Documente Academic
Documente Profesional
Documente Cultură
Udemy:
https://www.udemy.com/u/chrisbryan
Over 30,000 happy students have
made me the #1 individual
https://www.udemy.com/ccna-ondemand-video-boot-camp/?
couponCode=bulldog60&ccManual=
YouTube:
http://www.youtube.com/u/ccie12933
Chris B.
Table Of Contents:
Free CCENT and CCNA Resources
The Fundamentals Of Networking
Ethernet (Header is You Got Your
Ethernet In My Cabling!)
Hubs & Repeaters (Header is
Hubs, Repeaters, and a little more
Ethernet)
Switching Fundamentals and
Security
OSPF
Access Lists and The Network
Time Protocol
Route Summarization
IP Version 6
NAT and PAT
ROAS and L3 Switching
Binary Math and Subnetting
Mastery
The Fundamentals Of
Networking
(With A Little Zen Thrown In)
Before we dive into the nuts and
bolts of networking, lets ask
ourselves one question:
What is networking?
Why are we doing all of this stuff
with routers, and switches, and who
knows what else?
Thats two questions, I grant you,
but you get the point.
layer (check!)
How the layers of the two
models map to each (coming
up!)
Enough prologue and dialogue
heres the latest version of the
TCP/IP model!
model:
Summing up:
1. The initiating server sends a
SYN in an effort to
synchronize TCP values with
the recipient.
2. The receiving server sends a
SYN/ACK back for two
reasons one, to
acknowledge receipt of the
original SYN, and to further
the synchronization process.
3. The initiating server sends an
ACK to let the other server
know the SYN/ACK was
received, and thats the end of
the handshake.
Now lets take a look at the UDP 3way handshake:
< crickets chirping >
Thats it, because UDP doesnt
have a 3-way handshake.
Sounds like another strike against
UDP.
Now for another great TCP
feature.
Heres why!
expressed in bytes.
The size of the window is
dynamic, and its changed by
the recipient, not the sender.
This flow control can raise
or lower the size of the
window, also referred to as a
sliding window.
The recipient will lower the size of
the window as it sees that errors
and / or dropped segments are
starting to creep in.
UDPs header:
Destination port
Checksum
For claritys sake, in the TCP
header I listed a Flags section.
Thats actually nine individual 1-bit
flags, which include the ACK and
SYN flags mentioned throughout
this section.
10.1.1.100:69.
Youll sometimes see a socket (try
saying THAT really fast three
times!) expressed in this format:
IP address, transport protocol,
port number
Using that mode of expression, the
TFTP socket on 10.1.1.100 would
be (10.1.1.100, UDP, 69).
Im sure youll agree with me that
ICND2 studies)
UDP 546, 547: DHCP For IP
Version 6
This is a great list to get started
with, but its hardly all of the wellknown port numbers. The list on the
following page is WAY beyond the
scope of the CCENT and CCNA,
but its a great reference list for
future studies.
http://en.wikipedia.org/wiki/List_of_
twisted cables.
Why twist em? Twisting pairs of
wires inside the cable cuts down on
electromagnetic interference (EMI).
EMI can interfere with the
electrical signals carried by the
wires, which in turn is really going
to screw around with our network.
EMI can come from other cables,
and also (and infamously) from
elevators. I know of more than one
network that would slow down at
lunchtime and quitting time because
here.
The MAC address is used by
switches to send frames to the
proper destination in the most
efficient manner possible, a process
youll be introduced to in the
Switching section. Before we see
how that works, I want to introduce
you to the address format and the
characters well see in this address.
The MAC address is six bytes long
(48 bits), and can be expressed in
either of these formats:
aa-bb-cc-11-22-33
aabb.cc11.2233
Thats it!
Considering the FCS is the Ethernet
caboose, its easy to think theres
not much going on there, but the
FCS is a vital error detection tool.
Its basically a three-step process:
http://packetbyte.com/Content/Cablin
Next up hubs and repeaters. You
might not see many of them in
todays networks, but you need to
they do that.
The bandwidth required to
send these 60 unnecessary
copies adds up.
Its a great idea to limit the scope of
our broadcasts. In other words,
limiting the transmission of
broadcasts to hosts that actually
need them. Thats a topic well
come back to quite a bit in the next
section of the course.
https://www.udemy.com/u/chrisbryan
Switching
Fundamentals And
Security
(Or, Id Rather Fight Than
Not Switch!)
There was one more step between
hubs / repeaters and the move to
switches, and it was a giant step
forward.
The introduction of bridges meant
we could create smaller collision
switches.
Lets replace the hubs, repeaters,
and bridge in our network with a
single switch.
In addition to eliminating
collisions, each host will now have
transmit simultaneously.
When one host connected to a hub
sends a broadcast, every other host
on the hub receives that broadcast
and we have no way around that.
Switches have the same behavior
by default, but we CAN do
something about it, and we will do
just that in the VLAN section of this
course.
Microsegmentation is a term
occasionally used in Cisco
documentation to describe the one
Flood it
The entire decision-making process
is pretty simple. Having said that,
theres a lot of information in this
section. Just take one of these three
processes at a time and youll have
this all mastered.
Theres one little oddity I want to
introduce to you, and this onequestion practice exam will do just
that:
way.
We could build a MAC address
table with static entries, but that
approach has serious drawbacks:
Every time you add a host to the
switch, youd have to remember to
make a static MAC address entry
for that host, and thats really easy
to forget and even easier to
mistype.
If a port goes down and you switch
the host connected to the bad port to
a good port, you wont have full
Type
---STAT
STAT
STAT
STAT
Vlan
Mac Address
Ty
--------------- --------All
0008.7de9.9800
ST
All
0100.0ccc.cccc
ST
All
0100.0ccc.cccd
ST
All
0100.0cdd.dddd
ST
1
aaaa.aaaa.aaaa
DY
Total Mac Addresses for this c
choices again:
Forward
Filter (drop)
Flood
The switch now examines the
destination MAC address bb-bbbb-bb-bb-bb and asks itself
another simple question:
Do I have an entry for this
destination MAC address in my
MAC table?
came in on.
Flooding ensures the frame will get
where it needs to go, and it also
guarantees the other hosts in this
LAN will get the frame, and thats a
huge waste of bandwidth and
switch resources.
Flooding frames doesnt seem like
such a big deal, but we really want
to limit flooding due to the costs we
talked about earlier. If this is a 64port switch, and we have a host on
every port, that means the switch
has to send 63 copies of any
flooded frame, 62 of which are
unnecessary.
Nothing wrong with flooding
frames as you add a host or a
switch to a network it really cant
be avoided but after that, wed
rather not have a lot of flooding.
And as youre about to see, we
wont.
Host C will now respond to Host A
with a frame of its own.
Vlan
Mac Address
Type
Ports -------------- ------1
aaaa.aaaa.aaaa
DYNAM
Total Mac Addresses for this c
Vlan
Mac Address
Typ
--------------- -------- --1
aaaa.aaaa.aaaa
DYNA
1
cccc.cccc.cccc
DYNA
SW1(config)#mac-address-table
<0-0>
Enter 0 to disabl
<10-1000000> Aging time in sec
SW1(config)#mac-address-table
Host4#ping 172.34.34.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
Host4#ping 172.34.34.3
switch.
A key command to view and verify
VLAN configuration and operation
is show vlan brief, so well start
with that one.
SW1#show vlan brief
VLAN Name
---- ----------------------------------------------1
default
Fa0/2, Fa0/3, Fa0/4
Fa0/6, Fa0/7, Fa0/8
Fa0/10
1002
1003
1004
1005
fddi-default
token-ring-default
fddinet-default
trnet-default
SW1(config-if)#switchport acce
% Access VLAN does not exist.
SW1(config-if)#interface fast
SW1(config-if)#switchport acce
VLAN Name
---- ----------------------------------------------1
default
Fa0/3, Fa0/5, Fa0/6
Fa0/8, Fa0/9, Fa0/10
24 VLAN0024
Fa0/4
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default
bandwidth.
You already know that in
networking, theres almost always a
tradeoff. Something this good must
have a drawback, right?
Well, yeah, and here it is. If Host 4
sends a broadcast right now, Hosts
1 and 3 wont see it. What about
other types of traffic, like pings?
Lets see:
Host4#ping 172.34.34.1
address of aa-aa-aa-aa-aa-aa on
interface fast 0/2 and see what
happens when a host with a
different MAC address connects to
the port.
SW1(config-if)#switchport port
SW1(config-if)#switchport port
H.H.H
48 bit mac address
sticky Configure dynamic se
SW1(config-if)#switchport port
aaaa.aaaa.aaaa
SW1#show port-security
Secure Port MaxSecureAddr Cu
SecurityViolation Security Ac
(Count)
------------------------------------------------Fa0/2
1
Shutdown
------------------------------------------------Total Addresses in System (exc
: 0
Max Addresses limit in System
port) : 1024
fas
: E
: S
: S
: 0
: A
: D
: 1
: 1
: 1
: 0
: 0
: 1
SW1(config-if)#switchport port
H.H.H
48 bit mac address
sticky Configure dynamic se
SW1(config-if)#switchport port
fas
: E
: S
: S
: 0
: A
: D
: 1
: 1
: 0
: 1
: 0
: 0
SW2(config-if)#switchport port
SW2(config-if)#switchport port
aging
Port-security a
mac-address Secure mac addr
maximum Max secure addresse
violation
Security violat
<cr>
SW2(config-if)#switchport port
fas
: E
: S
: S
: 0
: A
: D
: 2
: 2
: 1
: 1
: 0
: 0
SW2(config-if)#switchport port
protect
restrict
Security violation p
Security violation r
shutdown
Security violation s
blocking mode.
Do not assume that the physically
shortest path from one host to
another in a switching network is
the path STP will choose as best.
STP uses port speeds along a path
to determine the port costs and the
best paths.
This is strictly an overview of STP,
and you will learn much more about
it during your ICND2 and CCNP
studies. In the meantime, you now
know what a switching loop looks
issues quickly.
Here are the panels for the Cisco
2950 and 2960 switch models, in
that order:
port is accurate.
As you view the port status, duplex,
and speed values via the MODE
button, the individual port LEDs
will change. Heres what the port
LED indicates for all three of these
values:
STATUS:
Flashing green: Traffic going
through interface properly
DUPLEX:
Green: Port is running at full-
duplex
Off: Port is running at half-duplex
SPEED:
Flashing green: Port running at Gig
Ethernet speed
Solid green: Port running at Fast
Ethernet speed
tagging).
