Chapter 1 – Understanding Networks and their Building Blocks
- 1-1 Introduction to Networks
- 1-2 Networking Types
- 1-3 OSI Reference Model
- 1-4 TCP/IP Model
- 1-5 Ethernet Technologies and Cabling
- 1-6 Cisco 3 Layer Model
- 1-7 Introduction to Wide-Area Networks
- 1-8 Summary

Chapter 2 – IP Addressing and Subnets
- 2-1 IP Addresses – Composition, Types and Classes
- 2-2 Private and Public IP addresses
- 2-3 Subnetting
- 2-4 Variable Length Subnet Masks (VLSM)
- 2-5 Route Summarization
- 2-6 Troubleshooting IP Addressing

Chapter 3 Introduction to Cisco Routers, Switches and IOS
- 3-1 Introduction to Cisco Routers, Switches, IOS & the Boot Process
- 3-2 Using the Command-Line Interface (CLI)
- 3-3 Basic Configuration of Router and Switches
- 3-4 Configuring Router Interfaces
- 3-5 Gathering Information and Verifying Configuration
- 3-6 Configuring DNS & DHCP
- 3-7 Saving, Erasing, Restoring and Backing up Configuration & IOS File
- 3-8 Password Recovery on a Cisco Router
- 3-9 Cisco Discovery Protocol (CDP)
- 3-10 Using Telnet on IOS
- 3-11 CCNA Lab #1

Chapter 4 Introduction to IP Routing

Chapter 5 Introduction to OSPF
- 5-1 Open Shortest Path First (OSPF)
- 5-2 Configuring OSPF
- 5-3 Lab OSPF

Chapter 6 Switching and Spanning Tree Protocol
- 6-1 Understanding Switching and Switches
- 6-2 Initial Configuration of a Catalyst Switch
- 6-3 Spanning Tree Protocol (STP)
- 6-4 Cisco’s additions to STP (Portfast, BPDUGuard, BPDUFilter, UplinkFast, BackboneFast)
- 6-5 Rapid Spanning Tree Protocol (RSTP) – 802.1w
- 6-6 Per-VLAN Spanning Tree Plus (PVST+) and Per-VLAN RSTP (Rapid-PVST)
- 6-7 EtherChannel
- 6-8 Lab 6-1 – Port Security
- 6-9 Lab 6-2 – STP

Chapter 7 VLANs and VTP
- 7-1 MAC Address Table
- 7-2 Virtual LANs (VLANs)
- 7-3 Types of Switch Ports
- 7-4 VLAN Trunking: ISL and 802.1Q
- 7-5 VLAN Trunking Protocol (VTP)
- 7-6 Inter-VLAN Routing
- 7-7 VLAN Configuration
- 7-8 Inter-VLAN Routing Configuration
- 7-9 VTP Troubleshooting

Chapter 8 – Access Lists
- 8-1 Introduction to Access Lists
- 8-2 Standard Access Lists
- 8-3 Extended Access Lists
- 8-4 Access Lists -Remote Access, Switch Port, Modifying & Helpful Hints
- 8-5 Cisco Configuration Professional Initial Setup and Access List Lab

Chapter 9 – Network Address Translation (NAT)
- 9-1 Introduction to NAT
- 9-2 Static NAT Configuration & Verification
- 9-3 Dynamic NAT Configuration
- 9-4 NAT Overloading aka Port Address Translation (PAT)
- 9-5 NAT Troubleshooting
- 9-6 NAT Configuration with Cisco Configuration Professional

Chapter 10 – IPv6 – Coming Soon!

1-1 Introduction to Networks

Before you learn Cisco Internet working, it is important to understand what a network is and the importance of networks themselves. Simply put, a network is a collection of interconnected devices (such as computers, printers, etc.). To understand the importance of networks, let us look at how things worked before networks were created. For this, consider a large multinational company that sells food products in a time when networks did not exist.

Let us call this company ABC Inc. Imagine the amount of information such as sales, inventory, etc. required by the management of the company to make everyday decisions. To get this information they will need to call their local offices. Their local offices will need to mail (postal!) or fax printed reports or even send media (floppies!) though the postal service. By the time the mail is received, the data is already days old. Even if reports are faxed, it will be a cumbersome task to consolidate all reports. This task also increases chance of human error since large numbers of reports are manually collated. This is just one part of the equation. You also need to consider the information required by the local offices. They also need various data from the head office and other offices around the world.

Now consider the same company, but in the present time with all their offices interconnected. They would use a single application around the world that takes advantage of their global network. The data from all offices would be instantly stored at the central location and with a single click, the management team can see data from around the world in any format they like. This data would also be real-time. This means that they see it as its happening. Since the data is centralized, any office location can see data pertaining to any location.

As you can see, the cost, time and effort involved in transferring data was much higher without networks. So networks decrease cost, time, and effort and thereby increase productivity. They also help in resource optimization by helping to share resources. A simple example of resource sharing is a printer in a typical office. Without networks, each computer would require a dedicated printer. However with a network, the printer can be shared between many different computers.

Now that you know how beneficial networks are, its time to look at how networks work. Figure 1-1 shows the most basic form of a network. This figure shows two hosts (end-user devices such as computers are commonly called hosts in networking terms) directly connected to each other using a networking cable. Today every host has a Network Interface Card (NIC) that is used to connect it to a network.

Figure 1-1 Most basic form of Network

One end of the network cable connects to the NIC on a host and the other connects to the network. In this case, the cable directly connects to another host. At this stage do not worry about network cables and how the hosts communicate across the network. This will be covered in detail later in the chapter. At this stage it is important to understand how hosts connect to a network.

In Figure 1-1, the hosts are “networked” and can share information. This network is effective, but not scalable. If you have more than 2 hosts to this “network”, it will not work without a separate NIC card for each connection and that is not scalable or realistic. For more than 2 hosts to be networked, you require a network device such as a hub. Figure 1-2 shows three hosts connected to a hub.

Figure 1-2 Network with a Hub

A hub is a network device that repeats information received from a host to all other connects hosts. In Figure 1-2 the hub will relay any information received from HostA to HostB and HostC. This means that all the three hosts can communicate with each other. Communication between hosts can be classified into three types:

Unicast – Communication from one host to another host only.
Broadcast – Communication from one host to all the hosts in the network.
Multicast – Communication from one host to few hosts only.

When a hub is used to network hosts, there are two problems that arise:

A hub repeats information received from one host to all the other hosts. To understand this, consider HostA in Figure 1-2 sending a unicast message to HostB. When the hub receives this message; it will relay the message to both HostB and HostC. Even though the message was a unicast intended only for HostB, HostC also receives it. It is up to HostC to read the message and discard it after seeing that the message was not intended for it.
A hub creates a shared network medium where only a single host can send packets at a time. If another host attempts to send packets at the same time, a collision will occur. Then each device will need to resend their packets and hope not to have a collision again. This shared network medium is called a single collision domain. Imagine the impact of having a single collision domain where 50 or 100 hosts are connected to hubs that are interconnected and they are all trying to send data. That is just a recipe for many collisions and an inefficient network.

