Husain CCNA Notes

CCNA Discovery - Working at a Small-to-
Medium Business or ISP

1 The Internet and Its Uses
1.0 Chapter Introduction
1.0.1 Introduction
Page 1:
1.0.1 - Introduction
The globalization of the Internet has succeeded faster than anyone could have imagined.
The manner in which social, commercial, political, and personal interactions occur is rapidly
changing to keep up with the evolution of the Internet.
This expansion has created a wider audience and a larger consumer base for whatever message,
product, or service can be delivered.
Today, there are millions of individuals connected to this global network, and the number is
growing.
After completion of this chapter, you should be able to:
Describe how the Internet is evolving and the various ways that businesses are using the Internet.
Describe the importance of standards in the continuing growth of the Internet.

Describe the purpose of an Internet Service Provider (ISP) and the services that it offers.
Describe the hierarchical structure of the Internet and the purpose of the Point of Presence (POP)
and the Internet Exchange Point (IXP).
Identify the types of devices used by the ISP to provide services and describe the importance of
scalability in the ISP network.
Describe the various network support teams that work at an ISP and the roles and responsibilities
of each one.
1.1 What is the Internet?
1.1.1 The Internet and Standards
Page 1:
The Internet is a worldwide, publicly accessible network of networks. It enables individuals and
businesses alike, through interconnected computer networks, to share information, resources, and
services.
In the beginning, the Internet was used strictly for scientific, educational, and military research.
In 1991, regulations changed to allow businesses and consumers to connect as well. The Internet
has grown rapidly, and is now global. New technologies are continuously being developed that
make the Internet easier and more attractive to use. Online applications are available to the
Internet user, including email, web browsing, streaming music and video, gaming, and instant
messaging.
The way people interact, share information, and even do business is changing to keep up with the
continuous evolution of this global network. The Internet is creating a wider audience and
consumer base for whatever message, product, or service can be delivered. For many businesses,
having Internet access has become critical, not only for communication but also for day-to-day
operation. Some of the business uses of the Internet include:
• E-Commerce
• Communications
• Collaboration and training

The diagram depicts an individual customer, home office customers, and employees of a
business. An intranet cloud is connected to the Internet cloud containing the following business
uses: E-commerce, Collaboration and Training, and Communications.
E-Commerce
Refers to any business that can be conducted over the web. This includes the use of webspace for
advertisements, brochures, catalogs, as well as ordering and distribution services. Companies can
sell products and services over the Internet from their own websites, through auction sites, or
through affiliated websites.
Collaboration and Training

Refers to creating environments that allow for sharing of documents, presentations, and
spreadsheets. Allows for virtual teams of people to work together from remote locations for
business and training purposes. Examples include video conferencing, virtual meeting places,
virtual classrooms, online learning, online bulletin boards, FTP, and password protected
databases and applications.
Communications
Refers to any electronic method of communication, such as the use of email, instant messaging,
and online chat. In addition, many businesses use internal phone systems that operate over the
Internet using IP phones and Voice over IP (V o IP) technology to reduce phone costs.
Page 2:
With the increasing number of new devices and technologies coming online, how is it possible to
manage all the changes and still reliably deliver services such as email? The answer is Internet
standards.
A standard is a set of rules that determines how something must be done. Networking and
Internet standards ensure that all devices connecting to the network use the same set of rules.
Using standards, it is possible for different types of devices to send information to each other
over the Internet. For example, the way in which an email is formatted, forwarded, and received
by all devices is done according to a standard. If one person sends an email via a personal
computer, another person can use a mobile phone to receive and read the email as long as the
mobile phone uses the same standards as the personal computer.
An Internet standard is the end result of a comprehensive cycle of discussion, problem solving,
and testing. When a new standard is proposed, each stage of the development and approval
process is recorded in a numbered Request for Comments (RFC) document so that the evolution
of the standard is tracked.
There are thousands of Internet standards that help define the rules for how devices communicate
on networks. These different standards are developed, published, and maintained by a variety of
different organizations. Because these organizations create and maintain standards, millions of
individuals are able to connect to the Internet using a variety of devices, including personal
computers, mobile phones, handheld personal digital assistants (PDAs), MP3 players, and even
televisions.

The diagram depicts a number of statements.
A standard is a set of rules. Players from different countries can play a sport together because
they all agree to use the same official rules.
In the same way, Internet standards make it possible for different types of devices to work
together.
Examples of where Internet standards are used include the following:

HTTP
IP Addresses
Domain Registries
Routing Protocols
TCP/IP
Transport Protocols
FTP
DNS
WWW
HTML
Telnet
Streaming Video
FTP Sites
Mobile Computing
Email
PDA
Instant Messaging
MP3 Players
Cell Phones
Internet standards are developed, published, and maintained by many different organizations,
such as I S O, IEEE, I C A N N, I A N A, and I E TF.
1.1.2 ISP and ISP Services
Page 1:
Regardless of the type of device that an individual or business uses to connect to the Internet, the
device must connect through an Internet service provider (ISP). An ISP is a company or
organization through which a subscriber obtains Internet access. A subscriber can be a business,
a private consumer, a government body, or even another ISP.
In addition to offering connection to the Internet, an ISP can offer other services to subscribers,
including:
• Equipment co-location - A business may opt to have some or all internal network
equipment physically located on the ISP premises.
• Web hosting - The ISP provides the server and application software for storing web
pages and web content for the business website.
• FTP - The ISP provides the server and application software for the FTP site of a
business.
• Applications and media hosting - The ISP provides the server and software to allow a
business to provide streaming media such as music, video, or applications such as online
databases.
• Voice over IP - A business can save on long distance telephone charges, especially for
internal calls between geographically distant offices, by using Voice over IP (VoIP).
• Technical support - Many businesses do not have the in-house technical expertise to
manage large internal networks. Some ISPs provide technical support and consulting
services for an additional fee.
• Point of Presence (POP) - A business has the option of connecting to the ISP through
POP, using a variety of access technologies.
1.1.2 I S P and I S P Services

The diagram depicts the following business services that are provided by an I S P:
FTP Hosting
Web Hosting
Equipment Co-Location
Voice Over IP
Technical Support
Applications and Media Hosting
POP Internet Access
Page 2:
1.1.2 I S P and I S P Services

The diagram depicts an activity in which you must match the requirements of an end-user to ISP
A or ISP B.
ISP A:
$40 per month - no monthly contract
10 email accounts
Unlimited monthly access
24/7 1-800 support
V o IP services $30 per month
DSL access
1 GB Web hosting and FTP services
ISP B:
$80 per month - 2 year contract
30 email accounts
Extra for a fee DSL and Cable access
Toll-free customer support -24/7
V o IP service - $30 per month
2 GB Web hosting and FTP services
Maintains customer equipment on-site
Maintains on-line database and security services
Video conferencing services for an additional per $15 month
Scenario One. A small business needs an ISP to host their informational website. Customers call
the company to place their orders. In addition, the business needs V o I P services to reduce long-
distance phone charges and FTP services to share and store files. Cost and flexibility are factors
as the company plans to grow over the next few years and may require additional services that
they do not need presently.
Scenario Two. A business with 50 employees would like to offer their employees on-site training
with video conferencing. Employees must be able to access an internal company website for
training materials and information. All 50 employees require email accounts.
Scenario Three. A small business wants to create an e-commerce website that allows for online
ordering of their products and services. The e-commerce website must be maintained on the ISP
premise. A database is needed to maintain customer records. Technical support and security are
major considerations.
1.2 ISPs
1.2.1 Delivering Internet Services to End Users
Page 1:
To gain access to the Internet, it is first necessary to have a connection to an ISP. ISPs offer
various connection options. The main connection methods used by home and small business
users are:
Dialup access
Dialup access is an inexpensive option that uses any phone line and a modem. To connect to the
ISP, a user calls the ISP access phone number. Dialup is the slowest connection option, and is
typically used by mobile workers and in areas where higher speed connection options are not
available.
DSL
Digital subscriber line, or DSL, is more expensive than dialup, but provides a faster connection.
DSL also uses telephone lines, but unlike dialup access, DSL provides a continuous connection
to the Internet. This connection option uses a special high-speed modem that separates the DSL
signal from the telephone signal and provides an Ethernet connection to a host computer or LAN.
Cable modem
A cable modem is a connection option offered by cable television service providers. The Internet
signal is carried on the same coaxial cable that delivers cable television to homes and businesses.
A special cable modem separates the Internet signal from the other signals carried on the cable
and provides an Ethernet connection to a host computer or LAN.
Satellite
Satellite connection is an option offered by satellite service providers. The user's computer
connects through Ethernet to a satellite modem that transmits radio signals to the nearest Point of
Presence, or POP, within the satellite network.

The diagram depicts a dialup customer connecting through a dialup modem, and a DSL customer
connecting through a DSL modem, a cable customer connecting through a cable modem, and a
satellite customer connecting through a satellite modem.
The dialup customer is connected to ISP A, the telephone company.
Dialup Modem
With access speeds around 56 kbps, dialup access is the slowest connection option. For example,
downloading a 5MB file using a 56 kbps dialup connection will take approximately twelve
minutes.
The DSL customer is connected to ISP A, the telephone company.
DSL Modem
DSL is a broadband technology that provides high speed digital transmission at speeds from 512
kbps and higher. If you were connected at 512 kbps, a 5 MB file would download in
approximately one minute. Upload and download speeds vary based on geography, distance from
the ISP, and ISP services available.
There are many types of DSL. Typically a home user would use Asymmetric Digital Subscriber
Line (A DSL), where the download speed is higher than the upload speed. Another type of DSL
service is called Symmetric Digital Subscriber Line (SDSL). The upload and download speeds
are the same for SDSL, so this service might be more useful for small-to-medium businesses.
The cable customer is connected to ISP B, the cable service provider.
Cable Modem
Cable is also a broadband technology with speeds similar to DSL. Depending on location and
ISP, cable service can be purchased from 512 kbps and higher. Unlike DSL, the performance of
cable is not affected by the distance from the ISP . Cable is a shared bandwidth service, so as
more customers in an area connect and use the Internet, the speed is affected.
The satellite customer is connected to ISP C, the satellite service provider.
Satellite Modem
Satellite Internet access speeds range from 128 kbps to 523 kbps, depending on the subscriber
plan.
Page 2:
Bandwidth is measured in bits per second (bps). Higher bandwidth speeds are measured in
kilobits per second (kbps), megabits per second (Mbps), or gigabits per second (Gbps).
There are three main types of high-bandwidth connection options that are used by businesses:
• T1 connections transmit data up to 1.544 Mbps. T1 connections are symmetrical,

meaning that the upload bandwidth is the same as the download bandwidth. A medium-
sized business may need only one T1 connection. E1 is a European standard that
transmits data at 2.048 Mbps.
• T3 connections transmit data up to 45 Mbps. Although considerably more expensive
than a T1 connection, larger businesses may need a T3 connection to accommodate the
number of employees. Large businesses with multiple locations might use a combination
of T1 and T3 lines. E3 is a European standard that transmits data at 34.368 Mbps.
• Metro Ethernet offers a wide range of high-bandwidth options, including Gbps links.
Large companies with many branches in the same city, such as banks, use Metro
Ethernet. Metro Ethernet connects the main office location and all the branches using
switched technology. Metro Ethernet allows the transfer of large amounts of data faster
and less expensively than other high-bandwidth connection options.

The diagram depicts three high bandwidth business I S P connection options: medium-sized
business, large business, and large business with branch offices located in the same city.
Medium-sized business - T1/E1, 1.544 /2.048 Mbps connected to a POP at the ISP.
Large business - T3/E3, 44.736 /34.368 Mbps connected to a POP at the ISP.
Large business with branch offices in same city - Metro Ethernet 10 Gbps connected to an
Ethernet switch at the ISP.
Page 3:
After the type of connection is established, it is necessary to connect to the ISP to get access to
the Internet. Individual computers and business networks connect to the ISP at the POP. POPs
are located at the edge of the ISP network and serve a particular geographical region. They
provide a local point of connection and authentication (password control) for multiple end users.
An ISP may have many POPs, depending on the size of the POP and the area that it services.
Within the ISP network, high-speed routers and switches move data between the various POPs.
Multiple links interconnect the POPs to provide alternate routes in case one of the links becomes
overloaded with traffic or fails.

The diagram depicts Company A intranet connected to one of four ISP POP's. Multiple links
interconnect the POPs to provide alternate routes in case one of the links becomes overloaded
with traffic or fails.
1.2.2 Internet Hierarchy
Page 1:
The Internet has a hierarchical structure. At the top of this hierarchy are the ISP organizations.
The ISP POPs connect to an Internet Exchange Point (IXP). In some countries, this is called a
Network Access Point (NAP). An IXP or NAP is where multiple ISPs join together to gain
access to each other's networks and exchange information. There are currently over 100 major
exchange points located worldwide.
The Internet backbone consists of this group of networks owned by various organizations and
interconnected through IXPs and private peering connections.
The Internet backbone is like an information super highway that provides high-speed data links
to interconnect the POPs and IXPs in major metropolitan areas around the world. The primary
medium that connects the Internet backbone is fiber-optic cable. This cable is typically installed
underground to connect cities within continents. Fiber-optic cables also run under the sea to
connect continents, countries, and cities.
The animation depicts Company A in Hong Kong and Company B in New York using an
Internet backbone to send messages.
The user in New York says, I am sending an email to Mr. Chu in Hong Kong.
The data travels from the Company B Intranet in New York, through multiple ISP 2 POP's, to an
Internet Exchange Point (IXP), across the Internet backbone to another IXP, through the ISP 1
POP's, to the Company A intranet, to the user in Hong Kong.
The user in Hong Kong says, I see I have an email from Company B in New York.
Page 2:
ISPs are classified into different tiers according to how they access the Internet backbone:
• Tier 1 ISPs are the top of the hierarchy. Tier 1 ISPs are huge organizations that connect
directly with each other through private peering, physically joining their individual
network backbones together to create the global Internet backbone. Within their own
networks, the Tier 1 ISPs own the routers, high-speed data links, and other pieces of
equipment that join them to other Tier 1 ISP networks. This includes the undersea cables
that connect the continents.
• Tier 2 ISPs are the next tier in terms of backbone access. Tier 2 ISPs can also be very
large, even extending across several countries, but very few have networks that span
entire continents or between continents. To provide their customers with global Internet
access, some Tier 2 ISPs pay Tier 1 ISPs to carry their traffic to other parts of the world.
Some Tier 2 ISPs exchange global traffic with other ISPs less expensively through public
peering at IXPs. A large IXP may bring together hundreds of ISPs in a central physical
location for access to multiple networks over a shared connection.
• Tier 3 ISPs are the farthest away from the backbone. Tier 3 ISPs are generally found in
major cities and provide customers local access to the Internet. Tier 3 ISPs pay Tier 1 and
2 ISPs for access to the global Internet and Internet services.

The diagram depicts the three tiers of Internet access.
The Tier 1 ISP's say, We Tier 1 ISP's own the Internet Backbone together. We can connect
anywhere in the world.
The Tier 2 ISP D in France says, I pay a Tier 1 ISP for transit services so I can connect to the
world.
The Tier 2 ISP E in Australia says, I connect to an IXP for access to the world.
The Tier 2 ISP F in New Zealand says, There is no IXP near me, so I connect to the world
through my private connection with ISP E.
The Tier 2 ISP G in the USA says, I connect to an IXP for access to the world.
The Tier 3 ISP's say, I pay a Tier 1 or Tier 2 ISP for transit services so that I can reach the world.
1.2.3 Using Tools to Map the Internet
Page 1:
Network utilities create a map of the various interconnections to visualize how ISP networks
interconnect. These utilities also illustrate the speed at which each connecting point can be
reached.
The ping command tests the accessibility of a specific IP address. The ping command sends an
ICMP (Internet Control Message Protocol) echo request packet to the destination address and
then waits for an echo reply packet to return from that host. ICMP is an Internet protocol that is
used to verify communications. It measures the time that elapses between when the request
packet is sent and the response packet is received. The ping command output indicates whether
the reply was received successfully and displays the round-trip time for the transmissions.
To use the ping command, enter the following command at the Cisco command line interface
(CLI) router prompt or at the Windows command prompt:
ping <ip address>
where <ip address> is the IP address of the destination device.
For example, ping 192.168.30.1.
1.2.3 Identifying the Structure of the Internet

The diagram depicts the process of the ping command between hosts H1 and H2.
H1, with IP address 192.168.10.1, asks, Is H2 reachable? and sends a ping to H2, IP address
192.168.30.1.
The I CMP Echo Request packet travels from H1 through a switch, then two routers and another
switch, to H2.
H2 responds, Yes I am here, and sends an I CMP Echo Reply back to H1.
Page 2:
If a packet does not reach the destination, or if delays are encountered along the way, how is it
determined where the problem is located or through which routers the packet has passed?
The traceroute utility displays the path that a packet takes from the source to the destination
host. Each router that the packet passes through is called a hop. Traceroute displays each hop
along the way. It also calculates the time between when the packet is sent and when a reply is
received from the router at each hop.
If a problem occurs, use the output of the traceroute utility to help determine where a packet
was lost or delayed. The output also shows the various ISP organizations that the packet must
pass through during its journey from source to destination.
The Windows tracert utility works the same way. There are also a number of visual traceroute
programs that provide a graphical display of the route that a packet takes.

The diagram depicts an example of a trace-route command through multiple routers from York
to London to Paris and then to Rome. The trace-route output shows the path the packets take
between York and Rome. Refer to output in the Hands-on Lab: Mapping ISP Connectivity Using
Trace-route.
Page 3:
Lab Activity
Use traceroute to check ISP connectivity through the Internet.
Click the lab icon to begin.

Link to Hands-on Lab: Mapping ISP Connectivity Using Trace-route
Page 4:
Packet Tracer Activity
Interpret the output of ping and traceroute.
Click the Packet Tracer icon to begin.

Link to Packet Tracer Exploration: Interpreting Ping and Trace-route Output
1.3 ISP Connectivity
1.3.1 ISP Requirements
Page 1:
An ISP requires a variety of devices to accept input from end users and provide services. To
participate in a transport network, the ISP must be able to connect to other ISPs. An ISP must
also be able to handle large volumes of traffic.
Some of the devices required to provide services include:
• Access devices that enable end users to connect to the ISP, such as a DSL Access
Multiplexer (DSLAM) for DSL connections, a Cable Modem Termination System
(CMTS) for cable connections, modems for dialup connections, or wireless bridging
equipment for wireless access.
• Border gateway routers to enable the ISP to connect and transfer data to other ISPs, IXPs,
or large business enterprise customers.
• Servers for such things as email, network address assignment, web space, FTP hosting,
and multimedia hosting.
• Power conditioning equipment with substantial battery backup to maintain continuity if
the main power grid fails.
• High capacity air conditioning units to maintain controlled temperatures.
1.3.1 I S P Requirements
The diagram depicts the equipment requirements of an ISP for end user connections. Types of
access devices include a DSL access multiplexer (D SLAM), a cable modem termination system
(CMTS), a modem bank, and T1/E1.
Page 2:
ISPs, like other businesses, want to expand so that they can increase their income. The ability to
expand their business depends on gaining new subscribers and selling more services. However,
as the number of subscribers grows, the traffic on the network of the ISP also grows.
Eventually, the increased traffic may overload the network, causing router errors, lost packets,
and excessive delays. In an overloaded network, subscribers can wait for minutes for a web page
to load, or may even lose network connection. These customers may choose to switch to a
competing ISP to get better performance.
Loss of customers directly translates to loss of income for an ISP. For this reason, it is important
that the ISP provides a reliable and scalable network.
Scalability is the capacity of a network to allow for future change and growth. Scalable networks
can expand quickly to support new users and applications without affecting the performance of
the service being delivered to existing users.
The most scalable devices are those that are modular and provide expansion slots for adding
modules. Different modules can have different numbers of ports. In the case of a chassis router,
some modules also offer different interface options, allowing for different connection options on
the same chassis.

The diagram depicts the concept of scalability by showing the expansion of an ISP from 150
subscribers to 1,500 subscribers, and the necessity to add extra capacity and services to handle
the growth.
Page 3:
Identify appropriate equipment to meet the business needs of ISP customers.
View printable instructions.

Link to Packet Tracer Exploration: Identifying Equipment to Meet Customer Requirements
1.3.2 Roles and Responsibilities within an ISP
Page 1:
ISP organizations consist of many teams and departments which are responsible for ensuring that
the network operates smoothly and that the services are available.
Network support services are involved in all aspects of network management, including planning
and provisioning of new equipment and circuits, adding new subscribers, network repair and
maintenance, and customer service for network connectivity issues.
When a new business subscriber orders ISP services, the various network support service teams
work together to ensure that the order is processed correctly and that the network is ready to
deliver those services as quickly as possible.

The diagram depicts images of people representing the following roles and responsibilities of an
ISP:
Customer Service Order Entry
Planning and Provisioning Team
On-site Installation Team
NOC Team
Help Desk Technical Support
Page 2:
Each of the network support service teams have their own roles and responsibilities:
• Customer Service receives the order from the customer and ensures that the specified
requirements of the customer are accurately entered into the order tracking database.
• Planning and Provisioning determines whether the new customer has existing network
hardware and circuits and if new circuits need to be installed.
• The On-site Installation is advised of which circuits and equipment to use and then
installs them at the customer site.
• The Network Operations Center (NOC) monitors and tests the new connection and
ensures that it is performing properly.
• The Help Desk is notified by the NOC when the circuit is ready for operation and then
contacts the customer to guide them through the process of setting up passwords and
other necessary account information.

The diagram depicts the role each of the network support teams plays, with an example of a
customer ordering a T1 circuit for Internet access.
The customer says, We want to order a T1 Internet connection.

The customer service order entry says, I have entered your T1 order into our system.
The Planning and Provisioning Team says, I have checked our network plans. Now I will tell the
on-site technician which T1 circuit to use.
The On-site Installation Team says, I have connected the T1 circuit at the customer premises.
The NOC Team says, We have tested the T1 Circuit. It is now ready to use.
The Help Desk Technical Support says, This is how to access the new T1 connection.
Page 3:

The diagram depicts an activity in which you must match the ISP role to its responsibility.
ISP Responsibilities.
A. Members of this team ensure that the specified requirements of the customer are accurately
entered into the order tracking database.
B. Members of this team determine whether existing network hardware and circuits are available
or whether new circuits need to be installed.
C. Members of this team install equipment at the customer site.
D. Members of this team monitor and test connections.
E. Members of this team guide the customer through the process of setting up passwords and
other account information for the new connection.
ISP Roles
One.Help Desk Team.
Two.Planning and Provisioning Team.
Three.Onsite Installation Team.
Four.Customer Service Team.
Five.NOC Team.
1.4 Chapter Summary
1.4.1 Summary
Page 1:
1.4.1 Summary
Diagram 1, Image
The diagram depicts various protocols and devices related to the Internet.
Diagram 1 text
Many businesses use the Internet for e-commerce, communications, collaboration, and training.
Networking and Internet standards ensure that all devices connecting to the network use the same
set of rules. By having standards, it is possible for different types of devices to send information
to each other over the Internet.
Regardless of the type of device that an individual or business wants to use to connect to the
Internet, the device must connect through an Internet service provider (ISP).
In addition to offering connection to the Internet, an ISP can offer services, such as equipment
co-location, Web hosting, FTP hosting, technical support, Voice over IP, applications and media
hosting.
Diagram 2, Image
The diagram depicts the transfer of data on an Internet backbone.
Diagram 2 text
Larger businesses typically require more bandwidth and higher-speed connections such as
T1/E1, T3/E3, and Metro Ethernet.
The ISP POP's connect to an Internet Exchange Point (IXP), a point where multiple ISP's join
together to gain access to each others networks and exchange information.
The Internet backbone is made up of a group of networks owned by various organizations. The
are interconnected through IXP's and private peering connections.
ISP's are classified as Tier 1, Tier 2, or Tier 3, according to how they access the Internet
backbone.
Diagram 3, Image
The diagram depicts devices connecting to a NOC using various access methods.
Diagram 3 text
An ISP requires a number of devices to accept input from end users and provide services, such as
access devices, border gateway routers, high end air conditioning units, and power conditioning
equipment.
The ISP provides a reliable and scalable network.
A scalable network can expand quickly to support new users and applications without impacting
current performance.
Diagram 4, Image
The diagram depicts images of employees at an ISP .
Diagram 4 text
ISP organizations are made up of many teams and departments that have the responsibility of
ensuring the smooth operation of the network.
ISP network support teams may include a customer service team, a NOC team, an on-site
installation team, a planning and provisioning team, and a help desk team.
1.5 Chapter Quiz
1.5.1 Quiz
Page 1:
Take the chapter quiz to check your knowledge.
Click the quiz icon to begin.
1.5.1 Quiz
Chapter 1 Quiz: The Internet and Its Uses
1.What is the function of the planning and provisioning team within the ISP organization?
A.writing service level agreements.
B.answering help desk calls from customers.
C.installing customer premises equipment.
D.managing the network operations center.
E.identifying whether existing network hardware and circuits are available.
2.What are two characteristics of a scalable network? (Choose two.)

A.easily overloaded with increased traffic.
B.grows in size without impacting existing users.
C.is not as reliable as a small network.
D.contains modular devices that allow for expansion.
E.offers limited number of applications.
3.Why do multiple ISP's connect to an IXP or a NAP? (Choose two.)

A.to gain access to each other's networks.
B.to provide dial-up access for their customers.
C.to access the Internet backbone.
D.to create large private networks.
E.to secure network transmissions.
4.A network administrator can successfully ping the server at www.cisco.com, but cannot ping
the company web server located at an ISP in another city. Which tool or command would help
identify the specific router where the packet was lost or delayed?
A.ipconfig.
B.netstat.
C.telnet.
D.traceroute.
5.What makes it possible for email to be sent and received on a wide variety of devices,
including cell phones, PDAs, laptops, and desktop computers?
A.All of the devices run the same operating system software.
B.There is a single provider of email server software.
C.The devices use the same email client software, so they are compatible.
D.Email software is written using standards and protocols that ensure compatibility.
6.Match the ISP service with the description.

ISP Service
A.Technical Support.
B.Application and Media Hosting.
C.FTP Hosting.
D.Equipment Co-location.
Description
1.ISP provides file-server space and access for clients to download the stored files.
2.ISP help desk provides 24-hour assistance to end users.
3.Servers owned by the ISP customer are installed at the ISP facility.
4.Streaming video services provided by the ISP enable customers to view on-line conferences.
7.Which connectivity option would be a good choice for a large university with three campus
locations in the same major city?
A.cable.
B.DSL.
C.T1.
D.Metro Ethernet.
8.Which statement describes a function provided by Tier 3 Internet Service Providers?
A.peer with other similarly sized ISP's to form the global Internet backbone.
B.own and operate undersea fiber runs to provide Internet connectivity across oceans.
C.connect individuals and small businesses to the Internet.
D.provide the link between Tier 2 ISP's and the global Internet backbone.
9.Why do small businesses and individuals choose DSL and cable connectivity instead of T3
connections?
A.DSL and cable connectivity offers higher speeds than T3 connections.
B.T3 connections do not provide enough upload bandwidth to meet their needs.
C.T3 connections are usually more expensive than DSL or cable options.
D.T3 connections are less reliable than DSL or cable.
10.This question refers to an exhibit described as follows:

Host A is connected to a cloud consisting of six routers, Router A, Router B, Router C, Router
D, Router E, and Router F. Host A is directly connected to the cloud via a serial connection to
Router A. All routers within the cloud are connected in a ring type topology via serial
connections in the following manner; Router A is connected to Routers B and C. Router B is
connected to Router E. Router E is connected to Router F. Router F is connected to Router D.
Router D is connected to Router C. Router C is then connected back to Router A. A webserver
exists outside the cloud and is connected to the cloud via a serial connection to Router F. Below
are the router IP addresses:
Router A - 192.168.1.1 /24
Router B - 192.168.2.1 /24
Router C - 192.168.3.1 /24
Router D - 192.168.4.1 /24
Router E - 192.168.5.1 /24
Router F - 192.168.6.1 /24
Also in the exhibit includes the tracert output from Host A as follows:
C:\>tracert 192.168.100.2
Tracing route to webserver [192.168.100.2]

Over a maximum of 30 hops:
1<1ms1ms1ms192.168.1.1
1<5ms5ms5ms192.168.2.1
1<12ms11ms12ms192.168.5.1
1<25ms22ms23ms192.168.6.1
1<30ms30ms30mswebserver [192.168.100.2]
Trace complete.
C:\>
Using the topology description and the output answer the following question.
Host A has multiple paths to the web server. Based on the output of the tracert command and the
IP addresses that are given, which path was used to reach the destination?
A.A,D,G,F
B.A,B,D,F
C.A,B,E,F
D.A,C,G,F
End

2 Help Desk
2.0.1 Introduction
Page 1:
2.0.1 Introduction
Providing Internet services is a highly competitive business. Poor services can cause the ISP to
lose customers to competing ISP's.
Having a good help desk ensures that problems are resolved quickly and to the customers
satisfaction.
Whether a technician is employed inside the organization as a help desk technician, or as an on-
site support technician, they represent the ISP to the customer.

Describe the various roles of help desk and installation technicians.
Describe the seven layers of the O S I model and how the O S I model is used in troubleshooting
network issues.
Identify common tools and diagnostic procedures of help desk technicians.
Describe on-site procedures to resolve issues.
2.1 Help Desk Technicians
2.1.1 ISP Help Desk Organization
Page 1:
Many business operations depend on the connection to the local network and to the Internet.
Because of this, solving network problems is a top priority for businesses.
ISPs provide the Internet connection for businesses, and they provide their customers support for
problems that occur with Internet connectivity. This support usually includes assistance with
customer equipment problems. ISP support is typically provided through the ISP help desk.
Whether the problem is connecting to the Internet or getting email, the ISP help desk is usually
the first place a user or business turns to for help.
ISP help desk technicians have the knowledge and experience to fix problems and get users
connected. ISP help desk technicians provide solutions to customer problems with the goal of
network optimization and customer retention.
A good help desk team ensures that problems are resolved quickly and to the satisfaction of the
customer. Providing Internet services is a highly competitive business, and poor service can
cause the ISP to lose customers to competing ISPs.

The diagram depicts a helpdesk technician working with a user over the phone to reset the
customers password.
The technician says, Good morning, you have reached the help desk. My name is Joan. How may
I help you?
The customer says, I have a problem with the Internet.
The technician says, May I please have your customer information? What is your name and
contract number?
The customer says, My contract is M A-1955, and my name is Allan Michaels.
The technician says, Hi Allan, please describe the problem and I will start a trouble ticket.
The customer says, I cannot log in. It keeps giving me a blue box with an error message.
The technician says, You may have entered the incorrect password. I can reset it for you.
The customer says, OK, thank you.
The technician says, Your new password is P A55w 0R D. The system will require you to reset it
again when you log in. Please try it now.
The customer says, It is working. Thank you.
Page 2:
At an ISP, there are usually three levels of customer support:
• Level 1 is for immediate support handled by junior-level help desk technicians.

• Level 2 handles calls that are escalated to more experienced telephone support.
• Level 3 is for calls that cannot be resolved by phone support and require a visit by an on-
site technician.
In addition to ISPs, many other types of medium to large businesses employ help desk or
customer support teams. The titles assigned to the technicians may vary from those described
here, although the three-level hierarchy is the most common structure. Depending on the size of
the organization, the help desk can consist of one person that performs all three levels of support,
or it can be a comprehensive call center with elaborate call routing facilities and escalation rules.
Some ISPs and businesses contract out their help desk functions to a third-party call center
company, which provides the services of Level 1 and Level 2 technicians.

The diagram depicts the process used by a helpdesk to solve a network problem. The problem
starts at the Level 1 helpdesk. If Level 1 is able to solve the problem, the issue does not escalate.
If the problem is not solved, it is passed to Level 2. If Level 2 is unable to solve the problem, it is
passed to Level 3, who must then fix the problem in the field.
2.1.2 Roles of ISP Technicians
Page 1:
When a user initially contacts the help desk to resolve an issue, the call or message is usually
directed to a Level 1 support technician. Level 1 support is usually an entry-level position that
provides junior technicians with valuable experience. Many customer issues are resolved by the
Level 1 support technician.
Issues that cannot be resolved are sent to Level 2 support, which typically has fewer agents
available. The duties and responsibilities of the Level 2 technician are similar to that of the Level
1 technician, but they are at a higher skill level. These agents are expected to solve problems that
are more challenging and require more knowledge.

The diagram depicts Level 1 and Level 2 support responsibilities.
Level 1 Support Responsibilities
Diagnose basic network connectivity issues.
Diagnose and document the symptoms of hardware, software, and system problems.
Resolve and document any basic user issues.
Help customers complete online order forms to attain various systems, services, hardware,
software, reports, and entitlements.
Escalate unresolved issues to the next level.

Diagnose and solve more difficult network problems.
Use diagnostic tools and remote desktop sharing tools to identify and fix problems.
Identify when an on-site technician must be dispatched to perform repairs.
Page 2:
Many larger service providers have expanded their businesses to include managed services or
on-site support of a customer network. Organizations that provide managed services are
sometimes referred to as Managed Service Providers (MSP). Managed services can be provided
by ISPs, telecommunications service providers, or other types of computer and network support
organizations. When an ISP is providing managed services, it often requires technicians to visit
customer sites for the purpose of installation and support. This type of service represents Level 3
support.
Level 3 support is usually in accordance with a Service Level Agreement (SLA). An SLA
resembles an insurance policy, because it provides coverage or service if there is a computer or
network problem.

The diagram depicts Level 3 support responsibilities.

Diagnose and resolve problems that have been escalated by the Level 1 and Level 2 technicians.
Survey network conditions for analysis by a senior network technician.
Install and configure new equipment, including customer premise equipment upgrades, when
necessary.
Page 3:

The diagram depicts an activity in which you must match each responsibility to Help Desk Level
1, Help Desk Level 2, or On-site Level 3.
Responsibilities
One. Surveys and documents current network conditions for analysis by senior level technician.
Two. Obtains initial information about customer problems.
Three.Performs installation of equipment.
Four. Identifies when a technician must be dispatched to the customer site.
Five. Opens the trouble ticket.
Six. Uses remote desktop sharing to diagnose and fix difficult problems.
2.1.3 Interacting with Customers
Page 1:
Help desk technicians may be required to provide phone support, email support, web-based
support, online chat support, and possibly on-site support. They are often the first point of
contact for frustrated and anxious customers. Until a problem is solved, help desk technicians
may continue to get calls and correspondence asking for status updates and time estimates to
resolve an issue.
The help desk technician must be able to stay focused in an environment with frequent
interruptions and perform multiple tasks efficiently and accurately. It can be difficult to
consistently maintain a positive attitude and provide a high level of service. The help desk
technician has to have excellent interpersonal skills and effective communication skills, both oral
and written. The technician must be able to work independently and as part of a team.
It is important for the help desk technician to be able to handle customer issues with speed,
efficiency, and professionalism. Help desk technicians should conduct themselves in accordance
with the company's customer service philosophy. A customer service philosophy is an
organization-wide ethic shared by everyone from top management to operational staff.
Basic incident management procedures must be followed every time a help desk technician
receives a call and begins troubleshooting issues. Incident management includes opening a
trouble ticket and following a problem-solving strategy. Problem-solving techniques include
using troubleshooting flowcharts, addressing questions in a template format, and maintaining
proper ticket escalation procedures.
A help desk script is used by the help desk technician to gather information and cover the
important facts about customer incident.

The animation depicts the interaction between a help desk technician and a customer when the
customer calls with an issue. The following list describes the appropriate way to work with the
customer.
Be prepared to answer the customer call in accordance with the company customer service
policies. Answer the call in a courteous manner and immediately identify yourself and the
company.
Ask for the customer contact information. Keep the customer informed of what you are doing
and why you need the information.
Follow the help desk script. Begin by verifying the information in the customer record.
Show empathy for the customer. Make sure the customer understands that you will do everything
necessary to solve the problem as quickly as possible.
Continue following the script, recording all of the information on the trouble ticket.
Always ask for permission to place the customer on hold. Keep the customer informed as to what
you are doing and why.
Avoid using technical terms or jargon, unless the customer does. Always ask if the customer is
comfortable performing a task before instructing them to do so.
Communicate what to do in plain language, including all of the necessary steps.
Verify that the customer is satisfied and close the trouble ticket.
Page 2:
In addition to technical ability, help desk technicians must be able to greet customers pleasantly
and be professional and courteous throughout the call.
Customer service and interpersonal skills are especially important when handling difficult clients
and incidents. The help desk technician must know how to relieve customer stress and respond to
abusive customers.
Opening trouble tickets and logging information on the tickets are critical to help desk operation.
When there are many calls relating to a single problem or symptom, it is helpful to have
information on how the problem was resolved in the past. It is also important to relay to the
customer what is being done to solve the problem. Good information on open trouble tickets
helps communicate accurate status, both to the customer and other ISP personnel.

The diagram depicts the following list of customer service skills:
Preparation
Courteous greeting
Open a trouble ticket
Listen to customer
Adapt to customer temperament
Diagnose a simple problem correctly
Log the call
Page 3:
While many issues can be handled remotely, some problems require an on-site visit to the
customer premises to install and troubleshoot equipment. When a technician goes on-site, it is
important to represent their organization in a professional manner. A professional knows how to
make the customer feel at ease and confident in the technician's skills.
On the first visit to a customer location, it is important for the technician to make a good
impression. Personal grooming and the way the technician is dressed are the first things the
customer notices. If the technician makes a bad first impression, it may be difficult to change that
impression and gain the confidence of the customer. Many employers provide a uniform or have
a dress code for their on-site technicians.
The language and attitude of the technician also reflect on the organization that the technician
represents. A customer may be anxious or concerned about how the new equipment will operate.
When speaking with a customer, the technician should be polite and respectful, and answer all
customer questions. If the technician does not know an answer to a customer question or if
additional information is required, the technician should write down the customer inquiry and
follow up on it as soon as possible.

The diagram depicts a person smiling at another person, emphasizing the importance of making a
good first impression.
Page 4:

The diagram depicts an activity in which you must match the following parts of customer
support process to each statement.
Parts of customer support process.

A. Script.
B. Customer service philosophy.
C. Greeting.
D. Listening to the customer.
Statements.
One. You have reviewed the problem description with the customer and tried to develop an
understanding of the situation.
Two. A prepared sequence of questions and statements used by the help desk technician to gather
information and cover the important parts of a customer incident.
Three. Creating a good first impression of the support staff, the support service, and ultimately
the entire organization.
Four. This is an organization-wide ethic that is shared by everyone from top management to
operational staff.
2.2 OSI Model
2.2.1 Using the OSI Model
Page 1:
When a network connectivity problem is reported to the help desk, many methods are available
to diagnose the problem. One common method is to troubleshoot the problem using a layered
approach. A layered approach requires that the network technician be familiar with the various
functions that occur as messages are created, delivered, and interpreted by the network devices
and hosts on the network.
Moving data across a network is best visualized using the seven layers of the Open Systems
Interconnection model, commonly referred to as the OSI model. The OSI model breaks network
communications down into multiple processes. Each process is a small part of the larger task.
For example, in a vehicle manufacturing plant, the entire vehicle is not assembled by one person.
Rather the vehicle moves from station to station where specialized teams add specific
components. The complex task of assembling a vehicle is made easier by breaking it into
manageable and logical tasks. This process also makes troubleshooting easier. When a problem
occurs in the manufacturing process, it is possible to isolate the problem to the specific task
where the defect was introduced, and then fix it.
In a similar manner, the OSI model can be used as a means to focus on a layer when
troubleshooting to identify and resolve network problems.
2.2.1 Using the O S I Model

The diagram depicts the functions that occur at each layer of the O S I model.
Application Layer
Defines interfaces between application software and network communication functions.
Provides standardized services such as file transfer between systems.
Presentation Layer
Standardizes user data formats for use between different types of systems.
Encodes and decodes user data; encrypts and decrypts data; compresses and decompresses data.
Session Layer
Manages user sessions and dialogues.
Manages links between applications.
Transport Layer
Manages end-to-end message delivery over the network.
Can provide reliable and sequential packet delivery through error recovery and flow control
mechanisms.
Network Layer
Provides logical network addressing.
Routes packets between networks based on logical addressing.
Data Link Layer

Defines procedures for operating the communication links.
Detects and corrects frame transmit errors.
Adds physical addresses to frame.
Physical Layer
Defines physical means of sending data over network devices.
Interfaces between network medium and devices.
Defines optical, electrical, and mechanical characteristics for both wired and wireless media.
Includes all forms of electromagnetic transmission, such as light, electricity, infrared, and radio
waves.
Page 2:
The seven layers of the OSI model are divided into two parts: upper layers and lower layers.
The term upper layer is sometimes used to refer to any layer above the Transport layer of the OSI
model. The upper layers deal with application functionality and are generally implemented only
in software. The highest layer, the Application layer, is closest to the end user.
The term lower layer is sometimes used to refer to any layer below the Session layer. The
combined functionality of the lower layers handles data transport. The Physical layer and the
Data Link layer are implemented in both hardware and software. The Physical layer is closest to
the physical network medium, or network cabling. The Physical layer actually places information
on the medium.
End stations, like clients and servers, usually work with all seven layers. Networking devices are
only concerned with the lower layers. Hubs work on Layer 1, switches on Layers 1 and 2, routers
on Layers 1, 2 and 3, and firewalls on Layers 1, 2, 3, and 4.
2.2.1 Using the O S I Model

The table lists various protocols and technologies, and also the network components, associated
with the upper and lower layers of the O S I model.
Upper Layers.
Layer #: 7.
Name: Application.
Protocols and technologies: DNS, NFS, DHCP, SNMP, FTP, TFTP, SMTP, POP3, I MAP,
HHTP, Telnet.
Network components: Network aware applications, email, web browsers and services, file
transfer, name resolution.
Layer #: 6.
Name: Presentation.
Protocols and technologies: SSL, shells and redirectors, MIME.
Layer #: 5.
Name: Session.
Protocols and technologies: NetBIOS, application program interfaces, remote procedure calls
(RPCs).
Lower Layers.
Layer #: 4.
Name: Transport.
Protocols and technologies: TCP and UDP.
Network components: Voice and video streaming mechanisms, firewall, filtering lists.
Layer #: 3.
Name: Network.
Protocols and technologies: IPv4, IPv6, IP NAT.
Network components: IP addressing, routing.
Layer #: 2.
Name: Data Link.
Protocols and technologies: Ethernet family, W LAN, Wi Fi, ATM, PPP.
Network components: Network interface cards and drivers, network switching, WAN
connectivity.
Layer #: 1.
Name: Physical.
Protocols and technologies: Electrical signaling, light wave patterns, radio wave patterns.
Network components: Hubs, repeaters, and physical medium, such as copper twisted pair, fiber-
optic cable, and wireless transmitters.
2.2.2 OSI Model Protocols and Technologies
Page 1:
When using the OSI model as a framework for troubleshooting, it is important to understand
which functions are performed at each layer, and what network information is available to the
devices or software programs performing these functions. For example, many processes must
occur for email to successfully travel from the client to the server. The OSI model divides the
task of sending and receiving email into smaller, distinct steps that correspond with the seven
layers.
Step 1: Upper layers create the data.
When a user sends an email message, the alphanumeric characters within the message are
converted to data that can travel across the network. Layers 7, 6, and 5 are responsible for
ensuring that the message is placed in a format that can be understood by the application running
on the destination host. This process is called encoding. The upper layers then send the encoded
messages to the lower layers for transport across the network. Transporting the email to the
correct server relies on the configuration information provided by the user. Problems that occur
at the application layer are often related to errors in the configuration of the user software
programs.
2.2.2 O S I Model Protocols and Technologies

The diagram depicts functions of upper Layers 7, 6 and 5 of the O S I model.
Layer 7 - Application Layer

An application such as email, initiates the communication process.
Layer 6 - Presentation Layer

Format and encode the data for transmission.
Encrypt and compress the data.
Layer 5 - Session Layer

Establish and monitor email session with destination.
Page 2:
Step 2: Layer 4 packages the data for end-to-end transport.
The data that comprises the email message is packaged for network transport at Layer 4. Layer 4
breaks the message down into smaller segments. A header is placed on each segment indicating
the TCP or UDP port number that corresponds to the correct application layer application.
Functions in the transport layer indicate the type of delivery service. Email utilizes TCP
segments, therefore packet delivery is acknowledged by the destination. Layer 4 functions are
implemented in software that runs on the source and destination hosts. However, because
firewalls often use the TCP and UDP port numbers to filter traffic, problems that occur at Layer
4 can be caused by improperly configured firewall filter lists.
Step 3: Layer 3 adds the network IP address information.
The email data received from the transport layer is put into a packet that contains a header with
the source and destination network IP addresses. Routers use the destination address to direct the
packets across the network along the appropriate path. Incorrectly configured IP address
information on the source or destination system can cause Layer 3 problems to occur. Because
routers also use IP address information, router configuration errors can cause problems at this
layer.

The diagram depicts functions of lower Layers 4 and 3 of the O S I model.
Layer 4 - Transport Layer

Package Data for transport across the network.
Add TCP and U DP port numbers.
Specify reliable delivery of data using TCP.
Enable uninterrupted streaming of data using UDP.
Layer 3 - Network Layer

Route packets between networks.
Assign IP addresses.
Encapsulate data in packets for transmission.
Page 3:
Step 4: Layer 2 adds the data link layer header and trailer.
Each network device in the path from the source to the destination, including the sending host,
encapsulates the packet into a frame. The frame contains the physical address of the next
directly-connected network device on the link. Each device in the chosen network path requires
framing so that it can connect to the next device. Switches and network interface cards (NICs)
use the information in the frame to deliver the message to the correct destination device.
Incorrect NIC drivers, interface cards, and hardware problems with switches can cause Layer 2
problems to occur.
Step 5: Layer 1 converts the data to bits for transmission.
The frame is converted into a pattern of 1s and 0s (bits) for transmission on the medium. A
clocking function enables the devices to distinguish these bits as they travel across the medium.
The medium can change along the path between the source and destination. For example, the
email message can originate on an Ethernet LAN, cross a fiber campus backbone, and cross a
serial WAN link until it reaches its destination on another remote Ethernet LAN. Layer 1
problems can be caused by loose or incorrect cables, malfunctioning interface cards, or electrical
interference.
At the receiving host, the processes described in steps 1 through 5 are reversed, with the message
traveling back up the layers to the appropriate application.

The diagram depicts functions of lower Layers 2 and 1 of the O S I model.
Layer 2 - Data Link Layer

Transmit data to the next directly connected device in the path.
Add the hardware address.
Encapsulate data in a frame.
Layer 1 - Physical Layer

Convert data to bits for transmission.
Generate signals and timing.
Page 4:

The diagram depicts an activity in which you must identify which layer each protocol or
technology belongs to.
Layers
Upper Layers (Application, Presentation, and Session)
Data Link Layer
Physical Layer
Network Layer
Transport Layer
Protocols and Technologies.

A. Network Interface Cards.
B. Frames.
C. Twisted Pair Cable.
D. HTTP.
E. Packets.
F. Radio Waves.
G. FTP.
H. IP Addresses.
I. Client Software.
J. Network Switching.
K. Hubs.
L. SMTP.
M. UDP.
N. Port Numbers.
O. Ethernet.
P. Routing.
Q. Repeaters.
R. MAC Addresses.
S. Electrical Signaling.
T. TCP.
U. Telnet.
2.2.3 Troubleshooting the OSI Model
Page 1:
As a theoretical model, the OSI model defines the protocols, hardware, and other specifications
that operate at the seven layers.
The OSI model also provides a systematic basis for troubleshooting a network. In any
troubleshooting scenario, the basic problem-solving procedure includes the following steps:
1. Define the problem.
2. Isolate the cause of the problem.
3. Solve the problem.
• Identify and prioritize alternative solutions.

• Select one alternative as the solution.
• Implement the solution.
• Evaluate the solution.
If an identified solution does not fix the problem, undo any changes and proceed to the next
possible solution. Go through the steps until a solution works.
In addition to the basic problem-solving procedures, the OSI model can be used as a guideline
for troubleshooting. Using a layered model, there are three different troubleshooting approaches
that a technician can use to isolate the problem:
• Bottom-Up - The bottom-up approach starts with the physical components of the
network and works its way up the layers of the OSI model. Bottom-up troubleshooting is
an effective and efficient approach for suspected physical problems.
• Top-Down - The top-down approach starts with the user application and works its way
down the layers of the OSI model. This approach starts with the assumption that the
problem is with the application and not the network infrastructure.
• Divide-and-Conquer - The divide-and-conquer approach is generally used by more
experienced network technicians. The technician makes an educated guess targeting the
problem layer and then based on the observed results, moves up or down the OSI layers.
Using the OSI model as a guide, the help desk technician can query the customer to help define
the problem and isolate the cause.
2.2.3 Troubleshooting using the O S I Model

The diagram identifies how the O S I model is used as a framework for troubleshooting network
problems.
Layer 5-7: Upper Layers

Can your browser open this website?
Layer 4: Transport Layer

Do you have a firewall configured on your PC?
Layer 3: Network Layer

Can you ping your default gateway?
Layer 2: Data Link Layer

Is the link light lit on your Network Interface Card?
Layer 1: Physical Layer

Is your network cable plugged in and secure?
Page 2:
The help desk technician usually has a standard checklist or script to follow when
troubleshooting a problem. Often the script takes a bottom-up approach to troubleshooting. This
is because physical problems are usually the simplest to diagnose and repair, and the bottom-up
approach starts with the Physical Layer.
Layer 1 Troubleshooting
The technician starts with Layer 1 issues first. Remember, Layer 1 deals with the physical
connectivity of the network devices. Layer 1 problems often involve cabling and electricity, and
are the reasons for many help desk calls. Some of the more common Layer 1 problems include:
• Device power turned off

• Device power unplugged
• Loose network cable connection
• Incorrect cable type
• Faulty network cable
• Faulty wireless access point
• Incorrect wireless settings, such as the SSID
To troubleshoot at Layer 1, first check that all devices have the proper electrical supply, and that
the devices are turned on. This may seem to be an obvious solution, but many times the person
reporting the problem may overlook a device that is within the network path from source to
destination. If there are any LEDs that display the status of the connectivity, verify with the
customer that they are indicating correctly. If on-site, visually inspect all network cabling and
reconnect cables to ensure a proper connection. If the problem is with wireless, verify that the
wireless access point is operational and that wireless settings are configured correctly.
When remotely troubleshooting a problem, the technician should advise the caller through each
step, what to look for, and what to do if an error is found. If it is determined that all Layer 1
issues have been addressed, it is time to travel up the OSI model to Layer 2.

The diagram focuses on Layer 1 physical issues of cabling and power. Displayed is the back of a
Cisco 1841 router with integrated 4-port Ethernet switch. Also included are an Ethernet cable,
console cable, serial cable, and power cord.
Page 3:
Network switches and host NICs perform Layer 2 functions. Layer 2 problems can be caused by
faulty equipment, incorrect device drivers, or an improperly configured switch. When remotely
troubleshooting a problem, it may be difficult to isolate a Layer 2 problem.
An on-site technician can check whether the NIC is installed and working properly. Reseating
the NIC, or replacing a suspected faulty NIC with a known good NIC, helps to isolate the
problem. The same process can be done with any network switch.
At Layer 3, the technician needs to investigate the logical addressing used in the network, such
as the IP address scheme. If the network is using IP addressing, the technician verifies that the
device has the proper settings, such as:
• IP address within the assigned network

• Correct subnet mask
• Correct default gateway
• Other settings as required, such as DHCP or DNS
At Layer 3, several utilities can assist with the troubleshooting process. Three of the most
common command line tools are:
ipconfig - Shows IP settings on the computer

ping - Tests basic network connectivity
tracert - Determines if the routing path between the source and destination is available
Most network problems can usually be resolved using these Layer 1, 2, and 3 troubleshooting
techniques.

The diagram depicts outputs for ipconfig, ping, and trace-route commands.
Page 4:
If Layers 1 through 3 all appear to be operating normally and the technician can successfully
ping the IP address of the remote server, it is time to check the higher layers. For example, if a
network firewall is used along the path, it is important to check that the application TCP or UDP
port is open and no filter lists are blocking traffic to that port.
Layers 5 through 7 Troubleshooting
The technician should also check the application configuration. For example, if troubleshooting
an email issue, ensure that the application is configured with the correct sending and receiving
email server information. It is also necessary to ensure that domain name resolution is
functioning as expected.
For remote technicians, higher layer issues can be checked by using other network utility tools,
such as a packet sniffer, to view traffic as it crosses the network. A network application, such as
Telnet, can also be used to view configurations.

The diagram depicts an E-mail Accounts dialog box with the email server name and user name
specified.
Page 5:

The diagram depicts an activity in which you must identify the appropriate layer that each of the
network issues belongs to.
Layers.
Layers 7-5 (upper layers).
Layer 4.
Layer 3.
Layer 2.
Layer 1.
Network Issue Scenarios

One.An email client is configured with bad sending and receiving server information.
Two.A faulty NIC is installed on a client device.
Three.A badly terminated cable is connecting a host device to a switch.
Four.A PC is configured with a bad subnet mask.
Five.A firewall is blocking all HTTP traffic using port 80.
2.3 ISP Troubleshooting
2.3.1 Help Desk Troubleshooting Scenarios
Page 1:
The number and types of calls received by the help desk can vary extensively. Some of the most
common calls include problems with email, host configuration, and connectivity.
Email Issues
• Can receive but not send

• Can send but not receive
• Cannot send or receive
• Nobody can reply to messages
A common cause of many email problems is using the wrong POP, IMAP, or SMTP server
names. It is best to check with the email administrator to confirm the proper name of the POP or
IMAP server and SMTP server. In some cases, the same server name for both POP/IMAP and
SMTP are used. Also, confirm that the username and password are correct. Since the password is
not usually displayed, it is a good idea to carefully re-enter it.
When troubleshooting these issues over the phone, it is important to step the customer through
the configuration parameters carefully. Many customers are unfamiliar with the terminology and
the settings of the various configuration parameters. If possible, connect to the customer device
via remote management software. This allows the technician to perform the necessary steps for
the customer.

The diagram depicts a Level 1 service call concerning email issues.
The technician says, Good morning. My name is Jill. How may I help you?
The customer says, My service agreement number is 4567. I can send email, but I cannot receive
any email.
The technician says, Let me look up your account information. I will be with you momentarily.
If you can send email, then your connection is fine. It must be your POP settings. This is how
you fix the problem.
The customer says, Yes, I am now receiving email. Thank you.
The technician says, I will close the ticket. Have a great day.
Page 2:
Host Configuration Issues
A common issue that can prevent connectivity to the Internet or other network resources is
improperly configured host addressing information. This can include an incorrect IP address,
subnet mask, or default gateway.
In environments where the IP addressing information is manually configured, it is possible that

the IP configuration was simply entered incorrectly. In environments where hosts are configured
to dynamically receive an IP address from an assignment server, such as a DHCP server, the
server may fail or become unreachable due to network issues.
If a host is configured to receive an address dynamically, and an assignment server is unavailable

or unreachable, a link-local address will be automatically assigned to the local host by the
operating system. IPv4 addresses in the address block 169.254.0.1 to 169.254.255.254
(169.254.0.0 /16) are designated as link-local addresses. A link-local process will randomly
select an IP address within the 169.254.0.0/16 range. But what prevents two hosts from randomly
selecting the same IP address?
Once the link-local process selects an IP address, it sends an ARP query with that IP onto the
network to see if any other devices are using that address. If there is no response, the IP address
is assigned to the device, otherwise another IP address is selected, and the ARP query is
repeated. Microsoft refers to link-local addresses as Automatic Private IP Addressing (APIPA).
If multiple hosts on the same network obtain a link-local address, client/server and peer-to-peer
applications between those hosts will work properly. However, because link-local addresses are
in the private Class B address space, communication outside of the local network is not possible.
When troubleshooting both manually and dynamically configured hosts, use the host command
ipconfig /all to verify that the host is using the appropriate IP configuration.

The diagram depicts two small local networks, A. and B, each with a switch and four hosts.
There is a DHCP server on each LAN segment. The servers are connected to a router that is
connected to the Internet cloud.
The DHCP server located on local network A is down. All hosts on this network have received
self-assigned private link-local addresses in the 169.254.0.0 /16 range. Microsoft refers to link-
local addresses as Automatic Private IP Addressing (A. P IP A). All hosts are able to
communicate locally, but are unable to access hosts on other networks. The router does not
forward link-local addresses.
The DHCP server on the local network B is operating normally. All hosts have received proper
addressing information and are able to communicate locally and across the Internet.
Page 3:
Customer Connectivity Issues
Connectivity problems are more common with new customers trying to connect for the first time.
However, sometimes existing customers encounter connectivity issues. First-time customers may
have problems with installing the hardware as well as software configuration settings. Existing
customers notice connectivity problems when they cannot open a web page or connect to instant
messaging or email.
There are many reasons why a customer has no connectivity, including the following:
• Delinquent payments for services

• Hardware failures
• Physical layer failures
• Incorrect application settings
• Missing application plug-ins
• Missing applications
In many cases, the problem is simply a faulty cable, or a cable plugged into an incorrect port.
These types of issues can be resolved by checking the cable connection or replacing the cable.
Other problems, such as software issues, may be more difficult to detect. One example is an
incorrectly loaded TCP/IP stack, preventing IP from operating correctly. The TCP/IP stack can
be tested and verified using a loopback address. The loopback is a special address, the reserved
IPv4 address 127.0.0.1, which hosts use to direct traffic to themselves. The loopback address
creates a shortcut method for TCP/IP applications and services that run on the same device to
communicate.
You can ping the loopback address to test the configuration of TCP/IP on the local host. If you
are unable to get a response when pinging the loopback address, suspect an improperly
configured or installed TCP/IP stack.
Addresses 127.0.0.0 through 127.255.255.255 are reserved for testing purposes. Any address
within this block will loop back within the local host. No address within this block should ever
appear on any network. Despite the fact that the entire 127.0.0.0/8 network range is reserved, the
only address typically used for loopback testing is the 127.0.0.1 address.

The diagram depicts a Level 1 service call concerning network connectivity issues.
The technician says, Good morning, my name is Jill. How may I help you?
The customer says, My name is Billy. My service agreement number is 998, and I cannot
connect to anything.
The technician says, Please hold for one minute while I retrieve your information.
The technician says, OK, when did you first notice the problem?
The customer says, Today, after I moved my computer desk to clean the floors.
The technician says, Is the link light on your computer network card illuminated?
The customer says, No, and the cable looks twisted.
The technician says, OK, do you have another cable to replace the damaged one?
The customer says, Yes. Hold one minute.
The customer says, OK, it looks fine now. Thanks for your assistance.
The technician says, Great. I will close the trouble ticket. Have a great day.
Page 4:
Troubleshoot and resolve a network connectivity issue.

Link to Packet Tracer Exploration: Troubleshooting and Resolving Network Issues
2.3.2 Creating and Using Help Desk Records
Page 1:
When a Level 1 help desk technician receives a call, there is a process followed to gather
information. There are also specific systems for storing and retrieving relevant information. It is
extremely important to gather the information correctly in the event that a call has to be escalated
to Layer 2 or require an on-site visit.
The information gathering and recording process starts as soon as the technician answers the
phone. When the customer identifies who they are, the technician accesses the relevant customer
information. Typically, a database application is used to manage the customer information.
The information is transferred to a trouble ticket, or incident report. This document can be a
piece of paper in a paper filing system or an electronic tracking system designed to follow the
troubleshooting process from beginning to end. Each person who works on the problem is
expected to record what was done on the trouble ticket. When an on-site call is required, the
trouble ticket information can be converted to a work order that the on-site technician can take to
the customer site.
When a problem is resolved, the solution is documented in the customer work order or trouble
ticket, and in a knowledge-base document for future reference.
Occasionally, the Level 1help desk technician may receive a call that cannot be resolved quickly.
In this instance, the technician is responsible for passing the call to a Level 2 technician who is
more qualified to resolve the issue. Passing the call to a higher level technician is known as the
call escalation process.
Both Level 1 and Level 2 help desk technicians attempt to solve customer problems using the
telephone, web tools, and possibly remote desktop sharing applications.

The diagram depicts a work order document.
Page 2:
If the help desk technicians are not able to fix the problem remotely, it is often necessary to send
a Level 3 on-site technician to the customer premise location. It is the job of the on-site
technician to visit the customer premise to physically work on the problem equipment. The help
desk technician can make an appointment with the customer for the on-site technician to perform
the repairs, or it may be the responsibility of the on-site technician to arrange the appointment.
To properly troubleshoot the problem, the on-site technician reviews the trouble ticket to see
what was previously done. This review gives the technician some background information and a
logical starting point. It also helps the technician decide which tools and supplies to bring, rather
than having to leave the customer site to obtain supplies.
On-site technicians typically work on the network at the customer location, although there are
instances where the technician is unable to make the needed repairs and must bring the damaged
equipment back to the ISP site for additional troubleshooting.

The diagram depicts images of network troubleshooting tools.
Crimpers - Used to crimp the connector to the cable.
Cable - Used to run new cable or replace old cable.
Connectors - Used to make new cables or replace broken connectors.
Multimeter - Used to measure the difference in electrical potential between two points in an
electric circuit.
Laptop - used to test the network through various utility programs.
Linksys Router - Used to connect multiple wired and wireless computers to a single network.
Floppy Disk - Used for boot disks.
Cell Phone - Used for calling the office, setting up and confirming appointments.
2.3.3 Customer Site Procedures
Page 1:
There are four steps an on-site technician performs before beginning any troubleshooting or
repair at the customer site:
Step 1. Provide proper identification to the customer.
Step 2. Review the trouble ticket or work order with the customer to verify that the information
is correct.
Step 3. Communicate the current status of any identified problems and the actions the technician
expects to take at the customer site that day.
Step 4. Obtain permission from the customer to begin the work.
The technician must verify all items on the trouble ticket. Once the technician is familiar with all
issues, the work can begin. The technician is responsible for checking all device and network
settings, and running any necessary utilities. The technician may also have to swap out suspected
faulty hardware with known good hardware to determine if a hardware problem exists.

The diagram depicts an on-site technician working with a customer.
Page 2:
When performing any troubleshooting tasks the customer site, especially when installing new or
replacing existing equipment, it is important to minimize the risk of injury by following good
safety practices. Many employers offer safety training as part of their employee services.
Ladders
Use ladders to reach high locations to install networking cable and to install or troubleshoot
wireless access points in places that are difficult to reach. To reduce the risk of falling off the
ladder or dropping equipment while climbing on the ladder, work with a partner whenever
possible.
High or Dangerous Locations
Sometimes network equipment and cables are located in high and dangerous places, such as on
the side of a building, on roof tops, or in an internal structure such as an elevator shaft, that is not
accessible by a ladder. Work performed at this type of location must be done very carefully.
Using a safety harness reduces the risk of falling.
Electrical Equipment
If there is a risk of damaging or coming in contact with any electrical lines when handling
hardware, consult with the electrician of the customer about measures that can be taken to reduce
the risk of electrical shock. Coming in contact with electrical equipment may result in serious
personal injury.
Awkward Spaces
Network equipment is often located in narrow and awkward spaces. Ensure that the work area is
properly lighted and ventilated. Determine the best way to lift, install, and remove equipment to
minimize the risks.
Heavy Equipment
Networking devices can be large and heavy. Plan to have the correct equipment and trained
personnel when heavy equipment needs to be installed or moved at a customer site.

The diagram depicts images of customer site safety related issues, including ladders, high or
dangerous locations, electrical equipment, and heavy equipment.
Page 3:
After the technician makes any configuration changes or installs new equipment, the technician
must observe the results to ensure proper operation. When finished, the technician communicates
the nature of the identified problem to the customer, what solution was applied, and any follow-
up procedures. Before the problem can be considered fully resolved, the technician must obtain
the acceptance of the customer. The technician can then close the trouble ticket and document
the solution.
A copy of the documentation is left with the customer. The document includes the original help
desk call problem and the actions taken to solve the problem. The technician records the
solution, and the customer acceptance is indicated on the trouble ticket. For future reference, the
technician also records the problem and the solution in the help desk documentation and FAQs.
In some cases, an on-site technician can uncover network problems that require upgrades or
reconfiguration of the network devices. When this occurs, it may be outside of the scope of the
original trouble ticket. These issues are usually communicated to both the customer and the ISP
network personnel for further action.
2.4 Chapter Summary
2.4.1 Summary
Page 1:
2.4.1 Summary
Six Diagrams, Slider Graphic
Diagram 1, Image
The diagram depicts a flowchart of the process used by a helpdesk to solve a network problem.
Diagram 1 text
Help desk technicians provide solutions to customers network problems.
User support usually exists at three levels: Tier 1, Tier 2, and Tier 3.
Incident management is the basic procedure followed when a help desk technician initiates the
standard problem solving processes.
Help desk operation relies on opening trouble tickets and logging information.
Diagram 2, Image
Diagram 2 text
Customer service and interpersonal skills are important when handling difficult clients and
incidents.
Skills required by help desk technicians for successful communication include:
Preparation
Courteous greeting
Listening to the customer
Adapting to customer temperament
Correctly diagnosing a simple problem
Logging the call
Diagram 3, Image
The diagram depicts the layers of the O S I model.
Diagram 3 text
A layered approach is used for troubleshooting.
The O S I Model breaks the task of network communications down into multiple processes. Each
process is a small part of the larger task.
The seven layers of the O S I reference model can be divided into two categories: upper and
lower layers.
Diagram 4, Image
The diagram depicts protocols, technologies, and components associated with each layer.
Diagram 4 text
Upper layers consist of any layer above the Transport Layer and are implemented in software.
Lower layers consist of the Transport, Network, Data Link, and Physical Layers and handle data
transport functions.
Using the O S I model, the help desk technician can troubleshoot using the following
approaches: bottom-up, top-down, or divide-and-conquer.
Diagram 5, Image
The diagram depicts a work order.
Diagram 5 text
Some of the most common customer service calls are about email and connectivity issues.
Information gathered from the customer is transferred to the trouble ticket.
Diagram 6, Image
Diagram 6 text
Level 1 and Level 2 help desk technicians attempt to solve customer problems over the
telephone, web, or remote desktop sharing applications.
Sometimes it is necessary to dispatch a Level 3 on-site technician.
It is important to document the solution in the customer work, the trouble ticket, and in a
knowledge-base document for future reference.
2.5 Chapter Quiz
2.5.1 Quiz
Page 1:
2.5.1 - Quiz
Chapter 2 Quiz: Help Desk
1.Identify the network function listed below with the correct layer to which it belongs. (Answer
will be either the Transport Layer or the Network Layer.)
A.packages data in segments for transmission.
B.routes packets between networks.
C.encapsulates data in packets for transmission.
D.uses UDP for realtime data streaming.
E.adds port numbers.
F.adds IP addresses to data packets.
2.Using a systematic troubleshooting approach, a help desk technician suspects a problem at

Layer 3 of the O S I model. Which two questions could be asked to isolate the problem to Layer
3? (Choose two.)
A.Is your PC configured for DHCP?
B.Can you browse to www.cisco.com?
C.Is your network cable plugged in?
D.Can you ping your default gateway?
E.Do you see a link light on your network card?
3.Identify the questions in the correct order if a help desk technician is using a bottom-up
approach to troubleshooting. (For example, Question 1 would refer to the first question a help
desk technician would ask, Question 2 would refer to the second question a help desk technician
would ask, etc.)
a.Is your network cable securely connected?
b.What mail server is listed in the outgoing server setting?
c.Is your Windows firewall blocking port 25?
d.Do you see a link light on your network card?
e.What is the subnet mask on Local Area Connection 2?
1.Question 1
2.Question 2
3.Question 3
4.Question 4
5.Question 5
4.A customer call has been escalated to an on-site technician because the level 1 and 2
technicians could not determine the problem. Which three tasks would be performed by the on-
site technician? (Choose three.)
A.open the trouble ticket and enter customer information.
B.replace faulty cables or connections.
C.check to see if the ISP email server is working.
D.correct PC network settings and run any necessary utilities.
E.swap out suspected faulty hardware with known good hardware.
F.check the customer account payment status.
5.Which two actions should be taken after a customer problem is resolved by the ISP help desk?
(Choose two.)
A.delete the trouble ticket from the database.
B.document the solution in the trouble ticket or work order.
C.escalate the trouble ticket to Level 2 for future reference.
D.file a work order for customer notification.
E.copy the solution into a knowledge-base document for future reference.
6.Which two scenarios are common causes of physical network connectivity problems? (Choose
two)
A.monitor unplugged.
B.Ethernet cable plugged into wrong port.
C.incorrect default gateway.
D.unassigned IP address.
E.faulty Ethernet cable.
7.Match the network component or function to its associated layer (Physical, Data link or
Network)
a.twisted-pair cable.
b.IP Address.
c.routing.
d.switching.
e.MAC Address.
f.repeater.
8.What two tasks should an on-site technician perform before beginning any troubleshooting or
repair at the customer site? (Choose two.)
A.review the trouble ticket with the customer to verify the information is correct.
B.take damaged equipment to the ISP site for repair.
C.document the troubleshooting tasks performed and the solution.
D.provide identification, including name and place of employment.
E.examine cabling to determine if it is faulty or connected into the wrong port.
9.Match the technical skill to the appropriate help desk activity.

