Figure 3.11 DHCP client four-step process Figure 3.12

Figure 5.1 Typical classful network

Figure 5.2 Classless network design

Figure 5.3 The VLSM table

Figure 5.4 VLSM network example 1

Figure 5.5 VLSM table example 1

Figure 5.6 VLSM network example 2

Figure 5.7 VLSM table example 2

Figure 5.8 VLSM design example 1

Figure 5.9 Solution to VLSM design example 1

Figure 5.10 VLSM design example 2

Figure 5.11 Solution to VLSM design example 2

Figure 5.12 Summary address used in an internetwork

Figure 5.13 Summarization example 4

Figure 5.14 Summarization example 5

Figure 5.15 Basic IP troubleshooting

Figure 5.16 IP address problem 1

Figure 5.17 IP address problem 2

Figure 5.18 Find the valid host #1

Figure 5.19 Find the valid host #2

Figure 5.20 Find the valid host address #3

Figure 5.21 Find the valid subnet mask

Chapter 6

Figure 6.1 A Cisco 2960 switch

Figure 6.2 A new Cisco 1900 router

Figure 6.3 A typical WAN connection. Clocking is typically

provided by a DCE network to routers. In nonproduction

environments, a DCE network is not always present.

Figure 6.4 Providing clocking on a nonproduction network

Figure 6.5 Where do you configure clocking? Use the

show

controllers

command on each router’s serial interface to find out.

Figure 6.6 By looking at R1, the

show controllers

command

reveals that R1 and R2 can’t communicate.

Chapter 7

Figure 7.1 Router bootup process

Figure 7.2 DHCP configuration example on a switch

Figure 7.3 Configuring a DHCP relay

Figure 7.4 Messages sent to a syslog server

Figure 7.5 Synchronizing time information

Figure 7.6 Cisco Discovery Protocol

Figure 7.7 Documenting a network topology using CDP

Figure 7.8 Network topology documented

Chapter 8

Figure 8.1 Copying an IOS from a router to a TFTP host

Chapter 9

Figure 9.1 A simple routing example

Figure 9.2 IP routing example using two hosts and one router

Figure 9.3 Frame used from Host A to the Lab_A router when

Host B is pinged

Figure 9.4 IP routing example 1

Figure 9.5 IP routing example 2

Figure 9.6 Basic IP routing using MAC and IP addresses

Figure 9.7 Testing basic routing knowledge

Figure 9.8 Configuring IP routing

Figure 9.9 Our internetwork

Chapter 10

Figure 10.1 Empty forward/filter table on a switch

Figure 10.2 How switches learn hosts’ locations

Figure 10.3 Forward/filter table

Figure 10.4 Forward/filter table answer

Figure 10.5 “Port security” on a switch port restricts port access

by MAC address.

Figure 10.6 Protecting a PC in a lobby

Figure 10.7 Broadcast storm

Figure 10.8 Multiple frame copies

Figure 10.9 A Cisco Catalyst switch

Figure 10.10 Our switched network

Chapter 11

Figure 11.1 Flat network structure

Figure 11.2 The benefit of a switched network

Figure 11.3 One switch, one LAN: Before VLANs, there were no

separations between hosts.

Figure 11.4 One switch, two virtual LANs (logical separation

between hosts): Still physically one switch, but this switch acts as

many separate devices.

Figure 11.5 Access ports

Figure 11.6 VLANs can span across multiple switches by using

trunk links, which carry traffic for multiple VLANs.

Figure 11.7 IEEE 802.1q encapsulation with and without the

802.1q tag

Figure 11.8 Router connecting three VLANs together for inter-

VLAN communication, one router interface for each VLAN

Figure 11.9 Router on a stick: single router interface connecting

all three VLANs together for inter-VLAN communication

Figure 11.10 A router creates logical interfaces.

Figure 11.11 With IVR, routing runs on the backplane of the

switch, and it appears to the hosts that a router is present.

Figure 11.12 Configuring inter-VLAN example 1

Figure 11.13 Inter-VLAN example 2

Figure 11.14 Inter-VLAN example 3

Figure 11.15 Inter-VLAN example 4

Figure 11.16 Inter-VLAN routing with a multilayer switch

Chapter 12

Figure 12.1 A typical secured network

Figure 12.2 IP access list example with three LANs and a WAN

connection

Figure 12.3 IP standard access list example 2

Figure 12.4 IP standard access list example 3

Figure 12.5 Extended ACL example 1

Figure 12.6 Extended ACL example 3

Chapter 13

Figure 13.1 Where to configure NAT

Figure 13.2 Basic NAT translation

Figure 13.3 NAT overloading example (PAT)

Figure 13.4 NAT example

Figure 13.5 Another NAT example

Figure 13.6 Last NAT example

Chapter 14

Figure 14.1 IPv6 address example

Figure 14.2 IPv6 global unicast addresses

Figure 14.3 IPv6 link local FE80::/10: The first 10 bits define the

address type.