In the following network, we have
two hosts in VLAN 10, and theyre
connected to separate, trunking
switches. A frame would be tagged
VLAN 10 before being sent
across the trunk. When the receiving
switch processes that incoming
frame, the switch knows that frame
should be distributed only to
members of VLAN 10.
This allows members in the same
VLAN to communicate when they
2960 switches.
Access Ports, Trunk Ports, And
Trunk Port Settings
A Cisco switch port is going to be
an access port or a trunk port. It
cannot be both.
An access port belongs to one and
only one VLAN. Once you
configure a port as an access port,
that port cannot trunk.
The default behavior of a trunk port
is that it is a member of all VLANs,
but you will not see this indicated
by show vlan brief. Heres the
SW1#show vlan br
VLAN Name
---- ------------------------------------------1
default
Fa0/2, Fa0/3, Fa0/4
Fa0/6, Fa0/7, Fa0/8
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default
Vlans allowed on t
1-4094
1-4094
Port
Fa0/11
Fa0/12
Port
Fa0/11
Fa0/12
SW1(config-if)#switchport mode
access
dynamic
trunk
SW1(config-if)#switchport mode
auto
interface-level command.
SW1(config-if)#switchport none
port.
Desirable means the port will
actively attempt to trunk. If the
remote port is in on, desirable, or
auto mode, a trunk will result.
Auto means the port will trunk, but
the other side must initiate trunking.
If the remote port is in desirable or
on mode, a trunk will result. If both
sides are in auto mode, no trunk
will result.
SW1(config-if)#switchport trun
vlan Set allowed VLANs when
SW1(config-if)#switchport trun
WORD
VLAN IDs of the allo
add
add VLANs to the cur
all
all VLANs
except all VLANs except the
none
no VLANs
remove remove VLANs from th
SW1(config-if)#switchport trun
WORD
VLAN IDs of the allowe
SW1(config-if)#switchport trun
SW1(config-if)#int fast 0/8
SW1(config-if)#switchport trun
Port
Mode
Native vlan
Fa0/6
desirable
Fa0/8
on
Port
Fa0/6
Fa0/8
Encap
802.1
802.1
SW1(config-if)#switchport trun
WORD
VLAN IDs of the allo
add
add VLANs to the cur
all
all VLANs
except all VLANs except the
none
no VLANs
remove remove VLANs from th
SW1(config-if)#switchport trun
SW1(config-if)#int fast 0/8
SW1(config-if)#switchport trun
Port
Mode
Encap
Native vlan
Fa0/6
desirable
Fa0/8
on
Port
Fa0/6
Fa0/8
802.1
802.1
Configuration Revision
Maximum VLANs supported locall
Number of existing VLANs
VTP Operating Mode
VTP Domain Name
conversions.
35
Decimal
712
Units
of 100
Units
of 10
3
Units
of 1
5
Units
Units
256
Hex
35
Hex
712
of 16
of 1
13
784
419
1903
345
The answers and explanations:
1c = 1 unit of 16, 10 units of 1 = 16
+ 10 = 26
F1 = 15 units of 16, 1 unit of 1 =
240 + 1 = 241
+ 3 = 19
784 = 7 units of 256, 8 units of 16,
4 units of 1 =
1792 + 128 + 4 = 1924
419 = 4 units of 256, 1 unit of 16, 9
units of 9 =
1024 + 16 + 9 = 1049
103 = 1 units of 256, 0 units of 16,
3 units of 1 =
256 + 1 = 257
16
42
42
256
0
Next value: 22
16
2
1
A
256
16
22
16
1
1
6
16
790
790
256
3
16
1
1
6
16
16
6
1
9
16
and 10 is represented by A in
hex. We have a remainder of 14,
which in turn is represented by E
in hex.
The decimal 174 converts to the hex
value AE.
256
174
16
A
1
E
http://www.youtube.com/watch?
v=OLrj3qzTGw4
You Might Just Be A Root Switch
If
http://www.youtube.com/watch?
v=9Db_5o_eXKE
You Might Not Be A Root Switch
If.
http://www.youtube.com/watch?
v=Hxf8f5U3eKU
http://www.youtube.com/user/ccie12
A Network Admins
Book Of WANs
(Well, a summary, anyway.)
This section is an intro to WANs,
and when I say intro, I mean
intro!
When one router wants to talk to
another over a long distance, thats
our Wide Area Network at work,
and we have plenty of options for
our WANs.
It wont surprise you to learn that
each option has plenty of details.
Authentication Protocol
(PAP) and the ChallengeHandshake Authentication
Protocol (CHAP)
Support for error detection
and error recovery features
Multiprotocol support (which
Ciscos HDLC does offer, but
the original HDLC does not)
Those arent all of PPPs
advantages over HDLC, but theyre
the most important to us as network
admins.
No look at WAN protocols would
be complete without a look at
Onward!
destination IP address!
Description . . . . . . . .
(2.4GHz and 5GHz)
Physical Address. . . . . .
DHCP Enabled. . . . . . . .
Autoconfiguration Enabled .
Link-local IPv6 Address . .
fe80::3122:85f1:77bc:140%12(Pr
IPv4 Address. . . . . . . .
Subnet Mask . . . . . . . .
Lease Obtained. . . . . . .
AM
Lease Expires . . . . . . .
AM
Default Gateway . . . . . .
DHCP Server . . . . . . . .
DHCPv6 IAID . . . . . . . .
Physica
00-90-f
period.
For this example, well use the
same network, but with MAC and
IP address assigned to the hosts and
the routers Ethernet interfaces.
Physical
10.3.1.2
11-11-11-
Whats my IP address?
Whats my network mask?
What are the IP addresses of
the DNS servers?
Whats my default gateway?
We have two options for getting that
info to the host:
Visit each workstation and
configure the information
manually
Enable each workstation for
DHCP
You might think theres no big
Lease Expires . . . . . . . .
8:54:37 AM
Default Gateway . . . . . . .
DHCP Server . . . . . . . . .
DHCPv6 IAID . . . . . . . . .
DHCPv6 Client DUID. . . . . .
1F-AF-22-12-E5
LANs.
R1 config:
Interface ethernet0
Ip helper-address 172.23.2
R1 config:
Interface ethernet0
Ip helper-address 172.23.23
Ip helper-address 172.23.23
Low IP address
High IP address
<cr>
Pool name
default-router
Default
dns-server
DNS ser
domain-name
Domain
exit
configuration mode
Exit fr
host
Client
lease
Address
network
Network
no
defaults
relay
Negate
Functio
R1(dhcp-config)#default-router
Hostname or A.B.C.D
Router
R1(dhcp-config)#default-router
R1(dhcp-config)#dns-server ?
Hostname or A.B.C.D
Server
R1(dhcp-config)#dns-server 100
Hostname or A.B.C.D
<cr>
Server
R1(dhcp-config)#dns-server 10.
R1(dhcp-config)#dns-server 10.
R1(dhcp-config)#domain-name ?
WORD Domain name
R1(dhcp-config)#domain-name th
R1(dhcp-config)#lease ?
<0-365>
Days
infinite
Infinite lease
R1(dhcp-config)#lease 10 ?
<0-23>
Hours
<cr>
R1(dhcp-config)#lease 10 0 ?
<0-59>
<cr>
Minutes
R1(dhcp-config)#lease 10 0 0?
<0-59>
R1(dhcp-config)#lease 10 0 0 ?
<cr>
R1(dhcp-config)#lease 10 0 0
command!
Thats enough DHCP for now
lets head to the next section!
Before you do, though, head out to
Udemy and join my free and almostfree CCNA, CCNP, CCENT, and
Security Video Boot Camps!
You can join my 27-hour CCNA
Video Boot Camp for just $44 with
the BULLDOG60 coupon code, and
all videos are fully downloadable!
https://www.udemy.com/u/chrisbryan
See you there!
Router Memory,
Configs, and More
Initializing flashfs
Done initializing flashfs.
POST: System Board Test : Pass
POST: Ethernet Controller Test
ASIC Initialization Passed
POST: FRONT-END LOOPBACK TEST
(CLI).
Theres nothing technically wrong
with Setup Mode. Its just unwieldy,
and most admins want to get out of
it the first time they try it. Make
sure you keep that keystroke in mind
for both the exam and working with
real-world networks!
As for configuring from the CLI, all
you have to do is type enable at that
prompt, then youre ready to enter
configuration mode with conf t
(short for configure terminal)
Finally, if youd like to enter Setup
Mode from the router prompt,
simply type setup.
R2#setup
no service password-encryption
hostname Router
ip subnet-zero
interface Ethernet0
no ip address
shutdown
interface Serial0
no ip address
shutdown
!
line con 0
transport input none
line aux 0
line vty 0 4
down
Changing the routers name is easy,
so well start there. Just use the
hostname command followed by
the name you want the router to
have.
Router#conf t
Router(config)#hostname R1
R1(config)#
R1(config)#line vty 0 4
R1(config-line)#password CCENT
R1(config-line)#privilege leve
R1(config)#service password-en
R1(config)#<no confirmation me
line vty 0 4
privilege level 15
password 7 01302521753F
login
00:35:36: %LINEPROTO-5-UPDOWN:
Serial0, changed state to up
00:35:58: %LINEPROTO-5-UPDOWN:
Serial0, changed state to down
20:26:57: %LINEPROTO-5-UPDOWN:
R2#show start
interface Loopback0
ip address 2.2.2.2 255.255.25
no ip directed-broadcast
R2(config)#int loopback0
R2(config-if)#ip address 22.22
R2#show start
interface Loopback0
command.
Actually , two details the first
being that you run the copy
command from the enable prompt.
R2#copy ?
/erase
flash:
flh:
ftp:
null:
nvram:
rcp:
running-config
startup-config
system:
tftp:
R2#copy run ?
Erase de
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
Copy fro
ftp:
lex:
null:
nvram:
rcp:
running-config
startup-config
system:
Copy to
Copy to
Copy to
Copy to
Copy to
Update (
Copy to
Copy to
tftp:
Copy to
no.
been
no.
been
[OK]
Proceed with reload? [confirm]
to guess about the startup config youve got a copy right there.
Updating A Router IOS
The trickiest part of changing a
routers IOS image might be getting
the image you want! You can
download IOSes from Cisco, but a
Cisco Connection Online (CCO)
login is not enough.
