18. APJ Instructor Forum

Download Report

Transcript 18. APJ Instructor Forum 

CCNA Certification Preparation
Session 3 of 4
April, 2012
Jaskaran Kalsi & Bogdan Doinea
Assoc. Technical Managers
Europe/CEE/RCIS
Cisco Networking Academy
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
IP addressing
VLANs
IPv6
NAT
Impossible to cover all topics for CCNA Certification in a one hour session
Session is about “how to prepare for the CCNA Exam”, not about “covering
all CCNA knowledge in one hour”
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
Class
Binary
Start
First Octet
Range
Subnet Mask
and Network
& Host
Octets
Number of
Hosts
Number of
Bits in the
Network
Address
Class A
0
1 to 126
255.0.0.0
N.H.H.H
16,777,214
8
Class B
10
128 to 191
255.255.0.0
N.N.H.H
65,534
16
Class C
110
192 to 223
255.255.255.0
N.N.N.H
254
24
Class D
1110
224 to 239
H.H.H.H
Multicast
-
Class E
1111
240 to 255
Research
Research
Research
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Class
Address Range
Class A
10.0.0.0 to 10.255.255.255.255
Class B
172.16.0.0 to 172.31.255.255
Class C
192.168.0.0 to 192.168.255.255
Loopback
127.0.0.0 to 127.255.255.255 (127.0.0.1 is used as the Loopback)
 Remember: Private Address are not permitted onto the public domain.
 These Private Addresses will need to be exchanged with more Public
Addresses.
 Process is know is Network Address Translation (NAT).
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Decimal IP Address
192.168.2.38
Decimal Subnet Mask
255.255.255.0
11000000 . 10101000 . 00000010 . 00100110
11111111 . 11111111 . 11111111 . 00000000
ANDing Process
11000000 . 10101000 . 00000010 . 00000000
Network Address: 192.168.2.0
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Bits in octet
Decimal
Equivalent
/dec
128
64
32
16
8
4
2
1
/32
1
1
1
1
1
1
1
1
255
/31
1
1
1
1
1
1
1
0
254
/30
1
1
1
1
1
1
0
0
252
/29
1
1
1
1
1
0
0
0
248
/28
1
1
1
1
0
0
0
0
240
/27
1
1
1
0
0
0
0
0
224
/26
1
1
0
0
0
0
0
0
192
/25
1
0
0
0
0
0
0
0
128
/24
0
0
0
0
0
0
0
0
0
128+
+64=
192
+32=
224
+16=
240
+8=
248
+4=
252
+2=
254
+1=
255
• Minimum value for an octet is 0
• Maximum value for an octet is 255
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
Borrowed bits to divide a Default Class C Network
Slash
Format
/25
/26
/27
/28
/29
/30
/31
/32
Last Octet in
the Mask
128
192
224
240
248
252
254
255
Bits
Borrowed
1
2
3
4
5
6
7
8
Total
Subnets
2
4
8
16
32
64
-
-
Total Hosts
128
64
32
16
8
4
-
-
Usable
Hosts
126
62
30
14
6
2
-
-
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
Subnetworks for 192.168.1.0 with 2 Bits Borrowed (255.255.255.192)
Subnetwork
Number
Subnetwork ID
Host Range
Broadcast
0
192.168.1.0
.1 to .62
192.168.1.63
1
192.168.1.64
.65 to .126
192.168.1.127
2
192.168.1.128
.129 to .190
192.168.1.191
3
192.168.1.192
.193 to .254
192.168.1.255
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
• Take an IP address with
mask 192.100.10.17/28
192.100.10.17/28 - 16 Subnets
192.100.10.0
to
192.100.10.15
192.100.10.16
to
192.100.10.31
192.100.10.32
to
192.100.10.47
192.100.10.48
to
192.100.10.63
portion has 4 bits
remaining = 16 host
addresses.
192.100.10.224
to
192.100.10.239
• Each subnet has 16
192.100.10.240
to
192.100.10.255
• See how many bits are
borrowed from 4th octet.
• 4 bits borrowed.
• This means that network
addresses.