Figure 14.4 EUI-64 interface ID assignment

Figure 14.5 Two steps to IPv6 autoconfiguration

Figure 14.6 IPv6 autoconfiguration example

Figure 14.7 IPv6 header

Figure 14.8 ICMPv6

Figure 14.9 Router solicitation (RS) and router advertisement

(RA)

Figure 14.10 Neighbor solicitation (NS) and neighbor

advertisement (NA)

Figure 14.11 Duplicate address detection (DAD)

Figure 14.12 IPv6 static and default routing

Figure 14.13 Our internetwork

Chapter 15

Figure 15.1 VTP modes

Figure 15.2 A switched network with switching loops

Figure 15.3 A switched network with STP

Figure 15.4 STP operations

Figure 15.5 STP operations

Figure 15.6 STP operations

Figure 15.7 STP operations

Figure 15.8 Common STP example

Figure 15.9 PVST+ provides efficient root bridge selection.

Figure 15.10 PVST+ unique bridge ID

Figure 15.11 RSTP example 1

Figure 15.12 RSTP example 1 answer

Figure 15.13 RSTP example 2

Figure 15.14 RSTP example 2, answer 1

Figure 15.15 RSTP example 2, answer 2

Figure 15.16 Our simple three-switch network

Figure 15.17 STP stopping loops

Figure 15.18 STP failure

Figure 15.19 PortFast

Figure 15.20 Before and after port channels

Figure 15.21 EtherChannel example

Chapter 16

Figure 16.1 Mitigating threats at the access layer

Figure 16.2 DHCP snooping and DAI

Figure 16.3 Identity-based networking

Figure 16.4 SNMP GET and TRAP messages

Figure 16.5 Cisco’s MIB OIDs

Figure 16.6 Default gateway

Figure 16.7 Proxy ARP

Figure 16.8 FHRPs use a virtual router with a virtual IP address

and virtual MAC address.

Figure 16.9 HSRP active and standby routers

Figure 16.10 Example of HSRP active and standby routers

swapping interfaces

Figure 16.11 HSRP Hellos

Figure 16.12 Interface tracking setup

Figure 16.13 HSRP configuration and verification

Figure 16.14 HSRP load balancing per VLAN

Chapter 17

Figure 17.1 EIGRP neighbor discovery

Figure 17.2 Advertised distance

Figure 17.3 Feasible distance

Figure 17.4 The tables used by EIGRP

Figure 17.5 Configuring our little internetwork with EIGRP

Figure 17.6 Discontiguous networks

Figure 17.7 EIGRP route selection process

Figure 17.8 Split horizon in action, part 1

Figure 17.9 Split horizon in action, part 2

Figure 17.10 Troubleshooting scenario

Figure 17.11 Configuring EIGRPv6 on our internetwork

Chapter 18

Figure 18.1 OSPF design example. An OSPF hierarchical design

minimizes routing table entries and keeps the impact of any

topology changes contained within a specific area.

Figure 18.2 The Hello protocol

Figure 18.3 Sample OSPF wildcard configuration

Figure 18.4 Our new network layout

Figure 18.5 Adding a non-OSPF network to the LA router

Figure 18.6 OSPF router ID (RID)

Chapter 19

Figure 19.1 OSPF single-area network: All routers flood the

network with link-state information to all other routers within the

same area.

Figure 19.2 OSPF multi-area network: All routers flood the

network only within their area.

Figure 19.3 Router roles: Routers within an area are called

internal routers.

Figure 19.4 Type 1 Link-State Advertisements

Figure 19.5 Basic LSA types

Figure 19.6 OSPF neighbor states, part 1

Figure 19.7 OSPF router neighbor states, part 2

Figure 19.8 Our internetwork

Figure 19.9 Our internetwork

Figure 19.10 Our internetwork with dual links

Figure 19.11 Configuring OSPFv3

Chapter 20

Figure 20.1 Troubleshooting scenario

Figure 20.2 Using SPAN for troubleshooting

Figure 20.3 Extended ACLs

Figure 20.4 IPv6 troubleshooting scenario

Figure 20.5 Router solicitation (RS) and router advertisement

(RA)

Figure 20.6 Neighbor solicitation (NS) and neighbor

advertisement (NA)

Figure 20.7 VLAN connectivity

Chapter 21

Figure 21.1 Hub-and-spoke

Figure 21.2 Fully meshed topology

Figure 21.3 Partially meshed topology

Figure 21.4 WAN terms

Figure 21.5 WAN connection types

Figure 21.6 Branch WAN challenges

Figure 21.7 Intelligent WAN

Figure 21.8 IWAN four technology pillars

Figure 21.9 DTE-DCE-DTE WAN connection: Clocking is

typically provided by the DCE network to routers. In

nonproduction environments, a DCE network is not always

present.

