0% found this document useful (0 votes)

29 views263 pages

Ccna Exam Question

Uploaded by

Raja Ram

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

29 views263 pages

Ccna Exam Question

Uploaded by

Raja Ram

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 263

ht t p: / / www.9t ut .com ht t p: / / exam - 640- 802.blogspot .

in/
•
•
CCNA - Basic Quest ions

•
CCNA – Cisco I OS Quest ions

•
CCNA – OSI Model Quest ions

•
CCNA – TCP/ I P Model & Operat ion

•
CCNA – Show Com m and Quest ions

•
CCNA – Prot ocols & Services

•
CCNA – Access List Quest ions

•
CCNA – WAN

•
CCNA – I P Address Quest ions

•
CCNA – I P Rout ing Quest ions

•
CCNA – RI P Quest ions

•
CCNA – OSPF Quest ions

•
CCNA – EI GRP Quest ions

•
CCNA – Securit y Quest ions

•
CCNA - DHCP Quest ions

•
DHCP Group of for Quest ions

•
CCNA - NAT & PAT Quest ions

•
CCNA - Drag and Drop

•
CCNA - Swit ch Quest ions

•
CCNA - VLAN Quest ions

•
CCNA - VTP Quest ions

•
CCNA - Hot spot

•
CCNA - STP Quest ions

•
CCNA - I P6 Quest ions

•
CCNA - Subnet t ing Quest ions

•
CCNA - Operat ions Quest ions

•
CCNA - Troubleshoot ing Quest ions
CCNA - Wireless

http://www.9tut 1
CCNA – Basic Quest ions

Quest ion 1

For which t ype of connect ion should a st raight - t hrough cable be used?

A. swit ch t o swit ch
B. swit ch t o hub
C. swit ch t o rout er
D. hub t o hub
E. rout er t o PC

Answer: C

Explanat ion

To specify when we use crossover cable or st raight - t hrough cable, we should rem em ber:

Group 1: Rout er, Host , Server

Group 2: Hub, Swit ch
One device in group 1 + One device in group 2: use st raight - t hrough cable
Two devices in t he sam e group: use crossover cable

I n t his case we can use st raight - t hrough cable t o connect a swit ch t o a rout er - > C is correct .

Quest ion 2

Which t ype of cable is used t o connect t he COM port of a host t o t he COM port of a rout er or
swit ch?

A. crossover
B. st raight - t hrough
C. rolled
D. shielded t wist ed- pair

Answer: C

Explanat ion

The correct quest ion should be “ Which t ype of cable is used t o connect t he COM port of a host t o
t he CONSOLE port of a rout er or swit ch?” and t he correct answer is rollover cable. But we can’t
plug t his rollover cable direct ly int o our host because it will not work. We oft en use a RJ45 t o DB9
Fem ale cable convert er as shown below:

http://www.9tut 2
Quest ion 3

What is t he first 24 bit s in a MAC address called?

A. NI C
B. BI A
C. OUI
D. VAI

Answer: C

Explanat ion

Organizat ional Unique I dent ifier ( OUI ) is t he first 24 bit s of a MAC address for a net work device,
which indicat es t he specific vendor for t hat device as assigned by t he I nst it ut e of Elect rical and
Elect ronics Engineers, I ncorporat ed ( I EEE) . This ident ifier uniquely ident ifies a vendor,
m anufact urer, or an organizat ion.

Quest ion 4

I n an Et hernet net work, under what t wo scenarios can devices t ransm it ? ( Choose t wo)

A. when t hey receive a special t oken

B. when t here is a carrier
C. when t hey det ect no ot her devices are sending
D. when t he m edium is idle
E. when t he server grant s access

Answer: C D

Explanat ion

Et hernet net work is a shared environm ent so all devices have t he right t o access t o t he m edium .
I f m ore t han one device t ransm it s sim ult aneously, t he signals collide and can not reach t he
dest inat ion.

I f a device det ect s anot her device is sending, it will wait for a specified am ount of t im e before
at t em pt ing t o t ransm it .

When t here is no t raffic det ect ed, a device will t ransm it it s m essage. While t his t ransm ission is
occurring, t he device cont inues t o list en for t raffic or collisions on t he LAN. Aft er t he m essage is
sent , t he device ret urns t o it s default list ening m ode.

So we can see C and D are t he correct answers. But in fact “ answer C – when t hey det ect no
ot her devices are sending” and “ when t he m edium is idle” are nearly t he sam e.

Quest ion 5

Which t wo benefit s are provided by using a hierarchical addressing net work addressing schem e?
( Choose t wo)

A. reduces rout ing t able ent ries

B. aut o- negot iat ion of m edia rat es
C. efficient ut ilizat ion of MAC addresses
D. dedicat ed com m unicat ions bet ween devices
E. ease of m anagem ent and t roubleshoot ing

Answer: A E

http://www.9tut 3
Quest ion 6

When a host t ransm it s dat a across a net work t o anot her host , which process does t he dat a go
t hrough?

A. st andardizat ion
B. conversion
C. encapsulat ion
D. synchronizat ion

Answer: C

Explanat ion

To t ransm it t o anot her host , a host m ust go t hrough t he TCP/ I P m odel ( very sim ilar t o t he OSI
m odel) . At each layer, t he m essage is encapsulat ed wit h t hat layer’s header ( and t railer if it has) .
This process is called encapsulat ion.

Quest ion 7

Which t wo Et hernet fiber- opt ic m odes support dist ances of great er t han 550 m et ers?

A. 1000BASE- CX
B. 100BASE- FX
C. 1000BASE- LX
D. 1000BASE- SX
E. 1000BASE- ZX

Answer: C E

Explanat ion

Below list s t he cabling st andards m ent ioned above

St andard Cabling Maxim um lengt h

1000BASE- CX Twinaxial cabling 25 m et ers

100BASE- FX Two st rands, m ult im ode 400 m

1000BASE- LX Long- wavelengt h laser, MM or 10 km ( SM)

SM fiber 3 km ( MM)

1000BASE- SX Short - wavelengt h laser, MM fiber 220 m wit h 62.5- m icron fiber; 550 m
wit h 50- m icron fiber

1000BASE- ZX Ext ended wavelengt h, SM fiber 100 km

Not e:

+ MM: Mult im ode

+ SM: Single- m ode( Reference: The official self- st udy t est preparat ion guide t o t he Cisco CCNA
I NTRO exam 640- 821)

http://www.9tut 4
Quest ion 8

Refer t o t he exhibit . What t ype of connect ion would be support ed by t he cable diagram shown?
Pin Color Funct ion Pin Color Funct ion

1 Whit e/ Green TX+ 1 Whit e/ Green TX+

2 Green TX- 2 Green TX-

3 Whit e/ Orange RX+ 3 Whit e/ Orange RX+

6 Orange RX- 6 Orange RX-

A. PC t o rout er
B. PC t o swit ch
C. server t o rout er
D. rout er t o rout er

Answer: B

Explanat ion

From t he “ Pin” and “ Color” in t he exhibit we know t hat t his is a st raight - t hrough cable so it can be
used t o connect PC t o swit ch.

Quest ion 9

Refer t o t he exhibit . What t ype of connect ion would be support ed by t he cable diagram shown?
Pin Color Funct ion Pin Color Funct ion

1 Whit e/ Green TX+ 3 Whit e/ Green RX+

2 Green TX- 6 Green RX-

3 Whit e/ Orange RX+ 1 Whit e/ Orange TX+

6 Orange RX- 2 Orange TX-

A. PC t o rout er
B. PC t o swit ch
C. server t o swit ch
D. swit ch t o rout er

Answer: A

Explanat ion

This is a crossover cable so it can be used t o connect PC and rout er.

http://www.9tut 5
Quest ion 10

Which t wo t opologies are using t he correct t ype of t wist ed- pair cables? ( Choose t wo)

Answer: D E

http://www.9tut 6
Quest ion 11

What are som e of t he advant ages of using a rout er t o segm ent t he net work? ( Choose t wo)

A. Filt ering can occur based on Layer 3 inform at ion.

B. Broadcast s are elim inat ed.
C. Rout ers generally cost less t han swit ches.
D. Broadcast s are not forwarded across t he rout er.
E. Adding a rout er t o t he net work decreases lat ency.

Answer: A D

Quest ion 12

Which of t he following st at em ent s describe t he net work shown in t he graphic? ( Choose t wo)

A. There are t wo broadcast dom ains in t he net work.

B. There are four broadcast dom ains in t he net work.
C. There are six broadcast dom ains in t he net work.
D. There are four collision dom ains in t he net work.
E. There are five collision dom ains in t he net work.
F. There are seven collision dom ains in t he net work.

Answer: A F

Explanat ion

Only rout er can break up broadcast dom ains so in t he exhibit t here are 2 broadcast dom ains:
from e0 int erface t o t he left is a broadcast dom ain and from e1 int erface t o t he right is anot her
broadcast dom ain - > A is correct .

Bot h rout er and swit ch can break up collision dom ains so t here is only 1 collision dom ain on t he
left of t he rout er ( because hub doesn’t break up collision dom ain) and t here are 6 collision
dom ains on t he right of t he rout er ( 1 collision dom ain from e1 int erface t o t he swit ch + 5 collision
dom ains for 5 PCs in Product ion) - > F is correct .

Quest ion 13

Refer t o t he exhibit . The t wo connect ed port s on t he swit ch are not t urning orange or green. What
would be t he m ost effect ive st eps t o t roubleshoot t his physical layer problem ? ( Choose t hree)

http://www.9tut 7
A. Ensure t hat t he Et hernet encapsulat ions m at ch on t he int erconnect ed rout er and swit ch port s.
B. Ensure t hat cables A and B are st raight - t hrough cables.
C. Ensure cable A is plugged int o a t runk port .
D. Ensure t he swit ch has power.
E. Reboot all of t he devices.
F. Reseat all cables.

Answer: B D F

Explanat ion

The port s on t he swit ch are not up indicat ing it is a layer 1 ( physical) problem so we should check
cable t ype, power and how t hey are plugged in.

Quest ion 14

For what t wo purposes does t he Et hernet prot ocol use physical addresses? ( Choose t wo)

A. t o uniquely ident ify devices at Layer 2

B. t o allow com m unicat ion wit h devices on a different net work
C. t o different iat e a Layer 2 fram e from a Layer 3 packet
D. t o est ablish a priorit y syst em t o det erm ine which device get s t o t ransm it first
E. t o allow com m unicat ion bet ween different devices on t he sam e net work
F. t o allow det ect ion of a rem ot e device when it s physical address is unknown

Answer: A E

Explanat ion

Physical addresses or MAC addresses are used t o ident ify devices at layer 2 - > A is correct .

MAC addresses are only used t o com m unicat e on t he sam e net work. To com m unicat e on different
net work we have t o use Layer 3 addresses ( I P addresses) - > B is not correct ; E is correct .

Layer 2 fram e and Layer 3 packet can be recognized via headers. Layer 3 packet also cont ains
physical address - > C is not correct .

On Et hernet , each fram e has t he sam e priorit y t o t ransm it by default - > D is not correct .

http://www.9tut 8
All devices need a physical address t o ident ify it self. I f not , t hey can not com m unicat e - > F is not
correct .

Quest ion 15

Refer t o t he exhibit . Two buildings on t he San Jose cam pus of a sm all com pany m ust be
connect ed t o use Et hernet wit h a bandwidt h of at least 100 Mbps. The com pany is concerned
about possible problem s from volt age pot ent ial difference bet ween t he t wo buildings. Which m edia
t ype should be used for t he connect ion?

A. UTP cable
B. STP cable
C. Coaxial cable
D. Fiber opt ic cable

Answer: D

Explanat ion

Because t he com pany has problem about volt age pot ent ial difference bet ween t he t wo buildings
so t hey should connect via fiber opt ic cable which uses light pulses t o t ransm it inform at ion inst ead
of using elect ronic pulses.

Quest ion 16

Which com m and can be used from a PC t o verify t he connect ivit y bet ween host t hat connect
t hrough pat h?

A. t racert address
B. ping address
C. arp address
D. t racerout e address

Answer: A

Explanat ion

To check t he connect ivit y bet ween a host and a dest inat ion ( t hrough som e net works) we can use
bot h “ t racert ” and “ ping” com m ands. But t he difference bet ween t hese 2 com m ands is t he
“ t racert ” com m and can display a list of near- side rout er int erfaces in t he pat h bet ween t he source
and t he dest inat ion. Therefore t he best answer in t his case is A – t racert address.

Not e: “ t racerout e” com m and has t he sam e funct ion of t he “ t racert ” com m and but it is used on
Cisco rout ers only, not on a PC.

http://www.9tut 9
Quest ion 17

Refer t o t he exhibit . A net work engineer is t roubleshoot ing an int ernet connect ivit y problem on
t he com put er. What causing t he problem ?

A. wrong DNS server

B. wrong default gat eway
C. incorrect I P address
D. incorrect subnet m ask

Answer: C

Explanat ion

The I P address of t he PC ( 192.168.11.2/ 24) is not on t he sam e net work wit h it s gat eway
192.168.1.1 - > C is correct .

Quest ion 18

How m any broadcast dom ains are shown in t he graphic assum ing only t he default vlan is
configured on t he swit ches?

http://www.9tut 10
A. one
B. six
C. t welve
D. t wo

Answer: A

Explanat ion

Only rout er can break up broadcast dom ains but in t his exhibit no rout er is used so t here is only 1
broadcast dom ain.

For your inform at ion, t here are 7 collision dom ains in t his exhibit ( 6 collision dom ains bet ween
hubs & swit ches + 1 collision bet ween t he t wo swit ches) .

Quest ion 19

Refer t o t he exhibit .
PC> t racert 10.16.176.23
Tracing rout e t o 10.16.176.23 over a m axim um of 30 hops

1 31 m s 31 m s 32m s 172.16.182.1
2 62 m s 62 m s 62 m s 192.1681.6
3 93 m s 92 m s 34 m s 192.168.1.10
4 125 m s 110m s 125m s 10.16.176.23

Trace com plet e.

Host A has t est ed connect ivit y t o a rem ot e net work. What is t he default gat eway for host A?

A. 172.16.182.1
B. 192.168.1.1
C. 10.16.176.1
D. 192.168.1.6

Answer: A

Explanat ion

I t will list all t he rout ers ( from nearest t o fart hest ) it passes t hrough unt il it reaches it s dest inat ion
so t he first hop is it s nearest I P. I f we ping from a PC, it is also t he default gat eway for t hat PC - >
A is correct .

Quest ion 20

What funct ions do rout ers perform in a net work? ( Choose t wo)

A. packet swit ching

B. access layer securit y
C. pat h select ion
D. VLAN m em bership assignm ent
E. bridging bet ween LAN segm ent s
F. m icrosegm ent at ion of broadcast dom ains

Answer: A C

http://www.9tut 11
CCNA – Cisco I OS Quest ions
Not e: I f you are not sure about t he boot sequence of a rout er/ swit ch, please read m y Cisco Rout er
Boot Sequence Tut orial.

Cisco Rout er Boot Sequence Tut orial

I n t his art icle we will learn about t he m ain com ponent s of a Cisco rout er and how t he boot process
t akes place.
Type s of m e m or y
Generally Cisco rout ers ( and swit ches) cont ain four t ypes of m em ory:
Re a d- On ly M e m or y ( ROM) : ROM st ores t he rout er’s boot st rap st art up program , operat ing
syst em soft ware, and power- on diagnost ic t est program s ( POST) .
Fla sh M e m or y: Generally referred t o sim ply as “ flash” , t he I OS im ages are held here. Flash is
erasable and reprogram m able ROM. Flash m em ory cont ent is ret ained by t he rout er on reload.
Ra n dom - Acce ss M e m or y ( RAM) : St ores operat ional inform at ion such as rout ing t ables and t he
running configurat ion file. RAM cont ent s are lost when t he rout er is powered down or reloaded. By
default , rout ers look here first for an I nt ernet work Operat ing Syst em ( I OS) file during boot .
N on - vola t ile RAM ( NVRAM) : NVRAM holds t he rout er’s st art up configurat ion file. NVRAM
cont ent s are not lost when t he rout er is powered down or reloaded.
Som e com parisons t o help you rem em ber easier:
+ RAM is a volat ile m em ory so cont ent s are lost on reload, where NVRAM and Flash cont ent s are
not .
+ NVRAM holds t he st art up configurat ion file, where RAM holds t he running configurat ion file.
+ ROM cont ains a boot st rap program called ROM Monit or ( or ROMm on) . When a rout er is powered
on, t he boot st rap runs a hardware diagnost ic called POST ( Power- On Self Test ) .
Rout e r boot pr oce ss
Th e follow in g de t a ils t h e r ou t e r boot pr oce ss:
1. The rout er is powered on.
2. The boot st rap program ( ROMm on) in ROM runs Power- On Self Test ( POST)
3. The boot st rap checks t he Configurat ion Regist er value t o specify where t o load t he I OS. By
default ( t he default value of Configurat ion Regist er is 2102, in hexadecim al) , t he rout er first looks
for “ boot syst em ” com m ands in st art up- config file. I f it finds t hese com m ands, it will run boot
syst em com m ands in order t hey appear in st art up- config t o locat e t he I OS. I f not , t he I OS im age
is loaded from Flash . I f t he I OS is not found in Flash, t he boot st rap can t ry t o load t he I OS from
TFTP server or from ROM ( m ini- I OS) .
4. Aft er t he I OS is found, it is loaded int o RAM.
5. The I OS at t em pt s t o load t he configurat ion file ( st art up- config) from NVRAM t o RAM. I f t he
st art up- config is not found in NVRAM, t he I OS at t em pt s t o load a configurat ion file from TFTP. I f
no TFTP server responds, t he rout er ent ers Set up Mode ( I nit ial Configurat ion Mode) .

http://www.9tut 12
And t his is t he process we can see on our screen when t he rout er is t urned on:

http://www.9tut 13
http://www.9tut 14
I n short , when powered on t he rout er needs t o do:
1. Run POST t o check hardware
2. Search for a valid I OS ( t he Operat ing Syst em of t he rout er)
3. Search for a configurat ion file ( all t he configurat ions applied t o t his rout er)
Spe cify h ow m u ch RAM , N VRAM a n d Fla sh of a r ou t e r
Also, from t he inform at ion shown above, we can learn som e inform at ion about rout er’s m odel,
RAM, Flash, NVRAM m em ories as shown below:

Not e: The “ show version” com m and also gives us t his inform at ion.
All t he above inform at ion is st raight - forwarding except t he inform at ion of RAM. I n som e series of
rout ers, t he RAM inform at ion is displayed by 2 param et ers ( in t his case 60416K/ 5120K) . The first
param et er indicat es how m uch RAM is in t he rout er while t he second param et er ( 5120K) indicat es
how m uch DRAM is being used for Packet m em ory. Packet m em ory is used for buffering packet s.
So, from t he out put above we can learn:
Am ount of RAM: 60416 + 5120 = 65536KB / 1024 = 64MB
Am ount of NVRAM: 239KB
Am ount of Flash: 62720KB

Quest ion 1

How does using t he service password encrypt ion com m and on a rout er provide addit ional
securit y?

A. by encrypt ing all passwords passing t hrough t he rout er

B. by encrypt ing passwords in t he plain t ext configurat ion file
C. by requiring ent ry of encrypt ed passwords for access t o t he device
D. by configuring an MD5 encrypt ed key t o be used by rout ing prot ocols t o validat e rout ing
exchanges
E. by aut om at ically suggest ing encrypt ed passwords for use in configuring t he rout er

Answer: B

Explanat ion

By using t his com m and, all t he ( current and fut ure) passwords are encrypt ed. This com m and is
prim arily useful for keeping unaut horized individuals from viewing your password in your
configurat ion file.

http://www.9tut 15
Quest ion 2

Refer t o t he diagram . What is t he largest configurat ion file t hat can be st ored on t his rout er?
R# show version
Cisco I OS Soft ware. 1841 Soft ware ( C1841- I PBASE- M} , Version 12.4( 1a) , RELEASE SOFTWARE
( fc2)
Technical Support : ht t p: / / www.cisco.com / t echsupport
Copyright ( c) 1986* 2005 by Cisco Syst em s, I nc.
Com piled Fri 27- May- 0512: 32 by hqluong

ROM: Syst em Boot st rap. Version 12.3( 8r) T8, RELEASE SOFTWARE ( fc1)

N- East upt im e is 5 days, 49 m inut es

Syst em ret urned t o ROM by reload at 15: 17: 00 UTC Thu Jun 8 2006
Syst em im age file is “ flash: c1841- ipbase- m z.124- 1a.bin”

Cisco 1841 ( revision 5.0) wit h 114688K/ 16384K byt es of m em ory.

Processor board I D FTX0932W21Y
2 Fast Et hernet int erfaces
2 Low- speed serial( sync/ async) int erfaces
DRAM configurat ion is 64 bit s wide wit h parit y disabled.
191K byt es of NVRAM.
31360K byt es of ATA Com pact Flash ( Read/ Writ e)

Configurat ion regist er I s 0× 2102

A. 191K byt es
B. 16384K byt es
C. 31369K byt es
D. 114688K byt es

Answer: A

Explanat ion

Non- volat ile RAM ( NVRAM) holds t he rout er’s st art up configurat ion file. NVRAM cont ent s are not
lost when t he rout er is powered down or reloaded.

Quest ion 3

Which com m and shows syst em hardware and soft ware version inform at ion?

A. show configurat ion

B. show environm ent
C. show invent ory
D. show plat form
E. show version

Answer: E

Quest ion 4

Refer t o t he exhibit . I f num ber 2 is select ed from t he set up script , what happens when t he user
runs set up from a privileged prom pt ?

http://www.9tut 16
[ 0] Go t o t he I OS com m and prom pt wit hout saving t his config.
[ 1] Ret urn back t o t he set up wit hout saving t his config.
[ 2] Save t his configurat ion t o nvram and exit .

Ent er your select ion [ 2] :

A. Set up is addit ive and any changes will be added t o t he config script .
B. Set up effect ively st art s t he configurat ion over as if t he rout er was boot ed for t he first t im e.
C. Set up will not run if an enable secret password exist s on t he rout er.
D. Set up will not run, because it is only viable when no configurat ion exist s on t he rout er.

Answer: A

Quest ion 5

Which com m and shows your act ive Telnet connect ions?

A. show sessions
B. show cdp neighbors
C. show users
D. show queue

Answer: A

Quest ion 6

Which com m and can you use t o det erm ine t he cisco ios feat ure set on a cisco rout er?

A. show version
B. dir flash: include ios
C. show environm ent
D. show diag
E. show invent ory

Answer: A

Quest ion 7

A syst em adm inist rat or t ypes t he com m and t o change t he host nam e of a rout er. Where on t he
Cisco I FS is t hat change st ored?

A. NVRAM
B. RAM
C. FLASH
D. ROM
E. PCMCI A

Answer: B

Explanat ion

The change is only reflect ed in t he running- config on RAM. I t can be lost if we reset t he rout er
wit hout saving it .

Not e: Cisco I FS m eans “ Cisco I OS File Syst em ”

http://www.9tut 17
Quest ion 8

Before inst alling a new, upgraded version of t he I OS, what should be checked on t he rout er, and
which com m and should be used t o gat her t his inform at ion? ( Choose t wo)

A. t he am ount of available ROM

B. t he am ount of available flash and RAM m em ory
C. t he version of t he boot st rap soft ware present on t he rout er
D. show version
E. show processes
F. show running- config

Answer: B D

Explanat ion

When upgrading new version of t he I OS we need t o copy t he I OS t o t he Flash so first we have t o

check if t he Flash has enough m em ory or not . Also running t he new I OS m ay require m ore RAM
t han t he older one so we should check t he available RAM t oo. We can check bot h wit h t he “ show
version” com m and.

Quest ion 9

Refer t o t he exhibit . A net work adm inist rat or configures a new rout er and ent ers t he copy st art up-
config running- config on t he rout er. The net work adm inist rat or powers down t he rout er and set s it
up at a rem ot e locat ion. When t he rout er st art s, it ent er t he syst em configurat ion dialog as
shown. What is t he cause of t he problem ?
— Syst em Configurat ion Dialog —
Would you like t o ent er t he init ial configurat ion dialog? [ yes/ no] : % Please answer yes’ or ‘no’.
Would you like t o ent er t he init ial configurat ion dialog? [ yes/ ho] : n
Would you like t o t erm inat e aut oinst all? [ yes] :
Press RETURN t o get st art ed!

A. The net work adm inist rat or failed t o save t he configurat ion.
B. The configurat ion regist er is set t o 0× 2100.
C. The boot syst em flash com m and is m issing from t he configurat ion.
D. The configurat ion regist er is set t o 0× 2102.
E. The rout er is configured wit h t he boot syst em st art up com m and.

Answer: A

Explanat ion

The “ Syst em Configurat ion Dialog” appears only when no st art up configurat ion file is found. The
net work adm inist rat or has m ade a m ist ake because t he com m and “ copy st art up- config running-
config” will copy t he st art up config ( which is em pt y) over t he running config ( which is configured
by t he adm inist rat or) . So everyt hing configured was delet ed.

Not e: We can t ell t he rout er t o ignore t he st art - up configurat ion on t he next reload by set t ing t he
regist er t o 0× 2142. This will m ake t he “ Syst em Configurat ion Dialog” appear at t he next reload.

Quest ion 10

Refer t o t he exhibit . What can be det erm ined about t he rout er from t he console out put ?
1 Fast Et hernet / I EEE 802.3 int erface( s)
125K byt es of non- volat ile configurat ion m em ory.

http://www.9tut 18
65536K byt es of ATA PCMCI A card at slot 0 ( Sect or size 512 byt es) .
8192K byt es of Flash int ernal SI MM ( Sect or size 256K) .
———- Syst em Configurat ion Dialog ———-
Would you like t o ent er t he init ial configurat ion dialog? [ yes/ no] :

A. No configurat ion file was found in NVRAM.

B. No configurat ion file was found in flash.
C. No configurat ion file was found in t he PCMCI A card.
D. Configurat ion file is norm al and will load in 15 seconds.

Answer: A

Explanat ion

When no st art up configurat ion file is found in NVRAM, t he Syst em Configurat ion Dialog will appear
t o ask if we want t o ent er t he init ial configurat ion dialog or not .

Quest ion 11

When you are logged int o a swit ch, which prom pt indicat es t hat you are in privileged m ode?

A. %
B. @
C. >
D. $
E. #

Answer: E

Explanat ion

The “ # ” ( like Swit ch# ) indicat es you are in privileged m ode while t he “ > ” indicat es you are in user
m ode.

Not e: The “ # ” sign in “ Swit ch( config) # ” indicat es t his is only accessible at privileged EXEC m ode.
The “ ( config) # ” part indicat es we are in configurat ion m ode.

Below list s popular m odes in Cisco swit ch/ rout er:

Rout er> User EXEC m ode

Rout er# Privileged EXEC m ode

Rout er( config) # Configurat ion m ode

Rout er( config- if) # I nt erface level ( wit hin configurat ion m ode)

Rout er( config- rout er) # Rout ing engine level ( wit hin configurat ion m ode)

Rout er( config- line) # Line level ( vt y, t t y, async) wit hin configurat ion m ode

http://www.9tut 19
Quest ion 12

Which com m and is used t o copy t he configurat ion from RAM int o NVRAM?

A. copy running- config st art up- config

B. copy st art up- config: running- config:
C. copy running config st art up config
D. copy st art up config running config
E. writ e t erm inal

Answer: A

Explanat ion

The running- config is saved in RAM while t he st art up- config is saved in NVRAM. So in order t o
copy t he configurat ion from RAM int o NVRAM we use t he com m and “ copy running- config st art up-
config” ( synt ax: copy ) .

Quest ion 13

Which com m and is used t o load a configurat ion from a TFTP server and m erge t he configurat ion
int o RAM?

A. copy running- config: TFTP:

B. copy TFTP: running- config
C. copy TFTP: st art up- config
D. copy st art up- config: TFTP:

Answer: B

Explanat ion

The synt ax of t he copy com m and is “ copy ” so t o copy a configurat ion from a TFTP server int o
RAM we use t he com m and “ copy TFTP: running- config” .

Quest ion 14

There are no boot syst em com m ands in a rout er configurat ion in NVRAM. What is t he fallback
sequence t hat rout er will use t o find an I OS during reload?

A. Flash, TFTP server, ROM

B. Flash, NVRAM, ROM
C. ROM, NVRAM, TFTP server
D. NVRAM, TFTP server, ROM
E. TFTP server, Flash, NVRAM

Answer: A

Explanat ion

When you t urn t he rout er on, it runs t hrough t he following boot process.

The Power- On Self Test ( POST) checks t he rout er’s hardware. When t he POST com plet es
successfully, t he Syst em OK LED indicat or com es on.
The rout er checks t he configurat ion regist er t o ident ify where t o load t he I OS im age from . A
set t ing of 0× 2102 m eans t hat t he rout er will use inform at ion in t he st art up- config file t o locat e
t he I OS im age. I f t he st art up- config file is m issing or does not specify a locat ion, it will check t he
following locat ions for t he I OS im age:

http://www.9tut 20
1. Flash ( t he default locat ion)
2. TFTP server
3. ROM ( used if no ot her source is found)

The rout er loads t he configurat ion file int o RAM ( which configures t he rout er) . The rout er can load
a configurat ion file from :

+ NVRAM ( st art up- configurat ion file)

+ TFTP server
I f a configurat ion file is not found, t he rout er st art s in set up m ode.

Quest ion 15

A Cisco rout er is boot ing and has j ust com plet ed t he POST process.I t is now ready t o find and load
an I OS im age. What funct ion does t he rout er perform next ?

A. It checks t he configurat ion regist er

B. It at t em pt s t o boot from a TFTP server
C. It loads t he first im age file in flash m em ory
D. It inspect s t he configurat ion file in NVRAM for boot inst ruct ions

Answer: A

Quest ion 16

Refer t o t he part ial com m and out put shown. Which t wo st at em ent s are correct regarding t he
rout er hardware? ( Choose t wo)
syst em im age file is “ flash: c2600- do3s- m z.120- 5.T1″
Cisco 2621 ( MPC860) processor ( revision 0× 600) wit h 53248K/ 12288K byt es of m em ory
Processor board I D JAD05280307 ( 3536592999)
M860 processor: part num ber 0, m ask 49
Bridging soft ware.
X.25 soft ware, version 3.0.0.
2 Fast Et hernet / I EEE 802.3 int erface( s)
2 Serial( sync/ async) net work int erface( s)
2 Low- speed serial( sync/ async) net work int erface( s)
16 t erm inal line( s)
32K byt es of non- volat ile configurat ion m em ory.
16384K byt es of processor board syst em flash ( Read/ Writ e)

A. Tot al RAM size is 32 KB

B. Tot al RAM size is 16384 KB ( 16 MB)
C. Tot al RAM size is 65536 KB ( 64 MB)
D. Flash size is 32 KB
E. Flash size is 16384 KB ( 16 MB) .
F. Flash size is 65536 KB ( 64 MB)

Answer: C E

Explanat ion

The line “ Cisco 2621 ( MPC860) processor ( revision 0× 600) wit h 53248K/ 12288K byt es of
m em ory” t ells how m uch RAM in your rout er. The first param et er ( 53248) specifies how m uch
Dynam ic RAM ( DRAM) in your rout er while t he second param et er ( 12288K) indicat es how m uch
DRAM is being used for Packet m em ory ( used by incom ing and out going packet s) in your rout er.

http://www.9tut 21
Therefore you have t o add bot h num bers t o find t he am ount of DRAM available on your rout er - >
C is correct .

Not e: Cisco 4000, 4500, 4700, and 7500 rout ers have separat e DRAM and Packet m em ory, so you
only need t o look at t he first num ber t o find out t he DRAM in t hat rout er.

The flash size is st raight forward from t he line “ 16384K byt es of processor board syst em flash
( Read/ Writ e) ” - > E is correct .

( Reference: ht t p: / / www.cisco.com / en/ US/ product s/ sw/ iosswrel/ ps1834/ product s_t ech_not e09186
a00800fb9d9.sht m l)

Quest ion 17

Which rout er I OS com m ands can be used t o t roubleshoot LAN connect ivit y problem s? ( Choose
t hree)

A. ping
B. t racert
C. ipconfig
D. show ip rout e
E. winipcfg
F. show int erfaces

Answer: A D F

Explanat ion

The ping com m and can be used t o t est if t he local device can reach a specific dest inat ion - > A is
correct .

“ t racert ” is not a valid com m and in Cisco I OS com m ands, t he correct com m and should be
“ t racerout e” - > B is not correct .

The ipconfig com m and is not a valid com m and in Cisco I OS t oo - > C is not correct .

The “ show ip rout e” com m and can be used t o view t he rout ing t able of t he rout er. I t is a very
useful com m and t o find out m any connect ivit y problem s ( like direct ly connect ed net works,
learned net work via rout ing prot ocols…) - > D is correct .

“ winipcfg” is an old t ool in Windows 95/ 98 t o view I P set t ings of t he inst alled net work int erfaces.
But it is not a valid com m and in Cisco I OS com m ands - > E is not correct .

The “ show int erfaces” com m and is used t o check all t he int erfaces on t he local device only. I t has
very lim it ed inform at ion t o t rouble LAN connect ivit y problem but it is t he m ost reasonable t o
choose - > F is accept able.

Quest ion 18

Which t wo locat ions can be configured as a source for t he I OS im age in t he boot syst em
com m and? ( Choose t wo)

A. RAM
B. NVRAM
C. flash m em ory
D. HTTP server
E. TFTP server
F. Telnet server

Answer: C E

http://www.9tut 22
Explanat ion

The following locat ions can be configured as a source for t he I OS im age:

1. + Flash ( t he default locat ion)
2. + TFTP server
3. + ROM ( used if no ot her source is found)
4. ( Please read t he explanat ion of Quest ion 4 for m ore inform at ion)

Quest ion 19

Refer t o t he exhibit . Why is flash m em ory erased prior t o upgrading t he I OS im age from t he TFTP
server?
Rout er# copy t ft p flash
Address or nam e of rem ot e host [ ] ? 192.168.2.167
Source filenam e [ ] ? c1600- k8sy- m z.123- 16a.bin
Dest inat ion filenam e [ c1600- k8sy- m z.123- 16a.bin] ?
Accessing t ft p: / / 192.168.2.167/ c1600- k8sy- m z.l23- 16a.bin…
Erasing flash before copying? [ confirm ]
Erasing t he flash filesyst em will rem ove all files! cont inue? [ confirm ]
Erasing device
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee …erased
Erase of flash: com plet e
Loading c1600- k8sy- m z.l23- 16a.bin from 192.168.2.167 ( via Et hernet 0) :
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[ OK - 6888962/ 13777920 byt es]
verifying checksum … OK ( 0x7BF3)
6888962 byt es copied in 209.920 secs ( 32961 byt es/ sec)
Rout er#

A. The rout er cannot verify t hat t he Cisco I OS im age current ly in flash is valid
B. Flash m em ory on Cisco rout ers can cont ain only a single I OS im age.
C. Erasing current flash cont ent is request ed during t he copy dialog.
D. I n order for t he rout er t o use t he new im age as t he default , it m ust be t he only I OS im age in
flash.

Answer: C

Explanat ion

During t he copy process, t he rout er asked “ Erasing flash before copying? [ confirm ] ” and t he
adm inist rat or confirm ed ( by pressing Ent er) so t he flash was delet ed.

Not e: I n t his case, t he flash has enough space t o copy a new I OS wit hout delet ing t he current
one. The current I OS is delet ed j ust because t he adm inist rat or want s t o do so. I f t he flash does
not have enough space you will see an error m essage like t his:
% Error copying t ft p: / / 192.168.2.167/ c1600- k8sy- m z.l23- 16a.bin ( Not enough space on device)

http://www.9tut 23
Quest ion 20

Which com m and reveals t he last m et hod used t o powercycle a rout er?

A. show reload
B. show boot
C. show running- config
D. show version

Answer: D

Quest ion 21

Refer t o t he exhibit . A rout er boot s t o t he prom pt shown in t he exhibit . What does t his signify,
and how should t he net work adm inist rat or respond?
rom m on 1>

A. This prom pt signifies t hat t he configurat ion file was not found in NVRAM. The net work
adm inist rat or should follow t he prom pt s t o ent er a basic configurat ion.
B. The prom pt signifies t hat t he configurat ion file was not found in flash m em ory. The net work
adm inist rat or should use TFTP t o t ransfer a configurat ion file t o t he rout er.
C. The prom pt signifies t hat t he I OS im age in flash m em ory is invalid or corrupt ed. The net work
adm inist rat or should use TFTP t o t ransfer an I OS im age t o t he rout er.
D. The prom pt signifies t hat t he rout er could not aut hent icat e t he user. The net work adm inist rat or
should m odify t he I OS im age and reboot t he rout er.

Answer: C

Explanat ion

I f a Cisco rout er boot s in ROMm on m ode, it m eans:

+ The value of t he configurat ion regist er is set t o XXX0 ( t he boot field – fourt h bit – is 0)
+ The rout er is unable t o locat e a valid Cisco I OS soft ware im age ( you can use t he “ dir flash: ”
com m and in ROMm on m ode t o look for t he I OS in t he Flash t hen t ry t o boot t hat flash wit h t he
“ boot flash: < I OS im age> ” com m and) .

I f t he I OS im age is invalid or corrupt ed, t he fast est way t o re- inst all a new Cisco I OS soft ware
im age on t he rout er is t o copy a new one from TFTP ( wit h “ t ft pdnld” com m and) .

Quest ion 22

What should be done prior t o backing up an I OS im age t o a TFTP server? ( Choose t hree)

A. Make sure t hat t he server can be reached across t he net work.

B. Check t hat aut hent icat ion for TFTP access t o t he server is set .
C. Assure t hat t he net work server has adequat e space for t he I OS im age.
D. Verify file nam ing and pat h requirem ent s.
E. Make sure t hat t he server can st ore binary files.
F. Adj ust t he TCP window size t o speed up t he t ransfer.

Answer: A C D

Quest ion 23

Which t wo privileged m ode cisco ios com m ands can be used t o det erm ine a cisco rout er chassis
serial num ber? ( choose t wo)

http://www.9tut 24
A. show invent ory
B. show flash filesys
C. dir flash: | include chassis
D. show diag
E. show cont rollers

Answer: A D

Quest ion 24

Which com m and helps a net work adm inist rat or t o m anage m em ory by displaying flash m em ory
and NVRAM ut ilizat ion?

A. show secure
B. show file syst em s
C. show flash
D. show version

Answer: B

Quest ion 25

A net work adm inist rat or changes t he configurat ion regist er t o 0× 2142 and reboot s t he rout er.
What are t wo result s of m aking t his change? ( Choose t wo)

A. The I OS im age will be ignored.

B. The rout er will prom pt t o ent er init ial configurat ion m ode.
C. The rout er will boot t o ROM.
D. Any configurat ion ent ries in NVRAM will be ignored.
E. The configurat ion in flash m em ory will be boot ed.

Answer: B D

Explanat ion

The rout er bypasses t he st art up configurat ion st ored in NVRAM during it s boot sequence so t he
rout er will ent er init ial configurat ion m ode. This feat ure is norm ally used during a password
recovery procedure.

Quest ion 26

Refer t o t he exhibit . For what t wo reasons has t he rout er loaded it s I OS im age from t he locat ion
t hat is shown? ( Choose t wo)
Rout er1> show version
Cisco I nt ernet work Operat ing Syst em Soft ware
I OS ™ 7200 Soft ware ( C7200- J- M) , Experim ent al Version 11.3t l997091S: 1647S2)
[ ham pt on- nit ro- baseline 249]
Copyright ( c) 1986- 1997 by cisco Syst em s, I nc.
Com piled Wed 08- 0ct - 97 06: 39 by ham pt on
I m age t ext - base: 0× 60008900, dat a- base: 0x60B98000
ROM: Syst em Boot st rap, Version 11.1( 11855) [ bet a 2] , I NTERI M SOFTWARE
BOOTPLASH: 7200 Soft ware ( C7200- BOOT- M) , Version 11.1( 472) , RELEASE SOFTWARE ( fcl)
Rout er1 upt im e is 23 hours, 33 m inut es
Syst em rest art ed by abort at PC 0x6022322C at 10: 50: SS PDT Tue Oct 21 1997
Syst em im age file is “ t ft p: / / 112.16.1.129/ ham pt on/ nit ro/ c7200- j - m z”

http://www.9tut 25
cisco 7206 ( NPE150) processor wit h 57344K/ 8192K byt es of m em ory.
< out put om it t ed>
Configurat ion regist er is 0× 2102

A. Rout er1 has specific boot syst em com m and t hat inst ruct it t o load I OS from TFTP server.
B. Rout er1 is act ing as a TFTP server for ot her rout ers.
C. Rout er1 cannot locat e a valid I OS im age in flash m em ory.
D. Rout er1 default ed t o ROMMON m ode and loaded t he I OS im age from a TFTP sewer.
E. Cisco rout ers will first at t em pt t o load a im age from TFTP for m anagem ent purposes.

Answer: A C

Explanat ion

When powered on, t he rout er first checks it s hardware via Power- On Self Test ( POST) . Then it
checks t he configurat ion regist er t o ident ify where t o load t he I OS im age from . I n t he out put
above we learn t hat t he Configurat ion regist er value is 0× 2102 so t he rout er will t ry t o boot t he
syst em im age from Flash m em ory first .

But we also see a line “ Syst em im age file is “ t ft p: / / 112.16.1.129/ ham pt on/ nit ro/ c7200- j - m z” .
Please not ice t hat t his line t ells us t he im age file t hat t he device last st art ed. I n t his case it is from
a TFTP server. Therefore we can deduce t hat t he rout er could not load t he I OS im age from t he
flash and t he I OS im age has been loaded from TFTP server.

Not e:

I f t he st art up- config file is m issing or does not specify a locat ion, it will check t he following
locat ions for t he I OS im age:

+ Flash ( t he default locat ion)

+ TFTP server
+ ROM ( used if no ot her source is found)

CCNA – OSI Model Quest ions

Not e: I f you are not sure about OSI Model, please read m y OSI t ut orial.

OSI Model Tut orial

Welcom e t o t he m ost basic t ut orial for net worker! Underst anding about OSI m odel is one of t he
m ost im port ant t ools t o help you grasp how net working devices like rout er, swit ch, PC… work.
Let ’s t ake an exam ple in our real life t o dem onst rat e t he OSI m odel. Maybe you have ever sent a
m ail t o your friend, right ? To do it , you have t o follow t hese st eps:
1. Writ e your let t er
2. I nsert it int o an envelope
3. Writ e inform at ion about sender and receiver on t hat envelope
4. St am p it
5. Go t o t he post office and drop it int o a m ail inbox
From t he exam ple above, I want t o im ply we have t o go t hrough som e st eps in a specific order t o
com plet e a t ask. I t is also applied for t wo PCs t o com m unicat e wit h each ot her. They have t o use

http://www.9tut 26
a predefined m odel, nam ed OSI , t o com plet e each st ep. There are 7 st eps in t his m odel as list ed
below:

This is also t he well- known t able of t he OSI m odel so you m ust t ake t im e t o learn by heart . A
popular way t o rem em ber t his t able is t o creat e a fun sent ence wit h t he first let t ers of each layer.
For exam ple: All People Seem To N eed D at a Processing or a m ore funny sent ence sort ed from
layer 1 t o layer 7: Please D o N ot Throw Sausage Pizza Away.
There are t wo not ices about t his t able:
1. First , t he t able is arranged from t op t o bot t om ( num bering from 7 t o 1) . Each st ep is called a
“ layer” so we have 7 layers ( m aybe we usually call t hem “ layers” t o m ake t hem m ore… t echnical
^ ^ ).
When a device want s t o send inform at ion t o anot her one, it s dat a m ust go from t op t o bot t om
layer. But when a device receives t his inform at ion, it m ust go from bot t om t o t op t o “ decapsulat e”
it . I n fact , t he reverse act ion at t he ot her end is very nat ural in our life. I t is very sim ilar when
t wo people com m unicat e via m ail. First , t he writ er m ust writ e t he let t er, insert it int o an envelope
while t he receiver m ust first open t he envelope and t hen read t he m ail. The pict ure below shows
t he whole process of sending and receiving inform at ion.

http://www.9tut 27
Not e: The OSI m odel layers are oft en referred t o by num ber t han by nam e ( for exam ple, we refer
saying “layer 3″ to “network layer”) so you should learn the number of each layer as well.
2. When t he inform at ion goes down t hrough layers ( from t op t o bot t om ) , a header is added t o it .
This is called encapsulat ion because it is like wrapping an obj ect in a capsule. Each header can be
underst ood only by t he corresponding layer at t he receiving side. Ot her layers only see t hat
layer’s header as a part of dat a.

At t he receiving side, corresponding header is st ripped off in t he sam e layer it was at t ached.
Un de r st a nd e a ch la ye r
La ye r 7 – Applica t ion la ye r
This is t he closest layer t o t he end user. I t provides t he int erface bet ween t he applicat ions we use
and t he underlying layers. But not ice t hat t he program s you are using ( like a web browser – I E,
Firefox or Opera…) do not belong t o Applicat ion layer. Telnet , FTP, em ail client ( SMTP) , HyperText
Transfer Prot ocol ( HTTP) are exam ples of Applicat ion layer.
La ye r 6 – Pr e se n t a t ion la ye r
This layer ensures t he present at ion of dat a, t hat t he com m unicat ions passing t hrough are in t he
appropriat e form for t he recipient . I n general, it act s as a t ranslat or of t he net work. For exam ple,
you want t o send an em ail and t he Present at ion will form at your dat a int o em ail form at . Or you
want t o send phot os t o your friend, t he Present at ion layer will form at your dat a int o GI F, JPG or
PNG… form at .
La ye r 5 – Se ssion la ye r
Layer 5 est ablishes, m aint ains and ends com m unicat ion wit h t he receiving device.
La ye r 4 – Tr a n spor t la ye r
This layer m aint ains flow cont rol of dat a and provides for error checking and recovery of dat a
bet ween t he devices. The m ost com m on exam ple of Transport layer is Transm ission Cont rol
Prot ocol ( TCP) and User Dat agram Prot ocol ( UDP) .

http://www.9tut 28
La ye r 3 – N e t w or k la ye r
This layer provides logical addresses which rout ers will use t o det erm ine t he pat h t o t he
dest inat ion. I n m ost cases, t he logic addresses here m eans t he I P addresses ( including source &
dest inat ion I P addresses) .
La ye r 2 – D a t a Lin k La ye r
The Dat a Link layer form at s t he m essage int o a dat a fram e, and adds a header cont aining t he
hardware dest inat ion and source address t o it . This header is responsible for finding t he next
dest inat ion device on a local net work.
Not ice t hat layer 3 is responsible for finding t he pat h t o t he last dest inat ion ( net work) but it
doesn’t care about who will be t he next receiver. I t is t he Layer 2 t hat helps dat a t o reach t he
next dest inat ion.
This layer is subdivide int o 2 sub- layers: logical link cont rol ( LLC) and m edia access cont rol
( MAC) .
The LLC funct ions include:
+ Managing fram es t o upper and lower layers
+ Error Cont rol
+ Flow cont rol
The MAC sublayer carries t he physical address of each device on t he net work. This address is
m ore com m only called a device’s MAC address. MAC address is a 48 bit s address which is burned
int o t he NI C card on t he device by it s m anufact urer.
La ye r 1 – Ph ysica l la ye r
The Physical Layer defines t he physical charact erist ics of t he net work such as connect ions, volt age
levels and t im ing.
To help you rem em ber t he funct ions of each layer m ore easily, I creat ed a fun st ory in which
Henry ( English) want s t o send a docum ent t o Charles ( French) t o dem onst rat e how t he OSI m odel
works.

http://www.9tut 29
http://www.9tut 30
Last ly, I sum m arize all t he im port ant funct ions of each layer in t he below t able ( please rem em ber
t hem , t hey are very im port ant knowledge you need t o know about OSI m odel) :

La ye r D e scr ipt ion Popu la r Pr ot ocol D a t a D e vice s

Pr ot ocols Un it ope r a t e in
t h is la ye r

Applica t ion + User int erface HTTP, FTP, TFTP, Dat a

Telnet , SNMP,
DNS…

Pr e se n t a t ion + Dat a represent at ion, + Video ( WMV, Dat a

encrypt ion & decrypt ion AVI …)
+ Bit m ap ( JPG,
BMP, PNG…)
+ Audio ( WAV,
MP3, WMA…)
….

Se ssion + Set up, m onit or & + SQL, RPC, Dat a

t erm inat e t he connect ion NETBI OS nam es…
session
Tr a n spor t + Flow cont rol ( Buffering, + TCP Segm ent
Windowing, Congest ion ( Connect ion-
Avoidance) helps prevent Orient ed, reliable
t he loss of segm ent s on )
t he net work and t he need + UDP
for ret ransm ission ( Connect ionless,
unreliable)
N e t w or k + Pat h det erm inat ion + IP Packet / Dat agram Rout er
+ Source & Dest inat ion + I PX
logical addresses + AppleTalk
D a t a Lin k + Physical addresses + LAN Fram e Swit ch,
+ WAN ( HDLC, Bridge
I ncludes 2 layers:
PPP, Fram e
+ Upper layer: Logical
Relay…)
Link Cont rol ( LLC)
+ Lower layer: Media
Access Cont rol ( MAC)

Ph ysica l Encodes and t ransm it s + FDDI , Et hernet Bit ( 0, 1) Hub,

dat a bit s Repeat er…
+ Elect ric signals
+ Radio signals

Not e: I n fact , OSI is j ust is a t heoret ical m odel of net working. The pract ical m odel used in m odern
net works is t he TCP/ I P m odel. You m ay t hink “ Hm , it ’s j ust t heoret ic and has no use in real life! I
don’t care! ” but believe m e, you will use t his m odel m ore oft en t han t he TCP/ I P m odel so t ake
t im e t o grasp it , you will not regret – I prom ise : )

http://www.9tut 31
Quest ion 1

Which of t he following correct ly describe st eps in t he OSI dat a encapsulat ion process? ( Choose
t wo)

A. The t ransport layer divides a dat a st ream int o segm ent s and m ay add reliabilit y and flow
cont rol inform at ion.
B. The dat a link layer adds physical source and dest inat ion addresses and an FCS t o t he segm ent .
C. Packet s are creat ed when t he net work layer encapsulat es a fram e wit h source and dest inat ion
host addresses and prot ocol- relat ed cont rol inform at ion.
D. Packet s are creat ed when t he net work layer adds Layer 3 addresses and cont rol inform at ion t o
a segm ent .
E. The present at ion layer t ranslat es bit s int o volt ages for t ransm ission across t he physical link.

Answer: A D

Explanat ion

The t ransport layer segm ent s dat a int o sm aller pieces for t ransport . Each segm ent is assigned a
sequence num ber, so t hat t he receiving device can reassem ble t he dat a on arrival.

The t ransport layer also use flow cont rol t o m axim ize t he t ransfer rat e while m inim izing t he
requirem ent s t o ret ransm it . For exam ple, in TCP, basic flow cont rol is im plem ent ed by
acknowledgm ent by t he receiver of t he receipt of dat a; t he sender wait s for t his acknowledgm ent
before sending t he next part .

- > A is correct .

The dat a link layer adds physical source and dest inat ion addresses and an Fram e Check Sequence
( FCS) t o t he packet ( on Layer 3) , not segm ent ( on Layer 4) - > B is not correct .

Packet s are creat ed when net work layer encapsulat es a segm ent ( not fram e) wit h source and
dest inat ion host addresses and prot ocol- relat ed cont rol inform at ion. Not ice t hat t he net work layer
encapsulat es m essages received from higher layers by placing t hem int o dat agram s ( also called
packet s) wit h a net work layer header - > C is not correct .

The Net work layer ( Layer 3) has t wo key responsibilit ies. First , t his layer cont rols t he logical
addressing of devices. Second, t he net work layer det erm ines t he best pat h t o a part icular
dest inat ion net work, and rout es t he dat a appropriat ely.

- > D is correct .

The Physical layer ( present at ion layer) t ranslat es bit s int o volt ages for t ransm ission across t he
physical link - > E is not correct .

Quest ion 2

Which layer of t he OSI reference m odel uses t he hardware address of a device t o ensure m essage
delivery t o t he proper host on a LAN?

A. physical
B. dat a link
C. net work
D. t ransport

Answer: B

http://www.9tut 32
Explanat ion

The hardware address of a device or t he Media Access Cont rol ( MAC) address is added in t he Dat a
Link layer. An Et hernet MAC address is a 48- bit binary value expressed as 12 hexadecim al digit s
( for exam ple: 00: 15: A4: CB: 03: CA) .

Quest ion 3

Which layer of t he OSI reference m odel uses flow cont rol, sequencing, and acknowledgm ent s t o
ensure t hat reliable net working occurs?

A. dat a link
B. net work
C. t ransport
D. present at ion
E. physical

Answer: C

Quest ion 4

Which layer in t he OSI reference m odel is responsible for det erm ining t he availabilit y of t he
receiving program and checking t o see if enough resources exist for t hat com m unicat ion?

A. t ransport
B. net work
C. present at ion
D. session
E. applicat ion

Answer: E

Quest ion 5

Dat a t ransfer is slow bet ween t he source and dest inat ion. The qualit y of service request ed by t he
t ransport layer in t he OSI reference m odel is not being m aint ained. To fix t his issue, at which
layer should t he t roubleshoot ing process begin?

A. present at ion
B. session
C. t ransport
D. net work
E. physical

Answer: D

Quest ion 6

Which prot ocols are found in t he net work layer of t he OSI reference m odel and are responsible for
pat h det erm inat ion and t raffic swit ching?

A. LAN
B. rout ing
C. WAN
D. net work

Answer: B

http://www.9tut 33
Quest ion 7

Refer t o t he exhibit . An adm inist rat or pings t he default gat eway at 10.10.10.1 and sees t he
out put as shown. At which OSI layer is t he problem ?
C: \ > ping 10.10.10.1
Pinging 10.10.10.1 wit h 32 byt es of dat a:
Request t im ed out .
Request t im ed out .
Request t im ed out .
Request t im ed out .
Ping st at ist ics for 10.10.10.1:
Packet s: sent – 4, Received = 0, Lost – 4 ( 100% loss)

A. dat a link layer

B. applicat ion layer
C. access layer
D. session layer
E. net work layer

Answer: E

Explanat ion

The Net work layer is responsible for net work addressing and rout ing t hrough t he int ernet work. So
a ping fails, you m ay have an issue wit h t he Net work layer ( alt hough lower layers like Dat a Link &
Physical m ay cause t he problem ) .

Quest ion 8

Which of t he following are t ypes of flow cont rol? ( Choose t hree)

A. buffering
B. cut - t hrough
C. windowing
D. congest ion avoidance
E. load balancing

Answer: A C D

Explanat ion

Three t ypes of flow cont rol are buffering, windowing & congest ion avoidance:

+ Buffering: I f a device receives packet s t oo quickly for it t o handle t hen it can st ore t hem in a
m em ory sect ion called a buffer and proceed t hem lat er.

+ Windowing: a window is t he quant it y of dat a segm ent s t hat t he t ransm it t ing device is allowed
t o send wit hout receiving an acknowledgm ent for t hem . For exam ple:

Wit h t he window size of 1, t he sending device sends 1 segm ent and t he receiving device m ust
reply wit h 1 ACK before t he sending device can send t he next segm ent . This “ wait ing” t akes som e
t im e.

By increasing t he window size t o 3, t he sending device will send up t o 3 segm ent s before wait ing
an ACK - > helps reduce t he wait ing t im e.

+ Congest ion avoidance: lower- priorit y t raffic can be discarded when t he net work is overloaded -
> m inim ize delays.

http://www.9tut 34
Quest ion 9

A net work adm inist rat or is verifying t he configurat ion of a newly inst alled host by est ablishing an
FTP connect ion t o a rem ot e server. What is t he highest layer of t he prot ocol st ack t hat t he
net work adm inist rat or is using for t his operat ion?

A. applicat ion
B. present at ion
C. session
D. t ransport
E. int ernet
F. dat a link

Answer: A

Explanat ion

FTP belongs t o Applicat ion layer and it is also t he highest layer of t he OSI m odel.

Quest ion 10

A receiving host com put es t he checksum on a fram e and det erm ines t hat t he fram e is dam aged.
The fram e is t hen discarded. At which OSI layer did t his happen?

A. session
B. net work
C. physical
D. dat a link
E. t ransport

Answer: D

Explanat ion

When using t he t erm “ fram e” we can easily recognize it belongs t o t he Dat a Link layer. I n t his
layer, an Fram e Check Sequence ( FCS) field is added t o t he fram e t o verify t hat t he fram e dat a is
received correct ly.

Quest ion 11

As a fram e leaves a Layer 3 device, t he Layer 2 encapsulat ion inform at ion is changed from what it
was when it ent ered t he device. For what t wo reasons can t his happen? ( Choose t wo)

A. The dat a is m oving from 10BASE- TX t o 100BASE- TX.

B. The WAN encapsulat ion t ype has changed.
C. The dat a form at has changed from analog t o digit al.
D. The source and dest inat ion host s are in t he sam e subnet .
E. The source and dest inat ion MAC addresses have changed.

Answer: B E

Quest ion 12

Acknowledgem ent , Sequencing, and Flow cont rol are charact erist ics of which OSI layer?

A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5

http://www.9tut 35
E. Layer 6
F. Layer 7

Answer: C

CCNA – TCP/ I P Model & Operat ion

Quest ion 1

An inbound access list has been configured on a serial int erface t o deny packet ent ry for TCP and
UDP port s 21, 23 and 25. What t ypes of packet s will be perm it t ed by t his ACL? ( Choose t hree)

A. FTP
B. Telnet
C. SMTP
D. DNS
E. HTTP
F. POP3

Answer: D E F

Explanat ion

The access list denies packet ent ry for TCP & UDP - > all t he services on port s 21, 23 and 25 are
disabled. Services on t hese port s are FTP ( port 21) , Telnet ( port 23) , SMTP ( port 25) . Ot her
services are allowed so D E F are t he correct answers.

Quest ion 2

What are t wo charact erist ics of Telnet ? ( Choose t wo)

A. It sends dat a in clear t ext form at .

B. It is no longer support ed on Cisco net work devices.
C. It is m ore secure t han SSH.
D. It requires an ent erprise license in order t o be im plem ent ed.
E. It requires t hat t he dest inat ion device be configured t o support Telnet connect ions.

Answer: A E

Explanat ion

Telnet , part of t he TCP/ I P prot ocol suit e, is a virt ual t erm inal prot ocol t hat allows you t o m ake
connect ions t o rem ot e devices, gat her inform at ion, and run program s. Telnet is considered
insecure because it t ransfers all dat a in clear t ext - > A is correct .

The dest inat ion device needs t o support Telnet connect ion. For exam ple, if a device doesn’t
support TCP/ I P prot ocol suit t hen m aybe we can’t t elnet t o it .

Quest ion 3

An adm inist rat or issues t he com m and ping 127.0.0.1 from t he com m and line prom pt on a PC. I f a
reply is received, what does t his confirm ?

A. The PC has connect ivit y wit h a local host .

B. The PC has connect ivit y wit h a Layer 3 device.

http://www.9tut 36
C. The PC has a default gat eway correct ly configured
D. The PC has connect ivit y up t o Layer 5 of t he OSI m odel
E. The PC has t he TCP/ I P prot ocol st ack correct ly inst alled.

Answer: E

Explanat ion

The address 127.0.0.1 is called loopback address. When we ping 127.0.0.1, in fact we are pinging
t he local net work card and t est t he TCP/ I P prot ocol suit e on our device.

Quest ion 4

Where does rout ing occur wit hin t he DoD TCP/ I P reference m odel?

A. applicat ion
B. int ernet
C. net work
D. t ransport

Answer: B

Explanat ion

The pict ure below shows t he com parison bet ween TCP/ I P m odel & OSI m odel. Not ice t hat t he
I nt ernet Layer of TCP/ I P is equivalent t o t he Net work Layer which is responsible for rout ing
decision.

Quest ion 5

A host is at t em pt ing t o send dat a t o anot her host on a different net work. What is t he first act ion
t hat t he sending host will t ake?

A. Drop t he dat a.
B. Send t he dat a fram es t o t he default gat eway.
C. Creat e an ARP request t o get a MAC address for t he receiving host .
D. Send a TCP SYN and wait for t he SYN ACK wit h t he I P address of t he receiving host .

Answer: B

http://www.9tut 37
Explanat ion

Before sending dat a, t he sending host checks if t he dest inat ion host is inside or out side t he local
net work. I f it is out side t he local net work, t he dat a will be sent t o t he default gat eway.
Quest ion 6

A TCP/ I P Transfer is diagram m ed in t he exhibit .

A window size of t hree has been negot iat ed for t his t ransfer. Which m essage will be ret urned from
t he receiver t o t he sender as part of t his TCP/ I P t ransfer?

