04 0789737132 ch01ptgmedia.pearsoncmg.com/images/9780789737137/index/... · 2009. 6. 9. · troubleshooting commands list, 862 verification commands list, 862 switch configuration

Index

NUMBERS3-layer hierarchical models. See hierarchical models3DES (Triple Data Encryption Standard algorithm),

IPsec encryption, 81810-Gigabit Ethernet (10GbE), 9310BASE-FL Ethernet networks, 8910BASE-T Ethernet networks, 8910BASE2 Ethernet networks, 8810BASE5 Ethernet networks, 89100BASE-FX, 90100BASE-T4, 90100BASE-TX, 90802.11 (wireless networks), 560-561

802.11a, 63-64, 567802.11b, 63-64, 567802.11g, 63-64, 567-568802.11i (WPA2), wireless network security, 584802.11n, 568channel surfing, 565data transmission, 562-563IEEE, 561ITU-R, 561overlapping signals, 564-565RF bands, 563-564Wi-Fi Alliance, 561

802.1q trunks, VLAN, 508-510802.1x (wireless authentication), 585-586802.3. See Ethernet802.3u. See Fast Ethernet1000BASE-T, 911000BASE-X, 92

AAAA (Authentication, Authorization, Accounting),

network security, 122, 125ABR (Area Border Routers), 397access attacks

man-in-the-middle attacks, 116network security, 837

32_0789737132_index.qxd 11/20/07 6:54 PM Page 943

944

password attacks, 115port redirection, 116trust exploitation, 116

Access layer (hierarchical models), 34access lists

extended access lists, 869-872functions of, 869interfaces, applying to, 870“permit all” statements, 872standard access lists, 869, 872TCP port numbers, 871UDP port numbers, 872verifying, 872vty ports, applying to, 870

access ports, 503access rates (local), Frame Relay, 877access-group command, 618access-list command, 610, 614ACK packets, 28ACL (Access Control Lists), 604

deny statements, 604-606Dial-on-Demand routing, 608extended ACL

blocking subnets, 626-630configuring, 620-626restricting HTTP/HTTPS access, 631-632

IOS formatting, 606named ACL, configuring, 632-633NAT, 609network security, 123-125packet filtering, 607permit statements, 604-606QoS, 608route filtering, 609standard ACL

configuring, 610-613isolating networks, 616-619placement of, 614-615restricting VTY access, 619verifying, 613-614

verifyingshow ip access-lists command, 636show ip interface command, 635show running-config command, 634

ACTIVE states (PVC), 769ad hoc wireless networks, 587adjacnecy tables. See neighbor tablesadministration routing distances (default), 857-858administrative distances (IOS), 324advanced distance vector routing protocols. See

balanced hybrid routing protocolsAdvanced NAT wizard (NAT Configuration window),

663-669advertised distances, neighbor routers, 419AES (Advanced Encryption Standard algorithm),

IPsec encryption, 818AH (Authentication Headers), IPsec, 822ambiguous command syntax errors, IOS, 845answers (practice exams), 901-909AP (Access Points), wireless networks

BSS, 588ESS, 588troubleshooting, 593

Application layerOSI model, 16-17

functions of, 829protocols list, 830

TCP/IP model, 26-27area command, OSPF, 409areas (link-state routing protocols), 395-398ARP (Address Resolution Protocol), 33

Inverse ARP, 765Proxy ARP, 137RARP, 137

asynchronous serial interfaces, 188ATM (Asynchronous Transfer Mode), WAN, 726-727attenuation, 57authentication

802.1x (wireless authentication), 585-586IPsec, VPN, 820PPP, 729, 875-876

callbacks, 731CHAP, 730-731, 734-736compression, 732configuring, 734-736MPPC, 733MPPP, 733

access attacks

32_0789737132_index.qxd 11/20/07 6:54 PM Page 944

cable945

PAP, 730Predictor algorithm, 732Stacker algorithm, 732

wireless networks, 868autonomous systems, 339auxiliary ports, 210

password configuration, 537-538User EXEC access, securing, 248

Bbackbone areas (OSPF), 397BackboneFast

configuring, 478STP, 852verifying activation, 479

backups, TFTP servers, 267-269balanced hybrid routing protocols, 416bandwidth, 56, 833

EIGRP configuration, 423OSPF, cost values based on bandwidth chart, 863

bandwidth command, router configuration, 254banner motd (message of the day command), 242banners

login banners, creating, 242SDM, changing in, 297

baseband, WAN, 722Basic NAT wizard (NAT Configuration window),

659-663BDR (Backup Designated Routers), OSPF elections,

401-403BECN (Backwards Explicit Congestion Notifications),

761, 877BGP (Border Gateway Protocols), 340binary, 137

binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141, 150, 840

blockingports, 447, 451subnets, extended ACL, 626-630

Bluetooth technology, 64Boolean AND, 146-147boot processes, IOS, 843

boot system command, 241bootstrap process, 213BPDU (Bridge Protocol Data Units)

blocked ports, 451designated ports, 450inferior BPDU, 478root ports, 448-449RSTP topology changes via, 485spanning-tree portfast bpduguard command, 479

BPDU Guard, 477configuring, 478verifying activation, 479

BRI (Basic Rate Interfaces), 187-188, 836bridges, 97

blocked ports, 451Bridge ID, 447-449designated ports, 450diameters, 454frame-forwarding, 444MAC filtering, 98primary tasks of, 95root bridges

changing switch priorities in STP, 458root ports, 448-449STP, 447-449

broadband, WAN, 722broadcast addresses, 83broadcast domains, 832broadcast IP, 144, 149broadcast multiaccess topologies (OSPF), 400-403broadcast storms, 446BSS (Basic Service Sets), WAP, 588bus topologies, 52-53

Ccable

coaxial cable, 57-58cross-over cable, 60fiber-optic cable, 62rolled cable, 61straight-through cable, 59twisted-pair cable, 58-61, 833

How can we make this index more useful? Email us at [email protected]

32_0789737132_index.qxd 11/20/07 6:54 PM Page 945

946

call setups. See three-way handshakescallbacks, PPP authentication, 731CAM (Content Addressable Memory) tables, 442catalyst switches, securing, 195

physical access to, 536terminal access to, 537-539

CD-ROMinstalling, 912test modes, 911

CDP (Cisco Discovery Protocol), 270disabling, 273Layer 2 security, 546no cdp enable command, 273no cdp run command, 273show cdp neighbors command, 271

certification mode (CD-ROM), 911channel surfing (wireless networks), 565channel-group command, EtherChannel

assignments, 480CHAP (Challenge Handshake Authentication

Protocol), PPP authentication, 730-731, 734-736, 875

CIDR (Classless Interdomain Routing), 147, 338, 840CIR (Committed Information Rates), 760-762, 877circuit-switched networks (WAN), 721, 874classful network boundaries, RIP, 369classful routing, 333-334, 859classless routing, 333-339, 859clear ip nat translations * command, troubleshoot-

ing NAT, 676, 707client mode (VTP), 512clientless SSL VPN (Secure Socket Layer Virtual

Private Networks), 813clock rate command, router configuration, 254coaxial cable, 57-58collision domains, 95, 832commands

context-sensitive help, 844displaying, 844EIGRP

troubleshooting commands list, 866verification commands list, 866

interface configuration commands list, 847

IOSabbreviations, 224common syntax errors, 226-227global configuration, 845listing, 223shortcut keys, 225

OSPFtroubleshooting commands list, 865verification commands list, 865

RIPtroubleshooting commands list, 862verification commands list, 862

switch configuration commands list, 847compression

MPPC, PPP authentication, 733PPP, 732, 736, 875-876

config-register command, 240configure command, 221. See also Global

Configurationconfiguring

access lists, extended access lists, 871ACL

extended ACL, 620-626named ACL, 632-633standard ACL, 610-613

BackboneFast, STP, 478BPDU Guard, STP, 478default routers, SDM, 329-330dynamic NAT, 695-698EIGRP, 422, 866

bandwidth, 423ip default-network command, 424stub routing, 424unequal-path load balancing, 423-424via SDM, 425

