ICND1 100-105 Category

ICND1 – Basic Questions

June 26th, 2017 554 comments

Question 1

Explanation

CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection. In an Ethernet LAN, before transmitting, a computer first listens to the network media. If the media is idle, the computer sends its data. If the media is not idle (another station is talking), the computer must wait for some time.

When a station transmits, the signal is referred to as a carrier. Carrier Sense means that before a station can send data onto an Ethernet wire, it have to listen to see if another “carrier” (of another station) is present. If another station is talking, this station will wait until there is no carrier present.

Multiple Access means that stations can access the network at any time. It is opposed to Token-Ring network where a station must have the “token” so that it can send data.

Although Carrier Sense help two stations not send data at the same time but sometimes two stations still send data at the same time! This is because two stations listen for network traffic, hear none, and transmit simultaneously -> a collision occurs and both stations must retransmit at some later time. Collision Detection is the ability of the media to detect collisions to know that they must retransmit.

Basically, the CSMA/CD algorithm can be summarized as follows:

+ A device that wants to send a frame must wait until the LAN is silent (no one is “talking”)
+ If a collision still occurs, the devices that caused the collision wait a random amount of time and then try to send data again.

Note: A switch separates each station into its own collision domain. It means that station can send data without worrying its data is collided with the data of other stations. It is as opposed to a hub which can cause collision between stations connected to it.

Question 2

Explanation

Only two commands “show interfaces” and “show ip interface brief” reveal the status of router interfaces (up/up, for example).

The outputs of two commands are shown below:

show_config_question_answer_2.jpg

show_ip_interface_brief.jpg

Question 3

Explanation

HTTP is based on TCP connection so a TCP connection must be established first between the workstation and the web server.

Question 4

Explanation

Hubs do not separate collision domains so if hub is used in the topology above, we will have only 1 collision domain. Switches do separate collision domains so if hubs are replaced by switches, we would have 22 collision domains (19 collision domains for hosts and 3 collision domains among three switches. Please notice that the WAN (serial) connection is not counted as a collision (or broadcast) domain.

Question 5

Explanation

A broadcast storm can cause congestion within a network. For more information about broadcast storm please read my STP tutorial.

Question 6

Explanation

Before a host can send ICMP (ping) packets to another device, it needs to learn the MAC address of the destination device so it first sends out an ARP Request. In fact, the first ping packet is dropped because the router cannot create a complete packet without learning the destination MAC address.

Question 7

Explanation

The “show running-config” command displays active configuration in memory.

Question 8

Question 9

Question 10

Explanation

Full-duplex communication allows both sending and receiving of data simultaneously. Switches provide full-duplex communication capability. Half-duplex communication only allows data transmission in only one direction at a time (either sending or receiving).

ICND1 – Basic Questions 2

June 26th, 2017 126 comments

Question 1

Explanation

Only a router or a Layer 3 switch can mitigate a broadcast storm because they separate broadcast domains -> B and D are correct.

Question 2

Explanation

AREA 1 has “multiple collision domains” so Network Device A must be a device operating in Layer 2 or above (a router or switch) -> A & E are correct.

AREA 2 only has “single collision domain” so Network Device B must be a device operating in Layer 1 (a hub or repeater) -> D is correct.

Question 3

Explanation

The “Ctrl-Shift-6” and “x” is used to suspend the telnet session. In this case, the telnet session from Router1 to Router2 will be suspended.

If we enter the keyword “resume”, Router1 will try to resume the telnet session to Router2 (you will see the line [Resuming connection 1 to 192.168.9.2 … ]) and we will get back the Router2> prompt.

Question 4

Explanation

In the topology above only routers and switches are used so for each link we have one collision domains. In the picture below each pink ellipse represents for one collision domain.

Collision_domains_explained.jpg

Question 5

Explanation

Star topology is the most popular topology for the network which allows all traffic to flow through a central device.

star_topology.jpg

Question 6

Question 7

Explanation

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the LAN access method used in Ethernet. When a device wants to gain access to the network, it checks to see if the network is free. If the network is not free, the device waits a random amount of time before retrying. If the network is free and two devices access the line at exactly the same time, their signals collide. When the collision is detected, they both back off and wait a random amount of time before retrying.

CSMA/CD is used with devices operating in half-duplex mode only. CSMA/CD helps devices connecting to half-duplex switch ports operate correctly.

Question 8

Explanation

Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer while MTU size refers only to Ethernet payload. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes (according to this link: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/29805-175.html)

For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518.

So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.

Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 + 18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant frames refer to Ethernet frame size up to 1600 bytes”.

Question 9

Question 10

Question 11

Explanation

To remember which type of cable you should use, follow these tips:

– To connect two serial interfaces of 2 routers we use serial cable
– To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable

For example: we use straight-through cable to connect switch to router, switch to host, hub to host, hub to server… and we use crossover cable to connect switch to switch, switch to hub, router to router, host to host… )

Notice in this question, connecting to the Frame Relay means connecting to another router. Also we must use serial cable (or Fiber Optic cable) because the distance to the Frame Relay is far so we can’t use Ethernet cables.

Rollover cable can be used to connect a computer terminal to a network router’s console port. This is often used when we turn on the router for the first time.

Question 12

Question 13

Question 14

Question 15

Explanation

Both switch and router separate collision domains. In other words, each port of the switch and router creates one collision domain so we have 15 collision domains in this topology.

ICND1 – OSI & TCP/IP Model

June 26th, 2017 110 comments

Note: If you are not sure about OSI Model, please read my OSI Model Tutorial.

Question 1

Question 2

Explanation

CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.

Question 3

Explanation

SMTP stands for Simple Mail Transfer Protocol. It’s a set of communication guidelines that allow software to transmit email over the Internet while File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over TCP-based network.

Note: Simple Network Management Protocol (SNMP) uses UDP as the transport protocol for passing data between managers and agents. SNMP uses UDP to help reduce the impact on your network’s performance. Although SNMP can be configured to run on TCP but we should only do it in special situations. SNMP uses the UDP port 161 for sending and receiving requests, and port 162 for receiving traps from managed devices.

DNS work on both the TCP and UDP protocols. DNS uses TCP for zone exchanges between servers and UDP when a client is trying to
resolve a hostname to an IP address. Therefore in most cases we say “DNS uses UDP”.

Question 4

Explanation

The primary function of an access-layer is to provide network access to the end user.

The hardware and software attributes of the access layer that support high availability include security services for additional security against unauthorized access to the network through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.

Question 5

Explanation

The picture below compares the two TCP/IP and OSI models:

OSI_TCP_IP_Comparison.jpg

Question 6

Explanation

Transmission Control Protocol (TCP) has all the features mentioned above and TCP resides in Transport Layer (Layer 4) of the OSI model.

Flow control: A methodology used to ensure that receiving units are not overwhelmed with data from sending devices when buffers at a receiving unit are full, a message is transmitted to the sending unit to temporarily halt trans-missions until all the data in the receiving buffer has been processed and the buffer is again ready for action.

Sequencing: is used to number segments before sending so they can be put back together again in the correct order at the receiving side.

Acknowledgment: When the receiver gets the data, it sends a response telling the sender that the data have been safely arrived.

Question 7

Explanation

In CCNA, the popular devices operate in Layer 1 are hub and repeater.

