1. 1. 1828xbook.fm Page i Thursday, July 26, 2007 3:10 PMCCENT/CCNA ICND1Official Exam Certification Guide,Second EditionWendell Odom,CCIE No. 1624Cisco Press800 East 96th StreetIndianapolis, Indiana 46240 USA
2. 2. 1828xbook.fm Page ii Thursday, July 26, 2007 3:10 PM ii CCENT/CCNA ICND1 Official Exam Certification Guide, Second Edition Wendell Odom Copyright 2008 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing August 2007 Library of Congress Cataloging-in-Publication Data. Odom, Wendell.CCENT/CCNA ICND1 ofcial exam certication guide / Wendell Odom. p. cm.ISBN 978-1-58720-182-0 (hardback w/cd) 1. Electronic data processing personnel--Certication. 2. Computer net- works--Examinations--Study guides. I. Title.QA76.3.O358 2007004.6--dc222007029241 ISBN-13: 978-1-58720-182-0 ISBN-10: 1-58720-182-8 Warning and Disclaimer This book is designed to provide information about the Cisco ICND1 (640-822), ICND2 (640-816), and CCNA (640-802) exams. Every effort has been made to make this book as complete and accurate as possible, but no warranty or tness is implied. The information is provided on an as is basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
3. 3. 1828xbook.fm Page iii Thursday, July 26, 2007 3:10 PM iiiTrademark AcknowledgmentsAll terms mentioned in this book that are known to be trademarks or service marks have been appropriatelycapitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in thisbook should not be regarded as affecting the validity of any trademark or service mark.Corporate and Government SalesThe publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,which may include electronic versions and/or custom covers and content particular to your business, training goals,marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government Sales1-800-382-3419 corpsales@pearsontechgroup.comFor sales outside the United States please contact: International Salesinternational@pearsoned.comFeedback InformationAt Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is craftedwith care and precision, undergoing rigorous development that involves the unique expertise of members of theprofessional technical community.Reader feedback is a natural continuation of this process. If you have any comments about how we could improvethe quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail atfeedback@ciscopress.com. Please be sure to include the book title and ISBN in your message.We greatly appreciate your assistance.Publisher: Paul BogerCopy Editor: Gayle Johnson and Bill McManusAssociate Publisher: Dave DusthimerTechnical Editors: Teri Cook, Brian DAndrea, and Steve KalmanCisco Representative: Anthony WolfendenEditorial Assistant: Vanessa EvansCisco Press Program Manager: Jeff BradyBook and Cover Designer: Louisa AdairExecutive Editor: Brett Bartow Composition: ICC Macmillan Inc.Managing Editor: Patrick Kanouse Indexer: Tim WrightSenior Development Editor: Christopher Cleveland Proofreader: Suzanne ThomasSenior Project Editor: San Dee Phillips and Meg Shaw
4. 4. 1828xbook.fm Page iv Thursday, July 26, 2007 3:10 PM iv About the AuthorWendell Odom, CCIE No. 1624, has been in the networking industry since 1981. Hecurrently teaches QoS, MPLS, and CCNA courses for Skyline Advanced TechnologyServices (http://www.skyline-ats.com). He has also worked as a network engineer,consultant, systems engineer, instructor, and course developer. He is the author of allprevious editions of the CCNA Exam Certication Guide, as well as the Cisco QOS ExamCertication Guide, Second Edition, Computer Networking First-Step, CCIE Routing andSwitching Ofcial Exam Certication Guide, Second Edition, and CCNA Video Mentorall from Cisco Press.
5. 5. 1828xbook.fm Page v Thursday, July 26, 2007 3:10 PMv About the Technical Reviewers Teri Cook (CCSI, CCDP, CCNP, CCDA, CCNA, MCT, and MCSE 2000/2003: Security) has more than ten years of experience in the IT industry. She has worked with different types of organizations in the private business and DoD sectors, providing senior-level network and security technical skills in the design and implementation of complex computing environments. Since obtaining her certications, Teri has been committed to bringing quality IT training to IT professionals as an instructor. She is an outstanding instructor who uses real-world experience to present complex networking technologies. As an IT instructor, Teri has been teaching Cisco classes for more than ve years. Brian DAndrea (CCNA, CCDA, MCSE, A+, and Net+) has 11 years of IT experience in both medical and nancial environments, where planning and supporting critical networking technologies were his primary responsibilities. For the last ve years he has dedicated himself to technical training. Brian spends most of his time with The Training Camp, an IT boot camp provider. Using his real-world experience and his ability to break difcult concepts into a language that students can understand, Brian has successfully trained hundreds of students for both work and certication endeavors. Stephen Kalman is a data security trainer. He is the author or tech editor of more than 20 books, courses, and CBT titles. His most recent book is Web Security Field Guide, published by Cisco Press. In addition to those responsibilities he runs a consulting company, Esquire Micro Consultants, which specializes in network security assessments and forensics. Mr. Kalman holds SSCP, CISSP, ISSMP, CEH, CHFI, CCNA, CCSA (Checkpoint), A+, Network+ and Security+ certications and is a member of the New York State Bar.
6. 6. 1828xbook.fm Page vi Thursday, July 26, 2007 3:10 PM vi DedicationFor Brett Bartow. Thanks for being such a steady, insightful, and incredibly trustworthyguide through the publishing maze.