The rules change as to who can and
cannot download IOS images, so I
wont list those rules here, but you
can find out quickly by searching
Ciscos site. Just keep in mind that
router is running.
The second bolded field shows you
how long the routers been up, why
the router went down the last time it
did so (reload), and the IOS file
contained in flash.
Finally, the all-important config
register value. The value shown,
0x2102, is the factory default. This
value forces the router to look in its
own Flash memory for a valid IOS
on startup.
The config register value requires a
reload for a changed value to take
effect. Ill change this value to
0x2142 and run show version again,
Router1(config)#config-registe
Router1#show version
before!
In this section, were going to
concentrate on Internet Protocol
(IP) addressing. IP addresses are
often referred to as Network
addresses or Layer 3 addresses,
since that is the OSI layer at which
these addresses are used.
The IP address format youre
familiar with - addresses such as
192.168.1.1 - are IP version 4
addresses. That address type is the
focus of this section. IP version 6
addresses are now in use, and
theyre radically different from
IPv4 addresses. Ill introduce you
IP Addressing and an
Introduction to Binary
Conversions
If youve worked as a network
admin for any length of time, youre
already familiar with IP addresses.
Every PC on a network will have
one, as will other devices such as
printers. The term for a network
device with an IP address is host,
and Ill try to use that term as often
as possible to get you used to it!
The PCerr, the host Im creating
this document on has an IP address,
shown here with the Microsoft
command ipconfig.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Co
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
64
32
16
192
64
32
16
192
128
64
32
16
192
128
64
32
16
ipconfig output.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Co
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Its not.
If the destination is on the same
subnet as the host, the packets
destination IP address will be that
of the destination host. In the
following example, this PC is
sending packets to 192.168.1.15, a
host on the same subnet, so there is
no need for the router to get
involved. In effect, those packets go
straight to 192.168.1.15.
for.
In each of these possibilities, the
router will check the encapsulating
frame for errors via the CFC
(remember that?), and then go about
the business of routing the packet.
Lets take an illustrated look at each
of these three possibilities.
R1#show ip route
Codes: C - connected, S - stat
Gateway of last resort is not
C
C
20.0.0.0/8 is directly co
10.0.0.0/8 is directly co
R1#show ip route
Codes: C - connected, S - stat
Gateway of last resort is not
C
C
dropped by R1.
R1#show ip route
Codes: C - connected, S - stat
C
C
S
Secondary IP Addressing
The following info is going to
violate every rule of IP addressing
you know, and some youll learn in
the future, so have some duct tape
ready, because Im about to blow
your mind and youll need
something to put it back together.
If absolutely necessary, you can
assign multiple IP addresses to a
router interface with the secondary
option, as shown here:
<cr>
R1(config-if)#ip address 172.1
R1#show ip route
172.12.0.0/24 is subnette
C
172.12.13.0 is directl
FastEthernet0/0
C
172.12.14.0 is directl
FastEthernet0/0
An AD of 255 indicates an
unreliable source.
I know you havent hit these
dynamic routing protocols in your
study yet, but I wanted to introduce
you to this concept now. As we get
to these topics, Ill remind you of
the AD and where to see it.
https://www.udemy.com/u/chrisbryan
Router1#line vty 0 4
^
% Invalid input detected at '^
CNTL/Z.
Router1(config)#line vty 0 4
Router1(config-line)#
Router1#interface serial 0
^
% Invalid input detected at '^
in global mode)
Router1#conf t
Enter configuration commands,
CNTL/Z.
Router1(config)#interface seri
Router1(config-if)#
1 stop bit
no flow control
Now that were connected, lets get
back to the passwords.
You wont be prompted for a
password when connecting through
the console port. That means anyone
with a laptop and a rollover cable
can connect successfully to this
switch, and thats a default wed
like to change.
Lets take another look at the
password portion of our switchs
configuration:
line con 0
line vty 0
4 login
line vty 5
15 login
SW1#configure terminal
Enter configuration commands,
CNTL/Z.
SW1(config)#line console 0
SW1(config-line)#login
SW1(config-line)#password CCEN
Router1>
R1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open
[Connection to 172.12.123.3 cl
R3(config-line)#password CCENT
R3(config-line)#login
R3>
R1>configure terminal
^
% Invalid input detected at '^
R1>
R1>enable
R1#
secret
secret
Router1(config)#enable passwor
Router1>enable
Password: < I entered CCENT he
appear on the screen >
Router1#
hostname Router1
enable password
CCENT
Router1>enable
Password:
< I entered CCENT
>
Password:
Password:
R3>
Oops.
We have a major problem. No
enable password has been set on
Password:
R3>enable
Password:
password>
R3#
R3(config)#line vty 0 4
R3(config-line)#privilege leve
Router1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open
SW2(config-line)#transport inp
SW2(config)#username general p
SW2(config)#username captain p
SW2(config)#username major pas
enabled:
*Mar 3 02:01:01.406:
%SSH-5-ENABLED: SSH
1.99 has been enabled
Youll learn much more about
crypto keys and their use in your
CCNP studies. Thats enough SSH
for now!
exec-timeout 0 0
logging
synchronous
SW2(config)#int vlan1
SW2(config-if)#ip address 40.4
SW2(config-if)#
00:57:40: %LINK-3-UPDOWN: Inte
state to up
00:57:41: %LINEPROTO-5-UPDOWN:
Interface Vlan1, changed state
SW2(config)#ip default-gateway
100
SW2(config)#interface range ?
FastEthernet FastEthernet IE
Loopback
Loopback interf
Port-channel Ethernet Channe
Tunnel
Tunnel interfac
Vlan
Catalyst Vlans
SW2(config)#interface range fa
SW2(config-if-range)#speed 10
FastEthernet0/1 speed
10
!
interface
FastEthernet0/2
speed 10
!
interface FastEthernet0/3
speed 10
!
interface
FastEthernet0/4
speed 10
!
interface
FastEthernet0/5
speed 10
!
interface
FastEthernet0/6 speed
10
SW2(config)#interface range fa
SW2(config-if-range)#speed 100
interface
FastEthernet0/1 speed 100
!
interface
FastEthernet0/2
speed 100
!
interface
FastEthernet0/3
speed 100
!
interface
FastEthernet0/4
speed 100
!
interface
FastEthernet0/5
speed 100
!
interface
FastEthernet0/6
100
speed
Creating Banners
For legal reasons, you need to warn
users that unauthorized access to the
router is prohibited. (In court, you
would need to prove the person
knew they were not supposed to go
into your network.) You can present
this message, or any message you
feel appropriate, with the banner
command.
(Inappropriate messages are best
left for home lab practice!)
The banner command has a few
options. The most commonly used
is the Message Of The Day
(MOTD) option.
SW2(config)#banner ?
LINE
c banner-tex
delimiting character
exec
process creation banner
incoming
Set incoming
login
Set login ban
motd
Set Message o
prompt-timeout
Set Message f
timeout
slip-ppp
Set Message f
SW2(config)#banner motd ?
LINE c banner-text c, where
character
SW1(config)#banner motd $
Enter TEXT message. End with t
Network down for router IOS up
tonight! $
SW2(config)#banner login %
Enter TEXT message. End with t
%. Unauthorized Login Prohibit
banner login ^C
Unauthorized Access Prohibited
Knew That. ^C banner motd ^C
Network down for router IOS up
tonight! ^C
SW2(config)#banner ?
LINE
c banner-text
delimiting character
exec
Set EXEC proc
incoming
Set incoming
login
Set login ban
motd
Set Message o
prompt-timeout
timeout
Set Message f
slip-ppp
Set Message f
SW1(config)#banner exec *
Enter TEXT message. End with t
Welcome to our nice, clean net
pressed >
Please keep it that way. *
R1#so here i am
4d04h: %SYS-5-CONFIG_I: Config
consoletyp
4d04h: %LINK-3-UPDOWN: Interfa
to uping and
4d04h: %LINEPROTO-5-UPDOWN: Li
Serial0, changed state to upi
quite badly!
4d04h: %LINEPROTO-5-UPDOWN: Li
Serial0, changed state to down
R1(config)#line con 0
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
R1(config-line)#exec-timeout 0
<0-2147483> Timeout in seconds
<cr>
R1(config-line)#exec-timeout 0
R1(config)#line vty 0 4
R1(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
R1(config-line)#exec-timeout 0
<0-2147483> Timeout in
seconds
<cr>
R1(config-line)#exec-timeout 1
<0-2147483> Timeout in
seconds <cr>
R1(config-line)#exec-timeout 1
Keystroke Shortcuts
There are quite a few key
combinations that will make your
life easier, and Im going to list the
most popular ones here. I want to
make it clear that you do not have to
use these in real life. I only use a
few myself!
One of my favorites is the up arrow,
which will show you the last
command you entered. If you
continue to hit the up arrow, youll
continue to go through the command
history. <CTRL-P> does the same
thing.
As you might expect, the down
conf t
show ip ospf
neighbor
show
dialer
show ip ospf
neighbor
show
dialer
show run
show hsitory
show history
configuration or a tough
troubleshooting situation, you can
change the size of the history buffer
from its default of 10. Note that you
do this at the Console port or VTY
line level. Changing the default for
the Console port doesnt change the
default for the VTY line, and vice
versa.
R1(config)#line con 0
R1(config-line)#history size ?
<0-256> Size of history buffer
R1(config)#line vty 0 4
R1(config-line)#history size ?
<0-256> Size of history buffer
Static Routing
(With A Side Of DistanceVector)
In the Intro To Routing section,
you were given a sneak peek at
static routing. In this section, well
configure static routing on live
Cisco routers and use some new
commands to test IP connectivity.
Theres plenty of IP connectivity
troubleshooting built into this
section!
Its important to understand static
Static Routes
Heres the network well use for the
static routing discussion and labs:
is 2 seconds:
!!!!!
Success rate is 100 percent (5
min/avg/max = 68/68/72 ms
R1#ping 172.12.123.3
172.12.0.0/24 is subnette
C
172.12.123.0 is direct
that network.
That network appears as a
Connected network, meaning
theres an interface on this router
thats configured with an IP address
from that subnet. The entry also
tells you which interface that is.
Lets see if our spokes can ping the
hub, and each other. Can R2 ping
both 172.12.123.1 and .3?
R2#ping 172.12.123.1
seconds:
!!!!!
we pinged.
Ping tells you that you dont have
connectivity, but doesnt really tell
you why. A command thats very
helpful in diagnosing the why is
debug ip packet.