A. Send ACK 1- 3

B. Send ACK 3
C. Send ACK 4
D. Send ACK 4- 6
E. Send ACK 6
F. Send ACK 7

Answer: C

Explanat ion

I n response, t he receiver replies wit h an ACK. The acknowledgm ent num ber is set t o one m ore
t han t he received sequence num ber. The ACK m eans “ I have got all m essages up t o sequence
num ber n- 1 so please send m e t he m essage for sequence num ber n” .

Quest ion 7

What is t he purpose using t he t racerout e com m and?

A. t o m ap all t he devices on a net work.

B. t o display t he current TCP/ I P configurat ion values.
C. t o see how a device MAC address is m apped t o it s I P address.
D. t o see t he pat h a packet will t ake when t raveling t o a specified dest inat ion.
E. t o display t he MTU values for each rout er in a specified net work pat h from source t o a
dest inat ion.

Answer: D

Quest ion 8

A net work adm in want s t o know every hop t he packet s t ake when he accesses cisco.com . Which
com m and is t he m ost appropriat e t o use?

http://www.9tut 38
A. pat h cisco.com
B. debugcisco.com
C. t race cisco.com
D. t racerout e cisco.com

Answer: D

Quest ion 9

Refer t o t he exhibit . Host A pings Host B. What source MAC address and source I P address are
cont ained in t he fram e as t he fram e leaves R2 dest ined for host B?

A. abcd.abcd.a001
B. abcd.abcd.b002
C. abcd.abcd.c003
D. 10.2.0.15
E. 10.0.64.1
F. 10.0.128.15

Answer: B D

Explanat ion

When packet s are sent from Host A t o Host B, t he source and dest inat ion I P addresses are never
changed and t hey are t he I P addresses of Host A & Host B. Only t he MAC addresses will be
changed t o reflect t he device of t he current net work. I n t his case, when t he fram e leaves R2
dest ined for host B. I t will have:

+ Source I P: I P of Host A - 10.2.0.15 ( never changed)

+ Dest inat ion I P: I P of Host B – 10.0.128.15 ( never changed)
+ Source MAC: MAC of Fa0/ 0 of R2 – abcd.abcd.b002
+ Dest inat ion MAC: MAC of Host B – abcd.abcd.d004

http://www.9tut 39
Quest ion 10

Host 1 is t rying t o com m unicat e wit h Host 2. The e0 int erface on Rout er C is down. Which of t he
following are t rue? ( Choose t wo)

A. Rout er C will use I CMP t o inform Host 1 t hat Host 2 cannot be reached.
B. Rout er C will use I CMP t o inform Rout er B t hat Host 2 cannot be reached.
C. Rout er C will use I CMP t o inform Host 1, Rout er A, and Rout er B t hat Host 2 cannot be reached.
D. Rout er C will send a Dest inat ion Unreachable m essage t ype.
E. Rout er C will send a Rout er Select ion m essage t ype.
F. Rout er C will send a Source Quench m essage t ype.

Answer: A D

Explanat ion

The last known good rout er will t ry t o inform you t hat t he dest inat ion cannot be reached ( wit h a
Dest inat ion Unreachable m essage t ype) so from t hat inform at ion you can learn how far your
packet s can t ravel t o and where t he problem is.

Quest ion 11

Refer t o t he exhibit . The swit ch in t he graphic has a default configurat ion and t he MAC t able is
fully populat ed. I n addit ion, t his net work is operat ing properly. The graphic represent s select ed
header inform at ion in a fram e leaving host A. What can be concluded from t his inform at ion?

A. The MAC address of host A is FFFF.FFFF.FFFF.

B. The rout er will forward t he packet in t his fram e t o t he I nt ernet .
C. The swit ch will only forward t his fram e t o t he at t ached rout er int erface.
D. All devices in t his LAN except host A will pass t he packet t o Layer 3.

http://www.9tut 40
Answer: D

Explanat ion

This fram e is leaving host A so host A is t he source of t his fram e. I n t his fram e, t he MAC
dest inat ion is FFFF.FFFF.FFFF which is a broadcast address so Sw1 will flood t his fram e out all it s
port s except t he port it received t he fram e - > Host s B, C, D and t he int erface connect ed t o Sw1
on R1 will receive t his fram e. When receiving t his fram e, t hey will pass t he packet t o Layer 3
( because t hey consider broadcast address “ everyone, including m e” ) . At Layer 3, t he Dest inat ion
I P will be checked and only t he host ( or t he int erface on t he rout er) wit h correct I P will respond t o
Host A while ot hers keep silence - > D is correct .

Just for your inform at ion, m aybe you can ask “ t his is a broadcast m essage so why rout er R1
doesn’t drop it ?” . Suppose t his is an ARP Request m essage. I n fact , R1 drops t hat packet but it
also learns t hat it is an ARP Request so R1 looks up it s rout ing t able t o find a rout e t o t hat
dest inat ion. I f it can find one, it will send an ARP Reply back for host A” .

CCNA – Show Com m and Quest ions

Quest ion 1

Refer t o t he exhibit . What can be det erm ined from t he out put ?

A. 192.168.1.2 is local t o t he rout er.

B. 192.168.3.1 is local t o t he rout er.
C. 192.168.1.2 will age out in less t han 1 m inut e.
D. 192.168.3.1 has aged out and is m arked for delet ion.

Answer: B

Explanat ion

The “ Age” field in t he “ show ip arp” com m and is t he age in m inut es of t he cache ent ry. A hyphen
( - ) m eans t he address is local so in t his case 192.168.1.1 & 192.168.3.1 are local t o t his rout er -
> B is correct .

Note: The “Age 0″ means that the address was cached less than 1 minute ago.

Quest ion 2

Refer t o t he exhibit . What could be possible causes for t he “ Serial0/ 0 is down” int erface st at us?
( Choose t wo)

http://www.9tut 41
A. A Layer 1 problem exist s.
B. The bandwidt h is set t oo low.
C. A prot ocol m ism at ch exist s.
D. An incorrect cable is being used.
E. There is an incorrect I P address on t he Serial 0/ 0 int erface.

Answer: A D

Explanat ion

The first part of t he “ Serial0/ 0 is down, line prot ocol is down” indicat es a layer 1 problem while
t he second part indicat es a layer 2 problem - > A is correct .

Som e popular layer 1 problem s are list ed below:

+ device power off

+ device power unplugged
+ loose net work cable connect ion
+ incorrect cable t ype
+ fault y net work cable

Answer B “ The bandwidt h is set t oo low” will not m ake a layer 1 problem .
Answer C is a layer 2 problem .
Answer E is a layer 3 problem .

Quest ion 3

Which line from t he out put of t he show ip int erface com m and indicat es a layer 1 problem ?

A. Serial0/ 1 is up, line prot ocol is down

B. Serial0/ 1 is down, line prot ocol is down
C. Serial0/ 1 is up, line prot ocol is up
D. Serial0/ 1 is adm inist rat ively down, line prot ocol is down

Answer: B

Explanat ion

Sam e as quest ion 2.

http://www.9tut 42
Quest ion 4

Refer t o t he exhibit . What is t he m eaning of t he out put MTU 1500 byt es?

A. The m axim um num ber of byt es t hat can t raverse t his int erface per second is 1500.
B. The m inim um segm ent size t hat can t raverse t his int erface is 1500 byt es.
C. The m axim um segm ent size t hat can t raverse t his int erface is 1500 byt es.
D. The m inim um packet size t hat can t raverse t his int erface is 1500 byt es.
E. The m axim um packet size t hat can t raverse t his int erface is 1500 byt es.
F. The m axim um fram e size t hat can t raverse t his int erface is 1500 byt es.

Answer: E

Explanat ion

The Maxim um Transm ission Unit ( MTU) defines t he m axim um Layer 3 packet ( in byt es) t hat t he
layer can pass onwards.

Quest ion 5

The net work adm inist rat or norm ally est ablishes a Telnet session wit h t he swit ch from host A. The
adm inist rat or’s at t em pt t o est ablish a connect via Telnet t o t he swit ch from host B fails, but pings
from host B t o ot her t wo host s are successful. What is t he issue for t his problem ?

A. Host B and t he swit ch need t o be in t he sam e subnet .

B. The swit ch needs an appropriat e default gat eway assigned.

http://www.9tut 43
C. The swit ch int erface connect ed t o t he rout er is down.
D. Host B need t o be assigned an I P address in vlan 1.

Answer: B

Explanat ion

Host A ( 172.19.1.1) and t he m anagem ent I P address of t he Swit ch ( 172.19.1.250) are in t he

sam e subnet so t elnet from host A t o t he swit ch can be successful even if a default gat eway is not
set on host A.

But host B ( 172.19.32.2) and t he m anagem ent I P address of t he Swit ch ( 172.19.1.250) are not in
t he sam e subnet so host B needs a default gat eway t o t elnet t o t he swit ch. The default gat eway
on host B should be 172.19.32.254.

Quest ion 6

Which com m and displays CPU ut ilizat ion?

A. show prot ocols

B. show process
C. show syst em
D. show version

Answer: B

Quest ion 7

Refer t o t he exhibit . You are connect ed t o t he rout er as user Mike. Which com m and allows you t o
see out put from t he OSPF debug com m and?

A. t erm inal m onit or

B. show debugging
C. show sessions
D. show ip ospf int erface

Answer: A

Explanat ion

By default , Cisco I OS does not send log m essages t o a t erm inal session over I P like Telnet , SSH
but console connect ions do have logging feat ure enabled by default . To display debug com m and
out put and syst em error m essages for Telnet or SSH session, use t he “ t erm inal m onit or”
com m and in privileged m ode.

http://www.9tut 44
CCNA – Prot ocols & Services

Quest ion 1

An adm inist rat or at t em pt s a t racerout e but receives a “ Dest inat ion Unreachable” m essage. Which
prot ocol is responsible for t hat m essage?

A. RARP
B. RUDP
C. I CMP
D. SNMP

Answer: C

Explanat ion

The I CMP dest inat ion unreachable m essage is generat ed by a rout er ( which is reachable) t o
inform t he source host t hat t he dest inat ion unicast address is unreachable.

Quest ion 2

DNS servers provide what service?

A. They run a spell check on host nam es t o ensure accurat e rout ing
B. They convert dom ain nam es int o I P address
C. Given an I P address.t hey det erm ine t he nam e of t he host t hat is sought
D. They m ap individual host s t o t heir specific I P addresses

Answer: B

Explanat ion

For exam ple, when you open a web browser ( I E, Firefox…) and t ype a dom ain ( like google.com ) .
This dom ain will be sent t o a DNS server. The DNS server looks up t his dom ain in it s dat abase
and sends back a corresponding I P address which you can use t o access t hat websit e.

Not e: A DNS server can be a dedicat ed device for DNS service or int egrat ed int o a net working
device ( like rout er) .

Quest ion 3

Which of t he following prot ocols uses bot h TCP and UDP port s?

A. SMTP
B. Telnet
C. FTP
D. DNS

Answer: D

Explanat ion

DNS can use eit her t he User Dat agram Prot ocol ( UDP) or Transm ission Cont rol Prot ocol ( TCP) wit h
a dest inat ion port of 53.

Not e:

+ Sim ple Mail Transfer Prot ocol ( SMTP) is specified for m ail t ransport and uses TCP port 25.
+ Telnet uses TCP on port 23.
+ File Transfer Prot ocol ( FTP) uses TCP on port 20, 21.

http://www.9tut 45
+ Trivial File Transfer Prot ocol ( TFTP) uses UDP on port 69.
+ HTTP Secure ( HTTPS) uses TCP on port 443.

Quest ion 4

Which prot ocol should be used t o est ablish a secure t erm inal connect ion t o a rem ot e net work
device?

A. ARP
B. SSH
C. Telnet
D. WEP
E. SNMPv1
F. SNMPv2

Answer: B

Explanat ion

Secure Shell ( SSH) prot ocols secure t erm inal session dat a across insecure environm ent s such as
t he int ernet .

Quest ion 5

A net work adm inist rat or issues t he ping 192.168.2.5 com m and and successfully t est s connect ivit y
t o a host t hat has been newly connect ed t o t he net work. Which prot ocols were used during t he
t est ? ( Choose t wo)

A. ARP
B. CDP
C. DHCP
D. DNS
E. I CMP

Answer: A E

Explanat ion

I n t his quest ion we are not sure t he host 192.168.2.5 is in or out side t he local net work. But in
bot h cases t he ARP prot ocol are used t o get t he MAC address:

+ I f host 192.168.2.5 is inside t he local net work, our device will broadcast an ARP Request t o ask
t he MAC address of t he host 192.168.2.5 ( som et hing like “ I f your I P is 192.168.2.5, please send
m e your MAC address” ) .
+ I f host 192.168.2.5 is out side t he local net work, our device will broadcast an ARP Request t o
ask t he MAC address of t he local port ( t he port in t he sam e subnet wit h our device) of t he default
gat eway. Not ice t hat t he I P of t he default gat eway has been already configured in our device.

- > I n bot h cases, our device m ust broadcast an ARP Request - > A is correct .

Aft er get t ing t he ARP of t he dest inat ion device, our device will use I CMP prot ocol t o send t he
“ ping” - > E is correct .

Not e: The quest ion st at es “ t he host has been newly connect ed t o t he net work” which m eans our
device hasn’t had t he MAC address of t his host in it s ARP t able - > it needs t o send ARP Request .

http://www.9tut 46
case no ARP Request will be sent . So I assum e t he quest ion want s t o im ply t he newly connect ed
host is in t he local net work.

Quest ion 6

Which net work prot ocol does DNS use?

A. FTP
B. TFTP
C. TCP
D. UDP
E. SCP

Answer: D

Explanat ion

I t is funny t hat in Quest ion 3 I answered “ DNS uses bot h TCP & UDP” but in t his quest ion we can
only choose one answer and it should be “ DNS uses UDP” . So I wish t o explain m ore:

Norm ally a client sends a DNS Query using UDP Prot ocol over Port 53. I f it does not get response
from a DNS Server, it m ust re- t ransm it t he DNS Query using TCP aft er 3- 5 seconds. So we can
say DNS prefers using UDP t o TCP - > t he answer should be UDP.

Quest ion 7

When t wo host s are t rying t o com m unicat e across a net work, how does t he host originat ing t he
com m unicat ion det erm ine t he hardware address of t he host t hat it want s t o “ t alk” t o?

A. RARP request
B. Show Net work Address request
C. Proxy ARP request
D. ARP request
E. Show Hardware Address request

Answer: D

Explanat ion

The address resolut ion prot ocol ( ARP) is a prot ocol used t o m ap I P net work addresses t o t he
hardware addresses.

+ I f t he dest inat ion host is inside t he local net work, t he originat ing host will broadcast an ARP
Request t o ask t he MAC address of t hat host .
+ I f t he dest inat ion host is out side t he local net work, t he originat ing host will broadcast an ARP
Request t o ask t he MAC address of t he local port ( t he port in t he sam e subnet wit h our device) of
t he default gat eway. Not ice t hat t he I P of t he default gat eway has been already configured in our
device.

CCNA – Prot ocols & Services

Quest ion 1

An adm inist rat or at t em pt s a t racerout e but receives a “ Dest inat ion Unreachable” m essage. Which
prot ocol is responsible for t hat m essage?

http://www.9tut 47
A. RARP
B. RUDP
C. I CMP
D. SNMP

Answer: C

Explanat ion

The I CMP dest inat ion unreachable m essage is generat ed by a rout er ( which is reachable) t o
inform t he source host t hat t he dest inat ion unicast address is unreachable.

Quest ion 2

DNS servers provide what service?

Answer: B

Explanat ion

Not e: A DNS server can be a dedicat ed device for DNS service or int egrat ed int o a net working
device ( like rout er) .

Quest ion 3

Which of t he following prot ocols uses bot h TCP and UDP port s?

A. SMTP
B. Telnet
C. FTP
D. DNS

Answer: D

Explanat ion

DNS can use eit her t he User Dat agram Prot ocol ( UDP) or Transm ission Cont rol Prot ocol ( TCP) wit h
a dest inat ion port of 53.

Not e:

+ Sim ple Mail Transfer Prot ocol ( SMTP) is specified for m ail t ransport and uses TCP port 25.
+ Telnet uses TCP on port 23.
+ File Transfer Prot ocol ( FTP) uses TCP on port 20, 21.
+ Trivial File Transfer Prot ocol ( TFTP) uses UDP on port 69.
+ HTTP Secure ( HTTPS) uses TCP on port 443.

http://www.9tut 48
Quest ion 4

Which prot ocol should be used t o est ablish a secure t erm inal connect ion t o a rem ot e net work
device?

A. ARP
B. SSH
C. Telnet
D. WEP
E. SNMPv1
F. SNMPv2

Answer: B

Explanat ion

Secure Shell ( SSH) prot ocols secure t erm inal session dat a across insecure environm ent s such as
t he int ernet .

Quest ion 5

A. ARP
B. CDP
C. DHCP
D. DNS
E. I CMP

Answer: A E

Explanat ion

I n t his quest ion we are not sure t he host 192.168.2.5 is in or out side t he local net work. But in
bot h cases t he ARP prot ocol are used t o get t he MAC address:

- > I n bot h cases, our device m ust broadcast an ARP Request - > A is correct .

Aft er get t ing t he ARP of t he dest inat ion device, our device will use I CMP prot ocol t o send t he
“ ping” - > E is correct .

There is one sit uat ion which m akes answer A incorrect : t he newly connect ed host is out side t he
net work but our device has already learned t he MAC address of t he default gat eway - > in t his
case no ARP Request will be sent . So I assum e t he quest ion want s t o im ply t he newly connect ed
host is in t he local net work.

http://www.9tut 49
Quest ion 6

Which net work prot ocol does DNS use?

A. FTP
B. TFTP
C. TCP
D. UDP
E. SCP

Answer: D

Explanat ion

I t is funny t hat in Quest ion 3 I answered “ DNS uses bot h TCP & UDP” but in t his quest ion we can
only choose one answer and it should be “ DNS uses UDP” . So I wish t o explain m ore:

Quest ion 7

A. RARP request
B. Show Net work Address request
C. Proxy ARP request
D. ARP request
E. Show Hardware Address request

Answer: D

Explanat ion

The address resolut ion prot ocol ( ARP) is a prot ocol used t o m ap I P net work addresses t o t he
hardware addresses.

CCNA – WAN

I f you are not sure about Fram e Relay, please read m y Fram e Relay t ut orial.

Fram e Relay Tut orial

Let ’s st art t his art icle wit h t he quest ion: Why do we need Fram e Relay?
Let ’s t ake a sim ple exam ple. Suppose you are working in a big com pany and your com pany has
j ust expanded t o t wo new locat ions. The m ain sit e is connect ed t o t wo branch offices, nam ed

http://www.9tut 50
Branch 1 & Branch 2 and your boss want s t hese t wo branches can com m unicat e wit h t he m ain
sit e. The m ost sim ple solut ion is t o connect t hem direct ly ( called a leased line) as show n below:

To connect t o t hese t wo branches, t he m ain sit e rout er, HeadQuart er, requires t wo serial
int erfaces which a rout er can provide. But what happens when t he com pany expands t o 10
branches, 50 branches? For each point - t o- point line, HeadQuart er needs a separat e physical serial
int erface ( and m aybe a separat e CSU/ DSU if it is not int egrat ed int o t he WAN card) . As you can
im agine, it will need m any rout ers wit h m any int erfaces and lot s of rack space for t he rout ers and
CSU/ DSUs. Maybe we should use anot her solut ion for t his problem ? Luckily, Fram e Relay can do
it !
By using Fram e Relay we only need one serial int erface at t he HeadQuart er t o connect t o all
branches. This is also t rue when we expand t o 10 or 50 branches. Moreover, t he cost is m uch
lesser t han using leased- lines.

Fram e Relay is a high- perform ance WAN prot ocol t hat operat es at t he physical and dat a link
layers of t he OSI reference m odel. I t offers lower- cost dat a t ransfer when com pared t o t ypical
point - t o- point applicat ions, by using virt ual connect ions wit hin t he fram e relay net work and by
com bining t hose connect ions int o a single physical connect ion at each locat ion. Fram e relay
providers use a fram e relay swit ch t o rout e t he dat a on each virt ual circuit t o t he appropriat e
dest inat ion.
Maybe t hese t erm inologies of Fram e Relay are difficult t o underst and so we will explain t hem in
m ore det ail in t his art icle.
D CE & D TE
The first concept in Fram e Relay you m ust grasp is about DTE & DCE:
+ Dat a t erm inal equipm ent ( DTE) , which is act ually t he user device and t he logical Fram e- relay
end- syst em
+ Dat a com m unicat ion equipm ent ( DCE, also called dat a circuit - t erm inat ing equipm ent ) , which
consist s of m odem and packet swit ch
I n general, t he rout ers are considered DTE, and t he Fram e Relay swit ches are DCE. The purpose
of DCE equipm ent is t o provide clocking and swit ching services in a net work. I n our exam ple,
HeadQuart er, Branch 1 & Branch 2 are DTEs while Fram e Relay swit ches are DCEs.

http://www.9tut 51
Vir t ua l Cir cu it s
The logical connect ion t hrough t he Fram e Relay net work bet ween t wo DTEs is called a virt ual
circuit ( VC) . The t erm “ virt ual” here m eans t hat t he t wo DTEs are not connect ed direct ly but
t hrough a net work. For exam ple, t he HeadQuart er & Branch 1 ( or Branch 2) can com m unicat e
wit h each ot her as if t hey were direct ly connect ed but in fact t hey are connect ed t hrough a Fram e
Relay net work wit h m any Fram e Relay swit ches bet ween t hem .

There are t wo t ypes of VCs

+ sw it che d vir t u a l cir cu it s ( SVCs) : are t em porary connect ions t hat are only used when t here
is sporadic dat a t ransfer bet ween DTE devices across t he Fram e Relay net work. SVC is set up
dynam ically when needed. SVC connect ions require call set up and t erm inat ion for each
connect ion.
+ pe r m a n e n t vir t u a l cir cu it s ( PVCs) : A predefined VC. A PVC can be equat ed t o a leased line
in concept .
Nowadays m ost service providers offer PVC service only t o save addit ional cost s for signaling and
billing procedures.

Quest ion 1

The com m and fram e- relay m ap ip 10.121.16.8 102 broadcast was ent ered on t he rout er. Which of
t he following st at em ent s is t rue concerning t hiscom m and?

A: This com m and should be execut ed from t he global configurat ion m ode.

B: The I P address 10.121.16.8 is t he local rout er port used t o forward dat a.

C: 102 is t he rem ot e DLCI t hat will receive t he inform at ion.

D: This com m and is required for all Fram e Relay configurat ions.

E: The broadcast opt ion allows packet s, such as RI P updat es, t o be forwarded across t he PVC.

Answer: E

Explanat ion:

The com m and fram e- relay m ap ip 10.121.16.8 102 broadcast m eans t o m apping t he dist al I P
10.121.16.8 102 t o t he local DLCI 102. When t he “ broadcast ” keyword is included, it t urns Fram e
Relay net work as a broadcast net work, which can forward broadcast s

Quest ion 2

Refer t o t he exhibit . Which st at em ent describes DLCI 17?

http://www.9tut 52
A: DLCI 17 describes t he I SDN circuit bet ween R2 and R3.

B: DLCI 17 describes a PVC on R2. I t cannot be used on R3 or R1.

C: DLCI 17 is t he Layer 2 address used by R2 t o describe a PVC t o R3.

D: DLCI 17 describes t he dial- up circuit from R2 and R3 t o t he service provider.

Answer: C

Explanat ion:

DLCI st ands for Dat a Link Connect ion I dent ifier. DLCI values are used on Fram e Relay int erfaces
t o dist inguish bet ween different virt ual circuit s. DLCI s have local significance because t he
ident ifier references t he point bet ween t he local rout er and t he local Fram e Relay swit ch t o which
t he DLCI is connect ed.

Quest ion 3

A default Fram e Relay WAN is classified as what t ype of physical net work?

A: point - t o- point

B: broadcast m ult i- access

C: nonbroadcast m ult i- access

D: nonbroadcast m ult ipoint

E: broadcast point - t o- m ult ipoint

Answer: C

Explanat ion:

Non- Broadcast Mult i- Access ( NBMA) net works are t ypes such as Fram e Relay, X.25, and
Asynchronous Transfer Mode ( ATM) . These net works allow for m ult i- access, but have no
broadcast abilit y like Et hernet

Quest ion 4

Which of t he following are key charact erist ics of PPP? ( Choose t hree.)

A: can be used over analog circuit s

http://www.9tut 53
B: m aps Layer 2 t o Layer 3 address

C: encapsulat es several rout ed prot ocols

D: support s I P only

E: provides error correct ion

Answer: A C E

Explanat ion

Below is som e m ore inform at ion about PPP:

PPP ( Point - t o- Point Prot ocol) allows aut hent icat ion such as Password Aut hent icat ion Prot ocol ( PAP)
and Challenge Handshake Aut hent icat ion Prot ocol ( CHAP) and m ult ilink connect ions ( allow several
separat e physical pat hs t o appear t o be one logical pat h at layer 3) and can be run over
asynchronous and synchronous links.

PPP can work wit h num erous net work layer prot ocols, including I nt ernet Prot ocol ( I P) , Novell’s
I nt ernet work Packet Exchange ( I PX) , NBF and AppleTalk.

PPP only support s error det ect ion, not error correct ion so answer E should be underst ood as
“ provides error det ect ion” . I t is a m ist ake of t his quest ion.

Quest ion 5

Which t hree Layer 2 encapsulat ion t ypes would be used on a WAN rat her t han a LAN? ( Choose
t hree)

A: HDLC

B: Et hernet

C: Token Ring

D: PPP

E: FDDI

F: Fram e Relay

Answer: A D F

Quest ion 6

Refer t o t he exhibit . What is t he m eaning of t he t erm dynam ic as displayed in t he out put of t he

show fram e- relay m ap com m and shown?

A: The Serial0/ 0 int erface is passing t raffic.

B: The DLCI 100 was dynam ically allocat ed by t he rout er

C: The Serial0/ 0 int erface acquired t he I P address of 172.16.3.1 from a DHCP server

D: The DLCI 100 will be dynam ically changed as required t o adapt t o changes in t he Fram e Relay
cloud

http://www.9tut 54
E: The m apping bet ween DLCI 100 and t he end st at ion I P address 172.16.3.1 was learned
t hrough I nverse ARP

Answer: E

Explanat ion

The t erm dynam ic indicat es t hat t he DLCI num ber and t he rem ot e rout er I P address 172.16.3.1
are learned via t he I nverse ARP process.

I nverse ARP is a t echnique by which dynam ic m appings are const ruct ed in a net work, allowing a
device such as a rout er t o locat e t he logical net work address and associat e it wit h a perm anent
virt ual circuit ( PVC) .

Quest ion 7

Which of t he following describes t he roles of devices in a WAN? ( Choose t hree.)

A: A CSU/ DSU t erm inat es a digit al local loop

B: A m odem t erm inat es a digit al local loop

C: A CSU/ DSU t erm inat es an analog local loop

D: A m odem t erm inat es an analog local loop

E: A rout er is com m only considered a DTE device

F: A rout er is com m only considered a DCE device

Answer: A D E

Explanat ion

The idea behind a WAN is t o be able t o connect t wo DTE net works t oget her t hrough a DCE
net work. The net work’s DCE device ( includes CSU/ DSU) provides clocking t o t he DTE- connect ed
int erface ( t he rout er’s serial int erface) .

Quest ion 8

How should a rout er t hat is being used in a Fram e Relay net work be configured t o avoid split
horizon issues from prevent ing rout ing updat es?

A: Configure a separat e subint erface for each PVC wit h a unique DLCI and subnet assigned t o t he
subint erface

http://www.9tut 55
B: Configure each Fram e Relay circuit as a point - t o- point line t o support m ult icast and broadcast
t raffic

C: Configure m any sub- int erfaces on t he sam e subnet

D: Configure a single subint erface t o est ablish m ult iple PVC connect ions t o m ult iple rem ot e
rout er int erfaces

Answer: A

Quest ion 9

What can a net work adm inist rat or ut ilize by using PPP Layer 2 encapsulat ion? ( Choose t hree.)

A: VLAN support

B: com pression

C: aut hent icat ion

D: sliding windows

E: m ult ilink support

F: qualit y of service

Answer: B C E

Quest ion 10

The Fram e Relay net work in t he diagram is not funct ioning properly. What is t he cause of t he
problem ?

A: The Gallant rout er has t he wrong LMI t ype configured

B: I nverse ARP is providing t he wrong PVC inform at ion t o t he Gallant rout er

http://www.9tut 56
C: The S3 int erface of t he St eele rout er has been configured wit h t he fram e- relay encapsulat ion
iet f com m and

D: The fram e- relay m ap st at em ent in t he At t alla rout er for t he PVC t o St eele is not correct

E: The I P address on t he serial int erface of t he At t alla rout er is configured incorrect ly

Answer: D

Explanat ion

At At t alla rout er, we find a delet ed st at us but t he next m ap st at em ent indicat es an act ive st at us,
which if for Gallant . Therefore we can deduce t he m ap st at em ent for t he PVC from At t alla t o
St eele is incorrect . I ncorrect DLCI assignm ent s t hat are configured norm ally shown up as
“ delet ed” in t he fram e relay m aps.

Quest ion 11

Users have been com plaining t hat t heir Fram e Relay connect ion t o t he corporat e sit e is very slow.
The net work adm inist rat or suspect s t hat t he link is overloaded. Based on t he part ial out put of
t he Rout er# show fram e relay pvc com m and shown in t he graphic, which out put value indicat es t o
t he local rout er t hat t raffic sent t o t he corporat e sit e is experiencing congest ion?

A. DLCI = 100
B. last t im e PVC st at us changed 00: 25: 40
C. in BECN packet s 192
D. in FECN packet s 147
E. in DF packet s 0

Answer: C

Quest ion 12

When t roubleshoot ing a Fram e Relay connect ion, what is t he first st ep when perform ing a
loopback t est ?

http://www.9tut 57
A. Set t he encapsulat ion of t he int erface t o HDLC.
B. Place t he CSU/ DSU in local- loop m ode.
C. Enable local- loop m ode on t he DCE Fram e Relay rout er.
D. Verify t hat t he encapsulat ion is set t o Fram e Relay.

Answer: A

Explanat ion

The first t hing when perform ing a loopback t est on a Fram e Relay connect ion is t o reconfigure t he
encapsulat ion of t he int erface t o HDLC prot ocol inst ead of Fram e Relay prot ocol. The m ain reason
is Fram e Relay requires a pair of DCE/ DTE which cannot be used in a loopback t est .

For m ore inform at ion about st eps of t rouble shoot ing Fram e Relay, please
read: ht t p: / / www.cisco.com / en/ US/ t ech/ t k713/ t k237/ t echnologies_t ech_not e09186a008014f8a7.s
ht m l# t opic20

For your inform at ion, below is a paragraph quot ed from t he above link:

“ Serial0 is down, line prot ocol is down”

This out put m eans you have a problem wit h t he cable, channel service unit / dat a service unit
( CSU/ DSU) , or t he serial line. You need t o t roubleshoot t he problem wit h a loopback t est . To do a
loopback t est , follow t he st eps below:

1. Set t he serial line encapsulat ion t o HDLC and keepalive t o 10 seconds. To do so, issue t he
com m ands encapsulat ion hdlc and keepalive 10 under t he serial int erface.
2. Place t he CSU/ DSU or m odem in local loop m ode. I f t he line prot ocol com es up when t he CSU,
DSU or m odem is in local loopback m ode ( indicat ed by a “ line prot ocol is up ( looped) ” m essage) ,
it suggest s t hat t he problem is occurring beyond t he local CSU/ DSU. I f t he st at us line does not
change st at es, t here is possibly a problem in t he rout er, connect ing cable, CSU/ DSU or m odem . I n
m ost cases, t he problem is wit h t he CSU/ DSU or m odem .
3. Ping your own I P address wit h t he CSU/ DSU or m odem looped. There should not be any
m isses. An ext ended ping of 0× 0000 is helpful in resolving line problem s since a T1 or E1 derives
clock from dat a and requires a t ransit ion every 8 bit s. B8ZS ensures t hat . A heavy zero dat a
pat t ern helps t o det erm ine if t he t ransit ions are appropriat ely forced on t he t runk. A heavy ones
pat t ern is used t o appropriat ely sim ulat e a high zero load in case t here is a pair of dat a invert ers
in t he pat h. The alt ernat ing pat t ern ( 0× 5555) represent s a “ t ypical” dat a pat t ern. I f your pings
fail or if you get cyclic redundancy check ( CRC) errors, a bit error rat e t est er ( BERT) wit h an
appropriat e analyzer from t he t elco is needed.
4. When you are finished t est ing, m ake sure you ret urn t he encapsulat ion t o Fram e Relay.

Quest ion 13

What occurs on a Fram e Relay net work when t he CI R is exceeded?

A. All TCP t raffic is m arked discard eligible.

B. All UDP t raffic is m arked discard eligible and a BECN is sent .
C. All TCP t raffic is m arked discard eligible and a BECN is sent .
D. All t raffic exceeding t he CI R is m arked discard eligible.

Answer: D

http://www.9tut 58
Explanat ion

Com m it t ed inform at ion rat e ( CI R) : The m inim um guarant eed dat a t ransfer rat e agreed t o by t he
Fram e Relay swit ch. Fram es t hat are sent in excess of t he CI R are m arked as discard eligible ( DE)
which m eans t hey can be dropped if t he congest ion occurs wit hin t he Fram e Relay net work.

Not e: I n t he Fram e Relay fram e form at , t here is a bit called Discard eligible ( DE) bit t hat is used
t o ident ify fram es t hat are first t o be dropped when t he CI R is exceeded.

Quest ion 14

When t roubleshoot ing a Fram e Relay connect ion, what is t he first st ep when perform ing a
loopback t est ?

A. Set t he encapsulat ion of t he int erface t o HDLC.

B. Place t he CSU/ DSU in local- loop m ode.
C. Enable local- loop m ode on t he DCE Fram e Relay rout er.
D. Verify t hat t he encapsulat ion is set t o Fram e Relay.

Answer: A

Explanat ion

For your inform at ion, below is a paragraph quot ed from t he above link:

“ Serial0 is down, line prot ocol is down”

http://www.9tut 59
Quest ion 15

What occurs on a Fram e Relay net work when t he CI R is exceeded?

A. All TCP t raffic is m arked discard eligible.

Answer: D

Explanat ion

Not e: I n t he Fram e Relay fram e form at , t here is a bit called Discard eligible ( DE) bit t hat is used
t o ident ify fram es t hat are first t o be dropped when t he CI R is exceeded.

Quest ion 16

What are t wo charact erist ics of Fram e Relay point - t o- point subint erfaces? ( Choose t wo)

A. They creat e split - horizon issues.

B. They require a unique subnet wit hin a rout ing dom ain.
C. They em ulat e leased lines.
D. They are ideal for full- m esh t opologies.
E. They require t he use of NBMA opt ions when using OSPF.

Answer: B C

Quest ion 17

The out put of t he show fram e- relay pvc com m and shows ” PVC STATUS= I NACTI VE” . What does
t his m ean?

A. The PVC is configured correct ly and is operat ing norm ally,but no dat a packet s have been
det ect ed for m ore t han five m inut es.
B. The PVC is configured correct ly, is operat ing norm ally and is no longer act ively seeking t he
address t he rem ot e rout e,
C. The PVC is configured correct ly, is operat ing norm ally and is wait ing for int erest ing t o t rigger a
call t o t he rem ot e rout er.
D. The PVC is configured correct ly on t he local swit ch, but t here is a problem on t he rem ot e end of
t he PVC.
E. The PVC is not configured on t he swit ch.

Answer: D

Explanat ion

The PVC STATUS displays t he st at us of t he PVC. The DCE device creat es and sends t he report t o
t he DTE devices. There are 4 st at uses:

+ ACTI VE: t he PVC is operat ional and can t ransm it dat a

+ I NACTI VE: t he connect ion from t he local rout er t o t he swit ch is working, but t he connect ion t o
t he rem ot e rout er is not available
+ DELETED: t he PVC is not present and no LMI inform at ion is being received from t he Fram e

http://www.9tut 60
Relay swit ch
+ STATI C: t he Local Managem ent I nt erface ( LMI ) m echanism on t he int erface is disabled ( by
using t he “ no keepalive” com m and) . This st at us is rarely seen so it is ignored in som e books.

Quest ion 18

Which encapsulat ion t ype is a Fram e Relay encapsulat ion t ype t hat is support ed by Cisco rout ers?

A. Q933- A Annex A
B. I ETF
C. ANSI Annex D
D. HDLC

Answer: B

Explanat ion

Cisco support s t wo Fram e Relay encapsulat ion t ypes: t he Cisco encapsulat ion and t he I ETF Fram e
Relay encapsulat ion, which is in conform ance wit h RFC 1490 and RFC 2427. The form er is oft en
used t o connect t wo Cisco rout ers while t he lat t er is used t o connect a Cisco rout er t o a non- Cisco
rout er. You can t est wit h your Cisco rout er when t yping t he com m and Rout er( config-
if) # encapsulat ion fram e- relay ? on a WAN link. Below is t he out put of t his com m and ( not ice Cisco
is t he default encapsulat ion so it is not list ed here, j ust press Ent er t o use it ) .

Not e: Three LMI opt ions are support ed by Cisco rout ers are ansi, Cisco, and Q933a. They
represent t he ANSI Annex D, Cisco, and I TU Q933- A ( Annex A) LMI t ypes, respect ively.

HDLC is a WAN prot ocol sam e as Fram e- Relay and PPP so it is not a Fram e Relay encapsulat ion
t ype.

CCNA – I P Address Quest ions

Quest ion 1

Which I P address can be assigned t o an I nt ernet int erface?

A. 10.180.48.224
B. 9.255.255.10
C. 192.168.20.223
D. 172.16.200.18

Answer: B

Explanat ion

The I P address which can be assigned t o an I nt ernet int erface is a public I P address. Privat e I P
address are found in t he following ranges:

* From 10.0.0.0 t o 10.255.255.255

* From 172.16.0.0 t o 172.31.255.255
* From 192.168.0.0 t o 192.168.255.255

http://www.9tut 61
Also som e special I P addresses ( like t he local loopback address 127.0.0.1, m ult icast addresses…)
can’t be assigned t o an I nt ernet int erface.

I n t his quest ion only answer B doesn’t belong t o t he range of privat e I P address - > B is t he
correct answer.

Quest ion 2

What will happen if a privat e I P address is assigned t o a public int erface connect ed t o an I SP?

A. Addresses in a privat e range will be not rout ed on t he I nt ernet backbone.

B. Only t he I SP rout er will have t he capabilit y t o access t he public net work.
C. The NAT process will be used t o t ranslat e t his address in a valid I P address.
D. Several aut om at ed m et hods will be necessary on t he privat e net work.
E. A conflict of I P addresses happens, because ot her public rout ers can use t he sam e range.

Answer: A

Quest ion 3

When is it necessary t o use a public I P address on a rout ing int erface?

A. Connect a rout er on a local net work.

B. Connect a rout er t o anot her rout er.
C. Allow dist ribut ion of rout es bet ween net works.
D. Translat e a privat e I P address.
E. Connect a net work t o t he I nt ernet .

Answer: E

Quest ion 4

When a DHCP server is configured, which t wo I P addresses should never be assignable t o host s?
( Choose t wo)

A. net work or subnet work I P address

B. broadcast address on t he net work
C. I P address leased t o t he LAN
D. I P address used by t he int erfaces
E. m anually assigned address t o t he client s
F. designat ed I P address t o t he DHCP server

Answer: A B

Explanat ion

Net work or subnet work I P address ( for exam ple 11.0.0.0/ 8 or 13.1.0.0/ 16) and broadcast address
( for exam ple 23.2.1.255/ 24) should never be assignable t o host s. When t ry t o assign t hese
addresses t o host s, you will receive an error m essage saying t hat t hey can’t be assignable.

Quest ion 6

The net work adm inist rat or has asked you t o check t he st at us of t he workst at ion’s I P st ack by
pinging t he loopback address. Which address would you ping t o perform t his t ask?

A. 10.1.1.1
B. 127.0.0.1
C. 192.168.0.1
D. 239.1.1.1

http://www.9tut 62
Answer: B

Explanat ion

The I P address of 127.0.0.1 is t he well- known loopback I P address on a com put er. When t ry
pinging t his address, you are t est ing if t he TCP/ I P st ack is working or not .

Quest ion 7

Which com m and is used t o see t he pat h t aken by packet s across an I P net work?

A. show ip rout e
B. show rout e
C. t racerout e
D. t race ip rout e

Answer: C

Explanat ion

Not ice t hat “ t racerout e” is t he com m and used on a Cisco rout er while t he “ t racert ” is t he
com m and used in MSDOS of Windows. They have t he sam e purpose of finding t he pat h t hat
packet s use t o reach a dest inat ion net work.

Quest ion 8

Refer t o t he exhibit . Which value will be configured for Default Gat eway of t he Local Area
Connect ion?

A. 10.0.0.0
B. 10.0.0.254
C. 192.223.129.0
D. 192.223.129.254

Answer: B

Explanat ion

http://www.9tut 63
The default gat eway I P address m ust be on t he sam e net work wit h t he configured host ’s I P
address and not is t he net work or broadcast address - > B is correct .

Quest ion 9

Which of t he following describe privat e I P addresses? ( Choose t wo)

A. addresses chosen by a com pany t o com m unicat e wit h t he I nt ernet

B. addresses t hat cannot be rout ed t hrough t he public I nt ernet
C. addresses t hat can be rout ed t hrough t he public I nt ernet
D. a schem e t o conserve public addresses
E. addresses licensed t o ent erprises or I SPs by an I nt ernet regist ry organizat ion

Answer: B D

Quest ion 10

Refer t o t he exhibit . A net work t echnician is asked t o design a sm all net work wit h redundancy.
The exhibit represent s t his design, wit h all host s configured in t he sam e VLAN. What conclusions
can be m ade about t his design?

A. The design will funct ion as int ended

B. Spanning- t ree will need t o be used.
C. The rout er will not accept t he addressing schem e.
D. The connect ion bet ween swit ches should be a t runk.
E. The rout er int erfaces m ust be encapsulat ed wit h t he 802.1Q prot ocol.

Answer: C

Explanat ion

Each int erface on a rout er m ust be in a different net work. I f t wo int erfaces are in t he sam e
net work, t he rout er will not accept it and show error when t he adm inist rat or assigns it .

CCNA – I P Rout ing Quest ions

Quest ion 1

http://www.9tut 64
Refer t o t he exhibit . Assum e t hat t he rout ing prot ocol referenced in each choice below is
configured wit h it s default set t ings and t he given rout ing prot ocol is running on all t he rout ers.
Which t wo condit ional st at em ent s accurat ely st at e t he pat h t hat will be chosen bet ween net works
10.1.0.0 and 10.3.2.0 for t he rout ing prot ocol m ent ioned? ( Choose t wo)

A. I f OSPF is t he rout ing prot ocol, t he pat h will be from R1 t o R3 t o R4 t o R5.

B. I f OSPF is t he rout ing prot ocol, t he pat h will be from R1 t o R2 t o R5.
C. I f OSPF is t he rout ing prot ocol, t he pat h will be from R1 t o R5.
D. I f RI Pv2 is t he rout ing prot ocol, t he pat h will be from R1 t o R3 t o R4 t o R5.
E. I f RI Pv2 is t he rout ing prot ocol, t he pat h will be from R1 t o R5.

Answer: A E

Explanat ion

First we need t o know t he speed of t hese links:

+ T1: 1.544 Mbps

+ 10BaseT: 10 Mbps
+ 100BaseT ( oft en referred t o as Fast Et hernet ) : 100Mbps

OSPF chooses t he best pat h via bandwidt h while RI P only uses hop count ( t he sum of rout ers t o
reach t he dest inat ion) .

Therefore if OSPF is used, it will choose t he pat h R1 - > R3 - > R4 - > R5 because t hese links have
m uch higher speed t han ot her pat hs - > A is correct .

But if RI P is used it only count s t he num ber of rout ers t o reach t he dest inat ion ( t he less t he
bet t er) so it will choose pat h R1 - > R5 ( hop count : 1) - > E is correct .

Quest ion 2

Refer t o t he exhibit . Which t hree st at em ent s are t rue about how rout er JAX will choose a pat h t o
t he 10.1.3.0/ 24 net work when different rout ing prot ocols are configured? ( Choose t hree)

http://www.9tut 65
A. By default , if RI Pv2 is t he rout ing prot ocol, only t he pat h JAX- ORL will be inst alled int o t he
rout ing t able.
B. The equal cost pat hs JAX- CHI - ORL and JAX- NY- ORL will be inst alled in t he rout ing t able if
RI Pv2 is t he rout ing prot ocol.
C. When EI GRP is t he rout ing prot ocol, only t he pat h JAX- ORL will be inst alled in t he rout ing t able
by default .
D. When EI GRP is t he rout ing prot ocol, t he equal cost pat hs JAX- CHI - ORL, and JAX- NY- ORL will be
inst alled in t he rout ing t able by default .
E. Wit h EI GRP and OSPF bot h running on t he net work wit h t heir default configurat ions, t he EI GRP
pat hs will be inst alled in t he rout ing t able.
F. The OSPF pat hs will be inst alled in t he rout ing t able, if EI GRP and OSPF are bot h running on t he
net work wit h t heir default configurat ions.

Answer: A D E

Explanat ion

First we need t o know t he speed of t hese links:

+ T1: 1.544 Mbps

+ T3: 45 Mbps ( each T3 line consist s of 28 T1 lines)

RI P chooses t he pat h wit h m inim um hop count t o reach t he dest inat ion so it will choose JAX- ORL
pat h - > A is correct .

EI GRP, by default , calculat es m et ric via bandwidt h & delay ( m et ric = bandwidt h + delay) . Delay
param et er can be ignored in t his case so EI GRP will choose t he pat h via m et ric. Bot h t he pat h
JAX- CHI - ORL and JAX- NY- ORL have t he sam e m et ric ( each includes t wo T3 lines) so EI GRP will
use t hese pat hs - > D is correct .

EI GRP has lower Adm inist rat ive Dist ance t han OSPF ( EI GRP: 90 < OSPF: 110) which is bet t er - >
EI GRP will be preferred t o OSPF - > E is correct .

Quest ion 3

Refer t o t he exhibit . The net work adm inist rat or m ust est ablish a rout e by which London
workst at ions can forward t raffic t o t he Manchest er workst at ions. What is t he sim plest way t o
accom plish t his?

http://www.9tut 66
A. Configure a dynam ic rout ing prot ocol on London t o advert ise all rout es t o Manchest er.
B. Configure a dynam ic rout ing prot ocol on London t o advert ise sum m arized rout es t o
Manchest er.
C. Configure a dynam ic rout ing prot ocol on Manchest er t o advert ise a default rout e t o t he London
rout er.
D. Configure a st at ic default rout e on London wit h a next hop of 10.1.1.1.
E. Configure a st at ic rout e on London t o direct all t raffic dest ined for 172.16.0.0/ 22 t o 10.1.1.2.
F. Configure Manchest er t o advert ise a st at ic default rout e t o London.

Answer: E

Quest ion 4

Which com m and is used t o configure a default rout e?

A. ip rout e 172.16.1.0 255.255.255.0 0.0.0.0

B. ip rout e 172.16.1.0 255.255.255.0 172.16.2.1
C. ip rout e 0.0.0.0 255.255.255.0 172.16.2.1
D. ip rout e 0.0.0.0 0.0.0.0 172.16.2.1

Answer: D

Explanat ion

The sim ple synt ax of st at ic rout e:

ip rout e dest inat ion- net work- address subnet - m ask { next - hop- I P- address | exit -
int erface} + dest inat ion- net work- address: dest inat ion net work address of t he rem ot e net work
+ subnet m ask: subnet m ask of t he dest inat ion net work
+ next - hop- I P- address: t he I P address of t he receiving int erface on t he next - hop rout er
+ exit - int erface: t he local int erface of t his rout er where t he packet s will go out

In the statement “ip route 0.0.0.0 0.0.0.0 172.16.2.1″:

http://www.9tut 67
+ 0.0.0.0 0.0.0.0: refer t o any net work
+ 172.16.2.1: t he next - hop- I P- address

Quest ion 5

I f I P rout ing is enabled, which t wo com m ands set t he gat eway of last resort t o t he default
gat eway? ( Choose t wo)

A. ip default - gat eway 0.0.0.0

B. ip rout e 172.16.2.1 0.0.0.0 0.0.0.0
C. ip default - net work 0.0.0.0
D. ip default - rout e 0.0.0.0 0.0.0.0 172.16.2.1
E. ip rout e 0.0.0.0 0.0.0.0 172.16.2.1

Answer: C E

Quest ion 6

What m ust be set correct ly when configuring a serial int erface so t hat higher- level prot ocols
calculat e t he best rout e?

A. bandwidt h
B. delay
C. load
D. reliabilit y

Answer: A

Explanat ion

Higher- level prot ocols ( OSPF, EI GRP) calculat e t he best rout e m ainly based on bandwidt h so it
m ust be set correct ly - > A is correct .

Quest ion 7

Which dest inat ion addresses will be used by Host A t o send dat a t o Host C? ( Choose t wo)

A. t he I P address of Swit ch 1
B. t he MAC address of Swit ch 1
C. t he I P address of Host C
D. t he MAC address of Host C
E. t he I P address of t he rout er’s E0 int erface
F. t he MAC address of t he rout er’s E0 int erface

http://www.9tut 68
Answer: C F

Explanat ion

While t ransferring dat a t hrough m any different net works, t he source and dest inat ion I P addresses
are not changed. Only t he source and dest inat ion MAC addresses are changed. So in t his case
Host A will use t he I P address of Host C and t he MAC address of E0 int erface t o send dat a. When
t he rout er receives t his dat a, it replaces t he source MAC address wit h it own E1 int erface’s MAC
address and replaces t he dest inat ion MAC address wit h Host C’s MAC address before sending t o
Host C - > C and F are correct .

Quest ion 8

Which rout ing prot ocols can be used wit hin t he ent erprise net work shown in t he diagram ? ( Choose
t hree)

A. RI Pv1
B. RI P v2
C. I GRP
D. OSPF
E. BGP
F. EI GRP

Answer: B D F

Explanat ion

RI Pv1 & I GRP can not be used in t his net work because t hey do not support Variable Lengt h
Subnet Masking ( VLSM) - > A and C are not correct .

BGP is a com plicat ed rout ing prot ocol bet ween different net work ( usually very big) or different
Aut onom ous Syst em . For exam ple BGP can be used bet ween t wo I nt ernet Service Providers ( I SP) .
The above net work is very sm all in an ent erprise so BGP is not a suit able choice - > E is not
correct .

RI Pv2 support s VLSM and can be used in net works which have less t han 15 rout ers - > B is
correct .

OSPF and EI GRP can be always used in m ost of ent erprise net works - > D F are correct .

( But not ice t hat EI GRP is a Cisco- propriet ary rout ing prot ocol so it can be used in Cisco rout ers
only)

Quest ion 9

Which rout ing prot ocols will support t he following I P addressing schem e? ( Choose t hree)

http://www.9tut 69
Net work 1 – 192.168.10.0 / 26
Net work 2 – 192.168.10.64 / 27
Net work 3 – 192.168.10.96 / 27
Net work 4 – 192.168.10.128 / 30
Net work 5 – 192.168.10.132 / 30

A. RI P version 1
B. RI P version 2
C. I GRP
D. EI GRP
E. OSPF

Answer: B D E

Explanat ion

RI Pv2, OSPF and EI GRP are classless rout ing prot ocol which support VLSM.

Quest ion 10

Refer t o t he graphic. A st at ic rout e t o t he 10.5.6.0/ 24 net work is t o be configured on t he HFD

rout er. Which com m ands will accom plish t his? ( Choose t wo)

A. HFD ( config) # ip rout e 10.5.6.0 0.0.0.255 fa0/ 0

B. HFD( config) # ip rout e 10.5.6.0 0.0.0.255 10.5.4.6
C. HFD( config) # ip rout e 10.5.6.0 255.255.255.0 fa0/ 0
D. HFD( config) # ip rout e 10.5.6.0 255.255.255.0 10.5.4.6
E. HFD( config) # ip rout e 10.5.4.6 0.0.0.255 10.5.6.0
F. HFD( config) # ip rout e 10.5.4.6 255.255.255.0 10.5.6.0

Answer: C D

Explanat ion

The sim ple synt ax of st at ic rout e:

In the statement “ip route 10.5.6.0 255.255.255.0 fa0/0″:

+ 10.5.6.0 255.255.255.0: t he dest inat ion net work

+ fa0/ 0: t he exit - int erface

http://www.9tut 70
Quest ion 11

Refer t o t he exhibit . Host A is t o send dat a t o Host B. How will Rout er1 handle t he dat a fram e
received from Host A? ( Choose t hree)

A. Rout er1 will st rip off t he source MAC address and replace it wit h t he MAC address on t he
forwarding Fast Et hernet int erface.
B. Rout er1 will st rip off t he source I P address and replace it wit h t he I P address on t he forwarding
Fast Et hernet int erface.
C. Rout er1 will st rip off t he dest inat ion MAC address and replace it wit h t he MAC address of Host
B.
D. Rout er1 will st rip off t he dest inat ion I P address and replace it wit h t he I P address of Host B.
E. Rout er1 will forward t he dat a fram e out int erface Fast Et hernet 0/ 1.
F. Rout er1 will forward t he dat a fram e out int erface Fast Et hernet 0/ 2.

Answer: A C F

Explanat ion

While t ransferring dat a t hrough m any different net works, t he source and dest inat ion I P addresses
are not changed. Only t he source and dest inat ion MAC addresses are changed. So in t his case,
Host A will use t he I P address of Host B and t he MAC address of Fa0/ 0 int erface t o send dat a.
When t he rout er receives t his dat a, it replaces t he source MAC address wit h it own Fa0/ 2
int erface’s MAC address and replaces t he dest inat ion MAC address wit h Host B’s MAC address
before sending t o Host B - > A, C and F are correct .

Quest ion 12

What is an appropriat e use of a default rout e?

A. t o provide rout ing t o a local web server

B. t o provide rout ing from an I SP t o a st ub net work
C. t o provide rout ing t hat will override t he configured dynam ic rout ing prot ocol
D. t o provide rout ing t o a dest inat ion t hat is not specified in t he rout ing t able and which is out side
t he local net work

Answer: D

http://www.9tut 71
Explanat ion

Default rout es are used t o direct packet s addressed t o net works not explicit ly list ed in t he rout ing
t able. An exam ple of default rout e is:

Rout er( config) # ip rout e 0.0.0.0 0.0.0.0 192.168.1.1

( Not ice t hat t he net work address of default rout e is 0.0.0.0 0.0.0.0)

Quest ion 13

A m edium - sized com pany has a Class C I P address. I t has t wo Cisco rout ers and one non- Cisco
rout er.
All t hree rout ers are using RI P version 1.
The com pany net work is using t he block of 198.133.219.0/ 24.
The com pany has decided it would be a good idea t o split t he net work int o t hree sm aller subnet s
and creat e t he opt ion of conserving addresses wit h VLSM.

What is t he best course of act ion if t he com pany want s t o have 40 host s in each of t he t hree
subnet s?

A. Convert all t he rout ers t o EI GRP and use 198.133.219.32/ 27, 198.133.219.64/ 27, and
198.133.219.92/ 27 as t he new subnet works.
B. Maint ain t he use of RI P version 1 and use 198.133.219.32/ 27, 198.133.219.64/ 27, and
198.133.219.92/ 27 as t he new subnet works.
C. Convert all t he rout ers t o EI GRP and use 198.133.219.64/ 26, 198.133.219.128/ 26, and
198.133.219.192/ 26 as t he new subnet works.
D. Convert all t he rout ers t o RI P version 2 and use 198.133.219.64/ 26, 198.133.219.128/ 26, and
198.133.219.192/ 26 as t he new subnet works.
E. Convert all t he rout ers t o OSPF and use 198.133.219.16/ 28, 198.133.219.32/ 28, and
198.133.219.48/ 28 as t he new subnet works.
F. Convert all t he rout ers t o st at ic rout es and use 198.133.219.16/ 28, 198.133.219.32/ 28, and
198.133.219.48/ 28 as t he new subnet works.

Answer: D

Explanat ion

RI P version 1 does not support VLSM so we have t o convert int o RI Pv2, OSPF or EI GRP - > B is not
correct .

But EI GRP is a Cisco- propriet ary rout ing prot ocol so it can not be used in a non- Cisco rout er - > A
and C are not correct .

To support 40 host s per subnet we need a subnet m ask of / 26 or lower ( which leaves 6 bit s 0 and
2 6 = 64 > 40 host s) . Therefore a subnet m ask of / 28 is not suit able in t his case - > E & F are not
correct .

Quest ion 14

Refer t o t he exhibit . Which com m and will creat ed a default rout e on Rout erB t o reach all net works
beyond Rout erA?

http://www.9tut 72
A. ip rout e 0.0.0.0 0.0.0.0 192.168.2.2
B. ip rout e 192.168.1.0 255.255.255.0 192.168.2.1
C. ip rout e 192.168.1.0 255.255.255.0 s0/ 0/ 0
D. ip rout e 10: 0.0.0 255.255.255.0 s0/ 0/ 0
E. ip rout e 0.0.0.0 255.255.255.0 192.168.2.2

Answer: A

Explanat ion

Not ice t hat in t he st at ic ( or default ) rout e we need t o specify t he exit - int erface ( local on t hat
rout er) or t he next - hop I P address ( of a direct ly connect ed rout er) - > A is correct .

Quest ion 15

Refer t o t he exhibit . S0/ 0 on R1 is configured as a m ult ipoint int erface t o com m unicat e wit h R2
and R3 in t he hub- and- spoke Fram e Relay t opology. While t est ing t his configurat ion, a t echnician
not es t hat pings are successfully from host s on t he 172.16.1.0/ 24 net work t o host s on bot h t he
172.16.2.0/ 25 and 172.16.0.2.128/ 25 net works. However, pings bet ween host s on t he
172.16.2.0/ 25 and 172.16.2.128/ 25 net work are not successful. What could explain t his
connect ivit y problem ?

A. The ip subnet - zero com m and has been issued on t he R1 rout er.
B. The RI Pv2 dynam ic rout ing prot ocol cannot be used across a Fram e Relay net work.
C. Split horizon is prevent ing R2 from learning about t he R3 net works and R3 from learning about
R2 net works.
D. The 172.16.2.0/ 25 and 172.16.2.128/ 25 net works are overlapping net works t hat can be seen
by R1, but not bet ween R2 and R3.
E. The 172.16.3.0/ 29 net work used on t he Fram e Relay links is creat ing a discont iguous net work
bet ween t he R2 and R3 rout er subnet works.

Answer: C

http://www.9tut 73
Explanat ion

The split horizon rule st at es “ a rout er never sends inform at ion about a rout e back in sam e
direct ion which is original inform at ion cam e” . I n t his case it m eans whenR3 sends updat e t o R1
via s0/ 0, R1 does not send any updat e for sam e net work out of int erface s0/ 0. To solve t his
problem we can configure subint erfaces on s0/ 0 or explicit ly allow t he updat e t o be sent back on
t he sam e int erface.

Quest ion 16

S0/ 0 on R1 is configured as a m ult ipoint int erface t o com m unicat e wit h R2 and R3 in t he hub- and-
spoke Fram e Relay t opology shown in t he exhibit . Originally, st at ic rout es were configured
bet ween t hese rout ers t o successfully rout e t raffic bet ween t he at t ached net works. What will need
t o be done in order t o use RI Pv2 in place of t he st at ic rout es?

A. Configure t he no ip subnet - zero com m and on R1, R2, and R3.

B. Dynam ic rout ing prot ocols such as RI Pv2 cannot be used across Fram e Relay net works.
C. Configure t he S0/ 0 int erface on R1 as t wo subint erfaces and configure point - t o- point links t o
R2 and R3.
D. Change t he 172.16.2.0/ 25 and 172.16.2.128/ 25 subnet works so t hat at least t wo bit s are
borrowed from t he last oct et .
E. Change t he net work address configurat ion t o elim inat e t he discont iguous 172.16.2.0/ 25 and
172.16.2.128/ 25 subnet work.

Answer: C

Explanat ion

Sam e as Quest ion 5

Quest ion 17

Refer t o t he exhibit . A net work associat e has configured t he int ernet work t hat is shown in t he
exhibit , but has failed t o configure rout ing properly.