Frame Relay, 879multipoint interfaces, 773-779point-to-point interfaces, 780-785single neighbors, 767-772

interface commands list, 847IOS, global configuration commands list, 845IPv6 autoconfiguration, 164

call setups

32_0789737132_index.qxd 11/20/07 6:54 PM Page 946

cut-through method (frame-forwarding)947

NAT, 659NAT Overload/PAT, 873Static NAT, 873

NAT overload, 699-704advanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675

OSPF, 407-408, 864loopback interfaces, 404via SDM, 410-411wildcard masks, 405-407

PortFast, STP, 478PPP

authentication, 734-736compression, 736

RIP, 368-370, 374, 862RIPv2, 373routers, 255

assigning duplexes, 253assigning IP addresses, 252assigning speed to, 253backing up IOS files via TFTP servers,

268backing up via TFTP servers, 267-269bandwidth command, 254clock rate command, 254enabling interfaces, 253LAN-specific commands, 253no keepalives command, 253no shutdown command, 253returning to default configurations, 255saving configurations, 254verifying configurations, 257-258WAN-specific commands, 254

SDMbanners, 297domain names, 297global configurations, 296-297, 301-306host names, 297router interface configuration, 306-308secret passwords, 297

static NAT, 689-695

static routers, SDM, 329-330STP, 852subinterfaces, Frame Relay, 773switches

assigning IP addresses via DHCP, 456-457assigning management IP addresses to, 455backing up IOS files via TFTP servers, 268backing up via TFTP servers, 267-269configuration commands list, 847defining default gateways, 455multiple switch interfaces, 457returning to default configurations, 255

trunks, 855UplinkFast, STP, 478VLAN, 505, 854

802.1q trunks, 509DTP dynamic trunks, 510ISL trunks, 509

VTP, 514-515, 856WAN, PPP, 875-876

Connection-Oriented Communication sessions, 28console access, securing to USER EXEC, 246-247console ports, 209context-sensitive help, commands, 844copy command, 254, 270, 847-848copy running-config flash command, 269copy tftp flash command, 269Core layer (hierarchical models), 35-36counts to infinity, mitigating, 363CPE (Customer Premise Equipment), 189CRC (Cyclic Redundancy Checks), 444cross-over cable, 60crosstalk, 57, 833crypto key generate rsa command, 246CSMA/CD (Carrier Sense Multiple Access Collision

Detection), 88, 445CSU/DSU (Channel Service Units/Data Service

Units), 189-190, 724Ctrl+Shift+6 keyboard shortcut, suspending Telnet

sessions, 274-275custom mode (CD-ROM), 911cut-through method (frame-forwarding), 444


32_0789737132_index.qxd 11/20/07 6:54 PM Page 947

948

Ddata integrity, IPsec, 820Data Link layer (OSI model), 21-23, 94

bridges, 97MAC filtering, 98primary tasks of, 95

Ethernetaddressing, 81-84framing, 85-87

FDDI protocols, 80-81functions of, 829switches, 95, 98-99Token Ring protocols, 78-79

Data Link WAN encapsulationsATM, 726Frame Relays, 726HDLC, 726LAPB, 726PPP, 726PPPoA, 727PPPoE, 727SLIP, 725

data packets, Network layer (OSI model) routing, 168data transmission, wireless networks, 562-563DCE (Data Communications Equipment), 23,

188, 836DDoS (Distributed Denial of Service) attacks, 119DE (Discard Eligible), 877dead/invalid timers, 367debug command, 266-267, 377debug frame-relay lmi command, troubleshooting

Frame Relays, 788debug ip eigrp command, 427debug ip nat command, troubleshooting NAT, 706debug ip ospf command, 415debug ppp authentication command, 740, 876debug spanning-tree command, 461decimals

binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141-142, 150, 840decimal-to-hexadecimal conversion, 142-143

default administrative routing distances, 857-858

default gateways (routing), 320-321default routes, 328, 858

configuring via SDM, 329-330verifying, 330-331

default-information originate command, OSPF, 410delays (forward), 454DELETED states (PVC), 770demarcation points, 189deny statements, ACL, 604-606DES (Data Encryption Standard algorithm), IPsec

encryption, 817description command, assigning descriptions to

router interfaces, 253designated ports

RSTP, 486STP, 450

Desktop layer (hierarchical models). See Accesslayer (hierarchical models)

Destination Unreachable error messages (ICMP),265, 837

device monitoring, SDM, 309DH (Diffie-Hellman) key exchange algorithm, VPN

encryption, 818DHCP (Dynamic Host Configuration Protocol), 850

IOS, 278ip dhcp excluded-address ip-address

command, 277ip dhcp pool poolname command, 276show ip dhcp binding command, 277

IP addressesassigning to switches, 456-457IPv6 autoconfiguration, 164

router amnesia, 278SDM, configuring, 304, 306

dial-on-demand connections (WAN), 721Dial-on-Demand routing, 608Dijkstra Shortest Path First (SPF) algorithms, 394discovery protocol, 849displaying commands, 844distance vector routing protocols, 340. See also

routing loopshold-down timers, 861maximum hop counts, 860operations of, 358-359

data integrity

32_0789737132_index.qxd 11/20/07 6:54 PM Page 948

EIGRP (Enhanced Interior Gateway Routing Protocol)949

RIP, 861-862routing poisoning with poison reverse, 861split horizon, 861updates, 861

distribution frames, 62Distribution layer (hierarchical models), 35DLCI (Data Link Connection Identifiers), 759-760, 877

inverse ARP, 765, 878static mappings, 878

DNS (Domain Name Servers)SDM, configuring, 302TCP/UDP support, 30

DoD (Department of Defense) models. See TCP/IPmodel

domainscollision domains, segmenting/creating, 95names

changing in SDM, 297configuring resolution, 244-245

DoS (Denial of Service) attacksDDoS attacks, 119network security, 838wireless networks, 581

DR (Designated Routers), OSPF elections, 401-403DRAM (Dynamic Random Access Memory), 191.

See also RAMDS1 (Digital Signal level 1) services, 188DTE (Data Terminal Equipment), 23, 189-190, 836DTP (Dynamic Trunk Protocol), VLAN, 510DUAL algorithms (EIGRP), 419-421duplexes

interfaces, 851logic, 99router assignments, 253

dynamic DTP trunks, VLAN, 510dynamic NAT (Network Address Translation), 655,

686, 695-698, 873dynamic routing protocols, 331, 858

distance vector routing protocols, 340hold-down timers, 861maximum hop counts, 860RIP, 861-862RIPv2, 861

route poisoning with poison reverse, 861split horizon, 861updates, 861

EG, 859hybrid routing protocols, 341, 860

balanced hybrid routing protocols, 416EIGRP, 417-427, 865-866

IG, 859interior/exterior gateway routing protocols, 339link state routing protocols, 340-341, 860

areas, 395LSA, 394LSU, 395neighbor tables, 394OSPF, 396-415, 862-865SPF, 394

redistribution, 860routed protocols versus, 331routing metrics, 859routing updates, 859

EEdit NAT Configuration window (SDM), 670-672EG (Exterior Gateway) routing protocols, 859EIA/TIA (Electronic Industries

Association/Telecommunications IndustryAssociation), 190

EIGRP (Enhanced Interior Gateway RoutingProtocol)

characteristics of, 417-418, 865-866configuring, 422, 866

bandwidth, 423ip default-network command, 424stub routing, 424unequal-path load balancing, 423-424via SDM, 425

DUAL algorithms, 419-421feasible successor routes, 419SIA timers, 421stub routing, 421, 424successor routes, 419-421troubleshooting, 427, 866verifying, 425-427, 866