Question 8

Question 9

ICND1 – TCP & UDP Questions

June 25th, 2017 No comments

Question 1

Explanation

Three types of flow control are buffering, windowing & congestion avoidance:

+ Buffering: If a device receives packets too quickly for it to handle then it can store them in a memory section called a buffer and proceed them later.

+ Windowing: a window is the quantity of data segments that the transmitting device is allowed to send without receiving an acknowledgment for them. For example:

With the window size of 1, the sending device sends 1 segment and the receiving device must reply with 1 ACK before the sending device can send the next segment. This “waiting” takes some time.

By increasing the window size to 3, the sending device will send up to 3 segments before waiting an ACK -> helps reduce the waiting time.

+ Congestion avoidance: lower-priority traffic can be discarded when the network is overloaded -> minimize delays.

Question 2

Question 3

Explanation

HTTP is based on TCP connection so a TCP connection must be established first between the workstation and the web server.

Question 4

Explanation

Before two computers can communicate over TCP, they must synchronize their initial sequence numbers (ISN) -> B is correct.

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any fragmentation, disordering, or packet loss that may occur during transmission -> D is correct.

Question 5

Question 6

ICND1 – Switch Questions

June 24th, 2017 66 comments

Question 1

Explanation

Each port on a switch is a collision domain while each VLAN is a broadcast domain because broadcast is only forwarded within that VLAN so we have 48 collision domains and 4 broadcast domains on this switch (if all ports are used).

Question 2

Question 3

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all (active) ports except the port that sent it.

Question 4

Question 5

Question 6

Explanation

A hub is not as “intelligent” as a switch because a hub does not try to remember anything passing to it. It just floods out all the ports (except the one that sent it) when it receives a frame.

Question 7

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all active ports except the port that sent it. In this case, the destination MAC address 0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame out all of its ports except fa0/0 (the port that it received the frame) -> D is correct.

Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch adds 0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.

Question 8

Explanation

The destination MAC address is ffff.ffff.ffff so this is a broadcast frame so the switch will forward the frame out all active switch ports except for port fa0/0.

Question 9

Explanation

In this case the destination MAC address has been learned so the switch just forwards the frame to the corresponding port. It also learn that the source MAC address of host A has not been existed in the MAC address table so it will add it (and port fa0/3) to its MAC address table.

Question 10

Question 11

Question 12

Question 13

Explanation

The system LED shows whether the system is receiving power and functioning properly. Below lists the LED colors and meanings:

Color System Status
Off System is not powered up.
Green System is operating normally.
Amber System is receiving power but is not functioning properly.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/hardware/installation/guide/hgovrev.html)

Question 14

ICND1 – Switch Questions 2

June 24th, 2017 No comments

Question 1

Explanation

In this case the destination MAC address has been learned so the switch just forwards the frame to the corresponding port. It also learn that the source MAC address of host A has not been existed in the MAC address table so it will add it (and port fa0/3) to its MAC address table.

Question 2

Question 3

Explanation

All ports on a Layer 2 switch are in the same broadcast domain. Only router ports separate broadcast domains.

Question 4

Explanation

When you connect an IP phone to a switch using a trunk link, it can cause high CPU utilization in the switches. As all the VLANs for a particular interface are trunked to the phone, it increases the number of STP instances the switch has to manage. This increases the CPU utilization. Trunking also causes unnecessary broadcast / multicast / unknown unicast traffic to hit the phone link.

In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs.

The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:

Switch(config)#interface fastethernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#switchport voice vlan 20

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4500-series-switches/69632-configuring-cat-ip-phone.html

Question 5

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all (active) ports except the port that sent it.

Question 6

Explanation

The system LED shows whether the system is receiving power and functioning properly. Below lists the LED colors and meanings:

Color System Status
Off System is not powered up.
Green System is operating normally.
Amber System is receiving power but is not functioning properly.

(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/hardware/installation/guide/hgovrev.html)

Question 7

Explanation

The “!” is an invalid letter for a hostname.

Question 8

Explanation

When a switch receives a frame, it first checks for the destination MAC address and tries to find a matching entry in its MAC address table. If found, the switch then forwards that frame on the corresponding port associated with that MAC address. If no entry is found, the switch will flood that frame out of all active ports except the port that sent it. In this case, the destination MAC address 0000.00dd.dddd has not been in the MAC address table so the switch will flood the frame out all of its ports except fa0/0 (the port that it received the frame) -> D is correct.

Also, the switch learns that the MAC address 0000.00aa.aaaa is received on fa0/0 -> the switch adds 0000.00aa.aaaa and its corresponding port fa0/0 to the MAC address table -> A is correct.

Question 9

Explanation

In short, TCAM (Ternary Content Addressable Memory) is used for faster IP look up while ARP table is Layer3 address to Layer2 address resolution so they are not correct.

The Content Addressable Memory (CAM) table on a switch keeps track of MAC addresses and on what port they appear, along with some other stuff like age. When a device that’s plugged into a particular port sends a frame to the switch, the switch makes note of the source MAC and the port and checks the CAM table. Notice that the CAM table is built on the source MAC addresses (while the destination MAC addresses are ignored).

ICND1 – LAN Questions

June 23rd, 2017 No comments

Question 1

Explanation

A broadcast storm can cause congestion within a network. For more information about broadcast storm please read my STP tutorial.

Question 2

Explanation

The primary function of an access-layer is to provide network access to the end user.

The hardware and software attributes of the access layer that support high availability include security services for additional security against unauthorized access to the network through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.

ICND1 – VLAN Questions

June 23rd, 2017 No comments

Question 1

Explanation

With the configuration above, when we type “do show vlan” we would not see VLAN 10 in the VLAN database because it has not been created yet. VLAN 10 is only created when we exits VLAN configuration mode (with “exit” command).

Question 2

Explanation

Traffic on the native VLAN is untagged -> Answer B is not correct.

Control plane traffic (like CDP, VTP, STP…) runs on VLAN 1 by default. They are not blocked on the native VLAN -> Answer C is not correct.

If the answer says “the native VLAN should be set so that no real traffic running on it for security reasons” then it is correct but the native VLAN is not typically disabled -> Answer D is not correct.

CDP runs on VLAN 1 by default and the native VLAN is also VLAN 1 by default so answer A is the best choice here.

Question 3

Explanation

IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the network (a trunk link, for example), a VLAN ID tag is added to represent the VLAN membership of that frame. The picture below shows how VLAN tag is added and removed while going through the network.

VLAN_tag_added_removed.jpg

Question 4

Question 5

Explanation

The VLANs 0 and 4095 are reserved by the IEEE 802.1Q standard and you cannot create, delete, or modify them so they are the correct answers.

Note:
+ VLAN 0 and 4095 are reserved for system use only. You cannot see or use these VLANs.
+ VLAN 1 and VLANs 1002-1005 are default VLANs. Default VLANs are created automatically and cannot be configured or deleted by users.
+ VLAN 2 to 1001 are normal VLANs. You can create, use and delete them.
+ VLAN 1002 to 1005 are normal VLANs too but Cisco reserved for FDDI an Token Ring. You cannot delete these VLANs.
+ VLAN 1006 to 4094 are extended VLANs (for Ethernet VLANs only)

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/ht_xvlan.html and http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vlans.html

ICND1 – InterVLAN Routing

June 22nd, 2017 No comments

Question 1

ICND1 – STP Questions

June 21st, 2017 No comments

Question 1

ICND1 – Port Security

June 20th, 2017 No comments

Question 1

Explanation

By default, port security limits the MAC address that can connect to a switch port to one. If the maximum number of MAC addresses is reached, when another MAC address attempting to access the port a security violation occurs.