Technical Skill
a.Make notes regarding the resolution of a help desk case.
b.Answer a call in a friendly, professional manner.
c.Speak in a calm, reassuring manner.
d.Get all relevant information from the customer.
e.Use analytical tools to provide a problem resolution.
Help Desk Activity

1.diagnosing a problem correctly.
2.adapting to customer temperament.
3.providing a courteous greeting.
4.logging the call.
5.listening to customer.
10.An ISP customer calls to report that the web server web-s1.cisco.com is not reachable through
a web browser. The technician uses command line utilities to verify the problem and to begin the
troubleshooting process. Based on the results shown below, what two things can be determined
about the problem? (Choose two.)
D:\>ping web-sl.cisco.com
Unknown host web-sl.Cisco.com
D:\>ping 192.168.0.10
Pinging 192.168.0.10 with 32 bytes of data:
Reply from 192.168.0.10 bytes=32 time<10ms TTL=128

Repiy from 192.168.0.10 bytes=32 time<10ms TTL=128
Repiy from 192.168.0.10 bytes=32 time<10ms TTL=128
Reply from 192.168.0.10 bytes=32 time<10ms TTL=128
Ping statistics for 192.168.0.10:

Packets: Sent = 4, Received = 4.; Lost = 0 <0>: loss>.
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
A.The web server at 192.168.0.10 is reachable from the source host.

B.There is a problem with the web server software on web-s1.cisco.com.
C.A router is down between the source host and the server web-s1.cisco.com.
D.DNS cannot resolve the IP address for the server web-s1.cisco.com.
E.The default gateway between the source host and the server at 192.168.0.10 is down.
11.What does a successful ping response from the 127.0.0.1 loopback address on a host indicate?
A.The default gateway is configured correctly.

B.The TCP/IP stack loaded correctly.
C.The DNS server address is correctly configured.
D.The DHCP configuration loaded correctly.
12.Which range of addresses is referred to as link-local addresses?

A.127.0.0.0/16
B.192.168.1.0/24
C.169.254.0.0/16
D.10.0.0.0/16
End
3 Planning a Network Upgrade
3.0.1 Introduction
Page 1:
As a business grows, it may also outgrow its network, requiring a network upgrade.
A careful look at the current network, as well as the new requirements in equipment and
configurations, can help ensure a smooth network upgrade with minimum disruption.

Perform a customer site survey.
Describe the importance of planning when beginning a network upgrade.
Describe physical topology considerations when upgrading a network.
Describe structured cabling.
Describe network configuration and interaction of network devices.
Describe other considerations when planning an upgrade.
3.1 Documenting the Existing Network
3.1.1 Site Survey
Page 1:
When a small company grows rapidly, the original network that supports the company often
cannot keep pace with the expansion. Employees at the company may not realize how important
it is to plan for network upgrades. The business may just add network hardware devices of
varying quality from different manufacturers and different network connection technologies to
connect new users. The quality of the current network may become degraded as each new user is
added, until it can no longer support the level of network traffic that the users generate.
When the network starts to fail, most small businesses look for help to redesign the network to
meet the new demands. An ISP or managed service provider may be called in to provide advice,
and to install and maintain the network upgrade.
Before a network upgrade can be properly designed, an on-site technician is dispatched to
perform a site survey to document the existing network structure. It is also necessary to
investigate and document the physical layout of the premises to determine where new equipment
can be installed.
3.1.1 - Documenting the Existing Network

The diagram depicts an original, small network with several wireless clients and several wired
clients connected to an ISR, which in turn connects via the modem to the ISP . When the
network is expanded, there is an addition of many wired clients connected via hubs.
Original Network.
Network is performing optimally for the number of users.
Expanded Network.
Network performance is degraded due to the increased number of users without the addition of
appropriate devices and proper planning.
Page 2:
A site survey provides the network designer important information and creates a proper starting
point for the project. It shows what is already on site, and gives a good indication as to what is
needed.
Important pieces of information that can be gathered during a site survey include:
• Number of users and types of equipment

• Projected growth
• Current Internet connectivity
• Application requirements
• Existing network infrastructure and physical layout
• New services required
• Security and privacy considerations
• Reliability and uptime expectations
• Budget constraints
It is a good idea to obtain a floor plan, if possible. If a floor plan is not available, the technician
can draw a diagram indicating the size and location of all rooms. An inventory of existing
network hardware and software is also useful to provide a baseline of requirements for the
upgrade.
A sales representative may also accompany the technician to the site to interview the customer.
The sales representative may ask a series of questions to gather information about the network
upgrade needs of the business.
The diagram depicts questions that may be used to gather information in a site survey.
Number of Hosts and Users

How many network users, printers, and servers will the network support?
To determine the number of network users that the network must support, be sure to consider the
number of users that will be added over the next 12 months, and how many network printers and
network servers the network has to accommodate.
Internet Service and Equipment

How does your business connect to the internet? Does the ISP provide the equipment or do you
own it?
Often when using a high speed internet connection such as DSL or cable, the service provider
owns the equipment needed to connect to the internet (e.g. a DSL router or cable modem). If the
connectivity is upgraded, the equipment that provides the connectivity may also need to be
upgraded or replaced.
Existing Network Devices

How many networking devices are installed on your network? What functions do they perform?
Understanding the existing number and types of networking equipment that are currently
installed is critical to being able to plan for the upgrade. It is also necessary to document any
configurations that are loaded on the existing devices.
Security Requirements
Do you have a firewall in place to protect your network?
When a private network connects to the internet, it opens physical links to more than 50,000
unknown networks and all their unknown users. While this connectivity brings exciting
opportunities for information sharing, it also brings threats to information not meant for sharing.
Integrated Services Routers incorporate firewall features along with other functionality.
Application Requirements
What applications does the network need to support? Do you require services for applications
such as IP telephony or videoconferencing?
It is important to identify the needs of particular applications, especially voice and video. These
applications may require additional network device configuration and new ISP services to
support the necessary quality.
Wireless Requirements
Would you like a wired, wireless, or wired + wireless local-area network (LAN)? How many
square feet must the wireless LAN (W LAN) cover?
It is possible to connect computers, printers, and other devices to the network using a traditional
wired network (10 /100) switched Ethernet), a wireless only network (802.11x), or to implement
a combination of wired and wireless networking. Each wireless access point, which connects the
wireless desktop and laptop computers to the network, has a given range. To estimate the number
of access points that are required, it is necessary to have the number of square feet and the
physical characteristics of the location that the wireless network must cover.
Page 3:
The technician should be prepared for anything when doing the site survey. Networks do not
always meet local codes of practice in terms of electrical, building, or safety regulations, nor
adhere to any standards.
Sometimes networks grow haphazardly over time and end up being a mixture of technologies
and protocols. The technician should be careful not to offend the customer by expressing an
opinion about the quality of the existing installed network.
When visiting the customer premises, the technician should do a thorough overview of the
network and computer setup. There may be some obvious issues such as unlabeled cables, poor
physical security for network devices, lack of emergency power, or lack of an uninterruptible
power supply (UPS) for critical devices. These conditions are noted in the site survey report, in
addition to the other requirements gathered from the survey and the customer interview.
When the site survey is completed, it is important that the technician review the results with the
customer to ensure that nothing is missed and that there are no errors. If everything is accurate,
the site survey provides an excellent basis for the new network design.

The diagram depicts an example of requirements of a network and the physical layout of the
network.
Customer Requirements.
Requirement:Number of users.
Answer:19 users.
Requirement:Service provider equipment.
Answer:Service provider owns DSL equipment.
Requirement:Firewall.
Answer:Integrated firewall.
Requirement:Local servers.
Answer:Plan to have file server on site.
Requirement:Web or email servers.
Answer:None.
Requirement:Applications requirements.
Answer:Word processing, spreadsheets, graphics, and plan to use IP phones.
Requirement:Wired / Wireless.
Answer:Both are required.
Requirement:Number of wired desktops.
Answer:15 computers.
Requirement:Number of printers.
Answer:No network printers.
Requirement:Wireless laptops.
Answer:Four laptops.
Requirement:W LAN area.
Answer:Offices occupy 15,000 square feet.
Network Design
The physical network design is based on the answers to the above questions. The design includes
an integrated router connected to a switch for wired user access, and a server and wireless router
for wireless user access. The integrated router is connected to a DSL modem which connects to
the ISP .
3.1.2 Physical and Logical Topologies
Page 1:
Both the physical and logical topology of the network must be documented. A physical topology
is the actual physical location of cables, computers, and other peripherals. A logical topology
documents the path that data takes through the network and where network functions, like
routing, occur. A technician gathers this information during the site survey to create the physical
and logical topology map.
In a wired network, the physical topology map consists of the wiring closet and the wiring to the
individual end-user stations. In a wireless network, the physical topology consists of the wiring
closet and an access point. Because there are no wires, the physical topology contains the
wireless signal coverage area.
The logical topology is generally the same for a wired and wireless network. It includes the
naming and Layer 3 addressing of end stations, router gateways, and other network devices,
regardless of the physical location. It indicates the location of routing, network address
translation, and firewall filtering.
3.1.2 - Physical and Logical Topologies

The diagram depicts the physical and logical topologies of a network. The physical topology is
the actual physical location of cables, computers, and other peripherals. The logical topology
consists of consolidated areas, functions, and logical addressing.
Page 2:
To develop a logical topology requires understanding the relationship between the devices and
the network, regardless of the physical cabling layout. There are several topological
arrangements possible. Examples include star, extended star, partial mesh, and full mesh
topologies.
Star Topologies
With a star topology, each device is connected via a single connection to a central point. The
central point is typically a switch or a wireless access point. The advantage of a star topology is
that if a single connecting device fails, only that device is affected. However, if the central
device, such as the switch, fails, then all connecting devices lose connectivity.
An extended star is created when the central device in one star is connected to a central device of
another star, such as when multiple switches are interconnected, or daisy-chained together.
Mesh Topologies
Most Core Layers in a network are wired in either a full mesh or a partial mesh topology. In a
full mesh topology, every device has a connection to every other device. While full mesh
topologies provide the benefit of a fully redundant network, they can be difficult to wire and
manage and are more costly.
For larger installations, a modified partial mesh topology is used. In a partial mesh topology,
each device is connected to at least two other devices. This arrangement creates sufficient
redundancy, without the complexity of a full mesh.
Implementing redundant links through partial or full mesh topologies ensures that network
devices can find alternate paths to send data in the event of a failure.
3.1.2 - Physical and Logical Topologies

The diagram depicts four topological arrangements of star and mesh topologies.
Star Topology
Each host computer is connected via a single connection to a central point. The central point is
typically a switch or a wireless access point.
Extended Star Topology

The extended star is created when the central device in the star is connected to a central device of
another star as illustrated by multiple switches being interconnected.
Full Mesh Topology

In the full mesh topology graphic, every switch has a connection to every other switch creating a
fully redundant network.
Partial Mesh Topology

In a partial mesh topology, each switch is connected to at least two other switches. This
arrangement creates some redundancy without the complexity of a full mesh.
3.1.3 Network Requirements Documentation
Page 1:
Along with creating the topology maps for the existing network, it is necessary to obtain
additional information about the hosts and networking devices that are currently installed. This
information is recorded on a brief inventory sheet. The technician also documents any growth
that the company anticipates in the near future.
This information helps the network designer determine what new equipment is required, and the
best way to structure the network to support the anticipated growth.
The inventory sheet of the installed devices includes:
• Device name
• Date of purchase
• Warranty information
• Location
• Brand and model
• Operating system
• Logical addressing information
• Gateway
• Method of connectivity
• Virus Checker
• Security information
3.1.3 - Network Requirements Documentation

The diagram depicts a network with three PCs connected to an ISR, connected to a modem,
connected to an ISP cloud. The following is an example of documentation for one of the PC's.
Device name: Host 1.

Date of purchase: Dec 2007.
Warranty information: 3-year extended.
Location: Office R13.
Brand: X Y Z-Com.
Model: ZX1200.
Operating system: Linux.
I P Address: 172.16.32.101 /24.
Gateway: 172.16.32.10.
Connectivity: 10 /100 Ethernet.
Virus Checker: Installed.
Firewall: Installed.
Page 2:
Create a logical and physical network diagram.
View printable instructions.
3.1.3 - Network Requirements Documentation

Link to Packet Tracer Exploration: Creating Network Diagrams
3.2 Planning
3.2.1 Network Upgrade Planning Phases
Page 1:
A network upgrade requires extensive planning. Just like any project, a need is identified and
then a plan outlines the process from beginning to end. A good project plan helps identify any
strengths, weaknesses, opportunities, or threats (SWOT). The plan clearly defines the tasks, and
the order in which the tasks are to be completed.
Examples of good planning:
• Sports teams follow game plans

• Builders follow blueprints
• Ceremonies or meetings follow agendas
A network that is a patchwork of devices strung together, using a mixture of technologies and
protocols, is usually an indicator of poor initial planning. These types of networks are susceptible
to downtime, and are difficult to maintain and troubleshoot.
3.2.1 - Network Upgrade Planning Phases
The diagram depicts images of network planning.
Page 2:
Planning a network upgrade begins after the site survey and the resulting report are completed.
There are five distinct phases.
Phase 1: Requirements Gathering
After all of the information has been gathered from the customer and the site visit, it is analyzed
to determine the network requirements. This analysis is done by the design team at the ISP,
which creates an Analysis Report.
Phase 2: Selection and Design
Devices and cabling are selected based on the requirements outlined in the Analysis Report.
Multiple design options are created and regularly shared with other members on the project. This
phase allows team members to view the network from a documentation perspective and evaluate
trade-offs in performance and cost. It is during this step that any weaknesses of the design can be
identified and addressed.
Also during this phase, prototypes are created and tested. A prototype is a good indicator of how
the new network will operate.
When the design is approved by the customer, implementation of the new network can begin.
Phase 3: Implementation
If the first two steps are done correctly, the implementation phase is more likely to be performed
without incident. If there are tasks that have been overlooked in the earlier phases, they must be
corrected during implementation. Creating an implementation schedule that allows time for
unexpected events, keeps disruption for the customer to a minimum. Staying in constant
communication with the customer during the installation is critical to the success of the project.
The diagram depicts images of an on-site technician.
Page 3:
Phase 4: Operation
The network is brought into service in what is called a production environment. Prior to this step,
the network is considered to be in a testing or implementation phase.
Phase 5: Review and Evaluation
After the network is in operation, the design and implementation must be reviewed and
evaluated. For this process, the following steps are recommended:
Step 1: Compare the user experience with the goals in the documentation, and evaluate if the
design is right for the job.
Step 2: Compare the projected designs and costs with the actual deployment. This evaluation
ensures that future projects will benefit from the lessons learned on this project.
Step 3: Monitor the operation and record changes. It is important that the system is always fully
documented and accountable.
Careful planning at each phase ensures that the project goes smoothly and that the installation is
successful. On-site technicians are often included in the planning, because they participate in all
phases of the upgrade.

Page 4:

The diagram depicts an activity in which you must determine which phase each action is part of.
Phases.
Phase 1: Requirements Gathering.
Phase 2: Selection and Design.
Phase 3: Implementation.
Phase 4: Operation.
Phase 5: Review and Evaluation.
Actions.
A.An Analysis Report is created.
B.The network is actively working in a production environment.
C.Actual user experiences on the upgraded network are compared with the goals in the
documentation.
D.Prototypes of the selected devices and cables are created.
E.A schedule is created and followed, allowing for additional time for unexpected events.
Constant communication with the customer is required.
3.2.2 Physical Environment
Page 1:
One of the first things that the network designer does to select the equipment and design of the
new network is to examine the existing network facilities and cabling. The facilities include the
physical environment, the telecommunication room, and the existing network wiring. A
telecommunications room, or wiring closet, in a small, single-floor network is usually referred to
as the Main Distribution Facility (MDF).
The MDF typically contains many of the network devices, including switches or hubs, routers,
and access points. It is where all of the network cable concentrates to a single point. Many times,
the MDF also contains the Point of Presence (POP) of the ISP, where the network makes the
connection to the Internet through a telecommunications service provider.
If additional wiring closets are required, they are referred to as Intermediate Distribution
Facilities (IDFs). IDFs are typically smaller than the MDF, and connect to the MDF.
Many small businesses do not have a telecommunications room or closet. Network equipment
may be located on a desk or other furniture, and wires could be just lying on the floor. Network
equipment must always be secure. As a network grows, a telecommunications room is critical to
the security and reliability of the network.
3.2.2 - Physical Environment

The diagram depicts a floor plan for a physical building environment of a network. The focus is
on the telecommunications room, or wiring closet, in a corner of the building.
A more detailed diagram is provided of the telecommunications room showing an equipment

rack, vertical and horizontal patch panels and associated cabling, telephone wiring hub, U P S,
and a wall-mounted equipment rack.
Tip Popup
I S O standards refer to MDFs and I DFs using different terminology. MDFs and I DFs can also
be referred to as wiring closets.
MDF = Building Distributors
I DF = Floor Distributors
3.2.3 Cabling Considerations
Page 1:
When the existing cabling is not up to specification for the new equipment, new cabling must be
planned for and installed. The condition of the existing cabling can quickly be determined by the
physical inspection of the network during the site visit. When planning the installation of
network cabling, there are four physical areas to consider:
• User work areas

• Telecommunications room
• Backbone area
• Distribution area
There are many different types of cable found in the networking environment, and some are
more common than others:
• Shielded twisted pair (STP) - Usually Category 5, 5e, or 6 cable that has a foil shielding
to protect from outside electromagnetic interference (EMI). In an Ethernet environment,
the distance limitation is approximately 328 feet (100 meters).
• Unshielded twisted pair (UTP) - Usually Category 5, 5e, or 6 cable that does not
provide extra shielding from EMI, but it is inexpensive. Cable runs should avoid
electrically noisy areas. In an Ethernet environment, the distance limitation is
approximately 328 feet (100 meters).
• Fiber-optic cable - A medium that is not susceptible to EMI, and can transmit data faster
and farther than copper. Depending on the type of fiber optics, distance limitations can be
several miles (kilometers). Fiber-optic can be used for backbone cabling and high-speed
connections.
In addition to these three commonly-used cabling types, coaxial is also used in networking.
Coaxial is not typically used in LANs, but it is widely used in cable modem provider networks.
Coaxial has a solid copper core with several protective layers including polyvinyl chloride
(PVC), braided wire shielding, and a plastic covering. Distance is several miles (kilometers).
Limitations depend on the purpose of the connection.
3.2.3 - Cabling Considerations
The diagram depicts the four main physical areas to consider when planning for the cabling of a
network, and the type of hardware and cabling that may be used.
Telecommunications Room - Switches, patch panels, and patch cables

Backbone Area - Vertical or backbone cabling
Distribution Area - Horizontal cabling
User Work Area - PCs and patch cables
In the diagram, the switch in the telecommunications room connects to the backbone area and
other telecommunications rooms. The patch panel in the telecommunications room connects to
the distribution area, and then to the user work area.
Page 2:
There are several organizations in the world that provide LAN cabling specifications.
The Telecommunications Industry Association (TIA) and the Electronic Industries Alliance
(EIA) worked together to provide the TIA/EIA cable specifications for LANs. Two of the most
common TIA/EIA cable specifications include the 568-A and 568-B standards. Both of these
standards typically use the same Cat 5 or Cat 6 cable, but with a different termination color code.
There are three different types of twisted pair cables that are used in networks:
• Straight-through - Connects dissimilar devices, such as a switch and a computer, or a

switch and a router.
• Crossover - Connects similar devices, such as two switches or two computers.
• Console (or Rollover) - Connects a computer to the console port of a router or switch to
do initial configuration.
Another cable type that is common in networks is a serial cable. A serial cable is typically used
to connect the router to an Internet connection. This Internet connection may be to the phone
company, the cable company, or a private ISP.
3.2.3 - Cabling Considerations

The diagram depicts three types of cable to connect hosts and networking devices in a simple
network.
Crossover cable - Connects switches and hubs
Straight-through cable - Connects hosts, such as PC's, servers, and router interfaces, to switches
and hubs
Console cable - Connects PC's to network device console for administration
3.2.4 Structured Cable
Page 1:
When designing a structured cable project, the first step is to obtain an accurate floor plan. The
floor plan allows the technician to identify possible wiring closet locations, cable runs, and
which electrical areas to avoid.
After the technician has identified and confirmed the locations of network devices, it is time to
draw the network on the floor plan. Some of the more important items to document include the
following:
• Patch cable - Short cable from the computer to the wall plate in the user work area
• Horizontal cable - Cable from the wall plate to the IDF in the distribution area
• Vertical cable - Cable from the IDF to the MDF in the backbone area of the business
• Backbone cable - Network part that handles the major traffic
• Location of wiring closet - Area to concentrate the end-user cables to the hub or switch
• Cable management system - Trays and straps used to guide and protect cable runs
• Cable labeling system - Labeling system or scheme to identify cables
• Electrical considerations - Outlets and other items to support the electrical requirements
of the network equipment
3.2.4 - Structured Cable

The diagram depicts a 3-D version of a structured cable design. The following areas and
components are shown: work area, telecommunications room, equipment rack, patch panel,
vertical cabling, horizontal cabling, and a telephone wiring hub with a link to PSTN.
Page 2:
Lab Activity
Evaluate a floor plan and propose upgrades to accommodate extra floor space.
3.2.4 - Structured Cable

Link to Hands-on Lab: Evaluating a Cabling Upgrade Plan
3.3 Purchasing and Maintaining Equipment

3.3.1 Purchasing Equipment
Page 1:
As the ISP team plans the network upgrade, issues related to purchasing new equipment and the
maintenance of new and existing equipment must be addressed. There are generally two options
for obtaining new equipment:
• Managed service - The equipment is obtained from the ISP through a lease or some
other agreement, and the ISP is responsible for updating and maintaining the equipment.
• In-house - The customer purchases the equipment, and the customer is responsible for
the updates, warranties, and maintenance of the equipment.
When acquiring equipment, cost is always a major factor. A good cost analysis of the various
options provides a sound basis for the final decision.
If a managed service is chosen, there are lease costs and possibly other service costs as outlined
in the Service Level Agreement (SLA).
If the equipment is purchased outright, the customer should be aware of the price of the
equipment, warranty coverage, compatibility with existing equipment, and update and
maintenance issues. All of these must be analyzed to determine the cost-effectiveness of the
purchase.
3.3.1 - Purchasing Equipment

The diagram depicts the factors to be considered when purchasing equipment to be managed in-
house versus equipment to be a managed service by an ISP .
Considerations
In-house
Type of equipment
Equipment location
I T organization staffing
Network design
Maintenance requirements
Managed Services
Initial evaluation and choice of service provider
Requirements definition
Ongoing evaluation of service provider
Costs
In-house
Equipment purchasing or leasing
I T organization staffing
Training costs
Multiple vendor costs and building
Hardware repairs and upgrades
Software release upgrades
Telephone line charges
Redundancy and reliability requirements
Managed Services
Single, predictable monthly recurring bill
Minimal up front costs
Control and Responsibility

In-House
You have most of the control and responsibility for managing and maintaining your network
system
Managed Services
Delegate the level of network management to a qualified service provider, based on your needs
Keep your core business processes in-house
Maintain control of work flow in your organization
Set service-level agreements (S L A) with a service provider
Reliability
In-House
You are responsible for keeping your network system available to employees, customers, and
partners at all times
Managed Services
Service providers can guarantee availability up to 99.999 percent
A 24-hour help desk is available for remote-access users
Service provider management is transparent to end users
End-user Experience
In-House
Users are unaware whether network is managed by the company or an external partner
Managed Services
Users are unaware whether network is managed by the company or an external partner
3.3.2 Selecting Network Devices
Page 1:
After analyzing requirements, the design staff recommends the appropriate network devices to
connect and support the new network functionality.
Modern networks use a variety of devices for connectivity. Each device has certain capabilities
to control the flow of data across a network. A general rule is that the higher the device is in the
OSI model, the more intelligent it is. What this means is that a higher level device can better
analyze the data traffic and forward it based on information not available at lower layers. As an
example, a Layer 1 hub can forward data only out of all ports, while a Layer 2 switch can filter
the data and send it only out of the port that is connected to the destination based on the MAC
address.
As switches and routers evolve, the distinction between them may seem blurred. One simple
distinction remains: LAN switches provide connectivity within the local-area networks of the
organization, while routers interconnect local networks and are needed in a wide-area network
environment.
In addition to switches and routers, there are other connectivity options available for LANs.
Wireless access points allow computers and other devices, such as handheld IP phones, to
wirelessly connect to the network or share broadband connectivity. Firewalls guard against
network threats and provide security and network control and containment.
Integrated Service Routers (ISRs) are network devices that combine the functionality of
switches, routers, access points, and firewalls into the same device.
3.3.2 - Selecting Network Devices

The diagram depicts a group of home office, branch office, and enterprise-level routers.
3.3.3 Selecting LAN Devices
Page 1:
Although both a hub and a switch can provide connectivity at the Access Layer of a network,
switches should be chosen for connecting devices to a LAN. Switches are more expensive than
hubs, but the enhanced performance makes switches more cost-effective. A hub is generally
chosen as a networking device only within a very small LAN, a LAN that requires little
throughput requirements, or when finances are limited.
When selecting a switch for a particular LAN, there are a number of factors to consider. These
factors include, but are not limited to:
• Speed and the types of ports and interfaces involved

• Expandability
• Manageability
• Cost
Speed and Types of Ports and Interfaces

Choosing Layer 2 devices that can accommodate increased speeds allows the network to evolve
without replacing the central devices.
When selecting a switch, choosing the appropriate number and type of ports is critical.
Network designers should consider carefully how many twisted pair (TP) and fiber-optic ports
are needed. It is also important to estimate how many more ports will be required to support
network expansion.
3.3.3 - Selecting LAN Devices

The diagram depicts two LAN's, each with four hosts, one using a hub and another using a
switch.
Page 2:
Expandability
Networking devices come in both fixed and modular physical configurations. Fixed
configurations have a specific type and number of ports or interfaces. Modular devices have
expansion slots that provide the flexibility to add new modules as requirements evolve. Most
modular devices come with a minimum number of fixed ports and expansion slots.
A typical use of an expansion slot is to add fiber-optic modules to a device originally configured
with a number of fixed TP ports. Modular switches can be a cost-effective approach to scaling
LANs.
Manageability
A basic, inexpensive switch is not configurable. A managed switch that uses a Cisco IOS feature
set allows control over individual ports or over the switch as a whole. Controls include the ability
to change the settings for a device, add port security, and monitor performance.
For example, with a managed switch, ports can be turned on or off. In addition, administrators
can control which computers or devices are allowed to connect to a port.
The diagram depicts four images representing variables involved in selecting networking
devices: type of ports, speed required, expandability, and manageability.
Page 3:
Cost
The cost of a switch is determined by its capacity and features. The switch capacity includes the
number and types of ports available and the overall throughput. Other factors that affect the cost
are network management capabilities, embedded security technologies, and advanced switching
technologies.
Using a simple cost-per-port calculation, it may initially appear that the best option is to deploy
one large switch at a central location. However, this apparent cost savings may be offset by the
expense of the longer cable lengths required to connect every device on the LAN to one switch.
This option should be compared with the cost of deploying a number of smaller switches
connected by a few long cables to a central switch.
Deploying a number of smaller devices, instead of a single large device, also has the benefit of
reducing the size of the failure domain. A failure domain is the area of the network affected
when a piece of networking equipment malfunctions or fails.
After the LAN switches are selected, determine which router is appropriate for the customer.

The diagram depicts two LAN designs. The first is a star topology with a local network that
includes eight hosts that are connected by one large central switch. The second is an extended
star topology with multiple switches that are connected by a central switch.
Page 4:
Explore different LAN switch options.


Link to Packet Tracer Exploration: Exploring Different LAN Switch Options
3.3.4 Selecting Internetworking Devices
Page 1:
A router is a Layer 3 device. It performs all tasks of devices in lower layers and selects the best
route to the destination based on Layer 3 information. Routers are the primary devices used to
interconnect networks. Each port on a router connects to a different network and routes packets
between the networks. Routers have the ability to break up broadcast domains and collision
domains.
When selecting a router, it is necessary to match the characteristics of the router to the
requirements of the network. Factors for choosing a router include:
• Type of connectivity required

• Features available
• Cost
Connectivity
Routers interconnect networks that use different technologies. They can have both LAN and
WAN interfaces.
The LAN interfaces of the router connect to the LAN media. The media is typically UTP
cabling, but modules can be added for using fiber optics. Depending on the series or model of
router, there can be multiple interface types for connecting LAN and WAN cabling.
3.3.4 - Selecting Internetworking Devices

The diagram depicts two images of interconnection. In the first image, a router interconnects two
LAN's. One LAN is connected using a switch, the other is connected using a hub. In the second
image, a router interconnects a switched LAN to a WAN (Internet).
Page 2:
Features
It is necessary to match the characteristics of the router to the requirements of the network. After
analysis, the business management may determine that it needs a router with specific features. In
addition to basic routing, features include:
• Security
• Quality of Service (QoS)
• Voice over IP (VoIP)
• Network Address Translation (NAT)
• Dynamic Host Configuration Protocol (DHCP)
• Virtual Private Network (VPN)
Cost
Budget is an important consideration when selecting internetwork devices. Routers can be

expensive, and additional modules, such as fiber optic modules, can increase the cost.
An Integrated Service Router (ISR) is a relatively new technology that combines multiple
services into one device. Before the introduction of the ISR, multiple devices were required to
meet the needs of data, wired, wireless, voice, video, firewall, and VPN technologies. The ISR
was designed with multiple services to accommodate the demands of small- to medium-sized
businesses and branch offices of large organizations. With an ISR, an organization can quickly
and easily enable end-to-end protection for users, applications, network endpoints, and wireless
LANs. In addition, the cost of an ISR can be less than if the individual devices were purchased
separately.

The diagram depicts the following integrated services router features:
Security
Wireless Access Point
VPN
DHCP
NAT
Intrusion Detection
Voice-over-IP
Quality of Service
Page 3:

Explore different internetworking device options.

Link to Packet Tracer Exploration: Exploring Internetworking Devices
3.3.5 Network Equipment Upgrades
Page 1:
Many small networks were initially built using a low-end integrated router to connect wireless
and wired users. These routers are designed to support small networks, usually consisting of a
few wired hosts and possibly four or five wireless devices. When a small business outgrows the
capabilities of their existing network devices, it is necessary to upgrade to more robust devices.
Within this course, examples of these devices are the Cisco 1841 ISR and the Cisco 2960 Switch.
The Cisco 1841 is designed to be a branch office or medium-sized business router. As an entry-
level multiservice router, it offers a number of different connectivity options. It is modular in
design and can deliver multiple security services.
3.3.5 - Network Equipment Upgrades

The diagram depicts the back of an 1841 I S R and the front of a 2960 24-port switch. If
available, refer to audio recordings for a description of the interfaces.
Page 2:
Some of the features of the Catalyst 2960 switches are:
• Entry-level, enterprise-class, fixed-configuration switching that is optimized for Access

Layer deployments
• Fast Ethernet and Gigabit Ethernet to desktop configurations
• Ideal for entry-level enterprise, mid-market, and branch-office environments
• Compact size for deployments outside of the wiring closet
These switches can provide the high speeds and high-density switching capabilities that the
smaller ISRs with integrated switching cannot. They are a good option when upgrading networks
built with either hubs or small ISR devices.
The Cisco Catalyst 2960 Series Intelligent Ethernet Switches are a family of fixed-configuration,
standalone devices that provide Fast Ethernet and Gigabit Ethernet connectivity to the desktop.
3.3.5 - Network Equipment Upgrades

The diagram depicts a stack of switches that are different models in the Cisco Catalyst 2960
Series.
3.3.6 Design Considerations
Page 1:
Purchasing network devices and installing cables are only the beginning of the network upgrade
process. Networks must also be reliable and available. Reliability can be achieved by adding
redundant components to the network, such as two routers instead of one. In this instance,
alternate data paths are created, so if one router is experiencing problems, the data can take an
alternate route to arrive at the destination.
An increase in reliability leads to improved availability. For example, telephone systems require
five-9s of availability. This means that the telephone system must be available 99.999% of the
time. Telephone systems cannot be down, or unavailable, for more than .001% of the time.
Fault tolerance systems are typically used to improve network reliability. Fault tolerance systems
include devices such as a UPS, multiple AC power supplies, hot-swappable devices, multiple
interface cards, and backup systems. When one device fails, the redundant or backup system
takes over to ensure minimal loss of reliability. Fault tolerance can also include backup
communication links.
3.3.6 - Design Considerations

The diagram depicts fault tolerance through redundant network link connections.
The network has four Access Layer switches, each with host PC's attached. A failure of any of
the Access Layer switches can affect the PC's that are directly connected.
Two central switches connect the Access Layer switches with multiple links for redundancy. The
failure of either of the central switches does not stop network operation.
Page 2:
IP Addressing Plan
Planning for a network installation must include planning the logical addressing. Changing the
Layer 3 IP addressing is a major issue when upgrading a network. If the structure of the network
is going to be changed in the upgrade, the IP address scheme and network information may need
to be altered.
The plan should include every device that requires an IP address, and account for future growth.
The hosts and network devices that require an IP address include:
• User computers
• Administrator computers
• Servers
• Other end devices such as printers, IP phones, and IP cameras
• Router LAN interfaces
• Router WAN (serial) interfaces
There are other devices that may need an IP address to access and manage them. These include:
• Standalone switches
• Wireless Access Points
For example, if a new router is introduced to the network, each interface on that router can be
used to create additional networks, or subnets. These new subnets need to have the proper IP
address and subnet mask calculated. Sometimes, this means having to assign a totally new
addressing scheme to the network.
After all of the planning and design phases are complete, the upgrade proceeds to the
implementation phase, in which the actual network installation begins.
3.3.6 - Design Considerations

The diagram depicts an example of hosts found on a network using an IP addressing plan.
Router Interfaces (Count the number of interfaces, and not the number of routers)
Printers
IP Phones (Count other specialty IP devices as well)
Switch Management Addresses
Administration Users
General Users
Servers
3.4 Chapter Summary

3.4.1 Summary
Page 1:
3.4.1 - Summary
Four Diagrams, Slider Graphic
Diagram 1, Image
The diagram depicts an example of requirements gathered in an interview.
Diagram 1 text
A network technician must perform a site survey to document the existing network structure
before a network upgrade can be planned.
Documentation to include a physical and logical topology map and an inventory sheet of all
equipment.
Gather customer network requirements through surveys and interviews.
Diagram 2, Image
Diagram 2 text
If a network upgrade is necessary, a plan should be in place, with consideration of the strengths,
weaknesses, opportunities, or threats (SWOT) of the network installation.
There are five phases of a network upgrade: requirements gathering, selection and design,
implementation, operation, and review and evaluation.
Examining the network facilities includes the physical environment, the telecommunication
rooms (MDF and I DF), as well as existing network wiring.
Diagram 3, Image
The diagram depicts the physical building environment of a network.
Diagram 3 text
When cabling, there are four physical areas to consider: work area, distribution area,
telecommunications room area, and the backbone area.
When determining cabling needs, it is necessary to keep in mind the work area, the type of cable
used, and the purpose of the cable.
Structured cabling projects deal with the placement of cables, the location of wiring closets,
cable management, and electrical considerations.
Diagram 4, Image
The diagram depicts network devices.
Diagram 4 text
When new equipment is used for network upgrade, there are two purchase options: managed
service and in-house customer purchased.
A device that functions at higher O S I layers is generally considered a more intelligent device.
When upgrading network devices, cost and expandability are important factors to consider.
3.5 Chapter Quiz

3.5.1 Quiz
Page 1:
3.5.1 - Quiz
Chapter 3 Quiz: Planning a Network Upgrade
1.What three types of network documentation does a technician need to complete before
designing a new network? (Choose three)
A.cut sheet.
B.inventory sheet.
C.site survey report.
D.standards evaluation.
E.topology maps.
F.upgrade initiative.
2.What should the on-site technician do immediately after completing the site survey?
A.begin scheduling the work for the network upgrade.
B.order the networking devices and software required.
C.review the survey results with the network designer.
D.review the survey results with the customer to ensure accuracy.
3.Which three steps must be completed before implementation of the new network can begin?
(Choose three)
A.The network is brought into a production environment.
B.Projected designs and costs are compared with actual deployment.
C.Prototypes are created and tested.
D.An Analysis Report is generated.
E.The design is approved by the customer.
F.The operation of the network upgrade is monitored.
4.What are two characteristics of horizontal cabling? (Choose two)

A.It terminates at a face plate in the user work area.
B.It connects directly to a switch or router in the MDF.
C.It terminates at a patch panel in the I DF or MDF.
D.It connects two networking devices located in different I DF's.
E.It connects the PC to the face plate.
5.When designing a structured cable project, why is it important to obtain an accurate floor plan?
(Choose three)
A.to design the Layer 3 addressing.
B.to share the conduit with existing electrical wiring.
C.to identify possible wiring closet locations.
D.to determine the number of host devices needed.
E.to avoid areas with electrical equipment or wiring.
F.to estimate how much cable will be required.
6.Match the cable type to the appropriate description.
Cable Types
a.patch cable.
b.horizontal cable.
c.vertical cable.
d.cable-containment system.
Descriptions
1.cable from the I DF to the MDF in the organizations backbone area.
2.a series of trays and straps used to guide and protect cable runs.
3.short cable from the computer to the wall plate in the user work area.
4.cabling from the wall plate to the I DF in the distribution area.
7.Why is it important to consider the size of failure domains when upgrading a network?
A.Creating large failure domains reduces the number of IP broadcast domains.
B.Small failure domains reduce the number of users affected when a network device
malfunctions.
C.Large failure domains usually improve the network reliability and reduce downtime.
D.It requires fewer networking devices to create small failure domains than large ones.
8.Why would a managed-service customer want to have an SLA with the ISP?
A.to ensure that equipment ordered from vendors is delivered on time.
B.to provide extended warranties for customer-installed networking equipment.
C.to guarantee customer premises wiring meets all required standards.
D.to have a written agreement of what services the ISP will provide.
9.Where would the on-site technician record information about the brand, model, and operating
system of the hosts and networking devices installed on the network be located?
A.topology map.
B.inventory sheet.
C.office floorplan.
D.analysis report.
10.ISP is recommending a Cisco 1841 ISR to upgrade a small business customer LAN. Why is
an ISR a good choice for a small business customer? (Choose two)
A.An ISR often costs less than a stand-alone router and a LAN switch solution.
B.The ISR eliminates the need for on-site email or web servers.
C.ISR's combine routing, switching, and wireless capabilities in a single device.
D.ISR's are a good choice because small businesses usually do not require firewall security.
E.Because the ISR features are limited to routing and switching, they are easier to configure.
End
4 Planning the Addressing Structure
4.0.1 Introduction
Page 1:
As small-to-medium-sized business networks expand to meet the challenges of new applications
and services, they often outgrow their initial design.
A key factor when planning the network upgrade is network addressing.
Creating a flexible, scalable IP addressing structure able to support new growth is critical to the
success of the upgraded network.

Describe how IP addressing is implemented in the LAN.
Subnet a given network to allow for efficient use of IP address space.
Explain how Network Address Translation (NAT) and Port Address (PAT) are used in a
network.
4.1 IP Addressing in the LAN
4.1.1 Review of IP Addresses
Page 1:
One of the most important aspects of communications on an internetwork is the IP addressing

scheme.
IP addressing is the method used to identify hosts and network devices. As the Internet grew
over time and the number of hosts connected to it increased, IP addressing schemes had to adapt
to cope with the growth.
While IP addressing schemes have had to adapt, the basic IP address structure for IPv4 remains
the same. To send and receive messages on an IP network, every network host must be assigned
a unique 32-bit IP address. Because large binary numbers are difficult for people to read and
understand, IP addresses are usually displayed in dotted-decimal notation. In dotted-decimal
notation, each of the four octets is converted to a decimal number separated by a decimal point.
For example, the IP address:
11000000.10101000.00000001.01101010
is represented as 192.168.1.106 in dotted-decimal notation.
4.1.1 - Review of IP Addresses

The animation depicts how an IP address is expressed in dotted decimal notation.
An IP address is a 32-bit logical network address. 32 bits are difficult to read, so the address is
split into four octets, converted to base 10, and the octets are separated by dots. This is known as
dotted-decimal notation.
Page 2:
IP addresses are hierarchical. A hierarchy is like a family tree with parents at the top and children
connected to them below. For a network, this means that part of the 32-bit number identifies the
network (parent), while the rest of the bits identify the host (child). In the early days of the
Internet, there were so few organizations needing to connect to the Internet, that networks were
assigned by only the first 8 bits (first octet) of the IP address. This left the remaining 24 bits to be
used for local host addresses.
The 8-bit network designation made sense at first, because originally people thought that the
Internet would be made up of a few very large universities, governments, and military
organizations. Using only 8 bits for the network number enabled the creation of 256 separate
networks, each containing over 16 million hosts. It soon became apparent that more
organizations, and eventually individuals, were connecting to the Internet to do research and to
communicate with others. More networks were required, and a way to assign more network
numbers had to be created.

The animation depicts a network and the host hierarchy of the IP address.
IP addresses are hierarchical. In this example, the network is identified by the first three octets,
and the host is identified by the fourth octet.
Page 3:
To create more possible network designations, the 32-bit address space was organized into five
classes. Three of these classes, A, B, and C, provide addresses that can be assigned to individual
hosts or networks. The other two classes, D and E, are reserved for multicast and experimental
use.
Until this change, routers examined only the first 8-bits of an IP address for the network ID.
Class B networks, however, use the first 16 bits to identify the network. Class C networks use the
first 24 bits to identify the network. With this addition, routers needed to be programmed to look
beyond the first 8 bits to identify class B and C networks.
It was decided to divide the networks in a manner that would make it easy for routers and hosts
to determine the correct number of network ID bits. The class of a network is indicated by the
values of the first few bits of the IP address, called the high-order bits. If the first bit is 0, the
network is a Class A, and the first octet represents the network ID. When the first bit is 1, the
router examines the second bit. If that bit is 0, the network is a Class B, and the router uses the
first 16 bits for the network ID. If the first three bits are 110, it indicates a Class C address. Class
C addresses use the first 24 bits, or three octets, to designate the network. Dividing the original
8-bit network into smaller network classes increased the number of available network
designations from 256 to over two million.

The diagram depicts five network address classes: Class A, B, C, D, and E.
Class A
The first octet denotes the network address, and the last three octets are the host portion. Any IP
address where the first bit of the first octet is 0 is a Class A. Class A addresses can have a
decimal value within the first octet ranging between 1 and 126. These addresses are typically
used for networks with more than 65,534 hosts. The Class A address 127 is reserved for
loopback testing.
Class B
The first two octets denote the network address, and the last two are the host portion. Any IP
address where the first two bits of the first octet are 10 is a Class B. Class B addresses can have a
decimal value within the first octet ranging between 128 and 191. These addresses are typically
used for networks that have between 255 and 65,534 hosts.
Class C
The first three octets denote the network address, and the last one is the host portion. Any IP
address where the first three bits of the first octet are 110 is a Class C. Class C addresses can
have a decimal value within the first octet ranging between 192 and 223. These addresses are
typically used for networks with 254 or less hosts.
Class D
Used for multicast addressing. Any IP address where the first four bits of the first octet are 1110
is a Class D. Class D addresses can have a decimal value between 224 and 239.
Class E
Reserved for future experimental usage and broadcasting. Any IP address where the first five bits
of the first octet are 11110 is a Class E. Class E addresses can have a decimal value between 240
and 255.
Page 4:
In addition to creating separate classes, the Internet Engineering Task Force (IETF) decided to
reserve some of the Internet address space for use by private networks. Private networks have no
connection to public networks. Private network addresses are not to be routed across the Internet.
This allows multiple networks in various locations to use the same private addressing scheme
without creating addressing conflicts.
The use of private address space reduced the number of unique registered IP addresses that were
assigned to organizations.
A single Class A address, 10.0.0.0, was reserved for private use. In addition, address space in
classes B and C was also set aside for private networks.
Most networks today use a private address structure. Most consumer networking devices, by
default, give out private addresses through DHCP. Only the devices that connect directly to the
Internet are assigned registered Internet routable addresses.

The diagram depicts a table with private IP Address information for each class, A. through E.
Class A private addresses.

Address range: 10.0.0.0 to 10.255.255.255.
Default Subnet Mask: 255.0.0.0.
Number of Networks: 1.
Hosts per Network: 16,777,214.
Total Hosts: 16,777,214.
Class B private addresses.

Address range: 172.16.0.0 to 172.31.255.255.
Hosts per Network: 65,534.
Total Hosts: 1,048,544.
Class C private addresses.

Address range: 192.168.0.0 to 192.168.255.255.
Hosts per Network: 254.
Total Hosts: 65,024.
The diagram shows a new ISR with internal wired and wireless clients. The New ISR is
connected to an ISP router. The ISP gives a public address to the external interface of the New
ISR, for example 209.165.201.14. The internal wireless ISR connects to New ISR with a private
default gateway address of 192.168.1.1. Client private IP addresses are from 192.168.1.101 to
192.168.1.150.
4.1.2 Subnetting a Network
Page 1:
Networks continued to grow and connect to the Internet throughout the 1980s and into the 1990s,
with many organizations adding hundreds, and even thousands, of hosts to their network. An
organization with thousands of hosts should have been well served by a Class B network,
however, there were some problems.
First, organizations with thousands of hosts rarely had them all in one place. Some organizations
wanted to separate individual departments from each other for security or management purposes.
Second, a primary type of packet forwarded on a network is the broadcast packet. Broadcast
packets are forwarded to all hosts within a single logical network. With thousands of hosts on a
single network sending broadcast traffic, and limited bandwidth available, network performance
significantly decreased as more hosts were added.
To solve these problems, the organizations leading the development of the Internet chose to
partition their networks into mini-networks, or subnetworks, using a process called subnetting.
How can a single IP network get split into multiple networks so that each subnet is treated as a
separate network?
RFC 917, Internet Subnets, defines the subnet mask as the method routers use to isolate the
network portion from an IP address. When a router receives a packet, it uses the destination IP
address in the packet and the subnet masks associated with the routes in its routing table to
determine the appropriate path on which to forward the packet.
The router reads the subnet mask from left to right, bit by bit. If a bit in the subnet mask is set to
1, it indicates that the value in that position is part of the network ID. A 0 in the subnet mask
indicates that the value in that position is part of the host ID.
4.1.2 - Subnetting a Network

The diagram depicts a table with information about each network address class, A. through E.
Class A.
Has a first octet range of decimal 1-127.
Binary 00000000-01111111.
Decimal subnet of 255.0.0.0.
128 possible networks, 16,777,214 hosts.
Used for commercial purposes.
Address range is 1.0.0.1 to 126.255.255.254. (Class A address 127.0.0.0 is reserved for loopback
testing).
Class B.
Binary 10000000-10111111.
Possible 16,384 networks, 65,534 hosts.
Address range is 128.0.0.1 to 191.255.255.254.
Class C.
Binary 11000000-11011111.
Possible 2,097,152 networks, 254 hosts.
Address range is 192.0.0.1 to 223.255.255.254.
Class D.
Binary 11100000-11101111.
Reserved for multicast purposes.
Class E.
Binary 11110000-11110111.
Reserved for experimental use.
Note: All zeros (0) and all ones (1) are invalid host addresses.
Page 2:
In the original IP address hierarchy, there are two levels: a network and a host. In a classful
addressing scheme, the first three leading bit values are used to determine that an IP address is
either a Class A, B, or C. When an address is identified by class, the number of bits that make up
the network ID and the number of bits that make up the host ID are known. The default subnet
masks for the network classes are:
Class A 255.0.0.0
Class B 255.255.0.0
Class C 255.255.255.0
Subdividing a classful network adds a level to the network hierarchy. Now there are three levels:
a network, a subnetwork, and a host. How can the subnet mask be modified to indicate the new
hierarchical level?
A single Class A, B, or C network address space can be divided into multiple subnetworks by
using bits from the host address space to designate the subnet ID. As an example, an organization
using a Class C address space has two offices in different buildings. To make the network easier
to manage, the network administrators want each location to have a logically separate network.
Taking two bits from the host address increases the subnet mask length from the default 24 bits
to 26 bits, or 255.255.255.192.
When bits are borrowed from the host portion of the address to identify the subnet, fewer bits are
available for individual hosts. If two bits are used for the subnet ID, only six bits are left in the
host portion of the address.

The diagram depicts an IP address hierarchy of a network with subnets and hosts.
A customer router with two subnets, internal wired and wireless clients, is connected to an ISP
router and an internal wireless router. A network hierarchy illustrates that the customer router
with two subnets represent the entire customer network. The internal wired and wireless local
networks represent subnets and the PC's and routers within each of the subnet represent hosts.
Page 3:
With traditional classful subnetting, the same number of host bits is used to designate the subnet
ID for all the resulting subnetworks. This type of subnetting always results in a fixed number of
subnets and a fixed number of hosts per subnet. For this reason, this is known as fixed-length
subnetting.
The decision about how many host bits to use for the subnet ID is a big planning decision. There
are two considerations when planning subnets: the number of hosts on each network, and the
number of individual local networks needed. The table for the subnet possibilities for the
192.168.1.0 network shows how the selection of a number of bits for the subnet ID affects both
the number of possible subnets and the number of hosts that can be in each subnet.
One thing to keep in mind is that in all IPv4 networks, two host addresses are reserved: the all-0s
and the all-1s. An address with all 0s in the host portion of the address is an invalid host address
and usually refers to the entire network or subnetwork. An address with all 1s in the host portion
is used as the local network broadcast address. When a network is subnetted, each subnet
contains an all-0s and an all-1s host address that cannot be used for individual host addresses.
The diagram depicts the process of dividing the IP address hierarchy for classful subnetting.
Subnetting the 192.168.1. 0 network:
11000000 10101000 00000001 hhhhhhhh

Subnet I D Bits 0
Host I D Bits 8
Number of Subnets 1
Number of Hosts 254
Bit pattern hhhhhhhh
Subnet I D bits = 0, the network has one subnet.
Subnet I D Bits 1
Host I D Bits 7
Number of Subnets 2
Number of Hosts 126
Bit pattern s hhhhhhh
As soon as one of the host bits is designated as a subnet bit, the network will have two subnets.
Remember, in binary, a bit can have two states, 1 or 0, so the number of subnets is 2^s.
Subnet I D Bits 2
Host I D Bits 6
Number of Subnets 4
Number of Hosts 62
Bit pattern ss hhhhhh
Subnet I D Bits 3
Host I D Bits 5
Number of Subnets 8
Number of Hosts 30
Bit pattern sss hhhhh
Subnet I D Bits 4
Host I D Bits 4
Number of Subnets 16
Number of Hosts 14
Bit pattern ssss hhhh
Notice the inverse relationship between the number of subnets and the number of hosts.
Subnet I D Bits 5
Host I D Bits 3
Number of Hosts 6
Bit pattern sssss hhh
The question asked in the diagram is as follows:
Our example network has fewer than six hosts in it. If we had to really subnet this network,
would we choose to break it into two subnets, or would we choose to break it into the number of
subnets that support 6 hosts?
Subnet I D Bits 6
Host I D Bits 2
Number of Hosts 2
Bit pattern ssssss hh
4.1.3 Custom Subnet Masks
Page 1:
When a network is partitioned, the router must use a modified or custom subnet mask to
distinguish the subnets from each other.
A default subnet mask and a custom subnet mask differ from each other in that the default subnet
masks only change on octet boundaries. For instance, the default subnet mask for a Class A
network is 255.0.0.0. Custom subnet masks take bits from the host ID portion of the IP address
and add them to the default subnet mask.
To create a custom subnet mask, the first question to answer is how many bits to take from the
host ID to add to the subnet mask? The number of bits to borrow to meet a specific number of
subnets can be determined by the math equation: 2^n, where n equals the number of bits
borrowed.
If three subnets are required, there must be enough subnet bits to allow for three unique subnet
addresses.
For example, if starting with a Class C address, such as 192.168.1.0, there are only eight host bits
to borrow from. Each bit can only be a 1 or a 0. To allow for three subnets, at least two of the
eight bits must be borrowed. This creates four subnets total:
00 - 1st subnet
01 - 2nd subnet
10 - 3rd subnet
11 - 4th subnet
In the above example, two bits were borrowed, 2^2 = 4 or 2 x 2 = 4, so four subnets were
created. If between five and eight subnets were needed, then three bits would be required (2^3 =
8 or 2 x 2 x 2).
The number of bits selected for the subnet ID affects both the number of possible subnets and the
number of hosts that can be in each subnet.
4.1.3 - Custom Subnet Masks

The diagram depicts the process of borrowing one bit from the host portion of network address
192.168.1.0 /24 to create two subnets. The four columns are headed Subnet, Network Address,
Host Range, and Broadcast Address.
SubnetNetwork Address Host RangeBroadcast Address

0192.168.1.0 /25192.168.1.0 to .126192.168.1.127
1192.168.1.128 /25192.168.1.129 to .254192.168.1.255
The resulting addressing scheme shows the range of host addresses and the broadcast address for
each subnet.
Page 2:
With classed subnetting, the number of bits required for the subnet ID depends on two factors:
the number of subnets created and the number of hosts per subnet.
In classed, or fixed-length, subnetting, all subnets must be the same size, which means that the
maximum number of hosts that each subnet can support is the same for all subnets created. The
more bits that are taken for the subnet ID, the fewer bits left for host IDs.
The same base equation, 2^n, with a slight modification, can be used to determine the number of
host IDs available based on the number of host bits remaining. Because each subnet has two host
addresses that are reserved, the all-0s and all-1s addresses, the equation to determine the number
of hosts supported is modified to 2^n - 2.
After it is determined how many bits make up the subnet address, all devices on the network are
informed of the subdivision by the subnet mask. With the subnet mask, it is possible to tell which
subnet an IP address is in and to design simple classful subnetted IP address schemes.

The diagram depicts the process of borrowing two bits from the host portion of network address
192.168.1.0 /24 to create four subnets. The four columns are headed Subnet, Network Address,
Host Range, and Broadcast Address.
SubnetNetwork Address Host RangeBroadcast Address
0192.168.1.0 /26192.168.1.0 to .62192.168.1.63
1192.168.1.64 /26192.168.1.65 to .126192.168.1.127
2192.168.1.128 /26192.168.1.129 to .190192.168.1.191
3192.168.1.192 /26192.168.1.193 to .254192.168.1.255
Page 3:
Subnetting solved a number of problems that existed with the original classed network address
spaces. It permitted organizations that owned a class A, B, or C address to subdivide their
address space into smaller local subnets to more efficiently assign addresses. However,
subnetting is also important in helping to minimize traffic loads and for adding security measures
between networks.
An example of a situation that might require subnetting is an ISP customer that has outgrown its
initial network installation. In this network, the original small, integrated wireless router is
overloaded with traffic from both wired and wireless users. Because of its relatively small size, a
Class C address space is used to address the network.
One possible solution to the problem of the overloaded network is to add a second networking
device, such as a larger integrated service router (ISR). When adding a device, it is a good
practice to place the wired and wireless users on separate local subnetworks to increase security.
The original wireless router can still be used to provide the wireless users with connectivity and
security on one network. Hubs or switches connecting the wired users can then be directly
connected to the new ISR using a different network. The ISR and the wireless router can then be
directly connected with a third network.
This new network configuration requires that the existing Class C network be divided into at
least three subnetworks. Using classful subnetting, at least two bits must be taken from the host
portion of the address to meet the customer requirements. This subnetting scheme results in the
creation of four individual networks, each with 62 available host addresses (64 possible
addresses, minus the all-0s and all-1s addresses).

The diagram depicts an original ISR with internal wired clients representing a single network.
This ISR changes to a new ISR. A wireless ISR is added for wireless clients, which splits the
network into two subnets.
Page 4:

The diagram depicts an activity in which you must determine the network address in binary and
decimal for each IP address presented.
IP Address One.
Host address: 10.80.130.194
Subnet Mask: 255.255.254.0
Host address in binary: 00001010-01010000-10000010-11000010
Subnet Mask in binary: 11111111-11111111-11111110-00000000
What is the network address in binary?
What is the network address in decimal?
IP Address Two.
Host address: 10.207.88.219
Subnet Mask: 255.255.255.224
IP Address Three.
Host address: 10.238.110.142
Subnet Mask: 255.255.128.0
Page 5:
Subnet a network to meet the requirements of multiple LANs.

Link to Packet Tracer Exploration: Implementing an IP Addressing Scheme
4.1.4 VLSM and Classless Inter-Domain Routing (CIDR)
Page 1:
The original classful subnetting design required that all subnets of a single classed network be
the same size. This was because routers did not include subnet mask information in their routing
updates. A router programmed with one subnet address and mask on an interface automatically
applied that same mask to the other network subnets in its routing table. This limitation required
planning for fixed-length subnet masks in the IP addressing scheme.
However, fixed-length subnet masks can waste a significant number of IP addresses. For
example, an organization with one site has approximately 8,000 hosts and three other locations
with 1,000, 400, and 100 hosts, respectively. With a fixed-length subnet mask, each subnet
would have to support at least 8,000 hosts, even the one assigned to the location needing only
100 addresses.
Variable length subnet masking (VLSM) helps to solve this issue. VLSM addressing allows an
address space to be divided into networks of various sizes. This is done by subnetting subnets.
To accomplish this, routers today must receive routing information that includes the IP address
of the network, and the subnet mask information which indicates the number of bits that make up
the network portion of the IP address. VLSM saves thousands of IP addresses that would be
wasted with traditional classful subnetting.
In addition to VLSM, Classless Inter-Domain Routing (CIDR) was proposed in RFC 1519 and
accepted. CIDR ignores network classes based on the value of the high-order bits. CIDR
identifies networks based solely on the number of bits in the network prefix, which corresponds
to the number of 1s in the subnet mask. An example of an IP address written using CIDR
notation is 172.16.1.1/16, where the /16 represents the number of bits in the network prefix.
4.1.4 - VLSM and Classless Inter-Domain Routing (C I D R)

The diagram depicts a comparison of fixed length subnet masking and variable length subnet
masks (VLSM). There are four subnets, 1, 2, 3, and 4, have 8,000, 1,000, 400, and 100 hosts,
respectively.
In the fixed length subnet masking diagram, starting with network I D 172.16.0.0 and a fixed
mask of 255.255.224.0 ( /19), this creates eight subnets of 8,190 hosts each. This is efficient for
Subnet 1 with 8,000 hosts, but wastes a large number of addresses for the other three subnets.
The VLSM diagram shows that Subnet 1 can still use a 255.255.224.0 ( /19) mask, and Subnet 2
can use a 255.255.252.0 ( /22) mask for a maximum number of 1,022 hosts. Subnet 3 can use a
255.255.254.0 ( /23) mask for a maximum number of 510 hosts, and Subnet 4 can use a
255.255.255.128 ( /25) mask for a maximum number of 126 hosts. The remaining addresses can
be used elsewhere or for future expansion.
Page 2:
CIDR protocols freed routers from using only the high-order bits to determine the network
prefix. Removing that restriction eliminated the need to allocate registered IP addresses by
address class.
Before CIDR, an ISP requiring 3,000 host addresses could request either a full Class B address
space or multiple Class C network addresses to meet its requirements. With a Class B address
space, the ISP would waste thousands of registered addresses. If it requested multiple Class C
addresses, it could be difficult to design the ISP network so that no single section required more
than 254 host addresses. Routing tables containing many Class C addresses can also get large
and difficult to manage.
By ignoring the traditional address classes, CIDR enables the ISP to request a block of addresses
based on the number of host addresses it requires. Supernets, created by combining a group of
Class C addresses into one large block, enable addresses to be assigned more efficiently. An
example of a supernet is 192.168.0.0/19. Using the first 19 bits of the IP address for the network
prefix enables this supernet to contain 8,190 possible host addresses. An ISP can use a supernet
as one large network or divide it into as many smaller networks as needed to meet its
requirements.
In this example of a supernet, the private Class C address of 192.168.0.0 is used. In reality, most
networks that use private addressing use either the Class A or B reserved addresses and
subnetting. Although classed addressing and fixed-length subnet masking are becoming less
common, it is important to understand how these addressing methods work. Many devices still
use the default subnet mask if no custom subnet mask is specified.
4.1.4 - VLSM and Classless Inter-Domain Routing (C I D R)

The diagram depicts information about the C I D R standard.
C I D R (RFC 1519) allowed for:

More efficient use of IPv4 address space
Prefix aggregation, which reduced the size of routing tables
4.1.5 Communicating Between Subnets
Page 1:
When a network is split into subnets, each subnet is actually a completely separate network.
Therefore, for a device in one subnet to communicate with a device in another subnet, a router is
required because routers connect networks.
To determine how many hosts are needed in each subnet, it is necessary to include the router
interface, or gateway interface, and the individual host devices. Each router interface must have
an IP address in the same subnet as the host network attached to it.
In some instances, it may be necessary to connect two routers, such as when connecting the
Linksys device and the 1841 ISR. This configuration must ensure that interfaces on routers that
connect to each other are assigned IP addresses in the same network or subnet. Here the common
link shows the two routers connected on the 192.168.1.16/29 subnet with host IP addresses of
192.168.1.17/29 and 192.168.1.18/29.
The animation depicts how router interfaces are to be accounted for when determining IP
addresses to be included in the subnets.
Page 2:
Modify the addresses, subnet masks, and device default gateways to enable routing between
subnets.

Link to Packet Tracer Exploration: Communicating Between Subnets
Page 3:
Lab Activity
Create an IP addressing scheme for a small network.

Link to Hands-on Lab: Subnetting a Network
4.2 NAT and PAT
4.2.1 Basic Network Address Translation (NAT)
Page 1:
Routers are required to route between subnets on an internal network, regardless of whether the
IP address range is public or private. However, if the address range is private, private networks
cannot be routed across the public Internet. Therefore, how do host devices using a private
addressing scheme communicate across the Internet? Network Address Translation (NAT) must
be enabled on the device connecting the private network to the ISP network.
NAT allows a large group of private users to access the Internet by sharing one or more public IP
addresses. Address translation is similar to how a telephone system works in a company. As a
company adds employees, at some point, they no longer run a public phone line directly to each
employee desk. Instead, they use a system that allows the company to assign each employee an
extension number. The company can do this because not all employees use the phone at the same
time. Using private extension numbers enables the company to purchase a smaller number of
external phone lines from the phone company.
NAT works similarly to a company phone system. Saving registered IP addresses is one of the
main reasons that NAT was developed. NAT can also provide security to PCs, servers, and
networking devices by withholding their actual IP host addresses from direct Internet access.
4.2.1 - Basic Network Address Translation (NAT)

The animation depicts the function of Network Address Translation (NAT). NAT is required
between the local private network and the public Internet. NAT allows many users in a private
network to use a few public IP addresses. In the diagram, five public Internet addresses are used
by the customer router, which is attached to the ISP . The internal wired and wireless subnets
have 40 private users that can use of the external public addresses to access the Internet.
Page 2:
The main advantages of NAT are that IP addresses can be re-used and many hosts on a single
LAN can share globally unique IP addresses. NAT operates transparently and helps shield users
of a private network against access from the public domain.
In addition, NAT hides private IP addresses from public networks. The advantage to this is that
NAT operates much like an access control list, not allowing outside users to access internal
devices. The disadvantage is that additional configurations are required to allow access from
legitimate, external users.
Another disadvantage is that NAT has an impact on some applications that have IP addresses in
their message payload, because these IP addresses must also be translated. This translation
increases load on the router and hinders network performance.
4.2.1 - Basic Network Address Translation (NAT)

The diagram depicts a table with the advantages and disadvantages of NAT.
Advantages of NAT
Public IP address sharing
Transparent to end users
Improved Security
LAN expandability or scalability
Local control including ISP connectivity
Disadvantages of NAT
Incompatibility with certain applications
Hinders legitimate remote access
Performance reduction caused by increased router processing
4.2.2 IP NAT Terms
Page 1:
When configuring NAT on a router, there are a few terms that help explain how the router
accomplishes NAT:
• Inside local network - Refers to any network connected to a router interface that is part
of the privately addressed LAN. Hosts on inside networks have their IP addresses
translated before they are transmitted to outside destinations.
• Outside global network - Any network attached to the router that is external to the LAN
and does not recognize the private addresses assigned to hosts on the LAN.
• Inside local address - Private IP address configured on a host on an inside network. The
address must be translated before it can travel outside the local network addressing
structure.
• Inside global address - IP address of an inside host as it appears to the outside network.
This is the translated IP address.
• Outside local address - Destination address of the packet while it is on the local
network. Usually, this address is the same as the outside global address.
• Outside global address - Public IP address of an external host. The address is allocated
from a globally routable address or network space.
4.2.2 - IP NAT Terms

The diagram depicts the process by which NAT translates private IP addresses.
The gateway router translates the private IP address to a public IP address from the NAT address
pool before sending it on the outside network.
When the remote server replies, it uses the translated address as the destination address of the
packet. The gateway router receives the packet and translates the destination address back to the
inside private address.
Page 2:
4.2.2 - IP NAT Terms
The diagram depicts an activity in which you must determine if the Address Type for each
source and destination of an ISP and a LAN is one of the following NAT terms:
A.Inside Local
B.Outside Local
C.Inside Global
D.Outside Global
Host, H 1, is the internal LAN host with private IP address 192.168.1.106.

Host, H 2, is the external ISP server with public IP address 209.165.200.226.
Match the Inside and Outside options to the correct Address Type. Remember, devices from the
LAN are inside. On the inside network, IP addresses are local. On the outside network, IP
addresses are global.
ISP
One.Source - IP Address: translated
Two.Destination - IP Address: 209.165.200.226
LAN
One.Source - IP Address: 192.168.1.106
Two. Destination - IP Address: 209.165.200.226
4.2.3 Static and Dynamic NAT
Page 1:
Addresses can be assigned dynamically. Dynamic NAT allows hosts on a private network that
have private IP addresses to access a public network, such as the Internet. Dynamic NAT occurs
when a router assigns an outside global address from a pre-defined address, or pool of addresses,
to an inside private network device.
As long as the session is open, the router watches for the inside global address and sends
acknowledgments to the initiating inside device. When the session ends, the router simply
returns the inside global address to the pool.
4.2.3 - Static and Dynamic NAT

The diagram depicts an animation of a dynamic NAT.
Inside Local Addresses 192.168.1.106

Outside Global Addresses 209.165.200.226
IP addresses on the LAN, such as 192.168.1.0, are translated dynamically to any one of these
globally unique IP addresses, 209.165.201.0 /27.
Page 2:
One of the advantages of using NAT is that individual hosts are not directly accessible from the
public Internet. But what if one or more of the hosts within a network are running services that
need to be accessed from Internet connected devices and devices on the local private LAN?
One way to provide access to a local host from the Internet is to assign that device a static
address translation. Static translations ensure that an individual host private IP address is always
translated to the same registered global IP address. It ensures that no other local host is translated
to the same registered address.
Static NAT allows hosts on the public network to access selected hosts on a private network. If a
device on the inside network needs to be accessible from the outside, use static NAT.
Both static and dynamic NAT can be configured at the same time, if necessary.

The diagram depicts an animation of a static NAT.
Inside Local Addresses 192.168.1.106

Outside Global Addresses 209.165.200.226
Before translation, the permanently assigned IP Address is 192.168.1.106. After translation the
permanently assigned IP address is 209.165.202.129. The destination address in the packets from
external hosts is 209.165.202.129. The router translates the address to the internal address of the
host, which is 192.168.1.106.
Page 3:
Examine the contents of the IP header as traffic crosses the NAT border.

Link to Packet Tracer Exploration: Examining Network Address Translation (NAT)
4.2.4 Port-based Network Address Translation (PAT)

Page 1:
When an organization has a very small registered IP address pool, or perhaps even just a single
IP address, it can still enable multiple users to simultaneously access the public network with a
mechanism called NAT overload, or Port Address Translation (PAT). PAT translates multiple
local addresses to a single global IP address.
When a source host sends a message to a destination host, it uses an IP address and port number
combination to keep track of each individual conversation with the destination host. In PAT, the
gateway translates the local source address and port combination in the packet to a single global
IP address and a unique port number above 1024. Although each host is translated into the same
global IP address, the port number associated with the conversation is unique.
Responding traffic is addressed to the translated IP address and port number used by the host. A
table in the router contains a list of the internal IP address and port number combinations that are
translated to the external address. Responding traffic is directed to the appropriate internal
address and port number. Because there are over 64,000 ports available, a router is unlikely to
run out of addresses, which could happen with dynamic NAT.
4.2.4 - Port-based Network Address Translation (PAT)

The diagram depicts a local network with 40 private users and one public address.
Page 2:
Because each translation is specific to the local address and local port, each connection, which
generates a new source port, requires a separate translation. For example, 10.1.1.1:1025 requires
a separate translation from 10.1.1.1:1026.
The translation is only in place for the duration of the connection, so a given user does not keep
the same global IP address and port number combination after the conversation ends.
Users on the outside network cannot reliably initiate a connection to a host on a network that
uses PAT. Not only is it impossible to predict the local or global port number of the host, but a
gateway does not even create a translation unless a host on the inside network initiates the
communication.

The diagram depicts the TCP process using PAT.
The user PC attaches a port number to its source IP address to be included in the outbound
request. The destination is a web server, and the destination address has well-known port 80
attached.
The gateway router receives the request and translates the source IP address to the one available
public IP address. It then chooses an available port number from the available ports, which is any
port greater than 1024, and binds it to the public IP address before forwarding the packet. The
server responds, sending it to the same IP address and port combination that sent it. The gateway
receives the response and recognizes the IP address and port combination. It translates the
combination to the correct IP address and binds it to the original port number that the
communication loop can be closed.
Page 3:
Lab Activity
Determine the number of Port Address Translations being performed.

Link to Hands-on Lab: Determining PAT Translations.
4.2.5 IP NAT Issues
Page 1:
People access the Internet from private networks without ever realizing that the router is using
NAT. However, an important issue with NAT is the additional workload necessary to support IP
address and port translations.
Some applications increase the workload of the router, because they embed an IP address as part
of the encapsulated data. The router must replace the source IP addresses and port combinations
that are contained within the data, and the source addresses in the IP header.
With all this activity taking place within a router, NAT implementation requires good network
design, careful selection of equipment and accurate configuration.
NAT has become so commonplace in integrated networking devices used in homes and small
businesses, that for some people, configuring it is a matter of selecting a check box. As
businesses grow and require more sophisticated gateway and routing solutions, device
configurations for NAT become more complex.
4.2.5 - IP NAT Issues

The diagram depicts examples of networking.
Page 2:
Subnetting networks, private IP addressing, and the use of NAT were developed to provide a
temporary solution to the problem of IP address depletion. These methods, though useful, do not
create more IP addresses. As a response to address depletion, IPv6 was proposed in 1998 with
RFC 2460.
Although its primary purpose was to solve IPv4 IP address depletion, there were other good
reasons for its development. Since IPv4 was first standardized, the Internet has grown
significantly. This growth has uncovered advantages and disadvantages of IPv4, and the
possibility for upgrades to include new capabilities.
A general list of improvements that IPv6 proposes are:
• More address space

• Better address space management
• Easier TCP/IP administration
• Modernized routing capabilities
• Improved support for multicasting, security, and mobility
The development of IPv6 is designed to address as many of these requests and problems as
possible.

The diagram depicts a timeline for the evolution of IP from IPv4 to IPv6.
1981 RFC 791 defined (IPv4)

1984 RFC 917 defined IP subnetting
1993 RFC 1519 defined C I D R
1996 RFC 1918 defined private IP addressing
1998 RFC 2460 defined IPv6
1998 to Present - transition from IPv4 to IPv6 (ongoing)
Page 3:
With IPv6, IP addresses are 128 bits with a potential address space of 2^128. In decimal
notation, that is approximately a 3 followed by 38 zeroes. If IPv4 address space was represented
by a small marble, then IPv6 address space is represented by a volume almost equivalent to the
planet Saturn.
Working with 128-bit numbers is difficult, so the IPv6 address notation represents the 128 bits as
32 hexadecimal digits, which are further subdivided into eight groups of four hexadecimal digits,
using colons as delimiters. The IPv6 address has a three-part hierarchy. The global prefix is the
first three blocks of the address and is assigned to an organization by an Internet names registry.
The subnet and the interface ID are controlled by the network administrator.
Network administrators will have some time to adjust to this new IPv6 structure. Before the
widespread adoption of IPv6 occurs, network administrators still need a way to more efficiently
use private address spaces.

The animation depicts an explanation of IPv6 address notation.
IPv6 addresses are 128 bits long. The IPv6 address can be shown in dotted decimal notation
using 16 8-bit hexadecimal blocks. The standard IPv6 notation uses eight 16-bit hexadecimal
blocks separated by colons, as shown in the example:
2001:0db8:3c55:0015:0000:0000:a.bcd:ff13
The first three blocks represent the Global Prefix, the next block is the Subnet, and the last four
blocks are the Interface Identifier.
Consecutive blocks of all-zeros are contiguous zeros. They can be removed from the IP address
and replaced with a double colon, as shown in the example:
2001:0db8:3c55:0015::a.bcd:ff13
4.3 Chapter Summary
4.3.1 Summary
Page 1:
4.3.1 - Summary
Diagram 1, Image
The diagram depicts a network with subnets.
Diagram 1 text
Interfaces on network devices connected to the Internet need to have a unique IP address, to send
and receive messages over internetworks.
IP addresses are organized into network classes, A, B, C, D, and E, and are conserved by the
creation of private IP address space.
A network can be divided into subnets.
Classful subnetting uses the extension of the subnet mask. Classless IP addressing, part of a
method called classless inter-domain routing (C I D R), uses a flexible method of subnetting with
variable length subnet masks (VLSM).
Diagram 2, Image
The diagram depicts a table with subnet information.
Diagram 2 text
Subnet masks allow further subdivision of networks by extending the number of bits used.
A subnet I D is created by splitting the host I D into two parts, a subnet I D and a new host I D.
The number of bits in the subnet I D determines the number of subnets there can be in a network.
Communication between subnets requires routing.
Diagram 3, Image
The diagram depicts a network with inside and outside addresses.
Diagram 3 text
NAT enables a large group of private users to access the Internet by sharing a small pool of
public IP addresses, thereby reducing the consumption of globally unique IP addresses.
Inside addresses are IP addresses for private network devices. Outside addresses are IP addresses
for public network devices. Local addresses are IP addresses in packets that are still in the
private network. Global addresses are IP addresses that cross to the outside network.
A packet that has been translated and is in the outside network will list an inside-global IP
address as source, and an outside-global IP address as destination.
Diagram 4, Image
The diagram depicts a network with wired and wireless subnets.
Diagram 4 text
Static NAT is for permanent one-to-one translations from a specific inside-local IP address to a
specific inside-global IP address.
Dynamic NAT assigns inside-global IP addresses on a first-come, first-served basis from an
available pool of IP addresses to a designated network or sub-network.
PAT can be used to add a port number to the IP address for specific connections.
Network devices that use NAT translate addresses on every packet. This can significantly
increase processing work load.
IPv6 incorporates a 128-bit addressing scheme, whereas IPv4 uses 32-bits.
4.4 Chapter Quiz
4.4.1 Quiz
Page 1:

4.4.1 - Quiz
Chapter 4 Quiz: Planning the Addressing Structure
1.Which three addresses are valid subnetwork addresses when 172.25.15.0 /24 is further
subnetted by borrowing an additional four bits? (Choose three.)
A.172.25.15.0
B.172.25.15.8
C.172.25.15.16
D.172.25.15.40
E.172.25.15.96
F.172.25.15.248
2.What are three advantages of NAT? (Choose three.)

A.conserves registered public IP addresses.
B.reduces CPU usage on customer routers.
C.creates multiple public IP addresses.
D.hides private LAN addressing from the Internet.
E.permits LAN expansion without additional public IP addresses.
F.improves the performance of border routers.
3.What is the default subnet mask for the address 172.31.18.222?

A.255.0.0.0
B.255.255.0.0
C.255.255.255.0
D.255.255.255.254
E.255.255.255.255
4.What are the high order binary numbers that begin a Class C address?
A.000
B.001
C.010
D.110
5.Host A is configured with IP address 192.168.75.34 and Host B is configured with IP address
192.168.75.50. Each are using the same subnet mask of 255.255.255.240 but are not able to ping
each other. What networking device is needed for these two hosts to communicate?
A.switch
B.hub
C.server
D.router
6.What two pieces of information can be derived from the IP address 192.168.42.135 /24?
(Choose two.)
A.This is a Class C address because the high order bits are 110.
B.The default subnet mask is 255.255.255.0.
C.The host portion is represented by the third and fourth octets.
D.The second high-order bit is a 0 so this is a Class B address.
E.This host address belongs to the parent 192.168.0.0 network.
F.This is one host address out of a possible 65,534 addresses.
7.What subnet mask is indicated by the network address 172.16.4.8 /18?
A.255.255.0.0
B.255.255.192.0
C.255.255.240.0
D.255.255.248.0
E.255.255.255.0
8.Match the IP address to the appropriate description.

IP Address
A.127.0.0.0
B.223.14.6.95
C.191.82.0.0
D.255.255.0.0
E.124.255.255.255
F.224.100.35.76
G.61.0.0.255
Description
1.Class C host address
2.loopback testing address
3.Class B network address
4.multicast address
5.Class A host address
6.Class B subnet mask
7.Class A broadcast address
9.Use the following network topology information to answer the question below.
There is an inside local network consisting of a webserver, S2 192.168.1.10 and host, H1
192.168.1.106. Both devices are connected to a switch then a router which is performing NAT.
The router is using the NAT address pool of 209.165.202.129 and 209.165.202.130.
The router from the inside local network is connected to an ISP router via a serial connection.
This connection represents the outside global network. The ISP router is connected to a remote
server, S1 209.165.200.226.
The web server S2 needs to be accessible from the Internet. Which NAT option will provide a
method for outside hosts to access S2?
A.dynamic NAT using a NAT pool.
B.static NAT.
C.port address translation.
D.dynamic NAT with overload.
10.When a network administrator applies the subnet mask 255.255.255.248 to a Class B address,
for any given subnet, how many IP addresses are available to be assigned to devices?
A.6
B.30
C.126
D.254
E.510
F.1022
11.An ISP customer has obtained a Class C network address. The network technician needs to
create five usable subnets, with each subnet capable of containing at least 20 host addresses.
What is the appropriate subnet mask to use?
A.255.255.255.0
B.255.255.255.192
C.255.255.255.224
D.255.255.255.240
12.Determine whether each statement is a characteristic of IPv4 or IPv6.

A.uses a 32-bit
B.is usually expressed in dotted decimal notation.
C.contains a 24-bit global prefix.
D.is usually expressed in hexadecimal notation.
E.is in widespread use on the Internet.
F.uses a 128-bit address.
13.What concept is used to reduce router table complexity by aggregating multiple network
addresses?
A.supernetting
B.subnetting
C.NAT
D.classless addressing
End
5 Configuring Network Devices
5.0.1 Introduction
Page 1:
One network infrastructure is now expected to support enhanced integrated applications, like
voice and video, for more users than ever before.
The underlying routing and switching technologies must provide the foundation for a wide range
of business applications.
Network engineers and technicians set up and configure the routers and switches that provide
LAN and WAN connectivity and services.

Configure a router with an initial configuration.
Use Cisco Security Device Manager to configure a Cisco ISR with LAN connectivity, Internet
connectivity, and NAT.
Configure a Cisco router for LAN connectivity, Internet connectivity and NAT using the Cisco I
O S C L I.
Configure a WAN connection from a customer premise to an ISP .
Describe, setup, and configure a stand-alone LAN switch.
5.1 Initial ISR Router Configuration
5.1.1 ISR
Page 1:
The Cisco Integrated Services Router (ISR) is one of the most popular networking devices to
meet the growing communications needs of businesses. The ISR combines features such as
routing and LAN switching functions, security, voice, and WAN connectivity into a single
device. This makes the ISR ideal for small to medium-sized businesses and for ISP-managed
customers.
The optional integrated switch module allows small businesses to connect LAN devices directly
to the 1841 ISR. With the integrated switch module, if the number of LAN hosts exceeds the
number of switch ports, additional switches or hubs can be connected in a daisy chain to extend
the number of LAN ports available. If the switch module is not included, external switches are
connected to the router interfaces of the ISR.
The ISR routing function allows a network to be broken into multiple local networks using
subnetting and supports internal LAN devices connecting to the Internet or WAN.
5.1.1 - ISR
The diagram depicts four types of routers, as follows:
Cisco 800 series ISR
Designed for small offices and home-based users
1 WAN Supports
4 10 /100 Mbps
Combines data, security, and wireless services
Provides services at broadband speeds
Designed for medium to large businesses and enterprise branch offices
Supports up to 2 10/100/1000 Mbps router ports
Supports up to 112 10 /100 Mbps switch ports
Supports 240 Cisco IP phone users
Combines data, security, voice, video, and wireless service
Provides services at broadband speeds using DSL, cable and T1/E1 connections
Designed for small to medium businesses and small enterprise branch offices
Supports up to 8 10 /100 Mbps router ports
Supports 8 10 /100 Mbps switch ports
Combines data, security, and wireless services
Provides services at broadband speeds using DSL, cable and T 1 /E 1 connections
Designed for small to medium businesses and small enterprise branch offices
Supports up to 2 10/100/1000 Mbps router ports
Supports up to 64 10 /100 Mbps switch ports
Supports 96 Cisco IP phone users
Combines data, security, voice, video, and wireless services
Provides services at broadband speeds using multiple T 1 /E 1 connections
Page 2:
5.1.1 - ISR
The diagram depicts the front and rear view of a Series ISR: Model 1841.
Front view
The 1841 is a relatively low cost ISR designed for small to medium-sized businesses and small
enterprise branch offices. It combines the features of data, security, and wireless services with
the addition of a wireless module. The L E D's indicate the following information:
System Power L E D (SYS-PWR)

Indicates power is received and that the internal power supply is functional. L E D is solid green.
System Activity (SYS ACT)

A blinking L E D indicates the system is actively transferring packets.
Rear View
The 1841 ISR uses modules that allow for different configurations of ports. The following
components are found on the router:
Modular Slot 1 with a High-speed WAN Interface Card (H WIC)

Modular slots can be used for different types of interfaces. The H WIC shown here provides
serial connectivity over a wide-area network.
Console Port
This port is used to configure the ISR via a directly connected host.
Auxiliary Port
This port is used to configure the ISR via a modem connection.
Single Slot USB Port

The USB Flash feature allows users to store images and configurations and boot directly via
USB Flash memory.
Fast Ethernet Ports

These ports provide 10 /100 Mbps connectivity for local area networks.
Compact Flash Module

This removable module is used to store the Cisco I O S and other operating software for the ISR.
Modular Slot 0 with a Four Port Ethernet Switch

Modular slots can be used for different types of interfaces. The four port Ethernet card shown
here provides LAN connectivity to multiple devices.
Page 3:
The Cisco Internetwork Operating System (IOS) software provides features that enable a Cisco
device to send and receive network traffic using a wired or wireless network. Cisco IOS software
is offered to customers in modules called images. These images support various features for
businesses of every size.
The entry-level Cisco IOS software image is called the IP Base image. The Cisco IOS IP Base
software supports small to medium-sized businesses and supports routing between networks.
Other Cisco IOS software images add services to the IP Base image. For example, the Advanced
Security image provides advanced security features, such as private networking and firewalls.
Many different types and versions of Cisco IOS images are available. Images are designed to
operate on specific models of routers, switches, and ISRs.
It is important to know which image and version is loaded on a device before beginning the
configuration process.
5.1.1 - ISR
The diagram depicts a flow chart of I O S Software
A.IP Base flows to Advanced Security, IP Voice, and Service Provider Services.
B.Advanced Security flows to Advanced IP Services.
C.IP Voice flows to S P Services.
D.Service Provider Services flows to Enterprise Services.
E.S P Services flows to both Advanced IP Services and Enterprise Services.
F.Advanced IP Services flows to Advanced Enterprise Services.
G.Enterprise Services flows to Advanced Enterprise Services.
5.1.2 Physical Setup of the ISR
Page 1:
Each ISR is shipped with the cables and documentation needed to power up the device and begin
the installation. When a new device is received, it is necessary to unpack the device and verify
that all the hardware and equipment is included.
Items shipped with a new Cisco 1841 ISR include:
• RJ-45 to DB-9 console cable

• DB-9 to DB-25 modem adapter
• Power cord
• Product registration card, called the Cisco.com card
• Regulatory compliance and safety information for Cisco 1841 routers
• Router and Security Device Manager (SDM) Quick Start guide
• Cisco 1800 Series Integrated Services Router (Modular) Quick Start guide
5.1.2 - Physical Setup of the ISR

The diagram depicts components of a Cisco ISR.
Black power supply cord
Serial port adapter for converting a 25-pin serial port (DB-25) on a PC or a modem to a 9-pin
serial port (DB-9) in order to connect the console cable.
Cisco documentation and software CD.
Blue console cable to connect the PC or modem to the device console port in order to monitor or
configure the device.
Page 2:
To install a new Cisco 1841 ISR requires special tools and equipment, which most ISPs and
technician labs usually have available. Any additional equipment required depends on the model
of the device and any optional equipment ordered.
Typically, the tools required to install a new device include:
• PC with a terminal emulation program, such as HyperTerminal

• Cable ties and a No. 2 Phillips screwdriver
• Cables for WAN interfaces, LAN interfaces, and USB interfaces
It may also be necessary to have equipment and devices required for WAN and broadband
communication services, such as a modem. Additionally, Ethernet switches may be required to
connect LAN devices or expand LAN connectivity, depending on whether the integrated switch
module is included and the number of LAN ports required.

The diagram depicts components needed to set up the Cisco ISR.
PC with Terminal Emulation Program
Cable ties and Number 2 Phillips Screwdriver
WAN Interface Cable
LAN Interface Cable
U S B Interface Cable
Ethernet Switch
Modem
Page 3:
Before beginning any equipment installation, be sure to read the Quick Start guide and other
documentation that is included with the device. The documentation contains important safety and
procedural information to prevent accidental damage to the equipment during installation.
Follow these steps to power up an 1841 ISR.
1. Securely mount and ground the device chassis, or case.
2. Seat the external compact flash card.

3. Connect the power cable.
4. Configure the terminal emulation software on the PC and connect the PC to the console port.
5. Turn on the router.
6. Observe the startup messages on the PC as the router boots up.

The diagram depicts steps for setting up an ISR.
Step 1
Cisco routers and ISR's can be wall-mounted, set on a shelf or desktop, or installed in a rack.
Step 2
Seat the external compact flash memory card into the slot. Be certain that it is firmly seated and
verify that the eject button is fully extended. The eject button is usually located to the left of the
slot.
Step 3
Connect the power cable to the device and then to a reliable power source. Routers and
networking devices are usually connected to an uninterruptible power supply that contains a
battery. This ensures that the device does not fail if the electricity goes off unexpectedly.
Step 4
On a PC, configure the terminal emulating software with required settings for communication
with a Cisco router. Connect the PC running the emulation program to the console port of the
ISR using the console that came with the device.
Step 5
Turn the ISR on using the power switch located on the rear of the device.
Step 6
Observe the start-up messages as they appear in the terminal program window. These messages
are generated by the routers operating system.
5.1.3 Bootup Process
Page 1:
The router bootup process has three stages.
1. Perform Power-on self test (POST) and load the bootstrap program.
The POST is a process that occurs on almost every computer when it boots up. POST is used to
test the router hardware. After POST, the bootstrap program is loaded.
2. Locate and load the Cisco IOS software.
The bootstrap program locates the Cisco IOS software and loads it into RAM. Cisco IOS files
can be located in one of three places: flash memory, a TFTP server, or another location indicated
in the startup configuration file. By default, the Cisco IOS software loads from flash memory.
The configuration settings must be changed to load from one of the other locations.
3. Locate and execute the startup configuration file or enter setup mode.
After the Cisco IOS software is loaded, the bootstrap program searches for the startup
configuration file in NVRAM. This file contains the previously saved configuration commands
and parameters, including interface addresses, routing information, passwords, and other
configuration parameters.
If a configuration file is not found, the router prompts the user to enter setup mode to begin the
configuration process.
If a startup configuration file is found, it is copied into RAM and a prompt containing the host
name is displayed. The prompt indicates that the router has successfully loaded the Cisco IOS
software and configuration file.
5.1.3 - Boot Up Process

The diagram depicts three stages of the boot up process.
Stage 1
ROMPOSTPerform PostPerform POST
ROMBootstrapLoad BootstrapExecute Bootstrap Loader
Console screen output:

System Bootstrap, Version 12.3 (8r)T8, RELEASE SOFTWARE (fcl)
Cisco 1841 (revision 5.0) with 114688K/1684K bytes of memory.
Stage 2
The I O S can be loaded from Flash or a TFTP server.
FlashCisco Internetwork Operating SystemLocate and load Operating system
TFTP ServerCisco Internetwork Operating SystemLocate and load Operating system

System Bootstrap, Version 12.3 (8r)T8, RELEASE SOFTWARE (fcl)
Self decompressing the image:
###
[OK]
Stage 3
The configuration file can be loaded from NV RAM, a TFTP server or the console.
NV RAM Configuration, then Locate, load, and execute the Configuration file or enter "setup"
mode
TFTP Server Configuration, then Locate, load, and execute the Configuration file or enter
"setup" mode
Console Configuration, then Locate, load, and execute the Configuration file (configuration
commands entered from the console host keyboard) or enter "setup" mode

System Bootstrap, Version 12.3 (8r) T8, RELEASE SOFTWARE (fcl)

###
[OK]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to restrictions as set fourth in
subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR Sec .
52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software
clause at DFARS sec . 252.227-7013.
Cisco Systems, Inc.

170 West Tasman Drive
San Jose, California 95134-1706
Cisco I O S Software, 1840 Software (C1841-IP BASE-M), Version 12.3 (14) T7, RELEASE
SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 14:54 by pt_team
Image text-base: 0x6007D180, data-base: 0x61400000
Port Statistics for unclassified packets is not turned on.

Cisco 1841 (revision 5.0) with 114688K /16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial (sync/async) network interface(s)
191K bytes of NV RAM/
31360K bytes of ATA CompactFlash (Read/Write)
SOFTWARE (fc2)
Copyright (c)1986-2006 by Cisco Systems, Inc.
---System Configuration Dialog---
Continue with configuration dialog? [yes/no]: no
Page 2:
To avoid the loss of data, it is important to have a clear understanding of the difference between
the startup configuration file and the running configuration file.
Startup Configuration File
The startup configuration file is the saved configuration file that sets the properties of the device
each time the device is powered up. This file is stored in non-volatile RAM (NVRAM), meaning
that it is saved even when power to the device is turned off.
When a Cisco router is first powered up, it loads the Cisco IOS software to working memory, or
RAM. Next, the startup configuration file is copied from NVRAM to RAM. When the startup
configuration file is loaded into RAM, the file becomes the initial running configuration.
Running Configuration File
The term running configuration refers to the current configuration running in RAM on the
device. This file contains the commands used to determine how the device operates on the
network.
The running configuration file is stored in the working memory of the device. Changes to the
configuration and various device parameters can be made when the file is in working memory.
However, the running configuration is lost each time the device is shut down, unless the running
configuration is saved to the startup configuration file.
Changes to the running configuration are not automatically saved to the startup configuration
file. It is necessary to manually copy the running configuration to the startup configuration file.
When configuring a device via the Cisco command line interface (CLI) the command copy
running-config startup-config, or the abbreviated version copy run start, saves the running
configuration to the startup configuration file. When configuring a device via the Cisco SDM
GUI, there is an option to save the router running configuration to the startup configuration file
each time a command is completed.
The animation depicts the startup config being copied from NV RAM to the RAM.
Tip Popup Information

Warning: Making a spelling mistake when typing startup-config in the copy command could lead
to copying the running configuration to a different file name. This may result in the loss of
configuration changes when the router is reloaded.
Page 3:
After the startup configuration file is loaded and the router boots successfully, the show version
command can be used to verify and troubleshoot some of the basic hardware and software
components used during the bootup process. The output from the show version command
includes:
• The Cisco IOS software version being used.

• The version of the system bootstrap software, stored in ROM memory, that was initially
used to boot the router.
• The complete filename of the Cisco IOS image and where the bootstrap program located
it.
• Type of CPU on the router and amount of RAM. It may be necessary to upgrade the
amount of RAM when upgrading the Cisco IOS software.
• The number and type of physical interfaces on the router.
• The amount of NVRAM. NVRAM is used to store the startup-config file.
• The amount of flash memory on the router. Flash is used to permanently store the Cisco
IOS image. It may be necessary to upgrade the amount of flash when upgrading the Cisco
IOS software.
• The current configured value of the software configuration register in hexadecimal.
The configuration register tells the router how to boot up. For example, the factory default
setting for the configuration register is 0x2102. This value indicates that the router attempts to
load a Cisco IOS software image from flash and loads the startup configuration file from
NVRAM. It is possible to change the configuration register and, therefore, change where the
router looks for the Cisco IOS image and the startup configuration file during the bootup process.
If there is a second value in parentheses, it denotes the configuration register value to be used
during the next reload of the router.

The animation highlights the following information that is displayed when the show version
command is issued.
I O S Version
I O S (t) 2500 Software (C2500-I-L),Version 12.0 (17a), RELEASE SOFTWARE (fc1)
Bootstrap Version
ROM:system Bootstrap, Version 11.0 (10c), SOFTWARE BOOTFLASH :3000 Bootstrap
Software (I G S-BOOT-R), Version 11.0 (10c), RELEASE SOFTWARE (fc1)
I O S image file
System image file is "flash:c2500-i-l.120-17a.bin"
Model and CPU

Cisco 2500 (68030 processor (revision N)
Amount of RAM
With 2048K/2048K
Number and type of interfaces

1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
Amount of NV RAM
32K bytes of non-volatile configuration memory.
Amount of flash
8192K bytes of processor board system flash (Read ONLY)
Configuration register
Configuration register is 0x2102
More Information Popup

The configuration register tells the router how to boot. There are many possible settings for the
configuration register. The most common ones are:
0x2102 - Factory default setting for Cisco routers (load the I O S image from flash and load the
startup config file from NV RAM)
0x2142 - Router ignores the contents of Non-Volatile RAM (NV RAM)
0x2120 - Router boots into ROMmon mode
Page 4:
There are times when the router does not successfully boot. This failure can be caused by a
number of factors, including a corrupt or missing Cisco IOS file, an incorrect location for the
Cisco IOS image specified by the configuration register, or inadequate memory to load a new
Cisco IOS image. If the router fails to boot the IOS, it then boots up in ROM monitor
(ROMmon) mode. ROMmon software is a simple command set stored in read only memory
(ROM) that can be used to troubleshoot boot errors and recover the router when the IOS is not
present.
When the router boots up to ROMmon mode, one of the first steps in troubleshooting is to look
in flash memory for a valid image using the dir flash: command. If an image is located, attempt
to boot the image with the boot flash: command.
rommon 1>boot flash:c2600-is-mz.121-5

If the router boots properly with this command, there are two possible reasons why the Cisco
IOS image did not load from flash initially. First, use the show version command to check the
configuration register to ensure that it is configured for the default boot sequence. If the
configuration register value is correct, use the show startup-config command to see if there is a
boot system command that instructs the router to use a different location for the Cisco IOS
image.

The diagram depicts the output of the show startup-config command. The boot system
commands in the startup config file determine the sequence the router uses to locate the I O S
and boot.
Boot system flash 1841-ad v Ip services k9-mz.124-10b.bin

Boot system tftp 1841-ad v Ip services k9-mz.124-10b.bin 192.168.1.1
Boot system rom
Page 5:
Lab Activity
Power up an ISR and view the router system and configuration files using show commands.

Link to Hands-on Lab: Powering Up an Integrated Services Router
5.1.4 Cisco IOS Programs
Page 1:
There are two methods to connect a PC to a network device to perform configuration and
monitoring tasks: out-of-band management and in-band management.
Out-of-band Management
Out-of-band management requires a computer to be directly connected to the console port or

auxiliary port (AUX) of the network device being configured. This type of connection does not
require the local network connections on the device to be active. Technicians use out-of-band
management to initially configure a network device, because until properly configured, the
device cannot participate in the network. Out-of-band management is also useful when the
network connectivity is not functioning correctly and the device cannot be reached over the
network. Performing out-of-band management tasks requires a terminal emulation client
installed on the PC.
In-band Management
Use in-band management to monitor and make configuration changes to a network device over a
network connection. For a computer to connect to the device and perform in-band management
tasks, at least one network interface on the device must be connected to the network and be
operational. Either Telnet, HTTP or SSH can be used to access a Cisco device for in-band
management. A web browser or a Telnet client program can be used to monitor the network
device or make configuration changes.
5.1.4 - Cisco I O S Programs

The diagram depicts an out-of-band and in-band router configuration.
Out-of-band Router Configuration

PC connected to router via console port. PC connected via PSTN link to router auxiliary port.
In-band Router Configuration

PC connected to router via Ethernet interface. PC connected via WAN or Internet to a serial
interface of a router.
Page 2:
The Cisco IOS command line interface (CLI) is a text-based program that enables entering and
executing Cisco IOS commands to configure, monitor, and maintain Cisco devices. The Cisco
CLI can be used with either in-band or out-of-band management tasks.
Use CLI commands to alter the configuration of the device and to display the current status of
processes on the router. For experienced users, the CLI offers many time-saving features for
creating both simple and complex configurations. Almost all Cisco networking devices use a
similar CLI. When the router has completed the power-up sequence, and the Router> prompt
appears, the CLI can be used to enter Cisco IOS commands.
Technicians familiar with the commands and operation of the CLI find it easy to monitor and
configure a variety of different networking devices. The CLI has an extensive help system that
assists users in setting up and monitoring devices.
The diagram depicts the output on a Hyper-Terminal showing the use of the command line
interface (C L I) to access the serial 0 /1 /0 interface of the router to configure it.
Router >
Router > enable
Router # configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router (config) # interface serial 0 /1 /0
Router (config-if) #
Page 3:
In addition to the Cisco IOS CLI, other tools are available to assist in configuring a Cisco router
or ISR. Security Device Manager (SDM) is a web-based GUI device management tool. Unlike
CLI, SDM can be used only for in-band management tasks.
SDM Express simplifies the initial router configuration. It uses a step-by-step approach to create
a basic router configuration quickly and easily.
The full SDM package offers more advanced options, such as:
• Configuring additional LAN and WAN connections

• Creating firewalls
• Configuring VPN connections
• Performing security tasks
SDM supports a wide range of Cisco IOS software releases and is available free of charge on
many Cisco routers. SDM is pre-installed on the flash memory of the Cisco 1800 Series ISR. If
the router has SDM installed, it is good practice to use SDM to perform the initial router
configuration. This configuration is done by connecting to the router via a preset network port on
the router.

The diagram depicts the opening windows of the Cisco SDM Express and Cisco Router and
Security Device Manager (SDM).
Page 4:
Not all Cisco devices support SDM. In addition, SDM does not support all the commands that
are available through the CLI. Consequently, it is sometimes necessary to use the CLI to
complete a device configuration that is started using SDM. Familiarity with both methods is
critical to successfully support Cisco devices.

The diagram compares the following features of Cisco I O S C L I and Cisco SDM: user
interface, router configuration method, enterprise in Cisco device configuration, help features,
router Flash memory requirements, availability, and when used.
User Interface
Cisco I O S C L I:
Terminal emulation software
Telnet session
Cisco SDM:
Web-based browser
Router Configuration Method

Cisco I O S C L I:
Text-based Cisco commands
Cisco SDM:
G U I buttons and text boxes
Expertise in Cisco Device Configuration

Cisco I O S C L I:
Depends on configuration task
Cisco SDM:
Do not need knowledge of the C L I commands
Help Features
Cisco I O S C L I:
Command prompt based
Cisco SDM:
GUI based on-line help and tutorials
Router Flash Memory Requirements

Cisco I O S C L I:
Covered by I O S image
Cisco SDM:
6 MB of free memory
Availability
Cisco I O S C L I:
All Cisco devices
Cisco SDM:
Cisco 830 Series through Cisco 7301
When Used
Cisco I O S C L I:
Cisco Device does not support Cisco SDM
Configuration task not supported by Cisco SDM
Cisco SDM:
Performing the initial configuration on an SDM equipped device
Step through configuration of devices without C L I knowledge required
Page 5:

The diagram depicts an activity in which you must determine when to use C L I or SDM based
on the following descriptions.
Descriptions
One.Used to configure a Cisco router with both in-band and out-of-band management.
Two.Used for initial configuration of a Cisco router using a Web-based G U I.
Three.Used to configure a Cisco router with limited knowledge of I O S commands.
Four.Supported, by default, on all Cisco I O S routers.
5.2 Using Cisco SDM Express and SDM
5.2.1 Cisco SDM Express
Page 1:
When adding a new device to a network, it is critical to ensure that the device functions
correctly. The addition of one poorly configured device can cause an entire network to fail.
Configuring a networking device, such as a router, can be a complex task, no matter which tool
is used to enter the configuration. Therefore, follow best practices for installing a new device to
ensure that all device settings are properly configured and documented.
5.2.1 - Cisco SDM Express

The diagram depicts the best practices and details for Cisco SDM Express.
Best Practice 1:
Obtain and document all information before beginning the configuration.
Details:
Name assigned to device
Location where it will be installed
User names and passwords
Types of connections required (LAN and WAN)
IP address information for all network interfaces, including IP address, subnet mask, and default
gateway
DHCP server settings
Network Address Translation Settings
Firewall settings
Best Practice 2:
Create a network diagram showing how cables will be connected.
Details:
Label the diagram with the interface designation and address information
Best Practice 3:
Create a checklist of configuration steps.
Details:
Mark off each step as it is successfully completed
Best Practice 4:
Verify the configuration using a network simulation
Details:
Test before it is place on the running network
Best Practice 5:
Update the network documentation and keep a copy in a safe place.
Details:
Save on a server
Print and keep in a file cabinet
Page 2:
Cisco SDM Express is a tool bundled within the Cisco Router and Security Device Manager that
makes it easy to create a basic router configuration. To start using SDM Express, connect an
Ethernet cable from the PC NIC to the Ethernet port specified in the quick start guide on the
router or ISR being configured.
SDM Express uses eight configuration screens to assist in creating a basic router configuration:
• Overview
• Basic Configuration
• LAN IP Address
• DHCP
• Internet (WAN)
• Firewall
• Security Settings
• Summary
The SDM Express GUI provides step-by-step guidance to create the initial configuration of the
router. After the initial configuration is completed, the router is available on the LAN. The router
can also have a WAN connection, a firewall, and up to 30 security enhancements configured.
5.2.1 - Cisco SDM Express

The diagram depicts a router deployment using SDM Express, which is ideal for non-expert
users. The SDM disk will guide the user through the setup of the router.
5.2.2 SDM Express Configuration Options

Page 1:
The SDM Express Basic Configuration screen contains basic settings for the router that is being
configured. The following information is required:
• Host name - The name assigned to the router being configured.

• Domain name for the organization - An example of a domain name is cisco.com, but
domain names can end with a different suffix, such as .org or .net.
• Username and password - The username and password used to access SDM Express to
configure and monitor the router. The password must be at least six characters long.
• Enable secret password - The password that controls user access to the router, which
affects the ability to make configuration changes using the CLI , Telnet, or the console
ports. The password must be at least six characters long.
5.2.2 - SDM Express Configuration Options

The diagram depicts the Cisco SDM Express Wizard Window with the Basic Configuration
option highlighted.
Page 2:
The LAN configuration settings enable the router interface to participate on the connected local
network.
• IP address - Address for the LAN interface in dotted-decimal format. It can be a private
IP address if the device is installed in a network that uses Network Address Translation
(NAT) or Port Address Translation (PAT).
It is important to take note of this address. When the router is restarted, this address is the one
used to access SDM Express, not the address that was provided in the Quick Start guide.
• Subnet mask - Identifies the network portion of the IP address.

• Subnet bits - Number of bits used to define the network portion of the IP address. The
number of bits can be used instead of the subnet mask.
• Wireless parameters - Optional. Appear if the router has a wireless interface, and Yes
was clicked in the Wireless Interface Configuration window. Specifies the SSID of the
wireless network.

The diagram depicts the Cisco SDM Express Wizard Window with the LAN IP Address option
highlighted.
Page 3:
DHCP is a simple way to assign IP addresses to host devices. DHCP dynamically allocates an IP
address to a network host when the host is powered up, and reclaims the address when the host is
powered down. In this way, addresses can be reused when hosts no longer need them. Using
SDM Express, a router can be configured as a DHCP server to assign addresses to devices, such
as PCs, on the internal local network.
To configure a device for DHCP, select the Enable DHCP Server on the LAN Interface
checkbox. Checking this box enables the router to assign private IP addresses to devices on the
LAN. IP addresses are leased to hosts for a period of one day.
DHCP uses a range of allowable IP addresses. By default, the valid address range is based on the
IP address and subnet mask entered for the LAN interface.
The starting address is the lowest address in the IP address range. The starting IP address can be
changed, but it must be in the same network or subnet as the LAN interface.
The ending IP address is the highest address in the IP address range and it can be changed to
decrease the pool size. It must be in the same network as the IP starting address.

The diagram depicts the Cisco SDM Express Wizard Window with the DHCP option
highlighted.
Page 4:
Additional DHCP configuration parameters include:
• Domain name for the organization - This name is given to the hosts as part of the
DHCP configuration.
• Primary domain name server - IP address of the primary DNS server. Used to resolve
URLs and names on the network.
• Secondary domain name server - IP address of a secondary DNS sever, if available.
Used if the primary DNS server does not respond.
Selecting Use these DNS values for DHCP clients enables the DHCP server to assign DHCP
clients with the configured DNS settings. This option is available if a DHCP server has been
enabled on the LAN interface.

The diagram depicts the Cisco SDM Express Wizard Window with the DHCP option highlighted
and the DNS section filled in.
Page 5:

The diagram depicts an activity in which you must match each configuration parameter from the
SDM Express to each type of information that must be entered.
Configuration Parameters.
A.Secondary DNS Server Address.
B.Domain Name.
C.Host Name.
D.Enable Secret Password.
E.Primary DNS Server Address.
F.Starting IP Address.
G.Subnet Bits.
Information
One.IP Address of server to use to resolve name if first configured server is not available.
Two.The registered name assigned to the organization, such as cisco.com.
Three.The name assigned to the device by an administrator.
Four.Controls user access to make configuration changes through Telnet or the console.
Five.The IP address of the first server hosts can use to resolve names.
Six.First IP address in the range assigned to hosts by the DHCP server.
Seven.Designates the portion of the IP address that represents the network and subnetwork.
5.2.3 Configuring WAN Connections Using SDM Express
Page 1:
Configuring an Internet (WAN) Connection
A serial connection can be used to connect networks that are separated by large geographic
distances. These WAN network interconnections require a telecommunications service provider
(TSP).
Serial connections are usually lower speed links, compared to Ethernet links, and require
additional configuration. Prior to setting up the connection, determine the type of connection and
protocol encapsulation required.
The protocol encapsulation must be the same at both ends of a serial connection. Some
encapsulation types require authentication parameters, like username and password, to be
configured. Encapsulation types include:
• High-Level Data Link Control (HDLC)

• Frame Relay
• Point-to-Point Protocol (PPP)
5.2.3 - Configuring WAN Connections Using SDM Express

The diagram depicts the three encapsulation types, HDLC, Frame Relay, and P P P, available on
the Add Serial 0 /1 /0 Connection window, and a brief description of each.
High-Level Data Link Control (HDLC)

A bit-orientated Data Link Layer protocol developed by the International Standards Organization
(I S O).
Frame Relay
A packet-switch Data Link Layer protocol that handles multiple virtual circuits, meaning that the
circuit connections are temporarily built up and torn down based on need. The D L C I is a
required number, supplied by the service provider to identify the virtual circuit.
Point-to-Point Protocol (P P P)
Commonly used to establish a direct connection between two devices. It can connect computers
using serial cable, phone line, trunk line, cellular telephone, specialized radio links, or fiber-optic
links. Most Internet service providers use PPP for customer dial-up access to the Internet. There
are features of PPP to allow authentication before a connection is made. PPP username and
passwords can be setup using SDM.
Page 2:
The WAN configuration window has additional WAN parameters.
Address Type List
Depending on the type of encapsulation selected, different methods of obtaining an IP address

for the serial interface are available:
• Static IP address - Available with Frame Relay, PPP, and HDLC encapsulation types.
To configure a static IP address, enter the IP address and subnet mask.
• IP unnumbered - Sets the serial interface address to match the IP address of one of the
other functional interfaces of the router. Available with Frame Relay, PPP, and HDLC
encapsulation types.
• IP negotiated - The router obtains an IP address automatically through PPP.
• Easy IP (IP Negotiated) - The router obtains an IP address automatically through PPP.

The diagram depicts an Add Serial 0 /1 /0 Connection window being configured using the
encapsulation type, HDLC, and the address type, IP Unnumbered.
Page 3:
Lab Activity
Configure an ISR using Cisco SDM Express

Link to Hands-on Lab: Configuring an ISR with Cisco SDM Express
5.2.4 Configuring NAT Using Cisco SDM
Page 1:
Either Cisco SDM Express or Cisco SDM can be used to configure a router.
SDM supports many of the same features that SDM Express supports; however, SDM has more
advanced configuration options. For this reason, after the router basic configuration is completed
using SDM Express, many users switch to SDM. For example, enabling NAT requires the use of
SDM.
The Basic NAT Wizard configures Dynamic NAT with PAT, by default. PAT enables the hosts
on the internal local network to share the single registered IP address assigned to the WAN
interface. In this manner, hosts with internal private addresses can have access to the Internet.
Only the hosts with the internal address ranges specified in the SDM configuration are translated.
It is important to verify that all address ranges that need access to the Internet are included.
Steps for configuring NAT include:
Step 1. Enable NAT configuration using SDM.
Step 2. Navigate through the Basic NAT Wizard.
Step 3. Select the interface and set IP ranges.
Step 4. Review the configuration.
5.2.4 - Configuring NAT Using Cisco SDM

The diagram depicts the steps to use Cisco SDM to configure dynamic NAT on a Cisco ISR
Router.
Step 1. Enable NAT Configuration using SDM.

Choose Configure, then NAT, then Basic NAT. Then click Launch the selected task.
Step 2.Navigate through the Basic NAT Wizard.
Step 3. Choose the interface that connects to the Internet or the ISP .
This interface should have the public registered address assigned to it. Next, select the IP address
range of the internal network addresses that should be translated to the public registered address.
Step 4. Review Configuration.
Click Finish, if the configuration is satisfactory.
Page 2:
Lab Activity
Configure Dynamic NAT using the Cisco SDM basic NAT wizard.
5.2.4 - Configuring NAT Using Cisco SDM

Link to Hands-on Lab: Configuring Dynamic NAT with SDM
5.3 Configuring a Router Using IOS CLI
5.3.1 Command Line Interface Modes
Page 1:
Using the Cisco IOS CLI to configure and monitor a device is very different from using SDM.
The CLI does not provide step-by-step configuration assistance; therefore, it requires more
planning and expertise to use.
CLI Command Modes
The Cisco IOS supports two levels of access to the CLI: user EXEC mode and privileged EXEC
mode.
When a router or other Cisco IOS device is powered up, the access level defaults to user EXEC
mode. This mode is indicated by the command line prompt:
Router>
Commands that can be executed in user EXEC mode are limited to obtaining information about
how the device is operating, and troubleshooting using some show commands and the ping and
traceroute utilities.
To enter commands that can alter the operation of the device requires privileged level access.
Enable the privileged EXEC mode by entering enable at the command prompt and pressing
Enter.
The command line prompt changes to reflect the mode change. The prompt for privileged EXEC
mode is:
Router#
To disable the privileged mode and return to user mode, enter disable at the command prompt.
Both modes can be protected with a password, or a username and password combination.
5.3.1 - Command Line Interface Modes

The diagram depicts HyperTerminal window Cisco I O S C L I Command Modes, focusing on
the user-mode prompt and privileged-mode prompt, as follows:
User-Mode Prompt: router >

Privileged-Mode Prompt: router #
Page 2:
Various configuration modes are used to set up a device. Configuring a Cisco IOS device begins
with entering privileged EXEC mode. From privileged EXEC mode, the user can access the
other configuration modes.
In most cases, commands are applied to the running configuration file using a terminal
connection. To use these commands, the user must enter global configuration mode.
To enter global configuration, type the command configure terminal or config t. Global
configuration mode is indicated by the command line prompt:
Router(config)#
Any commands entered in this mode take effect immediately and can alter the operation of the
device.
From global configuration mode, the administrator can enter other sub-modes.
Interface configuration mode is used to configure LAN and WAN interfaces. To access interface
configuration mode, from global configuration type the command interface [type] [number].
Interface configuration mode is indicated by the command prompt:
Router(config-if)#
Another commonly used sub-mode is the router configuration submode represented by the
following prompt:
Router(config-router)#
This mode is used to configure routing parameters.

The diagram depicts Hyper Terminal window Configuration Modes, focusing on the following
modes:
Command to Enter Global Configuration Mode: configure terminal

Command to Enter Interface Configuration Sub-Mode: interface fast ethernet 0 /1
Using the help command to search commands: IP address, question mark
Page 3:
E-Lab Activity
Using the Cisco CLI explore the various configuration modes.

Link to E-Lab: Entering Command Modes
5.3.2 Using the Cisco IOS CLI
Page 1:
The Cisco IOS CLI is full of features that help in recalling commands needed to configure a
device. These features are one reason why network technicians prefer to use the Cisco IOS CLI
to configure routers.
The context-sensitive help feature is especially useful when configuring a device. Entering help
or the ? at the command prompt displays a brief description of the help system.
Router# help
Context-sensitive help can provide suggestions for completing a command. If the first few
characters of a command are known but the exact command is not, enter as much of the
command as possible, followed by a ?. Note that there is no space between the command
characters and the ?.
Additionally, to get a list of the parameter options for a specific command, enter part of the
command, followed by a space, and then the ?. For example, entering the command configure
followed by a space and a ? shows a list of the possible variations. Choose one of the entries to
complete the command string. Once the command string is completed, a <cr> appears. Press
Enter to issue the command.
If a ? is entered and nothing matches, the help list will be empty. This indicates that the
command string is not a supported command.
5.3.2 - Using the Cisco I O S C L I

The diagram depicts the Hyper Terminal window focusing on the following text:
Commands available to complete initial command fragment using a question mark for help:
Router # con, question mark, configure connect
Page 2:
Users sometimes make a mistake when typing a command. The CLI indicates if an unrecognized
or incomplete command is entered. The % symbol marks the beginning of an error message. For
example, if the command interface is entered with no other parameters, an error message
displays indicating an incomplete command:
% Incomplete command
Use the ? to get a list of the available parameters.
If an incorrect command is entered, the error message would read:
% Invalid input detected
It is sometimes hard to see the mistake within an incorrectly entered command. Fortunately, the
CLI provides an error indicator. The caret symbol (^) appears at the point in the command string
where there is an incorrect or unrecognized character. The user can return to the point where the
error was made and use the help function to determine the correct command to use.

The diagram depicts the Hyper Terminal window showing the difference between an incomplete
command and a misspelled command. Also shown is the use of help, question mark, after the
main command (with a space) to determine appropriate secondary entries.
Page 3:
Another feature of the Cisco IOS CLI is the ability to recall previously typed commands. This
feature is particularly useful for recalling long or complex commands or entries.
The command history is enabled by default and the system records 10 command lines in the
history buffer. To change the number of command lines the system records during a session, use
the terminal history size or the history size command. The maximum number of command
lines is 256.
To recall the most recent command in the history buffer, press Ctrl-P or the Up Arrow key.
Repeat this process to recall successively older commands. To return to a more recent command
in the history buffer, press Ctrl-N or the Down Arrow key. Repeat this process to recall
successively more recent commands.
The CLI recognizes partially typed commands based on their first unique character. For example,
type int instead of interface. If a short cut, such as int is entered, pressing the Tab key will
automatically complete the entire command entry of interface.
On most computers, additional select and copy functions are available using various function
keys. A previous command string may be copied and then pasted or inserted as the current
command entry.

The diagram depicts the Hyper Terminal window showing the show history command and listing
previous commands issued.
Page 4:

The diagram depicts an activity in which you must match each keystroke combination to its
function.
Keystroke combinations.
A.Ctrl-P, or up-arrow key.
B.Ctrl-N, or down arrow key.
C.Show history.
D.Terminal history size number-of-lines.
E.TAB.
Definitions.
One.Steps backwards through the command history.
Two.Steps forward through the command history.
Three.Shows the contents of the command buffer.
Four.Sets the command buffer size.
Five.Completes a command entry.
Page 5:
Explore the features of the Cisco IOS CLI.

Link to Packet Tracer Exploration: Exploring the Cisco I O S C L I
5.3.3 Using Show Commands
Page 1:
The Cisco IOS CLI includes show commands that display relevant information about the
configuration and operation of the device.
Network technicians use the show commands extensively for viewing configuration files,
checking the status of device interfaces and processes, and verifying the device operational
status. Show commands are available whether the device was configured using the CLI or SDM.
The status of nearly every process or function of the router can be displayed using a show
command. Some of the more popular show commands are:
• show running-config
• show interfaces
• show arp
• show ip route
• show protocols
• show version
5.3.3 - Using Show Commands

The diagram depicts the following show commands.
Show running-config
R1 # show running-config
Some output omitted
Building configuration
Current configuration: 1063 bytes
Version 12.4
Service timestamps debug date time m sec
Service timestamps log date time m sec
No service password-encryption
Host name R 1
Enable secret 5 $1$i6w9$dvdpVM6zV10E^tSLdkR5/
No IP domain lookup
Interface FastEthernet 0 /0
Description LAN 192.168.1.0 default gateway
Ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
Interface FastEthernet 0 /1
No I P address
Shutdown
Duplex auto
Speed auto
Interface Serial 0 /0/ 0

Description WAN link to R 2
Encapsulation ppp
Clock rate 64000
No fair-queue
Interface Serial 0 /0 /1
No IP address
shutdown
Interface V lan 1
No IP address
Router rip
Version 2
Network 192.168.1.0
Network 192.168.2.0
Banner m o td ^C Unauthorized Access Prohibited ^ C
Ip http server
Line con 0
Password cisco
Login
Line a u x 0
Line v t y 0 4
Password cisco
login
Show interfaces
R1 # show interfaces
< Some output omitted >
FastEthernet0 /0 is up, line protocol is up
Hardware is Gt96k F E, address is 001b.5325.256e (b I a 001b.5325.256e
Internet address is 192.168.1.1 /24
M T U 1500 bytes, BW 100000 k bit, D L Y 100 u sec,
Reliability 255 /255, t x load 1 /255, r x load 1 /255
Encapsulation A R P A, loopback not set
Keep alive set (10 sec)
Full-duplex, 100Mb/s, 100Base TX/FX
ARP type: ARP, ARP timeout 04:00:00
Last input 00:00:17, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); total output drops: 0
Queueing strategy: fifo
Output queue: 0 /40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
196 packets input, 31850 bytes
Received 181 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watch dog
0 input packets with dribble condition detected
392 packets output, 35239 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is administratively down, line protocol is down
Serial 0 /0 /0 is up, line protocol is up

Hardware is GT96K serial
MTU 1500 bytes, BW 1544 k bit, D L Y 20000 u sec,
Reliability 255 /255, tx load 1/255, rx load 1 /255
Encapsulation PPP, LCP Listen, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:51:52
Input queue: 0/75/0/0 (size/max/drops/flushes); total output drops: 0
Queueing strategy: fifo
Output queue: 0 /40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
401 packets input, 27437 bytes, 0 no buffer
Received 293 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
389 packets output, 26940 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
6 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Serial0/0/1 is administratively down, line protocol is down
Show arp
R1 # show arp
Protocol AddressAge (min) Hardware AddrTypeInterface
Internet 172.17.0.1-001b.5325.256eA R P A
FastEthernet 0 /0
Internet 172.17.0.212000b.db04.a5cdA R P A
FastEthernet0 /0
Show IP route
R1 # show IP route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - E I GRP, Ex - E I GRP external, O - O SPF, I A - O SPF inter area
N1 - O SPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - O SPF external type 1, E2 - O SPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - O D R, P - periodic downloaded static route
Gateway of last resort is not set

C192.168.1.0 /24 is directly connected, FastEthernet0/0
C192.168.2.0 /24 is directly connected, Serial0/0/0
R192.168.3.0 /24 [120 /1] via 192.168.2.2, 00:00:24, Serial0/0/0
Show protocols
R1 # show protocols
Global values :
Internet Protocol routing is enabled
FastEthernet0 /0 is up, line protocol is up
FastEthernet 0 /1 is administratively down, line protocol is down
FastEthernet 0 /1 /0 is up , line protocol is down
Serial 0 /0 /0 is up , line protocol is up
Serial 0 /0 /1 is administratively down, line protocol is down
V lan 1 is up, line protocol is down
Show version
R1# show version
< Some output omitted>
Cisco l O S Software , 1841 Software (C1841-AD V IP SERVICESK9-M) , Version
12.4(l O b) ,
RELEASE SOFTWARE (f c3)
Technical Support: http://www.cisco.com/tech support
copyright (c) 1986-2007 by Cisco Systems , Inc.
Compiled Fri 19-Jan-07 15 :15 by prod_reI_team
ROM: System Bootstrap, Version 12.4 (13r) T , RELEASE SOFTWARE (fc1)
R1 uptime is 43 minutes
System returned to ROM by reload at 22:05:12 U TC Sat Jan 5 2008
System image file is "flash:c1841-ad v I p servicesk9-mz.124-10b.bin"
Cisco 1841 (revision 6.0) with 174080K/22528K bytes of memory .
Processor board 10 FTX1111WOQF
6 FastEthernet interfaces
2 Serial (sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191 K bytes of N V RAM.
62720 K bytes of A T A CompactFlash (Read/Write)
Configuration register is O x 2l02
Page 2:
E-Lab Activity
Use the show run and show interface commands to answer questions about the router
configuration.

Link to E-Lab: Viewing the Router Interface Information
Page 3:
Use Cisco IOS show commands on a router located at the ISP.

Link to Packet Tracer Exploration: Using the Cisco I O S Show Commands
5.3.4 Basic Configuration
Page 1:
The initial configuration of a Cisco IOS device involves configuring the device name and then
the passwords that are used to control access to the various functions of the device.
A device should be given a unique name as one of the first configuration tasks. This task is
accomplished in global configuration mode with the following command.
Router(config)# hostname [name]
When the Enter key is pressed, the prompt changes from the default host name, which is Router,
to the newly configured host name.
The next configuration step is to configure passwords to prevent access to the device by
unauthorized individuals.
The enable password and enable secret commands are used to restrict access to privileged
EXEC mode, preventing unauthorized users from making configuration changes to the router.
Router(config)# enable password [password]
Router(config)# enable secret [password]
The difference between the two commands is that the enable password is not encrypted by
default. If the enable password is set, followed by the enable secret password, the enable secret
command overrides the enable password command.
5.3.4 - Basic Configuration
The diagram depicts an example of a basic router configuration, including the following types of
commands: set device name, enable password, and enable encrypted password.
Set Device Name

Router (config) # host name Tokyo Router
Tokyo Router (config) #
Enable Password
Router (config) # enable password san-fran
Enable Encrypted Password

Router (config) # enable secret password1 2 3
Page 2:
Other basic configurations of a router include configuring a banner, enabling synchronous

logging, and disabling domain lookup.
Banners
A banner is text that a user sees when initially logging on to the router. Configuring an
appropriate banner is part of a good security plan. At a very minimum, a banner should warn
against unauthorized access. Never configure a banner that welcomes an unauthorized user.
There are two types of banners: message-of-the-day (MOTD) and login information. The
purpose for two separate banners is to be able to change one without affecting the entire banner
message.
To configure the banners, the commands are banner motd and banner login. For both types, a
delimiting character, such as a #, is used at the beginning and at the end of the message. The
delimiter allows the user to configure a multiline banner.
If both banners are configured, the login banner appears after the MOTD but before the login
credentials.
Synchronous Logging
The Cisco IOS software often sends unsolicited messages, such as a change in the state of a
configured interface. Sometimes these messages occur in the middle of typing a command. The
message does not affect the command, but can cause the user confusion when typing. To keep
the unsolicited output separate from the typed input, the logging synchronous command can be
entered in global configuration mode.
Disabling Domain Lookup
By default, when a host name is entered in enable mode, the router assumes that the user is
attempting to telnet to a device. The router tries to resolve unknown names entered in enable
mode by sending them to the DNS server. This process includes any words entered that the
router does not recognize, including mistyped commands. If this capability is not wanted, the no
ip domain-lookup command turns off this default feature.

The diagram depicts a New Connection SSH HyperTerminal window showing the following
banner m o td # command:
R1 (config) # banner m o td #
Enter TEXT message. End with the character #.
*****
WARNING!! Unauthorized Access Prohibited! !
*****
#
Page 3:
There are multiple ways to access a device to perform configuration tasks. One of these ways is
to use a PC attached to the console port on the device. This type of connection is frequently used
for initial device configuration.
Setting a password for console connection access is done in global configuration mode. These
commands prevent unauthorized users from accessing user mode from the console port.
Route(config)# line console 0
Router(config)# password [password]
Router(config)# login
When the device is connected to the network, it can be accessed over the network connection.
When the device is accessed through the network, it is considered a vty connection. The
password must be configured on the vty port.
Route(config)# line vty 0 4
Router(config)# password [password]
Router(config)# login
0 4 represents 5 simultaneous in-band connections. It is possible to set a different password for

each connection by specifing specific line connection numbers, such as line vty 0.
To verify that the passwords are set correctly, use the show running-config command. These
passwords are stored in the running-configuration in clear text. It is possible to set encryption on
all passwords stored within the router so that they are not easily read by unauthorized
individuals. The global configuration command service password-encryption ensures that all
passwords are encrypted.
Remember, if the running configuration is changed, it must be copied to the startup configuration
file or the changes are lost when the device is powered down. To copy the changes made to the
running configuration back to the stored startup configuration file, use the copy run start
command.

The diagram depicts an example of a basic router configuration, including the following types of
commands: console password, which is the password for a host with an out-of-band direct
connection to the router console port, virtual terminal password, which is the password for a host
with an in-band connection to a router over the network, and perform password encryption.
Console Password Router (config) # line console 0

Router (config-line) # password cisco
Router (config-line) # login
Virtual Terminal Password Router (config) # line v t y 0 4

Router (config-line) # password cisco
Router (config-line) # login
Perform Password Encryption
Router (config) # service password-encryption
Page 4:
Use Cisco IOS CLI to perform an initial router configuration.

Link to Packet Tracer Exploration: Performing an Initial Router Configuration.
5.3.5 Configuring An Interface
Page 1:
To direct traffic from one network to another, router interfaces are configured to participate in
each of the networks. A router interface connecting to a network will typically have an IP
address and subnet mask assigned that is within the host range for the connected network.
There are different types of interfaces on a router. Serial and Ethernet interfaces are the most
common. Local network connections use Ethernet interfaces.
WAN connections require a serial connection through an ISP. Unlike Ethernet interfaces, serial
interfaces require a clock signal to control the timing of the communications, called a clock rate.
In most environments, data communications equipment (DCE) devices, such as a modem or
CSU/DSU, provide the clock rate.
When a router connects to the ISP network using a serial connection, a CSU/DSU is required if
the WAN is digital. A modem is required if the WAN is analog. These devices convert the data
from the router into a form acceptable for crossing the WAN, and convert data from the WAN
into an acceptable format for the router. By default, Cisco routers are data terminal equipment
(DTE) devices. Because the DCE devices control the timing of the communication with the
router, the Cisco DTE devices accept the clock rate from the DCE device.
Though uncommon, it is possible to connect two routers directly together using a serial
connection. In this instance, no CSU/DSU or modem is used, and one of the routers must be
configured as a DCE device to provide clocking. If the router is connected as the DCE device, a
clock rate must be set on the router interface to control the timing of the DCE/DTE connection.
5.3.5 - Configuring An Interface

The diagram depicts a router (D T E) connected to a CSU /DSU (D C E) which connects to
another CSU /DSU (D C E) across the Internet via a transmission line. The second CSU /DSU
(D C E) connects to a second router (D T E).
Page 2:
Configuring an interface on the router must be done in global configuration mode. Configuring
an Ethernet interface is very similar to configuring a serial interface. One of the main differences
is that a serial interface must have a clock rate set if it is acting as a DCE device.
The steps to configure an interface include:
Step 1. Specify the type of interface and the interface port number.
Step 2. Specify a description of the interface.
Step 3. Configure the interface IP address and subnet mask.
Step 4. Set the clock rate, if configuring a serial interface as a DCE.
Step 5. Enable the interface.
After an interface is enabled, it may be necessary to turn off an interface for maintenance or
troubleshooting. In this case, use the shutdown command.
When configuring the serial interface on a 1841, the serial interface is designated by 3 digits,
C/S/P, where C=Controller#, S=Slot# and P=Port#. The 1841 has two modular slots. The
designation Serial0/0/0 indicates that the serial interface module is on controller 0, in slot 0, and
that the interface to be used is the first one (0). The second interface is Serial0/0/1. The serial
module is normally installed in slot 0 but may be installed in slot 1. If this is the case, the
designation for the first serial interface would be Serial0/1/0 and the second would be
Serial0/1/1.
For built in ports, such as the FastEthernet ports the designation is 2 digits, C/P, where
C=Controller#, and P=Port#. The designation Fa0/0 represents controller 0 and interface 0.

The diagram depicts basic configuration commands for a FastEthernet and Serial interface:
Router (config) # interface fastethernet 0 /0

Router (config-if) # description connection to Admin LAN
Router (config-if) # IP address 192.168.2.1 255.255.255.0
Router (config-if) # no shutdown
Router (config-if) # exit
Router (config) # interface serial 0 /0 /0
Router (config-if) # description connection to Router 2
Router (config-if) # IP address 192.168.1.125 255.255.255.0
Router (config-if) # clock rate 64000

On serial links that are directly interconnected, as in a lab environment, one side must be
considered a D C E and provide a clocking signal. The clock is enabled and speed is specified
with the clock rate command. The available clock rates in bits per second are 1200, 2400, 9600,
19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000,
2000000, or 4000000. Some bit rates might not be available on certain serial interfaces. This
depends on the capacity of each interface. The commands that are used to set a clock rate and
enable a serial interface are in the diagram.
Page 3:
E-Lab Activity
Configure the serial interfaces on two routers.
Click the icon to begin.

Link to E-Lab: Configuring a Serial Interface on Routers for Communication.
Page 4:
Configure the Ethernet and Serial interfaces of a router.

Link to Packet Tracer Exploration: Configuring Ethernet and Serial Interfaces.
Page 5:
Lab Activity
Configure basic settings on a router using the Cisco IOS CLI.

Link to Hands-on Lab: Configuring Basic Router Settings with the Cisco I O S C L I.
5.3.6 Configuring a Default Route
Page 1:
A router forwards packets from one network to another based on the destination IP address
specified in the packet. It examines the routing table to determine where to forward the packet to
reach the destination network. If the router does not have a route to a specific network in its
routing table, a default route can be configured to tell the router how to forward the packet. The
default route is used by the router only if the router does not know where to send a packet.
Usually, the default route points to the next hop router on the path to the Internet. The
information needed to configure the default route is the IP address of the next hop router, or the
interface that the router uses to forward traffic with an unknown destination network.
Configuring the default route on a Cisco ISR must be done in global configuration mode.
Router(config)# ip route 0.0.0.0 0.0.0.0 [next-hop-IP-address]
or
Router(config)# ip route 0.0.0.0 0.0.0.0 [interface-type] [number]
5.3.6 - Configuring a Default Route

The diagram depicts the configuration of a default route.
Router 1 S 0 /0 /0 interface, with IP address 192.168.1.4, is connected to Router 2 S 0 /0 /1

interface, with IP address 192.168.1.5.
Configure a Default Route

Router 1 (config) # IP route 0.0.0.0 0.0.0.0 192.168.1.5
OR
Router 1 (config) # IP route 0.0.0.0 0.0.0.0 S 0 /0 /0
Page 2:
Configure a default route on routers in a medium-sized business network topology.
5.3.6 - Configuring a Default Route

Link to Packet Tracer Exploration: Configuring a Default Route.
5.3.7 Configuring DHCP Services
Page 1:
The Cisco IOS CLI can be used to configure a router to function as a DHCP server.
Using a router configured with DHCP simplifies the management of IP addresses on a network.
The administrator needs to update only a single, central router when IP configuration parameters
change. Configuring DHCP using the CLI is a little more complex than configuring it using
SDM.
There are eight basic steps to configuring DHCP using the CLI.
Step 1. Create a DHCP address pool.
Step 2. Specify the network or subnet.
Step 3. Exclude specific IP addresses.
Step 4. Specify the domain name.
Step 5. Specify the IP address of the DNS server.
Step 6. Set the default gateway.
Step 7. Set the lease duration.
Step 8. Verify the configuration.
5.3.7 - Configuring DHCP Services

The diagram depicts eight steps used to configure DHCP services.
Step 1: Create DHCP Address Pool

Router (config) # ip dhcp pool LAN-address
Router (dhcp-config) #
Navigate to the privileged EXEC mode, enter the password if prompted and then enter the global
configuration mode. Now create a name for the DHCP server address pool. More than one
address pool can exist on a router. The Cisco I O S C L I will enter the DHCP pool configuration
mode. Use these commands:
Router> enable
Router(dhcp-config) #
This example created an address pool named LAN-address.
Step 2: Specify the Network or Subnet

Router (dhcp-config) # network 172.16.0.0 255.255.0.0
Specify the network or subnet network number and the subnet mask of the DHCP address pool.
Use this command:
Router (dhcp-config) # network 172.16.0.0 255.255.0.0
Depending on the version of I O S, the subnet mask may also be specified using the prefix
convention /16.
Step 3: Exclude IP Addresses

Router (config) # ip dhcp excluded-address 172.16.1 .100 172.16.1 .103
Recall that the DHCP server assumes that all other I P addresses in a DHCP address pool subnet
are available for assigning to DHCP clients. Exclude addresses from the pool so the DHCP
server does not allocate those I P addresses. If a range of addresses is to be excluded, only the
starting address and ending address need to be entered. Use this command:
Router (config) # ip dhcp excluded-address 172.16.1 .100 172.16.1 .103

The example shown excludes the four addresses, 172.16.1 .100, 172.16.1 .101, 172.16.1 .102,
and 172.16.1 .103 from being given out to hosts by DHCP. These addresses can be statically
assigned by the administrator.
Step 4: Specify the Domain Name

Router (dhcp-config) # domain-name cisco.com
Now specify the domain name for the client. Use this command:
Router(dhcp-config)# domain-name cisco.com
Clients in this example will receive the domain name cisco.com as part of their DHCP
configuration. Domain name is an optional DHCP configuration parameter and is not necessary
for DHCP to function. The network administrator can provide information as to whether or not a
domain name is necessary.
Step 5: DNS Server IP Address

Router (dhcp-config) # dns-server 172.16.1 .103 172.16.2 .103
Now specify the IP address of a DNS server that is available to a DHCP client. One P address is
required. Up to eight IP addresses can be configured on one line. If listing more than one DNS
Server list the servers in order of importance. Use this command:
Router (dhcp-config) # dns-server 172.16.1 .103 172.16.2 .103
In this example, there are two DNS servers that clients can use, a primary server and a secondary
server. At least one DNS server must be configured for hosts to resolve host names and U RLs in
order to access services on the network.
Step 6: Set the Default Gateway

Router (dhcp-config) # default-router 172.16.1 .100
Now specify the IP address of the default router for the DHCP clients on the network. Typically
this will be the LAN I P of the router. This command will set the default gateway for the client
devices on the network that will be using DHCP. After a DHCP client has booted, the client
begins sending packets to its default router. The IP address must be on the same subnet as the
client I P addresses given out by the router. One I P address is required. Use this command:
Router (dhcp-config) # default-router 172.16.1 .100
Clients in this example use the router interface 172.16.1 .100 as their default gateway.
Step 7: Set the Lease Duration

Router (dhcp-config) # lease {days [hours] [minutes] | infinite}
Router (dhcp-config) # end
DHCP gives out IP address information each time a host powers on and connects to the network.
The default time that a client IP address is reserved for a specific host is one day. If the host does
not renew its address, then the reservation ends and the IP address is again available to be given
out through DHCP. It is possible to change the lease timer to a longer period of time, if
necessary. This is the last step in configuring a DHCP service on a router. Use the end command
to finish the DHCP configuration and return to the Global configuration mode. Use these
commands:
Router (dhcp-config) # lease {days [hours] [minutes] | infinite}
Router (dhcp-config) # end
Step 8: Verify the Configuration

Router# show running-config
Verify the DHCP configuration by viewing the running-configuration. To do this use the
command:
Router # show running-config
Here is an example of the DHCP part of the configuration running on a DHCP enabled router:
ip dhcp pool LAN-addresses

domain-name cisco.com
network 172.16.0.0 255.255.0.0
ip dhcp excluded-address 172.16.1 .100 172.16.1 .103
dns-server 172.16.1 .103 172.16.2 .103
default-router 172.16.1 .100
lease infinite
When the configuration is correct, copy the running-configuration to the startup-configuration.
Page 2:
Configure a router as a DHCP server for attached clients.

Link to Packet Tracer Exploration: Configuring a Cisco Router as a DHCP server
Page 3:
Lab Activity
Use the Cisco SDM and IOS CLI to configure a router as a DHCP server.

Link to Hands-on Lab: Configuring DHCP with SDM and the Cisco I O S C L I
5.3.8 Configuring Static NAT Using Cisco IOS CLI
Page 1:
NAT enables hosts with internal private addresses to communicate on the Internet. When
configuring NAT, at least one interface must be configured as the inside interface. The inside
interface is connected to the internal, private network. Another interface, usually the external
interface used to access the Internet, must be configured as the outside interface. When devices
on the internal network communicate out through the external interface, the addresses are
translated to one or more registered IP addresses.
There are occasions when a server located on an internal network must be accessible from the
Internet. This accessibility requires that the server has a specific registered address that external
users can specify. One way to provide this address to an internal server is to configure a static
translation.
Static NAT ensures that addresses assigned to hosts on the internal network are always translated
to the same registered IP address.
Configuring NAT and static NAT using the Cisco IOS CLI requires a number of steps.
Step 1. Specify the inside interface.