Figure 21.10 Cisco’s HDLC frame format: Each vendor’s HDLC

has a proprietary data field to support multiprotocol

environments.

Figure 21.11 Configuring Cisco’s HDLC proprietary WAN

encapsulation

Figure 21.12 Point-to-Point Protocol stack

Figure 21.13 PPP session establishment

Figure 21.14 PPP authentication example

Figure 21.15 Failed PPP authentication

Figure 21.16 Mismatched WAN encapsulations

Figure 21.17 Mismatched IP addresses

Figure 21.18 MLP between Corp and SF routers

Figure 21.19 PPPoE with ADSL

Figure 21.20 Example of using a VPN

Figure 21.21 Enterprise-managed VPNs

Figure 21.22 Provider-managed VPNs

Figure 21.23 Generic Routing Encapsulation (GRE) tunnel

structure

Figure 21.24 Example of GRE configuration

Figure 21.25 Example of EBGP lay layout

Chapter 22

Figure 22.1 Switch stacking

Figure 22.2 Cloud computing is on-demand.

Figure 22.3 Advantages of cloud computing

Figure 22.4 Cloud computing service

Figure 22.5 The SDN architecture

Figure 22.6 Southbound interfaces

Figure 22.7 Northbound interfaces

Figure 22.8 Where APIC-EM fits in the SDN stack

Figure 22.9 APIC-Enterprise Module

Figure 22.10 APIC-Enterprise Module path trace sample

Figure 22.11 APIC-Enterprise Module IWAN

Figure 22.12 Traffic characteristics

Figure 22.13 Trust boundaries

Figure 22.14 Policing and shaping rate limiters

Figure 22.15 Congestion management

Figure 22.16 Queuing mechanisms

Figure 22.17 Congestion avoidance

Introduction

Welcome to the exciting world of Cisco certification! If you've picked up

this book because you want to improve yourself and your life with a

better, more satisfying, and secure job, you've done the right thing.

Whether you're striving to enter the thriving, dynamic IT sector or

seeking to enhance your skill set and advance your position within it,

being Cisco certified can seriously stack the odds in your favor to help you

attain your goals!

Cisco certifications are powerful instruments of success that also

markedly improve your grasp of all things internetworking. As you

progress through this book, you'll gain a complete understanding of

networking that reaches far beyond Cisco devices. By the end of this

book, you'll comprehensively know how disparate network topologies and

technologies work together to form the fully operational networks that

are vital to today's very way of life in the developed world. The knowledge

and expertise you'll gain here is essential for and relevant to every

networking job and is why Cisco certifications are in such high demand—

even at companies with few Cisco devices!

Although it's now common knowledge that Cisco rules routing and

switching, the fact that it also rocks the security, collaboration, data

center, wireless and service provider worlds is also well recognized. And

Cisco certifications reach way beyond the popular but less extensive

certifications like those offered by CompTIA and Microsoft to equip you

with indispensable insight into today's vastly complex networking realm.

Essentially, by deciding to become Cisco certified, you're proudly

announcing that you want to become an unrivaled networking expert—a

goal that this book will get you well on your way to achieving.

Congratulations in advance on the beginning of your brilliant future!

For up-to-the-minute updates covering additions or

modifications to the Cisco certification exams, as well as additional

study tools, review questions, videos, and bonus materials, be sure to

visit the Todd Lammle websites and forum at

www.lammle.com/ccna

.

Cisco's Network Certifications

It used to be that to secure the holy grail of Cisco certifications—the CCIE

—you passed only one written test before being faced with a grueling,

formidable hands-on lab. This intensely daunting, all-or-nothing

approach made it nearly impossible to succeed and predictably didn't

work out too well for most people. Cisco responded to this issue by

creating a series of new certifications, which not only made it easier to

eventually win the highly coveted CCIE prize, it gave employers a way to

accurately rate and measure the skill levels of prospective and current

employees. This exciting paradigm shift in Cisco's certification path truly

opened doors that few were allowed through before!

Beginning in 1998, obtaining the Cisco Certified Network Associate

(CCNA) certification was the first milestone in the Cisco certification

climb, as well as the official prerequisite to each of the more advanced

levels. But that changed in 2007, when Cisco announced the Cisco

Certified Entry Network Technician (CCENT) certification. And then in

May 2016, Cisco once again proclaimed updates to the CCENT and CCNA

Routing and Switching (R/S) tests. Now the Cisco certification process

looks like

Figure I.1

.