HUGE IMPORTANT STUDY TIP:
Debugs are also an outstanding
learning tool, one that many
CCENT and CCNA candidates
overlook. I urge you to use debugs
early and often in your lab or
simulator work, since this allows
you to see what goes on behind the
140/140/140 ms
R3#
R3#show ip route
Codes: C - connected, S - stat
Gateway of last resort is not
3.0.0.0/32 is subnetted,
C
3.3.3.3 is directly co
172.12.0.0/24 is subnette
C
172.12.123.0 is direct
R3#undebug all
All possible debugging has bee
OR
R3#no debug ip packet
IP packet debugging is off
network
A default static route, which
will be used when there is no
other match in the routing
table for a destination
network.
I would be very familiar with those
options for your exam, along with
the syntax of each, which well see
throughout the rest of this section.
Well use IOS Help to illustrate the
choices with this command and
many others throughout the course.
Get plenty of practice with IOS
R3#debug ?
aaa
AAA
Authorization and Accounting
access-expression
Bool
adjacency
adja
all
Enab
arp
IP A
transactions
Destination prefix
profile
vrf
instance
Enable IP routing t
Configure static ro
R3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
U.U.U
R3#show ip route
Codes: C - connected, S - stat
2.0.0.0/24 is subnetted,
subnets S
2.2.2.0 [1/0]
172.12.123.1
3.0.0.0/24 is subnetted,
C
3.3.3.0 is directly co
172.12.0.0/24 is subnette
C
172.12.123.0 is direct
R1#show ip route
Codes: C - connected, S - stat
Gateway of last resort is not
172.12.0.0/24 is subnette
C
172.12.123.0 is directl
R1#show ip route
Codes: C - connected, S - stat
Gateway of last resort is 172.
172.12.0.0/24 is subnette
C
S*
172.12.123.0 is directl
0.0.0.0/0 [1/0] via 172.1
R3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
!!!!!
Success rate is 100 percent (5
140/142/152 ms
Yes!
Default static routes serve two
major purposes, one of which
weve just seen in action -- we can
send data to networks that have no
specific entry in the routing table.
This also helps to keep routing
tables concise and complete, and
as you advance in your Cisco
studies, youll learn its important
to control the size of the routing
table while keeping it complete.
Static routes have their place, but
R3#deb ip rip
RIP: sending v2 update to 224.
172.12.123.0/24 -> 0.0.0.
1.1.1.1/32 -> 172.12.123.
2.2.2.2/32 -> 172.12.123.
3.3.3.3/32 -> 0.0.0.0, me
issues
Slow convergence.
Inaccurate metrics.
Two versions of RIP exist,
one of which doesnt support
subnet masking and uses
broadcasts rather than
multicasts to send routing
updates.
RIP sends out a full routing
table every 30 seconds,
regardless of whether theres
even been a change in the
network, which is a
WHOPPING waste of router
Octet: 0
2nd
0
Octet:
3rd
0
Octet:
4th
1
Octet:
0 0 0 0
0 0 0 0
0 0 0 0
1 1 1 1
00000000
3rd Octet: All
bits must match.
4th Octet: First
00001111
four bits must
match.
00000000
Resulting
00000000
Wildcard Mask: 00000000
00001111
OSPF In Particular,
Link-State Protocols In
General
Link-State Protocol Concepts
A major drawback of distance
vector protocols is that they not
only send routing updates at a
regularly scheduled time, but these
routing updates contain full routing
tables for that protocol. When a RIP
router sends a routing update
packet, that packet contains every
Router Link St
Link ID
Link count
ADV Router
2.2.2.2
1
2.2.2.2
172.23.23.3
1
172.23.23.3
ADV Router
172.23.23.3
172.23.23.3
exchanged.
R3#ping 172.12.23.2
R2(config)#router ospf 1
R2(config-router)#network 172.
R3(config)#router ospf 1
R3(config-router)#network 172.
R2(config)#int e0
R2(config-if)#ip address 172.1
R2(config-if)#router ospf 1
R2(config-router)#no network 1
R2(config-router)#network 172.
Pri
1
State
FULL/DR
And we do!
Lets now switch focus to the other
two values you saw in that debug
command - the Hello and Dead
timers.
Neighbor Value #3 & 4: The Hello
And Dead Timers
each neighbor.
The default dead time for OSPF is
four times the hello time, which
makes it 40 seconds for Ethernet
links and 120 seconds for nonbroadcast links. The OSPF dead
time adjusts dynamically if the hello
time is changed. If you change the
hello time to 15 seconds on an
Ethernet interface, the dead time
will then be 60 seconds.
Lets see that in action. The
command show ip ospf interface
will show us a wealth of
information, including the Hello and
255.255.255.128 C 255.255.255.
128
Neighbor ID
Interface
Pri
172.12.23.3
Ethernet0
State
FULL/DR
R2(config-router)#network 172.
R3(config)#router ospf 7
R3(config-router)#network 172.
Pri
State
FULL/DR
Border Routers
OSPF areas allow us to build a
hierarchy into our network, where
we have a backbone area (Area
0), and expand the network from
there. This concept also allows us
to create stub areas, where the
routers in the stub areas will not
have full routing tables theyll
have a combination of individual
routes and default routes. Well get
a taste of those stub areas later in
this section, and well really get
into them in your CCNA and CCNP
studies.
Pri
State
FULL/DR
Ethernet0
enabled.
You can hardcode the RID with the
router-id command.
R2(config)#router ospf 1
R2(config-router)#router-id ?
R2(config-router)#router-id 22
<cr>
R2(config-router)#router-id 22
Default-Information Originate
(Always?)
R2(config-router)#default-info
always
metric
Always advertis
OSPF default me
metric-type
route-map
<cr>
section.
R1(config)#access-list ?
<1-99>
IP standard
<100-199>
IP extended
<1100-1199>
Extended 48<1300-1999>
IP standard acc
<200-299>
Protocol typ
<2000-2699>
IP extended ac
<700-799>
48-bit MAC a
dynamic-extended
rate-limit
Extend the d
Simple rate-
Octet: 0
2nd
0
Octet:
3rd
0
Octet:
4th
1
Octet:
0 0 0 0
0 0 0 0
0 0 0 0
1 1 1 1
3rdOctet: All
00000000
bits must match.
4thOctet: First
00001111
four bits must
match.
00000000
Resulting
00000000
Wildcard Mask: 00000000
00001111
R3(config)#access-list 5 permi
deny.
A great rule of thumb when
determining the effect of an
ACL:
If traffic isnt explicitly
permitted, its implicitly
denied.
Adding Remarks
Access lists can become quite large
and intricate. If one admin writes an
ACL and another admin comes in
six months later to troubleshoot an
issue, that second admin may have
no idea what the ACL was trying to
accomplish. When you see a
convoluted 70-line ACL that just
doesnt make sense to you, youll
wish there was some kind of basic
explanation!
Its professional courtesy to add a
remark line or two to describe what
an ACL was written for. To do so,
use the remark ACL command:
R3(config)#access-list 5 ?
deny
Specify packets to r
permit Specify packets to f
remark Access list entry comm
R3(config)#access-list 5 remar
LINE Comment up to 100 chara
<cr>
R3(config)#access-list 5 remar
R3#conf t
R3(config)#access-list 6 permi
R3(config)#conf t
R3(config)#access-list 7 permi
R3(config)#access-list 15 perm
R3(config)#access-list 15 perm
R3(config)#access-list 15 deny
R3(config)#access-list 15 perm
R3(config)#access-list 15 perm
R3(config)#access-list 15 deny
R3(config)#access-list 15 deny
R3(config)#access-list 15 perm
R3(config)#access-list 15 perm
R3(config)#access-list 15 deny
0.0.0.255.
Here are the two remaining
possibilities:
R3(config)#access-list 15 deny
R3(config)#access-list 15 perm
R3(config)#access-list 15 perm
R3(config)#access-list 15 deny
R3(config)#access-list 100 ?
deny
Specify packets to
dynamic Specify a DYNAMIC l
permit
Specify packets to
remark
Access list entry c
icmp
igmp
igrp
ip
ipinip
nos
ospf
pcp
pim
tcp
udp
Internet Contr
Internet Gatew
Ciscos IGRP r
Any Internet P
IP in IP tunne
KA9Q NOS compa
OSPF routing p
Payload Compre
Protocol Indep
Transmission Con
User Datagram
host
A.B.C.D
any
host
Source address
Any source host
A single source hos
R3(config)#int e0
R3(config-if)#ip access-group
in
inbound packets
out outbound packets
R3(config-if)#ip access-group
R3#conf t
R3#ip access-list extended NO_
R3(config-ext-nacl)#deny ip 17
R3(config-ext-nacl)#permit ip
R3(config)#access-list 55 perm
R3(config)#access-list 55 deny
R3(config-line)#access-class 5
in
out
R3(config-line)#access-class 5
R1#telnet 172.12.123.3
Trying 172.12.123.3
R2#telnet 172.23.23.3
Trying 172.23.23.3 Open
User Access Verification
Password:
R3>
HOST#ping 44.44.44.4
levels.
The host is sending packets
that have no chance of getting
to 44.44.44.0 = wasted effort.
Packets processed and
forwarded by R2 that have no
chance of getting to
44.44.44.0 = wasted effort.
WAN bandwidth is sucked up
by packets that will be
stopped on the other side of
the WAN = wasted
bandwidth.
R3 has to process incoming
packets itll dump before
one!
Echo reply
R3#show access-list
Extended IP access list 101
deny icmp any any echo (5 matc
permit ip any any
R3#show ip access-list
Extended IP access list 101
R1(config)#time-range NOTELNET
R1(config-time-range)#periodic
Friday
Monday
Saturday
Sunday
Thursday
Tuesday
Wednesday
Friday
Monday
Saturday
Sunday
Thursday
Tuesday
Wednesday
daily
weekdays
weekend
R1(config-time-range)#periodic
hh:mm Starting time
R1(config-time-range)#periodic
to ending day and time
R1(config-time-range)#periodic
R1(config-time-range)#periodic
R1(config)#int s0/0
R1(config-if)#ip access-group
R1#show ip access-list
R1(config)#access-list 45 deny
R1(config)#access-list 45 deny
R1(config)#access-list 45 deny
R1(config)#access-list 45 perm
45
45
45
45
deny
deny
deny
perm
R1(config)#access-list 45 deny
R1#show access-list 45
Standard IP access list 45
deny 172.12.0.0, wildcard
deny 172.14.0.0, wildcard
deny 172.16.0.0, wildcard
permit any
deny 172.13.0.0, wildcard
R1#show ip access-list 45
Standard IP access list 45
10 deny 172.12.0.0, wildca
20 deny 172.14.0.0, wildca
30 deny 172.16.0.0, wildca
40 permit any
R1(config-std-nacl)#?