The problems associated with hubs can cause severe degradation of a network. To overcome these, switches are used instead of hubs. Like hubs, switches are used to connect hosts in a network but switches break up collision domain by providing a single collision domain for every port. This means that every host (one host connects to one port on the switch) gets its own collision domain thereby eliminating the collisions in the network. With switches, each host can transmit data anytime. Switches simply “switch” the data from one port to another in the switched network. Also, unlike hubs, switches do not flood every packet out all ports. They switch a unicast packet to the port where the destination host resides. They only flood out a broadcast packet. Figure 1-3 shows a switched network.

Figure 1-3 A switched network

Remember that each host in Figure 1-3 is in its own collision domain and if HostA sends a packet to HostC, HostB will not receive it.

Figure 1-4 and 1-5 show two networks. See if you can figure out how many collision domains exist in them.

Figure 1-4 Collision Domains – 1

Figure 1-5 Collision Domains – 2

If you answered 5 for Figure 1-4, then you are absolutely correct since each port of the Switches represent a single collision domain. If you answered more than 5 then you need to remember that a hub does not break collision domains. Similarly, Figure 1-5 has 7 collision domains.

Now that you know how a switch works and improves a network, consider the one problem associated with a switched network. Earlier, you learned that hubs flood out all packets, even the unicast ones. A switch does not flood out unicast packets but it does flood out a broadcast packet. All hosts connected to a switched network are said to be in the same broadcast domain. All hosts connected to it will receive any broadcast sent out in this domain. While broadcasts are useful and essential for network operations, in a large switched network too many broadcasts will slow down the network. To remedy this situation, networks are broken into smaller sizes and these separate networks are interconnected using routers. Routers do not allow broadcasts to be transmitted across different networks it interconnects and hence effectively breaks up a broadcast domain. Figure 1-6 shows three switched networks interconnected by a router.

Figure 1-6 Router in an Internetwork

In the network shown in Figure 1-6, broadcasts from hosts connected to Switch1 will not reach hosts connected to Switch2 or Switch3. This is because the router will drop the broadcast on its receiving interface.

In addition to breaking up broadcast domains, routers also perform the following four essential functions in your network:

Packet Switching – At the barest minimum, routers are like switches because they essentially switch packets between networks.
Communication between Networks – As shown in Figure 1-6, routers allow communication between networks connected to it.
Path Selection – Routers can talk to each other to learn about all the networks connected to various routers and then select the best path to reach a network. This is function is discussed in detail later in the book.
Packet Filtering – Routers can drop or forward packets based on certain criteria like their source and destination. This is also discussed in detail later in the book.

Exam Alert: Remember that switches break collision domains and routers break broadcast domains. In addition to that it is important to remember the functions of a router for your CCNA certification exam.

Now that you know what a network is and what various network devices do, its time to learn about various network types followed by networking models.

1-2 Networking Types

As you know a network is a collection of devices connected together. Networks are further classified into various types depending on their size, expanse, security, purpose and many other parameters. While covering all these classifications is beyond the scope of the CCNA exam, there are two important network classifications that you need to know about for the exam. In fact a large part of the CCNA exam revolves around these two types of networks:

Local Area Network (LAN) – This is a term used to describe a network covering a limited geographical area such as a floor, building or a campus. LAN usually has a high data-transfer rate. The Ethernet standard is the most commonly used technology in LANs. Ethernet is so common that it is almost synonymous with LAN today. As of late, wireless technology is also becoming increasingly common for a local LAN. Both these standards are covered in depth further in the book.
Wide Area Network (WAN) – This is a term used to describe a network covering a large geographical area such as a multiple cities, a country or even across the world. They are used to connect LANs across the area they cover. A typical example would be the LANs at various offices of a company connected by WAN. Various technology standards used in WAN will be covered later in the book.

Internetworking Models

As the importance of computers grew, vendors recognized the need for networking them. They created various protocols whose specifications were not made public. Hence each vendor had different ways of networking computers and these ways were not compatible to each other. This means that computers of one vendor could not be networked with another vendor’s computers. Slowly these specifications were made public and some inter-vendor compatibility was created but this still represented too many complications. In 1977 the International Organization for Standardization (ISO) started working on an open standard networking model that all vendors would support to promote inter-operability. This standard was published in 1984 and was known as the Open Systems Interconnection (OSI). During the same time period (1973 to 1985) another effort by the Defense Advanced Research Projects Agency (DAPRA) was underway to create an open standard network model. This network model came to be known as the TCP/IP Model. By 1985, the TCP/IP model started gaining more prominence and support from vendors and eventually replaced the OSI model.

This section starts by discussing the OSI Reference model in some depth before moving into a deep discussion on the TCP/IP model and its protocols.

1-3 OSI Reference Model

As discussed earlier, the OSI model was created to promote communication between devices of various vendors. It also promotes communication between disparate hosts such as hosts using different operating platforms (Windows, OSX, Linux, etc.). Remember that you are very unlikely to ever work on a system that uses protocols conforming to the OSI reference model. But it is essentially to know the model and its terminology because other models such as the TCP/IP model are often compared to the OSI reference model. Hence the discussion on this model will be limited compared to the discussion on the TCP/IP model.

The OSI reference model, like most other network models, divides the functions, protocols, and devices of a network into various layers. The layered approach provides many benefits, some of which are:

Communication is divided into smaller and simpler components. This makes designing, developing and troubleshooting easier.
Since it is a layered approach, the vendors write to a common input and output specification per layer. The guts of their products functions in between the input and output code of that layer.
Changes in one layer do not affect other layers. Hence development in one layer is not bound by limitations of other layers. For example, wireless technologies are new but old applications run seamless over them without any changes.
It is easier to standardize functions when they are divided into smaller parts like this.
It allows various types of hardware and software, both new and old to communicate with each other seamlessly.

The OSI reference model has seven such layers that can be divided into two groups. The upper layers (Layers 7, 6 and 5) define how applications interact with the host interface, with each other, and the user. The lower four layers (Layers 4, 3, 2 and 1) define how data is transmitted between hosts in a network. Figure 1-7 shows the seven layers and a summary of their functions.

Figure 1-7 Seven Layers of OSI Reference Model

he sections below discuss each layer in detail.

Application Layer

The Application Layer provides the interface between the software application on a system and the network. Remember that this layer does not include the application itself, but provides services that an application requires. One of the easiest ways to understand this layer’s function is to look at how a Web Browser such as Internet Explorer or Firefox works. IE or FF is the application. When it needs to fetch a webpage, it uses the HTTP protocol to send the request and receive the page contents. This protocol resides at the application layer and can be used by an application such as IE or FF to get webpages from web servers across the network. On the other side, the web server application such as Apache or IIS interacts with the HTTP protocol on the Application layer to receive the HTTP request and send the response back.

Presentation Layer

As the name suggest, this layer presents data to the Application layer. The Presentation Layer is responsible for data translation and encoding. It will take the data from the Application layer and translate it into a generic format for transfer across the network. At the receiving end the Presentation layer takes in generically formatted data and translates into the format recognized by the Application layer. An example of this is an EBCDIC to ASCII translation. The OSI model has protocol standards that define how data should be formatted. This layer is also involved in data compression, decompression, encryption, and decryption.

Session Layer

In a host, different applications or even different instances of the same application might request data from across the network. It is the Sessions layer’s responsibility to keep the data from each session separate. It is responsible for setting up, managing and tearing down sessions. It also provides dialog control and coordinates communication between the systems.

