04 0789737132 ch01ptgmedia.pearsoncmg.com/images/9780789737137/index/... · 2009. 6. 9. ·...
TRANSCRIPT
Index
NUMBERS3-layer hierarchical models. See hierarchical models3DES (Triple Data Encryption Standard algorithm),
IPsec encryption, 81810-Gigabit Ethernet (10GbE), 9310BASE-FL Ethernet networks, 8910BASE-T Ethernet networks, 8910BASE2 Ethernet networks, 8810BASE5 Ethernet networks, 89100BASE-FX, 90100BASE-T4, 90100BASE-TX, 90802.11 (wireless networks), 560-561
802.11a, 63-64, 567802.11b, 63-64, 567802.11g, 63-64, 567-568802.11i (WPA2), wireless network security, 584802.11n, 568channel surfing, 565data transmission, 562-563IEEE, 561ITU-R, 561overlapping signals, 564-565RF bands, 563-564Wi-Fi Alliance, 561
802.1q trunks, VLAN, 508-510802.1x (wireless authentication), 585-586802.3. See Ethernet802.3u. See Fast Ethernet1000BASE-T, 911000BASE-X, 92
AAAA (Authentication, Authorization, Accounting),
network security, 122, 125ABR (Area Border Routers), 397access attacks
man-in-the-middle attacks, 116network security, 837
32_0789737132_index.qxd 11/20/07 6:54 PM Page 943
944
password attacks, 115port redirection, 116trust exploitation, 116
Access layer (hierarchical models), 34access lists
extended access lists, 869-872functions of, 869interfaces, applying to, 870“permit all” statements, 872standard access lists, 869, 872TCP port numbers, 871UDP port numbers, 872verifying, 872vty ports, applying to, 870
access ports, 503access rates (local), Frame Relay, 877access-group command, 618access-list command, 610, 614ACK packets, 28ACL (Access Control Lists), 604
deny statements, 604-606Dial-on-Demand routing, 608extended ACL
blocking subnets, 626-630configuring, 620-626restricting HTTP/HTTPS access, 631-632
IOS formatting, 606named ACL, configuring, 632-633NAT, 609network security, 123-125packet filtering, 607permit statements, 604-606QoS, 608route filtering, 609standard ACL
configuring, 610-613isolating networks, 616-619placement of, 614-615restricting VTY access, 619verifying, 613-614
verifyingshow ip access-lists command, 636show ip interface command, 635show running-config command, 634
ACTIVE states (PVC), 769ad hoc wireless networks, 587adjacnecy tables. See neighbor tablesadministration routing distances (default), 857-858administrative distances (IOS), 324advanced distance vector routing protocols. See
balanced hybrid routing protocolsAdvanced NAT wizard (NAT Configuration window),
663-669advertised distances, neighbor routers, 419AES (Advanced Encryption Standard algorithm),
IPsec encryption, 818AH (Authentication Headers), IPsec, 822ambiguous command syntax errors, IOS, 845answers (practice exams), 901-909AP (Access Points), wireless networks
BSS, 588ESS, 588troubleshooting, 593
Application layerOSI model, 16-17
functions of, 829protocols list, 830
TCP/IP model, 26-27area command, OSPF, 409areas (link-state routing protocols), 395-398ARP (Address Resolution Protocol), 33
Inverse ARP, 765Proxy ARP, 137RARP, 137
asynchronous serial interfaces, 188ATM (Asynchronous Transfer Mode), WAN, 726-727attenuation, 57authentication
802.1x (wireless authentication), 585-586IPsec, VPN, 820PPP, 729, 875-876
callbacks, 731CHAP, 730-731, 734-736compression, 732configuring, 734-736MPPC, 733MPPP, 733
access attacks
32_0789737132_index.qxd 11/20/07 6:54 PM Page 944
cable945
PAP, 730Predictor algorithm, 732Stacker algorithm, 732
wireless networks, 868autonomous systems, 339auxiliary ports, 210
password configuration, 537-538User EXEC access, securing, 248
Bbackbone areas (OSPF), 397BackboneFast
configuring, 478STP, 852verifying activation, 479
backups, TFTP servers, 267-269balanced hybrid routing protocols, 416bandwidth, 56, 833
EIGRP configuration, 423OSPF, cost values based on bandwidth chart, 863
bandwidth command, router configuration, 254banner motd (message of the day command), 242banners
login banners, creating, 242SDM, changing in, 297
baseband, WAN, 722Basic NAT wizard (NAT Configuration window),
659-663BDR (Backup Designated Routers), OSPF elections,
401-403BECN (Backwards Explicit Congestion Notifications),
761, 877BGP (Border Gateway Protocols), 340binary, 137
binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141, 150, 840
blockingports, 447, 451subnets, extended ACL, 626-630
Bluetooth technology, 64Boolean AND, 146-147boot processes, IOS, 843
boot system command, 241bootstrap process, 213BPDU (Bridge Protocol Data Units)
blocked ports, 451designated ports, 450inferior BPDU, 478root ports, 448-449RSTP topology changes via, 485spanning-tree portfast bpduguard command, 479
BPDU Guard, 477configuring, 478verifying activation, 479
BRI (Basic Rate Interfaces), 187-188, 836bridges, 97
blocked ports, 451Bridge ID, 447-449designated ports, 450diameters, 454frame-forwarding, 444MAC filtering, 98primary tasks of, 95root bridges
changing switch priorities in STP, 458root ports, 448-449STP, 447-449
broadband, WAN, 722broadcast addresses, 83broadcast domains, 832broadcast IP, 144, 149broadcast multiaccess topologies (OSPF), 400-403broadcast storms, 446BSS (Basic Service Sets), WAP, 588bus topologies, 52-53
Ccable
coaxial cable, 57-58cross-over cable, 60fiber-optic cable, 62rolled cable, 61straight-through cable, 59twisted-pair cable, 58-61, 833
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 945
946
call setups. See three-way handshakescallbacks, PPP authentication, 731CAM (Content Addressable Memory) tables, 442catalyst switches, securing, 195
physical access to, 536terminal access to, 537-539
CD-ROMinstalling, 912test modes, 911
CDP (Cisco Discovery Protocol), 270disabling, 273Layer 2 security, 546no cdp enable command, 273no cdp run command, 273show cdp neighbors command, 271
certification mode (CD-ROM), 911channel surfing (wireless networks), 565channel-group command, EtherChannel
assignments, 480CHAP (Challenge Handshake Authentication
Protocol), PPP authentication, 730-731, 734-736, 875
CIDR (Classless Interdomain Routing), 147, 338, 840CIR (Committed Information Rates), 760-762, 877circuit-switched networks (WAN), 721, 874classful network boundaries, RIP, 369classful routing, 333-334, 859classless routing, 333-339, 859clear ip nat translations * command, troubleshoot-
ing NAT, 676, 707client mode (VTP), 512clientless SSL VPN (Secure Socket Layer Virtual
Private Networks), 813clock rate command, router configuration, 254coaxial cable, 57-58collision domains, 95, 832commands
context-sensitive help, 844displaying, 844EIGRP
troubleshooting commands list, 866verification commands list, 866
interface configuration commands list, 847
IOSabbreviations, 224common syntax errors, 226-227global configuration, 845listing, 223shortcut keys, 225
OSPFtroubleshooting commands list, 865verification commands list, 865
RIPtroubleshooting commands list, 862verification commands list, 862
switch configuration commands list, 847compression
MPPC, PPP authentication, 733PPP, 732, 736, 875-876
config-register command, 240configure command, 221. See also Global
Configurationconfiguring
access lists, extended access lists, 871ACL
extended ACL, 620-626named ACL, 632-633standard ACL, 610-613
BackboneFast, STP, 478BPDU Guard, STP, 478default routers, SDM, 329-330dynamic NAT, 695-698EIGRP, 422, 866
bandwidth, 423ip default-network command, 424stub routing, 424unequal-path load balancing, 423-424via SDM, 425
Frame Relay, 879multipoint interfaces, 773-779point-to-point interfaces, 780-785single neighbors, 767-772
interface commands list, 847IOS, global configuration commands list, 845IPv6 autoconfiguration, 164
call setups
32_0789737132_index.qxd 11/20/07 6:54 PM Page 946
cut-through method (frame-forwarding)947
NAT, 659NAT Overload/PAT, 873Static NAT, 873
NAT overload, 699-704advanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675
OSPF, 407-408, 864loopback interfaces, 404via SDM, 410-411wildcard masks, 405-407
PortFast, STP, 478PPP
authentication, 734-736compression, 736
RIP, 368-370, 374, 862RIPv2, 373routers, 255
assigning duplexes, 253assigning IP addresses, 252assigning speed to, 253backing up IOS files via TFTP servers,
268backing up via TFTP servers, 267-269bandwidth command, 254clock rate command, 254enabling interfaces, 253LAN-specific commands, 253no keepalives command, 253no shutdown command, 253returning to default configurations, 255saving configurations, 254verifying configurations, 257-258WAN-specific commands, 254
SDMbanners, 297domain names, 297global configurations, 296-297, 301-306host names, 297router interface configuration, 306-308secret passwords, 297
static NAT, 689-695
static routers, SDM, 329-330STP, 852subinterfaces, Frame Relay, 773switches
assigning IP addresses via DHCP, 456-457assigning management IP addresses to, 455backing up IOS files via TFTP servers, 268backing up via TFTP servers, 267-269configuration commands list, 847defining default gateways, 455multiple switch interfaces, 457returning to default configurations, 255
trunks, 855UplinkFast, STP, 478VLAN, 505, 854
802.1q trunks, 509DTP dynamic trunks, 510ISL trunks, 509
VTP, 514-515, 856WAN, PPP, 875-876
Connection-Oriented Communication sessions, 28console access, securing to USER EXEC, 246-247console ports, 209context-sensitive help, commands, 844copy command, 254, 270, 847-848copy running-config flash command, 269copy tftp flash command, 269Core layer (hierarchical models), 35-36counts to infinity, mitigating, 363CPE (Customer Premise Equipment), 189CRC (Cyclic Redundancy Checks), 444cross-over cable, 60crosstalk, 57, 833crypto key generate rsa command, 246CSMA/CD (Carrier Sense Multiple Access Collision
Detection), 88, 445CSU/DSU (Channel Service Units/Data Service
Units), 189-190, 724Ctrl+Shift+6 keyboard shortcut, suspending Telnet
sessions, 274-275custom mode (CD-ROM), 911cut-through method (frame-forwarding), 444
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 947
948
Ddata integrity, IPsec, 820Data Link layer (OSI model), 21-23, 94
bridges, 97MAC filtering, 98primary tasks of, 95
Ethernetaddressing, 81-84framing, 85-87
FDDI protocols, 80-81functions of, 829switches, 95, 98-99Token Ring protocols, 78-79
Data Link WAN encapsulationsATM, 726Frame Relays, 726HDLC, 726LAPB, 726PPP, 726PPPoA, 727PPPoE, 727SLIP, 725
data packets, Network layer (OSI model) routing, 168data transmission, wireless networks, 562-563DCE (Data Communications Equipment), 23,
188, 836DDoS (Distributed Denial of Service) attacks, 119DE (Discard Eligible), 877dead/invalid timers, 367debug command, 266-267, 377debug frame-relay lmi command, troubleshooting
Frame Relays, 788debug ip eigrp command, 427debug ip nat command, troubleshooting NAT, 706debug ip ospf command, 415debug ppp authentication command, 740, 876debug spanning-tree command, 461decimals
binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141-142, 150, 840decimal-to-hexadecimal conversion, 142-143
default administrative routing distances, 857-858
default gateways (routing), 320-321default routes, 328, 858
configuring via SDM, 329-330verifying, 330-331
default-information originate command, OSPF, 410delays (forward), 454DELETED states (PVC), 770demarcation points, 189deny statements, ACL, 604-606DES (Data Encryption Standard algorithm), IPsec
encryption, 817description command, assigning descriptions to
router interfaces, 253designated ports
RSTP, 486STP, 450
Desktop layer (hierarchical models). See Accesslayer (hierarchical models)
Destination Unreachable error messages (ICMP),265, 837
device monitoring, SDM, 309DH (Diffie-Hellman) key exchange algorithm, VPN
encryption, 818DHCP (Dynamic Host Configuration Protocol), 850
IOS, 278ip dhcp excluded-address ip-address
command, 277ip dhcp pool poolname command, 276show ip dhcp binding command, 277
IP addressesassigning to switches, 456-457IPv6 autoconfiguration, 164
router amnesia, 278SDM, configuring, 304, 306
dial-on-demand connections (WAN), 721Dial-on-Demand routing, 608Dijkstra Shortest Path First (SPF) algorithms, 394discovery protocol, 849displaying commands, 844distance vector routing protocols, 340. See also
routing loopshold-down timers, 861maximum hop counts, 860operations of, 358-359
data integrity
32_0789737132_index.qxd 11/20/07 6:54 PM Page 948
EIGRP (Enhanced Interior Gateway Routing Protocol)949
RIP, 861-862routing poisoning with poison reverse, 861split horizon, 861updates, 861
distribution frames, 62Distribution layer (hierarchical models), 35DLCI (Data Link Connection Identifiers), 759-760, 877
inverse ARP, 765, 878static mappings, 878
DNS (Domain Name Servers)SDM, configuring, 302TCP/UDP support, 30
DoD (Department of Defense) models. See TCP/IPmodel
domainscollision domains, segmenting/creating, 95names
changing in SDM, 297configuring resolution, 244-245
DoS (Denial of Service) attacksDDoS attacks, 119network security, 838wireless networks, 581
DR (Designated Routers), OSPF elections, 401-403DRAM (Dynamic Random Access Memory), 191.