Question 2

Explanation

Shutdown is the default switch port port-security violation mode. When in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.

Question 3

Question 4

ICND1 – Router Questions

June 19th, 2017 108 comments

Question 1

Explanation

When packets travel through many routers, the source and destination IP addresses do not change but the source and destination MAC do change.

Question 2

Explanation

The output above is unclear. Normally when we use this command we can see the type of serial connection on this interface, for example “V.35 DCE cable. Below is an example of the same command as above:

RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22

Or

RouterB#show controllers serial 0
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22

but in this case we only get “V.35 cable”. So in fact we are not sure about the answer C. But the output above also does not have any information to confirm other answers are correct or not.

Just for your information, the V.35 male and V.35 female cable are shown below:

v.35_female.jpgv.35cable_male.jpg

Question 3

Question 4

Question 5

Explanation

The outputs of “show protocols” and “show ip interface” are shown below:

Global values:
Internet Protocol routing is enabled
Serial0/0 is up, line protocol is down
Internet address is 10.1.1.1/30
Serial0/1 is up, line protocol is down
Internet address is 209.65.200.225/30
Serial0/2 is up, line protocol is down
Serial0/3 is up, line protocol is down
NVI0 is up, line protocol is up
Interface is unnumbered. Using address of NVI0 (0.0.0.0)
Loopback0 is up, line protocol is up
Internet address is 10.1.10.1/32
Loopback1 is up, line protocol is up
Internet address is 10.1.2.1/27
Loopback6 is up, line protocol is up
Serial0/0 is up, line protocol is down
Internet address is 10.1.1.1/30
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

Question 6

Explanation

The “Ctrl-Shift-6” and “x” is used to suspend the telnet session. In this case, the telnet session from Router1 to Router2 will be suspended.

If we enter the keyword “resume”, Router1 will try to resume the telnet session to Router2 (you will see the line [Resuming connection 1 to 192.168.9.2 … ]) and we will get back the Router2> prompt.

Question 7

Explanation

The Layer 2 information (source and destination MAC) would be changed when passing through each router. The Layer 3 information (source and destination IP addresses) remains unchanged.

Question 8

Explanation

When packets travel through many routers, the source and destination IP addresses do not change but the source and destination MAC do change.

Question 9

Explanation

Change the configuration register to 0x2142. With this setting when that router reboots, it bypasses the startup-config and no password is required.

Question 10

ICND1 – Router Questions 2

June 19th, 2017 No comments

Question 1

Explanation

Each interface on a router must be in a different network. If two interfaces are in the same network, the router will not accept it and show error when the administrator assigns it.

Question 2

Question 3

Question 4

Question 5

Explanation

From the output of the “show version” command, we learn that there are only 2 FastEthernet interfaces (2 FastEthernet/IEEE 802.3 interfaces) and this router does not have any Ethernet interface so an error will occur when we enter the “interface e0” command.

Question 6

Question 7

Question 8

Question 9

ICND1 – Access list Questions

June 19th, 2017 No comments

Question 1

Question 2

Explanation

ACL Logging means to use the “log” or “log-input” parameters at the end of the ACL statements. For example: “access-list 100 deny icmp any any echo reply log-input”. In either situation, remember that using either of these two parameters disables CEF switching, which seriously impacts the performance of the router.

ICND1 – CDP & LLDP

June 18th, 2017 No comments

Question 1

Explanation

CDP runs at Layer 2 so it can recognize a switch (if that switch also runs CDP).

Question 2

Explanation

Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone via the “show cdp neighbors” command on a Cisco switch then that phone is from Cisco.

Question 3

Explanation

CDP runs at Layer 2 (Data Link) of the OSI model -> E is correct.

Question 4

ICND1 – Protocols & Services

June 17th, 2017 70 comments

Question 1

Explanation

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over TCP-based network, such as the Internet.

Question 2

Explanation

Cisco Discovery Protocol (CDP) is a proprietary protocol of Cisco so if you can see the VoIP phone via the “show cdp neighbors” command on a Cisco switch then that phone is from Cisco.

Question 3

Explanation

User Datagram Protocol (UDP) provides a connectionless datagram service that offers best-effort delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams. UDP is typically used by programs that transmit small amounts of data at one time or have real-time requirements (voice, for example).

Question 4

Explanation

CDP is a device discovery protocol that runs over Layer 2. We can view the CDP information with the show cdp neighbors command (thus the provided information is at layer 2), notice this command only shows information about directly connected devices. The output of the show cdp neighbors command is shown below:

ccna_configuration_show_cdp_neighbors.jpg

There are 3 columns you must pay attention to:

* Local interface: type & ID of the local interface on which CDP information of the neighbor were received.
* Device platform: the neighboring device model.
* Port ID: the connected interface of the neighbor.

Question 5

Explanation

After resolving a browser URL to an IP address (via DNS server), the workstation must learn the MAC address of the server so that it can create a complete packet (a complete packet requires destination MAC and IP address, source MAC and IP address). Therefore the workstation must use ARP to find out the MAC address from the IP address.

Question 6

Explanation

Before two computers can communicate over TCP, they must synchronize their initial sequence numbers (ISN) -> B is correct.

TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any fragmentation, disordering, or packet loss that may occur during transmission -> D is correct.

Question 7

Explanation

By default CDP is enabled on Cisco routers -> A is not correct.

CDP runs at Layer 2 in the OSI model and it does not need an IP address to run -> C & D are not correct.

Question 8

Explanation

Tracert (or traceroute) is used to trace the path between the sender and the destination host. Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting with TTL value = 1. The first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of 2, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets traverse, until the destination is reached and returns an ICMP Echo Reply message -> C is correct.

ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP payload part of an IP datagram -> D is correct.

Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and Linux TRACEROUTE use UDP.

Question 9

Explanation

CDP runs at Layer 2 so it can recognize a switch (if that switch also runs CDP).

Question 10

Question 11

ICND1 – IP Address

June 16th, 2017 No comments

Question 1

Explanation

The RFC 1518 is Classless Interdomain Routing (CIDR). CIDR is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables.

The problems were:

+ With the classful routing system, individual networks were either limited to 254 hosts (/24) or 65,534 hosts (/16). For many network enterprises, 254 hosts were not enough and 65,534 were too large to be used efficiently.
+ Routing information overload. The size and rate of growth of the routing tables in Internet routers is beyond the ability of current software (and people) to effectively manage.
+ Eventual exhaustion of IP network numbers.

To solve these problem, CIDR was selected as the solution in 1992.

In contrast to classful routing, which categorizes addresses into one of three blocks, CIDR allows for blocks of IP addresses to be allocated to Internet service providers. The blocks are then split up and assigned to the provider’s customers.

According to the CIDR standard, the first part of an IP address is a prefix, which identifies the network. The prefix is followed by the host identifier so that information packets can be sent to particular computers within the network. A CIDR address includes the standard 32-bit IP address and also the network prefix. For example, a CIDR address of 200.1.45.2/26, the “/26” indicates the first 26 bits are used to identify the unique network, leaving the remaining bits to identify the specific hosts.