32_0789737132_index.qxd 11/20/07 6:54 PM Page 949

950

eigrp stub command, EIGRP stub routing configuration, 424

EMI (Electromagnetic Interference), 57enable password command, 243, 251, 846enable secret command, 243, 251, 539, 846encapsulation, 24

Frame Relay, 767, 770-771PPP, 875

encapsulation frame-relay command, 768encryption

IPsec, 124-125, 816-820SSH, 124-125SSL, 124-126VPN, 816-820, 880wireless networks, 867

WEP, 582-583WPA, 584WPA2, 584

erase startup-config command, 255ESP (Encapsulating Security Payload), IPsec, 822ESS (Extended Service Sets), WAP, 588EtherChannel, 479-481, 852Ethernet, 87

10BASE-FL, 8910BASE-T, 8910BASE2, 8810BASE5, 8910GbE, 93802.3, 89, 834802.3ab, 834802.3u, 91, 834802.3z, 92-93, 834addressing, 81-84Fast Ethernet, 90framing, 85-87, 835Gigabit Ethernet

1000BASE-T, 911000BASE-X, 92GBIC, 187ports, 187

LRE, 93Metro Ethernet, WAN, 723switch interfaces. See ports

exams (practice)answers, 901-909MeasureUp, 912-913questions, 881-899

EXEC, 211IOS terminal access methodologies, 843ping command, 265Priveleged EXEC, 220. See also configure

commandaccess, security, 846debug command, 266-267passwords, assigning, 243ping command, 266Telnet, virtual terminal access, 275terminal monitor command, 275-276

Telnet, virtual terminal access, 274-276User EXEC

access security, 845auxiliary access, securing, 248console access, securing, 246-247overview, 219SSH access security, 248-251Telnet, 248-251, 275

exec-timeout command, 247, 539extended access lists, 869-872extended ACL (Access Lists), 620

blocking subnets, 626-630configuring, 620-626restricting HTTP/HTTPS access by, 631-632

exterior/interior gateway routing protocols, 339

FFast Ethernet, 90FCS (Frame Check Sequence) fields, 508FDDI (Fiber Distributed Data Interface) protocol,

80-81feasible distances (local routers), 419feasible successor routes, 419feature sets (IOS), 192FECN (Forward Explicit Congestion Notifications),

762, 877FEXT (Far-End Crosstalk), 57fiber-optic cable, 62, 833

eigrp stub command, EIGRP stub routing configuration

32_0789737132_index.qxd 11/20/07 6:54 PM Page 950

Global Configuration951

filteringMAC addresses, 443packets, 607routes, 609

firewalls, 125-126, 814flapping, 396Flash, 191

copy running-config flash command, 269copy tftp flash command, 269distance vector routing protocol updates, 861show flash command, 262

flash updates (routers), 367floating static routes, 327, 858FLSM (Fixed Length Subnet Masks), 334formatting ACL, IOS, 606forward delays, 454fragment-free method (frame-forwarding), 444fragmentation, MLPPP, 733Frame Relay, 754. See also NBMA networks

address mapping, 765-766BECN, 761, 877CIR, 760-762, 877configuring, 879

multipoint interfaces, 773-779point-to-point interfaces, 780-785single neighbors, 767-772

DE, 877DLCI, 759-760, 877-878encapsulation, 767, 770-771FECN, 762, 877LMI, 759, 877Local Access Rates, 760, 877PVC, 769-770show frame-relay map command, 772, 777show frame-relay pvc command, 769, 777subinterfaces

configuring, 773multipoint subinterfaces, 764overview, 764point-to-point subinterfaces, 765

troubleshooting, 786-789, 879verifying operation of, 785-786

virtual circuits, 755CIR, 877full mesh topologies, 757, 877hub and spoke topologies, 756, 876multipoint subinterfaces, 877partial mesh topologies, 757, 877point-to-point subinterfaces, 877PVC, 758, 877-878SVC, 758-759, 877-878

WAN, 726frame-forwarding, 442-444, 850full duplex connections (switches), 445full mesh topologies (virtual circuits), 757, 877full-duplex modes, 99

Ggain, 65gateways

routersdefault gateways, 320-321interior/exterior gateway routing

protocols, 339switches, defining default gateways, 455

GBIC (Gigabit Interface Converters), 187Gigabit Ethernet

10-Gigabit Ethernet (10GbE), 931000BASE-T, 911000BASE-X, 92GBIC, 187overview, 91ports, 187

Global Configuration, 221banner motd (message of the day command), 242boot sequences, changing, 240-241boot system command, 241config-register command, 240crypto key generate rsa command, 246domain name resolution, configuring, 244-245enable password command, 243enable secret command, 243host names, changing, 242hostname command, 242


32_0789737132_index.qxd 11/20/07 6:54 PM Page 951

952

interface configuration, 222IOS commands list, 845ip dhcp excluded-address ip-address

command, 277ip domain-name command, 245ip host command, 244ip name-server command, 245line configuration, 222-223login banners, creating, 242no cdp enable command, 273no cdp run command, 273Privileged EXEC mode, assigning passwords

to, 243SDM, 296

banners, 297DHCP, 304-306DNS, 302domain names, 297host names, 297router access, 301secret passwords, 297

service password-encryption command, 244service timestamp command, 267SSH, 245-246

global IP addresses, 162, 842, 873global/local (NAT), 657, 687

Hhacking wireless networks, 581half-duplex connections, switches, 445half-duplex modes, 99hashing

algorithms, 821passwords, 731

HDLC (High-Level Data Link Control), 726-727, 874help

context-sensitive help, commands, 844technical support, 913

hexadecimals, 142-143hierarchical models, 33-34

Access layer, 34Core layer, 35-36Distribution layer, 35overview, 33-34

hold-down timers, 366, 861hop counts, distance vector routing protocols, 860host names, changing, 242, 297hostname command, 242HSSI (High-Speed Serial Interfaces), 188HTTP (Hypertext Transfer Protocol), 210, 631-632HTTPS (Secure Hypertext Transfer Protocol),

631-632hub and spoke topologies

EIGRP, stub routing, 421virtual circuits, 756, 876

hubs, 65hybrid routing protocols, 341, 860

balanced hybrid routing protocols, 416EIGRP

characteristics of, 417-418, 865-866configuring, 422-425, 866DUAL algorithms, 419-421feasible successor routes, 419SIA timers, 421stub routing, 421, 424successor routes, 419-421troubleshooting, 427, 866verifying, 425-427, 866

IIANA (Internet Assigned Numbers Authority), IP

addressesassigning, 137, 148private addresses, class ranges of, 840

ICMP (Internet Control Messaging Protocol), 136, 165

Destination Unreachable error messages, 265, 837

overview, 32-33PING command, 265, 837traceroute command, 266, 837

IDF (Intermediate Distribution Frames), 62IDS (Intrusion Detection Systems), 125-126IEEE (Institute of Electrical and Electronic

Engineers), 561, 834IEEE 802.3. See EthernetIEEE 802.3ab. See Gigabit EthernetIEEE 802.3u. See Fast Ethernet

Global Configuration

32_0789737132_index.qxd 11/20/07 6:54 PM Page 952

IP (Internet Protocol) addresses953

IEEE 802.3z. See Gigabit EthernetIFS (Integrated File Systems), 270IGP (Interior Gateway Protocols), 339, 859IGRP. See EIGRPimage files, naming (IOS), 193INACTIVE states (PVC), 770incomplete command syntax errors, IOS, 845inferior BPDU, 478information queries (reconnaissance attacks), 118infrared technology, 64inside global addresses (NAT), 657, 873inside local addresses (NAT), 657, 688, 873inside/outside (NAT), 657, 687installing