All these addresses are invalid for
hosts! (Network & Broadcast)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
• Now take your IP address
192.100.10.17
• Find the address in one of
ranges.
• You will now be able to
192.100.10.17/28 - 16 Subnets
192.100.10.0
to
192.100.10.15
192.100.10.16
to
192.100.10.31
192.100.10.32
to
192.100.10.47
192.100.10.48
to
192.100.10.63
192.100.10.224
to
192.100.10.239
192.100.10.240
to
192.100.10.255
calculate the:
 Subnetwork address
 Broadcast Address
 Host Range
All these addresses are invalid for
hosts! (Network & Broadcast)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
New networks
25 users
192.168.10.192/27
10 users
192.168.10.224/28
INTERNET
50 users
0
64
/30
free
© 2010 Cisco and/or its affiliates. All rights reserved.
Free /26
•How many networks do you need?
•How large should they be?
•Begin with largest
•Watch for overlapping
128
Used /26
192
224
Used /27
/28
255
Fr.
Cisco Confidential
13
Task 1
• Divide class C network 192.168.168.0/24 for 3,5,10,20 subnets
Task 2
• Divide a class C network 192.168.168.0/24 for subnets that can fit 3,5,10,42,110 hosts
Task 3
• Given the IP address 192.168.168.168 find:
Mask written in decimal and binary
Network address
Broadcast address
Host address range
and possible gateway address
• Repeat this calculation for masks: /30, /29, /28, /27, /26, /25, /24, /23, /22, /21, /20
Task 4
Draw any network topology, which will require minimum 5 networks and address it using
class C range 192.168.16.0/24
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
14
Do not go to exam until you:
• Complete these 4 tasks
• Spend at least 3 hours for it
• Can make any subnet calculation in no more than 2 min.
• When done take wild example of 191.165.37.189/29 and say the
range of this network in 20 seconds
• You are master!
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
• Convert the decimal number 231 into its binary equivalent. Select
the correct answer from the list below.
11110010
11011011
11110110
11100111
11111110
Bits and Powers of 2
Decimal
Equivalent
128
64
32
16
8
4
2
1
1
1
1
0
0
1
1
1
© 2010 Cisco and/or its affiliates. All rights reserved.
231
Cisco Confidential
16
• Which three addresses are valid class C public addresses?
(Choose three)
 198.133.219.17
 192.168.1.245
 10.15.250.5
 128.107.12.117
 192.15.301.240
 64.104.78.227
Class
Private Address Range
Class A
10.0.0.0 to 10.255.255.255.255
Class B
172.16.0.0 to 172.31.255.255
Class C
192.168.0.0 to 192.168.255.255
 195.29.143.14
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
• Which addresses are valid host IP addresses given the subnet
mask 255.255.255.248? (Choose three)
Fourth Octet
128
64
32
16
8
4
2
1
1
1
1
1
0
0
0
248
0
1
0
1
0
1
1
1
87
220.100.100.154
0
1
1
0
1
0
0
0
104
200.152.2.160
0
1
1
0
0
1
0
0
100
196.123.142.190
1
0
0
1
1
0
1
0
154
1
0
1
0
0
0
0
0
160
1
0
1
1
1
1
1
0
190
192.168.200.87
194.10.10.104
223.168.210.100
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
• Given the network shown above, what is incorrect?
The IP address of the Fa0/0 interface at R1
The IP address of the S0/0/1 interface at R2
The IP address of the S0/0/0 interface at R1
The subnet mask of the S0/0/1 interface at R2
• The IP addresses on the serial link between R1 & R2 are within different subnets.
Available networks are:
192.168.1.80 - 1.83 1
192.168.1.84 – 1.87
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
Which network can be used for fa0/1 LAN of R3?
• 192.168.10.0/26
25 users
network /mask - ?
10 users
192.168.10.224/28
• 192.168.10.64/29
• 192.168.10.192/27
• 192.168.10.192/26
INTERNET
50 users
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
20
• Which access list statement will not allow users from networks
LAN1 and LAN2 to reach router B?