Which configurat ion will allow t he host s on t he Branch LAN t o access resources on t he HQ LAN
wit h t he least im pact on rout er processing and WAN bandwidt h?

http://www.9tut 74
A.
HQ( config) # ip rout e 192.168.1.0 255.255.255.0 192.168.2.5
Branch( config) # ip rout e 172.16.25.0 255.255.255.0 192.168.2.6

B.
HQ( config) # rout er rip
HQ( config- rout er) # net work 192.168.2.0
HQ( config- rout er) # net work 172.16.0.0
Branch( config) # rout er rip
Branch( config- rout er) # net work 192.168.1.0
Branch( config- rout er) # net work 192.168.2.0

C.
HQ( config) # rout er eigrp 56
HQ( config- rout er) # net work 192.168.2.4
HQ( config- rout er) # net work 172.16.25.0
Branch( config) # rout er eigrp 56
Branch( config- rout er) # net work 192.168.1.0
Branch( config- rout er) # net work 192.168.2.4

D.
HQ( config) # rout er ospf 1
HQ( config- rout er) # net work 192.168.2.4 0.0.0.3 area 0
HQ( config- rout er) # net work 172.16.25.0 0.0.0.255 area 0
Branch( config) # rout er ospf 1
Branch( config- rout er) # net work 192.168.1.0 0.0.0.255 area 0

Answer: A

Explanat ion

By configuring st at ic rout e, we can m inim ize t he rout er processing and WAN bandwidt h.

Quest ion 18

Refer t o t he exhibit . The net work adm inist rat or requires easy configurat ion opt ions and m inim al
rout ing prot ocol t raffic. Which t wo opt ions provide adequat e rout ing t able inform at ion for t raffic
t hat passes bet ween t he t wo rout ers and sat isfy t he request s of t he net work
adm inist rat or?( choose t wo)

http://www.9tut 75
A. a dynam ic rout ing prot ocol on I nt ernet Rout er t o advert ise sum m arized rout ers t o
Cent ralRout er.
B. a dynam ic rout ing prot ocol on Cent ralRout er t o advert ise sum m arized rout ers t o
I nt ernet Rout er.
C. a st at ic rout e on I nt ernet Rout er t o direct t raffic t hat is dest ined for 172.16.0.0/ 16 t o
Cent ralRout er.
D. a dynam ic rout ing prot ocol on I nt ernet Rout er t o advert ise all rout es t o Cent ralRouer.
E. a dynam ic rout ing prot ocol on Cent ralRouer t o advert ise all rout es t o I nt ernet Rout er
F. a st at ic, default rout e on Cent ralRout er t hat direct s t raffic t o I nt ernet Rout er.

Answer: C F

Quest ion 19

A rout er receives inform at ion about net work 192.168.10.0/ 24 from m ult iple sources. What will t he
rout er consider t he m ost reliable inform at ion about t he pat h t o t hat net work?

A. an OSPF updat e for net work 192.168.0.0/ 16

B. a st at ic rout er t o net work 192.168.10.0/ 24
C. a st at ic rout er t o net work 192.168.10.0/ 24 wit h a local serial int erface configured as t he next
hop
D. a RI P updat e for net work 192.168.10.0/ 24
E. a direct ly connect ed int erface wit h an address of 192.168.10.254/ 24
F. a default rout e wit h a next hop address of 192.168.10.1

Answer: E

Quest ion 20

Which param et er can be t uned t o affect t he select ion of a st at ic rout e as a backup when a
dynam ic prot ocol is also being used?

A. link bandwidt h
B. hop count
C. link cost
D. adm inist rat ive dist ance
E. link delay

Answer: D

Quest ion 21

Which st at em ent is t rue, as relat es t o classful or classless rout ing?

A. RI PV1 and OSPF are classless rout ing prot ocols.

B. Classful rout ing prot ocols send t he subnet m ask in rout ing updat es.
C. Aut om at ic sum m arizat ion at classful boundaries can cause problem s on discont iguous
net works.
D. EI GRP and OSPF are classful rout ing prot ocols and sum m arize rout es by default .

Answer: C

Quest ion 22

Which t wo are advant ages of st at ic rout ing when com pared t o dynam ic rout ing? ( choose t wo)

A. Securit y increases because only t he net work adm inist rat or m ay change t he rout ing t ables.
B. Configurat ion com plexit y decreases as net work size increases.

http://www.9tut 76
C. Rout ing updat es are aut om at ically sent t o neighbors.
D. Rout e sum m arizat ion is com put ed aut om at ically by t he rout er.
E. Rout ing t raffic load is reduced when used in st ub net work links.
F. An efficient algorit hm is used t o build rout ing t ables using aut om at ic updat es.
G. Rout ing t ables adapt aut om at ically t o t opology changes.

Answer: A E

Quest ion 23

The speed of all serial links is E1 and t he speed of t he all ot her links is 100Mb/ s. A st at ic rout e will
be est ablished on t he Manchest er rout er t o direct t raffic t oward t o t he int ernet over t he m ost
direct pat h available. What configurat ion of t he Manchest er rout er will est ablish a rout e t oward t o
t he int ernet for t raffic from workst at ion on t he Manchest er LAN?

A. ip rout e 0.0.0.0 255.255.255.0 172.16.100.2

B. ip rout e 0.0.0.0 255.255.255.252 128.107.1.1
C. ip rout e 0.0.0.0 0.0.0.0 128.107.1.1
D. ip rout e 0.0.0.00.0: 0: 0 172.16.100.1
E. ip rout e 0.0.0.0 255.255.255.255 172.16.100.2
F. ip rout e 0.0.0.0 0.0.0.0 172.16.100.2

Answer: F

Explanat ion

Maybe “ t he m ost direct pat h available” here m eans via R2 because it is direct ly connect ed wit h
t he I nt ernet while t he London pat h needs t o go t hrough R1. So we need a com m and t o send
t raffic t o R2 and t he correct command is “ip route 0.0.0.0 0.0.0.0 172.16.100.2″.

CCNA – RI P Quest ions

Not e: I f you are not sure about RI P, please read m y RI P t ut orial.

RI P t ut orial
I n t his t ut orial we will learn about RI P rout ing prot ocol
Rout ing I nform at ion Prot ocol ( RI P) is a dist ance- vect or rout ing prot ocol. RI P sends t he com plet e
rout ing t able out t o all act ive int erfaces every 30 seconds. RI P only uses hop count ( t he num ber of
rout ers) t o det erm ine t he best way t o a rem ot e net work.
Not e: RI P v1 is a classful rout ing prot ocol but RI P v2 is a classless rout ing prot ocol.

http://www.9tut 77
Classful rout ing prot ocols do not include t he subnet m ask wit h t he net work address in rout ing
updat es, which can cause problem s wit h discont iguous subnet s or net works t hat use Variable-
Lengt h Subnet Masking ( VLSM) . Fort unat ely, RI Pv2 is a classless rout ing prot ocol so subnet m asks
are included in t he rout ing updat es, m aking RI Pv2 m ore com pat ible wit h m odern rout ing
environm ent s.
Dist ance vect or prot ocols advert ise rout ing inform at ion by sending m essages, called rout ing
updat es, out t he int erfaces on a rout er
Key point s:
+ RI P uses hop count s t o calculat e opt im al rout es ( a hop is a rout er) .
+ RI P rout ing is lim it ed t o 15 hops t o any locat ion ( 16 hops indicat es t he net work is
unreachable) .
+ RI P uses t he split horizon wit h poison reverse m et hod t o prevent t he count - t o- infinit y problem .
+ RI P uses only classful rout ing, so it uses full address classes, not subnet s.
+ RI P broadcast s updat es t o t he ent ire net work.
+ RI P can m aint ain up t o six m ult iple pat hs t o each net work, but only if t he cost is t he sam e.
+ RI P support s load balancing over sam e- cost pat hs.
+ The updat e int erval default is 30, t he invalid t im er default is 180, t he holddown t im er default is
180, and t he flush t im er default is 240.
A big problem wit h dist ance vect or rout ing prot ocol is rout ing loop
A com m on problem t hat could occur wit h rout ing prot ocol is t hat a rout ing loop. Let ’s t ake a look
at how a rout ing loop occurs.
——————–
Here we have rout ers A, B and C. Not ice t hat at t he beginning ( when a rout ing prot ocol is not
t urned on) t here are only direct ly connect ed net works in t he rout ing t ables of t hese rout ers. For
exam ple, in t he rout ing t able of rout er A, n e t w or k 1 .0 .0 .0 has already been known because it is
direct ly connect ed t hrough in t e r fa ce E0 and t he m e t r ic ( of a direct ly connect ed net work)
is 0 ( t hese 3 param et ers are shown in t he rout ing t ables below) .

Also B knows net works 2 .0 .0 .0 & 3 .0 .0 .0 wit h a m e t r ic of 0 .

Also C knows net works 3 .0 .0 .0 & 4 .0 .0 .0 wit h a m e t r ic of 0 .

Now we t urn on RI P on t hese rout ers ( we will discuss t he configurat ion lat er. I n t he rest of t his
art icle, we will call net work 1.0.0.0 net work 1, 2.0.0.0 net work 2 and so on) .
RI P sends updat e every 30 seconds so aft er 30 sec goes by, A sends a copy of it s rout ing t able t o
B, B already knew about net work 2 but now B learns about net work 1 as well. Not ice t he m et ric
we have here for direct ly connect ed net works, since we’re using RI P, we’re using a m et ric of hop
count . Rem em ber a hop count ( or a hop) is how m any rout ers t hat t hese packet s will have t o go
t hrough t o reach t he dest inat ion. For exam ple, from rout er A t o net work 1 & 2 ( which are direct ly
connect ed) it goes t o 0 hop, rout er B has now learned about net work 1 from A via E0 int erface so
t he m et ric now will be 1 hop.

http://www.9tut 78
Each rout er receives a rout ing t able from it s direct neighbor. For exam ple, Rout er B receives
inform at ion from Rout er A about net work 1 and 2. I t t hen adds a dist ance vect or m et ric ( such as
t he num ber of hops) , increasing t he dist ance vect or of t hese rout es by 1.
B also exchanges it s rout ing t able wit h A about net work 2 and 3.

B t hen passes t he rout ing t able t o it s ot her neighbor, Rout er C.

C also sends it s updat e t o B and B sends it t o A.

http://www.9tut 79
Now t he net work is converged.
Now let ’s assum e net work 4 down suddenly.

When net work 4 fails, Rout er C det ect s t he failure and st ops rout ing packet s out it s E1 int erface.
However, Rout ers A and B have not yet received not ificat ion of t he failure. Rout er A st ill believes
it can access 4.0.0.0 t hrough Rout er B. The rout ing t able of Rout er A st ill refect s a pat h t o
net work 10.4.0.0 wit h a dist ance of 2 and rout er B has a pat h wit h a dist ance of 1.
There will be no problem if C sends an updat e earlier t han B and inform t hat net work is current ly
down but if B sends it s updat e first , C will see B has a pat h t o net work 4 wit h a m et ric of 1 so it
updat es it s rout ing t able, t hinking t hat “ if B can go t o net work 4 by 1 hop t han I can go t o
net work 4 by 2 hops” but of course t his is t ot ally wrong.

http://www.9tut 80
The problem does not st op here. I n t urn, C sends an updat e t o B and inform s it can access
net work 4 by 2 hops. B learns t his and t hink “ if C can access net work 4 by 2 hops t han I can
access by 3 hops” .

This sam e process occurs when B cont inually sends it s updat e t o C and t he m et ric will increase t o
infinit y so t his phenom enon is called “ count ing t o infinit y” .
Below list s som e m et hods t o prevent t his phenom enon:
SPLI T H ORI ZON :
A rout er never sends inform at ion about a rout e back in sam e direct ion which is original
inform at ion cam e, rout ers keep t rack of where t he inform at ion about a rout e cam e from . Means
when rout er A sends updat e t o rout er B about any failure net work, rout er B does not send any
updat e for sam e net work t o rout er A in sam e direct ion.
ROUTE POI SON I N G:
Rout er consider rout e advert ised wit h an infinit ive m et ric t o have failed ( m et ric= 16) inst ead of
m arking it down. For exam ple, when net work 4 goes down, rout er C st art s rout e poisoning by
advert ising t he m et ric ( hop count ) of t his net work as 16, which indicat es an unreachable net work.
POI SON REVERSE:
The poison reverse rule overwrit es split horizon rule. For exam ple, if rout er B receives a rout e
poisoning of net work 4 from rout er C t hen rout er B will send an updat e back t o rout er C ( which
breaks t he split horizon rule) wit h t he sam e poisoned hop count of 16. This ensures all t he rout ers
in t he dom ain receive t he poisoned rout e updat e.
Not ice t hat every rout er perform s poison reverse when learning about a downed net work. I n t he
above exam ple, rout er A also perform s poison reverse when learning about t he downed net work
from B.

http://www.9tut 81
H OLD D OW N TI M ERS:
Aft er hearing a rout e poisoning, rout er st art s a holddown t im er for t hat rout e. I f it get s an updat e
wit h a bet t er m et ric t han t he originally recorded m et ric wit hin t he holddown t im er period, t he
holddown t im er is rem oved and dat a can be sent t o t hat net work. Also wit hin t he holddown
t im er, if an updat e is received from a different rout er t han t he one who perform ed rout e poisoning
wit h an equal or poorer m et ric, t hat updat e is ignored. During t he holddown t im er, t he “ downed”
rout e appears as “ possibly down” in t he rout ing t able.
For exam ple, in t he above exam ple, when B receives a rout e poisoning updat e from C, it m arks
net work 4 as “ possibly down” in it s rout ing t able and st art s t he holddown t im er for net work 4. I n
t his period if it receives an updat e from C inform ing t hat t he net work 4 is recovered t hen B will
accept t hat inform at ion, rem ove t he holddown t im er and allow dat a t o go t o t hat net work. But if
B receives an updat e from A inform ing t hat it can reach net work by 1 ( or m ore) hop, t hat updat e
will be ignored and t he holddown t im er keeps count ing.
Not e: The default holddown t im er value = 180 second.
TRI GGERED UPD ATE :
When any rout e failed in net work ,do not wait for t he next periodic updat e inst ead send an
im m ediat e updat e list ing t he poison rout e.
COUN TI N G TO I N FI N I TY:
Maxim um count 15 hops aft er it will not be reachable.
Configu r ing RI P

Rout er( config) # rout er rip Ent er rout er RI P configurat ion m ode

Rout er( config- I dent ify net works t hat will part icipat e in t he rout er prot ocol.
rout er) # net work< address> Not ice t hat you ident ify net works, and not int erfaces.

NOTE: You need t o advert ise only t he classful net work num ber, not a subnet :
Rout er( config- rout er) # net work 172.16.0.0
not
Rout er( config- rout er) # net work 172.16.10.0
I f you advert ise a subnet , you will not receive an error m essage, because t he rout er will
aut om at ically convert t he subnet t o t he classful net work address.

Quest ion 1
Which st at em ent about RI Png is t rue?
A. RI Png allows for rout es wit h up t o 30 hops.
B. RI Png is enabled on each int erface separat ely.
C. RI Png uses broadcast s t o exchange rout es.
D. There can be only one RI Png process per rout er.
Answer: B
Explanat ion
RI Png is sim ilar t o RI Pv2 but is used for I Pv6. But unlike RI Pv1 and RI Pv2, RI Png is enabled on
each int erface separat ely. For exam ple:
Rout er( config) # ipv6 unicast - rout ing ( Enables t he forwarding of I Pv6 unicast dat agram s globally
on t he rout er)
Rout er( config) # int erface fa0/ 0
Rout er( config- if) # ipv6 rip 9t ut enable ( 9t ut is t he process nam e of t his RI Png)
Quest ion 2
What are t wo charact erist ics of RI Pv2? ( Choose t wo)

http://www.9tut 82
A. classful rout ing prot ocol
B. variable- lengt h subnet m asks
C. broadcast addressing
D. m anual rout e sum m arizat ion
E. uses SPF algorit hm t o com put e pat h

Answer: B D
Quest ion 3
Refer t o t he exhibit . Which ( config- rout er) com m and will allow t he net work represent ed on t he
int erface t o be advert ised by RI P?
rout er rip
version 2
no aut o sum m ary
!
int erface et hernet 0
ip address 10.12.6.1 255.255.0.0

A. redist ribut e et hernet 0

B. net work et hernet 0
C. redist ribut e 10.12.0.0
D. net work 10.12.0.0

Answer: D
Quest ion 4
Refer t o t he exhibit . What inform at ion can be gat hered from t he out put ?
Rout erA# debug ip rip
RI P prot ocol debugging is on00: 34: 32: RI P: sending v2 flash updat e t o 224.0.0.9 via
Fast Et hernet 8/ 0 ( 172.16.1.1)
00: 34: 32: RI P: build flash updat e ent ries
00: 34: 32: 10.10.1.0/ 24 via 0.0.0.6, m et ric 1, t ag 0
00: 34: 32: RI P: sending v2 flash updat e t o 224.0.0.9 via Loopback ( 10.10.1.1)
00: 34: 32: RI P: build flash updat e ent ries
00: 34: 32: 10.0.0.0/ 8 via 0.6.0.0, m et ric 2, t ag 0
00: 34: 32: 172.16.1.0/ 24 via 0.0.0.0, m et ric 1, t ag 0
00: 34: 32: RI P: ignored v2 packet from 16.10.1.1 ( sourced from one of our addresses)
06: 34: 33: RI P: received v2 updat e from 172.16.1.2 on Fast Et hernet 0/ 6
66: 34: 33: 16.6.0.0/ 8 via 6.0.6.6 in 1 hops
66: 34: 44: RI P: sending v2 updat e t o 224.6.6.9 via Fast Et hernet 0/ 0 ( 172.16.1.1)
66: 34: 44: RI P: build updat e ent ries
66: 34: 44: 10.10.1.0/ 24 via 0.0.0.0, m et ric 1, t ag 0

A. One rout er is running RI Pv1.

B. RI P neighbor is 224.0.0.9.
C. The net work cont ains a loop.
D. Net work 10.10.1.0 is reachable.

Answer: D

http://www.9tut 83
Quest ion 5
Which series of com m ands will configure rout er R1 for LAN- t o- LAN com m unicat ion wit h rout er R2?
The ent erprise net work address is 192.1.1.0/ 24 and t he rout ing prot ocol in use is RI P. ( Choose
t hree)

A.
R1 ( config) # int erface et hernet 0
R1 ( config- if) # ip address 192.1.1.129 255.255.255.192
R1 ( config- if) # no shut down
B.
R1 ( config) # int erface et hernet 0
R1( config- if) # ip address 192.1.1.97 255.255.255.192
R1 ( config- if) # no shut down
C.
R1 ( config) # int erface serial 0
R1 ( config- if) # ip address 192.1.1.4 255.255.255.252
R1 ( config- if) # clock rat e 56000
D.
R1 ( config) # int erface serial 0
R1( config- if) # ip address 192.1.1.6 255.255.255.252
R1 ( config- it ) # no shut down
E.
R1 ( config) # rout er rip
R1 ( config- rout er) # net work 192.1.1.4
R1 ( config- rout er) # net work 192.1.1.128
F.
R1 ( config) # rout er rip
R1 ( config- rout er) # version 2
R1 ( config- rout er) # net work 192.1.1.0

Answer: A D F
Explanat ion
First we not ice t hat t he ip address of t he E0 int erface of R2 is 192.1.1.65/ 26, which has:
+ I ncrem ent : 64 ( / 26 = 1111 1111.1111 1111.1111 1111.1100 0000)
+ Net work address: 192.1.1.64
+ Broadcast address: 192.1.1.127
Therefore, t he ip address of t he E0 int erface of R1 cannot belong t o t his range or t he net work
cannot operat e correct ly.
I n answer A, t he ip address of E0 int erface of R1 is 192.1.1.129, which does not belong in t his
range - > A is correct .
I n answer B, E0 int erface of R1 has t he ip address of 192.1.1.97, which belongs in t his range - > B
is not correct .
The s0 int erface of R1 m ust belong t o t he sam e net work of s0 int erface of R2, which has:

http://www.9tut 84
+ I ncrem ent : 4 ( / 30 = 1111 1111.1111 1111.1111 1111.1111 1100)
+ Net work address: 192.1.1.4
+ Broadcast address: 192.1.1.7
The ip 192.1.1.5 has been used by s0 of R2 so t he only suit able ip address of s0 of R1 is
192.1.1.6 - > C is wrong but D is correct .
Now t he last t hing we m ust do is enabling RI P. Because e0 int erface of R1 and e0 int erface of R2
have t he sam e m aj or net work ( 192.1.1.0/ 24) so we m ust use RI P version 2 t o support
discont iguous net work - > F is correct .
For answer E, if we configure 2 net works
R1 ( config- rout er) # net work 192.1.1.4
R1 ( config- rout er) # net work 192.1.1.128
t hen t hese net works will be aut om at ically sum m arized as 192.1.1.0 net work.
Quest ion 6
Refer t o t he exhibit . Two rout ers have j ust been configured by a new t echnician. All int erfaces are
up. However, t he rout ers are not sharing t heir rout ing t ables. What is t he problem ?

A. Split horizon is prevent ing Rout er2 from receiving rout ing inform at ion from Rout er1.
B. Rout er1 is configured for RI P version 2, and Rout er2 is configured for RI P version 1.
C. Rout er1 has an ACL t hat is blocking RI P version 2.
D. There is a physical connect ivit y problem bet ween Rout er1 and Rout er2.
E. Rout er1 is using aut hent icat ion and Rout er2 is not .

Answer: B
Explanat ion
As we can see from t he out put , Rout er2 is sending v1 updat e and ignoring v2 updat e from
neighbor so we can conclude Rout er2 is running RI Pv1. I t s neighbor, Rout er1 ( ip address of
192.168.2.1) , is running RI Pv2.
Not ice t hat rout er running RI Pv2 can “ underst and” RI Pv1 updat e but rout er running RI Pv1 cannot
underst and RI Pv2 updat e.
Quest ion 7
What is t he default rout ing updat e period for RI Pv2?
A. 15 seconds
B. 30 Seconds
C. 180 Seconds
D. 240 Seconds

Answer: B
Quest ion 8
Refer t o t he exhibit . The net work m anager is evaluat ing t he efficiency of t he current net work
design. RI Pv2 is enabled on all Layer 3 devices in t he net work. What net work devices part icipat e
in passing t raffic from t he PC at 10.10.1.7 t o File Server at 10.20.1.6 in t he order t hat t hey will
forward t raffic from source t o dest inat ion?

http://www.9tut 85
A. Swit ch, Swit ch2
B. Swit ch, Swit ch2, Rout er2, Swit ch2
C. Swit ch1, Rout er1, Swit ch1, Swit ch2
D. Swit ch1, Rout er1, Rout er2, Swit ch2

Answer: D
Explanat ion
The PC and File Server are in different VLANs so surely t raffic from PC t o File Server m ust go
t hrough Rout er1 but which pat h will t he packet go next , t hrough Rout er 2 or Swit ch1? Well, it is a
hard quest ion t o answer.
As m any com m ent s said “ t he connect ion bet ween R1 and Swit ch is Blue, so t hat m eans it s under
Vlan 10, and R2 t o Swit ch 2 is red. The t wo rout ers do not have subint erfaces and are not running
rout er on a st ick basing on t he color of t he links” so D should be t he correct answer.
Just for your inform at ion, I keep t his explanat ion ( which support s answer C) but in t he exam you
should choose D as your answer!
I haven’t had t est ed it yet but I guess t hat because t here is a VLAN 20 on Swit ch 1 so Rout er1 will
t ry t o send t hat packet back t o Swit ch1. I f t he link bet ween Swit ch1 and Swit ch2 is a t runk link
t hen t he ret urned packet will also be sent t o t his link. Swit ch 2 receives t hat packet and it sends
t o t he File Server at VLAN20. So t he pat h will be Swit ch1 - > Rout er1 - > Swit ch1 - > Swit ch2.
There are som e debat es about t his quest ion but if t he rout ers are properly configured t hen t he
packet s can go from Swit ch1 - > Rout er1 - > Rout er2 - > Swit ch2 ( D answer) so D can be a correct
answer.

Quest ion 9
Refer t o t he exhibit . Rout er A has int erfaces wit h addresses 192.168.1.1 and 172.16.1.1. Rout er
B, which is connect ed t o rout er A over a serial link, has int erfaces wit h address 172.16.1.2 and
10.1.1.2.

Which sequence of com m ands will configure RI Pv2 on rout er B?

A.
B( config) # rout er rip
B( config- rout er) # version 2
B( config- rout er) # net work 172.16.0.0
B( config- rout er) # net work 10.0.0.0
B( config- rout er) # end

http://www.9tut 86
B.
B( config) # rout er rip 2
B( config- rout er) # net work 172.16.0.0
B( config- rout er) # net work 10.0.0.0
B( config- rout er) # end
C.
B( config) # rout er rip
B( config- rout er) # version 2
B( config- rout er) # net work 172.16.0.0
B( config- rout er) # net work 192.168.1.0
B( config- rout er) # end
D.
B( config) # rout er rip version 2
B( config- rout er) # net work 172.16.0.0
B( config- rout er) # net work 10.0.0.0
B( config- rout er) # end

Answer: A

Quest ion 10
Refer t o t he exhibit . S0/ 0 on R1 is configured as a m ult ipoint int erface t o com m unicat e wit h R2
and R3 in t his hub- and- spoke Fram e Relay t opology.
While t est ing t his configurat ion, a t echnician not es t hat pings are successful from host s on t he
172.16.1.0/ 24 net work t o host s on bot h t he 172.16.2.0/ 25 and 172.16.2.128/ 25 net works.
However, pings bet ween host s on t he 172.16.2.0/ 25 and 172.16.2.128/ 25 net works are not
successful. What could explain t his connect ivit y problem ?

A. The ip subnet - zero com m and has been issued on t he R1 rout er.
B. The RI P v2 dynam ic rout ing prot ocol cannot be used across a Fram e Relay net work.
C. Split horizon is prevent ing R2 from learning about t he R3 net works and R3 from learning about
t he R2 net works.
D. The 172.16.2.0/ 25 and 172.16.2.128/ 25 net works are overlapping net works t hat can be seen
by R1, but not bet ween R2 and R3.
E. The 172.16.3.0/ 29 net work used on t he Fram e Relay links is creat ing a discont iguous net work
bet ween t he R2 and R3 rout er subnet works.

Answer: C
Explanat ion
The “ ip subnet - zero” allows t he use of t he first subnet but it doesn’t cause t his problem and we
don’t have t hat first subnet ( like 172.16.0.0/ 24) so we can’t confirm if t he “ ip subnet - zero” was
used or not - > A is not correct .
Fram e- Relay can use RI Pv2 wit h no problem if we configure it correct ly - > B is not correct .
I n t he exhibit above we not ice t hat t he s0/ 0 int erface of R1 has not been divided int o sub-
int erfaces so t he split horizon will prevent updat es from R2 t o R3 and vice versa. The split horizon
rule st at es “ A rout er never sends inform at ion about a rout e back in sam e direct ion which is

http://www.9tut 87
original inform at ion cam e” . I n t his case R2 send an updat e t o S0/ 0 of R1 so R1 cannot send t hat
updat e back on S0/ 0 - > R3 will not learn about net works of R2 ( and vice versa) - > C is correct .
172.16.2.0/ 25 and 172.16.2.128/ 25 net works are not overlapping net works. They are t wo
different subnet works - > D is not correct .
RI Pv2 is a classless rout ing prot ocol so it support s VLSM and discont iguous net works - > E is not
correct .

Quest ion 11
Refer t o t he exhibit . Aft er a RI P rout e is m arked invalid on Rout er_1, how m uch t im e will elapse
before t hat rout e is rem oved from t he rout ing t able?
Rout er_1# show ip prot ocols
Rout ing Prot ocol is “ rip”
Sending updat es every 30 seconds, next due in 8 seconds
I nvalid aft er 180 seconds, hold down 180, flushed aft er 240
Out going updat e filt er list foe all int erfaces is not set
I ncom ing updat e filt er list for all int erfaces is not set
Rout er 1#

A. 30 seconds
B. 60 seconds
C. 90 seconds
D. 180 seconds
E. 240 seconds

Answer: B

Quest ion 12
Refer t o t he graphic. Host 1 cannot receive packet s from Host 2. Assum ing t hat RI P v1 is t he
rout ing prot ocol in use, what is wrong wit h t he I P configurat ion inform at ion shown? ( Choose t wo)

A. The fa0/ 1 int erface of rout er R2 has been assigned a broadcast address.
B. The fa0/ 1 net work on rout er R2 overlaps wit h t he LAN at t ached t o R1.
C. Host 2 has been assigned t he incorrect subnet m ask.
D. Host 1 has been configured wit h t he 255.255.248.0 subnet m ask.
E. Host 2 on rout er R2 is on a different subnet t han it s gat eway.

Answer: B C
Explanat ion
The fa0/ 1 int erface of R2 is assigned an I P address of 10.1.40.255/ 20. I t seem s t o be a broadcast
address but it is not . I f we calculat e t he range of t his net work we will underst and why:

http://www.9tut 88
Net work 10.1.40.255/ 20
I ncrem ent : 16 ( / 20 = 1111 1111.1111 1111.1111 0000.0000 0000)
Net work address: 10.1.32.0
Broadcast address: 10.1.47.255
- > 10.1.40.255/ 20 is an usable host address - > A is not correct .
The I P address of host 1 ( 10.1.32.48) belongs t o t he range of int erface fa0/ 1 on R2 as shown
above - > B is correct .
I n t he t opology above, all subnet m asks are / 20 ( 255.255.240.0) except ing t he subnet m ask of
Host 2 ( 255.255.252.0) so C can be incorrect .
The subnet m ask of Host 1 is 255.255.240.0, not 255.255.248.0 - > D is not correct .
Host 2 is not on a different subnet t han it s gat eway even if t he subnet m ask 255.255.252.0 is
used. Let ’s analyze t he range of Host 2 net work:
Net work 10.1.40.96/ 22
I ncrem ent : 4
Net work address: 10.1.40.0
Broadcast address: 10.1.43.255
I t s gat eway ( 10.1.40.255) is st ill belongs t o t his range - > E is not correct .
Not e: I n t his quest ion, C is t he best suit able answer aft er elim inat ing A, D, E answers. But in fact
Host 2 can ping it s gat eway because t hey are on t he sam e subnet .

Quest ion 13
What t wo t hings will a rout er do when running a dist ance vect or rout ing prot ocol? ( Choose t wo)
A. Send periodic updat es regardless of t opology changes.
B. Send ent ire rout ing t able t o all rout ers in t he rout ing dom ain.
C. Use t he short est - pat h algorit hm t o t he det erm ine best pat h.
D. Updat e t he rout ing t able based on updat es from t heir neighbors.
E. Maint ain t he t opology of t he ent ire net work in it s dat abase.

Answer: A D

Quest ion 14

Use t he out put from t he rout er shown in t he graphic above t o det erm ine which of t he following
are correct . ( Choose t wo)

http://www.9tut 89
A. Rout er John uses a link- st at e rout ing prot ocol.
B. Rout er John will receive rout ing updat es on t he Serial0/ 0 int erface.
C. Rout er John will receive rout ing updat es on t he Serial0/ 1 int erface.
D. Rout er John will send rout ing updat es out t he Serial0/ 0 int erface.
E. Rout er John will send rout ing updat es out t he Fast Et hernet 0/ 0 int erface.
F. Rout er John will send rout ing updat es out t he Serial0/ 1 int erface.

Answer: B D

Quest ion 15
What can be det erm ined from t he line of show ip rout e out put shown in t he exhibit ? ( Choose t wo)
R 10.10.10.8 [ 120/ 2] via 10.10.10.6,00: 00: 25, Serial0/ 1
A. The next rout ing updat e can be expect ed in 35 seconds.
B. The I P address 10.10.10.6 is configured on S0/ 1.
C. The I P address 10.10.10.8 is configured on S0/ 1.
D. This rout e is using t he default adm inist rat ive dist ance.
E. The 10.10.10.8 net work is t wo hops away from t his rout er.

Answer: D E
Explanat ion
From t he out put , we can see 2 param et ers [ 120/ 2] . The first is t he adm inist rat ive dist ance of t he
rout ing prot ocol being used. I n t his case it is RI P ( sym bolized by t he let t er “ R” ) . Because 120 is
also t he default adm inist rat ive dist ance value of RI P - > D is correct .
In RIP, the metric is hop count so “2″ means the network 10.10.10.8 is two hops (routers) away
from t his rout er.

CCNA – OSPF Quest ions

Not e: I f you are not sure about OSPF, please read m y OSPF t ut orial

OSPF Tut orial

I n t his art icle we will learn about t he OSPF Rout ing Prot ocol
Open- Short est - Pat h- First ( OSPF) is t he m ost widely used int erior gat eway prot ocol rout ing
prot ocol on t he world because it is a public ( non- propriet ary) rout ing prot ocol while it s biggest
rival, EI GRP, is a Cisco propriet ary prot ocol so ot her vendors can’t use it . OSPF is a com plex link-
st at e rout ing prot ocol. Link- st at e rout ing prot ocols generat e rout ing updat es only when a change
occurs in t he net work t opology. When a link changes st at e, t he device t hat det ect ed t he change
creat es a link- st at e advert isem ent ( LSA) concerning t hat link and sends t o all neighboring devices
using a special m ult icast address. Each rout ing device t akes a copy of t he LSA, updat es it s link-
st at e dat abase ( LSDB) , and forwards t he LSA t o all neighboring devices.
Not e:
+ OSPF rout ers use LSA ( Link St at e Advert isem ent ) t o describe it s link st at e. LSDB st ores all LSAs.
+ A rout er uses Rout er LSA t o describe it s int erface I P addresses.
+ Aft er OSPF is st art ed on a rout er, it creat es LSDB t hat cont ains one ent ry: t his rout er’s Rout er
LSA.
There are five t ypes of OSPF Link- St at e Packet s ( LSPs) .

http://www.9tut 90
+ H e llo: are used t o est ablish and m aint ain adj acency wit h ot her OSPF rout ers. They are also
used t o elect t he Designat ed Rout er ( DR) and Backup Designat ed Rout er ( BDR) on m ult iaccess
net works ( like Et hernet or Fram e Relay) .
+ D a t a ba se D e scr ipt ion ( DBD or DD) : cont ains an abbreviat ed list of t he sending rout er’s link-
st at e dat abase and is used by receiving rout ers t o check against t he local link- st at e dat abase
+ Lin k - St a t e Re qu e st ( LSR) : used by receiving rout ers t o request m ore inform at ion about any
ent ry in t he DBD
+ Lin k - St a t e Upda t e ( LSU) : used t o reply t o LSRs as well as t o announce new inform at ion. LSUs
cont ain seven different t ypes of Link- St at e Advert isem ent s ( LSAs)
+ Lin k - St a t e Ack now le dge m e n t ( LSAck) : sent t o confirm receipt of an LSU m essage

Key point s
+ I s a public ( non- propriet ary) rout ing prot ocol.
+ I s t he only link- st at e rout ing prot ocol you learn in CCNA
+ This works by using t he Dij kst ra algorit hm
+ I nform at ion about it s neighbors ( local connect ivit y) is sent t o t he ent ire net work using
m ult icast ing
+ The ent ire rout ing t able is t ransm it t ed once every 30 m inut es
+ Rout ing inform at ion is shared t hrough Link- st at e updat es ( LSAs)
+ HELLO m essages are used t o m aint ain adj acent neighbors. By default , OSPF rout ers send Hello
packet s every 10 seconds on m ult iaccess and point - t o- point segm ent s and every 30 seconds on
nonbroadcast m ult iaccess ( NBMA) segm ent s ( like Fram e Relay, X.25, ATM) .
+ I s a classless rout ing prot ocol because it does not assum e t he default subnet m asks are used. I t
sends t he subnet m ask in t he rout ing updat e.
+ Support s VLSM and rout e sum m arizat ion
+ Uses COST as a m et ric which CI SCO defines as t he inverse of t he bandwidt h
+ Uses AREAs t o subdivide large net works, providing a hierarchical st ruct ure and lim it t he
m ult icast LSAs wit hin rout ers of t he sam e area — Area 0 is called ba ck bone a r e a and all ot her
areas connect direct ly t o it . All OSPF net works m ust have a backbone area
+ Only support I P but it ’s not bad as we are all using I P, right ? : )

http://www.9tut 91
Area Border Rout ers ( ABR) are any rout ers t hat have one int erface in one area and anot her
int erface in anot her area
Let ’s see an exam ple of OSPF
Suppose OSPF has j ust been enabled on R1 & R2. Bot h R1 and R2 are very eager t o discover if
t hey have any neighbors nearby but before sending Hello m essages t hey m ust first choose an
OSPF rout er ident ifier ( rout er- id) t o t ell t heir neighbors who t hey are. The Rout er I D ( RI D) is an I P
address used t o ident ify t he rout er and is chosen using t he following sequence:
+ The highest I P address assigned t o a loopback ( logical) int erface.
+ I f a loopback int erface is not defined, t he highest I P address of all act ive rout er’s physical
int erfaces will be chosen.
+ The rout er I D can be m anually assigned
I n t his exam ple, suppose R1 has 2 loopback int erfaces & 2 physical int erfaces:
+ Loopback 0: 10.0.0.1
+ Loopback 1: 12.0.0.1
+ Fa0/ 0: 192.168.1.1
+ Fa0/ 1: 200.200.200.1
As said above, t he loopback int erfaces are preferred t o physical int erfaces ( because t hey are
never down) so t he highest I P address of t he loopback int erfaces is chosen as t he rout er- id - >
Loopback 1 I P address is chosen as t he rout er- id.

Suppose R2 doesn’t have any loopback int erfaces but it has 2 physical int erfaces:
+ Fa0/ 0: 210.0.0.1 but it is shut down
+ Fa0/ 1: 192.168.1.2 ( is act ive)
Alt hough Fa0/ 0 has higher I P address but it is shut down so R1 will choose Fa0/ 1 as it s rout er- id.

http://www.9tut 92
Now bot h t he rout ers have t he rout er- id so t hey will send Hello packet s on all OSPF- enabled
int erfaces t o det erm ine if t here are any neighbors on t hose links. The inform at ion in t he OSPF
Hello includes t he OSPF Rout er I D of t he rout er sending t he Hello packet .

Quest ion 1

Which of t he following st at em ent s below best describe t he process ident ifier t hat is used t o run
OSPF on a rout er? ( Choose t wo)

A – I t is an opt ional param et er required only if m ult iple OSPF processes are running on t he rout er
B – I t is locally significant
C – I t is needed t o ident ify a unique inst ance of an OSPF dat abase
D – All rout ers in t he sam e OSPF area m ust have t he sam e process I D if t hey are t o exchange
rout ing inform at ion

Answer: B C

Quest ion 2:

Why R1 can’t est ablish an OSPF neighbor relat ionship wit h R3 according t o t he following graphic?
( Choose t wo)

A – Configure EI GRP on t hese rout ers wit h a lower adm inist rat ive dist ance
B – All rout ers should be configured for backbone Area 1
C – R1 and R3 have been configured in different areas
D – The hello and dead int erval t im ers are not configured t he sam e values on R1 and R3

Answer: C D

Explanat ion:

A is not correct because configure EI GRP on t hese rout ers ( wit h a lower adm inist rat ive dist ance)
will force t hese rout ers t o run EI GRP, not OSPF.

B is not correct because t he backbone area of OSPF is always Area 0.

C and D are correct because t hese ent ries m ust m at ch on neighboring rout ers:

- Hello and dead int ervals

– Area I D ( Area 0 in t his case)
– Aut hent icat ion password
– St ub area flag

Quest ion 3:

Which it em s are correct about t he rout ing prot ocol OSPF? ( Choose t hree)

A – Support VLSM
B – I ncrease rout ing overhead on t he net work

http://www.9tut 93
C – Confine net work inst abilit y t o one area of t he net work
D – Allow ext ensive cont rol of rout ing updat es

Answer: A C D

Explanat ion:

Rout ing overhead is t he am ount of inform at ion needed t o describe t he changes in a dynam ic
net work t opology. All rout ers in an OSPF area have ident ical copies of t he t opology dat abase and
t he t opology dat abase of one area is hidden from t he rest of t he areas t o reduce rout ing
overhead because fewer rout ing updat es are sent and sm aller rout ing t rees are com put ed and
m aint ained ( allow ext ensive cont rol of rout ing updat es and confine net work inst abilit y t o one area
of t he net work) .

Quest ion 4:

Which t hree feat ures are of OSPF rout ing prot ocol? ( Choose t hree)

A – Converge quickly
B – OSPF is a classful rout ing prot ocol
C – I dent ify t he best rout e by use of cost
D – Before exchanging rout ing inform at ion, OSPF rout ers find out neighbors

Answer: A C D

Quest ion 5:

OSPF rout ing uses t he concept of areas. What are t he charact erist ics of OSPF areas? ( Chose
t hree)

A – Each OSPF area requires a loopback int erface t o be configured

B – Areas m ay be assigned any num ber from 0 t o 65535
C – Area 0 is called t he backbone area
D – Hierarchical OSPF net works do not require m ult iple areas
E – Mult iple OSPF areas m ust connect t o area 0
F – Single area OSPF net works m ust be configured in area 1

Answer: B C E

Explanat ion:

I used t o t hink t he answers should be C D E and here is m y explanat ion:

OSPF can use an act ive int erface for it s rout er I D, so a loopback int erface is not a m ust - > A is
incorrect .

OSPF Area is a 32- bit num ber so we can use up t o 2 32 – 1 = 4294967296 – 1 ( since Area 0 is t he
first area) . Rem em ber t hat only process I D is a 16- bit num ber and ranges from 1 t o 65535 - > B is
incorrect .

F is incorrect t oo because single area OSPF net woks m ust be configured in Area 0, which is called
t he backbone area.

For answer D, it is a bit hard t o guess what t hey want t o say about “ hierarchical” but we should
underst and “ Hierarchical OSPF net works” as “ OSPF net works” . D is correct bercause we can only
have one area ( area 0 – t he backbone area) for our net works.

But TT com m ent ed on 01- 11- 2010:

Especially t o not e on choice B, D, and E:

http://www.9tut 94
Choice B: we all know t hat The areas can be any num ber from 0 t o 4.2 billion and 1 t o 65,535 for
t he Process I D. As choice B specifies ‘area’ ( be aware, it ’s not saying ‘process id) , t here is no
reason t o say t hat we cannot assign num bers from 0 t o 65535 for area # ( it is using ‘m ay be’, not
‘have t o be’ or ‘ought to be’). Hence, we do not worry about assigning ’0′.

Choice E: as Area 0 is t he backbone, we all underst and t hat any areas in a OSPF net work have t o
be connect ed t o it . And act ually t his is im plicit ly saying t hat m ult iple areas form a hierarchical
OSPF net work, as Area 0 being a root and ot hers being it s leaves.

Choice D: when it specifies ‘Hierarchical’, at least 2 areas should be required t o form such
t opology ( of course t hat includes Area 0)

Alt hough Choice B is not an absolut ely accurat e st at em ent since it not only can be assigned up t o
65535, it is st ill a correct answer. And again, it specifies ‘area’, not ‘process id’, so ’0′ can be
included. Finally, it would be m eaningless t o call OSPF a hierarchical net work if no m ore t han one
area is present .

—————————————————————————————————-

I reviewed t he quest ion and t hink it is a m ore suit able solut ion wit h choice B t han choice D, surely
it is a t ricky quest ion!

Quest ion 6:

Part of t he OSPF net work is shown below:

Configurat ion exhibit :

R1 rout ing com m ands:

ip rout e 0.0.0.0 0.0.0.0 serial0/ 0

rout er ospf 1
net work 172.16.100.0 0.0.0.3 area 0
net work 172.16.100.64 0.0.0.63 area 0
net work 172.16.100.128 0.0.0.31 area 0
default - inform at ion originat e

You work as a net work t echnician, st udy t he exhibit s carefully. Assum e t hat all rout er int erfaces
are operat ional and correct ly configured. I n addit ion, assum e t hat OSPF has been correct ly
configured on rout er R2. How will t he default rout e configured on R1 affect t he operat ion of R2?

A – Any packet dest ined for a net work t hat is not direct ly connect ed t o rout er R2 will be dropped
im m ediat ely

http://www.9tut 95
B – Any packet dest ined for a net work t hat is not direct ly connect ed t o rout er R1 will be dropped
C – Any packet dest ined for a net work t hat is not direct ly connect ed t o rout er R2 will be dropped
im m ediat ely because of t he lack of a gat eway on R1
D – The net work direct ly connect ed t o a rout er R2 will not be able t o com m unicat e wit h t he
172.16.100.0, 172.16.100.28 and 172.16.100.64 subnet works.
E – Any packet dest ined for a net work t hat is not referenced in t he rout ing t able of rout er R2 will
be direct ed t o R1. R1 will t hen send t hat packet back t o R2 and a rout ing loop will occur

Answer: E

Explanat ion:

First , not ice t hat t he m ore- specific rout es will always be favored over less- specific rout es
regardless of t he adm inist rat ive dist ance set for a prot ocol. I n t his case, because we use OSPF for
t hree net works ( 172.16.100.0 0.0.0.3, 172.16.100.64 0.0.0.63, 172.16.100.128 0.0.0.31) so t he
packet s dest ined for t hese net works will not be affect ed by t he default rout e.

The default route configured on R1 “ip route 0.0.0.0 0.0.0.0 serial0/0″ will send any packet whose
dest inat ion net work is not referenced in t he rout ing t able of rout er R1 t o R2, it doesn’t drop
anyt hing so answers A, B and C are not correct . D is not correct t oo because t hese rout es are
declared in R1 and the question says that “OSPF has been correctly configured on router R2″, so
net work direct ly connect ed t o rout er R2 can com m unicat e wit h t hose t hree subnet works.

As said above, t he default rout e configured on R1 will send any packet dest ined for a net work t hat
is not referenced in it s rout ing t able t o R2; R2 in t urn sends it t o R1 because it is t he only way and
a rout ing loop will occur.

Quest ion 7

Refer t o t he exhibit . Which t wo st at em ent s are t rue about t he loopback address t hat is configured
on Rout erB? ( Choose t wo)

A. It ensures t hat dat a will be forwarded by Rout erB.

B. It provides st abilit y for t he OSPF process on Rout erB.
C. It specifies t hat t he rout er I D for Rout erB should be 10.0.0.1.
D. It decreases t he m et ric for rout es t hat are advert ised from Rout erB.
E. It indicat es t hat Rout erB should be elect ed t he DR for t he LAN.

Answer: B C

http://www.9tut 96
Explanat ion

A loopback int erface never com es down even if t he link is broken so it provides st abilit y for t he
OSPF process ( for exam ple we use t hat loopback int erface as t he rout er- id) - > B is correct .

The rout er- I D is chosen in t he order below:

+ The highest I P address assigned t o a loopback ( logical) int erface.

+ I f a loopback int erface is not defined, t he highest I P address of all act ive rout er’s physical
int erfaces will be chosen.

- > The loopback int erface will be chosen as t he rout er I D of Rout erB - > C is correct .

Quest ion 8

Which charact erist ics are represent at ive of a link- st at e rout ing prot ocol? ( Choose t hree)

A. provides com m on view of ent ire t opology

B. exchanges rout ing t ables wit h neighbors
C. calculat es short est pat h
D. ut ilizes event - t riggered updat es
E. ut ilizes frequent periodic updat es

Answer: A C D

Explanat ion

Each of rout ers running link- st at e rout ing prot ocol learns pat hs t o all t he dest inat ions in it s “ area”
so we can say A is correct alt hough it is a bit unclear.

Link- st at e rout ing prot ocols generat e rout ing updat es only ( not t he whole rout ing t able) when a
change occurs in t he net work t opology so B is not correct .

Link- st at e rout ing prot ocol like OSPF uses Dij kst ra algorit hm t o calculat e t he short est pat h - > C is
correct .

Unlike Dist ance vect or rout ing prot ocol ( which ut ilizes frequent periodic updat es) , link- st at e
rout ing prot ocol ut ilizes event - t riggered updat es ( only sends updat e when a change occurs) - > D
is correct but E is not correct .

Quest ion 9

The int ernet work infrast ruct ure of com pany XYZ consist s of a single OSPF area as shown in t he
graphic. There is concern t hat a lack of rout er resources is im peding int ernet work perform ance.

http://www.9tut 97
As part of exam ining t he rout er resources t he OSPF DRs need t o be known.

All t he rout er OSPF priorit ies are at t he default and t he rout er I Ds are shown wit h each rout er.

Which rout ers are likely t o have been elect ed as DR? ( Choose t wo)

A. Corp- 1
B. Corp- 2
C. Corp- 3
D. Corp4
E. Branch- 1
F. Branch- 2

Answer: D F

Explanat ion

There are 2 segm ent s on t he t opology above which are separat ed by Corp- 3 rout er. Each segm ent
will have a DR so we have 2 DRs.

To select which rout er will becom e DR t hey will com pare t heir rout er- I Ds. The rout er wit h highest
( best ) rout er- I D will becom e DR. The rout er- I D is chosen in t he order below:

+ The highest I P address assigned t o a loopback ( logical) int erface.

+ I f a loopback int erface is not defined, t he highest I P address of all act ive rout er’s physical
int erfaces will be chosen.

I n t his quest ion, t he I P addresses of loopback int erfaces are not m ent ioned so we will consider I P
addresses of all act ive rout er’s physical int erfaces. Rout er Corp- 4 ( 10.1.40.40) & Branch- 2
( 10.2.20.20) have highest “ act ive” I P addresses so t hey will becom e DRs.

Quest ion 10

A net work associat e has configured OSPF wit h t he com m and:

Cit y( config- rout er) # net work 192.168.12.64 0.0.0.63 area 0

Aft er com plet ing t he configurat ion, t he associat e discovers t hat not all t he int erfaces are
part icipat ing in OSPF.
Which t hree of t he int erfaces shown in t he exhibit will part icipat e in OSPF according t o t his
configurat ion st at em ent ? ( Choose t hree)

http://www.9tut 98
A. Fast Et hernet 0/ 0
B. Fast Et hernet 0/ 1
C. Serial0/ 0
D. Serial0/ 1.102
E. Serial0/ 1.103
F. Serial0/ 1.104

Answer: B C D

Explanat ion

The “network 192.168.12.64 0.0.0.63″ equals t o net work 192.168.12.64/ 26. This net work has:
+ I ncrem ent : 64 ( / 26= 1111 1111.1111 1111.1111 1111.1100 0000)
+ Net work address: 192.168.12.64
+ Broadcast address: 192.168.12.127
Therefore all int erface in t he range of t his net work will j oin OSPF - > B C D are correct .

Quest ion 11

When running OSPF, what would cause rout er A not t o form an adj acency wit h rout er B?

A. The loopback addresses are on different subnet s.

B. The values of t he dead t im ers on t he rout ers are different .
C. Rout e sum m arizat ion is enabled on bot h rout ers.
D. The process ident ifier on rout er A is different t han t he process ident ifier on rout er

Answer: B

Explanat ion

To form an adj acency ( becom e neighbor) , rout er A & B m ust have t he sam e Hello int erval, Dead
int erval and AREA num ber.

Quest ion 12

Refer t o t he exhibit . The net work is converged. Aft er link- st at e advert isem ent s are received from
Rout er_A, what inform at ion will Rout er_E cont ain in it s rout ing t able for t he subnet s
208.149.23.64 and 208.149.23.96?

http://www.9tut 99
A. 208.149.23.64[ 110/ 13] via 190.173.23.10, 00: 00: 00: 07, Fast Et hernet 0/ 0
208.149.23.96[ 110/ 13] via 190.173.23.10, 00: 00: 00: 16, Fast Et hernet 0/ 0

B. 208.149.23.64[ 110/ 1] via 190.173.23.10, 00: 00: 00: 07, Serial1/ 0

208.149.23.96[ 110/ 3] via 190.173.23.10, 00: 00: 00: 16, Fast Et hernet 0/ 0

C. 208.149.23.64[ 110/ 13] via 190.173.23.10, 00: 00: 00: 07, Serial1/ 0
208.149.23.96[ 110/ 13] via 190.173.23.10, 00: 00: 00: 16, Serial1/ 0
208.149.23.96[ 110/ 13] via 190.173.23.10, 00: 00: 00: 16, Fast Et hernet 0/ 0

D. 208.149.23.64[ 110/ 13] via 190.173.23.10, 00: 00: 00: 07, Serial1/ 0
208.149.23.96[ 110/ 13] via 190.173.23.10, 00: 00: 00: 16, Serial1/ 0

Answer: A

Explanat ion

Rout er_E learns t wo subnet s subnet s 208.149.23.64 and 208.149.23.96 via Rout er_A t hrough
Fast Et hernet int erface. The int erface cost is calculat ed wit h t he form ula 10 8 / Bandwidt h. For
Fast Et hernet it is 10 8 / 100 Mbps = 10 8 / 10,000,000,000 = 1. Therefore t he cost is 12 ( learned
from Rout er_A) + 1 = 13for bot h subnet s - > B is not correct .

The cost t hrough T1 link is m uch higher t han t hrough T3 link ( T1 cost = 10 8 / 1.544 Mbps = 64;
T3 cost = 10 8 / 45 Mbps = 2) so surely OSPF will choose t he pat h t hrough T3 link - > Rout er_E will
choose t he pat h from Rout er_A t hrough Fast Et hernet 0/ 0, not Serial1/ 0 - > C & D are not correct .

I n fact , we can quickly elim inat e answers B, C and D because t hey cont ain at least one subnet
learned from Serial1/ 0 - > t hey are surely incorrect .

Quest ion 13

Refer t o t he exhibit . Given t he out put for t his com m and, if t he rout er I D has not been m anually
set , what rout er I D will OSPF use for t his Rout erD?

Rout erD# show ip int erface brief

http://www.9tut 100
A. 10.1.1.2
B. 10.154.154.1
C. 172.16.5.1
D. 192.168.5.316

Answer: C

Explanat ion

The highest I P address of all loopback int erfaces will be chosen - > Loopback 0 will be chosen as
t he rout er I D.

Quest ion 14

Which com m ands are required t o properly configure a rout er t o run OSPF and t o add net work
192.168.16.0/ 24 t o OSPF area 0? ( choose t wo)

A. Rout er( config) # rout er ospf 1

B. Rout er( config) # rout er ospf 0
C. Rout er( config) # rout er ospf area 0
D. Rout er( config- rout er) # net work 192.168.16.0 0.0.0.255 area 0
E. Rout er( config- rout er) # net work 192.168.16.0 0.0.0.255 0
F. Rout er( config- rout er) # net work 192.168.16.0 255.255.255.0 area 0

Answer: A D

Explanat ion

I n t he rout er ospf

com m and, t he

ranges from 1 t o 65535 so o is an invalid num ber - > A is correct but B is not correct .

To configure OSPF, we need a wildcard in t he “ net work” st at em ent , not a subnet m ask. We also
need t o assgin an area t o t his process - > D is correct .

Quest ion 15

Which param et er or param et ers are used t o calculat e OSPF cost in Cisco rout ers?

A. Bandwidt h, Delay and MTU

B. Bandwidt h
C. Bandwidt h and MTU
D. Bandwidt h, MTU, Reliabilit y, Delay and Load

Answer: B

The well- known form ula t o calculat e OSPF cost is

Cost = 10 8 / Bandwidt h

so B is t he correct answer.

Quest ion 16

Refer t o t he exhibit . Why are t wo OSPF designat ed rout ers ident ified on Core- Rout er?
Neighbor_I D Pri St at e Dead Tim e Address I nt erface

208.149.23.194 1 Full/ DR 00: 00: 33 190.172.32.10 Et hernet 1

http://www.9tut 101
208.149.23.60 1 Full/ BDR 00: 00: 33 190.172.32.10 Et hernet 0

208.149.23.130 1 Full/ DR 00: 00: 39 190.172.32.10 Et hernet 0

A. Core- Rout er is connect ed m ore t han one m ult i- access net work
B. The rout er at 208.149.23.130 is a secondary DR in case t he prim ary fails.
C. Two rout er I Ds have t he sam e OSPF priorit y and are t herefore t ied for DR elect ion
D. The DR elect ion is st ill underway and t here are t wo cont enders for t he role.

Answer: A

Explanat ion

OSPF elect s one DR per m ult i- access net work. I n t he exhibit t here are t wo DR so t here m ust have
m ore t han one m ult i- access net work.

Quest ion 17

What is t he default m axim um num ber of equal- cost pat hs t hat can be placed int o t he rout ing of a
Cisco OSPF rout er?

A. 16
B. 2
C. unlim it ed
D. 4

Answer: D

Explanat ion

The default num ber of equal- cost pat hs t hat can be placed int o t he rout ing of a Cisco OSPF rout er
is 4. We can change t his default value by using “ m axim um - pat hs” com m and:

Rout er( config- rout er) # m axim um - pat hs 2

Not e: Cisco rout ers support up t o 6 equal- cost pat hs

Quest ion 18

What is t he OSPF default frequency, in seconds, at which a Cisco rout er sends hello packet s on a
m ult iaccess net work?

A. 10
B. 40
C. 30
D. 20

Answer: A

Explanat ion

On broadcast m ult iacess and point - t o- point links, t he default is 10 seconds. On NBMA, t he default
is 30 seconds.

Quest ion 19

What is t he default adm inist rat ive dist ance of OSPF?

A. 120
B. 100

http://www.9tut 102
C. 90
D. 110

Answer: D

Quest ion 20

What inform at ion does a rout er running a link- st at e prot ocol use t o build and m aint ain it s
t opological dat abase? ( Choose t wo)

A. hello packet s
B. SAP m essages sent by ot her rout ers
C. LSAs from ot her rout ers
D. beacons received on point - t o- point links
E. rout ing t ables received from ot her link- st at e rout ers
F. TTL packet s from designat ed rout ers

Answer: A C

CCNA – EI GRP Quest ions

Not e: I f you are not sure about EI GRP, please read m y EI GRP t ut orial

EI GRP Tut orial

I n t his art icle we will m ent ion about t he EI GRP prot ocol.
Enhanced I nt erior Gat eway Rout ing Prot ocol ( EI GRP) is a Cisco- propriet ary rout ing prot ocol.
EI GRP is a classless rout ing prot ocol, m eaning t hat it sends t he subnet m ask of it s int erfaces in
rout ing updat es, which use a com plex m et ric based on bandwidt h and delay.
EI GRP is referred t o as a h ybr id r ou t in g pr ot ocol because it has t he charact erist ics of bot h
dist ance- vect or and link- st at e prot ocols but now Cisco refers it as an advanced dist ance vect or
prot ocol.
Not ice: t he t erm “ hybrid” is m isleading because EI GRP is not a hybrid bet ween dist ance vect or
and link- st at e rout ing prot ocols. I t is a dist ance vect or rout ing prot ocol wit h enhanced feat ures.
EI GRP is a powerful rout ing prot ocol and it is really st andout from it s ancest or I GRP. The m ain
feat ures are list ed below:
+ Support VLSM a nd discont iguou s ne t w or k s
+ Use Re lia ble Tr a n spor t Pr ot ocol ( RTP) t o delivery and recept ion of EI GRP packet s
+ Use t he best pat h select ion D iffusin g Upda t e Algor it hm ( D UAL) , guarant eeing loop- free
pat hs and backup pat hs t hroughout t he rout ing dom ain
+ D iscove r n e ighbor in g de vice s u sin g pe r iodic H e llo m e ssa ge s t o discover and m onit or
connect ion st at us wit h it s neighbors
+ Exchange t he full rout ing t able at st art up and send pa r t ia l* t r igge r e d upda t e s t hereaft er ( not
full updat es like dist ance- vect or prot ocols) and t he t riggered updat es are only sent t o rout ers t hat
need t he inform at ion. This behavior is different from t he link- st at e prot ocol in which an updat e will
be sent t o all t he link- st at e rout ers wit hin t hat area. For exam ple, EI GRP will send updat es when a
new link com es up or a link becom ing unavailable
+ Su ppor t s m u lt iple pr ot ocols: EI GRP can exchange rout es for I Pv4, I Pv6, AppleTalk and
I PX/ SPX net works
+ Loa d ba la n cing: EI GRP support s unequal m et ric load balancing, which allow s adm inist rat ors t o
bet t er dist ribut e t raffic flow in t heir net works.

http://www.9tut 103
* Not ice: The t erm “ part ial” m eans t hat t he updat e only includes inform at ion about t he rout e
changes.
EI GRP use m et rics com posed of bandwidt h, delay, reliabilit y, and load. By default , EI GRP uses
only bandwidt h and delay.
EI GRP use five t ypes of packet s t o com m unicat e:
+ H e llo: used t o ident ify neighbors. They are sent as periodic m ult icast s
+ Upda t e : used t o advert ise rout es, only sent as m ult icast s when som et hing is changed
+ Ack : acknowledges receipt of an updat e. I n fact , Ack is Hello packet wit hout dat a. I t is always
unicast and uses UDP.
+ Qu e r y: used t o find alt ernat e pat hs when all pat hs t o a dest inat ion have failed
+ Re ply: is sent in response t o query packet s t o inst ruct t he originat or not t o recom put e t he
rout e because feasible successors exist . Reply packet s are always unicast t o t he originat or of t he
query
EI GRP sends every Query and Reply m essage using RTP, so every m essage is acknowledged using
an EI GRP ACK m essage.
EI GRP Rout e D iscove r y
Suppose t hat our net work has 2 rout ers and t hey are configured t o use EI GRP. Let ’s see what will
happen when t hey are t urned on.
First ly, t he rout er will t ry t o est ablish a neighboring relat ionships by sending “ Hello” packet s t o
ot hers running EI GRP. The dest inat ion I P address is 224.0.0.10 which is t he m ult icast address of
EI GRP. By t his way, ot her rout ers running EI GRP will receive and proceed t hese m ult icast packet s.
These packet s are sent over TCP.