See also RAMDS1 (Digital Signal level 1) services, 188DTE (Data Terminal Equipment), 23, 189-190, 836DTP (Dynamic Trunk Protocol), VLAN, 510DUAL algorithms (EIGRP), 419-421duplexes
interfaces, 851logic, 99router assignments, 253
dynamic DTP trunks, VLAN, 510dynamic NAT (Network Address Translation), 655,
686, 695-698, 873dynamic routing protocols, 331, 858
distance vector routing protocols, 340hold-down timers, 861maximum hop counts, 860RIP, 861-862RIPv2, 861
route poisoning with poison reverse, 861split horizon, 861updates, 861
EG, 859hybrid routing protocols, 341, 860
balanced hybrid routing protocols, 416EIGRP, 417-427, 865-866
IG, 859interior/exterior gateway routing protocols, 339link state routing protocols, 340-341, 860
areas, 395LSA, 394LSU, 395neighbor tables, 394OSPF, 396-415, 862-865SPF, 394
redistribution, 860routed protocols versus, 331routing metrics, 859routing updates, 859
EEdit NAT Configuration window (SDM), 670-672EG (Exterior Gateway) routing protocols, 859EIA/TIA (Electronic Industries
Association/Telecommunications IndustryAssociation), 190
EIGRP (Enhanced Interior Gateway RoutingProtocol)
characteristics of, 417-418, 865-866configuring, 422, 866
bandwidth, 423ip default-network command, 424stub routing, 424unequal-path load balancing, 423-424via SDM, 425
DUAL algorithms, 419-421feasible successor routes, 419SIA timers, 421stub routing, 421, 424successor routes, 419-421troubleshooting, 427, 866verifying, 425-427, 866
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 949
950
eigrp stub command, EIGRP stub routing configuration, 424
EMI (Electromagnetic Interference), 57enable password command, 243, 251, 846enable secret command, 243, 251, 539, 846encapsulation, 24
Frame Relay, 767, 770-771PPP, 875
encapsulation frame-relay command, 768encryption
IPsec, 124-125, 816-820SSH, 124-125SSL, 124-126VPN, 816-820, 880wireless networks, 867
WEP, 582-583WPA, 584WPA2, 584
erase startup-config command, 255ESP (Encapsulating Security Payload), IPsec, 822ESS (Extended Service Sets), WAP, 588EtherChannel, 479-481, 852Ethernet, 87
10BASE-FL, 8910BASE-T, 8910BASE2, 8810BASE5, 8910GbE, 93802.3, 89, 834802.3ab, 834802.3u, 91, 834802.3z, 92-93, 834addressing, 81-84Fast Ethernet, 90framing, 85-87, 835Gigabit Ethernet
1000BASE-T, 911000BASE-X, 92GBIC, 187ports, 187
LRE, 93Metro Ethernet, WAN, 723switch interfaces. See ports
exams (practice)answers, 901-909MeasureUp, 912-913questions, 881-899
EXEC, 211IOS terminal access methodologies, 843ping command, 265Priveleged EXEC, 220. See also configure
commandaccess, security, 846debug command, 266-267passwords, assigning, 243ping command, 266Telnet, virtual terminal access, 275terminal monitor command, 275-276
Telnet, virtual terminal access, 274-276User EXEC
access security, 845auxiliary access, securing, 248console access, securing, 246-247overview, 219SSH access security, 248-251Telnet, 248-251, 275
exec-timeout command, 247, 539extended access lists, 869-872extended ACL (Access Lists), 620
blocking subnets, 626-630configuring, 620-626restricting HTTP/HTTPS access by, 631-632
exterior/interior gateway routing protocols, 339
FFast Ethernet, 90FCS (Frame Check Sequence) fields, 508FDDI (Fiber Distributed Data Interface) protocol,
80-81feasible distances (local routers), 419feasible successor routes, 419feature sets (IOS), 192FECN (Forward Explicit Congestion Notifications),
762, 877FEXT (Far-End Crosstalk), 57fiber-optic cable, 62, 833
eigrp stub command, EIGRP stub routing configuration
32_0789737132_index.qxd 11/20/07 6:54 PM Page 950
Global Configuration951
filteringMAC addresses, 443packets, 607routes, 609
firewalls, 125-126, 814flapping, 396Flash, 191
copy running-config flash command, 269copy tftp flash command, 269distance vector routing protocol updates, 861show flash command, 262
flash updates (routers), 367floating static routes, 327, 858FLSM (Fixed Length Subnet Masks), 334formatting ACL, IOS, 606forward delays, 454fragment-free method (frame-forwarding), 444fragmentation, MLPPP, 733Frame Relay, 754. See also NBMA networks
address mapping, 765-766BECN, 761, 877CIR, 760-762, 877configuring, 879
multipoint interfaces, 773-779point-to-point interfaces, 780-785single neighbors, 767-772
DE, 877DLCI, 759-760, 877-878encapsulation, 767, 770-771FECN, 762, 877LMI, 759, 877Local Access Rates, 760, 877PVC, 769-770show frame-relay map command, 772, 777show frame-relay pvc command, 769, 777subinterfaces
configuring, 773multipoint subinterfaces, 764overview, 764point-to-point subinterfaces, 765
troubleshooting, 786-789, 879verifying operation of, 785-786
virtual circuits, 755CIR, 877full mesh topologies, 757, 877hub and spoke topologies, 756, 876multipoint subinterfaces, 877partial mesh topologies, 757, 877point-to-point subinterfaces, 877PVC, 758, 877-878SVC, 758-759, 877-878
WAN, 726frame-forwarding, 442-444, 850full duplex connections (switches), 445full mesh topologies (virtual circuits), 757, 877full-duplex modes, 99
Ggain, 65gateways
routersdefault gateways, 320-321interior/exterior gateway routing
protocols, 339switches, defining default gateways, 455
GBIC (Gigabit Interface Converters), 187Gigabit Ethernet
10-Gigabit Ethernet (10GbE), 931000BASE-T, 911000BASE-X, 92GBIC, 187overview, 91ports, 187
Global Configuration, 221banner motd (message of the day command), 242boot sequences, changing, 240-241boot system command, 241config-register command, 240crypto key generate rsa command, 246domain name resolution, configuring, 244-245enable password command, 243enable secret command, 243host names, changing, 242hostname command, 242
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 951
952
interface configuration, 222IOS commands list, 845ip dhcp excluded-address ip-address
command, 277ip domain-name command, 245ip host command, 244ip name-server command, 245line configuration, 222-223login banners, creating, 242no cdp enable command, 273no cdp run command, 273Privileged EXEC mode, assigning passwords
to, 243SDM, 296
banners, 297DHCP, 304-306DNS, 302domain names, 297host names, 297router access, 301secret passwords, 297
service password-encryption command, 244service timestamp command, 267SSH, 245-246
global IP addresses, 162, 842, 873global/local (NAT), 657, 687
Hhacking wireless networks, 581half-duplex connections, switches, 445half-duplex modes, 99hashing
algorithms, 821passwords, 731
HDLC (High-Level Data Link Control), 726-727, 874help
context-sensitive help, commands, 844technical support, 913
hexadecimals, 142-143hierarchical models, 33-34
Access layer, 34Core layer, 35-36Distribution layer, 35overview, 33-34
hold-down timers, 366, 861hop counts, distance vector routing protocols, 860host names, changing, 242, 297hostname command, 242HSSI (High-Speed Serial Interfaces), 188HTTP (Hypertext Transfer Protocol), 210, 631-632HTTPS (Secure Hypertext Transfer Protocol),
631-632hub and spoke topologies
EIGRP, stub routing, 421virtual circuits, 756, 876
hubs, 65hybrid routing protocols, 341, 860
balanced hybrid routing protocols, 416EIGRP
characteristics of, 417-418, 865-866configuring, 422-425, 866DUAL algorithms, 419-421feasible successor routes, 419SIA timers, 421stub routing, 421, 424successor routes, 419-421troubleshooting, 427, 866verifying, 425-427, 866
IIANA (Internet Assigned Numbers Authority), IP
addressesassigning, 137, 148private addresses, class ranges of, 840
ICMP (Internet Control Messaging Protocol), 136, 165
Destination Unreachable error messages, 265, 837
overview, 32-33PING command, 265, 837traceroute command, 266, 837
IDF (Intermediate Distribution Frames), 62IDS (Intrusion Detection Systems), 125-126IEEE (Institute of Electrical and Electronic
Engineers), 561, 834IEEE 802.3. See EthernetIEEE 802.3ab. See Gigabit EthernetIEEE 802.3u. See Fast Ethernet
Global Configuration
32_0789737132_index.qxd 11/20/07 6:54 PM Page 952