Figure I.1

The Cisco certification path.

I have included only the most popular tracks in

Figure I.1

. In

addition to the ones in this image, there are also tracks for Design,

Service Provider, Service Provider Operations, and Video.

The Cisco R/S path is by far the most popular and could very well remain

so, but soon you'll see the Data Center path become more and more of a

focus as companies migrate to data center technologies. The Security and

Collaboration tracks also actually does provide a good job opportunity,

and an even newer one that is becoming more popular is the Industrial

CCNA. Still, understanding the foundation of R/S before attempting any

other certification track is something I highly recommend.

Even so, and as the figure shows, you only need your CCENT certification

to get underway for most of the tracks. Also, note that there are a few

other certification tracks you can go down that are not shown in the

figure, although they're not as popular as the ones shown.

Cisco Certified Entry Network Technician

(CCENT)

Don't be fooled by the oh-so-misleading name of this first certification

because it absolutely isn't entry level! Okay—maybe entry level for Cisco's

certification path, but definitely not for someone without experience

trying to break into the highly lucrative yet challenging IT job market!

For the uninitiated, the CompTIA A+ and Network+ certifications aren't

official prerequisites, but know that Cisco does expect you to have that

type and level of experience before embarking on your Cisco certification

journey.

All of this gets us to 2016, when the climb to Cisco supremacy just got

much harder again. The innocuous-sounding siren's call of the CCENT

can lure you to some serious trouble if you're not prepared, because it's

actually much harder than the old CCNA ever was. This will rapidly

become apparent once you start studying, but be encouraged! The fact

that the certification process is getting harder really works better for you

in the long run, because that which is harder to obtain only becomes that

much more valuable when you finally do, right? Yes, indeed!

Another important factor to keep in mind is that the Interconnection

Cisco Network Devices Part 1 (ICND1) exam, which is the required exam

for the CCENT certification, costs $150 per attempt and it's anything but

easy to pass! The good news is that Part 1 of this book (Chapters 1-14) will

guide you step-by-step in building a strong foundation in routing and

switching technologies. You really need to build on a strong technical

foundation and stay away from exam cram type books, suspicious online

material, and the like. They can help somewhat, but understand that

you'll pass the Cisco certification exams only if you have a strong

foundation and that you'll get that solid foundation only by reading as

much as you can, performing the written labs and review questions in this

book, and practicing lots and lots of hands-on labs. Additional practice

exam questions, videos, and labs are offered on my website, and what

seems like a million other sites offer additional material that can help you

study.

However, there is one way to skip the CCENT exam and still meet the

prerequisite before moving on to any other certification track, and that

path is through the CCNA R/S Composite exam. First, I'll discuss the

Interconnecting Cisco Network Devices Part 2 (ICND2) exam, and then

I'll tell you about the CCNA Composite exam, which will provide you,

when successful, with both the CCENT and the CCNA R/S certification.

Cisco Certified Network Associate Routing and

Switching (CCNA R/S)

Once you have achieved your CCENT certification, you can take the

ICND2 (200-105) exam in order to achieve your CCNA R/S certification,

which is the most popular certification Cisco has by far because it's the

most sought-after certification of all employers.

As with the CCENT, the ICND2 exam is also $150 per attempt—although

thinking you can just skim a book and pass any of these exams would

probably be a really expensive mistake! The CCENT/CCNA exams are

extremely hard and cover a lot of material, so you have to really know

your stuff. Taking a Cisco class or spending months with hands-on

experience is definitely a requirement to succeed when faced with this

monster!

And once you have your CCNA, you don't have to stop there—you can

choose to continue and achieve an even higher certification, called the

Cisco Certified Network Professional (CCNP). There are various ones, as

shown in Figure NaN.1. The CCNP R/S is still the most popular, with

Voice certifications coming in at a close second. And I've got to tell you

that the Data Center certification will be catching up fast. Also good to

know is that anyone with a CCNP R/S has all the skills and knowledge

needed to attempt the notoriously dreaded but coveted CCIE R/S lab. But

just becoming a CCNA R/S can land you that job you've dreamed about

and that's what this book is all about: helping you to get and keep a great

job!

Still, why take two exams to get your CCNA if you don't have to? Cisco

still has the CCNA Composite (200-125) exam that, if passed, will land

you with your CCENT and your CCNA R/S via only one test priced at only

$250. Some people like the one-test approach, and some people like the

two-test approach. Part 2 of this book (Chapters 15-22) covers the ICND2

exam topics.

Yüklə 22,5 Mb.

Dostları ilə paylaş: