ICND1 100-105 Category

ICND1 – Basic Questions

December 26th, 2016 481 comments

Question 1

Explanation

CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection. In an Ethernet LAN, before transmitting, a computer first listens to the network media. If the media is idle, the computer sends its data. If the media is not idle (another station is talking), the computer must wait for some time.

When a station transmits, the signal is referred to as a carrier. Carrier Sense means that before a station can send data onto an Ethernet wire, it have to listen to see if another “carrier” (of another station) is present. If another station is talking, this station will wait until there is no carrier present.

Multiple Access means that stations can access the network at any time. It is opposed to Token-Ring network where a station must have the “token” so that it can send data.

Although Carrier Sense help two stations not send data at the same time but sometimes two stations still send data at the same time! This is because two stations listen for network traffic, hear none, and transmit simultaneously -> a collision occurs and both stations must retransmit at some later time. Collision Detection is the ability of the media to detect collisions to know that they must retransmit.

Basically, the CSMA/CD algorithm can be summarized as follows:

+ A device that wants to send a frame must wait until the LAN is silent (no one is “talking”)
+ If a collision still occurs, the devices that caused the collision wait a random amount of time and then try to send data again.

Note: A switch separates each station into its own collision domain. It means that station can send data without worrying its data is collided with the data of other stations. It is as opposed to a hub which can cause collision between stations connected to it.

Question 2

Explanation

Only two commands “show interfaces” and “show ip interface brief” reveal the status of router interfaces (up/up, for example).

The outputs of two commands are shown below:

show_config_question_answer_2.jpg

show_ip_interface_brief.jpg

Question 3

Explanation

HTTP is based on TCP connection so a TCP connection must be established first between the workstation and the web server.

Question 4

Explanation

Hubs do not separate collision domains so if hub is used in the topology above, we will have only 1 collision domain. Switches do separate collision domains so if hubs are replaced by switches, we would have 22 collision domains (19 collision domains for hosts and 3 collision domains among three switches. Please notice that the WAN (serial) connection is not counted as a collision (or broadcast) domain.

Question 5

Explanation

A broadcast storm can cause congestion within a network. For more information about broadcast storm please read my STP tutorial.

Question 6

Explanation

Before a host can send ICMP (ping) packets to another device, it needs to learn the MAC address of the destination device so it first sends out an ARP Request. In fact, the first ping packet is dropped because the router cannot create a complete packet without learning the destination MAC address.

Question 7

Explanation

The “show running-config” command displays active configuration in memory.

Question 8

Question 9

Question 10

Explanation

Full-duplex communication allows both sending and receiving of data simultaneously. Switches provide full-duplex communication capability. Half-duplex communication only allows data transmission in only one direction at a time (either sending or receiving).

ICND1 – Basic Questions 2

December 24th, 2016 115 comments

Question 1

Explanation

Only a router or a Layer 3 switch can mitigate a broadcast storm because they separate broadcast domains -> B and D are correct.

Question 2

Explanation

AREA 1 has “multiple collision domains” so Network Device A must be a device operating in Layer 2 or above (a router or switch) -> A & E are correct.

AREA 2 only has “single collision domain” so Network Device B must be a device operating in Layer 1 (a hub or repeater) -> D is correct.

Question 3

Explanation

The “Ctrl-Shift-6” and “x” is used to suspend the telnet session. In this case, the telnet session from Router1 to Router2 will be suspended.

If we enter the keyword “resume”, Router1 will try to resume the telnet session to Router2 (you will see the line [Resuming connection 1 to 192.168.9.2 … ]) and we will get back the Router2> prompt.

Question 4

Explanation

In the topology above only routers and switches are used so for each link we have one collision domains. In the picture below each pink ellipse represents for one collision domain.

Collision_domains_explained.jpg

ICND1 – OSI Model

December 22nd, 2016 96 comments

Note: If you are not sure about OSI Model, please read my OSI Model Tutorial.

Question 1

Question 2

Explanation

CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.

Question 3

Explanation

SMTP stands for Simple Mail Transfer Protocol. It’s a set of communication guidelines that allow software to transmit email over the Internet while File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over TCP-based network.

Note: Simple Network Management Protocol (SNMP) uses UDP as the transport protocol for passing data between managers and agents. SNMP uses UDP to help reduce the impact on your network’s performance. Although SNMP can be configured to run on TCP but we should only do it in special situations. SNMP uses the UDP port 161 for sending and receiving requests, and port 162 for receiving traps from managed devices.