Aft er hearing “ Hello” from R1, R2 will respond wit h anot her “ Hello” packet .

http://www.9tut 104
R2 will also send it s rout ing t able t o R1 by “ Updat e” packet s. Rem em ber t hat R2 will send it s
com plet e rout ing t able for t he first t im e.

R1 confirm s it has received t he Updat e packet by an “ ACK” m essage.

R1 will also send t o R2 all of it s rout ing t able for t he first t im e

R2 sends a message saying it has received R1′s routing table.

http://www.9tut 105
Now bot h R1 & R2 learn all t he pat hs of t he neighbor and t he n e t w or k is conve r ge d. But t here
are som e not ices you should know:
+ Aft er t he net work converged, “ Hello” m essages will st ill be sent t o indicat e t hat t he it is st ill
alive.
+ When som et hing in t he net work changes, rout ers will only send part ial updat es t o rout ers which
need t hat inform at ion.
+ Hellos are sent as periodic m ult icast s and are not acknowledged direct ly.
+ The first hellos are used t o build a list of neighbors; t hereaft er, hellos indicat e t hat t he neighbor
is st ill alive
To becom e a neighbor, t he following condit ions m ust be m et :
+ The rout er m ust hear a Hello packet from a neighbor.
+ The EI GRP aut onom ous syst em m ust be t he sam e.
+ K- values m ust be t he sam e.
EI GRP builds and m aint ains t hree t ables:
+ Neighbor t able: list s direct ly connect ed rout ers running EI GRP wit h which t his rout er has an
adj acency
+ Topology t able: list s all rout es learned from each EI GRP neighbor
+ Rout ing t able: list s all best rout es from t he EI GRP t opology t able and ot her rout ing processes
Configu r ing EI GRP

Rout er( config) # r ou t e r e igr p 1 Synt ax: r ou t e r e igr p < AS n um be r >

Turn on t he EI GRP process
1 is t he Aut onom ous Syst em ( AS) num ber. I t can be from 1
t o 65535.
All rout ers in t he sam e net work m ust use t he sam e AS
num ber.

Rout er( config- rout er) # n e t w or k Rout er will t urn on EI GRP 1 process on all t he int erfaces
1 9 2 .1 6 8 .1 .0 belonging t o 192.168.1.0/ 24 net work.

I n t he next part we will learn about t he Feasible Dist ance & Adm inist rat ive Dist ance of EI GRP

Quest ion 1

Refer t o t he exhibit , when running EI GRP what is required for R1 t o exchange rout ing updat es
wit h R3?

A – AS num bers m ust be changed t o m at ch on all t he rout ers

B – Loopback int erfaces m ust be configured so a DR is elect ed
C – The no aut o- sum m ary com m and is needed on R1 and R3
D – R2 needs t o have t wo net work st at em ent s, one for each connect ed net work

Answer: A

http://www.9tut 106
Quest ion 2:

As a Cisco t echnician, you need t o know EI GRP prot ocol very well. Which of t he following is t rue
about EI GRP successor rout es? ( Choose t wo)

A – A successor rout e is used by EI GRP t o forward t raffic t o a dest inat ion

B – Successor rout es are st ored in t he neighbor t able follow ing t he discovery process
C – Successor rout es are flagged as “ act ive” in t he rout ing t able
D – A successor rout e m ay be backed up by a feasible successor rout e
E – Successor rout es are st ored in t he neighbor t able follow ing t he discovery process.

Answer: A D

Explanat ion:

B is not correct because neighbor t able only cont ains a list of direct ly connect ed EI GRP rout ers
t hat have an adj acency wit h t his rout er, it doesn’t cont ain successor rout es.

C is not correct because successor rout es are not flagged as “ act ive” , t hey are always t he best
rout e t o reach rem ot e net works and are always used t o send packet s.

A and D are correct because successor rout e is t he best and prim ary rout e t o a rem ot e net work. I t
is st ored in t he rout ing t able and t opology t able. I f t his rout e fails, a backup rout e ( called feasible
successor rout e) in t he t opology t able will be used t o rout e t raffic t o a dest inat ion.

Quest ion 3:

Which t wo st at em ent s are t rue regarding EI GRP? ( Choose t wo)

A – Passive rout es are in t he process of being calculat ed by DUAL

B – EI GRP support s VLSM, rout e sum m arizat ion, and rout ing updat e aut hent icat ion
C – EI GRP exchanges full rout ing t able inform at ion wit h neighboring rout ers wit h every updat e
D – I f t he feasible successor has a higher advert ised dist ance t han t he successor rout e, it
becom es t he prim ary rout e
E – A query process is used t o discover a replacem ent for a failed rout e if a feasible successor is
not ident ified from t he current rout ing inform at ion

Answer: B E

Explanat ion:

Diffusing Updat e Algorit hm ( DUAL) is t he algorit hm for select ing and m aint aining t he best pat h t o
each rem ot e net work. DUAL t racks all t he rout es advert ised by neighbors and select s rout es based
on feasible successors. I t insert s lowest cost pat hs int o t he rout ing t able ( t hese rout es are known
as prim ary rout es or successor rout es) - > A is not correct .

EI GRP is st ill a dist ance- vect or prot ocol, but has cert ain feat ures t hat belong t o link- st at e
algorit hm s ( like OSPF) t han dist ance- vect or algorit hm s. For exam ple, EI GRP sends a part ial
rout ing t able updat e, which includes j ust rout es t hat have been changed, not t he full rout ing t able
like dist ance- vect or algorit hm s - > C is not correct .

The feasible successor rout e will becom e t he prim ary rout e when it s advert ised dist ance is lower
t han t he feasible dist ance of t he successor rout e. The feasible successor rout e can be used in t he
event t hat t he successor rout e goes down. Not ice t hat t he feasible successor rout e does not get
inst alled in t he rout ing t able but is kept in t he t opology t able as a backup rout e - > D is not
correct .

http://www.9tut 107
“ Support VLSM, rout e sum m arizat ion, and rout ing updat e aut hent icat ion” are t he feat ures of
EI GRP - > B is correct .

When a rout e fails and has no feasible successor, EI GRP uses a dist ribut ed algorit hm called
Diffusing Updat e Algorit hm ( DUAL) t o discover a replacem ent for a failed rout e. When a new rout e
is found, DUAL adds it t o t he rout ing t able - > E is correct .

Quest ion 4

Which t ype of EI GRP rout e ent ry describes a feasible successor?

A. a prim ary rout e,st ored in t he rout ing t able

B. a backup rout e,st ored in t he rout ing t able
C. a backup rout e,st ored in t he t opology t able
D. a prim ary rout e,st ored in t he t opology t able

Answer: C

Explanat ion

Feasible successor is a rout e whose Advert ised Dist ance is less t han t he Feasible Dist ance of t he
current best pat h. A feasible successor is a backup rout e, which is not st ored in t he rout ing t able
but st ored in t he t opology t able.

Quest ion 5

Refer t o t he exhibit . Given t he out put from t he show ip eigrp t opology com m and, which rout er is
t he feasible successor?
rout er# show ip eigrp t opology 10.0.0.5 255.255.255.255
I P- EI GRP t opology ent ry for 10.0.0.5/ 32 St at e is Passive, Query
origin flag is 1, 1 Successor( s) , FD is 41152000

A.
10.1.0.1 ( Serial0) , from 10.1.0.1, Send flag is 0× 0
Com posit e m et ric is ( 46152000/ 41640000) , Rout e is I nt ernal
Vect or m et ric:
Minim um bandwidt h is 64 Kbit
Tot al delay is 45000 Microseconds
Reliabilit y is 255/ 255
Load is 1/ 255
Minim um MTU is 1500
Hop count is 2

B.
10.0.0.2 ( Serial0.1) , from 10.0.0.2, Send flag is 0× 0
Com posit e m et ric is ( 53973248/ 128256) , Rout e is I nt ernal
Vect or Met ric:
Minim um bandwidt h is 48 Kbit
Tot al delay is 25000 Microseconds
Reliabilit y is 255/ 255
Load is 1/ 255
Minim um MTU is 1500

http://www.9tut 108
Hop count is 1

C.
10.1.0.3 ( Serial0) , from 10.1.0.3, Send flag is 0× 0
Com posit e m et ric is ( 46866176/ 46354176) , Rout e is I nt ernal
Vect or m et ric:
Minim um bandwidt h is 56 Kbit
Tot al delay is 45000 m icroseconds
Reliabilit y is 255/ 255
Load is 1/ 255
Minim um MTU is 1500
Hop count is 2

D.
10.1.1.1 ( Serial0.1) , from 10.1.1.1, Send flag is 0× 0
Com posit e m et ric is ( 46763776/ 46251776) , Rout e is Ext ernal
Vect or m et ric:
Minim um bandwidt h is 56 Kbit
Tot al delay is 41000 m icroseconds
Reliabilit y is 255/ 255
Load is 1/ 255
Minim um MTU is 1500
Hop count is 2

Answer: B

Explanat ion

To be t he feasible successor, t he Advert ised Dist ance ( AD) of t hat rout e m ust be less t han t he
Feasible Dist ance ( FD) of t he successor. From t he out put of t he “ show ip eigrp t opology 10.0.0.5
255.255.255.255″ we learn that the FD of the successor is 41152000.

Now we will m ent ion about t he answers, in t he “ Com posit e m et ric is ( …/ …) ” st at em ent t he first
param et er is t he FD while t he second param et er is t he AD of t hat rout e. So we need t o find out
which rout e has t he second param et er ( AD) less t han 41152000 - > only answer B sat isfies t his
requirem ent wit h an AD of 128256.

Quest ion 6

A net work adm inist rat or is t roubleshoot ing an EI GRP problem on a rout er and needs t o confirm
t he I P addresses of t he devices wit h which t he rout er has est ablished adj acency. The ret ransm it
int erval and t he queue count s for t he adj acent rout ers also need t o be checked. What com m and
will display t he required inform at ion?

A. Rout er# show ip eigrp adj acency

B. Rout er# show ip eigrp t opology
C. Rout er# show ip eigrp int erfaces
D. Rout er# show ip eigrp neighbors

Answer: D

http://www.9tut 109
Explanat ion

Below is an exam ple of t he show ip eigrp neighbors com m and. The ret ransm it int erval ( Sm oot h
Round Trip Tim er – SRTT) and t he queue count s ( Q count , which shows t he num ber of queued
EI GRP packet s) for t he adj acent rout ers are list ed:

Quest ion 7

Refer t o t he exhibit . How m any pat hs can t he EI GRP rout ing process use t o forward packet s from
HQ_Rout er t o a neighbor rout er?
HQ_Rout er# show ip prot ocols
Routing Protocol is “eigrp 109″
Out going updat e filt er list for all int erfaces is not set
I ncom ing updat e filt er list for all int erfaces is not set
Default net works flagged in out going updat es
Default net works accept ed from incom ing updat es
EI GRP m et ric weight K1= 1, K2= 0, K3= 1, K4= 0, K5= 0
EI GRP m axim um hopcount 100
EI GRP m axim um m et ric variance 3
Redist ribut ing: eigrp 109
EI GRP NSF- aware rout e hold t im er is 240s
Aut om at ic net work sum m arizat ion is not in effect
Maxim um pat h: 4
Rout ing for Net works:
20.10.10.0/ 24
172.30.10.0/ 24
192.168.1.0
Rout ing I nform at ion Sources:
Gat eway Dist ance Last Updat e
20.10.10.2 90 00: 13: 12
172.30.10.2 90 01: 13: 06
Dist ance: int ernal 90 ext ernal 170
HQ_Rout er#

A. t wo equal- cost pat hs

B. t wo unequal- cost pat hs
C. t hree equal- cost pat hs
D. t hree unequal- cost pat hs
E. four equal- cost pat hs
F. four unequal- cost pat hs

Answer: E

Explanat ion

The “Maximum path: 4″ means EIGRP can use up to 4 equal- cost pat hs t o forward packet s from
HQ_Rout er t o a neighbor rout er.

http://www.9tut 110
Quest ion 8

I P address and rout ing for t he net work are configured as shown in t he exhibit . The net work
adm inist rat or issues t he show ip eigrp neighbors com m and from Rout er1 and receives t he out put
shown below t he t opology. Which st at em ent is t rue?

A. I t is norm al for Rout er1 t o show one act ive neighbor at a t im e t o prevent rout ing loops.
B. Rout ing is not com plet ely configured on Rout er3.
C. The I P addresses are not configured properly on t he Rout er1 and Rout er3 int erfaces.
D. The no aut o- sum m ary com m and configured on t he rout ers prevent s Rout er1 and Rout er2 from
form ing a neighbor relat ionship.

Answer: B

Explanat ion

From t he out put of Rout er1, we learn t hat Rout er1 has not est ablished neighborship wit h R3 yet .
Also from t he “ show running- config” on Router3 we notice that the “network 192.168.3.0″
st at em ent is m issing - > t he configurat ion on Rout er3 is not com plet e.

Quest ion 9

A rout er has learned t hree possible rout es t hat could be used t o reach a dest inat ion net work. One
rout e is from EI GRP and has a com posit e m et ric of 20514560. Anot her rout e is from OSPF wit h a
m et ric of 782. The last is from RI Pv2 and has a m et ric of 4. Which rout e or rout es will t he rout er
inst all in t he rout ing t able?

A. t he OSPF rout e
B. t he EI GRP rout e
C. t he RI Pv2 rout e

http://www.9tut 111
D. all t hree rout es
E. t he OSPF and RI Pv2 rout es

Answer: B

Explanat ion

When one rout e is advert ised by m ore t han one rout ing prot ocol, t he rout er will choose t o use t he
rout ing prot ocol which has lowest Adm inist rat ive Dist ance. The Adm inist rat ive Dist ances of
popular rout ing prot ocols are list ed below:

Quest ion 10

Refer t o t he exhibit . Based on t he exhibit ed rout ing t able, how will packet s from a host wit hin t he
192.168.10.192/ 26 LAN be forwarded t o 192.168.10.1?

A. The rout er will forward packet s from R3 to R2 t o R1

B. The rout er will forward packet s from R3 to R1
C. The rout er will forward packet s from R3 to R1 t o R2
D. The rout er will forward packet s from R3 to R2 t o R1 AND from R3 t o R1

Answer: D

http://www.9tut 112
Explanat ion

From t he rout ing t able we learn t hat net work 192.168.10.0/ 30 is learned via 2 equal- cost pat hs
( 192.168.10.9 &192.168.10.5) - > t raffic t o t his net work will be load- balancing.

Quest ion 11

Refer t o t he exhibit . The com pany uses EI GRP as t he rout ing prot ocol. What pat h will packet s t ake
from a host on 192.168.10.192/ 26 net work t o a host on t he LAN at t ached t o rout er R1?

R3# show ip rout e

Gat eway of last resort is not set
192 168.10.0/ 24 is variably subnet t ed, 6 subnet s, 2 m asks
D 192.168.10.64/ 26 [ 90/ 2195456] via 192.168.10.9, 00: 03: 31, Serial0/ 0
D 192.168.10.0/ 30 [ 90/ 2681856] via 192.168.10.9, 00: 03: 31, Serial0/ 0
C 192.168.10.4/ 30 is direct ly connect ed, Serial0/ 1
C 192.168.10.8/ 30 is direct ly connect ed, Serial0/ 0
C 192.168.10.192/ 26 is direct ly connect ed, Fast Et hernet 0/ 0
D 192.168.10.128/ 26 [ 90/ 2195456] via 192.168.10.5,00: 03: 31, Serial0/ 1

A. The pat h of t he packet s will be R3 t o R2 t o R1.

B. The pat h of t he packet s will be R3 t o R1 t o R2.
C. The pat h of t he packet s will be bot h R3 t o R2 t o R1 and R3 t o R1.
D. The pat h of t he packet s will be R3 t o R1

Answer: D

Explanat ion

Host on t he LAN at t ached t o rout er R1 belongs t o 192.168.10.64/ 26 subnet . From t he out put of
t he rout ing t able of R3 we learn t his net work can be reach via 192.168.10.9, which is an I P
address in 192.168.10.8/ 30 net work ( t he net work bet ween R1 & R3) - > packet s dest ined for
192.168.10.64 will be rout ed from R3 - > R1 - > LAN on R1.

Quest ion 12

Refer t o t he exhibit . A packet wit h a source I P address of 192.168.2.4 and a dest inat ion I P
address of 10.1.1.4 arrives at t he HokesB rout er. What act ion does t he rout er t ake?

http://www.9tut 113
A. forwards t he received packet out t he Serial0/ 0 int erface
B. forwards a packet cont aining an EI GRP advert isem ent out t he Serial0/ 1 int erface
C. forwards a packet cont aining an I CMP m essage out t he Fast Et hem et 0/ 0 int erface
D. forwards a packet cont aining an ARP request out t he Fast Et hem et 0/ 1 int erface

Answer: C

Explanat ion

When a packet wit h dest inat ion I P address of 10.1.1.4 arrives at HokesB, it will look up in t he
rout ing t able t o find t he m ost specific pat h. I n t his case no pat h is found so HokesB m ust inform
t o t he source host t hat t he dest inat ion is unreachable on t he int erface it has received t his packet
( it is Fa0/ 0 because t he net work 192.168.2.0/ 28 is learned from t his int erface) . So t he best
answer here should be C – send an I CMP m essage out of Fa0/ 0.

Quest ion 13

The EI GRP configurat ion in t he Glencoe rout er uses a single net work st at em ent . From t he out put
shown in t he graph would advert ise t hese net works in EI GRP?

A. net work 172.26.168.0 area 478

B. net work 172.26.0.0

http://www.9tut 114
C. net work 172.26.168.128 0.0.0.127
D. net work 172.26.168.128 area 478

Answer: B

Explanat ion

The single “ net work …” st at em ent used t o advert ise net work 172.26.168.128/ 26 &
172.26.169.0/ 26 m ust cover bot h of t hem - > it is “network 172.26.0.0″. Notice the “network
172.26.168.128 0.0.0.127″ command is valid but it only covers from 172.26.168.128 to
172.26.168.255.

Quest ion 14

Refer t o t he exhibit . From Rout erA, a net work adm inist rat or is able t o ping t he serial int erface of
Rout erB but unable t o ping any of t he subnet s at t ached t o Rout erB. Based on t he part ial out put s
in t he exhibit , what could be t he problem ?

A. EI GRP does not support VLSM.

B. The EI GRP net work st at em ent s are incorrect ly configured.

http://www.9tut 115
C. The I P addressing on t he serial int erface of Rout erA is incorrect .
D. The rout ing prot ocol has sum m arized on t he classful boundary.
E. EI GRP has been configured wit h an invalid aut onom ous syst em num ber.

Answer: D

Explanat ion

From t he out put of “ show ip rout e” com m and on Rout erB, we learn t hat Rout erB does not learn
any networks in RouterA. Also the “172.16.0.0/26 is a summary, 00:00:03, Null0″ line tells us
t his net wok is sum m arized.

Not e: EI GRP perform s aut o- sum m arizat ion each t im e it crosses a border bet ween t wo m aj or
net works. For exam ple, Rout erA has net works of 172.16.x.x. I t will perform aut o- sum m arizat ion
when sending over net work 10.1.1.0/ 30, which is in different m aj or net work ( 172.16.0.0/ 16 and
10.0.0.0/ 8 are called m aj or net works in t his case) .

CCNA – Securit y Quest ions

Quest ion 1

Which com ponent of VPN t echnology ensures t hat dat a can be read only by it s int ended recipient ?

A. dat a int egrit y

B. encrypt ion
C. key exchange
D. aut hent icat ion

Answer: D

Explanat ion

First you need t o underst and what t hese t erm s m ean:

Dat a int egrit y: verifying t hat t he packet was not changed as t he packet t ransit ed t he I nt ernet

Encrypt ion: conversion of dat a int o a form , called a ciphert ext , t hat cannot be easily underst ood
by unaut horized people

Aut hent icat ion: t he process of det erm ining whet her som eone or som et hing is, in fact , who or what
it is declared t o be. Aut hent icat ion can t ake place at bot h sides, t he sender and t he receiver.

Key exchange: is any m et hod in crypt ography by which crypt ographic keys are exchanged
bet ween users, allowing use of a crypt ographic algorit hm .

So in t his quest ion we realize t hat only aut hent icat ion involves in t he end user while ot hers are
about processing dat a - > D is correct .

Quest ion 2

What can be done t o secure t he virt ual t erm inal int erfaces on a rout er? ( Choose t wo)

A. Adm inist rat ively shut down t he int erface.

B. Physically secure t he int erface.
C. Creat e an access list and apply it t o t he virt ual t erm inal int erfaces wit h t he access- group
com m and.
D. Configure a virt ual t erm inal password and login process.

http://www.9tut 116
E. Ent er an access list and apply it t o t he virt ual t erm inal int erfaces using t he access- class
com m and.

Answer: D E

Explanat ion

I t is a wast e t o adm inist rat ively shut down t he int erface. Moreover, som eone can st ill access t he
virt ual t erm inal int erfaces via ot her int erfaces - > A is not correct .

We can not physically secure a virt ual int erface because it is “ virt ual” - > B is not correct .

To apply an access list t o a virt ual t erm inal int erface we m ust use t he “ access- class” com m and.
The “ access- group” com m and is only used t o apply an access list t o a physical int erface - > C is
not correct ; E is correct .

The m ost sim ple way t o secure t he virt ual t erm inal int erface is t o configure a usernam e &
password t o prevent unaut horized login - > D is correct .

Quest ion 3

The enable secret com m and is used t o secure access t o which CLI m ode?

A. user EXEC m ode

B. global configurat ion m ode
C. privileged EXEC m ode
D. auxiliary set up m ode

Answer: C

Quest ion 4

Which t ype of at t ack is charact erized by flood of packet t hat request ing a TCP connect ion t o a
server?

A. denial of service
B. brut e force
C. reconnaissance
D. Troj an horse

Answer: A

Quest ion 5

Which I Psec securit y prot ocol should be used when confident ialit y is required?

A. AH
B. MD5
C. PSK
D. ESP

Answer: D

Explanat ion

I Psec is a pair of prot ocols, Encapsulat ing Securit y Payload ( ESP) and Aut hent icat ion Header ( AH) ,
which provide securit y services for I P dat agram s.

ESP can provide t he propert ies aut hent icat ion, int egrit y, replay prot ect ion, and confident ialit y of
t he dat a ( it secures everyt hing in t he packet t hat follows t he I P header) .

http://www.9tut 117
AH provides aut hent icat ion, int egrit y, and replay prot ect ion ( but not confident ialit y) of t he sender.

Quest ion 6

What algorit hm t echnology m ust be used for ensuring dat a int egrit y when dat aflow goes over VPN
t unnel? ( Choose t wo)

A. RSA
B. DH- 1
C. DH- 2
D. HMAC- MD5
E. HMAC- SHA1

Answer: D E

Explanat ion

Dat a int egrit y ensures dat a has not been alt ered in t he t ransm ission. A dat a- int egrit y algorit hm
adds a hash t o t he m essage t o guarant ee t he int egrit y of t he m essage.

A Hashed Message Aut hent icat ion Code ( HMAC) is a dat a- int egrit y algorit hm t hat ensures t he
int egrit y of t he m essage. Two popular algorit hm s a VPN gat eway uses for verifying int egrit y of
dat a are HMAC- Message Digest 5 ( HMAC- MD5) and HMAC- Secure Hash Algorit hm 1 ( HMAC- SHA1)

+ HMAC- MD5 uses a 128- bit shared- secret key of any size. The variable- lengt h m essage and
shared- secret key are com bined and run t hrough t he HMAC- MD5 hash algorit hm . The out put is a
128- bit hash. The hash is appended t o t he original m essage and is forwarded t o t he rem ot e end.

+ HMAC- SHA- 1 uses a secret key of any size. The variable- lengt h m essage and t he shared- secret
key are com bined and run t hrough t he HMAC- SHA- 1 hash algorit hm . The out put is a 160- bit hash.
The hash is appended t o t he original m essage and is forwarded t o t he rem ot e end.

Diffie- Hellm an Group 1 ( DH- 1) & Diffie- Hellm an Group 2 ( DH- 2) are t wo encrypt ion algorit hm s for
VPN, not dat a int egrit y algorit hm s.

RSA is also an encrypt ion algorit hm , not dat a int egrit y algorit hm .

( Reference: I m plem ent ing Cisco I OS Net work Securit y I I NS)

Quest ion 7

What are t wo securit y appliances t hat can be inst alled in a net work? ( Choose t wo)

A. ATM
B. I DS
C. I OS
D. I OX
E. I PS
F. SDM

Answer: B E

Explanat ion

I nt rusion det ect ion syst em ( I DS) and int rusion prevent ion syst em ( I PS) solut ions form an int egral
part of a robust net work defense solut ion.

I DS m onit ors net work and syst em act ivit ies for m alicious act ivit ies or policy violat ions and
produces report s t o a Managem ent St at ion.

http://www.9tut 118
I PS provides policies and rules for net work t raffic along wit h an int rusion det ect ion syst em for
alert ing syst em or net work adm inist rat ors t o suspicious t raffic, but allows t he adm inist rat or t o
provide t he act ion upon being alert ed.

The key t o different iat ing an I DS from an I PS is t hat an I PS responds im m ediat ely and does not
allow any m alicious t raffic t o pass, whereas an I DS allows m alicious t raffic t o pass before it can
respond.

( Reference: I m plem ent ing Cisco I OS Net work Securit y I I NS)

Not e: Asynchronous Transfer Mode ( ATM) is a layer 2 WAN t ransport prot ocol. I t encodes dat a
int o sm all, fixed- sized cells consist ing of 48 byt es of payload and 5 byt es of cell header - > A is not
correct

Cisco Rout er and Securit y Device Manager ( SDM) is a Web- based device- m anagem ent t ool for
Cisco rout ers t hat can help you configure a rout er via a web browser - > I n general, it only helps
sim plify t he net work m anagem ent , rout er configurat ion so it is not a securit y appliance - > F is not
correct .

Quest ion 8

Which device m ight be inst alled at a branch office t o enable and m anage an I Psec sit e- t o- sit e
VPN?

A. Cisco I OS I Psec/ SSL VPN client

B. Cisco VPN Client
C. I SDN t erm inal adapt er
D. Cisco Adapt ive Securit y Appliance

Answer: D

Explanat ion

An exam ple of I Psec sit e- t o- sit e VPN is your corporat ion has depart m ent s in m any count ries which
need t o com m unicat e wit h each ot her. A popular solut ion is sit e- t o- sit e ( LAN- t o- LAN) VPN t o
creat e privat e net works t hrough t he I nt ernet . But as we know, I nt ernet is not a safe environm ent
for im port ant dat a t o be t ransferred. That is t he reason why we need I Psec, a prot ocol suit e for
securing I nt ernet Prot ocol ( I P) com m unicat ions by aut hent icat ing and encrypt ing each I P packet
of a com m unicat ion session.

Cisco Adapt ive Securit y Appliance ( ASA) support s I Psec, t hat ’s all I can say! I f you wish t o learn
m ore about t he configurat ion, please
readht t p: / / www.cisco.com / en/ US/ product s/ ps5855/ product s_configurat ion_exam ple09186a0080a
9a7a3.sht m l

Quest ion 9

Refer t o t he exhibit . What is t he result of set t ing t he no login com m and?

Rout er# config t

Rout er( config) # line vt y 0 4
Rout er( config- line) # password c1sc0
Rout er( config- line) # no login

A. This is a virt ually lim it less supply of I P addresses

B. Telnet access requires a new password at first login
C. Telnet access requires a password
D. Telnet access is denied

http://www.9tut 119
Answer: No correct answer

Explanat ion

There is a m ist ake in t his quest ion because t his configurat ion will let som eone t elnet t o t hat rout er
wit hout t he password ( so t he line “ password c1sco” is not necessary) .

I f we want t o deny t elnet we can configure like t his:

Rout er( config) # line vt y 0 4

Rout er( config- line) # no password ( if t he password is set before)
Rout er( config- line) # login

Wit h t his configurat ion, when som eone t ries t o t elnet t o t his rout er, a m essage “ Password
required, but none set ” is displayed.

Quest ion 10

What is t he effect of using t he service password- encrypt ion com m and?

A. Only passwords configured aft er t he com m and has been ent ered will be encrypt ed.
B. Only t he enable password will be encrypt ed.
C. Only t he enable secret password will be encrypt ed
D. I t will encrypt t he secret password and rem ove t he enable secret password from t he
configurat ion.
E. I t will encrypt all current and fut ure passwords.

Answer: E

Explanat ion

The secret password ( configured by t he com m and “ enable secret “ ) is always encrypt ed even if
t he “ service password- encrypt ion” com m and is not used. Moreover, t he secret password is not
rem oved from t he configurat ion wit h t his com m and, we st ill see it in encrypt ed form in t he
running- config - > D is not correct .

The “ enable password ” does not encrypt t he password and can be viewed in clear t ext in t he
running- config. By using t he “ service password- encrypt ion” com m and, t hat password is encrypt ed
( bot h current and fut ure passwords) - > A is not correct , E is correct .

Answer B – Only t he enable password will be encrypt ed seem s t o be correct but it im plies t he
secret password will not be encrypt ed and st ay in clear t ext , which is not correct .

For your inform at ion, t he secret password is encrypt ed wit h MD5 one- way hash algorit hm which is
harder t o break t han t he encrypt ion algorit hm used by t he “ service password- encrypt ion”
com m and.

Quest ion 11

Which com m and set s and aut om at ically encrypt s t he privileged enable m ode password?

A. enable password c1sco

B. secret enable c1sco
C. password enable c1sco
D. enable secret c1sco

Answer: D

http://www.9tut 120
CCNA – DHCP Quest ions

Quest ion 1
Refer t o t he exhibit . Which rule does t he DHCP server use when t here is an I P address conflict ?

A. The address is rem oved from t he pool unt il t he conflict is resolved.

B. The address rem ains in t he pool unt il t he conflict is resolved.
C. Only t he I P det ect ed by Grat uit ous ARP is rem oved from t he pool.
D. Only t he I P det ect ed by Ping is rem oved from t he pool.
E. The I P will be shown, even aft er t he conflict is resolved.
An sw e r : A
Quest ion 2
How dose a DHCP server dynam ically assign I P address t o host ?
A. Addresses are allocat ed aft er a negot iat ion bet ween t he server and t he host t o det erm ine t he
lengt h of t he agreem ent .
B. Addresses are assigned for a fixed period of t im e. At t he end of period, a new quest for an
address m ust be m ade, and anot her address is t hen assigned.
C. Addresses are leased t o host . A host will usually keep t he sam e address by periodically
cont act ing t he DHCP sever t o renew t he lease.
D. Addresses are perm anent ly assigned so t hat t he host uses t he sam e address at all t im es.
An sw e r : C
Quest ion 3
Which t wo t asks does t he Dynam ic Host Configurat ion Prot ocol perform ? ( Choose t wo)
A. Set t he I P gat eway t o be used by t he net work.
B. Perform host discovery used DHCPDI SCOVER m essage.
C. Configure I P address param et ers from DHCP server t o a host .
D. Provide an easy m anagem ent of layer 3 devices.
E. Monit or I P perform ance using t he DHCP server.
F. Assign and renew I P address from t he default pool.
An sw e r : C F
Quest ion 4
Which st at em ent is correct regarding t he operat ion of DHCP?
A. A DHCP client uses a ping t o det ect address conflict s.
B. A DHCP server uses a grat uit ous ARP t o det ect DHCP client s.
C. A DHCP client uses a grat uit ous ARP t o det ect a DHCP server.
D. I f an address conflict is det ect ed, t he address is rem oved from t he pool and an adm inist rat or
m ust resolve t he conflict .
E. I f an address conflict is det ect ed, t he address is rem oved from t he pool for an am ount of t im e
configurable by t he adm inist rat or.

http://www.9tut 121
F. I f an address conflict is det ect ed, t he address is rem oved from t he pool and will not be reused
unt il t he server is reboot ed.
An sw e r : D
Explanat ion
An address conflict occurs when t wo host s use t he sam e I P address. During address assignm ent ,
DHCP checks for conflict s using ping and grat uit ous ARP. I f a conflict is det ect ed, t he address is
rem oved from t he pool. The address will not be assigned unt il t he adm inist rat or resolves t he
conflict .
( Reference: ht t p: / / www.cisco.com / en/ US/ docs/ ios/ 12_1/ iprout e/ configurat ion/ guide/ 1cddhcp.ht m
l)

DHCP Group of Four Quest ions

Refer t o t he exhibit . Using t he inform at ion shown, answer t he quest ion

Qu e st ion 1 :
All host s in t he net works have been operat ional for several hours when t he DHCP server goes
down. What happens t o t he host s t hat have obt ained service from t he DHCP server?
A – The host s will not be able t o com m unicat e wit h any ot her host s.
B – The host s will cont inue t o com m unicat e norm ally for a period of t im e.
C – The host s will be able t o com m unicat e wit h host s out sides t heir own net work
D – The host s will only be able t o com m unicat e wit h ot her host s by I P address not by host nam e
An sw e r : B
Ex pla na t ion :
DHCP oft en uses dynam ic allocat ion m echanism t o save I P addresses, which assigns an I P address
t o a client for a lim it ed period of t im e. So when t he DHCP server goes down, t hat client can st ill
use t he allocat ed I P address for a period of t im e
Qu e st ion 2 :
What is t he purpose of t he DHCP server?
A – t o provide st orage for em ail
B – t o t ranslat e URLs t o I P addresses

http://www.9tut 122
C – t o t ranslat e I Pv4 addresses t o MAC addresses
D – t o provide an I P configurat ion inform at ion t o host s

An sw e r : D
Ex pla na t ion :
The m ain purpose of t he DHCP server is t o provide I P configurat ion param et ers t o host s such as
t he default gat eway, dom ain nam e, Dom ain Nam e Syst em ( DNS) server…
Qu e st ion 3 :
How is t he m essage sent from a PC2 when is first powers on and at t em pt s t o cont act t he DHCP
Server?
A – Layer 3 unicast
B – Layer 3 broadcast
C – Layer 3 m ult icast
D – Wit hout any Layer 3 encapsulat ion

An sw e r : B
Ex pla na t ion :
When a client boot s up for t he first t im e, it t ransm it s a DHCPDI SCOVER m essage on it s local
physical subnet . Because t he client has no way of knowing t he subnet t o which it belongs, t he
DHCPDI SCOVER is an all- subnet s broadcast ( dest inat ion I P address of 255.255.255.255, which is
a layer 3 broadcast address) . The client does not have a configured I P address, so t he source I P
address of 0.0.0.0 is used.
Qu e st ion 4 :
What is t he default behavior of R1 when PC1 request s service from DHCP server?
A – Drop t he request
B – Broadcast t he request t o R2 and R3
C – Forward t he request t o R2
D – Broadcast t he request t o R2, R3 and I SP

An sw e r : A
Ex pla na t ion :
When PC1 request s service from DHCP server ( for exam ple, it request s an I P address) , it sends a
broadcast packet . But R1 rout er, by default , will not forward broadcast packet and drop it .
For your inform at ion, if you want t o use t he DHCP server from anot her net work ( like in t his case)
you can use t he ip helper- address com m and which will m ake t he rout er forward UDP broadcast s.

I n t he real exam you will be t aken t o a LAB sim ulat ion environm ent but it is, in fact , j ust a group
of 4 m ult i- choice quest ions!

http://www.9tut 123
CCNA – Drag and Drop

Pa r t 1
Qu e st ion 1 :
A dent al firm is redesigning t he net work t hat connect s it s t hree locat ions. The adm inist rat or gave
t he net working t eam 192.168.164.0 t o use for addressing t he ent ire net wok. Aft er subnet t ing t he
address, t he t eam is ready t o assign t he addresses. The adm inist rat or plans t o configure ip
subnet - zero and use RI P v2 as t he rout ing prot ocol. As a m em ber of t he net working t eam , you
m ust address t he net work and at t he sam e t im e conserver unused addresses for fut ure growt h.
Wit h t hose goals in m ind, drag t he host addresses on t he left t o t he correct rout er int erface. Once
of t he rout ers is part ially configured. Move your m ouse over a rout er t o view it s configurat ion. Not
all of t he host addresses on t he left are necessary.

An sw e r :

Ex pla na t ion :
I n short , we should st art calculat ing from t he biggest net work ( wit h 16 host s) t o t he sm allest one
using t he form ula 2 n – 2 ( n is t he num ber of bit s we need t o borrow) .Therefore:
16 host s < 2 5 – 2 ( we need t o borrow 5 bit s - > / 27)
11 host s < 2 4 – 2 ( borrow 4 bit s - > / 28)
5 host s < 2 3 – 2 ( borrow 3 bit s - > / 29)
From t he available ip addresses, we see t hat each of t hem has only one suit able solut ion ( t hey are
192.168.164.149/ 27,192.168.164.166/ 28 and 192.168.164.178/ 29)
The sm allest net work is t he Floss S0/ 0 which only requires 2 host s = 2 2 – 2 ( need t o borrow 2 bit s
- > / 30) . There are 2 suit able answers: 192.168.164.189/ 30 and 192.168.164.188/ 30 but not ice
t hat 192.168.164.188/ 30 is t he net work address so we can not use it ( because 188 = 4 * 47) - >
we have t o choose 192.168.164.189 as t he correct solut ion.

http://www.9tut 124
I n fact , it is not t he form al way t o solve a VLSM quest ion so I recom m end you t o review your
CCNA book if you haven’t grasped it well yet .
Qu e st ion 2 :
I n order t o com plet e a basic swit ch configurat ion, drag each swit ch I OS com m and on t he left t o it s
purpose on t he right

An sw e r :
1) enable
2) configure t erm inal
3) host nam e
4) I nt erface vlan 1
5) no shut down
6) ip address
7) ip default - gat eway
Qu e st ion 3 :
The Missouri branch office rout er is connect ed t hrough it s s0 int erface t o t he Alabam a
Headquart ers rout er s1 int erface. The Alabam a rout er has t wo LANs. Missouri users obt ain
I nt ernet access t hrough t he Headquart ers rout er. The net work int erfaces in t he t opology are
addressed as follows: M issou r i: e 0 – 1 9 2 .1 6 8 .3 5 .1 7 / 2 8 ; s0 –
1 9 2 .1 6 8 .3 5 .3 3 / 2 8 ; Ala ba m a : e 0 – 1 9 2 .1 6 8 .3 5 .4 9 / 2 8 ; e 1 – 1 9 2 .1 6 8 .3 5 .6 5 / 2 8 ; s1 –
1 9 2 .1 6 8 .3 5 .3 4 / 2 8 . The account ing server has t he address of1 9 2 .1 6 8 .3 5 .6 6 / 2 8 . Mat ch t he
access list condit ions on t he left wit h t he goals on t he right . ( Not all opt ions on t he left are used.)

http://www.9tut 125
An sw e r :
1) deny ip 192.168.35.16 0.0.0.15 host 192.168.35.66
2) deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66
3) perm it ip 192.168.35.0 0.0.0.255 host 192.168.35.66
Ex pla na t ion :
1) The wildcard mask of the command “deny ip 192.168.35.16 0.0.0.15 host 192.16.35.66″ is
0.0.0.15, which is equal t o net work m ask of 255.255.255.240 = / 28. So t he access list will deny
all t raffic from net work 192.168.35.16/ 28 from accessing host 192.16.35.66, which is t he I P
address of account ing server.
2) The command “deny ip 192.168.35.55 0.0.0.0 host 192.168.35.66″ will deny host
192.168.35.55, which is a user and belongs t o int erface e0 of Alabam a rout er ( 192.168.35.49/ 28)
from accessing account ing server.
3) Because t here is an im plicit “ deny all” com m and at t he end of each access list so t he com m and
“permit ip 192.168.35.0 0.0.0.255 host 192.168.35.66″ will only let network 192.168.35.0/24
access account ing server whilst prevent t raffic from ot her net works.
Quest ion 4:
A host wit h t he address of 192.168.125.34/ 27 needs t o be denied access t o all host s out side it s
own subnet . To accom plish t his, com plet e t he com m and in bracket s, [ a cce ss- list 1 0 0
de ny pr ot ocol a ddr e ss m a sk a ny] , by dragging t he appropriat e opt ions on t he left t o t heir
correct placeholders on t he right .

http://www.9tut 126
Answer:
1) ip
2) 192.168.125.34
3) 0.0.0.0
Full com m and: a cce ss- list 1 0 0 de n y ip 1 9 2 .1 6 8 .1 2 5 .3 4 0 .0 .0 .0
Quest ion 5:
Drag and drop t he net work user applicat ion t o t he appropriat e descript ion of it s prim ary use ( not
all opt ions are used)

Answer:
1) web browser
2) inst ant m essage
3) e- m ail
4) dat abase
5) collaborat ion
Quest ion 6:
This t opology cont ains 3 rout ers and 1 swit ch. Com plet e t he t opology.

D r a g t he a ppr opr ia t e de vice icon s t o t he la be le d D e vice

Drag t he appropriat e connect ions t o t he locat ions labeled Connect ions.

http://www.9tut 127
Drag t he appropriat e I P addresses t o t he locat ions labeled I P address

( Hint : use t he given host addresses and Main rout er inform at ion)
To rem ove a device or connect ion, drag it away from t he t opology.
Use infor m a t ion ga t he r e d fr om t h e M a in r ou t e r t o com ple t e t he con figu r a t ion of a ny
a ddit ion a l r ou t e r s. No passwords are required t o access t he Main rout er . The config t erm inal
com m and has been disabled for t he HQ rout er. The rout er does not require any configurat ion.
Configure each addit ional rout er wit h t he following

Configu r e t h e in t e r fa ce s w it h t h e cor r e ct I P a ddr e ss a n d e na ble t h e

in t e r fa ce s.

Set t he password t o allow console access t o con sole pw

Set t he password t o allow t elnet access t o t e lne t pw
Set t he password t o allow privilege m ode access t o pr ivpw

Not e: Because rout es are not being added t o t he configurat ions, you will not be able t o ping
t hrough t he int ernet work.
All devices have cable aut osensing capabilit ies disabled.
All host s are PC’s

http://www.9tut 128
Answer:

View full explanat ion of t his quest ion here

Pa r t 2
Qu e st ion 1
The left describes OSI layers, while t he right provides som e t erm s. Drag t he it em s on t he right t o
t he proper locat ions.

http://www.9tut 129
An sw e r :
N e t w or k La ye r :
1) I P addresses
2) packet s
3) rout ing
Tr a n spor t La ye r :
1) windowing
2) UDP
3) segm ent s
Qu e st ion 2
The above describes som e cat egories, while t he below provides t heir corresponding rout er out put
lines. Drag t he above it em s t o t he proper locat ions.

An sw e r :
1) Port operat ional: Serial0/ 1 is up, line prot ocol is up
2) Layer 2 problem : Serial0/ 1 is up, line prot ocol is down

http://www.9tut 130
3) Layer 1 problem : Serial0/ 1 is down, line prot ocol is down
4) Port disabled: Serial0/ 1 is adm inist rat or down, line prot ocol is down
Ex pla na t ion :
A sim ple way t o find out which layer is having problem is t o rem em ber t his rule: “ t he first
st at em ent is for Layer 1, t he last st at em ent is for Layer 2 and if Layer 1 is down t hen surely Layer
2 will be down t oo” , so you have t o check Layer 1 before checking Layer 2. For exam ple, from t he
out put “ Serial0/ 1 is up, line prot ocol is down” we know t hat it is a layer 2 problem because t he
first st at em ent ( Serial0/ 1 is up) is good while t he last st at em ent ( line prot ocol is down) is bad. For
t he st at em ent “ Serial0/ 1 is down, line prot ocol is down” , bot h layers are down so t he problem
belongs t o Layer 1.
There is only one special case wit h t he st at em ent “ …. is adm inist rat or down, line prot ocol is
down” . I n t his case, we know t hat t he port is current ly disabled and shut down by t he
adm inist rat ors.
Qu e st ion 3
A user is unable t o connect t o t he I nt ernet . Based on t he layered approach t o t roubleshoot ing and
beginning wit h t he lowest layer. Follow t he guide and drag t he cont ent s t o relevant m odules.

An sw e r :
1) Verify Et hernet cable connect ion: St ep 1
2) Verify NI C operat ion: St ep 2
3) Verify I P configurat ion: St ep 3
4) Verify URL: St ep 4
Ex pla na t ion :
The quest ion asks us t o “ begin wit h t he lowest layer” so we have t o begin wit h Layer 1: verify
physical connect ion; in t his case an Et hernet cable connect ion. For your inform at ion, “ verify
Et hernet cable connect ion” m eans t hat we check if t he t ype of connect ion ( crossover, st raight -
t hrough, rollover…) is correct , t he RJ45 headers are plugged in, t he signal on t he cable is
accept able…
Next we “ verify NI C operat ion” . We do t his by sim ply m aking a ping t o t he loopback int erface
127.0.0.1. I f it works t hen t he NI C card ( layer 1,2) and TCP/ I P st ack ( layer 3) are working
properly.
Verify I P configurat ion belongs t o layer 3. For exam ple, checking if t he I P can be assignable for
host , t he PC’s I P is in t he sam e net work wit h t he gat eway…
Verifying t he URL by t yping in your browser som e popular websit es like google.com ,
m icrosoft .com t o assure t hat t he far end server is not down ( it som et im es m ake we t hink we can’t
access t o t he I nt ernet ) . We are using a URL so t his st ep belongs t o layer 7 of t he OSI m odel.

http://www.9tut 131
Qu e st ion 4
The left describes t he t ypes of cables, while t he right describes t he purposes of t he cables. Drag
t he it em s on t he left t o t he proper locat ions. ( Not all it em s can be used) .

An sw e r :
1) st raight - t hrough: swit ch access port t o rout er
2) crossover: swit ch t o swit ch
3) rollover: PC COM port t o swit ch
Ex pla na t ion :
To rem em ber which t ype of cable you should use, follow t hese t ips:
- To connect t w o se r ia l in t e r fa ce s of 2 rout ers we use se r ia l ca ble
– To specify when we use crossover cable or st raight - t hrough cable, we should rem em ber:
Gr ou p 1 : Rout er, Host , Server
Gr ou p 2 : Hub, Swit ch
One device in group 1 + One device in group 2: use st r a igh t - t h r ough ca ble
Two devices in t he sam e group: use cr ossove r ca ble
For exam ple: we use st raight - t hrough cable t o connect swit ch t o rout er, swit ch t o host , hub t o
host , hub t o server… and we use crossover cable t o connect swit ch t o swit ch, swit ch t o hub,
rout er t o rout er, host t o host … )
Qu e st ion 5
The left describes t he t ypes of swit ch port s, while t he right describes t he feat ures. Drag t he
opt ions on t he right t o t he proper locat ions.

http://www.9tut 132
An sw e r :
Acce ss Por t :
- Carries t raffic for a single VLAN
– Uses a st raight - t hrough cable t o connect a device
– Connect s an end- user workst at ion t o a swit ch
Tr u n k Por t :
- Carries t raffic for a m ult iple VLAN
– Uses 802.1q t o ident ify t raffic from different VLANs
– Facilit at es int erVLAN com m unicat ions when connect ed t o a Layer 3 device
Qu e st ion 6
The above describes t he Spanning- Tree Prot ocol port st at es, while t he below describes t heir
funct ions. Drag t he above it em s t o t he proper locat ions.

An sw e r :
- Learning: populat ing t he MAC address t able but not forwarding dat a fram es
– Forwarding: sending and receiving dat a fram es
– List ening: preparing t o forward dat a fram es wit hout populat ing t he MAC address t able
– Blocking: prevent ing t he use of looped pat hs

Pa r t 3
Qu e st ion 1
Drag t he securit y feat ures on t he left t o t he specific securit y risks t hey help prot ect against on t he
right . ( Not all opt ions are used)

http://www.9tut 133
An sw e r :
1) VTY password: rem ot e access t o device console
2) console password: access t o t he console 0 line
3) access- group: access t o connect ed net works or resources
4) service password- encrypt ion: viewing of passwords
5) enable secret : access t o privileged m ode
The unselect ed left - box – CHAP – is used t o verify t he ident it y of t he peer by m eans of a t hree-
way handshake.
Qu e st ion 2
Refer t o t he exhibit . PC- A is sending packet s t o t he FTP server. Consider t he packet s as t hey leave
RA int erface Fa0/ 0 forwards RB. Drag t he correct fram e and packet address t o t heir places in t he
t able.

http://www.9tut 134
An sw e r :
Source MAC: 0000.0C93.9999
Dest inat ion MAC: 0000.0C89.3333
Source I P: 172.16.21.7
Dest inat ion I P: 172.16.34.250
Ex pla na t ion
Rem em ber t hese rules:
The I P addresses ( of source and dest inat ion) of a packet never change during t he t ransport at ion
t hrough t he net work. For exam ple if PC- A want s t o send a packet t o PC- Z t hen t he source and
dest inat ion I P addresses of t he packet will be t he I P addresses of PC- A and PC- Z no m at t er how
m any devices t hey go t hrough.
The MAC addresses, conversely, will change while passing t he devices. The source MAC address is
t he address of t he last sender and t he dest inat ion MAC address is t he address of t he next device.
Qu e st ion 3
As a net work adm inist rat or, you are required t o configure t he net work securit y policy. And t he
policy requires t hat only one host be perm it t ed t o at t ach dynam ically t o each swit ch int erface. I f
t hat policy is violat ed, t he int erface should shut down. Which t wo com m ands m ust t he net work
adm inist rat or configure on t he 2950 Cat alyst swit ch t o m eet t his policy? Please choose
appropriat e com m ands and drag t he it em s t o t he proper locat ions.

An sw e r :
Appropriat e com m ands:
SW( config- if) # swit chport port - securit y m axim um 1
SW( config- if) # swit chport port - securit y violat ion shut down
Qu e st ion 4
The left describes boot sequence, while t he right describes t he orders. Drag t he it em s on t he left
t o t he proper locat ions.

http://www.9tut 135
An sw e r :
1) St ep 1: The power on self t est execut es.
2) St ep 2: The boot st rap loader in ROM execut es.
3) St ep 3: The I OS is locat ed and loaded based on boot syst em com m ands in NVRAM.
4) St ep 4: The configurat ion file is loaded from NVRAM.
5) St ep 5: I f no configurat ion file is locat ed, t he set up dialog init iat es.
Ex pla na t ion
When a rout er boot s up, it perform s a series of st eps, called t he boot sequence, t o t est t he
hardware and load t he necessary soft ware. The boot sequence consist s of t he following st eps:
1) Power on self t est ( POST) : t est s t he hardware t o verify t hat all com ponent s of t he device are
operat ional and present .
2) The boot st rap loader in ROM execut es: The boot st rap loader is a program in ROM t hat is used
t o find where a valid Cisco I OS im age is locat ed.
3) I f a valid Cisco I OS im age is locat ed, it is loaded.
4) I OS loads configurat ion file. Once t he I OS im age is loaded, it will search for a valid st art up
configurat ion in NVRAM.
5) I f a valid st art up configurat ion file cannot be found, t he rout er will load t he Syst em
Configurat ion Dialog ( som et im es called set up m ode) . This m ode allows you t o perform t he init ial
configurat ion of t he rout er.
Qu e st ion 5
Drag and Drop quest ion. Drag t he it em s t o t he proper locat ions.
Rout ing has been configured on t he local rout er wit h t hese com m ands:
Local( config) # ip rout e 0.0.0.0 0.0.0.0 192.168.1.1
Local( config) # ip rout e 10.1.0.0 255.255.255.0 192.168.2.2
Local( config) # ip rout e 10.1.0.0 255.255.0.0 192.168.3.3
Drag each dest inat ion I P address on t he t op t o it s correct next hop address at t he bot t om .

http://www.9tut 136
An sw e r :
N e x t hop 1 9 2 .1 6 8 .1 .1 :
+ 10.2.1.3
+ 10.6.8.4
N e x t hop 1 9 2 .1 6 8 .2 .2 :
+ 10.1.0.14
+ 10.1.0.123
N e x t hop 1 9 2 .1 6 8 .3 .3 :
+ 10.1.1.10
+ 10.1.4.6
Ex pla na t ion
I f we have m any ent ries m at ching for next hop ip address t hen t he rout er will choose t he one wit h
m ost specific pat h t o send t he packet . This is called t he “ longest m at ch” rule, t he rout e wit h t he
most bits in the mask set to “1″ will be chosen to route packet.
Qu e st ion 6
I f a Cisco rout er has learned about net work 10.1.1.0 from m ult iple sources, t he rout er will select
and inst all only one ent ry int o t he rout ing t able. I ndicat e t he order of preference t hat t he rout er
will use by dragging t he rout es on t he left t o t he order of preference cat egory on t he right .

http://www.9tut 137
An sw e r :
1) Fir st pr e fe r e n ce : S 10.1.1.0 is direct ly connect ed, Serial1
2) Se cond pr e fe r e n ce : S 10.1 1.0/ 24 [ 1/ 0] via 10.1.2.2
3) Th ir d pr e fe r e n ce : D 10.1.1.0/ 24 [ 90/ 2172416] via 10.1.5.5, Serial0
4) Fou r t h pr e fe r e n ce : O 10.1.1.0/ 24 [ 110/ 789] via 10.1.3.1, Serial0
5) Fift h pr e fe r e n ce : R 10.1.1.0/ 24 [ 120/ 3] via 10.1.3.1, Senal0
Ex pla na t ion
Adm inist rat ive dist ance is t he first crit erion t hat a rout er uses t o det erm ine which rout ing prot ocol
t o use if t wo prot ocols provide rout e inform at ion for t he sam e dest inat ion. I t is a m easure of t he
t rust wort hiness of t he source of t he rout ing inform at ion. The sm aller t he adm inist rat ive dist ance
value, t he m ore reliable t he prot ocol.
I n t his quest ion, not ice t hat t he dest inat ion of all rout es is 10.1.1.0/ 24 so we need t o use
Adm inist rat ive dist ance of each rout ing prot ocol t o specify t he priorit y of each rout e. Below list s
t he Adm inist rat ive Dist ance default values of popular rout ing prot ocols:
+ Direct ly connect ed: 0
+ St at ic rout e: 1
+ EI GRP ( sym bolize by “ D” ) : 90
+ OSPF ( sym bolize by “ O” ) : 110
+ RI P ( sym bolize by “ R” ) : 120

Pa r t 4
Qu e st ion 1
Drag t he funct ion on t he left t o t he m at ching securit y appliance or applicat ion on t he right . ( Not
all funct ions are used)

An sw e r :
1) ant ispyware: det ect s soft ware designed t o capt ure sensit ive inform at ion and rem oves it from
t he com put er
2) ant ivirus: prevent s known m alicious program s from being inst alled on workst at ions
3) I DS: ident ifies m alicious net work t raffic and alert s net work personnel
4) firewall: filt ers t raffic based on source and dest inat ion I P address or t raffic t ype

http://www.9tut 138
Qu e st ion 2
Drag t he Fram e Relay acronym on t he left t o m at ch it s definit ion on t he right . ( Not all acronym s
are used)

An sw e r :
1) a rout er is t his t ype of device: DTE
2) t he m ost com m on t ype of virt ual circuit : PVC
3) provides st at us m essages bet ween DTE and DCE devices: LMI
4) ident ifies t he virt ual connect ion bet ween t he DTE and t he swit ch: DLCI
Qu e st ion 3
The left describes som e t ypes of connect ions while t he right describes som e t ypes of cables. Drag
t he it em s on t he left t o t he proper locat ions.

An sw e r :

http://www.9tut 139
Ex pla na t ion :
To specify when we use crossover cable or st raight - t hrough cable, we should rem em ber:
Gr ou p 1 : Rout er, Host ( PC) , Server
Gr ou p 2 : Hub, Swit ch
One device in group 1 + One device in group 2: use st r a igh t - t h r ough ca ble
Two devices in t he sam e group: use cr ossove r ca ble
For exam ple: we use st raight - t hrough cable t o connect swit ch t o rout er, swit ch t o host , hub t o
host , hub t o server… and we use crossover cable t o connect swit ch t o swit ch, swit ch t o hub,
rout er t o rout er, host t o host … ) .
+ We can connect a m odem t o rout er auxiliary port using a rollover cable. Recall t hat t he purpose
of t he rout er’s auxiliary port is for connect ing t o a m odem and m ost Cisco rout ers have a second
port on t he back called t he auxiliary port . We can use t his port in case of a far- away rout er goes
down, t he adm inist rat or can have som eone in t he area go t o t he rout er, plug in a m odem and
access t o t he rout er rem ot ely ( if using t he console port , we have t o go t o t he sit e t o work wit h
t hat rout er) .
+ We can connect a PC serial port t o a swit ch/ rout er console port t hrough t he RJ- 45 t o DB- 9 or
RJ- 45 t o DB- 25 adapt er ( at t he PC end) , depending on t he com put er.
Qu e st ion 4
The above provides som e descript ions, while t he below provides som e rout ing prot ocols. Drag t he
above it em s t o t he proper locat ions.

http://www.9tut 140
An sw e r :

Ex pla na t ion :
Enhanced I nt erior Gat eway Rout ing Prot ocol ( EI GRP) is a Cisco propriet ary rout ing prot ocol, so it
is vendor- specific. By default , EI GRP int ernal rout es have an adm inist rat ive dist ance value of 90.
OSPF uses cost as it s m et ric. By default , t he cost of an int erface is calculat ed based on bandwidt h
wit h t he form ula cost = 10000 0000/ bandwit h ( in bps) . OSPF elect s a DR on each broadcast and
nonbroadcast m ult iaccess net works ( like Et hernet and Fram e Relay environm ent s, respect ively) .
I t doesn’t elect a DR on point - t o- point link ( like a serial WAN) .
Qu e st ion 5
As a CCNA candidat e, you are required t o have a firm underst anding of t he OSI m odel. At which
layers of t he OSI m odel do Wide Area Net works operat e in? Please drag t he it em s t o t he proper
locat ions.

http://www.9tut 141
An sw e r :

Ex pla na t ion
WAN operat es in t he t wo lowest layers which are Dat a Link and Physical layers.

Pa r t 5
Qu e st ion 1
Drag t he Cisco default adm inist rat ive dist ance t o t he appropriat e rout ing prot ocol or rout e ( Not all
opt ions are used)

An sw e r :
+ RI P: 120
+ OSPF: 110
+ st at ic rout e referencing I P address of next hop: 1
+ int ernal EI GRP rout e: 90
+ direct ly connect ed net work: 0

http://www.9tut 142
Qu e st ion 2
Drag t he t erm on t he left t o it s definit ion on t he right ( not all opt ions are used)

An sw e r :
+ poison r e ve r se : A rout er learns from it s neighbor t hat a rout e is down and t he rout er sends an
updat e back t o t he neighbor wit h an infinit e m et ric t o t hat rout e
+ LSA: The packet s flooded when a t opology change occurs, causing net work rout ers t o updat e
t heir t opological dat abases and recalculat e rout es
+ split hor izon: This prevent s sending inform at ion about a rout eback out t he sam e int erface t hat
originally learned about t he rout e
+ holddow n t im e r : For a given period, t his causes t he rout er t o ignore any updat es wit h poorer
m et rics t o a lost net work
Qu e st ion 3
Drag t he descript ion on t he left t o t he correct rout er m ode on t he right

An sw e r :
+ user EXEC m ode: lim it ed t o basic m onit oring com m ands
+ privileged EXEC m ode: provide access t o all ot her rout er com m ands
+ global configurat ion m ode: com m ands t hat affect t he ent ire syst em
+ specific configurat ion m ode: com m ands t hat affect int erfaces/ processes only
+ set up m ode: int eract ive configurat ion dialog

http://www.9tut 143
Qu e st ion 4
Drag each definit ion on t he left t o t he m at ching t erm on t he right

An sw e r :
+ cost : a configurable value based by default on t he bandwidt h of t he int erface
+ load: t he am ount of act ivit y on a net work resource
+ bandwidt h: t he dat a capacit y of a link
+ hop count : t he num ber of point - t o- point links in a t ransm ission pat h
+ reliabilit y: usually refers t o t he bit error rat e of each net work link
+ delay: t he am ount of t im e required t o m ove a packet from source t o dest inat ion

CCNA – NAT & PAT Quest ions

Not e: I f you are not sure about NAT & PAT, please read m y NAT t ut orial.