Step 2. Set the primary IP address of the inside interface.
Step 3. Identify the inside interface using the ip nat inside command.
Step 4. Specify the outside interface.
Step 5. Set the primary IP address of the outside interface.
Step 6. Identify the outside interface using the ip nat outside command.
Step 7. Define the static address translation.
Step 8. Verify the configuration.
5.3.8 - Configuring Static NAT Using Cisco I O S C L I

The diagram depicts the steps used to configure static NAT using Cisco I O S C L I.
Step 1: Specify the inside interface

To begin configuring NAT services on a Cisco router navigate to the privileged EXEC mode,
enter the password if prompted to and then enter the global configuration mode. Specify which
interface is connected to the inside local network. Doing this enters the interface configuration
mode. Use these commands:
Router> enable
Router# configure terminal
Step 2: Set the primary IP address of the inside interface

Router (config-if) # ip address 172.31.232.182 255.255.255.0
Use this command to set the primary IP address for the inside interface:
Step 3: Identify the inside interface using the IP nat inside command
Router (config-if) # ip nat inside
Now identify this interface as the interface connected to the inside of the network and then exit
the configuration of the inside interface and return to configuration mode. Use these commands:
Router (config-if) # ip nat inside
Step 4: Specify the outside interface

Router (config) # interface serial 0 /0
Configure the outside interface. Specify the interface connecting to the Internet Service Provider
and return to the interface configuration mode. Use this command:
Step 5: Set the primary IP address of the outside interface

Now identify this interface as the interface connected to the outside of the network and then exit
the configuration of the outside interface and return to configuration mode. Use these commands:
Step 6: Identify the outside interface using the IP nat outside command
Router (config-if) # ip nat outside
Now identify this interface as the interface connected to the outside of the network and then exit
the configuration of the outside interface and return to configuration mode. Use these commands:
Router (config-if) # ip nat outside

Step 7: Define the static address translation

Router (config) # ip nat inside source static 172.31.232.14 209.165.202.130
Router (config) # exit
Use this command to create the translation:

Router (config) # I P nat inside source static 172.31.232.14 209.165.202.130
In this example, a server with the inside address 172.31.232.14 is always translated to the
external address 209.165.202.130. Use this command to create the translation. When finished,
exit the global configuration mode.
Step 8: Verify the configuration

show running-config
Verify the static NAT configuration. Use this command:

show running-config
Here is an example:
interface fastethernet 0 /0
ip address 172.31.232.182 255.255.255.0
ip nat inside
interface serial 0 /0
ip address 209.165.201.1 255.255.255.252
ip nat outside
ip nat inside source static 172.31.232.14 209.165.202.130
Be sure to save the running-configuration to the startup-configuration.
Page 2:
There are several router CLI commands to view NAT operations for verification and
troubleshooting.
One of the most useful commands is show ip nat translations. The output displays the detailed
NAT assignments. The command shows all static translations that have been configured and any
dynamic translations that have been created by traffic. Each translation is identified by protocol
and its inside and outside local and global addresses.
The show ip nat statistics command displays information about the total number of active
translations, NAT configuration parameters, how many addresses are in the pool, and how many
have been allocated.
Additionally, use the show run command to view NAT configurations.
By default, if dynamic NAT is configured, translation entries time out after 24 hours. It is
sometimes useful to clear the dynamic entries sooner than 24 hours. This is especially true when
testing the NAT configuration. To clear dynamic entries before the timeout has expired, use the
clear ip nat translation * command in the enable mode. Only the dynamic translations are
removed from the table. Static translations cannot be cleared from the translation table.

The diagram depicts a man sitting at his workstation verifying NAT operations by entering the
show I P nat translations and using the router C L I interface.
The output from the show IP nat statistics command displays detailed NAT assignments. The
command shows all static translations that have been configured and any dynamic translations
that have been created by traffic. Each translation is identified by a protocol, and its inside and
outside local and global addresses.
The show IP nat statistics command displays information about the total number of active
translations, NAT configuration parameters, how many addresses are in the pool, and how many
have been allocated.
Page 3:
Configure static NAT on a router.

Link to Packet Tracer Exploration: Configuring Static NAT on a Cisco Router.
Page 4:
Lab Activity
Configure PAT using Cisco SDM and static NAT using Cisco IOS CLI.

Link to Hands-on Lab: Configuring PAT with SDM and Static NAT using Cisco I O S
Commands.
5.3.9 Backing Up a Cisco Router Configuration
Page 1:
After a router is configured, the running configuration should be saved to the startup
configuration file. It is also a good idea to save the configuration file in another location, such as
a network server. If the NVRAM fails or becomes corrupt and the router cannot load the startup
configuration file, another copy is available. There are multiple ways that a configuration file can
be saved.
One way configuration files can be saved to a network server is using TFTP. The TFTP server
must be accessible to the router via a network connection.
Step 1. Enter the copy startup-config tftp command.

Step 2. Enter the IP address of the host where the configuration file will be stored.
Step 3. Enter the name to assign to the configuration file or accept the default.
Step 4. Confirm each choice by answering yes.
The running configuration can also be stored on a TFTP server using the copy running-config
tftp command.
To restore the backup configuration file, the router must have at least one interface configured
and be able to access the TFTP server over the network.
Step 1. Enter the copy tftp running-config command.
Step 2. Enter the IP address of the remote host where the TFTP server is located.
Step 3. Enter the name of the configuration file or accept the default name.
Step 4. Confirm the configuration filename and the TFTP server address.
Step 5. Using the copy run start command, copy the running-configuration to the startup-
configuration file to ensure that the restored configuration is saved.
When restoring your configuration, it is possible to copy the tftp file to the startup configuration
file. However, this does require a router reboot in order to load the startup configuration file into
the running configuration.
5.3.9 - Backing Up a Cisco Router Configuration

The diagram depicts the process of copying the configuration to and from a TFTP server by
saving and restoring a configuration.
Saving a Configuration HyperTerminal window
Router # copy startup-config tftp

Address or name of remote host [ ]? 10.1 0.10.1
Destination filename [router-config]? tokyo.2
Write file tokyo.2 to 10.1 0.10.1 [confirm]
Writing tokyo.2 !!!!!! [OK]
Router #
Restoring a Configuration HyperTerminal window

Router # copy tftp running-config
Address or name of remote host [ ]? 131.108.2.155
Source filename [ ]? tokyo.2
Destination filename [running-config]? y
Accessing tftp://131.108.2.155/ tokyo.2
Page 2:
Another way to create a backup copy of the configuration is to capture the output of the show
running-config command. To do this from the terminal session, copy the output, paste it into a
text file, and then save the text file.
The following steps are used to capture the configuration from a HyperTerminal screen.
Step 1. Select Transfer.
Step 2. Select Capture Text.
Step 3. Specify a name for the text file to capture the configuration.
Step 4. Select Start to start capturing text.
Step 5. Use the show running-config command to display the configuration on the screen.
Step 6. Press the spacebar when each "-More -" prompt appears.
After the complete configuration has been displayed, the following steps stop the capture.
Step 1. Select Transfer.
Step 2. Select Capture Text.
Step 3. Select Stop.
After the capture is complete, the configuration file must be edited to remove extra text, such as
the "building configuration" Cisco IOS message. Also, the no shutdown command must be
added to the end of each interface section. Click File > Save to save the configuration. The
configuration file can be edited from a text editor such as Notepad.
The backup configuration can be restored from a HyperTerminal session. Before the
configuration is restored, any other configurations should be removed from the router using the
erase startup-config command at the privileged EXEC prompt. The router is then restarted
using the reload command.
The following steps copy the backup configuration to the router.
Step 1. Enter router global configuration mode.
Step 2. Select Transfer > Send Text File in HyperTerminal.
Step 3. Select the name of the file for the saved backup configuration.
Step 4. Restore the startup configuration with the copy run start command

The diagram depicts a Hyper Terminal window with the Transfer dropdown selected, then
Capture Text, then Stop, to stop menu item open. Output from commands previously entered are
captured.
Page 3:
Back up the running configuration to a TFTP server.

Link to Packet Tracer Exploration: Backing Up a Cisco Router Configuration to a TFTP Server.
Page 4:
Lab Activity
Use HyperTerminal to save and load the running configuration.

Link to Hands-on Lab: Managing Router Configuration Files Using HyperTerminal.
Page 5:
Lab Activity
Use TFTP to save and load the running configuration.

Link to Hands-on Lab: Managing Router Configuration Files Using TFTP
5.4 Connecting the CPE to the ISP
5.4.1 Installing the CPE
Page 1:
One of the main responsibilities of an on-site network technician is to install and upgrade
equipment located at a customer home or business. Network devices installed at the customer
location are called customer premises equipment (CPE) and include devices such as routers,
modems, and switches.
The installation or upgrade of a router can be disruptive for a business. Many businesses rely on
the Internet for their correspondence and have e-commerce services that must be accessed during
the day. Planning the installation or upgrade is a critical step in ensuring successful operation.
Additionally, planning enables options to be explored on paper, where it is easy and inexpensive
to correct errors.
The ISP technical staff usually meets with business customers for planning. During planning
sessions, the technician determines the configuration of the router to meet customer needs and
the network software that may be affected by the new installation or upgrade.
The technician works with the IT personnel of the customer to decide which router configuration
to use and to develop the procedure that verifies the router configuration. From this information,
the technician completes a configuration checklist.
The configuration checklist provides a list of the most commonly configured components. It
typically includes an explanation of each component and the configuration setting. The list is a
tool for ensuring that everything is configured correctly on new router installations. It is also
helpful for troubleshooting previously configured routers.
There are many different formats for configuration checklists, including some that are quite
complex. ISPs should ensure that support technicians have, and know how to use, router
configuration checklists.
5.4.1 - Installing the C P E

The diagram depicts blank work order form with a brief description of the following fields.
Date and Work Order

Used to record the date that the configuration checklist is issued
Used to record a number used to track the contract work
ISP Contact
The name and telephone number of the ISP representative if any questions or concerns arise
Customer
The name of the company or customer.
Customer Contact
The name and telephone number of the person at the customer site responsible for the project.
Router Manufacturer and Model
The router manufacturer and model number
Router Serial Number
The router serial number
Configured Basic Parameters
Check here to confirm that basic router parameters are configured.
Cisco SDM can be used to configure basic parameters, if supported by the device.
Configured Global Parameters
Check here to confirm that the global parameters are configured.
Including: host name of the router, a privilege mode password, and disabling the router from
recognizing typing mistakes as commands.
Configured Fast Ethernet LAN Interfaces
Check here to confirm that the Fast Ethernet LAN interfaces have been configured.
Configured WAN Interfaces
Check here to confirm that the WAN interfaces have been configured
Configured Command-Line Access to the Router
Check here to confirm that the parameters used to control Cisco I O S C L I access to the router
have been configured.
This includes: the interval of time that the EXEC command interpreter waits until user input is
detected.
Configured Static Routes
Check here to confirm that the static routes are configured.
An ISP may use a separate sheet to detail each static route configured.
Static routes are manually configured on the router and must be changed manually if new routes
are required.
Configured Dynamic Routing Protocols
Check here to confirm that the dynamic routing protocols are configured.
In dynamic routing, the network protocol adjusts the path automatically, based on network traffic
or topology. Changes in dynamic routes are shared with other routers in the network.
Configured Security Features
Check here to confirm that security features on the router are configured.
The Cisco SDM configuration tool makes it easy to configure the basic security features.
To configure security features using the Cisco I O S C L I requires an in-depth knowledge of the
Cisco I O S security commands.
Page 2:
When new equipment is required, the devices are typically configured and tested at the ISP site
before being installed at the customer site. Anything that is not functioning as expected can be
replaced or fixed immediately. If a router is being installed, the network technician makes sure
that the router is fully configured and that the router configuration is verified.
When the router is known to be configured correctly, all network cables, power cables,
management cables, manufacturer documentation, manufacturer software, configuration
documentation, and the special tools needed for router installation are assembled. An inventory
checklist is used to verify that all necessary equipment needed to install the router is present.
Usually, the network technician signs the checklist, indicating that everything has been verified.
The signed and dated inventory checklist is included with the router when it is packaged for
shipping to the customer premises.
The router is now ready to be installed by the on-site technician. It is important to find a time that
provides the minimum amount of disruption. It may not be possible to install or upgrade network
equipment during normal business hours. If the installation will cause the network to be down,
the network technician, the ISP sales person, and a representative of the company prepare a
router installation plan. This plan ensures that the customer experiences a minimum of disruption
in service while the new equipment is installed. Additionally, the router installation plan
identifies who the customer contact is and what the arrangements are for access to the site after
business hours. As part of the installation plan, an installation checklist is created to ensure that
equipment is installed appropriately.

The diagram depicts images of the installation planning process with the customer and
installation of the router following the plan.
Page 3:
The on-site network technician must install the router at the customer premises using the router
installation plan and checklist. When installing customer equipment, it is important to complete
the job in a professional manner. This means that all network cables are labeled and fastened
together or run through proper cable management equipment. Excess lengths of cable are coiled
and secured out of the way.
Documentation should be updated to include the current configuration of the router, and network
diagrams should be updated to show the location of the equipment and cables installed.
After the router is successfully installed and tested, the network technician completes the
installation checklist. The completed checklist is then verified by the customer representative.
The verification of the router installation often involves demonstrating that the router is correctly
configured and that services that depend on the router work as expected.
When the customer representative is satisfied that the router has been correctly installed and is
operational, the customer signs and dates the checklist. Sometimes there is a formal acceptance
document in addition to the checklist. This procedure is often called the sign-off phase. It is
critical that the customer representative signs off on the job, because the ISP can then bill the
customer for the work.
The diagram depicts images of the completion of the checklist and review of the installation with
a customer representative. Obtaining the customer acceptance of the new equipment and
approval of the installation is also depicted.
Page 4:
Installation Documentation
When customer equipment is configured and installed on the customer premises, it is important
to document the entire process. Documentation includes all aspects of equipment configuration,
diagrams of equipment installation, and checklists to validate the correct installation. If a new
configuration is needed, the documentation is compared with the previous router configuration to
determine if and how the new configuration has changed. Activity logs are used to track
modifications and access to equipment. Properly maintained activity logs help when
troubleshooting problems.
The technician starts documenting the work during router installation. All cables and equipment
are correctly labeled and indicated on a diagram to simplify future identification.
The technician uses the installation and verification checklist when installing a router. This
checklist displays the tasks to be completed at the customer premises. The checklist helps the
network technician avoid errors and ensures that the installation is done efficiently and correctly.
A copy of the final documentation is left with the customer.

The diagram depicts images related to router installation documentation.
Verify Checklists
Document any installation modifications that were not part of the original installation plan.
Clearly label all cables for future identification. Finally, verify the install by using the installation
checklist.
Update Network Diagrams

Update any network diagrams to include any changes made during the installation. This is an
example of a network diagram created using Microsoft Visio.
Prepare Activity Logs

Use activity logs to document when modifications are made so they can be used to determine if a
configuration activity has contributed to a network problem.
5.4.2 Customer Connections over a WAN
Page 1:
New equipment at the customer site must be connected back to the ISP to provide Internet
services. When customer equipment is upgraded, it is sometimes necessary to also upgrade the
type of connectivity provided by the ISP.
Wide Area Networks
When a company or organization has locations that are separated by large geographical
distances, it may be necessary to use the telecommunications service provider (TSP) to
interconnect the LANs at the different locations. The networks that connect LANs in
geographically separated locations are referred to as wide area networks (WANs).
TSPs operate large regional networks that can span long distances. Traditionally, TSPs
transported voice and data communications on separate networks. Increasingly, these providers
are offering converged information network services to their subscribers.
Individual organizations usually lease connections through the TSP network. Although the
organization maintains all the policies and administration of the LANs at both ends of the
connection, the policies within the communications service provider network are controlled by
the ISP.
ISPs sell various types of WAN connections to their clients. WAN connections vary in the type
of connector used, in bandwidth, and in cost. As small businesses grow, they require the
increased bandwidth offered by some of the more expensive WAN connections. One of the jobs
at an ISP or medium-sized business is to assess what type of WAN connection is needed.
5.4.2 - Customer Connections over a WAN

The diagram depicts two LANs connected via a WAN link using CSU/DSU equipment.
Page 2:
There are three types of serial WAN connections.
Point-to-Point
A point-to-point connection is a predefined communications path from the customer premises
through a TSP network. It is a dedicated circuit with fixed bandwidth available at all time. Point-
to-point lines are usually leased from the TSP. These lines are often called leased lines. Point-to-
point connections are typically the most expensive of the WAN connection types, and are priced
based on the bandwidth required and the distance between the two connected points. An example
of a point-to-point WAN connection is a T1 or E1 link.
Circuit-Switched
A circuit-switched connection functions similarly to the way a phone call is made over a
telephone network. When making a phone call to a friend, the caller picks up the phone, opens
the circuit, and dials the number. The caller hangs up the phone when finished and the closes the
circuit. An example of a circuit-switched WAN connection is an ISDN or dialup connection.
Packet-Switched
In a packet-switched connection, networks have connections into the TSP switched network.
Many customers share this TSP network. Instead of the circuit being physically reserved from
source to destination, as in a circuit-switched network, each customer has its own virtual circuit.
A virtual circuit is a logical path between the sender and receiver, not a physical path. An
example of a packet-switched network is Frame Relay.
5.4.2 - Customer Connections over a WAN

The diagram depicts the following types of WAN connections: point-to-point, circuit-switched,
and packet-switched.
Point-to-Point
A host is connected to a switch which is connected to a router, which is connected to another
router via a WAN link, which is connected to a switch, which is connected to a host.
Circuit-Switched
An I S D N circuit-switched network showing three customer sites connected using D C E
equipment. The I S D N circuit switched network is represented by a cloud of switches with
paths (circuits) connecting the customer sites together. These circuits are established as needed
and disassembled when not.
Packet-Switched
Customer A, Site 1, 2, and 3 and Customer B, Site 1 and 2 are all connected to each other via D
C E equipment. Any of these sites can communicate with any of the other sites. Paths of traffic
flow may not be the same for all packets in a message. The Frame Relay network circuits are
virtual and are shared with other customers.
5.4.3 Choosing a WAN Connection

Page 1:
When choosing a WAN, the decision is largely dependent on the bandwidth and cost of the
WAN connection. Smaller businesses are not able to afford some of the more expensive WAN
connection options, such as SONET or ATM WAN connections. They usually install the less
expensive DSL, cable, and T1 connections. In addition, higher bandwidth WAN connections
may not be available in geographically isolated locations. If the offices supported are close to an
urban center, there are more WAN choices.
Another factor that affects the decision on which WAN to choose is how the business plans to
use the connection. If the business provides services over the Internet, it may require higher
upstream bandwidth. For example, if a business hosts a web server for an e-commerce business,
it needs enough upstream bandwidth to accommodate the number of external customers that visit
its site. On the other hand, if the business uses an ISP to manage its e-commerce site, the
business does not need as much upstream bandwidth.
For some businesses, the ability to get a service level agreement (SLA) with their WAN
connection affects their decision. Less expensive WAN connections like dialup, DSL, and cable
typically do not come with an SLA, whereas more expensive connections do.
5.4.3 - Choosing a WAN Connection

The diagram depicts a table with information about various types of WAN connections.
Connection: Dialup
Bandwidth: Up to 56 Kbps
Cost: Low
Connection: Frame Relay

Bandwidth: 128 Kbps - 512 Kbps
Cost: Low - Medium
Connection: DSL (note 1)

Bandwidth: 128 Kbps -6+ MbpsÃƒÂ‚Ã‚Â¹
Cost: Low
Connection: Cable (note 1)

Bandwidth: 128 Kbps -10+ MbpsÃƒÂ‚Ã‚Â¹
Cost: Low
Connection: Fractional T1
Bandwidth: 64 Kbps - 1.544 Mbps
Cost: Low - Medium
Connection: T1/E1
Bandwidth: 1.544/2.048 Mbps
Cost: Medium
Connection: Fractional T3
Bandwidth: 1.544Mbps - 44.736 Mbps
Cost: Medium - High
Connection: T3/E3
Bandwidth: 44.736/34.368 Mbps
Cost: High
Connection: SONET
Bandwidth: 51.840 Mbps - 9953.280 Mbps
Cost: High - Very High
Connection: ATM
Bandwidth: 622 Mbps
Cost: Very High
* This list is a small subset of available options available from an ISP or Telco provider.
Availability varies by provider and location.
Note: Upstream bandwidth is typically slower than the listed downstream bandwidth
Page 2:
There are many things to consider when planning a WAN upgrade. The ISP initiates the process
by analyzing the customer needs and reviewing the available options. A proposal is then
generated for the customer. The proposal addresses the existing infrastructure, the customer
requirements, and possible WAN options.
Existing Infrastructure
This is an explanation of the current infrastructure being used by the business. It helps the
customer understand how the existing WAN connection provides services to their home or
business.
Customer Requirements
This section of the proposal describes why a WAN upgrade is necessary for the customer. It
outlines where the current WAN connection does not meet the customer needs. It also includes a
list of requirements that the new WAN connection must meet to satisfy the current and future
customer requirements.
WAN Options
This is a list of all the available WAN choices with the corresponding bandwidth, cost, and other
features that are applicable for the business is included in the proposal. The recommended choice
is indicated, including possible other options.
The WAN upgrade proposal is presented to the business decision-makers. They review the
document and consider the options. When they have made their decision, the ISP works with the
customer to develop a schedule and coordinate the WAN upgrade process.

The diagram depicts a man explaining WAN connection options.
Page 3:
Lab Activity
Complete a WAN upgrade plan based on the business scenario presented.

Link to Hands-on Lab: Planning a WAN upgrade
5.4.4 Configuring WAN Connections
Page 1:
How a WAN is configured depends on the type of WAN connection required. Some WAN
connections support Ethernet interfaces. Other WAN connections support serial interfaces.
Leased-line WAN connections typically use a serial connection, and require a channel service
unit and data service unit (CSU/DSU) to attach to the ISP network. The ISP equipment needs to
be configured so that it can communicate through the CSU/DSU to the customer premises.
For a serial connection, it is important to have a preconfigured clock rate that is the same on both
ends of the connection. The clock rate is set by the DCE device, which is typically the
CSU/DSU. The DTE device, typically the router, accepts the clock rate set by the DCE.
The Cisco default serial encapsulation is HDLC. It can be changed to PPP, which provides a
more flexible encapsulation and supports authentication by the remote device.
5.4.4 - Configuring WAN Connections

The diagram depicts a WAN connection between a customer ISR router and customer
CSU/DSU, and between an ISP ISR router and an ISP CSU/DSU using P P P encapsulation.
Customer Cisco ISR router connects to a customer CSU/DSU, which is connected to a WAN
cloud. The WAN cloud connects to ISP CSU/DSU, which is connected to the ISP Cisco ISR
Router.
Customer Cisco ISR Router

Router > enable
Enter configuration commands, one per line. End with CNTL/Z,
Router (config-if) # encapsulation ppp
ISP Cisco ISR Router

Router > enable
Enter configuration commands, one per line. End with CNTL/Z,
Router (config-if) # encapsulation ppp
Page 2:
Configure a serial WAN connection from a Cisco ISR to a CSU/DSU at an ISP.
5.4.4 - Configuring WAN Connections

Link to Packet Tracer Exploration: Configuring a PPP Connection Between a Customer and an
ISP .
5.5 Initial Cisco 2960 Switch Configuration

5.5.1 Standalone Switches
Page 1:
Although the integrated swith module of the 1841 ISR is adequate for connecting a small number
of hosts to the LAN, it may be necessary to add larger, more capable switches to support
additional users as the network grows.
A switch is a device that directs a stream of messages from one port to another based on the
destination MAC address within the frame. A switch cannot route traffic between two different
local networks. In the context of the OSI model, a switch performs Layer 2 functions. Layer 2 is
the Data Link Layer.
Several models of Ethernet switches are available to meet various user requirements. The Cisco
Catalyst 2960 Series Ethernet switch is designed for the networks of medium-sized businesses
and branch offices.
The Catalyst 2960 Series of switch are fixed-configuration, standalone devices that do not
support modules or flash card slots. Because the physical configuration cannot change, fixed-
configuration switches must be chosen based on the required number and type of ports. 2960
Series switches can provide 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity.
These switches use Cisco IOS software and can be configured using a GUI-based Cisco Network
Assistant or through the CLI.
5.5.1 - Standalone Switches

The diagram depicts several switches and information about each.
Cisco 2960 Fast Ethernet Switch

8 Fast Ethernet ports
One dual purpose Gigabit Ethernet uplink port
The Gigabit Ethernet uplink port can support a 10 /100 /1000 copper cable or a fiber based S F P
connector.
This switch does not require a fan
Cisco 2960 Gigabit Ethernet Switch

7 Gigabit Ethernet ports
One dual purpose Gigabit Ethernet uplink port
The Ethernet uplink port can support a 10 /100 /1000 copper cable or a fiber based small form-
factor pluggable (S F P) connector.
This switch does not require a fan
Cisco Catalyst 2960-24TT

24 10 /100 ports
2 10 /100 /1000 uplink ports
Cisco Catalyst 2960-24TC

24 10 /100 ports
2 dual-purpose uplink ports
Cisco Catalyst 2960-48TT

48 10 /100 ports
2 10 /100 /1000 uplink ports
Cisco Catalyst 2960-48TC

44 10 /100 /1000 ports
Cisco Catalyst 2960G-24TC

24 10 /100 /1000 ports
Cisco Catalyst 2960G-48TC

44 10 /100 /1000 ports
Page 2:

The diagram depicts the front and rear view of a switch. Brief descriptions are given for various
components of the switch.
2960 Series Switch

Cisco Catalyst 2960 Series Intelligent Ethernet Switches are suitable for small and medium-sized
networks. They provide 10 /100 Fast Ethernet and 10 /100 /1000 Gigabit Ethernet LAN
connectivity.
Front View
Status L E D's
SYST L E D
Shows whether the system is receiving power and is working properly.
Green: The system is working properly.
Amber: The system is receiving power but is not working properly.
RPSLED
The redundant power system (R P S) L E D shows the R P S status.
Green: The R P S is connected and ready to provide back-up power, if required.
Blinking green: The R P S is connected but is unavailable because it is providing power to
another device.
Amber: The R P S is in standby mode or in a fault condition.
Blinking amber: The internal power supply in a switch has failed, the R P S is providing power
to the switch.
Mode Button and Port Status L E D

Port L E D's display information about the switch and about the individual ports.
Mode Button
The mode button is used to select one of the port modes: status mode, duplex mode, or speed
mode. To select or change a mode, press the Mode button until the desired mode is highlighted.
The purpose of the L E D is dependent upon the port mode setting.
Port Status, or STAT, the Default Port Mode

Off: No link, or port was administratively shut down.
Green: Link present.
Blinking green: Port is transmitting or receiving data.
Alternating green-amber: Link fault. Error frames can affect connectivity, and errors such as
excessive collisions, C R C errors, and alignment and jabber errors are monitored for a link-fault
indication.
Amber: Port is blocked by Spanning Tree Protocol (S T P) and is not forwarding data.
Blinking amber: Port is blocked by STP but continues to transmit and receive inter-switch
information messages.
Duplex L E D
Port duplex mode, or D U P L X, is either full duplex or half duplex.
Off: Port is operating in half duplex.
Green: Port is operating in full duplex.
Speed L E D
SPEED mode: The 10 /100 ports, 10 /100 /1000 ports and S P F module ports operating speeds.
For 10 /100 ports:

Off: Port is operating at 10 Mbps
Green: Port is operating at 100 Mbps.
For 10 /100 /1000 ports:
Off: Port is operating at 10 Mbps.
Green: Port is operating at 100 Mbps.
Blinking green: Port is operating at 1000 Mbps.
10 /100 and 10 /100 /1000 Ports

The 10 /100 Ethernet ports can be set to support speeds of 10 or 100 Mbps. The 10 /100 /1000
ports operate at 10, 100, or 1000 Mbps
S F P Ports
A Gigabit capable Ethernet S F P port can be used to support fiber and copper transceivers
modules. The fiber transceivers support fiber-optic cables. The copper transceivers support
Category 5 cables with R J-45 connectors.
The ability to plug into the Gigabit Ethernet S F P ports allows the fiber and copper transceivers
to be easily replaceable in the field should a connection go bad.
Rear View
All of the Ethernet ports are located on the front of the 2960. The back of the 2960 contains the
power plug, the console port, and the fan ventilation.
Console Port
Used to connect the switch to a PC by means of a R J-45-to-D B-9 cable.
Used for out-of-band management tasks.
Page 3:
All switches support both half-duplex or full-duplex mode.
When a port is in half-duplex mode, at any given time, it can either send or receive data but not
both. When a port is in full-duplex mode, it can simultaneously send and receive data, doubling
the throughput.
Both the port and the connected device must be set to the same duplex mode. If they are not the
same, a duplex mismatch occurs, which can lead to excessive collisions and degraded
communication.
The speed and duplex can be set manually, or the switch port can use autonegotiation.
Autonegotiation allows the switch to autodetect the speed and duplex of the device that is
connected to the port. Autonegotiation is enabled by default on many Cisco switches.
For autonegotiation to be successful, both devices must support it. If the switch is in
autonegotiation mode and the connected device does not support it, the switch uses the speed of
the other device (10, 100, or 1000) and is set to half-duplex mode. Defaulting to half duplex can
create problems if the non-autonegotiating device is set to full duplex.
If the connected device does not autonegotiate, manually configure the duplex settings on the
switch to match the duplex settings on the connected device. The speed parameter can adjust
itself, even if the connected port does not autonegotiate.

The diagram depicts a half-duplex and a full-duplex transmission.
Half-Duplex
A server and a switch exchange information. Only one device can send at any one time.
Full-Duplex
A server and a switch- exchange information. Both devices can send and receive at the same
time.
Page 4:
Switch settings, including the speed and duplex port parameters, can be configured using the
Cisco IOS CLI. When configuring a switch using the Cisco IOS CLI, the interface and command
structure is very similar to the Cisco routers.
As with the Cisco routers, there is a variety of choices for the Cisco IOS image for switches. The
IP-base software image is supplied with the Cisco Catalyst 2960 switch. This image provides the
switch with basic switching capabilities and IP services. Other Cisco IOS software images
supply additional services to the IP-base image.

The diagram depicts Image of a flowchart. IP Services provided by the IP Base flow to
Enterprise Services and Advanced IP Services, which then both flow to Advanced Enterprise
Services.
5.5.2 Power Up the Cisco 2960 Switch
Page 1:
Powering up a Cisco 2960 switch is similar to powering up a Cisco 1841 ISR.
The three basic steps for powering up a switch include:
Step 1. Check the components.
Step 2. Connect the cables to the switch.
Step 3. Power up the switch.
When the switch is on, the power-on self-test (POST) begins. During POST, the LEDs blink
while a series of tests determine that the switch is functioning properly.
POST is completed when the SYST LED rapidly blinks green. If the switch fails POST, the
SYST LED turns amber. When a switch fails POST, it is necessary to return the switch for
repairs.
When all startup procedures are finished, the Cisco 2960 switch is ready to configure.
5.5.2 - Power Up the Cisco 2960 Switch

The diagram depicts steps to power up a switch.
Step 1 - Check the Components
Ensure all the components that came with the Cisco 2960 switch are available. These include the
console cable, power cord, Ethernet cable, and switch documentation.
Step 2 - Connect the Cables to the Switch

Connect the PC to the switch with a console cable and start a terminal emulation session.
Connect the A C power cord to the switch and to a grounded A C outlet.
Step 3 - Power up the switch

Some Cisco switch models do not have an on/off switch. The 2960 switch powers up as soon as
the power cord is connected to the electrical power.
Page 2:
Lab Activity
Power up a Cisco 2960 switch.
5.5.2 - Power Up the Cisco 2960 Switch

Link to Hands-on Lab: Powering Up a Switch.
5.5.3 Initial Switch Configuration
Page 1:
There are several ways to configure and manage a Cisco LAN switch.
• Cisco Network Assistant

• Cisco Device Manager
• Cisco IOS CLI
• CiscoView Management Software
• SNMP Network Management Products
Some of these methods use IP connectivity or a web browser to connect to the switch, which
requires an IP address. Unlike router interfaces, switch ports are not assigned IP addresses. To
use an IP-based management product or Telnet session to manage a Cisco switch, it is necessary
to configure a management IP address on the switch.
If the switch does not have an IP address, it is necessary to connect directly to the console port
and use a terminal emulation program to perform configuration tasks.
5.5.3 - Initial Switch Configuration

The diagram depicts brief descriptions of various network management options.
Cisco Network Assistant

PC-based network management G U I application optimized for LANs of small and medium-
sized businesses
Offers centralized management of Cisco switches through a user-friendly G U I
Used to configure and manage groups of switches or standalone switches
Available at no cost and can be downloaded from Cisco website
Device Manager
Web browser based software that is stored in the switch memory
Web interface that offers quick configuration and monitoring
Used to fully configure and monitor a switch
Access through a web browser or by using Telnet or S S H from a remote PC
Cisco I O S C L I
Based on Cisco I O S software and enhanced to support desktop-switching features
Used to fully configure and monitor the switch and members in a group of switches from the C L
I
Access by connecting the PC directly to the switch console port or by using Telnet from a remote
PC
CiscoView
Displays the switch image used to set configuration parameters and to view switch status and
performance information
Purchased separately and it can be a standalone application or part of a Simple Network
Management Protocol (S N M P) platform
Simple Network Management Protocol

Managed from an S N M P-compatible management station
Examples of S N M P-compatible management stations are H P OpenView or SunNet Manager
Typically utilized at large companies
Page 2:
The Cisco Catalyst 2960 switch comes preconfigured and only needs to be assigned basic
security information before being connected to the network.
The commands to configure the host name and passwords on the switch are the same commands
used to configure the ISR. To use an IP-based management product or Telnet with a Cisco
switch, configure a management IP address.
To assign an address to a switch, the address must be assigned to a virtual local area network
VLAN interface. A VLAN allows multiple physical ports to be grouped together logically. By
default, there is one VLAN, preconfigured in the switch, VLAN1, that provides access to
management functions.
To configure the IP address assigned to the management interface on VLAN 1, enter global
configuration mode.
Switch>enable
Switch#configure terminal
Next, enter the interface configuration mode for VLAN 1.
Switch(config)#interface vlan 1
Set the IP address, subnet mask, and default gateway for the management interface. The IP
address must be valid for the local network where the switch is installed.
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 192.168.1.1
Switch(config)#end
Save the configuration by using the copy running-configuration startup-configuration

command.
The diagram depicts C L I commands used to configure some basic switch parameters.
Switch> enable
Switch # configure terminal
Switch (config) # interface v lan 1
Switch (config-if) # ip address 192.168.1.2 255.255.255.0
Switch (config-if) # no shut down
Switch (config-if) # exit
Switch (config) # ip default-gateway 192.168.1.1
Switch (config) # end
Switch # copy running-config startup-config
Page 3:
E-Lab Activity
Configure the basic settings on a Cisco Catalyst switch.

Link to E-Lab: Configuring a Cisco 2960 Switch.
Page 4:
Perform a basic switch configuration.

Link to Packet Tracer Exploration: Performing an Initial Switch Configuration.
5.5.4 Connecting the LAN Switch to the Router
Page 1:
Connect the Switch to the Network
To connect the switch to a router, use a straight-through cable. LED lights on the switch and
router indicate that the connection is successful.
After the switch and router are connected, determine if the two devices are able to exchange
messages.
First, check the IP address configuration. Use the show running-configuration command to
verify that the IP address of the management interface on the switch VLAN 1 and the IP address
of the directly connected router interface are on the same local network.
Then test the connection using the ping command. From the switch, ping the IP address of the
directly connected router interface. Repeat the process from the router by pinging the
management interface IP address assigned to the switch VLAN 1.
If the ping is not successful, verify the connections and configurations again. Check to ensure
that all the cables are correct and that the connections are seated.
After the switch and router are successfully communicating, individual PCs can be connected to
the switch using straight-through cables. These cables can be directly connected to the PCs, or
can be used as part of the structured cabling leading to wall outlets.
5.5.4 - Connecting the LAN Switch to the Router

Hosts H 1, H 2, and H 3 are connected to a 2960-24TT switch. The switch is connected to an
1841 router.
Link between H3 and 2960-24TT Switch

Connect PC's to the switch using a straight-through Ethernet cable.
Green Lights of 2960-24TT Switch

The port lights on the switch will blink green when the connection is up and running.
Link between 1841 and 2960-24TT Switch

Connect the router to the switch using a straight-through Ethernet cable.
Page 2:
Switch ports can be an entry point to the network by unauthorized users. To prevent this,
switches provide a feature called port security. Port security limits the number of valid MAC
addresses allowed per port. The port does not forward packets with source MAC addresses that
are outside the group of defined addresses.
There are three ways to configure port security.
Static
MAC addresses are manually assigned using the switchport port-security mac-address [mac-
address] interface configuration command. Static MAC addresses are stored in the address table
and added to the running configuration.
Dynamic
MAC addresses are dynamically learned and stored in the address table. The number of
addresses learned can be controlled. By default, the maximum number of MAC addresses
learned per port is one. Addresses that are learned are cleared from the table if the port is
shutdown or if the switch is restarted.
Sticky
Similar to dynamic, except that the addresses are also saved to the running configuration.
Port security is disabled by default. If port security is enabled, a violation will result in the port
being shutdown. For example, if dynamic port security is enabled and the maximum number of
MAC addresses per port is one, the first address learned becomes the secure address. If another
workstation attempts to access the port with a different MAC address, a security violation occurs.
There is a security violation when either of these situations occurs:
• The maximum number of secure MAC addresses has been added to the address table, and
a device with a MAC address that is not in the address table attempts to access the
interface.
• An address learned or configured on one secure interface is seen on another secure
interface in the same VLAN.
Before port security can be activated, the port must be set to access mode with the switchport
mode access command.

The diagram depicts the following configuration commands for port security: configure static
port security, configure dynamic port security, and configure sticky port security.
Configure Static Port Security

Cisco I O S C L I Command Syntax
Enter global configuration mode:

S 1 # configure terminal
Specify the type and number of the physical interface to configure, for example fastEthernet F A
0 /18. And enter interface configuration mode: S1 (config) # interface fastEthernet 0 /18
Set the interface mode to: access. An interface in the dynamic desirable default mode cannot be
configured as a secure port:
S 1 (config) # switchport mode access
Enable port security on the interface:

S 1 (config-if) # switchport-security
mac-address
Return to privileged EXEC mode:

S 1 (config-if) # end
Configure Dynamic Port Security

Enter global configuration mode.
Specify the type and number of the physical interface to configure, for example fastEthernet F A
0 /18. And enter interface configuration mode: S 1 (config) # interface fastEthernet 0 /18
Set the interface mode to: access. An interface in the dynamic desirable default mode cannot be
configured as a secure port:
S 1 (config ) # switchport mode access


Configure Sticky Port Security

Enter global configuration mode.
Specify the type and number of the physical interface to configure.

S 1 (config) # interface fastEthernet 0/18
Set the interface mode to: access.

S 1 (config) # switchport mode access

Set the maximum number of secure addresses to 50.

S 1 (config-if) # switchport port-security maximum 50
Enable sticky learning of MAC address

S 1 (config-if) # switchport port-security
Mac-address sticky


Port security is similar to MAC-address filtering on the Linksys device. Only secure MAC
addresses, learned dynamically or manually configured, are permitted to send and receive
messages over the network.
Page 3:
To verify port security settings for the switch or the specified interface, use the show port-
security interface interface-id command. The output displays the following:
• Maximum allowed number of secure MAC addresses for each interface

• Number of secure MAC addresses on the interface
• Number of security violations that have occurred
• Violation mode
Additionally, the show port-security address command displays the secure MAC addresses for
all ports, and the show port-security command displays the port security settings for the switch.
If static port security or sticky port security is enabled, the show running-config command can
be used to view the MAC address associated with a specific port. There are three ways to clear a
learned MAC address that is saved in the running configuration:
• Use the clear port-security sticky interface [port-number] access to clear any learned
addresses. Next, shutdown the port using the shutdown command. Finally, re-enable the
port using the no shutdown command.
• Disable port security using the no switchport port-security interface command. Once
disabled, re-enable port security.
• Reboot the switch.
Rebooting the switch will only work if the running configuration is not saved to the startup
configuration file. If the running configuration is saved to the startup configuration file, that will
eliminate the need for the switch to relearn addresses when the system reboots. However, the
learned MAC address will always be associated with a particular port unless the port is cleared
using the clear port-security command or disabling port security. If this is done, be sure to re-
save the running configuration to the startup configuration file to prevent the switch from
reverting to the original associated MAC address upon reboot.
If there are any ports on a switch that are unused, best practice is to disable them. It is simple to
disable ports on a switch. Navigate to each unused port and issue the shutdown command. If a
port needs to be activated, enter the no shutdown command on that interface.
In addition to enabling port security and shutting down unused ports, other security
configurations on a switch include setting passwords on vty ports, enabling login banners, and
encrypting passwords with the service password-encryption command. For these
configurations, use the same Cisco IOS CLI commands as those used to configure a router.

The diagram depicts terminal windows that contains the information when verifying port security
settings and verifying secure MAC addresses.
Verify Port Security Settings

Switch # show port-security interface fastEthernet 0 /18
The output is available in the Hands-on Lab: Configuring the Cisco 2960 switch.
Verify Secure MAC Addresses

Switch # show port security address
Secure Mac Address Table
V lanMac Address TypePortsRemaining Age (mins)
99050.B A A6.06 C ESecureConfigured F A 0 /18-
Total Addresses in System (excluding one mac per port):0
Max addresses limit in System (excluding one mac per port):8320
Page 4:

Configure and connect the switch to the LAN using a configuration checklist.

Link to Packet Tracer Exploration: Connecting a Switch
Page 5:
Lab Activity
Configure and connect the Cisco 2960 switch.

Link to Hands-on Lab: Configuring the Cisco 2960 Switch
5.5.5 Cisco Discovery Protocol
Page 1:
Cisco Discovery Protocol (CDP) is an information-gathering tool used on a switch, ISR, or

router to share information with other directly connected Cisco devices. By default, CDP begins
running when the device boots up. It then sends periodic messages, known as CDP
advertisements, onto its directly connected networks.
CDP operates at Layer 2 only and can be used on many different types of local networks,
including Ethernet and serial networks. Because it is a Layer 2 protocol, it can be used to
determine the status of a directly connected link when no IP address has been configured, or if
the IP address is incorrect.
Two Cisco devices that are directly connected on the same local network are referred to as being
neighbors. The concept of neighbor devices is important to understand when interpreting the
output of CDP commands.
Information gathered by CDP includes:
• Device identifiers - Configured host name

• Address list - Layer 3 address, if configured
• Port identifier - Directly connected port; for example, serial 0/0/0
• Capabilities list - Function or functions provided by the device
• Platform - Hardware platform of the device; for example, Cisco 1841
The output from the show cdp neighbors and show cdp neighbors detail commands displays
the information that a Cisco device collects from its directly connected neighbors.
Viewing CDP information does not require logging in to the remote devices. Because CDP
collects and displays a lot of information about directly connected neighbors, and no login is
required, it is usually disabled in production networks for security purposes. Additionally, CDP
consumes bandwidth and can impact network performance.
5.5.5 - Cisco Discovery Protocol

The diagram depicts a host, H 2, connected to a switch with network address 172.16.1.0 /24,
which is connected to the F A 0 /0 of router, R 2, with the IP address 172.16.1 .1/ 24. R 2 is
connected via S 0 /0 /0 with the address 172.16.2.2 /24 to S 0 /0 /1 of router R 1 with the address
172.16.2 .1 /24. R 1 is connected via F A 0 /0 with the address 172.16.3.1 /24 to a switch, which
is connected to host, H 1. R 2 is connected via S 0 /0 /1 D C E with the address 192.168.1.2 /24
to router, R 3, with the address 192.168.1.1 /24. R 3 is connected via F A 0 /0 with address
192.168.2.1 /24 to a switch, which is connected to host, H 3.
Show C D P Neighbors
R3 # show c d p neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Hose, I - I GMP, r - Repeater, P - phone
Device IDLocal IntrfceHoldtimeCapabilityPlatformPort ID

Switch F A S 0 /0133S IWS-C2950-2F A S 0 /11
R 2 S e r 0 /0 /149R S I Cisco 1841 S e r 0 /0 /1
Show C D P Neighbors Detail

R 3 # show c d p neighbors detail
Device I D: R 2
Entry address(es):
IP address: 192.168.1.2
Platform: Cisco 1840, Capabilities: Router Switch I G M P
Interface: Serial 0 /0 /1, port ID (outgoing port): Serial 0 /0 /1
Holdtime : 161 sec
Version:
Cisco I S O Software, 1840 Software (C1841-AD V I PSERVICESK-9M), Version 12.4 (10b),
RELEASE SOFTWARE (fc3)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco System, Inc.
Compiled Fri 19-Jun-07 15:15 by prod_rel_team
Advertisement version: 2
VTP Management Domain:
Device ID: s 3
Entry address(es):
Platform: Cisco WS-C2950-24, Capabilities: Switch I G M P
Interface: FastEthernet 0 /0, Port I D (outgoing port): FastEthernet 0 /11
Holdtime : 148 sec
Version:
Cisco Internetwork Operating System Software
I S O c2950 Software (c2950-I6Q4L2-M), Version 12.1 (9) E A1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by Cisco System, Inc.

Compiled Wed 24-Apr-02 06:57 by antonio
Advertisement version: 2
Protocol Hello: OUI=0x0000C, protocol ID=0x0112; payload l e n=27,
Value=00000000FFFFFFFF0
10231FF000000000000000AB769F6C0FF0000
VTP Management Domain: "C C N A3"
Duplex: full
R3#
Show Disabling and Enabling C D P

To disable CDP globally use
R 3 (config) # no c d p run
or, to disable CDP on only an interface

R3 (config-if) # no cdp enable
If C D P is disabled globally, it must be enabled globally and per interface with the following
two commands:
Router (config), c d p run
Router (config-if), c d p enable
Page 2:
Use the CDP show commands to discover information about devices in the network.

5.5.5 - Cisco Discovery Protocol
Link to Packet Tracer Exploration: Using C D P as a Network Discovery Tool
5.6 Chapter Summary
5.6.1 Summary
Page 1:
5.6.1 - Summary
Diagram 1, Image
The diagram depicts the components of a router.
Diagram 1 text
The key components on a Cisco 1841 ISR are:
H WIC slots
Compact flash module
U S B port
Dual 10 /100 fast Ethernet ports
Console and auxiliary ports
System Power L E D
The router bootup process has three stages:

1.Performing the POST.
2.Locating and Loading the I O S software.
3.Locating and executing the startup configuration file.
There are two possible methods to connect a PC to a network device for configuration and
monitoring tasks, in-band and out-of-band management.
Diagram 2, Image
The diagram depicts packaging for Cisco Router and Security Device Manager (SDM), and
Cisco SDM Express software.
Diagram 2 text
Cisco Router and Security Device Manager (SDM) is a graphical user interface (G U I) tool that
can be used to configure, monitor, and maintain Cisco devices. Cisco SDM is the recommended
way to configure a new Cisco ISR.
The Cisco I O S command line interface (C L I) is a text-based program that enables the entering
and executing of Cisco I O S commands to configure, monitor, and maintain Cisco devices. The
Cisco I O S C L I is used for the advanced configuration of Cisco devices and to configure older
devices that do not support SDM.
The configuration checklist job aid is an important tool to help ensure that the customer gets the
configuration they want.
Diagram 3, Image
The diagram depicts a Cisco SDM Express Wizard form.
Diagram 3 text
SDM Express is a tool bundled within the Cisco Router and Security Device Manager that makes
it easy to create a basic router configuration.
SDM is a more advanced G U I interface with more configuration options available.
Both SDM and SDM Express use G U I-based configuration Wizards to simplify the
configuration of the Cisco devices.
Some of the features that can be configured include: basic configuration, LAN IP configurations,
DHCP, WAN IP configurations and NAT.
Diagram 4, Image
The diagram depicts output in an S S H HyperTerminal window.
Diagram 4 text
The C L I does not provide step-by-step configuration assistance; therefore it requires more
planning and expertise to complete.
The privileged exec, global config and interface modes are all used when configuring a router
using the Cisco I O S C L I.
Context-sensitive help can provide suggestions for completing a command as well as
determining additional command parameters.
Diagram 5, Image
The diagram depicts output in an S S H HyperTerminal window.
Diagram 5 text
The I O S show commands are a fundamental tool for verifying and troubleshooting router
configurations.
The startup configuration file is stored on the device in NV RAM and is loaded into working
memory and begins device operation.
The running configuration is the set of commands that is currently active in the device RAM.
I O S C L I can be used to configure basic router setting including router name, password, and
banners. It can also be used to configure serial and Ethernet interfaces, DHCP, and NAT.
Diagram 6, Image
The diagram depicts a WAN.
Diagram 6 text
A WAN connection is a type of network connection that can send a network signal over long
distances.
There are three types of serial WAN connections: point-to-point, circuit switched and packet
switched. Choosing the correct WAN involves planning and consideration.
Cisco devices can be configured remotely across a WAN connection using Telnet or S S H. S S
H is the preferred method.
Some WAN connections support Ethernet interfaces. Other WAN connections support serial
interfaces.
Diagram 7, Image
The diagram depicts components of a switch.
Diagram 7 text
The key components of a Cisco Catalyst 2960 Series Switch are:
24 10 /100 Ethernet Ports
Port Status L E D's
Mode button
Console port
Dual Purpose 10 /100 /1000 or S F P port
Cisco I O S LAN-based Software Image
The 2960 supports port autonegotiation of duplex and speed.
Diagram 8, Image
The diagram depicts switch configuration information.
Diagram 8 text
When configured with an IP address, interface V LAN 1 allows you to remotely manage the
switch using S S H or other TCP/IP applications such as network management software.
A basic switch configuration includes switch name and encrypted passwords used to access the
switch and the Cisco C L I configuration commands.
Port security limits the number of valid MAC addresses allowed per port and can be configured
statically, dynamically, or dynamic sticky.
5.7 Chapter Quiz
5.7.1 Quiz
Page 1:
5.7.1 - Quiz
Chapter 5 Quiz: Configuring Network Devices
1.When configuring an ISR device using Cisco SDM Express Wizard, what does setting the
Enable Secret Password field accomplish?
a.ensures that authorization must be granted before accessing the Internet.
b.blocks unauthorized users from accessing the LAN.
c.controls access to user executable mode.
d.controls access to privileged mode.
2.When using Cisco SDM, which WAN encapsulation type can be configured to require a
username and password before a connection is granted?
a.high-level data link control (HDLC).
b.frame relay.
c.point-to-point protocol (P P P).
d.A T M P V C.
3.What speed and duplex setting will result on a Catalyst switch if it is set to auto-negotiate
speed and duplex and is connected to a 100 Mbps port on a device that does not support auto-
negotiation?
a.10 half duplex
b.10 full duplex
c.100 half duplex
d.100 full duplex
4.Which method can be used to configure a Cisco Catalyst switch before an IP address has been
applied to the management interface?
a.Cisco I O S C L I using V lan 1.
b.Cisco I O S C L I using console port.
c.Cisco device manager using console port.
d.CiscoView software using V lan 1.
5.What is a secure way that a client can connect to a device in-band for the purpose of remote
monitoring and administration?
a.Telnet
b.HTTP
c.S S H
d.console port
6.Which type of wide area network (WAN) connection uses packet switched networks?
a.I S D N
b.dial-up
c.frame relay
d.point-to-point
7.A small company with two offices in the same building is requesting advice on WAN
connections. Which two questions would give a technician information to base a
recommendation? (Choose two.)
a.What operating system is being used?
b.How much money has the customer budgeted to spend on the WAN connection?
c.What type of e-mail client software is used by the employees?
d.Are the computers laptops or workstations?
e.Are the company web servers located in the building or at the ISP?
8.What is one fundamental difference between Cisco's C L I versus the SDM interface?
a.The SDM interface can be used with both in-band and out-of-band management.
b.The C L I interface can be used with both in-band and out-of-band management.
c.The SDM interface requires a terminal emulation program on the PC.
d.The C L I interface cannot be used over a Telnet connection.
9.Which two statements describe the command history feature? (Choose two.)
a.It requires configuration of a history buffer before it can be used.
b.It displays the most recently entered command strings in the current mode.
c.It saves the output from the most recent show commands.
d.It displays the last five commands that were entered in global configuration mode.
e.It can be accessed by using the up and down arrow keys.
10.Which router mode displays a prompt of Router#?

a.global configuration mode
b.privileged EXEC mode
c.setup mode
d.user EXEC mode
11.In which two cases would out-of-band management of a router be required? (Choose two.)
a.when accessing a customer router from the ISP to monitor the normal operation.
b.to access and configure the router before the IP network is operational.
c.to correct an error that has shutdown the network interfaces on a router.
d.when the NAT translation configuration settings are incorrect.
e.to back up the running configuration on a tftp server.
12.Which two statements describe the result of entering the ip route 0.0.0.0 0.0.0.0 192.168.1.1
command on a router? (Choose two.)
a.The router is not able to reach the 192.168.1.0 network.
b.All packets received by the router are sent to the address 192.168.1.1.
c.The remote network 192.168.1.0 can be reached using any interface.
d.A default static route is added to the routing table.
e.If a route to a destination network is not known, the packet is sent to 192.168.1.1.
13.Identify the category where each command belongs.

Commands
enable
ip address 172.16.1.1 255.255.255.0
show ip route
ping
no shutdown
configure terminal
show interfaces
interface fastethernet 0 /0
Categories
a.Used to change router modes or sub-modes.
b.Used by administrator to verify or monitor router operation.
c.Affects the operation of the network.
14.What is the purpose of assigning an IP address to the interface V LAN 1 on the Cisco switch?
a.to be able to telnet to the switch to manage and configure it.
b.to enable the switch to route between networks.
c.to create a new IP local network on the switch.
d.to permit IP packets to be forwarded by the switch.
15.Match each step of the router bootup process to the correct order of operation.
Operations
locate the I O S
load the bootstrap program
load the I O S
load the configuration file/enter setup mode
locate the configuration file
perform POST
Steps
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
End
6 Routing
6.0.1 Introduction
Page 1:
Small business networks rely on routing to connect their users with the Internet. As these
networks grow, routing becomes an integral piece of the LAN infrastructure as well.
Dynamic routing protocols enable routers to react quickly when links fail, or previously used
routes become unavailable.
Network engineers and technicians select, configure, and troubleshoot routing operation within
the LAN and WAN.

Describe the purpose and function of dynamic routing and the protocols used to implement it.
Configure RIP v2 dynamic routing using the Cisco I O S.
Describe the use of exterior routing protocols across the Internet.
Enable BGP on a customer site router.
6.1 Enabling Routing Protocols
6.1.1 Routing Basics
Page 1:
As the internal network of an organization grows, it may be necessary to break up the network
into multiple smaller networks for security or organizational purposes. This division is often
accomplished by subnetting the network. Subnetting requires a router to pass traffic from one
subnet to another.
To direct messages across networks so that they arrive at the correct destination, a router uses a
table containing all the locally connected networks and the interfaces that are connected to each
network. Each interface belongs to a different IP network.
A router determines which route, or path, to use by looking up the information stored in its
routing table. The routing table also contains information about routes that the router can use to
reach remote networks which are not locally attached.
Routes can be statically assigned to a router by an administrator, or routes can be dynamically

given to the router by another router via a routing protocol.
6.1.1 - Routing Basics
The animation depicts a router using a routing table to decide the best route for a packet.
There are several interconnected routers, which a packet must travel through to get to its
destination. Routing tables at each router along the way are used to forward packets from a local
host on Network 1 to a remote host on Network 3.
Host H1 says, "I want to send a message to H3 on Network 3."

The packet says, "Network 3 is not a directly connected network. I will take my default route!"
Router R6 says, "Network 3 is directly connected to me, so I will deliver the packet."
Page 2:
A router uses a routing table to determine where to send packets. The routing table contains a set
of routes. Each route describes which gateway or interface the router uses to reach a specified
network.
A route has four main components:
• Destination value
• Subnet mask
• Gateway or interface address
• Route cost or metric
When a router receives a packet, the router examines the destination IP address in that packet to
determine where to forward the packet. The router then looks for a matching destination value in
the routing table.
Each destination value within the route table refers to a destination network address. The
destination IP address within a packet, however, consists of both a network address and a host
address. For the router to determine if its table contains a route to the destination network, it
must determine there is a match between the IP network address and one of the destination
values in the routing table. This means the router must determine which bits of the IP address
represent the network and which bits represent the host.
The router looks up the subnet mask assigned to each potential route in the table. The router
applies each subnet mask to the destination IP address in the packet. The resulting network
address is then compared to the network address of the route in the table. If a match is found, the
packet is forwarded out the correct interface or to the appropriate gateway. If the network
address matches more than one route in the routing table, the router uses the route that has the
most specific, or longest, network address match.
Sometimes there is more than one route to the destination network. In this case, routing protocol
rules determine which route the router uses.
If none of the route entries match, the router directs the message to the gateway specified by its
default route, if a default route is configured. Otherwise, the packet is simply dropped.

The diagram depicts a network, and shows the following three processes used to determine the
path a packet takes to get to its destination: applies subnet mask, examines routing table, and
forwards packets.
The following information is used for all processes:
Gateway of last resort is 172.16.3.1 to network 0.0.0.0
S172.17.0.0 /16 [1 /0] via 172.16.3.1

172.16.0.0 /16 is variably subnetted, 4 subnets, 2 masks
S172.16.236.0 /24 -1 /0= via 172.16.3.1
S 172.16.0.0 /16 [1 /0] via 172.16.3.1
C 172.16.1.0 /24 is directly connected, FastEthernet0 /0
172.22.0.0/24 is subnetted, 1 subnets
S 172.22.1.0 [1 /0] via 172.16.1.1
S* 0.0.0.0 /0 [1 /0] via 172.16.3.1
Process 1 - Applies Subnet Mask

Router applies each subnet mask to the destination IP address to find the network address with
the longest match.
172.16.236.101 longest match: 172.16.236.0 255.25.255.0
Process 2 - Examines Routing Table

Router compares the resulting network address to the routing table entries.
S 172.16.236.0 /24 [1 /0] via 172.16.3.1
Process 3 - Forwards Packet

Router sends the packet out the correct interface to reach the next-hop address for the destination
network.
Page 3:
On a Cisco router, the Cisco IOS command show ip route displays the routes in the routing
table. Several types of routes can appear in the routing table.
Directly Connected Routes
When the router powers up, the configured interfaces are enabled. As the interfaces become
operational, the router stores the directly attached, local-network addresses as connected routes
in the routing table. On Cisco routers, these routes are identified in the routing table with the
prefix C. The routes are automatically updated whenever the interface is reconfigured or shut
down.
Static Routes
A network administrator can manually configure a static route to a specific network. A static
route does not change until the administrator manually reconfigures it. These routes are
identified in the routing table with the prefix S.
Dynamically Updated Routes (Dynamic Routes)
Dynamic routes are automatically created and maintained by routing protocols. Routing
protocols exchange routing information with other routers in the network. Dynamically updated
routes are identified in the routing table with the prefix that corresponds to the type of routing
protocol that created the route. For example, R is used for the Routing Information Protocol
(RIP).
Default Route
The default route is a type of static route that specifies the gateway to use when the routing table
does not contain a path for the destination network. It is common for default routes to point to
the next router in the path to the ISP. If a subnet has only one router, that router is automatically
the default gateway, because all network traffic to and from that local network has no option but
to travel through that router.
Routing tables do not contain end-to-end information about the entire path from a source
network to a destination network. They only contain information about the next hop along that
path. The next hop is typically a directly-connected network within the routing table.
In the case of a static route, the next hop could be any IP address, as long as it is reachable by
that router. Eventually the message gets passed to a router that is directly connected to the
destination host and the message is delivered. Routing information between all the intermediate
routers on a path is in the form of network addresses not specific hosts. It is only in the final
router that the destination address in the routing table points specifically to a host computer
rather than a network.

The diagram depicts a command prompt window, displaying the results of the show ip route
command. Some of the key points have been highlighted, as follows.
Gateway of last resort - Gateway of last resort is 192.168.1.2 to network 0.0.0.0
Directly Connected Route - C 172.16.0.0 /16 is directly connected, FastEthernet0
Static Route - S 10.10.10.0 [1 /0] via 192.168.1.2
Dynamically Updated Route - R 192.168.2.0 /24 [120 /1] via 192.168.1.2, 00:00:23. The R
stands for the RIP routing protocol.
Default Route - S * 0.0.0.0 /0 [1 /0] via 192.168.1.2
Page 4:
Configuring Static Routes
Static routes are manually configured by a network administrator. Configuring a static route on a
Cisco router requires these steps:
Step 1. Connect to the router using a console cable.
Step 2. Open a HyperTerminal window to connect with the first router that you want to
configure.
Step 3. Enter privileged mode by typing enable at the R1> prompt. Note how the > symbol
changes to a # to indicate that privilege mode is being used.
R1>enable
R1#
Step 4. Enter global configuration mode.
R1#config terminal
R1(config)#
Step 5. Use the ip route Cisco IOS command to configure the static route, with the following
format.
ip route [destination_network] [subnet_mask] [gateway_address]
or
ip route [destination_network] [subnet_mask] [exit_interface]
For example, to enable router 1 (R1) to reach a host on network 192.168.16.0, the administrator
configures a static route on R1 with the following Cisco IOS command in global configuration
mode:
R1(config)#ip route 192.168.16.0 255.255.255.0 192.168.15.1
or
R1(config)#ip route 192.168.16.0 255.255.255.0 S0/0/0
To enable two-way communication with a host on network 192.168.16.0, the administrator also
configures a static route on router 2 (R2).
Because static routes are configured manually, network administrators must add and delete static
routes to reflect any changes in network topology. On small networks, static routes require very
little maintenance because there are not many possible changes. In a large network, manually
maintaining routing tables could require significant administrative time. For this reason, larger
networks generally use dynamic routing rather than static routes.
The diagram depicts static route configurations.
The network has two hosts separated by routers. The IP route commands are entered on each
router to configure a static route to the opposite LAN using the next hop IP address.
There are two routers on the network, R1 and R2. R1 is connected to R2. The R1 IP is
192.168.15.2. The R2 IP is 192.168.15.1. R1 has one host connected, network: 192.168.14.0. R2
has one host connected, Network: 192.168.16.0.
Router R1
R1 (config) # ip route 192.168.16.0 255.255.255.0 192.168.15.1
Router R2
R2 (config) # ip route 192.168.14.0 255.255.255.0 192.168.15.2
Page 5:
Manually configure and reconfigure static routes.

Link to Packet Tracer Exploration: Configuring Static and Default Routes
6.1.2 Routing Protocols
Page 1:
Routes can change very quickly. Problems with cables and hardware failures can make
destinations unreachable through the designated interface. Routers need to be able to quickly
update routes in a way that does not depend on the administrator to make the changes manually.
Routers use routing protocols to dynamically manage information received from their own
interfaces and from other routers. Routing protocols can also be configured to manage manually
entered routes.
Dynamic routing makes it possible to avoid the time-consuming process of configuring static
routes. Dynamic routing enables routers to react to changes in the network and to adjust their
routing tables accordingly, without the intervention of the network administrator.
A dynamic routing protocol learns all the available routes, places the best routes into the routing
table, and removes routes when they are no longer valid. The method that a routing protocol uses
to determine the best route is called a routing algorithm. There are two main classes of routing
algorithms: distance vector and link state. Each type uses a different method for determining the
best route to a destination network.
Whenever the topology of a network changes because of reconfiguration or failure, the routing
tables in all the routers must also change to reflect an accurate view of the new topology. When
all the routers in a network have updated their tables to reflect the new route, the routers are said
to have converged.
The specific routing algorithm that is being used is a very important factor in dynamic routing.
For two routers to exchange routes, they must be using the same routing protocol and therefore
the same routing algorithm.
6.1.2 - Routing Protocols

The animation depicts the use of routing updates
There are two routers, R1 and R2, each with a network attached (R1, 10.10.1.0, R2: 10.20.1.0).
Each router initially knows about the network that is directly connected to it. After a routing
update, a router learns about the network attached to the other router.
Page 2:
The distance vector routing algorithm periodically passes copies of the routing table from router
to router. These regular updates between routers communicate topology changes.
The distance vector algorithm evaluates the route information it receives from other routers using
two basic criteria:
• Distance - How far away is the network from this router?

• Vector - In which direction should the packet be sent to reach this network?
The distance component of a route is expressed in terms of a route cost, or metric, that can be
based on the following items:
• Number of hops
• Administrative cost
• Bandwidth
• Transmission speed
• Likelihood of delays
• Reliability
The vector, or direction, component of a route is the address of the next hop along the path to the
network named in the route.
An analogy for distance vectors are the highway signs found at intersections. A sign points
toward a destination and indicates the distance that must be traveled to reach that destination.
Further down the highway, another sign points toward the same destination, but now the distance
remaining to that destination is shorter. As long as the distance is shorter, the traffic is on the best
path.

The diagram depicts the use of Distance Vector Routing Protocols
There are two routers, R1 and R2, each with a network attached (R1, 10.20.1.0, R2: 10.30.1.0, E
O). R2 sends R1 a copy of its entire routing table, so it has knowledge of the rest of the network.
R2 says, "Here is a copy of my routing table for you."

R1 says, "Thanks! Now I know Network 10.30.1.0 is a distance of 1 hop away from me in the
direction of R2!"
R2 Routing Table
Network - 10.20.1.0
Gateway - S0
Metric - 0
Network - 10.30.1.0
Gateway - E0
Metric - 0
A street sign in the diagram reads, as follows:
Distance (Metric) - Network 10.30.1.0 1

Vector (Direction) - Use Exit R2
Page 3:
Each router that uses distance vector routing communicates its routing information to its
neighbors. Neighbor routers share a directly connected network. The interface that leads to each
directly connected network has a distance of 0.
Each router receives a routing table from its neighbor routers. For example, R2 receives
information from R1. R2 adds to the metric, in this case the hop count, to show that there is now
one more hop to get to the destination network. Then R2 sends this new routing table to its
neighbors, including R3. This step-by-step process occurs in all directions between neighbor
routers.
Eventually, each router learns about other more-remote networks based on the information that it
receives from its neighbors. Each of the network entries in the routing table has an accumulated
distance vector to show how far away that network is in a given direction.
As the distance vector discovery process continues, routers discover the best path to destination
networks based on the information they receive from each neighbor. The best path is the path
with the shortest distance or smallest metric.
Routing table updates also occur when the topology changes, for example, when a new network
is added or when a router fails, causing a network to become unreachable. As with the network
discovery process, topology change updates proceed step-by-step by sending copies of routing
tables from router to router.

The diagram depicts the use of distance vector routing protocols.
The entire routing table is passed to neighboring routers on the network, so all routers have a
complete list of routes on the network. The caption reads, "Distance vector protocols periodically
pass the entire routing table."
Page 4:

For each of the routers on the network, choose the best path, based on hop count, to the
destination Ethernet network. If directly connected, choose exit interface.
The network consists of six routers, R1, R2, R3, R4, R5, and R6, and
three switches, S1, S2, and S3.
R1 is connected to R2 via serial link (Network: 10.10.2.0).
R1 has S1 attached with three v connected (Network: 10.10.1.0).
R3 has S2 attached with three hosts connected (Network: 10.10.6.0).
R6 has S3 attached with two hosts connected (Network: 10.20.1.0).
R5 is connected to the Internet via serial2.
Page 5:
Lab Activity
Create a network topology diagram based on the output of the show ip route command.

Link to Hands-on Lab: Creating a Network Diagram from Routing Tables
6.1.3 Common Interior Routing Protocols
Page 1:
Routing Information Protocol (RIP) is a distance vector routing protocol that is used in thousands
of networks throughout the world. It was initially specified in RFC 1058.
Characteristics of RIP include:
• Is a distance vector routing protocol

• Uses hop count as the metric for path selection
• Defines a hop count greater than 15 as an unreachable route
• Sends routing table contents every 30 seconds
When a router receives a routing update with a change, it updates its routing table to reflect that
change. If the router learns a new route from another router, it increases the hop count value by
one before adding that route to its own routing table. The router uses the local network address of
the directly connected router that sent the update as the next hop address.
After updating its routing table, the router immediately begins transmitting routing updates to
inform other network routers of the change. These updates, called triggered updates, are sent
independently of the regularly scheduled updates that RIP routers forward.
6.1.3 - Common Interior Routing Protocols
The diagram depicts the use of RIP to obtain routing updates. RIP gathers information from its
routing table, and passes it to each router. The routers then update their routing tables with the
up-to-date information.
The network consists of three routers, R1, R2, and R3.

