Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)

Address Resolution Protocol (ARP) is used when a device knows the IP address of a remote device, but not its MAC address.

If the Layer 3 address (the IP address) of the remote device is known, why does the Layer 2 address need to be found? When the data is sent, the destination MAC address must be sent with it.

As network devices learn the MAC addresses of other devices on the network, they build ARP caches. This local cache is checked for the proper MAC address, and if the MAC address is not found here, ARP will send out a broadcast containing the known IP address. The remote device with the matching IP address will respond with its MAC address. All other devices will ignore the ARP request.


Reverse Address Resolution Protocol (RARP) is used in the opposite situation; the MAC address is known and the IP address is not. Used when a workstation is diskless (that is, the workstation does not have its own hard drive), because the diskless workstation has no way to know its own IP address. It will know its own hardware address, though.

The diskless workstation will send out a packet with its MAC address and a request for its own IP address. A device specifically configured to respond to this request, the RARP server, will send a packet back to the diskless workstation containing the desire IP address.

The Data Encapsulation Process at protocol data units (PDUs)

As data is passed from the Application Layer to the Physical layer, a layer-specific header is added at each layer. The information contained in the header is specific to the protocol and the layer that added it. These headers are called protocol data units (PDUs).

Tracing the process from the top of the OSI model down reveals what PDUs are used at each layer.

1. At the top three layers (Application, Presentation, and Session), the data is referred to as data.
2. This data stream is broken up at the Transport layer. A Transport layer-specific header is added to each piece of the broken-up stream, and the result is a data segment.
3. The data segments are then sent to the Network layer for Layer 3 routing. A Layer 3-specific header is added, creating a packet.
4. The packets are sent to the Data Link layer. The Data Link layer will encapsulate each packet into a frame. The frame header identifies the source and destination hardware address, the MAC address.
5. The physical layer will convert these frames into bits that can then be transmitted on the physical wire.

Half-Duplex and Full-Duplex Ethernet: Theory vs. Reality

Half-duplex Ethernet connections contain one set of wires, basically meaning that a device can transmit or receive, but cannot do both at the same time. Half-duplex uses the CSMA/CD of transmitting data that was defined at the beginning of this section.

A 10MBPS (megabits per second) half-duplex port sounds like it would allow 10MBPS, but in reality, it will not. The inability to send and transmit data simultaneously inherently slows connection speed down, and the nature of CSMA/CD means that an Ethernet port will be told on occasion that it cannot transmit.

Full-duplex Ethernet contains two set of wires, allowing devices to transmit and receive simultaneously. Since the incoming data is traveling on a different set of wires than the outgoing data, there are no collisions. Theoretically, on a 100 MBPS full-duplex connection, the port should be able to transmit at 100 MBPS and send at 100 MBPS for an overall transmission of 200 MBPS.

Ethernet Data Transmission And Cabling Types

Ethernet is a data transmission method where each host on the network share a link’s bandwidth equally. Ethernet utilizes Carrier Sense Multiple Access with Collision Detection (CSMA/CD), meaning that before a host on an Ethernet network will transmit, it listens for a signal on the Ethernet wire first to see if another host is currently transmitting. If the wire is silent, the host will begin transmitting.

If another host attempts to transmit while the first host is still transmitting, the sending host will transmit a jam signal informing all hosts on the wire to stop transmitting. The nodes that receive that jam signal will not attempt to transmit for a certain period of time.

Cisco’s Three-Layer Hierarchical Model

Cisco uses another model of its own to describe the design of a network. This model consists of three layers.

The core layer is the “center” of this model. Its sole purpose is to switch the network’s traffic as quickly as possible. The distribution layer is comprised of routers, and routing is the task this layer handles. The access layer is the layer closest to the end users, and controlling their access to network resources is the access layer’s primary function.

Whats is The Data Link Layer?

The Data Link Layer delivers data frames using the hardware addres or MAC Address. The MAC address is a hexadecimal address unique to that particular device. The Data Link layer breaks a segment into frames and encapsulates the frame with a header that contains the source and destination MAC address.

The Data Link Layer is generally referred to as “Layer 2”, and MAC addresses as “Layer 2 addresses”. Error control and notification are performed on frames at this level.

Routed Protocols vs. Routing Protocols

It’s easy to get a little confused about these two terms, but just as easy to keep them straight. Routed Protocols actually get routed, like IP is routed.

Routing Protocols such as EIGRP or RIP do the routing. They discover and exchange routes that the routed protocols will be taking.