DNS work on both the TCP and UDP protocols. DNS uses TCP for zone exchanges between servers and UDP when a client is trying to
resolve a hostname to an IP address. Therefore in most cases we say “DNS uses UDP”.

Question 4

Explanation

The primary function of an access-layer is to provide network access to the end user.

The hardware and software attributes of the access layer that support high availability include security services for additional security against unauthorized access to the network through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.

Question 5

Explanation

The picture below compares the two TCP/IP and OSI models:

OSI_TCP_IP_Comparison.jpg

Question 6

Explanation

Transmission Control Protocol (TCP) has all the features mentioned above and TCP resides in Transport Layer (Layer 4) of the OSI model.

Flow control: A methodology used to ensure that receiving units are not overwhelmed with data from sending devices when buffers at a receiving unit are full, a message is transmitted to the sending unit to temporarily halt trans-missions until all the data in the receiving buffer has been processed and the buffer is again ready for action.

Sequencing: is used to number segments before sending so they can be put back together again in the correct order at the receiving side.

Acknowledgment: When the receiver gets the data, it sends a response telling the sender that the data have been safely arrived.

Question 7

Explanation

In CCNA, the popular devices operate in Layer 1 are hub and repeater.

ICND1 – Protocols & Services

December 20th, 2016 60 comments

Question 1

Explanation

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over TCP-based network, such as the Internet.

Question 2

Explanation

Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone via the “show cdp neighbors” command on a Cisco switch then that phone is from Cisco.

Question 3

Explanation

User Datagram Protocol (UDP) provides a connectionless datagram service that offers best-effort delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams. UDP is typically used by programs that transmit small amounts of data at one time or have real-time requirements (voice, for example).

Question 4

Explanation

CDP is a device discovery protocol that runs over Layer 2. We can view the CDP information with the show cdp neighbors command (thus the provided information is at layer 2), notice this command only shows information about directly connected devices. The output of the show cdp neighbors command is shown below:

ccna_configuration_show_cdp_neighbors.jpg

There are 3 columns you must pay attention to:

* Local interface: type & ID of the local interface on which CDP information of the neighbor were received.
* Device platform: the neighboring device model.
* Port ID: the connected interface of the neighbor.

Question 5

Explanation

After resolving a browser URL to an IP address (via DNS server), the workstation must learn the MAC address of the server so that it can create a complete packet (a complete packet requires destination MAC and IP address, source MAC and IP address). Therefore the workstation must use ARP to find out the MAC address from the IP address.

Question 6

Explanation

Before two computers can communicate over TCP, they must synchronize their initial sequence numbers (ISN) -> B is correct.

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any fragmentation, disordering, or packet loss that may occur during transmission -> D is correct.

Question 7

Explanation

By default CDP is enabled on Cisco routers -> A is not correct.

CDP runs at Layer 2 in the OSI model and it does not need an IP address to run -> C & D are not correct.

Question 8

Explanation

Tracert (or traceroute) is used to trace the path between the sender and the destination host. Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting with TTL value = 1. The first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of 2, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets traverse, until the destination is reached and returns an ICMP Echo Reply message -> C is correct.

ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP payload part of an IP datagram -> D is correct.

Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and Linux TRACEROUTE use UDP.

Question 9

Explanation

CDP runs at Layer 2 so it can recognize a switch (if that switch also runs CDP).

ICND1 – Router Questions

December 18th, 2016 107 comments

Question 1

Explanation

When packets travel through many routers, the source and destination IP addresses do not change but the source and destination MAC do change.

Question 2

Explanation

The output above is unclear. Normally when we use this command we can see the type of serial connection on this interface, for example “V.35 DCE cable. Below is an example of the same command as above:

RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22

Or

RouterB#show controllers serial 0
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22

but in this case we only get “V.35 cable”. So in fact we are not sure about the answer C. But the output above also does not have any information to confirm other answers are correct or not.

