CISCO

CCENT Networking for

Beginners

The Ultimate Beginners Crash Course
to Learn Cisco Quickly And Easily

1st Edition

By Adam Vardy


TABLE OF CONTENTS

Introduction
Chapter 1 – Fundamentals of Networking
A. Networking Model of TCP/IP & OSI
B. Ethernet LANs
C. WANs Fundamentals
D. IPv4 Addressing & Routing
Chapter 1: Review

Chapter 2 – Switches & Ethernet LANs
A. Creating Switches & Ethernet LANs
B. Operate & Install Cisco LAN Switches
C. Configuring Ethernet Switching
Chapter 2: Review

Chapter 3 – Subnetting & Addressing Of IP Version 4
A. IPv4 Subnetting
B. IPv4 Networks Analysis
C. Subnet Masks Analysis
Chapter 3: Review

Chapter 4 – IP Version 4 Implementation
A. Cisco Routers Operations
B. IPv4 Address & Routes Configuration
Chapter 4: Review

Conclusion


Introduction

I want to thank you and congratulate you for purchasing the book, “Cisco CCENT
Networking for Beginners”
This book will equip you with the necessary knowledge and skills to install and
operate branch networks for small office/home office and large enterprises. The
book also provides instructions on troubleshooting glitches that may occur within
an enterprise network.
CCENT stands for Certified Entry Networking Technician for the CISCO network.
It is an entry level position for anyone who is interested in starting a career as a
Network professional or Network engineer. If you are such a person, then this
book is for you. It will prepare you for the CCENT qualifying exam which is a
requirement companies mandate from anyone interested in joining their team as a
Network Engineer.
With this e-book, you will acquire knowledge about networking fundamentals as
well as WAN technologies. The book also covers wireless concepts and basic
security. Switching and routing fundamentals are also discussed and most
important of all simple networks configuration.
Any aspiring Network engineer knows that success in the industry is hitched on
extensive knowledge about Cisco systems. Cisco is the worldwide market leader in
the switch and router industry. It is not unusual to find that Cisco is the main
network system used in many countries with more than 80 percent market
penetration. Acquiring a Cisco certification more than makes perfect sense for a
future Network engineer. Extensive knowledge of Cisco systems is a necessary
investment.
To make the most of the book, it is highly recommended that you schedule one
day for each section of each chapter. This will allow the information to percolate
and be observed better before chewing on new topics in next chapters.
When taking the tests, do not just immediately consult the book for answers;
instead, do a quick study before answering the questions.
Thanks again for purchasing this book. I hope you enjoy it!
Chapter 1 – The Fundamentals of Networking

In this chapter, we will discuss the fundamentals of the following Networking
concepts:
a. TCP/IP: Transmission Control Protocol/ Internet Protocol
b. OSI: Open Systems Interconnection
We will also cover basic concepts about computer networking to give you a big
picture view of the various types of computer networks and how they are utilized
by homes and businesses.
There are two types of people who use computer networking today — the network
user and the network engineer. The user is the person who utilizes the computer
network for personal or business use. The network engineer is the person who
builds the network for the user or the business to use. You are the latter.
The responsibility of the network engineer is to develop and choose the best
networking model for the business. Networking models are based on devices
working together in the most efficient manner following a certain set of rules
developed by the network engineer.
What are network models? Network models are like the blueprint of a house or
building. A blueprint is an architectural plan for bringing together all the building
materials required to make a house or building. In much the same way, the
network model identifies and lays out all the materials a Network engineer
requires to create a functional computer network that will service a company and
provide all its communication and connectivity needs. Not only does the network
model identify the hardware required to build the computer network; it also lists
down the rules for utilizing the computer network. The How-To-Use guide for an
established computer network of the company.

Figure 1.1 below shows the most basic computer networking configuration – the
use of the internet at home.

Based on Figure 1.1, we understand that there are 2 possible technology sources of
internet connection at home – the Ethernet cable connected to the digital
subscriber line (DSL), and wireless local area network or wireless LAN connected
to the DSL, most popularly referred to as Wi-Fi.
Just like at home, a small business can be connected to the internet via the same
technology sources. PCs get internet connectivity via the Ethernet cable which
connects the computer to the router or the network. With the Ethernet cable, the
DSL internet connection is stable and strong but it does not allow the user to move
around since the PC is affixed to the cable. The wireless LAN or Wi-Fi on the other
hand provides more mobility to the user since the internet connection is wireless.
Either way, LAN, WI-FI and DSL, are the most common internet technology
available for the Network engineer to choose from and utilize in order to build a
computer network for a company.
In the Internet Technology world, there are two types of computer networks:
Enterprise Network: This comprises the computer networks found in big
companies and corporations. This particular type of computer network can be
connected together via a combination of all three internet technologies – Ethernet
cable, wireless LAN and Wi-Fi. The company PCs can be connected through
Ethernet cable while visitors are allowed internet access via Wi-Fi connection.
Small Office Home Office (SOHO) Network: This is the computer network found
in homes used for small businesses. Although the scale for SOHO networks are
not as big as it is for companies and corporations, home offices can opt to use all
three internet technologies for their computer network if that is their preference.
The only difference with the Enterprise Network would be the number of
computers that are connected in the network.

Networking Model of TCP/IP & OSI
A networking model is also called networking architecture and networking
blueprint. A networking model is considered as the manual for the computer
network. It covers the rules and regulations on how the computer network is
supposed to function. The networking model discusses in great detail each specific
function of the network. In theory, the work of the Network engineer is building a
networking model or networking architecture for the corporation the network
engineer is a part of.
It is not impossible for a Network Engineer to build a networking architecture
from scratch. It can be done. In fact in the 1970s, it was the practice of most
businesses. These days however, the landscape has changed because the Internet
Technology industry already developed a standard networking model called the
TCP/IP. It is the foundation for all networking architecture.

A Brief History
Back in the 1970s when companies started equipping their offices with computers,
it became apparent that developing a computer networking model that can
connect all of the company computers, enabling all to communicate with each
other, became necessary. Since the inclination of most companies was to purchase
computers from a variety of vendors. It was not unusual for the network engineers
of each vendor to congregate together and discuss how they can integrate all the
different computers together within one networking model.
Although effective, it was also a very time consuming and tedious process for all
vendors concerned and the company as well. Along the way it became apparent to
the computer networking world that a universal computer networking model or
architecture was necessary. The kind of computer networking model that was
capable of integrating all possible vendors together. They understood that an
open, universal, vendor-neutral networking architecture would reduce the
challenges of complexity and make competition fairer.
The International Organization for Standardization took on the challenge. Soon
enough they were able to develop the Open Systems Interconnection (OSI)
networking model. The ISO dream was for the OSI to have the sort of
standardized data networking protocols capable of connecting all computers in the
world and allow them to communicate with each other. The project was
participated in by all of the technologically advanced countries of the world.
On the other hand, the US Department of Defense also spearheaded a similar
project which was participated in by universities across the US. The networking
model they were developing was the TCP/IP. Both the OSI & the TCP/IP became
operational in the 1990s. Both networking models were introduced and adopted
by companies across the US & Europe. After a decade of use, TCP/IP became the
favorite networking model by almost all of the businesses that were utilizing it and
the OSI fell behind.
In the 21st century the dominant and most utilized form of computer networking
model is TCP/IP. If you take the time to ask any business or company what
networking model they are using it is likely the answer would be TCP/IP. It has
become such a universal form of networking model that even vendors have
configured their products to align with a TCP/IP network model. This is the
reason technology products such as office phones, smartphones, computers etc.
are functional and can connect immediately to the existing internet technology of
the business. The company that designed and manufactured them have configured
the devices to align with the TCP/IP network model.

The 2 types of TCP/IP networking model
Currently, there are two types of the TCP/IP networking model. Each type of
model breaks down the functions of TCP/IP into several categories referred to as
layers.
See Figure 1.2 below for visual diagram:

Figure 1.2 TCP/IP Functions or Layers

The Original TCP/IP has four layers:
1. Application: This is the layer where the applications that send data are located.
2. Transport: The layer where the applications that receive data are located.
3. Internet: Delivers data along the path from the computer that sent the data to
the computer that receives the data.
4. Link: Transmits data to individual links.
The Updated TCP/IP has five layers on the other hand has the same layers except
that the link layer from the original was expanded into two layers – data link &
Physical. The function should be the same as the original TCP/IP though.
Between the Original TCP/IP and the Updated TCP/IP, the more common type of
TCP/IP model used these days is the Updated version.

The TCP/IP Application Layer
The Application Layer is the interface between the software that runs the
computer and the network itself. It allows the application software to function by
providing it with the specific services it requires to work. A good example of an
application layer protocol is the Hypertext Transmission Protocol or HTTP. The
HTTP is an application layer that tells web browsers how to retrieve content from
a web page and or a web server. Figure 1.3 below demonstrates how the HTTP
application layer protocol works.

Figure 1.3 HTTP Application Layer

In Figure 1.3 Web browser application layer B is requesting Web server

application layer A for its home page. Both are using a TCP/IP application layer
protocol by using the Hypertext Transfer Protocol (HTTP). Through the HTTP,
Web server A is able to send Web browser B the requested home page. It is
important to note that every web address or Uniform Resource Locators (URL)
starts with ‘http’. HTTP is a TCP/IP application layer protocol that allows
websites, web servers, and web pages to communicate with one another.

The TCP/IP Transport Layer
The User Datagram Protocol (UDP) and Transmission Control Protocol (TCP)
are two common Transport Layer protocols. The function of the Transport Layer
protocol is to provide service to the higher-layer protocol which is the Application
Layer Protocol. A good example of how this function works is the TCP service
called error recovery. See Figure 1.4 to get information on how the Transport
Layer TCP works in terms of informing the Application layer that a request was
not sent or that a message was not received.

Figure 1.4 TCP Error Recovery Transport Layer


In Figure 1.4 Web server A sent back Seq. 1, 2, and 3 containing web pages to Web
browser B. However, Seq. 2 was not properly delivered. The TCP Transport Layer
of Web browser B is notified of this and it sends a message back to Web server A
to send Seq. 2 again.

The TCP/IP Network Layer
The Internet Protocol is considered a major TCP/IP Network Layer. The main
features of the IP are routing and addressing. The responsibility of the IP or
TCP/IP Network Layer is to create the network that will allow the proper delivery
of requests and messages sent by both the Application Layer and the Transport
Layer.
Using The Postal Service an as analogy to how the TCP/IP Network Layer works
can give you a better understanding of the concept. The function of the postal
service is to deliver letters from one person to another person. To do its job
properly it is equipped with the following information: addresses of all existing
establishments & also the accurate routes to get to these addresses. The postal
service is also supported by personnel and equipment to enable it to deliver letters
to the proper addresses.
Much like a Postal Service, the TCP/IP Network Layer is also responsible for
delivering messages sent by both the Application Layer and the Transport Layer
from one computer to another. It is because of this that the TCP/IP Network Layer
is equipped with information on the addresses of individual computers within a
computer network. And the TCP/IP Network Layer also has access to the routers
that deliver messages within a computer network. Figure 1.5 below provides a
visual diagram of the functionality of the TCP/IP Network Layer.

Figure 1.5 TCP/IP Network Layer Functions

In Figure 1.5 the IP addresses are the four numbers separated by a period located
underneath the computer and browser icons named Larry, Bob, and Archie. These
IP addresses identify the device. It is information that is relevant for the TCP/IP
Network Layer so that it can properly deliver messages to the accurate device. Also
included in the diagram are the routers. Routers are physical devices that receive
messages or requests from devices and decode the request so that it is able to
deliver the right message or request to the address it is intended for. The router
functions like a post office in this sense.
The TCP/IP Network Layer is the delivery mechanism of the computer network. It
is the channel in which all messages from computer devices linked within a
computer network go through so that said computer or technology devices are
able to communicate with each other.
TCP/IP Data Link & Physical Layer
Much like every layer within every computer networking architecture the TCP/IP
Data Link & Physical Layer provides a service to the layers above it. Every time a
technology device wants to send an IP packet (either a message or request) to
another device that IP packet uses Data Link or Physical Layer information to
deliver the IP packet to a router. See Figure 1.6 below for visual on process.