Sequence Numbe
deny
Specify packet
exit
no
permit
Specify packets to f
remark
R1#show access-list 45
Standard IP access list 45
5 deny
172.13.0.0, wildcard
10 deny
172.12.0.0, wildcard
20 deny
172.14.0.0, wildcard
30 deny 172.16.0.0, wildcard b
40 permit any
Specify packets to
Specify packets
R1(config-std-nacl)#no 20 ?
<cr>
R1(config-std-nacl)#no 20
R1#show access-list 45
Standard IP access list 45
5 deny
172.13.0.0, wildc
10 deny
172.12.0.0, wild
30 deny
172.16.0.0, wild
40 permit any
than it already is
Secure certificates will not
function correctly
Security services and tools
that rely on consistent time
across the network will not
function correctly
Time-based ACLs are going
to have a pretty hard time of
it, too!
The typical NTP configuration
begins with a network device or
devices getting their time from a
highly believable, secure source.
Control
Authenti
Authenti
Estimate
clock-period
Length o
logging
Enable N
master
Act as N
max-associations
associations
Set maxi
peer
Configur
server
Configur
source
address
Configur
trusted-key
sources
Key numb
R3(config)#ntp server ?
VPN Rout
R1(config)#ntp master ?
<1-15>
Stratum number
<cr>
R1(config)#ntp master 5 ?
<cr>
R1(config)#ntp master 5
address
*~20.1.1.1
ref cloc
127.127.7.1
Route Summarization
This is a fantastic technique for
keeping your routing tables
complete and concise!
When our router looks for a given
destination in the routing table, it
will look at all possible routes in
search of the best match for the
destination in question. The larger
the table, the more time this takes.
Large routing tables are also a drain
on router memory.
EIGRP, and OSPF both use
different commands to perform
100.4.0.0
100.5.0.0
100.6.0.0
100.7.0.0
1st Octet
01100100
01100100
01100100
01100100
2nd Octet
00000100
00000101
00000110
00000111
3
00
00
00
00
100.4.0.0
100.5.0.0
100.6.0.0
100.7.0.0
1st Octet
01100100
01100100
01100100
01100100
2nd Octet
00000100
00000101
00000110
00000111
3
00
00
00
00
2nd Octet 3
100.1.0.0
100.2.0.0
100.3.0.0
100.4.0.0
01100100
01100100
01100100
01100100
00000001
00000010
00000011
00000100
00
00
00
00
100.1.0.0
100.2.0.0
100.3.0.0
100.4.0.0
100.5.0.0
100.6.0.0
100.7.0.0
1st Octet
0110100
0110100
0110100
0110100
0110100
0110100
0110111
2nd Octet
00000001
00000010
00000011
00000100
00000101
00000110
00000111
3rd
000
000
000
000
000
000
000
100.1.0.0
101.1.0.0
102.1.0.0
103.1.0.0
1st Octet
01100100
01100101
01100110
01100111
2nd Octet
00000001
00000001
00000001
00000001
3
00
00
00
00
R2#conf t
R2(config)#interface ethernet0
R2(config-if)#ip summary-addre
IP Version 6
IP Version 6 is all around us today,
and even if youre not working
directly with it today, you will be
one day!
Well, you will be if youve taken
the initiative to learn IPv6. A lot of
network admins have put off
learning IPv6, which is a huge
mistake. Even if it doesnt impact
your current career, youre
definitely limiting your future
prospects if you arent strong with
IPv6 and youre strengthening
Youll also need the skill of reexpanding the addresses from their
compressed state to their full 128bit glory, and youll develop that
skill in this section as well. Be sure
to have something to write with and
on when studying this section.
Zero Compression And Leading
Zero Compression
When you have consecutive blocks
of zeroes in an IPv6 address, you
can represent all of them with a
single set of colons. It doesnt
Original format:
1234:1234:0000:0000:0000:0000:34
Using zero compression:
1234:1234::3456:3434
Since blocks of numbers are
separated by a single colon in the
first place, be careful when
Original format:
1234:0000:1234:0000:1234:0000:01
With leading zero compression:
1234:0:1234:0:1234:0:123:1234
For your exam and for the real
Original format:
1111:0000:0000:1234:0011:0022:00
With zero and leading zero
compression:
1111::1234:11:22:33:44
Zero compression uses the double
colon to replace the second and
1111:0000:0000:2222:0000:0000:00
1111:0000:2222:0000:0000:0000:00
Or this:
1111:0000:0000:0000:0000:2222:00
Or this!
1111:0000:0000:0000:2222:0000:00
If multiple uses of zero
compression were legal, every one
of those addresses could be
represented by 1111::2222::3333
and none of them would actually be
the original address!
Thats why using zero compression
more than once in an IPv6 address
is illegal there would be no way
to know exactly what the original
address was, which would kind of
defeat the purpose of compression!
1111:2222:3300:0000:0000:0000:00
does NOT compress to
1111:2222:33::44:5555
The correct compression:
1111:2222:3300::44.5555
2222:0023:000a:0000:0000:bbcc:dd
Done and done!
This is also an easy skill to practice
whenever you have a few minutes,
and you dont even need a practice
exam to do so. Just take a piece of
paper, and without putting a lot of
thought into it, just write out some
compressed IPv6 addresses and
then practice decompressing them.
(You should put thought into that
part.)
V6ROUTER1(config)#ipv6 unicast
V6ROUTER1(config-if)#ipv6 addr
2001:1111:2222:0001:1::/64
2001:1111:2222:1:1::, subn
2001:1111:2222:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:0
FF02::1:FFEF:D240
FastEthernet0/0
[up
FE80::20C:31FF:FEEF:D240
2001:1111:2222:1:1::
Serial0/0
[ad
FastEthernet0/1
[ad
Serial0/1
[ad
Uncompressed:
FE80:0000:0000:0000:020C:31FF:F
According to the official IPv6
address standards, the link-local
reserved address block is
Fe80::/10. That means the first ten
000c:31FF:FEEF:D240
Now for that bit inversion! We
know 00 = 0000 0000, so invert the
7th bit to a 1, and we have 0000
0010, which equals 02. Put the 02
in the address in place of the 00
at the beginning of the identifier,
and we have.
020c:31FF:FEEF:D240
and after a (very) little leading
zero compression, were left with
20c.31FF:FEEF:D240. Is that
correct? Lets check out that linklocal address.
V6ROUTER1#show ipv6 interface
V6ROUTER1(config-if)#ipv6 addr
WORD
General
X:X:X:X::X
IPv6 lin
X:X:X:X::X/<0-128>
IPv6 pre
autoconfig
autoconfiguration
Obtain a
V6ROUTER1(config-if)#no ipv6 a
2001:1111:2222:1:1::/64
V6ROUTER1(config-if)#ipv6 addr
?
anycast
Configure as an any
eui-64
<cr>
V6ROUTER1(config-if)#ipv6 addr
eui-64
2001:1111:2222:1:20C:3
2001:1111:2222:1::/64 [EUI]
now the prefix followed by the linklocal address. The result is a unique
address that was calculated in part
by the router, and not totally
configured by us.
Would you believe theres a third
way for that interface to get its
address? Since the first two
methods have been static
configurations, I bet you think this
ones dynamic. Lets use IOS Help
to see that one
X:X:X:X::X/<0-128>
IPv6 pr
autoconfig
Obtain ad
autoconfiguration
2001:1111:2222:1:20C:31FF:
2001:1111:2222:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFEF:D240
2001:1111:2222:1:20C:31FF:
2001:1111:2222:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFEF:D240
Thats it!
Now back to our Neighbor
Solicitations and Advertisements!
When last we left our IPv6 host,
now named Host A, it was
sending a Neighbor Solicitation to
DHCP In IPv6
DHCP is one of the most useful
protocols well ever use, so IPv6
certainly wasnt going to eliminate
it but just as we can always get
better, so can protocols. Lets jump
into DHCP for IPv6, starting with a
comparison of Stateful DHCP and
Stateless DHCP.
Stateless DHCP works a lot like the
DHCP weve come to know and
love in our IPv4 networks. See if
this story sounds familiar:
A host sends a DHCP
message, hoping to hear back
client.
The server keeps a database
of information on clients that
accept the IP addresses that it
offers.
A problem comes in when
theres a router in between
our host and DHCP server. In
that case, we need the router
to act as a relay agent.
Those paragraphs describe both
DHCPv4 and Stateful DHCPv6.
There are some differences, of
course:
V6ROUTER1(config-if)#ipv6 dhcp
destination Configure relay
V6ROUTER1(config-if)#ipv6 dhcp
X:X:X:X::X IPv6 address
V6ROUTER1(config-if)#$elay des
2001:1111:2222:1:20E:D7FF:FEA4
Group Address(es).
2001:1111:2222:1:20C:31FF:
2001:1111:2222:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FFEF:D240
2001:1111:2222:1:20C:31FF:
2001:1111:2222:1::/64 [EUI]
R3:
V6ROUTER3#show ipv6 interface
2001:1111:2222:1:20E:D7FF
2001:1111:2222:1::/64 [EUI]
V6ROUTER1#ping 2001:1111:2222:
min/avg/max = 0/0/4 ms
V6ROUTER1#traceroute
2001:1111:2222:1:20e:d7ff:fea4
1 2001:1111:2222:1:20E:D7FF:F
msec
2001:1111:2222:1:20E:D7FF:FEA4
http://www.cisco.com/en/US/docs/io
xml/ios/ipv6/command/ipv6s4.html#wp1680937550
2001:1111:2222:1::/64 [0/0]
via ::, FastEthernet0/0
2001:1111:2222:1:20C:31FF:F
via ::, FastEthernet0/0
FF00::/8 [0/0]
V6ROUTER1(config)#ipv6 route 2
Dialer
Dialer interfa
FastEthernet
Loopback
FastEthernet I
Loopback inter
MFR
Multilink Fram
Multilink
Multilink-grou
Null
Null interface
Port-channel
Ethernet Chann
Serial
Serial
X:X:X:X::X
IPv6 address o
prompt.
Hint: You can always run show ipv6
neighbors to grab the next-hop
address via copy and paste rather
than typing it in.