7. 7. 1828xbook.fm Page vii Thursday, July 26, 2007 3:10 PMviiAcknowledgments The team who helped produce this book has been simply awesome. Everyone who touched this book has made it better, and theyve been particularly great at helping catch the errors that always creep into the manuscript. Brian, Teri, and Steve all did a great job TEing the book. Besides helping a lot with technical accuracy, Brian made a lot of good suggestions about traps that he sees when teaching CCNA classes, helping the book avoid those same pitfalls. Teris ability to see each phrase in the context of an entire chapter, or the whole book, was awesome, helping catch things that no one would otherwise catch. Steve spent most of his TE time on the ICND2 book, but he did lend great help with this one, particularly with his reviews of the security-oriented topics, an area in which hes an expert. And more so than any other book Ive written, the TEs really sunk their teeth into the specics of every example, helping catch errors. Thanks so much! Another (ho-hum) all-star performance from Chris Cleveland, who developed the book. Now I empathize with sports writers who have to write about the local teams star who bats .300, hits 40 homers, and drives in 100 runs, every year, for his whole career. How many ways can you say he does a great job? Ill keep it simple: Thanks, Chris. The wonderful and mostly hidden production folks did their usual great job. When every time I see how they reworded something, and think, Wow; why didnt I write that?, it makes me appreciate the kind of team we have at Cisco Press. The nal copy edit, gure review, and pages review process required a fair amount of juggling and effort as well thanks to Patricks team, especially San Dee, Meg, Tonya, for working so well with all the extra quality initiatives weve implemented. Thanks to you all! Additionally, several folks who didnt have any direct stake in the book also helped it along. Thanks to Frank Knox for the discussions on the exams, why theyre so difcult, and about troubleshooting. Thanks to Rus Healy for the help with wireless. Thanks to the Mikes at Skyline for making my schedule work to get this book (and the ICND2 book) out the door. And thanks to the course and exam teams at Cisco for the great early communications and interactions about the changes to the courses and exams. Finally, thanks to my wife Kris for all her support with my writing efforts, her prayers, and her understanding when the deadline didnt quite match with our vacation plans this summer. And thanks to Jesus Christall this effort is just striving after the wind without Him.
8. 8. 1828xbook.fm Page viii Thursday, July 26, 2007 3:10 PM viii This Book Is Safari Enabled The Safari Enabled icon on the cover of your favorite technol- ogy book means that the book is available through Safari Book- shelf. When you buy this book, you get free access to the online edition for 45 days. Safari Bookshelf is an electronic reference library that lets you easily search thousands of technical books, nd code samples, download chapters, and access technical information whenever and wherever you need it. To gain 45-day Safari Enabled access to this book: Go to http://www.ciscopress.com/safarienabled. Complete the brief registration form. Enter the coupon code 6EM9-WNXL-7Z1E-9UL2-KAEC. If you have difculty registering on Safari Bookshelf or access- ing the online edition, please e-mail customer-service@safari- booksonline.com.
9. 9. 1828xbook.fm Page ix Thursday, July 26, 2007 3:10 PM ixContents at a GlanceForeword xxviIntroduction xxviiPart INetworking Fundamentals3Chapter 1 Introduction to Computer Networking Concepts 5Chapter 2 The TCP/IP and OSI Networking Models 17Chapter 3 Fundamentals of LANs41Chapter 4 Fundamentals of WANs71Chapter 5 Fundamentals of IP Addressing and Routing 93Chapter 6 Fundamentals of TCP/IP Transport, Applications,and Security 129Part II LAN Switching 165Chapter 7 Ethernet LAN Switching Concepts167Chapter 8 Operating Cisco LAN Switches 197Chapter 9 Ethernet Switch Configuration231Chapter 10Ethernet Switch Troubleshooting 267Chapter 11Wireless LANs 299Part IIIIP Routing329Chapter 12IP Addressing and Subnetting 331Chapter 13Operating Cisco Routers399Chapter 14Routing Protocol Concepts and Configuration435Chapter 15Troubleshooting IP Routing 471Part IV Wide-Area Networks509Chapter 16WAN Concepts511Chapter 17WAN Configuration 539
10. 10. 1828xbook.fm Page x Thursday, July 26, 2007 3:10 PM x Part VFinal Preparation563 Chapter 18Final Preparation565 Part VI Appendixes 575 Appendix AAnswers to the Do I Know This Already? Quizzes 577 Appendix BDecimal to Binary Conversion Table591 Appendix CICND1 Exam Updates: Version 1.0595 Glossary599 Index 624 Part VIICD-Only Appendix CICND1 Exam Updates: Version 1.0 Appendix DSubnetting Practice Appendix ESubnetting Reference Pages Appendix FAdditional Scenarios Appendix G Subnetting Video Reference Appendix HMemory Tables Appendix IMemory Tables Answer Key Appendix JICND1 Open-Ended Questions
11. 11. 1828xbook.fm Page xi Thursday, July 26, 2007 3:10 PMxiContentsForeword xxviIntroduction xxviiPart I Networking Fundamentals3Chapter 1Introduction to Computer Networking Concepts 5 Perspectives on Networking 5 The Flintstones Network: The First Computer Network? 8Chapter 2The TCP/IP and OSI Networking Models17Do I Know This Already? Quiz 18 Foundation Topics 21The TCP/IP Protocol Architecture 22 The TCP/IP Application Layer 23 The TCP/IP Transport Layer 25 The TCP/IP Internet Layer 27 The TCP/IP Network Access Layer 28 Data Encapsulation Terminology 30The OSI Reference Model 32 Comparing OSI and TCP/IP 32 OSI Layers and Their Functions 34 OSI Layering Concepts and Benefits 35 OSI Encapsulation Terminology 36 Exam Preparation Tasks 38Review all the Key Topics 38 Complete the Tables and Lists from Memory38 Definitions of Key Terms 38 OSI Reference 39Chapter 3Fundamentals of LANs 41Do I Know This Already? Quiz 41 Foundation Topics 45An Overview of Modern Ethernet LANs 45A Brief History of Ethernet 48 The Original Ethernet Standards: 10BASE2 and 10BASE5 48 Repeaters 50 Building 10BASE-T Networks with Hubs 51Ethernet UTP Cabling 52 UTP Cables and RJ-45 Connectors 52 Transmitting Data Using Twisted Pairs 54 UTP Cabling Pinouts for 10BASE-T and 100BASE-TX 55 1000BASE-T Cabling 58