CD-ROM, 912SDM, 295

interface configuration (Global Configuration), 222, 847

interface range command, 457, 480interface status values (show command), 848interior/exterior gateway routing protocols, 339Internet, isolating internal networks from, 618-619Internet layer (TCP/IP model), 31-33internetworks, 10

LAN, 11layered architecture. See OSI modelMAN, 12SAN, 14VAN, 14WAN, 12-13

interVLAN routing, 517, 856routers “on a stick,” 517-519security, 857SVI, 519-520

invalid input syntax errors, IOS, 845invalid/dead timers, 367Inverse ARP, 765, 878inverse masks. See wildcard masksIOS (Internetworking Operating System), 191-193

ACL, formatting, 606administrative distances, 324boot processes, 843

commandsabbreviations, 224common syntax errors, 226-227context-sensitive help, 844displaying, 844listing, 223shortcut keys, 225

configuration files, creating static entries,244-245

DHCP, 276-278EXEC access methodologies, 843feature sets, 192file naming conventions, 836Global Configuration. See also configure

commandcommands list, 845interface configuration, 222line configuration, 222-223

image files, naming, 193loading, router/switch start-up, 213-216navigation modes, 844Privileged EXEC, 220routers, backing up via TFTP servers, 268security

enable password command, 846enable secret command, 846network security, 123-125privileged EXEC access, 846service password-encryption command, 846SSH, 846user EXEC access, 845

show flash command, 262show version command, 262-263syntax errors, 845terminal editing keystrokes, 844trains, 192User EXEC, 219

IP (Internet Protocol) addresses, 31, 137binary

binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141, 150

Boolean AND, 146-147broadcast IP, 144, 149


32_0789737132_index.qxd 11/20/07 6:54 PM Page 953

954

hexadecimals, 142-143IPv4

address classes, 143-145class ranges of, 839classes of, 839default subnet masks, 839IPv6 integration, 164, 842private (RFC 1918) addressing, 148subnet masks, 146-150, 156subnetting IP, 149-159

IPv6address format, 160-161autoconfiguration, 164communications, 160format summary, 841global addresses, 162, 842ICMPv6, 165IPv4 integration, 164, 842link-local addresses, 161multicast addresses, 163, 842site-local addresses, 162, 842unique addresses, 162, 842

management addresses, assigning to switches, 455

NAT, 148, 653, 873network ID, 144routers

assigning to, 252verifying assignment in, 277

SDM, assigning to, 306subnet ID, 144subnets, 841switches, assigning to via DHCP, 456-457

ip address dhcp command, 457ip command, configuring named ACL, 632ip default-gateway command, 456ip default-network command, EIGRP

configuration, 424ip dhcp excluded-address ip-address command, 277ip dhcp pool poolname command, 276ip domain-name command, 245ip host command, 244ip name-server command, 245

ip nat inside commandNAT overload configuration, 661troubleshooting NAT, 705

ip nat outside command, NAT overload configura-tion, 661

ip ospf cost command, OSPF, 410ip ospf priority command, OSPF, 410ip summary-address eigrp command, EIGRP

configuration, 424IPS (Intrusion Prevention Systems), 125-126, 586IPsec (Internet Protocol Security)

AH, 822ESP, 822network security, 124-125VPN, 815

authentication, 820data integrity, 820DH (Diffie-Hellman) key exchange

algorithm, 818encryption, 816-817SSL, 819-820

IPv4 (Internet Protocol version 4) addresses, 838.See also CIDR

address classes, 143-145class ranges of, 839classes of, 839default subnet masks, 839IPv6 integration, 164, 842private (RFC 1918) addressing, 148subnet masks, 146-150, 156subnetting IP, 149-151

calculating hosts, 152-153calculating increments, 155-157calculating networks, 153-154determining range of valid IP, 158-159zero subnet rule, 155

IPv6 (Internet Protocol version 6) addressesaddress format, 160-161autoconfiguration, 164communications, 160format summary, 841global addresses, 162, 842ICMPv6, 165IPv4 integration, 164, 842

IP (Internet Protocol) addresses

32_0789737132_index.qxd 11/20/07 6:54 PM Page 954

link state routing protocols955

link-local addresses, 161, 842multicast addresses, 163, 842site-local addresses, 162, 842unique addresses, 162, 842

ISDN (Integrated Services Digital Networks), BRI,187-188

ISL (Inter-Switch Link) protocol, trunks, 508-510ISO HDLC (PPP), 729isolating networks via standard ACL, 616-619ITU-R (International Telecommunication Union-

Radiocommunication Sector), 561

J - K - Lkeyboard shortcuts, suspending Telnet sessions,

274-275keystrokes, IOS terminal editing, 844

LAN (Local Area Networks), 11, 186-187router configuration, 253VLAN, 502

access ports, 503configuring, 505, 854interVLAN routing, 517-520, 856-857Layer 2 security, 543-545management VLAN, 504membership methods, 503single-switch scenarios, 504subinterfaces, 517-518troubleshooting, 522-523trunks, 506-510, 855verifying, 506VMPS, 504voice VLAN, 520-521, 855VTP, 511-517, 546

WLANhacking, 581Spread Spectrum Wireless LAN, 833

LAPB (X.25 Link Access Procedure, Balanced),WAN Data Link encapsulations, 726

Layer 1, 23-24. See also Physical layerLayer 2 security, 21-23. See also Data Link layer

(OSI model)CDP, 546

port security, 540static MAC addresses, 541verifying, 542-543

VLAN, 543-545VTP, 546

Layer 3 switches, 20, 165, 168. See also Networklayer (OSI model)

interVLAN routing, 856-857purpose of, 842

Layer 4, 19. See also Session layer (OSI model);Transport layer (OSI model)

Layer 5, 18. See also Session layer (OSI model)Layer 6, 17. See also Presentation layer (OSI

model)Layer 7, 16-17. See also Application layerlayered architectures. See OSI modelLCP (Link Control Protocol), PPP authentication, 729

callbacks, 731CHAP, 730-731, 734-736compression, 732MPPC, 733MPPP, 733PAP, 730Predictor algorithm, 732Stacker algorithm, 732

leased-line networks (WAN), 721, 874Line Configuration, 222-223

enable password command, 251enable secret command, 251exec-timeout command, 247logging synchronous command, 247service password-encryption command, 251User EXEC, securing

auxiliary access, 248console access, 246-247SSH access, 248-251Telnet access, 248-251

link state routing protocols, 340-341, 860areas, 395LSA, 394LSU, 395neighbor tables, 394


32_0789737132_index.qxd 11/20/07 6:54 PM Page 955

956

OSPF, 396area command, 409areas, 396-398BDR elections, 401-403broadcast multiaccess, 400-403characteristics of, 396-403, 862-863configuring, 404-411, 864cost values based on bandwidth chart, 863default-information originate command, 410DR elections, 401-403initializing, 404ip ospf cost command, 410ip ospf priority command, 410loopback interfaces, 404metrics, 399NBMA, 400point-to-point, 400router ID, 399-400troubleshooting, 415, 865verifying, 412-414, 865wildcard masks, 405-407

SPF, 394link-local IPv6 addresses, 161, 842LLC (Logical Link Controls), 22-23LMI (Local Management Interfaces), 759, 877load balancing (unequal-path), EIGRP, 423-424Local Access Rates, 760, 877local IP addresses, NAT, 873local routers, feasible distances, 419local/global (NAT), 657, 687log command, configuring standard ACL, 612logging synchronous command, 247login banners, 242longest match rule, 343loopback interfaces, 400, 404loops (routing), 360-362

counts to infinity, 363invalid/dead timers, 367route poisoning, 365-366split horizons, 363-364, 763triggered updates, 367

lower layers (OSI model), 18LRE (Long Reach Ethernet), 93LSA (Link-State Advertisements), 394LSU (Link-State Updates), 395

MMAC (Media Access Control) addresses, 22, 834.

See also Ethernet, addressingCAM tables, 442filtering, 98, 443limitations of, 759ports, limiting in, 540router assignments, 166static MAC addresses, switch port security, 541

man-in-the-middle attacks, network security, 116management IP addresses, assigning to

switches, 455management VLAN (Virtual Local Area

Networks), 504MAN (Metropolitan Area Networks), 12mapping NAT port numbers, 668-669max age timers, 453MD5 (Message Digest 5) hashing algorithm, 821MDF (Main Distribution Frames), 62MeasureUp practice tests, 912-913memberships, VLAN, 503memory

components of, 191types of, 836

mesh topologies, 55Metro Ethernet, WAN, 723microsegmentation, 100mitigating network attacks

AAA, 122, 125ACL, 123-125encryption, 124-126IOS security, 123-125

MLPPP (Multilink Point-to-Point Protocol), PPPauthentication, 733

modules, routers, 194-195MPPC (Microsoft Point-to-Point Compression),

733, 875multicast addresses, 83, 163, 842multilayer switches, 168multimode (MM) fiber-optic cable, 62multipoint subinterfaces, 764, 877

link state routing protocols

32_0789737132_index.qxd 11/20/07 6:54 PM Page 956

networks957

Nnamed ACL (access lists), configuring, 632-633naming conventions, IOS files, 836NAT (Network Address Translation), 148, 609, 872

configuring via SDM, 659debug ip nat command, 706development of, 652dynamic NAT, 655, 686, 695-698, 873inside global addresses, 657, 873inside local addresses, 657, 688, 873inside/outside, 657, 687ip nat inside command, 705local/global, 657, 687outside global addresses, 658, 688, 873outside local addresses, 658, 688, 873private IP addresses, 653show ip nat statistics command, 704show ip nat translations command, 704-705static NAT, 654-655, 686

configuring, 689-695, 873show ip nat translations command, 692show running-config command, 692

telnet command, 706troubleshooting, 705-707

clear ip nat translations * command, 676, 707show running-config command, 675, 704

verifying operation of, 704NAT Configuration window (SDM)

Advanced NAT wizard, 663-669Basic NAT wizard, 659-663

NAT overload, 656, 686, 699-704, 873configuring via SDM

advanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675

port numbers, mapping, 668-669show ip nat statistics command, 673show ip nat transition command, 675

native VLAN (Virtual Local Area Networks), 508navigation modes (IOS), 844NBMA (Non-Broadcast Multi-Access) topologies

(OSPF), 400. See also Frame Relay

NCP (Network Control Protocol), PPP, 733neighbor discovery, CDP, 270-273neighbor routers, advertised distances, 419neighbor tables, 394network command, DHCP IOS, 276network ID, 144Network Interface layers (TCP/IP model), 33Network layer (OSI model), 20

ARP, 137functions of, 136, 829ICMP, 136IP addresses, 137, 142. See also IPv4; IPv6

binary-to-decimal conversion, 138-139Boolean AND, 146-147broadcast IP, 144, 149decimal-to-binary conversion, 141, 150decimal-to-hexadecimal conversion,

142-143hexadecimals, 142-143management addresses, assigning to

switches, 455NAT, 148, 653, 873network ID, 144private (RFC 1918) addressing, 148router assignments, 252, 277subnet ID, 144subnets, 149-159, 841switch assignments via DHCP, 456-457

Layer 3 switches, 165, 168Proxy ARP, 137RARP, 137routers, 165-168traceroutes, 136

networksdomains, 832HTTP/HTTPS access, restricting by extend-

ed ACL, 631-632interfaces, 65security, 114

access attacks, 115-116, 837DoS attacks, 119-121, 838mitigating attacks, 122-126, 838reconnaissance attacks, 117-118, 838


32_0789737132_index.qxd 11/20/07 6:54 PM Page 957

958

standard ACL, isolating via, 616-619subnets

bus topologies, 52-53changing RSTP via BPDU, 485calculating in, 841mesh topologies, 55ring topologies, 53-54star topologies, 54wireless networks, 587-588

wireless networks, 560802.11a, 567802.11b, 567802.11g, 567-568802.11n, 568channel surfing, 565data transmission, 562-563IEEE, 561ITU-R, 561overlapping signals, 564-565RF bands, 563-564Wi-Fi Alliance, 561

NEXT (Near-End Crosstalk), 57nibbles, 143no access-list command, 618no cdp enable command, 273, 546no cdp run command, 273, 546no command, 240no debug all command, 267no exec command, catalyst switch security, 539no ip directed-broadcast command, 121-122no keepalives command, 253no shutdown command, 253, 270, 540nonedge ports, RSTP, 486NTP (Network Time Protocol), network security,

124-125NVRAM (Nonvolatile Random Access Memory), 191

Oone-way redistribution (routing protocols), 860OSI model, 14

Application layer, 16-17, 829-830compared to TCP/IP models, 26Data Link layer, 21-23, 829

information, controlling, 830layered communications, 24list of layers, 25lower layers, 18Network layer, 20, 829Physical layer, 23-24, 829Presentation layer, 17, 829related TCP/IP layers, 831Session layer, 18, 829Transport layer, 19, 829upper layers, 15

OSPF (Open Shortest Path First), 862area command, 409backbone areas, 397BDR elections, 401-403configuring, 407-408, 864

loopback interfaces, 404via SDM, 410-411wildcard masks, 405-407

cost values based on bandwidth chart, 863debug ip ospf command, 415default-information originate command, 410DR elections, 401-403initializing, 404ip ospf cost command, 410ip ospf priority command, 410metrics of, 399router ID, 399-400stub areas, 398topologies, 400-403troubleshooting, 415, 865verifying, 412-414, 865wildcard masks, 405-407

outside global addresses (NAT), 658, 688, 873outside local addresses (NAT), 658, 688, 873outside/inside (NAT), 657, 687overlapping signals (wireless networks), 564-565

Ppacket filtering, 607packet sniffers, 117packet-switched networks (WAN), 722, 874

networks

32_0789737132_index.qxd 11/20/07 6:54 PM Page 958

practice exams959

PAP (Password Authentication Protocol), PPPauthentication, 730, 875

PAR (Positive Acknowledgment andRetransmission), 27, 831

partial mesh topologies (virtual circuits), 757, 877passive RIP interfaces, 371-372passive-interface command, 867passwords

aux ports, 537-538enable password command, 243, 251enable secret command, 251hashing, 731network security, 115Privileged EXEC mode, assigning to, 243recovery (router/switch start-ups), 216-217secret passwords, changing in SDM, 297service password-encryption command, 244, 251switch security, 537-538VTP, 546

PAT (Port Address Translation). See NAT OverloadPDU (Protocol Data Units), 24permanent virtual circuits, 722“permit all” statements, access lists, 872permit statements, ACL, 604-606Physical layer

hubs, 65network interfaces, 65OSI model, 23-24, 829repeaters, 64WAN, 724-725

physical security, switches, 536ping command, 265, 460, 837ping sweeps, 117pinouts, 59PoE (Power over Ethernet), 196point-to-point subinterfaces, 765, 877point-to-point topologies (OSPF), 400poison reverse, 365, 861PortFast, 476-477

configuring, 478verifying activation, 479

PortFast, STP, 852

ports, 455access ports, 503auxiliary ports, 210, 537-538blocked ports, 447, 451console ports, 209designated ports, 450, 486Gigabit Ethernet ports, 187Layer 2 security, 540

static MAC addresses, 541verifying, 542-543

MAC addresses, limiting in, 540NAT port numbers, mapping, 668-669nonedge ports, RSTP, 486redirecting

network security, 116static NAT configuration, 694

roles, RSTP, 482-483root ports, 448-449scans, 118states

RSTP, 482-483transitioning, 453-454

synchronization, RSTP, 486-488TCP port number access lists, 871UDP port number access lists, 872

POST (Power-On Self-Tests), router/switch startupprocesses, 212

PPP (Point-to-Point Protocol), 727authentication, 732-736compression, 736, 875configuring, 734-736ISO HDLC, 729LCP, 729-736NCP, 733troubleshooting, 738-740verifying operation of, 737-738WAN, 726, 874-876

PPPoA (PPP over ATM), WAN, 727PPPoE (PPP over Ethernet), WAN, 727practice exams

answers, 901-909MeasureUp, 912-913questions, 881-899


32_0789737132_index.qxd 11/20/07 6:54 PM Page 959

960

Predictor algorithm, PPP authentication, 732predictor compression algorithms, PPP compres-

sion, 875Presentation layer (OSI model), 17, 829private (RFC 1918) addressing, 148private IP addresses, NAT, 653Privileged EXEC, 220. See also configure com-

mand; User EXECaccess, security, 846debug command, 266-267passwords, assigning, 243ping command, 266Telnet, virtual terminal access, 275terminal monitor command, 275-276

Proxy ARP (Address Resolution Protocol), 33, 137pruning, VTP, 514PVC (Permanent Virtual Circuits), 758, 769-770,

877-878

Q - RQoS (Quality of Service), 608queries (information), reconnaissance attacks, 118questions (practice exams), 881-899

RAM (Random Access Memory), 191RARP (Reverse Address Resolution Protocol), 33, 137rebooting via reload command, 269reconnaissance attacks

information queries, 118network security, 838packet sniffers, 117ping sweeps, 117port scans, 118

redirecting ports, static NAT configuration, 694redistributing routing protocols, 343-344, 860reload command, 269remote-access VPN (Virtual Private Networks),

811-813, 880repeaters, 64resequence command, configuring named ACL, 634revisioning, VTP, 514RF bands, wireless networks, 563-564RFC 1918 (private) addressing, 148

ring topologies, 53-54RIP (Routing Information Protocol), 379-380

characteristics of, 367configuring, 368-370, 374, 862passive interfaces, 371-372RIPv2 versus, 381, 861troubleshooting, 377-378, 862verifying, 375-376, 862

RIPv2 (Routing Information Protocol version 2)characteristics of, 372configuring, 373RIP versus, 381, 861update authentication, 374

rolled cable, 61ROM (Read-Only Memory), 191ROMmon, router/switch start-up, 213root bridges

Bridge ID, 447-449root ports, 448-449STP, 447-449switch priorities changing in STP, 458

root ports, STP, 448-449route filtering, 609route poisoning

distance vector routing protocols, 861mitigating, 365-366

route summarization, VLSM, 338-339route update packets, Network layer (OSI)

routing, 168router ID (OSPF), 399-400routers, 194-195

ABR, 397access lists, 869address mapping, Inverse ARP, 765administrative distances, 324amnesia via DHCP, 278boot sequences, changing, 240-241classful routing protocols, 333-334classless routing protocols, 333-339configuration

backing up via TFTP servers, 267-269verifying, 257-258

default gateways, 320-321

Predictor algorithm, PPP authentication

32_0789737132_index.qxd 11/20/07 6:54 PM Page 960

routing by rumor961

default routes, 328, 858configuring via SDM, 329-330verifying, 330-331

Dial-on-Demand routing, 608dynamic routing protocols, 858

distance vector routing protocols, 340,358-359, 860-861. See also routing loops

EG, 859hybrid routing protocols, 341, 860IG, 859interior/exterior gateway routing proto-

cols, 339link state routing protocols, 340-341,

394-415, 860redistribution, 860routed protocols versus, 331routing metrics, 859routing updates, 859

ICMP, Destination Unreachable error messages, 837

interface configuationassigning duplexes, 253assigning IP addresses, 252assigning speed to, 253bandwidth command, 254clock rate command, 254enabling, 253LAN-specific commands, 253no keepalives command, 253no shutdown command, 253returning to default configurations, 255saving, 254WAN-specific commands, 254

interface status/statistics, viewingshow controller command, 261show interfaces command, 259-260show ip interface brief command, 261

interVLAN routing, 856-857IOS files, backing up via TFTP servers, 268IP addresses, verifying assignment of, 277Layer 3 functions, 842Local Access Rates, 760local routers, feasible distances, 419metrics of, 332-333, 859

multipoint subinterfaces, 877neighbor routers, advertised distances, 419Network layer (OSI model), 165-168passive-interface command, 867point-to-point subinterfaces, 877redistributing, 343-344RIP, 379-380

characteristics of, 367configuring, 368-370, 374, 862passive interfaces, 371-372RIPv2 versus, 381, 861troubleshooting, 377-378, 862verifying, 375-376, 862

RIPv2characteristics of, 372configuring, 373RIP versus, 381, 861update authentication, 374

routing sources, 323-324, 857-858SDM, 294

access configuration, 301, 306-308device monitoring, 309global configurations, 296-297, 301-306installing, 295

show processes command, 267smurf attacks, 121start-up procedures

bootstrap, 213configuration loading, 215IOS loading, 213-216password recovery, 216-217POST, 212practice challenge, 218ROMmon, 213setup mode, 216

static routes, 325configuring, 326, 329-330floating static routes, 327, 858verifying, 330-331

VPN, 814WAN, 874-876

routers “on a stick,” interVLAN routing, 517-519routing by rumor, 358


32_0789737132_index.qxd 11/20/07 6:54 PM Page 961

962

routing loops, 360-362. See also distance vectorrouting protocols

counts to infinity, 363invalid/dead timers, 367route poisoning, 365-366split horizons, 363-364triggered updates, 367

routing tables, 341-343RSTP (Rapid Spanning Tree Protocol), 481, 486, 490

convergence, 854designated ports, 486edge types, 485link types, 485, 853nonedge ports, 486port roles, 482-483, 853port states, 482-483, 853port synchronization, 486-488STP comparisons to, 481topology changes via BPDU, 485

SSAN (Storage Area Networks), 14SDM (Security Device Manager), 294

default routes, configuring, 329-330device monitoring, 309Edit NAT Configuration window, 670-672EIGRP configuration, 425global configurations, 296

banners, 297DHCP, 304, 306DNS, 302domain names, 297host names, 297router access, 301secret passwords, 297

installing, 295NAT Configuration window

Advanced NAT wizard, 663-669Basic NAT wizard, 659-663

NAT overload configurationadvanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675

OSPF configuration, 410-411RIP, configuring, 374router interface configuration

enabling interfaces, 307IP address assignments, 306saving configuration, 308verifying configurations, 308

static routes, configuring, 329-330secret passwords, changing in SDM, 297security (networks), 114

access attacks, 837man-in-the-middle attacks, 116password attacks, 115port redirection, 116trust exploitation, 116

DoS attacks, 838DDoS attacks, 119smurf attacks, 121TCP SYN attacks, 120-121

interVLAN routing, 857IOS, 845-846mitigating attacks, 838

AAA, 122, 125ACL, 123-125encryption, 124-125firewalls, 125-126IDS, 125-126IPS, 125-126IPsec, 124-125NTP, 124-125SNMP, 123, 125SSH, 123-125SSL, 124, 126syslog, 124-125

reconnaissance attacks, 838information queries, 118packet sniffers, 117ping sweeps, 117port scans, 118

VPN, encryption, 880wireless networks

authentication, 868encryption standards, 867

routing loops

32_0789737132_index.qxd 11/20/07 6:54 PM Page 962

SSH (Secure Shell)963

Segment Header format (TCP), 831server mode (VTP), 511service password-encryption command, 244, 251,