Troubleshooting IP Routing

First, this chapter covers some topics that are not covered elsewhere in this book, namely some troubleshooting commands on both hosts and routers. Second, this chapter reviews the core concepts of addressing and routing, but with a focus on how to approach new problems to analyze and understand how to troubleshoot any problems. Additionally, this chapter includes a troubleshooting scenario that shows how to use some of the tools and concepts from earlier in this chapter, with an opportunity for you to try and discover the problems before the text explains the answers.

Routing Protocol Concepts and Configuration

The United States Postal Service routes a huge number of letters and packages each day. To do so, the postal sorting machines run fast, sorting lots of letters. Then the letters are placed in the correct container and onto the correct truck or plane to reach the final destination. However, if no one programs the letter-sorting machines to know where letters to each ZIP code should be sent, the sorter cannot do its job. Similarly, Cisco routers can route many packets, but if the router does not know any routes—routes that tell the router where to send the packets—the router cannot do its job.

Operating Cisco Routers

Routers differ from switches in terms of their core purposes. Switches forward Ethernet frames by comparing the frame’s destination MAC address to the switch’s MAC address table, whereas routers forward packets by comparing the destination IP address to the router’s IP routing table. Ethernet switches today typically have only one or more types of Ethernet interfaces, whereas routers have Ethernet interfaces, serial WAN interfaces, and other interfaces with which to connect via cable and digital subscriber line (DSL) to the Internet. Routers understand how to forward data to devices connected to these different types of interfaces, whereas Ethernet switches focus solely on forwarding Ethernet frames to Ethernet devices. So, while both switches and routers forward data, the details of what can be forwarded, and to what devices, differ significantly.

IP Addressing and Subnetting

The concepts and application of IP addressing and subnetting may well be the most important topics to understand both for being a well-prepared network engineer and for being ready to do well on the ICND1, ICND2, and CCNA exams. To design a new network, engineers must be able to begin with some IP address range and break it into subdivisions called subnets, choosing the right size of each subnet to meet design requirements. Engineers need to understand subnet masks, and how to pick the right masks to implement the designs that were earlier drawn on paper. Even more often, engineers need to understand, operate, and troubleshoot pre-existing networks, tasks that require mastery of addressing and subnetting concepts and the ability to apply those concepts from a different perspective than when designing the network.

If mask 255.255.255.128 were used with a Class B network, how many subnets could exist, with how many hosts per subnet, respectively?

a. 256 and 256
b. 254 and 254
c. 62 and 1022
d. 1022 and 62
e. 512 and 126
f. 126 and 510

Which of the following shows the equivalent of subnet mask 255.255.248.0, but in prefix notation?

a. /248
b. /24
c. /28
d. /21
e. /20
f. /23

Which of the following answer choices are correct characteristics of named access list? (Select all that apply)

A. You can delete individual statements in a named access list
B. Named access lists require a numbered range from 1000 to 1099.
C. Named access lists must be specified as standard or extended.
D. You can use the ip access-list command to create named access lists.
E. You cannot delete individual statements in a named access list.
F. You can use the ip name-group command to apply named access lists.
Answer: A, C, D
Explanation:
Named access lists have two advantages over numbered access lists: the first one being
that a name is easier to remember and the second being the fact that you can delete
individual statements in a named access list. That makes A correct.
When you create a named access list you use the ip access-list command, and you have to
specify whether it's standard or extended (since there are no numbers). So C and D are
both correct. An example from the textbook is the command, "ip access-list extended
Barney"
Incorrect Answers:
B. Named access lists don't require a number range from 1000 to 1099 so B is incorrect.
E. Answer choice E is not true.
F. This is incorrect because the command ip name-group is absolutely unnecessary.

Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?

A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
B. access-list 115 deny udp any 10.10.1.0 eq telnet
C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23


Answer: D

Explanation:

Telnet uses port TCP port 23. Since we are using source and destination IP address information, an extended access list is required. Extended access lists are access lists in the 100-199 range.


Incorrect Answers:
A, C, E. These access lists are numbered 15. Standard access lists are numbered 1-99, and in this case an extended access lists is required.
B. This access list specifies UDP port 23, and TCP port 23 is the port used by telnet.

Which of the following are benefits provided with access control lists (ACLs)?

A. ACLs monitor the number of bytes and packets.
B. Virus detection.
C. ACLs dentify interesting traffic for DDR.
D. ACLs provide IP route filtering.
E. ACLs provide high network availability.
F. ACLs classify and organize network traffic.


