510 likes | 700 Views
CCNA Certification Preparation Session 3 of 4 April , 2012. Jaskaran Kalsi & Bogdan Doinea Assoc. Technical Managers Europe/ CEE / RCIS Cisco Networking Academy . Agenda. IP addressing. VLANs. IPv6. NAT. Impossible to cover all topics for CCNA Certification in a one hour session
E N D
CCNA Certification PreparationSession 3 of 4April, 2012 Jaskaran Kalsi & Bogdan Doinea Assoc. Technical Managers Europe/CEE/RCIS Cisco Networking Academy
Agenda IP addressing VLANs IPv6 NAT Impossible to cover all topics for CCNA Certification in a one hour session Session is about “how to prepare for the CCNA Exam”, not about “covering all CCNA knowledge in one hour”
Private IP Addresses • Remember: Private Address are not permitted onto the public domain. • These Private Addresses will need to be exchanged with more Public Addresses. • Process is know is Network Address Translation (NAT).
Subnet Mask ANDing Process Network Address: 192.168.2.0
Possible subnet masks? • Minimum value for an octet is 0 • Maximum value for an octet is 255
How to calculate without SubnetCalc? • Take an IP address with mask 192.100.10.17/28 • See how many bits are borrowed from 4th octet. • 4 bits borrowed. • This means that network portion has 4 bits remaining = 16 host addresses. • Each subnet has 16 addresses. All these addresses are invalid for hosts! (Network & Broadcast)
How to calculate without SubnetCalc? • Now take your IP address 192.100.10.17 • Find the address in one of ranges. • You will now be able to calculate the: • Subnetwork address • Broadcast Address • Host Range All these addresses are invalid for hosts! (Network & Broadcast)
VLSM subnetting New networks 25 users 192.168.10.192/27 10 users 192.168.10.224/28 INTERNET • How many networks do you need? • How large should they be? • Begin with largest • Watch for overlapping 50 users 224 0 64 128 192 255
Your homework before you go for exam Task 1 • Divide class C network 192.168.168.0/24 for 3,5,10,20 subnets Task 2 • Divide a class C network 192.168.168.0/24 for subnets that can fit 3,5,10,42,110 hosts Task 3 • Given the IP address 192.168.168.168 find: • Mask written in decimal and binary • Network address • Broadcast address • Host address range • and possible gateway address • Repeat this calculation for masks: /30, /29, /28, /27, /26, /25, /24, /23, /22, /21, /20 Task 4 Draw any network topology, which will require minimum 5 networks and address it using class C range 192.168.16.0/24
Check your self… twice! Do not go to exam until you: • Complete these 4 tasks • Spend at least 3 hours for it • Can make any subnet calculation in no more than 2 min. • When done take wild example of 191.165.37.189/29 and say the range of this network in 20 seconds • You are master!
Expected Questions • Convert the decimal number 231 into its binary equivalent. Select the correct answer from the list below. 11110010 11011011 11110110 11100111 11111110
Expected Questions • Which three addresses are valid class C public addresses? (Choose three) • 198.133.219.17 • 192.168.1.245 • 10.15.250.5 • 128.107.12.117 • 192.15.301.240 • 64.104.78.227 • 195.29.143.14
Expected Questions • Which addresses are valid host IP addresses given the subnet mask 255.255.255.248? (Choose three) 192.168.200.87 194.10.10.104 223.168.210.100 220.100.100.154 200.152.2.160 196.123.142.190
Expected Questions • Given the network shown above, what is incorrect? The IP address of the Fa0/0 interface at R1 The IP address of the S0/0/1 interface at R2 The IP address of the S0/0/0 interface at R1 The subnet mask of the S0/0/1 interface at R2 • The IP addresses on the serial link between R1 & R2 are within different subnets. Available networks are: • 192.168.1.80 - 1.83 1 • 192.168.1.84 – 1.87
Expected questions 25 users network /mask - ? 10 users 192.168.10.224/28 Which network can be used for fa0/1 LAN of R3? • 192.168.10.0/26 • 192.168.10.64/29 • 192.168.10.192/27 • 192.168.10.192/26 INTERNET 50 users
Expected Questions • Which access list statement will not allow users from networks LAN1 and LAN2 to reach router B? • Access-list 101 deny ip 192.168.10.64 0.0.0.31 any • Access-list 101 deny ip 192.168.10.80 0.0.0.31 any • Access-list 101 deny ip 192.168.10.80 0.0.0.15 any • Access-list 101 deny ip 192.168.10.64 0.0.0.224 any • Access-list 101 deny ip 192.168.10.80 0.0.0.240 any LAN1 LAN4 LAN2 LAN3
What are VLANs? • VLANs provide segmentation based on broadcast domains. • VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless of the physical location or connections to the network.
VLAN operation Important notes on VLANs: • VLANs are assigned on the switch port. There is no “VLAN” assignment done on the host (usually). • In order for a host to be a part of that VLAN, it must be assigned an IP address that belongs to the proper subnet. • Remember: VLAN = Subnet
Trunk links • Trunk links carries many vlans together • Packets inside of trunk links are tagged with VLAN ID • Upon reaching the destination Switch the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device.
Native VLAN • Native VLAN contains carries Un-tagged packets • Native VLAN is set on switches on both ends of a link, and must match on both ends • By default, VLAN 1 is the nativeVLAN and should only be used to carry control traffic, CDP, VTP, PAgP, and DTP. This information is transmitted across trunk links UNtagged. • User VLANs should not include the native VLAN, VLAN 1. This information will be sent as tagged frames across TRUNK links. • The Management VLAN should be a VLANseparate from the user VLANs and should not be the native VLAN. This will ensure access to networking devices in case of problems with the network.