IP (Internet Protocol) addresses953
IEEE 802.3z. See Gigabit EthernetIFS (Integrated File Systems), 270IGP (Interior Gateway Protocols), 339, 859IGRP. See EIGRPimage files, naming (IOS), 193INACTIVE states (PVC), 770incomplete command syntax errors, IOS, 845inferior BPDU, 478information queries (reconnaissance attacks), 118infrared technology, 64inside global addresses (NAT), 657, 873inside local addresses (NAT), 657, 688, 873inside/outside (NAT), 657, 687installing
CD-ROM, 912SDM, 295
interface configuration (Global Configuration), 222, 847
interface range command, 457, 480interface status values (show command), 848interior/exterior gateway routing protocols, 339Internet, isolating internal networks from, 618-619Internet layer (TCP/IP model), 31-33internetworks, 10
LAN, 11layered architecture. See OSI modelMAN, 12SAN, 14VAN, 14WAN, 12-13
interVLAN routing, 517, 856routers “on a stick,” 517-519security, 857SVI, 519-520
invalid input syntax errors, IOS, 845invalid/dead timers, 367Inverse ARP, 765, 878inverse masks. See wildcard masksIOS (Internetworking Operating System), 191-193
ACL, formatting, 606administrative distances, 324boot processes, 843
commandsabbreviations, 224common syntax errors, 226-227context-sensitive help, 844displaying, 844listing, 223shortcut keys, 225
configuration files, creating static entries,244-245
DHCP, 276-278EXEC access methodologies, 843feature sets, 192file naming conventions, 836Global Configuration. See also configure
commandcommands list, 845interface configuration, 222line configuration, 222-223
image files, naming, 193loading, router/switch start-up, 213-216navigation modes, 844Privileged EXEC, 220routers, backing up via TFTP servers, 268security
enable password command, 846enable secret command, 846network security, 123-125privileged EXEC access, 846service password-encryption command, 846SSH, 846user EXEC access, 845
show flash command, 262show version command, 262-263syntax errors, 845terminal editing keystrokes, 844trains, 192User EXEC, 219
IP (Internet Protocol) addresses, 31, 137binary
binary-to-decimal conversion, 138-139decimal-to-binary conversion, 141, 150
Boolean AND, 146-147broadcast IP, 144, 149
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 953
954
hexadecimals, 142-143IPv4
address classes, 143-145class ranges of, 839classes of, 839default subnet masks, 839IPv6 integration, 164, 842private (RFC 1918) addressing, 148subnet masks, 146-150, 156subnetting IP, 149-159
IPv6address format, 160-161autoconfiguration, 164communications, 160format summary, 841global addresses, 162, 842ICMPv6, 165IPv4 integration, 164, 842link-local addresses, 161multicast addresses, 163, 842site-local addresses, 162, 842unique addresses, 162, 842
management addresses, assigning to switches, 455
NAT, 148, 653, 873network ID, 144routers
assigning to, 252verifying assignment in, 277
SDM, assigning to, 306subnet ID, 144subnets, 841switches, assigning to via DHCP, 456-457
ip address dhcp command, 457ip command, configuring named ACL, 632ip default-gateway command, 456ip default-network command, EIGRP
configuration, 424ip dhcp excluded-address ip-address command, 277ip dhcp pool poolname command, 276ip domain-name command, 245ip host command, 244ip name-server command, 245
ip nat inside commandNAT overload configuration, 661troubleshooting NAT, 705
ip nat outside command, NAT overload configura-tion, 661
ip ospf cost command, OSPF, 410ip ospf priority command, OSPF, 410ip summary-address eigrp command, EIGRP
configuration, 424IPS (Intrusion Prevention Systems), 125-126, 586IPsec (Internet Protocol Security)
AH, 822ESP, 822network security, 124-125VPN, 815
authentication, 820data integrity, 820DH (Diffie-Hellman) key exchange
algorithm, 818encryption, 816-817SSL, 819-820
IPv4 (Internet Protocol version 4) addresses, 838.See also CIDR
address classes, 143-145class ranges of, 839classes of, 839default subnet masks, 839IPv6 integration, 164, 842private (RFC 1918) addressing, 148subnet masks, 146-150, 156subnetting IP, 149-151
calculating hosts, 152-153calculating increments, 155-157calculating networks, 153-154determining range of valid IP, 158-159zero subnet rule, 155
IPv6 (Internet Protocol version 6) addressesaddress format, 160-161autoconfiguration, 164communications, 160format summary, 841global addresses, 162, 842ICMPv6, 165IPv4 integration, 164, 842
IP (Internet Protocol) addresses
32_0789737132_index.qxd 11/20/07 6:54 PM Page 954
link state routing protocols955
link-local addresses, 161, 842multicast addresses, 163, 842site-local addresses, 162, 842unique addresses, 162, 842
ISDN (Integrated Services Digital Networks), BRI,187-188
ISL (Inter-Switch Link) protocol, trunks, 508-510ISO HDLC (PPP), 729isolating networks via standard ACL, 616-619ITU-R (International Telecommunication Union-
Radiocommunication Sector), 561
J - K - Lkeyboard shortcuts, suspending Telnet sessions,
274-275keystrokes, IOS terminal editing, 844
LAN (Local Area Networks), 11, 186-187router configuration, 253VLAN, 502
access ports, 503configuring, 505, 854interVLAN routing, 517-520, 856-857Layer 2 security, 543-545management VLAN, 504membership methods, 503single-switch scenarios, 504subinterfaces, 517-518troubleshooting, 522-523trunks, 506-510, 855verifying, 506VMPS, 504voice VLAN, 520-521, 855VTP, 511-517, 546
WLANhacking, 581Spread Spectrum Wireless LAN, 833
LAPB (X.25 Link Access Procedure, Balanced),WAN Data Link encapsulations, 726
Layer 1, 23-24. See also Physical layerLayer 2 security, 21-23. See also Data Link layer
(OSI model)CDP, 546
port security, 540static MAC addresses, 541verifying, 542-543
VLAN, 543-545VTP, 546
Layer 3 switches, 20, 165, 168. See also Networklayer (OSI model)
interVLAN routing, 856-857purpose of, 842
Layer 4, 19. See also Session layer (OSI model);Transport layer (OSI model)
Layer 5, 18. See also Session layer (OSI model)Layer 6, 17. See also Presentation layer (OSI
model)Layer 7, 16-17. See also Application layerlayered architectures. See OSI modelLCP (Link Control Protocol), PPP authentication, 729
callbacks, 731CHAP, 730-731, 734-736compression, 732MPPC, 733MPPP, 733PAP, 730Predictor algorithm, 732Stacker algorithm, 732
leased-line networks (WAN), 721, 874Line Configuration, 222-223
enable password command, 251enable secret command, 251exec-timeout command, 247logging synchronous command, 247service password-encryption command, 251User EXEC, securing
auxiliary access, 248console access, 246-247SSH access, 248-251Telnet access, 248-251
link state routing protocols, 340-341, 860areas, 395LSA, 394LSU, 395neighbor tables, 394
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 955
956
OSPF, 396area command, 409areas, 396-398BDR elections, 401-403broadcast multiaccess, 400-403characteristics of, 396-403, 862-863configuring, 404-411, 864cost values based on bandwidth chart, 863default-information originate command, 410DR elections, 401-403initializing, 404ip ospf cost command, 410ip ospf priority command, 410loopback interfaces, 404metrics, 399NBMA, 400point-to-point, 400router ID, 399-400troubleshooting, 415, 865verifying, 412-414, 865wildcard masks, 405-407
SPF, 394link-local IPv6 addresses, 161, 842LLC (Logical Link Controls), 22-23LMI (Local Management Interfaces), 759, 877load balancing (unequal-path), EIGRP, 423-424Local Access Rates, 760, 877local IP addresses, NAT, 873local routers, feasible distances, 419local/global (NAT), 657, 687log command, configuring standard ACL, 612logging synchronous command, 247login banners, 242longest match rule, 343loopback interfaces, 400, 404loops (routing), 360-362
counts to infinity, 363invalid/dead timers, 367route poisoning, 365-366split horizons, 363-364, 763triggered updates, 367
lower layers (OSI model), 18LRE (Long Reach Ethernet), 93LSA (Link-State Advertisements), 394LSU (Link-State Updates), 395
MMAC (Media Access Control) addresses, 22, 834.