Answer: C, D

Explanation:
IP access control lists allow a router to discard some packets based on criteria defined by
the network engineer. The goal of these filters is to prevent unwanted traffic in the
network - whether to prevent hackers from penetrating the network or just to prevent
employees from using systems they should not be using.
IP access lists can also be used to filter routing updates, to match packets for
prioritization, to match packets for prioritization, to match packets for VPN tunneling,
and to match packets for implementing quality of service features. It is also used to
specify the interesting traffic, which is used to trigger ISDN and Dial on Demand Routing
(DDR) calls.

Incorrect Answers:
A, F. ACLs do not provide for management and traffic analysis functions such as the
monitoring and organization of network packets.
routinely provide for virus detection and removal.
E. ACLs alone do not provide for any additional level of network availability.

Which command will configure a default route on a router?

A. router(config)# ip route 0.0.0.0 10.1.1.0 10.1.1.1
B. router(config)# ip default-route 10.1.1.0
C. router(config)# ip default-gateway 10.1.1.0
D. router(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1

Answer: D

Explanation:
The command "IP route 0.0.0.0 0.0.0.0 " command is used to configure a default route. In this case, a default route with a next hop IP address of 10.1.1.1 was configured.

Incorrect Answers:
A. This will be an invalid route, since the "10.1.1.0" value will specify the network mask, which in this case is invalid.
B, C. These commands are invalid. The command "ip default-network" could be used, bit not "ip default-route" or "ip default-gateway".

Which one of the following commands would you enter to terminate a VTY line session?

A. close
B. disable
C. disconnect
D. suspend
E. exit
F. None of the above

Answer: E

Explanation:
A VTY line is a telnet session. To end a telnet session from a remote device, enter the exit or logout command.

Incorrect Answers:
A, B, C, D. These are all invalid commands.

RIP version 2 is being used as the routing protocol within the Testking network. What does RIP version 2 use to prevent routing loops? (Choose two)

A. CIDR
B. Split horizon
C. Authentication
D. Classless masking
E. Hold-down timers
F. Multicast routing updates
G. Path Vectoring


Answer: B, E


Explanation:

Distance Vector routing protocols employ the split horizon mechanism to reduce thepossibility of routing loops. Split horizon blocks information about routes from being advertised by a router out of any interface from which that information originated.
RIP versions 1 and 2 also use the concept of hold timers. When a destination has become unreachable (or the metric has increased enough to cause poisoning), the destination goes into "holddown". During this state, no new path will be accepted for the same destination for this amount of time. The hold time indicates how long this state should last.

Incorrect Answers:
A, C, D, F. Although these are all features and functions of RIP version 2, they are not mechanisms used to prevent routing loops.
G. Path Vectoring is a concept used by BGP routers. RIP version 1 and 2 are considered to be distance vector routing protocols.

Which of the following routing protocols do NOT support VLSM (variable length subnet masking)? (Choose all that apply).

Which of the following routing protocols do NOT support VLSM (variable length
subnet masking)? (Choose all that apply).

A. RIPv1
B. IGRP
C. EIGRP
D. OSPF
E. IS-IS
F. RIPv2

Answer: A, B

Explanation:
RIP version 1 and IGRP are classful IP routing protocols. They do not support variable length subnet masks.

Incorrect Answers:
C, D, E, F. Static routing, OSPF, IS-IS, EIGRP, BGP, and RIP version 2 all support
VLSM.

Which of the following routing protocols support the use of VLSM (Variable Length Subnet Masking)? (Select three)

A. RIPv1
B. EIGRP
C. OSPF
D. IGRP
E. RIPv2
Answer: B, C, E

Explanation:
Static routing, OSPF, IS-IS, EIGRP, BGP, and RIP version 2 all support VLSM.

Incorrect Answers:
A, D. RIPv1 and IGRP do not support VLSM.

You need to choose a routing protocol for a new Testking network. This network will be running IP, IPX, and Appletalk, and you wish to utilize only on

You need to choose a routing protocol for a new Testking network. This network
will be running IP, IPX, and Appletalk, and you wish to utilize only one routing
protocol. Which one would be the best choice?

A. OSPF
B. EIGRP
C. RIP v2
D. IGRP
E. RIP v1'


Answer: B
Explanation:
Only EIGRP provides routing protocol support for IP, IPX, and Appletalk networks.

Which of the following routing protocols do NOT support VLSM (variable length subnet masking)?