R1 is connected to R2 via serial link (R1: S0 /0, R2:S0 /0).
R2 is connected to R3 via serial link (R2: S0 /1, R3: S0 /1).
R1 has network 10.1.0.0 attached to F A 0 /0.
R3 has network 10.4.0.0 attached to F A 0 /0.
The serial link between R1 and R2 is Network 10.2.0.0.
The serial link between R2 and R3 is Network 10.3.0.0.
R1 Routing Table
Network - 10.1.0.0
Interface - F A 0 /0
Hop - 0
Network - 10.2.0.0
Interface - S0/0/0
Hop - 0
Network - 10.3.0.0
Interface - S0/0/0
Hop - 1
Network - 10.4.0.0
Interface - S0/0/0
Hop - 2
R2 Routing Table
Network - 10.2.0.0
Interface - S0/0/0
Hop - 0
Network - 10.3.0.0
Interface - S0/0/1
Hop - 0
Network - 10.1.0.0
Interface - S0/0/0
Hop - 1
Network 10.4.0.0
Interface - S0/0/1
Hop - 1
R3 Routing Table
Network - 10.3.0.0
Interface - S0/0/1
Hop - 0
Network 10.4.0.0
Interface - F A 0 /0
Hop - 0
Network 10.2.0.0
Interface S0/0/1
Hop - 1
Network 10.1.0.0
Interface S0/0/1
Hop - 2
Page 2:
Routing Information Protocol (RIP)
RIP is simple and easy to implement. These advantages make RIP a widely used and popular
routing protocol.
RIP has several disadvantages:
• Allows a maximum of 15 hops, so it can only be used for networks that connect no more
than 16 routers in a series.
• Periodically sends complete copies of the entire routing table to directly connected
neighbors. In a large network, this can cause a significant amount of network traffic each
time there is an update.
• Converges slowly on larger networks when the network changes.
There are currently two versions of RIP available: RIPv1 and RIPv2. RIPv2 has many
advantages over RIPv1 and is usually used unless the equipment cannot support RIPv2. The
most significant difference between RIP versions 1 and 2 is that RIPv2 can support classless
routing, because it includes the subnet mask information in routing updates. RIPv1 does not send
subnet mask information in the updates; therefore, it must rely on the classful default subnet
masks.

The diagram depicts the disadvantages associated with RIP, which are as follows:
15 Hops - No more than 15 hops!
Routing Table Updates - All routers periodically send their complete routing tables to their
directly connected neighbors.
Slow Convergence - Slow to converge in large networks.
Page 3:
Enhanced Interior Gateway Routing Protocol (EIGRP)
EIGRP is a Cisco-proprietary, enhanced distance vector routing protocol. EIGRP was developed
to address some of the limitations of other distance vector routing protocols, such as RIP. These
limitations include the use of the hop count metric and the maximum network size of 15 hops.
EIGRP uses a number of metrics, including a configured bandwidth value and the delay
encountered when a packet travels a particular route.
The characteristics of EIGRP are:
• Uses a variety of metrics to calculate the cost of a route

• Combines the next hop and metric features of distance vector protocols with additional
database and update features
• Has a maximum hop count of 224 hops
Unlike RIP, EIGRP does not rely only on the routing table in the router to hold all the
information it needs to operate. EIGRP creates two additional database tables: the neighbor table
and the topology table.
The neighbor table stores data about the neighboring routers that are on directly connected local
networks. This neighbor table includes information such as the interface IP addresses, interface
type, and bandwidth.
EIGRP builds the topology table from each of the advertisements of its neighbors. The topology
table contains all the routes advertised by the neighbor routers. EIGRP depends on a routing
algorithm called Diffused Update Algorithm (DUAL) to calculate the shortest path to a
destination within a network and to install this route into the routing table. The topology table
enables a router running EIGRP to find the best alternate path quickly when a network change
occurs. If no alternate route exists in the topology table, EIGRP queries its neighbors to find a
new path to the destination.
Unlike RIP, which is limited to small simple networks of less than 15 hops, EIGRP is ideal for
larger, more complex networks up to 224 hops in size that require fast convergence.

The diagram depicts the use of EIGRP to obtain routing updates. EIGRP only updates when a
router is initially added or when there is topology change to the network.
The exchange between the routers is as follows:
One.Hello packet from R1 to R2, "This is R1, who is on the link?"

Two.Update packet from R2 to R1, "I am on the link. Here is my routing information."
Three.Ack packet from R1 to R2, "Thank you for the routing information."
Four.Update packet from R1 to R2,"Here is my routing information."
Five.Ack packet from R2 to R1, "Thank you for the routing information."
Six.Converged
The caption reads, "After the initial exchange, routing updates are only sent when a route metric
changes."
Page 4:
Link-state Protocol
Routers that use the distance vector routing algorithm have little information about distant
networks and none about distant routers. The link-state routing algorithm maintains a full
database of distant routers and how they interconnect.
Link-state routing uses the following features:
• Routing table - List of the known paths and interfaces.

• Link-state advertisement (LSA) - Small packet of routing information that is sent
between routers. LSAs describe the state of the interfaces (links) of a router and other
information, such as the IP address of each link.
• Topological database - Collection of information gathered from all the LSAs received by
the router.
• Shortest Path First (SPF) algorithm - Calculation performed on the database that results
in the SPF tree. The SPF tree is a map of the network as seen from the point of view of
the router. The information in this tree is used to build the routing table.
When LSAs are received from other routers, the SPF algorithm analyzes the information in the
database to construct the SPF tree. Based on the SPF tree, the SPF algorithm then calculates the
shortest paths to other networks. Each time a new LSA packet causes a change to the link-state
database, SPF recalculates the best paths and updates the routing table.

The animation depicts the use of link-state routing protocols. There are three routers. Each router
maintains its own link-state database. A network on one of the routers goes down. The router
passes link-state updates to the other routers. The caption reads, "Link-State protocols pass
updates when a links state changes."
Page 5:
OSPF
Open Shortest Path First (OSPF) is a non-proprietary, link-state routing protocol described in
RFC 2328. The characteristics of OSPF are:
• Uses the SPF algorithm to calculate the lowest cost to a destination

• Sends routing updates only when the topology changes; does not send periodic updates of
the entire routing table
• Provides fast convergence
• Supports Variable Length Subnet Mask (VLSM) and discontiguous subnets
• Provides route authentication
In OSPF networks, routers send link-state advertisements to each other when a change occurs,
for example, when a new neighbor is added, or when a link fails or is restored.
If the network topology changes, the routers affected by the change send update LSAs to the rest
of the network. All routers update their topology databases accordingly, regenerate their SPF
trees to find new shortest paths to each network, and update their routing tables with the changed
routes.
OSPF requires more router resources, such as RAM and CPU processing power, and is an
advanced networking protocol that requires an experienced support staff.

The diagram depicts the use of the SPF algorithm, which is applied when O S P F is the routing
protocol used.
There are three O S P F routers that receive the L S A and update the link-state database. They
then perform the Shortest Path First (SPF) algorithm to create the SPF Tree. The best routes are
then installed in the routing table. The caption reads, "O S P F Uses Dijkstras SPF Algorithm."
6.1.4 Routing Within an Organization
Page 1:
Each routing protocol uses different metrics. The metric used by one routing protocol is not
comparable to the metric used by another routing protocol. Two routing protocols might choose
different paths to the same destination because they use different metrics. For example, RIP
chooses the path with the fewest number of hops, whereas EIGRP chooses the path based on the
highest bandwidth and least delay.
Metrics used in IP routing protocols include:

• Hop count - Number of routers a packet must traverse.
• Bandwidth - Bandwidth of a specific link.
• Load - Traffic utilization of a specific link.
• Delay - Time a packet takes to traverse a path.
• Reliability -- Probability of a link failure, based on the interface error count or previous
link failures.
• Cost - Determined by either the Cisco IOS application or the network administrator to
indicate preference for a route. Cost can represent a metric, a combination of metrics, or a
policy.
It is possible to have more than one routing protocol enabled on a single router. Additionally, a
network administrator may choose to configure static routes to a specific destination. If a router
has two different paths to a destination based on two different routing protocols and their
metrics, how does the router know which path to use?
The router uses what is known as the administrative distance (AD). The AD represents the
"trustworthiness" of the route. The lower the AD, the more the trustworthy the route. For
example, a static route has an AD of 1, whereas a RIP-discovered route has an AD of 120. Given
two separate routes to the same destination, the router chooses the route with the lowest AD.
When a router has the choice of a static route and a RIP route, the static route takes precedence.
Additionally, a directly connected route with an AD of 0 takes precedence over a static route
with an AD of 1.
6.1.4 - Routing within an Organization

The diagram depicts a table with various route sources, their administrative distances, and the
default metrics used.
Route Source: Connected

Administrative Distance: 0
Default Metric: 0
Route Source: Static

Default Metric: 0
Route Source: E I G R P Summary Route

Default Metric: N/A
Route Source: External BGP

Default Metric: Value assigned by Admin
Route Source: Internal EIGRP

Default Metric: Bandwidth, Delay
Route Source: IGRP
Default Metric: Bandwidth, Delay
Route Source: OSPF

Default Metric: Link cost (Bandwidth)
Route Source: IS-IS

Default Metric: Link cost (Value assigned by admin)
Route Source: Internal RIP

Default Metric: Hop count
Route Source: External EIGRP

Default Metric: N/A
Route Source: Internal BGP

Default Metric: Value assigned by Admin
Page 2:
Sometimes it is necessary to use multiple routing protocols, for example, when merging two pre-
existing networks. However, when initially designing a network, it is recommended that only one
routing protocol be enabled for the entire network. Having one protocol makes it easier to
support and troubleshoot the network. Deciding which type of routing protocol to select can be
difficult even for expert network designers.
Small networks with only one gateway to the Internet can probably use static routes. Such a
topology rarely needs dynamic routing.
As an organization grows and adds routers to its network topology, RIPv2 can be used. It is easy
to configure and works well in small networks. When a network begins to exceed 15 routers, RIP
is no longer a good choice.
For larger networks, EIGRP and OSPF are commonly used, but there is no simple principle that
makes it obvious to choose one over the other. Each network has to be considered independently.
The three main criteria to consider are:
• Ease of management - What information does the protocol keep about itself? Which
show commands are available?
• Ease of configuration - How many commands does the average configuration require? Is
it possible to configure several routers in the network with the same configuration?
• Efficiency - How much bandwidth does the routing protocol use while it is in a steady
state, and how much could it use when converging in response to a major network event?
6.1.4 - Routing within an Organization

The diagram depicts several types of organizations, ranging from a small organization to a global
enterprise, and some characteristics of routing protocols that may be used.
Small Organization - Small offices may not use routing at all. An Internet connection may be all
the routing that takes place.
Small to Medium Organization - For a small to medium sized business, static routing may be
used. In this example a Linksys router and a Cisco 1841 Series I S R have a static route
configured between them.
Medium Organization - In a medium business similar to the one show here, RIP v2 and some
static routing are good options.
Large Organization - Large businesses may switch over to EIGRP or OSPF.
Very Large Organization - Very large businesses with multi-vendor equipment use OSPF.
EIGRP is a proprietary Cisco Protocol.
Global Enterprise - World class enterprises may find that they adopt a routing solution similar to
that used by an ISP.
6.1.5 Configuring and Verifying RIP
Page 1:
RIP is a popular distance vector protocol supported by most routers. It is an appropriate choice
for small networks containing multiple routers. Before configuring RIP on a router, think about
the networks a router serves, and the interfaces on the router that connect to these networks.
The figure shows three routers. Each router serves a separate private local network, so there are
three LANs. The routers are also connected by separate networks, so there are a total of six
networks shown.
With this topology, R1 does not automatically know how to reach the 10.0.0.0/8 network, or the
192.168.4.0/24 network. R1 is only able to reach those networks after RIP routing is properly
configured. Once RIP routing is configured, R2 and R3 will forward routing updates to R1
containing information on the availability of the 10.0.0.0/8 and 192.168.4.0/24 networks.
Before configuring RIP, assign an IP address and enable all the physical interfaces that will
participate in routing.
For the most basic RIPv2 configuration, there are three commands to remember:
Router(config)#router rip
Router (config-router)#version 2
Router(config-router)#network [network_number]
Enter the router rip command in global configuration mode to enable RIP on the router. Enter
the network command from router configuration mode to tell the router which networks are part
of the RIP routing process. The routing process associates specific interfaces with the network
numbers specified, and begins to send and receive RIP updates on these interfaces.
6.1.5 - Configuring and Verifying RIP

The diagram depicts five steps required to configure RIP on a router.
Three routers, R1, R2, and R3, are interconnected. Each router has a local network attached.
R1 is connected to R2 via Ethernet link (Network: 192.168.0.0 /24).
R1 is connected to R3 via Serial link (network: 192.168.1.0 /24).
R1 has network 172.16.0.0 /16 attached with two Hosts connected to a switch.
R3 is connected to R2 via Serial link (network: 192.168.2.0 /24).
R2 has network 192.168.4.0 /24 attached with two Hosts connected to a switch.
R3 has network 10.0.0.0 /8 attached with two Servers connected to a Switch.
R1 is directly connected to 172.16.0.0 /16, 192.168.1.0 /24 and 192.168.0.0 /24 networks. It does
not have any information about networks 10.0.0.0 or 192.168.4.0.
R2 directly connected to 192.168.0.0 /24, 192.168.2.0 /24, and 192.168.4.0 /24. It does not have
any information about networks 10.0.0.0 or 172.16.0.0.
Step 1 - Configure the Serial Interface Address

R1 has three interfaces to configure. Serial 0/0/0 links to R3. Fastethernet 0/0 links to R2.
Fastethernet0 /1 links to the 172.16.0.0 /16 production network. Configure Serial 0/0/0 first.
The following are the commands required to configure the serial interface address.
R1> enable
R1 # configure terminal
R1 (config) # interface serial0/0/0
R1 (config-if) # I p address 192.168.1.2 255.255.255.0
Step 2 - Configure the Fast Ethernet Interface
For each of the three interfaces, assign a previously unused IP address from the network that the
interface connects to. Fastethernet 0 /0 points to R2 and is on the 192.168.0.0/24 network. Assign
this interface the first useable IP address from that network.
The following are the commands required to configure the Fastethernet Interface
R1 (config-if) # interface fastethernet 0 /0

R1 (config-if) # ip address 192.168.0.1 255.255.255.0
Step 3 - Configure the last Interface on R1

The following are the commands required to configure the Fastethernet 0/1 interface.
R1 (config-if) # interface fastethernet 0 /1

R1 (config-if) # Ip address 172.16.245.254 255.255.0.0
Step 4 - Implement RIP

Specify RIP version 2 and tell the router which networks it can advertise. Use the network
command for each directly connected network. R1 connects to three networks, so those networks
are entered here.
The following are the commands required to implement rip on the router.
R1 (config) # router rip

R1 (config-router) # version 2
R1 (config-router) # network 192.168.1.0
R1 (config-router) # exit
Step 5 - Complete the Configuration of Routers R2 and R3

The following are the RIP command sequences for the remaining two routers, R2 and R3.
R2 RIP command sequence

R3 RIP command sequence

Page 2:
After a configuration is done, it is a good idea to compare the running configuration with an
accurate topology diagram to verify the network numbers and interface IP addresses. This is
good practice because it is easy to make a simple data entry error.
There are several ways to verify that RIP is functioning properly in the network. One way to
verify that routing is working properly is to ping devices on remote networks. If the ping is
successful, it is likely that routing is working.
Another method is to run the IP routing verification commands show ip protocols and show ip
route at the CLI prompt.
The show ip protocols command verifies that RIP routing is configured, that the correct
interfaces are sending and receiving RIP updates, and that the router is advertising the correct
networks.
The show ip route command shows the routing table, which verifies that routes received by RIP
neighbors are installed in the routing table.
The debug ip rip command can be used to observe the networks advertised in the routing
updates as they are sent and received. Debug commands display router activity in real time.
Because debug activity uses router processor resources, debugging should be used with care in a
production network, because it can affect network operation.

The diagram depicts output for the following commands used in troubleshooting: show ip route,
show ip protocols, and debug ip rip commands. Output from these commands is found in the
Hands-on Lab: Configuring and Verifying RIP.
Page 3:
Configure and verify RIP.

Link to Packet Tracer Exploration: Configuring RIP
Page 4:
Lab Activity
Configure and verify RIP.

Link to Hands-on Lab: Configuring and Verifying RIP
6.2 Exterior Routing Protocols
6.2.1 Autonomous Systems
Page 1:
The Internet routing architecture has evolved over the years into a distributed system of
interconnected networks. The Internet is now so vast and involves so many networks that it is
impossible for a single organization to manage all the routing information needed to reach every
destination around the world.
Instead, the Internet is divided up into collections of networks called Autonomous Systems (AS),
which are independently controlled by different organizations and companies.
An AS is a set of networks controlled by a single administrative authority using the same internal
routing policy throughout. Each AS is identified by a unique AS number (ASN). ASNs are
controlled and registered on the Internet.
The most common example of an AS is the ISP. Most businesses connect to the Internet through
an ISP, and so become part of the routing domain of that ISP. The AS is administered by the ISP
and, therefore, not only includes its own network routes but also manages the routes to all the
business and other customer networks that are connected to it.
6.2.1 - Autonomous Systems
The diagram depicts an autonomous system. A cloud with six interconnected routers inside. The
caption reads, "Autonomous System = Networks under a single administration."
Page 2:
The same ASN applies to all network devices within the AS routing domain.
ISP A is an AS whose routing domain includes a local business that directly connects to that ISP
for Internet access. The business does not have a separate ASN. Instead, it uses the ASN of ISP
A (ASN 100) in its routing information.
Also shown is a large global business with corporate offices located in Hong Kong and New
York. Because they are located in different countries, each office connects to a different local
ISP for Internet access. This means that the business is connected to two ISPs. Which AS does it
belong to and which ASN does it use?
Because the company communicates through both ISP B and ISP C, this causes routing
confusion in terms of connectivity. Traffic from the internet does not know which AS to use to
reach the large global business. To solve the problem, the business registers as an AS in its own
right and is assigned an ASN of 400.

The diagram depicts the interconnection of autonomous systems. There are four clouds, Cloud1
through Cloud4, each with a network inside. Cloud1 contains ISP A (A S 100). Cloud2 contains
ISP B (A S 200). Cloud3 contains I S P C (A S 300). Cloud4 contains a large global business (A
S 400). Gateway routers on the edge of each cloud are interconnected.
Page 3:

The diagram depicts an activity in which you must determine what type of autonomous system
number each of the networks described below require. The options are shared, meaning the
network uses the A S N of the ISP, or private, meaning the network uses a private A S number.
One.A home business connects to Internet through ISP.

Two.A large business with offices in multiple countries connects to local ISP's.
Three.A medium business has connectivity to the Internet provided by two ISP's.
Four.A large business in New York with two connections to the same ISP.
Five.A small ISP has one connection to the Internet through a large international ISP.
6.2.2 Routing Across the Internet

Page 1:
Interior Gateway Protocols (IGPs) are used to exchange routing information within an AS or
individual organization. The purpose of an interior routing protocol is to find the best path
through the internal network. IGPs run on the routers inside an organization. Examples of IGPs
are RIP, EIGRP, and OSPF.
By contrast, exterior gateway protocols (EGPs) are designed to exchange routing information
between different autonomous systems. Because each AS is managed by a different
administration and may use different interior protocols, networks must use a protocol that can
communicate between diverse systems. The EGP serves as a translator for ensuring that external
routing information gets successfully interpreted inside each AS network.
EGPs run on the exterior routers. These are the routers that are located at the border of an AS.
Exterior routers are also called border gateways, or boundary routers.
Unlike interior routers, which exchange individual routes with each other using IGPs, exterior
routers exchange information about how to reach various networks using exterior protocols.
Exterior routing protocols seek to find the best path through the Internet as a sequence of
autonomous systems.
The most common exterior routing protocol on the Internet today is Border Gateway Protocol
(BGP). It is estimated that 95% of autonomous systems use BGP. The most current version of
BGP is version 4 (BGP-4), for which the latest description is provided in RFC 4271.
6.2.2 - Routing Across the Internet

The diagram depicts the interconnection of networks using Border Gateway Protocol (BGP).
There are three clouds, 1, 2, and 3, each with a network. There are three exterior gateway routers
running the exterior gateway protocol - BGP, which connects each of the clouds internal
networks to the outside via another A S. Each of the exterior routers has one or more internal
routers connected. The Cloud1 (A S 100) internal routers are running Interior gateway protocol -
OSPF. The Cloud1 exterior gateway router connects to Cloud3 (A S 300). The Cloud2 (A S 200)
internal router is running interior gateway protocol - EIGRP. The Cloud2 exterior gateway router
connects to Cloud1 (AS 100). The Cloud3 (A S 300) internal router is running interior gateway
protocol - RIP. The Cloud3 exterior gateway router connects to Cloud1 (A S 100).
Page 2:
Each AS is responsible for informing other autonomous systems about which networks they can
reach through that AS. Autonomous systems exchange this reachability information with each
other through exterior routing protocols that run on dedicated routers called border gateways.
Packets are routed across the Internet in several steps.
1. The source host sends a packet destined for a remote host located in another AS.
2. Because the destination IP address of the packet is not a local network, the interior routers
keep passing the packet along their default routes, until eventually it arrives at an exterior router
at the edge of the local AS.
3. The exterior router maintains a database for all the autonomous systems with which it
connects. This reachability database tells the router that the path to the destination network
passes through several autonomous systems, and that the next hop on the path is through a
directly connected exterior router on a neighboring AS.
4. The exterior router directs the packet to its next hop on the path, which is the exterior router at
the neighboring AS.
5. The packet arrives at the neighboring AS, where the exterior router checks its own reachability
database and forwards the packet to the next AS on the path.
6. The process is repeated at each AS until the exterior router at the destination AS recognizes
the destination IP address of the packet as an internal network in that AS.
7. The final exterior router then directs the packet to the next hop interior router listed in its
routing table. From then on, the packet is treated just like any local packet and is directed
through interior routing protocols through a series of internal next hops until it arrives at the
destination host.
6.2.2 - Routing Across the Internet

The diagram depicts packets being routed over the Internet.
Four clouds, 1 - 4, each have a network. There are four exterior gateway routers, one on each
cloud, which connect to an internal router. Cloud1 has a switch with one host attached (A S 100).
Cloud2 has a router connected to a switch with one host attached (A S 200). Cloud3 has a router
connected to a switch with one host attached (A S 300). Cloud4 has four interconnected routers,
two each with a switch and host attached (A S 400).
The source host on Cloud2 (A S 200) with IP address 172.23.16.8 is sending data to a host on
Cloud4 (A S 400) with the IP address 192.168.32.1. The following are the seven required steps.
Step 1 - The source host in A S 200 sends a packet destined for 192.168.32.1.
Step 2 - Since the packets destination IP address is not a local network, the interior routers keep
passing the packet to their default routes, until eventually it arrives at a border gateway at the
edge of the A S 200.
Step 3 - The border gateway maintains a reachability database for all the A S's with which it
connects. This database tells the border gateway that the 192.168.32.0 network is located within
A S 400.
Step 4 - The border gateway directs the packet to its next hop on the path, which is the border
gateway at A S 400.
Step 5 - The packet arrives at the A S 400 border gateway, which recognizes the packets
destination IP as an internal network in A S 400. The border gateway then directs the packet to
the next hop interior router listed in its routing table.
Step 6 - From then on, the packet is treated just like any local packet and is directed through
interior routing protocols through a series of next hops towards the destination network.
Step 7 - The packet arrives at a router that is directly connected to network 192.168.32.0 and is
successfully forwarded to the destination host 192.168.32.1.
6.2.3 Exterior Routing Protocols and the ISP
Page 1:
EGPs provide many useful features for ISPs. Exterior protocols allow traffic to be routed across
the Internet to remote destinations. They also provide the method by which ISPs can set and
enforce policies and local preferences so that the traffic flow through the ISP is efficient and that
none of the internal routes are overloaded with transit traffic.
Business customers insist on reliability for their Internet service. ISPs must make sure that the
Internet connection for those customers is always available. They do this by providing backup
routes and routers in case the regular route fails. During normal conditions, the ISP advertises the
regular route to other autonomous systems. If that regular route fails, the ISP sends an exterior
protocol update message to advertise the backup route instead.
6.2.3 - Exterior Routing Protocols and the ISP

The diagram depicts the use of exterior routing protocols.
A cloud representing ISP A (A S 100) has six interconnected routers, all running OSPF. There
are three gateway routers all running BGP, each with a business customer attached. Business
Customer 1 is running RIP, Business Customer 2 is running EIGRP, and Business Customer 3
has a private intranet. With multiple interconnected internal routers, ISP A (A S 100) can provide
backup routes for its customers in case a regular route fails.
Page 2:
The flow of messages in the Internet is called traffic. Internet traffic can be categorized in one of
two ways:
• Local traffic - Traffic carried within an AS that either originated in that same AS, or is
intended to be delivered within that AS. This is like local traffic on a street.
• Transit traffic - Traffic that was generated outside that AS and can travel through the
internal AS network to be delivered to destinations outside the AS. This is like through
traffic on a street.
The flow of traffic between autonomous systems is carefully controlled. It is important to be able
to limit or even prohibit certain types of messages from going to or from an AS for security
reasons or to prevent overloading.
Many autonomous systems network administrators choose not to carry transit traffic. Transit
traffic can cause routers to overload and fail if those routers do not have the capacity to handle
large amounts of traffic.
6.2.3 - Exterior Routing Protocols and the I S P

The diagram depicts the use of policies for determining if an A S can be used for transit traffic.
There are six interconnected routers. The Gateway Router from A S 100 connects to Gateway
Router1 for A S 200 and to Gateway Router1 for A S 300. The second A S 200 and A S 300
gateway routers connect to the gateway router for A S 400.
A S100 Router says, "My Administrator has set a policy to always go through A S 300 to reach
A S 400."
A S200 Router1 says, " My Administrator has set a policy to block all transit traffic."
Packets from A S 100 to a destination host within A S 200 will be allowed, but traffic destined
for an A S other than A S 200 will be blocked.
6.2.4 Configuring and Verifying BGP
Page 1:
When an ISP puts a router at a customer location, they usually configure it with a default static
route to the ISP. Sometimes, an ISP may want the router to be included in its AS and to
participate in BGP. In these instances, it is necessary to configure the customer premise router
with the commands necessary to enable BGP.
The first step in enabling BGP on a router is to configure the AS number. This step is done with
the command:
router bgp [AS_number]

The next step is to identify the ISP router that is the BGP neighbor with which the customer
premises equipment (CPE) router exchanges information. The command to identify the neighbor
router is:
neighbor [IP_address] remote-as [AS_number]
When an ISP customer has its own registered IP address block, it may want the routes to some of
its internal networks to be known on the Internet. To use BGP to advertise an internal route, the
network address needs to be identified. The format of the command is:
network [network_address]
When the CPE is installed and the routing protocols are configured, the customer has both local
and Internet connectivity. Now the customer is able to fully participate in other services that the
ISP offers.
The IP addresses used for BGP are normally registered, routable addresses that identify unique
organizations. In very large organizations, private addresses may be used in the BGP process. On
the Internet, BGP should never be used to advertise a private network address.
6.2.4 - Configuring and Verifying BGP

The diagram depicts the commands necessary to configure BGP on a customer router.
There are two routers, SP1 and C1. ISP Router SP1 is connected to Business Customer router C1
via (SP1: S0/0/0: 1 0.1 0.10.10). C1 has network 172.19.0.0 attached. The commands required on
C1 to advertise the customer network via BGP are as follows:
C1> enable
C1 # configure terminal
C1 (config) # router bgp 100
C1 (config-router) # neighbor 1 0.1 0.10.10 remote-a s 100
C1 (config-router) # network 172.19.0.0
C1 (config-router) # end
C1 #
Page 2:
Lab Activity
Configure BGP on the external gateway router.

6.2.4 - Configuring and Verifying BGP

Link to Hands-on Lab: Configuring BGP with Default Routing
6.3 Chapter Summary
6.3.1 Summary
Page 1:
6.3.1 - Summary
Diagram 1, Image
The diagram depicts the use of routing tables.
Diagram 1 text
Routing is used to forward messages to the correct destination.
Routing can be dynamic or static.
Dynamic routing requires the use of routing protocols to exchange route information between
routers.
Examples of dynamic routing include: distance vector routing protocols, and link state routing
protocols.
Diagram 2, Image
The diagram depicts a routing on a network.
Diagram 2 text
Distance vector routing protocols calculate the direction and distance to any network. Routing
tables and updates are sent periodically to neighbors.
Link state protocols update nodes with information on the state of the link. These routing
protocols reduce routing loops and network traffic.
Choose the routing protocol for an organization based on ease of management, ease of
configuration, and efficiency.
Diagram 3, Image
The diagram depicts interconnection between autonomous systems.
Diagram 3 text
The Internet is divided up into collections of networks called autonomous systems.
Within an autonomous system, interior gateway routing protocols are used, such as RIP, E I G R
P and O S P F.
Between autonomous systems, exterior gateway routing functions are required. Exterior Gateway
Protocols (EGP's) run on exterior routers, or border gateways, that are located at the border of an
AS. The most common EGP is Border Gateway Protocol (BGP).
Diagram 4, Image
The diagram depicts an ISP using an exterior protocol.
Diagram 4 text
BGP functions like a distance-vector protocol. From this database, direction and distance to a
destination network are determined.
Exterior protocols enable traffic to be routed across the Internet to remote destinations.
Exterior protocols provide the method by which ISP's can set and enforce policies and local
preferences for traffic flow efficiency.
6.4 Chapter Quiz
6.4.1 Quiz
Page 1:
6.4.1 - Quiz
Chapter 6 Quiz: Routing
1.Which two are characteristics of interior routers? (Choose two.)

a.use BGP routing protocols
b.use IGP routing protocols
c.known as border gateways
d.exchange local routes
e.route between autonomous systems
2.What two methods are used to allow remote networks to be added to a routing table? (Choose
two.)
a.entered by an administrator
b.learned through a routing protocol
c.exported from the MAC address table
d.imported from Flash memory on the router
e.learned through address translation
f.learned by NIC's broadcasting their network number
3.Where does the router get information about the best path to send a packet destined for a host
located on a remote network?
a.from the I O S stored in Flash memory
b.from the routing table stored in RAM
c.from the configuration file stored in RAM
d.from the IP packet being transmitted
4.What two statements are true about transit traffic? (Choose two.)
a.All ISP's must allow transit traffic.
b.Transit traffic can overload an Internet router.
c.Transit traffic is destined for a network contained within the same A S.
d.ISP's cannot allow transit traffic from one A S to another.
e.Transit traffic travels through an A S to reach a remote A S.
5.A customer router is configured to use BGP to exchange routes with a directly connected
neighbor router. What is identified by the remote A S number in the command neighbor
209.165.201.1 remote-a s 200?
a.the local router A S number
b.the directly connected router A S number
c.the number of hops to the remote A S
d.the transit A S to use to get to the neighbor
6.Match the term to its definition.

Terms
AS
ASN
ISP
IGP
EGP
Definitions
a.an example is BGP
b.a provider of Internet access
c.examples include RIP, EIGRP, and OSPF
d.a group of networks administered by a single entity
e.a registered number that identifies a particular set of networks
7.A new network is to be configured on a router. Which of the following tasks must be
completed to configure this interface and implement dynamic IP routing for the new network?
(Choose three.)
a.Select the routing protocol to be configured.
b.Assign an IP address and subnet mask to the interface.
c.Update the ip host configuration information with the device name and new interface IP
address.
d.Configure the routing protocol with the new network IP address.
e.Configure the routing protocol with the new interface IP address and subnet mask.
f.Configure the routing protocol in use on all other enterprise routers with the new network
information.
8.What is the purpose of the network command used in the configuration of the RIP routing
protocol?
a.It specifies RIP v2 as the routing protocol.
b.It enables the use of VLSM.
c.It specifies the fastest path to the destination route.
d.It specifies which interfaces will exchange RIP routing updates.
e.It activates RIP for all routes that exist within the enterprise network.
9.To ensure proper routing in a network, the network administrator should always check the
router configuration to verify that appropriate routes are available. The commands on the top will
allow the network administrator to view the router configuration for the information needed.
Match each command to its result.
Commands
a.debug ip rip
b.show ip protocols
c.show running-config
d.show ip route
e.show interfaces
Results
a.displays current configuration information for configured routing protocols and interfaces
b.checks to see that the interfaces are up and operational
c.displays the networks advertised in the updates as the updates are sent and received
d.verifies the routing protocol process running and that the correct networks are advertised
e.verifies that routes received are installed in the routing table
10.A network engineer is configuring a new router. The interfaces have been configured with IP
addresses but no routing protocols or static routes have been configured yet. What routes are
present in the routing table?
a.default routes
b.broadcast routes
c.direct connections
d.No routes. The routing table is empty.
11.Which of the following tasks are completed by routing protocols? (Choose three.)
a.learning the available routes to all destinations
b.providing an addressing scheme for identifying networks
c.informing LAN hosts of new default gateway addresses
d.placing the best route in the routing table
e.removing routes from the routing table when they are no longer valid
f.carrying user data to the destination network
12.Which network devices are used in the Internet to route traffic between autonomous systems?
a.border gateway routers
b.interior routers
c.Internet hosts
d.service provider switches
13.Which is an example of a routing protocol used to exchange information between autonomous

systems?
a.OSPF
b.BGP
c.EIGRP
d.RIP
End
Search | Glossary
Course Index:
7 ISP Services
7.0.1 Introduction
Page 1:
An ISP offers many network services to its customers.
Often it is necessary for the ISP help desk technician and network support technician to help
customers resolve issues with these services.
In order to do this, it is necessary to know the underlying protocols and functions of the services
that the ISP provides.

Describe the network services provided by an ISP.
Describe the protocols that support the network services provided by an ISP.
Describe the purpose, function, and hierarchical nature of the Domain Name System (DNS).
Describe and enable common services and their protocols.
7.1 Introducing ISP Services
7.1.1 Customer Requirements
Page 1:
After the connection is made to the ISP, the business or customer must decide which services
they need from the ISP.
ISPs serve several markets. Individuals in homes make up the consumer market. Large,
multinational companies make up the enterprise market. In between are smaller markets, such as
small- to medium-sized businesses, or larger nonprofit organizations. Each of these customers
have different service requirements.
Escalating customer expectations and increasingly competitive markets are forcing ISPs to offer
new services. These services enable the ISPs to increase revenue and to differentiate themselves
from their competitors.
Email, web hosting, media streaming, IP telephony, and file transfer are important services that
ISPs can provide to all customers. These services are critical for the ISP consumer market and
for the small- to medium-sized business that does not have the expertise to maintain their own
services.
7.1.1 - Customer Requirements

The diagram depicts some of the services of an ISP, which include a file server farm, web server
farm, and email server farm. The ISP router is connected to the Internet that has multiple home
and business networks connected.
Page 2:
Many organizations, both large and small, find it expensive to keep up with new technologies, or
they simply prefer to devote resources to other parts of the business. ISPs offer managed services
that enable these organizations to have access to the leading network technologies and
applications without having to make large investments in equipment and support.
When a company subscribes to a managed service, the service provider manages the network
equipment and applications according to the terms of a service level agreement (SLA). Some
managed services are also hosted, meaning that the service provider hosts the applications in its
facility instead of at the customer site.
The following are three scenarios that describe different ISP customer relationships:
• Scenario 1 - The customer owns and manages all their own network equipment and
services. These customers only need reliable Internet connectivity from the ISP.
• Scenario 2 - The ISP provides Internet connectivity. The ISP also owns and manages the
network connecting equipment installed at the customer site. ISP responsibilities include
setting up, maintaining, and administering the equipment for the customer. The customer
is responsible for monitoring the status of the network and the applications, and receives
regular reports on the performance of the network.
• Scenario 3 - The customer owns the network equipment, but the applications that the
business relies on are hosted by the ISP. The actual servers that run the applications are
located at the ISP facility. These servers may be owned by the customer or the ISP,
although the ISP maintains both the servers and the applications. Servers are normally
kept in server farms in the ISP network operations center (NOC), and are connected to
the ISP network with a high-speed switch.
7.1.1 - Customer Requirements

The diagram depicts three scenarios of networks that use the services of an ISP, which include a
file server farm, web server farm, email server farm, and co-located servers.
The I S P router is connected to the Internet that has multiple home and business networks
connected. The home and business networks are dependent on the I S P; some require all
services, and some only require the high-speed Internet connection that the ISP offers.
One.The first scenario shows a business that maintains all its servers on the premises and relies
on the ISP for high-speed connection.
Two.The second scenario shows a home network that relies on the ISP for all its services.
Three.The third scenario shows another business that maintains its co-located servers at the ISP,
and relies on the ISP for high speed connection.
7.1.2 Reliability and Availability
Page 1:
Creating new services can be challenging. Not only must ISPs understand what their customers
want, but they must have the ability and the resources to provide those services. As business and
Internet applications become more complex, an increasing number of ISP customers rely on the
services provided or managed by the ISP.
ISPs provide services to customers for a fee and guarantee a level of service in the SLA. To meet
customer expectations, the service offerings have to be reliable and available.
Reliability
Reliability can be measured in two ways: mean time between failure (MTBF) and mean time to
repair MTTR. Equipment manufacturers specify MTBF based on tests they perform as part of
manufacturing. The measure of equipment robustness is fault tolerance. The longer the MTBF,
the greater the fault tolerance. MTTR is established by warranty or service agreements.
When there is an equipment failure, and the network or service becomes unavailable, it impacts
the ability of the ISP to meet the terms of the SLA. To prevent this, an ISP may purchase
expensive service agreements for critical hardware to ensure rapid manufacturer or vendor
response. An ISP may also choose to purchase redundant hardware and keep spare parts on site.
Availability
Availability is normally measured in the percentage of time that a resource is accessible. A

perfect availability percentage is 100%, meaning that the system is never down or unreachable.
Traditionally, telephone services are expected to be available 99.999% of the time. This is called
the five-9s standard of availability. With this standard, only a very small percentage (0.001%) of
downtime is acceptable. As ISPs offer more critical business services, such as IP telephony or
high-volume retail sale transactions, ISPs must meet the higher expectations of their customers.
ISPs ensure accessibility by doubling up on network devices and servers using technologies
designed for high availability. In redundant configurations, if one device fails, the other one can
take over the functions automatically.
7.1.2 - Reliability and Availability

The diagram depicts the high availability configuration for access to some of the services of an
ISP, which include a file server farm, web server farm, and email server farm.
There are two routers into the ISP and multiple paths to each service. Spare parts kept on hand to
prevent downtime. Both routers are connected to the Internet with multiple home and business
networks connected to the ISP through the Internet.
7.2 Protocols That Support ISP Services
7.2.1 Review of TCP/IP Protocols
Page 1:
Today, ISP customers are using mobile phones as televisions, PCs as telephones, and televisions
as interactive gaming stations with many different entertainment options. As network services
become more advanced, ISPs must accommodate these customer preferences. The development
of converged IP networks enables all of these services to be delivered over a common network.
To provide support for the multiple end-user applications that rely on TCP/IP for delivery, it is
important for the ISP support personnel to be familiar with the operation of the TCP/IP
protocols.
ISP servers need to be able to support multiple applications for many different customers. For
this support, they must use functions provided by the two TCP/IP transport protocols, TCP and
UDP. Common hosted applications, like web serving and email accounts, also depend on
underlying TCP/IP protocols to ensure their reliable delivery. In addition, all IP services rely on
domain name servers, hosted by the ISPs, to provide the link between the IP addressing structure
and the URLs that customers use to access them.
7.2.1 - Review of TCP/IP Protocols

This animation depicts the process of network services.
A network topology, consisting of a router which connects two hosts, H1 and H2, to the Internet.
The ISP has a web server, housing many websites, and a mail server, connected to the Internet.
The two hosts are running multiple processes by using a variety of network services such as web
browsing, instant messaging, email services, and streaming media, such as video and music. The
captions in the diagram are as follows:
"Each stream goes to one interface on the router. How does it get to the right application?"
"And how does data get transmitted reliably?"
"...or without the potential delay caused by reliability?"
"TCP or U D P manage process-to-process communication between hosts across an
Internetwork."
Page 2:
Clients and servers use specific protocols and standards when exchanging information. The
TCP/IP protocols can be represented using a four-layer model. Many of the services provided to
ISP customers depend on protocols that reside at the Application and Transport layers of the
TCP/IP model.
Application Layer Protocols
Application Layer protocols specify the format and control the information necessary for many
of the common Internet communication functions. Among these protocols are:
• Domain Name System (DNS) - Resolves Internet names to IP addresses.

• HyperText Transfer Protocol (HTTP) -Transfers files that make up the web pages of the
World Wide Web.
• Simple Mail Transfer Protocol (SMTP) - Transfers mail messages and attachments.
• Telnet - Terminal emulation protocol that provides remote access to servers and
networking devices.
• File Transfer Protocol (FTP) - Transfers files between systems interactively.
Transport Layer Protocols
Different types of data can have unique requirements. For some applications, communication
segments must arrive in a specific sequence to be processed successfully. In other instances, all
the data must be received for any of it to be of use. Sometimes, an application can tolerate the
loss of a small amount of data during transmission over the network.
In today's converged networks, applications with very different transport needs may be
communicating on the same network. Different Transport Layer protocols have different rules to
enable devices to handle these diverse data requirements.
Additionally, the lower layers are not aware that there are multiple applications sending data on
the network. Their responsibility is to get the data to the device. It is the job of the Transport
Layer to deliver the data to the appropriate application.
The two primary Transport Layer protocols are TCP and UDP.

The chart depicts the four layers of the TCP/IP protocol. A brief description about the individual
protocols associated with each layer is given.
Application Layer
Name System:
DNS - Domain Name System (or Service)
Translates domain names, such as cisco.com, into IP addresses
Host Config:
BOOTP - Bootstrap Protocol
Enables a diskless workstation to discover its own IP address, the IP address of a BOOTP server
on the network, and a file to be loaded into memory to boot the machine
BOOTP is being superseded by DHCP
DHCP - Dynamic Host Configuration Protocol

Dynamically assigns I P addresses to client stations at start-up
Allows the addresses to be re-used when no longer needed
Email
SMTP - Simple Mail Transfer Protocol
Enables clients to send email to a mail server
Enables servers to send email to other servers
POP - Post Office Protocol version 3 (POP3)

Enables clients to retrieve email from a mail server
Downloads email from the mail server to the desktop
I MAP - Internet Message Access Protocol

Enables clients to access email stored on a mail server
Maintains email on the server
File Transfer
FTP - File Transfer Protocol
Sets rules that enable a user on one host to access and transfer files to and from another host over
a network
A reliable, connection-oriented, and acknowledged file delivery protocol
TFTP - Trivial File Transfer Protocol

A simple, connectionless file transfer protocol
A best-effort, unacknowledged file delivery protocol
Utilizes less overhead than FTP
Web
HTTP - Hypertext Transfer Protocol
Set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the
World Wide Web
Transport Layer
UDP - User Datagram Protocol
Enables a process running on one host to send packets to a process running on another host
Does not confirm successful datagram transmission
TCP - Transfer Control Protocol

Enables reliable communication between processes running on separate hosts
Reliable, acknowledged transmissions that confirm successful delivery
Internet Layer
IP - Internet Protocol
Receives message segments from the transport layer
Packages messages into packets
Addresses packets for end-to-end delivery over an Internetwork
NAT - Network Address Translation

Translates I P addresses from a private network into globally unique public IP addresses
ARP - Address Resolution Protocol

Provides dynamic address mapping between an I P address and a hardware address
IP support
ICMP - Internet Control Message Protocol
Provides feedback from a destination host to a source host about errors in packet delivery
Routing Protocols
RIP - Routing Information Protocol
Distance Vector routing protocol
Metric based on hop count
Version 2 supports VLSM and C I D R
OSPF - Open Shortest Path First

Link State routing protocol
Hierarchical design based on areas
Open standard interior routing protocol
EIGRP - Enhanced Interior Gateway Routing Protocol

Cisco Proprietary Routing Protocol
Uses composite metric based on bandwidth, delay, load, reliability and MTU
BGP - Border Gateway Protocol

BGP4 latest version
External Routing Protocol used between ISP's
Routes between Autonomous Systems
Network Access Layer

PPP - Point-to-Point Protocol
Provides a means of encapsulating packets for transmission over a serial link
Ethernet
Defines the rules for wiring and signaling standards of the Network Access Layer
Interface Drivers
Provides instruction to a machine for the control of a specific interface on a network device
Page 3:
The TCP/IP model and the OSI model have similarities and differences.
Similarities
• Use of layers to visualize the interaction of protocols and services

• Comparable Transport and Network layers
• Used in the networking field when referring to protocol interaction
Differences
• OSI model breaks the function of the TCP/IP Application Layer into distinct layers. The
upper three layers of the OSI model specify the same functionality as the Application
Layer of the TCP/IP model.
• The TCP/IP suite does not specify protocols for the physical network interconnection.
The two lower layers of the OSI model are concerned with access to the physical network
and the delivery of bits between hosts on a local network.
The TCP/IP model is based on actual developed protocols and standards, whereas the OSI model
is a theoretical guide for how protocols interact.

The diagram compares the O S I Reference Model and the TCP/IP Model.
O S I Reference Model Layers 7: Application, 6: Presentation Session, and 5: Session are

compared to TCP/IP Model - Application Layer.
O S I Reference Model Layer 4: Transport is compared to TCP/IP Model - Transport Layer.
O S I Reference Model Layer 3: Network is compared to TCP/IP Model - Internet Layer.
O S I Reference Model Layers 2: Data Link, and 1: Physical are compared to TCP/IP Model -
Network Access Layer.
7.2.2 Transport Layer Protocols
Page 1:
Different applications have different transport needs. There are two protocols at the Transport
Layer: TCP and UDP.
TCP
TCP is a reliable, guaranteed-delivery protocol. TCP specifies the methods hosts use to
acknowledge the receipt of packets, and requires the source host to resend packets that are not
acknowledged. TCP also governs the exchange of messages between the source and destination
hosts to create a communication session. TCP is often compared to a pipeline, or a persistent
connection, between hosts. Because of this, TCP is referred to as a connection-oriented protocol.
TCP requires overhead, which includes extra bandwidth and increased processing, to keep track
of the individual conversations between the source and destination hosts and to process
acknowledgements and retransmissions. In some cases, the delays caused by this overhead
cannot be tolerated by the application. These applications are better suited for UDP.
UDP
UDP is a very simple, connectionless protocol. It provides low overhead data delivery. UDP is
considered a "best effort" Transport Layer protocol because it does not provide error checking,
guaranteed data delivery, or flow control. Because UDP is a "best effort" protocol, UDP
datagrams may arrive at the destination out of order, or may even be lost all together.
Applications that use UDP can tolerate small amounts of missing data. An example of a UDP
application is Internet radio. If a piece of data is not delivered, there may only be a minor effect
on the quality of the broadcast.
7.2.2 - TCP
The diagram depicts the TCP/IP Model with different protocols for each layer linked to a
protocol from the layer below. For example, protocols found at the Application Layer use the
services of protocols found at the Transport Layer. This diagram illustrates the dependency of
protocols at the different layers.
Application Layer.
Protocols: FTP, HTTP (www), SMTP email, DNS, TFTP.
Transport Layer.
Protocol TCP linked to FTP, HTTP (www), SMTP email, DNS.
Protocol U D P linked to DNS, TFTP.
Internet Layer.
Protocol IP linked to TCP, U D P.
Network Access Layer.

Internet - linked to IP.
Private Network - linked to IP.
Page 2:
Applications, such as databases, web pages, and email, need to have all data arrive at the
destination in its original condition, for the data to be useful. Any missing data can cause the
messages to be corrupt or unreadable. These applications are designed to use a Transport Layer
protocol that implements reliability. The additional network overhead required to provide this
reliability is considered a reasonable cost for successful communication.
The Transport Layer protocol is determined by the type of application data being sent. For
example, an email message requires acknowledged delivery and therefore would use TCP. An
email client, using SMTP, sends an email message as a stream of bytes to the Transport Layer.
At the Transport Layer, the TCP functionality divides the stream into segments.
Within each segment, TCP identifies each byte, or octet, with a sequence number. These
segments are passed to the Internet Layer, which places each segment in a packet for
transmission. This process is known as encapsulation. At the destination, the process is reversed,
and the packets are de-encapsulated. The enclosed segments are sent through the TCP process,
which converts the segments back to a stream of bytes to be passed to the email server
application.
7.2.2 - TCP
The animation depicts the TCP/IP encapsulation process by showing an example of how the
TCP/IP sends and receives data over a network.
In the network topology, a host, H1, is connected to a switch, then a router, which in turn
connects to the Internet cloud. From the Internet cloud there is another router connected, then a
switch until reaching a server.
Data begins at the Application Layer and works its way down to the Network Access Layer. The
following process is described in the diagram:
One.Application Layer sends a stream of data to TCP.

Two.TCP divides application data stream into segments and passes segments to I P.
Three.IP creates datagrams or packets, and passes them to the Network Access Layer for
transmission.
Four.The Network Access Layer frames the packets for conversion to electrical signals.
Five.The destination host (in this case the Server) reverses the process to get data back to the
Application Layer.
From bottom to top, the layers that form the data are as follows: Network Access, (Packets),
Internet, (Segments), Transport, (Stream), and Application.
Page 3:
Before a TCP session can be used, the source and destination hosts exchange messages to set up
the connection over which data segments can be sent. The two hosts use a three step process to
set up the connection.
In the first step, the source host sends a type of message, called a Synchronization Message, or
SYN, to begin the TCP session establishment process. The message serves two purposes:
• It indicates the intention of the source host to establish a connection with the destination
host over which to send the data.
• It synchronizes the TCP sequence numbers between the two hosts, so that each host can
keep track of the segments sent and received during the conversation.
For the second step, the destination host replies to the SYN message with a synchronization
acknowledgement, or SYN-ACK, message.
In the last step, the sending host receives the SYN-ACK and it sends an ACK message back to
complete the connection setup. Data segments can now be reliably sent.
This SYN, SYN-ACK, ACK activity between the TCP processes on the two hosts is called a
three-way handshake.
7.2.2 - TCP
The animation depicts the TCP connection process. A three-way handshake must take place for
two hosts to establish a connection using TCP.
The user types the URL, www.cisco.com. The four layers of the TCP/IP Model appears above
both the source (client) and the destination (server). The following process is described in the
diagram:
One.Connection Request from Source (SYN message).

Two.Destination Accepts Connection (SYN-ACK message).
Three.Connection set up complete (ACK message).
Four.Source to Destination connection between processes.
Page 4:
When a host sends message segments to a destination host using TCP, the TCP process on the
source host starts a timer. The timer allows sufficient time for the message to reach the
destination host and for an acknowledgement to be returned. If the source host does not receive
an acknowledgement from the destination within the allotted time, the timer expires, and the
source assumes the message is lost. The portion of the message that was not acknowledged is
then re-sent.
In addition to acknowledgement and retransmission, TCP also specifies how messages are
reassembled at the destination host. Each TCP segment contains a sequence number. At the
destination host, the TCP process stores received segments in a buffer. By evaluating the
segment sequence numbers, the TCP process can confirm that there are no gaps in the received
data. When data is received out of order, TCP can also reorder the segments as necessary.
7.2.2 - TCP
The animation depicts the acknowledgement and re-transmission of a TCP operation. A timer is
used to send packets on TCP. If a packet is sent and the ACK is received before timer runs out,
the transmission continues. If a packet is sent and no ACK is received before timer runs out, the
retransmission of the packet occurs.
In this case, the timer expires, then is restarted and the segment is resent. This process is repeated
until all segments have been successfully sent and acknowledged.
7.2.3 Differences Between TCP and UDP
Page 1:
UDP is a very simple protocol. Because it is not connection-oriented and does not provide the
sophisticated retransmission, sequencing, and flow control mechanisms of TCP, UDP has a
much lower overhead.
UDP is often referred to as an unreliable delivery protocol, because there is no guarantee that a
message has been received by the destination host. This does not mean that applications that use
UDP are unreliable. It simply means that these functions are not provided by the Transport Layer
protocol and must be implemented elsewhere if required.
Although the total amount of UDP traffic found on a typical network is often relatively low,
Application Layer protocols that do use UDP include:
• Domain Name System (DNS)

• Simple Network Management Protocol (SNMP)
• Dynamic Host Configuration Protocol (DHCP)
• RIP routing protocol
• Trivial File Transfer Protocol (TFTP)
• Online games
7.2.3 - Differences Between TCP and U D P

The diagram depicts a network using U D P to send packets across the network. The network is
using the TCP/IP Model as a reference for sending and receiving data.
There is a caption that reads, "U D P simply packages data and sends it".
Page 2:
The main differences between TCP and UDP are the specific functions that each protocol
implements and the amount of overhead incurred. Viewing the headers of both protocols is an
easy way to see the differences between them.
Each TCP segment has 20 bytes of overhead in the header that encapsulates the Application
Layer data. This overhead is incurred because of the error-checking mechanisms supported by
TCP.
The pieces of communication in UDP are called datagrams. These datagrams are sent as "best
effort" and, therefore, only require 8 bytes of overhead.

The diagram depicts the structure of a TCP segment and a U D P datagram. The numbers after
each field below represent the number of bits in the particular field.
TCP Segment - 20 Bytes of Overhead.

Source Port (16).
Destination Port (16).
Sequence Number (32).
Acknowledgement number (32).
Header Length (4).
Reserved (6).
Code bits (6).
Window (16).
Checksum (16).
Urgent (16).
Options (0 or 32, if any).
APPLICATION LAYER DATA (size varies).
U D P Datagram - 8 Bytes of Overhead.

Source Port (16).
Destination Port (16).
Length (16).
Checksum (16).
APPLICATION LAYER DATA (size varies).
Page 3:

The diagram depicts an activity in which you must determine if each of the following
characteristics are TCP or U D P .
One. Connectionless
Two. Three-way Handshake
Three. HTTP
Four. Sequenced Message Segments
Five. Less Overhead
Six. No Acknowledgement of Receipt
Seven. Reliable Transport Protocol
Eight. V o I P
Nine. TFTP
7.2.4 Supporting Multiple Services
Page 1:
The task of managing multiple simultaneous communication processes is done at the Transport
Layer. The TCP and UDP services keep track of the various applications that are communicating
over the network. To differentiate the segments and datagrams for each application, both TCP
and UDP have header fields that can uniquely identify these applications for data
communications purposes.
A source port and destination port are located in the header of each segment or datagram. Port
numbers are assigned in various ways, depending on whether the message is a request or a
response. When a client application sends a request to a server application, the destination port
contained in the header is the port number that is assigned to the application running on the
server. For example, when a web browser application makes a request to a web server, the
browser uses TCP and port number 80. This is because TCP port 80 is the default port assigned
to web-serving applications. Many common applications have default port assignments. Email
servers that are using SMTP are usually assigned to TCP port 25.
As segments are received for a specific port, TCP or UDP places the incoming segments in the
appropriate queue. For instance, if the application request is for HTTP, the TCP process running
on a web server places incoming segments in the web server queue. These segments are then
passed up to the HTTP application as quickly as HTTP can accept them.
Segments with port 25 specified are placed in a separate queue that is directed toward email
services. In this manner, Transport Layer protocols enable servers at the ISP to host many
different applications and services simultaneously.
7.2.4 - Supporting Multiple Services
The diagram depicts how TCP queues segments according to port numbers. At the Internet
Layer, data is in the form of packets, and there is no differentiation between information destined
for applications using different ports. At the Transport Layer, data is separated into segments
according to the destination port number, and passed on to the Application Layer where data
takes the form of data streams.
Page 2:
In any Internet transaction, there is a source host and a destination host, normally a client and a
server. The TCP processes on the sending and receiving hosts are slightly different. Clients are
active and request connections, while servers are passive, and listen for and accept connections.
Server processes are usually statically assigned well-known port numbers from 0 to 1023. Well-
known port numbers enable a client application to assign the correct destination port when
generating a request for services.
Clients also require port numbers to identify the requesting client application. Source ports are
dynamically assigned from the port range 1024 to 65535. This port assignment acts like a return
address for the requesting application. The Transport Layer protocols keep track of the source
port and the application that initiated the request, so that when a response is returned, it can be
forwarded to the correct application.

The diagram depicts the U D P and TCP Protocols and corresponding port numbers of the
Application Layer of the TCP/IP Model, as well as how they link to the lower layers. The focus
is on the Transport Layer.
Application
HTTP, Port 80
SMTP, Port 25
DNS, Port 53
Transport
TCP linked to HTTP, SMTP
U D P linked to DNS
Transport Layer Table of Well-known Ports

Destination Port Number - 20
Abbreviation - FTP Data
Definition - File transfer Protocol (for data transfer)

Abbreviation - FTP Control
Definition - File Transfer Protocol (to establish connection)
Abbreviation - Telnet
Definition - Teletype Network

Abbreviation - SMTP
Definition - Simple Mail Transfer Protocol

Abbreviation - DNS
Definition - Domain Name Service

Abbreviation - TFTP
Definition - Trivial File Transfer Protocol

Abbreviation - HTTP
Definition - HyperText Transfer Protocol

Abbreviation - POP3
Definition - Post Office Protocol (version 3)

Abbreviation - NBNS
Definition - Microsoft NetBIOS Name Service

Abbreviation - I MAP4
Definition - Internet Message Access Protocol (version4)

Abbreviation - SNMP
Definition - Simple Network Management Protocol

Abbreviation - HTTPS
Definition - Hypertext Transfer Protocol Secure

Abbreviation - DHCP Client
Definition - Dynamic Host Configuration Protocol (Client)

Abbreviation - DHCP Server
Definition - Dynamic Host Configuration Protocol (Server)
Internet
IP linked to TCP, U D P
Network Access
Network linked to IP
Page 3:
The combination of the Transport Layer port number and the Network Layer IP address of the
host uniquely identifies a particular application process running on an individual host device.
This combination is called a socket. A socket pair, consisting of the source and destination IP
addresses and port numbers, is also unique and identifies the specific conversation between the
two hosts.
A client socket might look like this, with 7151 representing the source port number:
192.168.1.1:7151
The socket on a web server might be:
10.10.10.101:80
Together, these two sockets combine to form a socket pair:
192.168.1.1:7151, 10.10.10.101:80
With the creation of sockets, communication endpoints are known so that data can move from an
application on one host to an application on another. Sockets enable multiple processes running
on a client to distinguish themselves from each other, and multiple connections to a server
process to be distinguished from each other.

The animation depicts the creation of socket pairs.
There are two hosts, one sending and one replying. A table shows the Sending and Receiving IP
address and Port Numbers on each host.
Host1, the source, makes the following request:

Source - IP: 192.168.1.1, Port: 7151
Destination - IP: 1 0.1 0.10.101, Port: 80
Host2, the web server destination, makes the following reply:

Source - IP: 1 0.1 0.10.101, Port: 80
Destination - IP: 192.168.1.1, Port: 7151
The socket for Host1 is 192.168.1.1:7151.

The socket for Host2 is 1 0.1 0.10.101:80.
The socket pair is 192.168.1.1:7151, 10.10.10.101:80
As a socket pair, they are used to enable communication between Host1 and Host2. The caption
reads, "A socket pair connects the local host to the destination service."
7.3 Domain Name System
7.3.1 TCP/IP Host Name
Page 1:
Communication between source and destination hosts over the Internet requires a valid IP
address for each host. However, numeric IP addresses, especially the hundreds of thousands of
addresses assigned to servers available over the Internet, are difficult for humans to remember.
Human-readable domain names, like cisco.com, are easier for people to use. Network naming
systems are designed to translate human-readable names into machine-readable IP addresses that
can be used to communicate over the network.
Humans use network naming systems every day when surfing the web or sending email
messages, and may not even realize it. Naming systems work as a hidden but integral part of
network communication. For example, to browse to the Cisco Systems website, open a browser
and enter http://www.cisco.com in the address field. The www.cisco.com is a network name that
is associated with a specific IP address. Typing the server IP address into the browser brings up
the same web page.
Network naming systems are a human convenience to help users reach the resource they need
without having to remember the complex IP address.
7.3.1 - TCP/IP Host Name

The diagram depicts the use of a naming system instead of IP addresses.
There is an Inside network and an Outside network. The Inside network has two workstations:
wkst1 with the IP: 192.168.1.50, and wkst2 with the IP: 192.168.1.51. There are also two
servers: srv1 with the IP: 192.168.1.20, and srv2 with the IP: 192.168.1.21. The servers are
connected through a router to the Outside network. The Outside network has an ISP with one
web server - www.cisco.com, IP: 209.165.201.3.
Page 2:
In the early days of the Internet, host names and IP addresses were managed through the use of a
single HOSTS file located on a centrally administered server.
The central HOSTS file contained the mapping of the host name and IP address for every device
connected to the early Internet. Each site could download the HOSTS file and use it to resolve
host names on the network. When a host name was entered, the sending host would check the
downloaded HOSTS file to obtain the IP address of the destination device.
At first, the HOSTS file was acceptable for the limited number of computer systems participating
in the Internet. As the network grew, so did the number of hosts needing name-to-IP translations.
It became impossible to keep the HOSTS file up to date. As a result, a new method to resolve
host names to IP addresses was developed. DNS was created for domain name to address
resolution. DNS uses a distributed set of servers to resolve the names associated with the
numbered addresses. The single, centrally administered HOSTS file is no longer needed.
However, virtually all computer systems still maintain a local HOSTS file. A local HOSTS file is
created when TCP/IP is loaded on a host device. As part of the name resolution process on a
computer system, the HOSTS file is scanned even before the more robust DNS service is
queried. A local HOSTS file can be used for troubleshooting or to override records found in a
DNS server.

The diagram depicts a Windows H O S T S file.
The comment section is highlighted and has the following caption, "Commented out
documentation about working with H O S T S files."
The IP addresses are highlighted, with the following caption, "IP address mapped to names."
Page 3:
Lab Activity
Set up name resolution using the HOSTS file.

Link to Hands-on Lab: Editing the H O S T S File in Windows
7.3.2 DNS Hierarchy

Page 1:
DNS solves the shortcomings of the HOSTS file. The structure of DNS is hierarchical, with a
distributed database of host name to IP mappings spread across many DNS servers all over the
world. This is unlike a HOSTS file, which requires all mappings to be maintained on one server.
DNS uses domain names to form the hierarchy. The naming structure is broken down into small,
manageable zones. Each DNS server maintains a specific database file and is only responsible
for managing name-to-IP mappings for that small portion of the entire DNS structure. When a
DNS server receives a request for a name translation that is not within its DNS zone, the DNS
server forwards the request to another DNS server within the proper zone for translation.
DNS is scalable because host name resolution is spread across multiple servers.
7.3.2 - DNS
The diagram depicts the process involved for a host to receive a web page when a URL is
entered from the host. There is one host connected to a DNS server, and a web server
(www.cisco.com).
www.cisco.com, 209.165.200.226
www.netacad.com, 209.165.202.130
The client says, "What is the IP address for www.cisco.com?"

The DNS server says, "The IP address is 209.165.200.226."
The client says "Can I have your web page?"
The web server says, "Sure, here it is!"
Page 2:
DNS is made up of three components.
Resource Records and Domain Namespace
A resource record is a data record in the database file of a DNS zone. It is used to identify a type
of host, a host IP address, or a parameter of the DNS database.
The domain namespace refers to the hierarchical naming structure for organizing resource
records. The domain namespace is made up of various domains, or groups, and the resource
records within each group.
Domain Name System Servers
Domain name system servers maintain the databases that store resource records and information
about the domain namespace structure. DNS servers attempt to resolve client queries using the
domain namespace and resource records it maintains in its zone database files. If the name server
does not have the requested information in its DNS zone database, it uses additional predefined
name servers to help resolve the name-to-IP query.
Resolvers
Resolvers are applications or operating system functions that run on DNS clients and DNS
servers. When a domain name is used, the resolver queries the DNS server to translate that name
to an IP address. A resolver is loaded on a DNS client, and is used to create the DNS name query
that is sent to a DNS server. Resolvers are also loaded on DNS servers. If the DNS server does
not have the name-to-IP mapping requested, it uses the resolver to forward the request to another
DNS server.
7.3.2 - DNS
The diagram depicts a client, using a client resolver, connected to a DNS server, using a server
resolver. The DNS server maintains the resource records, domain space, and houses the table
below with the following information:
www.cisco.com = 209.165.200.226
www.netacad.com = 209.165.202.130
Page 3:
DNS uses a hierarchical system to provide name resolution. The hierarchy looks like an inverted
tree, with the root at the top and branches below.
At the top of the hierarchy, the root servers maintain records about how to reach the top-level
domain servers, which in turn have records that point to the second-level domain servers.
The different top-level domains represent either the type of organization or the country of origin.
Examples of top-level domains are:
.au - Australia
.co - Colombia
.com - a business or industry
.jp - Japan
.org - a nonprofit organization
Under top-level domains are second-level domain names, and below them are other lower level
domains.
7.3.2 - DNS
The diagram depicts DNS tree structure components in a hierarchical manner, from top to
bottom, as follows:
Root - Managed by Registration Authority (ROOT of the DNS Structure)

Level 1 Branch 1 - com, (Top level domain)
Level 1 Branch 2 - gov (Top level domain)
Level 1 Branch 3 - mil (Top level domain)
Level 1 Branch 4 - int/net/org/edu (Top level domain)
Level 2 Branch 1 - cisco (second level domain)
Level 2 Branch 2 - nasa (second level domain)
Level 2 Branch 3 - army (second level domain)
Level 2 Branch 4 - redcross (second level domain)
Page 4:
The root DNS server may not know exactly where the host H1.cisco.com is located, but it does
have a record for the .com top-level domain. Likewise, the servers within the .com domain may
not have a record for H1.cisco.com either, but they do have a record for the cisco.com domain.
The DNS servers within the cisco.com domain do have the record for H1.cisco.com and can
resolve the address.
DNS relies on this hierarchy of decentralized servers to store and maintain these resource
records. The resource records contain domain names that the server can resolve, and alternate
servers that can also process requests.
The name H1.cisco.com is referred to as a fully qualified domain name (FQDN) or DNS name,
because it defines the exact location of the computer within the hierarchical DNS namespace.
7.3.2 - DNS
The diagram depicts a tree structure used to describe the DNS hierarchy.
Root - Managed by Registration Authority

Level 1 Branch 1 - com
Level 2 Branch 1 - cisco
Level 3 Branch 1 - Managed by Cisco
Level 3 Branch 2 - Managed by Cisco
Level 3 Branch 3 - H1
Level 1 Branch 2 - gov
Level 2 Branch 1 - nasa
Level 1 Branch 3 - mil
Level 2 Branch 1 - army
Level 1 Branch 4 - int/net/org/edu
Level 2 Branch 1 - redcross
7.3.3 DNS Name Resolution
Page 1:
When a host needs to resolve a DNS name, it uses the resolver to contact a DNS server within its
domain. The resolver knows the IP address of the DNS server to contact because it is
preconfigured as part of the host IP configuration.
When the DNS server receives the request from the client resolver, it first checks the local DNS
records it has cached in its memory. If it is unable to resolve the IP address locally, the server
uses its resolver to forward the request to another preconfigured DNS server. This process
continues until the IP address is resolved. The name resolution information is sent back to the
original DNS server, which uses the information to respond to the initial query.
During the process of resolving a DNS name, each DNS server caches, or stores, the information
it receives as replies to the queries. The cached information enables the DNS server to reply
more quickly to subsequent resolver requests, because the server first checks the cache records
before querying other DNS servers.
DNS servers only cache information for a limited amount of time. DNS servers should not cache
information for too long because host name records do periodically change. If a DNS server had
old information cached, it may give out the wrong IP address for a computer.
7.3.3 - DNS Name Resolution
The diagram depicts five steps of the DNS resolution process. In the diagram, there are four
name servers (cisco, COM, edu, Stanford), one web server, and a client.
Step 1: Local Recursive Query

Resolver sends a recursive DNS query to the local DNS server asking for the IP address of the
web server. Cisco.com is the fully qualified domain name of the remote host. The local DNS
server looks in its DNS zone database and its DNS cache to see if it has that name mapping
recorded. It does not find it.
Step 2: Root Domain Iterative Query

The local DNS server then sends an iterative DNS query to one of the preconfigured root servers
asking for the DNS servers that maintain the .com top-level domain. The root DNS server replies
back with the list of .com top-level domain DNS servers. The local DNS server then stores the
location of the .com DNS servers in its DNS cache.
Step 3: Top Level Domain Iterative Query

The local DNS server then sends an iterative DNS query to one of the .com servers asking for the
DNS servers that manage the cisco.com second level domains. The .com server replies back with
the list of DNS servers that maintain the cisco.com second level domain. The local DNS server
then stores the location of the cisco.com DNS servers in its DNS cache.
Step 4: Second Level Domain Iterative Query

The local DNS server then sends an iterative DNS query to one of the cisco.com DNS servers
asking for the IP address of webserver.cisco.com. The cisco.com DNS server replies back with
the IP address mapping for webserver.cisco.com. The local DNS server then stores the resources
record in its local DNS cache.
Step 5: Local Response

The Local DNS server then sends the reply back to the client with the IP address of
webserver.cisco.com. The client then uses the IP address to connect to the remote web server and
requests the web page.
Page 2:
Lab Activity
Examine the interface of a Windows DNS server to view the cached information from a DNS
lookup.

Link to Hands-on Lab: Examining Cached DNS Information on a Windows DNS Server
Examine the interface of a Windows DNS server to view the cached information from a DNS
lookup.
Page 3:
In the early implementations of DNS, resource records for hosts were all added and updated
manually. However, as networks grew and the number of host records needing to be managed
increased, it became very inefficient to maintain the resource records manually. Furthermore,
when DHCP is used, the resource records within the DNS zone have to be updated even more
frequently. To make updating the DNS zone information easier, the DNS protocol was changed
to allow computer systems to update their own record in the DNS zone through dynamic updates.
Dynamic updates enable DNS client computers to register and dynamically update their resource
records with a DNS server whenever changes occur. To use dynamic update, the DNS server and
the DNS clients, or DHCP server, must support the dynamic update feature. Dynamic updates on
the DNS server are not enabled by default, and must be explicitly enabled. Most current
operating systems support the use of dynamic updates.