See also Ethernet, addressingCAM tables, 442filtering, 98, 443limitations of, 759ports, limiting in, 540router assignments, 166static MAC addresses, switch port security, 541
man-in-the-middle attacks, network security, 116management IP addresses, assigning to
switches, 455management VLAN (Virtual Local Area
Networks), 504MAN (Metropolitan Area Networks), 12mapping NAT port numbers, 668-669max age timers, 453MD5 (Message Digest 5) hashing algorithm, 821MDF (Main Distribution Frames), 62MeasureUp practice tests, 912-913memberships, VLAN, 503memory
components of, 191types of, 836
mesh topologies, 55Metro Ethernet, WAN, 723microsegmentation, 100mitigating network attacks
AAA, 122, 125ACL, 123-125encryption, 124-126IOS security, 123-125
MLPPP (Multilink Point-to-Point Protocol), PPPauthentication, 733
modules, routers, 194-195MPPC (Microsoft Point-to-Point Compression),
733, 875multicast addresses, 83, 163, 842multilayer switches, 168multimode (MM) fiber-optic cable, 62multipoint subinterfaces, 764, 877
link state routing protocols
32_0789737132_index.qxd 11/20/07 6:54 PM Page 956
networks957
Nnamed ACL (access lists), configuring, 632-633naming conventions, IOS files, 836NAT (Network Address Translation), 148, 609, 872
configuring via SDM, 659debug ip nat command, 706development of, 652dynamic NAT, 655, 686, 695-698, 873inside global addresses, 657, 873inside local addresses, 657, 688, 873inside/outside, 657, 687ip nat inside command, 705local/global, 657, 687outside global addresses, 658, 688, 873outside local addresses, 658, 688, 873private IP addresses, 653show ip nat statistics command, 704show ip nat translations command, 704-705static NAT, 654-655, 686
configuring, 689-695, 873show ip nat translations command, 692show running-config command, 692
telnet command, 706troubleshooting, 705-707
clear ip nat translations * command, 676, 707show running-config command, 675, 704
verifying operation of, 704NAT Configuration window (SDM)
Advanced NAT wizard, 663-669Basic NAT wizard, 659-663
NAT overload, 656, 686, 699-704, 873configuring via SDM
advanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675
port numbers, mapping, 668-669show ip nat statistics command, 673show ip nat transition command, 675
native VLAN (Virtual Local Area Networks), 508navigation modes (IOS), 844NBMA (Non-Broadcast Multi-Access) topologies
(OSPF), 400. See also Frame Relay
NCP (Network Control Protocol), PPP, 733neighbor discovery, CDP, 270-273neighbor routers, advertised distances, 419neighbor tables, 394network command, DHCP IOS, 276network ID, 144Network Interface layers (TCP/IP model), 33Network layer (OSI model), 20
ARP, 137functions of, 136, 829ICMP, 136IP addresses, 137, 142. See also IPv4; IPv6
binary-to-decimal conversion, 138-139Boolean AND, 146-147broadcast IP, 144, 149decimal-to-binary conversion, 141, 150decimal-to-hexadecimal conversion,
142-143hexadecimals, 142-143management addresses, assigning to
switches, 455NAT, 148, 653, 873network ID, 144private (RFC 1918) addressing, 148router assignments, 252, 277subnet ID, 144subnets, 149-159, 841switch assignments via DHCP, 456-457
Layer 3 switches, 165, 168Proxy ARP, 137RARP, 137routers, 165-168traceroutes, 136
networksdomains, 832HTTP/HTTPS access, restricting by extend-
ed ACL, 631-632interfaces, 65security, 114
access attacks, 115-116, 837DoS attacks, 119-121, 838mitigating attacks, 122-126, 838reconnaissance attacks, 117-118, 838
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 957
958
standard ACL, isolating via, 616-619subnets
bus topologies, 52-53changing RSTP via BPDU, 485calculating in, 841mesh topologies, 55ring topologies, 53-54star topologies, 54wireless networks, 587-588
wireless networks, 560802.11a, 567802.11b, 567802.11g, 567-568802.11n, 568channel surfing, 565data transmission, 562-563IEEE, 561ITU-R, 561overlapping signals, 564-565RF bands, 563-564Wi-Fi Alliance, 561
NEXT (Near-End Crosstalk), 57nibbles, 143no access-list command, 618no cdp enable command, 273, 546no cdp run command, 273, 546no command, 240no debug all command, 267no exec command, catalyst switch security, 539no ip directed-broadcast command, 121-122no keepalives command, 253no shutdown command, 253, 270, 540nonedge ports, RSTP, 486NTP (Network Time Protocol), network security,
124-125NVRAM (Nonvolatile Random Access Memory), 191
Oone-way redistribution (routing protocols), 860OSI model, 14
Application layer, 16-17, 829-830compared to TCP/IP models, 26Data Link layer, 21-23, 829
information, controlling, 830layered communications, 24list of layers, 25lower layers, 18Network layer, 20, 829Physical layer, 23-24, 829Presentation layer, 17, 829related TCP/IP layers, 831Session layer, 18, 829Transport layer, 19, 829upper layers, 15
OSPF (Open Shortest Path First), 862area command, 409backbone areas, 397BDR elections, 401-403configuring, 407-408, 864
loopback interfaces, 404via SDM, 410-411wildcard masks, 405-407
cost values based on bandwidth chart, 863debug ip ospf command, 415default-information originate command, 410DR elections, 401-403initializing, 404ip ospf cost command, 410ip ospf priority command, 410metrics of, 399router ID, 399-400stub areas, 398topologies, 400-403troubleshooting, 415, 865verifying, 412-414, 865wildcard masks, 405-407
outside global addresses (NAT), 658, 688, 873outside local addresses (NAT), 658, 688, 873outside/inside (NAT), 657, 687overlapping signals (wireless networks), 564-565
Ppacket filtering, 607packet sniffers, 117packet-switched networks (WAN), 722, 874
networks
32_0789737132_index.qxd 11/20/07 6:54 PM Page 958
practice exams959
PAP (Password Authentication Protocol), PPPauthentication, 730, 875
PAR (Positive Acknowledgment andRetransmission), 27, 831
partial mesh topologies (virtual circuits), 757, 877passive RIP interfaces, 371-372passive-interface command, 867passwords
aux ports, 537-538enable password command, 243, 251enable secret command, 251hashing, 731network security, 115Privileged EXEC mode, assigning to, 243recovery (router/switch start-ups), 216-217secret passwords, changing in SDM, 297service password-encryption command, 244, 251switch security, 537-538VTP, 546
PAT (Port Address Translation). See NAT OverloadPDU (Protocol Data Units), 24permanent virtual circuits, 722“permit all” statements, access lists, 872permit statements, ACL, 604-606Physical layer
hubs, 65network interfaces, 65OSI model, 23-24, 829repeaters, 64WAN, 724-725
physical security, switches, 536ping command, 265, 460, 837ping sweeps, 117pinouts, 59PoE (Power over Ethernet), 196point-to-point subinterfaces, 765, 877point-to-point topologies (OSPF), 400poison reverse, 365, 861PortFast, 476-477
configuring, 478verifying activation, 479
PortFast, STP, 852
ports, 455access ports, 503auxiliary ports, 210, 537-538blocked ports, 447, 451console ports, 209designated ports, 450, 486Gigabit Ethernet ports, 187Layer 2 security, 540
static MAC addresses, 541verifying, 542-543
MAC addresses, limiting in, 540NAT port numbers, mapping, 668-669nonedge ports, RSTP, 486redirecting
network security, 116static NAT configuration, 694
roles, RSTP, 482-483root ports, 448-449scans, 118states
RSTP, 482-483transitioning, 453-454
synchronization, RSTP, 486-488TCP port number access lists, 871UDP port number access lists, 872
POST (Power-On Self-Tests), router/switch startupprocesses, 212