Net work Address Translat ion NAT Tut orial

To go t o t he I nt ernet we need t o get an public I P address and it is unique all over t he world. I f
each host in t he world required a unique public I P address, we would have run out of I P address
years ago. But by using Net work Address Translat ion ( NAT) we can save t ons of I P addresses for
lat er uses. We can underst and NAT like t his:
“ NAT allows a host t hat does not have a valid regist ered I P address t o com m unicat e wit h ot her
host s t hrough t he I nt ernet ”
For exam ple your com put er is assigned a privat e I P address of 10.0.0.9 and of course t his address
can not be rout ed on t he int ernet but you can st ill access t he int ernet . This is because your rout er
( or m odem ) t ranslat es t his address int o a public I P address, 123.12.23.1 for exam ple, before
rout ing your dat a int o t he int ernet .

http://www.9tut 144
Of course when your rout er receives a reply packet dest ined for 123.12.23.1 it will convert back
t o your privat e I P 10.0.0.9 before sending t hat packet t o you.
Maybe you will ask “ hey, I don’t see any difference of using NAT t o save t ons of I P addresses
because you st ill need a public I P address for each host t o access t he I nt ernet and it doesn’t save
you anyt hing, why you need t o use NAT?”
Ok, you are right : ) , in t he above exam ple we don’t see it s usefulness but you now underst and
t he fundam ent al of NAT!
Let ’s t ake anot her exam ple!
Suppose your com pany has 500 em ployees but your I nt ernet Service Provider ( I SP) only gives
you 50 public I P addresses. I t m eans t hat you can only allow 50 host s t o access t he int ernet at
t he sam e t im e. Here NAT com es t o save your life!
One t hing you should not ice t hat in real life, not all of your em ployees uses int ernet at t he sam e
t im e. Say, m aybe 50 of t hem use int ernet t o read newspaper at t he m orning; 50 ot hers use
int ernet at noon for checking m ail… By using NAT you can dynam ically assign t hese 50 public I P
addresses t o t hose who really need t hem at t hat t im e. This is called dyn a m ic N AT.
But t he above NAT solut ion does not solve our problem com plet ely because in som e days t here
can be m ore t han 50 people surfing web at t he m orning. I n t his case, only t he first 50 people can
access int ernet , ot hers m ust wait t o t heir t urns.
Anot her problem is, in fact , your I SP only gives you m uch lesser I P addresses t han t he num ber 50
because each public I P is very precious now.
To solve t he t wo problem s above, anot her feat ure of NAT can be used: N AT Ove r loa d or
som et im es called Por t Addr e ss Tr a n sla t ion ( PAT)
PAT perm it s m ult iple devices on a local area net work ( LAN) t o be m apped t o a single public I P
address wit h different port num bers. Therefore, it ’s also known as port address t ranslat ion ( PAT) .
When using PAT, t he rout er m aint ains unique source port num bers on t he in side globa l I P
address t o dist inguish bet ween t ranslat ions. I n t he below exam ple, each host is assigned t o t he
sam e public I P address 123.1.1.1 1 but wit h different port num bers ( from 1000 t o 1002) .

Not e: Cisco uses t he t erm in side loca l for t he privat e I P addresses and in side globa l for t he
public I P addresses replaced by t he rout er.
The out side host I P address can also be changed wit h NAT. The ou t side globa l address
represent s t he out side host wit h a public I P address t hat can be used for rout ing in t he public
I nt ernet .

http://www.9tut 145
The last t erm , ou t side loca l address, is a privat e address of an ext ernal device as it is referred t o
by devices on it s local net work. You can underst and out side local address as t he inside local
address of t he ext ernal device which lies at t he ot her end of t he I nt ernet .
Maybe you will ask how m any port s can we use for each I P? Well, because t he port num ber ﬁeld
has 16 bit s, PAT can support about 2 16 port s, which is m ore t han 64,000 connect ions using one
public I P address.
Now you has learned all t he m ost useful feat ures of NAT but we should sum m ary all feat ures of
NAT:
There are t wo t ypes of NAT t ranslat ion: dynam ic and st at ic.
St a t ic N AT: Designed t o allow one- t o- one m apping bet ween local and global addresses. This
flavor requires you t o have one real I nt ernet I P address for every host on your net work.
D yna m ic N AT: Designed t o m ap an unregist ered I P address t o a regist ered I P address from a
pool of regist ered I P addresses. You don’t have t o st at ically configure your rout er t o m ap an inside
t o an out side address as in st at ic NAT, but you do have t o have enough real I P addresses for
everyone who want s t o send packet s t hrough t he I nt ernet . Wit h dynam ic NAT, you can configure
t he NAT rout er wit h m ore I P addresses in t he inside local address list t han in t he inside global
address pool. When being defined in t he inside global address pool, t he rout er allocat es regist ered
public I P addresses from t he pool unt il all are allocat ed. I f all t he public I P addresses are already
allocat ed, t he rout er discards t he packet t hat requires a public I P address.
PAT ( N AT Ove r loa ding) : is also a kind of dynam ic NAT t hat m aps m ult iple privat e I P addresses
t o a single public I P address ( m any- t o- one) by using different port s. St at ic NAT and Dynam ic NAT
bot h require a one- t o- one m apping from t he inside local t o t he inside global address. By using
PAT, you can have t housands of users connect t o t he I nt ernet using only one real global I P
address. PAT is t he t echnology t hat helps us not run out of public I P address on t he I nt ernet . This
is t he m ost popular t ype of NAT.
Besides NAT gives you t he opt ion t o advert ise only a single address for your ent ire net work t o t he
out side world. Doing t his effect ively hides t he int ernal net work from t he public world really well,
giving you som e addit ional securit y for your net work.
NAT t erm s:
* I n side loca l a ddr e ss – The I P address assigned t o a host on t he inside net work. The address
is usually not an I P address assigned by t he I nt ernet Net work I nform at ion Cent er ( I nt erNI C) or
service provider. This address is likely t o be an RFC 1918 privat e address.
* I n side globa l a ddr e ss – A legit im at e I P address assigned by t he I nt erNI C or service provider
t hat represent s one or m ore inside local I P addresses t o t he out side world.
* Ou t side loca l a ddr e ss – The I P address of an out side host as it is known t o t he host s on t he
inside net work.
* Ou t side globa l a ddr e ss – The I P address assigned t o a host on t he out side net work. The
owner of t he host assigns t his address.
Quest ion 1
Refer t o t he exhibit . What does t he ( * ) represent in t he out put ?

0 2 :1 6 :2 9 : N AT: s= 1 0 .1 0 .0 .2 - > 1 .2 .4 .2 , d= 1 .2 .4 .1 [ 5 1 6 0 7 ]
0 2 :1 6 :2 9 : N AT: s= 1 .2 .4 .1 , d= 1 .2 .4 .2 - > 1 0 .1 0 .0 .2 [ 5 5 2 2 7 ]
6 2 :1 6 :2 9 : N AT* : s= 1 0 .1 0 .0 .2 - > 1 .2 .4 .2 , d= 1 .2 .4 .1 [ 5 1 6 0 8 ]
0 2 :1 6 :2 9 : N AT* : s= 1 0 .1 0 .0 .2 - > 1 .2 .4 .2 , d= 1 .2 .4 .1 [ 5 1 6 0 9 ]

A. Packet is dest ined for a local int erface t o t he rout er.

B. Packet was t ranslat ed, but no response was received from t he dist ant device.

http://www.9tut 146
C. Packet was not t ranslat ed, because no addit ional port s are available.
D. Packet was t ranslat ed and fast swit ched t o t he dest inat ion.
An sw e r : D
Explanat ion
The above out put is from t he “ debug ip nat ” com m and. I n t his out put , t he first t wo lines show t he
Dom ain Nam e Syst em ( DNS) request and reply debugging out put .
I n t he first line ( DNS request ) :
s= 10.10.0.2- > 1.2.4.2: source of t he I P address ( 10.10.0.2) and how it is being t ranslat ed ( t o
1.2.4.2)
d= 1.2.4.1: dest inat ion address of t he packet
[ 51607] : t he I P ident ificat ion num ber of t he packet
I n t he second line ( DNS reply) :
s= 1.2.4.1: source of t he reply
d= 1.2.4.2- > 10.10.0.2: how t he dest inat ion is being t ranslat ed
The rem aining lines show debugging out put from a Telnet connect ion from a host on t he inside of
t he net work t o a host on t he out side of t he net work. All Telnet packet s, except for t he first packet ,
were t ranslat ed in t he fast pat h, as indicat ed by t he ast erisk ( * ) .
Not e: I f t he connect ion is already est ablished, t he securit y appliance does not need t o re- check
packet s and t he packet s are sent t o t he Fast Pat h.
( Reference: ht t p: / / www.cisco.com / en/ US/ docs/ ios/ 12_3t / debug/ com m and/ reference/ dbg_i2gt .ht
m l)
Quest ion 2
Refer t o t he exhibit . What com m and sequence will enable PAT from t he inside t o out side net work?

ip n a t pool isp- n e t 1 .2 .4 .1 0 1 .2 .4 .2 4 0 n e t m a sk 2 5 5 .2 5 5 .2 5 5 .0
!
in t e r fa ce e t h e r n e t 1
de scr ipt ion I SP Conn e ct ion
ip a ddr e ss 1 .2 .4 .2 2 5 5 .2 5 5 .2 5 5 .0
ip n a t out side
!
in t e r fa ce e t h e r n e t 0
de scr ipt ion Et h e r n e t t o Fir e w a ll e t h 0
ip a ddr e ss 1 0 .1 0 .0 .1 2 5 5 .2 5 5 .2 5 5 .0
ip n a t in side
!
a cce ss- list 1 pe r m it 1 0 .0 .0 .0 0 .2 5 5 .2 5 5 .2 5 5

A. ( config) # ip nat pool isp- net 1.2.4.2 net m ask 255.255.255.0 overload
B. ( config- if) # ip nat out side overload
C. ( config) # ip nat inside source list 1 int erface et hernet 1 overload
D. ( config- if) # ip nat inside overload

An sw e r : C
Explanat ion
The com m and “ ip nat inside source list 1 int erface et hernet 1 overload” m eans:

http://www.9tut 147
+ “ ip nat ” : use NAT
+ “ inside” : NAT from inside t o out side
+ “source list 1″: the source addresses can be found in access list 1
+ “interface ethernet1″: NAT out of this interface
+ “ overload” : use NAT overload ( PAT)
Quest ion 3
Refer t o t he exhibit . A j unior net work engineer has prepared t he exhibit ed configurat ion file. What
t wo st at em ent s are t rue of t he planned configurat ion for int erface fa0/ 1? ( Choose t wo)

A. The t wo Fast Et hernet int erfaces will require NAT configured on t wo out side serial int erfaces.
B. Address t ranslat ion on fa0/ 1 is not required for DMZ Devices t o access t he I nt ernet .
C. The fa0/ 1 I P address overlaps wit h t he space used by s0/ 0.
D. The fa0/ 1 I P address is invalid for t he I P subnet on which it resides.
E. I nt ernet host s m ay not init iat e connect ions t o DMZ Devices t hrough t he configurat ion t hat is
shown.
An sw e r : B E
Explanat ion
Bot h inside Fast Et hernet int erfaces can use only one out side int erface t o go t o t he I nt ernet - > A is
not correct .
DMZ devices use I P addresses in t he range of 128.107.1.128/ 25 which are public I P addresses so
t hey don’t need address t ranslat ion t o access t he I nt ernet - > B is correct .
The fa0/ 1 int erface’s I P address is 128.107.1.254 255.255.255.128 ( range from 128.107.1.128 t o
128.107.1.255) while t he I P address of s0/ 0 is 128.107.1.1 255.255.255.252 ( ranges from
128.107.1.0 t o 128.107.1.4) so t hey are not overlapped wit h each ot her - > C is not correct .
DMZ devices are in t he range of 128.107.1.128/ 25 ( from 128.107.1.128 t o 128.107.1.255) and
fa0/ 1 I P address ( 128.107.1.254) is a valid I P address on t his subnet - > D is not correct .

http://www.9tut 148
DMZ devices ( and ot her int ernal host s) are using dynam ic PAT, which is a t ype of dynam ic NAT.
Wit h dynam ic NAT, t ranslat ions do not exist in t he NAT t able unt il t he rout er receives t raffic t hat
requires t ranslat ion. I n ot her words, if DMZ devices com m unicat e wit h out side host s first , dynam ic
t ranslat ion works fine. But if out side host s com m unicat e wit h DMZ devices first , no t ranslat ion is
creat ed in NAT t able and t he packet s will be dropped. This is t he reason why “ I nt ernet host s m ay
not init iat e connect ions t o DMZ Devices t hrough t he configurat ion t hat is shown” - > E is correct .
Quest ion 4
Refer t o t he exhibit . What st at em ent is t rue of t he configurat ion for t his net work?

A. The configurat ion t hat is shown provides inadequat e out side address space for t ranslat ion of
t he num ber of inside addresses t hat are support ed.
B. Because of t he addressing on int erface Fast Et hernet 0/ 1, t he Serial0/ 0 int erface address will not
support t he NAT configurat ion as shown.
C. The num ber 1 referred t o in t he ip nat inside source com m and references access- list num ber 1.
D. Ext ernalRout er m ust be configured wit h st at ic rout ers t o net work 172.16.2.0/ 24
An sw e r : C
Explanat ion
The “list 1″ refers to the access- list num ber 1.
Quest ion 5
What are t wo benefit s of using NAT? ( choose t wo)
A. NAT prot ect s net work securit y because privat e net works are not advert ised.
B. NAT accelerat es t he rout ing process because no m odificat ions are m ade on t he packet s.
C. Dynam ic NAT facilit at es connect ions from t he out side of t he net work.
D. NAT facilit at es end- t o- end com m unicat ion when I Psec is enable.
E. NAT elim inat es t he need t o re- address all host t hat require ext ernal access.
F. NAT conserves addresses t hrough host MAC- level m ult iplexing.

An sw e r : A E

http://www.9tut 149
Ex pla na t ion
By not reveal t he int ernal I p addresses, NAT adds som e securit y t o t he inside net work - > A is
correct .
NAT has t o m odify t he source I P addresses in t he packet s - > B is not correct .
Connect ion from t he out side of t he net work t hrough a “ NAT” net work is m ore difficult t han a m ore
net work because I P addresses of inside host s are hidden - > C is not correct .
I n order for I Psec t o work wit h NAT we need t o allow addit ional prot ocols, including I nt ernet Key
Exchange ( I KE) , Encapsulat ing Securit y Payload ( ESP) and Aut hent icat ion Header ( AH) - > m ore
com plex - > D is not correct .
By allocat ing specific public I P addresses t o inside host s, NAT elim inat es t he need t o re- address
t he inside host s - > E is correct .
NAT does conserve addresses but not t hrough host MAC- level m ult iplexing. I t conserves
addresses by allowing m any privat e I P addresses t o use t he sam e public I P address t o go t o t he
I nt ernet - > F is not correct .
Quest ion 6
Which t wo st at em ent s about st at ic NAT t ranslat ions are t rue? ( choose t wo)
A. They are always present in t he NAT t able.
B. They allow connect ion t o be init iat ed from t he out side.
C. They can be configured wit h access list s, t o allow t wo or m ore connect ions t o be init iat ed from
t he out side.
D. They require no inside or out side int erface m arkings because addresses are st at ically defined.
An sw e r : A B
Explanat ion
Wit h st at ic NAT, t ranslat ions exist in t he NAT t ranslat ion t able as soon as you configure st at ic NAT
com m and( s) , and t hey rem ain in t he t ranslat ion t able unt il you delet e t he st at ic NAT com m and( s) .
Wit h dynam ic NAT, t ranslat ions do not exist in t he NAT t able unt il t he rout er receives t raffic t hat
requires t ranslat ion. Dynam ic t ranslat ions have a t im eout period aft er which t hey are purged from
t he t ranslat ion t able.
- > A is correct .
Because st at ic NAT t ranslat ions are always present in t he NAT t able so out side host s can init iat e
t he connect ion wit hout being dropped - > B is correct .
St at ic t ranslat ions can not be configured wit h access list s. To configure st at ic NAT, we only need
t o specify source I P, NAT I P, inside int erface & out side int erface.
- > C is not correct .
We have t o specify which is t he inside and out side int erface - > D is not correct .
For your inform at ion, below is an exam ple of configuring st at ic NAT:
R0( config) # int f0/ 0
R0( config- if) # ip nat inside
R0( config- if) # int f0/ 1
R0( config- if) # ip nat out side
R0( config) # ip nat inside source st at ic 10.0.0.1 200.0.0.2

http://www.9tut 150
( Reference: ht t p: / / www.cisco.com / en/ US/ t ech/ t k648/ t k361/ t echnologies_t ech_not e09186a00800
93f31.sht m l)
Quest ion 7
Refer t o t he exhibit . Which st at em ent about packet addresses are t rue during dat a exchange
when host A m akes Web- request t o WWW Server, considering t hat t here is NAT overload schem e
for dat a passing from Corp LAN host s t o out side net works in use?

A. Source 234.15.27.226: 3015 and dest inat ion 234.15.27.225: 80

B. Source 200.15.239.128: 3015 and dest inat ion 192.168.10.34: 80
C. Dest inat ion 192.168.10.11: 3015 and source 200.15.239.128: 80
D. Source 192.168.10.34: 80 and dest inat ion 192.168.10.254: 3015
E. Dest inat ion 234.15.27.225: 3015 and source 200.15.239.128: 80

An sw e r : E
Explanat ion
From A t o Corp rout er:
+ Source: 192.168.10.34: 3015 & Dest inat ion: 200.15.239.128: 80
From Corp t o WWW Server:
+ Source: 234.15.27.225: 3015 & Dest inat ion: 200.15.239.128: 80
From WWW Server t o Corp:
+ Sour ce : 2 0 0 .1 5 .2 3 9 .1 2 8 :8 0 & D e st in a t ion : 2 3 4 .1 5 .2 7 .2 2 5 :3 0 1 5
From Corp t o Host A:
+ Source: 200.15.239.128: 80 & Dest inat ion: 192.168.10.34: 3015
So t he only correct answer is E ( from WWW server t o Corp)

http://www.9tut 151
CCNA – Swit ch Quest ions

Part 1
Quest ion 1
Which t wo com m ands can be used t o verify a t runk link configurat ion st at us on a Cisco swit ch?
( choose t wo)
A. show int erfaces t runk
B. show int erfaces swit chport
C. show ip int erface brief
D. show int erfaces vlan
An sw e r : A B
Explanat ion
The “ show int erfaces t runk” com m and and “ show int erfaces swit chport ” com m and can be used t o
verify t he st at us of an int erface ( t runking or not ) . The out put s of t hese com m ands are shown
below ( port Et hernet 1/ 0 has been configured as t runk) :

The “ show ip int erface brief” com m and only gives us inform at ion about t he I P address, t he st at us
( up/ down) of an int erface:

http://www.9tut 152
The “ show int erfaces vlan” com m and only gives us inform at ion about t hat VLAN, not about which
port s are t he t runk links:

Quest ion 2
Refer t o t he exhibit . The following com m ands are execut ed on int erface fa0/ 1 of 2950Swit ch.
2950Swit ch( config- if) # swit chport port - securit y
2950Swit ch( config- if) # swit chport port - securit y m ac- address st icky
2950Swit ch( config- if) # swit chport port - securit y m axim um 1
The Et hernet fram e t hat is shown arrives on int erface fa0/ 1. What t wo funct ions will occur when
t his fram e is received by 2950Swit ch? ( Choose t wo)

A. The MAC address t able will now have an addit ional ent ry of fa0/ 1 FFFF.FFFF.FFFF.
B. Only host A will be allowed t o t ransm it fram es on fa0/ 1.
C. This fram e will be discarded when it is received by 2950Swit ch.
D. All fram es arriving on 2950Swit ch wit h a dest inat ion of 0000.00aa.aaaa will be forwarded out
fa0/ 1.
E. Host s B and C m ay forward fram es out fa0/ 1 but fram es arriving from ot her swit ches will not
be forwarded out fa0/ 1.
F. Only fram es from source 0000.00bb.bbbb, t he first learned MAC address of 2950Swit ch, will be
forwarded out fa0/ 1.

An sw e r : B D

http://www.9tut 153
Explanat ion
Please read t he explanat ion at ht t p: / / www.9t ut .net / icnd2/ icnd2- operat ions
Quest ion 3
Which Cisco Cat alyst feat ure aut om at ically disables t he port in an operat ional Port Fast upon
receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filt er
An sw e r : D
Explanat ion
We only enable Port Fast feat ure on access port s ( port s connect ed t o end st at ions) . But if som eone
does not know he can accident ally plug t hat port t o anot her swit ch and a loop m ay occur when
BPDUs are being t ransm it t ed and received on t hese port s.
Wit h BPDU Guard, when a Port Fast receives a BPDU, it will be shut down t o prevent a loop - > D is
correct .
Quest ion 4
Why will a swit ch never learn a broadcast address?
A. Broadcast fram es are never sent t o swit ches.
B. Broadcast addresses use an incorrect form at for t he swit ching t able.
C. A broadcast address will never be t he source address of a fram e.
D. Broadcast s only use net work layer addressing.
E. A broadcast fram e is never forwarded by a swit ch.
An sw e r : C
Quest ion 5
Which t hree st at em ent s accurat ely describe layer 2 Et hernet swit ches? ( choose t hree)
A. Microsegm ent at ion decreases t he num ber of collisions on t he net work.
B. I f a swit ch receives a fram e for an unknown dest inat ion.it uses ARP t o resolve t he address.
C. Spanning Tree Prot ocol allows swit ches t o aut om at ically share vlan inform at ion.
D. I n a propert y funct ioning net work wit h redundant swit ched pat hs, each swit ched segm ent will
cont ain one root bridge wit h all it s port s in t he forwarding st at e. All ot her swit ches in t hat
broadcast dom ain will have only one root port .
E. Est ablishing vlans increases t he num ber of broadcast dom ains.
F. Swit ches t hat are configured wit h vlans m ake forwarding decisions based on bot h layer 2 and
layer 3 address inform at ion.
An sw e r : A D E
Quest ion 6
Swit ch port s operat ing in which t wo roles will forward t raffic according t o t he I EEE 802.1w
st andard? ( Choose t wo)
A. alt ernat e
B. backup
C. designat ed

http://www.9tut 154
D. disabled
E. root
An sw e r : C E
Explanat ion
I EEE 802.1w is t he st andard of Rapid Spanning Tree Prot ocol ( RSTP) . There are 5 port roles in t his
st andard: Root port , Designat ed port , Alt ernat ive port , Backup port and Disabled port . I n t hese 5
port roles, only Root port and Designat ed port can forward t raffic.
Quest ion 7
Select t he act ion t hat result s from execut ing t hese com m ands:
Swit ch( config- if) # swit chport port - securit y
Swit ch( config- if) # swit chport port - securit y m ac- address st icky
A. A dynam ically learned MAC address is saved in t he st art up- configurat ion file.
B. A dynam ically learned MAC address is saved in t he running- configurat ion file.
C. A dynam ically learned MAC address is saved in t he VLAN dat abase.
D. St at ically configured MAC addresses are saved in t he st art up- configurat ion file if fram es from
t hat address are received.
E. St at ically configured MAC addresses are saved in t he running- configurat ion file if fram es from
t hat address are received.
An sw e r : B
Explanat ion
The full synt ax of t he second com m and is:
sw it chpor t por t - se cur it y m a c- a ddr e ss st ick y [ M AC]
I f we don’t specify t he MAC address ( like in t his quest ion) t hen t he swit ch will dynam ically learn
t he at t ached MAC Address and place it int o your running- configurat ion - > B is correct .
Quest ion 8
What is valid reason for a swit ch t o deny port access t o new devices when port securit y is
enabled?
A. The denied MAC addresses have already been learned or configured on anot her secure
int erface in t he sam e VLAN.
B. The denied MAC address are st at ically configured on t he port .
C. The m inim um MAC t hreshold has been reached.
D. The absolut e aging t im es for t he denied MAC addresses have expired.
An sw e r : A
Explanat ion
A securit y violat ion occurs in eit her of t hese sit uat ions:
* When t he m axim um num ber of secure MAC addresses is reached on a secure port and t he
source MAC address of t he ingress t raffic is different from any of t he ident ified secure MAC
addresses, port securit y applies t he configured violat ion m ode.
* I f t raffic wit h a secure MAC address t hat is configured or learned on one secure port at t em pt s t o
access anot her secure port in t he sam e VLAN, applies t he configured violat ion m ode.
From t he second st at em ent we can figure out A is t he correct answer. But for your inform at ion we
will discuss ot her answers as well.

http://www.9tut 155
Answer B is not correct because we can’t configured which MAC address will be denied. We can
only configure which MAC is allowed.
We can only configure t he m axim um MAC t hreshold, not t he m inim um t hreshold - > C is not
correct .
The aging t im es are only configured for allowed MAC addresses, not for denied MAC - > D is
correct .
For your inform at ion about aging t im e:
When t he aging t ype is configured wit h t he absolut e keyword, all t he dynam ically learned secure
addresses age out when t he aging t im e expires
This is how t o configure t he secure MAC address aging t ype on t he port :
Rout e r ( con fig- if) # sw it chpor t por t - se cu r it y a ging t ype a bsolut e
and configure t he aging t im e ( aging t im e = 120 m inut es)
Rout e r ( con fig- if) # sw it chpor t por t - se cu r it y a ging t im e 1 2 0
When t his com m and is used, all t he dynam ically learned secure addresses age out when t he aging
t im e expires
( Reference: ht t p: / / www.cisco.com / en/ US/ docs/ swit ches/ lan/ cat alyst 6500/ ios/ 12.2SX/ configurat io
n/ guide/ port _sec.ht m l)
Quest ion 9
A net work adm inist rat or needs t o configure port securit y on a swit ch. Which t wo st at em ent s are
t rue? ( Choose t wo)
A. The net work adm inist rat or can apply port securit y t o dynam ic access port s
B. The net work adm inist rat or can configure st at ic secure or st icky secure m ac addresses in t he
voice vlan.
C. The st icky learning feat ure allows t he addit ion of dynam ically learned addresses t o t he running
configurat ion.
D. The net work adm inist rat or can apply port securit y t o Et herChannels.
E. When dynam ic m ac address learning is enabled on an int erface, t he swit ch can learn new
addresses up t o t he m axim um defined.
An sw e r : C E
Quest ion 10
Refer t o t he exhibit . Which st at em ent is t rue?

http://www.9tut 156
A. The Fa0/ 11 role confirm s t hat Swit chA is t he root bridge for VLAN 20.
B. VLAN 20 is running t he Per VLAN Spanning Tree Prot ocol.
C. The MAC address of t he root bridge is 0017.596d.1580.
D. Swit chA is not t he root bridge, because not all of t he int erface roles are designat ed.
An sw e r : D
Explanat ion
Only non- root bridge can have root port . Fa0/ 11 is t he root port so we can confirm t his swit ch is
not t he root bridge - > A is not correct .
From t he out put we learn t his swit ch is running Rapid STP, not PVST - > B is not correct .
0017.596d.1580 is t he MAC address of t his swit ch, not of t he root bridge. The MAC address of t he
root bridge is 0017.596d.2a00 - > C is not correct .
All of t he int erface roles of t he root bridge are designat ed. Swit chA has one Root port and 1
Alt ernat ive port so it is not t he root bridge - > D is correct .
Quest ion 11

A t echnician has inst alled Swit hchB and needs t o configure it for rem ot e access from t he
m anagem ent workst at ion connect ed Swit chA. Which set of com m ands is required t o accom plish
t his t ask?
A.
Swit chB( config) # int erface Fast Et hernet 0/ 1
Swit chB( config) # ip address 192.168.8.252 255.255.255.0
Swit chB( config) # no shut down
B.
Swit chB( config) # ip default - gat eway 192.168.8.254
Swit chB( config) # int erface vlan 1
Swit chB( config) # ip address 192.168.8.252 255.255.255.0
Swit chB( config) # no shut down
C.
Swit chB( config) # int erface vlan 1
Swit chB( config) # ip address 192.168.8.252 255.255.255.0
Swit chB( config) # ip default - gat eway 192.168.8.254 255.255.255.0
Swit chB( config) # no shut down
D.
Swit chB( config) # ip default - net work 192.168.8.254
Swit chB( config) # int erface vlan 1
Swit chB( config) # ip address 192.168.8.252 255.255.255.0
Swit chB( config) # no shut down

http://www.9tut 157
An sw e r : B
Explanat ion
To rem ot e access t o Swit chB, it m ust have a m anagem ent I P address on a VLAN on t hat swit ch.
Tradit ionally, we oft en use VLAN 1 as t he m anagem ent VLAN ( but in fact it is not secure) .
I n t he exhibit , we can recognize t hat t he Managem ent Workst at ion is in a different subnet from
t he Swit chB. For int ersubnet work com m unicat ion t o occur, you m ust configure at least one default
gat eway. This default gat eway is used t o forward t raffic originat ing from t he swit ch only, not t o
forward t raffic sent by devices connect ed t o t he swit ch.
Quest ion 12
A net work adm inist rat or want s t o ensure t hat only t he server can connect t o port Fa0/ 1 on a
Cat alyst swit ch. The server is plugged int o t he swit ch Fa0/ 1 port and t he net work adm inist rat or is
about t o bring t he server online. What can t he adm inist rat or do t o ensure t hat only t he MAC
address of t he server is allowed by swit ch port Fa0/ 1? ( Choose t wo)
A. Configure port Fa0/ 1 t o accept connect ions only from t he st at ic I P address of t he server.
B. Em ploy a propriet ary connect or t ype on Fa0/ 1 t hat is incom pat ible wit h ot her host connect ors.
C. Configure t he MAC address of t he server as a st at ic ent ry associat ed wit h port Fa0/ 1.
D. Bind t he I P address of t he sewer t o it s MAC address on t he swit ch t o prevent ot her host s from
spoofing t he server I P address.
E. Configure port securit y on Fa0/ 1 t o rej ect t raffic wit h a source MAC address ot her t han t hat of
t he server.
F. Configure an access list on t he swit ch t o deny server t raffic from ent ering any port ot her t han
Fa0/ 1.
An sw e r : C E
Explanat ion
We can”configure the MAC address of the server as a static entry associated with port Fa0/1″ with
t his com m and:
Sw it ch ( con fig- if) # sw it chpor t por t - se cu r it y m a c- a ddr e ss st ick y 0 0 0 0 .0 0 AA.AAAA.AAAA
and “ configure port securit y on Fa0/ 1 t o rej ect t raffic wit h a source MAC address ot her t han t hat
of t he server” wit h t hese com m ands:
Sw it ch ( con fig- if) # sw it chpor t por t - se cu r it y m a x im u m 1 ( only allow 1 MAC address and t hat
is t he st at ic MAC address)
Also we oft en define what will t he swit ch do if t he securit y is violat ed:
Sw it ch ( con fig- if) # sw it chpor t por t - se cu r it y viola t ion sh u t dow n
Quest ion 13
The net work securit y policy requires t hat only one host be perm it t ed t o at t ach dynam ically t o each
swit ch int erface. I f t hat policy is violat ed, t he int erface should shut down. Which t wo com m ands
m ust t he net work adm inist rat or configure on t he 2950 Cat alyst swit ch t o m eet t his policy?
( Choose t wo)
A. Swit ch1( config- if) # swit chport port - securit y m axim um 1
B. Swit ch1( config) # m ac- address- t able secure
C. Swit ch1( config) # access- list 10 perm it ip host
D. Swit ch1( config- if) # swit chport port - securit y violat ion shut down
E. Swit ch1( config- if) # ip access- group 10

http://www.9tut 158
An sw e r : A D

Part 2
Qu e st ion 1
I n which circum st ance are m ult iple copies of t he sam e unicast fram e likely t o be t ransm it t ed in a
swit ched LAN?
A. aft er broken links are re- est ablished
B. in an im properly im plem ent ed redundant t opology
C. when upper- layer prot ocols require high reliabilit y
D. during high t raffic periods
E. when a dual ring t opology is in use
An sw e r : B
Ex pla na t ion
I f we connect t wo swit ches via 2 or m ore links and do not enable STP on t hese swit ches t hen a
loop ( which creat es m ult iple copies of t he sam e unicast fram e) will occur. I t is an exam ple of an
im properly im plem ent ed redundant t opology.
Qu e st ion 2
An adm inist rat or would like t o configure a swit ch over a virt ual t erm inal connect ion from locat ions
out side of t he local LAN. Which of t he following are required in order for t he swit ch t o be
configured from a rem ot e locat ion? ( Choose t wo)
A. The swit ch m ust be configured wit h an I P address, subnet m ask, and default gat eway.
B. The swit ch m ust be connect ed t o a rout er over a VLAN t runk.
C. The swit ch m ust be reachable t hrough a port connect ed t o it s m anagem ent VLAN.
D. The swit ch console port m ust be connect ed t o t he Et hernet LAN.
E. The swit ch m anagem ent VLAN m ust be creat ed and have a m em bership of at least one swit ch
port .
F. The swit ch m ust be fully configured as an SNMP agent .
An sw e r : A C
Ex pla na t ion
I n order t o rem ot e access t o a swit ch from out side of t he local LAN ( in a different subnet ) we have
t o:
+ Configure an I P address on a VLAN on t hat swit ch, t his VLAN is known as t he m anagem ent
VLAN ( it is usually VLAN 1)
+ Specify t he default gat eway for t hat swit ch so t hat it can send t raffic t o t his gat eway
Below shows an exam ple of configuring rem ot e access for a swit ch ( suppose t he m anagem ent
VLAN on t he swit ch is 192.168.1.10/ 24 and t he default - gat eway I P address is 192.168.1.254)
Swit ch( config) # ip default - gat eway 192.168.1.254
Swit ch( config) # int erface vlan 1
Swit ch( config) # ip address 192.168.1.10 255.255.255.0
Swit ch( config) # no shut down
Qu e st ion 3
Refer t o t he exhibit . A j unior net work adm inist rat or was given t he t ask of configuring port securit y
on Swit chA t o allow only PC_A t o access t he swit ched net work t hrough port fa0/ 1. I f any ot her

http://www.9tut 159
device is det ect ed, t he port is t o drop fram es from t his device. The adm inist rat or configured t he
int erface and t est ed it wit h successful pings from PC_A t o Rout erA, and t hen observes t he out put
from t hese t wo show com m ands.

Which t wo of t hese changes are necessary for Swit chA t o m eet t he requirem ent s? ( Choose t wo)
A. Port securit y needs t o be globally enabled.
B. Port securit y needs t o be enabled on t he int erface.
C. Port securit y needs t o be configured t o shut down t he int erface in t he event of a violat ion.
D. Port securit y needs t o be configured t o allow only one learned MAC address.
E. Port securit y int erface count ers need t o be cleared before using t he show com m and.
F. The port securit y configurat ion needs t o be saved t o NVRAM before it can becom e act ive.

An sw e r : B D
Ex pla na t ion
As we see in t he out put , t he “ Port Securit y” is in “ Disabled” st at e ( line 2 in t he out put ) . To enable
Port securit y feat ure, we m ust enable it on t hat int erface first wit h t he com m and:
Sw it ch A( con fig- if) # sw it chpor t por t - se cu r it y
- > B is correct .
Also from t he out put , we learn t hat t he swit ch is allowing 2 devices t o connect t o it ( swit chport
port - securit y m axim um 2) but t he quest ion requires allowing only PC_A t o access t he net work so
we need t o reduce t he m axim um num ber t o 1 - > D is correct .
Qu e st ion 4
A com pany im plem ent s video conferencing over I P on t heir Et hernet LAN. The users not ice t hat
t he net work slows down, and t he video eit her st ut t ers or foils com plet ely. What is t he m ost likely
reason for t his?
A. m inim um cell rat e ( MCR)
B. qualit y of service ( QoS)

http://www.9tut 160
C. m odulat ion
D. packet swit ching exchange ( PSE)
E. reliable t ransport prot ocol ( RTP)
An sw e r : B
Ex pla na t ion
I f t he QoS is not configured correct ly on t he net work ( for exam ple configure your net work’s
bandwidt h below t he bandwidt h assigned by your I SP) can slow down all your t raffic.
Qu e st ion 5
Com put er 1 is consoles int o swit ch A. Telnet connect ions and pings run from t he com m and
prom pt on swit ch A fail. Which of t he following could cause t his problem ?

A. swit ch A does not have a cdp ent ry for swit ch B or rout er JAX
B. swit ch A does not have an I P address
C. port 1 on swit ch A should be an access port rat her t han a t runk port
D. swit ch A is not direct ly connect ed t o rout er JAX
E. swit ch A does not have a default gat eway assigned
An sw e r : B
Ex pla na t ion
I t ’s a hard quest ion t o answer alt hough it looks sim ple! From t he out put above we are sure t hat
swit ch A does not have an I P address ( on bot h Fa0/ 1 and on VLAN 1) so it can not ping or t elnet
t o any ot her device - > B is correct .
Anot her answer seem s t o be correct is answer E – swit ch A does not have a default gat eway
assigned. We know t hat Swit ch A can not t elnet t o ot her device out side it s subnet wit hout having
a default gat eway. But t he quest ion only says “ Telnet connect ions and pings run from t he
com m and prom pt on swit ch A fail” wit hout t elling us where Swit ch A is t rying t o t elnet or ping t o.
I f it t ries t o connect t o t he out side net work t hen E is correct . I f it only want t o connect t o a device
inside it s subnet t hen a default gat eway is not necessary.
So t he best answer for t his quest ion is B!
Qu e st ion 6
Refer t o t he exhibit . Give t his out put for Swit chC, what should t he net work adm inist rat or’s next
act ion be?

http://www.9tut 161
A. Check t he t runk encapsulat ion m ode for Swit chC’s fa0/ 1 port .
B. Check t he duplex m ode for Swit chC’s fa0/ 1 port .
C. Check t he duplex m ode for Swit chA’s fa0/ 2 port .
D. Check t he t runk encapsulat ion m ode for Swit chA’s fa0/ 2 port .

An sw e r : C
Qu e st ion 7
Refer t o t he graphic

A host is connect ed t o swit ch port Fa0/ 3 wit h a crossover cable. However, t he port indicat or on
swit ch port Fa0/ 3 is not on, and t he host can not com m unicat e wit h host s t hat belong t o VLAN2
on t he sam e swit ch. Based on t he inform at ion given, where is t he problem ?
A. The swit ch has been assigned an incorrect subnet m ask T1
B. Swit ch port Fa0/ 3 is not configured as a t runk port
C. Swit ch port Fa0/ 3 has been blocked by STP
D. The swit ch and t he host s m ust be in t he sam e subnet
E. The cable t ype is wrong

An sw e r : E

http://www.9tut 162
Ex pla na t ion
To specify when we use crossover cable or st raight - t hrough cable, we should rem em ber:
Gr ou p 1 : Rout er, Host , Server
Gr ou p 2 : Hub, Swit ch
One device in group 1 + One device in group 2: use st r a igh t - t h r ough cable
Two devices in t he sam e group: use cr ossove r cable
I n t his case we connect a swit ch and a host so we need a st raight - t hrough cable - > E is correct .
Qu e st ion 8
Refer t o t he exhibit . Som e 2950 series swit ches are connect ed t o t he conference area of t he
corporat e headquart ers net work. The swit ches provide t wo t o t hree j acks per conference room t o
host lapt op connect ions for em ployees who visit t he headquart ers office. When large groups of
em ployees com e from ot her locat ions, t he net work adm inist rat or oft en finds t hat hubs have been
connect ed t o wall j acks in t he conference area alt hough t he port s on t he access layer swit ches
were not int ended t o support m ult iple workst at ions.
What act ion could t he net work adm inist rat or t ake t o prevent access by m ult iple lapt ops t hrough a
single swit ch port and st ill leave t he swit ch funct ional for it s int ended use?

A. Configure st at ic ent ries in t he swit ch MAC address t able t o include t he range of addresses used
by visit ing em ployees.
B. Configure an ACL t o allow only a single MAC address t o connect t o t he swit ch at one t im e.
C. Use t he m ac- address- t able 1 global configurat ion com m and t o lim it each port t o one source
MAC address.
D. I m plem ent Port Securit y on all int erfaces and use t he port - securit y m axim um 1 com m and t o
lim it port access t o a single MAC address
E. I m plem ent Port Securit y on all int erfaces and use t he port - securit y m ac- address st icky
com m and t o lim it access t o a single MAC address
F. I m plem ent Port Securit y at global configurat ion m ode and use t he port - securit y m axim um 1
com m and t o allow each swit ch only one at t ached hub

An sw e r : D
Ex pla na t ion
The Port Securit y filt ers fram es based on it s MAC so it can effect ively prevent people connect ing t o
t he swit ch via hubs.

http://www.9tut 163
Qu e st ion 9
Which of t he following st at em ent s are t rue regarding bridges and swit ches? ( Choose 3)
A. Swit ches are prim arily soft ware based while bridges are hardware based.
B. Bot h bridges and swit ches forward Layer 2 broadcast s.
C. Bridges are frequent ly fast er t han swit ches.
D. Swit ches have a higher num ber of port s t han m ost bridges.
E. Bridges define broadcast dom ains while swit ches define collision dom ains.
F. Bot h bridges and swit ches m ake forwarding decisions based on Layer 2 addresses.

An sw e r : B D F
Qu e st ion 1 0
A net work adm inist rat or m ust configure 200 swit ch port s t o accept t raffic from only t he current ly
at t ached host devices. What would be t he m ost efficient way t o configure MAC- level securit y on all
t hese port s?
A. Visually verify t he MAC addresses and t hen t elnet t o t he swit ches t o ent er t he swit chport - port
securit y m ac- address com m and.
B. Have end users e- m ail t heir MAC addresses. Telnet t o t he swit ch t o ent er t he swit chport - port
securit y m ac- address com m and.
C. Use t he swit chport port - securit y MAC address st icky com m and on all t he swit ch port s t hat have
end devices connect ed t o t hem .
D. Use show m ac- address- t able t o det erm ine t he addresses t hat are associat ed wit h each port
and t hen ent er t he com m ands on each swit ch for MAC address port - securit y.

An sw e r : C
Ex pla na t ion
We can use t he “ int erface range” com m and ( for exam ple “ int erface range Fast Et hernet 0/ 1 – 48″)
t o configure m any port s as t he sam e t im e and use t he “ port - securit y MAC address st icky”
com m and ( wit hout a specific MAC address) t o dynam ically learn t he at t ached MAC Address and
place it int o t he swit ch’s running- configurat ion - > C is correct .

Part 3
Qu e st ion 1
Which of t he following are t rue regarding bridges and swit ches? ( Choose t wo)
A. Bridges are fast er t han swit ches because t hey have fewer port s.
B. A swit ch is a m ult iport bridge.
C. Bridges and swit ches learn MAC addresses by exam ining t he source MAC address of each fram e
received.
D. A bridge will forward a broadcast but a swit ch will not .
E. Bridges and swit ches increase t he size of a collision dom ain.

An sw e r : B C
Qu e st ion 2
Which t wo com m ands correct ly verily whet her port securit y has been configured on port
Fast Et hernet 0/ 12 on a swit ch? ( Choose t wo)

http://www.9tut 164
A. SW1# show swit chport port - securit y int erface Fast Et hernet 0/ 12
B. SW1# show swit chport port - secure int erface Fast Et hernet 0/ 12
C. SW1# show port - securit y int erface Fast Et hernet 0/ 12
D. SW1# show running- config
An sw e r : C D
Ex pla na t ion
We can verify whet her port securit y has been configured by using t he “ show running- config” or
“ show port - securit y int erface< int erface> ” for m ore det ail. An exam ple of t he out put of “ show
port - securit y int erface < int erface> ” com m and is shown below:

Qu e st ion 3
Assum ing t he default swit ch configurat ion which vlan range can be added m odified and rem oved
on a Cisco swit ch?
A. 2 t hrough 1001
B. 1 t hrough 1001
C. 1 t hrough 1002
D. 2 t hrough 1005
An sw e r : A
Ex pla na t ion
VLAN 1 is t he default VLAN on Cisco swit ch. I t always exist s and can not be added, m odified or
rem oved.
VLANs 1002- 1005 are default VLANs for FDDI & Token Ring and t hey can’t be delet ed or used for
Et hernet .

http://www.9tut 165
Qu e st ion 4
Refer t o t he exhibit . This com m and is execut ed on 2960Swit ch:
2960Swit ch( config) # m ac- address- t able st at ic 0000.00aa.aaaa vlan 10 int erface fa0/ 1
Which t wo of t hese st at em ent s correct ly ident ify result s of execut ing t he com m and? ( Choose t wo)

A. Port securit y is im plem ent ed on t he fa0/ 1 int erface.

B. MAC address 0000.00aa.aaaa does not need t o be learned by t his swit ch.
C. Only MAC address0000.00aa.aaaa can source fram es on t he fa0/ 1 segm ent .
D. Fram es wit h a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/ 1.
E. MAC address 0000.00aa.aaaa will be list ed in t he MAC address t able for int erface fa0/ 1 only.

An sw e r : B E
Ex pla na t ion
The above com m and adds t he MAC address 0000.00aa.aaaa t o t he MAC address t able of t he
swit ch. This is called st at ic MAC address. St at ic addresses have t he following charact erist ics:
* St at ic addresses will not be rem oved from t he address t able when a given int erface link is down.
* St at ic addresses are bound t o t he assigned int erface and will not be m oved. When a st at ic
address is seen on anot her int erface, t he address will be ignored and will not be writ t en t o t he
address t able.
* A st at ic address cannot be learned on anot her port unt il t he address is rem oved wit h t he no
form of t his com m and.
St at ic MAC address is not a Port Securit y feat ure - > A is not correct .
I f t he MAC address 0000.00aa.aaaa is seen again ( on fa0/ 1 or ot her port s) , it does not need t o be
learned because it already exist s in t he MAC address t able of t he swit ch - > B is correct .
Alt hough configured wit h a st at ic MAC address, swit ch can st ill learn ot her MAC addresses
dynam ically - > C is not correct .
Fram es wit h a Layer 2 dest inat ion address ( not source address) of 0000.00aa.aaaa will be
forwarded out fa0/ 1 - > D is not correct .
Qu e st ion 5
Which set of com m ands is recom m ended t o prevent t he use of a hub in t he access layer?
A.
swit ch( config- if) # swit chport m ode t runk
swit ch( config- if) # swit chport port - securit y m axim um 1
B.
swit ch( config- if) # swit chport m ode t runk
swit ch( config- if) # swit chport port - securit y m ac- address 1

http://www.9tut 166
C.
swit ch( config- if) # swit chport m ode access
swit ch( config- if) # swit chport port - securit y m axim um 1
D.
swit ch( config- if) # swit chport m ode access
swit ch( config- if) # swit chport port - securit y m ac- address 1

An sw e r : C
Ex pla na t ion
Port securit y is only used on access port ( which connect s t o host s) so we need t o set t hat port t o
“ access” m ode, t hen we need t o specify t he m axim um num ber of host s which are allowed t o
connect t o t his port - > C is correct .
Not e: I f we want t o allow a fixed MAC address t o connect , use t he “ swit chport port - securit y m ac-
address < MAC address> ” com m and.
Qu e st ion 6
A Cat alyst 2950 needs t o be reconfigured. What st eps will ensure t hat t he old configurat ion is
erased? ( Choose t hree)
A. Erase flash.
B. Rest art t he swit ch.
C. Delet e t he VLAN dat abase.
D. Erase t he running configurat ion.
E. Erase t he st art up configurat ion.
F. Modify t he configurat ion regist er.

An sw e r : B C E
Qu e st ion 7
The net work adm inist rat or has discovered t hat t he power supply has failed on a swit ch in t he
com pany LAN and t hat t he swit ch has st opped funct ioning. I t has been replaced wit h a Cisco
Cat alyst 2950 series swit ch. What m ust be done t o ensure t hat t his new swit ch becom es t he root
bridge on t he net work?
A. Lower t he bridge priorit y num ber.
B. Change t he MAC address of t he swit ch.
C. I ncrease t he VTP revision num ber for t he dom ain.
D. Lower t he root pat h cost on t he swit ch port s.
E. Assign t he swit ch an I P address wit h t he lowest value.

An sw e r : A
Qu e st ion 8
Which t wo of t hese are charact erist ics of t he 802.1Q prot ocol? ( Choose t wo)
A. I t is a layer 2 m essaging prot ocol which m aint ains vlan configurat ions across net work.
B. I t includes an 8- bit field which specifies t he priorit y of a fram e.
C. I t is used exclusively for t agging vlan fram es and dose not address net work reconvergence
following swit ched net work t opology changes.

http://www.9tut 167
D. I t m odifies t he 802.3 fram e header and t hus requires t hat t he FCS be recom put ed.
E. I t is a t runking prot ocol capable of earring unt agged fram es.

An sw e r : D E
Ex pla na t ion
I EEE 802.1Q is t he net working st andard t hat support s Virt ual LANs ( VLANs) on an Et hernet
net work. I t is a prot ocol t hat allows VLANs t o com m unicat e wit h one anot her using a rout er.
802.1Q t runks support t agged and unt agged fram es.
I f a swit ch receives unt agged fram es on a t runk port , it believes t hat fram e is a part of t he nat ive
VLAN. Also, fram es from a nat ive VLAN are not t agged when exit ing t he swit ch via a t runk port .
The 802.1q fram e form at is sam e as 802.3. The only change is t he addit ion of 4 byt es fields. That
addit ional header includes a field wit h which t o ident ify t he VLAN num ber. Because insert ing t his
header changes t he fram e, 802.1Q encapsulat ion forces a recalculat ion of t he original FCS field in
t he Et hernet t railer.
Not e: Fram e Check Sequence ( FCS) is a four- oct et field used t o verify t hat t he fram e was received
wit hout loss or error. FCS is based on t he cont ent s of t he ent ire fram e.
Qu e st ion 9
What are t wo advant ages of Layer 2 Et hernet swit ches over hubs? ( Choose t wo)
A. decreasing t he num ber of collision dom ains
B. filt ering fram es based on MAC addresses
C. allowing sim ult aneous fram e t ransm issions
D. increasing t he size of broadcast dom ains
E. increasing t he m axim um lengt h of UTP cabling bet ween devices
An sw e r : B C
Ex pla na t ion
Hub is considered a layer 1 device. When a packet arrives at one port , it is copied t o t he ot her
port s wit hout checking t he cont ent of t hat packet .
Swit ch operat es at layer 2. When a packet arrives at one port , it checks in it s dat abase ( based on
MAC address) t o see which port it should forward t hat packet out - > B is correct .
Rem em ber t hat hubs can only com m unicat e in half duplex m ode, which m eans t hat a com put er
can only send dat a when it is not receiving. Swit ches can run in full duplex m ode, which allows
dat a t o be sent and received at t he sam e t im e. Swit ches effect ively double t he speed of t he
net work when com pared t o hubs - > C is correct .
Swit ch increases t he num ber of collision dom ains ( which is bet t er) - > A is not correct .
Swit ch does not have any effect on t he size of broadcast dom ains. When using swit ch, t he size of
broadcast dom ains rem ain t he sam e - > D is not correct .
Bot h hub and swit ch increase t he m axim um lengt h of UTP cabling bet ween devices so it is not an
advant age of swit ch over hub - > E is not correct .
Qu e st ion 1 0
Which com m and will show t he MAC addresses of st at ions connect ed t o swit ch port s?
A. show m ac- address
B. show arp

http://www.9tut 168
C. show t able
D. show swit chport
An sw e r : B
Ex pla na t ion
There is no “ show m ac- address” com m and. But not ice t he “ show m ac- address- t able” and “ show
m ac address- t able” do exist .
I f opt ion A is “ show m ac- address- t able” t hen bot h A & B are correct !

CCNA – VLAN Quest ions

I f you are not sure about VLAN, please read m y VLAN t ut orial.

Virt ual Local Area Net work VLAN Tut orial

VLAN I n t r odu ct ion
“ A virt ual LAN ( VLAN) is a group of net working devices in t he sam e broadcast dom ain”
I t is t he concept of VLAN t hat m ost of t he books are using but it doesn’t help us underst and t he
benefit s of VLANs. I f you ask “ What is a LAN?” you will receive t he sam e answer: it is also a group
of net working devices in t he sam e broadcast dom ain!
To m ake it clearer, I expanded t he above st at em ent int o a bit longer st at em ent : )
“ A virt ual LAN ( VLAN) is a group of net working devices in t he sam e broadcast dom ain, logically”
I t m eans t hat t he devices in t he sam e VLAN m ay be widely separat ed in t he net work, bot h by
geography and locat ion. VLANs logically segm ent t he net work int o different broadcast dom ains so
t hat packet s are only swit ched bet ween port s t hat are designat ed for t he sam e VLAN.
Let ’s t ake an exam ple t o underst and t he benefit s of VLAN. Suppose you are working in a big
com pany wit h m any depart m ent s, som e of t hem are SALES and TECHNI CAL depart m ent s. You are
t asked t o separat e t hese depart m ent s so t hat each of t hem can only access specific resources in
t he com pany.
This t ask is really easy, you t hink. To com plet e t his t ask, you j ust need t o use different net works
for t hese depart m ent s and use access- list t o allow/ deny t hat net work t o a specific resource. For
exam ple, you assign net work 192.168.1.0/ 24 for SALES and 192.168.2.0/ 24 for TECH. At t he
“ Com pany rout er” you apply an access- list t o filt er t raffic from t hese net works. Below is t he
t opology of your net work wit hout VLANs:

Everyt hing looks good and you im plem ent t his design t o your com pany. But aft er one m ont h you
receive m any com plaint s from bot h your colleagues and leaders.

http://www.9tut 169
+ First , your depart m ent leaders need t o access t o addit ional privat e resources which em ployees
are not allowed.
+ Second, t he com pany has j ust recruit ed som e new SALES em ployees but now t he SALES room
is full so t hey have t o sit at t he 1st floor ( in t he TECH area) . They want t o access t o SALES
resources but t hey can only access t o t he TECH resources because t hey are connect ing t o TECH
swit ch.
To solve t he first problem m aybe you will creat e a new and m ore powerful net work for your
leaders. But not ice t hat each leader sit s at different floor so you will need t o link all of t hem t o a
swit ch - > what a m ess!
The second problem is m ore difficult t han t he first one. Maybe you have t o creat e anot her net work
at t he TECH area and apply t he sam e policy as t he SALES depart m ent for t hese host s - > anot her
m ess in m anagem ent !
Maybe you will be glad t o know VLAN can solve all t hese problem s. VLAN helps you group users
t oget her according t o t heir funct ion rat her t han t heir physical locat ion. This m eans you can use
t he sam e net work for host s in different floors ( of course t hey can com m unicat e wit h each ot her) .

I n t his design:
+ you can logically creat e a new net work wit h addit ional perm issions for your leaders ( LEADER
net work) by adding anot her VLAN.
+ em ployees can sit anywhere t o access t he resources in t heir depart m ent s, provided t hat you
allow t hem t o do so.
+ com put ers in t he sam e depart m ent can com m unicat e wit h each ot her alt hough t hey are at
different floors.
I f t hese depart m ent s expand in t he fut ure you can st ill use t he sam e net work in any ot her floor.
For exam ple, SALES needs t o have 40 m ore em ployees - > you can use 4t h floor for t his
expansion wit hout changing t he current net work.
But wait … m aybe you recognize som et hing st range in t he above design? How can 2 com put ers
connect ing t o 2 different swit ches com m unicat e? I f one com put er sends a broadcast packet will it
be flooded t o ot her depart m ent s as swit ch doesn’t break up broadcast dom ains?
The answer is “ Yes, t hey can! ” and it is t he beaut y of VLAN. Host s in t he sam e VLAN can
com m unicat e norm ally even t hey are connect ing t o 2 or m ore different swit ches. This m akes t he
m anagem ent m uch m ore sim ple.
Alt hough layer 2 swit ches can only break up collision dom ains but VLANs can be used t o break up
broadcast dom ains. So if a com put er in SALES broadcast s, only com put ers in SALES will receive
t hat fram e.
So we don’t need a rout er, right ? The answer is “ we st ill need a rout er” t o enable different VLANs
t o com m unicat e wit h each ot her. Wit hout a rout er, t he com put ers wit hin each VLAN can

http://www.9tut 170
com m unicat e wit h each ot her but not wit h any ot her com put ers in anot her VLAN. For exam ple, we
need a rout er t o t ransfer file from LEADER t o TECH. This is called “ int erVLAN rout ing” .
When using VLANs in net works t hat have m ult iple int erconnect ed swit ches, you need t o use VLAN
t r u n k ing be t w e e n t he sw it ch e s. Wit h VLAN t runking, t he swit ches t ag each fram e sent
bet ween swit ches so t hat t he receiving swit ch knows which VLAN t he fram e belongs t o. This t ag is
known as a VLAN I D. A VLAN I D is a num ber which is used t o ident ify a VLAN.

Not ice t hat t he t ag is only added and rem oved by t he swit ches when fram es are sent out on t he
t runk links. Host s don’t know about t his t ag because it is added on t he first swit ch and rem oved
on t he last swit ch. The pict ure below describes t he process of a fram e sent from PC A t o PC B.

Not e: Trunk link does not belong t o a specific VLAN, rat her it is a conduit for VLANs bet ween
swit ches and rout ers.
To allow int erVLAN rout ing you need t o configure t r u n k ing on t h e lin k be t w e e n r ou t e r a n d
sw it ch.
Therefore in our exam ple we need t o configure 3 links as “ t runk” .

Cisco swit ches support t wo different t runking prot ocols, I n t e r - Sw it ch Lin k ( I SL) and I EEE
8 0 2 .1 q. Cisco creat ed I SL before t he I EEE st andardized t runking prot ocol. Because I SL is Cisco
propriet ary, it can be used only bet ween t wo Cisco swit ches - > 802.1q is usually used in pract ical.

http://www.9tut 171
I n 802.1q encapsulat ion, t here is a concept called nat ive VLAN t hat was creat ed for backward
com pat ibilit y wit h old devices t hat don’t support VLANs. Nat ive VLAN works as follows:
+ Fram e belonging t o t he nat ive VLAN is not t agged when sent out on t he t runk links
+ Fram e received unt agged on t he t runk link is set t o t he nat ive VLAN.

So if an old swit ch doesn’t support VLAN it can st ill “ underst and” t hat fram e and cont inue sending
it ( wit hout dropping it ) .
Every port belongs t o at least one VLAN. I f a swit ch receives unt agged fram es on a t runkport ,
t hey are assum ed t o be part of t he nat ive vlan. By default , VLAN 1 is t he default and nat ive VLAN
but t his can be changed on a per port basis by configurat ion.
Qu e st ion 1
Refer t o t he exhibit . A net work associat e needs t o configure t he swit ches and rout er in t he graphic
so t hat t he host s in VLAN3 and VLAN4 can com m unicat e wit h t he ent erprise server in VLAN2.
Which t wo Et hernet segm ent s would need t o be configured as t runk links? ( Choose t wo)

A. A
B. B
C. C
D. D
E. E
F. F
An sw e r : C F
Ex pla na t ion
The link bet ween t he swit ches and t he link bet ween swit ch & rout er should be configured as
t runks. Ot her links ( connect ed t o host s) should be configured as access links.

http://www.9tut 172
Qu e st ion 2
Which t hree st at em ent s are t ypical charact erist ics of VLAN arrangem ent s? ( Choose t hree)
A. A new swit ch has no VLANs configured.
B. Connect ivit y bet ween VLANs requires a Layer 3 device.
C. VLANs t ypically decrease t he num ber of collision dom ains.
D. Each VLAN uses a separat e address space.
E. A swit ch m aint ains a separat e bridging t able for each VLAN.
F. VLANs cannot span m ult iple swit ches.