Just for your information, the V.35 male and V.35 female cable are shown below:

v.35_female.jpgv.35cable_male.jpg

Question 3

Question 4

Question 5

Explanation

The outputs of “show protocols” and “show ip interface” are shown below:

Global values:
Internet Protocol routing is enabled
Serial0/0 is up, line protocol is down
Internet address is 10.1.1.1/30
Serial0/1 is up, line protocol is down
Internet address is 209.65.200.225/30
Serial0/2 is up, line protocol is down
Serial0/3 is up, line protocol is down
NVI0 is up, line protocol is up
Interface is unnumbered. Using address of NVI0 (0.0.0.0)
Loopback0 is up, line protocol is up
Internet address is 10.1.10.1/32
Loopback1 is up, line protocol is up
Internet address is 10.1.2.1/27
Loopback6 is up, line protocol is up
Serial0/0 is up, line protocol is down
Internet address is 10.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

ICND1 – Switch Questions

December 16th, 2016 63 comments

Question 1

Explanation

Each port on a switch is a collision domain while each VLAN is a broadcast domain because broadcast is only forwarded within that VLAN so we have 48 collision domains and 4 broadcast domains on this switch (if all ports are used).

Question 2

Question 3

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all (active) ports except the port that sent it.

Question 4

Question 5

Question 6

Explanation

A hub is not as “intelligent” as a switch because a hub does not try to remember anything passing to it. It just floods out all the ports (except the one that sent it) when it receives a frame.

Question 7

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all active ports except the port that sent it. In this case, the destination MAC address 0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame out all of its ports except fa0/0 (the port that it received the frame) -> D is correct.

Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch adds 0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.

Question 8

Explanation

The destination MAC address is ffff.ffff.ffff so this is a broadcast frame so the switch will forward the frame out all active switch ports except for port fa0/0.

Question 9

Explanation

In this case the destination MAC address has been learned so the switch just forwards the frame to the corresponding port. It also learn that the source MAC address of host A has not been existed in the MAC address table so it will add it (and port fa0/3) to its MAC address table.

Question 10

Question 11

ICND1 – OSPF Questions

December 14th, 2016 65 comments

Note: If you are not sure about OSPF, please read my OSPF tutorial first.

Question 1

Question 2

Question 3

Explanation

Answer A and C are obviously correct. For answer E, it allows extensive control of routing updates via Link-State Advertisement (LSA). Administrators can filter these LSAs to meet their requirements easily.

Question 4

Explanation

A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.

D and F are correct because these entries must match on neighboring routers:

Hello and dead intervals
Area ID (Area 0 in this case)
– Authentication password
– Stub area flag

Question 5

Question 6

Explanation

The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.

Question 7

Explanation

OSPF uses a metric referred to as cost. The cost of the entire path is the sum of the costs of the outgoing interfaces along the path. Cisco uses a simple formula to calculate OSPF cost:

OSPF cost = 108 / Bandwidth (bit)

Therefore, a 100 Mbps FastEthernet interface will have the cost of 108 / 100,000,000 (bps) = 1

Note: Cost for interfaces with bandwidth equal or larger than 10^8 bps is normalized to 1 so a 1Gbps interface will also have OSPF cost of 1.

For “O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0″ line, the first number in the brackets is the administrative distance of the information source; the second number is the metric for the route -> In this case the second number is the OSPF cost.

Question 8

Explanation

There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will have a DR so we have 2 DRs.

To select which router will become DR they will compare their router-IDs. The router with highest (best) router-ID will become DR. The router-ID is chosen in the order below:

+ The highest IP address assigned to a loopback (logical) interface.

+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.

In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2 (10.2.20.20) have highest “active” IP addresses so they will become DRs.

Question 9

ICND1 – Security Questions

December 12th, 2016 35 comments

Question 1

Explanation

This is the full command mentioned in answer A:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration.

Question 2

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

Note: The secret password (configured by the command “enable secret fortress”) is always encrypted even if the “service password-encryption” command is not used.

Also, the “service password-encryption” command encrypts both current and future passwords.

Question 3

Question 4

Explanation

By configuring the port connected with the directory PC as access port the network administrator will mitigate a lot of security issues because access port does not have as much privilege as a trunk port -> C is correct.

The port security feature can also help mitigate security issue because it can learn the MAC address of the directory PC. When another laptop is plugged into the port, the switch will automatically block or shut down that port (if suitable configuration is used) -> A is correct. But nowadays a hacker can fake the MAC address of the directory PC.

By statically assigning the MAC address to the address table, only that MAC address can access to the network -> F is correct.

Question 5

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

The “service password-encryption” command encrypts both current and future passwords.

Question 6

Explanation

The command to configure port security on a switch is (in interface configuration mode):

switchport port-security mac-address sticky [MAC]

In this case we will type the server MAC address. That MAC address will be stored in the address table, and added to the switch running configuration.

Note: If we don’t specify the MAC address then the switch will dynamically learn the attached MAC Address and place it into your running-configuration

Question 7

Explanation

In the configuration above we have three passwords:

+ The “enable secret” password: sanfran
+ The “enable password” password: cisco
+ The VTY line password: sanjose

The two first “enable secret” and “enable password” are used to set password for entering privilege mode (an example of privilege mode: Router#). Both of them will be stored in the running configuration. But the password in “enable secret” command is always encrypted using MD5 hash while the password in “enable password” is in plain text.

Note: If you want to encrypt “enable password” you can use the command “service password-encryption” but it will be encrypted with a very basic form of encryption called vigenere cipher, which is very weak.

When you configure both an enable and a secret password, the secret password will be used -> B is correct.

ICND1 – Subnetting

December 10th, 2016 99 comments

Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.

Question 1

Explanation

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 172.19.20.16 (because 16 < 23)
Broadcast address: 172.16.20.31 (because 31 = 16 + 16 – 1)

In fact we don’t need to find out the broadcast address because the question only asks about subnet address (network address).

Question 2

Explanation

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 192.168.23.48 (because 48 = 16 * 3 and 48 < 61)

Question 3

Explanation

From the subnet mask of 255.255.255.248 we learn:

Increment: 8 (248 = 11111111.11111111.11111111.11111000)
Network address: 192.168.1.40 (because 40 = 8 * 5 and 40 < 42)

Question 4

Explanation

From the /20 we can find all information we need:

Increment: 16 (/20 = 11111111.11111111.11110000.00000000). This is applied for the 3rd octet.
Network address: 10.1.160.0 (because 160 = 16 * 10 and 160 = 160 -> the IP address above is also the network address.
Broadcast address: 10.1.175.255 (because 175 = 160 + 16 – 1)

Therefore only 10.1.168.0, 10.1.174.255 and 10.1.160.255 are in this range. Please notice 10.1.174.255 is not a broadcast address and can be assigned to host.

Question 5

Explanation

Increment: 32 (224 = 11111111.11111111.11111111.11100000)
Network address: x.x.x.(0;32;64;96;128;160;192;224)
Broadcast address: x.x.x.(31;63;95;127;159;191;223)
-> Last valid host (reduced broadcast addresses by 1): x.x.x.(30;62;94;126;158;190;222) -> Only B is correct.

Question 6

Explanation

Increment: 64 (/26 = 11111111.11111111.11111111.11000000)
The IP 192.168.4.0 belongs to class C. The default subnet mask of class C is /24 and it has been subnetted with a /26 mask so we have 2(26-24) = 22 = 4 sub-networks:

1st subnet: 192.168.4.0 (to 192.168.4.63)
2nd subnet: 192.168.4.64 (to 192.168.4.127)
3rd subnet: 192.168.4.128 (to 192.168.4.191)
4th subnet: 192.168.4.192 (to 192.168.4.225)

In all the answers above, only answer C and D are in the same subnet.

Therefore only IPs in this range can be assigned to hosts.

Question 7

Explanation

With network 192.168.20.24/29 we have:

Increment: 8 (/29 = 255.255.255.248 = 11111000 for the last octet)
Network address: 192.168.20.24 (because 24 = 8 * 3)
Broadcast address: 192.168.20.31 (because 31 = 24 + 8 – 1)

Therefore the first usable IP address is 192.168.20.25 (assigned to the router) and the last usable IP address is 192.168.20.30 (assigned to the sales server). The IP address of the router is also the default gateway of the sales server.

Question 8

Explanation

The number of valid host IP addresses depends on the number of bits 0 left in the subnet mask. With a /30 subnet mask, only two bits 0 left (/30 = 11111111.11111111.11111111.11111100) so the number of valid host IP addresses is 22 – 2 = 2. Also please notice that the /30 subnet mask is a popular subnet mask used in the connection between two routers because we only need two IP addresses. The /30 subnet mask help save IP addresses for other connections. An example of the use of /30 subnet mask is shown below:

slash30_subnet_mask.jpg

Question 9

Explanation

Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)
Network address: 10.16.2.0 (because 2 = 2 * 1 and 2 < 3)
Broadcast address: 10.16.3.255 (because 2 + 2 – 1 = 3 for the 3rd octet)

-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet is 10.16.3.255 255.255.254.0

Question 10

Explanation

Increment: 4 (/22 = 11111111.11111111.11111100.00000000)
Network address: 172.16.156.0 (156 is multiple of 4 and 156 < 159)

 

ICND1 – Subnetting 2

December 8th, 2016 27 comments

Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.

Question 1

Explanation

AREA 1 has 500 users but it uses class C which only supports 254 users (from 192.168.1.1 to 192.168.1.254)-> A is correct.

AREA 3 also uses class C and as mentioned above it supports 254 users so it is enough for 200 users -> B is incorrect.

In AREA 2 there are only 60 users < 64 = 26 so we can use a subnet mask which has 6 bits 0 -> /26. Of course we can use larger subnets (like /25) for future expansion -> C is correct.

A large network should never use a single network-wide mask. It should be some different subnet masks to make the network flexible and easy to be summarized -> D is incorrect.

For router-to-router connection we should use a subnet mask of /30 which supports 2 hosts per subnet. This subnet mask is ideal for router-to-router connection -> E is correct.

There is no limit for IP to function if we know how to organize our network -> F is incorrect.

Question 2

Explanation

The maximum number of hosts in this question is 50 hosts so we have to use /26 subnet mask or above.

Question 3

Explanation

To support 300 workstations in a single broadcast domain, we need to use a subnet mask which supports 512 hosts = 29 -> /23 or 255.255.254.0 in decimal form -> A is correct.

If we use 48-port switches we need 300/48 = 6.25 -> seven 48-port switches are enough because we also need trunking between them -> D is correct.

We only need one router interface and it is connected with one of seven switches -> E is correct.

Question 4

Explanation

/19 = 255.255.224.0. The fast way to find out this subnet mask is to remember /16 = 255.255.0.0 and we need 3 more bits 1 for 3rd octet: 1110 0000 which is 224.

ICND1 – IP Routing

December 6th, 2016 48 comments

Question 1

Question 2

Explanation

By default, Cisco routers do not forward broadcast address. So what will happen if your PC does not in the same LAN with DHCP Server? Your PC (also a DHCP Client) will broadcast a packet but it is dropped by the router -> Your PC cannot get the IP from DHCP Server. So the “ip helper-address” command enables the DHCP broadcast to be forwarded to the DHCP server. For example, the IP address of your DHCP Server is 10.10.10.254 then we can type in the interface connecting with the DHCP Client (fa0/0 in this case) this command: “ip helper-address 10.10.10.254”.

IP_helper-address.jpg

Note: When a client boots up for the first time, it transmits a DHCPDISCOVER message on its local physical subnet. Because the client has no way of knowing the subnet to which it belongs, the DHCPDISCOVER is an all-subnets broadcast (destination IP address of 255.255.255.255, which is a layer 3 broadcast address). The client does not have a configured IP address, so the source IP address of 0.0.0.0 is used.

Question 3

Explanation

Routers do not look to the destination MAC address to forward packet. It will find the next destination MAC address itself to replace the old destination MAC address of the received packet.

Hubs do not care about MAC addresses, it just flood the frames out of all its port except the port that sent it.

Therefore only three switches in the exhibit above use destination MAC address to determine the next hops.

Question 4

Explanation

The destination MAC address at point A must be the MAC address of the interface fa0/0 of Toronto router -> E is correct.

Question 5

Explanation

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}
+ destination-network-address: destination network address of the remote network
+ subnet mask: subnet mask of the destination network
+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router
+ exit-interface: the local interface of this router where the packets will go out

Therefore the purpose of this command is to send any packets with destination IP address in the range of 192.168.100.160/27 subnet to 192.168.10.2. In fact, answer C is a bit weird when saying “host 192.168.100.160” because 192.168.100.160 is the network address in this case and it cannot be assigned to a host. But answer C is the most suitable answer for this question.

Question 6

Question 7

Explanation

After receiving a packet, the router will keep the source and destination IP addresses while change the source MAC address (to the MAC address of its outgoing interface) and the destination MAC address (to the MAC address of the next-hop interface). Therefore when the packet reaches host B, the source MAC address must be the MAC address of the outgoing interface of R1.

Question 8

Explanation

Host A knows the IP address of Host B but it does not know the MAC address of host B, so it have to create an ARP Request (which is a broadcast frame) to ask for the MAC address of host B. When Router1 receives this ARP Request, it answers with its own MAC address.

Question 9

Question 10

Explanation

Along the routing path, the source and destination IP address will not change so the source IP will always be 10.1.1.16.

ICND1 – IP Routing 2

December 4th, 2016 55 comments

Question 1

Explanation

After receiving a packet, the router will keep the source and destination IP addresses (10.1.3.3 and 10.1.2.2, respectively) while change the source MAC address (to the MAC address of its outgoing interface) and the destination MAC address (to the MAC address of the next-hop interface). Therefore when the packet leaves Router1, the source MAC address must be the MAC address of the outgoing interface of Router1 (0000.000c.0124) and the destination MAC address must be the MAC of fa0/1 of R2 (0000.000c.0123).

Question 2

Explanation

A static route with 0.0.0.0 0.0.0.0 will become a default route. The default route means: “send all traffic to this IP address”. So the default route “ip route 0.0.0.0 0.0.0.0 172.16.2.2” will send all traffic to 172.16.2.2.

Question 3

Explanation

The Administrative Distance (AD) parameter must be put at the end of the “ip route” command. The default AD is 1.

Question 4

Explanation

This router only have directly connected networks (symbolized by letter “C”) and one default route out of Serial0/0. Maybe this is a stub router with only one connection to the Headquarter or to the Internet.

Question 5

Explanation

In this topology, R2 is a stub router with only one connection to the HQ network so the best way to configure routing is to set a static route (default route) to R1.

Question 6

Explanation

Host A is in a different subnet of SW-A so SW-A does not know how to send data to host A so it needs to be assigned with a default gateway. The command to assign a default gateway to a switch is “ip default-gateway “. Please notice this command only has effect when “ip routing” is disabled on SW-A.

Question 7

Explanation

The default gateway of Host A should be the connected interface of the router, except host A is connected with a Layer 3 switch. In this case, Switch A is a pure Layer 2 switch and Switch A IP address is just for management purpose.

ICND1 – NAT/PAT

December 2nd, 2016 33 comments

Note: If you are not sure about NAT/PAT, please read my Network Address Translation NAT Tutorial.

Question 1

Explanation

Port Address Translation (PAT) can support thousands of users connect to the Internet using only one real global IP address. With PAT, each computer will be assigned a separate port number so that the router can identify which computer should receive the return traffic.

Question 2

Explanation

The keyword “overload” specifies we are using NAT Overload (PAT) in which multiple internal hosts will use only one IP address to access external network resources.

Question 3

Explanation

On the interface connecting to the Internet of the router we have to use the command “ip nat outside” for NAT to work. It identifies that interface as the outside interface.

ICND1 – Troubleshooting

November 30th, 2016 54 comments

Question 1

Question 2

ICND1 – Drag and Drop

November 28th, 2016 54 comments

Question 1

+ ARP: A PC sends packets to the default gateway IP address the first time since the PC turned on.
+ ICMP: The network administrator is checking basic IP connectivity from a workstation to a server.
+ DNS: The TCP/IP protocol stack must find an IP address for packets destined for a URL.
+ DHCP: A network device will automatically assign IP addresses to workstations.

Question 2

+ NAT: A PC with address 10.1.5.10 must access devices on the Internet.
+ DHCP: Only routers and servers require static IP addresses. Easy IP administration is required.
+ DNS: A PC only knows a server as MediaServer. IP needs to send data to that server.
+ OSPF: A protocol is needed to replace current static routes with automatic route updates.

Question 3

+ SNMP: a protocol used to monitor and manage network devices
+ FTP: a reliable, connection-oriented service that uses TCP to transfer files between systems
+ TFTP: a connectionless service that uses UDP to transfer files between systems
+ DNS: a protocol that converts human-readable names into machine-readable addresses
+ DHCP: used to assign IP addresses automatically and set parameters such as subnet mask and default gateway

Question 4

service password-encryption encrypt all clear text passwords
line console 0
password friendS0nly
protect access to the user mode prompt
enable secret noWay1n4u set privileged mode encrypted password
line vty 0 4
password 2hard2Guess
set password to allow Telnet connections
enable password uwi11NeverNo set privileged mode clear text password

Question 5

+ application layer: SMTP
+ transport layer: TCP
+ internet layer: IP
+ network access layer: Ethernet

Share your ICND1 v3.0 Experience

September 16th, 2016 1,586 comments

The new ICND1 100-105 exam has come to replace the old ICND1 100-101 exam. This exam is new so it will need some time to put up materials for this exam. In the meantime, we create the “Share your ICND1 v3.0 Experience” for everyone to share their experience after taking this exam.

Please share with us your experience after taking the new ICND1 100-105 exam, your materials, the way you learned, your recommendations…