The diagram depicts the use of dynamic update. The topology consists of a DHCP client, H1,
connected to a DHCP server and a DNS server. Two scenarios are then given, identifying each
step with arrows pointing to the appropriate devices.
Client Updates Host Record

DHCP clients capable of dynamically updating their own DNS host record do the following:
One.The client requests an address from a DHCP server. (IP lease request)
Two.The DHCP server assigns an IP address to the client. (IP lease acknowledgement)
Three.The client registers its DNS host record with the configured DNS server. (DNS dynamic
update of H1 name)
Four.The DHCP server registers the pointer (PTR) name for the client. (DNS dynamic update of
pointer (PTR) name)
DHCP Updates Host Record

Some older operating systems do not support dynamic updating DNS. For these operating
systems, you can configure some DHCP servers to dynamically update on behalf of the client.
The process of using DHCP to update DNS for the client is as follows:
One.The client requests an address from a DHCP server. (IP lease request)
Two.The DHCP server assigns an IP address to the client. (IP lease acknowledgement)
Three.The DHCP server registers a DNS host record with the configured DNS server on behalf
of the client. (DNS dynamic update of H1 name)
Four.The DHCP server registers the (PTR) name for the client. (DNS dynamic update of pointer
(PTR) name)
Page 4:
DNS servers maintain the zone database for a given portion of the overall DNS hierarchy.
Resource records are stored within that DNS zone.
DNS zones can be either a forward lookup or reverse lookup zone. They can also be either a
primary or a secondary forward or reverse lookup zone. Each zone type has a specific role within
the overall DNS infrastructure.
Forward Lookup Zones
A forward lookup zone is a standard DNS zone that resolves fully qualified domain names to IP
addresses. This is the zone type that is most commonly found when surfing the Internet. When
typing a website address, such as www.cisco.com, a recursive query is sent to the local DNS
server to resolve that name to an IP address to connect to the remote web server.
Reverse Lookup Zones
A reverse lookup zone is a special zone type that resolves an IP address to a fully qualified
domain name. Some applications use reverse lookups to identify computer systems that are
actively communicating with them. There is an entire reverse lookup DNS hierarchy on the
Internet that enables any publicly registered IP address to be resolved. Many private networks
choose to implement their own local reverse lookup zones to help identify computer systems
within their network. Reverse lookups on IP addresses can be found using the ping -a
[ip_address] command.
Primary Zones
A primary DNS zone is a zone that can be modified. When a new resource record needs to be
added or an existing record needs to be updated or deleted, the change is made on a primary
DNS zone. When you have a primary zone on a DNS server, that server is said to be
authoritative for that DNS zone, since it will have the answer for DNS queries for records within
that zone. There can only be one primary DNS zone for any given DNS domain; however, you
can have a primary forward and primary reverse lookup zone.
Secondary Zones
A secondary zone is a read-only backup zone maintained on a separate DNS server than the
primary zone. The secondary zone is a copy of the primary zone and receives updates to the zone
information from the primary server. Since the secondary zone is a read-only copy of the zone,
all updates to the records need to be done on the corresponding primary zone. You can also have
secondary zones for both forward and reverse lookup zones. Depending on the availability
requirements for a DNS zone, you may have many secondary DNS zones spread across many
DNS servers.

The diagram depicts a Windows Command Prompt window with examples of the commands for
forward lookup zones and reverse lookup zones.
Forward Lookup Zones

The ping netacad.net command is entered, and shows that the host is reachable as there is 0%
packet loss.
C: \ > ping netacad.net

Pinging netacad.net.escxi.loc [64.102.240.242] with 32 bytes of data:
<>
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss).
Reverse Lookup Zones

The ping 64.102.240.242 command is entered, and shows that the host is reachable as there is
0% packet loss.
C: \ > ping -a 64.102.240.242
Pinging bsm-rtp-002-int.cisco.com [64.102.240.242] with 32 bytes of data:
<>
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss).
Page 5:
Lab Activity
Using a Windows server, create primary and secondary DNS zones.

Link to Hands-on Lab: Creating Primary and Secondary Forward Lookup Zones
Using a Windows server, create primary and secondary DNS zones.
7.3.4 Implementing DNS Solutions
Page 1:
There is more than one way to implement DNS solutions.

ISP DNS Servers
ISPs typically maintain caching-only DNS servers. These servers are configured to forward all
name resolution requests to the root servers on the Internet. Results are cached and used to reply
to any future requests. Because ISPs typically have many customers, the number of cached DNS
lookups is high. The large cache reduces network bandwidth by reducing the frequency that DNS
queries that are forwarded to the root servers. Caching-only servers do not maintain any
authoritative zone information, meaning that they do not store any name-to-IP mappings directly
within their database.
Local DNS Servers
A business may run its own DNS server. The client computers on that network are configured to
point to the local DNS server rather than the ISP DNS server. The local DNS server may
maintain some authoritative entries for that zone, so it has name-to-IP mappings of any host
within the zone. If the DNS server receives a request that it cannot resolve, it is forwarded. The
cache required on a local server is relatively small compared to the ISP DNS server because of
the smaller number of requests.
It is possible to configure local DNS servers to forward requests directly to the root DNS server.
However, some administrators configure local DNS servers to forward all DNS requests to an
upstream DNS server, such as the DNS server of the ISP. In this way, the local DNS server
benefits from the large number of cached DNS entries of the ISP, rather than having to go
through the entire lookup process starting from the root server.
7.3.4 - Provisioning DNS Services

The diagram depicts the hierarchy of two DNS servers, Local DNS Server and ISP DNS Server,
that are separated by a firewall. The IS DNS Server is connected to the Internet. The following
information is included for the local DNS server and for the ISP DNS server:
Local DNS Server

Maintained by the organization
The Local DNS Server is responsible for name-to-IP mappings of all internal machines
All external name resolution requests are forwarded to the ISP DNS server or the root server
ISP DNS Server
Typically a caching-only server
All name resolution requests are forwarded to the root server
Page 2:
Losing access to DNS servers affects the visibility of public resources. If users type in a domain
name that cannot be resolved, they cannot access the resource. For this reason, when an
organization registers a domain name on the Internet, a minimum of two DNS servers must be
provided with the registration. These servers are the ones that hold the DNS zone database.
Redundant DNS servers ensure that if one fails, the other one is available for name resolution.
This practice provides fault tolerance. If hardware resources permit, having more than two DNS
servers within a zone provides additional protection and organization.
It is also a good idea to make sure that multiple DNS servers that host the zone information are
located on different physical networks. For example, the primary DNS zone information can be
stored on a DNS server on the local business premises. Usually the ISP hosts an additional
secondary DNS server to ensure fault tolerance.
DNS is a critical network service. Therefore, DNS servers must be protected using firewalls and
other security measures. If DNS fails, other web services are not accessible.
7.3.4 - Provisioning DNS Services

The diagram depicts the implementation of DNS solutions.
A network with three internal DNS servers is protected by a firewall. The internal DNS servers
send external queries outside of the firewall to a caching-only DNS server. Outside of the
firewall, there is an unprotected DNS server connected to the network, which is accessible from
the Internet.
7.4 Services and Protocols
7.4.1 Services
Page 1:
In addition to providing private and business customers with connectivity and DNS services,
ISPs provide many business-oriented services to customers. These services are enabled by
software installed on servers. Among the different services provided by ISPs are:
• email hosting
• website hosting
• e-commerce sites
• file storage and transfer
• message boards and blogs
• streaming video and audio services
TCP/IP Application Layer protocols enable many of these ISP services and applications. The
most common TCP/IP Application Layer protocols are HTTP, FTP, SMTP, POP3, and IMAP4.
Some customers have greater concern about security, so these Application Layer protocols also
include secure versions such as FTPS and HTTPS.
7.4.1 - Services
The diagram depicts some of the services which an ISP may provide, including a file servers,
mail servers, and web servers. Customers are able to access these services through the Internet.
Page 2:
7.4.1 - Services
The diagram depicts an activity in which you must determine which of the four protocols are
required for each of the three types of servers. One server will have two protocols.
Servers
A.File Server
B.Mail Server
C.Web Server
Protocols
One.FTP
Two.SMTP
Three.I MAP
Four.HTTP
7.4.2 HTTP and HTTPS
Page 1:
HTTP, one of the protocols in the TCP/IP suite, was originally developed to enable the retrieval
of HTML-formatted web pages. It is now used for distributed, collaborative information sharing.
HTTP has evolved through multiple versions. Most ISPs use HTTP version 1.1 to provide web-
hosting services. Unlike earlier versions, version 1.1 enables a single web server to host multiple
websites. It also permits persistent connections, so that multiple request and response messages
can use the same connection, reducing the time it takes to initiate new TCP sessions.
HTTP specifies a request/response protocol. When a client, typically a web browser, sends a
request message to a server, HTTP defines the message types that the client uses to request the
web page. It also defines the message types that the server uses to respond.
Although it is remarkably flexible, HTTP is not a secure protocol. The request messages send
information to the server in plain text that can be intercepted and read. Similarly, the server
responses, typically HTML pages, are also sent unencrypted.
For secure communication across the Internet, Secure HTTP (HTTPS) is used for accessing or
posting web server information. HTTPS can use authentication and encryption to secure data as
it travels between the client and server. HTTPS specifies additional rules for passing data
between the Application Layer and the Transport Layer.
7.4.2 - Supporting HTTP and HTTPS

The diagram depicts a client request for data from the HTTP server. There is a TCP connection
from the client to the server. The server is listening on Port 80. The HTTP server then sends a
response back to the client.
Page 2:
When contacting an HTTP server to download a web page, a uniform resource locator (URL) is
used to locate the server and a specific resource. The URL identifies:
• Protocol being used

• Domain name of the server being accessed
• Location of the resource on the server, such as http://example.com/example1/index.htm
Many web server applications allow short URLs. Short URLs are popular because they are easier
to write down, remember, or share. With a short URL, a default resource page is assumed when a
specific URL is typed. When a user types in a shortened URL, like http://example.com, the
default page that is sent to the user is actually the http://example.com/example1/index.htm web
page.

The diagram depicts the different parts of the following URL:
http://example.com/example1/home.htm
Protocol - http
The http protocol that is being used to send the request. This can also be https or ftp.
Domain Name - example.com

The domain name is example.com, which sent to the DNS server for resolution to an IP address.
Folder - example1
The folder on the web server where the resource is stored.
Resource - home.htm
The actual resource or file that is being requested.
Page 3:
HTTP supports proxy services. A proxy server allows clients to make indirect network
connections to other network services. A proxy is a device in the communications stream that
acts as a server to the client and as a client to a server.
The client connects to the proxy server and requests from the proxy a resource on a different
server. The proxy connects to the specified server and retrieves the requested resource. It then
forwards the resource back to the client.
The proxy server can cache the resulting page or resource for a configurable amount of time.
Caching enables future clients to access the web page quickly, without having to access the
actual server where the page is stored. Proxies are used for three reasons:
• Speed - Caching allows resources requested by one user to be available to subsequent

users, without having to access the actual server where the page is stored.
• Security - Proxy servers can be used to intercept computer viruses and other malicious
content and prevent them from being forwarded onto clients.
• Filtering - Proxy servers can view incoming HTTP messages and filter unsuitable and
offensive web content.
The diagram depicts an initial request and subsequent request on a proxy server.
Initial Request
An HTTP client requests the website, www.cisco.com. Through a TCP connection to the proxy
server, the client request is sent as a proxy request to the HTTP server, which is listening on Port
80. The HTTP server sends a response the proxy server, which then sends a response back to the
client.
Subsequent Request
An HTTP client requests the same website, www.cisco.com. Through a TCP connection to the
proxy server, the client request is received. The proxy server this time does not need to send the
request on to the HTTP server. But since the website was accessed before, the proxy server sends
a cached response to the HTTP client.
Page 4:
HTTP sends clear text messages back and forth between a client and a server. These text
messages can be easily intercepted and read by unauthorized users. To safeguard data, especially
confidential information, some ISPs provide secure web services by using HTTPS. HTTPS is
HTTP over secure socket layer (SSL). HTTPS uses the same client request-server response
process as HTTP, but the data stream is encrypted with SSL before being transported across the
network.
When the HTTP data stream arrives at the server, the TCP layer passes it up to SSL in the
Application Layer of the server, where it is decrypted.
The maximum number of simultaneous connections that a server can support for HTTPS is less
than that for HTTP. HTTPS creates additional load and processing time on the server due to the
encryption and decryption of traffic. To keep server performance up, HTTPS should only be
used when necessary, such as when exchanging confidential information.

The diagram depicts the use of HTTPS for encrypted data transmission.
An HTTPS client sends a request to an HTTPS server through a TCP connection. Both the
request from the client and response from the server are encrypted. The HTTPS server has a
caption that reads, "Listens on Port 443".
Page 5:

The diagram depicts an activity in which you must determine if each of the following
characteristics describes HTTP and HTTPS.
One. Low C P U overhead

Two. Secured using SSL
Three. Not Secure
Four. For confidential data
Five. High C P U overhead
Six. For non-confidential data
7.4.3 FTP
Page 1:
FTP is a connection-oriented protocol that uses TCP to communicate between a client FTP
process and an FTP process on a server. FTP implementations include the functions of a protocol
interpreter (PI) and a data transfer process (DTP). PI and DTP define two separate processes that
work together to transfer files. As a result, FTP requires two connections to exist between the
client and server, one to send control information and commands, and a second one for the actual
file data transfer.
Protocol Interpreter (PI)
The PI function is the main control connection between the FTP client and the FTP server. It
establishes the TCP connection and passes control information to the server. Control information
includes commands to navigate through a file hierarchy and renaming or moving files. The
control connection, or control stream, stays open until closed by the user. When a user wants to
connect to an FTP server there are five basic steps:
Step 1. The user PI sends a connection request to the server PI on well-known port 21.
Step 2. The server PI replies and the connection is established.
Step 3. With the TCP control connection open, the server PI process begins the login sequence.
Step 4. The user enters credentials through the user interface and completes authentication.
Step 5. The data transfer process begins.
Data Transfer Process
DTP is a separate data transfer function. This function is enabled only when the user wants to
actually transfer files to or from the FTP server. Unlike the PI connection, which remains open,
the DTP connection closes automatically when the file transfer is complete.
7.4.3 - Supporting FTP

The diagram depicts how a user and server interact during the FTP process.
The User FTP-Process and the Server FTP-process steps are outlined.
User FTP
One. User Interface
Two. User Protocol Interpreter (user-P I)
Three. User Data Transfer Process
Four. Client File System
Server FTP
One. Server Protocol Interpreter (server-P I)
Two. Server Data Transfer Process
Three. Server File System
The control connection between the user-P I and server-P I uses TCP port 21. The data
connection between user the data transfer process and server data transfer process uses TCP port
20.
Page 2:
The two types of data transfer connections supported by FTP are active data connections and
passive data connections.
Active Data Connections
In an active data connection, a client initiates a request to the server and opens a port for the
expected data. The server then connects to the client on that port and the file transfer begins.
Passive Data Connections
In a passive data connection, the FTP server opens a random source port (greater than 1023). The
server forwards its IP address and the random port number to the FTP client over the control
stream. The server then waits for a connection from the FTP client to begin the data file transfer.
ISPs typically support passive data connections to their FTP servers. Firewalls often do not
permit active FTP connections to hosts located on the inside network.
7.4.3 - Supporting FTP

The diagram depicts passive and active data transfer connections supported by FTP. A client is
connected to a server.
Active Connection
Server initiates the data transfer connection. A user requests data transfer, the server P I instructs
the server-DTP to connect to the user-DTP. The user-DTP listens for the connection from the
server DTP.
Passive Connection
Client initiates the data transfer connection. A user-P I connects to the server-P I and instructs
the server-DTP to be passive. The server-P I replies with its IP address and a dynamic port
number that the client is to use the data transfer. The server-DTP then listens for a connection
from the client-DTP.
7.4.4 SMTP, POP3, and IMAP4
Page 1:
One of the primary services offered by an ISP is email hosting. Email is a store-and-forward
method of sending, storing, and retrieving electronic messages across a network. Email messages
are stored in databases on mail servers. ISPs often maintain mail servers that support many
different customer accounts.
Email clients communicate with mail servers to send and receive email. Mail servers
communicate with other mail servers to transport messages from one domain to another. An
email client does not communicate directly with another email client when sending email.
Instead, both clients rely on the mail server to transport messages. This is true even when both
users are in the same domain.
Email clients send messages to the email server configured in the application settings. When the
server receives the message, it checks to see if the recipient domain is located on its local
database. If it is not, it sends a DNS request to determine the mail server for the destination
domain. When the IP address of the destination mail server is known, the email is sent to the
appropriate server.
Email supports three separate protocols for operation: SMTP, POP3, and IMAP4. The
Application Layer process that sends mail, either from a client to a server or between servers,
implements SMTP. A client retrieves email using one of two Application Layer protocols: POP3
or IMAP4.
7.4.4 - Supporting SMTP, POP3, I MAP

The diagram depicts the use of an email server for storing and forwarding emails. A client from
ISP A (sender) is sending an email to a client from ISP B (recipient). The sender sends the email
to the ISP A email Server. The ISP A email server passes the email to the ISP B email server
using the SMTP protocol. The recipient retrieves the email from the ISP B email server using
either the I MAP or POP3 protocol.
Page 2:
SMTP transfers mail reliably and efficiently. For SMTP applications to work properly, the mail
message must be formatted properly and SMTP processes must be running on both the client and
server.
SMTP message formats require a message header and a message body. While the message body
can contain any amount of text, the message header must have a properly formatted recipient
email address and a sender address. Any other header information is optional.
When a client sends email, the client SMTP process connects with a server SMTP process on
well-known port 25. After the connection is made, the client attempts to send mail to the server
across the connection. When the server receives the message, it either places the message in a
local account or forwards the message using the same SMTP connection process to another mail
server.
The destination email server may not be online or may be busy when email messages are sent.
Therefore, SMTP spools messages to be sent at a later time. Periodically, the server checks the
queue for messages and attempts to send them again. If the message is still not delivered after a
predetermined expiration time, it is returned to the sender as undeliverable.

The animation depicts the use of email servers for storing and forwarding emails.
A client from ISP A (sender) is sending an email to a client from ISP B (recipient). The picture
shows how the sender sends the email to the ISP A email server on Port 25 (SMTP).
The ISP A email server states, "I have received a message that I must forward to another mail
server." The ISP A email server then passes the email to the ISP B email server using SMTP.
The ISP B email server states, "I have received a message for one of my email accounts. I will
store it until the user requests it." The recipient will retrieve the email from the ISP B email
server.
Page 3:
One of the required fields in an email message header is the recipient email address. The
structure of an email address includes the email account name or an alias, in addition to the
domain name of the mail server. An example of an email address:
recipient@cisco.com.
The @ symbol separates the account and the domain name of the server. When a DNS server
receives a query for a name with an @ symbol, that indicates to the DNS server that it is looking
up an IP address for a mail server.
When a message is sent to recipient@cisco.com, the domain name is sent to the DNS server to
obtain the IP address of the domain mail server. Mail servers are identified in DNS by an MX
record indicator. MX is a type of resource record stored on the DNS server. When the destination
mail server receives the message, it stores the message in the appropriate mailbox. The mailbox
location is determined based on the account specified in the first part of the email address, in this
case, the recipient account. The message remains in the mailbox until the recipient connects to
the server to retrieve the email.
If the mail server receives an email message that references an account that does not exist, the
email is returned to the sender as undeliverable.

The diagram depicts the different parts of an email address.
recipient @cisco.com
recipient - The name of the account created on the mail server.
cisco.com - The domain name of the email server where the message must be delivered.
Page 4:
Post Office Protocol - Version 3 (POP3) enables a workstation to retrieve mail from a mail
server. With POP3, mail is downloaded from the server to the client and then deleted on the
server.
The server starts the POP3 service by passively listening on TCP port 110 for client connection
requests. When a client wants to make use of the service, it sends a request to establish a TCP
connection with the server. When the connection is established, the POP3 server sends a
greeting. The client and POP3 server then exchange commands and responses until the
connection is closed or aborted.
Because email messages are downloaded to the client and removed from the server, there is not a
centralized location where email messages are kept. Because POP3 does not store messages, it is
undesirable for a small business that needs a centralized backup solution.
POP3 is desirable for an ISP, because it alleviates their responsibility for managing large
amounts of storage for their email servers.

The animation depicts the protocol exchange between the client and the server using the POP3
protocol.
To retrieve emails from an email server, the recipient in the animation states, "Get Mail". The
recipient sends a request to the email server on Port 110 using POP3. The email server receives
the request and messages are downloaded and removed from the server. The server then sends
the emails to the recipient and deletes them off of the server.
Page 5:
Internet Message Access Protocol (IMAP4) is another protocol that describes a method to
retrieve email messages. However, unlike POP3, when the user connects to an IMAP-capable
server, copies of the messages are downloaded to the client application. The original messages
are kept on the server until manually deleted. Users view copies of the messages in their email
client software.
Users can create a file hierarchy on the server to organize and store mail. That file structure is
duplicated on the email client as well. When a user decides to delete a message, the server
synchronizes that action and deletes the message from the server.
For small- to medium-sized businesses, there are many advantages to using IMAP. IMAP can
provide long-term storage of email messages on mail servers and allows for centralized backup.
It also enables employees to access email messages from multiple locations, using different
devices or client software. The mailbox folder structure that a user expects to see is available for
viewing regardless of how the user accesses the mailbox.
For an ISP, IMAP may not be the protocol of choice. It can be expensive to purchase and
maintain the disk space to support the large number of stored emails. Additionally, if customers
expect their mailboxes to be backed up routinely, that can further increase the costs to the ISP.

The animation depicts the protocol exchange between the client and the server using the I MAP
protocol.
To retrieve emails from an email server, the recipient in the animation states, "Get Mail". The
recipient sends a request to the email server on Port 143 using I MAP4. The email server
receives the request and messages are downloaded and retained on the server. The server then
sends the emails to the recipient while keeping them on the server.
7.5 Chapter Summary
7.5.1 Summary
Page 1:
7.5.1 - Summary
Diagram 1, Image
The diagram depicts UDP and TCP ports in relation to the TCP/IP Model.
Diagram 1 text
Supporting Multiple Services

TCP is a connection-oriented protocol. TCP is used if data packets require guaranteed delivery
and must be acknowledged.
UDP is a connectionless protocol. UDP is used if data packets do not require guaranteed
delivery.
The TCP and UDP protocols use port numbers to map data packets to a specific application, or
process that is running on a server.
TCP and UDP ports enable network servers to quickly and reliably respond to many
simultaneous requests for data that are initiated by and destined to separate applications.
Diagram 2, Image
The diagram depicts the DNS tree structure.
Diagram 2 text
The native TCP/IP naming system relies on a file called a HOSTS file and contains the name and
IP address of known hosts.
DNS is a hostname resolution system that solves the shortcomings of the HOSTS file for name
resolution.
The structure of DNS is hierarchical and DNS database files are distributed among root, top-
level domains, second level domains, and sub domains.
Diagram 3, Image
The diagram depicts a Windows Command Prompt window.
Diagram 3 text
Dynamic Updates enable DNS client computers to register and dynamically update their resource
records with a DNS server whenever changes occur.
DNS zones can be either Forward lookup, or Reverse lookup zones. They can also be either a
primary or secondary zones.
Many ISP's offer caching-only DNS servers.
An organization may run its own DNS server that can either point to the caching-only server or
directly to the root server for name resolution.
Diagram 4, Image
The diagram depicts a client sending a request over a TCP connection to an HTTP server that is
listening on port 80.
Diagram 4 text
The most common services that are used on the Internet include FTP, FTPS, SMTP, POP3, I
MAP4, HTTP, and HTTPS.
HTTP and HTTPS are used for web server services; HTTPS is a secure version of HTTP which
uses SSL.
An ISP supports HTTPS by providing high-performance web servers to support HTTPS
encryption and decryption demands.
Diagram 5, Image
The diagram depicts a sender sending email to a recipient and the protocols used along the way.
Diagram 5 text
FTP is used for file transfer services. The ISP can support active and passive FTP connections.
Active connections require the server to initiate the connection. Passive connection require the
host to initiate the connection
Email utilizes three different protocols. SMTP is used to send email. POP3 and I MAP are both
used to retrieve email.
7.6 Chapter Quiz
7.6.1 Quiz
Page 1:
7.6.1 - Quiz
Chapter 7 Quiz: ISP Services
1.Which layer of the four-layer TCP/IP model encapsulates datagrams for transmission on
physical media?
a.application
b.Internet
c.network access
d.transport
2.Which three application-layer protocols use UDP as the transport protocol? (Choose three.)
a.DNS
b.ICMP
c.HTTP
d.SNMP
e.TFTP
f.SMTP
3.Which two protocols define how an e-mail client retrieves mail from the server? (Choose two.)
a.FTP
b.HTTP
c.I MAP
d.POP3
e.SMTP
f.Telnet
4.An e-mail client connection downloads all messages and then deletes them from the e-mail
server. Which type of client connection does this by default?
a.I MAP
b.POP1
c.POP3
d.SMTP
5.Within FTP, which connection type closes automatically when the file transfer is complete?
a.UDP session
b.control stream
c.protocol interpreter
d.data transfer process
6.What DNS zone resolves fully qualified domain names to IP addresses using a local DNS
server?
a.dynamic lookup
b.forward lookup
c.resource record
d.reverse lookup
7.What are two common DNS lookup methods? (Choose two.)

a.using ISP-caching DNS servers
b.configuring a HOST file on each computer
c.statically assigning DNS information to hosts
d.using a DNS server located on company premises
e.having a company-registered top-level domain (TLD)
8.Identify the characteristic to the protocol it describes (TCP or UDP).

guaranteed delivery
does not require acknowledgments
breaks data into segments
retransmits lost data
connectionless
unreliable
9.An IP packet arrives at a server addressed to TCP port 21. Which application-layer service is
the destination of the packet?
a.HTTP
b.HTTPS
c.FTP
d.I MAP
e.POP3
10.Employees of a small auto repair company frequently access the same automobile parts
supplier website to find videos that show how to install a new part. Often three or four
employees are viewing the same video file or graphic from different PCs. What service can the
ISP provide to the auto repair company to improve the response for this application, as well as
other Internet applications?
a.a local DNS server
b.a HTTPS server
c.a proxy server
d.a video streaming server
11.Why is it important for the source and destination hosts to synchronize sequence numbers
during the TCP three-way handshake? (Choose two.)
a.to enable the host to identify which application is the destination of the segments
b.so both hosts can keep track of the segments sent and acknowledged
c.to create a socket pair for communicating between the hosts
d.to provide destination information to the network devices in the path
e.to identify lost segments that must be retransmitted
f.to indicate when the IP address of the host has been translated
End
8 ISP Responsibility
8.0.1 Introduction
Page 1:
As the reliance on network services increases, the ISP must provide, maintain, secure, and
recover critical business services.
The ISP develops and maintains security policies and procedures for their customers along with
disaster recovery plans for their network hardware and data.

Describe ISP security policies and procedures.
Describe the tools used in implementing security at the ISP .
Describe the monitoring and managing of the ISP .
Describe the responsibilities of the ISP with regard to maintenance and recovery.
8.1 ISP Security Considerations
8.1.1 ISP Security Services
Page 1:
Any active Internet connection for a computer can make that computer a target for malicious
activity. Malware, or malicious software such as a computer virus, worm, or spyware, can arrive
in an email or be downloaded from a website. Problems that cause large-scale failures in ISP
networks often originate from unsecured desktop systems at the ISP customer locations.
If the ISP is hosting any web or e-commerce sites, the ISP may have confidential files with
financial data or bank account information stored on their servers. The ISP is required to
maintain the customer data in a secure way.
ISPs play a big role in helping to protect the home and business users that use their services. The
security services that they provide also protect the servers that are located at the service provider
premise. Service providers are often called upon to help their customers secure their local
networks and workstations to reduce the risks of compromise.
There are many actions that can be taken both at the local site and the ISP to secure operating
systems, data stored on operating systems, and data transmitted between computer systems.
8.1.1 - ISP Security Services

The diagram depicts a man sitting at his work station typing in his user name and password. In
the foreground there is a sinister looking character holding up a laptop displaying the user name
and password.
Page 2:
If an ISP is providing web hosting or email services for a customer, it is important that the ISP
protect that information from malicious attack. This protection can be complicated because ISPs
often use a single server, or cluster of servers, to maintain data that belongs to more than one
customer.
To help prevent attacks on these vulnerabilities, many ISPs provide managed desktop security
services for their customers. An important part of the job of an on-site support technician is to
implement security best practices on client computers. Some of the security services that an ISP
support technician can provide include:
• Helping clients to create secure passwords for devices

• Securing applications using patch management and software upgrades
• Removing unnecessary applications and services that can create vulnerabilities
• Ensuring applications and services are available to the users that need them and no one
else
• Configuring desktop firewalls and virus-checking software
• Performing security scans on software and services to determine vulnerabilities that the
technician must protect from attack
8.1.1 - ISP Security Services

The diagram depicts a Windows Log On window and the System Properties window with the
Automatic Updates tab selected. There is a brief description for each of the following security
practices: Password Security, Extraneous Services, Patch Management, Application Security,
User Rights, and Security Scanning.
Password Security
Choose a complex password. A complex password consists of a mix of upper case characters,
lower case characters, numbers, and symbols. A complex password should be at least eight
characters in length and never be based on a dictionary word or personal information that
someone may be able to guess.
It is also recommended that passwords be changed periodically. Software exists that can allow a
hacker to crack passwords by trying every possible combination of letters, numbers, and symbols
to figure out passwords.
By changing your password periodically, brute force password cracking is less of an issue
because by the time the hacker cracks the password, the password should already be changed to
something different.
Extraneous Services
One of the most common methods used to compromise a computer system is to exploit
unconfigured or misconfigured services. The nature of a service is it listens for requests from
external computer systems. If the service has a known exploitable flaw due to not being
configured or being configured incorrectly, then a hacker or a worm can compromise that service
and gain access to the computer system that the service is running on.
As a best practice, remove or disable all unnecessary services. For services that are necessary or
cannot be uninstalled, make sure you follow the best practices in any configuration guides for
that particular service.
Patch Management
New security exploits are constantly being identified for operating systems almost every day. All
it takes is a simple search online and you may be able to find sites that list various exploitable
vulnerabilities for virtually every operating system that is available today.
Operating system developers release updates regularly - daily in some cases. It is important to
regularly review and install security updates for your operating systems. Most intrusions by a
hacker or infections from worms and viruses can be prevented by patching the operating system
regularly.
Application Security
Unpatched and unnecessary applications installed on an operating system can increase the risk of
being compromised. Just as the operating system needs to be patched regularly, so do the
installed applications.
Internet based applications, such as Internet browsers and email applications, are the most
important applications to constantly patch, since these applications are the most targeted type of
application.
User Rights
On a typical modern operating system there are multiple levels of access to the operating system.
When a user account has administrative access to the operating system, malware can more easily
infect the computer system. This is due to the unrestricted access to the file system and system
services.
Normal user accounts do not have the ability to install new applications since the accounts do not
have access to areas of the file system and system files that are necessary to install most
applications. As a result, normal users are not as susceptible to malware infections that try to
install or access certain areas of the file system.
As a best practice, users should only have the level of access required to perform their normal
daily work. Administrative access should only be used on occasion to perform functions that are
not permitted as a normal user.
Security Scanning
There are many tools that can help you secure your operating system. Most security scanning
tools review many system security weaknesses and report back on how to rectify the problems
the software found.
Some of the more advanced scanning software packages go beyond the typical operating system
security scans and look at the software and services that are running on a computer and suggest
ways to protect the entire system from attack.
Tip Popup
Microsoft has a freely downloadable tool called the Microsoft Baseline Security Analyzer (M B
S A) that examine everything from user account security to installed windows services and even
checks to see the current patch level of you operating system.
Another popular utility creating for scanning for vulnerabilities is the Nessus Vulnerabilities
Scanner. This scanning tool is not specific to Windows so it scans for vulnerabilities on a variety
of different platforms. Many other tools are available online. Usually, it is best to use more than
one tool to examine the security of your system to get the best overall results.
8.1.2 Security Practices
Page 1:
It is critical that ISPs have measures in place to protect the information of its customers from
malicious attack. Common data security features and procedures include:
• Encrypting data stored on server hard drives

• Using permissions to secure access to files and folders
• Permit or deny access based on the user account or group membership
• Assign different levels of access permission based on the user account or group
membership
When assigning permissions to files and folders, a security best practice is to apply permissions
based on the "principle of least privilege". This means giving users access to only those
resources that are required for them to be able do their job. It also means giving the appropriate
level of permission, for example read-only access or write access.
8.1.2 - Security Practices

The diagram depicts a My Documents Properties window showing the security tab.
Page 2:
Authentication, Authorization, and Accounting (AAA) is a three-step process used by network

administrators to make it difficult for attackers to gain access to a network.
Authentication requires users to prove their identity using a username and password.
Authentication databases are typically stored on servers that use the RADIUS or TACACS
protocols.
Authorization gives users rights to access specific resources and perform specific tasks.
Accounting tracks which applications are used and the length of time that they are used.
For example, authentication acknowledges that a user named "student" exists and is able to log
on. Authorization services specify that user student can access host server XYZ using Telnet.
Accounting tracks that user student accessed host server XYZ using Telnet on a specific day for
15 minutes.
AAA can be used on various types of network connections. AAA requires a database to keep
track of user credentials, permissions, and account statistics. Local authentication is the simplest
form of AAA and keeps a local database on the gateway router. If an organization has more than
a handful of users authenticating with AAA, the organization must use a database on a separate
server.
8.1.2 - Security Practices

The diagram depicts the use of Authentication, Authorization, and Accounting (AAA) on a
network.
A RADIUS authentication server on an internal network is connected to a router acting as a

gateway to an ISP . A host, labeled Attacker, is also connected to the ISP and makes a network
access attempt. Inside the network there are three hosts, two desktop PCs, and one laptop.
The two internal desktop PCs are labeled Legitimate Network Access Attempt and the internal
laptop is labeled Attacker Network Access Attempt. The external PC attached to the IS cloud is
also labeled Attacker Network Access Attempt.
Unauthorized users may attempt to access network resources, either from inside or outside of the
network. All clients attempting to log in are challenged by the AAA authentication service on the
RADIUS server. The authentication service verifies the username and password using a database
of valid users.
An authenticated user is authorized to use specific services in the network. The external and
internal attackers are denied access.
When a user logs out, the accounting service records where the user has been, what they have
done, and how long they used a network service.
8.1.3 Data Encryption
Page 1:
ISPs must also be concerned with securing data that is transmitted to and from their servers. By
default, data sent over the network is unsecured and transmitted in clear text. Unauthorized
individuals can intercept unsecured data as it is being transmitted. Capturing data in transit
bypasses all file system security that is set on the data. There are methods available to protect
against this security issue.
Encryption
Digital encryption is the process of encrypting all transmitted data between the client and the
server. Many of the protocols used to transmit data offer a secure version that uses digital
encryption. As a best practice, use the secure version of a protocol whenever the data being
exchanged between two computers is confidential.
For example, if a user must submit a username and password to log on to an e-commerce
website, a secure protocol is required to protect the username and password information from
being captured. Secure protocols are also needed any time a user must submit a credit card or
bank account information.
When surfing the Internet and viewing publicly accessible websites, securing the transmitted
data is not necessary. Using a secure protocol in this situation can lead to additional
computational overhead and slower response time.
8.1.3 - Data Encryption

The diagram depicts scenarios of two types of data transfer security: clear text and encrypted
data.
Clear Text
A user, at his workstation, is logging onto a web server. His logon is user name: john, and
password: Pot@+oe5. A hacker is accessing the same web server. After intercepting the clear
text user name and password, he is able to log in to the server.
Encrypted Data
A user, at his workstation, is logging onto a web server. His logon is user name: john, password:
***. A hacker is accessing the same web server. After intercepting the encrypted user name and
password, he is unable to decipher the user name and password and cannot log on to the server.
Page 2:
There are many network protocols used by applications. Some offer secure versions and some do
not:
• Web servers - Web servers use HTTP by default, which is not a secure protocol. Using
HTTPS, which uses the secure socket layer (SSL) protocol, enables the exchange of data
to be performed securely.
• Email servers - Email servers use several different protocols, including SMTP, POP3,
and IMAP4. When a user logs on to an email server, POP3 and IMAP4 require a
username and password for authentication. By default, this information is sent without
security and can be captured. POP3 can be secured by using SSL. SMTP and IMAP4 can
use either SSL or Transport Layer Security (TLS) as a security protocol.
• Telnet servers - Using Telnet to remotely log into a Cisco router or switch creates an
unsecure connection. Telnet sends authentication information and any commands a user
types across the network in clear text. Use the Secure Shell (SSH) protocol to
authenticate and work with the router or switch securely.
• FTP servers - FTP is also an unsecure protocol. When logging into an FTP server,
authentication information is sent in clear text. FTP can use SSL to securely exchange
authentication and data. Some versions of FTP can also use SSH.
• File servers - File servers can use many different protocols to exchange data, depending
on the computer operating system. In most cases, file server protocols do not offer a
secure version.
IP Security (IPSec) is another Network Layer security protocol that can be used to secure any
Application Layer protocol used for communication. This includes file server protocols that do
not offer any other security protocol version.

The diagram depicts a list of secure (encrypted) and unsecure (unencrypted) protocols. A host is
connected to a server and is using the following protocols:
Web Encryption.
Unsecure: HTTP.
Secure: HTTPS.
Email Encryption.
Unsecure: SMTP, POP3, I MAP4.
Secure: SMTP with SSL or TLS, POP3 with SSL, I MAP4 with SSL or TLS.
Telnet Encryption.
Unsecure: Telnet.
Secure: SSH.
File Transfer Encryption.

Unsecure: FTP.
Secure: FTPS.
IP Sec Encryption.
Unsecure: Any application.
Secure: Application with IP Sec .
Page 3:
Lab Activity
Perform the data security tasks needed to analyze and secure local and transmitted data.

Link to Hands-on Lab: Securing Local Data and Transmitted Data.
8.2 Security Tools
8.2.1 Access Control Lists and Port Filtering
Page 1:
Even with the use of AAA and encryption, there are still many different types of attacks that an
ISP must protect against. ISPs are especially vulnerable to denial-of-service (DoS) attacks,
because the ISP may host sites for many different registered domain names that may or may not
require authentication. Currently, there are three key types of DoS attacks.
DoS
A standard DoS attack is when a server or service is attacked to prevent legitimate access to that
service. Some examples of standard DoS attacks are SYN floods, ping floods, LAND attacks,
bandwidth consumption attacks, and buffer overflow attacks.
DDoS
A distributed denial-of-service (DDoS) attack occurs when multiple computers are used to attack
a specific target. The attacker has access to many compromised computer systems, usually on the
Internet. Because of this, the attacker can remotely launch the attack. DDoS attacks are usually
the same kinds of attacks as standard DoS attacks, except that DDoS attacks are run from many
computer systems simultaneously.
DRDoS
A distributed reflected denial-of-service (DRDoS) attack occurs when an attacker sends a

spoofed, or mock, request to many computer systems on the Internet, with the source address
modified to be the targeted computer system. The computer systems that receive the request
respond. When the computer systems respond to the request, all the requests are directed at the
target computer system. Because the attack is reflected, it is very difficult to determine the
originator of the attack.
8.2.1 - Access Control Lists and Port Filtering

The diagram depicts scenarios of three types of denial of service attacks: D o S, D D o S, and D
R D o S.
Denial of Service (D o S) attack

An attacker computer uses a D o S attack on a file server to deny legitimate user traffic.
Distributed Denial of Service (D D o S) Attack

An attacker computer uses a control command to order a number of compromise computers to
launch a synchronized remote controlled attack on a target server to deny legitimate user traffic.
Distributed Reflected Denial of Service (D R D o S) Attack

An attacker computer uses a spoof request on a number of unknowing computers which then
unknowingly respond to the spoof request thus launching a D R D o S attack on a target server to
deny legitimate user traffic.
Page 2:
ISPs must be able to filter out network traffic, such as DoS attacks, that can be harmful to the
operation of their network or servers. Port filtering and access control lists (ACL) can be used to
control traffic to servers and networking equipment.
Port Filtering
Port filtering controls the flow of traffic based on a specific TCP or UDP port. Many server
operating systems have options to restrict access using port filtering. Port filtering is also used by
network routers and switches to help control traffic flow and to secure access to the device.
Access Control Lists
ACLs define traffic that is permitted or denied through the network based on the source and
destination IP addresses. ACLs can also permit or deny traffic based on the source and
destination ports of the protocol being used. Additonally, ICMP and routing update traffic can be
controlled using ACLs. Administrators create ACLs on network devices, such as routers, to
control whether or not traffic is forwarded or blocked.
ACLs are only the first line of defense and are not enough to secure a network. ACLs only
prevent access to a network; they do not protect the network from all types of malicious attacks.

The diagram depicts scenarios of the use of security methods for port filtering and Access
Control Lists.
Port Filtering
A router with port filtering allows traffic on web port 80. The router denies traffic on Telnet port
23 and denying traffic on SSH port 22.
A port filter can be implemented to prevent access to all other ports, except web port 80. If a user
tries to connect to the server using any other port, such as Telnet on TCP port 23, the user is
denied access. This protects the server from being compromised.
Access Control Lists

An access control list on a router allowing traffic from Network A to go through to Network C,
but deny traffic Network A to go to Network B.
Using an access control list, all computers on Network A are denied access to all computers on
Network B. Network A is specified as the source network and Network B as the destination
network. Traffic is denied if it meets those conditions. This still allows the computers on
Network A to talk to the server on Network C.
Page 3:
Lab Activity
Determine where to implement ACLs and port filters to help protect the network.

Link to Hands-on Lab: Planning for Access Lists and Port Filters
8.2.2 Firewalls
Page 1:
A firewall is network hardware or software that defines which traffic can come into and go out of
sections of the network and how traffic is handled.
ACLs are one of the tools used by firewalls. ACLs control which type of traffic is allowed to
pass through the firewall. The direction the traffic is allowed to travel can also be controlled. In a
medium-sized network, the amount of traffic and networking protocols needing to be controlled
is quite large, and firewall ACLs can become very complicated.
Firewalls use ACLs to control which traffic is passed or blocked. They are constantly evolving as
new capabilities are developed and new threats are discovered.
Different firewalls offer different types of features. For example, a dynamic packet filter firewall
or stateful firewall keeps track of the actual communication process occurring between the
source and destination devices. It does this by using a state table. When a communication stream
is approved, only traffic that belongs to one of these communication streams is permitted through
the firewall. The Cisco IOS Firewall software is embedded in the Cisco IOS software and allows
the user to turn a router into a network layer firewall with dynamic or stateful inspection.
Firewalls are constantly evolving as new capabilities are developed and new threats are
discovered. The more functionality embedded in a firewall, the more time it takes for packets to
be processed.
8.2.2 - Firewalls
The diagram depicts an inspection by a dynamic or a stateful firewall.
Dynamic or Stateful Packet Firewall

Host, H1, in on an internal network and is connected via Ethernet to a router with an integrated
firewall, which is connected to an external network cloud via a serial connection. External Host,
H2, is connected via serial connection to the same cloud. And an external server is connected via
serial connection to the cloud.
H1 sends a FTP packet, as it passes through the firewall, the firewall says, "I will add this
conversation to my database."
The packet continues on to its destination, the server. The server replies with an FTP packet.
When the packet passes through the firewall, the firewall says, "This conversation is in my
database. This packet is allowed." The packet continues on to its destination H1.
H2 sends an FTP packet through the cloud. As it passes through the firewall, the firewall says,
"This conversation is not in my database and is not allowed." The packet is dropped.
Page 2:
Firewalls can provide perimeter security for the entire network and for internal local network
segments, such as server farms.
Within an ISP network or a medium-sized business, firewalls are typically implemented in

multiple layers. Traffic that comes in from an untrusted network first encounters a packet filter
on the border router. Permitted traffic goes through the border router to an internal firewall to
route traffic to a demilitarized zone (DMZ). A DMZ is used to store servers that users from the
Internet are allowed to access. Only traffic that is permitted access to these servers is permitted
into the DMZ. Firewalls also control what kind of traffic is permitted into the protected, local
network itself. The traffic that is allowed into the internal network is usually traffic that is being
sent due to a specific request by an internal device. For example, if an internal device requests a
web page from an external server, the firewall permits the requested web page to enter the
internal network.
Some organizations can choose to implement internal firewalls to protect sensitive areas. Internal
firewalls are used to restrict access to areas of the network that need to have additional
protection. Internal firewalls separate and protect business resources on servers from users inside
the organization. Internal firewalls prevent external and internal hackers, as well as unintentional
internal attacks and malware.
8.2.2 - Firewalls
The diagram depicts trusted network servers, a demilitarized zone (DMZ), and an untrusted
network.
Three servers, labeled accounting, human resources, and sales, are collectively labeled (Trusted)
Network Servers. The servers connect to an internal firewall. The internal firewall has a mail
server and web server that are collectively labeled the DMZ. The internal firewall is connected to
a Border (Cisco I O S Firewall), which in then connected to the Internet which is labeled
Untrusted Network.
Page 3:
In this activity, you are a technician who provides network support for a medium-sized business.
The business has grown and includes a research and development department working on a new,
very confidential project. The livelihood of the project depends on protecting the data used by
the research and development team. Your job is to install firewalls to help protect the network,
based on specific requirements.
8.2.2 - Firewalls
Link to Packet Tracer Exploration: Planning Network-based Firewalls
8.2.3 IDS and IPS
Page 1:
ISPs also have a responsibility to prevent, when possible, intrusions into their networks and the
networks of customers who purchase managed services. There are two tools often utilized by
ISPs to accomplish this.
Intrusion Detection System (IDS)

An IDS is a software- or hardware-based solution that passively listens to network traffic.
Network traffic does not pass through an IDS device. Instead, the IDS device monitors traffic
through a network interface. When the IDS detects malicious traffic, it sends an alert to a
preconfigured management station.
Intrusion Prevention System (IPS)
An IPS is an active physical device or software feature. Traffic travels in one interface of the IPS
and out the other. The IPS examines the actual data packets that are in the network traffic and
works in real time to permit or deny packets that want access into the network
IDS and IPS technologies are deployed as sensors. An IDS or an IPS sensor can be any of the
following:
• Router configured with Cisco IOS version IPS

• Appliance (hardware) specifically designed to provide dedicated IDS or IPS services
• Network module installed in an adaptive security appliance (ASA), switch, or router
IDS and IPS sensors respond differently to incidences detected on the network, but both have
roles within a network.
8.2.3 - I D S and I P S
The diagram depicts examples an intrusion detection system (I D S) and an intrusion prevention
system (I P S).
Intrusion Detection System

An I D S is connected to a switch, which is situated in line between a firewall and corporate
network. The switch is also connected to a management station. The firewall is connected to the
Internet on the other side of the network. Any intrusion from outside the network is detected by
the I D S and an alert is sent to the management system. Network traffic from outside the
firewall does not pass through the I D S device.
Intrusion Prevention System

An I P S sits in line between the firewall and corporate network. The firewall connects to the
Internet on the other side of the network. All network traffic from outside the firewall must pass
through the I P S device. Any intrusion from outside the network is stopped by the I P S.
Page 2:
IDS solutions are reactive when it comes to detecting intrusions. They detect intrusions based on
a signature for network traffic or computer activity. They do not stop the initial traffic from
passing through to the destination, but react to the detected activity.
When properly configured, the IDS can block further malicious traffic by actively reconfiguring
network devices, such as security appliances or routers, in response to malicious traffic detection.
It is important to realize that the original malicious traffic has already passed through the
network to the intended destination and cannot be blocked. Only subsequent traffic is blocked. In
this regard, IDS devices cannot prevent some intrusions from being successful.
IDS solutions are often used on the untrusted perimeter of a network, outside of the firewall.
Here the IDS can analyze the type of traffic that is hitting the firewall and determine how attacks
are executed. The firewall can be used to block most malicious traffic. An IDS can also be
placed inside the firewall to detect firewall misconfigurations. When the IDS sensor is placed
here, any alarms that go off indicate that malicious traffic has been allowed through the firewall.
These alarms mean that the firewall has not been configured correctly.
8.2.3 - I D S and I P S
The diagram depicts an I D S used to protect a network.
An IDS is connected to a switch, which is situated in line between the firewall router and an
internal router. On the outside of the firewall router is the Internet, and on the inside of the
internal router is the target. The switch is also connected to a management station. An intruder
starts an attack on the target computer from the Internet. The IDS sensor detects the attack and
sends an alert to the management station. The management station updates the port filter on the
firewall router to prevent any future attack traffic.
Page 3:
IPS
Unlike IDS solutions, which are reactive, IPS solutions are proactive. They block all suspicious
activity in real time. An IPS is able to examine almost the entire data packet from Layer 2 to
Layer 7 of the OSI model. When the IPS detects malicious traffic, it blocks the malicious traffic
immediately. The IPS then sends an alert to a management station about the intrusion. The
original and subsequent malicious traffic is blocked as the IPS proactively prevents attacks.
An IPS is an intrusion detection appliance, not software. The IPS is most often placed inside the
firewall. This is because it can examine most of the data packet and, therefore, be used to protect
server applications if malicious traffic is being sent. The firewall typically does not examine the
entire data packet, whereas the IPS does. The firewall drops most of the packets that are not
allowed, but may still allow some malicious packets through. The IPS has a smaller number of
packets to examine, so it can examine the entire packet. This allows the IPS to immediately stop
new attacks that the firewall was not originally configured to deny. IPS can also stop attacks that
the firewall is unable to deny based on limitations of the firewall.
8.2.3 - I D S and I P S
The diagram depicts an I P S used to protect a network.
An I P S is located between the firewall and the internal router. On the outside of the firewall
router is the Internet, and on the inside of the internal router is the target. The sensor is also
connected to a switch which connects to the management station. When an attacker sends an
attack through the Internet to the target computer, the I P S sensor blocks the attack and sends an
alert via the switch to the management station.
Page 4:
8.2.3 - I D S and I P S
The diagram depicts an activity in which you must determine which characteristics and features
belong to I D S and to I P S.
Which is a feature of an I D S solution? (Choose one.)

A.All network traffic must pass through an I D S device to enter the network.
B.I D S detects malicious traffic through passive traffic monitoring.
C.I D S prevents intrusions by blocking all malicious activity before it makes it into the network.
D.I D S notifies the attacker that they are generating malicious traffic and will be blocked if it
continues.
Which three statements about I P S solutions are true? (Choose three.)

A.I P S solutions actively block malicious activity by being in-line with the traffic.
B.I P S solutions analyze only Layer 7 of the O S I Model to identify malicious activity.
C.I P S solutions protect the network from worms, viruses, malicious applications, and
vulnerability exploits.
D.I P S solutions proactively protect against malicious activity.
8.2.4 Wireless Security
Page 1:
Some ISPs offer services to create wireless hot spots for customers to log on to wireless local-
area networks (WLANs). A wireless network is easy to implement, but is vulnerable when not
properly configured. Because the wireless signal travels through walls, it can be accessed outside
the business premises. A wireless network can be secured by changing the default settings,
enabling authentication, or enabling MAC address filtering.
Changing Default Settings

The default values for the SSID, usernames, and passwords on a wireless access point should be
changed. Additionally, broadcasting of the SSID should be disabled.
Enabling Authentication
Authentication is the process of permitting entry to a network based on a set of credentials. It is

used to verify that the device attempting to connect to the network is trusted. There are three
types of authentication methods that can be used:
• Open authentication - Any and all clients are able to have access regardless of who they
are. Open authentication is most often used on public wireless networks.
• Pre-shared key (PSK) - Requires a matching, preconfigured key on both the server and
the client. When connecting, the access point sends a random string of bytes to the client.
The client accepts the string, encrypts it (or scrambles it) based on the key, and sends it
back to the access point. The access point gets the encrypted string and uses its key to
decrypt (or unscramble) it. If they match, authentication is successful.
• Extensible Authentication Protocol (EAP) - Provides mutual, or two-way,
authentication and user authentication. When EAP software is installed on the client, the
client communicates with a backend authentication server, such as RADIUS.
Enabling MAC Address Filtering
MAC address filtering prevents unwanted computers from connecting to a network by restricting
MAC addresses. It is possible, however, to clone a MAC address. Therefore, other security
measures should be implemented along with MAC address filtering.
8.2.4 - Wireless Security

The diagram depicts scenarios of three types of wireless security: Open Authentication, Pre-
shared Keys (PSK), and Extensive Authentication Protocol (E A P).
Open Authentication
A laptop wirelessly uses open authentication to connect to a wireless router that connects to a
server.
The laptop says, "Hi, I know your name, Can I connect?

The router says, "Sure, access granted."
Pre-shared Keys
A woman at a laptop uses PSK to connect to a wireless router that connects to a server.
The laptop says, "Hi, I would like to connect."

The router says, "You can connect, but only if you know the secret key."
Extensible Authentication Protocol
A woman at a laptop uses E A P to connect to a wireless router that connects to an authentication
server.
The laptop says, "Hi, I am user:x y z, password:cisco and I would like to connect."
The router says, "I will forward your request."
The authentication server says, "user: x y z, password: cisco connect to Router A is verified."
Page 2:
It is important to set encryption on transmitted packets sent across a wireless network. There are
three major encryption types for wireless networks:
• WEP - Wired Equivalent Privacy (WEP) provides data security by encrypting data that is
sent between wireless nodes. WEP uses a 64, 128, or 256 bit pre-shared hexadecimal key
to encrypt the data. A major weakness of WEP is its use of static encryption keys. The
same key is used by every device to encrypt every packet transmitted. There are many
WEP cracking tools available on the Internet. WEP should be used only with older
equipment that does not support newer wireless security protocols.
• WPA - Wifi Protected Access (WPA) is a newer wireless encryption protocol that uses
an improved encryption algorithm called Temporal Key Integrity Protocol (TKIP). TKIP
generates a unique key for each client and rotates the security keys at a configurable
interval. WPA provides a mechanism for mutual authentication. Because both the client
and the access point have the key, it is never transmitted.
• WPA2 - WPA2 is a new, improved version of WPA. WPA2 uses the more secure
Advanced Encryption Standard (AES) technology.

The diagram depicts examples of two types of security methods: Wired Equivalent Privacy (W E
P) and Wi Fi Protected Access (WPA/WPA2)
Wired Equivalent Privacy

A laptop wirelessly connects to a wireless router using W E P .
The router says, "Your W E P key does match. You are allowed to connect."
Another laptop tries to wirelessly connect to a wireless router.
The router says, "Your W E P key does not match. You are not allowed to connect."
Wi Fi Protected Access
A laptop wirelessly connects to a wireless router using WPA/WPA2.
The router says, "Your WPA key does match. You are allowed to connect."
Another laptop tries to wirelessly connect to a wireless router.
The router says, "Your WPA key does not match. You are not allowed to connect."
A third laptop tries to wirelessly connect to a wireless router.
The router says, "Your WPA key has expired. You are not allowed to connect."
Page 3:
In this activity, you will configure WEP security on both a Linksys wireless router and a
workstation.
*Note: WPA is not supported by Packet tracer at this time. However, WEP and WPA are enabled
by a similar process.

Link to Packet Tracer Exploration: Configuring W E P on a Wireless Router
8.2.5 Host Security
Page 1:
Regardless of the layers of defense that exist on the network, all servers are still susceptible to
attack if they are not properly secured. ISP servers are especially vulnerable because they are
generally accessible from the Internet. New vulnerabilities for servers are discovered every day,
so it is critical for an ISP to protect its servers from known and unknown vulnerabilities
whenever possible. One way they accomplish this is by using host-based firewalls.
A host-based firewall is software that runs directly on a host operating system. It protects the
host from malicious attacks that might have made it through all other layers of defense. Host-
based firewalls control inbound and outbound network traffic. These firewalls allow filtering
based on a computer address and port, therefore offering additional protection over regular port
filtering.
Host-based firewalls typically come with predefined rules that block all incoming network
traffic. Exceptions are added to the firewall rule set to permit the correct mixture of inbound and
outbound network traffic. When enabling host-based firewalls, it is important to balance the need
to allow the network resources required to complete job tasks, with the need to prevent
applications from being left vulnerable to malicious attacks. Many server operating systems are
preconfigured with a simple host-based firewall with limited options. More advanced third-party
packages are also available.
ISPs use host-based firewalls to restrict access to the specific services a server offers. By using a
host-based firewall, the ISP protects their servers and the data of their customers by blocking
access to the extraneous ports that are available.
8.2.5 - Host Security

The diagram depicts a secure router connected to a secure switch that is connected to a host that
has host-based firewall. The secure switch is also connected to a secure server which also has a
host-based firewall.
Page 2:
ISP servers that utilize host-based firewalls are protected from a variety of different types of
attacks and vulnerabilities.
Known Attacks
Host-based firewalls recognize malicious activity based on updatable signatures or patterns.

They detect a known attack and block traffic on the port used by the attack.
Exploitable Services
Host-based firewalls protect exploitable services running on servers by preventing access to the
ports that the service is using. Some host-based firewalls can also inspect the contents of a packet
to see if it contains malicious code. Web and email servers are common targets for service
exploits, and can be protected if the host-based firewall is capable of performing packet
inspection.
Worms and Viruses
Worms and viruses propagate by exploiting vulnerabilities in services and other weaknesses in
operating systems. Host-based firewalls prevent this malware from gaining access to servers.
They can also help prevent the spread of worms and viruses by controlling outbound traffic
originating from a server.
Back Doors and Trojans

Back doors and Trojan Horses allow hackers to remotely gain access to servers on a network.
The software typically works by sending a message to let the hacker know of a successful
infection. It then provides a service that the hacker can use to gain access to the system. Host-
based firewalls can prevent a Trojan from sending a message by limiting outbound network
access. It can also prevent the attacker from connecting to any services.
The diagram depicts scenarios for host-based firewalls that are used to protect a server.
Known Attacks
A hacker attacks a server with a host-based firewall via the Internet using a known attack.
The host-based firewall says, "I recognize that. You are blocked."
Protect servers from many known attacks by specifically blocking the traffic over ports that are
known to be associated with malicious activity.
Exploitable Services
A hacker attacks a server with a host-based firewall via the Internet using an attack on web
service.
The host based firewall says, "You are not permitted on that port. You are blocked."
Protect exploitable services running on servers by preventing access to the ports that the service
is using.
Worms and Viruses

A hacker attacks a server with a host-based firewall via the Internet using a blaster worm.
The host based firewall says, "I have detected a worm and will remove it!"
Prevents this malware from being able to access servers over the network and can also help
prevent the spread of worms and viruses by controlling outbound traffic that originates from a
server.
Back Doors and Trojans

A hacker attacks a server with a host-based firewall via the Internet using a Trojan client trying
to connect to server.
The host-based firewall says, "I am detecting a connection to an unauthorized service and will
deny it."
Prevent the back door or Trojan from sending a message by limiting outbound network access, or
prevent the attacker from connecting to the service created by the software.
Page 3:
In addition to host-based firewalls, anti-X software can be installed as a more comprehensive
security measure. Anti-X software protects computer systems from viruses, worms, spyware,
malware, phishing, and even spam. Many ISPs offer customers anti-X software as part of their
comprehensive security services. Not all anti-X software protects against the same threats. The
ISP should constantly review which threats the anti-X software actually protects against and
make recommendations based on a threat analysis of the company.
Many anti-X software packages allow for remote management. This includes a notification
system that can alert the administrator or support technician about an infection via email or
pager. Immediate notification to the proper individual can drastically reduce the impact of the
infection. Using anti-X software does not diminish the number of threats to the network but
reduces the risk of being infected.
Occasionally infections and attacks still occur and can be very destructive. It is important to have
an incident management process to track all incidences and the corresponding resolutions to help
prevent the infection from reoccurring. Incident management is required by ISPs that manage
and maintain customer data, because the ISP has committed to the protection and the integrity of
the data they host for their customers. For example, if the ISP network was the target of a hacker
and, as a result, thousands of credit card numbers that were stored in a database that the ISP
manages were stolen, the customer would need to be notified so that they could notify the card
holders.

The diagram depicts a PC with the term "Virus Alert" in red on the screen.
Page 4:
Lab Activity
Recommend an anti-X software package for a small business.

Link to Hands-on Lab: Researching an Anti-X Software Product
8.3 Monitoring and Managing the ISP

8.3.1 Service Level Agreements
Page 1:
An ISP and a user usually have a contract known as a service level agreement (SLA). It
documents the expectations and obligations of both parties. An SLA typically includes the
following parts:
• Service description
• Costs
• Tracking and reporting
• Problem management
• Security
• Termination
• Penalties for service outages
• Availability, performance, and reliability
The SLA is an important document that clearly outlines the management, monitoring, and
maintenance of a network.
8.3.1 - Service Level Agreements

The diagram depicts a Service Level Agreement (SLA), and a brief description of each part.
Service Description
Defines the range of services that an ISP will provide.
Includes the service amount or service volume and the times when the service is and is not
covered by the SLA.
Availability, Performance and Reliability

Availability - hours and days per month per year that service is available.
Performance - a measure of service capability expectations during peak data volumes.
Reliability - An example of this is the rule of five-9s, which states that the system should be
operational 99.999% of the time.
Tracking and Reporting

Defines how often reports, such as performance reports, will be provided to the customer.
Includes a written explanation of what level of network service users are experiencing.
Problem Management
Response time - a measure of how fast an ISP can respond to unexpected events that cause the
service to stop.
Defines the process that will be used to handle and resolve unplanned incidents.
Defines what the different levels of problem are and who should be called for each problem
level.
Security
Defines security measures that are the ISP responsibilities versus customer responsibilities.
Determines how network services that the ISP offers fit within the security policies of the
customer and the ISP.
Termination
Defines termination agreement and costs if services are terminated early. Typically SLA's are
renegotiated annually and coincide with the budget cycle of the customer.
Penalties for Service Outages

Describes the penalties for a network service failure. This is especially important if the ISP is
providing services critical for business operation.
Costs
Describes the charges to the customer by defining services rather than equipment. The ISP is
able to cost out the services needed and the customer only pays for the services they use.
Page 2:
Lab Activity
Examine an SLA and practice interpreting the sections of the SLA.
8.3.1 - Service Level Agreements

Link to Hands-on Lab: Interpreting a Service Level Agreement
8.3.2 Monitoring Network Link Performance
Page 1:
The ISP is responsible for monitoring and checking device connectivity. This responsibility
includes any equipment that belongs to the ISP and equipment at the customer end that the ISP
agreed to monitor in the SLA. Monitoring and configuration can be performed either out-of-band
with a direct console connection, or in-band using a network connection.
Out-of-band management is useful in initial configurations if the device is not accessible via the
network, or if a visual inspection of the device is necessary.
Most ISPs are not able to visually inspect or have physical access to all devices. An in-band
management tool allows for easier administration because the technician does not require a
physical connection. For this reason, in-band management is preferred over out-of-band
management for managing servers and networking devices that are accessible on the network.
Additionally, conventional in-band tools can provide more management functionality than may
be possible with out-of-band management, such as an overall view of the network design.
Traditional in-band management protocols include Telnet, SSH, HTTP, and Simple Network
Management Protocol (SNMP).
There are many embedded tools, commercial tools, and shareware tools available that use these
management protocols. For example, HTTP access is through a web browser. Some applications,
such as Cisco SDM, use this access for in-band management.
8.3.2 - Monitoring Network Link Performance

The diagram depicts a scenario of in-band and out-of-band monitoring and management being
used on a network.
The ISP connects to a gateway router which connects to a switch that then connects to several
servers and hosts on a subnet. When the management station is connected as one of the hosts
within the subnet, it is considered in-band monitoring and managing network devices while on
the network. When the management station is connected directly to the gateway device (router),
it is considered out-of-band monitoring and managing network devices while consoled into the
router.
Page 2:
Lab Activity
Download, install, and then conduct a network capture with Wireshark.
8.3.2 - Monitoring Network Link Performance

Link to Hands-on Lab: Conducting a Network Capture with Wireshark
8.3.3 Device Management Using In-band Tools
Page 1:
After a new network device is installed at the customer premise, it must be monitored from the
remote ISP location. There are times that minor configuration changes need to be made without
the physical presence of a technician at the customer site.
A Telnet client can be used over an IP network connection to connect to a device in-band for the
purpose of monitoring and administering it. A connection using Telnet is called a Virtual
Terminal (VTY) session or connection. Telnet is a client/server protocol. The connecting device
runs the Telnet client. To support Telnet client connections, the connected device, or server, runs
a service called a Telnet daemon.
Most operating systems include an Application Layer Telnet client. On a Microsoft Windows
PC, Telnet can be run from the command prompt. Other common terminal emulation
applications that run as Telnet clients are HyperTerminal, Minicom, and TeraTerm. Devices such
as routers run both the Telnet client and the Telnet daemon, and can act as either the client or
server.
After a Telnet connection is established, users can perform any authorized function on the server,
just as if they were using a command line session on the server itself. If authorized, users can
start and stop processes, configure the device, and even shut down the system.
A Telnet session can be initiated using the router CLI with the telnet command followed by the
IP address or domain name. A Telnet client can connect to multiple servers simultaneously. On a
Cisco router, the keystroke sequence Ctrl-Shift-6 X to toggles between Telnet sessions.
Additionally, a Telnet server can support multiple client connections. On a router acting as a
server, the show sessions command displays all client connections.
8.3.3 - Device Management Using In-Band Tools
The diagram depicts examples of telnetting across a LAN and across a WAN.
Telnetting across a LAN

A PC is connected to a switch which is connected to a router. The PC can telnet to the router via
the switch which is LAN-based in-band management.
Telnetting across a WAN

A PC is connected to a WAN or Internet cloud which is connected to a router. The PC can telnet
to the router via the cloud which is WAN-based in-band management.
Page 2:
Lab Activity
Use Telnet to manage remote network devices.

Link to Hands-on Lab: Managing Remote Network Devices with Telnet
Page 3:
While the Telnet protocol supports user authentication, it does not support the transport of
encrypted data. All data exchanged during a Telnet session is transported as plain text across the
network. This means that the data can be intercepted and easily understood, including the
username and password used to authenticate the device.
If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure method
for server access. SSH provides secure remote login and other network services. It also provides
stronger authentication than Telnet and supports the transport of session data using encryption.
As a best practice, network professionals should always use SSH in place of Telnet whenever
possible.
There are two versions of the SSH server service. Which SSH version is supported depends on
the Cisco IOS image loaded on the device. There are many different SSH client software
packages available for PCs. An SSH client must support the SSH version configured on the
server.

The diagram depicts examples of an unsecured and secured Telnet.
Telnet - Unsecured
A network technician PC, a hacker PC, and a remote router are connected to a network cloud.
Using Telnet the hacker is able to intercept the username and password as the technician logs
into the remote router.
SSH - Secured
A network technician PC, a hacker PC, and a remote router are connected to a network cloud.
Using SSH, the hacker is not able to intercept the username and password as the technician logs
into the remote router.
Page 4:
Lab Activity
Configure a remote router using SSH.

Link to Hands-on Lab: Configuring a Remote Router Using SSH
8.3.4 Using SNMP and Syslog
Page 1:
SNMP is a network management protocol that enables administrators to gather data about the
network and corresponding devices. SNMP management system software is available in tools
such as CiscoWorks. There are free versions of CiscoWorks available for download on the
Internet. SNMP management agent software is often embedded in operating systems on servers,
routers, and switches.
SNMP is made up of four main components:
• Management station - Computer with the SNMP management application loaded that is
used by the administrator to monitor and configure the network.
• Management agent - Software installed on a device managed by SNMP.
• Management Information Base (MIB) - Database that a device keeps about itself
concerning network performance parameters.
• Network management protocol - Communication protocol used between the
management station and the management agent.
8.3.4 - Using SNMP and Syslog

The diagram depicts a scenario of a network using various MIBs.
A network cloud is connected via serial link to a gateway router. The gateway router is labeled
Management Agent and Router MIB. The gateway router is connected to a switch labeled
Management Agent and Switch MIB. The switch is connected to several hosts and servers. One
of the servers is labeled Central MIB and one of the hosts is labeled Management Station
Network Management Protocol.
Page 2:
The management station contains the SNMP management applications that the administrator
uses to configure devices on the network. It also stores data about those devices. The
management station collects information by polling the devices. A poll occurs when the
management station requests specific information from an agent.
The agent reports to the management station by responding to the polls. When the management
station polls an agent, the agent calls on statistics that have accumulated in the MIB.
Agents can also be configured with traps. A trap is an alarm-triggering event. Certain areas of the
agent are configured with thresholds, or maximums, that must be maintained, such as the amount
of traffic that can access a specific port. If the threshold is exceeded, the agent sends an alert
message to the management station. Traps free the management station from continuously
polling network devices.
Management stations and managed devices are identified by a community ID, called a
community string. The community string on the SMNP agent must match the community string
on the SMNP management station. When an agent is required to send information to a
management station due to a poll or trap event, it will first verify the management station using
the community string.