An sw e r : B D E
Ex pla na t ion
By default , all port s on a new swit ch belong t o VLAN 1 ( default & nat ive VLAN) . There are also
som e well- known VLANs ( for exam ple: VLAN 1002 for fddi- default ; VLAN 1003 for t oken- ring…)
configured by default - > A is not correct .
To com m unicat e bet ween t wo different VLANs we need t o use a Layer 3 device like rout er or
Layer 3 swit ch - > B is correct .
VLANs don’t affect t he num ber of collision dom ains, t hey are t he sam e - > C is not correct .
Typically, VLANs increase t he num ber of broadcast dom ains.
We m ust use a different net work ( or subnet work) for each VLAN. For exam ple we can use
192.168.1.0/ 24 for VLAN 1, 192.168.2.0/ 24 for VLAN 2 - > D is correct .
A swit ch m aint ains a separat e bridging t able for each VLAN so t hat it can send fram e t o port s on
t he sam e VLAN only. For exam ple, if a PC in VLAN 2 sends a fram e t hen t he swit ch look- ups it s
bridging t able and only sends fram e out of it s port s which belong t o VLAN 2 ( it also sends t his
fram e on t runk port s) - > E is correct .
We can use m ult iple swit ches t o expand VLAN - > F is not correct .
Qu e st ion 3
By default , each port in a Cisco Cat alyst swit ch is assigned t o VLAN1. Which t wo recom m endat ions
are key t o avoid unaut horized m anagem ent access? ( Choose t wo)
A. Creat e an addit ional ACL t o block t he access t o VLAN 1.
B. Move t he m anagem ent VLAN t o som et hing ot her t han default .
C. Move all port s t o anot her VLAN and deact ivat e t he default VLAN.
D. Lim it t he access in t he swit ch using port securit y configurat ion.
E. Use st at ic VLAN in t runks and access port s t o rest rict connect ions.
F. Shut down all unused port s in t he Cat alyst swit ch.
An sw e r : B F
Qu e st ion 4
Which t wo benefit s are provided by creat ing VLANs? ( Choose t wo)
A. added securit y
B. dedicat ed bandwidt h
C. provides segm ent at ion
D. allows swit ches t o rout e t raffic bet ween subint erfaces
E. cont ains collisions

An sw e r : A C

http://www.9tut 173
Qu e st ion 5
Which t wo link prot ocols are used t o carry m ult iple VLANs over a single link? ( Choose t wo)
A. VTP
B. 802.1q
C. I GP
D. I SL
E. 802.3u

An sw e r : B D
Ex pla na t ion
Cisco swit ches support t wo t runking prot ocols 802.1q & I SL. 802.1q is an open st andard and is
t hus com pat ible bet ween m ost vendors’ equipm ent while I nt er- Swit ch Link ( I SL) is Cisco
propriet ary.
Qu e st ion 6
A swit ch is configured wit h all port s assigned t o vlan 2 wit h full duplex Fast Et hernet t o segm ent
exist ing depart m ent al t raffic. What is t he effect of adding swit ch port s t o a new VLAN on t he
swit ch?
A. More collision dom ains will be creat ed.
B. I P address ut ilizat ion will be m ore efficient .
C. More bandwidt h will be required t han was needed previously.
D. An addit ional broadcast dom ain will be creat ed.
An sw e r : D
Qu e st ion 7
Which t wo st at em ent s about t he use of VLANs t o segm ent a net work are t rue? ( Choose t wo)
A. VLANs increase t he size of collision dom ains.
B. VLANs allow logical grouping of users by funct ion.
C. VLANs sim plify swit ch adm inist rat ion.
D. VLANs enhance net work securit y.
An sw e r : B D
Qu e st ion 8
Cisco Cat alyst swit ches CAT1 and CAT2 have a connect ion bet ween t hem using port s Fa0/ 13. An
802.1Q t runk is configured bet ween t he t wo swit ches. On CAT1, VLAN 10 is chosen as nat ive, but
on CAT2 t he nat ive VLAN is not specified. What will happen in t his scenario?
A. 802.1Q giant s fram es could sat urat e t he link.
B. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send unt agged fram es.
C. A nat ive VLAN m ism at ch error m essage will appear.
D. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send t agged fram es.

An sw e r : C
Ex pla na t ion
A “ nat ive VLAN m ism at ch” error will appear by CDP if t here is a nat ive VLAN m ism at ch on an
802.1Q link. “ VLAN m ism at ch” can cause t raffic from one vlan t o leak int o anot her vlan.

http://www.9tut 174
Qu e st ion 9
Which t wo st at em ent s describe t he Cisco im plem ent at ion of VLANs? ( Choose t wo)
A. VLAN 1 is t he default Et hernet VLAN.
B. CDP advert isem ent s are only sent on VLAN 1002.
C. By default , t he m anagem ent VLAN is VLAN 1005.
D. By default , t he swit ch I P address is in VLAN 1005.
E. VLANs 1002 t hrough 1005 are aut om at ically creat ed and cannot be delet ed.

An sw e r : A E
Qu e st ion 1 0
What are t hree advant ages of VLANs? ( Choose t hree)
A. VLANs est ablish broadcast dom ains in swit ched net works.
B. VLANs ut ilize packet filt ering t o enhance net work securit y.
C. VLANs provide a m et hod of conserving I P addresses in large net works.
D. VLANs provide a low- lat ency int ernet working alt ernat ive t o rout ed net works.
E. VLANs allow access t o net work services based on depart m ent , not physical locat ion.
F. VLANs can great ly sim plify adding, m oving, or changing host s on t he net work.

An sw e r : A E F

Part 2
u e st ion 1
Which of t he following are benefit s of VLANs? ( Choose t hree)
A. They increase t he size of collision dom ains.
B. They allow logical grouping of users by funct ion.
C. They can enhance net work securit y.
D. They increase t he size of broadcast dom ains while decreasing t he num ber of collision dom ains.
E. They increase t he num ber of broadcast dom ains while decreasing t he size of t he broadcast
dom ains.
F. They sim plify swit ch adm inist rat ion.

An sw e r : B C E
Ex pla na t ion
When using VLAN t he num ber and size of collision dom ains rem ain t he sam e - > A is not correct .
VLANs allow t o group users by funct ion, not by locat ion or geography - > B is correct .
VLANs help m inim ize t he incorrect configurat ion of VLANs so it enhances t he securit y of t he
net work - > C is correct .
VLAN increases t he size of broadcast dom ains but does not decrease t he num ber of collision
dom ains - > D is not correct .
VLANs increase t he num ber of broadcast dom ains while decreasing t he size of t he broadcast
dom ains which increase t he ut ilizat ion of t he links. I t is also a big advant age of VLAN - > E is
correct .
VLANs are useful but t hey are m ore com plex and need m ore adm inist rat ion - > F is not correct .

http://www.9tut 175
Qu e st ion 2
Refer t o t he diagram . All host s have connect ivit y wit h one anot her. Which st at em ent s describe t he
addressing schem e t hat is in use in t he net work? ( Choose t hree)

A. The subnet m ask in use is 255.255.255.192.

B. The subnet m ask in use is 255.255.255.128.
C. The I P address 172.16.1.25 can be assigned t o host s in VLAN1
D. The I P address 172.16.1.205 can be assigned t o host s in VLAN1
E. The LAN int erface of t he rout er is configured wit h one I P address.
F. The LAN int erface of t he rout er is configured wit h m ult iple I P addresses.

An sw e r : B C F
Ex pla n t ion
First we should not ice t hat different VLANs m ust use different subnet works. I n t his case Host A
( 172.16.1.126) and Host B ( 172.16.1.129) are in different VLANs and m ust use different sub-
net works. Therefore t he subnet m ask in use here should be 255.255.255.128. I n part icular, it is
172.16.1.0/ 25 wit h 2 subnet works:
+ Sub- net work 1: 172.16.1.0 - > 172.16.1.127 ( assigned t o VLAN 1)
+ Sub- net work 2: 172.16.1.128 - > 172.16.1.255 ( assigned t o VLAN 2)
- > B is correct .
The I P address 172.16.1.25, which is in t he sam e subnet work wit h host A so it can be assigned
t o VLAN 1 - > C is correct .
To m ake different VLANs com m unicat e wit h each ot her we can configure subint erfaces ( wit h a
different I P address on each int erface) on t he LAN int erface of t he rout er - > F is correct .
Qu e st ion 3
A net work associat e is t rying t o underst and t he operat ion of t he FLD Corporat ion by st udying t he
net work in t he exhibit . The associat e knows t hat t he server in VLAN 4 provides t he necessary
resources t o support t he user host s in t he ot her VLANs. The associat e needs t o det erm ine which
int erfaces are access port s. Which int erfaces are access port s? ( Choose t hree)

http://www.9tut 176
A. Swit ch1 – Fa0/ 2
B. Swit ch1 – Fa0/ 9
C. Swit ch2 – Fa0/ 3
D. Swit ch2 – Fa0/ 4
E. Swit ch2 – Fa0/ 8
F. Rout er – Fa1/ 0

An sw e r : A C D
Ex pla na t ion
Access port s are swit ch’s port s which are connect ed t o host s.
Qu e st ion 4
What are t hree valid reasons t o assign port s t o VLANs on a swit ch? ( Choose t hree)
A. t o m ake VTP easier t o im plem ent
B. t o isolat e broadcast t raffic
C. t o increase t he size of t he collision dom ain
D. t o allow m ore devices t o connect t o t he net work
E. t o logically group host s according t o funct ion
F. t o increase net work securit y

An sw e r : B E F
Qu e st ion 5
Which st at em ent is correct about t he int ernet work shown in t he diagram ?

A. Swit ch 2 is t he root bridge.

B. Spanning Tree is not running.
C. Host D and Server 1 are in t he sam e net work.

http://www.9tut 177
D. No collisions can occur in t raffic bet ween Host B and Host C.
E. I f Fa0/ 0 is down on Rout er1, Host A cannot access Server1.
F. I f Fa0/ 1 is down on Swit ch3, Host C cannot access Server2.

An sw e r : E
Ex pla na t ion
Swit ch 2 cannot be t he root bridge because all port s of root bridges are designat ed port s. I n t he
diagram swit ch 2 has one blocked port - > I t is not t he root bridge - > A is not correct .
Because Swit ch 2 has a blocked port so surely Spanning Tree Prot ocol is running - > B is not
correct .
Host D belongs t o VLAN 2 while Server 1 belongs t o VLAN 3 so t hey are not in t he sam e net work
- > C is not correct .
Host B & host C are connect ed t hrough a hub so t hey are in t he sam e collision dom ain and
collision can occur - > D is not correct .
We need a rout er t o allow different VLANs t o com m unicat e wit h each ot her. This rout er is called
“ rout er on a st ick” . I n t his case it is Rout er1. The link bet ween Rout er1 and Swit ch1 is configured
as t runk link. I f t his link is down, different VLANs cannot com m unicat e wit h each ot her - > E is
correct .
I f Fa0/ 1 is down on Swit ch3, Spanning Treel Prot ocol will “ open” t he blocked port on Swit ch 2 can
Host C can access Server 2 t hrough Host C - > Hub1 - > Swit ch2 - > Swit ch1 - > Rout er1- > Swit ch1
- > Server2 ( not ice t hat it m ust go t hrough Rout er1 because t hey are in different VLANs) . So F is
not correct .
Qu e st ion 6
Refer t o t he exhibit . Which of t hese st at em ent s correct ly describes t he st at e of t he swit ch once
t he boot process has been com plet ed?

A. As Fast Et hernet 0/ 12 will be t he last t o com e up, it will not be blocked by STP.
B. Rem ot e access m anagem ent of t his swit ch will not be possible wit hout configurat ion change.

http://www.9tut 178
C. More VLANs will need t o be creat ed for t his swit ch.
D. The swit ch will need a different I OS code in order t o support VLANs and STP.

An sw e r : B
Ex pla na t ion
From t he out put we not ice t hat t he adm inist rat or has j ust shut down I nt erface Vlan1, which is t he
default VLAN so no one can access it rem ot ely ( like t elnet ) - > B is correct .
Answer A is not correct as STP calculat ion does not depend on which port com es up first or last .
STP recalculat es when t here is a change in t he net work.
A norm al swit ch can operat e wit hout VLAN - > C is not correct .
This I OS does support VLAN because it has VLAN 1 on it - > D is not correct .

CCNA – VTP Quest ions

I f you are not sure about VTP, please read m y VTP t ut orial

VLAN Trunking Prot ocol VTP Tut orial

This t opic describes t he feat ures t hat VLAN Trunking Prot ocol ( VTP) offers t o support VLANs. To
help you underst and t he basic concept , t his is a sum m ary of what VTP is:
“VTP a llow s a n e t w or k m a na ge r t o con figur e a sw it ch so t ha t it w ill pr opa ga t e VLAN
con figu r a t ion s t o ot he r sw it ch e s in t h e ne t w or k ”
VTP m inim izes m isconfigurat ions and configurat ion inconsist encies t hat can cause problem s, such
as duplicat e VLAN nam es or incorrect VLAN- t ype specificat ions. VTP helps you sim plify
m anagem ent of t he VLAN dat abase across m ult iple swit ches.
VTP is a Cisco- propriet ary prot ocol and is available on m ost of t he Cisco swit ches.
W h y w e ne e d VTP?
To answer t his quest ion, let ’s discuss a real and popular net work t opology.
Suppose you are working in a m edium com pany in a 5- floor office. You assigned each floor t o a
swit ch for easy m anagem ent and of course t hey can be assigned t o different VLANs. For exam ple,
your bosses can sit in any floor and st ill access Manage VLAN ( VLAN 7) . Your t echnical colleagues
can sit anywhere on t he floors t o access Technical VLAN ( VLAN 4) . This is t he best design because
each person’s perm ission is not lim it ed by t he physical locat ion.

http://www.9tut 179
Now let ’s discuss about VTP role in t his t opology! Suppose VTP is not running on t hese swit ches.
One day, your boss decides t o add a new depart m ent t o your office, t he Support Depart m ent , and
you are t asked t o add a new SUPPORT VLAN for t his depart m ent . How will you do t hat ? Well,
wit hout VTP you have t o go t o each swit ch t o enable t his new VLAN. Fort unat ely your office only
has 5 floors so you can finish t his t ask in som e hours : )
But j ust im agine if your com pany was bigger wit h 100- floor office and som e VLANs needed t o be
added every m ont h! Well, it will surely becom e a daunt ing t ask t o add a new VLAN like t his.
Luckily, Cisco always “ t hinks big” t o creat e a m et hod for you t o j ust sit at t he “ Main Sw” , adding
your new VLANs and m agically, ot her swit ches aut om at ically learn about t his VLAN, sweet , right ?
I t is not a dream , it is what VTP does for you!
H ow VTP W or k s
To m ake swit ches exchange t heir VLAN inform at ion wit h each ot her, t hey need t o be configured in
t he sam e VTP dom a in. Only swit ches belonging t o t he sam e dom ain share t heir VLAN
inform at ion. When a change is m ade t o t he VLAN dat abase, it is propagat ed t o all swit ches
via VTP a dve r t ise m e n t s.
To m aint ain dom ain consist ency, only one swit ch should be allowed t o creat e ( or delet e, m odify)
new VLAN. This swit ch is like t he “ m ast er” of t he whole VTP dom ain and it is operat ed in Se r ve r
m ode . This is also t he default m ode.
Ot her swit ches are only allowed t o receive and forward updat es from t he “ server” swit ch. They are
operat ed in Clie n t m ode .

I n som e cases, t he net work m anager doesn’t want a swit ch t o learn VTP inform at ion from ot her
swit ches. He can set it t oTr a n spa r e n t m ode . I n t his m ode, a swit ch m aint ains it s own VLAN
dat abase and never learn VTP inform at ion from ot her swit ches ( even t he server) . However, it st ill

http://www.9tut 180
forwards VTP advert isem ent s from t he server t o ot her swit ches ( but doesn’t read t hat updat e) . A
t ransparent swit ch can add, delet e and m odify VLAN dat abase locally.
Now ret urn t o t he exam ple above, we can configure any swit ches as t he “ server” but for our
convenience, t he “ Main Sw” should be assigned t his funct ion and we should place it in a safe
place.

As said above, VTP advert isem ent s bring VLAN inform at ion t o all t he swit ches in a VTP dom ain.
Each VTP advert isem ent is sent wit h a Re vision n um be r . This num ber is used in order t o
det erm ine whet her t he VTP advert isem ent is m ore recent t han t he current version of t hat swit ch.
Because each t im e you m ake a VLAN change in a swit ch, t he configurat ion revision is increm ent ed
by one. So t he higher t he revision num ber, t he bet t er your VTP advert isem ent .
For exam ple, t he first t im e t he Main Sw sends a VTP advert isem ent , it s Revision num ber is 1.
When you add a new VLAN t o t he Main Sw, it will send a VTP advert isem ent wit h t he Revision
num ber of 2. Client swit ches first receive t he VTP advert isem ent wit h t he Revision num ber of 1,
which is bigger t han it s current Revision num ber ( 0) so it updat es it s VLAN dat abase. Next it
receives t he VTP advert isem ent wit h t he Revision num ber of 2, it cont inues com paring wit h it s
current Revision num ber ( 1) - > it cont inues updat e it s VLAN dat abase.
One im port ant t hing you m ust know is when a swit ch receives a bet t er VTP advert isem ent , it
delet es it s whole VTP inform at ion and copy t he new inform at ion from t he bet t er VTP
advert isem ent t o it s VLAN dat abase. A swit ch does not t ry t o com pare it s own VLAN dat abase wit h
inform at ion from t he received VTP advert isem ent s t o find out and updat e t he difference!
Not e: VTP advert isem ent s are sent as m ult icast fram es and all neighbors in t hat dom ain receive
t he fram es.
Th e “sh ow vt p st a t u s” com m a nd a na lysis
The m ost im port ant com m and t o view t he st at us of VTP on Cisco swit ches t hat each CCNA
learners m ust grasp is t he “ show vt p st at us” com m and. Let ’s have a look at t he out put of t his
com m and:

http://www.9tut 181
+ VTP Version: displays t he VTP version t he swit ch is running. By default , t he swit ch runs version
1 but can be set t o version 2. Wit hin a dom ain, t he t wo VTP versions are not int eroperable so
m ake sure t o configure t he sam e VTP version on every swit ch in a dom ain.
+ Configurat ion Revision: current Revision num ber on t his swit ch.
+ Maxim um VLANs Support ed Locally: m axim um num ber of VLANs support ed locally.
+ Num ber of Exist ing VLANs: Num ber of exist ing VLANs.
+ VTP Operat ing Mode: can be server, client , or t ransparent .
+ VTP Dom ain Nam e: nam e t hat ident ifies t he adm inist rat ive dom ain for t he swit ch.
By default , a swit ch operat es in VTP Server m ode wit h a NULL ( blank) dom ain nam e wit h no
password configured ( t he password field is not list ed in t he out put )
+ VTP Pruning Mode: displays whet her pruning is enabled or disabled. We will discuss about VTP
Pruning lat er.
+ VTP V2 Mode: displays if VTP version 2 m ode is enabled. VTP version 2 is disabled by default .
+ VTP Traps Generat ion: displays whet her VTP t raps are sent t o a net work m anagem ent st at ion.
+ MD5 Digest : a 16- byt e checksum of t he VTP configurat ion.
+ Configurat ion Last Modified: dat e and t im e of t he last configurat ion m odificat ion. Displays t he I P
address of t he swit ch t hat caused t he configurat ion change t o t he dat abase.
VTP Pr un in g
To underst and what VTP Pruning is, let ’s see an exam ple:

When PC A sends a broadcast fram e on VLAN 10, it t ravels across all t runk links in t he VTP
dom ain. Swit ches Server, Sw2, and Sw3 all receive broadcast fram es from PC A. But only Sw3
has user on VLAN 10 and it is a wast e of bandwidt h on Sw2. Moreover, t hat broadcast t raffic also
consum es processor t im e on Sw2. The link bet ween swit ches Server and Sw2 does not carry any
VLAN 10 t raffic so it can be “ pruned” .

http://www.9tut 182
VTP Pruning m akes m ore efficient use of t runk bandwidt h by forwarding broadcast and unknown
unicast fram es on a VLAN only if t he swit ch on t he receiving end of t he t runk has port s in t hat
VLAN. I n t he above exam ple, Server swit ch doesn’t send broadcast fram e t o Sw2 because Sw2
doesn’t have port s in VLAN 10.
When a swit ch has a port associat ed wit h a VLAN, t he swit ch sends an advert isem ent t o it s
neighbors t o inform t hat it has act ive port s on t hat VLAN. For exam ple, Sw3 sends an
advert isem ent t o Server swit ch t o inform t hat it has act ive port for VLAN 10. Sw2 has not
advert ised about VLAN 10 so Server swit ch will prune VLAN 10 on t he t runk t o Sw2.
You only need t o enable pruning on one VTP server swit ch in t he dom ain.
VTP Configurat ion
M a in Sw ( con fig) # vt p ve r sion 2
M a in Sw ( con fig) # vt p dom a in 9 t u t
M a in Sw ( con fig) # vt p m ode se r ve r
M a in Sw ( con fig) # vt p pa ssw or d k e e pit se cr e t
On client swit ches
Clie n t ( config) # vt p ve r sion 2
Clie n t ( config) # vt p dom a in 9 t ut
Clie n t ( config) # vt p pa ssw or d k e e pit se cr e t
Clie n t ( config) # vt p m ode clie n t
Not ice: Before configuring VTP m ake sure t he links bet ween your swit ches are t runk links. Your
t runk link can aut om at ically be form ed if bot h of your swit ches are not 2960 or 3560 because
port s on t he 2960 and 3560 swit ches are set t o dynam ic aut o by default . I f bot h sides are set t o
dynam ic aut o, t he link will rem ain in access m ode. To configure t runk bet ween t hese port s, use
t hese com m ands:
Clie n t ( config) # in t e r fa ce fa 0 / 1 ( or t he int erface on t he link you want t o be t runk)
Clie n t ( config- if) # sw it ch por t m ode t r u n k
These com m ands only need t o be used on one of t wo swit ches t o form t he t runk.
Be low sum m a r ie s im por t a n t n ot e s a bou t VTP:
+ Whenever a change occurs in t he VLAN dat abase, t he VTP server increm ent s it s configurat ion
revision num ber and t hen advert ises t he new revision t hroughout t he VTP dom ain via VTP

http://www.9tut 183
advert isem ent s.
+ VTP operat es in one of t hree m odes: server, t ransparent , or client .
VTP m odes:
* Server: The default m ode. When you m ake a change t o t he VLAN configurat ion on a VTP server,
t he change is propagat ed t o all swit ches in t he VTP dom ain. VTP m essages are t ransm it t ed out of
all t he t runk connect ions. I n Server m ode we can creat e, m odify, delet e VLANs.
* Client : cannot m ake changes t o t he VLAN configurat ion when in t his m ode; however, a VTP
client can send any VLANs current ly list ed in it s dat abase t o ot her VTP swit ches. VTP client also
forwards VTP advert isem ent s ( but cannot creat e VTP advert isem ent s) .
* Transparent : When you m ake a change t o t he VLAN configurat ion in t his m ode, t he change
affect s only t he local swit ch and does not propagat e t o ot her swit ches in t he VTP dom ain. VTP
t ransparent m ode does forward VTP advert isem ent s t hat it receives wit hin t he dom ain.
VTP Pruning m akes m ore efficient use of t runk bandwidt h by forwarding broadcast and unknown
unicast fram es on a VLAN only if t he swit ch on t he receiving end of t he t runk has port s in t hat
VLAN.
Qu e st ion 1
Refer t o t he exhibit . Aft er Swit chB was added t o t he net work, VLAN connect ivit y problem s st art ed
t o occur. What caused t his problem ?

A. Bot h swit ches are in server m ode in t he sam e dom ain.

B. The revision num ber of Swit chB was higher t han t he revision num ber of Swit chA.
C. Swit chA was not reboot ed prior t o adding Swit chB t o t he net work.
D. V2- m ode is not enabled.
E. VTP pruning is not act ivat ed, so t he new pat hs in t he net work have not been recalculat ed.

An sw e r : B
Ex pla na t ion
Swit chB has t he sam e VTP Dom ain Nam e wit h Swit chA and it has a higher Configurat ion Revision
num ber ( 7 > 1) so it will overwrit e VLAN inform at ion of Swit chA. Because Swit chB is a new swit ch
so it s VLAN inform at ion is different from Swit chA - > VLAN connect ivit y problem occurs.
Qu e st ion 2
A net work adm inist rat or is explaining VTP configurat ion t o a new t echnician. What should t he
net work adm inist rat or t ell t he new t echnician about VTP configurat ion? ( Choose t hree)
A. A swit ch in t he VTP client m ode cannot updat e it s local VLAN dat abase.
B. A t runk link m ust be configured bet ween t he swit ches t o forward VTP updat es.
C. A swit ch in t he VTP server m ode can updat e a swit ch in t he VTP t ransparent m ode.
D. A swit ch in t he VTP t ransparent m ode will forward updat es t hat it receives t o ot her swit ches.

http://www.9tut 184
E. A swit ch in t he VTP server m ode only updat es swit ches in t he VTP client m ode t hat have a
higher VTP revision num ber.
F. A swit ch in t he VTP server m ode will updat e swit ches in t he VTP client m ode regardless of t he
configured VTP dom ain m em bership.

An sw e r : A B D
Qu e st ion 3
What are t wo benefit s of using VTP in a swit ching environm ent ? ( Choose t wo)
A.I t allows swit ches t o read fram e t ags.
B. I t allows port s t o be assigned t o VLANs aut om at ically.
C. I t m aint ains VLAN consist ency across a swit ched net work.
D. I t allows fram es from m ult iple VLANs t o use a single int erface.
E. I t allows VLAN inform at ion t o be aut om at ically propagat ed t hroughout t he swit ching
environm ent .

An sw e r : C E
Qu e st ion 4
What is t he nam e of t he VTP m ode of operat ion t hat enables a swit ch t o forward only VTP
advert isem ent s while st ill perm it t ing t he edit ing of local VLAN inform at ion?
A. server
B. client
C. t unnel
D.t ransparent

An sw e r : D
Qu e st ion 5
Which VTP m ode is capable of creat ing only local VLANs and does not synchronize wit h ot her
swit ches in t he VTP dom ain?
A. client
B. dynam ic
C. server
D. st at ic
E. t ransparent

An sw e r : E
Qu e st ion 6
An adm inist rat or is unsuccessful in adding VLAN 50 t o a swit ch. While t roubleshoot ing t he
problem , t he adm inist rat or views t he out put of t he show vt p st a t us com m and, which is
displayed in t he graphic. What com m ands m ust be issued on t his swit ch t o add VLAN 50 t o t he
dat abase? ( Choose t wo)

http://www.9tut 185
A. Swit ch( config- if) # swit chport access vlan 50
B. Swit ch( vlan) # vt p server
C. Swit ch( config) # config- revision 20
D. Swit ch( config) # vlan 50 nam e Tech
E. Swit ch( vlan) # vlan 50
F. Swit ch( vlan) # swit chport t runk vlan 50

An sw e r : B E
Ex pla na t ion
First we not ice t hat t he “ VTP Operat ing Mode” of t his swit ch is “ Client ” . I n t his m ode we can’t add
new VLAN so we m ust change t o “ Server” m ode - > B is correct .
Now we can add a new VLAN, E is t he correct configurat ion for adding a new VLAN.
Qu e st ion 7
To configure t he VLAN t runking prot ocol t o com m unicat e VLAN inform at ion bet ween t wo swit ches,
what t wo requirem ent s m ust be m et ? ( Choose t wo)
A. Each end of t he t runk line m ust be set t o I EEE 802.1E encapsulat ion.
B. The VTP m anagem ent dom ain nam e of bot h swit ches m ust be set t he sam e.
C. All port s on bot h t he swit ches m ust be set as access port s.
D. One of t he t wo swit ches m ust be configured as a VTP server.
E. A rollover cable is required t o connect t he t wo swit ches t oget her.
F. A rout er m ust be used t o forward VTP t raffic bet ween VLANs.

An sw e r : B D
Ex pla na t ion
I n Cisco swit ches t here are t wo encapsulat ions: 802.1q and I SL so we can set t wo ends t o I SL
inst ead - > A is not correct .
The port s bet ween t wo swit ches m ust be set t o t runk port s so t hat t hey can exchange VLAN
inform at ion t hrough VTP - > C is not correct .
To connect t wo swit ches we can use crossover cable or st raight - t hrough cable ( because m odern
Cisco swit ches can “ aut o- sense” ) but not rollover cable - > E is not correct .
To forward t raffic in t he sam e VLAN ( bet ween t wo or m ore swit ches) we can use swit ches only. I f
we want t o forward VTP t raffic bet ween different VLANs we can use eit her a rout er or a Layer 3
swit ch - > F is not correct .
Two swit ches can only com m unicat e when t hey are set t o t he sam e VTP dom ain nam e ( and t he
sam e VTP password) - > B is correct .

http://www.9tut 186
One of t he t wo swit ches m ust be set t o VTP Server so t hat it can creat e VTP updat es and
advert ise it s VLAN inform at ion.
Qu e st ion 8
Which st at em ent s describe t wo of t he benefit s of VLAN Trunking Prot ocol? ( Choose t wo)
A. VTP allows rout ing bet ween VLANs.
B. VTP allows a single swit ch port t o carry inform at ion t o m ore t han one VLAN.
C. VTP allows physically redundant links while prevent ing swit ching loops.
D. VTP sim plifies swit ch adm inist rat ion by allowing swit ches t o aut om at ically share VLAN
configurat ion inform at ion.
E. VTP helps t o lim it configurat ion errors by keeping VLAN nam ing consist ent across t he VTP
dom ain.
F. VTP enhances securit y by prevent ing unaut horized host s from connect ing t o t he VTP dom ain.

An sw e r : D E
Ex pla na t ion
The m ain purposes of VTP are t o sim plify swit ch adm inist rat ion and lim it VLAN configurat ion errors
by allowing swit ches t o aut om at ically share VLAN configurat ion inform at ion. I t doesn’t require t he
adm inist rat or t o go t o every swit ch t o configure VLANs.
Maybe you will feel F is also a correct answer but it is not t rue because VTP only enhances
securit y by prevent ing unaut horizedsw it che s ( not host s) from connect ing t o t he VTP dom ain ( by
configuring a VTP dom ain nam e & VTP password) . An unaut horized host can easily use t he
net work cable of an aut horized host t o access t he net work.
Qu e st ion 9
What are t wo result s of ent ering t he Sw it ch( con fig) # vt p m ode clie n t com m and on a Cat alyst
swit ch? ( Choose t wo)
A. The swit ch will ignore VTP sum m ary advert isem ent s.
B. The swit ch will forward VTP sum m ary advert isem ent s.
C. The swit ch will process VTP sum m ary advert isem ent s.
D. The swit ch will originat e VTP sum m ary advert isem ent s.
E. The swit ch will creat e, m odify and delet e VLANs for t he ent ire VTP dom ain.

An sw e r : B C
Qu e st ion 1 0
Refer t o t he exhibit . The sh ow vt p st a t u s com m and is execut ed at a swit ch t hat is generat ing
t he exhibit ed out put . Which st at em ent is t rue for t his swit ch?

http://www.9tut 187
A. The swit ch forwards it s VLAN dat abase t o ot her swit ches in t he I CND VTP dom ain.
B. The configurat ion revision num ber increm ent s each t im e t he VLAN dat abase is updat ed,
C. The swit ch forwards VTP updat es t hat are sent by ot her swit ches in t he I CND dom ain,
D. The VLAN dat abase is updat ed when VTP inform at ion is received from ot her swit ches.

An sw e r : C
Ex pla na t ion
I n Transparent m ode swit ch j ust forwards updat e sent by ot her swit ches wit hout reading it . I t
doesn’t updat e it s VLAN dat abase so t he Configurat ion Revision doesn’t increase.

CCNA – Hot spot

H ot spot Rou t ing Que st ion

Quest ion 1:
I f t he rout er R1 has a packet wit h a dest inat ion address 192.168.1.255, what describes t he
operat ion of t he net work?
A – R1 will forward t he packet out all int erfaces
B – R1 will drop t his packet because it is not a valid I P address
C – As R1 forwards t he fram e cont aining t his packet , Sw- A will add 192.168.1.255 t o it s MAC
t able
D – R1 will encapsulat e t he packet in a fram e wit h a dest inat ion MAC address of FF- FF- FF- FF- FF-
FF

http://www.9tut 188
E – As R1 forwards t he fram e cont aining t his packet , Sw- A will forward it t i t he device assigned
t he I P address of 192.168.1.255

An sw e r : B
Quest ion 2:
Users on t he 192.168.1.0/ 24 net work m ust access files locat ed on t he Server 1. What rout e could
be configured on rout er R1 for file request s t o reach t he server?
A – ip rout e 0.0.0.0 0.0.0.0 s0/ 0/ 0
B – ip rout e 0.0.0.0 0.0.0.0 209.165.200.226
C – ip rout e 209.165.200.0 255.255.255.0 192.168.1.250
D – ip rout e 192.168.1.0 255.255.255.0 209.165.100.250

An sw e r : A
Quet ion 3:
When a packet is sent from Host 1 t o Server 1, in how m any different fram es will t he packet be
encapsulat ed as it is sent across t he int ernet work?
A– 0
B– 1
C– 2
D – 3
E– 4

An sw e r : C or D( depending on your underst and, please read t he com m ent s t o underst and why)
Quest ion 4:
What m ust be configured on t he net work in order for users on t he I nt ernet t o view web pages
locat ed on Web Server 2?
A – On rout er R2,configure a default st at ic rout e t o t he 192.168.1.0 net work
B – On rout er r2, configure DNS t o resolve t he URL assigned t o Web Server 2 t o t he 192.168.1.10
address
C – On rout er R1, configure NAT t o t ranslat e an address on t he 209.165.100.0/ 24 net work t o
192.168.1.10
D – On rout er R1, configure DHCP t o assign a regist ered I P address on t he 209.165.100.0/ 24
net work t o Web Server 2

An sw e r : C
Quest ion 5:
The rout er address 192.168.1.250 is t he default gat eway for bot h t he Web Server 2 and Host 1.
What is t he correct subnet m ask for t his net work?
A – 255.255.255.0
B – 255.255.255.192
C – 255.255.255.250
D – 255.255.255.252

http://www.9tut 189
An sw e r : A
Hot spot Fram e- relay Quest ion

http://www.9tut 190
( I n t he old days, t his quest ion was a m ult i- choice quest ion but Cisco upgraded it int o a lab- sim
quest ion. Therefore, inst ead of list ing all t he configurat ion as above, you have t o t ype sh ow
fr a m e - r e la y m a p and sh ow r u nnin g- con fig t o get it s configurat ion)
Not e: I f you are not sure about Fram e- Relay, please read m y Fram e Relay t ut orial.
Quest ion 1:
What dest inat ion Layer 2 address will be used in t he fram e header cont aining a packet for host
172.30.0.4?
A – 704
B – 196
C – 702
D – 344

An sw e r : C
Quest ion 2:
A st at ic m ap t o t he S- AMER locat ion is required. Which com m and should be used t o creat e t his
m ap?
A – fram e- relay m ap ip 172.30.0.3 704 broadcast
B – fram e- relay m ap ip 172.30.0.3 196 broadcast
C – fram e- relay m ap ip 172.30.0.3 702 broadcast
D – fram e- relay m ap ip 172.30.0.3 344 broadcast

An sw e r : B
Quest ion 3:
Which connect ion uses t he default encapsulat ion for serial int erfaces on Cisco rout ers?
A – The serial connect ion to t he MidEast branch office
B – The serial connect ion to t he DeepSout h branch office
C – The serial connect ion to t he Nort hCent ral branch office
D – The serial connect ion to t he Mult inat ional Core
Qu e st ion 4 :
I f required, what password should be configured on t he rout er in t he MidEast branch office t o
allow a connect ion t o be est ablished wit h t he Dubai rout er?
A – No password is required
B – Enable
C – Scr
D – Telnet
E – Console

An sw e r : A or D ( because m aybe t here are 2 versions of t his quest ion, depending on t he out put of
“ show running- config” com m and, please read t he explanat ion below)
Ex pla na t ion
This quest ion is not clear for a long t im e but now m aybe t he t rick was solved. What Cisco want s t o
ask is t he word used as password, not t he t ype of connect ion, so in t he exam you m ight see som e

http://www.9tut 191
st range words for answers like “ En8ble” , “ T1net ” , “ C0nsole” . All you have t o do is t o use t he
com m and “ show running- config” as wx4 m ent ioned below t o find t he answer.
w x 4 com m ent ed:
Q4: if password required which?
in m y exam ple it was connect ion t o Nort h!
How t o figure out which pw is required?
# show running- config
1. check t he int erface t o t he rout er you need connect ion t o. I f t here is “ ppp aut hent icat ion” you
need a password!
2. you will find t he password on t he t op of your running- config out put
check t he area:
usernam e Nort h password c0nsole
usernam e xxxxx yyyyy
usernam e…
in m y case it was c0nsole, in your case it can be no password needed or a different password.
I f you are st ill not clear, please read a n t on‘s com m ent :
A big quest ion I not iced here was about t he FR Lab regarding t he password. You have t o perform
a show running- config and look for USERNAME and PASSWORD.
i.e.
usernam e Sout h_Rout er password c0nsol3
usernam e Nort h_Rout er password t 31net
Obviously t his has t o be en PPP encapsulat ion, if asked for a posible password for SOUTH_ROUTER
you pick c0nsol3, and for NORTH_ROUTER you pick t 31net . I f you’re running HDLC, i would pick
“ no password is required” .

CCNA – STP Quest ions

Not e: I f you are not sure how STP and RSTP work, please read m y STP t ut orial and RSTP t ut orial.

Spanning Tree Prot ocol STP Tut orial

To provide for fault t olerance, m any net works im plem ent redundant pat hs bet ween devices using
m ult iple swit ches. However, providing redundant pat hs bet ween segm ent s causes packet s t o be
passed bet ween t he redundant pat hs endlessly. This condit ion is known as a bridging loop.
( Not e: t he t erm s bridge, swit ch are used int erchangeably when discussing STP)
To prevent bridging loops, t he I EEE 802.1d com m it t ee defined a st andard called t he spanning t ree
algorit hm ( STA) , or spanning t ree prot ocol ( STP) . Spanning- Tree Prot ocol is a link m anagem ent
prot ocol t hat provides pat h redundancy while prevent ing undesirable loops in t he net work. For an
Et hernet net work t o funct ion properly, only one act ive pat h can exist bet ween t wo st at ions.
Let ’s see a sit uat ion when t here is no loop- avoidance process in operat ion. Suppose you have t wo
swit ches connect ed wit h redundant links. One swit ch connect ed t o PC A and t he ot her swit ch
connect ed t o PC B.
Now PC A want s t o t alk t o PC B. I t t hen sends a broadcast , say an Address Resolut ion Prot ocol
( ARP) t o find out where t he locat ion of PC B, t he green arrow shows a broadcast fram e sent by PC
A.

http://www.9tut 192
When t he swit ch A receives a broadcast fram e, it forwards t hat fram e t o all port s except t he port
where it receives t he request - > SwA forwards t hat ARP fram e out of fa0/ 0 and fa0/ 1 port s.

Suppose SwB receives t he broadcast fram e from fa0/ 0 first t hen it will forward t hat fram e t o t he
t wo ot her links ( fa0/ 1 and fa0/ 5 of SwB) .

The ot her broadcast fram e from SwA com es t o fa0/ 1 of SwB so SwB forwards it t o fa0/ 0 and
fa0/ 5.

As you can see, SwA has sent 2 broadcast fram es out of it s fa0/ 0 and fa0/ 1, SwB receives each of
t hem , creat es 2 copies and sends one of t hem back t o SwA ( t he ot her is sent t o PC B) .
When SwA receives t hese broadcast fram es it cont inues broadcast ing t hem again t o it s ot her
int erfaces, t his will keep going on forever unt il you shut down t he net work. This phenom enon is
called a br oa dca st st or m .
Broadcast st orm consum es ent ire bandwidt h and denies bandwidt h for norm al net work t raffic.
Broadcast st orm is a serious net work problem and can shut down ent ire net work in seconds.
Ot her problem s:
M u lt iple fr a m e t r a n sm ission : Mult iple copies of unicast fram es m ay be delivered t o dest inat ion
st at ions. Many prot ocols expect t o receive only a single copy of each t ransm ission. Mult iple copies
of t he sam e fram e can cause unrecoverable errors. I n t he above exam ple, if t he first fram e is not
a ARP broadcast but a unicast and SwA and SwB haven’t learned about t he dest inat ion in t hat
fram e yet t hen t hey flood t he fram e on all port s except t he originat ing port . The sam e
phenom enon occurs and PC B will receive m ore t han one copy of t hat fram e.
M AC D a t a ba se I nst a bilit y: MAC dat abase inst abilit y result s when m ult iple copies of a fram e
arrive on different port s of a swit ch. We can see it in t he above exam ple t oo when t he t wo port s
on SwB ( fa0/ 0 and fa0/ 1) receive t he sam e fram e.
Now you learned about problem s when t here is no looping- avoidance m echanism running on t he
net work. All of t hese problem s can be solved wit h t he Spanning Tree Prot ocol ( STP)
STP prevent s loop by blocking one of swit ch’s port . For exam ple, by blocking port fa0/ 0 of SwA,
no dat a t raffic is sent on t his link and t he loop in t he net work is elim inat ed.

http://www.9tut 193
Bu t h ow STP de cide s w h ich por t sh ou ld be block e d. Th e w hole pr oce ss is m or e com ple x
t h a n w ha t is sh ow n a bove . W e w ill le a r n it in t h e ne x t pa r t .
Rapid Spanning Tree Prot ocol RSTP Tut orial
Rapid Spanning Tree Prot ocol ( RSTP)
One big disadvant age of STP is t he low convergence which is very im port ant in swit ched net work.
To overcom e t his problem , in 2001, t he I EEE wit h docum ent 802.1w int roduced an evolut ion of
t he Spanning Tree Prot ocol: Rapid Spanning Tree Prot ocol ( RSTP) , which significant ly reduces t he
convergence t im e aft er a t opology change occurs in t he net work. While STP can t ake 30 t o 50
seconds t o t ransit from a blocking st at e t o a forwarding st at e, RSTP is t ypically able t o respond
less t han 10 seconds of a physical link failure.
RSTP works by adding an alt ernat ive port and a backup port com pared t o STP. These port s are
allowed t o im m ediat ely ent er t he forwarding st at e rat her t han passively wait for t he net work t o
converge.
RSTP bridge port roles:
* Root por t – A forwarding port t hat is t he closest t o t he root bridge in t erm s of pat h cost
* D e signa t e d por t – A forwarding port for every LAN segm ent
* Alt e r na t e por t – A best alt ernat e pat h t o t he root bridge. This pat h is different t han using t he
root port . The alt ernat ive port m oves t o t he forwarding st at e if t here is a failure on t he designat ed
port for t he segm ent .
* Ba ck u p por t – A backup/ redundant pat h t o a segm ent where anot her bridge port already
connect s. The backup port applies only when a single swit ch has t wo links t o t he sam e segm ent
( collision dom ain) . To have t wo links t o t he sam e collision dom ain, t he swit ch m ust be at t ached t o
a hub.
* D isa ble d por t – Not st rict ly part of STP, a net work adm inist rat or can m anually disable a port
Now let ’s see an exam ple of t hree swit ches below:

Suppose all t he swit ches have t he sam e bridge priorit y so t he swit ch wit h lowest MAC address will
becom e root bridge - > Sw1 is t he root bridge and t herefore all of it s port s will be Designat ed
port s ( forwarding) .

http://www.9tut 194
Two port s fa0/ 0 on Sw2 & Sw3 are closest t o t he root bridge ( in t erm s of pat h cost ) so t hey will
becom e root port s.
On t he segm ent bet ween Sw2 and Sw3, because Sw2 has lower MAC t han Sw3 so it will advert ise
bet t er BPDU on t his segm ent - > fa0/ 1 of Sw2 will be Designat ed port and fa0/ 1 of Sw3 will be
Alt ernat ive port .

Now for t he t wo port s connect ing t o t he hub, we know t hat t here will have only one Designat ed
port for each segm ent ( not ice t hat t he t wo port s fa0/ 2 & fa0/ 3 of Sw2 are on t he sam e segm ent
as t hey are connect ed t o a hub) . The ot her port will be Backup port according t o t he definit ion of
Backup port above. But how does Sw2 select it s Designat ed and Backup port ? The decision
process involves t he following param et ers inside t he BPDU:
* Lowest pat h cost t o t he Root
* Lowest Sender Bridge I D ( BI D)
* Lowest Port I D
Well, bot h fa0/ 2 & fa0/ 3 of Sw2 has t he sam e “ pat h cost t o t he root ” and “ sender bridge I D” so
t he t hird param et er “ lowest port I D” will be used. Because fa0/ 2 is inferior t o fa0/ 3, Sw2 will
select fa0/ 2 as it s Designat ed port .

http://www.9tut 195
Not e: Alt ernat ive Port and Backup Port are in discarding st at e.
RSTP Port St at es:
There are only t hree port st at es left in RSTP t hat correspond t o t he t hree possible operat ional
st at es. The 802.1D disabled, blocking, and list ening st at es are m erged int o t he 802.1w discarding
st at e.
* D isca r din g – t he port does not forward fram es, process received fram es, or learn MAC
addresses – but it does list en for BPDUs ( like t he STP blocking st at e)
* Le a r n ing – receives and t ransm it s BPDUs and learns MAC addresses but does not yet forward
fram es ( sam e as STP) .
* For w a r din g – receives and sends dat a, norm al operat ion, learns MAC address, receives and
t ransm it s BPDUs ( sam e as STP) .

STP St a t e ( 8 0 2 .1 d) RSTP St a t e ( 8 0 2 .1 w )

Blocking Discarding

List ening Discarding

Learning Learning

Forwarding Forwarding

Disabled Discarding

Alt hough t he learning st at e is also used in RSTP but it only t akes place for a short t im e as
com pared t o STP. RSTP converges wit h all port s eit her in forwarding st at e or discarding st at e.
RSTP Qu ick Sum m a r y:
RSTP provides fast er convergence t han 802.1D STP when t opology changes occur.
* RSTP defines t hree port st at es: discarding, learning, and forwarding.
* RSTP defines five port roles: root , designat ed, alt ernat e, backup, and disabled.
Qu e st ion 1
Which t hree st at em ent s about RSTP are t rue? ( choose t hree)
A. RSTP significant ly reduces t opology reconverging t im e aft er a link failure.
B. RSTP expends t he STP port roles by adding t he alt ernat e and backup roles.
C. RSTP port st at es are blocking, discarding, learning, or forwarding.
D. RSTP also uses t he STP proposal- agreem ent sequence.
E. RSTP use t he sam e t im er- based process as STP on point - t o- point links.
F. RSTP provides a fast er t ransit ion t o t he forwarding st at e on point - t o- point links t han STP does.
An sw e r : A B F
Qu e st ion 2
Which t wo st at es are t he port st at es when RSTP has converged? ( choose t wo)
A. blocking
B. learning
C. disabled
D. forwarding
E. list ening

http://www.9tut 196
An sw e r : A D
Ex pla na t ion
RSTP only has 3 port st at es t hat are discarding, learning and forwarding. When RSTP has
converged t here are only 2 port st at es left : discarding and forwarding but t he answers don’t
m ent ion about discarding st at e so blocking st at e ( answer A) m ay be considered t he best
alt ernat ive answer.
Qu e st ion 3
Which com m and enables RSTP on a swit ch?
A. spanning- t ree m ode rapid- pvst
B. spanning- t ree uplinkfast
C. spanning- t ree backbonefast
D. spanning- t ree m ode m st
An sw e r : A
Qu e st ion 4
At which layer of t he OSI m odel is RSTP used t o prevent loops?
A. dat a link
B. net work
C. physical
D. t ransport
An sw e r : A
Qu e st ion 5
Refer t o t he exhibit . Given t he out put shown from t his Cisco Cat alyst 2950, what is t he m ost likely
reason t hat int erface Fast Et hernet 0/ 10 is not t he root port for VLAN 2?
Sw it ch # sh ow spa n nin g- t r e e int e r fa ce fa st e t h e r n e t 0 / 1 0

A. This swit ch has m ore t han one int erface connect ed t o t he root net work segm ent in VLAN 2.
B. This swit ch is running RSTP while t he elect ed designat ed swit ch is running 802.1d Spanning
Tree.
C. This swit ch int erface has a higher pat h cost t o t he root bridge t han anot her in t he t opology.
D. This swit ch has a lower bridge I D for VLAN 2 t han t he elect ed designat ed swit ch.
An sw e r : C
Qu e st ion 6
Which t wo of t hese st at em ent s regarding RSTP are correct ? ( Choose t wo)
A. RSTP cannot operat e wit h PVST+ .
B. RSTP defines new port roles.
C. RSTP defines no new port st at es.
D. RSTP is a propriet ary im plem ent at ion of I EEE 802.1D STP.
E. RSTP is com pat ible wit h t he original I EEE 802.1D STP.

http://www.9tut 197
An sw e r : B E
Qu e st ion 7
Refer t o t he exhibit . Each of t hese four swit ches has been configured wit h a host nam e, as well as
being configured t o run RSTP. No ot her configurat ion changes have been m ade. Which t hree of
t hese show t he correct RSTP port roles for t he indicat ed swit ches and int erfaces? ( Choose t hree)

A. Swit chA, Fa0/ 2, designat ed

B. Swit chA, Fa0/ 1, root
C. Swit chB, Gi0/ 2, root
D. Swit chB, Gi0/ 1, designat ed
E. Swit chC, Fa0/ 2, root
F. Swit chD, Gi0/ 2, root
An sw e r : A B F
Ex pla na t ion
The quest ion says “ no ot her configurat ion changes have been m ade” so we can underst and t hese
swit ches have t he sam e bridge priorit y. Swit ch C has lowest MAC address so it will becom e root
bridge and 2 of it s port s ( Fa0/ 1 & Fa0/ 2) will be designat ed port s - > E is incorrect .
Because Swit chC is t he root bridge so t he 2 port s nearest Swit chC on Swit chA ( Fa0/ 1) and
Swit chD ( Gi0/ 2) will be root port s - > B and F are correct .
Now we com e t o t he m ost difficult part of t his quest ion: Swit chB m ust have a root port so which
port will it choose? To answer t his quest ion we need t o know about STP cost and port cost .
I n general, “ cost ” is calculat ed based on bandwidt h of t he link. The higher t he bandwidt h on a
link, t he lower t he value of it s cost . Below are t he cost values you should m em orize:

Lin k spe e d Cost

10Mbps 100

100Mbps 19

1 Gbps 4

http://www.9tut 198
Swit chB will choose t he int erface wit h lower cost t o t he root bridge as t he root port so we m ust
calculat e t he cost on int erface Gi0/ 1 & Gi0/ 2 of Swit chB t o t he root bridge. This can be calculat ed
from t he “ cost t o t he root bridge” of each swit ch because a sw it ch a lw a ys a dve r t ise s it s cost
t o t h e r oot br idge in it s BPDU. The receiving swit ch will a dd it s loca l por t cost va lu e t o t h e
cost in t he BPDU.
One m ore t hing t o not ice is t hat a root bridge always advert ises t he cost t o t he root bridge ( it self)
wit h an init ial value of 0.
Now let ’s have a look at t he t opology again

Swit chC advert ises it s cost t o t he root bridge wit h a value of 0. Swit ch D adds 4 ( t he cost value of
1Gbps link) and advert ises t his value ( 4) t o Swit chB. Swit chB adds anot her 4 and learns t hat it
can reach Swit chC via Gi0/ 1 port wit h a t ot al cost of 8. The sam e process happens for Swit chA
and Swit chB learns t hat it can reach Swit chC via Gi0/ 2 wit h a t ot al cost of 23 - > Swit ch B chooses
Gi0/ 1 as it s root port - > D is not correct .
Now our last t ask is t o ident ify t he port roles of t he port s bet ween Swit chA & Swit chB. I t is rat her
easy as t he MAC address of Swit chA is lower t han t hat of Swit chB so Fa0/ 2 of Swit chA will be
designat ed port while Gi0/ 2 of Swit chB will be alt ernat ive port - > A is correct but C is not correct .
Below sum m aries all t he port roles of t hese swit ches:

http://www.9tut 199
+ DP: Designat ed Port ( forwarding st at e)
+ RP: Root Port ( forwarding st at e)
+ AP: Alt ernat ive Port ( blocking st at e)
Qu e st ion 8
Which t wo prot ocols are used by bridges and/ or swit ches t o prevent loops in a layer 2 net work?
( Choose t wo)
A. 802.1d
B. VTP
C. 802.1q
D. STP
E. SAP

An sw e r : A D
Qu e st ion 9
Which swit ch would STP choose t o becom e t he root bridge in t he select ion process?
A. 32768: 11- 22- 33- 44- 55- 66
B. 32768: 22- 33- 44- 55- 66- 77
C. 32769: 11- 22- 33- 44- 55- 65
D. 32769: 22- 33- 44- 55- 66- 78

An sw e r : A
Qu e st ion 1 0
Refer t o t he t opology shown in t he exhibit . Which port s will be STP designat ed port s if all t he links
are operat ing at t he sam e bandwidt h? ( Choose t hree)

A. Swit ch A – Fa0/ 0
B. Swit ch A – Fa0/ 1
C. Swit ch B – Fa0/ 0
D. Swit ch B – Fa0/ 1
E. Swit ch C – Fa0/ 0
F. Swit ch C – Fa0/ 1

An sw e r : B C D

http://www.9tut 200
Ex pla na t ion
First by com paring t heir MAC addresses we learn t hat swit ch B will be root bridge as it has lowest
MAC. Therefore all of it s port s are designat ed port s - > C & D are correct .
On t he link bet ween swit ch A & swit ch C t here m ust have one designat ed port and one non-
designat ed ( blocked) port . We can figure out which port is designat ed port by com paring t heir
MAC address again. A has lower MAC so Fa0/ 1 of swit ch A will be designat ed port while Fa0/ 1 of
swit ch C will be blocked - > B is correct .

Part 2
Qu e st ion 1
Which t erm describes a spanning- t ree net work t hat has all swit ch port s in eit her t he blocking or
forwarding st at e?
A. redundant
B. spanned
C. provisioned
D. converged
An sw e r : D
Ex pla na t ion
Spanning Tree Prot ocol convergence ( Layer 2 convergence) happens when bridges and swit ches
have t ransit ioned t o eit her t he forwarding or blocking st at e. When layer 2 is converged, root
bridge is elect ed and all port roles ( Root , Designat ed and Non- Designat ed) in all swit ches are
select ed.
Qu e st ion 2
Which t wo values are used by Spanning Tree Prot ocol t o elect a root bridge? ( Choose t wo)
A. am ount of RAM
B. bridge priorit y
C. I OS version
D. I P address
E. MAC address
F. speed of t he links
An sw e r : B E
Ex pla na t ion
Bridge I D = Bridge Priorit y + MAC Address
For exam ple:
+ The bridge priorit y of SwA is 32768 and it s MAC address is 0000.0000.9999 - > t he bridge I D of
SwA is 32768: 0000.0000.9999
+ The bridge priorit y of SwB is 32768 and it s MAC address is 0000.0000.1111 - > t he bridge I D of
SwB is 32768: 0000.0000.1111
Qu e st ion 3
Which com m and enhances t he 802.1D convergence t im e on port s t hat are connect ed t o host s?
A. spanning- t ree backbonefast
B. spanning- t ree uplinkfast

http://www.9tut 201
C. spanning- t ree port fast
D. spanning- t ree cost 512
An sw e r : C
Ex pla na t ion
By using Port Fast feat ure, t he port won’t spend 50 seconds t o m ove from blocking ( 20sec) ,
list ening ( 15sec) , learning ( 15sec) and finally forwarding but will j um p direct ly t o t he forwarding
st at e. This feat ure should be used on port s connect ed t o host s only because host s surely don’t
send BPDU. An exam ple of configuring Port Fast on an int erface is shown below:
Sw( config) # int erface Fast Et hernet 0/ 1
Sw( config- if) # spanning- t ree port fast
Qu e st ion 4
Which t wo of t hese are used by bridges and swit ches t o prevent loops in a layer 2 net work?
( Choose t wo)
A. 802.1D
B. VTP
C. 802.1Q
D. STP
E. SAP
An sw e r : A D
Ex pla na t ion
Bot h 802.1D and STP are referred t o t he STP st andard which is used by bridges and swit ches t o
prevent loops in a layer 2 net work.
Qu e st ion 5
Refer t o t he exhibit . The out put t hat is shown is generat ed at a swit ch. Which t hree of t hese
st at em ent s are t rue? ( Choose t hree)

A. All port s will be in a st at e of discarding, learning or forwarding.

B. Thirt y VLANs have been configured on t his swit ch.
C. The bridge priorit y is lower t han t he default value for spanning t ree.
D. All int erfaces t hat are shown are on shared m edia.
E. All designat ed port s are in a forwarding st at e.
F. The swit ch m ust be t he root bridge for all VLANs on t his swit ch.

http://www.9tut 202
An sw e r : A C E
Ex pla na t ion
From t he out put , we see t hat all port s are in Designat ed role ( forwarding st at e) - > A and E are
correct .
The com m and “ show spanning- tree vlan 30″ only shows us inform at ion about VLAN 30. We don’t
know how m any VLAN exist s in t his swit ch - > B is not correct .
The bridge priorit y of t his swit ch is 24606 which is lower t han t he default value bridge priorit y
32768 - > C is correct .
All t hree int erfaces on t his swit ch have t he connect ion t ype “ p2p” , which m eans Point - t o- point
environm ent – not a shared m edia - > D is not correct .
The only t hing we can specify is t his swit ch is t he root bridge for VLAN 3o but we can not
guarant ee it is also t he root bridge for ot her VLANs - > F is not correct .
Qu e st ion 6
What is one benefit of PVST+ ?
A. PVST+ reduces t he CPU cycles for all t he swit ches in t he net work.
B. PVST+ aut om at ically select s t he root bridge locat ion, t o provide opt im izat ion.
C. PVST+ allows t he root swit ch locat ion t o be opt im ized per vlan.
D. PVST+ support s Layer 3 load balancing wit hout loops.
An sw e r : C
Ex pla na t ion
Per VLAN Spanning Tree ( PVST) m aint ains a spanning t ree inst ance for each VLAN configured in
t he net work. I t m eans a swit ch can be t he root bridge of a VLAN while anot her swit ch can be t he
root bridge of ot her VLANs in a com m on t opology. For exam ple, Swit ch 1 can be t he root bridge
for Voice dat a while Swit ch 2 can be t he root bridge for Video dat a. I f designed correct ly, it can
opt im ize t he net work t raffic.
Qu e st ion 7
Which I EEE st andard prot ocol is init iat ed as a result of successful DTP com plet ion in a swit ch over
Fast Et hernet ?
A. 802.3ad
B. 802.1w
C. 802.1Q
D. 802.1d
An sw e r : C
Ex pla na t ion
Dynam ic Trunking Prot ocol ( DTP) is a Cisco propriet ary prot ocol for negot iat ing t runking on a link
bet ween t wo devices and for negot iat ing t he t ype of t runking encapsulat ion ( 802.1Q) t o be used.
Qu e st ion 8
What value is prim arily used t o det erm ine which port becom es t he root port on each non- root
swit ch in a spanning- t ree t opology?
A. lowest port MAC address
B. port priorit y num ber and MAC address.
C. VTP revision num ber

http://www.9tut 203
D. highest port priorit y num ber.
E. pat h cost
An sw e r : E
Ex pla na t ion
The pat h cost t o t he root bridge is t he m ost im port ant value t o det erm ine which port will becom e
t he root port on each non- root swit ch. I n part icular, t he port wit h lowest cost t o t he root bridge
will becom e root port ( on non- root swit ch) .
Qu e st ion 9
When PVST+ in work on VLAN1 of t he swit ch, what will affect on select ion of one of swit ches in
t he VLAN as root - bridge?
A. Lowest I P address
B. Highest MAC address
C. Lowest MAC address
D. Highest I P address
An sw e r : C
Ex pla na t ion
The t wo values used t o select t he root bridge are Bridge Priorit y & MAC address ( t he lower is
bet t er) - > C is correct .
Qu e st ion 1 0
Refer t o t he exhibit . A net work adm inist rat or want s Swit ch3 t o be t he root bridge. What could be
done t o ensure Swit ch3 will be t he root ?

A. Configure t he I P address on Swit ch3 t o be higher t han t he I P addresses of Swit ch1 and
Swit ch2.
B. Configure t he priorit y value on Swit ch3 t o be higher t han t he priorit y values of Swit ch 1 and
Swit ch2.
C. Configure t he BI D on Swit ch3 t o be lower t han t he BI Ds of Swit ch1 and Swit ch2.
D. Configure t he MAC address on Swit ch3 t o be higher t han t he Swit ch1 and Swit ch2 MAC
addresses.
E. Configure a loopback int erface on Swit ch3 wit h an I P address lower t han any I P address on
Swit ch1 and Swit ch2.
An sw e r : C
Ex pla na t ion
To becom e root bridge, a swit ch m ust have lower Bridge I D ( BI D) t han t hat of t he ot hers. The
Bridge I D = Bridge Priorit y + MAC address; but MAC address is a fixed value so we can only
change t he BI D by changing t he Bridge Priorit y of t hat swit ch.

http://www.9tut 204
Qu e st ion 1 1
Which port st at e is int roduced by Rapid- PVST?
A. learning
B. list ening
C. discarding
D. forwarding
An sw e r : C
Ex pla na t ion
PVST+ is based on I EEE802.1D Spanning Tree Prot ocol ( STP) . But PVST+ has only 3 port st at es
( discarding, learning and forwarding) while STP has 5 port st at es ( blocking, list ening, learning,
forwarding and disabled) . So discarding is a new port st at e in PVST+ .
Qu e st ion 1 2
At which layer of t he OSI m odel is RSTP used t o prevent loops?
A. dat a link
B. net work
C. physical
D. t ransport
An sw e r : A
Ex pla na t ion
RSTP and STP operat e on swit ches and are based on t he exchange of Bridge Prot ocol Dat a Unit s
( BPDUs) bet ween swit ches. One of t he m ost im port ant fields in BPDUs is t he Bridge Priorit y in
which t he MAC address is used t o elect t he Root Bridge - > RSTP operat es at Layer 2 – Dat a Link
layer - > A is correct .