Figure 1.6 TCP/IP Data Link & Physical Layer Process

Figure 1.6 provides the data link information that every device within a
networking model has to input in an IP packet so that it can be delivered to and
processed by a router for delivery to the accurate address. For example, the device
is named Larry. Its IP address is 1.1.1.1. It wants to send a request to another
device within the network. Larry creates an IP packet, the Data Link Layer then
encapsulates the IP Packet between an Ethernet Header and an Ethernet Trailer.
This indicates that the link the IP packet is being channeled through is via
Ethernet. Once the IP packet is encapsulated it is then transmitted to the router.
The router receives the IP packet and de-encapsulates it, reads the information
(request or message) inside the IP packet and proceeds with routing the IP packet
to the IP address or technology device within the networking model the IP packet
is addressed to.

The 5-Step TCP/IP Hosts Data Delivery Process
At this point, it should already be clear that every time each layer of a networking
model does its job, there is an encapsulation process that occurs. Encapsulation is
the process of putting trailers and headers in every data that is being transmitted
by every layer within the Networking model.
Say, a device sends a request for a home page, the content of the home page is
encapsulated in am HTTP header. When the request to transport the request to
another device is sent the HTTP header and the content of the home page is
encapsulated in a TCP layer. In the same manner, every time a message goes
through the routers of the networking model the IP header encapsulates the TCP,
HTTP, and content of the page. And finally, every IP packet containing the HTTP,
TCP & IP information is encapsulated inside an Ethernet Data Link header and
trailer.
For clarity, the summarization below provides a detailed description of the 5 Step
TCP/IP Data Delivery process:
Step One: Encapsulate the application data with the specified application
layer header. Example is HTTP.
Step Two: Encapsulate the Application Layer sent within a Transport Layer
header. Examples are TCP or UDP.
Step Three: Encapsulate the Transport Layer within a Network Layer header.
Example is an IP address.
Step Four: Encapsulate the information within the Network Layer. It should
be located between a Data Link Header and Data Link Trailer.
Step Five: Proceed with transmission of data. This is the encoding of the
physical layer into the medium or channel so that it can be processed within
the networking model.


Section 1 Review : Networking Model of TCP/IP & OSI

That sums up the discussion on the TCP/IP Networking Model. Below are a few
questions to answer to brush up on the topic just discussed.
1. Provide a definition for Encapsulation and De-Encapsulation.
2. Provide a definition for Networking Model.
3. Define the terms Application Layer and Network Layer.
4. List down the 5 Step process for data delivery using the TCP/IP networking
 model.
5. How does the Encapsulation process work?
6. Discuss in detail the process and function of the Network Layer.
7. Name the 2 types of TCP/IP Networking models.
8. Define the difference between the 2 types of TCP/IP Networking models.
9. Name the five layers of the 2nd Type of TCP/IP Networking model.
10. What is the OSI networking model?

Ethernet LANs

Local-area Network (LAN) and Wide-are Network (WAN) are two of the most
popular network computer technology being utilized by enterprises. The
difference between the two is coverage whereas the LANs reach is limited to
connecting devices in the same room, the same building, or the same campus. The
WANs coverage is more far reaching. It is common practice however for
enterprises to utilize a combination of LAN and WAN technology to power their
computer networking model.
In terms of LAN, there are two general types that are in existence:
1. Ethernet LAN: Also referred to as wired LAN because it uses wires and cables
to link nodes together.
2. Wireless LAN: Does not use wires and cables. Instead it utilizes radio waves as
links to devices. Also referred to as Wi-Fi.
In this section we will discuss the fundamentals of the Ethernet LAN, particularly
what it is and how it functions.

The SOHO LAN Set Up
The Small Office / Home Office LAN or SOHO LAN set up looks something like
Figure 2.1 below.

Figure 2.1 The SOHO Local-Area Network

Figure 2.1 informs on the physical materials required to build a basic Small
Office/Home Office Local-Area Network. The requirements are: 3 computer
devices, a printer, an Ethernet LAN switch, Ethernet cables, Ethernet nodes, and a
router that connects the LAN switch and devices to the Internet.
In the diagram above, Ethernet cables FO/1, FO/3, and FO/4 connects each
individual computer to the Ethernet LAN switch. While the printer is connected
via Ethernet cable FO/2 to the LAN switch. Each device is installed with an
Ethernet node where the Ethernet cable is connected to.
In every SOHO Local-area Network, the Ethernet LAN switch is required and
serves as the central hub from which all devices can be connected to the router.
The router then connects the Wide-Area Network of the WAN. In terms of Figure
2.1 the WAN is the Internet.

Another type of SOHO LAN is the wireless SOHO LAN. It is different from the
Ethernet LAN because it connects to the WAN or Internet via wireless device
through the use of radio waves. Figure 2.2 below is an example diagram of a
wireless SOHO LAN.

Figure 2.2. Wireless SOHO Local-Area Network

The Wireless LAN set up differs from the Ethernet LAN in terms of the device
called Wireless LAN Access Point (AP). The AP need only connect to the Ethernet
LAN, which is connected to the router, in order for it to be accessed by all devices
with in the Local-Area network. It is important to note that most Ethernet LAN
switch boards are already installed with an AP. More often than not it’s not
necessary to purchase a separate WireLess LAN Access Point device. Just chooses
the Ethernet LAN switch that is already equipped with an AP.

The Enterprise LAN Set Up
Due to the difference in scale of the SOHO LAN and the Enterprise LAN, the
number and type of technology devices required are more extensive and complex
for the latter. However, the Enterprise LAN is basically just an expanded version
of the SOHO LAN operating under the same principles.
The Enterprise LAN may differ from a SOHO LAN because it is a network model
that covers several floors of a building and has a centralized and dedicated switch
board hub connecting multiples of technology devices within a multi-story
building. Figure 2.2 is a good illustration of an Enterprise LAN Set Up.
 Figure 2.3 Enterprise LAN

The diagram above shows the Local-Area computer network of a company
situated in three floors of a building. Notice that the material devices required are
similar to SOHO LANs with a few additions. Namely the centralized distribution
switches (SW1, SW2, SW3) and the SWD which serves as central hub for SW1,
SW2, and SW3. All other material requirements are the same with SOHO LAN –
computers, printers, tablets, Ethernet LAN switch, Ethernet cables, Ethernet
nodes, and router.

Ethernet Standards Definition of Terms
Ethernet: A set of standards defined by the IEEE with the number 802.3
indicated at the start of standard name. Ethernet standards covers cabling, speed,
rules and protocols that Ethernet nodes must align with to be able to join a LAN.
Unshielded Twisted Pair (UTP) cabling: wires are used to send data via
electric circuit. Contains the suffix ‘T’ indicated in the standard name.
Fiber-optic cabling: transports light via glass fibers channeled through middle
of cable. Contains the suffix ‘X’ indicated in the standard name.
Speed: Indicates the speed of the particular cable. It varies from 10mbps, to 1000
Mbps, until 10Gbps.
Figure 2.4 below is a good sampling of the various types of Ethernets.
Every Network engineer is expected to understand the many types of Ethernet
available in order to gauge which one is going to be the most effective and efficient
for the particular computer network they are going to build. Especially in an
Enterprise LAN it is not unusual for a combination of Ethernet cables to be
utilized to build the local-area network.

The Ethernet Frame
In section 1, we discussed the Ethernet Data Link Layer protocol where the data to
be transmitted within the network is encapsulated in an Ethernet frame which
consists of an Ethernet header and Ethernet trailer. All Ethernet nodes are tasked
to transmit said frame to the links and into the accurate addresses or devices
indicated in the frame and within the network. Each frame consists of the
Ethernet header, the data, and the Ethernet trailer. Figure 2.5 illustrates the
process of Ethernet Frame distribution within a LAN.

Figure 2.5 Process of Ethernet Frame

The Ethernet frame created by computer 1 is sent to distribution switch 1 (SW1)
via a 10Mbps UTP Ethernet cable. SW1 then transmits the Ethernet frame to SW2
via a 200 meter 1 Gbps fiber optic cable. Then, SW2 continues moving the
Ethernet frame from computer 1 through the LAN via a 1 kilometer 10 Gbps fiber
optic cable and lands it in SW3. Distribution Switch 3 then transmits the Ethernet
frame to computer 3, its intended destination, via a 100mbps UTP Ethernet cable.
The Ethernet Frame process clearly illustrates the various types of Ethernet that
are assembled to create an effective local-area Network capable of delivering data
in the fastest way possible. The Network engineer is expected to understand the
best Ethernet combinations to achieve this.
The Ethernet Link
The Ethernet cable that connects between two nodes is called the Ethernet Link.
Every Ethernet link is composed of an Ethernet cable, a connecter on each end of
the cable, and connector compatible ports where the connectors can be connected.
See Figure 2.5 below for visual on Ethernet Link.

Figure 2.6 Ethernet Link

The RJ-45 Connector
The most common connector that is found in an Ethernet cable is the RJ-45
connector. See photo below. It contain 8 locations referred to as pin positions into
which each of the 8 wires in an Ethernet cable can be placed. The pins connect the
8 wires to the nodes that allow the wires to have access to the flow of electricity.

The RJ-45 Ethernet Port
The RJ-45 Ethernet port is compatible to the RJ-45 connector. It is compatible to
the RJ-45 Ethernet connector and is the hub in which the cable wires are allowed
to interact with the flow electricity. See photo of an RJ-45 port provided.


The Straight-Through Cable Pinout

When a straight-through Ethernet cable connects pin 1 to port 1 of the distribution
switch and the other end of the same cable pin 1 is connected to port 1 of the
device then that is defined as a straight-through cable pin out. This allows the
device, for example a PC, to communicate with an Ethernet switch. See diagram
below.

The Crossover Ethernet Cable


If two distribution switches have to be connected the formula is different.
Crossover cables will have to be used to connect two similar devices. In the
diagram above pin 1 is connected to pin 3 via crossover cables. And pin 2 is
connected to pin 6 via another crossover cable. This means for two like devices it
is required for the cable that transmits data should be different from the cable that
receives data. This is particularly important for a distribution switcher because it
handles traffic of data from several devices. Using crossover cables is the only way
for the switcher to be able to manage the flow of data in an efficient manner.

Breakdown of the Ethernet Data Protocol
To understand how the Ethernet distributes data within the LAN it is necessary to
discuss in detail the specific components of the Ethernet Frame. Earlier we agreed
that the Ethernet frame is the IP packet or the message containing the data being
sent and received by devices within the LAN. The Ethernet frame consists of the
following:
Preamble: For synchronization.
Start Frame Delimiter (SFD): Signals the succeeding byte starts the Destination
address.
Destination Address: Information on the recipient of the frame.
Source Address: Information on the sender of the frame.
Type: Identifies whether IPv4 of IPv6 protocol type is being used in the frame.
Data & Pad: The data or information that is being transmitted.
Frame Check Sequence (FCS): Provides information if the frame was transmitted
properly or not.

Figure 2.7 Details of Ethernet Frame

Section 2 Review : Ethernet LANs
It’s time for a quick review of Section 2. Answer the questions below without
looking through the above section. Recommend to do a thorough review of the
Ethernet LAN topic just discussed before taking the quiz.
1. Differentiate between an Ethernet LAN and a Wireless LAN.
2. Provide a definition for Ethernet.
3. Provide a definition for Ethernet link.
4. List down the specific components of an Ethernet link and provide the
definition for each component.
5. What are the two types of Ethernet cable? Differentiate between the two.
6. Draw an accurate diagram of a SOHO LAN that contains 2 computers, 2
printers and 3 tablets.
7. Provide a definition for a straight-through Ethernet Cable.
8. Provide a definition for a crossover Ethernet cable.
9. Draw a diagram of an Enterprise LAN connecting 5 floors of PCs and tablets.
10. Define and differentiate between a LAN and a WAN.


WAN Fundamentals

We mentioned earlier that WANs are Wide Area Networks that provide computer
networking for enterprises whose business offices are located in multiple areas
and separated by long distances. WANs are similar to LANs in many ways in terms
of the materials required to build them. However, unlike LANs which are owned
by their proprietors, WANs are leased lines from other companies that provide the
networking service. The usual network service provider WANs are
telecommunication and cable companies. They have the infrastructure to connect
computer networks of large enterprises located in different parts of a country or
even the world.