The diagram depicts how SNMP is used.
An ISP managed network is connected to the Internet. A web server with an SNMP agent with
the address 192.168.1.10 is attached to the switch. This ISP server is hosting the customers web
site. A server labeled central MIB and an SNMP Management station with the address
192.168.1.5 are also attached to the switch.
A user calls reporting a problem.
The man sitting at the ISP SNMP Management station says, "My customer called and their web
server is really slow!"
The management station sends a request to the agent for connection statistics and includes the
community string (get 192.168.1.10 2 # B719).
The man sitting at the SNMP management station says, "How many users are on their
webserver?"
The web server with the agent says, "Does my community string match 2 # B719? Is 192.168.1.5
an IP address I know? Yes."
The agent verified the community string and IP address. Agent sends the statistics for the number
of connections.
The man sitting at the management station says, "10,000 users? No wonder this web server is
slow."
Page 3:
Storing device logs and reviewing them periodically is an important part of network monitoring.
Syslog is the standard for logging system events. Like SNMP, syslog is an Application Layer
protocol that enables devices to send information to a syslog daemon that is installed and running
on a management station.
A syslog system is composed of syslog servers and syslog clients. These servers accept and
process log messages from syslog clients. A syslog client is a monitored device that generates
and forwards log messages to syslog servers.
Log messages normally consist of a ID, type of message, a time stamp (date, time), which device
has sent the message, and the message text. Depending on which network equipment is sending
the syslog messages, it can contain more items than those listed.

The diagram depicts the use of Syslog.
A network technician is using a management station to view Syslog messages stored on a Syslog
server. The information is a table with query type and query results based on entries stored on the
Syslog server. The Syslog messages come from routers, Internet based systems, and switches.
The clients send messages to the Syslog server.
8.4 Backups and Disaster Recovery
8.4.1 Backup Media
Page 1:
Network management and monitoring software helps ISPs and businesses identify and correct
network issues. This software can also help to correct the causes of network failures, such as
those caused by malware and malicious activity, network functionality, and failed devices.
Regardless of the cause of failure, an ISP that hosts websites or email for customers must protect
the web and email content from being lost. Losing the data stored on a website could mean
hundreds, or even thousands, of hours recreating the content, not to mention the lost business that
results from the downtime while the content is being restored.
Losing email messages that were stored on the ISP email server could potentially be devastating
for a business that relies on the data within the emails. Some businesses are legally required to
maintain records of all email correspondence, so losing email data is not acceptable.
Data backup is essential. The job of an IT professional is to reduce the risks of data loss and
provide mechanisms for quick recovery of any data that is lost.
8.4.1 - Backup Media

The diagram depicts a brief description for each of the following data loss conditions.
Hardware Failure
As hardware ages the probability of hardware failure and other loss increases. Hardware failure
usually means a lot of lost data. Recovering from hardware failure requires replacing the failed
hardware and restoring all the data from a current backup.
User Error
User error includes accidentally overwriting a file, deleting an important file, editing a file
incorrectly, or deleting important information within a file. This type of data loss often represents
a higher impact to the user than to the company. The company will typically loose productivity
time while the user recreates or retrieves the lost data. With user error, generally a specific file or
folder must be retrieved from a backup source.
Theft
Thieves target laptops, memory sticks, CD's and DVD's, tapes, or other data storage devices.
When taking company data off site, create backup copies of all data. Keep careful track of
portable data sources. It is also a good idea to encrypt all data on portable devices so that it is of
no use to the thief.
Malicious Activity
Viruses and hackers can destroy data. Some viruses target specific types of files to corrupt. Some
viruses can effect the hard drive that the data is stored on and can cause the drive to be
inaccessible. Additionally, hackers can manipulate data, such as defacing a website to gain
exposure.
Operating System Failure

A bad patch or driver update could result in serious operating system failure, preventing access
to needed data. With backed up operating system files, the operating system can often be
restored at a functional level. However, a reinstallation may be necessary and possibly a full
restore of all the missing data.
Page 2:
When an ISP needs to back up its data, the cost of a backup solution and its effectiveness must
be balanced. The choice of backup media can be complex because there are many factors that
affect the choice.
Some of the factors include:
• Amount of data
• Cost of media
• Performance of media
• Reliability of media
• Ease of offsite storage
There are many types of backup media available, including tapes, optical discs, hard disks, and
solid state devices.

The diagram depicts images of backup media.
Page 3:
Tape remains one of the most common types of backup media available. Tapes have large
capacities and remain the most cost-effective media on the market. For data volumes in excess of
a single tape, autoloaders and libraries can swap tapes during the backup procedure, allowing the
data to be stored on as many tapes as required. These devices can be expensive and are not
typically found in small to medium-sized businesses. However, depending on the volume of data,
there may be no alternative other than an autoloader or library.
Tape media is prone to failure, and tape drives require regular cleaning to maintain functionality.
Tapes also have a high failure rate because they wear out through use. Tapes should only be used
for a fixed amount of time before removing them from circulation. Some of the different types of
tapes are:
• Digital data storage (DDS)

• Digital audio tape (DAT)
• Digital linear tape (DLT)
• Linear tape-open (LTO)
Each type has different capacities and performance characteristics.
Optical Media Discs
Optical media is a common choice for smaller amounts of data. CDs have a storage capacity of
700 MB, DVDs can support up to 8.5 GB on a single-sided dual layer disc, and HD-DVD and
Blu-Ray discs can have capacities in excess of 25 GB per disc. ISPs may use optical media for
transferring web content data to their customers. Customers may also use this media to transfer
website content to the ISP web hosting site. Optical media can easily be accessed by any
computer system with a CD or DVD drive.

The diagram depicts images of a tape and an optical disc.
Page 4:
Hard Disks
Hard disk-based backup systems are becoming more and more popular because of the low cost
of high-capacity drives. However, hard disks make offsite storage difficult. Large disk arrays
such as direct attached storage (DAS), network attached storage (NAS), and storage area
networks (SANs) are not transportable.
Many implementations of hard disk-based backup systems work in conjunction with tape backup
systems for offsite storage. Using both hard disks and tapes in a tiered backup solution provides
a quick restore time with the data available locally on the hard disks combined with a long-term
archival solution.
Solid State Storage Devices
Solid state storage refers to all nonvolatile storage media that does not have any moving parts.
Examples of solid state media range from small postage-stamp-sized drives holding 1 GB of
data, to router-sized packages capable of storing 1000 GB (1TB) of data.
Solid state devices are ideal when fast storage and retrieval of data is important. Applications for
solid state data storage systems include database acceleration, high-definition video access and
editing, data retrieval, and SANS. High-capacity solid state storage devices can be extremely
expensive, but as the technology matures, the prices will come down.

The diagram depicts images of a hard disc backup and solid state backup media.
8.4.2 Methods of File Backup
Page 1:
After backup media is chosen, a backup method must be selected.
Normal
A normal, or full, backup copies all selected files, in their entirety. Each file is then marked as
having been backed up. With normal backups, only the most recent backup is required to restore
files. This speeds up and simplifies the restore process. However, because all data is backed up, a
full backup takes the most amount of time.
Differential
A differential backup copies only the files that have been changed since the last full backup.
With differential backups, a full backup on the first day of the backup cycle is necessary. Only
the files that are created or changed since the time of the last full backup are then saved. The
differential backup process continues until another full backup is run. This reduces the amount of
time required to perform the backup. When it is time to restore data, the last normal backup is
restored and the latest differential backup restores all changed files since the last full backup.
Incremental
An incremental backup differs from a differential backup on one important point. Whereas a
differential backup saves files that were changed since the last full backup, an incremental
backup only saves files that were created or changed since the last incremental backup. This
means that if an incremental backup is run every day, the backup media would only contain files
created or changed on that day. Incremental backups are the quickest backup. However, they
take the longest time to restore because the last normal backup and every incremental backup
since the last full backup must be restored.
8.4.2 - Methods of File Backup

The diagram depicts types of file backup.
Normal Backup
A full backup is completed daily.
Differential Backup
Only files changed since last full backup are backed up.
Incremental Backup
Only files changed since last incremental backup are backed up.
Page 2:
Backup systems require regular maintenance to keep them running properly. There are measures
that help to ensure that backups are successful:
• Swap media - Many backup scenarios require daily swapping of media to maintain a
history of backed up data. Data loss could occur if the tape or disk is not swapped daily.
Because swapping the tapes is a manual task, it is prone to failure. Users need to use a
notification method, such as calendar or task scheduling.
• Review backup logs - Virtually all backup software produces logs. These logs report on
the success of the backup or specify where it failed. Regular monitoring of backup logs
allows for quick identification of any backup issues that require attention.
• Perform trial restores - Even if a backup logs shows that the backup was successful,
there could be other problems not indicated in the log. Periodically perform a trial restore
of data to verify that the backup data is usable and that the restore procedure works.
• Perform drive maintenance - Many backup systems require special hardware to
perform backups. Tape backup systems use a tape backup drive to read and write to the
tapes. Tape drives can become dirty from use and can lead to mechanical failure. Perform
routine cleaning of the tape drive using designated cleaning tapes. Hard drive-based
backup systems can benefit from an occasional defragmentation to improve the overall
performance of the system.
The diagram depicts various methods of file back up.
Backup room which uses swap media.

Back up logs.
Restore backup screen.
Windows including a defrag window and disk clean up utility.
Page 3:
Lab Activity
Plan a backup solution for a small business.

Link to Hands-on: Planning a Backup Solution
8.4.3 Cisco IOS Software Backup and Recovery
Page 1:
In addition to backing up server files, it is also necessary for the ISP to protect configurations
and the Cisco IOS software used on networking devices owned by the ISP. The Cisco
networking device software and configuration files can be saved to a network server using TFTP
and variations of the copy command. The command to save the IOS file is very similar to the
command to backup and save a running configuration file.
To back up Cisco IOS software, there are three basic steps:

Step 1. Ping the TFTP server where the file should be saved. This verifies connectivity to the
TFTP server. Use the ping command.
Step 2. On the router, verify the IOS image in flash. Use the show flash command to view the
filename of the IOS image and file size. Confirm that the TFTP server has enough disk space to
store the file.
Step 3. Copy the IOS image to the TFTP server using the command:
Router# copy flash tftp
When using the copy command, the router will prompt the user for the source filename, the IP
address of the TFTP server, and the destination filename.
Images stored on the TFTP server can be used to restore or upgrade the Cisco IOS software on
routers and switches in a network.
The steps to upgrade an IOS image file on a router are similar to the steps used to backup the file
to the TFTP server. Be sure to use the show flash command to verify the bytes available in flash
and confirm that there is enough room for the IOS file before starting the upgrade or restore.
To upgrade the Cisco IOS software, use the command:
copy tftp: flash:
When upgrading, the router will prompt the user to enter the IP address of the TFTP server
followed by the filename of the image on the server that should be used. The router may prompt
the user to erase the flash memory if there is not sufficient memory available for both the old and
the new images. As the image is erased from flash, a series of "e"s appears to indicate the erase
process. When the new image is loaded, it is verified, and the networking device is ready to be
reloaded with the new Cisco IOS image.
If the IOS image is lost and must be restored, a separate process, using the ROMmon mode is
required.
8.4.3 - Cisco I O S Software Backup and Recovery

The diagram depicts a console session with a scenario that represents the process of backing up
the I O S to a TFTP server. The following are the steps and commands in the backup process.
Step 1: Ping the TFTP server to verify connectivity.
R1 # ping 192.168.20.254
Step 2: On the router, verify the I O S image in flash. Use the show flash command to view the
filename of the I O S image and file size.
R1 # show flash
System flash directory:
FileLengthName/status
113832032c1841-I pbase-mz.123-14.T7.bin
[13832032 bytes used, 18682016 available, 32514048 total]
32768K bytes of processor board System flash (Read/Write)
Step 3: Copy the I O S image to the TFTP server using the copy flash: tftp: command:
R1 # copy flash: tftp:

Source filename [ ]? c1841-I pbase-mz.123-14.T7.bin
Address or name of remote host [ ] 192.168.20.254
Destination filename [c1841-I pbase-mz.123-14.T7.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
13832032 bytes copied in 113.061 secs (122341 bytes/sec)
[13832032 bytes used, 18682016 available, 32514048 total]
32768K bytes of processor board System flash (Read/Write)
Page 2:
Lab Activity
Use a TFTP to backup and restore a Cisco IOS image.

Link to Hands-on Lab: Managing Cisco I O S Images with TFTP
Page 3:
If the router is set to boot up from flash, but the Cisco IOS image in flash is erased, corrupted, or
inaccessible because of lack of memory, the image may need to be restored. The quickest way to
restore a Cisco IOS image to the router is by using TFTP in ROM monitor (ROMmon) mode.
The ROMmon TFTP transfer works on a specified LAN port, and defaults to the first available
LAN interface. To use TFTP in ROMmon mode, the user must first set a few environmental
variables, including the IP address, and then use the tftpdnld command to restore the image.
To set a ROMmon environment variable, type the variable name, an equal sign (=), and the value
for the variable. For example, to set the IP address to 10.0.0.1, type IP_ADDRESS=10.0.0.1.
The required environment variables are:
• IP_ADDRESS - IP address on the LAN interface

• IP_SUBNET_MASK - Subnet mask for the LAN interface
• DEFAULT_GATEWAY - Default gateway for the LAN interface
• TFTP_SERVER - IP address of the TFTP server
• TFTP_FILE - Cisco IOS filename on the server
Use the set command to view and verify the ROMmon environment variables.
After the variables are set, the tftpdnld command is entered. As each datagram of the Cisco IOS
file is received, an exclamation point (!) is displayed. As the Cisco IOS file is copied, the
existing flash is erased. This includes all files that may be present in flash memory, not just the
current IOS file. For this reason, it is important to back up these files to a TFTP server for
safekeeping, in the event that it becomes necessary to restore the IOS image.
When the ROMmon prompt appears (rommon 1>), the router can be restarted using the reset
command or typing i. The router should now boot from the new Cisco IOS image in flash.

The diagram depicts a console session with a router and ROMmon mode prompt. Listed are the
commands to set the ROMmon variables and then restore the I O S from a TFTP server.
Set Variables:
rommon1> IP_ADDRESS=192.168.1.2
rommon2> IP_SUBNET_MASK=255.255.255.0
rommon3> DEFAULT_GATEWAY=192.168.1.1
rommon4> TFTP_SERVER=192.168.1.1
rommon5> TFTP_FILE= c1841-I pbase-mz.123-14.T7.bin
Download I O S:
Rommon7 > tftpdnld

IP_ADDRESS: 192.168.1.2
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.1
TFTP_SERVER: 192.168.1.1
TFTP_FILE: c1841-I pbase-mz.123-14.T7.bin
Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]
Receiving c1841-I pbase-mz.123-14.T7.bin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
Copying file c1841-I pbase-mz.123-14.T7.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x605a00000
Page 4:
Lab Activity
Use ROMmon and tftpdnld to manage an IOS image.

Link to Hands-on Lab: Managing Cisco I O S Images with ROMMON and TFTP
8.4.4 Disaster Recovery Plan
Page 1:
Data backup is an important part of any disaster recovery plan. A disaster recovery plan is a
comprehensive document that describes how to restore operation quickly and keep a business
running during or after a disaster occurs. The objective of the disaster recovery plan is to ensure
that the business can adapt to the physical and social changes that a disaster causes. A disaster
can include anything from natural disasters that affect the network structure to malicious attacks
on the network itself.
The disaster recovery plan can include information such as offsite locations where services can
be moved, information on switching out network devices and servers, and backup connectivity
options. It is important when building a disaster recovery plan to fully understand the services
that are critical to maintaining operation. Services that might need to be available during a
disaster include:
• Databases
• Application servers
• System management servers
• Web
• Data stores
• Directory
8.4.4 - Disaster Recovery Plan

The diagram depicts the network infrastructure of a building labeled Headquarters, and how it
directly translates to corresponding backup devices at the back up site.
Page 2:
When designing a disaster recovery plan, it is important to understand the needs of the
organization. It is also important to gain the support necessary for a disaster recovery plan. There
are several steps to accomplish designing an effective recovery plan.
• Vulnerability assessment - Assess how vulnerable the critical business processes and
associated applications are to common disasters.
• Risk assessment - Analyze the risk of a disaster occurring and the associated effects and
costs to the business. Part of a risk assessment is creating a list of the top-ten potential
disasters and the effects, including the scenario of the business being completely
destroyed.
• Management awareness - Use the information gathered on vulnerability and risks to get
senior management approval on the disaster recovery project. Maintaining equipment and
locations in the event of a possible disaster recovery could be expensive. Senior
management must understand the possible effect of any disaster situation.
• Planning group - Establish a planning group to manage the development and
implementation of the disaster recovery strategy and plan. When a disaster occurs, be it
small or large scale, it is important that individuals understand their roles and
responsibilities.
• Prioritize - Assign a priority for each disaster scenario, such as mission critical,
important, or minor, for the business network, applications, and systems.
The disaster recovery planning process should first engage the top managers, and then eventually
include all personnel that work with critical business processes. Everyone must be involved and
support the plan for it to be successful.
The diagram depicts images representing vulnerability assessment, risk assessment, management
awareness, planning group, and prioritizing.
Page 3:
After the services and applications that are most critical to a business are identified, that
information should be used to create a disaster recovery plan. There are five major phases to
creating and implementing a disaster recovery plan:
Phase 1 - Network Design Recovery Strategy
Analyze the network design. Some aspects of the network design that should be included in the
disaster recovery are:
• Is the network designed to survive a major disaster? Are there backup connectivity
options and is there redundancy in the network design?
• Availability of offsite servers that can support applications such as email and database
services.
• Availability of backup routers, switches, and other network devices should they fail.
• Location of services and resources that the network needs. Are they spread over a wide
geography?
Phase 2 - Inventory and Documentation
Create an inventory of all locations, devices, vendors, used services, and contact names. Verify
cost estimates that are created in the risk assessment step.
Phase 3 - Verification
Create a verification process to prove that the disaster recover strategy works. Practice disaster
recovery exercises to ensure that the plan is up to date and workable.
Phase 4 - Approval and Implementation

Obtain senior management approval and develop a budget to implement the disaster recovery
plan.
Phase 5 - Review
After the disaster recovery plan has been implemented for a year, review the plan.

The diagram depicts images representing network design recovery strategy, inventory and
documentation, verification, approval and implementation, and review.
Page 4:

The diagram depicts an activity in which you must match an action associated with each phase of
creating a disaster recovery phase.
Phases:
A. Network Design Recovery Strategy
B. Inventory and Documentation
C. Approval and Implementation
D. Verification
E. Review
Actions:
One. Verify cost estimates of inventory and used services
Two. Practice disaster recovery exercises
Three. After implementation for a specified period of time, review the plan
Four. Develop a budget to implement the recovery plan
Five. Determine the availability of backup routers, switches, and other network devices should
they fail.
8.5 Chapter Summary
8.5.1 Summary
Page 1:
8.5.1- Summary
Diagram 1, Image
The diagram depicts the My Document Properties window, the Windows login, and the system
properties window.
Diagram 1 text
Desktop security services for customers, include: creating secure passwords, securing
applications with patches and upgrades, removing unnecessary applications, performing security
scans and setting appropriate permissions on resources.
When assigning permissions to files and folders, a security best practice is to apply permissions
based on the principle of least privilege.
Diagram 2, Image
The diagram depicts an authentication service verifying a username and password on its database
of valid users.
Diagram 2 text
Authentication, authorization, and accounting (AAA) is a three-step process used to monitor and
control access on a network. It requires a database to keep track of user credentials, permissions,
and account statistics.
Digital encryption is the process of encrypting transmitted data between the clients and servers.
Many protocols offer secure versions.
As a best practice, use the secure version of a protocol whenever the data being exchanged is
meant to be confidential.
Diagram 3, Image
The diagram depicts an example of a denial of service attack and port filtering.
Diagram 3 text
There are many security threats including D o S, DD o S, D R D o S attacks.
Port Filters and Access Lists are used to help protect against security threats.
Port filtering can restrict or allow traffic based on TCP or UDP port.
Access lists define traffic that is permitted or denied based on IP addresses as well as TCP or
UDP ports.
Diagram 4, Image
The diagram depicts an example of an intrusion detection system and an intrusion prevention
system.
Diagram 4 text
A firewall is network hardware or software that defines what traffic can come into and go out of
sections of the network.
I D S is a software- or hardware-based solution that passively listens to network traffic. It does
not stop the initial traffic from passing through to the destination.
I P S is an active physical device or software feature. Traffic actually passes through I P S
interfaces and the I P S can block all suspicious activity in real time.
A host-based firewall and Anti-X software runs directly on a host operating system and protects
the host from malicious attacks that might have made it through all other layers of defense.
Diagram 5, Image
The diagram depicts examples of in-band monitoring and managing network devices while on
the network.
Diagram 5 text
A service level agreement (SLA) is an agreement between a service provider and a service user
that clearly documents the expectations and obligations.
ISP's monitor and check connectivity of devices. They accomplish this through in-band or out-
of-band management. In-band management is preferred for managing servers accessible on the
network.
Diagram 6, Image
The diagram depicts types of back up media.
Diagram 6 text
There are several backup solutions available including: tape, optical, hard disk, and solid state
media.
There are also three methods of backing up data, including: full backup, differential backup, and
incremental backup. A combination of all three backup methods is generally recommended.
Diagram 7, Image
The diagram depicts the headquarters network and how it directly relates to a diagram of the
back up site.
Diagram 7 text
A disaster recovery plan is a comprehensive document that describes how to restore operation
quickly and keep a business running during or after a disaster occurs.
Assess the vulnerabilities, assess the risk, ensure management awareness, establish a planning
group, and prioritize needs when creating a disaster recovery plan.
8.6 Chapter Quiz
8.6.1 Quiz
Page 1:
8.6.1 - Quiz
Chapter 8 Quiz: ISP Responsibility
1.What command can an administrator issue to find the filename of the I O S that is currently
running before backing up the I O S to a TFTP server?
a.show running-config
b.show startup-config
c.show sessions
d.show flash
2.While downloading an I O S image from a TFTP server, an administrator sees long strings of
the letter 'e' output to the console. What does this mean?
a.The I O S image is corrupt and is failing error checking.
b.There is a communication error between the router and the TFTP server.
c.The router is erasing the flash memory.
d.The file is being encrypted before being downloaded to the router.
3.Which term describes the ability of a web server to keep a log of the users who access the
server, as well as the length of time they use it?
a.authentication
b.authorization
c.accounting
d.assigning permissions
4.Which two statements describe out-of-band network management? (Choose two.)

a.does not require a physical connection
b.preferred over in-band management for managing services
c.used for initial device configuration
d.uses a direct console connection
e.provides greater functionality than in-band management
5.Which two are duties of an SNMP management agent? (Choose two.)

a.collects information for the management station by polling devices
b.permits access to devices by assigning each a community ID
c.reports to the management station by responding to polls
d.runs the applications that the administrator uses to configure devices on the network
e.sends an alert message to the management station if a threshold is exceeded
6.What is the "principle of least privilege"?

a.the use of only a single server to store shared data for a local network
b.all local users should have open access to shared data
c.give each user access to only those resources needed to do his or her job
d.when more than one user needs access to the same data, access should be first come, first
served
7.Match the AAA term to the correct definition. Note that all terms will not be used.
AAA Terms
a.auditing
b.accounting
c.authorization
d.authentication
e.access control
f.acknowledgement
Definitions
a.username and password
b.who used what network resource
c.rights to a specific network resource
8.When MPLS is configured on a router, what is true about the MTU?

a.The MTU size on the serial interface is automatically decreased and must manually be
increased.
b.The MTU size will not be affected for the WAN and LAN interfaces.
c.The MTU size on a LAN interface must be manually increased using the mpls mtu command.
d.The MTU size stays the same for both the LAN and WAN interfaces.
9.The CEO of Quickclips, Inc. decides that the company's backup process needs to allow for a
very quick restoration of lost data. He is willing to accept a lengthier time for the backup process
itself. Which type of backup should be implemented?
a.partial
b.differential
c.incremental
d.full
10.The IT manager performs a full backup on Monday and differential backups on Tuesday,
Wednesday, and Thursday. On Friday morning, the server crashes and all of the data must be
restored. In which sequence should the backup tapes be restored?
a.the full backup tape from Monday, and then differential tapes from Thursday, Wednesday, and
Tuesday
b.the differential tape from Thursday, and then the full backup tape from Monday
c.the full backup tape from Monday, and then the differential tape from Thursday
d.only the full backup tape from Monday
e.only the differential tape from Thursday
11.Where is the safest place to store backups?

a.portable lock box
b.locked telecommunications room
c.locked server room
d.offsite secure facility
12.Which firewall filtering technology keeps track of the actual communication process
occurring between the source and destination devices and stores it in a table?
a.access-list filtering
b.stateful filtering
c.URL filtering
d.content filtering
13.Why is risk assessment critical to disaster recovery planning?

a.It contains management approval to implement the plan.
b.It identifies the high priority applications that must be restored quickly.
c.It outlines the roles of each member of the disaster recovery team.
d.It identifies the likely disasters that could occur and their effect on the business.
14.Why would a business choose an I P S instead of an I D S? (Choose two.)

a.An I P S identifies and blocks malicious activity.
b.An I P S is installed out-of-band and does not affect network traffic throughput.
c.An I D S cannot stop some malicious traffic from getting through.
d.An I D S is an in-band device that can affect network traffic.
e.An I D S device must be installed outside the firewall to monitor traffic. End

9 Troubleshooting
9.0 Introduction
9.0.1 Introduction
Page 1:
Troubleshooting configuration or operation problems requires the application of networking
knowledge and skills.
Employers value networkers who can troubleshoot in an organized manner to identify symptoms,
isolate the causes, and fix the problems quickly.
Cisco Career Certifications bring valuable, measurable rewards to network professionals and the
organizations that employ them.
Practicing troubleshooting can help prepare you to successfully obtain a Cisco Certified Entry
Networking Technician (CCENT) certification.

Use the O S I Model as a framework for troubleshooting network problems.
Identify and correct problems with hardware and operation at Layer 1 and Layer 2.
Troubleshoot IP addressing problems, including subnet mask, host range errors, DHCP, and
NAT issues.
Identify and correct problems with RIPv2 configuration and implementation.
Explain possible causes of problems occurring with user applications and how to recognize
symptoms of DNS failures.
Create a plan to prepare to take the I CND1 examination in order to obtain a C CENT
certification.
9.1 Troubleshooting Methodologies and Tools
9.1.1 The OSI Model and Troubleshooting
Page 1:
One of the most important abilities for a network professional to develop is the ability to
efficiently troubleshoot network problems. Good network troubleshooters are always in high
demand. For this reason, Cisco certification exams measure the ability to identify and correct
network problems.
When troubleshooting, many technicians use the OSI and TCP/IP networking models to help
isolate the cause of a problem. Logical networking models separate network functionality into
modular layers. Each layer of the OSI or TCP/IP model has specific functions and protocols.
Knowledge of the features, functions, and devices of each layer, and how each layer relates to
the layers around it, help a network technician to troubleshoot more efficiently.
This chapter uses the OSI and TCP/IP models to provide the structure for troubleshooting
activities. Before beginning, review the material on the OSI and TCP/IP models in CCNA
Discovery: Networking for Home and Small Businesses and CCNA Discovery: Working at a
Small-to-Medium Business or ISP.
9.1.1 - The O S I Model and Troubleshooting
The diagram depicts a brief description of the functions and protocols of each layer of the O S I
Model and the TCP/IP Model.
O S I Model
Application Layer
Defines interfaces between application software and network communication functions.
Provides standardized services such as file transfer between systems.
Presentation Layer
Standardizes user data formats for use between different types of systems.
Encodes and decodes user data; encrypts and decrypts data; compresses and decompresses data.
Session Layer
Manages user sessions and dialogues.
Manages links between applications.
Transport Layer
Manages end-to-end message delivery over the network.
Can provide reliable and sequential packet delivery through error recovery and flow control
mechanisms.
Network Layer
Provides logical network addressing.
Routes packets between networks based on logical addressing.
Data Link Layer

Defines procedures for operating the communication links.
Detects and corrects frame transmit errors.
Adds physical addresses to frame.
Physical Layer
Defines physical means of sending data over network devices.
Interfaces between network medium and devices.
Defines optical, electrical, and mechanical characteristics for both wired and wireless media.
Includes all forms of electromagnetic transmission such as light, electricity, infrared, and radio
waves.
TCP/IP Model
Application
This layer has the same functionality as the Application, Presentation, and Session Layers of the
O S I Model.
Transport
This layer has the same functionality as the Transport Layer of the O S I Model.
Internet
This layer has the same functionality as the Network Layer of the O S I Model.
Network Access
This layer has the same functionality as the Data Link and Physical Layers of the O S I Model.
Page 2:
OSI Reference Model as a Troubleshooting Tool
The OSI reference model provides a common language for network technicians and engineers. It
is important to understand the functions that occur and the networking devices that operate at
each layer of the OSI model.
The upper layers (5-7) of the OSI model deal with specific application functionality and are
generally implemented only in software. Problems isolated to these layers can frequently be
caused by end-system software configuration errors on clients and servers.
The lower layers (1-4) of the OSI model handle data-transport issues.
The Network Layer (Layer 3) and the Transport Layer (Layer 4) are generally implemented only
in software. In addition to software errors on end systems, software configuration errors on
routers and firewalls account for many problems isolated to these layers. IP addressing and
routing errors occur at Layer 3.
The Physical Layer (Layer 1) and Data Link Layer (Layer 2) are implemented in both hardware
and software. The Physical Layer is closest to the physical network medium, such as the network
cabling, and is responsible for actually placing information on the medium. Hardware problems
and incompatibilities cause most Layer 1 and Layer 2 problems.

The diagram depicts the use of the O S I Model as a troubleshooting tool. Each network device is
matched with the O S I Model layers, on which it functions, that could be troubleshooting
targets.
A Router functions on the following layers:

Layer 4: Transport.
Layer 3: Network.
Layer 2: Data Link.
Layer 1: Physical.
A Firewall functions on the following layers:

Layer 4: Transport.
Layer 3: Network.
Layer 2: Data Link.
Layer 1: Physical.
A Standard Switch functions on the following layers:
Layer 2: Data Link.
Layer 1: Physical.
A Hub functions on the following layer:

Layer 1: Physical.
An End System functions on the following layers:

Layer 7: Application.
Layer 6: Presentation.
Layer 5: Session.
Layer 4: Transport.
Layer 3: Network.
Layer 2: Data Link.
Layer 1: Physical.
Page 3:

The diagram depicts an activity in which you must identify which layer each of the following
protocols or forms of technology belongs.
Layer Options.
One.Physical Layer.
Two.Data Link Layer.
Three.Network Layer.
Four.Transport Layer.
Five.Upper Layers.
Protocols and Forms of Technology.

A.Radio waves.
B.Hubs.
C.Repeaters.
D.Twisted pair cable.
E.Electrical signaling.
F.Ethernet.
G.LAN Switching.
H.MAC addresses.
I.Network interface cards.
J.Frames.
K.Routing.
L.IP addresses.
M.Packets.
N.Port numbers.
O.TCP.
P.UDP.
Q.Telnet.
R.Client software.
S.SMTP.
T.FTP.
U.HTTP.
Page 4:
Lab Activity
Using the worksheet provided, organize the CCENT objectives by which layer or layers they
address.
Click the Lab icon to begin.

Link to Hands-on Lab: Organize the CCENT objectives by O S I Layer
9.1.2 Troubleshooting Methodologies
Page 1:
There are three main troubleshooting approaches when using network models:
• Top-down
• Bottom-up
• Divide-and-conquer
Each method assumes a layered concept of networking. Using one of these troubleshooting
methods, a troubleshooter can verify all functionality at each layer until the problem is located
and isolated.
Top-down - Starts with the Application Layer and works down. It looks at the problem from the
point of view of the user and the application. Is it just one application that is not functioning, or
do all applications fail? For example, can the user access various web pages on the Internet, but
not email? Do other workstations have similar issues?
Bottom-up - Starts with the Physical Layer and works up. The Physical Layer is concerned with
hardware and wire connections. Are cables securely connected? If the equipment has indicator
lights, are those lights on or off?
Divide-and-Conquer - Typically troubleshooting begins at one of the middle layers and works
up or down from there. For example, the troubleshooter may begin at the Network Layer by
verifying IP configuration information.
The structure of these approaches makes them ideally suited for the novice troubleshooter. More
experienced individuals often bypass structured approaches and rely on instinct and experience.
9.1.2 - Troubleshooting Methodologies

The diagram depicts the operation, suitable cases, advantages and disadvantages, as well as the
layers that are involved for each of the following troubleshooting approaches: top-down, divide-
and-conquer, and bottom-up.
If you start at the Application, Presentation, or Session O S I Layers:

Troubleshooting Approach: Top-down
How it operates: Always starts at the application layer and works its way down until it finds a
faulty layer.
Cases for which it is suitable: More suitable for simpler problems or those that are suspected to
be application/user or upper-layer related.
Advantages/ Disadvantages: If the problem turns out to be related to lower layers, you have
wasted a lot of time and effort at the upper or application layers.
If you start at the Transport, Network, or Data Link O S I Layers:

Troubleshooting Approach: Divide-and-conquer
How it operates: Based on the circumstances (reported issues) and your experience, you might
decide to start at any layer and work up or down the O S I stack.
Cases for which it is suitable: Most suitable when you are experienced and the problem has
precise symptoms.
Advantages/ Disadvantages: It targets the problem layer faster than the other approaches. You
need experience to use this approach effectively.
If you start at the Physical O S I Layer:

Troubleshooting Approach: Bottom-up
How it operates: Always starts at the Physical Layer and works its way up until it finds a faulty
layer.
Cases for which it is suitable: More suited for complex cases.
Advantages/ Disadvantages: It is a slow, but solid approach. When the problem is application-
related (or upper layer-related), this approach can take a long time.
Page 2:
9.1.2 - Troubleshooting Methodologies

The diagram depicts an activity with a scenario in which customers report that they are unable to
view web pages from a web server located at the ISP .
You must determine what category of troubleshooting method was used by the technicians in
each of the following scenarios.
Troubleshooting Methods.
One.Bottom-up.
Two.Top-down.
Three.Divide-and-conquer.
Troubleshooting Scenarios.
A.The technician suspects that a firewall is causing the problem, and checks the firewall
configuration.
B.The technician checks the cable connections between the web server and the directly
connected switch.
C.The technician pings the server and then pings the switch located at the customer site.
D.The technician calls the customer in order to determine if only web applications are affected.
E.The technician checks the lights on the network interface card in the web server.
F.The technician verifies that the server has the correct DNS entry and that it is resolving the
name.
9.1.3 Troubleshooting Tools
Page 1:
It is very difficult to troubleshoot any type of network connectivity issue without a network
diagram that depicts the IP addresses, IP routes, and devices, such as firewalls and switches.
Logical and physical topologies are extremely useful in troubleshooting.
Physical Network Topologies
A physical network topology shows the physical layout of the devices connected to the network.
Knowing how devices are physically connected is necessary for troubleshooting problems at the
Physical Layer, such as cabling or hardware problems. Physical network topologies typically
include:
• Device types
• Models and manufacturers of devices
• Locations
• Operating system versions
• Cable types and identifiers
• Cabling endpoints
Logical Network Topologies
A logical network topology shows how data is transferred on the network. Symbols are used to
represent network elements such as routers, servers, hubs, hosts, and security devices. Logical
network topologies typically include:
• Device identifiers
• IP addresses and subnet masks
• Interface identifiers
• Routing protocols
• Static and default routes
• Data-link protocols
• WAN technologies
9.1.3 - Troubleshooting Tools

The diagram depicts examples of physical and logical topologies.
Physical Topology - The actual physical wired topology of the network between the Internet,
offices, and classrooms of a school. Routers, servers, printers, and other hosts are connected to
the hubs and switches on the network.
Logical Topology - Addressing information, such as subnets and broadcast domains, that is
necessary on a network.
Page 2:
In addition to network diagrams, other tools may be needed to effectively troubleshoot network
performance issues and failures.
Network Documentation and Baseline Tools
Network documentation and baseline tools are available for Windows, Linux, and UNIX
operating systems. CiscoWorks can be used to draw network diagrams, keep network software
and hardware documentation up to date, and help to cost-effectively measure baseline network
bandwidth use. These software tools often provide monitoring and reporting functions for
establishing the network baseline.
Network Management System Tools
Network Management System (NMS) tools monitor network performance. They graphically
display a physical view of the network devices. If a failure occurs, the tool can locate the source
of the failure and determine whether it was caused by malware, malicious activity, or a failed
device. Examples of commonly used network management tools are CiscoView, HP Openview,
SolarWinds, and WhatsUp Gold.
Knowledge Bases
Network device vendor knowledge bases have become indispensable sources of information.
When online knowledge bases are combined with Internet search engines, a network
administrator has access to a vast pool of experience-based information.
Protocol Analyzers
A protocol analyzer decodes the various protocol layers in a recorded frame and presents this
information in a relatively easy-to-use format. Protocol analyzers can capture network traffic for
analysis. The captured output can be filtered to view specific traffic or types of traffic based on
certain criteria; for example, all traffic to and from a particular device. Protocol analyzers, such
as Wireshark, provide detailed troubleshooting information about the data being communicated
on the network. An example of the types of information that can be viewed using a protocol
analyzer is the setup and termination of a TCP session between two hosts.

The diagram depicts examples of software troubleshooting tools.
Baseline Tools.
Solar Winds LAN surveyor (Automated Network Mapping Tool).
Solar Winds CyberGauge (Bandwidth Monitoring Tool).
NMS.
WhatsUp Gold NMS Device Status Display.
Knowledge Base.
Support Tools & Resources web page from the Cisco Systems website.
Protocol Analyzer.
Wire shark Protocol Analyzer.
Page 3:
Lab Activity
Use Wireshark to observe the TCP/IP three-way handshake.

Link to Hands-on Lab: Using Wire shark to Observe the TCP/IP Three-way Handshake
Page 4:
Sometimes failures in the lower layers of the OSI model cannot be easily identified with
software tools. In these instances, it may be necessary to use hardware troubleshooting tools,
such as cable testers, multimeters, and network analyzers.
Cable Testers
Cable testers are specialized, handheld devices designed for testing the various types of data
communication cabling. Cable testers can be used to detect broken wires, crossed-over wiring,
shorted connections, and improperly paired connections. More sophisticated testers, such as a
time-domain reflectometer (TDR), can pinpoint the distance to a break in a cable. Cable testers
can also determine the length of a cable.
Digital Multimeters
Digital multimeters (DMMs) are test instruments that directly measure electrical values of
voltage, current, and resistance. In network troubleshooting, most of the multimeter tests involve
checking power-supply voltage levels and verifying that network devices are receiving power.
Portable Network Analyzers
By plugging a network analyzer into a switch anywhere on the network, a network engineer can
see the average and peak utilization of the segment. The analyzer can also be used to identify the
devices producing the most network traffic, analyze network traffic by protocol, and view
interface details. Network analyzers are useful when troubleshooting problems caused by
malware or denial-of-service attacks.

The diagram depicts examples of hardware troubleshooting tools.
Multimeter.
Fluke 179 Digital Multimeter.
Cable Tester.
Fluke Networks LinkRunner Pro Tester.
Fluke Networks Cable IQ Qualification Tester.
Network Analyzer
Fluke Networks Opti-View Series III Integrated Network Analyzer
9.1.4 Certification Study Guide
Page 1:
CCENT Study Guide
Click the lab icon to download a CCENT Preparation Guide for section 9.1.
Click the lab icon to download a CCENT Preparation Guide.
9.1.4 - Certification Study Guide

Link to Hands-on Lab: CCENT Study Guide 1
Download the CCENT Study Guide for Section 9.1.
9.2 Troubleshooting Layer 1 and Layer 2 Issues
9.2.1 Layer 1 and 2 Problems
Page 1:
The Physical and the Data Link Layers encompass both hardware and software functions. All
network communications rely on the technologies at these layers to function. A network
technician must be able to quickly isolate and correct problems occurring at these layers.
The Physical Layer, or Layer 1, is responsible for the physical and electrical specifications for
the transmission of bits from one host to another over the physical medium, either wired or
wireless. Network problems occurring at Layer 1 can cause the loss of network connectivity, or
simply cause network performance to degrade.
The types of problems that occur at Layer 1 are directly related to the type of technology used.
For example, Ethernet is a multi-access technology. Ethernet protocols use an algorithm to sense
when there are no other signals on the wire to begin a transmission. However, it is possible for
two devices to begin sending at the exact same time, causing a collision. When a collision
occurs, all devices stop transmitting and wait a random amount of time before transmitting again.
Because Ethernet can detect collisions and respond to them, Ethernet is often referred to as
Carrier Sense Multiple Access with Collision Detection (CSMA/CD).
However, excessive collisions can cause network performance to degrade. Collisions can be a
significant problem on shared media, such as a hub network, more so than on switched ports.
9.2.1 - Layer 1 and 2 Problems

The diagram depicts possible causes of problems found on Layer 1, the Physical Layer.
Problem: Performance lower than baseline

Inadequate cable or poor terminations can result in errors that increase the rate of
retransmissions.
Electrical interference may cause poor performance over copper links.
Cabling that exceeds the recommended standard distance limitations can cause attenuation
problems.
In a wireless network, interference or a significant increase in traffic can cause network
responses to degrade.
Problem: Loss of connectivity
Intermittent loss can be caused by power-related problems, such as a failing UPS or power
supply, resulting in a device reboot or temporary link or device failure.
Loose connections and tension on the connectors and wires can also cause intermittent loss.
For wireless coverage areas, intermittent connectivity can be caused by overlapping wireless
channels.
Complete loss can be caused by a cable connection failure or a failed device or interface.
Problem: High collision counts
Average collision counts on shared media should generally be below 1% of total traffic.
Collision-based problems are often traced to a single source, such as a bad uplink cable on a hub
or switch port, or a link that is exposed to external electrical noise.
Too many hosts on a single shared segment can contribute to high collision rates.
Duplex mismatches between devices can cause collisions to be recorded on a switch link.
A full-duplex switch port should have no collisions.
Problem: Network bottlenecks or congestion
When congestion occurs, frames can be dropped.
Unexpected high rates of traffic on devices or cables not designed to handle the load can cause
congestion.
Malware, such as Trojans and worms can cause Layer 1 devices and cabling to become
congested.
A protocol analyzer can assist in finding the source of high traffic related problems.
Problem: High CPU utilization rates
High CPU utilization indicates that a device is operating at or exceeding its design limits.
CPU overloading can cause a device to shut down or fail.
Problem: Console error messages
Error messages reported on the device console can indicate a Physical Layer problem.
Messages indicating that a device or protocol is down indicate interface or cabling problems.
Page 2:
The Data Link Layer, or Layer 2, specifies how the data is formatted for transmission over the
network media. It also regulates how access to the network is granted. Layer 2 provides the link
between the Network Layer software functions and the Layer 1 hardware for both LAN and
WAN applications. To effectively troubleshoot Layer 1 and Layer 2 problems, technicians must
be familiar with cabling standards, and encapsulation and framing.
After a technician verifies that Layer 1 is functioning, it must be determined if the problem
resides in Layer 2 or one of the higher layers. For example, if a host can ping the local loopback
address, 127.0.0.1, but cannot access any services over the network, the problem may be isolated
to Layer 2 framing issues or a misconfigured interface card. Network analyzers and other online
tools can locate the source of a Layer 2 issue. In some instances, a device recognizes that a Layer
2 problem occurred and sends alert messages to the console.

The diagram depicts possible causes of problems found on Layer 2, the Data Link Layer.
Problem: No functionality or connectivity at the Network Layer or above

Misconfigured network cards or faulty NIC drivers can stop the exchange of frames across a
link.
Encapsulation errors on serial or WAN links can also cause connectivity to fail over operational
circuits.
Problem: Network operating below baseline performance levels
Interfaces dropping frames that exceed the capacity of the interface or have CRC or framing
errors can cause poor network performance. These problems can be identified through error
counter statistics and console error messages on the switch or router.
Faulty NICs, interface errors, and electric noise are common Layer 1 hardware issues that can
create Layer 2 framing errors in the network.
Problem: Excessive broadcasts
Large Layer 2 network segments can contribute to excessive broadcasts.
Viruses and worms can add excessive broadcast traffic to the network.
Problem: Console error messages
Console messages typically occur when the device detects a problem with interpreting incoming
frames because of encapsulation or framing problems.
Messages also occur when keepalives are expected but do not arrive.
The most common console message that indicates a Layer 2 problem is a line protocol down
message.
Page 3:

The diagram depicts an activity in which you must match each Layer 1 or Layer 2 problem to a
possible symptom. Each symptom may indicate two possible problems.
Symptoms.
One. Intermittent loss of connectivity.
Two. Excessive collisions on an interface.
Three. Console message indicating a protocol is down.
Layer 1 or Layer 2 problems.

A. Failing UPS or power supply.
B. Loose cable.
C. Too many hosts on a shared network segment.
D. Duplex mismatch.
E. No keepalive signals are being received.
F. Encapsulation mismatch.
9.2.2 Troubleshooting Device Hardware and Boot Errors
Page 1:
Network problems often occur after a device is restarted. Restarts can happen intentionally after
an upgrade, or unexpectedly after a power failure. To troubleshoot device hardware failures and
boot errors, it is first necessary to review the process that Cisco IOS devices use during startup.
The bootup process has three stages:
1. Performing the POST and loading the bootstrap program.
2. Locating and loading the Cisco IOS software.
3. Locating and loading the startup configuration file or entering setup mode.
When booting any Cisco networking device, it is helpful to observe the console messages that
appear during the boot sequence. After the Cisco IOS software is loaded, the technician can use
commands to verify that the hardware and software are fully operational.
The show version command displays the version of the operating system and whether all
interface hardware is recognized.
The show flash command displays the contents of the Flash memory, including the Cisco IOS
image file. It also displays the amount of Flash memory currently being used and the amount of
memory available.
The show ip interfaces brief command shows the operational status of the device interfaces and
IP addresses assigned.
The show running-configuration and show startup-configuration commands verify whether

all the configuration commands were recognized during the reload.
When a device fails to boot correctly and creates a network outage, replace the device with a
known good device to restore services to end users. After service is restored, then take the time
to troubleshoot and repair the failed device.
9.2.2 - Troubleshooting Device Hardware and Boot Errors

The diagram depicts the three stages of the boot up process, including the console screen output.
Stage 1
ROMPOSTPerform PostPerform POST
ROMBootstrapLoad BootstrapExecute Bootstrap Loader

Stage 2
The I O S can be loaded from Flash or a TFTP server.
Flash, Cisco Internetwork Operating System, Locate and load Operating system
TFTP Server, Cisco Internetwork Operating System, Locate and load Operating system


### [OK]
Stage 3
The configuration file can be loaded from NV RAM, a TFTP server or the console.
NV RAM Configuration > Locate, load and execute the Configuration file or enter "setup" mode
TFTP Server Configuration > Locate, load and execute the Configuration file or enter "setup"
mode
Console Configuration > Locate, load and execute the Configuration file (configuration
commands entered from the console host keyboard) or enter "setup" mode


### [OK]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to restrictions as set fourth in
subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at F A R Sec.
52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software
clause at D F A R S sec. 252.227-7013.
Cisco Systems, Inc.

170 West Tasman Drive
San Jose, California 95134-1706
SOFTWARE (fc2)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Image text-base: 0x6007D180, data-base: 0x61400000
Port Statistics for unclassified packets is not turned on.

Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial (sync/async) network interface(s)
191K bytes of NV RAM/
31360K bytes of A T A CompactFlash (Read/Write)
SOFTWEAR (fc2)
Copyright (c)1986-2006 by Cisco Systems, Inc.
---System Configuration Dialog---

Continue with configuration dialog? [yes/no]: no
Page 2:
After a router boots successfully, the green LED indicators will display. When errors occur
during the bootup process, Cisco devices execute default actions to recover from the errors, such
as loading into ROMmon mode. There are five common bootup errors (discussed on this page
and the next), that have associated troubleshooting strategies.
Device Fails POST
When a device fails POST, no output appears on the console screen. In addition, system LEDs
may change color or blink, depending on the device type. For a description of LED operation,
check the documentation provided with the device. If the POST fails, turn off the power, unplug
the device, and remove all interface modules. Then reboot the device. If the POST still fails, the
device requires service. If it completes the POST successfully without the interface modules
installed, an interface module may have failed. Disconnect the power and reinstall each module
individually, rebooting each time, to determine which module has failed. When the failed module
is identified, replace it with a known good module and restart the device.
Cisco IOS Image in Flash is Corrupt

If the image file in flash is corrupt or missing, the bootloader cannot find a valid Cisco IOS file
to load. Some Cisco IOS devices have an image with limited functionality that is loaded and run
if no image exists in flash or another specified location. This image is called a boothelper.
Boothelper images may not have enough functionality to successfully execute the necessary
configuration commands to bring the device back into operation. If there is no boothelper, the
device enters ROMmon mode. Use ROMmon commands to reload the correct Cisco IOS image
from a TFTP server.

The diagram depicts a table with information regarding the 1841 L E D Indicators on a
successful boot.
L E D: SYS PWR
Color: Green
Status: Router has successfully booted up and the software is functional. Slow, steady blinking
when system is booting or in the ROM monitor.
L E D: STS ACT
Color: Green
Status: Blinking when packets are transmitted or received on an WAN or LAN interface, or
when monitoring system activity.
L E D: CF
Color: Blinking Green
Status: Flash memory is busy. Do not remove the CompactFlash memory card when this light is
on.
Page 3:
Memory is not Recognized or Fails
If there is not enough memory to decompress the image, the device scrolls error messages
rapidly or constantly reboots. The device may be able to boot into ROMmon mode by issuing a
Ctrl-Break command during startup. In ROMmon mode, commands can be issued to determine
the status of the memory. The memory may have to be replaced or increased for the device to
function normally.
Interface Modules are not Recognized
Faulty or improperly seated interface modules may not be recognized during the POST and
Cisco IOS load. When this occurs, the list of available interfaces displayed by the show version
command does not match the physically installed modules. If an interface module is new, check
that the module is supported by the Cisco IOS version that is installed and that enough memory
exists to support the module. Always power down the device, disconnect the power, and reseat
the module into the device to determine if there is a hardware problem. After reseating, if the
module is not recognized during reboot, replace it with a known good module.
Configuration File is Corrupt or Missing
If a valid startup configuration file cannot be found, some Cisco devices execute an autoinstall
utility. This utility broadcasts a TFTP request for a configuration file. Other devices immediately
enter an initial configuration dialog, known as the setup utility or setup mode. Devices that have
the autoinstall utility also enter setup mode if no TFTP server responds after five inquiries. Use
either TFTP or manual configuration to reload or recreate the configuration. Devices do not
forward traffic until a valid configuration is loaded.

The diagram depicts a COM2-Tera Term VT window boot screen for a Cisco device with the
focus on the following error message line.
SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!
9.2.3 Troubleshooting Cable and Device Port Errors
Page 1:
Router interface errors are often the first symptom of Layer 1 and Layer 2 cabling or
connectivity errors. To troubleshoot, begin by examining the statistics recorded on the
problematic interface using the show interfaces command and the status of interfaces using the
show ip interface brief command.
The output for the show ip interface brief command includes a summary of the device
interfaces, including the IP address and interface status.
• Up/up status - indicates normal operation and that both the media and the Layer 2
protocol are functional.
• Down/down status - indicates that a connectivity or media problem exists.
• Up/down status - indicates that the media is connected properly, but that the Layer 2
protocol is not functioning or is misconfigured.
Common cable or media issues that can cause a down/down output include:
• Loose cable or too much tension on the cable - If all the pins cannot make a good
connection, the circuit is down.
• Incorrect termination - Ensure that the correct standard is followed and that all pins are
correctly terminated in the connector.
• Damaged serial interface connector - Pins on the interface connection are bent or missing.
• Break or short in the cable - If there are problems along the circuit, the interface cannot
sense the correct signals.
Common Layer 2 issues that can cause an up/down output include:
• Encapsulation is improperly configured.

• No keepalives are received on the interface.
9.2.3 - Troubleshooting Cable and Device Port Errors

The diagram depicts a summary of device interface information.
R1 # show I P interface brief

Interface I P-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 unassigned YES manual administratively down down
Serial0/0/0 192.168.2.1 YES manual up up
Serial0/0/1 unassigned YES manual administratively down down
V lan1 unassigned YES manual administratively down down
Page 2:
Occasionally, media errors are not severe enough to cause the circuit to fail, but do cause
network performance issues. The show interfaces command provides additional troubleshooting
information to help identify these media errors.
Output for the show interfaces command includes:
• Excessive Noise - On Ethernet and serial interfaces, the presence of many CRC errors but
not many collisions is an indication of excessive noise. CRC errors usually indicate a
media or cable error. Common causes include electrical interference, loose or damaged
connections, or using the incorrect cabling type.
• Excessive collisions - Collisions usually occur only on half-duplex or shared-media
Ethernet connections. Damaged cables can cause excessive collisions.
• Excessive runt frames - Malfunctioning NICs are the usual cause of runt frames, but
they can be caused by the same issues as excessive collisions.
• Late collisions - A properly designed and configured network should never have late
collisions. Excessive cable lengths are the most common cause. Duplex mismatches can
also be responsible.

The diagram depicts solutions for various media problems.
Media Problem: Excessive Noise

Step 1. Use the show interface command to determine the status of the Ethernet interfaces. The
presence of many CRC errors but not many collisions is an indication of excessive noise.
Step 2. Inspect the cables for damage or sources of interference.
Step 3. Verify that the correct cable and termination standard is in use for the speed of the
interface.
Step 4. If using 1000BASE-TX, make sure that Category 5e or above cabling is being used.
Media Problem: Excessive Collisions

Step 1. Use the show interface command to check that rate of collisions. The total number of
collisions with respect to the total number of output packets should be 1% or less.
Step 2. Use a TDR to find any damaged cables.
Media Problem: Excessive Runt Frames

Step 1. in a shared Ethernet environment, runt frames are almost always caused by collisions. If
the collision rate is high, see the "Excessive collisions" problem.
Step 2. If runt frames occur when collision rates are not high or in switched Ethernet
environment, they are the result of bad software on a NIC.
Step 3. Use a protocol analyzer to try to determine the source address of the runt frames.
Media Problem: Late Collisions

Step 1. Use protocol analyzer to check for late collisions. Late collisions should never occur in a
property designed Ethernet network. They usually occur when Ethernet cables are too long or
when a duplex mismatch occurs.
Step 2. Verify that the diameter of the network is within specification.
Page 3:
Lab Activity
Use the show ip interface brief and show interfaces commands to identify possible cable or
media errors.

Link to Hands-on Lab: Identifying Cable and Media Errors
9.2.4 Troubleshooting LAN Connectivity Issues
Page 1:
LAN troubleshooting usually centers on switches, because the majority of LAN users connect to
the network via switch ports. Many of the same Cisco IOS show commands can be used on
switches to gather troubleshooting information. In addition, each port on a switch has an LED
indicator that provides valuable troubleshooting information.
The first step in troubleshooting LAN connectivity issues is to verify that the switch port
connected to the user is active and that the appropriate LED indicators are lit. If there is physical
access to the switch, it can save time to look at the port LEDs, which give the link status or
indicate an error condition (if red or orange). Check to see that both sides of the connection have
a link.
If no link light is present, ensure that the cable is connected at both ends and that it is connected
to the correct port. Make sure that both devices are powered up, and that there are no bootup
errors on either device. Swap out any patch cables with known good cables and verify that the
cable terminations are correct for the type of connectivity desired. If there is still no link light,
verify that the port is not administratively shut down. Use the show running-config interface
command to show the parameters configured on a switch port:
Switch#sh run interface fastEthernet 4/2
interface FastEthernet4/2
shutdown
duplex full
speed 100
end
9.2.4 - Troubleshooting LAN Connectivity Issues

The diagram depicts the rear of a switch Catalyst 2950 series indicating the following
components:
System L E D
Redundant Power Supply L E D
Mode Button
Port Mode L E D's
Port Status L E D's
Page 2:
Even if a link light is present, it does not guarantee that the cable is fully functional. The cable
can be damaged, causing intermittent performance problems. Normally, this situation is
identified by using Cisco IOS show commands to determine if the port has many packet errors,
or if the port constantly flaps (loses and regains a link).
The show version and show interfaces commands executed on a switch provide similar
information to the same commands executed on a router. To get a quick view of switch port error
statistics, use the show interface port counters errors command.
Duplex mismatches are more common on switches than on routers. Many devices are set to
autonegotiate speed and duplex settings. If one device on a link is configured to autonegotiate
and the other side is manually configured with speed and duplex settings, mismatches may occur,
leading to collisions and dropped packets.
To view the speed and duplex settings on a port and whether manual or autonegotiation features
were used, use the show interface port status command.
If the mismatch occurs between two Cisco devices with the Cisco Discovery Protocol (CDP)
enabled, there are CDP error messages on the console or in the logging buffer of both devices.
CDP is useful to detect errors and port and system statistics on nearby Cisco devices.
To correct duplex mismatch errors, set both devices to autonegotiate speed and duplex. If the
negotiation does not produce the desired results, manually configure matching speed and duplex
settings on each device.
The diagram depicts examples of messages that may indicate LAN connectivity issues.
Error message indicating that a duplex mismatch is detected.

Jun 2 11:16:45 %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet6
/2 (not half duplex), with TB A 04251336 3 /2 (half duplex).
Show output indicating that duplex and speed settings were set to auto negotiate.
Switch # s h interfaces F A S 6 /1 status
Portname Status V lan Duplex Speed Type
F A 6 /1 not connect 1 auto auto 10 /100BaseTX
Page 3:
Configure a switched network and troubleshoot duplex mismatches.

Link to Packet Tracer Exploration: Configuring and Troubleshoot a Switched Network
Page 4:
Lab Activity
Troubleshoot LAN connectivity using LEDs and show commands.

Link to Hands-on Lab: Troubleshooting LAN Connectivity
9.2.5 Troubleshooting WAN Connectivity Issues
Page 1:
Troubleshooting a serial WAN connection is different from troubleshooting Ethernet LAN

connections. Typically, WAN connectivity relies on equipment and media that is owned and
managed by a telecommunications service provider (TSP). Because of this, it is important for
technicians to know how to troubleshoot the customer premises equipment and to communicate
the results to the TSP.
Most serial interface and line problems can be identified and corrected using information
gathered from the show interfaces serial command. Serial connections may experience
problems caused by packet errors, configuration errors, or mismatches in encapsulation and
timing. Because serial WAN connections usually rely on a CSU/DSU or modem for timing,
these devices must be considered when troubleshooting serial lines. In prototype networks, a
router can be configured to provide DCE clocking functions, eliminating the CSU or modem.
To successfully troubleshoot serial WAN connectivity problems, it is important to know the type
of modem or CSU/DSU that is installed and how to place the device in a loopback state for
testing.
9.2.5 - Troubleshooting WAN Connectivity Issues

The diagram depicts a typical WAN topology with core routers and WAN switches.
Devices are connected to the WAN switches in the cloud.

PCs and dialup modems are connected via an access server.
A router and CSU/DSU are connected via a T1 circuit.
A PC and cable modem are connected via the cable network.
A PC and DSL modem are connected via the PSTN network.
Page 2:
The interface status line of the show interfaces serial command can display six possible
problem states:
• Serial x is down, line protocol is down (DTE mode) - When the router serial interface
cannot detect any signal on the line, it reports both the line and the Layer 2 protocol
down.
• Serial x is up, line protocol is down (DTE mode) - If the serial interface does not
receive keepalives or if there is an encapsulation error, the Layer 2 protocol is reported
down.
• Serial x is up, line protocol is down (DCE mode) - In cases where the router is
providing the clock signal and a DCE cable is attached, but no clock rate is configured,
the Layer 2 protocol is reported down.
• Serial x is up, line protocol is up (looped) - It is common practice to place a circuit in a

loopback condition to test connectivity. If the serial interface receives its own signals
back on the circuit, it reports the line as looped.
• Serial x is up, line protocol is down (disabled) - High error rates cause the router to
place the line in a protocol disabled mode. This type of problem is usually hardware
related.
• Serial x is administratively down, line protocol is down - An administratively down

interface is one that is configured with the shutdown command. Usually all that is
needed to fix this condition is to enter theno shutdown command on the interface. If the
interface does not come up using the no shutdown command, check the console
messages for a duplicate IP address message. If a duplicate IP address exists, correct the
problem and issue theno shutdown command again.
• Serial x is up, line protocol is up - The interface is operating as expected.

The diagram depicts scenarios of WAN situations with possible problems and troubleshooting
steps for each.
Scenario 1. Serial x is down, line protocol is down (DTE)

Possible Problem:
Indicates that the router is not sensing a carrier detect signal.
Telephone company problem - Line is down or not connected to CSU/DSU.
Faulty or incorrect cabling.
Hardware failure (CSU/DSU)
To Troubleshoot:
Step 1. Check the L E D's on the CSU/DSU to see whether the light is active.
Step 2. Verify that you are using the proper cable and interface.
Step 3. Contact your leased-line or other carrier service to see whether there is a problem.
Step 4. Replace the serial interface module with a known good module.
Step 5. Replace the CSU/DSU with a known good device.
Scenario 2. Serial x is up, line protocol is down (DTE)

Possible Problem:
Local or remote router is misconfigured.
Keepalives are not being sent by the remote router.
Failed remote CSU or DSU.
Failed local or remote CSU/DSU.
To Troubleshoot:
Step 1. Put the modem, CSU, or DSU in local loopback mode, and use the show interface serial
command to determine whether the line protocol comes up. If the line protocol comes up, a
telephone company problem or a failed remote router is probably the cause.
Step 2. If the problem appears to be on the remote end, repeat Step 1 on the remote modem,
CSU, or DSU.
Step 3. Verify all cabling. Make certain that the cable is attached to the correct interface, the
correct CSU/DSU, and the correct telephone company network termination point.
Step 4. Verify that the encapsulation is correct on both ends of the circuit.
Step 5. If the line protocol does not come up in local loopback mode and if there is no
encapsulation mismatch, replace failed hardware.
Scenario 3. Serial x is up, line protocol is down (DCE)

Possible Problem:
Missing clockrate interface configuration command.
Failed local or remote CSU/DSU.
Failed or incorrect cable.
Router hardware failure.
To Troubleshoot:
Step 1. Add the clockrate interface configuration command on the serial interface.
Step 2. Verify that the correct cable is being used.
Step 3. If the line protocol is still down, there is a possible hardware failure or cabling problem.
Step 4. Replace faulty parts as necessary with known good equipment.
Scenario 4. Serial x is up, line protocol is up (looped)

Possible Problem:
A loop exists in circuit. The sequence number in the keepalive packet changes to a random
number when a loop is detected initially. If the same random number is returned over the link, a
loop exists.
To Troubleshoot:
Step 1. Use the show running-config privileged EXEC command. This will enable you to look
for any loopback interface configuration command entries.
Step 2. If you find a loopback interface configuration command entry, use the no loopback
interface configuration command to remove the loop.
Step 3. If you do not find the loopback interface configuration command, examine the CSU/DSU
to determine whether it is configured in manual loopback mode. If it is, disable manual loopback.
Step 4. Reset the CSU/DSU and inspect the line status. If the line protocol comes up, no other
action is needed.
Step 5. If the CSU/DSU is not configured in manual loopback mode, contact the leased-line or
other carrier service for line troubleshooting assistance.
Scenario 5. Serial x is up, line protocol is down (disabled)

Possible Problem:
High error rate because of telecommunications service problem.
CSU/DSU hardware problem.
Bad router hardware.
To Troubleshoot:
Step 1. Contact the telecommunications service provider.
Step 2. Loop CSU/DSU (DTE loop). If the problem continues, there is likely a hardware
problem. If the problem does not continue, the problem is likely with the telephone company.
Step 3. Swap out bad hardware as required (CSU/DSU, switch, interface module, or remote
router).
Scenario 6. Serial x is administratively down, line protocol is down

Possible Problem:
Router configuration includes the shutdown interface configuration command.
Duplicate IP address.
To Troubleshoot:
Step 1. Check the configuration for the shutdown command.
Step 2. Use the no shutdown interface configuration command to remove the shutdown
command.
Step 3. Verify that there are no identical IP addresses using the show running-config privileged
EXEC command or the show interface EXEC command.
Step 4. If there are duplicate addresses, resolve the conflict by changing one of the IP addresses.
Page 3:
Troubleshoot WAN encapsulation mismatches.

Link to Packet Tracer Exploration: WAN Encapsulation Mismatches
Page 4:
Lab Activity
Troubleshoot WAN connectivity using LEDs and show commands.

Link to Hands-on Lab: Troubleshooting WAN Connectivity
Page 1:
CCENT Study Guide

9.3 Troubleshooting Layer 3 IP Addressing Issues
9.3.1 Review of Layer 3 Functionality and IP Addressing
Page 1:
Layer 1 networks are created by interconnecting devices using physical media. Layer 2 network
protocols are hardware dependent. Ethernet cannot operate over a serial link, nor can serial
communications occur using an Ethernet NIC.
Layer 3 (the Network Layer) protocols are not bound to a specific type of media or Layer 2
framing protocol. The same Layer 3 protocols can operate on Ethernet, wireless, serial, or other
Layer 2 networks. Layer 3 networks can contain hosts that are connected using different Layer 1
and 2 technologies. The primary functions implemented at Layer 3 of the OSI model are network
addressing and routing. Layer 3 networks are referred to as logical networks because they are
created only in software.
Today most networks implement the TCP/IP protocols to exchange information between hosts.
As a result, much of the focus of troubleshooting Layer 3 problems is concentrated on IP
addressing errors and on routing protocol operation.
Troubleshooting Layer 3 problems requires a thorough understanding of network boundaries and

IP addressing. Poorly designed and configured IP addressing schemes account for a large number
of network performance problems.
9.3.1 - Review of Layer 3 Functionality and IP Addressing

The diagram depicts information about the interaction of protocols on Layer 2 and Layer 3.
Multiple Layer 2 Protocols

Different protocols may be in use for different media.
A network comprising of hosts, routers, fiber optic WAN links and satellite dish transmitting to
satellites and wireless routers transmitting to laptops.
Data Link Layer protocols govern how to format a frame for use on different media.
At each hop along the path, an intermediary device accepts frames from one medium,
decapsulates the frame and then forwards the packets in a new frame. The headers of each frame
are formatted for the specific medium that it will cross.
Single Layer 3 Protocol
The same Network Layer protocol can be used across different media.
A network comprising of hosts, routers, fiber optic WAN links and satellite dish transmitting to
satellites and wireless routers transmitting to laptops.
Network Layer protocols govern the format of the packet headers as well as the format of the
network and host addressing.
Although the frame format may change every time the physical media changes, the format of the
Network Layer packet remains the same.
Page 2:
At Layer 3, each packet must be identified with the source and destination addresses of the two
end systems. With IPv4, each packet has a 32-bit source address and a 32-bit destination address
in the Layer 3 header.
The IP address identifies not only the individual host, but also the Layer 3 local network on
which the host can communicate. A simple IP network can be created by configuring two
interconnected hosts with unique addresses that share the same network prefix and subnet mask.
A device must be configured with an IP address to exchange messages using TCP/IP. Individual
Layer 3 IP networks encompass a range of IP addresses. These boundaries are determined by the
number of bits contained in the network prefix portion of the address. A simple rule is the longer
the network prefix, the smaller the range of IP addresses that can be configured on hosts in that
IP network.
To troubleshoot Layer 3 problems, an administrator must be able to determine the range of host
addresses that belong to each individual IP network. The range of addresses is determined by the
number and position of host bits. For example, in a 192.168.1.0/24 network, borrow three bits for
subnetting. This leaves 5 bits for host addresses. This creates 8 subnets (2^3=8) and 30 hosts per
subnet (2^5 - 2 = 30).
Given the 192.168.1.96/27 subnet, the first host on the subnet will be 192.168.1.97, and the last
host will be 192.168.1.126. The broadcast address for this subnet will be 192.168.1.127. This can
be seen by looking at the binary of the last octet:
(011 subnet) 96 + (00001 first host) 1 = (01100001) 97 in decimal
(011 subnet) 96 + (11110 last host) 30 = (01111110) 126
(011 subnet) 96 + (11111 broadcast) 31 = (01111111) 127
This example is using a class C address. This same technique can be applied to Class A and
Class B addresses. Remember that the location of host bits can extend into more than one octet.
The diagram depicts representations of subnetting and address scheme.
Subnetting
On a 24-bit network portion address, three bits are borrowed from the host portion to provide
eight subnets. The following example shows subnetting the 192.168.1.0 /24 into eight /27
subnets, numbered 0-7.
192.168.1.0 (/24)Address:11000000.10101000.00000001.00000000
255.255.255.0Mask:11111111.11111111.11111111.00000000
0192.168.1.0 (/27)Address:11000000.10101000.00000001.00000000
255.255.255.0Mask:11111111.11111111.11111111.11100000
1192.168.1.32 (/27)Address:11000000.10101000.00000001.00100000
255.255.255.0Mask:11111111.11111111.11111111.11100000
2192.168.1.64 (/27)Address:11000000.10101000.00000001.01000000
255.255.255.0Mask:11111111.11111111.11111111.11100000
3192.168.1.96 (/27)Address:11000000.10101000.00000001.01100000
255.255.255.0Mask:11111111.11111111.11111111.11100000
4192.168.1.128(/27)Address:11000000.10101000.00000001.10000000
255.255.255.0Mask:11111111.11111111.11111111.11100000
5192.168.1.160 (/27)Address:11000000.10101000.00000001.10100000
255.255.255.0Mask:11111111.11111111.11111111.11100000
6192.168.1.192 (/27)Address:11000000.10101000.00000001.11000000
255.255.255.0Mask:11111111.11111111.11111111.11100000
7192.168.1.224 (/27)Address:11000000.10101000.00000001.11100000
255.255.255.0Mask:11111111.11111111.11111111.11100000
Addressing Scheme
The table has examples of addressing schemes for eight networks.
Subnet: 0.
Network Address: 192.168.1.0.
Host Range: 192.168.1.1 - 192.168.1.30.
Broadcast Address: 192.168.1.31.
Subnet: 1.
Network Address: 192.168.1.32 /27.
Host Range: 192.168.1.33 - 192.168.1.62.
Subnet: 2.
Host Range: 192.168.1.65 - 192.168.1.94.
Subnet: 3.
Host Range: 192.168.1.97 - 192.168.1.126.
Subnet: 4.
Host Range: 192.168.1.129 - 192.168.1.158.
Subnet: 5.
Host Range: 192.168.1.161 - 192.168.1.190.
Subnet: 6.
Host Range: 192.168.1.193 - 192.168.1.222.
Subnet: 7.
Host Range: 192.168.1.225 - 192.168.1.254.
Page 3:

The diagram depicts an activity in which you must use the network address and the subnet mask
to define the range of hosts, the broadcast address, and the next network address. The Help
option following the scenario explains the process.
Network Address in decimal: 10.55.119.128.

