it’s also aprogram. Operating as a protocol, FTP is used by applications. As a program, it’s employedby users to perform file tasks by hand. FTP also allows for access to both directories and filesand can accomplish certain types of directory operations, such as relocating into differentones. FTP teams up with Telnet to transparently log you in to the FTP server and then providesfor the transfer of files. Accessing a host through FTP is only the first step, though. Users must then be subjected toan authentication login that’s probably secured with passwords and usernames implemented bysystem administrators to restrict access. You can get around this somewhat by adopting the user-name anonymous—though what you’ll gain access to will be limited. Even when employed by users manually as a program, FTP’s functions are limited to listingand manipulating directories, typing file contents, and copying files between hosts. It can’texecute remote files as programs.
12 Chapter 1 Describe how a network worksTrivial File Transfer Protocol (TFTP)Trivial File Transfer Protocol (TFTP) is the stripped-down, stock version of FTP, but it’s theprotocol of choice if you know exactly what you want and where to find it, plus it’s so easyto use and it’s fast too! It doesn’t give you the abundance of functions that FTP does, though.TFTP has no directory-browsing abilities; it can do nothing but send and receive files. Thiscompact little protocol also skimps in the data department, sending much smaller blocks ofdata than FTP, and there’s no authentication as with FTP, so it’s insecure. Few sites supportit because of the inherent security risks.Network File System (NFS)Network File System (NFS) is a jewel of a protocol specializing in file sharing. It allows two dif-ferent types of file systems to interoperate. It works like this: Suppose that the NFS server soft-ware is running on an NT server and the NFS client software is running on a Unix host. NFSallows for a portion of the RAM on the NT server to transparently store Unix files, which can,in turn, be used by Unix users. Even though the NT file system and Unix file system are unlike—they have different case sensitivity, filename lengths, security, and so on—both Unix users andNT users can access that same file with their normal file systems, in their normal way.Simple Mail Transfer Protocol (SMTP)Simple Mail Transfer Protocol (SMTP), answering our ubiquitous call to email, uses a spooled,or queued, method of mail delivery. Once a message has been sent to a destination, the messageis spooled to a device—usually a disk. The server software at the destination posts a vigil, regu-larly checking the queue for messages. When it detects them, it proceeds to deliver them to theirdestination. SMTP is used to send mail; POP3 is used to receive mail.Line Printer Daemon (LPD)The Line Printer Daemon (LPD) protocol is designed for printer sharing. The LPD, along withthe Line Printer (LPR) program, allows print jobs to be spooled and sent to the network’sprinters using TCP/IP.X WindowDesigned for client/server operations, X Window defines a protocol for writing client/serverapplications based on a graphical user interface (GUI). The idea is to allow a program, calleda client, to run on one computer and have it display things through a window server onanother computer.Simple Network Management Protocol (SNMP)Simple Network Management Protocol (SNMP) collects and manipulates valuable networkinformation. It gathers data by polling the devices on the network from a management station
1.4 Describe common networked applications including web applications 13at fixed or random intervals, requiring them to disclose certain information. When all is well,SNMP receives something called a baseline—a report delimiting the operational traits of ahealthy network. This protocol can also stand as a watchdog over the network, quickly noti-fying managers of any sudden turn of events. These network watchdogs are called agents, andwhen aberrations occur, agents send an alert called a trap to the management station.Domain Name Service (DNS)Domain Name Service (DNS) resolves hostnames—specifically, Internet names, such aswww.lammle.com. You don’t have to use DNS; you can just type in the IP address of any deviceyou want to communicate with. An IP address identifies hosts on a network and the Internetas well. However, DNS was designed to make our lives easier. Think about this: What wouldhappen if you wanted to move your web page to a different service provider? The IP addresswould change, and no one would know what the new one was. DNS allows you to use adomain name to specify an IP address. You can change the IP address as often as you want,and no one will know the difference. DNS is used to resolve a fully qualified domain name (FQDN)—for example, www.lammle.com or todd.lammle.com. An FQDN is a hierarchy that can logically locate a system based onits domain identifier. If you want to resolve the name todd, you either must type in the FQDN of todd.lammle.com or have a device such as a PC or router add the suffix for you. For example, on a Ciscorouter, you can use the command ip domain-name lammle.com to append each request withthe lammle.com domain. If you don’t do that, you’ll have to type in the FQDN to get DNS toresolve the name.Dynamic Host Configuration Protocol (DHCP)/BootstrapProtocol (BootP)Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to hosts. It allows easieradministration and works well in small to even very large network environments. All types ofhardware can be used as a DHCP server, including a Cisco router. DHCP differs from BootP in that BootP assigns an IP address to a host but the host’s hard-ware address must be entered manually in a BootP table. You can think of DHCP as a dynamicBootP. But remember that BootP is also used to send an operating system that a host can bootfrom. DHCP can’t do that. But there is a lot of information a DHCP server can provide to a host when the host isrequesting an IP address from the DHCP server. Here’s a list of the information a DHCP servercan provide: IP address Subnet mask Domain name