12. 12. 1828xbook.fm Page xii Thursday, July 26, 2007 3:10 PM xii Improving Performance by Using Switches Instead of Hubs 58Increasing Available Bandwidth Using Switches 61Doubling Performance by Using Full-Duplex Ethernet 62Ethernet Layer 1 Summary 63 Ethernet Data-Link Protocols 63Ethernet Addressing 64Ethernet Framing 65Identifying the Data Inside an Ethernet Frame 67Error Detection 68Exam Preparation Tasks 69 Review All the Key Topics 69 Complete the Tables and Lists from Memory 69 Definitions of Key Terms 69 Chapter 4Fundamentals of WANs 71 Do I Know This Already? Quiz 71Foundation Topics 74 OSI Layer 1 for Point-to-Point WANs 74WAN Connections from the Customer Viewpoint 77WAN Cabling Standards 78Clock Rates, Synchronization, DCE, and DTE 80Building a WAN Link in a Lab 81Link Speeds Offered by Telcos 82 OSI Layer 2 for Point-to-Point WANs 83HDLC 83Point-to-Point Protocol 85Point-to-Point WAN Summary 85 Frame Relay and Packet-Switching Services 86The Scaling Benefits of Packet Switching 86Frame Relay Basics 87Exam Preparation Tasks 91 Review All the Key Topics 91 Complete the Tables and Lists from Memory 91 Definitions of Key Terms 91 Chapter 5Fundamentals of IP Addressing and Routing93 Do I Know This Already? Quiz 93Foundation Topics 98 Overview of Network Layer Functions 98Routing (Forwarding) 99 PC1s Logic: Sending Data to a Nearby Router 100 R1 and R2s Logic: Routing Data Across the Network 100 R3s Logic: Delivering Data to the End Destination 100
13. 13. 1828xbook.fm Page xiii Thursday, July 26, 2007 3:10 PM xiiiNetwork Layer Interaction with the Data Link Layer 101IP Packets and the IP Header 102Network Layer (Layer 3) Addressing 103Routing Protocols 104IP Addressing 105IP Addressing Definitions 105How IP Addresses Are Grouped 106Classes of Networks 107 The Actual Class A, B, and C Network Numbers 109 IP Subnetting 110IP Routing 114Host Routing 114Router Forwarding Decisions and the IP Routing Table 115IP Routing Protocols 118Network Layer Utilities 121Address Resolution Protocol and the Domain Name System 121 DNS Name Resolution 122 The ARP Process 122Address Assignment and DHCP 123ICMP Echo and the ping Command 125 Exam Preparation Tasks 126Review All the Key Topics 126Complete the Tables and Lists from Memory 127Definitions of Key Terms 127Chapter 6Fundamentals of TCP/IP Transport, Applications, and Security129Do I Know This Already? Quiz 129 Foundation Topics 133TCP/IP Layer 4 Protocols: TCP and UDP 133 Transmission Control Protocol 134Multiplexing Using TCP Port Numbers 135Popular TCP/IP Applications 138Error Recovery (Reliability) 140Flow Control Using Windowing 141Connection Establishment and Termination 142Data Segmentation and Ordered Data Transfer 144 User Datagram Protocol 145TCP/IP Applications 146 QoS Needs and the Impact of TCP/IP Applications 146 The World Wide Web, HTTP, and SSL 149Universal Resource Locators 150Finding the Web Server Using DNS 150Transferring Files with HTTP 152
14. 14. 1828xbook.fm Page xiv Thursday, July 26, 2007 3:10 PM xiv Network Security 153Perspectives on the Sources and Types of Threats 154Firewalls and the Cisco Adaptive Security Appliance (ASA) 158Anti-x 160Intrusion Detection and Prevention 160Virtual Private Networks (VPN) 161Exam Preparation Tasks 163 Review All the Key Topics 163 Complete the Tables and Lists from Memory 163 Definitions of Key Terms 163 Part II LAN Switching165 Chapter 7Ethernet LAN Switching Concepts167 Do I Know This Already? Quiz 167Foundation Topics 171 LAN Switching Concepts 171Historical Progression: Hubs, Bridges, and Switches 171Switching Logic 174The Forward Versus Filter Decision 175How Switches Learn MAC Addresses 177Flooding Frames 178Avoiding Loops Using Spanning Tree Protocol 179Internal Processing on Cisco Switches 180LAN Switching Summary 182 LAN Design Considerations 183Collision Domains and Broadcast Domains 183Collision Domains 183Broadcast Domains 184The Impact of Collision and Broadcast Domains on LAN Design 185Virtual LANs (VLAN) 187Campus LAN Design Terminology 188Ethernet LAN Media and Cable Lengths 191Exam Preparation Tasks 194 Review All the Key Topics 194 Complete the Tables and Lists from Memory 194 Definitions of Key Terms 195 Chapter 8Operating Cisco LAN Switches 197 Do I Know This Already? Quiz 197Foundation Topics 200 Accessing the Cisco Catalyst 2960 Switch CLI 200Cisco Catalyst Switches and the 2960 Switch 201
15. 15. 1828xbook.fm Page xv Thursday, July 26, 2007 3:10 PM xv Switch Status from LEDs 202 Accessing the Cisco IOS CLI 205 CLI Access from the Console 206 Accessing the CLI with Telnet and SSH 208 Password Security for CLI Access 208 User and Enable (Privileged) Modes 210 CLI Help Features 211 The debug and show Commands 213Configuring Cisco IOS Software 214 Configuration Submodes and Contexts 215 Storing Switch Configuration Files 217 Copying and Erasing Configuration Files 220 Initial Configuration (Setup Mode) 221 Exam Preparation Tasks 226Review All the Key Topics 226Complete the Tables and Lists from Memory 226Definitions of Key Terms 226Command References 226 Chapter 9 Ethernet Switch Configuration 231Do I Know This Already? Quiz 231 Foundation Topics 235Configuration of Features in Common with Routers 235 Securing the Switch CLI 235 Configuring Simple Password Security 236 Configuring Usernames and Secure Shell (SSH) 239 Password Encryption 242 The Two Enable Mode Passwords 244 Console and vty Settings 245 Banners 245 History Buffer Commands 246 The logging synchronous and exec-timeout Commands 247LAN Switch Configuration and Operation 248 Configuring the Switch IP Address 248 Configuring Switch Interfaces 251 Port Security 253 VLAN Configuration 256 Securing Unused Switch Interfaces 259 Exam Preparation Tasks 261Review All the Key Topics 261Complete the Tables and Lists from Memory 261Definitions of Key Terms 262Command References 262