539, 846service timestamp command, 267Session layer (OSI model), 18, 829setup mode (router/switch start-ups), 216SHA-1 (Secure Hash Algorithm), 821shortcuts

keyboard, suspending Telnet sessions, 274-275MeasureUp practice tests, creating, 913

show cdp neighbors command, 271show commands, 256

access lists, verifying, 872EIGRP verification, 425-427general commands list, 848IFS, 270interface status values, 848list of, 264OSPF verification, 412-414router configurations, verifying, 257-258

show compress command, verifying PPP compres-sion, 738

show controller command, viewing router interfacestatus/statistics, 261

show controllers serial command, 273show dhcp lease command, 278, 457show flash command, 262show frame-relay lmi command, 768, 785show frame-relay map command, 772, 777, 786show frame-relay pvc command, 769, 777, 785show interface command, 259-261, 876show interface <interface> command, verifying

PPP operation, 737-738show interface trunk command, 510, 522-523, 545show interfaces interface-id command, 461show ip access-lists command, verifying ACL,

613-614, 636show ip dhcp binding command, 277show ip interface brief command, viewing router

interface status/statistics, 261show ip interface command, verifying ACL, 635show ip nat statistics command, 673, 704

show ip nat transition command, verifying NAToverload configurations, 675

show ip nat translations command, 692, 704-705show port-security address command, 542show port-security interface command, 542show processes command, 267show running-config command, 257-258, 270,

278, 692troubleshooting NAT, 675verifying

ACL, 634NAT configuration, 704standard ACL, 613-614

show sessions command, Telnet sessions, 274show startup-config command, 257show version command, 193, 262-263show vlan command, 506, 510, 522show vtp password command, 523show vtp status command, 515, 523SIA (Stuck in Active) timers, 421single-mode (SM) fiber-optic cable, 62site-local IPv6 addresses, 162, 842site-to-site VPN (Virtual Private Networks), 810, 879SLIP (Serial Line Internet Protocol), WAN Data

Link encapsulations, 725smurf attacks, 121SNAP (Subnetwork Access Protocol), 87SNMP (Simple Network Management Protocol),

network security, 123-125sources (routing tables), 323-324spanning-tree portfast bpduguard command, 479speed, router assignments, 253SPF (Shortest Path First) algorithms, 394split horizons, 763

distance vector routing protocols, 861mitigating, 363-364

Spread Spectrum Wireless LAN (Local AreaNetworks), 833

SSH (Secure Shell)catalyst switch security, 538enabling, 245-246EXEC sessions, 211IOS security, 846


32_0789737132_index.qxd 11/20/07 6:54 PM Page 963

964

network security, 123-125User EXEC access, securing, 248-251

SSL (Secure Socket Layer)network security, 124-126VPN

clientless SSL VPN, 813encryption, 819-820thin-client SSL VPN, 813

Stacker algorithm, PPP authentication, 732stacker compression algorithms, PPP

compression, 875standard ACL (access lists), 869, 872

configuring, 610-613isolating networks, 616

from specific hosts, 617-618internal networks from Internet, 618-619

placement of, 614-615verifying, 613-614VTY, restricting access, 619

star topologies, 54startup processes. See boot processesstatic MAC addresses, switch port security, 541static maps, 766, 878static NAT (Network Address Translation),

654-655, 686configuring, 689-695, 873show ip nat translations command, 692show running-config command, 692

static routes, 325configuring, 326, 329-330floating static routes, 327, 858verifying, 330-331

STATIC states (PVC), 770store-and-forward method (frame-forwarding), 444STP (Spanning Tree Protocol)

BackboneFast, 478-479, 852blocked ports, 451BPDU Guard, 477-479configuring, 852designated ports, 450EtherChannel, 479-481, 852PortFast, 476-479, 852

portscost values, 851designated ports, 486nonedge ports, 486roles, 482-483, 853root ports, 448-449states, 453-454, 482-483, 851-853synchronization, 486-488

root bridges, 446-449RSTP, 490

comparisons to STP, 481convergence, 854designated ports, 486edge types, 485link types, 485, 853nonedge ports, 486port roles, 482-483, 853port states, 482-483, 853port synchronization, 486-488topology changes via BPDU, 485

switches, 458topology changes, 852troubleshooting, 461UplinkFast, 477-479, 852verifying, 459

STP cable, 58-59. See also twisted-pair cablestraight-through cable, 59, 833stub areas (OSPF), 398stub networks, 325stub routing, 421, 424study mode (CD-ROM), 911subinterfaces

configuring, 773Frame Relays, 764-765VLAN, 517-518

subnet ID, 144subnets

blocking, extended ACL, 626-630decimal to binary conversions, 840hosts, calculating, 841IP addresses, 841masks, 150, 156

CIDR notation, 147FLSM, 334

SSH (Secure Shell)

32_0789737132_index.qxd 11/20/07 6:54 PM Page 964

switchport port-security violation shutdown command965

IPv4, 146-149IPv4 addresses, 839VLSM, 335-339

networks, calculating, 841subnetting IP (Internet Protocol), 149-151

calculatinghosts, 152-153increments, 155-157networks, 153-154

range of valid IP, determining, 158-159zero subnet rule, 155

successor routes (EIGRP), 419-421summarization (route), VLSM, 338-339SVC (Switched Virtual Circuits), 758-759, 877-878SVI (Switched Virtual Interfaces), interVLAN rout-

ing, 519-520switches, 98-99, 195-196

basic connectivity, troubleshooting, 460-461boot sequence, changing, 240-241catalyst switches

securing physical access to, 536securing terminal access to, 537-539

configurationbacking up via TFTP servers, 267-269commands list, 847returning to default configurations, 255

default gateways, defining, 455diameters, 454filtering, 443frame-forwarding, 442-444, 850full duplex connections, 445functions of, 850half-duplex connections, 445interface range command, 457IOS files, backing up via TFTP servers, 268IP addresses, assigning

management IP addresses, 455via DHCP, 456-457

ip default-gateway command, 456Layer 2 security

CDP, 546port security, 540-541verifying, 542-543

VLAN, 543-545VTP, 546

Layer 3 switches, 842functions of, 165, 168interVLAN routing, 856-857

microsegmentation, 100multilayer switches, 168multiple switch interfaces, configuring, 457physical security, 536ports, 455

access ports, 503blocked ports, 451changing costs of, 458designated ports, 450limiting MAC addresses in, 540

primary tasks, 95redundant design, 446show dhcp lease command, 457show interfaces interface-id command, 461start-up procedures

bootstrap, 213configuration loading, 215IOS loading, 213-216password recovery, 216-217POST, 212practice challenge, 218ROMmon, 213setup mode, 216

STP, 446changing port costs in, 458changing priority in, 458root bridges, 447-449

trunks, 855VLAN, single-switch scenarios, 504

switchport access vlan command, configuringVLAN, 506

switchport mode trunk command, VLAN trunking, 522switchport port security mac-address sticky com-

mand, 541switchport port-security command, 540switchport port-security maximum command, 541switchport port-security violation shutdown com-

mand, 541


32_0789737132_index.qxd 11/20/07 6:54 PM Page 965

966

SYN packets, 28SYN-ACK packet, 28synchronization, RSTP, 486-488synchronous serial interfaces, 188syntax errors, IOS, 845syslog, network security, 124-125system requirements, CD-ROM installations, 912

TT1 controller cards, 188TCN (Topology Change Notifications), 486TCP (Transfer Control Protocol), 27-29

applications that utilize, 832PAR, 831port number access lists, 871Segment Header format, 831