PPP (Point-to-Point Protocol), 727authentication, 732-736compression, 736, 875configuring, 734-736ISO HDLC, 729LCP, 729-736NCP, 733troubleshooting, 738-740verifying operation of, 737-738WAN, 726, 874-876
PPPoA (PPP over ATM), WAN, 727PPPoE (PPP over Ethernet), WAN, 727practice exams
answers, 901-909MeasureUp, 912-913questions, 881-899
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 959
960
Predictor algorithm, PPP authentication, 732predictor compression algorithms, PPP compres-
sion, 875Presentation layer (OSI model), 17, 829private (RFC 1918) addressing, 148private IP addresses, NAT, 653Privileged EXEC, 220. See also configure com-
mand; User EXECaccess, security, 846debug command, 266-267passwords, assigning, 243ping command, 266Telnet, virtual terminal access, 275terminal monitor command, 275-276
Proxy ARP (Address Resolution Protocol), 33, 137pruning, VTP, 514PVC (Permanent Virtual Circuits), 758, 769-770,
877-878
Q - RQoS (Quality of Service), 608queries (information), reconnaissance attacks, 118questions (practice exams), 881-899
RAM (Random Access Memory), 191RARP (Reverse Address Resolution Protocol), 33, 137rebooting via reload command, 269reconnaissance attacks
information queries, 118network security, 838packet sniffers, 117ping sweeps, 117port scans, 118
redirecting ports, static NAT configuration, 694redistributing routing protocols, 343-344, 860reload command, 269remote-access VPN (Virtual Private Networks),
811-813, 880repeaters, 64resequence command, configuring named ACL, 634revisioning, VTP, 514RF bands, wireless networks, 563-564RFC 1918 (private) addressing, 148
ring topologies, 53-54RIP (Routing Information Protocol), 379-380
characteristics of, 367configuring, 368-370, 374, 862passive interfaces, 371-372RIPv2 versus, 381, 861troubleshooting, 377-378, 862verifying, 375-376, 862
RIPv2 (Routing Information Protocol version 2)characteristics of, 372configuring, 373RIP versus, 381, 861update authentication, 374
rolled cable, 61ROM (Read-Only Memory), 191ROMmon, router/switch start-up, 213root bridges
Bridge ID, 447-449root ports, 448-449STP, 447-449switch priorities changing in STP, 458
root ports, STP, 448-449route filtering, 609route poisoning
distance vector routing protocols, 861mitigating, 365-366
route summarization, VLSM, 338-339route update packets, Network layer (OSI)
routing, 168router ID (OSPF), 399-400routers, 194-195
ABR, 397access lists, 869address mapping, Inverse ARP, 765administrative distances, 324amnesia via DHCP, 278boot sequences, changing, 240-241classful routing protocols, 333-334classless routing protocols, 333-339configuration
backing up via TFTP servers, 267-269verifying, 257-258
default gateways, 320-321
Predictor algorithm, PPP authentication
32_0789737132_index.qxd 11/20/07 6:54 PM Page 960
routing by rumor961
default routes, 328, 858configuring via SDM, 329-330verifying, 330-331
Dial-on-Demand routing, 608dynamic routing protocols, 858
distance vector routing protocols, 340,358-359, 860-861. See also routing loops
EG, 859hybrid routing protocols, 341, 860IG, 859interior/exterior gateway routing proto-
cols, 339link state routing protocols, 340-341,
394-415, 860redistribution, 860routed protocols versus, 331routing metrics, 859routing updates, 859
ICMP, Destination Unreachable error messages, 837
interface configuationassigning duplexes, 253assigning IP addresses, 252assigning speed to, 253bandwidth command, 254clock rate command, 254enabling, 253LAN-specific commands, 253no keepalives command, 253no shutdown command, 253returning to default configurations, 255saving, 254WAN-specific commands, 254
interface status/statistics, viewingshow controller command, 261show interfaces command, 259-260show ip interface brief command, 261
interVLAN routing, 856-857IOS files, backing up via TFTP servers, 268IP addresses, verifying assignment of, 277Layer 3 functions, 842Local Access Rates, 760local routers, feasible distances, 419metrics of, 332-333, 859
multipoint subinterfaces, 877neighbor routers, advertised distances, 419Network layer (OSI model), 165-168passive-interface command, 867point-to-point subinterfaces, 877redistributing, 343-344RIP, 379-380
characteristics of, 367configuring, 368-370, 374, 862passive interfaces, 371-372RIPv2 versus, 381, 861troubleshooting, 377-378, 862verifying, 375-376, 862
RIPv2characteristics of, 372configuring, 373RIP versus, 381, 861update authentication, 374
routing sources, 323-324, 857-858SDM, 294
access configuration, 301, 306-308device monitoring, 309global configurations, 296-297, 301-306installing, 295
show processes command, 267smurf attacks, 121start-up procedures
bootstrap, 213configuration loading, 215IOS loading, 213-216password recovery, 216-217POST, 212practice challenge, 218ROMmon, 213setup mode, 216
static routes, 325configuring, 326, 329-330floating static routes, 327, 858verifying, 330-331
VPN, 814WAN, 874-876
routers “on a stick,” interVLAN routing, 517-519routing by rumor, 358
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 961
962
routing loops, 360-362. See also distance vectorrouting protocols
counts to infinity, 363invalid/dead timers, 367route poisoning, 365-366split horizons, 363-364triggered updates, 367
routing tables, 341-343RSTP (Rapid Spanning Tree Protocol), 481, 486, 490
convergence, 854designated ports, 486edge types, 485link types, 485, 853nonedge ports, 486port roles, 482-483, 853port states, 482-483, 853port synchronization, 486-488STP comparisons to, 481topology changes via BPDU, 485
SSAN (Storage Area Networks), 14SDM (Security Device Manager), 294
default routes, configuring, 329-330device monitoring, 309Edit NAT Configuration window, 670-672EIGRP configuration, 425global configurations, 296
banners, 297DHCP, 304, 306DNS, 302domain names, 297host names, 297router access, 301secret passwords, 297
installing, 295NAT Configuration window
Advanced NAT wizard, 663-669Basic NAT wizard, 659-663
NAT overload configurationadvanced configuration, 663-669basic configuration, 659-663editing configurations, 670-672verifying configurations, 672-675
OSPF configuration, 410-411RIP, configuring, 374router interface configuration
enabling interfaces, 307IP address assignments, 306saving configuration, 308verifying configurations, 308
static routes, configuring, 329-330secret passwords, changing in SDM, 297security (networks), 114
access attacks, 837man-in-the-middle attacks, 116password attacks, 115port redirection, 116trust exploitation, 116
DoS attacks, 838DDoS attacks, 119smurf attacks, 121TCP SYN attacks, 120-121
interVLAN routing, 857IOS, 845-846mitigating attacks, 838
AAA, 122, 125ACL, 123-125encryption, 124-125firewalls, 125-126IDS, 125-126IPS, 125-126IPsec, 124-125NTP, 124-125SNMP, 123, 125SSH, 123-125SSL, 124, 126syslog, 124-125
reconnaissance attacks, 838information queries, 118packet sniffers, 117ping sweeps, 117port scans, 118
VPN, encryption, 880wireless networks
authentication, 868encryption standards, 867
routing loops
32_0789737132_index.qxd 11/20/07 6:54 PM Page 962
SSH (Secure Shell)963
Segment Header format (TCP), 831server mode (VTP), 511service password-encryption command, 244, 251,
539, 846service timestamp command, 267Session layer (OSI model), 18, 829setup mode (router/switch start-ups), 216SHA-1 (Secure Hash Algorithm), 821shortcuts