V6ROUTER1#show ipv6 neighbors
IPv6 Address
Addr State Interface
Ag
FE80::20E:D7FF:FEA4:F4A0
000e.d7a4.f4a0 STALE Fa0/0
2001:1111:2222:1:20E:D7FF:FEA4
000e.d7a4.f4a0
V6ROUTER1(config)#$2001:2222:3
2001:1111:2222:1:20E:D7FF:FEA4
V6ROUTER1#ping 2001:2222:3333:
Success, indeed!
Lets run the exact same lab but
with a default static route. First,
well remove the previous route by
using our up arrow and then ctrl-a
to go to front of the lonnnng
command, and enter the word no:
V6ROUTER1(config)#ipv6 route :
2001:1111:2222:1:20E:D7FF:FEA4
V6ROUTER1#ping 2001:2222:3333:
Ta da!
::/0 [1/0]
via 2001:1111:2222:1:20E:D7
C
2001:1111:2222:1::/64 [0/0]
via ::, FastEthernet0/0
2001:1111:2222:1:20C:31FF:F
via ::, FastEthernet0/0
FF00::/8 [0/0]
via ::, Null0
as the RID!
If there is no IPv4 address
configured on the router, youll
need to use our old friend router-id
to create the RID. The RID must be
entered in IPv4 format, even if
youre only running IPv6 on the
router.
R1 (config-router) #router-id
represented in OSPF v3 by
FF02::5.
The OSPF v2 reserved
address 224.0.0.6 is
represented in OSPF v3 by
FF02::6.
Rip
Process ID
Authentication
Enab
cost
Cost
database-filter
Filt
synchronization and flooding
dead-interval
is declared dead
Inter
demand-circuit
OSPF
encryption
Enabl
flood-reduction
OSPF
hello-interval
Time
mtu-ignore
Ignor
neighbor
OSPF
network
Netwo
priority
Route
retransmit-interval
link state
Time
adver
transmit-delay
Link
V6ROUTER1(config-if)#ipv6 ospf
V6ROUTER1(config-if)#ipv6 ospf
OSPF area ID in IP
V6ROUTER1(config-if)#ipv6 ospf
R3:
ROUTER3(config)#int fast 0/0
V6ROUTER3(config-if)#ipv6 ospf
V6ROUTER3(config-if)#^Z
V6ROUTER3#
ipv6
Neighbor ID
Pri
Int ID
Interface
3.3.3.3
4
ospf
State
1 FULL/BDR
FastEthernet0
V6ROUTER3(config)#int loopback
V6ROUTER3(config-if)#ipv6 ospf
O - OSPF intra, OI - O
1, OE2 - OSPF ext
2001:1111:2222:1::/64 [0/0
via ::, FastEthernet0/0
2001:1111:2222:1:20C:31FF:
OI 2001:2222:3333:1:20E:D7FF:F
via FE80::20E:D7FF:FEA4:F4A
L
FF00::/8 [0/0]
via ::, Null0
V6ROUTER1#ping 2001:2222:3333:
Type escape sequence to abort.
seconds:
!!!!!
O - OSPF intra, OI - OS
1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1,
OI
D - EIGRP, EX - EIGRP e
2001:2222:3333:1:20E:D7F
via FE80::20E:D7FF:FEA4:
State
FULL/BDR
Static NAT
If a limited number of hosts on a
private network need Internet
access, static NAT may be the
appropriate choice. Static NAT
maps a private address directly to a
public, routable address. Static
NAT could be helpful in a network
such as the following:
R3(config)#interface ethernet0
R3(config-if)#ip address 10.5.
R3(config-if)#ip nat inside
R3(config-if)#interface serial
R3(config-if)#ip address 210.1
R3(config-if)#ip nat outside
-------
210.1.1.3
210.1.1.4
10.5.5.6
10.5.5.7
Dynamic NAT
The obvious problem with Static
NAT is a lack of scalability. If you
have only a few hosts that need
Internet access, its fine, but most
organizations have a LOT of hosts
that need that access. In todays
world of web-based apps and The
Almighty Cloud, its not practical to
have just a few hosts on the Net.
Dynamic NAT allows a pool of
inside global addresses to be
created. The public IP addresses
are mapped to a private address on
an as-needed basis, and the
mapping is dropped when the
R3(config)#access-list 1 permi
R3#conf t
R3(config)#interface ethernet0
R3(config-if)#ip nat inside
R3(config-if)#interface serial
R3(config-if)#ip nat outside
R3#conf t
R3(config)#ip nat inside sourc
R3(config)#ip nat pool NATPOOL
Another use for ACLs! An accesslist is used to identify the hosts that
will have their addresses translated
by NAT. This ACL allows any host
using an IP address to use NAT if
the first three octets of the hosts IP
pool.
The access list permits all hosts on
10.5.5.0/24, meaning that any host
on that subnet can grab an IP
address from the NAT pool.
Show ip nat statistics will display
the name and configuration of the
NAT pool.
R3(config)#access-list 1 permi
R3(config)#int e0
R3(config-if)#ip nat inside
R3(config-if)#int s0
R3(config-if)#ip nat outside
serial0 overload
R2(config)#access-list 1 permi
Inside interfaces:
Ethernet0
Hits: 2 Misses: 0
Expired translations: 0
Dynamic mappings:
R3(config)#access-list 5 permi
R3(config)#
R3(config)#ip nat inside sourc
list
Specify access li
addresses
route-map Specify route-map
static
Specify static lo
pool
R3(config)#$NATPOOL 172.12.123
255.255.255.0
their splendor:
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 5 pool NATPOOL ref
pool NATPOOL: netmask 255.255
start 172.12.123.4 end
type generic, total ad
(14%), misses 0
Inside local
10.1.1.4:6488
10.1.1.4:6489
10.1.1.4:6490
10.1.1.4:6491
10.1.1.4:6492
are different.
Lets leave NAT and PAT and head
for multilayer switching!
ROAS And L3
Switching
Waaaaaaaaay back in the Switching
section, I mentioned these two
methods of allowing inter-VLAN
communication, and I said wed hit
em after youd been introduced to
routing.
Youve had more than an
introduction by this time, so lets
get to it!
% Configuring IP routing on a
allowed if that subinterface i
part of an IEEE 802.10, IEEE 8
R6(config-subif)#encapsulation
R6(config-subif)#ip address 17
is 2 seconds:
!!!!!
Success rate is 100 percent (5
min/avg/max = 1/3/4 ms
Host4#ping 172.12.2.6
min/avg/max = 1/3/4 ms
is 2 seconds:
!!!!!
Success rate is 100 percent (5
min/avg/max = 1/2/4 ms
The Router:
R3(config)#interface e0.12
R3(config-subif)#encapsulation
% Unrecognized command
The Switch:
The Hosts:
R6 Config:
interface
FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
encapsulation isl 4
ip address 172.12.2.6
255.255.255.0
!
interface FastEthernet0/0.4
encapsulation isl 2
ip address 172.12.4.6
255.255.255.0
shutdown
SW1(config)#int vlan11
01:30:04: %LINK-3-UPDOWN: Inte
state to up
01:30:05: %LINEPROTO-5-UPDOWN:
Interface Vlan11, changed stat
SW1(config-if)#ip address 20.1
SW1(config-if)#int vlan33
01:30:11: %LINK-3-UPDOWN: Inte
state to up
01:30:12: %LINEPROTO-5-UPDOWN:
Interface Vlan33, changed stat
SW1(config-if)#ip address 30.1
Gateway
Interface
SW1(config)#ip routing
SW1(config)#^Z
SW1#show ip route
Codes: < removed for clarity >
Gateway of last resort is not
C
C
20.0.0.0/24
20.1.1.0
30.0.0.0/24
30.1.1.0
is
is
is
is
subnetted,
directly c
subnetted,
directly c
1st
128 64 32 16 8 4 2 1
0 1 1 0 0 0 1 0
128 64 32 16 8 4 2 1 To
1st
0
Octet
1 1 0 0 0 1 0 98
2nd
0
Octet
0 1 1 1 1 0 0 60
3rd
1
Octet
1 1 1 1 1 0 0 25
4th
0
Octet
1 0 1 0 1 0 1 85
Binary-To-Decimal Practice
Questions
Convert each binary string to dotted
decimal.
The string: 11110000 00110101
00110011 11111110
128 64 32 16 8 4 2 1 Tota
1st 1
1 1 1 0 0 0 0 240
2nd 0
3rd 0
0 1 1 0 1 0 1 53
4th 1
1 1 1 1 1 1 0 254
0 1 1 0 0 1 1 51
Answer: 240.53.51.254.
The string: 00001111 01101111
00011100 00110001
1st
128 64 32 16 8 4 2 1 Tota
0 0 0 0 1 1 1 1 15
2nd 0
3rd 0
1 1 0 1 1 1 1 111
4th 0
0 1 1 0 0 0 1 49
0 0 1 1 1 0 0 28
Answer: 15.111.28.49.
1st
128 64 32 16 8 4 2 1 Tota
1 1 1 0 0 0 1 0 226
2nd 0
3rd 1
0 0 0 0 0 0 1 1
4th 0
1 1 1 0 1 1 0 118
1 0 0 1 0 1 0 202
Answer: 226.1.202.118.
The string: 01010101 11111101
11110010 00010101
1st
128 64 32 16 8 4 2 1 Tota
0 1 0 1 0 1 0 1 85
2nd 1
3rd 1
1 1 1 1 1 0 1 253
4th 0
0 0 1 0 1 0 1 21
1 1 1 0 0 1 0 242
Answer: 85.253.242.21.
The string: 00000010 11111001
00110111 00111111
1st
128 64 32 16 8 4 2 1 Tota
0 0 0 0 0 0 1 0 2
2nd 1
3rd 0
1 1 1 1 0 0 1 249
4th 0
0 1 1 1 1 1 1 63
0 1 1 0 1 1 1 55
Answer: 2.249.55.63.
The string: 11001001 01011111
01111111 11111110
1st
128 64 32 16 8 4 2 1 Tota
1 1 0 0 1 0 0 1 201
2nd 0
1 0 1 1 1 1 1 95
3rd 0
1 1 1 1 1 1 1 127
4th 1
1 1 1 1 1 1 0 254
Answer: 201.95.127.254
The string: 11111000 00000111
11111001 01100110
128 64 32 16 8 4 2 1 Tota
1st 1
1 1 1 1 0 0 0 248
2nd 0
3rd 1
0 0 0 0 1 1 1 7
4th 0
1 1 0 0 1 1 0 102
1 1 1 1 0 0 1 249
Answer: 248.7.249.102.
The string: 00111110 11111111
01011010 01111110
1st
128 64 32 16 8 4 2 1 Tota
0 0 1 1 1 1 1 0 62
2nd 1
3rd 0
1 1 1 1 1 1 1 255
4th 0
1 1 1 1 1 1 0 126
1 0 1 1 0 1 0 90
Answer: 62.255.90.126.
1st
128 64 32 16 8 4 2 1 Tota
1 1 0 0 1 1 0 1 205
2nd 1
3rd 0
1 1 1 0 0 0 0 240
4th 1
0 1 1 1 1 1 1 191
0 0 0 1 1 1 1 15
Answer: 205.240.15.191
The string: 10011001 11110000
01111111 00100101
1st
128 64 32 16 8 4 2 1 Tota
1 0 0 1 1 0 0 1 153
2nd 1
3rd 0
1 1 1 0 0 0 0 240
4th 0
0 1 0 0 1 0 1 37
1 1 1 1 1 1 1 127
Answer: 153.240.127.37
The string: 11011111 01110110
11000011 00111111
1st
128 64 32 16 8 4 2 1 Tota
1 1 0 1 1 1 1 1 223
2nd 0
3rd 1
1 1 1 0 1 1 0 118
4th 0
0 1 1 1 1 1 1 63
1 0 0 0 0 1 1 195
Answer: 223.118.195.63.
The string: 00000100 00000111
00001111 00000001
1st
128 64 32 16 8 4 2 1 Tota
0 0 0 0 0 1 0 0 4
2nd 0
0 0 0 0 1 1 1 7
3rd 0
0 0 0 1 1 1 1 15
4th 0
0 0 0 0 0 0 1 1
Answer: 4.7.15.1.
The string: 11000000 00000011
11011011 00100101
128 64 32 16 8 4 2 1 Tota
1st 1
1 0 0 0 0 0 0 192
2nd 0
3rd 1
0 0 0 0 0 1 1 3
4th 0
0 1 0 0 1 0 1 37
1 0 1 1 0 1 1 219
Answer: 192.3.219.37.
The string: 10000000 01111111
00110011 10000011
1st
128 64 32 16 8 4 2 1 Tota
1 0 0 0 0 0 0 0 128
2nd 0
3rd 0
1 1 1 1 1 1 1 127
4th 1
0 0 0 0 0 1 1 131
0 1 1 0 0 1 1 51
Answer: 128.127.51.131
1st
128 64 32 16 8 4 2 1 Tota
1 1 1 1 1 1 1 1 251
2nd 1
3rd 1
1 1 1 0 1 1 1 247
4th 1
1 1 1 1 0 0 0 248
1 1 1 1 1 0 0 252
Answer: 251.247.252.248
Great work!
128 64 32 16 8 4 2 1
217
column.
It takes much longer to explain than
to actually do. Lets look at that
chart again:
128 64 32 16 8 4 2 1
217
128 64 32 16 8 4 2 1
217 1
217 1
1 0 1 1 0 0
64
1
0
0
1
32
1
0
0
0
16
0
0
0
0
8
0
1
0
1
4
1
0
0
0
2
0
1
0
0
1
0
0
1
0
64
0
0
1
0
32
1
0
0
0
16
1
0
1
1
8
1
0
1
0
4
1
1
0
1
2
1
0
0
1
1
0
0
1
1
10
255
18
244
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
1
1
1
0
0
0
1
0
1
1
1
1
0
0
1
0
0
2
0
0
1
1
0
1
1
64
1
0
0
32
1
0
0
16
1
1
1
8
0
0
0
4
0
0
1
239 1
1 1 0 1 1 1 1
217
34
39
214
128
1
0
0
1
64
1
0
0
1
32
0
1
1
0
16
1
0
0
1
8
1
0
0
0
4
0
0
1
1
2
0
1
1
1
1
1
0
1
0
20
244
182
69
128
0
1
1
0
64
0
1
0
1
32
0
1
1
0
16
1
1
1
0
8
0
0
0
0
4
1
1
1
1
2
0
0
1
0
1
0
0
0
1
64
1
0
0
1
32
0
0
0
1
16
0
0
1
1
8
0
0
0
0
4
1
0
1
1
2
1
1
0
0
1
0
1
0
1
14
204
71
250
0
1
0
1
0
1
1
1
0
0
0
1
0
0
0
1
1
1
0
1
1
1
1
0
1
0
1
1
0
0
1
0
2
1
0
1
1
1
1
1
0
1
7
209
18
47
128
0
1
0
0
64
0
1
0
0
32
0
0
0
1
16
0
1
1
0
8
0
0
0
1
4
1
0
0
1
249
74
65
43
128
1
0
0
0
64
1
1
1
0
32
1
0
0
1
16
1
0
0
0
8
1
1
0
1
4
0
0
0
0
2
0
1
0
1
1
1
0
1
1
150
50
5
55
128
1
0
0
0
64
0
0
0
0
32
0
1
0
1
16
1
1
0
1
8
0
0
0
0
4
1
0
1
1
2
1
1
0
1
1
0
0
1
1
19
128 64 32 16 8 4 2 1
0 0 0 1 0 0 1 1
201
45
194
1
0
1
1 0 0 1 0 0 1
0 1 0 1 1 0 1
1 0 0 0 0 1 0
43
251
199
207
128
0
1
1
1
64
0
1
1
1
32
1
1
0
0
16
0
1
0
0
8
1
1
0
1
4
0
0
1
1
2
1
1
1
1
1
1
1
1
1
42
108
93
224
128
0
0
0
1
64
0
1
1
1
32
1
1
0
1
16
0
0
1
0
8
1
1
1
0
4
0
1
1
0
2
1
0
0
0
1
0
0
1
0
180
9
34
238
128
1
0
0
1
64
0
0
0
1
32
1
0
1
1
16
1
0
0
0
8
0
1
0
1
4
1
0
0
1
2
0
0
1
1
1
0
1
0
0
243
128 64 32 16 8 4 2 1
1 1 1 1 0 0 1 1
79
68
30
0
0
0
1 0 0 1 1 1 1
1 0 0 0 1 0 0
0 0 1 1 1 1 0
Class B
1st
Octet
Range
Network
Mask
# of
Network
Bits
# of
Host
Bits
1126
128191
255.0.0.0 255.255.0.0 2
8
16
24
16
Class
A
11111111 00000000 00000
NW
Mask:
SN
11111111 11110000 00000
Mask
15.0.0.0 /13
222.10.1.0 / 30
145.45.0.0 /25
20.0.0.0 255.192.0.0
130.30.0.0 255.255.224.0
128.10.0.0 /19
99.0.0.0 /17
222.10.8.0 /28
20.0.0.0 255.254.0.0
210.17.90.0 /29
130.45.0.0 /26
200.1.1.0 /26
45.0.0.0 255.240.0.0
222.33.44.0 255.255.255.248
23.0.0.0 255.255.224.0
Number Of Valid Subnets
Questions and Answers
Note: The NW mask and SN mask
are written out for each question.
You dont have to write them out if
youre comfortable with the quicker
method.
15.0.0.0 /13
NW
11111111 00000000 000000
Mask
SN
11111111 11111000 000000
Mask
222.10.1.0/30
Class C, 24 network bits. 30 24 =
6, 2 to the 6th power = 64 valid
subnets.
NW
11111111 11111111 1111111
Mask
SN
11111111 11111111 1111111
Mask
145.45.0.0/25
Class B, 16 network bits. 25 16 =
9, 2 to the 9th power = 512 valid
subnets.
11111111 11111111
NW Mask
SN
11111111 11111111
Mask11111111
20.0.0.0 255.192.0.0
Class A, 8 network bits. Subnet
mask converts to /10 in prefix
notation. 10 8 = 2, 2 to the 2nd
power = 4 valid subnets.
NW
11111111 00000000 000000
Mask
SN
11111111 11000000 000000
Mask
130.30.0.0 255.255.224.0
NW
11111111 11111111 000000
Mask
SN
11111111 11111111 1110000
Mask
128.10.0.0/19
Class B, 16 network bits. 19 16 =
3, 2 to the 3rd power = 8 valid
subnets.
NW
11111111 11111111 000000
Mask
SN
11111111 11111111 1110000
Mask
99.0.0.0/17
Class A, 8 network bits. 17 8 = 9.
2 to the 9th power = 512 valid
subnets.
NW
11111111 00000000 000000
Mask
222.10.8.0/28
Class C, 24 subnet bits. 28 24 =
4. 2 to the 4th power = 16 valid
subnets.
NW
11111111 11111111 1111111
Mask
SN
11111111 11111111 1111111
Mask
20.0.0.0 255.254.0.0
Class A, 8 network bits. Mask
converts to /15 in prefix notation.
15 8 = 7. 2 to the 7th power = 128
valid subnets.
NW
11111111 00000000 000000
Mask
SN
11111111 11111110 000000
Mask
210.17.90.0 /29
Class C, 24 network bits. 29 24 =
NW
11111111 11111111 1111111
Mask
SN
11111111 11111111 1111111
Mask
130.45.0.0/26
Class B, 16 network bits. 26 16 =
10. 2 to the 10th power = 1024
valid subnets.
200.1.1.0/26
Class C, 24 network bits. 26 24 =
2. 2 to the 2nd power = 4 valid
subnets.
NW
11111111 11111111 1111111
Mask
SN
11111111 11111111 1111111
Mask
45.0.0.0 255.240.0.0
Class A, 8 network bits. SN mask
converts to /12 in prefix notation.
12 8 = 4. 2 to the 4th power = 16
valid subnets.
NW
11111111 00000000 000000
Mask
SN
11111111 11110000 000000
Mask
222.33.44.0 255.255.255.248
Class C, 24 network bits. SN mask
converts to /29 in prefix notation.
NW
11111111 11111111 1111111
Mask
SN
11111111 11111111 1111111
Mask
23.0.0.0 255.255.224.0
Class A, 8 network bits. SN mask
converts to /19. 19 8 = 11. 2 to
the 11th power = 2048 valid
subnets.
NW
11111111 00000000 000000
Mask
SN
11111111 11111111 111000
Mask
143.34.0.0 255.255.255.192
128.12.0.0 255.255.255.240
125.0.0.0 /24
221.10.89.0 255.255.25.248
134.45.0.0 /22
The answers.