Therefore, instead of assigning the whole block of a class B or C address, now smaller blocks of a class can be assigned. For example, instead of assigning a whole block of 200.1.45.0/24, a smaller block, like 200.1.45.0/27 or 200.1.45.32/27, can be assigned.

In fact, CIDR is specified in RFCs 1518,1519 and 1520 so answer “RFC 1519” is also acceptable.

Question 2

Explanation

In order to send traffic to multiple devices (not all) across different subnets we need to use multicast addresses, which are in the range 224.0.0.0 through 239.255.255.255 -> D is correct.

Question 3

Question 4

Question 5

Question 6

Question 7

ICND1 – Subnetting

June 15th, 2017 99 comments

Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.

Question 1

Explanation

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 172.19.20.16 (because 16 < 23)
Broadcast address: 172.16.20.31 (because 31 = 16 + 16 – 1)

In fact we don’t need to find out the broadcast address because the question only asks about subnet address (network address).

Question 2

Explanation

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 192.168.23.48 (because 48 = 16 * 3 and 48 < 61)

Question 3

Explanation

From the subnet mask of 255.255.255.248 we learn:

Increment: 8 (248 = 11111111.11111111.11111111.11111000)
Network address: 192.168.1.40 (because 40 = 8 * 5 and 40 < 42)

Question 4

Explanation

From the /20 we can find all information we need:

Increment: 16 (/20 = 11111111.11111111.11110000.00000000). This is applied for the 3rd octet.
Network address: 10.1.160.0 (because 160 = 16 * 10 and 160 = 160 -> the IP address above is also the network address.
Broadcast address: 10.1.175.255 (because 175 = 160 + 16 – 1)

Therefore only 10.1.168.0, 10.1.174.255 and 10.1.160.255 are in this range. Please notice 10.1.174.255 is not a broadcast address and can be assigned to host.

Question 5

Explanation

Increment: 32 (224 = 11111111.11111111.11111111.11100000)
Network address: x.x.x.(0;32;64;96;128;160;192;224)
Broadcast address: x.x.x.(31;63;95;127;159;191;223)
-> Last valid host (reduced broadcast addresses by 1): x.x.x.(30;62;94;126;158;190;222) -> Only B is correct.

Question 6

Explanation

Increment: 64 (/26 = 11111111.11111111.11111111.11000000)
The IP 192.168.4.0 belongs to class C. The default subnet mask of class C is /24 and it has been subnetted with a /26 mask so we have 2(26-24) = 22 = 4 sub-networks:

1st subnet: 192.168.4.0 (to 192.168.4.63)
2nd subnet: 192.168.4.64 (to 192.168.4.127)
3rd subnet: 192.168.4.128 (to 192.168.4.191)
4th subnet: 192.168.4.192 (to 192.168.4.225)

In all the answers above, only answer C and D are in the same subnet.

Therefore only IPs in this range can be assigned to hosts.

Question 7

Explanation

With network 192.168.20.24/29 we have:

Increment: 8 (/29 = 255.255.255.248 = 11111000 for the last octet)
Network address: 192.168.20.24 (because 24 = 8 * 3)
Broadcast address: 192.168.20.31 (because 31 = 24 + 8 – 1)

Therefore the first usable IP address is 192.168.20.25 (assigned to the router) and the last usable IP address is 192.168.20.30 (assigned to the sales server). The IP address of the router is also the default gateway of the sales server.

Question 8

Explanation

The number of valid host IP addresses depends on the number of bits 0 left in the subnet mask. With a /30 subnet mask, only two bits 0 left (/30 = 11111111.11111111.11111111.11111100) so the number of valid host IP addresses is 22 – 2 = 2. Also please notice that the /30 subnet mask is a popular subnet mask used in the connection between two routers because we only need two IP addresses. The /30 subnet mask help save IP addresses for other connections. An example of the use of /30 subnet mask is shown below:

slash30_subnet_mask.jpg

Question 9

Explanation

Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)
Network address: 10.16.2.0 (because 2 = 2 * 1 and 2 < 3)
Broadcast address: 10.16.3.255 (because 2 + 2 – 1 = 3 for the 3rd octet)

-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet is 10.16.3.255 255.255.254.0

Question 10

Explanation

Increment: 4 (/22 = 11111111.11111111.11111100.00000000)
Network address: 172.16.156.0 (156 is multiple of 4 and 156 < 159)

 

ICND1 – Subnetting 2

June 15th, 2017 29 comments

Note: If you are not sure about Subnetting, please read my Subnetting Made Easy tutorial.

Question 1

Explanation

AREA 1 has 500 users but it uses class C which only supports 254 users (from 192.168.1.1 to 192.168.1.254)-> A is correct.

AREA 3 also uses class C and as mentioned above it supports 254 users so it is enough for 200 users -> B is incorrect.

In AREA 2 there are only 60 users < 64 = 26 so we can use a subnet mask which has 6 bits 0 -> /26. Of course we can use larger subnets (like /25) for future expansion -> C is correct.

A large network should never use a single network-wide mask. It should be some different subnet masks to make the network flexible and easy to be summarized -> D is incorrect.

For router-to-router connection we should use a subnet mask of /30 which supports 2 hosts per subnet. This subnet mask is ideal for router-to-router connection -> E is correct.

There is no limit for IP to function if we know how to organize our network -> F is incorrect.

Question 2

Explanation

The maximum number of hosts in this question is 50 hosts so we have to use /26 subnet mask or above.

Question 3

Explanation

To support 300 workstations in a single broadcast domain, we need to use a subnet mask which supports 512 hosts = 29 -> /23 or 255.255.254.0 in decimal form -> A is correct.

If we use 48-port switches we need 300/48 = 6.25 -> seven 48-port switches are enough because we also need trunking between them -> D is correct.

We only need one router interface and it is connected with one of seven switches -> E is correct.

Question 4

Explanation

/19 = 255.255.224.0. The fast way to find out this subnet mask is to remember /16 = 255.255.0.0 and we need 3 more bits 1 for 3rd octet: 1110 0000 which is 224.

Question 5

Question 6

Explanation

Increment: 2 (/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0)
Network address: 10.16.2.0 (because 2 = 2 * 1 and 2 < 3)
Broadcast address: 10.16.3.255 (because 2 + 2 – 1 = 3 for the 3rd octet)

-> The lowest (first assignable) host address is 10.16.2.1 and the broadcast address of the subnet is 10.16.3.255 255.255.254.0

C – 192.168.1.127
D – 192.168.1.190
E – 192.168.1.192

Answer: D

Explanation

255.255.255.224 = 1111 1111.1111 1111.1111 1111.1110 0000 (binary form)

Increment: 32

First subnetwork: 192.168.1.0 -> 192.168.1.31 (A is incorrect because 192.168.1.31 is a broadcast address)
Second subnetwork: 192.168.1.32 -> 192.168.1.63
Third subnetwork: 192.168.1.64 -> 192.168.1.95 (B is incorrect because 192.168.1.64 is a network address)
Fourth subnetwork: 192.168.1.96 -> 192.168.1.127 (C is incorrect because 192.168.1.127 is a broadcast address)
Fifth subnetwork: 192.168.1.128 -> 192.168.1.159
Sixth subnetwork: 192.168.1.160 -> 192.168.1.191 (D is correct because 192.168.1.190 is the last assignable host address of this subnetwork)
Seventh subnetwork: 192.168.1.192 -> 192.168.1.224 (E is incorrect because 192.168.1.192 is a network address)