LAN1
LAN4
LAN2
LAN3
 Access-list 101 deny ip 192.168.10.64 0.0.0.31 any
 Access-list 101 deny ip 192.168.10.80 0.0.0.31 any
 Access-list 101 deny ip 192.168.10.80 0.0.0.15 any
 Access-list 101 deny ip 192.168.10.64 0.0.0.224 any
 Access-list 101 deny ip 192.168.10.80 0.0.0.240 any
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
• VLANs provide segmentation based on broadcast domains.
• VLANs logically segment switched networks based on the
functions, project teams, or applications of the organization
regardless of the physical location or connections to the network.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
172.30.1.21
255.255.255.0
VLAN 1
1 2 3 4 5 6 . Port
1 2 1 2 2 1 . VLAN
Important notes on VLANs:
Switch 1
172.30.2.12
255.255.255.0
VLAN 2
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
Two VLANs
Ÿ Two Subnets
1.
VLANs are assigned on the switch port. There is no “VLAN” assignment
done on the host (usually).
2.
In order for a host to be a part of that VLAN, it must be assigned an IP
address that belongs to the proper subnet.
Remember: VLAN = Subnet
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
24
• Trunk links carries many vlans together
• Packets inside of trunk links are tagged with VLAN ID
• Upon reaching the destination Switch the VLAN ID is removed
from the packet by the adjacent switch and forwarded to the
attached device.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
• Native VLAN contains carries
Un-tagged packets
• Native VLAN is set on
switches on both ends of a
link, and must match on both
ends
 By default, VLAN 1 is the native VLAN and should only be used to carry
control traffic, CDP, VTP, PAgP, and DTP. This information is
transmitted across trunk links UNtagged.
 User VLANs should not include the native VLAN, VLAN 1. This
information will be sent as tagged frames across TRUNK links.
 The Management VLAN should be a VLAN separate from the user
VLANs and should not be the native VLAN. This will ensure access to
networking devices in case of problems with the network.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
 Configuring VLAN 20 to be used with network 192.168.20.0/24
 Create the VLAN:
Switch(config)#vlan 20
Switch(config-vlan)#name Users
Switch(vlan)#exit
 Assigning access ports (non-trunk ports) to a specific VLAN
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan 20
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
Switch(config)#interface fastEthernet 0/10
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 99
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
Switch#show interfaces trunk
Port
Fa0/10
Port
Fa0/10
Port
Fa0/10
Port
Fa0/10
© 2010 Cisco and/or its affiliates. All rights reserved.
Mode
on
Encapsulation Status
802.1q
trunking
Native vlan
99
Vlans allowed on trunk
1-1005
Vlans allowed and active in management domain
1,20,30
Vlans in spanning tree forwarding state and not pruned
1,20,30
Cisco Confidential
29
 VTP servers advertise the VLAN information to other VTPenabled switches in the same VTP domain.
 You cannot create, change, or delete VLANs on a VTP client.
 Transparent switches forward VTP advertisements to VTP
clients and VTP servers.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
Common VTP issues
VTP domain name mismatch
Incompatible version
Wrong operating mode
VTP password issues
Configuration revision issues
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
Vlan 10: “for all”
Vlan 20: “directors”
Vlan 50: “service”
Vlan 80: “clients”
Vlan 10: “for all”
Vlan 20: “directors”
My configuration revision # is 4
My configuration revision # is 5
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
Vlan 10: “for all”
Vlan
20: “directors”
ONLY
Vlan
“service”
Vlan50:
110:
“strange”
Vlan 80: “clients”
My Rev.# is higher.
Here are my updates
Old SW
My configuration revision # is 5
© 2010 Cisco and/or its affiliates. All rights reserved.
Vlan 110: “strange”
My configuration revision # is 20
New SW
Cisco Confidential
33
RT_1 is configured correctly with
IP addresses and passwords but
none of the computers can ping or
telnet to RT_1. Which series of
commands would correct the
problem?
 RT_1(config)# interface fa0/1
RT_1(config-if)# no shutdown
 SW_1(config)# interface fa0/24
SW_1(config-if)# switchport mode
client
© 2010 Cisco and/or its affiliates. All rights reserved.