TCP SYN attacks, 120-121TCP/IP layers, related OSI layers, 831TCP/IP model

Application layers, 26-27compared to OSI model, 26Internet layers, 31-33Network Interface layers, 33overview, 26Transport layers, 27-30

technical support, 913Telnet, 210, 849

catalyst switch security, 538multiple session example, 275resuming sessions, 275showing sessions, 274suspending sessions, 274-275terminal monitor command, 275-276User EXEC access, securing, 248-251virtual terminal access, 274-276

telnet command, troubleshooting NAT, 706terminal, 208

auxiliary ports, 210console ports, 209editing, IOS editing keystrokes, 844HTTP, 210SSH, 211virtual terminal access, Telnet, 274-276

terminal monitor command, 275-276test modes (CD-ROM), 911tests (practice)

answers, 901-909MeasureUp, 912-913questions, 881-899

TFTP serversrouters, backing up

configurations, 267-269IOS files, 268

switches, backing upconfigurations, 267-269IOS files, 268

thin-client SSL VPN (Secure Socket Layer VirtualPrivate Networks), 813

three-way handshakes, 28throughput, 12timers (max age), 453timestamps

debug messages, 267service timestamp command, 267

Token Ring protocols, 78-79topologies

bus topologies, 52-53mesh topologies, 55ring topologies, 53-54RSTP, changing via BPDU, 485star topologies, 54wireless networks, 587-588

traceroute command, 136, 266, 837RIP, 377switches, troubleshooting basic connectivity, 460

traffic policing (QoS), 608trains (IOS), 192transmitting data over wireless networks, 562-563transparent mode (VTP), 512-513Transport layer (OSI model), 19, 27-30, 829triggered updates (routing), 367troubleshooting

debug command, 266-267EIGRP, 427, 866Frame Relays, 786-789, 879NAT, 675-676, 705-707

SYN packets

32_0789737132_index.qxd 11/20/07 6:54 PM Page 966

virtual circuits967

OSPF, 415, 865ping command, 265PPP, 738-740, 876RIP, 377-378, 862show processes command, 267STP, 461switches, basic connectivity, 460-461traceroute command, 266VLAN, 522-523wireless networks, 592-593

trunks, 855configuring, 855VLAN, 506

802.1q trunks, 508-510DTP dynamic trunks, 510ISL trunks, 508-510

VTP, 855trust exploitation, network security, 116twisted-pair cable, 58-61two-way redistribution (routing protocols), 860

UUDP (User Datagram Protocol), 29-30

applications that utilize, 832headers, 832port number access lists, 872

undebug all command, 267unequal-path load balancing, EIGRP, 423-424unicast addresses, 82unique IPv6 addresses, 162, 842unshielded twisted-pair cable versus fiber-optic

cable, 833updates

broadcast multiaccess topologies (OSPF),401-403

dynamic routing protocols, 861LSU, 395RIPv2, 374routers, 859

UplinkFast, 477configuring, 478STP, 852verifying activation, 479

upper layer (OSI model), 15User EXEC. See also Privileged EXEC

access security, 845auxiliary access, securing, 248console access, securing, 246-247overview, 219SSH access, securing, 248-251Telnet

securing access, 248-251virtual terminal access, 275

UTP cable, 58-59. See also twisted-pair cable

VVAN (Virtual Area Networks), 14variance command, unequal-path load balancing

in EIGRP, 424verifying

access lists, 872ACL

show ip access-lists command, 636show ip interface command, 635show running-config command, 634standard ACL, 613-614

EIGRP, 425-427, 866Frame Relay operation, 785-786NAT, 672-675, 704OSPF, 412-414, 865port security, switch ports, 542-543PPP, 876

show compress command, 738show interface <interface> command,

737-738RIP, 375-376, 862router configurations, 257-258SDM router interface configurations, 308STP, 459VLAN, 506, 510VTP, 515

virtual circuits, 755, 876CIR, 877full mesh topologies, 757, 877hub and spoke topologies, 756, 876multipoint subinterfaces, 877


32_0789737132_index.qxd 11/20/07 6:54 PM Page 967

968

partial mesh topologies, 757, 877permanent virtual circuits, 722point-to-point subinterfaces, 877PVC, 758, 877-878SVC, 758-759, 877-878

virtual terminal access, Telnet, 274-276VLAN (Virtual Local Area Networks), 502

access ports, 503configuring, 505, 854interVLAN routing, 856

“routers on a stick,” 517-519security, 857SVI, 519-520

Layer 2 security, 543-545management VLAN, 504membership methods, 503show interfaces trunk command, 522-523show vlans command, 522show vtp password command, 523show vtp status command, 523single-switch scenarios, 504subinterfaces, 517-518switchport mode trunk command, 522troubleshooting, 522-523trunks, 506-507

802.1q trunks, 508-510configuring, 855DTP dynamic trunks, 510ISL trunks, 508-510VTP, 855

verifying, 506VMPS, 504voice VLAN, 520-521, 855VTP, 516-517

client mode, 512configuring, 514-515pruning, 514revisioning, 514server mode, 511transparent mode, 512-513verifying, 515

workgroups, 34

VLSM (Variable-Length Subnet Masks), 335-339VMPS (VLAN Membership Policy Servers), 504voice VLAN (Virtual Local Area Networks),

520-521, 855VPN (Virtual Private Networks)

components of, 814-815connectivity, 808-810encryption, 880IPsec, 815

AH, 822authentication, 820data integrity, 820encryption, 816-820ESP, 822

remote-access VPN, 811-813, 880site-to-site VPN, 810, 879SSL VPN, 813WAN, 723

VTP (VLAN Trunking Protocol), 516-517, 855client mode, 512configuring, 514-515Layer 2 security, 546pruning, 514revisioning, 514server mode, 511show vtp status command, 515transparent mode, 512-513verifying, 515vtp mode command, 515

vtp mode command, 515vtp password command, 546VTY (Virtual Teletype)

access, restricting via standard ACL, 619ports, access lists, 870

WWAN (Wide Area Networks), 12-13, 835-836

baseband connections, 722broadband connections, 722circuit-switched networks, 721, 874Data Link encapsulations

ATM, 726Frame Relays, 726

virtual circuits

32_0789737132_index.qxd 11/20/07 6:54 PM Page 968

zero subnet rule969

HDLC, 726LAPB, 726PPP, 726PPPoA, 727PPPoE, 727SLIP, 725

dial-on-demand connections, 721interfaces

asynchronous serial interfaces, 188BRI, 187-188DCE, 188DTE, 189-190HSSI, 188synchronous serial interfaces, 188T1 controller cards, 188

leased line connections, 721leased-line networks, 723, 874packet-switched networks, 722, 874Physical layer, 724-725routers, 167

configuring, 254connecting to, 874HDLC, 874PPP, 874-876

VPN, 723WAP (Wireless Access Points)


war driving, 580WEP (Wired Equivalent Privacy), wireless

networks, 582-583Wi-Fi, IEEE 802 characteristics, 63-64, 834Wi-Fi Alliance, 561wildcard masks, OSPF, 405-407windowing, 28wireless networks, 560-561

802.11a, 567802.11b, 567802.11g, 567-568802.11n, 568802.1x (wireless authentication), 585-586ad hoc networks, 587

channel surfing, 565characteristics of, 867data rates, 590-591data transmission, 562-563encryption, 582-584IEEE, 561implementing, 587, 592, 869IPS, 586ITU-R, 561overlapping signals, 564-565RF bands, 563-564security

authentication, 868encryption standards, 867

threats todirect hacking, 581employee ignorance, 581-582war driving, 580

topologies, 587-588troubleshooting, 592-593WAP


Wi-Fi Alliance, 561WLAN (wireless local area networks). See wireless

networksworkgroup layers (hierarchical models). See

Distribution layer (hierarchical models)workgroups

hubs, 65VLAN, 34

WPA (Wi-Fi Protected Access), wireless networks, 584

WPA2 (Wi-Fi Protected Access version 2), wirelessnetworks, 584

X - Y - ZX.25 link access procedure, balanced. See LAPB

(X.25 Link Access Procedure, Balanced)

zero subnet rule, 155


32_0789737132_index.qxd 11/20/07 6:54 PM Page 969

Documents

04 0789737132 ch01ptgmedia.pearsoncmg.com/images/9780789737137/index/... · 2009. 6. 9. · troubleshooting commands list, 862 verification commands list, 862 switch configuration