Question 7

Explanation

255.255.255.224 = 1111 1111.1111 1111.1111 1111.1110 0000 (binary form)

Increment: 32

First subnetwork: 192.168.1.0 -> 192.168.1.31 (A is incorrect because 192.168.1.31 is a broadcast address)
Second subnetwork: 192.168.1.32 -> 192.168.1.63
Third subnetwork: 192.168.1.64 -> 192.168.1.95 (B is incorrect because 192.168.1.64 is a network address)
Fourth subnetwork: 192.168.1.96 -> 192.168.1.127 (C is incorrect because 192.168.1.127 is a broadcast address)
Fifth subnetwork: 192.168.1.128 -> 192.168.1.159
Sixth subnetwork: 192.168.1.160 -> 192.168.1.191 (D is correct because 192.168.1.190 is the last assignable host address of this subnetwork)
Seventh subnetwork: 192.168.1.192 -> 192.168.1.224 (E is incorrect because 192.168.1.192 is a network address)

Question 8

Question 9

Question 10

Question 11

Explanation

The IP address of host B must be in the range of 192.168.10.32/28 subnet, which ranges from 192.168.10.32 to 192.168.10.47 (Increment: 16), except the IP addresses of 192.168.10.32, 192.168.10.46 (which are the network and broadcast addresses of the subnet), 192.168.10.33, 192.168.10.34 (which have been assigned to the interface’s router and the switch). Therefore there are only two IP addresses of 192.168.10.38 & 192.168.10.46.

Question 12

Question 13

Question 14

Question 15

Explanation

From the /28 we can find all information we need:

Increment: 16 (/28 = 11111111.11111111.11111111.11110000)
Network address: 172.19.20.16 (because 16 < 23)
Broadcast address: 172.16.20.31 (because 31 = 16 + 16 – 1)

In fact we don’t need to find out the broadcast address because the question only asks about subnet address (network address).

ICND1 – IP Routing

June 14th, 2017 55 comments

Note: The ICND1 exam requires candidates to understand basic knowledge of dynamic routing protocols (RIP, EIGRP, OSPF).

Question 1

Question 2

Explanation

By default, Cisco routers do not forward broadcast address. So what will happen if your PC does not in the same LAN with DHCP Server? Your PC (also a DHCP Client) will broadcast a packet but it is dropped by the router -> Your PC cannot get the IP from DHCP Server. So the “ip helper-address” command enables the DHCP broadcast to be forwarded to the DHCP server. For example, the IP address of your DHCP Server is 10.10.10.254 then we can type in the interface connecting with the DHCP Client (fa0/0 in this case) this command: “ip helper-address 10.10.10.254”.

IP_helper-address.jpg

Note: When a client boots up for the first time, it transmits a DHCPDISCOVER message on its local physical subnet. Because the client has no way of knowing the subnet to which it belongs, the DHCPDISCOVER is an all-subnets broadcast (destination IP address of 255.255.255.255, which is a layer 3 broadcast address). The client does not have a configured IP address, so the source IP address of 0.0.0.0 is used.

Question 3

Explanation

Routers do not look to the destination MAC address to forward packet. It will find the next destination MAC address itself to replace the old destination MAC address of the received packet.

Hubs do not care about MAC addresses, it just flood the frames out of all its port except the port that sent it.

Therefore only three switches in the exhibit above use destination MAC address to determine the next hops.

Question 4

Explanation

The destination MAC address at point A must be the MAC address of the interface fa0/0 of Toronto router -> E is correct.

Question 5

Explanation

The simple syntax of static route:

ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface}
+ destination-network-address: destination network address of the remote network
+ subnet mask: subnet mask of the destination network
+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router
+ exit-interface: the local interface of this router where the packets will go out

Therefore the purpose of this command is to send any packets with destination IP address in the range of 192.168.100.160/27 subnet to 192.168.10.2. In fact, answer C is a bit weird when saying “host 192.168.100.160” because 192.168.100.160 is the network address in this case and it cannot be assigned to a host. But answer C is the most suitable answer for this question.

Question 6

Question 7

Explanation

After receiving a packet, the router will keep the source and destination IP addresses while change the source MAC address (to the MAC address of its outgoing interface) and the destination MAC address (to the MAC address of the next-hop interface). Therefore when the packet reaches host B, the source MAC address must be the MAC address of the outgoing interface of R1.

Question 8

Explanation

Host A knows the IP address of Host B but it does not know the MAC address of host B, so it have to create an ARP Request (which is a broadcast frame) to ask for the MAC address of host B. When Router1 receives this ARP Request, it answers with its own MAC address.

Question 9

Question 10

Explanation

Along the routing path, the source and destination IP address will not change so the source IP will always be 10.1.1.16.

ICND1 – IP Routing 2

June 14th, 2017 55 comments

Note: The ICND1 exam requires candidates to understand basic knowledge of dynamic routing protocols (RIP, EIGRP, OSPF).

Question 1

Explanation

After receiving a packet, the router will keep the source and destination IP addresses (10.1.3.3 and 10.1.2.2, respectively) while change the source MAC address (to the MAC address of its outgoing interface) and the destination MAC address (to the MAC address of the next-hop interface). Therefore when the packet leaves Router1, the source MAC address must be the MAC address of the outgoing interface of Router1 (0000.000c.0124) and the destination MAC address must be the MAC of fa0/1 of R2 (0000.000c.0123).

Question 2

Explanation

A static route with 0.0.0.0 0.0.0.0 will become a default route. The default route means: “send all traffic to this IP address”. So the default route “ip route 0.0.0.0 0.0.0.0 172.16.2.2” will send all traffic to 172.16.2.2.

Question 3

Explanation

The Administrative Distance (AD) parameter must be put at the end of the “ip route” command. The default AD is 1.

Question 4

Explanation

This router only have directly connected networks (symbolized by letter “C”) and one default route out of Serial0/0. Maybe this is a stub router with only one connection to the Headquarter or to the Internet.

Question 5

Explanation

In this topology, R2 is a stub router with only one connection to the HQ network so the best way to configure routing is to set a static route (default route) to R1.

Question 6

Explanation

Host A is in a different subnet of SW-A so SW-A does not know how to send data to host A so it needs to be assigned with a default gateway. The command to assign a default gateway to a switch is “ip default-gateway “. Please notice this command only has effect when “ip routing” is disabled on SW-A.

Question 7

Explanation

The default gateway of Host A should be the connected interface of the router, except host A is connected with a Layer 3 switch. In this case, Switch A is a pure Layer 2 switch and Switch A IP address is just for management purpose.

Question 8

Question 9

Question 10

Explanation

The administrative distance of each protocol is compared to see if that route is better or not.

Question 11

Explanation

Letter “D” is used to symbolize for EIGRP (with a default AD of 90). Letter “E” is not used for EIGRP because it has been used for Exterior Gateway Protocol (EGP). It is a now obsolete routing protocol.