Transport Layer

Where the upper layers are related to applications and data within the host, the transport layer is concerned with the actual end-to-end transfer of the data across the network. This layer establishes a logical connection between the two communicating hosts and provides reliable or unreliable data delivery and can provide flow control and error recovery. Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the Transport Layer, typical examples of Layer 4 are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). These protocols will be discussed in great detail later in this chapter.

Network Layer

To best understand what the Network layer does, consider what happens when you write a letter and use the postal service to send the letter. You put the letter in an envelope and write the destination address as well as your own address so that an undelivered letter can be returned back to you. In network terms, this address is called a logical address and is unique in the network. Each host has a logical address. When the post office receives this letter, it has to ascertain the best path for this letter to reach the destination. Similarly in a network, a router needs to determine the best path to a destination address. This is called path determination. Finally the post office sends the letter out the best path and it moves from post office to post office before finally being delivered to the destination address. Similarly data is moved across network mainly by routers before being finally delivered to the destination.

All these three functions – logical addressing, path determination and forwarding – are done at the Network Layer. Two types of protocols are used for these functions – routed protocols are used for logical addressing and forwarding while routing protocols are used for path determinations. There are many routed protocols and routing protocols available. Some of the common ones are discussed in great detail later the book. Routers function at this layer. Remember that routers only care about the destination network. They do not care about the destination host itself. The task of delivery to the destination host lies on the Data Link Layer.

Data Link Layer

While the Network layer deals with data moving across networks using logical addresses, Data Link layer deals with data moving within a local network using physical addresses. Each host has a logical address and a physical address. The physical address is only locally significant and is not used beyond the network boundaries (across a router). This layer also defines protocols that are used to send and receive data across the media. You will remember from earlier in the chapter that only a single host can send data at a time in a collision domain or else packets will collide and cause a host to back off for sometime. The Data Link layer determines when the media is ready for the host to send the data and also detects collisions and other errors in received data. Switches function at this layer.

Physical Layer

This layer deals with the physical transmission medium itself. It activates, maintains and deactivates the physical link between systems (host and switch for example). This is where the connectors, pin-outs, cables, electrical currents etc. are defined. Essentially this layer puts the data on the physical media as bits and receives it in the same way. Hubs work at this layer.

Data Encapsulation

In the previous sections you learned about various layers of the OSI reference model. Each layer has its distinct function and it interacts with the corresponding layer at the remote end. For example, the transport layer at the source will interact with the transport layer of the destination. For this interaction, each layer adds a header in front of the data from the previous layer. This header contains control information related to the protocol being used at that layer. This process is called encapsulation. This header and the data being sent from one layer to the next lower layer is called a Protocol Data Unit (PDU). Figure 1-8 shows how data gets encapsulated as it travels from layer 7 down to layer 1.

Figure 1-8 Encapsulation in OSI Reference Model

As shown in Figure 1-8, The Application layer adds its protocol dependent header to the data and creates the Layer 7 PDU which is then passed down to the Presentation Layer. This layer then adds its header to the Layer 7 PDU to create the Layer 6 PDU and sends it down to the Session layer. This goes on till Layer 2 receives the Layer 3 PDU. Layer 2 adds a header and a trailer to the Layer 3 PDU to create the Layer 2 PDU that is then sent to Layer 1 for transmission.

At the receiving end, Layer 1 takes the data off the wire and sends it to Layer 2. Here the Layer 2 header and trailer are examined and removed. The resulting Layer 3 PDU is sent to Layer 3. Layer 3 in turn examines the header in the PDU and removes it. The resulting Layer 4 PDU is sent to Layer 4. Similarly, each layer removes the header added by the corresponding layer at the source before sending the data to the upper layer. Finally the Application layer removes the Layer 7 header and sends the data to the application. This process of examining, processing and removing the header is known as decapsulation.

Exam Alert: It is very important to remember the Layer names, their functions and the encapsulation process. You can use a common mnemonic to remember the layer names and their sequence – All People Seem To Need Data Processing. This is an important concept on your CCNA exam.

1-4 TCP/IP Model

As mentioned earlier, the OSI reference model and the TCP/IP model are two open standard networking models that are very similar. However, the latter has found more acceptance today and the TCP/IP protocol suite is more commonly used. Just like the OSI reference model, the TCP/IP model takes a layered approach. In this section we will look at all the layers of the TCP/IP model and various protocols used in those layers.

The TCP/IP model is a condensed version of the OSI reference model consisting of the following 4 layers:

Application Layer
Transport Layer
Internet Layer
Network Access Layer

The functions of these four layers are comparable to the functions of the seven layers of the OSI model. Figure 1-9 shows the comparison between the layers of the two models.

The following sections discuss each of the four layers and protocols in those layers in detail.

Figure 1-9 Comparison between TCP/IP and OSI models

Application Layer

The Application Layer of the TCP/IP Model consists of various protocols that perform all the functions of the OSI model’s Application, Presentation and Session layers. This includes interaction with the application, data translation and encoding, dialogue control and communication coordination between systems.

The following are few of the most common Application Layer protocols used today:

Telnet – Telnet is a terminal emulation protocol used to access the resourses of a remote host. A host, called the Telnet server, runs a telnet server application (or daemon in Unix terms) that receives a connection from a remote host called the Telnet client. This connection is presented to the operating system of the telnet server as though it is a terminal connection connected directly (using keyboard and mouse). It is a text-based connection and usually provides access to the command line interface of the host. Remember that the application used by the client is usually named telnet also in most operating systems. You should not confuse the telnet application with the Telnet protocol.

HTTP – The Hypertext Transfer Protocol is foundation of the World Wide Web. It is used to transfer Webpages and such resources from the Web Server or HTTP server to the Web Client or the HTTP client. When you use a web browser such as Internet Explorer or Firefox, you are using a web client. It uses HTTP to transfer web pages that you request from the remote servers.

FTP – File Transfer Protocol is a protocol used for transferring files between two hosts. Just like telnet and HTTP, one host runs the FTP server application (or daemon) and is called the FTP server while the FTP client runs the FTP client application. A client connecting to the FTP server may be required to authenticate before being given access to the file structure. Once authenticated, the client can view directory listings, get and send files, and perform some other file related functions. Just like telnet, the FTP client application available in most operating systems is called ftp. So the protocol and the application should not be confused.

SMTP – Simple Mail Transfer Protocol is used to send e-mails. When you configure an email client to send e-mails you are using SMTP. The mail client acts as a SMTP client here. SMTP is also used between two mails servers to send and receive emails. However the end client does not receive emails using SMTP. The end clients use the POP3 protocol to do that.

TFTP – Trivial File Transfer Protocol is a stripped down version of FTP. Where FTP allows a user to see a directory listing and perform some directory related functions, TFTP only allows sending and receiving of files. It is a small and fast protocol, but it does not support authentication. Because of this inherent security risk, it is not widely used.

DNS – Every host in a network has a logical address called the IP address (discussed later in the chapter). These addresses are a bunch of numbers. When you go to a website such as www.cisco.com you are actually going to a host which has an IP address, but you do not have to remember the IP Address of every WebSite you visit. This is because Domain Name Service (DNS) helps map a name such as www.cisco.com to the IP address of the host where the site resides. This obviously makes it easier to find resources on a network. When you type in the address of a website in your browser, the system first sends out a DNS query to its DNS server to resolve the name to an IP address. Once the name is resolved, a HTTP session is established with the IP Address.