16. 16. 1828xbook.fm Page xvi Thursday, July 26, 2007 3:10 PM xvi Chapter 10 Ethernet Switch Troubleshooting267 Do I Know This Already? Quiz 267Foundation Topics 271 Perspectives on Network Verification and Troubleshooting 271 Attacking Sim Questions 271 Simlet Questions 272 Multiple-Choice Questions 273 Approaching Questions with an Organized Troubleshooting Process 273 Isolating Problems at Layer 3, and Then at Layers 1 and 2 275 Troubleshooting as Covered in This Book 276 Verifying the Network Topology with Cisco Discovery Protocol 277 Analyzing Layer 1 and 2 Interface Status 282 Interface Status Codes and Reasons for Nonworking States 282 Interface Speed and Duplex Issues 284 Common Layer 1 Problems on Working Interfaces 287 Analyzing the Layer 2 Forwarding Path with the MAC Address Table 289 Analyzing the Forwarding Path 292 Port Security and Filtering 293Exam Preparation Tasks 295 Review All the Key Topics 295 Complete the Tables and Lists from Memory 295 Definitions of Key Terms 295 Command References 295 Chapter 11 Wireless LANs 299 Do I Know This Already? Quiz 299Foundation Topics 302 Wireless LAN Concepts 302Comparisons with Ethernet LANs 302Wireless LAN Standards 304Modes of 802.11 Wireless LANs 305Wireless Transmissions (Layer 1) 307 Wireless Encoding and Nonoverlapping DSSS Channels 309 Wireless Interference 311 Coverage Area, Speed, and Capacity 311Media Access (Layer 2) 314 Deploying WLANs 315Wireless LAN Implementation Checklist 315 Step 1: Verify the Existing Wired Network 316 Step 2: Install and Configure the APs Wired and IP Details 317 Step 3: Configure the APs WLAN Details 317 Step 4: Install and Configure One Wireless Client 318 Step 5: Verify That the WLAN Works from the Client 319
17. 17. 1828xbook.fm Page xvii Thursday, July 26, 2007 3:10 PM xviiWireless LAN Security 320 WLAN Security Issues 320 The Progression of WLAN Security Standards 322Wired Equivalent Privacy (WEP) 322SSID Cloaking and MAC Filtering 323The Cisco Interim Solution Between WEP and 802.11i 324Wi-Fi Protected Access (WPA) 325IEEE 802.11i and WPA-2 325 Exam Preparation Tasks 327Review All the Key Topics 327 Complete the Tables and Lists from Memory 327 Definitions of Key Terms 327Part III IP Routing329Chapter 12 IP Addressing and Subnetting 331Do I Know This Already? Quiz 331 Foundation Topics 336Exam Preparation Tools for Subnetting 336Suggested Subnetting Preparation Plan 337More Practice Using a Subnet Calculator 338IP Addressing and Routing 339IP Addressing Review 339Public and Private Addressing 341IP Version 6 Addressing 342IP Subnetting Review 343IP Routing Review 345Math Operations Used When Subnetting 347Converting IP Addresses and Masks from Decimal to Binary and Back Again 347Performing a Boolean AND Operation 349Prefix Notation/CIDR Notation 351 Binary Process to Convert Between Dotted Decimal and Prefix Notation 352 Decimal Process to Convert Between Dotted Decimal and PrefixNotation 353Practice Suggestions 355Analyzing and Choosing Subnet Masks 355Analyzing the Subnet Mask in an Existing Subnet Design 356 The Three Parts: Network, Subnet, and Host 356 Binary Process: Finding the Number of Network, Subnet, and Host Bits 357 Decimal Process: Finding the Number of Network, Subnet, and Host Bits 358 Determining the Number of Subnets and Number of Hosts Per Subnet 359 Number of Subnets: Subtract 2, or Not? 360 Practice Examples for Analyzing Subnet Masks 361
18. 18. 1828xbook.fm Page xviii Thursday, July 26, 2007 3:10 PM xviiiChoosing a Subnet Mask that Meets Design Requirements 362Finding the Only Possible Mask 363Finding Multiple Possible Masks 365Choosing the Mask that Maximizes the Number of Subnets or Hosts 366Practice Suggestions 367 Analyzing Existing Subnets 368Finding the Subnet Number: Binary 368Finding the Subnet Number: Binary Shortcut 371Finding the Subnet Broadcast Address: Binary 372Finding the Range of Valid IP Addresses in a Subnet 375Finding the Subnet, Broadcast Address, and Range of Addresses: Decimal Process 377Decimal Process with Easy Masks 377Decimal Process with Difficult Masks 378Finding the Broadcast Address: Decimal 381Summary of Decimal Processes to Find the Subnet, Broadcast, and Range 382Practice Suggestions 383 Design: Choosing the Subnets of a Classful Network 384Finding All Subnets with Fewer Than 8 Subnet Bits 384Finding All Subnets with Exactly 8 Subnet Bits 388Practice Suggestions 389Finding All Subnets with More Than 8 Subnet Bits 389More Practice Suggestions 393Exam Preparation Tasks 394 Review All the Key Topics 394 Complete the Tables and Lists from Memory 396 Definitions of Key Terms 396 Read Appendix F Scenario 1, Part A 396 Subnetting Questions and Processes 396 Chapter 13 Operating Cisco Routers399 Do I Know This Already? Quiz 399Foundation Topics 403 Installing Cisco Routers 403 Installing Enterprise Routers 403 Cisco Integrated Services Routers 405 Physical Installation 406 Installing Internet Access Routers 407 A SOHO Installation with a Separate Switch, Router, andCable Modem 407 A SOHO Installation with an Integrated Switch, Router, andDSL Modem 408 Regarding the SOHO Devices Used in This Book 409
19. 19. 1828xbook.fm Page xix Thursday, July 26, 2007 3:10 PM xixCisco Router IOS CLI 409Comparisons Between the Switch CLI and Router CLI 410Router Interfaces 411 Interface Status Codes 413 Router Interface IP Addresses 414 Bandwidth and Clock Rate on Serial Interfaces 415Router Auxiliary (Aux) Port 417Initial Configuration (Setup Mode) 417Upgrading Cisco IOS Software and the Cisco IOS Software Boot Process 420Upgrading a Cisco IOS Software Image into Flash Memory 420The Cisco IOS Software Boot Sequence 423 The Three Router Operating Systems 425 The Configuration Register 425 How a Router Chooses Which OS to Load 426 The show version Command and Seeing the Configuration Registers Value 429 Exam Preparation Tasks 431Review All the Key Topics 431Complete the Tables and Lists from Memory 431Definitions of Key Terms 432Read Appendix F Scenario 2 432Command References 432 Chapter 14 Routing Protocol Concepts and Configuration435Do I Know This Already? Quiz 435 Foundation Topics 439Connected and Static Routes 439 Connected Routes 439 Static Routes 442 Extended ping Command 444 Default Routes 446Routing Protocol Overview 448 RIP-2 Basic Concepts 449 Comparing and Contrasting IP Routing Protocols 450Interior and Exterior Routing Protocols 451Routing Protocol Types/Algorithms 452Metrics 452Autosummarization and Manual Summarization 454Classless and Classful Routing Protocols 454Convergence 455Miscellaneous Comparison Points 455 Summary of Interior Routing Protocols 455