CCNA – I Pv6 Quest ions

I f you are not sure about I Pv6, please read m y I Pv6 t ut orial
I Pv6 Tut orial
I nt ernet has been growing ext rem ely fast so t he I Pv4 addresses are quickly approaching com plet e
deplet ion. Alt hough m any organizat ions already use Net work Address Translat ors ( NATs) t o m ap
m ult iple privat e address spaces t o a single public I P address but t hey have t o face wit h ot her
problem s from NAT ( t he use of t he sam e privat e address, securit y…) . Moreover, m any ot her
devices t han PC & lapt op are requiring an I P address t o go t o t he I nt ernet . To solve t hese
problem s in long- t erm , a new version of t he I P prot ocol – version 6 ( I Pv6) was creat ed and
developed.
I Pv6 was creat ed by t he I nt ernet Engineering Task Force ( I ETF) , a st andards body, as a
replacem ent t o I Pv4 in 1998. So what happened wit h I Pv5? I P Version 5 was defined for
experim ent al reasons and never was deployed.
While I Pv4 uses 32 bit s t o address t he I P ( provides approxim at ely 2 32 = 4,294,967,296 unique
addresses – but in fact about 3.7 billion addresses are assignable because t he I Pv4 addressing
syst em separat es t he addresses int o classes and reserves addresses for m ult icast ing, t est ing, and
ot her specific uses) , I Pv6 uses up t o 128 bit s which provides 2 128 addresses or approxim at ely 3.4
* 10 38 addresses. Well, m aybe we should say it is ext rem ely ext rem ely ext rem ely huge : )

http://www.9tut 205
Pv6 Addr e ss Type s

Addr e ss D e scr ipt ion

Type

Unicast One t o One ( Global, Link local, Sit e local)

+ An address dest ined for a single int erface.

Mult icast One t o Many

+ An address for a set of int erfaces
+ Delivered t o a group of int erfaces ident ified by t hat
address.
+ Replaces I Pv4 “ broadcast ”

Anycast One t o Nearest ( Allocat ed from Unicast )

+ Delivered t o t he closest int erface as det erm ined by t he
I GP

A single int erface m ay be assigned m ult iple I Pv6 addresses of any t ype ( unicast , anycast ,
m ult icast )
I Pv6 a ddr e ss for m a t
Form at :
x :x :x :x :x :x :x :x – where x is a 16 bit s hexadecim al field and x represent s four hexadecim al
digit s.
An exam ple of I Pv6:
2 0 0 1 :0 0 0 0 :5 7 2 3 :0 0 0 0 :0 0 0 0 :D 1 4 E:D BCA:0 7 6 4
There are:
+ 8 groups of 4 hexadecim al digit s.
+ Each group represent s 16 bit s ( 4 hexa digit s * 4 bit )
+ Separat or is “ : ”
+ Hex digit s are not case sensit ive, so “ D BCA” is sam e as “ dbca” or “ DBca” …
I Pv6 ( 128- bit ) address cont ains t wo part s:
+ The first 64- bit s is known as t he prefix. The prefix includes t he net work and subnet address.
Because addresses are allocat ed based on physical locat ion, t he prefix also includes global rout ing
inform at ion. The 64- bit prefix is oft en referred t o as t he global rout ing prefix.
+ The last 64- bit s is t he int erface I D. This is t he unique address assigned t o an int erface.
Not e: Addresses are assigned t o int erfaces ( net work connect ions) , not t o t he host . Each int erface
can have m ore t han one I Pv6 address.
Ru le s for a bbr e via t ing I Pv6 Addr e sse s:
+ Leading zeros in a field are opt ional
2001: 0 D A8 : E800: 0 0 0 0 : 0 2 6 0 : 3EFF: FE47: 0 0 0 1 can be writ t en as
2001: D A8 : E800: 0 : 2 6 0 : 3EFF: FE47: 1
+ Successive fields of 0 are represent ed as : : , but only once in an address:
2001: 0DA8: E800: 0 0 0 0 :0 0 0 0 :0 0 0 0 :0 0 0 0 :0 0 0 1 - > 2001: DA8: E800::1
Ot her exam ples:
– FF02: 0: 0: 0: 0: 0: 0: 1 = > FF02: : 1
– 3FFE: 0501: 0008: 0000: 0260: 97FF: FE40: EFAB = 3FFE: 501: 8: 0: 260: 97FF: FE40: EFAB =

http://www.9tut 206
3FFE: 501: 8: : 260: 97FF: FE40: EFAB
– 0: 0: 0: 0: 0: 0: 0: 1 = > : : 1
– 0: 0: 0: 0: 0: 0: 0: 0 = > : :
I Pv6 Addr e ssin g I n Use
I Pv6 uses t he “ / ” not at ion t o denot e how m any bit s in t he I Pv6 address represent t he subnet .
The full synt ax of I Pv6 is

ipv6 - a ddr e ss/ pr e fix - le n gt h

where
+ ipv6 - a ddr e ss is t he 128- bit I Pv6 address
+ / pr e fix - le n gt h is a decim al value represent ing how m any of t he left m ost cont iguous bit s of
t he address com prise t he prefix.
Let ’s analyze an exam ple:
2 0 0 1 :C:7 :ABCD ::1 / 64 is really
2 0 0 1 :0 0 0 C:0 0 0 7 :ABCD : 0 0 0 0 :0 0 0 0 :0 0 0 0 :0 0 0 1 / 64
+ The first 64- bit s 2 0 0 1 :0 0 0 C:0 0 0 7 :ABCD is t he address prefix
+ The last 64- bit s 0 0 0 0 :0 0 0 0 :0 0 0 0 :0 0 0 1 is t he int erface I D
+ / 64 is t he prefix lengt h ( / 64 is well- known and also t he prefix lengt h in m ost cases)
Qu e st ion 1
As a CCNA candidat e, you m ust have a firm underst anding of t he I Pv6 address st ruct ure. Refer t o
I Pv6 address, could you t ell m e how m any bit s are included in each filed?
A – 24
B – 4
C – 3
D – 16
An sw e r : D
Ex pla na t ion :
The form at of a I Pv6 address is X: X: X: X: X: X: X: X where X is a 16- bit hexadecim al field. For
exam ple: 110A: 0192: 190F: 0000: 0000: 082C: 875A: 132c
Qu e st ion 2
I n pract ical I Pv6 applicat ion, a t echnology encapsulat es I Pv6 packet s inside I Pv4 packet s, t his
t echnology is called what ?
A – t unneling
B – hashing
C – rout ing
D – NAT
An sw e r : A
Qu e st ion 3
I nt ernet Prot ocol version 6 ( I Pv6) is t he next - generat ion I nt ernet Prot ocol version designat ed as
t he successor t o I Pv4 because I Pv4 address space is being exhaust ed. Which one of t he following
descript ions about I Pv6 is correct ?
A – Addresses are not hierarchical and are assigned at random .
B – Broadcast s have been elim inat ed and replaced wit h m ult icast s.

http://www.9tut 207
C – There are 2.7 billion available addresses.
D – An int erface can only be configured wit h one I Pv6 address.
An sw e r : B
Qu e st ion 4
Which t wo of t hese st at em ent s are t rue of I Pv6 address represent at ion? ( Choose t wo)
A – The first 64 bit s represent t he dynam ically creat ed int erface I D.
B – A single int erface m ay be assigned m ult iple I PV6 addresses of any t ype.
C – Every I PV6 int erface cont ains at least one loopback address.
D – Leading zeros in an I PV6 16 bit hexadecim al field are m andat ory.
An sw e r : B C
Ex pla na t ion :
Leading zeros in I Pv6 are opt ional do t hat 05C7 equals 5C7 and 0000 equals 0 - > D is not corect .
Qu e st ion 5
Which t hree of t he following are I Pv6 t ransit ion m echanism s? ( Choose t hree)
A – 6t o4 t unneling
B – GRE t unneling
C – I SATAP t unneling
D – Teredo t unneling
E – VPN t unneling
F – PPP t unneling
An sw e r : A C D
Ex pla na t ion :
Below is a sum m ary of I Pv6 t ransit ion t echnologies:
6 t o 4 t u nn e lin g: This m echanism allows I Pv6 sit es t o com m unicat e wit h each ot her over t he
I Pv4 net work wit hout explicit t unnel set up. The m ain advant age of t his t echnology is t hat it
requires no end- node reconfigurat ion and m inim al rout er configurat ion but it is not int ended as a
perm anent solut ion.
I SATAP t un n e ling ( I nt ra- Sit e Aut om at ic Tunnel Addressing Prot ocol) : is a m echanism for
t ransm it t ing I Pv6 packet s over I Pv4 net work. The word “ aut om at ic” m eans t hat once an I SATAP
server/ rout er has been set up, only t he client s m ust be configured t o connect t o it .
Te r e do t u nn e lin g: This m echanism t unnels I Pv6 dat agram s wit hin I Pv4 UDP dat agram s, allowing
privat e I Pv4 address and I Pv4 NAT t raversal t o be used.
I n fact , GRE t unneling is also a I Pv6 t ransit ion m echanism but is not m ent ioned in CCNA so we
shouldn’t choose it ( t here are 4 t ypes of I Pv6 t ransit ion m echanism s m ent ioned in CCNA; t hey
are: m anual, 6- t o- 4, Teredo and I SATAP) .
Qu e st ion 6
Which t wo descript ions are correct about charact erist ics of I Pv6 unicast addressing? ( Choose t wo)
A – Global addresses st art wit h 2000: : / 3.
B – Link- local addresses st art wit h FF00: : / 10.
C – Link- local addresses st art wit h FE00: / 12.
D – There is only one loopback address and it is : : 1.

http://www.9tut 208
An sw e r : A D
Ex pla na t ion :
Below is t he list of com m on kinds of I Pv6 addresses:

Loopba ck a ddr e ss ::1

Lin k - loca l a ddr e ss FE80: : / 10
Sit e - loca l a ddr e ss FEC0: : / 10
Globa l a ddr e ss 2000: : / 3
M u lt ica st a ddr e ss FF00: : / 8

Qu e st ion 7
Select t he valid I Pv6 addresses. ( Choose all apply)
A – : : 192: 168: 0: 1
B – 2002: c0a8: 101: : 42
C – 2003: dead: beef: 4dad: 23: 46: bb: 101
D – ::
E – 2000: :
F – 2001: 3452: 4952: 2837: :
An sw e r : A B C D F
Ex pla na t ion :
Answers A B C are correct because A and B are t he short form of 0: 0: 0: 0: 192: 168: 0: 1 and
2002: c0a8: 0101: 0: 0: 0: 0: 0042 while C are norm al I Pv6 address.
Answer D is correct because “ : : ” is nam ed t he “ unspecified” address and is t ypically used in t he
source field of a dat agram t hat is sent by a device t hat seeks t o have it s I P address configured.
Answer E is not correct because a global- unicast I Pv6 address is st art ed wit h binary 001, denot ed
as 2000: : / 3 in I Pv6 and it also known as an aggregat able global unicast address.The 2000: : ( in
part icular, 2000: : / 3) is j ust a prefix and is not a valid I Pv6 address.
The ent ire global- unicast I Pv6 address range is from 2000: : / 128 t o
3FFF: FFFF: FFFF: FFFF: FFFF: FFFF: FFFF/ 128, result ing in a t ot al usable space of over
42,535,295,865,117,307,932,921,825,928,971,000,000 addresses, which is only 1/ 8t h of t he
ent ire I Pv6 address space!

Qu e st ion 8
What is t he Mult icast for all- rout er m ut icast access ?
A – FF02: : 4
B – FF02: : 3
C – FF02: : 2
D – FF02: : 1
An sw e r : C

http://www.9tut 209
CCNA – Subnet t ing

Not e: I f you are not sure about subnet t ing, please read m y Subnet t ing t ut orial.
Subnet t ing Tut orial – Subnet t ing Made Easy
I n t his art icle, we will learn how t o subnet and m ake subnet t ing an easy t ask.
The t able below sum m arizes t he possible net work num bers, t he t ot al num ber of each t ype, and
t he num ber of host s in each Class A, B, and C net work.

D e fa u lt subn e t m a sk Ra n ge

Cla ss A 255.0.0.0 ( / 8) 1.0.0.0 – 126.255.255.255

Cla ss B 255.255.0.0 ( / 16) 128.0.0.0 – 191.255.255.255

Cla ss C 255.255.255.0 ( / 24) 192.0.0.0 – 223.255.255.255

Table 1 – Default subnet m ask & range of each class

Class A addresses begin wit h a 0 bit . Therefore, all addresses from 1.0.0.0 t o 126.255.255.255
belong t o class A ( 1= 0 000 0001; 126 = 0 111 1110) .
The 0.0.0.0 address is reserved for default rout ing and t he 127.0.0.0 address is reserved for
loopback t est ing so t hey don’t belong t o any class.
Class B addresses begin wit h a 1 bit and a 0 bit . Therefore, all addresses from 128.0.0.0 t o
191.255.255.255 belong t o class B ( 128= 1 0 00 0000; 191 = 1 0 11 1111) .
Class C addresses begin wit h t wo 1 bit s and a 0 bit . Class C addresses range from 192.0.0.0 t o
223.255.255.255 ( 192 = 1 1 0 0 0000; 223 = 1 1 0 1 1111) .
Class D & E are used for Mult icast and Research purposes and we are not allowed t o subnet t hem
so t hey are not m ent ioned here.
Not e: The num ber behind t he slash not at ion ( / ) specifies how m any bit s are t urned on ( bit 1) . For
exam ple:
+ “/8″ equals “1111 1111.0000 0000.0000 0000.0000 0000″ - > 8 bit s are t urned on ( bit 1)
+ “/12″ equals “1111 1111.1111 0000.0000 0000.0000 0000″ - > 12 bit s are t urned on ( bit 1)
+ “/28″ equals “1111 1111.1111 1111.1111 1111.1111 0000″ - > 28 bit s are t urned on ( bit 1)
+ “/32″ equals “1111 1111.1111 1111.1111 1111.1111 1111″ - > 32 bit s are t urned on ( bit 1)
and t his is also t he m axim um value because all bit s are t urned on.
The slash not at ion ( following wit h a num ber) is equivalent t o a subnet m ask. I f you know t he
slash notation you can figure out the subnet mask and vice versa. For example, “/8″ is equivalent
to “255.0.0.0″; “/12″ is equivalent to “255.240.0.0″; “/28″ is equivalent to “255.255.240.0″;
“/32″ is equivalent to “255.255.255.255″.

http://www.9tut 210
The Net work & Host part s of each class by default
From t he “ default subnet m ask” shown above, we can ident ify t he net work and host part of each
class. Not ice t hat in t he subnet m ask, bit 1 represent s for Net work part while bit 0 present s for
Host part ( 255 equals t o 1111 1111 and 0 equals t o 0000 0000 in binary form ) .
W h a t is “su bn e t t in g”?
When changing a num ber in t he Net work part of an I P address we will be in a different net work
from t he previous address. For exam ple, t he I P address 11.0.0.1 belongs t o class A and has a
default subnet m ask of 255.0.0.0; if we change t he num ber in t he first oct et ( a block of 8 bit s, t he
first oct et is t he left m ost 8 bit s) we will creat e a different net work. For exam ple, 12.0.0.1 is in a
different net work from 11.0.0.1. But if we change a num ber in t he Host part , we are st ill in t he
sam e Net work. For exam ple, 11.1.0.1 is in t he sam e net work of 11.0.0.1.
The problem here is if we want t o creat e 300 net works how can we do t hat ? I n t he above
exam ple, we can only creat e different net works when changing t he first oct et so we can creat e a
m axim um of 255 net works because t he first oct et can only range from 1 t o 255 ( in fact it is m uch
sm aller because class A only range from 1 t o 126) . Now we have t o use a t echnique called
“ subnet t ing” t o achieve our purpose.
“ Subnet t ing” m eans we bor r ow som e bit s fr om t h e H ost pa r t t o a dd t o t h e N e t w or k pa r t .
This allows us t o have m ore net works t han using t he default subnet m ask. For exam ple, we can
borrow som e bit s in t he next oct et t o m ake t he address 11.1.0.1 belong t o a different net work
from 11.0.0.1.
H ow t o subn e t ?
Do you rem em ber t hat I said “ in t he subnet m ask, bit 1 represent s for Net work part while bit 0
present s for Host part ” ? Well, t his also m eans t hat we can specify how m any bit s we want t o
borrow by changing how m any bit 0 t o bit 1 in t he subnet m ask.
Let ’s com e back t o our exam ple wit h t he I P 11.0.0.1, we will writ e all num bers in binary form t o
reveal what a com put er really sees in an I P address.

Now you can clearly see t hat t he subnet m ask will decide which is t he Net work part , which is t he
Host part . By borrowing 8 bit s, our subnet m ask will be like t his:

http://www.9tut 211
After changing the second octet of the subnet mask from all “0″ to all “1″, the Network part is
now ext ended. Now we can creat e new net works by changing num ber in t he first or second oct et .
This great ly increases t he num ber of net works we can creat e. Wit h t his new subnet m ask, I P
11.1.0.1 is in different net work from I P 11.0.0.1 because “1″ in the second octet now belongs to
t he Net work part .
So, in conclusion we “subnet” by borrowing bit “0″ in the Host portion and converting them to bit
“1″. The number of borrowed bits is depended on how many networks we need.
Not e: A rule of borrowing bit s is we can only borrow bit 0 from t he left t o t he right wit hout
skipping any bit 0. For exam ple, you can borrow like t his: “ 1111 1111. 1100 0000.0000
0000.0000 0000″ but not this: “1111 1111. 1010 0000.0000 0000.0000 0000″. In general, just
make sure all your bit “1″s are successive on the left and all your bit “0″s are successive on the
right .
I n part 2 we will learn how t o calculat e t he num ber of subnet works and host s- per- subnet
Qu e st ion 1
Given a subnet m ask of 255.255.255.224, which of t he following addresses can be assigned t o
net work host s? ( Choose t hree)
A – 15.234.118.63
B – 92.11.178.93
C – 134.178.18.56
D – 192.168.16.87
E – 201.45.116.159
F – 217.63.12.192
An sw e r : B C D
Ex pla na t ion
A subnet m ask of 255.255.255.224 has an increm ent of 32 ( t he binary form of t he last oct et is
111 0 0000) so we can’t use num bers which are t he m ult iples of 32 because t hey are subnet work
addresses. Besides, we can’t use broadcast addresses of t hese subnet works ( t he broadcast
address of t he previous subnet is calculat ed by subt ract ing 1 from t he net work address) . For
exam ple t he net work address of t he 2nd subnet is x.x.x.32 t hen t he broadcast address of t he 1st
subnet is 32 – 1 = 31 ( m eans x.x.x.31) .
By t his m et hod we can calculat e t he unusable addresses, which are ( not ice t hat t hese are t he 4t h
oct et s of t he I P addresses only) :
+ Net work addresses: 0, 32, 64, 96, 128, 160, 1 9 2 , 224.
+ Broadcast addresses: 31, 6 3 , 95, 127,1 5 9 , 191, 223.
Qu e st ion 2
Which of t he following host addresses are m em bers of net works t hat can be rout ed across t he
public I nt ernet ? ( Choose t hree)
A – 10.172.13.65
B – 172.16.223.125
C – 172.64.12.29
D – 192.168.23.252
E – 198.234.12.95
F – 212.193.48.254
An sw e r : C E F
Ex pla na t ion

http://www.9tut 212
Addresses t hat can be rout ed accross t he public I nt ernet are called public I P addresses. These
addresses belong t o class A, B or C only and are not privat e addresses.
Not e:
Privat e class A I P addresses: 10.0.0.0 t o 10.255.255.255
Privat e class B I P addresses: 172.16.0.0 t o 172.31.255.255
Privat e class C I P addresses: 192.168.0.0 t o 192.168.255.255
Class D addresses are reserved for I P m ult icast addresses and can’t be rout ed across t he I nt ernet
( t heir addresses begin wit h 224.0.0.0 address) .
Also we can’t use 127.x.x.x address because t he num ber 127 is reserved for loopback and is used
for int ernal t est ing on t he local m achine.
Qu e st ion 3
A nat ional ret ail chain needs t o design an I P addressing schem e t o support a nat ionwide net work.
The com pany needs a m inim um of 300 subnet works and a m axim um of 50 host addresses per
subnet . Working wit h only one Class B address, which of t he following subnet m asks will support
an appropriat e addressing schem e? ( Choose t wo)
A – 255.255.255.0
B – 255.255.255.128
C – 255.255.252.0
D – 255.255.255.224
E – 255.255.255.192
F – 255.255.248.0
An sw e r : B E
Ex pla na t ion
We need t o rem em ber t he default subnet m ask of class B is 255.255.0.0. Next , t he com pany
requires a m inim um of 300 subnet works so we have t o use at least 512 subnet works ( because
512 is t he m inim um power of 2 and great er t han 300) . Therefore we need t o get 9 bit s for
net work m ask ( 2 9 = 512) , leaving 7 bit s for host s which is 2 7 - 2 = 126 > 50 host s per subnet .This
schem e sat isfies t he requirem ent - > B is correct .

We can increase t he subnet works t o 1024 ( 1024 = 2 10 ) , leaving 6 bit s for host s t hat is 2 6 = 64 >
50 host s. This schem e sat isfies t he requirem ent , t oo - > E is correct .

Not ice: The quest ion asks “ The com pany needs a m inim um of 300 subnet works and a m axim um
of 50 host addresses per subnet ” but t his is a t ypo, you should underst and it as “ ” The com pany
needs a m inim um of 300 subnet works and a m inim um of 50 host addresses per subnet ” .

http://www.9tut 213
Qu e st ion 4
Which of t he following I P addresses fall int o t he CI DR block of 115.64.4.0/ 22? ( Choose t hree)
A – 115.64.8.32
B – 115.64.7.64
C – 115.64.6.255
D – 115.64.3.255
E – 115.64.5.128
F – 115.64.12.128
An sw e r : B C E
Ex pla na t ion
CI DR st ands for Classless I n4t er- Dom ain Rout ing, t he difference bet ween CI DR and VLSM is slim
and t hose t erm s are int erchangeable at CCNA level.
To specify which I P addresses fall int o t he CI DR block of 115.64.4.0/ 22 we need t o writ e t his I P
address and it s subnet m ask in binary form , but we only care 3rd oct et of t his address because it s
subnet m ask is / 22.

( x m eans “ don’t care” )

Next , we have t o writ e t he 3rd oct et s of t he above answers in binary form t o specify which
num bers have t he sam e “ prefixes” wit h 4.
4 = 0 0 0 0 0 1 00
8 = 0000 1000
7 = 0 0 0 0 0 1 11
6 = 0 0 0 0 0 1 10
3 = 0000 0011
5 = 0 0 0 0 0 1 01
12= 0000 1100
We can see only 7, 6 and 5 have t he sam e “ prefixes” wit h 4 so B C E are t he correct answers.
Qu e st ion 5
Refer t o t he diagram . All host s have connect ivit y wit h one anot her. Which st at em ent s describe t he
addressing schem e t hat is in use in t he net work? ( Choose t hree)

http://www.9tut 214
A – The subnet m ask in use is 255.255.255.192.
B – The subnet m ask in use is 255.255.255.128.
C – The I P address 172.16.1.25 can be assigned t o host s in VLAN1.
D – The I P address 172.16.1.205 can be assigned t o host s in VLAN1.
E – The LAN int erface of t he rout er is configured wit h one I P address.
F – The LAN int erface of t he rout er is configured wit h m ult iple I P addresses.
An sw e r : B C F
Ex pla na t ion
VLAN 2 has 114 host s so we need t o leave 7 bit s 0 for t he host addresses ( 2 7 – 2 = 126 > 114) .
Not ice t hat we are working wit h class B ( bot h Host A and Host B belong t o class B) and t he default
subnet m ask of class B is / 16 so we need t o use 16 – 7 = 9 bit s 1 for t he subnet work m ask, t hat
m eans t he subnet m ask should be 255.255.255.128 - > B is correct .
By using above schem e, C is correct because t he I P 172.16.1.25 belongs t o t he subnet work of
VLAN 1 ( 172.16.1.0/ 25) and can be assigned t o host s in VLAN 1.
For com m unicat ion bet ween VLAN 1 and VLAN 2, t he LAN int erface of t he rout er should be divided
int o m ult iple subint erfaces wit h m ult iple I P addresses - > F is correct .
Qu e st ion 6
The net work 172.25.0.0 has been divided int o eight equal subnet s. Which of t he following I P
addresses can be assigned t o host s in t he t hird subnet if t he ip subnet - zero com m and is
configured on t he rout er? ( Choose t hree)
A – 172.25.78.243
B – 172.25.98.16
C – 172.25.72.0
D – 172.25.94.255
E – 172.25.96.17
F. 172.25.100.16
An sw e r : A C D
Ex pla na t ion
I f t he “ ip subnet - zero” com m and is configured t hen t he first subnet is 172.25.0.0. Ot herwise t he
first subnet will be 172.25.32.0 ( we will learn how t o get 32 below) .
The quest ion st at ed t hat t he net work 172.25.0.0 is divided int o eight equal subnet s t herefore t he
increm ent is 256 / 8 = 32 and it s corresponding subnet m ask is / 19 ( 1111 1111.1111 1111.111 0
0000) .

http://www.9tut 215
First subnet : 172.25.0.0/ 19
Second subnet : 172.25.32.0/ 19
Third subnet : 172.25.64.0/ 19
4t h subnet : 172.25.96.0/ 19
5t h subnet : 172.25.128.0/ 19
6t h subnet : 172.25.160.0/ 19
7t h subnet : 172.25.192.0/ 19
8t h subnet : 172.25.224.0/ 19
I n fact , we only need t o specify t he t hird subnet as t he quest ion request ed. The t hird subnet
ranges from 172.25.64.0/ 19 t o 172.25.95.255/ 19 so A C D are t he correct answers.
Qu e st ion 7
Refer t o t he exhibit . I n t his VLSM addressing schem e, what sum m ary address would be sent from
rout er A?

A. 172.16.0.0/ 16
B. 172.16.0.0/ 20
C. 172.16.0.0/ 24
D. 172.32.0.0/ 16
E. 172.32.0.0/ 17
F. 172.64.0.0/ 16
An sw e r : A
Ex pla na t ion
Rout er A receives 3 subnet s: 172.16.64.0/ 18, 172.16.32.0/ 24 and 172.16.128.0/ 18.
All t hese 3 subnet s have t he sam e form of 172.16.x.x so our sum m arized subnet m ust be also in
t hat form - > Only A, B or C is correct .
The sm allest subnet m ask of t hese 3 subnet s is / 18 so our sum m arized subnet m ust also have it s
subnet m ask equal or sm aller t han / 18.
- > Only answer A has t hese 2 condit ions - > A is correct .

http://www.9tut 216
Part 2
Qu e st ion 1
Refer t o t he exhibit . Which VLSM m ask will allow for t he appropriat e num ber of host addresses for
Net work A?

A. / 25
B. / 26
C. / 27
D. / 28
An sw e r : A
Ex pla na t ion
We need 66 host s < 128 = 2 7 - > We need 7 bit s 0 - > The subnet m ask should be 1111
1111.1111 1111.1111 1111.1000 0000- > / 25
Qu e st ion 2
Refer t o t he exhibit . Which subnet m ask will place all host s on Net work B in t he sam e subnet wit h
t he least am ount of wast ed addresses?

A. 255.255.255.0
B. 255.255.254.0
C. 255.255.252.0
D. 255.255.248.0
An sw e r : B
Ex pla na t ion
310 host s < 512 = 2 9 - > We need a subnet m ask of 9 bit s 0 - > 1111 1111.1111 1111.1111
1110.0000 0000 - > 255.255.254.0
Qu e st ion 3
Refer t o t he exhibit . Which m ask is correct t o use for t he WAN link bet ween t he rout ers t hat will
provide connect ivit y while wast ing t he least am ount of addresses?

http://www.9tut 217
A. / 23
B. / 24
C. / 25
D. / 30
An sw e r : D
Ex pla na t ion
For WAN link we only need 2 usable host addresses for 2 int erfaces on t he rout ers. The subnet
m ask of / 30 gives us 2 2 – 2 = 2 usable host addresses. Also remember that “/30″ is famous for
point - t o- point connect ion because it wast es t he least am ount of addresses.
Qu e st ion 4
Refer t o t he exhibit . What is t he m ost appropriat e sum m arizat ion for t hese rout es?

A. 10.0.0.0/ 21
B. 10.0.0.0/ 22
C. 10.0.0.0/ 23
D. 10.0.0.0/ 24
An sw e r : B
Ex pla na t ion
We need t o sum m arize 4 subnet s so we have t o m ove left 2 bit s ( 2 2 = 4) . I n t his quest ion we can
guess t he init ial subnet m ask is / 24 because 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0 belong t o
different networks. So “/24″ moves left 2 bits - > / 22.
Qu e st ion 5
On t he net work 131.1.123.0/ 27, what is t he last I P address t hat can be assigned t o a host ?
A. 131.1.123.30
B. 131.1.123.31
C. 131.1.123.32
D. 131.1.123.33
An sw e r : A
Ex pla na t ion
I ncrem ent : 32
Net work address: 131.1.123.0 & 131.1.123.32
Broadcast address: 131.1.123.31
Bot h 131.1.123.30 & 131.1.123.33 can be assigned t o host but t he quest ion asks about t he “ last
I P address” so A is t he correct answer.

http://www.9tut 218
Qu e st ion 6
The ip subnet zero com m and is not configured on a rout er. What would be t he I P address of
Et hernet 0/ 0 using t he first available address from t he sixt h subnet of t he net work
192.168.8.0/ 29?
A. 192.168.8.25
B. 192.168.8.41
C. 192.168.8.49
D. 192.168.8.113
An sw e r : C
Ex pla na t ion
The “ ip subnet zero” is not configured so t he first subnet will st art at 192.168.8.8 ( ignoring
192.168.8.0) .
I ncrem ent : 8
1 st subnet : 192.168.8.8
2 nd subnet : 192.168.8.16
3 rd subnet : 192.168.8.24
4 t h subnet : 192.168.8.32
5 t h subnet : 192.168.8.40
6 t h subnet : 192.168.8.48 - > The first usable I P address of 6 t h subnet is 192.168.8.49
Qu e st ion 7
For t he net work 192.0.2.0/ 23, which opt ion is a valid I P address t hat can be assigned t o a host ?
A. 192.0.2.0
B. 192.0.2.255
C. 192.0.3.255
D. 192.0.4.0
An sw e r : B
Ex pla na t ion
I ncrem ent : 2
Net work address: 192.0.2.0, 192.0.4.0
Broadcast address: 192.0.3.255
- > 192.0.2.255 is not a broadcast address, it is an usable I P address.
Qu e st ion 8
How m any addresses for host s will t he net work 124.12.4.0/ 22 provide?
A. 510
B. 1022
C. 1024
D. 2048
An sw e r : B
Ex pla na t ion
/ 22 gives us 10 bit s 0 - > 2 10 – 2 = 1022. Not ice t hat t he form ula t o calculat e t he num ber of host
is: 2 k – 2.

http://www.9tut 219
Qu e st ion 9
The net work default gat eway applying t o a host by DHCP is 192.168.5.33/ 28. Which opt ion is t he
valid I P address of t his host ?
A. 192.168.5.55
B. 192.168.5.47
C. 192.168.5.40
D. 192.168.5.32
E. 192.168.5.14
An sw e r : C
Qu e st ion 1 0
Which t wo addresses can be assigned t o a host wit h a subnet m ask of 255.255.254.0? ( Choose
t wo)
A. 113.10.4.0
B. 186.54.3.0
C. 175.33.3.255
D. 26.35.2.255
E. 17.35.36.0
An sw e r : B D

Part 3
Qu e st ion 1
Workst at ion A has been assigned an I P address of 192.0.2.24/ 28. Workst at ion B has been
assigned an I P address of 192.0.2.100/ 28. The t wo workst at ions are connect ed wit h a st raight -
t hrough cable. At t em pt s t o ping bet ween t he host s are unsuccessful. What t wo t hings can be done
t o allow com m unicat ions bet ween t he host s? ( Choose t wo)
A. Replace t he st raight - t hrough cable wit h a crossover cable.
B. Change t he subnet m ask of t he host s t o / 25.
C. Change t he subnet m ask of t he host s t o / 26.
D. Change t he address of Workst at ion A t o 192.0.2.15.
E. Change t he address of Workst at ion B t o 192.0.2.111.
An sw e r : A B
Ex pla na t ion
To specify when we use crossover cable or st raight - t hrough cable, we should rem em ber:
Gr ou p 1 : Rout er, Host , Server
Gr ou p 2 : Hub, Swit ch
One device in group 1 + One device in group 2: use st raight - t hrough cable
Two devices in t he sam e group: use crossover cable
- > To connect t wo host s we m ust use crossover cable - > A is correct .
Wit h t he subnet m ask of / 28, 192.0.2.24 & 192.0.2.100 will be in different subnet s ( 192.0.2.24
belongs t o subnet 192.0.2.16/ 28; 192.0.2.100 belongs t o subnet 192.0.2.96) . To m ake t hem in
t he sam e subnet we need m ore space for host . Because 100 < 128 so we t he suit able subnet
should be / 25.

http://www.9tut 220
Qu e st ion 2
Your I SP has given you t he address 223.5.14.6/ 29 t o assign t o your rout er’s int erface. They have
also given you t he default gat eway address of 223.5.14.7. Aft er you have configured t he address,
t he rout er is unable t o ping any rem ot e devices. What is prevent ing t he rout er from pinging
rem ot e devices?
A. The default gat eway is not an address on t his subnet .
B. The default gat eway is t he broadcast address for t his subnet .
C. The I P address is t he broadcast address for t his subnet .
D. The I P address is an invalid class D m ult icast address.
An sw e r : B
Ex pla na t ion
For t he net work 223.5.14.6/ 29:
I ncrem ent : 8
Net work address: 223.5.14.0
Broadcast address: 223.5.14.7
- > The default gat eway I P address is t he broadcast address of t his subnet - > B is correct .
Qu e st ion 3
Refer t o t he exhibit . According t o t he rout ing t able, where will t he rout er send a packet dest ined
for 10.1.5.65?

N e t w or k I n t e r fa ce N e x t - hop

10.1.1.0/ 24 e0 direct ly connect ed

10.1.2.0/ 24 e1 direct ly connect ed

10.1.3.0/ 25 s0 direct ly connect ed

10.1.4.0/ 24 s1 direct ly connect ed

10.1.5.0/ 24 e0 10.1.1.2

10.1.5.64/ 28 e1 10.1.2.2

10.1.5.64/ 29 s0 10.1.3.3

10.1.5.64/ 27 s1 10.1.4.4

A. 10.1.1.2
B. 10.1.2.2
C. 10.1.3.3
D. 10.1.4.4
An sw e r : C
Ex pla na t ion
The dest inat ion I P address 10.1.5.65 belongs t o 10.1.5.64/ 28, 10.1.5.64/ 29 & 10.1.5.64/ 27
subnet s but t he “ longest prefix m at ch” algorit hm will choose t he m ost specific subnet m ask - > t he

http://www.9tut 221
prefix “/29″ will be chosen to route the packet. Therefore the next- hop should be 10.1.3.3 - > C is
correct .
Qu e st ion 4
Refer t o t he exhibit . The user at Workst at ion B report s t hat Server A cannot be reached. What is
prevent ing Workst at ion B from reaching Server A?

A. The I P address for Server A is a broadcast address.

B. The I P address for Workst at ion B is a subnet address.
C. The gat eway for Workst at ion B is not on t he sam e subnet .
D. The gat eway for Server A is not on t he sam e subnet .
An sw e r : D
Qu e st ion 5
Given t he address 192.168.20.19/ 28, which of t he following are valid host addresses on t his
subnet ? ( Choose t wo)
A. 192.168.20.29
B. 192.168.20.16
C. 192.168.20.17
D. 192.168.20.31
E. 192.168.20.0
An sw e r : A C
Qu e st ion 6
Which of t he following I P addresses fall int o t he CI DR block of 115.64.4.0/ 22? ( Choose t hree)
A. 115.64.8.32
B. 115.64.7.64
C. 115.64.6.255
D. 115.64.3.255
E. 115.64.5.128
F. 115.64.12.128
An sw e r : B C E
Qu e st ion 7
The Et hernet net works connect ed t o rout er R1 in t he graphic have been sum m arized for rout er R2
as 192.1.144.0/ 20. Which of t he following packet dest inat ion addresses will R2 forward t o R1,
according t o t his sum m ary? ( Choose t wo)

http://www.9tut 222
A. 192.1.159.2
B. 192.1.160.11
C. 192.1.138.41
D. 192.1.151.254
E. 192.1.143.145
F. 192.1.1.144
An sw e r : A D
Qu e st ion 8
Refer t o t he exhibit . All of t he rout ers in t he net work are configured wit h t he ip subnet - zero
com m and. Which net work addresses should be used for Link A and Net work A? ( Choose t wo)

A. Net work A – 172.16.3.48/ 26

B. Net work A – 172.16.3.128/ 25
C. Net work A – 172.16.3.192/ 26
D. Link A – 172.16.3.0/ 30
E. Link A – 172.16.3.40/ 30
F. Link A – 172.16.3.112/ 30
An sw e r : B D
Ex pla na t ion
Net work A needs 120 host s < 128 = 2 7 - > Need a subnet m ask of 7 bit 0s - > “/25″.
Because t he ip subnet - zero com m and is used, net work 172.16.3.0/ 30 can be used.
Answer E “ Link A – 172.16.3.40/30″ is not correct because t his subnet belongs t o MARKETI NG
subnet ( 172.16.3.32/ 27) .
Answer F “ Link A – 172.16.3.112/30″ is not correct because this subnet belongs to ADMIN subnet
( 172.16.3.96/ 27) .
Qu e st ion 9
Which t wo subnet works would be included in t he sum m arized address of 172.31.80.0/ 20?
( Choose t wo)

http://www.9tut 223
A. 172.31.17.4/ 30
B. 172.31.51.16 / 30
C. 172.31.64.0/ 18
D. 172.31.80.0/ 22
E. 172.31.92.0/ 22
F. 172.31.192.0/ 18
An sw e r : D E
Ex pla na t ion
From t he sum m arized address of 172.31.80.0/ 20, we find t he range of t his sum m arized net work:
I ncrem ent : 16
Net work address: 172.31.80.0
Broadcast address: 172.31.95.255
- > Answer D & E belong t o t his range so t hey are t he correct answers.
Qu e st ion 1 0
Which t hree I P addresses can be assigned t o host s if t he subnet m ask is / 27 and subnet zero is
usable? ( Choose t hree)
A. 10.15.32.17
B. 17.15.66.128
C. 66.55.128.1
D. 135.1.64.34
E. 129.33.192.192
F. 192.168.5.63
An sw e r : A C D
Ex pla na t ion
First we need t o find out t he form s of net work addresses and broadcast addresses when t he
subnet m ask of / 27 is used:
I ncrem ent : 32
Net work address: I n t he form of x.x.x.( 0,32,64,96,128,160,192,224)
Broadcast address: I n t he form of x.x.x.( 31,63,95,127,159,191,223)
So we only need t o check t he fourt h oct et s of t he I P addresses above. I f t hey are not in t he form
of net work addresses or broadcast addresses t hen t hey can be assigned t o host s.
Not ice t hat t he I P 66.55.128.1 belongs t o t he subnet zero and t he quest ion says subnet zero is
usable so it is valid.
Qu e st ion 1 1
Which of t he following I P addresses can be assigned t o t he host devices? ( Choose t wo)
A. 205.7.8.32/ 27
B. 191.168.10.2/ 23
C. 127.0.0.1
D. 224.0.0.10
E. 203.123.45.47/ 28
F. 10.10.0.0/ 13
An sw e r : B F

http://www.9tut 224
Ex pla na t ion
This is a t im e- consum ing quest ion ( but not hard ^ ^ ) because we have t o calculat e t he range of
each subnet work separat ely ( except ing answer C is t he local loopback address & answer D is a
m ult icast address) so m ake sure you can do subnet quickly. Aft er solving above quest ions I
believe you can find out t he result so I don’t explain t his quest ion in det ail.
Qu e st ion 1 2
How m any subnet s can be gained by subnet t ing 172.17.32.0/ 23 int o a / 27 m ask, and how m any
usable host addresses will t here be per subnet ?
A. 8 subnet s, 31 host s
B. 8 subnet s, 32 host s
C. 16 subnet s, 30 host s
D. 16 subnet s, 32 host s
E. A Class B address cant be subnet t ed int o t he fourt h oct et .
An sw e r : C
Ex pla na t ion
Subnet t ing from / 23 t o / 27 gives us 27 – 23 = 4 bit s - > 2 4 = 16 subnet s.
/ 27 has 5 bit 0s so it gives 2 5 – 2 = 30 host s- per- subnet .

Part 4
Qu e st ion 1
You are working in a dat a cent er environm ent and are assigned t he address range
10.188.31.0/ 23. You are asked t o develop an I P addressing plan t o allow t he m axim um num ber of
subnet s wit h as m any as 30 host s each.Which I P address range m eet s t hese requirem ent s?
A. 10.188.31.0/ 27
B. 10.188.31.0/ 26
C. 10.188.31.0/ 29
D. 10.188.31.0/ 28
E. 10.188.31.0/ 25
An sw e r : A
Ex pla na t ion
Each subnet has 30 host s < 32 = 2 5 so we need a subnet m ask which has at least 5 bit 0s - > / 27.
Also t he quest ion requires t he m axim um num ber of subnet s ( which m inim um t he num ber of
host s- per- subnet ) so / 27 is t he best choice - > A is correct .
Qu e st ion 2
Refer t o t he exhibit . The Lakeside Com pany has t he int ernet work in t he exhibit . The Adm inist rat or
would like t o reduce t he size of t he rout ing t able t o t he Cent ral Rout er. Which part ial rout ing t able
ent ry in t he Cent ral rout er represent s a rout e sum m ary t hat represent s t he LANs in Phoenix but
no addit ional subnet s?

http://www.9tut 225
A. 10.0.0.0 / 22 is subnet t ed, 1 subnet
D 10.0.0.0 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
B. 10.0.0.0 / 28 is subnet t ed, 1 subnet
D 10.2.0.0 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
C. 10.0.0.0 / 30 is subnet t ed, 1 subnet
D 10.2.2.0 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
D. 10.0.0.0 / 22 is subnet t ed, 1 subnet
D 10.4.0.0 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
E. 10.0.0.0 / 28 is subnet t ed, 1 subnet
D 10.4.4.0 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
F. 10.0.0.0 / 30 is subnet t ed, 1 subnet
D 10.4.4.4 [ 90/ 20514560] via 10.2.0.2 6w0d, serial 0/ 1
An sw e r : D
Ex pla na t ion
All t he above net works can be sum m arized t o 10.0.0.0 net work but t he quest ion requires t o
“ represent t he LANs in Phoenix but no addit ional subnet s” so we m ust sum m arized t o 10.4.0.0
net work. The Phoenix rout er has 4 subnet s so we need t o “ m ove left ” 2 bit s of “ / 24″- > / 22 is t he
best choice - > D is correct .
Qu e st ion 3
Which address range efficient ly sum m arizes t he rout ing t able of t he addresses for rout er m ain?

http://www.9tut 226
A. 172.16.0.0/ 18
B. 172.16.0.0/ 16
C. 172.16.0.0/ 20
D. 172.16.0.0/ 21
An sw e r : C
Ex pla na t ion
To sum m arize t hese net works efficient ly we need t o find out a net work t hat “ covers” from
172.16.1.0 - > 172.16.13.0 ( including 13 net works < 16) . So we need t o use 4 bit s ( 2 4 = 16) .
Not ice t hat we have t o m ove t he borrowed bit s t o t he left ( not right ) because we are
sum m arizing.
The net work 172.16.0.0 belongs t o class B wit h a default subnet m ask of / 16 but in t his case it
has been subnet t ed wit h a subnet m ask of / 24 ( we can guess because 172.16.1.0, 172.16.2.0,
172.16.3.0… are different net works) .
Therefore “ m ove 4 bit s to the left” of “/24″ will give us “/20″ - > C is t he correct answer.
Qu e st ion 4
Refer t o t he exhibit . A new subnet wit h 60 host s has been added t o t he net work. Which subnet
address should t his net work use t o provide enough usable addresses while wast ing t he fewest
addresses?

A. 192.168.1.56/ 27
B. 192.168.1.64/ 26
C. 192.168.1.64/ 27
D. 192.168.1.56/ 26
An sw e r : B
Ex pla na t ion
60 host s < 64 = 2 6 - > we need a subnet m ask of at least 6 bit 0s - > “/26″. The question requires
“ wast ing t he fewest addresses” which m eans we have t o allow only 62 host s- per- subnet - > B is
correct .
Qu e st ion 5
The net work t echnician is planning t o use t he 255.255.255.224 subnet m ask on t he net work.
Which t hree valid I P addresses can t he t echnician use for t he host s? ( Choose t hree)
A. 172.22.243.127
B. 172.22.243.191
C. 172.22.243.190
D. 10.16.33.98
E. 10.17.64.34
F. 192.168.1.160
An sw e r : C D E

http://www.9tut 227
Ex pla na t ion
From t he subnet m ask of 255.255.255.224 we learn:
I ncrem ent : 32
Net work address: I n t he form of x.x.x.( 0,32, 64, 96, 128, 160, 192, 224)
Broadcast address: I n t he form of x.x.x.( 31,63,95,127,159,191,223)
- > All I P addresses not in t he above form s are usable for host - > C D E are correct answers.
Qu e st ion 6
I n t he im plem ent at ion of VLSM t echniques on a net work using a single Class C I P address, which
subnet m ask is t he m ost efficient for point - t o- point serial links?
A. 255.255.255.240
B. 255.255.255.254
C. 255.255.255.252
D. 255.255.255.0
E. 255.255.255.248
An sw e r : C
Ex pla na t ion
The subnet m ask of 255.255.255.252 gives only 2 usable host addresses because it has only 2 bit
0s ( 2 2 – 2 = 2) so it is t he m ost efficient subnet m ask for point - t o- point serial links ( and you
should rem em ber it ) .
Qu e st ion 7
Refer t o t he exhibit . Host A cannot ping Host B. Assum ing rout ing is properly configured, w hat
could be t he cause of t his problem ?

A. Host A is not on t he sam e subnet as it s default gat eway.

B. The address of Swit chA is a subnet address.
C. The Fa0/ 0 int erface on Rout erA is on a subnet t hat can’t be used.
D. The serial int erfaces of t he rout ers are not on t he sam e subnet .
E. The Fa0/ 0 int erface on Rout erB is using a broadcast address.
An sw e r : D
Ex pla na t ion
Now let ’s find out t he range of t he net works on serial link:
For t he net work 192.168.1.62/ 27:

http://www.9tut 228
I ncrem ent : 32
Net work address: 192.168.1.32
Broadcast address: 192.168.1.63
For t he net work 192.168.1.65/ 27:
I ncrem ent : 32
Net work address: 192.168.1.64
Broadcast address: 192.168.1.95
- > These t wo I P addresses don’t belong t o t he sam e net work and t hey can’t see each ot her - > D
is t he correct answer.
Qu e st ion 8
The net work adm inist rat or is asked t o configure 113 point - t o- point links. Which I P addressing
schem e best defines t he address range and subnet m ask t hat m eet t he requirem ent and wast e
t he fewest subnet and host addresses?
A. 10.10.0.0/ 18 subnet t ed wit h m ask 255.255.255.252
B. 10.10.0.0/ 25 subnet t ed wit h m ask 255.255.255.252
C. 10.10.0.0/ 24 subnet t ed wit h m ask 255.255.255.252
D. 10.10.0.0/ 23 subnet t ed wit h m ask 255.255.255.252
E. 10.10.0.0/ 16 subnet t ed wit h m ask 255.255.255.252
An sw e r : D
Ex pla na t ion
We need 113 point - t o- point links which equal t o 113 subnet works < 128 so we need t o borrow 7
bit s ( because 2^ 7 = 128) .
The net work used for point - t o- point connect ion should be / 30.
So our init ial net work should be 30 – 7 = 23.
So 10.10.0.0/ 23 is t he correct answer.
You can underst and it m ore clearly when writ ing it in binary form :
/ 23 = 1111 1111.1111 1110.0000 0000
/ 30 = 1111 1111.1111 1111.1111 1100 ( borrow 7 bit s)
Qu e st ion 9
I f an Et hernet port on a rout er was assigned an I P address of 172.1.1.1/ 20, what is t he m axim um
num ber of host s allowed on t his subnet ?
A. 4094
B. 1024
C. 8190
D. 2046
E. 4096
An sw e r : A
Ex pla na t ion
I n t he prefix / 20 we have 12 bit 0s so t he num ber of host s- per- subnet is 2 12 – 2 = 4094.
Qu e st ion 1 0
A net work adm inist rat or receives an error m essage while t rying t o configure t he Et hernet
int erface of a rout er wit h I P address 10.24.24.24/ 29. Which st at em ent explains t he reason for it ?

http://www.9tut 229
A. The address is a broadcast address
B. The Et hernet int erface is fault y
C. VLSM- capable rout ing prot ocols m ust be enable first on t he rout er.
D. This address is a net work address.
An sw e r : D

CCNA – Operat ions

Qu e st ion 1 :
What are t wo reasons t hat a net work adm inist rat or would use access list s? ( Choose t wo.)
A. t o cont rol vt y access int o a rout er
B. t o cont rol broadcast t raffic t hrough a rout er
C. t o filt er t raffic as it passes t hrough a rout er
D. t o filt er t raffic t hat originat es from t he rout er
E. t o replace passwords as a line of defense against securit y incursions
An sw e r s: A C
Qu e st ion 2 :
A single 802.11g access point has been configured and inst alled in t he cent er of a square office. A
few wireless users are experiencing slow perform ance and drops while m ost users are operat ing at
peak efficiency. What are t hree likely causes of t his problem ? ( Choose t hree.)
A. m ism at ched TKI P encrypt ion
B. null SSI D
C. cordless phones
D. m ism at ched SSI D
E. m et al file cabinet s
F. ant enna t ype or direct ion
An sw e r s: C E F
Qu e st ion 3 :
Refer t o t he exhibit . How m any broadcast dom ains exist in t he exhibit ed t opology?

A. one
B. t wo
C. t hree
D. four
E. five
F. six
An sw e r : C

http://www.9tut 230
Qu e st ion 4 :
Which t ype of at t ack is charact erized by a flood of packet s t hat are request ing a TCP connect ion t o
a server?
A. denial of service
B. brut e force
C. reconnaissance
D. Troj an horse
An sw e r : A
Qu e st ion 5 :
Refer t o t he exhibit .

The net work adm inist rat or has creat ed a new VLAN on Swit ch1 and added host C and host D. The
adm inist rat or has properly configured swit ch int erfaces Fast Et hernet 0/ 13 t hrough
Fast Et hernet 0/ 24 t o be m em bers of t he new VLAN. However, aft er t he net work adm inist rat or
com plet ed t he configurat ion, host A could com m unicat e wit h host B, but host A could not
com m unicat e wit h host C or host D. Which com m ands are required t o resolve t his problem ?
A. Rout er( config) # int erface fast et hernet 0/ 1.3
Rout er( config- if) # encapsulat ion dot 1q 3
Rout er( config- if) # ip address 192.168.3.1 255.255.255.0
B. Rout er( config) # rout er rip
Rout er( config- rout er) # net work 192.168.1.0
Rout er( config- rout er) # net work 192.168.2.0
Rout er( config- rout er) # net work 192.168.3.0
C. Swit ch1# vlan dat abase
Swit ch1( vlan) # vt p v2- m ode
Swit ch1( vlan) # vt p dom ain cisco
Swit ch1( vlan) # vt p server
D. Swit ch1( config) # int erface fast et hernet 0/ 1
Swit ch1( config- if) # swit chport m ode t runk
Swit ch1( config- if) # swit chport t runk encapsulat ion isl

An sw e r : A

http://www.9tut 231
Ex pla na t ion :
Com m unicat ion bet ween host A and host B on t he sam e VLAN does not need a rout er but
com m unicat ion bet ween host A and host C ( or host D) need a layer 3 device, in t his case Rout er1,
which is called a “ rout er on a st ick” . From t he out put of Rout er1, we not ice t hat t here is not any
rout e t o t he new net work 192.168.3.0/ 24 which host C and host D belong t o. Therefore, we need
t o configure a subint erface for t his net work.
Qu e st ion 6 :
Refer t o t he exhibit . What is t he m ost efficient sum m arizat ion t hat R1 can use t o advert ise it s
net works t o R2?

A. 172.1.0.0/ 22
B. 172.1.0.0/ 21
C. 172.1.4.0/ 22
D. 172.1.4.0/ 24
172.1.5.0/ 24
172.1.6.0/ 24
172.1.7.0/ 24
E. 172.1.4.0/ 25
172.1.4.128/ 25
172.1.5.0/ 24
172.1.6.0/ 24
172.1.7.0/ 24
An sw e r : C
Ex pla na t ion :
Net work 172.1.4.0/ 25 and net work 172.1.4.128/ 25 can be grouped t o a single net work
172.1.4.0/ 24
Net work 172.1.4.0/ 24 + Net work 172.1.5.0/ 24 + Net work 172.1.6.0/ 24 + Net work 172.1.7.0/ 24
can be grouped t o a single net work 172.1.4.0/ 22 because we have all 4 subnet works so we can
m ove left 2 bit s ( 2 2 = 4)
Qu e st ion 7 :
Which spread spect rum t echnology does t he 802.11b st andard define for operat ion?
A. IR
B. DSSS
C. FHSS
D. DSSS and FHSS
E. I R, FHSS, and DSSS
An sw e r : B

http://www.9tut 232
Qu e st ion 8 :
A net work int erface port has collision det ect ion and carrier sensing enabled on a shared t wist ed
pair net work. From t his st at em ent , what is known about t he net work int erface port ?
A. This is a 10 Mb/ s swit ch port .
B. This is a 100 Mb/ s swit ch port .
C. This is an Et hernet port operat ing at half duplex.
D. This is an Et hernet port operat ing at full duplex.
E. This is a port on a net work int erface card in a PC.
An sw e r : C
Ex pla na t ion :
Modern Et hernet net works built wit h swit ches and full- duplex connect ions no longer ut ilize
CSMA/ CD. CSMA/ CD is only used in obsolet e shared m edia Et hernet ( which uses repeat er or hub) .
Qu e st ion 9 :
Refer t o t he t opology and rout er configurat ion shown in t he graphic. A host on t he LAN is
accessing an FTP server across t he I nt ernet . Which of t he following addresses could appear as a
source address for t he packet s forwarded by t he rout er t o t he dest inat ion server?