DHCP – As you know, every host requires a logical address such as an IP address to communicate in a network. The host gets this logical address either by manual configuration or by a protocol such as Dynamic Host Configuration Protocol (DHCP). Using DHCP, a host can be provided with an IP address automatically. To understand the importance of DHCP, imagine having to manage 5000 hosts in a network and assigning them IP address manually! Apart from the IP address, a host needs other information such as the address of the DNS server it needs to contact to resolve names, gateways, subnet masks, etc. DHCP can be used to provide all these information along with the IP address.

Transport Layer

The protocols discussed above are few of the protocols available in the Application layer. There are many more protocols available. All of them take the user data and add a header and pass it down to the Transport layer to be sent across the network to the destination. The TCP/IP transport layer’s function is same as the OSI layer’s transport layer. It is concerned with end-to-end transportation of data and setups up a logical connection between the hosts.

Two protocols available in this layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is a connection oriented and reliable protocol that uses windowing to control the flow and provides ordered delivery of the data in segments. On the other hand, UDP simply transfers the data without the bells and whistles. Though these two protocols are different in many ways, they perform the same function of transferring data and they use a concept called port numbers to do this. The following sections cover port numbers before looking into TCP and UDP in detail.

Port Numbers

A host in a network may send traffic to or receive from multiple hosts at the same time. The system would have no way to know which data belongs to which application. TCP and UDP solve this problem by using port numbers in their header. Common application layer protocols have been assigned port numbers in the range of 1 to 1024. These ports are known as well-known ports. Applications implementing these protocols listen on these port numbers. TCP and UDP on the receiving host know which application to send the data to based on the port numbers received in the headers.

On the source host each TCP or UDP session is assigned a random port number above the range of 1024. So that returning traffic from the destination can be identified as belonging to the originating application. Combination of the IP address, Protocol (TCP or UDP) and the Port number forms a socket at both the receiving and sending hosts. Since each socket is unique, an application can send and receive data to and from multiple hosts. Figure 1-10 shows two hosts communicating using TCP. Notice that the hosts on the left and right are sending traffic to the host in the center and both of them are sending traffic destined to Port 80, but from different source ports. The host in the center is able to handle both the connections simultaneously because the combination of IP address, Port numbers and Protocols makes each connection different.

Figure 1-10 Multiple Sessions using Port Numbers

Table 1-1 shows the transport layer protocol and port numbers used by different common application layer protocols.

Table 1-1 Well-known Port Numbers

Application Protocol	Transport Protocol	Port Number
HTTP	TCP	80
HTTPS	TCP	443
FTP (control)	TCP	21
FTP (data)	TCP	20
SSH	TCP	22
Telnet	TCP	23
DNS	TCP, UDP	53
SMTP	TCP	25
TFTP	UDP	69

Exam Alert: It is important to remember the well-know port numbers and which application layer protocol they are assigned to as you will see this on your CCNA exam in a multiple choice question or an access-list question.

Transport Control Protocol (TCP)

TCP is one of the original protocols designed in the TCP/IP suite and hence the name of the model. When the application layer needs to send large amount of data, it sends the data down to the transport layer for TCP or UDP to transport it across the network. TCP first sets up a virtual-circuit between the source and the destination in a process called three-way handshake. Then it breaks down the data into chunks called segments, adds a header to each segment and sends them to the Internet layer.

The TCP header is 20 to 24 bytes in size and the format is shown in Figure 1-11. It is not necessary to remember all fields or their size but most of the fields are discussed below.

Figure 1-11 TCP header

When the Application layer sends data to the transport layer, TCP sends the data across using the following sequence:

Connection Establishment – TCP uses a process called three-way handshake to establish a connection or virtual-circuit with the destination. The three-way handshake uses the SYN and ACK flags in the Code Bits section of the header. This process is necessary to initialize the sequence and acknowledgement number fields. These fields are important for TCP and will be discussed below.

Figure 1-12 TCP three-way handshake

As shown in Figure 1-12, the source starts the three-way handshake by sending a TCP header to the destination with the SYN flag set. The destination responds back with the SYN and ACK flag sent. Notice in the figure that destination uses the received sequence number plus 1 as the Acknowledgement number. This is because it is assumed that 1 byte of data was contained in the exchange. In the final step, the source responds back with only the ACK bit set. After this, the data flow can commence.

Data Segmentation – The size of data that can be sent across in a single Internet layer PDU is limited by the protocol used in that layer. This limit is called the maximum transmission unit (MTU). The application layer may send data much larger than this limit; hence TCP has to break down the data into smaller chucks called segments. Each segment is limited to the MTU in size. Sequence numbers are used to identify each byte of data. The sequence number in each header signifies the byte number of the first byte in that segment.

Flow Control – The source starts sending data in groups of segments. The Window bit in the header determines the number of segments that can be sent at a time. This is done to avoid overwhelming the destination. At the start of the session the window in small but it increases over time. The destination host can also decrease the window to slow down the flow. Hence the window is called the sliding window. When the source has sent the number of segments allowed by the window, it cannot send any further segments till an acknowledgement is received from the destination. Figure 1-13 shows how the window increases during the session. Notice the Destination host increasing the Window from 1000 to 1100 and then to 1200 when it sends an ACK back to the source.

Figure 1-13 TCP Sliding Window and Reliable delivery

Reliable Delivery with Error recovery – When the destination receives the last segment in the agreed window, it has to send an acknowledgement to the source. It sets the ACK flag in the header and the acknowledgement number is set as the sequence number of the next byte expected. If the destination does not receive a segment, it does not send an acknowledgement back. This tells the source that some segments have been lost and it will retransmit the segments. Figure 1-13 shows how windowing and acknowledgement is used by TCP. Notice that when source does not receive acknowledgement for the segment with sequence number 2000, it retransmits the data. Once it receives the acknowledgement, it sends the next sequence according to the window size.

Ordered Delivery – TCP transmits data in the order it is received from the application layer and uses sequence number to mark the order. The data may be received at the destination in the wrong order due to network conditions. Thus TCP at the destination orders the data according to the sequence number before sending it to the application layer at its end. This order delivery is part of the benefit of TCP and one of the purposes of the Sequence Number.

Connection Termination – After all data has been transferred, the source initiates a four-way handshake to close the session. To close the session, the FIN and ACK flags are used.

Exam Alert: TCP is one of the most important protocols you will learn about while preparing for the CCNA exam. Understanding how TCP works is very important and you will more than likely see an ACK question on the exam!

User Datagram Protocol (UDP)

The only thing common between TCP and UDP is that they use port numbers to transport traffic. Unlike TCP, UDP neither establishes a connection nor does it provide reliable delivery. UDP is connectionless and unreliable protocol that delivers data without overheads associated with TCP. The UDP header contains only four parameters (Source port, Destination Port, Length and Checksum) and is 8 bytes in size.

At this stage you might think that TCP is a better protocol than UDP since it is reliable. However you have to consider that networks now are far more stable than when these protocols where conceived. TCP has a higher overhead with a larger header and acknowledgements. The source also holds data till it receives acknowledgement. This creates a delay. Some applications, especially those that deal with voice and video, require fast transport and take care of the reliability themselves at the application layer. Hence in lot of cases UDP is a better choice than TCP.

Internet Layer

Once TCP and UDP have segmented the data and have added their headers, they send the segment down to the Network layer. The destination host may reside in a different network far from the host divided by multiple routers. It is the task of the Internet Layer to ensure that the segment is moved across the networks to the destination network.

The Internet layer of the TCP/IP model corresponds to the Network layer of the OSI reference model in function. It provides logical addressing, path determination and forwarding.

The Internet Protocol (IP) is the most common protocol that provides these services. Also working at this layer are routing protocols which help routers learn about different networks they can reach and the Internet Control Message Protocol (ICMP) that is used to send error messages across at this layer.

Almost half of the book is dedicated IP and Routing protocols so they will be discussed in detail in later chapters, but the following sections discuss these protocols in brief.

Internet Protocol (IP)

The Internet layer in the TCP/IP model is dominated by IP with other protocols supporting its purpose. Each host in a network and all interfaces of a router have a logical address called the IP address. All hosts in a network are grouped in a single IP address range similar to a street address with each host having a unique address from that range similar to a house or mailbox address. Each network has a different address range and routers that operate on layer 3 connect these different networks.

As IP receives segments from TCP or UDP, it adds a header with source IP address and destination IP address amongst other information. This PDU is called a packet. When a router receives a packet, it looks at the destination address in the header and forwards it towards the destination network. The packet may need to go through multiple routers before it reaches the destination network. Each router it has to go through is called a hop.

Figure 1-14 Packet flow in internetwork

Consider the Internetwork shown in Figure 1-14 to understand the routing process better. When Host1 needs to send data to Host2, it does not get routed because the hosts are in the same network range. The Data Link layer takes care of this. Now consider Host1 sending data to Host3. Host1 will recognize that it needs to reach a host in another network and will forward the packet to Router1. Router1 checks the destination address and knows that the destination network is toward Router2 and hence forwards it to Router2. Similarly Router 2 forwards the packet to Router3. Router3 is directly connected to the destination network. Here the data link layer takes care of the delivery to the destination host. As you can see, the IP address fields in the IP header play a very important role in this process. In fact IP addresses are so important in a network that the next Chapter is entirely dedicated to it!

Figure 1-15 IPv4 Header

There are various versions of the Internet Protocol. Version 4 is the one used today and version 6 is slowly starting to replace it which is why it’s presence has increased on the CCNA Routing & Switching 200-120 exam compared to previous CCNA exam versions. Figure 1-15 shows the header structure of IPv4. The following fields make up the header:

Version – IP version number. For IPv4 this value is 4.

Header Length – This specifies the size of the header itself. The minimum size is 20 bytes. The figure does not show the rarely used options field that is of a variable length. Most IPv4 headers are 20 bytes in length.

DS Field – The differentiated Services field is used for marking packets. Different Quality-Of-Service (QoS) levels can be applied on different markings. For example, data belonging to voice and video protocols have no tolerance for delay. The DS field is used to mark packets carrying data belonging to these protocols so that they get priority treatment through the network. On the other hand, peer-to-peer traffic is considered a major problem and can be marked down to give in best effort treatment.

Total Length – This field specifies the size of the packet. This means the size of the header plus the size of the data.

Identification – When IP receives a segment from TCP or UDP; it may need to break the segment into chucks called fragments before sending it out to the network. Identification fields serves to identify the fragments that make up the original segment. Each fragment of a segment will have the same identification number.

Flags – Used for fragmentation process.

Fragment Offset – This field identifies the fragment number and is used by hosts to reassemble the fragments in the correct order.

Time to Live – The Time to Live (TTL) value is set at the originating host. Each router that the packet passes through reduces the TTL by one. If the TTL reaches 0 before reaching the destination, the packet is dropped. This is done to prevent the packet from moving around the network endlessly.

Protocol – This field identifies the protocol to which the data it is carrying belongs. For example a value of 6 implies that the data contains a TCP segment while a value of 17 signifies a UDP segment. Apart from TCP and UDP there are many protocols whose data can be carried in an IP packet.

Header Checksum – This field is used to check for errors in the header. At each router and at the destination, a cyclic redundancy check performed on the header and the result should match the value stored in this field. If the value does not match, the packet is discarded.

Source IP address – This field stores the IP address of the source of the packet.

Destination IP address – This field stores the IP address of the destination of the packet.

Figure 1-16 Source and Destination IP address

Figure 1-16 shows how Source and Destination IP address is used in an IP packet. Notice how the source and destination addresses changed during the exchange between HostA and HostB

Routing Protocols

In Figure 1-14, Router1 knew that it needed to send the packet destined to Host3 toward Router2. Router2 in turn knew that the packet needed to go toward Router3. To make these decisions, the routers need to build their routing table. This is a table of all networks known by it and all the routers in the internetwork. The table also lists the next router towards the destination network. To build this table dynamically, routers use routing protocols. There are many routing protocols and their sole purpose is to ensure that routers know about all the networks and the best path to any network. Chapter 4 and Chapter 5 discuss the routing process and some routing protocols in detail.

Internet Control Message Protocol (ICMP)

ICMP is essentially a management protocol and messaging service for IP. Whenever IP encounters an error, it sends ICMP data as an IP packet. Some of the reasons why an ICMP message can be generated are:

Destination Network Unreachable – If a packet cannot be routed to the network in which the destination address resides, the router will drop the packet and generate an ICMP message back to the source informing that the destination network is unreachable.

Time Exceeded – If the TTL of a packet expiries (reduces to zero), the router will drop it and generate an ICMP message back to the source informing it that the time exceeded and the packet could not be delivered.

Echo Reply – ICMP can be used to check network connectivity. Popular utility called Ping is used to send Echo Requests to a destination. In reply to the request, the destination will send back an Echo reply back to the source. Successful receipt of Echo reply shows that the destination host is available and reachable from the source.

Network Access Layer

The Network Access layer of the TCP/IP model corresponds with the Data Link and Physical layers of the OSI reference model. It defines the protocols and hardware required to connect a host to a physical network and to deliver data across it. Packets from the Internet layer are sent down the Network Access layer for delivery within the physical network. The destination can be another host in the network, itself, or a router for further forwarding. So the Internet layer has a view of the entire Internetwork whereas the Network Access layer is limited to the physical layer boundary that is often defined by a layer 3 device such as a router.

The Network Access layer consists of a large number of protocols. When the physical network is a LAN, Ethernet at its many variations are the most common protocols used. On the other hand when the physical network is a WAN, protocols such as the Point-to-Point Protocol (PPP) and Frame Relay are common. In this section we take a deep look at Ethernet and its variations. WAN protocols are covered in detail in Chapter 11.

Before we explore Ethernet remember that:

Network Access layer uses a physical address to identify hosts and to deliver data.

The Network Access layer PDU is called a frame. It contains the IP packet as well as a protocol header and trailer from this layer.
The Network Access layer header and trailer are only relevant in the physical network. When a router receives a frame, it strips of the header and trailer and adds a new header and trailer before sending it out the next physical network towards the destination

1-5 Ethernet Technologies and Cabling

1-6 Cisco 3 Layer Model

In a large organization it is common to see large and complicated networks consisting of many locations, devices, services, and protocols. It can be cumbersome to manage and troubleshoot such networks. In addition to that as technologies evolve, the network has to evolve also. Making changes to a complex network is often difficult. Cisco with its years of experience in network equipment as well as managing its own network has defined a Three-layer hierarchical model. This model provides a hierarchical and modular method of building networks that makes it easy to implement, manage, scale and troubleshoot networks.

The model breaks an internetwork down to the following three layers:

The Core layer
The Distribution layer
The Access layer

These layers are logical and not physical. They have specific functions in an internetwork which are discussed below:

The Core Layer – This layer is the backbone of an internetwork. It is the simplest yet the most critical layer whose sole function is to transport large amount of data fast. It gets data from the distribution layer and sends it back to the distribution layer after transportation. Speed and fault tolerance are the two major requirements of this layer because it has to transport large amount of data and any fault at this layer will impact every user. Considering the functions of this layer, the following should be avoided at this layer:

Any thing that can slow down the traffic. For example, packet filtering, inter-VLAN routing etc.
Direct user connections
Direct server connections
Complex service policies

While designing the core, the following should be kept in mind:

Routing protocol should have low convergence time.
Network Access layer technologies should be fast with low latency
Redundancy should be built into this layer.

The Distribution Layer – This layer acts as an interface between the Core and the Access layers. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed. Path determination is the most important function at the layer. It has to select the fastest way an access request can be completed. This layer also acts as the convergence point for all access layer switches. Hence it is generally the best place to apply most of the policies. The following are generally done at this layer:

Routing between subnets and VLANs and route distribution between routing protocols
Implementation of security policies, including firewalls, address translations, packet filtering, etc.
Breaking broadcast domains

The Access Layer – This layer is the edge of the network where wide variety of devices such as PCs, printers, iPads etc. connects to the network. Common resources needed by users are available at this layer while access request to remote resources are sent to the distribution layer. This layer is also known as the desktop layer. The following are generally done at this layer:

Access control and policies in addition to what exists in the distribution layer.
Dynamic configuration mechanisms
Breaking collision domains
Ethernet switching and static routing

1-7 Introduction to Wide-Area Networks

A wide-area network (WAN) enables you to extend your local-area network (LAN) to other LANs at remote sites. There are more than one ways to build wide-area networks employing various types of connections, technologies, and devices.

Cisco IOS Software supports a number of WAN protocols. In this chapter, we will introduce you to High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), and Frame Relay on serial interfaces. We will also learn how to configure these WAN protocols on Cisco routers. We also give you a brief introductions to virtual private networks (VPNs) as an alternate to traditional WAN solutions.

The OSI Layer 1 (physical layer) and Layer 2 (data link layer) work together to deliver data across a wide variety of network types. Local-Area Network (LAN) standards and protocols define how to network devices that are relatively close together, hence the term local-area in the acronym LAN. Wide-Area Network (WAN) standards and protocols define how to network devices that are relatively far apart, hence the termwide-area in the acronym WAN. LANs and WANs both implement the same OSI Layer 1 and Layer 2 functions but with different mechanisms.

The big distinction between LANs and WANs relates to how far apart the devices can be and still be capable of sending and receiving data. LANs tend to reside in a single building or at most among nearby buildings in a campus using optical cabling approved for Ethernet. WAN connections typically run much longer distances than Ethernet LANs: across town, between cities, or even between continents. Usually only one or a few companies even have the rights to run cables under the ground between the sites. For example, a company may have two offices just across a road such that the distance between the two buildings is well within the maximum distance supported by Ethernet technologies. However, the two companies still cannot simply run a cable under the ground between the two offices due to right-of-way restrictions. When Ethernet LANs are used to connect buildings, it normally is inside a campus like a university or office complex.

Besides LANs and WANs, the term Metropolitan-Area Network (MAN) is sometimes used for networks that extend between buildings and through rights-of-way. The term MAN typlically implies a network that does not reach as far as a WAN, and generally spans a single metropolitan area. However, you should keep in mind that the distinctions between LANs, MANs, and WANs are blurry. There is no set distance that means a link is a LAN, MAN, or WAN link. For example, the 1000BASE-ZX Ethernet standard with extended wavelength, single-mode (SM) fiber cabling can achieve distances upto 100 km!

A company that needs to send data over longer distances does not actually own the line or cable; it rather leases it from the company that actually own it and that’s why it is called a leased line. The company that owns, manages, and installs such long links, or circuits has the right-of-way to run cables under streets, highways, rivers etc. The generic term service provider is used to refer to a company that provides leased lines for WAN connectivity.

1-8 Summary

Though this chapter was long, it helped lay the foundation of your CCNA networking knowledge. The importance of understanding every topic in this chapter cannot be stressed enough. I would strongly suggest going through the chapter again to reinforce the basics.

The chapter started off with the importance of networks, basic network devices and network types and collision and broadcast domains.

Then the seven-layered OSI model was discussed. It is important to remember the functions of all the layers and how they map to the TCP/IP model. Remember that hubs work at Physical Layer, switches at Data-Link Layer and routers at the Network Layer of the OSI model.

The chapter then covered a long discussion on the TCP/IP model and its many protocols. Remember that TCP/IP and Ethernet form a major part of the CCNA exam and have a few chapters dedicated to them.

Lastly, the chapter covered the Cisco three-layer hierarchical model and how it is designed to help implement and manage a complex network.

The next chapter looks at IP addressing. Before heading to it, we suggest you review the CCNA Exam Alerts scattered through this chapter to recap the various important concepts.

Chapter 2 – IP Addressing and Subnets

Chapter 1 introduced you to the various layers of the TCP/IP model. The CCNA exam is almost entirely about the Internet and the Network Access layer. So this chapter will cover one of the most important subjects of networking – IP Addresses. As you already know, each host in the network has a logical address called the IP address. This address helps in routing packets from source to destination across internetworks. This chapter delves deep into IP addresses, subnet mask, subnetting and Variable Length Subnet Mask (VLSM). Finally this chapter looks at some troubleshooting techniques that are used to solve IP address related problems. The two current versions of IP addresses in use today are IPv4 and IPv6. This chapter focuses on IPv4. IPv6 is discussed in Chapter 12.

2-1 IP Addresses – Composition, Types and Classes

Before heading deeper into IP addresses, you should be aware of the following terms

Bit – A bit is a single digit with a value of 0 or 1.
Byte – A byte is composed of 8 bits.
Octet – An octet is also made up of 8 bits. Throughout this chapter the terms byte and octet are interchangeable.
Network Address – This refers to a remote network in terms of routing. All hosts in the remote network fall within this address. For example, 10.0.0.0, 172.16.0.0 and 192.168.1.0
Broadcast Address – This is the address used to send data to all hosts in a network. The broadcast address 255.255.255.255 refers to all hosts in all networks while an address such as 192.168.1.255 refers to all hosts in a particular network.

An IP address is 32 bits in length. To make the address easier to read, it is divided into four sections of 8 bits each divided by a period. Each section is therefore, 1 byte (also called octet) long. To further make it easier to read and remember, the binary numbers are converted to decimal. For example, an IP address such as 11000000100000000000110000000001 is divided to make it 11000000.10000000.00001100.00000001. When this address is converted to decimal, it will become 192.128.12.1. This format of IP address is called the dotted decimal format. Some applications also covert the address to hexadecimal format instead of decimal format. However this is not commonly seen and as far as the CCNA exam is concerned, you need to only work with the dotted decimal format.