Configuring VLANs • Configuring VLAN20 to be used with network 192.168.20.0/24 • Create the VLAN: • Switch(config)#vlan20 • Switch(config-vlan)#name Users • Switch(vlan)#exit • Assigning access ports (non-trunk ports) to a specific VLAN • Switch(config)#interface fastethernet 0/9 • Switch(config-if)#switchport access vlan20
Configuring VLAN Trunk Switch(config)#interface fastEthernet 0/10 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99
Verifying VLAN Trunk Switch#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/10 on 802.1qtrunking99 Port Vlans allowed on trunk Fa0/10 1-1005 Port Vlans allowed and active in management domain Fa0/10 1,20,30 Port Vlans in spanning tree forwarding state and not pruned Fa0/10 1,20,30
VTP Modes • VTP serversadvertise the VLAN information to other VTP-enabled switches in the same VTP domain. • You cannot create, change, or delete VLANs on a VTP client. • Transparent switches forward VTP advertisements to VTP clients and VTP servers.
Configuration revision problem Vlan 10: “for all” Vlan 20: “directors” Vlan 50: “service” Vlan 80: “clients” Vlan 10: “for all” Vlan 20: “directors” My configuration revision # is 4 My configuration revision # is 5
Configuration revision problem Vlan 10: “for all” Vlan 20: “directors” Vlan 50: “service” Vlan 80: “clients” My Rev.# is higher. Here are my updates ONLY Vlan 110: “strange” Vlan 110: “strange” My configuration revision # is 20 Old SW New SW My configuration revision # is 5
Expected Questions RT_1 is configured correctly with IP addresses and passwords but none of the computers can ping or telnet to RT_1. Which series of commands would correct the problem? • RT_1(config)# interface fa0/1RT_1(config-if)# no shutdown • SW_1(config)# interface fa0/24SW_1(config-if)# switchport mode client • RT_1(config)# interface fa0/1RT_1(config-if)# encapsulation trunk dot1q 24 • SW_1(config)# interface fa0/24SW_1(config-if)# switchport mode trunk
Expected questions A new VLAN is added to Switch3. This VLAN does not show up on the other switches. What is the reason for this? • VLANs cannot be created on transparent mode switches. • Transparent mode switches do not forward VTP advertisements. • VLANs created on transparent mode switches are not included in VTP advertisements. • Server mode switches neither listen to nor forward VTP messages from transparent mode switches.
IPv6 Addressing IPv4 32-bits IPv6 128-bits 32 = 4,294,967,296 2 128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 2 Number of grains of sand on Earth is approx 4.8 x1021 Each grain can have 7,089,215,977,519,551 IP numbers or 1,650,168 complete IPv4 address ranges
Addressing Format - Representation • 16-bit hexadecimal numbers • Numbers are separated by (:) • Hex numbers are not case sensitive • Abbreviations are possible • Leading zeros in contiguous block could be represented by (::) • Example: • 2001:0db8:0000:130F:0000:0000:087C:140B • 2001:0db8:0:130F::87C:140B • Double colon only appears once in the address
Addressing – no subnet mask • In IPv6 network and host representation you attach the prefix length • Like IPv4 address: • 198.10.0.0/16 • IPv6 address is represented the same way: • 2001:db8:12::/48 • Only leading zeros are omitted. Trailing zeros are not omitted • 2001:0db8:0012::/48 = 2001:db8:12::/48 • 2001:db8:1200::/48 ≠ 2001:db8:12::/48
Using the MAC AddressGlobal Unicast Addresses • EUI-64 address: Insert “FFE” in middle • Invert ‘U’ bit to identify uniqueness of MAC • Ethernet MAC address (48 bits) • 64 bits version • Uniqueness of the MAC • EUI-64 address EUI-64 00 90 27 17 FC 0F 00 90 27 17 FC 0F FF FE 00 90 27 FF FE 17 FC 0F 1 = unique 0 = not unique 000000U0 where U= U = 1 27 0F 02 90 FF FE 17 FC
IPv4-IPv6 Transition/Coexistence • A wide range of techniques have been identified and implemented, basically falling into three categories: • (1) Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks • (2) Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions • (3) Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices
IPv6 Routing Protocols • RIPng (RFC 2080) • OSPFv3 (RFC 2740) • Cisco EIGRP for IPv6 • ISIS for IPv6 • MP-BGP4 (RFC 2858/2545)
Expected questions A network administrator wants to connect two IPv6 islands. The easiest way is through a public network that uses only IPv4 equipment. What simple solution solves the problem? • Replace the devices on the public network with devices that support IPv6. • Configure RIPng on the border routers of each IPv6 island. • Configure the routers to take advantage of dual-stack technology. • Use tunneling to encapsulate the IPv6 traffic in the IPv4 protocol.
Expected questions From the list below what are three valid IPv6 addresses? • :: • ::192:168:1:1 • 2302:: • 1202:4you:5red:star:0990:mine:88:01 • 2233:2233:4455:8765:: • 2233:a87d:80:d::12
Expected questions 192.168.101.0/24 209.165.200.1 NAT LAN 50 users 129.10.20.1/30 Given the network topology make configurations on R2 to enable 50 users from R1 LAN to access internet. Possible solution: R2(config)#access-list 1 permit 192.168.101.0 0.0.0.255 R2(config)#ipnat inside source list 1 interface s 0/0/0 overload
Summary • In today’s session, we have covered: • IP addressing • Subnetting and IP addressing calculation • VLSM • VLANs • Understanding VLANs • Vlan Trunks and Native Vlans • VTP operation • IPv6 • IPv6 addressing • v4/v6 transition methods • NAT • How NAT works • Remember - recommended reading: • CCNA/ICND 2 Official Exam Certification Guide