WANs with Leased Lines

Figure 3.1 WAN Leased Line

The leased line Wide-Area Network (WAN) is the technology and networking
infrastructure that enterprises and organizations with offices located in multiple
areas of a city or country can use to create their own inter-computer network from
wide distances. Leased Line WANs go by a more popular and familiar term called
service provider (SP).
Telecommunication & cable companies are the most common types of service
providers. Their existing cabling infrastructure allow them to offer said
infrastructure to enterprises as leased line WANs. See Figure 3.1.
With leased line WANs the Service Provider taps into their existing cabling
system, usually installed in every building, and using distribution switches
connects leased line WANs to the company’s routers. This effectively connects
together several local-area networks (LANs), located in different locations, via a
service providers cable system network.
Figure 3.2 is a more detailed look at the leased line WAN set up. Notice that the
leased line WAN mimics a crossover line cable design between routers.


Figure 3.2 Crossover Leased Line WAN

Ethernet WANs
In the past, the configuration of Ethernet cables only made them viable for local-
area networks. In time the IEEE was able to develop new and better Ethernet
cables that allowed their use through longer distances. The 1000BASE-LX is a
single-mode fiber Ethernet cable that can connect LANs at 5km distances. The
1000BASE-ZX on the other hand is an Ethernet cable that can connect LANs at
70km distances.
Today, WAN service providers have a range of Ethernet cables that can be used to
connect LANs at any given distance. The Ethernet cable technology is at a stage
where they can be used to create Wide-Area Networks. See Figure 3.3 for diagram
on Ethernet cable based Wide-Area Networks.

Figure 3.3 Ethernet WAN

Ethernet WANs’ SP set up is very similar to the Telco SP set up the only difference
is the former uses Ethernet cables to connect LAN routers to the Service Provider
PoP, the location of the SP called point of presence. From there, another line of
Ethernet cables chosen by the Ethernet WAN SP is connected to router 2 of the
other local-area network router 1 is supposed to be connected to.

Internet as WAN Technology

 Figure 3.4 The Internet Core

The Internet is a technology that allows individual computers and networks of
computers to communicate with one another at any given distance. For as long as
the computer device has internet connection it is capable of connecting with other
computers & networks anywhere in the world. Thee computers are connected via
what is called the Internet Core.
The Internet Core can be considered as a system of interconnected Local-Area
Networks (LANs) and Wide-Area Networks (WANs). It is where all the Internet
Service Providers (ISPs) are located and are connected to each other as channels
where data from individual internet users can be transmitted into. See figure 3.5
for more detailed visual on the Internet Core.

Figure 3.5 Inside the Internet Core

For any enterprise or business to tap into the capability of the Internet as a WAN
technology, said business need only get in touch with a local Internet Service
Provider. They then ask the ISP to install internet connectivity to their business
and they will be able to connect their local-area networks (LANs) via Internet.
These LAN links are called Internet Access Links and are connected via cables or
wireless technology.

The Digital Subscriber Line (DSL)
The DSL is a high speed WAN link that connects to the Internet via telephone
cables. It Is a WAN link that a Telco customer purchases from an Internet Service
Provider (ISP). See figure 3.6 for DSL Set Up.

Figure 3.6 DSL Connection

DSL connections are usually found in homes. Figure 3.7 illustrates the cabling set
up for a standard home DSL. The requirements are basic: Ethernet cables, router
with Ethernet switch & wireless LAN access point, a DSL modem, and a spare
phone outlet. Home DSLs are some of the most basic forms of local-area network
connecting a few computer devices together via Ethernet or wireless
technology.

Figure 3.7 Home DSL Set Up

Cable Internet
 Cable Internet provides internet access in very much the same way as DSL except
that it uses the wiring system for cable TV access instead of telephone lines. See
Figure 3.8.

Figure 3.8 Cable Internet Cabling

Section 3 Review : WANs Fundamentals
That’s it for Section 3. Reminder it is best to have a thorough run though of the
discussion above on Wide-Area Networks (WANs) before taking the review below.
1. Provide definition for WAN.
2. Differentiate between LANS and WANs.
3. Create a diagram of a DSL WAN link.
4. Provide definition of leased line WAN.
5. Create a diagram of a standard LAN to LAN WAN link via leased lines.
6. Differentiate between a leased line WAN and an Ethernet WAN.
7. Create a diagram of a basic Ethernet WAN link between 5 separate local-area
networks.
8. Differentiate between an Ethernet WAN and an Internet WAN link.
9. Provide definition of Internet Core.
10. How does an Internet Core work in terms of providing WAN access?


IPv4 Addressing & Routing


This chapter will discuss the details of the TCP/IP Network layer also referred to
as Internet Protocol or IP. As discussed in a previous chapter, the IP is the layer
responsible for addressing and routing IP packets within a computer network. It
designs the forwarding logic that guides data transmission within the complex
grid of a LAN or WAN.


Definition of Terms
IP routing: The process of forwarding IP packets to hosts and routers.
IP addressing: The process of creating addresses that identify source of the IP
packet and the recipient of the IP packet. Also organizes addresses into specific
groups to aid routing.
IP routing protocol: Protocol created for the specific purpose of allowing routers
to fast track reading of addresses so that IP packets are delivered to intended
recipients.
Other Utilities: Discussion of relevant utilities such as Address Resolution
Protocol (ARP), Domain Name System (DNS), and ping.


IP Forward Routing Logic

Let’s first clarify the real function of the IP or Internet Protocol. It is responsible
for designing the network system or grid that the data (IP packet) is going to travel
in from host computer to recipient computer. This is referred to as the forwarding
route logic of the TCP/IP network layer or IP.
As such, the IP mainly handles addressing and routing of data shared within
networks. Based on the IP packets address, it decides which routers in the LAN or
WAN the IP packet must navigate through in order for it to get to its destination.

See Figure 4.1 below.
 Figure 4.1 IP Forward Routing Logic

Based on Figure 4.1 the IP from PC1 determines the IP packet is to be sent to
another IP network or IP subnet. This is apparent because the IP address says
168.1.1.1 instead of PC1s IP address which is 10.1.1.1. The IP packet is then
prepared to be sent to the nearest router which is R1.
Once R1 receives the IP packet it does the same thing that the PC1 IP does it reads
the address on the IP packet and decides which router it needs to be sent to so that
it gets to its destination in this case router 2. Once with R2, the same process
happens. Router 2 then decides the IP packet needs to be sent to router 3. When
the IP packet is received by R3, it is able to deduce based on the IP address
168.1.1.1 that the IP packet needs to be sent to PC2 with the said address which is
also within the same IP network or IP subnet that R3 is servicing.

The Importance Of IP Addressing In Aid Of Routing
Internet Protocol addressing is very important in terms of ensuring routers are
able to deliver data to intended destinations in the quickest way possible.
Addressing is like assigning a zip code to every technology device connected to a
LAN or WAN. It facilitates and fast tracks the routing process of data within a
computer network. IP addresses allow an IP to identify the best and most accurate
route for data to travel in for it to get to its destination. Needless to say every
device within a local-area network (LAN) and a wide-area Network (WAN) has to
have an IP address.

Addressing Internet Protocol Version 4 (IPv4)
Every IP address has a 32 bit dotted-decimal notation (DDN). For example
168.1.1.1 each of the numbers separated by a decimal point consists of 8 bits of the
32 bit required for each IP address.
IP addresses are found in individual network interfaces which is located in a
network interface card (NIC). To be clear, a computer does not have an IP
address. Its network interface has an IP address. In much the same way, routers
do not have IP addresses. Its network interface card contains several network
interfaces. NICs are where the IP addresses are located.

IP Networks
It is necessary to group devices with similar IP addresses. It allows the TCP/IP
network layer protocol to identify accurate routes for data transfer within
networks. These grouping protocol of IP addresses are called IP Networks. See
figure 4.2.

Figure 4.2 IP Networks

IP networks are groups of IP addresses with similar values or numbers assigned in
the beginning of each IP address.


IP Networks Class A, B, C

 Figure 4.3 IP Network Class Distribution

There are billions of IP addresses available in the IPv4 address space. A semblance
of organization and order is necessary in order for the system to utilize the
addresses in the most efficient way. In the IPv4 world IP addresses are classified
into 3 major classes – Class A, B, and C.
Class A takes half of the space with 126 IP networks assigned to it. Each IP
network in Class A can hold 16 million IP addresses. Class A starts from 1 – 126.
Class B IP networks on the other hand takes the 128 – 191 space for IP addresses.
That means 63 IP networks are assigned as Class B IP networks. This translates to
more than 65,000 IP addresses for each network.
Class B IP networks only take 31 IP network space, which means there would be
254 IP addresses for each IP network.

Subnetting IPv4
Simply put IPv4 subnetting means subdivided IP network. It allows a single IP
network to be subdivided into smaller groups of IP addresses called IP subnets.
Subnetting is necessary because you will want to maximize IP networks as much
as possible. See figures 4.4 and 4.5 to illustrate value of IP subnets.
 Figure 4.4 Use of 5 Class B IP networks

Figure 4.5 Use of Subnets on same diagram

We can see that in figure 4.4 five different Class B networks are utilized. This
means all 65,000 individual IP addresses are locked in to that one IP network. It
is not likely that one LAN requires that much IP addresses. Figure 4.5 shows the
value of subnetting for certain local-area networks that do not require so many IP
addresses. In figure 4.5 the Class B IP network 150.9.0.0 was subdivided into 5
subnets.

Internet Protocol Version 4 (IPv4) Routing
As discussed in previous section, IPv4 routing is the process of moving data from
an IPv4 host where the data originates from to a destination host where the IPv4
Host wants to send the data or IP packet.

Figure 4.6 Basic IPv4 Routing Procedure

If an IPv4 host (PC1) sees that the destination host is part of the same IP network
it is located in, it sends the IP packet directly to the destination host (PC11).
If, however, the IPv4 host sees that the destination host belongs to another IP
network. It decides to send the IP packet to its default router, the router that
transfers and receives data (IP packets) of its IP network. The default router then
examines each IP packets sent to it and decides which router to send it to. This
decision is influenced by the IP packets IP address.

 Section 4 Review : IPv4 Addressing & Routing

Here are a few test questions to allow you to brush up on the recently discussed
topic. Make sure to review first before answering the questions.
1. Create a diagram of a basic IPv4 routing process.
2. Define IPv4. And differentiate it from IPv6.
3. Provide a definition of IPv4 addressing. What is its significance?
4. List down and define the classes of IP networks.
5. Define an IP subnet. What is its value?
6. What is an IP network? What is its use?
7. Define IP forwarding logic.
8. What is an IP packet?
9. What is the value of IP addresses relative to routing?
10. List down the number of IP addresses available to Class A & B IP networks.


Chapter 2 – Switches & Ethernet LANs

It’s time to discuss in detail the device that allow a Network Engineer to build
Local-Area Network and that is the LAN switches. We will also discuss the process
of designing and building an actual Ethernet LAN for a college campus or a
building.

Creating Switches & Ethernet LANs

Switching Concepts for Local-Area Networks (LAN)
The Ethernet switch is responsible for receiving Ethernet frames from an
incoming port and moves it forward to another the port. In this section we will
discuss how the switch makes this decision as well as other switching concepts.

The Hub

Back in the 90s before Ethernet LAN switches were invented the Hub was the
device that managed the traffic of Ethernet frames between devices. Much like the
LAN switch, the Hub was the central point where computer devices passed frames
to so that they can communicate with each other. Recurring problems kept on
creeping up with the Hub however. Issues such as: sending electrical signals to all
ports when not necessary, electrical collision of multiple devices, devices have to
take turns sending signals, no privacy for broadcast signals, etc.

The Bridge

Soon enough, the Hub was replaced by a more efficient model called the Ethernet
Transparent Bridges or the Bridge. To address electrical collision issues the bridge
organized devices into manageable groups called Collision Dominions. Each
domain consisted of PCs connected to a Hub that was then connected to the
Bridge. Frame collisions were managed because frames from different domains
were kept from colliding with each other. With a Bridge bandwidth was exclusive
to each collision domain. The Bridge was a more efficient manager of frame traffic
within several domains.

The LAN Switch

The LAN switch is the most efficient device for transferring frames from port to
port. It works in much the same way as Bridges but is faster and more efficient.
With a LAN switch an individual PC can be a collision domain in itself with a
faster bandwidth at 100mbps.