A. 10.10.0.1
B. 10.10.0.2
C. 199.99.9.33
D. 199.99.9.57
E. 200.2.2.17
F. 200.2.2.18
An sw e r : D
Qu e st ion 1 0 :
Which rout ing prot ocol by default uses bandwidt h and delay as m et rics?
A. RI P
B. BGP
C. OSPF
D. EI GRP
An sw e r : D

http://www.9tut 233
Qu e st ion 1 1 :
Refer t o t he exhibit . The net works connect ed t o rout er R2 have been sum m arized as a
192.168.176.0/ 21 rout e and sent t o R1. Which t wo packet dest inat ion addresses will R1 forward
t o R2? ( Choose t wo)

A. 192.168.194.160
B. 192.168.183.41
C. 192.168.159.2
D. 192.168.183.255
E. 192.168.179.4
F. 192.168.184.45
An sw e r : B E
Ex pla na t ion :
From t he subnet m ask of / 21, we can specify t he net work address and broadcast address of t his
subnet work:
I n cr e m e n t : 8 of t he t hird oct et ( / 21 = 255.255.248.0 or 1111 1111.1111 1111. 1111 1 000.0000
0000)
N e t w or k a ddr e ss: 192.168.176.0
Br oa dca st a ddr e ss: 192.168.183.255 ( 183 = 176 + 8 – 1)
Therefore all t he dest inat ion addresses in t his range will be forwarded t o R2 - > B and E lie in t his
range and t heir packages will be forwarded t o R2. Please not ice t hat D is an incorrect answer
because it is a broadcast address and R1 will drop it s packages.
Qu e st ion 1 2 :
Refer t o t he exhibit . Which swit ch provides t he spanning- t ree designat ed port role for t he net work
segm ent t hat services t he print ers?

http://www.9tut 234
A. Swit ch1
B. Swit ch2
C. Swit ch3
D. Swit ch4
An sw e r : C
Ex pla na t ion :
First , t he quest ion asks what swit ch services t he print ers, so it can be Swit ch 3 or Swit ch 4 which
is connect ed direct ly t o t he Print ers.
Next , by com paring t he MAC address of Swit ch 3 and Swit ch 4 we found t hat t he MAC of Swit ch 3
is sm aller. Therefore t he int erface connect ed t o t he Print ers of Swit ch 3 will becom e designat ed
int erface and t he int erface of Swit ch 4 will be blocked
( Please not ice t hat Swit ch 1 will becom e t he root bridge because of it s lowest priorit y, not Swit ch
3)

Pa r t 2
Qu e st ion 1
On a net work of one depart m ent , t here are four PCs connect ed t o a swit ch, as shown in t he
following figure:

Aft er t he Swit ch1 rest art s. Host A ( t he host on t he left ) sends t he first fram e t o Host C ( t he host
on t he right ) . What t he first t hing should t he swit ch do?
A. Swit ch1 will add 192.168.23.12 t o t he swit ching t able.
B. Swit ch1 will add 192.168.23.4 t o t he swit ching t able.
C. Swit ch1 will add 000A.8A47.E612 t o t he swit ching t able.
D. None of t he above
An sw e r : C
Ex pla na t ion
When Swit ch1 receives t he first fram e from Host A, it will writ e Host A’s MAC address int o it s MAC
address t able ( including t he corresponding port Fa0/ 4) and flood t he fram e t o all ot her port s.
Qu e st ion 2
The user of Host 1 want s t o ping t he DSL m odem / rout er at 192.168.1.254. Based on t he Host 1
ARP t able t hat is shown in t he exhibit , what will Host 1 do?

http://www.9tut 235
A. send a unicast ARP packet t o t he DSL m odem / rout er
B. send unicast I CMP packet s t o t he DSL m odem / rout er
C. send Layer 3 broadcast packet s t o which t he DSL m odem / rout er responds
D. send a Layer 2 broadcast t hat is received by Host 2, t he swit ch, and t he DSL m odem / rout er
An sw e r : B
Ex pla na t ion
Because Host 1 has already had inform at ion about DSL m odem so it doesn’t need t o broadcast an
ARP Request t o find out t he MAC address of DSL m odem . I t j ust needs t o send unicast I CMP
packet s direct ly t o t hat m odem .
Qu e st ion 3
Which t wo values are used by Spanning Tree Prot ocol t o elect a root bridge? ( Choose t wo)
A. am ount of RAM
B. bridge priorit y
C. I OS version
D. I P address
E. MAC address
F. speed of t he links
An sw e r : B E
Qu e st ion 4
Host 1 is t rying t o com m unicat e wit h Host 2. The e0 int erface on Rout er C is down. Which of t he
following are t rue? ( Choose t wo.)

http://www.9tut 236
Ex pla na t ion
Host 1 is t rying t o com m unicat e wit h Host 2. I t s packet s t ravel from rout erA t o rout erB and rout er
C. Rout er C ( t he last rout er) t hen broadcast an ARP fram e ont o t he net work looking for t he MAC
address of Host 2. I f Host 2 can answer t hen rout er C can forward t he fram e. But e0 int erface is
down so no answer from Host 2 will be received so rout er C will send a Dest inat ion Unreachable
m essage back t o t he originat or. This m essage also inform s t hat t he m iddle net work is st ill working
correct ly.
Also not ice t hat t he Dest inat ion Unreachable m essage is an I CMP m essage.
Qu e st ion 5
Refer t o t he exhibit . The net work shown in t he exhibit is running t he RI Pv2 rout ing prot ocol. The
net work has converged, and t he rout ers in t his net work are funct ioning properly. The
Fast Et hernet 0/ 0 int erface on R1 goes down. I n which t wo ways will t he rout ers in t his net work
respond t o t his change? ( Choose t wo)

A. All rout ers will reference t heir t opology dat abase t o det erm ine if any backup rout es t o t he
192.168.1.0 net work are known.
B. Rout ers R2 and R3 m ark t he rout e as inaccessible and will not accept any furt her rout ing
updat es from R1 unt il t heir holddown t im ers expire.
C. Because of t he split - horizon rule, rout er R2 will be prevent ed from sending erroneous
inform at ion t o R1 about connect ivit y t o t he 192.168.1.0 net work.
D. When rout er R2 learns from R1 t hat t he link t o t he 192.168.1.0 net work has been lost , R2 will
respond by sending a rout e back t o R1 wit h an infinit e m et ric t o t he 192.168.1.0 net work.
E. R1 will send LSAs t o R2 and R3 inform ing t hem of t his change, and t hen all rout ers will send
periodic updat es at an increased rat e unt il t he net work again converges.
An sw e r : C D
Ex pla na t ion
When Fa0/ 0 on R1 goes down, R1 will t ry t o inform wit h R2 t hat it s Fa0/ 0 int erface is current ly
down. R2 in t urn will inform t o R3 t hat Fa0/ 0 of R1 is down. The split - horizon rule st at es t hat “ a
rout er never sends inform at ion about a rout e back in sam e direct ion which is original inform at ion
cam e” . I t m eans when R1 sends inform at ion about it s downed net work 192.168.1.0, R2 is not
allowed t o send back t hat inform at ion t o R1 - > C is correct .
But m aybe you will ask “ Why answer D is also correct when it seem s cont radict ory t o answer C?”
Yes, it is really cont radict ory! This is called t he “ Poison Reverse” rule:
The poison reverse rule overwrit es split horizon rule. For exam ple, if rout er R2 receives a rout e
poisoning of net work 192.168.1.0 from rout er R1 t hen rout er R2 will send an updat e back t o
rout er R1 ( which breaks t he split horizon rule) wit h t he sam e poisoned hop count of 16. This
ensures all t he rout ers in t he dom ain receive t he poisoned rout e updat e.
Not ice t hat t he “ Poison Reverse” doesn’t send erroneous inform at ion t o R1 but j ust only one
m essage t o m ake sure R1 is working correct ly.
For your inform at ion, answer B is not correct because if R2 and R3 get an updat e wit h a bet t er
m et ric t han t he originally recorded m et ric ( 1 for R2 and 2 for R3) wit hin t he holddown t im er
period, t he holddown t im er is rem oved and dat a can be sent t o t hat net work. I t m eans t hat now
R2 and R3 have a bet t er way t o reach R1.

http://www.9tut 237
For m ore inform at ion about RI P, please read m y RI P t ut orial.
Qu e st ion 6
Which of t he following describe t he process ident ifier t hat is used t o run OSPF on a rout er?
( Choose t wo.)
A. I t is locally significant .
B. I t is globally significant .
C. I t is needed t o ident ify a unique inst ance of an OSPF dat abase.
D. I t is an opt ional param et er required only if m ult iple OSPF processes are running on t he rout er.
E. All rout ers in t he sam e OSPF area m ust have t he sam e process I D if t hey are t o exchange
rout ing inform at ion.
An sw e r : A C
Ex pla na t ion
The process ident ifier used in OSPF is locally significant , which m eans it does not need t o be t he
sam e on ot her OSPF rout ers and is not passed bet ween rout ers - > A is correct .
Each process ident ifier is a unique inst ance of an OSPF dat abase. We can creat e m any process
ident ifiers as we want ( but ranges from 1 t o 65,535) but it is not recom m ended because t he
rout er needs m any resources t o m aint ain t hese OSPF dat abases - > C is correct .
Process ident ifier is a “ m ust ” param et er even if we only run only one OSPF process - > D is not
correct .
Rout ers in t he sam e OSPF area can have different process ident ifier ( process I D) because it is only
locally significant - > E is not correct .
Qu e st ion 7
Refer t o t he exhibit . The FMJ m anufact uring com pany is concerned about unaut horized access t o
t he Payroll Server. The Account ing1, CEO, Mgr1, and Mgr2 workst at ions should be t he only
com put ers wit h access t o t he Payroll Server. What t wo t echnologies should be im plem ent ed t o
help prevent unaut horized access t o t he server? ( Choose t wo)

A. access list s
B. encrypt ed rout er passwords
C. STP
D. VLANs
E. VTP
F. wireless LANs

An sw e r : A D

http://www.9tut 238
Ex pla na t ion
Access list s and VLANs can be used t o prevent unaut horized t o t he Payroll Server. By assigning
t he server t o a secure VLAN and using access list t o perm it only Account ing1, CEO, Mgr1, and
Mgr2 workst at ions t o access t hat VLAN, we can dram at ically enhance t he securit y of t he whole
net work.
We don’t need t o encrypt rout er password because it only helps prevent unaut horized access t o
t he rout er, not Payroll server - > B is not “ t ot ally” correct ^ ^ .
Qu e st ion 8
Which t wo st at em ent s are t rue about t he com m and ip rout e 172.16.3.0 255.255.255.0
192.168.2.4? ( Choose t wo.)
A. I t est ablishes a st at ic rout e t o t he 172.16.3.0 net work.
B. I t est ablishes a st at ic rout e t o t he 192.168.2.0 net work.
C. I t configures t he rout er t o send any t raffic for an unknown dest inat ion t o t he 172.16.3.0
net work.
D. I t configures t he rout er t o send any t raffic for an unknown dest inat ion out t he int erface wit h
t he address 192.168.2.4.
E. I t uses t he default adm inist rat ive dist ance.
F. I t is a rout e t hat would be used last if ot her rout es t o t he sam e dest inat ion exist .
An sw e r : A E
Ex pla na t ion
The command “ip route 172.16.3.0 255.255.255.0 192.168.2.4″ means that “if there is a packet
t o t he net work 172.16.3.0/ 24 t hen rout e it t o 192.168.2.4 first .
The synt ax of st at ic rout e is:
ip r ou t e < dest inat ion- net work- address> < subnet - m ask> < next - hop- I P- address | exit - int erface>
[ m et ric]
+ dest inat ion- net work- address: dest inat ion net work address of t he rem ot e net work
+ subnet m ask: subnet m ask of t he dest inat ion net work
+ next - hop- I P- address: t he I P address of t he receiving int erface on t he next - hop rout er
+ exit - int erface: t he local int erface of t his rout er where t he packet s will go out
+ m et ric: t he dist ance m et ric for t his rout e. I f not specified, it uses t he default adm inist rat ive
dist ance of 1
Qu e st ion 9
Which t hree st at em ent s are correct about RI P version 2? ( Choose t hree)
A. I t has t he sam e m axim um hop count as version 1.
B. I t uses broadcast s for it s rout ing updat es.
C. I t is a classless rout ing prot ocol.
D. I t has a lower default adm inist rat ive dist ance t han RI P version 1.
E. I t support s aut hent icat ion.
F. I t does not send t he subnet m ask in updat es.
An sw e r : A C E
Ex pla na t ion
A and E are correct according t o t he t heory of RI P.
RI P version 1 updat es are broadcast s, and RI P version 2 updat es are m ult icast t o 224.0.0.9 - > B
is not correct .
RI P v1 is a classful rout ing prot ocol but RI P v2 is a classless rout ing prot ocol - > C is correct .

http://www.9tut 239
RI Pv1 and RI Pv2 have t he sam e default adm inist rat ive dist ance of 120 - > D is not correct .
RI Pv2 is a classless rout ing prot ocol so it does send t he subnet m ask in updat es - > F is not
correct .
Qu e st ion 1 0
How should a rout er t hat is being used in a Fram e Relay net work be configured t o avoid split
horizon issues from prevent ing rout ing updat es?
A. Configure a separat e subint erface for each PVC wit h a unique DLCI and subnet assigned t o t he
subint erface.
B. Configure each Fram e Relay circuit as a point - t o- point line t o support m ult icast and broadcast
t raffic.
C. Configure m any subint erfaces on t he sam e subnet .
D. Configure a single subint erface t o est ablish m ult iple PVC connect ions t o m ult iple rem ot e rout er
int erfaces.
An sw e r : A
Ex pla na t ion
I n Fram e Relay, one rout er’s int erface is oft en connect ed t o m any ot her rout ers. According t o t he
split horizon rule, it is not allowed t o send and receive rout ing updat es on t he sam e int erfaces so
we need t o configure subint erface t o overcom e t his problem .
Qu e st ion 1 1
A net work adm inist rat or is configuring t he rout ers in t he graphic for OSPF. The OSPF process has
been st art ed and t he net works have been configured for Area 0 as shown in t he diagram . The
net work adm inist rat or has several opt ions for configuring Rout erB t o ensure t hat it will be
preferred as t he designat ed rout er ( DR) for t he 172.16.1.0 / 24 LAN segm ent . What configurat ion
t asks could be used t o est ablish t his preference? ( Choose t hree)

A. Configure t he priorit y value of t he Fa0/ 0 int erface of Rout erB t o a higher value t han any ot her
int erface on t he Et hernet net work.
B. Change t he rout er id of Rout er B by assigning t he I P address 172.16.1.130/ 24 t o t he Fa0/ 0
int erface of Rout erB.
C. Configure a loopback int erface on Rout erB wit h an I P address higher t han any I P address on
t he ot her rout ers.
D. Change t he priorit y value of t he Fa0/ 0 int erface of Rout erB t o zero.
E. Change t he priorit y values of t he Fa0/ 0 int erfaces of Rout erA and Rout erC t o zero.
F. No furt her configurat ion is necessary.

An sw e r : A C E

http://www.9tut 240
Ex pla na t ion
DR and BDR elect ion is done via t he Hello prot ocol. The rout er wit h t he highest OSPF priorit y on a
segm ent will becom e t he DR for t hat segm ent - > A is correct .
I n case of a t ie, t he rout er wit h t he highest Rout er I D will win. The Rout er I D ( RI D) is an I P
address used t o ident ify t he rout er and is chosen using t he following sequence:
+ The highest I P address assigned t o a loopback ( logical) int erface.
+ I f a loopback int erface is not defined, t he highest I P address of all act ive rout er’s physical
int erfaces will be chosen.
+ The rout er I D can be m anually assigned
I n t his case, t he rout er I D of Rout erB is 198.18.0.101 ( regardless t hat int erface does not run
OSPF) . So if we assign t he I P address 172.16.1.130/ 24 t o t he Fa0/ 0 int erface of Rout erB, t he
rout er I D of Rout erB is not changed and we can not guarant ee Rout erB will t ake DR role - > B is
not correct .
C is correct as m ent ioned above.
A priorit y value of zero indicat es an int erface will not be elect ed as DR or BDR. So:
+ I f we “ change t he priorit y value of t he Fa0/ 0 int erface of Rout erB t o zero” , Rout erB will never
be elect ed as DR - > D is not correct .
+ I f we “ change t he priorit y values of t he Fa0/ 0 int erfaces of Rout erA and Rout erC t o zero” ,
rout er A and Rout erC will not be elect ed as DR for t hat segm ent - > E is correct .
For answer F, if t here is no loopback int erface configured on Rout erA or Rout erC t hen F is correct
( as Rout erB has t he highest I P address on act ive physical int erface 198.18.0.101) but we are not
sure about t hat .

Part 3
Qu e st ion 1 :
Your com pany want s t o reconfigure a Cat alyst 2950. which act ions m ust be t aken t o erase t he old
configurat ion? ( Choose t hree)
A – Erase flash
B – Rest art t he swit ch
C – Delet e t he VLAN dat abase
D – Erase t he st art up configurat ion
An sw e r : B C D
Qu e st ion 2 :
I f t he subnet m ask is 255.255.255.224, which of t he following addresses can be assigned t o
net work host s? ( Choose t hree)
A – 15.234.118.63
B – 92.11.178.93
C – 134.178.18.56
D – 192.168.16.87
An sw e r : B C D
Ex pla na t ion :
The addresses can be assigned t o net work host s are t he addresses t hat sat isfy t hese condit ions:

http://www.9tut 241
+ They don’t belong t o net work addresses
+ They don’t belong t o broadcast addresses
The last oct et of t he subnet m ask is 224, which is 111 0 0000 in binary form , so t he increm ent is
32. This is t he value we need t o find out t he net work addresses and broadcast addresses when
using t he 255.255.255.224 subnet m ask.
Net work addresses: x.x.x.0, x.x.x.32,x.x.x.64,x.x.x.96,x.x.x.128,x.x.x.160,x.x.x.192,x.x.x.224
Broadcast addresses: x.x.x.31, x .x .x .6 3 , x.x.x.95, x.x.x.127, x.x.x.159, x.x.x.191, x.x.x.223
( Not ice we don’t care about t he first t hree oct et s because t he first t hree oct et s of t he subnet m ask
are all 255)
From t hat we learn 15.234.118.63 is one of t he broadcast addresses. Ot her answers are correct
because t hey are neit her net work addresses nor broadcast addresses.
Qu e st ion 3 :
An administrator issues the command “ping 127.0.0.1″ from the command line prompt on a PC
host nam ed PC1. I f an I CMP reply is received, what does t his confirm ?
A – The PC host PC1 has connect ivit y wit h a local host
B – The PC host PC1 has connect ivit y wit h a Layer 3 device
C – The PC host PC1 has a default gat eway correct ly configured
D – The PC host PC1 has connect ivit y up t o Layer 5 of t he OSI m odel
E – The PC host PC1 has t he TCP/ I P prot ocol st ack correct ly inst alled
An sw e r : E
Ex pla na t ion :
I f you are having problems with your network then issue the command “ping 127.0.0.1″ to prove
t he net work card and t he TCP/ I P soft ware is working correct ly. Address 127.0.0.1 is reserved for
t he t est loop back purpose.
Qu e st ion 4 :
St udy t he exhibit carefully, can you t ell which t hree descript ion are correct about t he ways used
by t he rout er R1 t o choose a pat h t o t he 10.1.3.0/ 24 net work when different rout ing prot ocols are
deployed? ( Choose t hree)

A – When RI Pv2 is t he rout ing prot ocol, only t he pat h R1- R4 is t o be inst alled int o t he rout ing
t able by default
B – When RI Pv2 is t he rout ing prot ocol, t he equal cost pat hs R1- R3- R4 and R1- R2- R4 are t o be
inst alled in t he rout ing t able

http://www.9tut 242
C – I f bot h EI GRP and OSPF are working on t he net work wit h t heir default configurat ions, t he
EI GRP pat hs will be inst alled in t he rout ing t able
D – By default , if EI GRP is t he rout ing prot ocol, t he equal cost pat hs R1- R3- R4 and R1- R2- R4 will
be inst alled in t he rout ing t able
An sw e r : A C D
Ex pla na t ion :
RI P is a dist ance vect or rout ing prot ocol and it uses hop count as t he m et ric for pat h select ion so
only t he pat h R1- R4 ( wit h only 2 hops) will be inst alled int o t he rout ing t able.
I f bot h EI GRP and OSPF are used, t he EI GRP pat hs will be inst alled in t he rout ing t able because
t he default adm inist rat ive dist ance of EI GRP is 90 while t hat of OSPF is 110. Therefore t hese
rout ers will choose EI GRP because it has lower adm inist rat ive dist ance value ( Not ice t hat a lower
value for t he adm inist rat ive dist ance indicat es t he m ore reliable rout e) .
Qu e st ion 5 :
Which t wo st at em ent s describe charact erist ics of I Pv6 unicast addressing? ( Choose t wo)
A. Global addresses st art wit h 2000: : / 3
B. Link- local addresses st art wit h FE00: / 12
C. Link- local addresses st art wit h FF00: : / 10
D. There is only one loopback address and it is : : 1
E. I f a global address is assigned t o an int erface, t hen t hat is t he only allowable address for t he
int erface.
An sw e r : A D
Ex pla na t ion :
Below is t he list of com m on kinds of I Pv6 addresses:

Loopba ck a ddr e ss ::1

Lin k - loca l a ddr e ss FE80: : / 10
Sit e - loca l a ddr e ss FEC0: : / 10
Globa l a ddr e ss 2000: : / 3
M u lt ica st a ddr e ss FF00: : / 8
From t he above t able, we learn t hat A and D are correct while B and C are incorrect . Not ice t hat
t he I Pv6 unicast loopback address is equivalent t o t he I Pv4 loopback address, 127.0.0.1. The I Pv6
loopback address is 0: 0: 0: 0: 0: 0: 0: 1, or : : 1.
E is not correct because of anycast addresses which are indist inguishable from norm al unicast
addresses. You can t hink of anycast addresses like t his: “ send it t o nearest one which have t his
address” . An anycast address can be assigned t o m any int erfaces and t he first int erface receives
t he packet dest ined for t his anycast address will proceed t he packet . A benefit of anycast
addressing is t he capabilit y t o share load t o m ult iple host s. An exam ple of t his benefit is if you are
a Television provider wit h m ult iple servers and you want your users t o use t he nearest server t o
t hem t hen you can use anycast addressing for your servers. When t he user init iat es a connect ion
t o t he anycast address, t he packet will be rout ed t o t he nearest server ( t he user does not have t o
specify which server t hey want t o use) .

http://www.9tut 243
CCNA – Troubleshoot ing
Qu e st ion 1 :
Refer t o t he exhibit . The net work adm inist rat or is in a cam pus building dist ant from Building B.
WANRout er is host ing a newly inst alled WAN link on int erface S0/ 0. The new link is not funct ioning
and t he adm inist rat or needs t o det erm ine if t he correct cable has been at t ached t o t he S0/ 0
int erface. How can t he adm inist rat or accurat ely verify t he correct cable t ype on S0/ 0 in t he m ost
efficient m anner?

A. Telnet t o WANRout er and execut e t he com m and show int erfaces S0/ 0
B. Telnet t o WANRout er and execut e t he com m and show processes S0/ 0
C. Telnet t o WANRout er and execut e t he com m and show running- configurat ion
D. Telnet t o WANRout er and execut e t he com m and show cont roller S0/ 0
E. Physically exam ine t he cable bet ween WANRout er S0/ 0 and t he DCE.
F. Est ablish a console session on WANRout er and execut e t he com m and show int erfaces S0/ 0
An sw e r : D
Ex pla na t ion :
The show con t r olle r com m and displays t he inform at ion about t he physical int erface it self and
t he t ype of serial cable plugged int o a serial port . I n t his case, it should be a DTE cable t hat plugs
int o a t ype of dat a service unit ( DSU) .
For your underst anding, below is t he out put of t his com m and:

From t he out put , we not ice t hat serial 0/ 0 has a DTE cable and would get it s clocking from t he
DSU.
Qu e st ion 2 :
Two rout ers nam ed At lant a and Brevard are connect ed by t heir serial int erfaces as shown in t he
exhibit , but t here is no dat a connect ivit y bet ween t hem . The At lant a rout er is known t o have a
correct configurat ion. Given t he part ial configurat ions shown in t he exhibit , what is t he problem on
t he Brevard rout er t hat is causing t he lack of connect ivit y?

http://www.9tut 244
A. A loopback is not set
B. The I P address is incorrect .
C. The subnet m ask is incorrect .
D. The serial line encapsulat ions are incom pat ible.
E. The m axim um t ransm ission unit ( MTU) size is t oo large.
F. The bandwidt h set t ing is incom pat ible wit h t he connect ed int erface.
An sw e r : B
Qu e st ion 3 :
Refer t o t he exhibit . The t wo exhibit ed devices are t he only Cisco devices on t he net work. The
serial net work bet ween t he t wo devices has a m ask of 255.255.255.252. Given t he out put t hat is
shown, what t hree st at em ent s are t rue of t hese devices? ( Choose t hree)

A. The Manchest er serial address is 10.1.1.1.

B. The Manchest er serial address is 10.1.1.2.
C. The London rout er is a Cisco 2610.
D. The Manchest er rout er is a Cisco 2610.
E. The CDP inform at ion was received on port Serial0/ 0 of t he Manchest er rout er.
F. The CDP inform at ion was sent by port Serial0/ 0 of t he London rout er.

An sw e r : A C E

http://www.9tut 245
Ex pla na t ion :
From t he out put , we learn t hat t he I P address of t he neighbor rout er is 10.1.1.2 and t he quest ion
st at ed t hat t he subnet m ask of t he net work bet ween t wo rout er is 255.255.255.252. Therefore
t here are only 2 available host s in t his net work ( 2 2 – 2 = 2) . So we can deduce t he ip address ( of
t he serial int erface) of Manchest er rout er is 10.1.1.1 - > A is correct
The flat form of t he neighbor rout er is cisco 2610, as shown in t he out put - > C is correct
Maybe t he m ost difficult choice of t his quest ion is t he answer E or F. Please not ice t hat “ I nt erface”
refers t o t he local port on t he local rout er, in t his case it is t he port of Manchest er rout er, and
“ Port I D ( out going port ) ” refers t o t he port on t he neighbor rout er - > E is correct .
Qu e st ion 4 :
A net work adm inist rat or has configured t wo swit ches, nam ed London and Madrid, t o use VTP.
However, t he swit ches are not sharing VTP m essages. Given t he com m and out put shown in t he
graphic, why are t hese swit ches not sharing VTP m essages?

A. The VTP version is not correct ly configured.

B. The VTP operat ing m ode is not correct ly configured.
C. The VTP dom ain nam e is not correct ly configured.
D. VTP pruning m ode is disabled.
E. VTP V2 m ode is disabled.
F. VTP t raps generat ion is disabled.
An sw e r : C
Ex pla na t ion
I n t he exhibit , t he Dom ain Nam es of 2 swit ches are m ism at ched ( one is “ London” and t he ot her is
“ Madrid” ) so t hese swit ches do not share VTP m essages - > The VTP dom ain nam e is not correct ly
configured. Not ice t hat t he Dom ain Nam es should be t he sam e on bot h swit ches t o share VTP
m essages.
Qu e st ion 5 :
The net work shown in t he diagram is experiencing connect ivit y problem s. Which of t he following
will correct t he problem s? ( Choose t wo.)

http://www.9tut 246
A. Configure t he gat eway on Host A as 10.1.1.1.
B. Configure t he gat eway on Host B as 10.1.2.254.
C. Configure t he I P address of Host A as 10.1.2.2.
D. Configure t he I P address of Host B as 10.1.2.2.
E. Configure t he m asks on bot h host s t o be 255.255.255.224.
F. Configure t he m asks on bot h host s t o be 255.255.255.240.

An sw e r : B D
Qu e st ion 6 :
Refer t o t he exhibit :

An sw e r s: A

http://www.9tut 247
Qu e st ion 7 :
Refer t o t he exhibit . Host s on t he sam e VLAN can com m unicat e wit h each ot her but are unable t o
com m unicat e wit h host s on different VLANs. What is needed t o allow com m unicat ion bet ween
VLANs?

A. a swit ch wit h a t runk link t hat is configured bet ween t he swit ches
B. a rout er wit h an I P address on t he physical int erface t hat is connect ed t o t he swit ch
C. a swit ch wit h an access link t hat is configured bet ween t he swit ches
D. a rout er wit h subint erfaces configured on t he physical int erface t hat is connect ed t o t he swit ch
An sw e r : D

Qu e st ion 8 :
The show int erfaces serial 0/ 0 com m and result ed in t he out put shown in t he graphic. What are
possible causes for t his int erface st at us? ( Choose t hree)

A. The int erface is shut down.

B. No keepalive m essages are received.
C. The clockrat e is not set .
D. No loopback address is set .
E. No cable is at t ached t o t he int erface.
F. There is a m ism at ch in t he encapsulat ion t ype.
An sw e r : B C F
Qu e st ion 9 :
While t roubleshoot ing a connect ivit y issue from a PC you obt ain t he following inform at ion:
Loca l PC I P a ddr e ss: 10.0.0.35/ 24
D e fa u lt Ga t e w a y: 10.0.0.1
Re m ot e Se ve r : 10.5.75.250/ 24
You t hen conduct t he following t est s from t he local PC:
Ping 127.0.0.1 – Successful
Ping 10.0.0.35 – Successful

http://www.9tut 248
Ping 10.0.0.1 – Unsuccessful
Ping 10.5.75.250 – Unsuccessful

What is t he underlying cause of t his problem ?

A. A rem ot e physical layer problem exist s.
B. The host NI C is not funct ioning.
C. TCP/ I P has not been correct ly inst alled on t he host .
D. A local physical layer problem exist s.
An sw e r : D
Part 2
Qu e st ion 1 :
A net work adm inist rat or is t roubleshoot ing t he OSPF configurat ion of rout ers R1 and R2. The
rout ers cannot est ablish an adj acency relat ionship on t heir com m on Et hernet link. The graphic
shows t he out put of t he show ip ospf int erface e0 com m and for rout ers R1 and R2. Based on t he
inform at ion in t he graphic, what is t he cause of t his problem ?

A. The OSPF area is not configured properly.

B. The priorit y on R1 should be set higher.
C. The cost on R1 should be set higher.
D. The hello and dead t im ers are not configured properly.
E. A backup designat ed rout er needs t o be added t o t he net work.
F. The OSPF process I D num bers m ust m at ch.

An sw e r : D

http://www.9tut 249
Qu e st ion 2 :
This graphic shows t he result s of an at t em pt t o open a Telnet connect ion t o rout er ACCESS1 from
rout er Rem ot e27. Which of t he following com m and sequences will correct t his problem ?

A. ACCESS1( config) # line console 0

ACCESS1( config- line) # password cisco
B. Rem ot e27( config) # line console 0
Rem ot e27( config- line) # login
Rem ot e27( config- line) # password cisco
C. ACCESS1( config) # line vt y 0 4
ACCESS1( config- line) # login
ACCESS1( config- line) # password cisco
D. Rem ot e27( config) # line vt y 0 4
Rem ot e27( config- line) # login
Rem ot e27( config- line) # password cisco
E. ACCESS1( config) # enable password cisco
F. Rem ot e27( config) # enable password cisco
An sw e r : C

Qu e st ion 3 :
Refer t o t he exhibit . A net work adm inist rat or at t em pt s t o ping Host 2 from Host 1 and receives t he
result s t hat are shown. What is a possible problem ?

A. The link bet ween Host 1 and Swit ch1 is down.

B. TCP/ I P is not funct ioning on Host 1
C. The link bet ween Rout er1 and Rout er2 is down.
D. The default gat eway on Host 1 is incorrect .
E. I nt erface Fa0/ 0 on Rout er1 is shut down.
F. The link bet ween Swit ch1 and Rout er1 is down.

An sw e r : C

http://www.9tut 250
Ex pla na t ion :
I n t his quest ion, Host 1 want s t o ping Host 2 but it receives a reply from t he int erface Fa0/ 0 of
Rout er1 ( 10.1.1.1/ 24) t hat t he “ dest inat ion host unreachable” .
I f t he link bet ween Host 1 and Swit ch1 is down or t he link bet ween Swit ch1 and Rout er1 is down
t hen Host 1 can not receive t his reply - > A and F are not correct .
Host 1 can receive a reply from 10.1.1.1 - > t he TCP/ I P is working properly - > B is not correct .
For answer D, if t he default gat eway was not configured correct ly on Host 1 ( in t his case t he
default gat eway should be 10.1.1.1/ 24) t hen 10.1.1.1 can not receive t he ping packet s from
Host 1 and can not reply for Host 1 t hat t he dest inat ion is unreachable - > D is not correct .
I nt erface Fa0/ 0 on Rout er1 replies for t he ping packet s from Host 1 so it is up - > E is not correct .
I f t he int erface Fa0/ 0 on Rout er is shut down t hen we will receive a m essage of “ Request t im ed
out ” , not “ Dest inat ion host unreachable” .
Answer C is correct because we can get a reply from t he int erface Fa0/ 0 of Rout er1 so t he link
bet ween Host 1 and Rout er1 should be fine - > t he problem lies at t he ot her side of Rout er1. But if
t he link bet ween Rout er2 and Host 2 is down t hen we will receive a reply from int erface S0/ 1 of
Rout er2 t hat t he “ dest inat ion host unreachable” . Therefore t he problem can j ust be t he link
bet ween Rout er1 and Rout er2.
Qu e st ion 4 :
Refer t o t he exhibit . Host s in net work 192.168.2.0 are unable t o reach host s in net work
192.168.3.0. Based on t he out put from Rout erA, what are t wo possible reasons for t he failure?
( Choose t wo)

A. The cable t hat is connect ed t o S0/ 0 on Rout erA is fault y.

B. I nt erface S0/ 0 on Rout erB is adm inist rat ively down.
C. I nt erface S0/ 0 on Rout erA is configured wit h an incorrect subnet m ask.
D. The I P address t hat is configured on S0/ 0 of Rout erB is not in t he correct subnet .
E. I nt erface S0/ 0 on Rout erA is not receiving a clock signal from t he CSU/ DSU.
F. The encapsulat ion t hat is configured on S0/ 0 of Rout erB does not m at ch t he encapsulat ion t hat
is configured on S0/ 0 of Rout erA.
An sw e r : E F

Qu e st ion 5 :
When upgrading t he I OS im age, t he net work adm inist rat or receives t he exhibit ed error m essage.
What could be t he cause of t his error?

http://www.9tut 251
A. The new I OS im age is t oo large for t he rout er flash m em ory.
B. The TFTP server is unreachable from t he rout er.
C. The new I OS im age is not correct for t his rout er plat form .
D. The I OS im age on t he TFTP server is corrupt .
E. There is not enough disk space on t he TFTP server for t he I OS im age.
An sw e r : B

CCNA – Wireless

I f you are not sure about Wireless, please read m y Wireless t ut orial and Basic Wireless
Term inologies
Wireless Tut orial
n t his art icle we will discuss about Wireless t echnologies m ent ioned in CCNA.
Wireless LAN ( WLAN) is very popular nowadays. Maybe you have ever used som e wireless
applicat ions on your lapt op or cellphone. Wireless LANs enable users t o com m unicat e wit hout t he
need of cable. Below is an exam ple of a sim ple WLAN:

Each WLAN net work needs a wireless Access Point ( AP) t o t ransm it and receive dat a from users.
Unlike a wired net work which operat es at full- duplex ( send and receive at t he sam e t im e) , a
wireless net work operat es at half- duplex so som et im es an AP is referred as a Wireless Hub.
The m aj or difference bet ween wired LAN and WLAN is WLAN t ransm it s dat a by radiat ing energy
waves, called radio waves, inst ead of t ransm it t ing elect rical signals over a cable.
Also, WLAN uses CSMA/ CA ( Carrier Sense Mult iple Access wit h Collision Avoidance) inst ead of
CSMA/ CD for m edia access. WLAN can’t use CSMA/ CD as a sending device can’t t ransm it and
receive dat a at t he sam e t im e. CSMA/ CA operat es as follows:
+ List en t o ensure t he m edia is free. I f it is free, set a random t im e before sending dat a
+ When t he random t im e has passed, list en again. I f t he m edia is free, send t he dat a. I f not , set
anot her random t im e again

http://www.9tut 252
+ Wait for an acknowledgm ent t hat dat a has been sent successfully
+ I f no acknowledgm ent is received, resend t he dat a
I EEE 8 0 2 .1 1 st a nda r ds:
Nowadays t here are t hree organizat ions influencing WLAN st andards. They are:
+ I TU- R: is responsible for allocat ion of t he RF bands
+ I EEE: specifies how RF is m odulat ed t o t ransfer dat a
+ Wi- Fi Alliance: im proves t he int eroperabilit y of wireless product s am ong vendors
But t he m ost popular t ype of wireless LAN t oday is based on t he I EEE 802.11 st andard, which is
known inform ally as Wi- Fi.
* 8 0 2 .1 1 a : operat es in t he 5.7 GHz I SM band. Maxim um t ransm ission speed is 54Mbps and
approxim at e wireless range is 25- 75 feet indoors.
* 8 0 2 .1 1 b: operat es in t he 2.4 GHz I SM band. Maxim um t ransm ission speed is 11Mbps and
approxim at e wireless range is 100- 200 feet indoors.
* 8 0 2 / 1 1 g: operat es in t he 2.4 GHz I SM band. Maxim um t ransm ission speed is 54Mbps and
approxim at e wireless range is 100- 200 feet indoors.
I SM Ba n d: The I SM ( I ndust rial, Scient ific and Medical) band, which is cont rolled by t he FCC in
t he US, generally requires licensing for various spect rum use. To accom m odat e wireless LAN’s,
t he FCC has set aside bandwidt h for unlicensed use including t he 2.4Ghz spect rum where m any
WLAN product s operat e.
W i- Fi: st ands for Wireless Fidelit y and is used t o define any of t he I EEE 802.11 wireless
st andards. The t erm Wi- Fi was creat ed by t he Wireless Et hernet Com pat ibilit y Alliance ( WECA) .
Product s cert ified as Wi- Fi com pliant are int eroperable wit h each ot her even if t hey are m ade by
different m anufact urers.
Access point s can support several or all of t he t hree m ost popular I EEE WLAN st andards including
802.11a, 802.11b and 802.11g.
W LAN M ode s:
WLAN has t wo basic m odes of operat ion:
* Ad- h oc m ode : I n t his m ode devices send dat a direct ly t o each ot her wit hout an AP.

* I n fr a st r u ct u r e m ode : Connect t o a wired LAN, support s t wo m odes ( service set s) :

+ Basic Service Set ( BSS) : uses only a single AP t o creat e a WLAN
+ Ext ended Service Set ( ESS) : uses m ore t han one AP t o creat e a WLAN, allows roam ing in a
larger area t han a single AP. Usually t here is an overlapped area bet ween t wo APs t o support
roam ing. The overlapped area should be m ore t han 10% ( from 10% t o 15% ) t o allow users
m oving bet ween t wo APs wit hout losing t heir connect ions ( called roam ing) . The t wo adj acent APs
should use non- overlapping channels t o avoid int erference. The m ost popular non- overlapping
channels are channels 1, 6 and 11 ( will be explained lat er) .

http://www.9tut 253
Roam ing: The abilit y t o use a wireless device and be able t o m ove from one access point ’s range
t o anot her wit hout losing t he connect ion.
When configuring ESS, each of t he APs should be configured wit h t he sam e Service Set I dent ifier
( SSI D) t o support roam ing funct ion. SSI D is t he unique nam e shared am ong all devices on t he
sam e wireless net work. I n public places, SSI D is set on t he AP and broadcast s t o all t he wireless
devices in range. SSI Ds are case sensit ive t ext st rings and have a m axim um lengt h of 32
charact ers. SSI D is also t he m inim um requirem ent for a WLAN t o operat e. I n m ost Linksys APs ( a
product of Cisco) , t he default SSI D is “ linksys” .
I n t he next part we will discuss about Wireless Encoding, popular Wireless Securit y St andard and
som e sources of wireless int erference.
Basic Term inologies
An t e n na
An ant enna is a device t o t ransm it and/ or receive elect rom agnet ic waves. Elect rom agnet ic waves
are oft en referred t o as radio waves. Most ant ennas are resonant devices, which operat e
efficient ly over a relat ively narrow frequency band. An ant enna m ust be t uned ( m at ched) t o t he
sam e frequency band as t he radio syst em t o which it is connect ed ot herwise recept ion and/ or
t ransm ission will be im paired.
Types of ant enna
There are 3 t ypes of ant ennas used wit h m obile wireless, om nidirect ional, dish and panel
ant ennas.
+ Om nidirect ional radiat e equally in all direct ions
+ Dishes are very direct ional
+ Panels are not as direct ional as Dishes.
D e cibe ls
Decibels ( dB) are t he accept ed m et hod of describing a gain or loss relat ionship in a
com m unicat ion syst em . I f a level is st at ed in decibels, t hen it is com paring a current signal level
t o a previous level or preset st andard level. The beaut y of dB is t hey m ay be added and
subt ract ed. A decibel relat ionship ( for power) is calculat ed using t he following form ula:

“ A” m ight be t he power applied t o t he connect or on an ant enna, t he input t erm inal of an am plifier
or one end of a t ransm ission line. “ B” m ight be t he power arriving at t he opposit e end of t he

http://www.9tut 254
t ransm ission line, t he am plifier out put or t he peak power in t he m ain lobe of radiat ed energy from
an ant enna. I f “ A” is larger t han “ B” , t he result will be a posit ive num ber or gain. I f “ A” is sm aller
t han “ B” , t he result will be a negat ive num ber or loss.
You will not ice t hat t he “ B” is capit alized in dB. This is because it refers t o t he last nam e of
Alexander Graham Bell.
Not e:
+ dBi is a m easure of t he increase in signal ( gain) by your ant enna com pared t o t he hypot het ical
isot ropic ant enna ( which uniform ly dist ribut es energy in all direct ions) - > I t is a rat io. The great er
t he dBi value, t he higher t he gain and t he m ore acut e t he angle of coverage.
+ dBm is a m easure of signal power. I t is t he t he power rat io in decibel ( dB) of t he m easured
power referenced t o one m illiwat t ( m W) . The “ m ” st ands for “ m illiwat t ” .
Ex a m ple :
At 1700 MHz, 1/ 4 of t he power applied t o one end of a coax cable arrives at t he ot her end. What
is t he cable loss in dB?
Solut ion :

= > Loss = 10 * ( - 0.602) = – 6.02 dB

From t he form ula above we can calculat e a t 3 dB t h e pow e r is r e du ce d by ha lf. Loss = 10 *
log ( 1/ 2) = - 3 dB; t his is an im port ant num ber t o rem em ber.
Be a m w idt h
The angle, in degrees, bet ween t he t wo half- power point s ( - 3 dB) of an ant enna beam , where
m ore t han 90% of t he energy is radiat ed.

OFD M
OFDM was proposed in t he lat e 1960s, and in 1970, US pat ent was issued. OFDM encodes a single
t ransm ission int o
m ult iple subcarriers. All t he slow subchannel are t hen m ult iplexed int o one fast com bined
channel.
The t rouble wit h t radit ional FDM is t hat t he guard bands wast e bandwidt h and t hus reduce
capacit y. OFDM select s channels t hat overlap but do not int erfere wit h each ot her.

http://www.9tut 255
OFDM works because t he frequencies of t he subcarriers are select ed so t hat at each subcarrier
frequency, all ot her subcarriers do not cont ribut e t o overall waveform .
I n t his exam ple, t hree subcarriers are overlapped but do not int erfere wit h each ot her. Not ice t hat
only t he peaks of each subcarrier carry dat a. At t he peak of each of t he subcarriers, t he ot her t wo
subcarriers have zero am plit ude.

Type s of ne t w or k in CCN A W ir e le ss
+ A LAN ( local area net work) is a dat a com m unicat ions net work t hat t ypically connect s personal
com put ers wit hin a very lim it ed geographical ( usually wit hin a single building) . LANs use a variet y
of wired and wireless t echnologies, st andards and prot ocols. School com put er labs and hom e
net works are exam ples of LANs.
+ A PAN ( personal area net work) is a t erm used t o refer t o t he int erconnect ion of personal digit al
devices wit hin a range of about 30 feet ( 10 m et ers) and wit hout t he use of wires or cables. For
exam ple, a PAN could be used t o wirelessly t ransm it dat a from a not ebook com put er t o a PDA or
port able print er.
+ A M AN ( m et ropolit an area net work) is a public high- speed net work capable of voice and dat a
t ransm ission wit hin a range of about 50 m iles ( 80 km ) . Exam ples of MANs t hat provide dat a
t ransport services include local I SPs, cable t elevision com panies, and local t elephone com panies.
+ A W AN ( wide area net work) covers a large geographical area and t ypically consist s of several
sm aller net works, which m ight use different com put er plat form s and net work t echnologies. The
I nt ernet is t he world’s largest WAN. Net works for nat ionwide banks and superst ore chains can be
classified as WANs.

http://www.9tut 256
Blu e t oot h
Bluet oot h wireless t echnology is a short - range com m unicat ions t echnology int ended t o replace t he
cables connect ing port able and/ or fixed devices while m aint aining high levels of securit y.
Connect ions bet ween Bluet oot h devices allow t hese devices t o com m unicat e wirelessly t hrough
short - range, ad hoc net works. Bluet oot h operat es in t he 2.4 GHz unlicensed I SM band.
Not e:
I n du st r ia l, scie n t ific a n d m e dica l ( I SM) band is a part of t he radio spect rum t hat can be used
by anybody wit hout a license in m ost count ries. I n t he U.S, t he 902- 928 MHz, 2.4 GHz and 5.7-
5.8 GHz bands were init ially used for m achines t hat em it t ed radio frequencies, such as RF
welders, indust rial heat ers and m icrowave ovens, but not for radio com m unicat ions. I n 1985, t he
FCC Rules opened up t he I SM bands for wireless LANs and m obile com m unicat ions. Nowadays,
num erous applicat ions use t his band, including cordless phones, wireless garage door openers,
wireless m icrophones, vehicle t racking, am at eur radio…
W iM AX
Worldwide I nt eroperabilit y for Microwave Access ( WiMax) is defined by t he WiMax forum and
st andardized by t he I EEE 802.16 suit e. The m ost current st andard is 802.16e.
Operat es in t wo separat e frequency bands, 2- 11 GHz and 10- 66 GHz
At t he higher frequencies, line of sight ( LOS) is required – point - t o- point links only
I n t he lower region, t he signals propagat e wit hout t he requirem ent for line of sight ( NLOS) t o
cust om ers
Ba sic Se r vice Se t ( BSS)
A group of st at ions t hat share an access point are said t o be part of one BSS.
Ex t e nde d Se r vice Se t ( ESS)
Som e WLANs are large enough t o require m ult iple access point s. A group of access point s
connect ed t o t he sam e WLAN are known as an ESS. Wit hin an ESS, a client can associat e wit h any
one of m any access point s t hat use t he sam e Ext ended service set ident ifier ( ESSI D) . That allows
users t o roam about an office wit hout losing wireless connect ion.
I EEE 8 0 2 .1 1 st a nda r d
A fam ily of st andards t hat defines t he physical layers ( PHY) and t he Media Access Cont rol ( MAC)
layer.
* I EEE 802.11a: 54 Mbps in t he 5.7 GHz I SM band
* I EEE 802.11b: 11 Mbps in t he 2.4 GHz I SM band
* I EEE 802.11g: 54 Mbps in t he 2.4 GHz I SM band

http://www.9tut 257
* I EEE 802.11i: securit y. The I EEE init iat ed t he 802.11i proj ect t o overcom e t he problem of WEP
( which has m any ﬂaws and it could be exploit ed easily)
* I EEE 802.11e: QoS
* I EEE 802.11f: I nt er Access Point Prot ocol ( I APP)
More inform at ion about 802.11i:
The new securit y st andard, 802.11i, which was rat ified in June 2004, fixes all WEP weaknesses. I t
is divided int o t hree m ain cat egories:
1. Te m por a r y Ke y I nt e gr it y Pr ot ocol ( TKI P) is a short - t erm solut ion t hat fixes all WEP
weaknesses. TKI P can be used wit h old 802.11 equipm ent ( aft er a driver/ firm ware upgrade) and
provides int egrit y and confident ialit y.
2. Cou n t e r M ode w it h CBC- M AC Pr ot ocol ( CCM P) [ RFC2610] is a new prot ocol, designed from
ground up. I t uses AES as it s crypt ographic algorit hm , and, since t his is m ore CPU int ensive t han
RC4 ( used in WEP and TKI P) , new 802.11 hardware m ay be required. Som e drivers can
im plem ent CCMP in soft ware. CCMP provides int egrit y and confident ialit y.
3. 8 0 2 .1 X Por t - Ba se d N e t w or k Acce ss Con t r ol: Eit her when using TKI P or CCMP, 802.1X is
used for aut hent icat ion.
Wireless Access Point s
There are t wo cat egories of Wireless Access Point s ( WAPs) :
* Aut onom ous WAPs
* Light weight WAPs ( LWAPs)
Au t on om ou s W APs operat e independent ly, and each cont ains it s own configurat ion file and
securit y policy. Aut onom ous WAPs suffer from scalabilit y issues in ent erprise environm ent s, as a
large num ber of independent WAPs can quickly becom e difficult t o m anage.
Ligh t w e igh t W APs ( LWAPs) are cent rally cont rolled using one or m ore Wireless LAN Cont rollers
( WLCs) , providing a m ore scalable solut ion t han Aut onom ous WAPs.
En cr ypt ion
Encrypt ion is t he process of changing dat a int o a form t hat can be read only by t he int ended
receiver. To decipher t he m essage, t he receiver of t he encrypt ed dat a m ust have t he proper
decrypt ion key ( password) .
TKI P
TKI P st ands for Tem poral Key I nt egrit y Prot ocol. I t is basically a pat ch for t he weakness found in
WEP. The problem wit h t he original WEP is t hat an at t acker could recover your key aft er
observing a relat ively sm all am ount of your t raffic. TKI P addresses t hat problem by aut om at ically
negot iat ing a new key every few m inut es — effect ively never giving an at t acker enough dat a t o
break a key. Bot h WEP and WPA- TKI P use t he RC4 st ream cipher.
TKI P Se ssion Ke y
* Different for every pair
* Different for every st at ion
* Generat ed for each session
* Derived from a “ seed” called t he passphrase
AES
AES st ands for Advanced Encrypt ion St andard and is a t ot ally separat e cipher syst em . I t is a 128-
bit , 192- bit , or 256- bit block cipher and is considered t he gold st andard of encrypt ion syst em s
t oday. AES t akes m ore com put ing power t o run so sm all devices like Nint endo DS don’t have it ,
but is t he m ost secure opt ion you can pick for your wireless net work.

http://www.9tut 258
EAP
Ext ensible Aut hent icat ion Prot ocol ( EAP) [ RFC 3748] is j ust t he t ransport prot ocol opt im ized for
aut hent icat ion, not t he aut hent icat ion m et hod it self:
” EAP is an aut hent icat ion fram ework which support s m ult iple aut hent icat ion m et hods. EAP
t ypically runs direct ly over dat a link layers such as Point - t o- Point Prot ocol ( PPP) or I EEE 802,
wit hout requiring I P. EAP provides it s own support for duplicat e elim inat ion and ret ransm ission,
but is reliant on lower layer ordering guarant ees. Fragm ent at ion is not support ed wit hin EAP it self;
however, individual EAP m et hods m ay support t his.” — RFC 3748, page 3
Som e of t he m ost - used EAP aut hent icat ion m echanism are list ed below:
* EAP- M D 5 : MD5- Challenge requires usernam e/ password, and is equivalent t o t he PPP CHAP
prot ocol [ RFC1994] . This m et hod does not provide dict ionary at t ack resist ance, m ut ual
aut hent icat ion, or key derivat ion, and has t herefore lit t le use in a wireless aut hent icat ion
envirom ent .
* Ligh t w e igh t EAP ( LEAP) : A usernam e/ password com binat ion is sent t o a Aut hent icat ion
Server ( RADI US) for aut hent icat ion. Leap is a propriet ary prot ocol developed by Cisco, and is not
considered secure. Cisco is phasing out LEAP in favor of PEAP.
* EAP- TLS: Creat es a TLS session wit hin EAP, bet ween t he Supplicant and t he Aut hent icat ion
Server. Bot h t he server and t he client ( s) need a valid ( x509) cert ificat e, and t herefore a PKI . This
m et hod provides aut hent icat ion bot h ways.
* EAP- TTLS: Set s up a encrypt ed TLS- t unnel for safe t ransport of aut hent icat ion dat a. Wit hin t he
TLS t unnel, ( any) ot her aut hent icat ion m et hods m ay be used. Developed by Funk Soft ware and
Meet inghouse, and is current ly an I ETF draft .
* EAP- FAST: Provides a way t o ensure t he sam e level of securit y as EAP- TLS, but wit hout t he
need t o m anage cert ificat es on t he client or server side. To achieve t his, t he sam e AAA server on
which t he aut hent icat ion will occur generat es t he client credent ial, called t he Prot ect ed Access
Credent ial ( PAC) .
* Pr ot e ct e d EAP ( PEAP) : Uses, as EAP- TTLS, an encrypt ed TLS- t unnel. Supplicant cert ificat es
for bot h EAP- TTLS and EAP- PEAP are opt ional, but server ( AS) cert ificat es are required. Developed
by Microsoft , Cisco, and RSA Securit y, and is current ly an I ETF draft .
* EAP- M SCH APv2 : Requires usernam e/ password, and is basically an EAP encapsulat ion of MS-
CHAP- v2 [ RFC2759] . Usually used inside of a PEAP- encrypt ed t unnel. Developed by Microsoft , and
is current ly an I ETF draft .
RAD I US
Rem ot e Aut hent icat ion Dial- I n User Service ( RADI US) is defined in [ RFC2865] ( wit h friends) , and
was prim arily used by I SPs who aut hent icat ed usernam e and password before t he user got
aut horized t o use t he I SP’s net work.
802.1X does not specify what kind of back- end aut hent icat ion server m ust be present , but
RADI US is t he “ de- fact o” back- end aut hent icat ion server used in 802.1X.
Roa m in g
Roam ing is t he m ovem ent of a client from one AP t o anot her while st ill t ransm it t ing. Roam ing can
be done across different m obilit y groups, but m ust rem ain inside t he sam e m obilit y dom ain. There
are 2 t ypes of roam ing:
A client roam ing from AP1 t o AP2. These t wo APs are in t he sam e m obilit y group and m obilit y
dom ain

http://www.9tut 259
Roam ing in t he sam e Mobilit y Group
A client roam ing from AP1 t o AP2. These t wo APs are in different m obilit y groups but in t he sam e
m obilit y dom ain

Roam ing in different Mobilit y Groups ( but st ill in t he sam e Mobilit y Dom ain)
Qu e st ion 1
Which addit ional configurat ion st ep is necessary in order t o connect t o an access point t hat has
SSI D broadcast ing disabled?
A. Set t he SSI D value in t he client soft ware t o public.
B. Configure open aut hent icat ion on t he AP and t he client .
C. Set t he SSI D value on t he client t o t he SSI D configured on t he AP.
D. Configure MAC address filt ering t o perm it t he client t o connect t o t he AP.
An sw e r : C
Qu e st ion 2
What is one reason t hat WPA encrypt ion is preferred over WEP?
A. A WPA key is longer and requires m ore special charact ers t han t he WEP key.
B. The access point and t he client are m anually configured wit h different WPA key values.
C. WPA key values rem ain t he sam e unt il t he client configurat ion is changed.
D. The values of WPA keys can change dynam ically while t he syst em is used.
An sw e r : D

http://www.9tut 260
Qu e st ion 3
Which t wo devices can int erfere wit h t he operat ion of a wireless net work because t hey operat e on
sim ilar frequencies? ( Choose t wo)
A. copier
B. m icrowave oven
C. t oast er
D. cordless phone
E. I P phone
F. AM radio
An sw e r : B D
Qu e st ion 4
A single 802.11 g access point has been configured and inst alled in t he cent er of a square office. A
few wireless users are experiencing slow perform ance and drops while m ost users are operat ing at
peak efficiency. What are t hree likely causes of t his problem ? ( Choose t hree)
A. m ism at ched TKI P encrypt ion
B. null SSI D
C. cordless phones
D.m ism at ched SSI D
E. m et al file cabinet s
F. ant enna t ype or direct ion
An sw e r : C E F
Qu e st ion 5
Refer t o t he exhibit . What t wo fact s can be det erm ined from t he WLAN diagram ? ( Choose t wo)

A. The area of overlap of t he t wo cells represent s a basic service set ( BSS) .

B. The net work diagram represent s an ext ended service set ( ESS) .
C. Access point s in each cell m ust be configured t o use channel 1.
D. The area of overlap m ust be less t han 10% of t he area t o ensure connect ivit y.
E. The t wo APs should be configured t o operat e on different channels.

An sw e r : B E

http://www.9tut 261
Ex pla na t ion
A group of access point s connect ed t o t he sam e WLAN are known as an Ext ended Service Set
( ESS) . Wit hin an ESS, a client can associat e wit h any one of m any access point s t hat use t he
sam e Ext ended service set ident ifier ( ESSI D) . I t allows users t o roam about an office wit hout
losing wireless connect ion - > B is correct .
Two APs operat ing near each ot her should be configured on different channels t o avoid
int erference. There are fourt een channels defined in t he I EEE 802.11b channel set . Each channel
is 22MHz wide but t here is only 5MHz channel separat ion so t he channels are overlapped.
Channels 1, 6 and 11 are m ost com m only used because t hey do not overlap as shown below:

So if we configure an AP wit h channel 1 t hen we should set it s nearest AP t o channel 6 or 11 t o

m ake sure t heir channels are not overlapped.
Qu e st ion 6
What are t hree basic param et ers t o configure on a wireless access point ? ( Choose t hree)
A. SSI D
B. RTS/ CTS
C. AES- CCMP
D. TKI P/ MI C
E. RF channel
F. aut hent icat ion m et hod
An sw e r : A E F
Qu e st ion 7
What speeds m ust be disabled in a m ixed 802.11 b/ g WLAN t o allow only 802.11 g client s t o
connect ?
A. 6,9,12,18
B. 1,2,5.5,6
C. 5.5,6,9,11
D. 1,2,5.5,11
An sw e r : D
Ex pla na t ion
The dat a rat es of 802.11b are 1, 2, 5.5 and 11 Mbps using Direct Sequence Spread Spect rum
( DSSS) while t he dat a rat es of 802.11g are 1, 2, 5.5, 11 Mbps using DSSS and 6, 9, 12, 18, 24,
36, 48, 54 Mbps using OFDM. So if we only want t o allow 802.11g client s, j ust disable 1, 2, 5.5
and 11 Mbps speed.
Qu e st ion 8
What is t he m axim um dat a rat e specified for I EEE 802.11b WLANs?
A. 10 Mbps
B. 11 Mbps

http://www.9tut 262
C. 54 Mbps
D. 100 Mbps
An sw e r : B
Qu e st ion 9
A wireless client cannot connect t o an 802.11 b/ g BSS wit h a b/ g wireless card. The client sect ion
of t he access point does not list any act ive WLAN client s. What is a possible reason for t his?
A. The incorrect channel is configured on t he client .
B. The client ’s I P address is on t he wrong subnet .
C. The client has an incorrect pre- shared key.
D. The SSI D is configured incorrect ly on t he client .
An sw e r : D
Qu e st ion 1 0
Which t wo feat ures did WPAv1 add t o address t he inherent weaknesses found in WEP? ( Choose
t wo)
A. a st ronger encrypt ion algorit hm
B. key m ixing using t em poral keys
C. shared key aut hent icat ion
D. a short er init ializat ion vect or
E. per fram e sequence count ers
An sw e r : B E
Qu e st ion 1 1
What is t he m axim um dat a rat e specified for I EEE 802.11b WLANs?
A. 10Mbps
B. 11Mbps
C. 54Mbps
D. 100Mbps
An sw e r : B
Ex pla na t ion
Popular wireless st andards are list ed below:
* I EEE 802.11a: 54 Mbps in t he 5.7 GHz I SM band
* I EEE 802.11b: 11 Mbps in t he 2.4 GHz I SM band
* I EEE 802.11g: 54 Mbps in t he 2.4 GHz I SM band
Qu e st ion 1 2
You have finished physically inst alling an access point on t he ceiling at your office. At a m inim um ,
which param et er m ust be configured on t he access point in order t o allow a wireless client t o
operat e on it ?
A. AES
B. PSK
C. SSI D
D. TKI P
E. WEP
An sw e r : C

http://www.9tut 263

Basic Questions: Answer
No ratings yet
Basic Questions: Answer
137 pages
Data Analytics Course
No ratings yet
Data Analytics Course
19 pages
CS610 Exam
No ratings yet
CS610 Exam
739 pages
CCNAquestions Dec 2017
No ratings yet
CCNAquestions Dec 2017
200 pages
Tanvis Sales Tracker
No ratings yet
Tanvis Sales Tracker
8 pages
Essential of Networking
No ratings yet
Essential of Networking
31 pages
Ccna Dumb
No ratings yet
Ccna Dumb
316 pages
CCNA Dumbs Part 1
100% (1)
CCNA Dumbs Part 1
90 pages
CCNA - Basic Questions
No ratings yet
CCNA - Basic Questions
223 pages
CS610 Solved Grand Quiz Spring 2021
No ratings yet
CS610 Solved Grand Quiz Spring 2021
27 pages
QUESTIONS
No ratings yet
QUESTIONS
19 pages
Assignment: SUBMITTED FROM: Yousra Nur Obaid ID:19204025 Submitted To: Md. Hasanuzaman
No ratings yet
Assignment: SUBMITTED FROM: Yousra Nur Obaid ID:19204025 Submitted To: Md. Hasanuzaman
17 pages
Trắc nghiệm CCNA - Chương 1 Tổng quan
No ratings yet
Trắc nghiệm CCNA - Chương 1 Tổng quan
8 pages
Midsem Questions and Answers - Adv. Networking
No ratings yet
Midsem Questions and Answers - Adv. Networking
15 pages
Ccna All Interview Q & A
No ratings yet
Ccna All Interview Q & A
24 pages
Chapter 1 Ccna
No ratings yet
Chapter 1 Ccna
42 pages
CS610 GrandQuiz of 610
No ratings yet
CS610 GrandQuiz of 610
32 pages
100-490 Cisco Certified Technician Routing & Switching (RSTECH) Dump
No ratings yet
100-490 Cisco Certified Technician Routing & Switching (RSTECH) Dump
17 pages
Basic Switching Course 1
No ratings yet
Basic Switching Course 1
18 pages
Lec4 3
No ratings yet
Lec4 3
3 pages
Cisco Data Analysis Course Week
No ratings yet
Cisco Data Analysis Course Week
5 pages
Ccna 1
No ratings yet
Ccna 1
16 pages
Fundamentals of Lans: "Do I Know This Already?" Quiz
No ratings yet
Fundamentals of Lans: "Do I Know This Already?" Quiz
4 pages
CCNAquestions Jun 2017 Bora
No ratings yet
CCNAquestions Jun 2017 Bora
152 pages
Ethernet Networks: 1: CSMA/CD Operations
No ratings yet
Ethernet Networks: 1: CSMA/CD Operations
4 pages
Cisco Actualtests 100-101 v2014-09-20 by CODY 122q
No ratings yet
Cisco Actualtests 100-101 v2014-09-20 by CODY 122q
44 pages
Certification Reviewer
No ratings yet
Certification Reviewer
26 pages
Ch3 Ethernet Basic
No ratings yet
Ch3 Ethernet Basic
5 pages
How Can It Be
No ratings yet
How Can It Be
5 pages
CSET2200 Lab 2
No ratings yet
CSET2200 Lab 2
3 pages
Chapter 10: Local Area Networks: Multiple Choice
No ratings yet
Chapter 10: Local Area Networks: Multiple Choice
7 pages
Unit 2
No ratings yet
Unit 2
53 pages
NW & DBMS Www-Matterhere-Com NRR
No ratings yet
NW & DBMS Www-Matterhere-Com NRR
56 pages
CNSL - Important Viva Questions (Answers)
No ratings yet
CNSL - Important Viva Questions (Answers)
16 pages
Basic Questions Premium Member: You Can Test Your Knowledge With These Questions First Via This
No ratings yet
Basic Questions Premium Member: You Can Test Your Knowledge With These Questions First Via This
38 pages
Product
No ratings yet
Product
4 pages
CCNA 1 v6 Chapter 4
No ratings yet
CCNA 1 v6 Chapter 4
8 pages
Fudamentos de Redes Final Exam
No ratings yet
Fudamentos de Redes Final Exam
11 pages
Cpe 511 Solution
No ratings yet
Cpe 511 Solution
5 pages
CCNA 1 v51 v60 Chapter 4 Exam Answers 2017 100 Full
No ratings yet
CCNA 1 v51 v60 Chapter 4 Exam Answers 2017 100 Full
11 pages
CCNA 640-802: Chapter 1: Internetworking
No ratings yet
CCNA 640-802: Chapter 1: Internetworking
42 pages
CCNAquestions Mar 2018
No ratings yet
CCNAquestions Mar 2018
218 pages
Computer Network QB
No ratings yet
Computer Network QB
17 pages
Ccent Study
No ratings yet
Ccent Study
1 page
ccna 1 Chapter 4 v5 0 Answers
No ratings yet
ccna 1 Chapter 4 v5 0 Answers
5 pages
Q# 01 Introduction To Network Devices
No ratings yet
Q# 01 Introduction To Network Devices
17 pages
Kumar
No ratings yet
Kumar
1 page
Sheet 1
No ratings yet
Sheet 1
11 pages
CCNA LITE POOL Students APR 03 2019 Final
No ratings yet
CCNA LITE POOL Students APR 03 2019 Final
86 pages
CCNA Basic Questions
100% (1)
CCNA Basic Questions
8 pages
Key To Correction: PART I. Multiple Choice Questions: Encircle Your Chosen Answers
No ratings yet
Key To Correction: PART I. Multiple Choice Questions: Encircle Your Chosen Answers
9 pages
Vendor: Cisco Exam Code: 200-125: CCNA (v3.0)
No ratings yet
Vendor: Cisco Exam Code: 200-125: CCNA (v3.0)
14 pages
CCNA 1 Module 8 Exam Solutions
No ratings yet
CCNA 1 Module 8 Exam Solutions
68 pages
Ce3160 Midterm
No ratings yet
Ce3160 Midterm
10 pages
CCNA Basic Questions
No ratings yet
CCNA Basic Questions
11 pages
Chapter 1 Ccna
No ratings yet
Chapter 1 Ccna
42 pages
Cisco 640-802: Lead Your Way To Certificates!
No ratings yet
Cisco 640-802: Lead Your Way To Certificates!
12 pages
CCNA 1 Exam Answers 3.1 A
No ratings yet
CCNA 1 Exam Answers 3.1 A
9 pages
Cisco 640-802: Lead Your Way To Certificates!
No ratings yet
Cisco 640-802: Lead Your Way To Certificates!
12 pages
Cisco 640-802: Lead Your Way To Certificates!
No ratings yet
Cisco 640-802: Lead Your Way To Certificates!
12 pages
Cisco 640-802: Lead Your Way To Certificates!
No ratings yet
Cisco 640-802: Lead Your Way To Certificates!
12 pages
Ccna Test
No ratings yet
Ccna Test
30 pages
CCNA Exploration 1 Module 9 Exam Answers Version 40
No ratings yet
CCNA Exploration 1 Module 9 Exam Answers Version 40
4 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.