Topics in this chapter require binary to decimal conversions. Table 2-1 shows the decimal value of each bit location in a byte. To easily convert from binary to decimal, add up the decimal value corresponding to the bit place that is “on” (1). For example, a binary value of 10110000 can be easily converted to decimal by adding the decimal value of each bit that is 1. That gives us 128+32+16 = 176.

Table 2-2 shows the decimal value for the most common binary numbers you will encounter in this chapter.

Table 2-1 Decimal Value for each bit place in a byte

128

Table 2-2 Decimal Values for common binary numbers

*Binary Value*	*Decimal Value*
*10000000*	128
*11000000*	192
*11100000*	224
*11110000*	240
*11111000*	248
*11111100*	252
*11111110*	254
*11111111*	255

An IP address does not only represent the host address. In fact it represents the network where the host resides and the host it self. In effect, the IP address consists of two parts:

1. The Network component – Defines network (or subnet), in an internetwork, the host resides in.
2. The Host component – Defines the host itself in the network.

Each combination of the network component and the host component should be unique in the entire Internetwork. To make it easy to identify which portion of the address is network component and which one is the host component, addresses are broken down into 5 classes discussed below:

Class A – The first byte (8 bits) is the network component and the remaining three bytes (24 bits) are host component (network.host.host.host). This class is for an internetwork with small number of networks and large number of hosts per network.

Class B – The first two bytes (16 bits) are the network component and the remaining three bytes are host components (network.network.host.host). This class bridges the gap between Class A and Class C by providing for medium number of networks with medium number of hosts.

Class C – The first three bytes (24 bits) are the network component and the last byte (8 bits) is the host components (network.network.network.host). This class provides for large number of networks with fewer hosts per network.

Class D – Used for multicasting.

Class E – Reserved addresses

In a binary address the first 5 bits of the address and the first octet in a dotted decimal address shows the class of address. Table 2-3 shows the first 5 bits and the first octet range of each class of address.

Table 2-3 Address range for different classes of address

Class	First 5 bits in binary	First Octet range
A	0xxxx	0-127 (actually 1-126 because 0 and 127 are reserved
B	10xxx	128-191
C	110xx	192-223
D	1110x	224-239
E	1111x	240-254

Notice that first few bits in each class have a fixed value. For example a class A address should have the first bit set to 0. Similarly class C should have first 2 bits set to 1 and the third bit set to 0. Another point to note is that though the class A range is from 0 to 127, the address 0.0.0.0 is reserved to mean “any network” and 127.0.0.1 is reserved as a loopback address which refers to the host itself. So the class A network is restricted to the 1-126 range.

Exam Alert: Class of addresses and their address range is a very important topic. You will have to remember the range associated with each class.

Before moving ahead, spend some time to figure out the class of some addresses given below. Also try to figure out which portion is the network and which portion is the host part:

1. 9.140.2.87 – This is a Class A address because the first octet lies in 1-126 range. 9 is the network part while 140.2.87 is the host part because class A addresses have a network.host.host.host format.

2. 172.30.4.190 – This is a Class B address because the first octet lies in 128-191 range. 172.30 is the network part while 4.190 is the host part because class B addresses have a network.network.host.host format.

3. 194.144.5.10 – This is a Class C address because the first octet lies in the 192-223 range. 194.144.5 is the network part while 10 is the host part because class C addresses have a network.network.network.host format.

4. 45.22.187.1 – This is again a class A address with 45 being the network part and 22.187.1 being the host part.

Some IP address such as 127.0.0.1 have a special meaning. Table 2-4 lists such addresses and what they represent.

Table 2-4 Reserved IP addresses

Address	What it represents	Where can it be used
Network address of all 0s	Represents “this network”. For example 0.0.0.120	For sending broadcast messages to the network.
Network address of all 1s	Represents “all networks”.	For sending broadcast messages to all networks.
Node address of all 0s	Represents a network address or all hosts in the network. Example 10.0.0.0 or 172.16.0.0	Routers route traffic based on network address.
Node address of all 1s	Represents all hosts in a network. Also called the broadcast address. Example 172.16.255.255 or 192.168.10.255	Used to send broadcasts to all hosts in a network.
Entire address of 0s	Represents “any network”.	Used by routers to designate the default route.
Entire IP set to all 1s.	Represents all hosts in network.	Used to send broadcast messages
127.0.0.1	Represents the loopback address which is essentially the host itself	To send traffic from the host to itself. If you want to connect to a webserver running on the host itself, you will use this address in the browser.

Exam Alert: It is important to remember that if all host bits in an address are set to 0 then it is a network address. On the other hand if all host bits are set to 1 then it is a broadcast address. These addresses cannot be assigned to a host.

2-2 Private and Public IP addresses

As you know already, every host on a network requires a unique IP address. This is easily manageable in a small network but not a network as large as the Internet. The Internet Assigned Numbers Authority (IANA) is responsible for managing and distributing IP addresses. The IANA has created 5 address registrars in five locations of the world. ISPs and large organizations purchase the addresses from these registrars. The end user in turn gets the IP address from the ISP. These purchasable IP addresses are called public addresses and are routable on the Internet. Every host on the Internet has one of these addresses, in theory.

The IANA also designated a range of addresses in class A, B and C for use in private networks. These addresses can be used by anyone within their network without any required permission but these addresses are not routable on the Internet. You ISP or your organization usually assigns you one of these addresses and later translates it to a public address when you want to get out to the Internet. The designated ranges for private IP addresses are:

Class A – 10.0.0.0 to 10.255.255.255 (1 network)
Class B – 172.16.0.0 to 172.31.255.255 (16 networks)
Class C – 192.168.0.0 to 192.168.255.255 (256 networks)

Address translation and private IP addresses are discussed in detail in Chapter 9.

Exam Alert: It is very important to remember the range of private IP addresses as you will more than likely see a question about them on your CCNA exam.

2-3 Subnetting

In case of class A and B IP addresses, each of them provides for a large number of hosts. For class A, the total numbers of hosts available are 2²⁴-2 or 16,777,216 hosts (class A has 24 bits available for host component and each bit can have two values – 0 and 1. Out of the total value one address is for network address and the other for broadcast. So two addresses are deducted). Similarly a Class B addresses provides for 2¹⁶-2 or 65,534 hosts. In the first chapter you learned about disadvantages of large networks and why it becomes necessary to divide them into smaller networks joined by routers. So creating a network with total number of hosts allowed for class A or B addresses will cause a lot of problems. Meanwhile creating small networks with class A or B addresses will waste a lot of addresses.

To overcome this problem with class based addressing, subnetting was introduced. Subnetting allows you to borrow some host bits and use them to create more networks. These networks are commonly called subnets and are smaller in size. But since each network has a network address and a broadcast address, some addresses get wasted.

To further understand how subnetting is useful consider a Class C address. Each class C address has 2⁸-2 or 254 host addresses available. If you wanted 2 networks with 100 addresses and used 2 class C networks, you would waste 308 addresses. Instead of using two class C networks, you can subnet one to provide you two networks of 126 addresses each. This way lesser number of addresses would be wasted.