 RT_1(config)# interface fa0/1
RT_1(config-if)# encapsulation trunk
dot1q 24
 SW_1(config)# interface fa0/24
SW_1(config-if)# switchport mode trunk
Cisco Confidential
34
A new VLAN is added to Switch3.
This VLAN does not show up on the other switches.
What is the reason for this?
 VLANs cannot be created on transparent mode switches.
 Transparent mode switches do not forward VTP advertisements.
 VLANs created on transparent mode switches are not included in VTP
advertisements.
 Server mode switches neither listen to nor forward VTP messages from transparent
mode switches.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
35
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
36
IPv4 32-bits
IPv6 128-bits
32
= 4,294,967,296
2
128
= 340,282,366,920,938,463,463,374,607,431,768,211,456
2
Number of grains of sand on Earth is approx 4.8 x1021
Each grain can have 7,089,215,977,519,551 IP numbers
or 1,650,168 complete IPv4 address ranges
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
37
• 16-bit hexadecimal numbers
• Numbers are separated by (:)
• Hex numbers are not case sensitive
• Abbreviations are possible
Leading zeros in contiguous block could be represented by (::)
Example:
2001:0db8:0000:130F:0000:0000:087C:140B
2001:0db8:0:130F::87C:140B
Double colon only appears once in the address
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
38
• In IPv6 network and host representation you attach the prefix
length
• Like IPv4 address:
198.10.0.0/16
• IPv6 address is represented the same way:
2001:db8:12::/48
• Only leading zeros are omitted. Trailing zeros are not omitted
2001:0db8:0012::/48 = 2001:db8:12::/48
2001:db8:1200::/48 ≠ 2001:db8:12::/48
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
39
EUI-64
• EUI-64 address:
00
90
90
27
27
17
FC 0F
Insert “FFE” in middle
• Invert ‘U’ bit to
identify uniqueness
of MAC
00
17
FF
00
90
27
FF
• Ethernet MAC
address (48 bits)
• 64 bits version
• Uniqueness of the MAC
000000U0 where U=
U=1
02
90
27
FF
FC 0F
FE
FE
17
FC 0F
1 = unique
0 = not unique
FE
17
FC 0F
• EUI-64 address
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
40
• A wide range of techniques have been identified and implemented,
basically falling into three categories:
(1) Dual-stack techniques, to allow IPv4 and IPv6 to
co-exist in the same devices and networks
(2) Tunneling techniques, to avoid order dependencies
hosts, routers, or regions
when upgrading
(3) Translation techniques, to allow IPv6-only devices to communicate with
IPv4-only devices
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
41
 RIPng (RFC 2080)
 OSPFv3 (RFC 2740)
 Cisco EIGRP for IPv6
 ISIS for IPv6
 MP-BGP4 (RFC 2858/2545)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
42
A network administrator wants to connect two IPv6 islands. The easiest way is
through a public network that uses only IPv4 equipment. What simple solution
solves the problem?
 Replace the devices on the public network with devices that support IPv6.
 Configure RIPng on the border routers of each IPv6 island.
 Configure the routers to take advantage of dual-stack technology.
 Use tunneling to encapsulate the IPv6 traffic in the IPv4 protocol.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
43
From the list below what are three valid IPv6 addresses?
 ::
 ::192:168:1:1
 2302::
 1202:4you:5red:star:0990:mine:88:01
 2233:2233:4455:8765::
 2233:a87d:80:d::12
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
44
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
45
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
46
192.168.101.0/24
209.165.200.1
NAT
LAN 50 users
129.10.20.1/30
Given the network topology make configurations on R2 to enable 50 users
from R1 LAN to access internet.
Possible solution:
R2(config)#access-list 1 permit 192.168.101.0 0.0.0.255
R2(config)#ip nat inside source list 1 interface s 0/0/0 overload
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
47
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
48
• In today’s session, we have covered:
• IP addressing
 Subnetting and IP addressing calculation
VLSM
• VLANs
 Understanding VLANs
Vlan Trunks and Native Vlans
VTP operation
• IPv6
IPv6 addressing
v4/v6 transition methods
• NAT
 How NAT works
• Remember - recommended reading:
 CCNA/ICND 2 Official Exam Certification Guide
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
49
Thank you.