ICND1 – IP Routing 3

June 14th, 2017 No comments

Note: The ICND1 exam requires candidates to understand basic knowledge of dynamic routing protocols (RIP, EIGRP, OSPF).

Question 1

Question 2

Explanation

The Administrative Distance (AD) of popular routing protocols is shown below. You should learn them by heart:

EIGRP_Administrative Distances_popular_routing_protocols.jpg

Note: The AD of iBGP is 200

The smaller the AD is, the better it is. The router will choose the routing protocol with smallest AD.

In this case EIGRP with AD of 90 is the smallest one.

Question 3

Question 4

Question 5

Question 6

Explanation

After resolving a browser URL to an IP address (via DNS server), the workstation must learn the MAC address of the server so that it can create a complete packet (a complete packet requires destination MAC and IP address, source MAC and IP address). Therefore the workstation must use ARP to find out the MAC address from the IP address.

Question 7

Explanation

In this topology, R2 is a stub router with only one connection to the HQ network so the best way to configure routing is to set a static route (default route) to R1.

Question 8

Question 9

Question 10

Explanation

Link-state protocol uses hello packets to discover neighbors and establish adjacencies. After that, the routers begin sending out LSAs to every neighbor (each received LSA is copied and forwarded to every neighbor except the one that sent the LSA)

Question 11

Explanation

When one route is advertised by more than one routing protocol, the router will choose to use the routing protocol which has lowest Administrative Distance. The Administrative Distances of popular routing protocols are listed below:

EIGRP_Administrative Distances_popular_routing_protocols.jpg

ICND1 – IP Routing 4

June 14th, 2017 No comments

Note: The ICND1 exam requires candidates to understand basic knowledge of dynamic routing protocols (RIP, EIGRP, OSPF).

Question 1

Question 3

Question 4

Question 5

Explanation

A and E are correct according to the theory of RIP.

RIP version 1 updates are broadcasts, and RIP version 2 updates are multicast to 224.0.0.9 -> B is not correct.

RIP v1 is a classful routing protocol but RIP v2 is a classless routing protocol -> C is correct.

RIPv1 and RIPv2 have the same default administrative distance of 120 -> D is not correct.

RIPv2 is a classless routing protocol so it does send the subnet mask in updates -> F is not correct.

Question 6

Explanation

Host1 can ping the Serial interface of R2 because R1 has the network of 192.168.1.4/30 as directly connected route. But R1 does not know how to route to the network of Host2 (192.168.1.128/26) so R1 will drop that ping without trying to send it out S0/0 interface. To make the ping work, we have to configure a route pointing to that network (for example: ip route 192.168.1.128 255.255.255.192 s0/0 on R1).

Question 7

Explanation

The route 192.168.5.0/24 currently has the metric of 15 so this router will add 1 hop count before sending out to its neighboring router. With RIP, a metric of 16 means that network is down -> it will not be installed in the routing table of the neighboring router.

Question 8

Question 9

Explanation

The passive interface only prevents routing updates from being sent and received on that interface. It does not affect the default route. But if we configure a default route like this:

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

Then if the next-hop address is down (unreachable) then this default route would be removed from the routing table.

Question 10

ICND1 – OSPF Questions

June 13th, 2017 72 comments

Note: If you are not sure about OSPF, please read my OSPF tutorial first.

Question 1

Question 2

Question 3

Explanation

Answer A and C are obviously correct. For answer E, it allows extensive control of routing updates via Link-State Advertisement (LSA). Administrators can filter these LSAs to meet their requirements easily.

Question 4

Explanation

A is not correct because the backbone area of OSPF is always Area 0.
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address 224.0.0.5 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.

D and F are correct because these entries must match on neighboring routers:

Hello and dead intervals
Area ID (Area 0 in this case)
– Authentication password
– Stub area flag

Question 5

Question 6

Explanation

The highest IP address of all loopback interfaces will be chosen -> Loopback 0 will be chosen as the router ID.

Question 7

Explanation

OSPF uses a metric referred to as cost. The cost of the entire path is the sum of the costs of the outgoing interfaces along the path. Cisco uses a simple formula to calculate OSPF cost:

OSPF cost = 108 / Bandwidth (bit)

Therefore, a 100 Mbps FastEthernet interface will have the cost of 108 / 100,000,000 (bps) = 1

Note: Cost for interfaces with bandwidth equal or larger than 10^8 bps is normalized to 1 so a 1Gbps interface will also have OSPF cost of 1.

For “O 192.168.12.240 /30 [110/128] via 192.168.12.233, 00:35:36, Serial0″ line, the first number in the brackets is the administrative distance of the information source; the second number is the metric for the route -> In this case the second number is the OSPF cost.

Question 8

Explanation

There are 2 segments on the topology above which are separated by Corp-3 router. Each segment will have a DR so we have 2 DRs.

To select which router will become DR they will compare their router-IDs. The router with highest (best) router-ID will become DR. The router-ID is chosen in the order below:

+ The highest IP address assigned to a loopback (logical) interface.

+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.

In this question, the IP addresses of loopback interfaces are not mentioned so we will consider IP addresses of all active router’s physical interfaces. Router Corp-4 (10.1.40.40) & Branch-2 (10.2.20.20) have highest “active” IP addresses so they will become DRs.

Question 9

ICND1 – DHCP Questions

June 12th, 2017 No comments

Question 1

Explanation

We can use the “lease” command to specify the duration of the lease: lease {days [hours][minutes] | infinite}

The default is a one-day lease.

Question 2

Question 3

Explanation

The local router in this case is called a DHCP server. The main purpose of a DHCP server is to assign IP addresses to the clients. Besides that, a DHCP server can also specify the IP address of the DNS server and specify the domain name for the clients.

For more information about configuring a DHCP server, please read: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/config-dhcp-server.html

ICND1 – NAT/PAT

June 11th, 2017 36 comments

Note: If you are not sure about NAT/PAT, please read my Network Address Translation NAT Tutorial.

Question 1

Explanation

Port Address Translation (PAT) can support thousands of users connect to the Internet using only one real global IP address. With PAT, each computer will be assigned a separate port number so that the router can identify which computer should receive the return traffic.

Question 2

Explanation

The keyword “overload” specifies we are using NAT Overload (PAT) in which multiple internal hosts will use only one IP address to access external network resources.

Question 3

Explanation

On the interface connecting to the Internet of the router we have to use the command “ip nat outside” for NAT to work. It identifies that interface as the outside interface.

Question 4

Explanation

There are two types of NAT translation: dynamic and static.

Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.

In this question we only want to translate a single inside address to a single outside address so static NAT should be used.

Question 5

Explanation

When we specify a NAT “inside” interface (via the “ip nat inside” command under interface mode), we are specifying the source IP addresses. Later in the “ip nat” command under global configuration mode, we will specify the access or route map for these source addresses.

For example the command:

Router(config)# ip nat inside source list 1 pool PoolforNAT

after the keyword “source” we need to specify one of the three keywords:

+ list: specify access list describing local addresses (but this command does not require an “inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping

Question 6

Question 7

Question 8

Question 9

Explanation

After configuring all the requirements for NAT, we need to apply them to “source interface” and “outgoing” interface by going to the appropriate interfaces and type the “ip nat inside” and “ip nat outside” commands.

Question 10

Question 11

Explanation

The command ip nat inside source list 90 interface ethernet 0/0 overload means:

+ “ip nat inside”: “I want to NAT from inside to outside”
+ “list 90” means “the source IP addresses to NAT are included in Access-list 90”
+ “interface ethernet 0/0” means “NAT out of this interface”
+ “overload” means “use PAT for the IP translation”

Question 12

Explanation

The “ip nat inside” command can be applied to an interface to indicate this interface is the source NAT.

Question 13

Explanation

The outputs of the two commands “show ip nat statistics” and “show ip nat translation” are shown below:

Router#show ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 2 extended)
Peak translations: 3, occurred 5d04h ago
Outside interfaces:
  Serial1/0
Inside interfaces: 
  Ethernet0/1
Hits: 34531  Misses: 0
CEF Translated packets: 34526, CEF Punted packets: 0
Expired translations: 11
Dynamic mappings:
-- Inside Source
[Id: 1] access-list nat_traffic interface Serial1/0 refcount 2

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
Router#show ip nat translation
Pro Inside global      Inside local       Outside local      Outside global
icmp 201.15.3.5:628    10.1.1.7:628       201.15.3.17:628    201.15.3.17:628
icmp 201.15.3.5:629    10.1.1.7:629       201.15.3.6:629     201.15.3.6:629
icmp 201.15.3.5:610    10.1.1.8:610       201.15.3.17:610    201.15.3.17:610
icmp 201.15.3.5:611    10.1.1.8:611       201.15.3.6:611     201.15.3.6:611
icmp 201.15.3.5:727    10.1.1.17:727      201.15.3.17:727    201.15.3.17:727
icmp 201.15.3.5:728    10.1.1.17:728      201.15.3.6:728     201.15.3.6:728
icmp 201.15.3.5:633    10.1.1.21:633      201.15.3.17:633    201.15.3.17:633
icmp 201.15.3.5:634    10.1.1.21:634      201.15.3.6:634     201.15.3.6:634
icmp 201.15.3.5:480    10.2.2.1:480       201.15.3.17:480    201.15.3.17:480
icmp 201.15.3.5:481    10.2.2.1:481       201.15.3.6:481     201.15.3.6:481
icmp 201.15.3.5:840    10.10.123.2:840    201.15.3.17:840    201.15.3.17:840
icmp 201.15.3.5:841    10.10.123.2:841    201.15.3.6:841     201.15.3.6:841
icmp 201.15.3.5:578    10.10.123.3:578    201.15.3.17:578    201.15.3.17:578
icmp 201.15.3.5:579    10.10.123.3:579    201.15.3.6:579     201.15.3.6:579
icmp 201.15.3.5:595    192.168.1.1:595    201.15.3.17:595    201.15.3.17:595
icmp 201.15.3.5:596    192.168.1.1:596    201.15.3.6:596     201.15.3.6:596

From that we can see the correct answer should be “show ip nat statistics”.

Question 14

ICND1 – Troubleshooting

June 10th, 2017 56 comments

Question 1

Question 2

Question 3

Explanation

The ports on the switch are not up indicating it is a layer 1 (physical) problem so we should check cable type, power and how they are plugged in.

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Explanation

Serial0/0 is “administratively down”, that means this interface is shutting down.

Question 10

Question 11

ICND1 – Troubleshooting 2

June 10th, 2017 No comments

Question 1

Question 2

Question 3

Question 4

ICND1 – IPv6 Questions

June 9th, 2017 1 comment

Question 1

Explanation

There are several ways to assign IPv6 to a device:

+ Static IPv6: The IPv6 address, subnet prefix length and default gateway are configured manually in the system configuration file.
+ Dynamic Host Configuration Protocol for IPv6 (DHCPv6): this mode requires a DHCPv6 server in your LAN. This is the most used mode for IPv6 assignment. There are two methods of DHCPv6:
stateless mode: Only extended information, such as primary and optional secondary DNS server, is obtained from a DHCPv6 server. IPv6 address is not assigned, so the IPv6 address from the Ethernet configuration is set for a Static address of Ethernet interface.
stateful mode: DHCPv6 server maintains a database of leased IPv6 addresses, and assigns to the client an unused IPv6 address. The DHCPv6 server specifies also a primary and optional secondary DNS server. The DNS server is used to resolve the IP address for a known host name.
+ IPv6 Stateless Address Autoconfiguration (SLAAC): provides the ability to address a host based on a network prefix that is advertised from a local network router via Router Advertisements (RA). Notice that with this mode, the device which requires an IPV6 always receive a dynamic IPv6 address.

The question asks about “stateless assignment of IPv6 addresses” which means stateless mode of DHCPv6.

Question 2

Explanation

According to the official IANA website “Users are assigned IP addresses by Internet service providers (ISPs). ISPs obtain allocations of IP addresses from a local Internet registry (LIR) or National Internet Registry (NIR), or from their appropriate Regional Internet Registry (RIR): https://www.iana.org/numbers

Question 3

Explanation

To run IPv6 on an interface we have to configure an IPv6 on that interface somehow -> A is correct.

IPv6 must be enabled first but with the “ipv6 unicast-routing”, not “ipv6 enable” command -> D is not correct.

Question 4

Question 5

Question 6

Explanation

Leading zeros in IPv6 are optional do that 05C7 equals 5C7 and 0000 equals 0 -> D is not correct.

Question 7

Question 8

Question 9

Question 10

ICND1 – IPv6 Questions 2

June 9th, 2017 No comments

Question 1

Explanation

Answers B E F are correct because A and B are the short form of 0:0:0:0:192:168:0:1 and 2002:c0a8:0101:0:0:0:0:0042 while C are normal IPv6 address.

Answer A is correct because “::” is named the “unspecified” address and is typically used in the source field of a datagram that is sent by a device that seeks to have its IP address configured.

Answer C is not correct because a global-unicast IPv6 address is started with binary 001, denoted as 2000::/3 in IPv6 and it also known as an aggregatable global unicast address. The 2000:: (in particular, 2000::/3) is just a prefix and is not a valid IPv6 address.

In fact answer D is acceptable but it is considered the network portion of an IPv6 address so it is a worse choice than others.

The entire global-unicast IPv6 address range is from 2000::/128 to 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128, resulting in a total usable space of over 42,535,295,865,117,307,932,921,825,928,971,000,000 addresses, which is only 1/8th of the entire IPv6 address space!

Question 2

Explanation

Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10
Global address 2000::/3
Multicast address FF00::/8

From the above table, we learn that A and D are correct while B and C are incorrect. Notice that the IPv6 unicast loopback address is equivalent to the IPv4 loopback address, 127.0.0.1. The IPv6 loopback address is 0:0:0:0:0:0:0:1, or ::1.

E is not correct because of anycast addresses which are indistinguishable from normal unicast addresses. You can think of anycast addresses like this: “send it to nearest one which have this address”. An anycast address can be assigned to many interfaces and the first interface receives the packet destined for this anycast address will proceed the packet. A benefit of anycast addressing is the capability to share load to multiple hosts. An example of this benefit is if you are a Television provider with multiple servers and you want your users to use the nearest server to them then you can use anycast addressing for your servers. When the user initiates a connection to the anycast address, the packet will be routed to the nearest server (the user does not have to specify which server they want to use).

Question 3

Question 4

Question 5

Question 6

Explanation

“6to4 tunneling” is a technique which enables encapsulation of IPv6 packets into IPv4 for transport across an IPv4 network.