220.11.10.0 /26
Nothing to this. Subtract the length
of the subnet mask from 32 and you
have your number of host bits. In
this case, thats 6, and 2 to the 6th
power is 64. Subtract 2 and you
section, too.
Lets get started!
222.22.11.199 /28
111.9.100.7 /17
122.240.19.23 /10
184.25.245.89 /20
99.140.23.140 /10
10.191.1.1 /10
222.17.32.244 /28
210.17.23.200 /27
190.17.69.175 /22
190.17.69.175 = 10111110
00010001 01000101 10101111
Add up the first 22 bits =
190.17.68.0 /22 is your subnet!
111.11.126.5 255.255.128.0
210.12.23.45 255.255.255.248
210.12.23.45 = 11010010
00001100 00010111 00101101
Add up the first 29 bits =
210.12.23.40 255.255.255.248 is
your subnet!
222.22.11.199 /28
222.22.11.199 = 11011110
00010110 00001011 11000111
Add up the first 28 bits =
222.22.11.192 /28 is your subnet!
111.9.100.7 /17
122.240.19.23 /10
122.240.19.23 = 01111010
11110000 00010011 00010111
Add up the first 10 bits =
122.192.0.0 /10 is your subnet!
184.25.245.89 /20
184.25.245.89 = 10111000
00011001 11110101 01011001
Add up the first 20 bits =
184.25.240.0 /20 is your subnet!
99.140.23.143 /10
99.140.23.143 = 01100011
10001100 00010111 10001111
10.191.1.1 /10
10.191.1.1 = 00001010 10111111
00000001 00000001
Add up the first 10 bits =
10.128.0.0 /10 is your subnet!
222.17.32.244 /28
222.17.32.244 = 11011110
00010001 00100000 11110100
Add up the first 28 bits =
222.17.32.240 /28 is your subnet!
Onward!
Octet 1
Octet 2
210.210.210.0 11010010 1101001
/25
11111111 11111111
this subnet.
Every address in the middle of
those two addresses
(210.210.210.1 126) is a valid IP
address. Thats all there is to it!
Lets tackle another example:
Octet 1 Octet 2
150.10.64.0 11010010 00001010
11111111 11111111
/18
What is the broadcast address of
the subnet 150.10.64.0 /18?
211.18.39.16 /28
10.1.2.20 /30
144.45.24.0 /21
10.10.128.0 255.255.192.0
221.18.248.224 /28
123.1.0.0 /17
203.12.17.32 /27
Time for answers and explanations!
222.23.48.64 /26
Octet 1
Octet
11011110 000101
222.23.48.64
255.255.255.192 11111111 111111
/23
11111111 11111111
Octet 1 Octet 2 O
10.200.0.0 00001010 11001000 0
11111111 11111111 1
/17
Octet 1 Octet 2
198.27.35.128 11000110 00011011
11111111 11111111
/27
198.27.35.128 /27
All-Ones (Broadcast) Address:
198.27.35.159 /27
Valid IP address range:
198.27.35.129 198.27.35.158
132.12.224.0 /27
Octet 1 Octet 2
132.12.224.0 10000100 00001100
11111111 11111111
/27
Octet 1 Octet 2
211.18.39.16 11010011 00010010
11111111 11111111
/28
211.18.39.31 /28
Valid IP address range:
211.18.39.17 211.18.39.30
10.1.2.20 /30
Octet 1 Octet 2 Oc
10.1.2.20 00001010 00000001 00
11111111 11111111 11
/30
144.45.31.254 /21
10.10.128.0 255.255.192.0
Octet 1 Octet 2
10.10.128.0 00001010 0000101
255.255.192.0 11111111 11111111
221.18.248.224 /28
Octet 1 Octet 2
221.18.248.224 11011101 000100
11111111 1111111
/28
Octet 1 Octet 2 Oc
123.1.0.0 01111011 00000001 000
11111111 11111111 100
/17
Octet 2
1st
2nd
3rd 4th
NW
11111111 11111111
Bits
Host
Bits
NW 11111111 11111111
Bits
SN
11111111
Bits
Host
Bits
9 Subnet Bits: 2 2 2 2 2 2
2 2 2 = 512
7 Host Bits: 2 2 2 2 2 2
2 = 128 2 = 126
This gives you 510 subnets and 126
hosts, meeting both requirements.
The great thing about this question
type is that it plays to your
strengths. You already know how to
work with subnet bits and host bits.
What you must watch out for are
answers that meet one requirement
but do not meet the other.
Lets walk through another
example:
Using network 220.10.10.0, you
must develop a subnetting scheme
that allows for a minimum of six
hosts and a minimum of 25
subnets. Whats the best mask to
use?
Watch this question its asking for
two minimums.
This is a Class C network, so 24 of
the bits are already used with the
network mask. You have only eight
bits to split between the subnet and
the host bits.
Before subnetting: Class C
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
2nd
3rd
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
NW
11111111 11111111
Bits
SN
Bits
Host
0000000
Bits
2nd
Octet
3rd
Octet
NW
11111111 11111111
Bits
SN
Bits
Host
Bits
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
2nd
Octet
3rd
Octet
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
host bits.
Before subnetting: Class B mask
255.255.0.0
NW
11111111 11111111
Bits
SN
Bits
Host
0000000
Bits
2nd
Octet
3rd
Octet
NW 11111111 11111111
Bits
SN
11111111
Bits
Host
Bits
requirements!
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
2nd
Octet
3rd
Octet
NW
11111111 11111111 11111111
Bits
SN
Bits
Host
Bits
NW
11111111
Bits
SN
Bits
Host
00000000 000000
Bits
1st
Octet
2nd
Octet
3rd
Octet
NW
11111111
Bits
SN
11111111 1
Bits
Host
0000000
Bits
NW
11111111 11111111
Bits
SN
Bits
Host
0000000
Bits
NW
11111111 11111111
Bits
SN
1111111
Bits
Host
Bits
2nd
Octet
3rd Octe
NW
11111111 11111111
Bits
SN
111111
Bits
Host
Bits
Finals!
Answer: 85.226.106.74
The string: 11110000 00001111
01111111 10000000
Answer: 240.15.127.128.
The string: 11001101 00000011
11110010 00100101
Answer: 205.3.242.37.
Answer: 50.35.243.39.
The string: 10000111 00111111
01011111 00110010
Answer: 135.63.95.50
Converting Dotted Decimal
Addresses To Binary Strings
The address: 195.29.37.126
11011011 01011011.
The address: 123.54.217.4
subnets.
How many valid subnets exist on
the 155.200.0.0 255.255.255.128
network?
This is a Class B network, with a
network mask of 255.255.0.0. The
subnet mask here is
255.255.255.128 (/25), indicating
nine subnet bits. (25 16 = 9)
2 to the 9th power is 512 = 512
valid subnets.
Determining The Number Of
Valid Hosts
How many valid host addresses
exist on the 211.24.12.0 /27
subnet?
To determine the number of host
bits, just subtract the subnet mask
length from 32. 32 27 = 5.
To then determine the number of
host addresses, bring 2 to that
results power and subtract 2. 2 to
the 5th power = 32, 32 2 = 30
valid host addresses.
How many valid host addresses
exist on the 178.34.0.0 /28 subnet?
100.100.45.32 /28
208.72.109.8 /29
190.89.192.0 255.255.240.0
101.45.210.52 /30
90.34.128.0 /18
205.186.34.64 /27
175.24.36.0 255.255.252.0
10.10.44.0 /25
120.20.240.0 /21
200.18.198.192 /26
Answer and explanations follow!
190.89.207.254 /20
The subnet: 101.45.210.52 /30
Valid IP Addresses:
200.18.198.193 200.18.198.254
/26
Now lets put it all together for
some real-world design
requirement questions!
Meeting The Stated Design
Requirements
Youre working with network
135.13.0.0. You need at least 500
valid subnets, but no more than
100 hosts per subnet. What is the
best subnet mask to use?
absolutely necessary.
The networks:
NW A: 20 hosts
NW B: 10 hosts
NW C: 7 hosts
NW D: 5 hosts
NW E: 3 hosts
Well need to use the formula for
determining how valid host
addresses are yielded by a given
number of host bits:
(2 to the nth power) - 2, with
n representing the number of
host bits
To create our VLSM scheme, well
ask this simple question over and
over:
What is the smallest subnet that
can be created with all host bits
set to zero?
NW A requires 20 valid host
addresses. Using the above formula,
we determine that we will need 5
host bits (2 to the 5th power equals
32; 32 2 = 30). What is the
smallest subnet that can be created
with all host bits set to zero?
210.49.29.0 in binary: 11010010
Subnet &
Network
Mask
Add.
210.49.29.0
210.49.29.0 210
/27
210.49.29.32 255.255.255.240.
Remember, the network number is
the value of the binary string with
all host bits set to zero and the
broadcast address is the value of
the binary string with all host bits
set to one.
Network Number = 11010010
00110001 00011101 00100000
Broadcast Add. = 11010010
00110001 00011101 00101111
Network:
NW A
Subnet &
Network
Mask
Add.
210.49.29.0
210.49.29.0
/27
NW B
210.49.29.32 210.49.29.32
/28
210.49.29.48 255.255.255.240, or
210.49.29.48 /28. Calculate the
network number and broadcast
address as before.
Network Number = 11010010
00110001 00011101 00110000
Broadcast Add. = 11010010
00110001 00011101 00111111
Network:
NW A
NW B
NW C
Subnet &
Network
Mask
Add.
210.49.29.0
210.49.29.0
/27
210.49.29.32
210.49.29.32
/28
210.49.29.48
210.49.29.48
/28
Subnet &
Mask
210.49.29.0
/27
210.49.29.32
/28
210.49.29.48
/28
210.49.29.64
/29
Network
Add.
210.49.29.0
210.49.29.32
210.49.29.48
210.49.29.64
Subnet &
Mask
210.49.29.0
/27
210.49.29.32
/28
210.49.29.48
/28
210.49.29.64
/29
Network
Add.
210.49.29.0
210.49.29.32
210.49.29.48
210.49.29.64
NW E
210.49.29.72
210.49.29.72
/29
http://www.youtube.com/user/ccie12
https://www.udemy.com/u/chrisbryan
Twitter:
https://twitter.com/ccie12933
Website:
http://www.thebryantadvantage.com
(That sites getting a major overhaul
in Dec. 2013 and Jan 2014, bear
with us!)
Facebook: http://on.fb.me/nlT8SD
See you there! -- Chris B.