keyboard, suspending Telnet sessions, 274-275MeasureUp practice tests, creating, 913
show cdp neighbors command, 271show commands, 256
access lists, verifying, 872EIGRP verification, 425-427general commands list, 848IFS, 270interface status values, 848list of, 264OSPF verification, 412-414router configurations, verifying, 257-258
show compress command, verifying PPP compres-sion, 738
show controller command, viewing router interfacestatus/statistics, 261
show controllers serial command, 273show dhcp lease command, 278, 457show flash command, 262show frame-relay lmi command, 768, 785show frame-relay map command, 772, 777, 786show frame-relay pvc command, 769, 777, 785show interface command, 259-261, 876show interface <interface> command, verifying
PPP operation, 737-738show interface trunk command, 510, 522-523, 545show interfaces interface-id command, 461show ip access-lists command, verifying ACL,
613-614, 636show ip dhcp binding command, 277show ip interface brief command, viewing router
interface status/statistics, 261show ip interface command, verifying ACL, 635show ip nat statistics command, 673, 704
show ip nat transition command, verifying NAToverload configurations, 675
show ip nat translations command, 692, 704-705show port-security address command, 542show port-security interface command, 542show processes command, 267show running-config command, 257-258, 270,
278, 692troubleshooting NAT, 675verifying
ACL, 634NAT configuration, 704standard ACL, 613-614
show sessions command, Telnet sessions, 274show startup-config command, 257show version command, 193, 262-263show vlan command, 506, 510, 522show vtp password command, 523show vtp status command, 515, 523SIA (Stuck in Active) timers, 421single-mode (SM) fiber-optic cable, 62site-local IPv6 addresses, 162, 842site-to-site VPN (Virtual Private Networks), 810, 879SLIP (Serial Line Internet Protocol), WAN Data
Link encapsulations, 725smurf attacks, 121SNAP (Subnetwork Access Protocol), 87SNMP (Simple Network Management Protocol),
network security, 123-125sources (routing tables), 323-324spanning-tree portfast bpduguard command, 479speed, router assignments, 253SPF (Shortest Path First) algorithms, 394split horizons, 763
distance vector routing protocols, 861mitigating, 363-364
Spread Spectrum Wireless LAN (Local AreaNetworks), 833
SSH (Secure Shell)catalyst switch security, 538enabling, 245-246EXEC sessions, 211IOS security, 846
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 963
964
network security, 123-125User EXEC access, securing, 248-251
SSL (Secure Socket Layer)network security, 124-126VPN
clientless SSL VPN, 813encryption, 819-820thin-client SSL VPN, 813
Stacker algorithm, PPP authentication, 732stacker compression algorithms, PPP
compression, 875standard ACL (access lists), 869, 872
configuring, 610-613isolating networks, 616
from specific hosts, 617-618internal networks from Internet, 618-619
placement of, 614-615verifying, 613-614VTY, restricting access, 619
star topologies, 54startup processes. See boot processesstatic MAC addresses, switch port security, 541static maps, 766, 878static NAT (Network Address Translation),
654-655, 686configuring, 689-695, 873show ip nat translations command, 692show running-config command, 692
static routes, 325configuring, 326, 329-330floating static routes, 327, 858verifying, 330-331
STATIC states (PVC), 770store-and-forward method (frame-forwarding), 444STP (Spanning Tree Protocol)
BackboneFast, 478-479, 852blocked ports, 451BPDU Guard, 477-479configuring, 852designated ports, 450EtherChannel, 479-481, 852PortFast, 476-479, 852
portscost values, 851designated ports, 486nonedge ports, 486roles, 482-483, 853root ports, 448-449states, 453-454, 482-483, 851-853synchronization, 486-488
root bridges, 446-449RSTP, 490
comparisons to STP, 481convergence, 854designated ports, 486edge types, 485link types, 485, 853nonedge ports, 486port roles, 482-483, 853port states, 482-483, 853port synchronization, 486-488topology changes via BPDU, 485
switches, 458topology changes, 852troubleshooting, 461UplinkFast, 477-479, 852verifying, 459
STP cable, 58-59. See also twisted-pair cablestraight-through cable, 59, 833stub areas (OSPF), 398stub networks, 325stub routing, 421, 424study mode (CD-ROM), 911subinterfaces
configuring, 773Frame Relays, 764-765VLAN, 517-518
subnet ID, 144subnets
blocking, extended ACL, 626-630decimal to binary conversions, 840hosts, calculating, 841IP addresses, 841masks, 150, 156
CIDR notation, 147FLSM, 334
SSH (Secure Shell)
32_0789737132_index.qxd 11/20/07 6:54 PM Page 964
switchport port-security violation shutdown command965
IPv4, 146-149IPv4 addresses, 839VLSM, 335-339
networks, calculating, 841subnetting IP (Internet Protocol), 149-151
calculatinghosts, 152-153increments, 155-157networks, 153-154
range of valid IP, determining, 158-159zero subnet rule, 155
successor routes (EIGRP), 419-421summarization (route), VLSM, 338-339SVC (Switched Virtual Circuits), 758-759, 877-878SVI (Switched Virtual Interfaces), interVLAN rout-
ing, 519-520switches, 98-99, 195-196
basic connectivity, troubleshooting, 460-461boot sequence, changing, 240-241catalyst switches
securing physical access to, 536securing terminal access to, 537-539
configurationbacking up via TFTP servers, 267-269commands list, 847returning to default configurations, 255
default gateways, defining, 455diameters, 454filtering, 443frame-forwarding, 442-444, 850full duplex connections, 445functions of, 850half-duplex connections, 445interface range command, 457IOS files, backing up via TFTP servers, 268IP addresses, assigning
management IP addresses, 455via DHCP, 456-457
ip default-gateway command, 456Layer 2 security
CDP, 546port security, 540-541verifying, 542-543
VLAN, 543-545VTP, 546
Layer 3 switches, 842functions of, 165, 168interVLAN routing, 856-857
microsegmentation, 100multilayer switches, 168multiple switch interfaces, configuring, 457physical security, 536ports, 455
access ports, 503blocked ports, 451changing costs of, 458designated ports, 450limiting MAC addresses in, 540
primary tasks, 95redundant design, 446show dhcp lease command, 457show interfaces interface-id command, 461start-up procedures
bootstrap, 213configuration loading, 215IOS loading, 213-216password recovery, 216-217POST, 212practice challenge, 218ROMmon, 213setup mode, 216
STP, 446changing port costs in, 458changing priority in, 458root bridges, 447-449
trunks, 855VLAN, single-switch scenarios, 504
switchport access vlan command, configuringVLAN, 506
switchport mode trunk command, VLAN trunking, 522switchport port security mac-address sticky com-
mand, 541switchport port-security command, 540switchport port-security maximum command, 541switchport port-security violation shutdown com-
mand, 541
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 965
966
SYN packets, 28SYN-ACK packet, 28synchronization, RSTP, 486-488synchronous serial interfaces, 188syntax errors, IOS, 845syslog, network security, 124-125system requirements, CD-ROM installations, 912
TT1 controller cards, 188TCN (Topology Change Notifications), 486TCP (Transfer Control Protocol), 27-29
applications that utilize, 832PAR, 831port number access lists, 871Segment Header format, 831
TCP SYN attacks, 120-121TCP/IP layers, related OSI layers, 831TCP/IP model