20. 20. 1828xbook.fm Page xx Thursday, July 26, 2007 3:10 PM xx Configuring and Verifying RIP-2 456RIP-2 Configuration 456Sample RIP Configuration 457RIP-2 Verification 458Interpreting the Output of the show ip route Command 460Administrative Distance 461The show ip protocols Command 462Examining RIP Messages with debug 464Exam Preparation Tasks 467 Review All the Key Topics 467 Complete the Tables and Lists from Memory 467 Definitions of Key Terms 468 Command References 468 Chapter 15 Troubleshooting IP Routing 471 Do I Know This Already? Quiz 471Foundation Topics 475 IP Troubleshooting Tips and Tools 475 IP Addressing 475Avoiding Reserved IP Addresses 475One Subnet, One Mask, for Each LAN 476Summary of IP Addressing Tips 478 Host Networking Commands 478 Troubleshooting Host Routing Problems 482 Finding the Matching Route on a Router 483 Troubleshooting Commands 485The show ip arp Command 485The traceroute Command 486Telnet and Suspend 487 A Routing Troubleshooting Scenario 491 Scenario Part A: Tasks and Questions 491 Scenario Part A: Answers 494 Scenario Part B: Analyze Packet/Frame Flow 495 Scenario Part B: Answers 496Scenario Part B: Question 1 497Scenario Part B: Question 2 498Scenario Part B: Question 3 499Scenario Part B: Question 4 501Scenario Part B: Question 5 501Scenario Part B: Question 6 502Scenario Part B: Question 7 503 Scenario Part C: Analyze Connected Routes 503 Scenario Part C: Answers 503
21. 21. 1828xbook.fm Page xxi Thursday, July 26, 2007 3:10 PMxxi Exam Preparation Tasks 505Review All the Key Topics 505Complete the Tables and Lists from Memory506Command Reference 506 Part IV Wide-Area Networks509 Chapter 16 WAN Concepts 511Do I Know This Already? Quiz 511 Foundation Topics 514WAN Technologies 514Perspectives on the PSTN 514Analog Modems 517Digital Subscriber Line 519 DSL Types, Speeds, and Distances 521 DSL Summary 522Cable Internet 523Comparison of Remote-Access Technologies 525ATM 525Packet Switching Versus Circuit Switching 527Ethernet as a WAN Service 527IP Services for Internet Access 528Address Assignment on the Internet Access Router 529Routing for the Internet Access Router 530NAT and PAT 531 Exam Preparation Tasks 536Review All the Key Topics 536Complete the Tables and Lists from Memory 536Definitions of Key Terms 537 Chapter 17 WAN Configuration 539Do I Know This Already? Quiz 539 Foundation Topics 542Configuring Point-to-Point WANs 542 Configuring HDLC 542 Configuring PPP 545Configuring and Troubleshooting Internet Access Routers 546 Internet Access Router: Configuration Steps 547Step 1: Establish IP Connectivity 547Step 2: Install and Access SDM 548Step 3: Configure DHCP and PAT 549Step 4: Plan for DHCP Services 554Step 5: Configure the DHCP Server 556 Internet Access Router Verification 557
22. 22. 1828xbook.fm Page xxii Thursday, July 26, 2007 3:10 PM xxiiExam Preparation Tasks 560 Review All the Key Topics 560 Complete the Tables and Lists from Memory 560 Definitions of Key Terms 560 Command References 560 Part V Final Preparation563 Chapter 18 Final Preparation565Tools for Final Preparation 565Exam Engine and Questions on the CD 565 Install the Software from the CD 566 Activate and Download the Practice Exam 566 Activating Other Exams 567The Cisco CCNA Prep Center 567Subnetting Videos, Reference Pages, and Practice Problems 568Scenarios 568Study Plan 569Recall the Facts 569Practice Subnetting 570Build Troubleshooting Skills Using Scenarios 571Use the Exam Engine 571 Choosing Study or Simulation Mode 572 Choosing the Right Exam Option 572Summary 573 Part VI Appendixes 575 Appendix A Answers to the Do I Know This Already? Quizzes577Chapter 2577Chapter 3578Chapter 4578Chapter 5579Chapter 6579Chapter 7580Chapter 8581Chapter 9581Chapter 10582Chapter 11583Chapter 12584Chapter 13585Chapter 14586Chapter 15587Chapter 16588Chapter 17589
23. 23. 1828xbook.fm Page xxiii Thursday, July 26, 2007 3:10 PMxxiiiAppendix BDecimal to Binary Conversion Table591Appendix CICND1 Exam Updates: Version 1.0595Glossary599Index 624Part VII CD-onlyAppendix CICND1 Exam Updates: Version 1.0Appendix DSubnetting PracticeAppendix ESubnetting Reference PagesAppendix FAdditional ScenariosAppendix GSubnetting Video ReferenceAppendix HMemory TablesAppendix IMemory Tables Answer KeyAppendix JICND1 Open-Ended Questions
24. 24. 1828xbook.fm Page xxiv Thursday, July 26, 2007 3:10 PM xxiv Icons Used in This BookWeb Web PC LaptopServer ServerBrowserPrinter PhoneIP PhoneCable Modem CSU/DSURouter Multiservice Switch ATM SwitchFrame Relay Switch Switch PBXAccess Point ASA DSLAM WAN SwitchHub PIX Firewall Bridge Wireless ConnectionNetwork CloudEthernet Connection Serial LineVirtual Circuit Connection
25. 25. 1828xbook.fm Page xxv Thursday, July 26, 2007 3:10 PM xxv Command Syntax Conventions The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows: Bold indicates commands and keywords that are entered literally as shown. In actual conguration examples and output (not general command syntax), bold indicates commands that the user enters (such as a show command). Italic indicates arguments for which you supply actual values. Vertical bars (|) separate alternative, mutually exclusive elements. Square brackets ([ ]) indicate an optional element. Braces ({ }) indicate a required choice. Braces within brackets ([{ }]) indicate a required choice within an optional element.
26. 26. 1828xbook.fm Page xxvi Thursday, July 26, 2007 3:10 PM xxvi ForewordCCENT/CCNA ICND1 Ofcial Exam Certication Guide, Second Edition, is an excellentself-study resource for the CCENT and CCNA ICND1 exam. Passing the ICND1 examvalidates the knowledge and skills required to successfully install, operate, andtroubleshoot a small branch ofce network. It is the sole required exam for CCENTcertication and the rst of two exams required for CCNA certication.Gaining certication in Cisco technology is key to the continuing educational developmentof todays networking professional. Through certication programs, Cisco validates theskills and expertise required to effectively manage the modern Enterprise network.Cisco Press exam certication guides and preparation materials offer exceptionalandexibleaccess to the knowledge and information required to stay current in your eld ofexpertise, or to gain new skills. Whether used as a supplement to more traditional trainingor as a primary source of learning, these materials offer users the information andknowledge validation required to gain new understanding and prociencies.Developed in conjunction with the Cisco certications and training team, Cisco Pressbooks are the only self-study books authorized by Cisco. They offer students a series ofexam practice tools and resource materials to help ensure that learners fully grasp theconcepts and information presented.Additional authorized Cisco instructor-led courses, e-learning, labs, and simulations areavailable exclusively from Cisco Learning Solutions Partners worldwide. To learn more,visit http://www.cisco.com/go/training.I hope that you nd these materials to be an enriching and useful part of your exampreparation.Erik UllandersonManager, Global CerticationsLearning@CiscoAugust 2007
27. 27. 1828xbook.fm Page xxvii Thursday, July 26, 2007 3:10 PMxxviiIntroduction Congratulations! If youre reading this Introduction, youve probably already decided to go for your Cisco certication. If you want to succeed as a technical person in the networking industry, you need to know Cisco. Cisco has a ridiculously high market share in the router and switch marketplacemore than 80 percent in some markets. In many geographies and markets around the world, networking equals Cisco. If you want to be taken seriously as a network engineer, Cisco certication makes sense. Historically speaking, the rst entry-level Cisco certication has been the Cisco Certied Network Associate (CCNA) certication, rst offered in 1998. The rst three versions of the CCNA certication (1998, 2000, and 2002) required that you pass a single exam to become certied. However, over time, the exam kept growing, both in the amount of material covered and the difculty level of the questions. So, for the fourth major revision of the exams, announced in 2003, Cisco continued with a single certication (CCNA) but offered two certication options: a single exam option and a two-exam option. The two- exam option allowed people to study roughly half the material and then take and pass one exam before moving on to the next. Cisco announced changes to the CCNA certication and exams in June 2007. This announcement includes many changes; here are the most notable: The exams collectively cover a broader range of topics. The exams increase the focus on proving the test takers skills (as compared with just testing knowledge). Cisco created a new entry-level certication: Cisco Certied Entry Networking Technician (CCENT). For the current certications, announced in June 2007, Cisco created the ICND1 (640-822) and ICND2 (640-816) exams, along with the CCNA (640-802) exam. To become CCNA certied, you can pass both the ICND1 and ICND2 exams, or just the CCNA exam. The CCNA exam simply covers all the topics on the ICND1 and ICND2 exams, giving you two options for gaining your CCNA certication. The two-exam path gives people with less experience a chance to study for a smaller set of topics at one time. The one-exam option provides a more cost-effective certication path for those who want to prepare for all the topics at once. Although the two-exam option is useful for some certication candidates, Cisco designed the ICND1 exam with a much more important goal in mind. The CCNA certication grew to the point that it tested knowledge and skills beyond what an entry-level network technician would need. Cisco needed a certication that better reected the skills required
28. 28. 1828xbook.fm Page xxviii Thursday, July 26, 2007 3:10 PM xxviii for entry-level networking jobs. So Cisco designed its Interconnecting Cisco Networking Devices 1 (ICND1) course, and the corresponding ICND1 640-822 exam, to include the knowledge and skills most needed by an entry-level technician in a small Enterprise network. And so that you can prove that you have the skills required for those entry-level jobs, Cisco created a new certication, CCENT. Figure I-1 shows the basic organization of the certications and the exams used to get your CCENT and CCNA certications. (Note that there is no separate certication for passing the ICND2 exam.) Figure I-1Cisco Entry-Level Certications and ExamsTake ICND1pass CCENTTake ICND2(640-822) Exam Certified(640-816) Exam passTake CCNA passCCNA(640-802) ExamCertified As you can see, although you can obtain the CCENT certication by taking the ICND1 exam, you do not have to be CCENT certied before getting your CCNA certication. You can choose to take just the CCNA exam and bypass the CCENT certication. The ICND1 and ICND2 exams cover different sets of topics, with a minor amount of overlap. For example, ICND1 covers IP addressing and subnetting, and ICND2 covers a more complicated use of subnetting called variable-length subnet masking (VLSM). Therefore, ICND2 must then cover subnetting to some degree. The CCNA exam covers all the topics covered on both the ICND1 and ICND2 exams. Although the popularity of the CCENT certication cannot be measured until a few years have passed, certainly the Cisco CCNA is the most popular entry-level networking certication program. A CCNA certication proves that you have a rm foundation in the most important components of the Cisco product linerouters and switches. It also proves that you have broad knowledge of protocols and networking technologies. Format of the CCNA Exams The ICND1, ICND2, and CCNA exams all follow the same general format. When you get to the testing center and check in, the proctor gives you some general instructions and then takes you into a quiet room containing a PC. When youre at the PC, you have a few
29. 29. 1828xbook.fm Page xxix Thursday, July 26, 2007 3:10 PMxxix things to do before the timer starts on your exam. For instance, you can take a sample quiz to get accustomed to the PC and the testing engine. Anyone who has user-level skills in getting around a PC should have no problems with the testing environment. Additionally, Chapter 18, Final Preparation, points to a Cisco website where you can see a demo of Ciscos actual test engine. When you start the exam, you are asked a series of questions. You answer them and then move on to the next question. The exam engine does not let you go back and change your answer. Yes, its true. When you move on to the next question, thats it for the preceding question. The exam questions can be in one of the following formats: Multiple choice (MC) Testlet Drag-and-drop (DND) Simulated lab (sim) Simlet The rst three types of questions are relatively common in many testing environments. The multiple-choice format simply requires that you point and click a circle beside the correct answer(s). Cisco traditionally tells you how many answers you need to choose, and the testing software prevents you from choosing too many. Testlets are questions with one general scenario and several multiple-choice questions about the overall scenario. Drag- and-drop questions require you to click and hold, move a button or icon to another area, and release the mouse button to place the object somewhere elsetypically in a list. For some questions, to get the question correct, you might need to put a list of ve things in the proper order. The last two types of questions use a network simulator to ask questions. Interestingly, the two types actually allow Cisco to assess two very different skills. First, sim questions generally describe a problem, and your task is to congure one or more routers and switches to x it. The exam then grades the question based on the conguration you changed or added. Interestingly, sim questions are the only questions (to date) for which Cisco has openly conrmed it gives partial credit for. The simlet questions may well be the most difcult style of question. Simlet questions also use a network simulator, but instead of having you answer by changing the conguration, the question includes one or more multiple-choice questions. The questions require that you use the simulator to examine a networks current behavior, interpreting the output of any
30. 30. 1828xbook.fm Page xxx Thursday, July 26, 2007 3:10 PM xxxshow commands you can remember to answer the question. Whereas sim questions requireyou to troubleshoot problems related to a conguration, simlets require you to analyze bothworking networks and networks with problems, correlating show command output withyour knowledge of networking theory and conguration commands. Whats on the CCNA Exam(s)?Ever since I was in grade school, whenever the teacher announced that we were having atest soon, someone would always ask, Whats on the test? Even in college, people wouldtry to get more information about what would be on the exams. The goal is to know whatto study a lot, what to study a little, and what to not study at all.Cisco wants the public to know the variety of topics and have an idea of the kinds ofknowledge and skills required for each topic, for every Cisco certication exam. To thatend, Cisco publishes a set of objectives for each exam. The objectives list the specic topicssuch as IP addressing, RIP, and VLANs. The objectives also imply the kinds of skillsrequired for that topic. For example, one objective might start with Describe..., andanother might begin with Describe, congure, and troubleshoot.... The second objectiveclearly states that you need a thorough understanding of that topic. By listing the topics andskill level, Cisco helps you prepare for the exams.Although the exam objectives are helpful, keep in mind that Cisco adds a disclaimer thatthe posted exam topics for all its certication exams are guidelines. Cisco makes an effortto keep the exam questions within the connes of the stated exam objectives. I know fromtalking to those involved that every question is analyzed to ensure that it ts within thestated exam topics. ICND1 Exam TopicsTable I-1 lists the exam topics for the ICND1 exam. The ICND2 exam topics follow inTable I-2. Although the posted exam topics are not numbered at Cisco.com, Cisco Pressnumbers them for easier reference. The tables also note the book parts in which each examtopic is covered. Because the exam topics may change over time, it may be worth it todouble-check the exam topics listed on Cisco.com (go to http://www.cisco.com/go/ccna).If Cisco does happen to add exam topics at a later date, note that Appendix C, ICND1Exam Updates, describes how to go to http://www.ciscopress.com and downloadadditional information about those newly added topics.NOTE The table includes gray highlights that are explained in the upcoming sectionCCNA Exam Topics.
31. 31. 1828xbook.fm Page xxxi Thursday, July 26, 2007 3:10 PMxxxi Table I-1ICND1 Exam TopicsBook Part(s) ReferenceWhere Topic Is Number CoveredExam Topic Describe the operation of data networks 1IDescribe the purpose and functions of various network devices 2ISelect the components required to meet a given network specication 3I, II, III Use the OSI and TCP/IP models and their associated protocols to explain how data ows in a network 4IDescribe common networking applications including web applications 5IDescribe the purpose and basic operation of the protocols in the OSI and TCP models 6IDescribe the impact of applications (Voice Over IP and Video Over IP) on a network 7IIV Interpret network diagrams 8IIV Determine the path between two hosts across a network 9I, III, IV Describe the components required for network and Internet communications 10 IIV Identify and correct common network problems at Layers 1, 2, 3, and 7 using a layered model approach 11 II, IIIDifferentiate between LAN/WAN operation and features Implement a small switched network 12 II Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts 13 II Explain the technology and media access control method for Ethernet technologies 14 II Explain network segmentation and basic trafc management concepts 15 II Explain the operation of Cisco switches and basic switching concepts 16 II Perform, save, and verify initial switch conguration tasks including remote access managementcontinues