14 Chapter 1 Describe how a network works Default gateway (routers) DNS WINS information A DHCP server can give us even more information than this, but the items in the list are themost common. A client that sends out a DHCP Discover message in order to receive an IP address sends outa broadcast at both layer 2 and layer 3. The layer 2 broadcast is all Fs in hex, which looks likethis: FF:FF:FF:FF:FF:FF. The layer 3 broadcast is 255.255.255.255, which means all networksand all hosts. DHCP is connectionless, which means that it uses User Datagram Protocol (UDP)at the Transport layer, also known as the Host-to-Host layer, which we’ll talk about next. In case you don’t believe me, here’s an example of output from my trusty OmniPeak analyzer:Ethernet II, Src: 192.168.0.3 (00:0b:db:99:d3:5e), Dst: Broadcast ➥(ff:ff:ff:ff:ff:ff)Internet Protocol, Src: 0.0.0.0 (0.0.0.0), Dst: 255.255.255.255 ➥(255.255.255.255) The Data Link and Network layers are both sending out “all hands” broadcasts saying,“Help—I don’t know my IP address!” To dive further into this, we now know that a broadcast is determined to be all 1’s or255.255.255.255 at the Network layer and FF:FF:FF:FF:FF:FF at the Data Link layer, meaningall hosts on the local LAN. If a DHCP client sends an all-hands broadcast looking for a DHCPserver and there is no DHCP server on the local LAN, a router can route this packet through thenetwork to where the DHCP server is located. This packet is now called a Unicast packet.Exam EssentialsRemember the Process/Application layer protocols. Telnet is a terminal emulation programthat allows you to log in to a remote host and run programs. File Transfer Protocol (FTP) isa connection-oriented service that allows you to transfer files. Trivial FTP (TFTP) is a connec-tionless file transfer program. Simple Mail Transfer Protocol (SMTP) is a send-mail program.Remember the difference between connection-oriented and connectionless network services.Connection-oriented services use acknowledgments and flow control to create a reliable session.More overhead is used than in a connectionless network service. Connectionless services areused to send data with no acknowledgments or flow control. This is considered unreliable.Understand DNS and DHCP. Domain Name Service (DNS) resolves hostnames—specifically,Internet names, such as www.lammle.com. You don’t have to use DNS; you can just type in the IPaddress of any device you want to communicate with. An IP address identifies hosts on a networkand the Internet as well. Dynamic Host Configuration Protocol (DHCP) assigns IP addressesto hosts. It allows easier administration and works well in small to even very large networkenvironments.
1.5 Describe the purpose and basic operation of the protocols in the OSI and TCP 151.5 Describe the purpose and basicoperation of the protocols in the OSIand TCP modelsWhen networks first came into being, computers could typically communicate only with com-puters from the same manufacturer. For example, companies ran either a complete DECnetsolution or an IBM solution—not both together. In the late 1970s, the Open Systems Inter-connection (OSI) reference model was created by the International Organization for Stan-dardization (ISO) to break this barrier. The OSI model was meant to help vendors create interoperable network devices and soft-ware in the form of protocols so that different vendor networks could work with each other.Like world peace, it’ll probably never happen completely, but it’s still a great goal. The OSI model is the primary architectural model for networks. It describes how dataand network information are communicated from an application on one computer throughthe network media to an application on another computer. The OSI reference model breaksthis approach into layers. In the following section, I am going to explain the layered approach and how we can usethis approach to help us troubleshoot our internetworks.The Layered ApproachA reference model is a conceptual blueprint of how communications should take place. Itaddresses all the processes required for effective communication and divides these processesinto logical groupings called layers. When a communication system is designed in this manner,it’s known as layered architecture. Think of it like this: You and some friends want to start a company. One of the first thingsyou’ll do is sit down and think through what tasks must be done, who will do them, the orderin which they will be done, and how they relate to each other. Ultimately, you might group thesetasks into departments. Let’s say that you decide to have an order-taking department, an inven-tory department, and a shipping department. Each of your departments has its own uniquetasks, keeping its staff members busy and requiring them to focus on only their own duties. In this scenario, I’m using departments as a metaphor for the layers in a communicationsystem. For things to run smoothly, the staff of each department will have to trust and relyheavily upon the others to do their jobs and competently handle their unique responsibili-ties. In your planning sessions, you would probably take notes, recording the entire processto facilitate later discussions about standards of operation that will serve as your businessblueprint, or reference model. Once your business is launched, your department heads, each armed with the part of theblueprint relating to their own department, will need to develop practical methods to imple-ment their assigned tasks. These practical methods, or protocols, will need to be compiled intoa standard operating procedures manual and followed closely. Each of the various procedures