RIPv1
IGRP
Explanation/Reference:
Explanation:
RIP version 1 and IGRP are classful IP routing protocols. They do not support variable length subnet masks.

Incorrect Answers:
C, D, E, F. Static routing, OSPF, IS-IS, EIGRP, BGP, and RIP version 2 all support VLSM.

You need to configure a single router into load balancing traffic across 4 unequal cost paths. Which routing protocols can satisfy this requirement?

A. RIP v1
B. RIP v2
C. IGRP
D. EIGRP
E. OSPF
F. IS-IS


Answer: C, D

Explanation:
In general, load balancing is the capability of a router to distribute traffic over all its network ports that are the same distance from the destination address. Load balancing increases the utilization of network segments, thus increasing effective network bandwidth. There are two types of load balancing: equal cost path and unequal cost path.
Every routing protocol supports equal cost path load balancing. In addition to that, IGRP and EIGRP also support unequal cost path load balancing, which is known as variance. The variance command instructs the router to include routes with a metric less than n times the minimum metric route for that destination, where n is the number specified by the variance command. The variable n can take a value between 1 and 128, with thedefault being 1, which means equal cost load balancing (variance for example. Traffic is also distributed proportionally among unequal cost links, with respect to the metric.

In network that support VLSM, which network mask should be used for point-to-point WAN links in order to reduce waste of IP addresses?

A. /24
B. /30
C. /27
D. /26
E. /32

Answer: B

Explanation:
A 30-bit mask is used to create subnets with two valid host addresses. This is the exact number needed for a point-to-point connection.

Which of the following IP addresses for the network 27.35.16.32/28 can be assigned to hosts? (Choose three)

A. 27.35.16.32
B. 27.35.16.33
C. 27.35.16.48
D. 27.35.16.47
E. 27.35.16.45
F. 27.35.16.44
Answer: B, E, F

Explanation:
25 26 27 /28
.128 64 32 16 8 4 2 1
/28 0 0 0 0 1 1 1 1
network 32 0 0 1 0 0 0 0 0
next network 0 0 1 1 0 0 0 0
(which
equals 48)
Range of host values are:
RANGE 0 0 1 0 0 0 0 1
TO RANGE 0 0 1 0 1 1 1 0
network is 32
the next network is 32 + 16 = 48
the range is 32 + 1 to 48 - 2.
this results in a range 33 to 46.
and b, e, f
Incorrect Answers:
A, C. These choices are both network addresses.
D. This is a broadcast address.

Your TestKing trainee Bob asks you what 11111001 binary is in decimal. What should you tell him?

A. 6
B. 193
C. 225
D. 241
E. 249


Answer: E
Explanation:
The binary number 11111001 translates to 128 + 64+32+16+8+1 = 249

If an Ethernet port on router was assigned an IP address of 172.16.112.1/20, what the maximum number of hosts allowed on this subnet?

A. 1024
B. 2046
C. 4094
D. 4096
E. 8190
Answer: C
Explanation:
Given IP address of 172.16.112.1 / 20,
subnet mask: 255.255.240.0
max. num of hosts =(( 2^12) -2 ) = 4096-2 = 4094

Which of the following IP addresses fall into the CIDR block of 115.54.4.0/22?

A. 115.54.8.32
B. 115.54.7.64
C. 115.54.6.255
D. 115.54.3.32
E. 115.54.5.128
F. 115.54.12.128

Answer: B, C, E

Explanation:

Given CIDR block of 115.54.4.0 /22:
subnet mask : 255.255.252.0 theIP address range would be 115.54.4.1 to 115.54.7.254. Therefore, 115.54.5.128 (E),115.54.6.255 (C) and 115.54.7.64 (B) are correct.

Which of the following are true regarding a network using a subnet mask of 255.255.248.0? (Choose three)

A. It corresponds to a Class A address with 13 bits borrowed.
B. It corresponds to a Class B address with 4 bits borrowed.
C. The network address of the last subnet will have 248 in the 3rd octet.
D. The first 21 bits make the host portion of the address.
E. This subnet mask allows for 16 total subnets to be created.
F. The subnetwork numbers will be in multiples of 8.

Answer: A, C, F


Explanation:
This subnet mask includes the first 5 bits within the third octet, so for a class A address 13 bits will be used for the mask (8 bits in the second octet plus 5 in the third).
Since the first 5 bits are used in this octet, that means that remaining 3 bits in this octet will be available for hosts, so each network will be a factor of 8, making the last availablesubnet with a .248 in the third octet.