Switching Logic
The ability of a LAN switch to move frames from port to port is based on a
switching logic. Each LAN is equipped with the capacity to decide whether to
forward a frame, filter it or not to move it forward at all. Part of switching logic is
also enabled by the ability of a LAN switch to learn, store and read MAC
addresses. And using a Spanning Tree Protocol (STP) a switch is also able to
prevent frames from looping to infinity.

The MAC Address Table

The LAN switch is able to move forward frames via the MAC address table that
contains outgoing interfaces. In the diagram above PC1 sent frame with the
destination address 0200.2222.2222. The LAN switch receives the frame, takes its
MAC address table and looks for the location of the IP address 0200.2222.2222.
The address table tells the LAN switch the IP address is located via output FO/2. It
then moves the frames towards output FO/2. PC2 with IP address
0200.2222.2222 receives the frame.

LAN Switch Address Storage
Every LAN switch is capable of identifying new IP addresses and storing it in its
MAC address table. It monitors every incoming frame and checks its IP address. If
the address is not recorded yet in its MAC address table, it proceeds to record it.

Flooding Frames
The process of flooding frames happens when the LAN switch encounters a frame
with an address that is not in its MAC address table. What it does is it sends the
frame to all the outgoing interfaces in the network except the interface where it
was sent from. It floods the networks outgoing interfaces with the frame. The
interface that sends back a reply signifies that the frame address is a match.
Flooding frames is also a LAN switch feature that allows it to record new
addresses in its MAC address table.

The Spanning Tree Protocol

The LAN switch has a feature called the Spanning Tree Protocol (STP) which has
the ability to block certain ports so that frames are prevented from looping round
and round the network. See diagram above. With STP the LAN switches will be
able to block the same frame which was not accepted by the interfaces in its area.
Eventually the frame will be delivered to the interface which has not rejected it.
And is likely a match with its IP address.


Cisco Switches Internal Processing
There are 2 internal processing methods or switching methods Cisco switches are
capable of:
Store-and-Forward: All bits in a frame are received by the switch completely. This
is the store function. This is to verify the FCS is in good condition before it is
forwarded.
Cut-through: Even before receiving the frame the switch already sends it forward
to an output interface. No checking of quality of FCS.
Fragment-free: Avoids sending frames that encountered collisions or error.


Designing Ethernet LANs
Before taking on the task of designing large scale Ethernet LANs it is important to
understand collision domains, broadcast domains, and Virtual LANs.
Collision Domains
These are groups of network interface cards (NIC) that sends frames within the
same collision domain of devices where in collision of frames may occur.

Broadcast Domain
A group of network interface cards (NICs) where a frame can be broadcasted from
a single NIC and received by all the interfaces in the same broadcast domain.
The diagram below shows the groups of devices separated by a router are two
different broadcast domains. Note that routers block broadcast frames and are
perfect devices for creating broadcast domains.

Virtual LANs
A Local-Area Network or LAN is defined as a set of devices located in the same
broadcast domain. A group of devices therefore can be located in the same area
and yet not be part of the same broadcast domain. This is called a Virtual LAN. A
virtual LAN is possible via an Ethernet LAN switch with the capability of
organizing sets of NICs into several VLANs within its framework. Modern LAN
switches have VLAN features as evidenced in the diagram below.

Campus LAN Design

Figure 2.1 Basic Campus LAN Design

A campus LAN is usually a local-area computer network located inside a building
or a group of buildings in an area accessible to Ethernet LAN cables. A Network
engineer will have to weigh and decide on the best combination of LAN devices to
put together that will fit the specifications and requirement of a campus LAN.
There are no standard designs for a campus LAN. More often than not the design
is influenced by many factors. The responsibility of the Network engineer is to
make sure all factors have been considered in the design Of a campus LAN.
Figure 2.1 illustrates the 2 roles of every switch in a campus LAN design:
Access Switch: Is the LAN switch that is connected to the end user devices or PCs.
It is able send and received frames to & from the PCs. An access switch is not able
to send frames directly to another access switch.
Distribution Switch: Is the LAN switch that is connected to the access LAN
switches. It allows the access switches to communicate with one another. These
switch does not connect directly to the end user device or the PC.
In larger Campus LAN designs the third switch is referred to as the Core Switch.
These are the LAN switches that are connected to distribution switches. And are
 able to provide very high rates of forwarding.


Section 1 Review : Creating Switches & Ethernet LANs
The test questions must be answered without looking at the topics discussed in
Section 1. Make sure to review first before taking the test.
1. Discuss the difference between the Hub, the Bridge and the LAN switch.
2. Define a broadcast domain. Create a design of a broadcast domain.
3. Define a collision domain. Create a design of a collision domain.
4. Discuss in detail switching logic.
5. Provide a definition of a virtual LAN. Create a diagram of a virtual LAN.
6. Provide a definition of an access switch.
7. Provide a definition of a distribution switch.
8. What is the difference between an access switch, a distribution switch and a
core switch?
9. Provide a definition of a Campus LAN.
10. Design a Campus LAN connecting computers between 3 adjacent buildings.


Operate & Install LAN switches
This section will discuss procedures on accessing a Cisco LAN switch, configuring
the LAN switch, and utilizing the accurate commands to check the working
process of the LAN switch. As a Network Engineer it is necessary to know how to
configure LAN switches so that it functions according to specified expectations
and it is secure from tampering.

Cisco Enterprise Catalyst 2960 Switch

The Cisco Enterprise Catalyst 2960 Switches are low cost wiring, full featured
versions of switches used for large scale enterprise computer networks. These are
the LAN switches that are used as access switch which connects directly to end
user interfaces. The Cisco 2960 switches featured above feature 48 RJ-45 UTP
10/100 ports. These ports can be utilized for 10BASE-T or 100BASE-T Ethernet
links.
LEDs and the Switch Status

Most Cisco LAN switches are equipped with LEDs to provide visual information
on the status of the console and all of its ports from the time the console is
powered on and while the ports are in use. These are the signals to understand
what the LEDs are saying about the console and individual ports or interfaces
while it is at work or even when powered off.

Based on the illustration above every Cisco switch will have the following LEDs:
1. SYST: System. Provides information on the status of the system.
2. RPS: Redundant Power Supply. Provides information on status of the supply of
power.
3. STAT: Status. Green indicates the console is on.
4. DUPLX: Duplex. Green indicates the duplex of ports are on. For the individual
port LEDs – Full Green means on. Half Green means off.
5. SPEED: Green indicates the console is on. Individual LED port reading: off
means speed is at 10Mbps, full green means it is at 100 Mbps, green flashing
means 1 Gbps.
6. MODE Button: Cycles the LEDs to check for STAT, DUPLX, and SPEED.
7. Port or Interface: Indicator LED for 3 categories of Mode Button.

Access to Cisco LAN Switch IOS CLI
Every Cisco LAN Enterprise Switch is equipped with an Operating System
Software called the Internetwork Operating System (IOS). The functions and
logic performance of every Cisco LAN switch is controlled by its built in IOS.
The IOS is also equipped with an interface that allows Network engineers to
interact & communicate with the Cisco LAN switch. This interface is called the CLI
or command line interface.
The CLI is compatible to all LAN devices in terms of configuration and
communication. It is a text based interface wherein the Network Engineer can
send text formatted commands to the switch. Commands can vary from a simple
status check, a complex configuration command, or a basic access command. The
CLI also allows the switch to send back a reply to a command.
There are 3 ways for a Network Engineer to access a LAN switch’s CLI:

1. Console: Requires a PC with IOS software installed to be connected via cable
(RJ-45 or USB) directly to the console switch.
2. Telnet: Instead of a cable a PC with a Telnet client software package installed is
connected to a TCP/IP network where the PC can send and receive data to and
from the console switch. The upside of Telnet access to LAN switches is the
Network Engineer can access an unlimited number of LAN switches because
there are no distance limitations with Telnet.
3. Secure Shell (SH): The same set up as Telnet but with added password feature
for security. SH is the preferred method of connecting with CLI especially in a
large LAN set up because it ensures only the people who are given access can
access LAN switches.

CLI User & Enable Mode

Via the CLI access methods Console, Telnet, and SSH the Network Engineer is
allowed to engage the switch IOS in two ways:
User Mode: The Network engineer is allowed to check and look around the switch
IOS without making any changes. Commands sent are for status reviews purposes
only.
Enable Mode: Also referred to as privileged mode or privileged EXEC mode. The
Network Engineer is able to send powerful or supersets versions of commands for
the switch to execute. Although said commands can harm the switch they do not
reconfigure the switch. Example, Enable Mode allows for rebooting or
reinitializing of the entire IOS of the LAN switch essentially disabling it.


Cisco IOS Software Configuration

If User Mode allows the Network engineer to send non-disruptive commands to
the switch and the Enable Mode can send disable commands both User Mode and
Enable Mode are not capable of giving the LAN switch instructions on what to do
and the procedures for doing the command. Only the Configuration Mode is able
to do this. And there is a long list of subcommand codes available for any Network
Engineer to configure a LAN switch.
Here are some of them:

Types of Cisco Memory for Storage
Every Cisco LAN switch has four types of memory or storage space where all data
related to the function of the LAN switch can be stored.

RAM: Is also referred to as DRAM or dynamic random-access memory. As with
computers RAMs the LAN switch RAM serves as working storage for the switch.
Data on running configuration is stored in the RAM.
ROM: Read-Only Memory (ROM). The program that runs when the switch is
powered on for first time is the ROM. It then looks for the complete IOS program
and loads the Cisco IOS to the RAM. ROM stops functioning after the IOS is
loaded in the RAM.
Flash Memory: A flash memory can be a card that is installed in the switch or
removable device. The backup configuration data can be stored in the flash
memory which can be retrieved in case initial configuration data is erased because
of inadvertent reboot of the switch.
NVRAM: Stores the startup configuration when the switch is powered on or
reloaded.

The IOS Set Up Mode

The set up mode is the default mode of the IOS that contains the basic
programming of the switch. If for some reason, the Network Engineer does not
want to make detailed and specific configurations on how the switch should
function Set Up mode allows it to work using factory configurations. The diagram
above goes through the set up mode process in detail.

Section 2 Review: Operate & Install LAN Switches

We are at the review section again. It is highly recommended to do a quick study
of the topics discussed in the section before taking the test.

1. List the LED tabs found in LAN switch consoles.
2. Define the function of each LED tab in LAN switch consoles.
3. Provide a detailed definition & description of the Cisco Catalyst 2960 LAN
 Switch.
4. Create a diagram of the Set Up Mode procedure.
5. What are the four types of memory storage?
6. Provide a definition of functions of the four types of memory storage.
7. Define User Mode.
8. Define Enable Mode.
9. Define Configuration Mode.
10. Identify the 3 ways a LAN Switch CLI can be accessed. Discuss in detail the
function of each.


Configuring Ethernet Switching

If a switch is going to be used for a SOHO LAN with a few devices connected
together in one network, it may not be necessary to configure the switch. All LAN
switches are operational and functional upon purchase while on un-configured
basic set up mode. For large enterprises however, most Network Engineers find it
necessary to configure switches so that they function according to LAN
requirements.
This section will discuss the administrative features common to both routers and
switches, as well as ways in which to configure switch-specific features that affect
how the switch is to forward frames.

Configure Switch & Router Common Features
Although this chapter will only discuss configurations for securing access to the
switch CLI and other settings all the commands can also be applied to routers.

Protecting Access to the Switch CLI
Protecting a switch with security codes is the best way to keep it and its
configurations secure from tampering. And the surest way to keep a switch secure
is to assign passwords to the CLI. Limiting access to the CLI is done by assigning
passwords to User Mode and Enable Mode.
When accessing the CLI of a switch via console or using a PC & cable to connect to
the CLI of a switch the default configuration leads directly to unsecured User
Mode and Enable Mode. If the Network Engineer wants the console to be more
secure it is necessary to assign passwords to allow access to the User Mode &
Enable Mode.
If a switch CLI is accessed via Telnet on the other hand getting to User Mode and
Enable Mode is not as quick as via Console. Telnet requires a functional IP
configuration for the switch for the PC to be able to access its User Mode plus also
security login for the vty lines. And to get through Enable Mode Telnet requires
the switch to have an enable mode security key.
Protecting CLI with Simple Passwords
The CLI of a Cisco LAN switch can be made more secure when the PC accessing
the switch via console is assigned a console password. A password that needs to be
provided before the PC can access the User Mode of the console or switch. If
accessed through Telnet creating a Telnet password for the switch can increase
CLI security also. Same password will be required by the switch before the Telnet
access can be approved.

Configuring a Simple Password for Console
Switch> enable
Switch# configure terminal
Switch (config) # enable secret cisco
Switch (config) # hostname Anne
Anne (config) # line console 0
Anne (config-line) # password faith
Anne (config-line) # login
Anne (config-line) # exit

Above is an example of how a Console command line will look like when
configuring a switch with a security password. For all Cisco systems, every text
output by the switch will not be bold text. While all the text typed in by the
Network Engineer or user will be in bold text.

When accessing a switch via console it goes directly to User Mode. The symbol ‘>’
after Switch signifies the user is in User Mode. Typing enable commands the
switch to move to Enable Mode. The switch goes to global configuration mode
when the phrase configure terminal is typed in. While in global configuration
mode input the words enable secret plus the hostname. In the case of the
example above, the hostname is cisco. With that command the password
configuration is now applied to the switch.

The first command line that shows the word Anne is where the console password
configuration begins. Line console 0 is the command line for configuring the
console. Password is the command line that indicates the password. In this case
it is faith. While the input login means the console should ask for the password
before login to Enable Mode. Exit means the session is done.

Configuring a Simple Password for Console via Telnet

Switch> enable
Switch# configure terminal
Switch (config) # enable secret cisco
Switch (config) # hostname Anne
Anne (config) # line vty 0 15
Anne (config-line) # password love
Anne (config-line) # login
Anne (config-line) # end
Anne#


Above is an example of a command line used for setting the password security for
Enable Mode. The command line used when accessing the switch through a
Telnet. Follow the same procedures when configuring a password using a Console.
However, instead of typing in line console 0 use in its place the Telnet
compatible line vty 0 15.

AAA Authentication Servers

The AAA authentication server acts as a central storage device for valid usernames
and passwords assigned to switches. For large enterprises with a multitude of
switches and routers, connecting LANs and WANs with AAA authentication
servers are necessary. The illustration above describes the process of password
verification using the AAA authentication server.

Computer A sends a password authentication request to switch 1 (SW1). SW1 then
sends the request to AAA server S1 to verify the password PC A provided. The
password is Wendell/odom. S1 proceeds with password verification. Once the
password is approved, AAA server S1 sends password approval notification to
SW1. Then SW1 enables login of the end user to the switch.

Notice that the PC and switch use a Telnet & SSH connection to communicate
with each other. While the AAA S1 authentication server uses a RADIUS or
TACACS+ protocol to deliver the encrypted password.

Secure Shell (SSH) Configuration

Above is the 3 step procedure for configuring SSH. Step 1 is to access the switch
via Telnet and add a local username or AAA server password. Step 2 is to add a
global configuration password to access the Enable Mode of the switch. Step 3 is
where the SSH encryption happens. The switch needs to be configured so that it is
able to produce a private and public matched pair key. This is necessary for the
processing of encryption.
There are 2 commands to generate the matched pair key:
Command1. Use an ip domain-name global configuration command to generate a
DNS domain name.
Command2. Use the command - crypto key generate rsa to generate the
encryption keys.

The Banner Command
When accessing a switch via console, Telnet or SSH, there will be texts that will
appear on the screen. These lines of text are called banners. There are 3 common
types of banners that a switch administrator can configure.
Message of the Day (MOTD) is the banner text that appears before the login
prompt. Banner text used for temporary messages. Example: ‘Routers 3 & 5 have
reconfiguration scheduled for today.’
Login is the banner text that is shown after the MOTD and before the login
prompt. Banner text used for permanent messages. Example: ‘Password
Required’.
Exec is the banner text that appears after login prompt has been provided with
password access.

The Logging Synchronous Command
All Cisco LAN switch IOS default settings display all incoming messages from the
system the minute they are received by the IOS. This can be annoying sometimes
especially when working on the configuration of the switch. For uninterrupted
interface with the switch CLI, configure the logging synchronous command so
that the display of incoming messages can be disabled. This will result in a more
user-friendly user interface.
The Exec-Timeout Command
Another way of streamlining user interface with the switch console is the Exec-
Timeout command. Since every LAN switch automatically removes connection
with console, Telnet & SSH after 5 minutes of inactive use. The Exec-Timeout
command allows a switch administrator to have unlimited interface time with the
switch. Just add the value 0 minutes and 0 seconds to the command. This
instructs the switch to not disconnect the user.
Configuring and Operating LAN Switches
All Cisco LAN switches factory default settings allow the owner to plug, connect to
devices and use the switch without making any changes to its default
configurations. Every Cisco LAN switch will have 100% functionality if used this
way by any consumer who made the purchase. This is especially true for SOHO
local-area networks.
However, for large enterprise LAN and WAN with multiple networks of switches
and routers, it is necessary to configure the settings of switches so that they are
able to function according to LAN and WAN requirements.
Configuring IP Address for Virtual LAN (VLAN)

In previous sections, the idea of the VLAN or switched virtual interface (SVI) was
discussed. The VLAN is the capability of each Cisco LAN switch to create 2 groups
of IP networks within one LAN switch. These are Virtual IP networks with
common IP addresses.
The diagram above illustrates the 2 VLAN interfaces found in LAN switches. To
activate the VLAN interface, the switch administrator need only to activate the
assigned VLAN IP addresses already configured in the switch IP settings. It is
important to note that each VLAN can only access or manage one VLAN at time
and not simultaneously.
Assigning IP address on Switch Interface
To activate a switch interface or port, type in the prompt screen the no shutdown
command. Conversely, to de-activate a switch interface or port, use the shutdown
interface command key. That said, configuring IPv4 or assigning IP addresses on
LAN switch interface is a simple 4 step process. See instructions below:
Step 1: Type in VLAN1 configure mode using the global configuration command
interface vlan1.
Step 2: Type in ip address mask. This is the interface command that assigns an
IP addresses via VLAN.
Step 3: Type in the no shutdown command. This will ensure that the interface or
port is activated.
Step 4: To configure default gateway it is necessary to add ip default-gateway
ip-address.

Switch Interface or Port Configuration
Interface is the IOS term for the individual ports physically installed in LAN
switches. These are the entry points for the switch to receive and send back IP
packets. Ports are the gateways for devices connected to the switch to access
devices in LANS and WANs.
Each individual interface of a LAN switch can be configured according to certain
specifications. IOS interface subcommands are used to configure the settings of
interfaces. Below is an example of the set of commands and subcommands
necessary for configuring the interface of LAN switches:
Marie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Marie(config)# interface FastEthernet 0/1
Marie(config-if)# duplex full
Marie(config-if)# speed 100
Marie(config-if)# description Server1 connects here
Marie(config-if)# exit
Marie(config)# interface range FastEthernet 0/11 - 20
Marie(config-if-range)# description end-users connect_here
Marie(config-if-range)# ^Z
Marie#
Marie# show interfaces status

Port Name Status Vlan Duplex Speed Type

Va0/1 Server1 connects h notconnect 1 full 100
10/100BaseTX
Va0/2 notconnect 1 auto auto
10/100BaseTX
Va0/3 notconnect 1 auto auto 10/100BaseTX
Va0/4 connected 1 a-full a-100 10/100BaseTX
Va0/5 notconnect 1 auto auto 10/100BaseTX
Va0/6 connected 1 a-full a-100 10/100BaseTX
Va0/7 notconnect 1 auto auto 10/100BaseTX
Va0/8 notconnect 1 auto auto
10/100BaseTX
Va0/9 notconnect 1 auto auto 10/100BaseTX
Va0/10 notconnect 1 auto auto 10/100BaseTX
Va0/11 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/12 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/13 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/14 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/15 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/16 end-users connect notconnect 1 auto auto 10/100BaseTX
Va0/17 end-users connect notconnect 1 auto auto 10/100BaseTX

It is important to note the information underneath after the Marie# show
interfaces status. This is where information on the configuration of each
individual port is located.

Securing Interfaces or Individual Ports
Port security is very important in ensuring that each device in the LAN is not
tampered with by people without access to the devices. Every port in a LAN switch
can be configured with security keys so that only authorized devices can have
access to it. There are many ways of activating the security keys of individual
ports.
1. Every LAN switch is capable of activating security settings in individual ports.
2. Individual ports are assigned a max number of MAC addresses that can be
allowed to send it frames. If the number of MAC addresses that are trying to
access the port exceeds the limit, port security will be notified of possible
violation.
3. When a new MAC address asks for access to the port and it is not in the list of
allowed MAC addresses, the port security will reject all future incoming MAC
addresses to the port.
4. Port security can be configured so that a defined list of authorized devices can
be recorded into its system and identified. These MAC addresses have complete
access to the port.
5. Conversely, all MAC addresses not indicated in the authorized list will be
discarded and not allowed access to the port.
6. Port security is also capable of identifying and storing all port MAC addresses.
This allows easy verification of incoming MAC addresses.

Chapter 2: Section 3 Review of Configuring Ethernet
Switching
Here we are again to review Section 3. Polish your Ethernet Switching
Configuration knowledge by taking the test.
1. Provide a definition for AAA authentication server. Define its use and purpose.
2. Describe the process of creating a password for switch CLI.
3. Describe the many ways a port or interface can be secured from tampering.
4. Describe the process of configuring a switch interface.
5. Describe step by step process of assigning an IP address to an interface.
6. Describe the process of assigning IP addresses to a VLAN interface.
7. Identify and describe the function of 10 Ethernet switch configuration
 commands.
8. Describe the process of configuring a LAN switch via console.
9. Describe the process of configuring a LAN switch via Telnet.
10. Describe the process of configuring a LAN switch via Secure Shell (SSH).


Chapter 3: Sub-netting & Addressing Of IP Version 4

As a Network Engineer, it is necessary to understand the processes of switches
and routers. Understanding how they integrate into a network of LANs or WANs
is imperative. This ensures the Network engineer is able to manage, monitor and
troubleshoot all possible issues a LAN device may encounter. As such having a
detailed knowledge of how a network works is mandatory for every Network
Engineer.

Chapter 3: Section 1: IPv4 Sub-netting
In a previous section, IPv4 sub-netting was discussed. Sub-netting is the ability of
a network to subdivide itself into groups of IP addresses. The purpose is to
maximize the ability of a singular network to carry several groups of IP addresses.
Sub-netting makes efficient use of an individual network’s IP address space. It
also prevents wasting valuable IP address space derived from the larger Class A, B
or C IP networks.
Sub-netting is short for subdivided network.

The diagram illustrates a subnet of Class B network with IP address 172.16. 1 – 5.
This means the Class B IP network 172.16 was subdivided into 5 different IP sub-
networks with several IP addresses each.
Addressing requirements & Sub-netting Analysis
All devices connected to an IP network requires an IP address. IP addresses are
like zip codes. They allow IP packets or frames to be delivered to any device
connected to a given network provided said device has a corresponding IP
address.
Before moving forward let us clarify a few terms. From here on, because we are
discussing IP addressing, the term network will have a specific definition. When
we say network we mean the Class A, B, and C IP networks. It should not be
misconstrued for enterprise network which talks about groups of hosts, switches,
routers etc.
Network and internetwork from now on will mean Class A, B, and C IP networks.
Also, when referring to IP addresses located in the same subnet, it will mean IP
addresses that are within the network of one router.
Like we mentioned earlier, IP addresses are like zip codes. The addresses in one
area or location usually share the same zip code. It would be unusual for IP
addresses located in the same subnet to have varying values. After all, zip codes of
houses located in the same area share the same numeric value.
The same is true for subnet IP addresses. Since they are all located in a similar
area they also share the same IP address. IP addresses within the same subnet,
covered by the same router, will have the same value or zip code. IP addresses that
belong to different routers will have different numeric values or zip codes.
Determine Number of Subnets
 Figure 1.1 Basic LAN Design
To determine the number of subnets a network needs it is necessary to understand
network diagrams, then Frame Relay WANs, and finally getting detailed
information about permanent virtual circuits (PVC). Based on these information,
the rule is to assign one subnet for each of the following:
1. VLAN

2. Ethernet emulation WAN link

3. Frame Relay PVC and,

4. Point-to-point serial link

Take the illustration of a network set up above. Let’s go through a quick test based
on the initial info provided. Assign subnets to the network. Later we will find out if
you have accurately determined the appropriate number of subnets for this
particular network. Assign the subnets now before moving forward.

Now compare the diagram with the subnets you have assigned with the 2nd
diagram below. See if you have assigned the appropriate number of subnets. In
Figure 1.1, we understand that each LAN switch in the main network located in the
left has 3 VLANs. When added up, the total number of VLANs for this particular
broadcast domain is 12. Each individual VLAN is assigned 1 subnet which means
12 subnets for the 4 LAN switch broadcast domain.

In order for the Core to connect to the 3 routers of the 3 LAN switch broadcast
domain to the right, each of the 3 routers requires 1 subnet each. While each LAN
switch connected to the router is assigned 2 VLANs. Each VLAN in turn is
assigned 1 subnet.


It is important to note that assigning VLANs and subnets is largely determined by
the host requirement of the local-area network. The important information
required in determining or assigning subnets to a local area network or broadcast
domain is the expansion plans of the business in the future. To determine subnets
always look to future subnet needs of the local-area network. Always assign
subnets with an eye for future requirements.

Assigning Number of Hosts for each Subnet
We already know that every device connected to a LAN switch requires an IP
address. When assigning the number of hosts that will go to each subnet the rules
are different for new and existing networks.
New Local-Area Network: Check the business plan. Look for information on
projected staffing number for each site. Determine the number of devices ordered
for each site. These are information that gives a ballpark view on the expected
number of hosts.
Existing Local-Area Network: When adding new LAN to an existing site. It is
necessary to study existing LANs and determine their host assignments. Existing
sites are a great point of comparison. They are a reasonable basis for expected host
assignments for the new local-area network.
Most large enterprises with existing local-area networks divide them into large
and small offices. Look into the host assignment for each office size. The number
of hosts for each office can be assigned to the new site.

Figure 1.2 Subnet Assignment for Large & Small Offices

Figure 3.3 is a good example of large & small office host/subnet assignment.
Sometimes it is only necessary to determine the host assignment for the large
office and then assign less number of host/subnet to the smaller offices. Figure 1.2
indicates that Router B1 is the router to the large office with 50 hosts/subnet
assignment. While Routers B2 & B3 service the smaller office with less than 50
hosts/subnet assignment.
Making a Design Choice
Deciding on the most appropriate subnet design, that works for the requirements
of each enterprise local-area network, is simple enough. First choose the network.
Then assign 1 mask for the network. And then list all the subnets required.
Before we get into the details of that, let us discuss the difference between public
and private IP networks first. Choosing between public or private IP network is
the first subnet design decision every Network engineer has to make. It is
important to choose the right IP network.
Step 1: Choosing the Network
Public IP Network
Simply put. A public IP network is the Internet. In the beginning the way to get a
public IP network was to approach an ISP. Make a request for a public IP network
to be installed by submitting required paperwork. The ISP would then ask for
these information:
1. Enterprise internetwork,
2. Number of hosts expected installed, and
3. The enterprise expansion plans of the business in the future.
After all necessary documents are filled up, the request is processed by the ISP.
After approval, the company or business is assigned either a Class A, B, or C
network. Often the network assignment is determined by the short & long term
requirements of the business.
In time the Internet was overrun by requests for public IP networks. When public
IP networks are assigned to individual companies they each get unique IP
addresses. This ensured efficient management of routing data between public IP
networks and within the internetwork of each company. The diagram below
illustrates unique IP addresses assignment via Internet to individual companies.

Since every company was assigned unique IP addresses via their assigned public
IP network, it was only a matter of time before the public IP network space was
exhausted due to volume of requests. In 2011, the last unique public IP network
addresses were released. After this ISPs were no longer able to assign public IP
networks with unique IP addresses.
Since the Internet community was able to anticipate this eventual loss of unique
IP addresses, they were able to prepare and design new solutions to allow the
Internet to continue providing network service.
They arrived at three solutions:
1. Network Address Translation (NAT). Private IP networks.
2. The Internet Protocol Version 6 (IPv6). An expanded version of the 32-bit IPv4
this time with 128 bit for larger addresses.
3. Sub-netting public IP networks to different companies so that several
companies are able to share 1 public IP network instead of getting 1 public IP
network each.
For the purpose of the discussion of sub-netting assignment for this section, we
will discuss first the process of the Network Address Translation or NAT. The
diagram below illustrates in very basic terms how NAT works.

The Network Address Translation (NAT) allows the Internet to assign the same
public IP network to different companies. As shown in the diagram above,
company 1 & 2 share the public IP network 10.0.0.0. The same public IP networks
have the same IP addresses which both companies can utilize. And the 2 similar IP
public networks with similar IP addresses are also able to communicate with each
other.
NAT is able to do this by using a set number of public IP networks supporting
multiples of private IP addresses. Also, each IP packet NAT receives goes through
an IP address translation process as it moves from the company LAN to the
Internet. This translation process allows the Internet to re-use IP addresses and
assign similar versions to different enterprises.
Private IP Networks
 Figure 1.3 The RFC 1918 Private Address Space

When an enterprise decides to use NAT to assign private IP addresses to its
private IP Network it is a matter of choosing between the listed RFC 1918 Class A,
B, or C private IP networks. See figure 1.3 above. Note that although a business
decides to choose Class A private IP network with more than 16 million available
private IP addresses it should not be such a great concern. Remember said private
IP network and its private IP addresses are re-usable and can be assigned and
shared with other companies via Internet.
Step 2: Choosing the Mask
When an IP network is not sub-netted yet it is a space that contains a
predetermined number of IP addresses.
For example:
Class A IP Network = 16,777,000 IP addresses
Class B IP Network = 65,500 IP addresses
Class C IP Network = 254 IP addresses

Figure 1.4 Class A, B, C Unsubnetted IP Networks

Figure 1.4 shows the format of un-sub-netted Class A, B, C IP networks. ‘N’ stands
for network. A network when not sub-netted has the same value assigned to them.
‘H’ stands for host. Hosts in an un-sub-netted network have different values
assigned to them. In terms of octet assignment, network octets are 1 for Class A, 2
for Class B, and 3 for Class C. Octet assignment for hosts are 3 octets for Class A
hosts, 2 octets for Class B hosts, 1 octet for Class C hosts.
Subnet a Network
 Figure 1.5 Subnet a Network
To subnet a network, add a third part between the ‘N’ network and ‘H’ host. Place
the subnet mask, a dashed line, in the middle of the host space. Remember, sub-
netting is sub-dividing an IP network’s listed set of IP addresses into 2 or more
subdivided IP networks.
Step 3: Build Subnet List

Figure 1.6 Subnet Configuration

Based on Figure 1.6 above, we understand subnets to be a set of consecutive
numbers. Same numbers are what Network Engineers use to create IP addresses.
The rule about subnets is that the last and first numbers in a subnet cannot be
used as an IP address. For a clearer picture this is the way to describe the contents
of a subnet:
 1. Subnet Number: Referred to as the subnet ID or subnet address used for
identifying the subnet. A host cannot use the subnet number as an IP address.
It is usually the smallest number in the subnet.

2. Subnet Broadcast: Referred to as the subnet broadcast address or the

directed broadcast address. This also cannot be used by a host as an IP address.
It is usually the number with the highest value in the subnet.

3. IP Addresses: The numbers located in between the Subnet number and the
subnet broadcast are the IP addresses.

Figure 1.7 Class B 172.16.00 Subnets

In Figure 1.7 the first ten subnets of IP Network Class B 172.16.00 are identified.
In the first line of subnet, the Subnet ID is the number 0. Remember the subnet
ID is the number with the smallest value in the subnet.
The Subnet Broadcast is 255 because it is the number with the highest value in the
subnet. And the IP addresses for subnet 172.16.0.0 are 172.16.0.1 until
172.16.0.254, this means for subnet 172.16.0.0 the total number of IP addresses
available are 254.
Implementing the Design
Since the Subnet Design requirements have been filled, the next part of the
process is to design or plan implementation. In order to implement the subnet
design, three tasks have to be fulfilled:
1. Identify the location of the site where the subnet design plan will be
implemented.
2. Assign IP addresses to interfaces that require static IP addresses.
3. Choose the range of IP addresses in the subnet which should be configured in
the DHCP server to be assigned to hosts as their IP addresses.

Figure 1.8 Subnet Design

To implement the subnet design plan, first identify the location of the sites that
you will be assigning subnets to. Then identify the subnet group to be assigned to
the location. Assign subnet IP addresses to each location.
In figure 1.8 for example three locations have been identified where subnets will
be assigned. We see that Router 1 was assigned three Class B subnets. These
subnets are 172.16.1.0/24, 172.16.4.0/24, 172.16.5.0/24. Each of the 3 subnets has
24 IP addresses to release to individual hosts.
Router 2 and Router 3 in the subnet design plan, on the other hand, have been
assigned 1 Class B subnet each. Each subnet has 24 IP addresses that individual
devices can use.

Chapter 3: Section 1 Review of Sub-netting & Addressing of IP
Version 4
Much like in other test sessions it is highly recommended to do a quick review of
the section just discussed in order to answer all the questions in the test. It is not
allowed to consult the book while taking the test.
1. Define a Subnet. Discuss the value of sub-netting an IP network.
2. Define an IP address. Discuss the value of IP addresses.
3. Design a subnet plan for an enterprise with 2 LAN switches, 3 routers and
10 host PCs.
4. Discuss the process of creating a subnet.
 5. What are the rules for choosing a mask?
6. List the 3 steps for creating a subnet design.
7. Describe in detail the procedure in each step of the subnet design plan.
8. Provide the definition for a public IP network & a private IP network?
9. Discuss in detail the difference between a public IP network and a private
IP network.
10. Define a NAT. Discuss in detail how it works.
Chapter 3: Section 2: IPv4 Network Analysis
This section will discuss details about Class A, B, and C IP networks. All the
information that make-up these IPv4 networks will be tackled. A detailed
understanding of the contents of IP networks will allow easy troubleshooting of
problems that may occur with individual IP addresses.

Understanding the Concept of IP Networks
After this section you should be able to look at an IP address and do the following:
1. Identify if it is a Class A, B, or C IP address.
2. Identify its default mask.
3. Determine the number of network octets.
4. Determine the number of host octets.
5. Determine the number of host addresses in the IP network.
6. Name the network ID.
7. Name the network broadcast address.
8. Enumerate the 1st and final IP address that can be used in the IP network.
IPv4 1st Octet Values
In previous chapters we defined IPv4 as Internet Protocol Version 4 with 5 classes
of addresses. See table below.

IPv4 Network Classes


IPv4 has 5 classes – A, B, C, D, and E. The first three classes contain IP addresses
that can be assigned to one host or device. Each IP address allows a device to
receive frames exclusively from its unique IP address. Class A, B, and C IPv4
networks contain unicast addresses. Because each of its IP addresses are unique to
the device, individual frames sent to the IP address are not received by other IP
addresses in the same network.
Conversely, Class D IPv4 networks contain IP addresses that can receive a frame
and broadcast it to multiple hosts. While Class E IPv4 networks are experimental
which means they can be configured to the specific requirement of a LAN. The
IPv4 Network table above indicates the first octet set for each class. These are
universal values because they identify the class of the IPv4 network.
For example, all IP addresses that begin with the value of 1 until 126 can be easily
identified as a Class A IPv4 network IP address. While all IP addresses beginning
with the number 128 until 191 are classified as Class B IPv4 IP address. Class C IP
addresses begin with the number 192 until 223. The first number of an IP address
therefore identifies it as either a Class A, B, or C IP address.
Class A, B, C Important Facts

Figure 2.1 Key Facts
The table above lists down all key facts about Class A, B, and C IPv4 networks.
These are valuable information for identifying IP addresses and deciding on which
class should be assigned to a particular LAN or a particular business.

For example, if a large enterprise requires a Network Engineer to set up a WAN

with IP networks in the hundreds of thousands. The Network Engineer is likely to
choose a Class C IPv4 network because it is capable of providing more than
2,000,000 individual IP networks. It would not be practical to choose Class A
networks because it only has 126 to offer. The same is true with Class C with its
limited 16,384 networks.

Looking at the table, it is also evident that of all the three classes of IPv4 networks
the class with the most number of hosts per network is Class A. It has more than
16 million individual IP addresses per network. This is the reason Class A is
perfect for very large enterprises such as multi-national corporations located in
different parts of the world. The sort of companies that will require millions of IP
addresses. Class N and C can be options for smaller scale enterprises. The sort of
business and organizations that require IP addresses below 65,000 or 254.

Figure 2.2 IPv4 Networks Class A,B, and C

For a visual on the number of networks and hosts/networks assigned for each
Class of IPv4 network, see figure 2.2. Class A is able to provide 126 IP networks
that contain 16,777,214 number of host/network. Each IP network will have their
individual IP addresses. That number can increase further by subdividing each
host/network into subnets. Each subnet can contain several IP addresses as well.
Class B IPv4 networks are able to provide 16,384 IP networks each with 65,534
host/networks. Again that number can be duplicated by subdividing the
host/networks into subnets with multiple IP addresses.
Class C IPv4 networks on the other hand can assign 2, 097,152 IP networks. Each
network can contain 254 host/networks. When subdivided into subnets it can be
estimated each host network of Class C can generate hundreds more IP addresses.
Calculate the Network ID and other numbers
The network number, first lowest number, last highest number, and the Network
broadcast address are key numbers that identify an IP network. A network
engineer need only identify these four to determine the network the IP addresses
belong to. Let’s use this IP address as an example: 10.17.18.21
The IP Network Class the IP address belongs to is Class A because the first
number is 10. This means it falls within the Class A network with numbers that
start from 1 to 126.
The Network Number or Network ID is 17 because it is the lowest numeric
number in the address.
The IP address is 18 because it is a larger number than the Network Number.
The Network Broadcast address is 21 because it is the number with the highest
value in the IP address.
IP address 10.17.18.21 is from a Class A IP network, with Network ID 17, IP
address 18, with Network broadcast address 21.

Chapter 3: Section 2 Review of IPv4 Networks Analysis
Reminder about studying the topics discussed in the section first before taking the
exam. A refresher review always makes for better preparation in order to
accurately answer the questions.
1. IP address: 2.200.0.1 – Identify the Network Class.
2. IP address: 172.10.80.35 – Identify the Network ID.
3. IP address: 76.170.8.0 – Identify the value of the IP address.
4. Identify which of the IP addresses are Class A, B, or C.
a. 172.20.0.1
b. 89.2.0.0
c. 5.200.2.5
5. IP address: 192.167.2.3 – Identify the default mask.
6. The total number of host/network in Class A IPv4 network.
7. The total number of IP networks for Class C IP networks.
8. Identify the total number of IP networks and host/networks in Class B
IPv4 network.
9. List down all the key information derived from each IP address.
10. Differentiate between the 5 Class of IPv4 Networks. Identify all and discuss
their differences.


























Chapter 3: Section 3: Subnet Masks Analysis
This section will discuss ways to identify and analyze subnets. This is a great way
to understand how an internetwork decides to send IP packets to individual hosts.
The information necessary for addressing routing concerns to specific hosts or IP
addresses. We will discuss how to locate key information about a subnet such as:
1. ID of subnet
2. Broadcast Address of Subnet
3. Usable Unicast IP addresses of Subnet Range

Definition of Subnet
A subnet is a divided subset of a Class A, B, or C network. A subnet is created by a
Network Engineer for the purpose of maximizing IP space of the host/network of
a Class A, B, or C network. The creation of a subnet is not arbitrary. The Network
Engineer is tasked to follow certain rules for subnet creation.
Subnet Rules
1. A subnet should contain a set of consecutive numbers.
2. A subnet has 2H numbers. The subnet masks define the host bits contained in
H.
3. Two numbers in the subnet will never be used as IP address:
a. The number with lowest numeric value. It will be identified as the subnet ID.
b. The number with highest numeric value. The subnet broadcast address.
4. The IP address will be the numbers located between the subnet ID and the
subnet broadcast address.

Figure 3.1 Subnet in IP address 172.16.150.41 / mask 255.255.192/0

The structure of an IP address is provided in figure 3.1. N = 26 indicates the IP
network ID. S=2 suggests the number of subnets in multiples of 2. In this case, the
total number of subnets of the IP address is 4. H=14 indicates the number of
host/networks the IP address is a part of.

Figure 3.2 Subnet Location

Every time a subnet is assigned a single mask, like in the sample IP address, this
means all subnets in this mask have the same value. Figure 3.2 shows the subnet
division of the sample IP address. Notice that each subnet space is divided equally.
Like we discussed in previous sections, every subnet consists of a subnet ID and a
subnet broadcast address.
Since the subnet ID has the lowest number in the subnet sequence it is positioned
in the left side of the subnet. And since the subnet broadcast address has the
highest numeric value in the subnet, it is located in the right side of the subnet.

Figure 3.3 Subnet ID & Subnet Broadcast Address

Consequently, the Subnet ID of subnet 172.16.150.41 as indicated in the diagram
above is 172.16.128.0. Notice how it is located in the left side of the subnet frame.
And the subnet broadcast address is 172.16.191.255 which is located in the right
side of the subnet frame.
The Concept of Subnet ID
The subnet ID describes the subnet and its mask. It contains the subnet broadcast
address as wells the different IP addresses attached to the subnet. Information a
Network Engineer will find relevant when troubleshooting specific subnet IP
addresses. The subnet ID identifies the subnet and it contains all relevant
information regarding a specific subnet.
The subnet ID is often found in Internet Protocol routing tables. Subnets contain
IP addresses that aid routers to decide where to transport IP packets or frames
within a local-area network or wide-area network. Subnet IDs are recorded by
routers in its routing table to identify IP addresses of interfaces. All subnet IDs are
shared by routers with each other in aide of routing management.

Figure 3.4 Subnet ID Key Information

Subnet Broadcast Address
The subnet broadcast address allows a host to broadcast IP packets to all hosts
with similar Subnet broadcast addresses. For example, host B wants to broadcast
an IP packet to all the hosts connected to subnet A. Host B then adds the subnet
broadcast address of subnet A to the IP packet then sends it out to the routers.
When the router of subnet A receives the packet from the network it knows to
send the IP packet to all the hosts of subnet A.
The subnet broadcast address also provides information on the list of IP addresses
found with the subnet framework.

Figure 3.5 Subnet Broadcast Address Key Information

Subnet IP addresses
Knowing the list of IP addresses located inside a subnet is necessary in identifying
the same addresses as either a leased or static address. Leased addresses are used
by DHCP servers while static addresses can be manually configured. Keeping a
record of the available IP addresses in a subnet allows a Network Engineer to
assign it.
To determine the list of available IP addresses in a subnet, first identify the subnet
ID. And then identify the subnet broadcast address. The first available address in
a subnet is the one with 1 more value than the subnet ID. The last available
address in a subnet is the one before the subnet broadcast address. For example,
let us determine the list of addresses contained in subnet: 172.16.150.41.
Step 1. Identify subnet ID: 172.16.128.0
Step 2. Add 1 to the subnet ID:
172.16.128.1 – This is the 1st address available.
Step 3. Identify subnet broadcast address: 172.16.191.255
Step. 4 Subtract 1 from the subnet broadcast address:
172.16.191.254 – This is the last address available in the subnet.
Based on the calculation the addresses available for use of individual hosts are the
addresses between 172.16.128.1 and 172.16.192. 254.
Subnet Analysis: Decimal Math
There are two ways of extracting information from a subnet. They are the binary
method or decimal method. For the purpose of this book, we will cover only the
decimal method. In this section we will discuss how to extract information from a
subnet such as subnet ID, broadcast address, and subnet addresses via decimal
calculations.
The Easy Mask
All subnets have three ‘Easy Mask’. These are:

225.0.0.0
255.255.0.0
255.255.255.0
They are referred to as easy masks because each octet only has 255 or 0 as its
value. The difficult masks are those masks where one octet has a value that is
neither the number 255 or 0.
Find Subnet ID with Decimal Math

When extracting information from a subnet using decimal math the key is to look
at the mask of the subnet. To determine the subnet ID using the subnet mask here
are the rules:
1. If the mask octet is 255 just copy the decimal IP address.

2. If the mask octet is 0 just copy a 0 decimal.

Find Subnet Broadcast Address with Decimal Math

The same is true for determining the subnet broadcast address of a subnet. If a
mask octet is equivalent to 255, copy the decimal IP address. If the mask octet is
equivalent to a 0, scribble in a decimal 255.
Based on the above instructions fill in the tabs for subnet ID and broadcast
address in the table below:

The Difficult Mask
Difficult masks are masks with octets whose value are neither the numbers 255 or
0. These octets are referred to in this book as interesting octet. Extracting
information from a subnet with difficult mask is all about understanding patterns.
If you can predict the pattern of a subnet via the information provided by its mask,
then you can identify its subnet ID.
Find Subnet ID with Decimal Math

Analyze the diagram above. Extract the subnet ID for subnet 172.16.0.0 based on
the mask assigned. If the mask provided is 225.225.120.0 then there are 2 subnets
IDs: 172.16.128.0 and 172.16.0.0. If the mask provided says 255.255.224.0 then
there are 8 subnet IDS:

1. 172.16.0.0
2. 172.16.32.0
 3. 172.16.64.0
4. 172.16.96.0
5. 172.16.128.0
6. 172.16.160.0
7. 172.16.192.0
8. 172.16.224.0

More detailed scrutiny of the diagram will show that the pattern in each mask is
based on the multiple of the last number. For Mask 255.255.255.128 for example,
the subnet is divided into multiples of 128. For Mask 255.255.255.240, the
subnets are divided into multiples of 16.

Based on the IP address information and the mask information, look for the
subnet ID nearest to the value of the IP address.


Chapter 3: Section 3 Review of Subnet Masks Analysis
When taking the exam make sure to read through the topic discussed again to be
able to answer the questions accurately.
1. Describe and define a subnet.
2. List the rules for creating a subnet.
3. Provide a definition for analyzing a subnet based on decimal math.
4. Define an Easy Mask. List examples of Easy Mask.
5. Define an interesting octet. How does it relate to a difficult mask?
6. Define a subnet ID and a subnet broadcast address.
7. List down the key facts about Subnet ID
8. List down the key facts about Subnet Broadcast Address.
9. Discuss procedure for determining subnet ID using easy mask and difficult
mask.
10. Discuss the procedure for determining the subnet broadcast address using
easy mask.
















Chapter 4: IPv4 Implementation

Cisco LAN switches can be used after being unpacked from the box, powered on,
and connectors plugged into devices. Cisco routers, on the other hand, are not so
handy. They require at least some basic configuration before they can be used.
Routers have to be assigned interfaces. And the interfaces of routers have to be
given IP addresses for them to be utilized.
After this section, you should be able to install an enterprise-class Cisco router.
And conduct basic configuration of its command-line interface so that the router
knows how to function according to said configuration.

Chapter 4: Section 1: Cisco Router Operations
Cisco Routers Installation
The main function of a local-area network or wide-area network is to forward IP
packets from host to host. The network is able to do this because of routers.
Routers are the devices that decide where IP packets are going to be transported
within the network so that they arrive at the intended host destination. This
section will cover router cabling and installation both for large enterprise local-
area networks and SOHO local-area networks.
Enterprise Routers Installation

 Figure 4.1 Cabling for Enterprise Network Devices

Enterprise networks typically consist of many devices that make up its local-area
and wide-area network. It would not be unusual for enterprise networks to have a
complex system of switches, routers, and cabling that are designed to allow all the
technology devices to be able to communicate with each other. Figure 4.1 is an
example of an enterprise network cabling design and router assignment.
We can see in the illustration that there are two broadcast domains separated by a
router each: the branch office and the central site. Both routers are connected to
all the devices in the branch office and central site via standard straight-through
UTP cables. Notice that router 1 (R1) is connected to the CSU/DSU via high
performing fiber-optic serial cable. While router 2 (R2) is connected to the LAN
switch in the central site via regular UTP cables.
In the branch office the CSU is a separate device. It is not installed within the
router 1 hardware. It requires special cabling. In the central site, the CSU.DSU is
part of the router. This means regular UTP cables will suffice.
For this particular LAN/WAN design, the choice of wide-area network connection
is leased lines. The basic network design for the enterprises is 1 LAN/WAN router
and 1 LAN switch. The branch office and central site both have 1 router and 1 LAN
each. They connect both sites to each other and they connect all devices in the site.
Cisco has a range of routers that answer all enterprise network needs. There are
routers that serve only as routers for local-area networks. There are also models
with both LAN/WAN connectivity feature. Some routers already have CSU/DSU
installed in its router and can be configured to include CSU/DSU capability. Also,
there are router models that can also work as a LAN switch.
Conversely, there are also Cisco LAN switches with built-in routers in their
system. Cisco also developed the Integrated Service Routers (ISR). The device as
its name implies integrates many network functions within the one device.

Figure 1.1 The Integrated Service Router (ISR)

The ISR has two gigabit Ethernet Interfaces for wide-area network connectivity.
This is a regular function of a router. It also has 4 WAN Interface cards which
allow the ISR to function as a LAN switch. The WIC ports can be connected into
by any device in a given site. Other additional features of the ISR are the USB &
RJ-45 ports.
Whichever device the Network Engineer chooses for the design of a LAN/WAN
network, the choice will be dependent on the requirements of each site.
Enterprise Router Physical Installation
When installing a router follow the cabling and hardware information provided in
Figure 4.1. Whatever you do connect all cables and devices to each other first
before powering on the router. Here is a step by step procedure:
Step 1: LAN cables should be connected to LAN ports first.
Step 2: For internal CSU/DSU, just connect the leased line to the router. For
external CSU/DSU, router serial interface should be connected to the CSU/DSU
before CSU/DSU is connected to the leased line.
Step 3: The routers console port should be connected to the computer. Make sure
to use a straight-through UTP cable.
Step 4: Power cable should be connected to the router and plugged into a power
outlet after.
Step 5: This is the time to power on the router.
SOHO Routers Installation
Routers are the main device used in SOHO networks that allow its devices to
connect to the a high-speed internet service. Once the SOHO network is connected
to the internet all the devices in the SOHO network are able to communicate with
other devices in other local-area networks.

Figure 1.2 SOHO Network

Figure 1.3 is a basic design of a Simple Office/Home Office (SOHO) Network. This
particular example uses a CATV or digital subscriber line (DSL) that connects that
SOHO to the Internet. Most SOHO networks use separate router, LAN switch, and
wireless Access Point device to connect to the Internet and to connect all devices
within its network. Notice that the cabling used in a basic SOHO network is the
same as in small sites in an enterprise network – UTP cables. While a CATV cable
or a phone line is necessary to connect the cable modem to the Internet Service
Provider (ISP).
A SOHO network differs from an Enterprise network in one way. It uses a cable
modem to connect to the Internet and other LANs. The equivalent of the cable
modem to a large scale enterprise computer networks is the CSU/DSU.
Both the cable modem and the CSU/DSU perform a specific function. They
convert all data sent and received by the routers. This is for the purpose of
forwarding the data to the network and for allowing host destinations to receive
the data.
SOHO Router Physical Installation
To physically connect all SOHO devices to the router and the ISP, here is the step
by step procedure:
Step 1: Connect the router and LAN switch to each other via straight-through UTP
cable.
Step 2: With another UTP cable connect the router to the cable modem.
Step 3: The wireless AP should also be connected to the LAN switch via UTP cable.
Step 4: Connect PCs via UTP cable to the LAN switch.
Step 5: Take a power cable, connect it to a power outlet and connect the cable to
the
router.
Step 6: Router can be powered on at this point.

SOHO with Integrated Router
These days most SOHO networks use a router that is already integrated with
several LAN devices. This means all devices in the SOHO network can already be
connected directly to 1 integrated router. See figure 4.4.

Figure 1.3 SOHO Integrated Router

The integrated router in figure 4.6 already contains the following network devices:
router, LAN switch, cable or DSL modem, hardware for enabled encryption, and
wireless AP. Most vendors of network devices will recommend an integrated
router instead of separate network devices. Mainly because most of the routers
they are selling are the integrated kind. Unless the SOHO Network Engineer has a
specific reason for using separate LAN devices in a SOHO network, most will use
an integrated router.

Chapter 4: Section 1 Review of Cisco Routers Operations
As mentioned in previous section reviews, checking the section for the answers to
the test is not allowed. Go through a quick study before diving into the test.
1. Provide a definition for a router. What is its function?
2. Provide a definition for an integrated router.
3. Create a diagram of a basic enterprise network.
4. List down the network devices required for an enterprise network to be
functional.
5. Create a diagram of a SOHO network.
6. List down the network devices necessary for a SOHO network to function.
7. Provide a definition for an integrated router.
8. How is an integrated router preferred router for a SOHO network?
9. Define an Integrated service router.
10. Discuss the function of a CSU/DSU and a cable modem relative to a local-
area network.





















Chapter 4: Section 2: IPv4 Address & Routes Configuration

The main function of routers is to ensure the accurate delivery of IP packets within
a network so that they are received by the intended host destination. In order for
routers to do their job it goes through a set routing process. The router is
responsible for gathering, organizing and storing all the data it requires to forward
IP packets in a computer network.
One very important set of data routers require to move IP packets in a network is
the IP route. The IP route contains information that tells a router the route of the
IP packet within the network. An IP route will contain the following: an IP subnet,
an IP network, and the IP address the IP packet is to be delivered to.
This section will discuss the IP routing process in detail. Special emphasis will be
given to discussing the methods routers use to incorporate IPv4 routes into
routing tables. These methods are connected routes, static routes, and routing
protocol.
Routing IP
 Figure 2.1 IP Routing Logic
IP routing is the process a router goes through in analyzing IP packets they
receive. The same process they use to decide where to send IP packets in the
network. It happens after the router has de-encapsulated an IP packet it just
received from a host. The router then reads the IP routing information contained
in the IP packet. The information include: IP network, IP subnet and IP address.
When the router has the IP route information it consults its routing table. The
routing table determines where the host destination IP address is located in the
network. Once the router determines this the same data link is re-encapsulate in a
High-Level Data Link Control (HDLC). The HDLC is then sent out via serial link
to the next channel in the network that will allow it to get to the host destination.
Figure 4.2 illustrates this routing process logic in detail.
Cisco Route Processing Methods
Through the years Cisco has improved the route processing rate or speed of all its
routers. This was necessary to ensure that Cisco routers remain a market leader in
the router market place. Today Cisco routers have a reputation for being the
fastest performing routers in the industry.

The Process Switching Method
The very first internal logic for IP routing that Cisco routers used is process
switching. The way process switching works is exactly the same as the routing
process discussed in this section. The host sends an IP packet to the router. The
router opens the packet to check for the IP subnet & IP address. It then checks the
routing table for the network route of the data link. Then it encapsulates the data
link with HDLC. Finally, it is able to send out the IP packet into the network with
instructions on how to get to the host destination.

The Fast Switching Method
Fast switching is a more optimized version of the process switching method. First,
it keeps a list of most recently and often used IP addresses. This allows the router
to identify IP addresses that the host communicates with often making routing
process faster. Second, it keeps a copy of the data link header it places on every IP
packet it forwards. This saves time the router time in attaching the same header to
all IP packets it forwards to the network.

The Cisco Express Forwarding (CEF) Method
The Cisco Express Forwarding is the most optimized routing process method
found in Cisco routers. Like fast switching, express forwarding also lists often used
IP addresses for quick referencing. It also copies headers of high-level data link for
faster encapsulation of IP packets. Unlike fast switching though, express
forwarding has a few more optimization techniques. These optimization features
are:
1. It has a very organized set of routing tables. They are compiled prior to use of
the router for routing reference.
2. It has a more sophisticated algorithm than fast switching. It just works faster.
3. Its binary tree structure surpasses that of the previous routing methods. It
takes less time to do its work.

Connected Routes Configuration
We already know that routers consult routing tables to determine the route of IP
packets within a network. These routing tables contain information on IP
networks, IP addresses, and IP subnets. These re all information a router requires
to forward IP packets.
Routers add routes to routing tables in this way:
1. Connected Routes: The configuration ip address interface subcommand is
on the router. Route qualifies to be added to the routing table.
2. Static Routes: The configuration ip route global command is on the router.
Route qualifies to be added to the routing table.
3. Routing protocols: Configured on all routers. Routing protocols allow all
routers to inform each other of their presence in the network.
Every interface that is active and every interface that has an IP address allows a
router to add its route to its routing tables. The routes of these interfaces are
referred to as connected routes.
VLANs Subnet Routing
VLANs enable LAN switches to create several LANs within its framework. VLANs
therefore are ubiquitous in every enterprise computer network because they make
LAN switches so much more efficient in terms of the use of IP space. IP packets
are received by VLANs when VLAN subnets have IP addresses assigned to them
along with connected routes.
There are three ways connect a router to a VLAN subnet:
1. Take a router. Identify a router LAN interface. Connect a cable to the
interface and individual VLAN subnet.
2. Take a router. Connect a VLAN trunk to a LAN switch.
3. Utilize a layer 3 switch.

Secondary IP Addressing
There are three ways of assigning new IP addresses to a subnet without available
space for new IP addresses:
1. Enlarge the existing subnet. Take a mask with additional host bits. Expand the
address range so that it can accommodate both the old and new IP addresses.
This is very effective as long as the new subnet does not overlap with existing
subnets.
2. Work with a new and larger subnet. This may require changing all the IP
addresses in the subnet. Sift through the IP networks and find one that has IP
addresses available. Making the shift should be quick if all the hosts are on
DHCP. A bit more tedious if most of the hosts are configured IP addresses.
3. Utilizing secondary addressing - add a secondary subnet in the same location.
The secondary IP addressing is another Cisco router feature that assigns a new
subnet. It allows a data link to take on multiple subnet or at last a secondary
subnet after it has installed a first one. This increases the number of IP
addresses because of the second subnet that has been added.

Figure 2.2 Secondary IP addressing

To illustrate how secondary IP addressing works see figure 4.3 above. Notice
that all three devices are connected to the same VLAN. After a more detailed
scrutiny of the subnet information on host A and B, as well as router 1, it
becomes obvious they are all sharing the same subnet. Host B subnet has the
secondary IP address.

Static Routes Configuration
Now we know that connected routes are identified when the interface of the route
is active and if it has an IP address that can be recorded. Routers are also aided by
dynamic routing protocols inherent in all networks to get more information about
routes in specific internetworks.
Although not as common as connected routes, static routes are also used by
networks to identify and connect to interfaces. Static routes are those routes found
in routing tables that have been configured to be part of said table. Although not
used as often as dynamic routes and connected routes, static routes have its uses.
Static Default Routes
Since static routes can be configured to function in a way an enterprise network
wants it to function, it makes them very useful routes to work with. One type of
static route available to an enterprise network is the static default route.
For example, an enterprise has a remote site that has 1 existing line connecting it
to the central site. This means all IP packets converge and go through that one line
to get to the enterprise central site. To ensure the central site receives the IP
packets from the remote site faster, because it does not go through the process of
dynamic routing, the network engineer configures the route from the remote site
as a static default route. This means the route of all IP packets from the remote
site is already configured to forward directly to the central site.

Chapter 4: Section 2 Review of IPv4 Address & Routes
Configuration

It is highly recommended taking a quick review of the recently discussed topic to
ensure the test questions are answered accurately.

1. Define an IP route and how it is important to routers.
2. Provide a definition of process switching.
3. Provide a definition for fast switching method.
4. Provide a definition for Cisco Express Forwarding method.
5. List down the Cisco IP routing methods.
6. Create a diagram to describe a standard IP routing process.
7. Define a connected route.
 8. Define a static route.
9. Define a static default route.
10. Define secondary IP addressing.


Conclusion

Thank you again for purchasing this book!
I hope this book has equipped you with the knowledge and skills about Cisco
Networking. The topics covered in the book should enable you to pass with flying
colors the Cisco Certified Entry Network Technician (CCENT) exam. The CCENT
certification will allow you to start a career as a Network Engineer for Cisco
Networking Systems. Qualifying for the CCENT exam allows you to advance to
getting a CCNA certification. This opens doors to career advancement in your
journey as a Network Engineer.
Finally, if you enjoyed this book, then I’d like to ask you for a favor, would you be
kind enough to leave a review for this book on Amazon? It’d be greatly
appreciated!
Thank you and good luck!