32. 32. 1828xbook.fm Page xxxii Thursday, July 26, 2007 3:10 PM xxxii Table I-1ICND1 Exam Topics (Continued) Book Part(s) Reference Where Topic Is NumberCoveredExam Topic 17II Verify network status and switch operation using basic utilities(including: ping, traceroute, Telnet, SSH, ARP, ipcong), showand debug commands 18II Implement and verify basic security for a switch (port security,deactivate ports) 19II Identify, prescribe, and resolve common switched networkmedia issues, conguration issues, autonegotiation, and switchhardware failuresImplement an IP addressing scheme and IP services tomeet network requirements for a small branch office 20I, III Describe the need for and role of addressing in a network 21I, III Create and apply an addressing scheme to a network 22IIIAssign and verify valid IP addresses to hosts, servers, andnetworking devices in a LAN environment 23IV Explain the basic uses and operation of NAT in a small networkconnecting to one ISP 24I, III Describe and verify DNS operation 25III, IVDescribe the operation and benets of using private and publicIP addressing 26III, IVEnable NAT for a small network with a single ISP andconnection using SDM and verify operation using CLI and ping 27IIICongure, verify, and troubleshoot DHCP and DNS operationon a router (including: CLI/SDM) 28IIIImplement static and dynamic addressing services for hosts in aLAN environment 29IIIIdentify and correct IP addressing issuesImplement a small routed network 30I, III Describe basic routing concepts (including: packet forwarding,router lookup process) 31IIIDescribe the operation of Cisco routers (including: routerbootup process, POST, router components)
33. 33. 1828xbook.fm Page xxxiii Thursday, July 26, 2007 3:10 PMxxxiiiTable I-1ICND1 Exam Topics (Continued)Book Part(s)Reference Where Topic IsNumberCoveredExam Topic32I, III Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts33IIICongure, verify, and troubleshoot RIPv234IIIAccess and utilize the router CLI to set basic parameters35IIIConnect, congure, and verify operation status of a device interface36IIIVerify device conguration and network connectivity using ping, traceroute, Telnet, SSH, or other utilities37IIIPerform and verify routing conguration tasks for a static or default route given specic routing requirements38IIIManage IOS conguration les (including: save, edit, upgrade, restore)39IIIManage Cisco IOS40IIIImplement password and physical security41IIIVerify network status and router operation using basic utilities (including: ping, traceroute, Telnet, SSH, ARP, ipcong), show and debug commands Explain and select the appropriate administrative tasks required for a WLAN42II Describe standards associated with wireless media (including: IEEE, Wi-Fi Alliance, ITU/FCC)43II Identify and describe the purpose of the components in a small wireless network (including: SSID, BSS, ESS)44II Identify the basic parameters to congure on a wireless network to ensure that devices connect to the correct access point45II Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)46II Identify common issues with implementing wireless networkscontinues
34. 34. 1828xbook.fm Page xxxiv Thursday, July 26, 2007 3:10 PM xxxiv Table I-1ICND1 Exam Topics (Continued) Book Part(s)ReferenceWhere Topic IsNumber CoveredExam TopicIdentify security threats to a network and describe generalmethods to mitigate those threats47 IExplain todays increasing network security threats and the needto implement a comprehensive security policy to mitigate thethreats48 IExplain general methods to mitigate common security threats tonetwork devices, hosts, and applications49 IDescribe the functions of common security appliances andapplications50 I, II, III Describe security recommended practices including initial stepsto secure network devicesImplement and verify WAN links51 IV Describe different methods for connecting to a WAN52 IV Congure and verify a basic WAN serial connection ICND2 Exam Topics Table I-2 lists the exam topics for the ICND2 (640-816) exam, along with the book parts in the CCNA ICND2 Ofcial Exam Certication Guide in which each topic is covered. Table I-2ICND2 Exam Topics Book Part(s) Where Topic IsReferenceCovered (inNumber ICND2) Exam TopicConfigure, verify, and troubleshoot a switch with VLANsand interswitch communications101IDescribe enhanced switching technologies (including: VTP,RSTP, VLAN, PVSTP, 802.1q)102IDescribe how VLANs create logically separate networks andthe need for routing between them103ICongure, verify, and troubleshoot VLANs104ICongure, verify, and troubleshoot trunking on Cisco switches
35. 35. 1828xbook.fm Page xxxv Thursday, July 26, 2007 3:10 PM xxxv Table I-2ICND2 Exam Topics (Continued) Book Part(s) Where Topic Is Reference Covered (in NumberICND2)Exam Topic 105 IICongure, verify, and troubleshoot interVLAN routing 106 I Congure, verify, and troubleshoot VTP 107 I Congure, verify, and troubleshoot RSTP operation 108 I Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network 109 I Implement basic switch security (including: port security, unassigned ports, trunk access, etc.) Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network 110 IICalculate and apply a VLSM IP addressing design to a network 111 IIDetermine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment 112 V Describe the technological requirements for running IPv6 (including: protocols, dual stack, tunneling, etc.) 113 V Describe IPv6 addresses 114 II, III Identify and correct common problems associated with IP addressing and host congurations Configure and troubleshoot basic operation and routing on Cisco devices 115 III Compare and contrast methods of routing and routing protocols 116 III Congure, verify, and troubleshoot OSPF 117 III Congure, verify, and troubleshoot EIGRP 118 II, III Verify conguration and connectivity using ping, traceroute, and Telnet or SSH 119 II, III Troubleshoot routing implementation issues continues
36. 36. 1828xbook.fm Page xxxvi Thursday, July 26, 2007 3:10 PM xxxvi Table I-2ICND2 Exam Topics (Continued) Book Part(s) Where Topic IsReferenceCovered (inNumber ICND2) Exam Topic120II, III, IVVerify router hardware and software operation using show anddebug commands121II Implement basic router securityImplement, verify, and troubleshoot NAT and ACLs in amedium-size Enterprise branch office network122II Describe the purpose and types of access control lists123II Congure and apply access control lists based on networkltering requirements124II Congure and apply an access control list to limit Telnet andSSH access to the router125II Verify and monitor ACLs in a network environment126II Troubleshoot ACL implementation issues127VExplain the basic operation of NAT128VCongure Network Address Translation for given networkrequirements using CLI129VTroubleshoot NAT implementation issuesImplement and verify WAN links130IV Congure and verify Frame Relay on Cisco routers131IV Troubleshoot WAN implementation issues132IV Describe VPN technology (including: importance, benets,role, impact, components)133IV Congure and verify PPP connection between Cisco routers CCNA Exam TopicsIn the previous version of the exams, the CCNA exam covered a lot of what was in theICND (640-811) exam, plus some coverage of topics in the INTRO (640-821) exam. Thenew CCNA exam (640-802) covers all the topics on both the ICND1 (640-822) and ICND2(640-816) exams. One of the reasons for more-balanced coverage in the exams is that someof the topics that used to be in the second exam have been moved to the rst exam.