Subnet Mask in decimal: 255.255.255.128.
Network address in binary: 00001010.00110111.01110111.10000000.
Subnet Mask in binary: 11111111.11111111.11111111.10000000.
One.What is the first usable host IP address in decimal: (first octet? second octet? third octet?
fourth octet?).
Two.What is the last usable host IP address in decimal: (first octet? second octet? third octet?
fourth octet?).
Three.What is the broadcast address in decimal: (first octet? second octet? third octet? fourth
octet?).
Four.What is the next network address in decimal: (first octet? second octet? third octet? fourth
octet?).
Help Option
The range of host addresses within a subnet is dependent upon the number and location of host
bits.
Class C example: 192.168.1.32 / 27
Written in binary:
IP: 11000000.10101000.00000001.00100000
SM: 11111111.11111111.11111111.11100000
According to the subnet mask (SM), the first 27 bits of the IP address are part of the network,
leaving five bits to indicate a unique host. A host IP address cannot have all 1s or all 0s in the
host portion. All 1s in the host bits is the broadcast address for that subnet.
First available IP: 11000000.10101000.00000001.00100001
192. 168. 1. 33
Last available IP: 11000000.10101000.00000001.00111110

192. 168. 1. 62
Broadcast IP: 11000000.10101000.00000001.00111111

192. 168. 1. 63
Class A example: 1 0.1 0.64.0 / 19
Written in binary:
IP: 00001010.00001010.01000000.00000000
SM: 11111111.11111111.11100000.00000000
According to the subnet mask, the first 19 bits of the IP address are part of the network, leaving
13 bits to indicate a unique host. A host IP address cannot have all 1s or all 0s in the host portion.
All 1s in the host bits is the broadcast address for that subnet.
First available IP: 00001010.00001010.01000000.00000001

1 0.1 0.6 4. 1
( third octet = 64 + 0)
Last available IP: 00001010.00001010.01011111.11111110

1 0.1 0.9 5. 254
(third octet = 64 + 31)
Broadcast IP: 00001010.00001010.01011111.11111111

1 0.1 0.9 5. 255
(third octet = 64 + 31)
Page 4:
Troubleshoot a small network.

Link to Packet Tracer Exploration: Troubleshooting a Small IP Network
9.3.2 IP Design and Configuration Issues
Page 1:
If IP addressing is assigned in a random manner, it is difficult to determine where a source or
destination address is located. Today, most networks employ a hierarchical IP addressing
scheme. Hierarchical IP addressing schemes offer many advantages, including smaller routing
tables that require less processing power. Hierarchical IP addressing also creates a more
structured environment that is easier to document, troubleshoot, and expand.
However, a poorly planned hierarchical network, or a badly documented plan, can create
problems, such as overlapping subnets or incorrectly configured subnet masks on devices. These
two conditions account for many IP addressing and routing issues within networks.
An overlapping subnet occurs when the address range of two separate subnets include some of
the same host or broadcast addresses. Overlapping is usually a result of poor network
documentation or by accidentally entering the incorrect subnet mask or network prefix.
Overlapping subnets do not always cause a complete network outage. They may only affect a
few hosts, depending on where the misconfigured subnet mask is placed.
9.3.2 - IP Design and Configuration Issues

The diagram depicts a hierarchical IP addressing scheme.
The gateway router, which connects to the Internet, is on a network with a 16-bit network
portion. The three routers coming from the gateway router have 22-bit network portion
addressing schemes. The networks, which connect to the routers, all have 24-bit network portion
addresses.
Page 2:
Cisco IOS software does permit you to configure an IP address from overlapping subnets on two
different interfaces. However, the router does not activate the second interface.
For example, the router R1 interface Fast Ethernet 0/0 is configured with an IP address and
subnet mask on the 192.168.1.0/24 network. If Fast Ethernet 0/1 is configured with an IP address
on the 192.168.1.0/30 network, an overlapping error message appears. If there is an attempt to
enable the interface with the no shutdown command, a second error message appears. No traffic
is forwarded through the interface. The output from the show ip interface brief command shows
that the second interface configured for the 192.168.1.0/24 network, FastEthernet 0/1, is down.
It is important to verify the status of the interfaces after making configuration changes. An
interface that remains administratively down after the no shutdown command is issued can
indicate an IP addressing problem.
The diagram depicts examples of messages that may indicate overlapping IP addresses are
assigned to interfaces.
Configuration Error Messages with overlapping IP addresses

R1 (config) # interface FastEthernet0 /1
R1 (config-if) # I P address 192.168.1.2 255.255.255.252
192.168.1.0 overlaps with FastEthernet0 /0
R1 (config) # no shutdown
192.168.1.0 overlaps with FastEthernet0 /0
FastEthernet0/1: incorrect IP address assignment
Show Output
R1 (config) # show IP interface brief
{output omitted}
FastEthernet0 /1 192.168.1.2 YES manual administratively down down
Page 3:
Although Cisco IOS software has safeguards to ensure that overlapping subnets are not
configured on multiple interfaces of the same device, it does not prevent overlapping subnets
from being configured on different devices or on hosts within the network.
A poorly configured subnet mask can cause some hosts on a network to not have access to
network services. Subnet mask configuration errors can also present a variety of symptoms that
may not be easily identified.

The diagram depicts examples of misconfigured subnet masks that affect network
communication.
Two LANs separated by a router. One LAN contains host H1 and H1 which connect to a switch
which connects to the router which separates the two LANs. The other LAN contains two
servers, SV1 and unnamed, which connect to a switch which connects to the router which
separates the two LANs. The router also connects to the internet.
Issue 1
H2 (192.168.0.42 /27) says, "I requested a web page from SV1, but have not received it."
SV1 (192.168.0.5/ 24) in the other LAN says, "192.168.0.42 is on my 192.168.0.0 /24 network,
but has not responded to my ARP request; therefore I cannot respond."
A Server is Only Accessible by Hosts on the Same Subnet

A server on one of the subnets is manually configured using the default /24 network prefix
instead of the /27. This misconfiguration causes the server to determine that all hosts on the
various subnets are on the same Layer 3 network that the server is on. The server does not send
any traffic to the default gateway for any hosts on the /27 subnets. Check server configurations if
this symptom occurs.
Issue 2
H1 (192.168.0.43 /24) says, "I need a web page from IP address 200.200.1.1. I have forwarded
my request to the gateway."
H2 (192.168.0.41 /14) says, "I need a web page from SV1. SV1 is on my network. I can ARP for
the MAC address."
Hosts Get Responses from Internet Servers, but Not Servers on Another
Subnet
A host or group of hosts are configured with a /24 subnet mask that causes an overlap with the
server network subnet addresses. Each host correctly determines that Internet addresses are not
on their local Layer 3 network, and sends the traffic to the default gateway. The hosts incorrectly
determine that internal server addresses are on their local network, and use ARP to attempt to get
the server MAC addresses. Check DHCP server configurations and host configurations when this
symptom is evident. A network sniffer can be used to show the ARP frames.
Issue 3
H2 (192.168.0.42 /24) says, "According to the IP information, the DNS server is on my local
network, but I am unable to reach the DNS server to resolve hostnames."
Hosts are Unable to Get Responses from Internet Servers or Servers on Another Subnet, Using
Hostnames
A host or group of hosts are configured with a /24 subnet mask that causes an overlap with the
server network subnet addresses, including the DNS server. Subnet mask errors on hosts do not
usually affect Internet connectivity; however, if the subnet mask error causes the host subnet to
overlap the subnet containing the DNS server, the host(s) will not be able to contact the DNS
server. Without DNS, no IP addresses can be resolved and all services that rely on DNS cannot
be accessed. Check host and DNS configurations if unable to access the Internet.
Issue 4
The router between the two subnets says, "I have received a packet for destination 192.168.0.51,
but that does not match any route in my routing table. I cannot forward this packet."
Some Hosts Can Get Responses from Internet Servers and Servers on Other Subnets, but Others
Cannot
The subnet mask configuration error occurs on a router interface that serves as a default gateway
for one of the /27 subnets. If the router interface is incorrectly configured with a /28 subnet
mask, the route entered in the routing table will not include all hosts on the /27 subnet. Hosts
with addresses on the lower portion of range that are within the /28 subnet IP address boundaries
will be able to send and receive through the router. Those with address in the top half of the
range can send packets to remote destinations, but when the responses return, the router does not
have a route to the destination IP addresses. Always verify all connected routes in the routing
table using the show IP route command.
Page 4:
Click the Activity icon to begin.

Link to Simulation GUI: Troubleshoot an IP Addressing Issue
9.3.3 IP Address Planning and Allocation Issues
Page 1:
Poor address allocation planning can cause other problems. Often, an administrator
underestimates the potential for growth when designing subnets. As a result, the IP subnetting
scheme does not allow for enough host addresses in each subnet. One indication of a subnet
having too many hosts is when some hosts are unable to receive an IP address from the DHCP
server.
When a host running Microsoft Windows does not receive an address from a DHCP server, it
automatically assigns itself an address on the 169.254.0.0 network. If this occurs, use the show
ip dhcp binding command to check whether the DHCP server has available addresses .
Another indication of not enough IP addresses is an error message on a host stating that duplicate
IP addresses exist. If a host device is turned off when the DHCP lease expires, the address is
returned to the DHCP pool and can be issued to another host. When the original lease holder is
turned back on, it requests a renewal of its previous IP address. In a Microsoft Windows
network, both hosts report a duplicate IP address error.
9.3.3 - IP Address Planning and Allocation Issues

The diagram depicts a message regarding IP address planning.
R1 # show IP dhcp binding
Binding from all pools not associated with VRF:

IP addressClient-ID/Lease expirationType
Hardware address
User name
192.168.10.10100.e018.5bdd.35Oct 03 2007 06:14 PMAutomatic
192.168.10.11100.d0d0.d817.e6Oct 03 2007 06:18 PMAutomatic
Page 2:

The diagram depicts an activity in which you much use the the network address and the subnet
mask in decimal and binary to determine the number of hosts.
Scenario
Network Address in decimal: 10.0.0.0
Subnet Mask in decimal: 255.255.254.0
Network address in binary: 00001010.00000000.00000000.00000000.
Subnet Mask in binary: 11111111.11111111.11111110.10000000
What are the number of hosts?
Page 3:
Lab Activity
Create an IP addressing scheme that allows for 20% growth in the number of attached hosts.

Link to Hands-on Lab: Designing an IP Subnetting Scheme for Growth
9.3.4 DHCP and NAT Issues
Page 1:
DHCP can create another level of complication when troubleshooting network issues. If hosts are
configured to use DHCP and are not able to connect to the network, verify that IP addressing is
assigned using the Windows command, ipconfig /all. If hosts are not receiving IP addressing
assignments, it is necessary to troubleshoot the DHCP configuration.
Regardless of whether the DHCP service is configured on a dedicated server or on the router, the
first step in troubleshooting is to check the physical connectivity. If a separate server is used,
check that the server is receiving network traffic. If the DHCP service is configured on a router,
use the show interfaces command on the router to confirm that the interface is operational. If the
interface connected to the host network is down, the port does not pass traffic, including DHCP
requests.
Next, verify that the DHCP server is correctly configured and has available IP addresses to lease.
After this is confirmed, check for any address conflicts. Address conflicts can occur even if there
are available addresses within the DHCP pool. This can happen if a host is statically configured
with an address that is also contained in the range of the DHCP pool.
Use the show ip dhcp conflict command to display all address conflicts recorded by the DHCP
server. If an address conflict is detected, the address is removed from the pool and not assigned
until an administrator resolves the conflict.
If none of these steps diagnoses the problem, test to ensure that the issue is actually with DHCP.
Configure a host with a static IP address, subnet mask, and default gateway. If the workstation is
unable to reach network resources with a statically configured IP address, the root cause of the
problem is not DHCP. At this point, network connectivity troubleshooting is required.
9.3.4 - DHCP and NAT Issues

The diagram depicts a Windows cmd.exe window showing the ipconfig /all command.
Page 2:
DHCP is a broadcast protocol, which means that the DHCP server must be reachable through a
broadcast message. Because routers normally do not forward broadcasts, either the DHCP server
must be on the same local network as the hosts or the router must be configured to relay the
broadcast messages.
A router can be configured to forward all broadcast packets, including DHCP requests, to a
specific server using the ip helper-address command. This command allows a router to change
the destination broadcast addresses within a packet to a specified unicast address:
Router(config-if)# ip helper-address x.x.x.x
Once this command is configured, all broadcast packets will be forwarded to the server IP
address specified in the command, including DHCP requests.
When a router forwards address requests, it is acting as a DHCP relay agent. If DHCP relay is
not operational, no hosts can obtain an IP address. When no hosts can obtain an IP address from
a DHCP server that is located on another network, verify that the helper address is configured
correctly on the router.

The diagram depicts examples of how DHCP relay operates.
DHCP Problem
Router, R1, connects to a WAN via D C E. R1 also connects to network 192.168.10.0 /24 via F
A 0 /0 with the link address 192.168.10.1/24 to the F A 0 /1 port of switch S1. S1 (192.168.10.2 /
24) connects via F A 0 /2 to host, PC1, (192.168.10.10 /24). R1 also connects to network
192.168.11.0 /24 via F A 0 /1 to the F A 0 /1 port of switch S2 with the link address
192.168.11.1 /24. S2 (192.168.11.2 /24) connects via F A 0 /24 to DHCP server (192.168.11.5 /
24).
PC1 says, "Looking for a DHCP server ..."

R1 says, "Sorry, I can not forward any broadcasts outside of your network subnet ..."
Host Problem (PC1)

C:\Documents and Settings\Administrator>ip config /release
Windows IP Configuration
Ethernet adapter Local Area
Connection: Connection-specific DNS Suffix . :

IP address. . . . . . . . . . . . : 0.0.0.0
Subnet mask . . . . . . . . . . . : 0.0.0.0
Default gateway . . . . . . . . . :
C:\Documents and Settings\Administrator>ip config /renew
An error occurred while renewing interface Local Area Connection : unable to contact your
DHCP server. Request has timed out.
C:\Documents and Settings\Administrator>
Relay Config
Router, R1, connects to a WAN via D C E. R1 also connects to network 192.168.10.0/24 via F A
0 /0 with the link address 192.168.10.1 /24 to the F A 0 /1 port switch of S1. S1
(192.168.10.2/24) connects via F A 0 /2 to host, PC1, (192.168.10.10/ 24). R1 also connects to
network 192.168.11.0/24 via F A 0 /1 to the F A 0 /1 port of switch, S2, with the link address
192.168.11.1/24. S2 (192.168.11.2 /24) connects via F A 0 /24 to DHCP server (192.168.11.5 /
24).
R1 # config t
R1 (config) # interface F A 0 /0
R1 (config-if) # IP helper-address 192.168.11.5
R1 (config) # end
Host Renew
C:\Documents and Settings\Administrator>ip config /release
Ethernet adapter Local Area
Connection: Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Administrator>ip config /renew
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP address. . . . . . . . . . . . : 192.168.10.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
C:\Documents and Settings\Administrator>
Page 3:
If the hosts on the internal network are assigned private addresses, NAT is required to
communicate with the public network. Usually the first indication that there is a NAT problem is
that users cannot reach sites located on the Internet. There are three types of address translation:
static, dynamic, and PAT. Two common types of configuration errors affect all three translation
methods.
Incorrect Designation of Inside and Outside Interfaces
It is critical that the correct interfaces are designated as the inside or outside interface for NAT.
In most NAT implementations, the inside interface connects to the local network, which uses
private IP address space. The outside interface connects to the public network, usually the ISP.
Verify this configuration using the show running-config interfacecommand.
Incorrect Assignment of Interface IP Address or Pool Addresses
In most NAT implementations, the IP address pool and static NAT translation entries must use
IP addresses that are on the same local IP network as the outside interface. If not, addresses are
translated, but no route to the translated addresses are found. Check the configuration to verify
that all the translated addresses are reachable. When the address translation is configured to use
the outside interface address in PAT, make sure that the interface address is on the correct
network and is configured with the proper subnet mask.
Another common issue is that when dynamic NAT or PAT is enabled, external users are no
longer able to connect to internal devices. If external users must be able to reach specific servers
on the internal network, be sure that static translations are configured.

The diagram depicts dynamic NAT configuration commands.
access-list 1 permit 192.168.0.0 0.0.255.255

!-Defines which addresses are eligible to be translated
ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240
!-Defines a pool of addresses named NAT-POOL2 to be used in NAT translation
ip nat inside source list 1 pool NAT-POOL2 overload
!-Binds the NAT pool with ACL1
interface serial 0/0/0
ip nat inside
!-Identifies interface Serial 0/0/0 as an inside NAT interface
ip nat outside
!-Identifies interface Serial 0/1/0 as an outside NAT interface
Page 4:
If you are certain that NAT is configured correctly, it is important to verify that NAT is
operational.
One of the most useful commands when verifying NAT operation is the show ip nat
translations command. After viewing the existing translations, clear them using the clear ip nat
translation * command. Be aware that clearing all IP translations on a router may disrupt user
services. Then use the show ip nat translations command again. If new translations appear,
there may be another problem causing the loss of Internet connectivity.
Verify that there is a route to the Internet for the translated addresses. Use traceroute to
determine the path the translated packets are taking and verify that the route is correct. Also, if
possible, trace the route to a translated address from a remote device on the outside network.
This can help isolate the next troubleshooting target. There may be a routing problem on the
router where the trace output stops.

The diagram depicts NAT configurations and output.
A LAN with two PCs, 192.168.10.10 and 192.168.10.11, are connected to a switch which is also
connected to router, R2, using its F A 0 /0 with IP address 192.168.10.1. Serial 0/1/0 of R2 is
connected to the Internet cloud with an IP address of 209.165.200.225.
NAT Overload
access-list 1 permit 192.168.10.0 0.0.0.0.255
ip nat inside source list 1 interface serial 0/1/0 overload
interface fastethernet0/0
ip nat inside
ip nat outside
NAT Translations
R2 # show IP nat translations
ProInside globalInside localOutside local
tcp209.165.200.225:16642192.168.10.10:16642209.165.200.254:80
tcp209.165.200.225:62452192.168.10.11:62452209.165.200.254:80
Outside global
209.165.200.254:80
209.165.200.254:80
R2 # show IP nat translations verbose

Pro Inside global Inside local Outside local Outside global
tcp 209.165.200.225:16642 192.168.10.10:16642 209.165.200.254:80 209.165.200.254:80
create 00:01:45, use 00:01:43 timeout :86400000, left 23:58:16, Map-Id (In) :1,
flags:
extended, use count: 0, entry- id: 4, 1c_entries : 0
tcp 209.165.200.225:62452 192.168.10.11:62 452 209.165.200.254:80 209.165.200 .254:80
create 00:00:37, use 00:00:35 timeout:86400000, left 23:59:24, Map-Id (In): 1,
flags:
extended, use count : 0, entry-id : 5, lc_entries: 0
R2 #
Cleared NAT
R2 # clear IP nat translation *
R2 # show IP nat translations
R2 #
Page 5:
Use show commands to troubleshoot DHCP and NAT.

Link to Packet Tracer Exploration: Troubleshooting DHCP and NAT
Page 1:
CCENT Study Guide

Link to Hands-on-Lab: CCENT Study Guide 3
9.4 Troubleshooting Layer 3 Routing Issues
9.4.1 Layer 3 Routing Issues
Page 1:
Layer 3 encompasses the addressing of networks and hosts, and the protocols that route packets
between networks.
Most networks have a number of different types of routes, including a combination of static,
dynamic, and default routes. Problems with routing can cause network failures or adversely
affect network performance. These problems can be the result of manual route entry errors,
routing protocol configuration and operation errors, or failures at lower layers of the OSI model.
To troubleshoot Layer 3 problems, it is important to understand how routing works, including

how each type of route functions and is configured.
You may want to review the materials and activities in CCNA Discovery: Networking for Home
and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP on
routing and routing protocols before continuing with this chapter.
9.4.1 - Layer 3 Routing Issues

The diagram depicts symptoms for issues on Layer 3, the Network Layer.
Layer 3: Network routing issues.

Symptoms.
Network failure.
Network performance below baseline.
Page 2:
The status of a network can change frequently for a variety of reasons, including:
• An interface fails.
• A service provider drops a connection.
• The available bandwidth is overloaded.
• An administrator enters an incorrect configuration.
When there is a change in the network status, routes can be lost, or an incorrect route can be
installed into the routing table.
The primary tool to use when troubleshooting Layer 3 routing problems is the show ip route
command. This command displays all the routes the router uses to forward traffic. The routing
table consists of route entries from the following sources:
• Directly connected networks

• Static routes
• Dynamic routing protocols
Routing protocols choose which routes are preferred based on route metrics. Directly connected
networks have a metric of 0, static routes also have a default metric of 0, and dynamic routes
have various routing metrics, depending on the routing protocol used.
If there is more than one route to a specific destination network, the route with the lowest
administrative distance (AD) is installed into the routing table.
Any time a routing problem is suspected, use the show ip route command to ensure that all the
expected routes are installed in the routing table.

The diagram depicts a table with administrative distance and default metric information about
various route sources.
Route Source: Connected

Default Metric(s): 0
Route Source: Static

Default Metric(s): 0
Route Source: EIGRP Summary Route

Default Metric(s): N/A
Route Source: External BGP

Default Metric(s): Value assigned by Admin
Route Source: Internal EIGRP
Default Metric(s): Bandwidth Delay
Route Source: IGRP

Administrative Distance:100
Default Metric(s): Bandwidth, Delay
Route Source: OSPF

Default Metric(s): Link cost (bandwidth)
Route Source: IS-IS

Default Metric(s): Link cost (Value assigned by admin)
Route Source: RIP

Default Metric(s): Hop count
Route Source: External EIGRP

Default Metric(s): N/A
Route Source: Internal BGP

Default Metric(s): Value assigned by Admin
Page 3:
Connected Route Problems
Directly connected routes are automatically installed in the routing table when an IP address is
configured on an interface, and the interface is enabled using the no shutdown command. If a
directly connected route does not appear in the table, use the show interfaces or show ip
interface brief command to verify that an address is assigned and that the interface is in an
up/up state.
Static and Default Route Problems
When a static or default route does not appear in the routing table, the problem is most likely a
configuration error. Static and default routes must use either an exit interface or the IP address of
a next hop router. Static routing errors sometimes occur because the next hop address is not in
the correct IP address range of any directly connected network. Verify that the configuration
statements are correct and that the exit interfaces used by the routes are in an up/up state.
Dynamic Route Problems
There are many different types of problems that can cause dynamic routes to not appear in the
routing table. Because dynamic routing protocols exchange route tables with all other routers in
the network, a missing route could be caused by a misconfiguration on one or more of the routers
on the path to the destination.

The diagram depicts an Edit Router C Window with the focus on the following information.
R - RIP
Directly Connected Route

C 172.16.0.0 /16 is directly connected, Fast Ethernet 0
10.0.0.0 /24 is subnetted, 1 subnets
Static Route
S 10.10.10.0 [1 /0] via 192.168.1.2
Dynamically Updated Route

R 192.168.2.0 / 24 [120 /1] via 192.168.1.2, 00:00:23
Default Route
S* 0.0.0.0 /0 [1 /0] via 192.168.1.2
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
Page 4:
Use routing table principles to solve a routing problem.

Link to Packet Tracer Exploration: Applying Routing Table Principles
9.4.2 Dynamic Routing Errors
Page 1:
Routing table updates usually occur when a new network is configured or an already configured
network becomes unreachable.
If directly connected routes appear in the router table, the routing table is accessed and changed
only if the directly connected interface changes states. If static or default routes are configured,
the routing table changes only if new routes are specified or if the exit interface specified in the
static or default route changes states.
Dynamic routing protocols automatically send updates to other routers in the network. If
dynamic routing is enabled, a router accesses and changes its own routing table any time a
change is reported in an update from a neighboring router.
RIP is a dynamic routing protocol used in small- to medium-sized LANs. When troubleshooting
issues specific to RIP, check the versioning and configuration statements.
It is always best to use the same version of the routing protocol on all routers. Although RIPv1
and RIPv2 are compatible, RIPv1 does not support classless routing or variable length subnet
masks (VLSM). This can create issues if both RIPv1 and RIPv2 are configured to run on the
same network. Additionally, while RIPv2 automatically listens for both RIPv1 and RIPv2
updates from neighbors, RIPv1 does not listen for RIPv2 updates.
Routing problems also occur if there are incorrect or missing network statements. The network
statement does two things:
• It enables the routing protocol to send and receive updates on any local interfaces that
belong to that network.
• It includes that network in its routing updates to its neighboring routers.
A missing or incorrect network statement results in inaccurate routing updates and can prevent
an interface from sending or receiving routing updates.
9.4.2 - Dynamic Routing Errors

The diagram depicts an example of a router configuration.
Router, R1, is part of a complex network which uses VLSM and static routes. R1 has two local
networks attached, 172.30.1.0 /24 and 172.30.2.0 /24. The WAN serial link to R2 is network
209.165.200.228 /30. The RIP portion of the show running-config command output on R1 is as
follows:
router RIP
version 2
network 172.30.0.0
network 209.165.200.0
no auto-summary
!
Page 2:
Many tools exist for troubleshooting dynamic routing issues.
TCP/IP utilities, such as ping and traceroute, are used to verify connectivity. Telnet can be used
to verify connectivity and make configuration changes. Cisco IOS show commands display a
snapshot of a configuration or the status of a particular component. The Cisco IOS command set
also includes various debug commands.
Debug commands are dynamic and provide real-time information on traffic movement and the
interaction of protocols. For example, the debug ip rip command displays the exchange of RIP
routing updates and packets as they occur.
Debug functions use a significant portion of CPU resources and can slow or stop normal router
operations. For this reason, use debug commands to isolate problems, not to monitor normal
network operation.

The diagram depicts
Router, R1, is connected via S0/0/0 to S0/0/0 ofR2 with the link network address 172.20.1.0 /30.
R1 is connected via F A 0 /0 to network 192.168.1.0 /24. R2 is connected via F A 0 /0 to network
192.168.2.0 /24.
RIP-related command output for R1 is as follows:
Command 1: show IP protocols

Default version control: send version 2, receive version 2
Routing for Networks:

172.20.0.0
192.168.1.0
Command 2: show running-config

interface FastEthernet0/0
description LAN gateway for 192.168.1.0
IP address 192.168.1.1 255.255.255.0
duplex auto
interface Serial0/0/0
IP address 172.20.1.1 255.255.255.252
no fair-queue
!
Router rip
version 2
passive-interface FastEthernet0/0
network 172.20.0.0
network 192.168.1.0
!
Banner m o td # Unauthorized use prohibited #
!
Command 3: show interfaces

MTU 1500 bytes, BW 100000 Kbit, D L Y 100 u sec,
Auto-duplex, Auto speed, 100BaseTX/FX
Command 4: show IP interface

FastEthernet0/0
Multicast reserved groups joined: 224.0.0.9
Serial0/0/0
Multicast reserved groups joined: 224.0.0.9
Command 5: show IP route

R192.168.2.0 [120/1] via 172.20.1.2, 00:00:04, Serial0/0/0
Command 6: debug IP rip

* Sep 12 21:09:16.399:RIP: received v2 update from 172.20.1.2 on Serial0/0/0
Page 3:
Subnet an address space, configure devices, and use combination of RIPv2 and static routing to
provide connectivity between remote hosts.

Link to Packet Tracer Exploration: Configuring RIPv2 (Challenge)
Page 4:
Lab Activity
Troubleshoot a RIP router network configured with errors.

Link to Hands-on Lab: Correcting RIPv2 Routing Problems
Page 1:
CCENT Study Guide

9.5 Troubleshooting Layer 4 and Upper Layer Issues
9.5.1 Layer 4 Traffic Filtering Errors
Page 1:
Layer 4, the Transport Layer, is considered a transition between the upper and lower layers of the
OSI model. Layer 4 is responsible for transporting data packets and specifies the port number
used to reach specific applications. Layer 4 network problems can arise at the edge of the
network where security technologies are examining and modifying the traffic. Many problems
are caused by firewalls that are configured to deny traffic based on port numbers, even though
this traffic should be forwarded.
Layer 4 supports both UDP and TCP traffic. Some applications use TCP, some use UDP, and
some use both. When denying traffic based on the port number, it is necessary to specify the
transport protocol used. Some engineers are unsure of which transport protocol is used by
specific applications and therefore deny the port number for both TCP and UDP traffic. This
practice may unexpectedly deny traffic that should be allowed.
Firewalls are also often configured to deny everything except the applications specified in the
permit statements. If traffic that should be permitted is not included in the firewall statements, or
if a new application is added to the network without a corresponding permission being added to
the firewall, filtering problems occur.
A common indication of Layer 4 problems is users reporting that some web services, especially
video or audio, are not reachable.
Verify that the ports being permitted and denied by the firewall are the correct ones for the
applications. For a better understanding of which ports correspond to specific applications,
review the information on TCP, UDP, and ports in CCNA Discovery: Networking for Home and
Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP.
9.5.1 - Layer 4 Traffic Filtering Errors

The diagram depicts symptoms for issues on Layer 4, the Transport Layer. The table describes
the abbreviation and definition for well-known ports.
Layer 4: Transport Layer Problems.

Symptoms.
Intermittent network problems
Security problems
Trouble reaching some web sites or other network-based applications and services.
Well-known Ports
Destination port number: 20

Abbreviation: FTP Data
Definition: File Transfer Protocol (for data transfer)

Abbreviation: FTP Control
Definition: File Transfer Protocol (to establish connection)

Abbreviation: TELNET
Definition: TELetype NETwork

Abbreviation: SMTP
Definition: Simple Mail Transfer Protocol

Abbreviation: DNS
Definition: Domain Name Service

Abbreviation: DHCP v4 Client
Definition: Dynamic Host Configuration Protocol (Client)

Abbreviation: DHCP v4 Server
Definition: Dynamic Host Configuration Protocol (Server)

Abbreviation: TFTP
Definition: Trivial File Transfer Protocol

Abbreviation: HTTP
Definition: Hypertext Transfer Protocol

Abbreviation: POP3
Definition: Post Office Protocol (version 3)

Abbreviation: NBNS
Definition: Microsoft NetBIOS Name Service

Abbreviation: I MAP4
Definition: Internet Message Access Protocol (version 4)

Abbreviation: SNMP
Definition: Simple Network Management Protocol

Abbreviation: HTTPS
Definition: Hypertext Transfer Protocol Secure
Page 2:
9.5.1 - Layer 4 Traffic Filtering Errors

The diagram depicts an activity in which you must match the protocol name to the port number.
Port Numbers
A. 21
B. 53
C. 161
D. 67
E. 110
F. 23
G. 80
H. 25
I. 143
Protocol Names
One. FTP
Two. Telnet
Three. SMTP
Four. HTTP
Five. POP3
Six. I MAP4
Seven. DNS
Eight. DHCP
Nine. SNMP
9.5.2 Troubleshooting Upper Layer Problems
Page 1:
Most of the upper layer protocols provide user services that are typically used for network
management, file transfer, distributed file services, terminal emulation, and email. Protocols at
these layers are often referred to as TCP/IP Application Layer protocols, because the TCP/IP
model Application Layer encompasses the upper three layers of the OSI model.
The most widely known and implemented TCP/IP Application Layer protocols include:
• Telnet - Enables users to establish terminal session connections with remote hosts.
• HTTP - Supports the exchange of text, graphic images, sound, video, and other
multimedia files on the web.
• FTP - Performs interactive file transfers between hosts, using TCP.
• TFTP - Performs basic interactive file transfers typically between hosts and networking
devices, using UDP .
• SMTP - Supports basic email message delivery services.
• POP3 - Connects to mail servers and downloads email to a client application.
• IMAP4 - Enables email clients to retrieve messages and store email on servers.
• SNMP - Collects information from managed devices.
• NTP - Provides updated time to hosts and network devices.
• DNS - Maps IP addresses to the names assigned to hosts.
• SSL - Provides encryption and security for HTTP transactions.
• SSH - Provides secure remote terminal access to servers and networking devices.
9.5.2 - Troubleshooting Upper Layer Problems

The diagram depicts protocols used on the upper layers of the O S I Model: Layer 5, the Session
Layer, Layer 6, the Presentation Layer, and Layer 7, the Application Layer. The upper layers of
the O S I model are referred to as the TCP/IP Application Layer protocols.
TCP/IP Application Layer protocols.

HTTP.
Telnet.
FTP.
TFTP.
SMTP.
POP3.
I MAP4.
SNMP.
NTP.
DNS.
SSL.
SSH.
Page 2:
It can be difficult to isolate problems to the upper layers, especially if the client configuration
does not reveal any obvious problems. To determine that a network problem is with an upper
layer function, start by eliminating basic connectivity as the source of the problem.
Using the "divide and conquer" method of troubleshooting, begin with verifying Layer 3
connectivity.
Step 1. Ping the host default gateway.
Step 2. Verify end-to-end connectivity.
Step 3. Verify the routing configuration.
Step 4. Ensure that NAT is working correctly.
Step 5. Check for firewall filter rules.
If the problem exists on a remote network, end-to-end connectivity cannot be verified because
there is no control over all the connections. For this reason, it is possible that even though the
configurations on the local devices are correct, there is still a problem with the remote network.
Be sure to check with the ISP to ensure that their network connection is up and operational.
If all these steps are completed successfully, and it is verified that the end-to-end connectivity is
not the issue, but the end device is still not operating as expected, the problem has been isolated
to the upper layers.
The diagram depicts the process for troubleshooting the upper layers.
Step 1. Ping the host default gateway.

If both the host and the server can successfully ping their default gateways, Layer 1 and Layer 2
services are functioning properly and Layer 3 local network connectivity exists. If the ping to the
local default gateway address fails, troubleshoot Layers 3, 2, and 1 to locate the source of the
problem.
Step 2. Verify end-to-end connectivity.
Ping or telnet from the host to a remote server or networking device. If successful, Layer 3
routing is operating correctly. When Layers 1, 2, and 3 are functioning properly, the issue must
exist at a higher layer.
If this ping is unsuccessful, it is necessary to troubleshoot the routing, NAT and firewall
configurations to ensure proper packet delivery.
Step 3. Verify the routing configuration.
Ensure that the routing configuration is correct and that routes are updating as expected. If the
routing table does not contain expected routes, troubleshoot and fix the routing configuration and
attempt Step 2 again. If still unable to ping, check the NAT configuration.
Step 4. Ensure that NAT is working correctly.
When there is a problem reaching services on a remote network, such as over the Internet, NAT
may not be functioning correctly. Use the show IP nat translations command to verify that
translations are occurring. Clear the NAT translations with the clear IP nat translation *
command and try to access the external resource again. If still not successful, check the
configuration of the inside and outside interfaces. When the NAT configuration has been
verified, attempt Step 2 again. If still unable to ping, check for firewall filter rules.
Step 5. Check for firewall filter rules.
Even though there is IP connectivity between a source and a destination, problems may still exist
for a specific upper layer protocol, such as FTP, HTTP, or Telnet. These protocols ride on top of
the basic IP transport but are subject to protocol-specific problems relating to packet filters and
firewalls. Verify that the necessary ports are permitted on all firewalls.
Page 3:
Upper layer problems prevent services from being provided to application programs. A problem
at the upper layers can result in unreachable or unusable resources, even when the lower layers
are functional. It is possible to have full network connectivity, but the application cannot provide
data.
Problems with upper layer functions usually affect just a few applications, perhaps even only
one. It is not unusual for a help desk technician to get a call from a user who cannot receive
email, although all other applications are functioning correctly.
Misconfigured client applications account for the majority of upper layer network problems.
When an incorrect email or FTP server is specified, the client cannot find and retrieve
information. When more than one application is affected, the upper layer problem may be
attributed to a DNS server issue.
To verify that DNS is functioning correctly and can resolve server addresses, use the Windows
command nslookup. If DNS is not working as expected, ensure that the correct DNS server
address is configured on the host. When hosts receive DNS server information from a DHCP
server, verify that the DHCP server has the correct IP address for the DNS server.
If the DNS server is operational and reachable, check for DNS zone configuration errors. Look
for a typographical error in an address or name within the files.

The diagram depicts symptoms for issues for the upper layers of the O S I Model: Layer 7,
Application, Layer 6, Presentation, and Layer 5, Session.
Upper Layer Problems.

Symptoms:
User complains about slow application performance
Application error message
Unable to access application services, such as FTP
Unable to access Web services
Page 4:
The upper layers are responsible for encryption and compression. A mismatch between the way a
client encrypts or compresses the data and the way the server interprets it can cause applications
to not function or to function poorly.
When a problem occurs on a single host or workstation, it may be a problem with the way the
information is being interpreted in the host software. Browser plug-in programs, such as Adobe
Reader, often perform upper layer functions. These programs must be kept updated for web
pages to display correctly.
Using an incorrect protocol to request data can cause a web page to be unreachable. For example,
it may be necessary to specify https:// on the browser address line, rather than http:// to retrieve
an SSL-protected web page.

The diagram depicts a Firefox browser window with a "Server not found" error message.
9.5.3 Using Telnet to Check Upper Layer Connectivity
Page 1:
Telnet is an excellent tool to use when troubleshooting problems with upper layer functions.
Using Telnet to access the networking devices enables the technician to enter commands on each
device as if they were locally attached. In addition, the ability to reach devices using Telnet
indicates that the lower layer connectivity exists between the devices.
However, Telnet is an insecure protocol, which means that all data communicated can be
captured and read. If there is a possibility that communications can be intercepted by
unauthorized users, Secure Shell (SSH) protocol should be used instead. SSH is a more secure
method for remote device access.
Most newer versions of the Cisco IOS software contain an SSH server. In some devices, this
service is enabled by default. Other devices require the SSH server to be manually enabled.
Cisco IOS devices also include an SSH client that can be used to establish SSH sessions with
other devices. Similarly, a remote computer with an SSH client can be used to start a secure CLI
session. SSH client software is not provided by default on all computer operating systems. The
technician may need to acquire, install, and configure SSH client software on the computer.
Review the material in CCNA Discovery: Working at a Small-to-Medium Business or ISP on

configuring and using SSH.
9.5.3 - Using Telnet to Check Upper Layer Connectivity

The diagram depicts an example of using Telnet to check an upper level connection.
A Telnet client with a virtual terminal application window is connected via the internet to a
Telnet server. Telnet provides a way to use a computer, connected via the network, to access a
network device as if the keyboard and monitor were directly connected to the device.
Page 2:
Lab Activity
Access networking devices using Telnet and SSH.

9.5.3 - Using Telnet to Check Upper Layer Connectivity
Link to Hands-on Lab: Using Telnet and SSH to Access Networking Devices
Page 1:
CCENT Study Guide

9.6 Preparing for Cisco Certification
9.6.1 Knowledge, Skills and Abilities
Page 1:
The Cisco Certified Entry Networking Technician (CCENT) certification validates the skills
required for entry-level network support positions, the starting point for many successful careers
in networking. CCENT certification is the first step toward achieving CCNA certification (Cisco
Certified Network Associate), which covers medium-size enterprise branch networks that have
more complex connections. To obtain CCENT certification, a candidate must pass the ICND1
examination at a Cisco Certified Testing Center.
The ICND1 exam (640-822) tests the ability to install, operate, and troubleshoot a small branch
office network. The exam includes topics on networking fundamentals:
• Connecting to a WAN
• Basic security and wireless concepts
• Routing and switching
• TCP/IP and OSI models
• IP addressing
• WAN technologies
• Operating and configuring Cisco IOS devices
• Configuring RIPv2, static and default routing
• Implementing NAT and DHCP
• Configuring simple networks
Mastering a Cisco certification exam is not an easy task. Cisco has maintained the difficulty of
the CCNA exam series by changing the exam requirements regularly. Some candidates pass the
exam the first time; many pass it after multiple attempts, while some do not pass it. Good
preparation is the best way to ensure that you pass the exam the first time.
9.6.1 - Knowledge, Skills, and Abilities

The diagram depicts the steps to take to become CCENT and CCNA certified.
Option 1 - CCENT/CCNA Certification

Take and pass:
ICND1 640-822 Exam,
CCNA Discovery: Networking for Home and Small Businesses,
CCNA Discovery: Working at a Small-to-Medium Business or ISP,
to become CCENT Certified.
Then take and pass:

ICND2 640-816 Exam,
CCNA Discovery: Introducing Routing and Switching in the Enterprise,
CCNA Discovery: Designing and Supporting Computer Networks,
to become CCNA Certified.
Option 2 - CCNA Certification

Take and pass the CCNA 640-802 Exam,
CCNA Discovery: Networking for Home and Small Businesses,
CCNA Discovery: Working at a Small-to-Medium Business or ISP,
CCNA Discovery: Introducing Routing and Switching in the Enterprise,
CCNA Discovery: Designing and Supporting Computer Networks,
to become CCNA Certified.
Page 2:
Before preparing for any certification examination, it is important to understand the purpose of
the exam. Cisco certification examinations are designed to measure the knowledge, skills, and
abilities of an individual in a defined area of expertise. The exams use a combination of
techniques to enable a candidate to demonstrate readiness to perform various networking tasks.
The exam can contain multiple choice questions, various exercises, and simulated network
configuration tasks. Each question or task is designed to address a specific objective. The Cisco
certification website lists the objectives for the ICND1 exam.
Cisco certification website

9.6.1 - Knowledge, Skills, and Abilities
The diagram depicts a brief description of the knowledge, skills, and abilities that are required to
pass the certification exams.
Knowledge
Knowledge statements are typically factual or procedural in nature. They are related directly to
the performance of a function.
Skills
Skill statements refer to the capability to manually, verbally, or mentally manipulate data or
things to achieve a desired result. Skills can be measured by a performance test where quantity
and quality of performance are tested, usually within an established time limit. Examples of skill
related tasks include skill in typing or skill in operating a vehicle.
Abilities
Ability statements refer to the power to perform an observable activity at the present time. This
means that abilities have been proven through activities or behaviors that are similar to those
required on the job. An example is the ability to plan and organize work.
9.6.2 Networking Knowledge, Skills and Abilities
Page 1:
To perform most networking tasks, some knowledge must be recalled from memory. This type of
knowledge is made up of facts. When studying for a certification exam, identify the pertinent
facts associated with each exam objective. Some individuals find it useful to create flashcards to
help memorize these facts. While there may be a few questions on the exam that require the basic
factual answers, more often the factual knowledge is needed to diagnose or solve a networking
problem.
9.6.2 - Networking Knowledge, Skills, and Abilities

The diagram depicts examples of the type of questions used to test knowledge.
In a RIP network, what is the maximum number of hops a packet can take before a destination
becomes unreachable?
Which routing protocols use a distance vector algorithm?
How does a switch determine which port to use to reach a destination?
Where is the startup configuration stored on a Cisco router?
Page 2:
Many skills are required when performing networking tasks. Some skills are fairly easy, such as
creating and terminating a crossover cable. Other skills are more difficult, such as mastering IP
subnetting.
The mastery of networking skills requires practice. Lab and Packet Tracer activities are designed
to provide a structured practice environment for learners.
Cisco certifications measure and validate the networking skills of an individual based on how
they interact with Cisco networking devices. Because of this, it is very important to practice with
Cisco IOS software. Many exam tasks require the interpretation of Cisco IOS command output,
especially the output of the various show commands.

The diagram depicts a sample question that is designed to test the IP addressing skills of the
candidate. It also requires the candidate to be familiar with configuring Cisco I O S software.
Sample Question:
Refer to the exhibit below. Which Cisco I O S command will assign the first usable IP address in
the subnetwork to FastEthernet0/1 of R T A?
Exhibit: The host, PC-A, (IP 172.18.16.230/22) is connected to a switch which is connected to
the router F A 0 /1 interface. S0/1 of the router is connected to the Internet cloud.
Command One.R T A (config-if) # ip address 172.18.13.1 255.255.254.0.

Command Two.R T A (config-if) # ip address 172.18.14.1 255.255.252.0.
Command Three.R T A (config-if) # ip address 172.18.14.1 255.255.255.252.
Command Four.R T A (config-if) # ip address 172.18.16.1 255.255.252.0.
Command Five.R T A (config-if) # ip address 172.18.16.1 255.255.252.252.
Command Six.R T A (config-if) # ip address 172.18.16.229 255.255.255.252.
Page 3:
The ability to plan, organize, execute, and problem solve is critical to the success of an entry-
level network technician. In a certification exam environment, these abilities are usually
measured using configuration and troubleshooting tasks. Effort is made when designing the
exams to simulate conditions that an individual would find when performing an actual
networking job. These conditions can be presented on the exam using scenarios or simulations.
Preparing for a scenario-based or simulation task is not as simple as memorizing a fact or

practicing a specific skill. These types of tasks require an individual to apply both the facts and
skills to solve a problem or meet a stated requirement.
One of the best ways to develop troubleshooting abilities is to start by analyzing what knowledge
and skills are needed in order to perform specific networking tasks. When the necessary
information is identified, anticipate what would happen if that information was not known. Make
a list of the possible outcomes and determine what skills could be used to identify and correct
any problems that may be created. That sounds difficult, but here are a few examples to consider:
• What would happen if a network technician did not know the correct number of host
addresses available using a specific subnet mask? How could the problems be identified
and corrected?
• What problems might arise in a RIPv2 network that has more than 15 hops from a source
to a destination address? What would be a symptom of this problem? How could the
problem be corrected?

The diagram depicts areas of analysis that should be considered when studying the RIP routing
protocol: the information needed, possible outcomes, and possible symptoms of problems.
Task: Configure RIPv2 to route network traffic
Information needed
Steps to configure RIPv2 routing.
One.Log into the router.
Two.Enter privileged mode.
Three.Enter configuration mode.
Four.Enable RIP.
Five.Enable version 2.
Six.Configure a network statement for each connected network that participates in RIP.
Cisco I O S commands to enable RIPv2 routing.
One.Config t.
Two.Router rip.
Three.Version 2.
Four.Network [address].
Five.Copy running-config startup-config.
Network addresses for each connected network.
Methods to verify if RIPv2 is configured correctly and working.
One.Use show running-configuration command.
Two.Use show IP route command.
Three.Ping from a host to a remote IP address on another network.
Four.Trace the route through the router to a remote IP address.
Five.Use debug to verify the RIPv2 routing updates are being sent and received.
Possible incorrect outcomes if I do no posses the necessary knowledge

I cannot enter configuration mode to being the configuration
I forgot to configure version 2 or add the network statement
I do not configure all the networks
I enter the wrong IP address information
I cannot verify if RIPv2 is operating correctly
Possible symptoms of problems

Cannot ping hosts on other networks
Cannot trace route through the router
No routes appear in routing table of router
Page 4:

The diagram depicts an activity in which you must determine if each of the following tasks
belongs in the knowledge, skills, or ability category.
Tasks.
One.Troubleshoot a non-functioning network.
Two.Calculate an IP subnet.
Three.Configure an IP address on a router interface.
Four.Plan the implementation of a new router.
Five.List two distance vector routing protocols.
Six.Build a Category 5 crossover cable.
Seven.Design an IP address scheme.
Eight.Explain the meaning of the term NAT.
Page 5:
Lab Activity
Identify the knowledge, skills, and abilities needed to perform the lab tasks.

Link to Hands-on Lab: Identifying Necessary Knowledge, Skills, and Abilities
9.6.3 Making the Commitment
Page 1:
Getting ready to take a certification exam can be an overwhelming task. There is much
information to review, many skills to practice, and pressure to succeed. Just like installing a
network for a customer, exam preparation is more successful if it is broken down into a series of
smaller steps:
1. Making the commitment.
2. Creating a plan.
3. Practicing test taking.

After you complete these steps, you are ready to begin the exam preparation.
9.6.3 - Making the Commitment

The diagram depicts an image of the certification pyramid offered by Cisco, from bottom to top,
as follows:
CCENT
CCNA
CCNP
CCIE
Page 2:
The first step to obtaining a Cisco certification is making the commitment to devote the time and
effort necessary to prepare for the examination. This commitment needs to be assigned a top
priority, because it will take time that was previously used for other activities.
In addition to taking time, preparing for a certification exam requires concentration. Find a place
at home or at school where you can study for long periods of time uninterrupted. Trying to learn
and practice networking skills can be extremely difficult if other distractions are present.
Having the right equipment and resources is also important. Make sure that you have access to a
computer, the on-line course materials, and Packet Tracer software. Discuss with your instructor
how to schedule lab time to practice your skills on actual equipment. Find out if remote lab
access over the Internet is available in your area.
Inform friends and family of your commitment to obtaining the CCENT certification. Explain to
them that their assistance and support are needed during the exam preparation. Even if they have
no understanding of networking, they can help you study with flashcards or ask practice
questions. At a minimum, they can help by respecting your need for uninterrupted study time. If
others in your class are preparing for the exam at the same time, it may be helpful to organize a
study group.
9.6.3 - Making the Commitment

This image depicts two students studying.
9.6.4 Creating a Plan
Page 1:
After you have made the commitment to dedicate the time necessary to prepare to take the
ICND1 examination, the next step is creating a plan. A certification preparation plan includes
information on how you intend to prepare, a schedule of dates and times, and a list of the
resources.
There are two ways to approach studying for a certification exam: individually or in a group.
Many people find that creating a study group helps them to focus better on the material and keep
to a schedule.
When studying with a partner or in a group, it is critical for all participants to know how to
contact each other, the schedule and place for meetings, and other pertinent information. It may
be necessary to assign members of the group different responsibilities, such as:
• Obtaining and distributing study materials

• Scheduling lab time
• Ensuring all necessary supplies are available
• Keeping track of the group progress
• Finding answers to problems
Studying alone might make the coordination of resources easier, but it does not diminish the
importance of a good plan.
9.6.4 - Creating a Plan

The diagram depicts a checklist, as follows:
Exam Preparation Checklist

Obtaining and distributing study materials
Scheduling lab time
Ensuring all necessary supplies are available
Keeping track of the group progress
Finding answers to problems
Page 2:
Set a realistic target date for taking the exam based on the amount of time that is available each
week to dedicate to the preparation.
Use smaller amounts of time for fact memorization, and larger blocks of time for practicing
skills. It can be frustrating to begin a lab or skill practice exercise and not have sufficient time
scheduled to complete it.
The Cisco Press CCENT study guide entitled "31 Days to the CCENT" can be used to structure a
schedule. The book takes each exam objective and highlights the important information to study.
It contains references to the sections and topics in the CCNA Discovery: Networking for Home
and Small Businesses and CCNA Discovery: Working at a Small-to-Medium Business or ISP
curriculum that need to be reviewed and practiced.
A good way to create a schedule is to record all of the available time on a calendar. Then assign
each block of time to a specific task, such as "learn OSI model layers and their functions" or
"practice IP subnetting." When all tasks are entered, determine when to schedule the exam.

This image depicts networking professionals configuring or designing networks.
Page 3:
Investigate all the tools and resources that are available to help you study. The ICND1 tests the
knowledge and skills obtained during this course, in addition to all the content from CCNA
Discovery: Networking for Home and Small Businesses. Access to the online curriculum, labs,
and Packet Tracer activities is critical to successful preparation.
In addition to these tools, many other study aids exist on the Cisco Learning Network. The link
for the Cisco Learning Network is:
Cisco Learning Network
Cisco Press publishes a number of books that cover the CCENT exam objectives. These books
can be purchased through the Cisco Marketplace Bookstore.
Cisco Marketplace Bookstore
After the necessary materials have been gathered, it is important to organize them. Reviewing
and practicing the CCENT knowledge and skills can be difficult if it is approached in a
haphazard manner. It is easier to recall and use information if it is learned and practiced in an
organized framework.

The diagram depicts the CCNA Prep Center home page.
9.6.5 Practicing Test Taking
Page 1:
Recalling and performing networking skills in a formal testing environment is different from
doing the same functions in a classroom or at home. It is important to understand the format of
the exam and how it is administered.
Visit the Testing Center
Before taking the exam, visit the testing center and see how the exam is administered. Ask
questions about what to expect. Some testing centers provide each examinee with a separate
testing room; others have larger areas where a number of people are taking exams at the same
time. Find out what is permitted to bring into the room and, more importantly, what items are not
permitted. Visit the Cisco certification website to find the nearest testing center.
Format of the Examination
Certification exams are given online, similar to the manner in which Networking Academy
assessments are delivered. There are, however, some differences:
• Survey questions may be presented before the actual examination begins. It is important
to answer these questions truthfully. The survey questions have no impact on the content
of the examination or on your final score.
• Certification exams are timed. The time remaining is displayed on the screen so that you
can decide how long to spend on each question or task.
• There may be many different types of questions or tasks on the same examination.
• You cannot go back to a previous question after moving to the next one.
There is no way to skip a question or mark a question for review. If you do not know an answer,
it is best to guess the answer and move on to the next question.
9.6.5 - Practicing Test Taking

This image depicts an individual studying along with a pyramid figure displaying various Cisco
certifications.
Page 2:
Cisco certification exams include the following test formats:

• Multiple-choice single answer
• Multiple-choice multiple answer
• Drag-and-drop
• Fill-in-the-blank
• Testlet
• Simlet
• Simulations
Before taking the exam, become familiar with how all question types function, especially the
testlet, simlet, and simulation tool. This practice enables you to focus on the exam questions
rather than on how to correctly use the tools. Practice the exam tutorial found on the Cisco
Learning Network website until you are comfortable with the format and operation of each type
of question and task.

This image depicts students in a learning institution along with the Cisco pyramid displaying
various Cisco certifications.
Page 3:
Lab Activity
Use the Cisco Learning Network website to find study materials and tools to help prepare for the
CCENT exam.

Link to Hands-on Lab: Exploring the CCNA Prep Center
Page 4:
Although nothing substitutes for the experience of taking the actual exam, it is often helpful to
take practice exams. The Cisco Learning Network provides sample tests for the ICND1 exam
that include multiple choice questions. If studying for the exam with other students, create
practice questions and share them. In addition, there are commercially available practice exams
that can be purchased and downloaded from the Internet.
Cisco certifications include tasks that simulate the operation of Cisco routers and switches. It is
recommended that you repeat all Packet Tracers and Labs in this course in preparation for the
ICND1 exam. However, just reading the curriculum and practicing the labs may not be adequate
preparation for the types of integrated tasks that appear on a certification exam. It is important to
investigate what might happen if there is an error in the setup or configuration of a device. Much
can be learned by creating error situations and observing the changes in command output and
device operation. Many of the scenario questions and tasks on the ICND1 exam are based on
troubleshooting network problems.

The diagram depicts an example of a certification exam simulation question. A brief description
is given for several windows, as well as the control buttons. Several windows are open on a
desktop.
Router - This window displays a terminal emulation screen. It is used to enter C L I commands
to make changes to device configuration and to display output.
Topology - This window displays the topology of the network and provides additional context
for the simulation.
Instructions - This window provides instructions on how to complete the simulation.
Control buttons - These are control buttons that open and activate the various simulation
windows.
Page 5:
Use Telnet and other tools to troubleshoot problems in a small network.

Link to Packet Tracer Exploration: CCENT Troubleshooting Challenge
Page 1:
CCENT Study Guide

Link to downloadable CCENT Preparation Guide - Preparing for the ICND1 Exam
Please see your instructor for further information.
Page 2:
CCENT Study Guide
In addition to the previous Study Guide topics, the CCENT Certification also covers Wireless
LANs (WLANs). This topic is covered in CCNA Discovery: Networking for Home and Small
Businesses. For your convenience a Study Guide for WLANs is included here.
Click the lab icon to download a CCENT Study Guide for WLANs.

9.7 Chapter Summary
9.7.1 Summary
Page 1:
9.7.1 - Summary
Diagram 1, Image
The diagram depicts the layers of the O S I Model and the TCP/IP Model.
Diagram 1 text
Each layer of the OSI or TCP/IP model has specific functions and protocols. Knowledge of the
features, functions and devices of each layer, and how each layer relates to the layers around it,
help a network technician to troubleshoot more efficiently.
The upper layers, Layers 5-7, of the O S I Model deal with specific application functionality and
are generally implemented only in software. The lower layers, Layers 1-4, of the O S I Model
handle data transport and physical networking functions.
There are three main troubleshooting approaches when using network models:
Top-down
Bottom-up
Divide-and-conquer
Diagram 2, Image
The diagram depicts software tools used to troubleshoot a network.
Diagram 2 text
Tools that assist with network troubleshooting include:
Network Diagrams and Documentation
Network Documentation and Baseline Tools
Network Management Systems
Knowledge Bases
Protocol Analyzers
Sometimes failures in the lower layer of the O S I Model cannot be easily identified with
software tools. In these instances, it may be necessary to use hardware troubleshooting tools,
such as cable testers, multimeters, and network analyzers.
Diagram 3, Image
The diagram depicts Layer 1 and Layer 2 issues.
Diagram 3 text
The Physical and the Data Link Layers encompass both hardware and software functions.
The Physical Layer, or Layer 1, is responsible for the physical and electrical specifications for
the transmission of bits from one host to another over the physical medium, either wired or
wireless.
Layer 1 Problems include:
Cable type, length and termination problems
Duplex mismatches
Interfaces and noise that disrupts transmissions
Device hardware and boot errors
Router interface errors are often the first symptom of Layer 1 and Layer 2 cabling or
connectivity errors.
Devices L E D's provide valuable troubleshooting information that can be used to identify the
cause of connectivity issues.
Diagram 4, Image
The diagram depicts output information for Layer 2 issues.
Diagram 4 text
The Data Link Layer, or Layer 2, specifies how the data is formatted for transmission over the
network media. It also regulates how access to the network is granted. Layer 2 provides the link
between the Network Layer software functions and the Layer 1 hardware for both LAN and
WAN applications.
Layer 2 Problems include:
Encapsulation mismatches
No keepalives generated or received
Timing problems on WAN connections
The show version , show interfaces and show interface brief commands provide troubleshooting
information to isolate and identify Layer 1 and Layer 2 issues.
Diagram 5, Image
The diagram depicts a table of addressing schemes at Layer 3.
Diagram 5 text
The primary functions implemented at Layer 3 of the O S I Model are network addressing and
routing.
Poorly designed and configured IP addressing schemes, especially overlapping subnet addresses,
account for a large number of network performance problems.
Overlapping subnets can be caused by careless address assignment or by improperly configured
subnet masks on devices.
Problems obtaining an IP address from a DHCP server can cause PC clients to automatically
configure an address on the 169.254.0.0 network.
NAT configuration and operation issues can cause Internet sites to be unreachable from the
privately addressed LAN.
Diagram 6, Image
The diagram depicts routing information used at Layer 3.
Diagram 6 text
Most networks have a number of different types of routes, including a combination of static,
dynamic, and default routes.
Problems with routing can be the result of manual route entry errors, routing protocol
configuration and operation errors, or failures at lower layers of the O S I Model.
The primary tool to use when troubleshooting Layer 3 routing problems is the show IP route
command. The routing table consists of route entries from the following sources:
Directly connected networks
Static routes
Dynamic routing protocols
Problems that occur with RIPv2 routing include:
Version not specified causing version mismatch between routers.
Misconfigured or missing network statements
Improperly configured interface IP addresses
Diagram 7, Image
The diagram depicts the transport of data on a network at Level 4.
Diagram 7 text
Layer 4 is responsible for transporting data packets and specifies the port number used to reach
specific applications.
Firewall and port filtering rules that permit or deny the incorrect ports can cause needed services
to be unreachable from client computers.
Upper Layer services include DNS name resolution, encryption and compression. Errors
occurring with these functions can cause end-user applications to be unusable.
The Windows command nslookup can provide information to assist with troubleshooting DNS
failures.
Diagram 8, Image
The diagram depicts the CCENT and CCNA certification process.
Diagram 8 text
The Cisco Certified Entry Networking Technician (CCENT) certification validates the skills
required for entry-level network support positions, the starting point for many successful careers
in networking.
To obtain CCENT certification, a candidate must pass the ICND1 (640-822) examination which
tests the ability to install, operate, and troubleshoot a small branch office network.
Cisco certifications measure and validate the networking skills of an individual based on how
they interact with Cisco networking devices. Many exam tasks require the interpretation of Cisco
I O S command output, especially the output of the various show commands.
Just like installing a network for a customer, exam preparation is more successful if it is broken
down into a series of smaller steps:
One.Making the commitment.
Two.Creating a plan.
Three.Practicing test taking.
9.8 Chapter Quiz
9.8.1 Quiz
Page 1:
9.8.1 - Quiz
Chapter 9 Quiz: Troubleshooting
1.Match the tool to its correct testing description.
Tools
cable tester
digital multimeter
network analyzer
network management system
protocol analyzer
Testing Description
checks power-supply voltage levels and verifies that network devices are receiving power
graphically displays a physical view of network devices and can locate the source of a failed
device
identifies devices producing the most network traffic, analyzes network traffic by protocol, and
views interface details
detects broken wires, crossed-over wiring, shorted connections and improperly paired
connections
filters traffic that meets certain criteria so that all traffic between two devices can be captured
2.A network administrator is troubleshooting connectivity issues with a router and finds that the
S 0 /0 /0 interface IP address has been improperly configured. At what layer of the O S I model
is this problem occurring?
A.Layer 1
B.Layer 3
C.Layer 4
D.Layer 7
3.Match the pairs of devices to the UTP cable type that connects them. Choose either straight-
through cable or crossover cable for each pair of devices.
Devices
host to switch
hub to switch
router to switch
router F A 0 /0 to host
hub to router
switch to switch
Cable types
Straight-through Cable Crossover Cable
4.Match each network situation to its associated O S I layer. Choose either Layer 1 or Layer 2 for
each network situation.
Network Situation
excessive broadcast encapsulation error loose cable connection fluctuating power supply serial
0 /0 /0 is up, protocol is down misconfigured NIC incorrect cable type damaged serial interface
connector
Layers
Layer 1
Layer 2
5.This question depicts a network topology appearing as follows:

A "Headquarters Office" is connected to router RTA. RTA is connected via S 0 /0 /0 to the S 0 /0
/0 of router RTB. RTB is connected to the Branch Office.
A network administrator is troubleshooting the connectivity between the headquarters and the
branch office. Which important troubleshooting information can the administrator get from the
output of the show interface serial 0 /0 /0 command?
A.encapsulation type
B.CSU/DSU type
C.CSU/DSU timing
D.routing protocol type
6.Which interface status indicates a high error rate?

A.Serial 0 /0 /0 is down, line protocol is down.
B.Serial 0 /0 /0 is up, line protocol is down.
C.Serial 0 /0 /0 is up, line protocol is down (looped).
D.Serial 0 /0 /0 is up, line protocol is down (disabled).
E.Serial 0 /0 /0 is administratively down, line protocol is down.
7.Hosts on the LAN are able to communicate with hosts on the same LAN, but are unable to
connect outside the network. What is the possible problem? Use the output from RouterA below
to answer this question.
RouterA(config)# ip dhcp pool LANpool

RouterA(dhcp-config)# network 192.168.1.0 255.255.255.240
RouterA(dhcp-config)# default-router 192.168.1.30
RouterA(dhcp-config)# dns-server 192.168.1.2
RouterA(dhcp-config)# end
%SYS-5-CONFIG_I: Configured from console by console
RouterA(config)# show ip dhcp binding
IP AddressClient-ID/Lease expiration Type
Hardware address
192.168.1.400D0.BCBD.993BFeb 01 2008 8:15 AM Automatic
192.168.1.500D0.D30B.C23EFeb 01 2008 9:25AM Automatic
192.168.1.70001.C91C.D0ECFeb 01 2008 10:21 AM Automatic
A.The pool command is not applied to an interface.
B.The DNS address is misconfigured.
C.The DHCP address is missing.
D.The default gateway address is on a different network.
8.What can be concluded from the output of the debug ip rip command? (Choose two)
R1# debug ip rip

RIP protocol debugging is on
R1#
8d05h: RIP sending v1update to 255255255 255 via FastEthernet0/0 (172.16.1.1)
8d05h: RIP: build update entries
8d05h: network 10.0.0.0 metric 1
8d05h: RIP: sending v1 update 255.255.255 255 via Serial0/0/0 (l0.0.8.1)
8d05h: RIP: build update entries
R1#
8d05h: RIP: received v1 update via 10.0.15.2 on Serial0/0/0
8d05h: 192.168.1.0 in 1 hops
8d05h: 192.168.168.0 in 16 hops (inaccessible)
A.The 10.0.0.0 network is two hops from R1.

B.A ping to 192.168.168.10 will be successful.
C.R1 sent information about five destinations in the update.
D.R1 sent a RIP broadcast on F A 0 /0 that advertises two networks.
E.R1 has received updates from one router at source address 10.0.15.2.

Router R1 is connected via F A 0 /0 to switch Sw1 on 192.168.1.1/24. SW1 is connected to host
H1. R1 is also connected via F A 0 /1 to switch Sw2 on 192.168.2.1/24. SW2 is connected to
host H2 and DHCP server with the address 192.168.2.3/24. Output from R1 appears as follows:
R1(config)#interface f a 0 /0
R1(config-if)#ip helper-address 192.168.2.3
What is the result of the command that is issued on R1?

A.The 192.168.1.0 network will not receive any DHCP requests
B.DHCP acknowledgements will be issued from the 192.168.1.0 network
C.Switch SW2 is acting as a DHCP relay agent for the 192.168.1.0 network
D.DHCP requests are forwarded to 192.168.2.3

Router R1 is connected via a serial connection to router R2. R2 is connected via F a 0 /0 with the
address 192.168.1.1 to a host with the address 192.168.1.20. R1 is also connected via serial
connection to R3. R3 is connected to a host with the address 192.168.3.16.
Pings from 192.168.1.20 to 192.168.1.1 successful
Pings from 192.168.1.20 to 192.168.3.16 successful
Telnets from 192.168.1.20 to 192.168.3.16 unsuccessful
Based on the results from the troubleshooting commands, what is one possible problem?
A.An incorrect IP address was assigned.
B.The packets may be blocked by a firewall.
C.The routing protocol was not configured correctly.
D.There is a Layer 2 encapsulation error.
End

Husain CCNA Notes

Uploaded by

Copyright:

Available Formats

Husain CCNA Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Husain CCNA Notes

Uploaded by

Copyright:

Available Formats

CCNA Discovery - Working at a Small-to-

Medium Business or ISP

Describe the importance of standards in the continuing growth of the Internet.

1.1 What is the Internet?

1.1.1 The Internet and Standards

1.1.1 The Internet and Standards

Collaboration and Training

1.1.1 The Internet and Standards

Examples of where Internet standards are used include the following:

1.1.2 I S P and I S P Services

1.1.2 I S P and I S P Services

1.2.1 Delivering Internet Services to End Users

1.2.1 Delivering Internet Services to End Users

The dialup customer is connected to ISP A, the telephone company.

The DSL customer is connected to ISP A, the telephone company.

The cable customer is connected to ISP B, the cable service provider.

The satellite customer is connected to ISP C, the satellite service provider.

• T1 connections transmit data up to 1.544 Mbps. T1 connections are symmetrical,

1.2.1 Delivering Internet Services to End Users

1.2.1 Delivering Internet Services to End Users

1.2.2 Internet Hierarchy

1.2.2 Delivering Internet Services to End Users

ping <ip address>

where <ip address> is the IP address of the destination device.

For example, ping 192.168.30.1.

1.2.3 Identifying the Structure of the Internet

1.2.3 Identifying the Structure of the Internet

Use traceroute to check ISP connectivity through the Internet.

Click the lab icon to begin.

1.2.3 Identifying the Structure of the Internet

Packet Tracer Activity

Interpret the output of ping and traceroute.

Click the Packet Tracer icon to begin.

1.3 ISP Connectivity

1.3.1 ISP Requirements

Some of the devices required to provide services include:

1.3.1 ISP Requirements

Packet Tracer Activity

Identify appropriate equipment to meet the business needs of ISP customers.

View printable instructions.

Click the Packet Tracer icon to begin.

1.3.1 ISP Requirements

1.3.2 Roles and Responsibilities within an ISP

1.3.2 Roles and Responsibilities within an ISP

1.3.2 Roles and Responsibilities within an ISP

The customer says, We want to order a T1 Internet connection.

1.3.2 Roles and Responsibilities within an ISP

1.4 Chapter Summary

The diagram depicts images of employees at an ISP .

1.5 Chapter Quiz

Take the chapter quiz to check your knowledge.

Click the quiz icon to begin.

2.What are two characteristics of a scalable network? (Choose two.)

3.Why do multiple ISP's connect to an IXP or a NAP? (Choose two.)

6.Match the ISP service with the description.

10.This question refers to an exhibit described as follows:

Tracing route to webserver [192.168.100.2]

CCNA Discovery - Working at a Small-to-

After completion of this chapter, you should be able to:

2.1 Help Desk Technicians