Application layers, 26-27compared to OSI model, 26Internet layers, 31-33Network Interface layers, 33overview, 26Transport layers, 27-30
technical support, 913Telnet, 210, 849
catalyst switch security, 538multiple session example, 275resuming sessions, 275showing sessions, 274suspending sessions, 274-275terminal monitor command, 275-276User EXEC access, securing, 248-251virtual terminal access, 274-276
telnet command, troubleshooting NAT, 706terminal, 208
auxiliary ports, 210console ports, 209editing, IOS editing keystrokes, 844HTTP, 210SSH, 211virtual terminal access, Telnet, 274-276
terminal monitor command, 275-276test modes (CD-ROM), 911tests (practice)
answers, 901-909MeasureUp, 912-913questions, 881-899
TFTP serversrouters, backing up
configurations, 267-269IOS files, 268
switches, backing upconfigurations, 267-269IOS files, 268
thin-client SSL VPN (Secure Socket Layer VirtualPrivate Networks), 813
three-way handshakes, 28throughput, 12timers (max age), 453timestamps
debug messages, 267service timestamp command, 267
Token Ring protocols, 78-79topologies
bus topologies, 52-53mesh topologies, 55ring topologies, 53-54RSTP, changing via BPDU, 485star topologies, 54wireless networks, 587-588
traceroute command, 136, 266, 837RIP, 377switches, troubleshooting basic connectivity, 460
traffic policing (QoS), 608trains (IOS), 192transmitting data over wireless networks, 562-563transparent mode (VTP), 512-513Transport layer (OSI model), 19, 27-30, 829triggered updates (routing), 367troubleshooting
debug command, 266-267EIGRP, 427, 866Frame Relays, 786-789, 879NAT, 675-676, 705-707
SYN packets
32_0789737132_index.qxd 11/20/07 6:54 PM Page 966
virtual circuits967
OSPF, 415, 865ping command, 265PPP, 738-740, 876RIP, 377-378, 862show processes command, 267STP, 461switches, basic connectivity, 460-461traceroute command, 266VLAN, 522-523wireless networks, 592-593
trunks, 855configuring, 855VLAN, 506
802.1q trunks, 508-510DTP dynamic trunks, 510ISL trunks, 508-510
VTP, 855trust exploitation, network security, 116twisted-pair cable, 58-61two-way redistribution (routing protocols), 860
UUDP (User Datagram Protocol), 29-30
applications that utilize, 832headers, 832port number access lists, 872
undebug all command, 267unequal-path load balancing, EIGRP, 423-424unicast addresses, 82unique IPv6 addresses, 162, 842unshielded twisted-pair cable versus fiber-optic
cable, 833updates
broadcast multiaccess topologies (OSPF),401-403
dynamic routing protocols, 861LSU, 395RIPv2, 374routers, 859
UplinkFast, 477configuring, 478STP, 852verifying activation, 479
upper layer (OSI model), 15User EXEC. See also Privileged EXEC
access security, 845auxiliary access, securing, 248console access, securing, 246-247overview, 219SSH access, securing, 248-251Telnet
securing access, 248-251virtual terminal access, 275
UTP cable, 58-59. See also twisted-pair cable
VVAN (Virtual Area Networks), 14variance command, unequal-path load balancing
in EIGRP, 424verifying
access lists, 872ACL
show ip access-lists command, 636show ip interface command, 635show running-config command, 634standard ACL, 613-614
EIGRP, 425-427, 866Frame Relay operation, 785-786NAT, 672-675, 704OSPF, 412-414, 865port security, switch ports, 542-543PPP, 876
show compress command, 738show interface <interface> command,
737-738RIP, 375-376, 862router configurations, 257-258SDM router interface configurations, 308STP, 459VLAN, 506, 510VTP, 515
virtual circuits, 755, 876CIR, 877full mesh topologies, 757, 877hub and spoke topologies, 756, 876multipoint subinterfaces, 877
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 967
968
partial mesh topologies, 757, 877permanent virtual circuits, 722point-to-point subinterfaces, 877PVC, 758, 877-878SVC, 758-759, 877-878
virtual terminal access, Telnet, 274-276VLAN (Virtual Local Area Networks), 502
access ports, 503configuring, 505, 854interVLAN routing, 856
“routers on a stick,” 517-519security, 857SVI, 519-520
Layer 2 security, 543-545management VLAN, 504membership methods, 503show interfaces trunk command, 522-523show vlans command, 522show vtp password command, 523show vtp status command, 523single-switch scenarios, 504subinterfaces, 517-518switchport mode trunk command, 522troubleshooting, 522-523trunks, 506-507
802.1q trunks, 508-510configuring, 855DTP dynamic trunks, 510ISL trunks, 508-510VTP, 855
verifying, 506VMPS, 504voice VLAN, 520-521, 855VTP, 516-517
client mode, 512configuring, 514-515pruning, 514revisioning, 514server mode, 511transparent mode, 512-513verifying, 515
workgroups, 34
VLSM (Variable-Length Subnet Masks), 335-339VMPS (VLAN Membership Policy Servers), 504voice VLAN (Virtual Local Area Networks),
520-521, 855VPN (Virtual Private Networks)
components of, 814-815connectivity, 808-810encryption, 880IPsec, 815
AH, 822authentication, 820data integrity, 820encryption, 816-820ESP, 822
remote-access VPN, 811-813, 880site-to-site VPN, 810, 879SSL VPN, 813WAN, 723
VTP (VLAN Trunking Protocol), 516-517, 855client mode, 512configuring, 514-515Layer 2 security, 546pruning, 514revisioning, 514server mode, 511show vtp status command, 515transparent mode, 512-513verifying, 515vtp mode command, 515
vtp mode command, 515vtp password command, 546VTY (Virtual Teletype)
access, restricting via standard ACL, 619ports, access lists, 870
WWAN (Wide Area Networks), 12-13, 835-836
baseband connections, 722broadband connections, 722circuit-switched networks, 721, 874Data Link encapsulations
ATM, 726Frame Relays, 726
virtual circuits
32_0789737132_index.qxd 11/20/07 6:54 PM Page 968
zero subnet rule969
HDLC, 726LAPB, 726PPP, 726PPPoA, 727PPPoE, 727SLIP, 725
dial-on-demand connections, 721interfaces
asynchronous serial interfaces, 188BRI, 187-188DCE, 188DTE, 189-190HSSI, 188synchronous serial interfaces, 188T1 controller cards, 188
leased line connections, 721leased-line networks, 723, 874packet-switched networks, 722, 874Physical layer, 724-725routers, 167
configuring, 254connecting to, 874HDLC, 874PPP, 874-876
VPN, 723WAP (Wireless Access Points)
BSS, 588ESS, 588troubleshooting, 593
war driving, 580WEP (Wired Equivalent Privacy), wireless
networks, 582-583Wi-Fi, IEEE 802 characteristics, 63-64, 834Wi-Fi Alliance, 561wildcard masks, OSPF, 405-407windowing, 28wireless networks, 560-561
802.11a, 567802.11b, 567802.11g, 567-568802.11n, 568802.1x (wireless authentication), 585-586ad hoc networks, 587
channel surfing, 565characteristics of, 867data rates, 590-591data transmission, 562-563encryption, 582-584IEEE, 561implementing, 587, 592, 869IPS, 586ITU-R, 561overlapping signals, 564-565RF bands, 563-564security
authentication, 868encryption standards, 867
threats todirect hacking, 581employee ignorance, 581-582war driving, 580
topologies, 587-588troubleshooting, 592-593WAP
BSS, 588ESS, 588troubleshooting, 593
Wi-Fi Alliance, 561WLAN (wireless local area networks). See wireless
networksworkgroup layers (hierarchical models). See
Distribution layer (hierarchical models)workgroups
hubs, 65VLAN, 34
WPA (Wi-Fi Protected Access), wireless networks, 584
WPA2 (Wi-Fi Protected Access version 2), wirelessnetworks, 584
X - Y - ZX.25 link access procedure, balanced. See LAPB
(X.25 Link Access Procedure, Balanced)
zero subnet rule, 155
How can we make this index more useful? Email us at [email protected]
32_0789737132_index.qxd 11/20/07 6:54 PM Page 969