ICND1 – NTP Questions

June 8th, 2017 No comments

Question 1

Explanation

If you want your system to become an authoritative NTP server from which other internal routers or machines can synchronise, you can achieve this with the “ntp master” command.

Note: Use the “ntp server” to form an association with a NTP server.

Question 2

Explanation

NTP uses a stratum to describe the distance between a network device and an authoritative time source:
+ A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic clock or a GPS time source).
+ A stratum 2 NTP server receives its time through NTP from a stratum 1 time server.

ntp-stratum.jpg

Question 3

Explanation

There is no document saying the default mode of NTP is server so we assume answer A is not correct.

There is no default authentication key number -> B is not correct.

If the network has “ntp master” configured and it cannot reach any clock with a lower stratum number, the system claims to be synchronized at the configured stratum number, and other systems synchronize to it via NTP. By default, the master clock function is disabled. When enabled, the default stratum is 8 -> Answer C is not correct.

NTP sets the source IP address for all NTP packets based on the address of the interface through which the NTP packet are sent. But there is no correct answer so maybe answer D is the best choice.

ICND1 – Security Questions

June 7th, 2017 37 comments

Question 1

Explanation

This is the full command mentioned in answer A:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration.

Question 2

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

Note: The secret password (configured by the command “enable secret fortress”) is always encrypted even if the “service password-encryption” command is not used.

Also, the “service password-encryption” command encrypts both current and future passwords.

Question 3

Question 4

Explanation

By configuring the port connected with the directory PC as access port the network administrator will mitigate a lot of security issues because access port does not have as much privilege as a trunk port -> C is correct.

The port security feature can also help mitigate security issue because it can learn the MAC address of the directory PC. When another laptop is plugged into the port, the switch will automatically block or shut down that port (if suitable configuration is used) -> A is correct. But nowadays a hacker can fake the MAC address of the directory PC.

By statically assigning the MAC address to the address table, only that MAC address can access to the network -> F is correct.

Question 5

Explanation

The “service password-encryption” command encrypts passwords used by “enable password” global configuration command, as well as the password line configuration command (VTY, console) that are saved in the router configuration file.

The “service password-encryption” command encrypts both current and future passwords.

Question 6

Explanation

The command to configure port security on a switch is (in interface configuration mode):

switchport port-security mac-address sticky [MAC]

In this case we will type the server MAC address. That MAC address will be stored in the address table, and added to the switch running configuration.

Note: If we don’t specify the MAC address then the switch will dynamically learn the attached MAC Address and place it into your running-configuration

Question 7

Explanation

In the configuration above we have three passwords:

+ The “enable secret” password: sanfran
+ The “enable password” password: cisco
+ The VTY line password: sanjose

The two first “enable secret” and “enable password” are used to set password for entering privilege mode (an example of privilege mode: Router#). Both of them will be stored in the running configuration. But the password in “enable secret” command is always encrypted using MD5 hash while the password in “enable password” is in plain text.

Note: If you want to encrypt “enable password” you can use the command “service password-encryption” but it will be encrypted with a very basic form of encryption called vigenere cipher, which is very weak.

When you configure both an enable and a secret password, the secret password will be used -> B is correct.

Question 8

Explanation

All other answers are not recommended for a network security plan so only B is the correct answer.

Question 9

Question 10

ICND1 – Miscellaneous Questions

June 6th, 2017 No comments

Question 1

Explanation

Tracert (or traceroute) is used to trace the path between the sender and the destination host. Traceroute works by sending packets with gradually increasing Time-to-Live (TTL) value, starting with TTL value = 1. The first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of 2, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets traverse, until the destination is reached and returns an ICMP Echo Reply message -> C is correct.

ICMP is encapsulated in an IP packet. In particular, the ICMP message is encapsulated in the IP payload part of an IP datagram -> D is correct.

Note: The TRACERT command on Windows Operating System uses ICMP while MAC OS X and Linux TRACEROUTE use UDP.

Question 2

Explanation

The output above is unclear. Normally when we use this command we can see the type of serial connection on this interface, for example “V.35 DCE cable. Below is an example of the same command as above:

RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22

Or

RouterB#show controllers serial 0
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22

but in this case we only get “V.35 cable”. So in fact we are not sure about the answer C. But the output above also does not have any information to confirm other answers are correct or not.

Just for your information, the V.35 male and V.35 female cable are shown below:

v.35_female.jpgv.35cable_male.jpg

Question 3

Question 4

Question 5

Explanation

The ping command first sends an echo request packet to an address, then waits for a reply. The ping is successful only if:
+ The echo request gets to the destination, and
+ The destination is able to get an echo reply back to the source within a predetermined time called a timeout. The default value of this timeout is two seconds on Cisco routers.

(Reference: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/12778-ping-traceroute.html)

ICND1 – Wireless Questions

June 5th, 2017 No comments

Question 1

Explanation

Many Cisco access points offer single or double (dual) radio (2.4 and 5.0 GHz).

Note: The wireless controller automates wireless configuration and management functions. It does not connect directly to users.

ICND1 – Drag and Drop

June 4th, 2017 59 comments

Question 1

+ ARP: A PC sends packets to the default gateway IP address the first time since the PC turned on.
+ ICMP: The network administrator is checking basic IP connectivity from a workstation to a server.
+ DNS: The TCP/IP protocol stack must find an IP address for packets destined for a URL.
+ DHCP: A network device will automatically assign IP addresses to workstations.

Question 2

+ NAT: A PC with address 10.1.5.10 must access devices on the Internet.
+ DHCP: Only routers and servers require static IP addresses. Easy IP administration is required.
+ DNS: A PC only knows a server as MediaServer. IP needs to send data to that server.
+ OSPF: A protocol is needed to replace current static routes with automatic route updates.

Question 3

+ SNMP: a protocol used to monitor and manage network devices
+ FTP: a reliable, connection-oriented service that uses TCP to transfer files between systems
+ TFTP: a connectionless service that uses UDP to transfer files between systems
+ DNS: a protocol that converts human-readable names into machine-readable addresses
+ DHCP: used to assign IP addresses automatically and set parameters such as subnet mask and default gateway

Question 4

service password-encryption encrypt all clear text passwords
line console 0
password friendS0nly
protect access to the user mode prompt
enable secret noWay1n4u set privileged mode encrypted password
line vty 0 4
password 2hard2Guess
set password to allow Telnet connections
enable password uwi11NeverNo set privileged mode clear text password

Question 5

+ application layer: SMTP
+ transport layer: TCP
+ internet layer: IP
+ network access layer: Ethernet

ICND1 – Security Testlet

December 30th, 2016 535 comments

Question

 

 

Security_SIM.jpg

Not sure about the requirement of this question but it is something like this:

Before this switch and router can be put to use in the network, what security risks can be found…

Read more…

Share your ICND1 v3.0 Experience

September 16th, 2016 3,019 comments

The ICND1 100-105 exam has come to replace the old ICND1 100-101 exam. We create the “Share your ICND1 v3.0 Experience” for everyone to share their experience after taking this exam.

Please share with us your experience after taking the ICND1 100-105 exam, your materials, the way you learned, your recommendations… But please DO NOT share any information about the detail of the exam or your personal information, your score, exam date and location, your email…