While some of the benefits of subnetting are discussed above, the following list discusses all the benefits associated with it:

Reduced broadcasts – While broadcasts are necessary, too many of them can bring down a network and the number of broadcasts is proportionate to the size of the network. So subnetting a network to smaller subnetworks, helps reduce broadcasts since routers do not forward broadcasts.
Increased Network Performance – The direct result of reduced broadcasts is a network that has more bandwidth available to the hosts. More bandwidth and lesser hosts result in a better performance of the network.
Easier Management – Managing and troubleshooting a large network is cumbersome and difficult. Subnetting breaks a network into smaller subnetworks, making it easier to manage each of them.
Scalability – A single large network spanning a large geographical location will be more difficult and costlier to manage. WAN links connecting different locations are costly and having broadcasts choking the network can result is wasted money. Hence breaking down a large network makes is easier to scale a network across geographical locations.

Now that you understand the concept and benefit of subnetting, consider the problem that arises with it. In case of class based subnetting, the first octet of the dotted decimal address tells which part of the address is the network component and which one is the host component. But when host bits are borrowed for subnetting, the class based boundaries do not apply and it is not possible to say which bits are network bits. To overcome this, a third component of IP addresses were added. These are called the subnet masks.

Subnets masks, like IP addresses, are 32 bit long. The value of subnet mask represents which bits of the IP address are network components and which are host component. A value of 1 in a subnet mask shows that the corresponding bit in the IP address is a network component while a value of 0 shows that the corresponding bit is a host component. The following examples will help clarify this further:

An IP address of 192.168.10.1 with a subnet mask of 255.255.255.0 (11111111.11111111.11111111.00000000) shows that the first three octets of the IP address are the network component while the last octet is the host component.
An IP address of 172.16.100.1 with a subnet mask of 255.255.128.0 (11111111.1111111.100000000.00000000) shows that one bit from the third octet has been borrowed from the host component. Hence the network component is now 17 bits long instead of the default 16 bit in a class B address.
An IP address of 10.1.1.1.1 with a subnet mask of 255.255.0.0 (11111111.11111111.00000000.0000000) shows that the entire second octet has been borrowed from the host component and now the network component is 16 bits long instead of the default 8 bit of a class A address.

One restriction that applies to subnet masks is that all network bits (1) and all host bits (0) should be contiguous. So a subnet mask of 11001100.11110000.11110000.00001111 is not valid because the network and host bits are not contiguous. Table 2-5 shows the valid subnet mask values is an octet.

Table 2-5 Valid subnet mask values in an octet

Binary Value	Decimal Value
00000000	0
10000000	128
11000000	192
11100000	224
11110000	240
11111000	248
11111100	252
11111110	254
11111111	255

Subnets masks are commonly represented in two ways:

Dotted Decimal – 10.1.1.1 255.255.0.0
Classless Inter-Domain Routing (CIDR) notation – 10.1.1.1/16

Exam Alert: It is very important to be able to understand subnet masks with both the dotted decimal as well as the CIDR format. Also remember that any mask not given in Table 2-5 is not valid for an octet.

By now you may have figured out that the default subnet mask of class A is 255.0.0.0 or /8, the default mask of class B is 255.255.0.0 or /16 and the default mask of class C is 255.255.255.0 or /24. Table 2-6 shows the default masks of each class. These default masks cannot be changed. For example, you cannot use a mask of 255.255.0.0 for a class C address. If you try to use an invalid mask such as this, every device will produce an error. For each class, the minimum mask is the default mask and it cannot be reduced. Class A has to have a minimum mask of 255.0.0.0, class B has to have a minimum mask of 255.255.0.0 and class C has to have a minimum mask of 255.255.255.0.

Table 2-6 Default Subnet masks

Class	Format	Default Subnet Mask
A	network.host.host.host	255.0.0.0
B	network.network.host.host	255.255.0.0
C	network.network.network.host	255.255.255.0

Remember that an IP address without mask or a mask without IP address does not mean anything. A mask of /24 does not mean that the address is a class C address. Even a class A or class B address can have a mask of /24 after subnetting. Table 2-7 provides a list of dotted decimal subnet mask value and the corresponding CIDR value.

Table 2-7 Subnet Mask values

Dotted Decimal Value	CIDR notation
255.0.0.0	/8
255.128.0.0	/9
255.192.0.0	/10
255.224.0.0	/11
255.240.0.0	/12
255.248.0.0	/13
255.252.0.0	/14
255.254.0.0	/15
255.255.0.0	/16
255.255.128.0	/17
255.255.192.0	/18
255.255.224.0	/19
255.255.240.0	/20
255.255.248.0	/21
255.255.252.0	/22
255.255.254.0	/23
255.255.255.0	/24
255.255.255.128	/25
255.255.255.192	/26
255.255.255.224	/27
255.255.255.240	/28
255.255.255.248	/29
255.255.255.252	/30

Before moving to actual subnetting, you need to remember the powers of 2 i.e. the value of 2 multiplied as many times as the given exponent. For example 2⁴ = 2 x 2 x 2 x 2 = 16. Table 2-8 lists the first 14 values. It is not necessary to remember them all, but do remember that each value is twice the previous one. The more you remember these values, the easier it will be to subnet on your CCNA exam

Table 2-8 Powers of Two

Exponent	Value
2¹	2
2²	4
2³	8
2⁴	16
2⁵	32
2⁶	64
2⁷	128
2⁸	256
2⁹	512
2¹⁰	1024
2¹¹	2048
2¹²	4096
2¹³	8192
2¹⁴	16384

Now that you know what subnetting is and how subnet masks are used, it is time to create subnets. When planning to subnet, you need to know three things:

Total number of subnets that you need
Total number of hosts per subnet that you need
Available network and subnet mask (which will be subnetted)

Armed with answers to this, you need to find the following:

Subnet Mask to be used across the network
Valid subnets
Network address for each subnet
Broadcast address for each subnet
Valid host addresses in each subnet.

For this section I will take a sample requirement of 8 networks with 30 hosts each with one class C network of 192.168.10.0 255.255.255.0 available. Now that you have the requirement, first thing you need to find is the new subnet mask that can satisfy the requirement. To find the subnet mask, follow the steps given below:

Find the exponent of 2 whose value is more than or equal to the number of subnets required. Lets call this 2^sn. For our example, we need 8 subnets and 2³ equals to 8. So our 2^sn is 2³.
Find the exponent of 2 whose value minus 2 is more than or equal to the maximum number of hosts required in a subnet. Lets call this (2^h-2) For our example, we need a maximum of 30 hosts in a subnet and 2⁵-2 gives us 30 hosts per subnet.
Make sure sn + h from the above two steps does not exceed the number of host bits available in the network available. If the sum of sn and h exceed the available host bits then you will require another network of the same class or a network of a higher class. In our example we have 8 bits of host addresses available in 192.168.10.0 255.255.255.0 network. Our sn+h is 3+5 that gives us 8.
Convert the available mask to the CIDR notation and add sn to it to get the new subnet mask. For our example the mask 255.255.255.0 can be converted to /24. On adding 3 we get a mask of /27. Converting from /27 to the dotted decimal format is easy. /24 is 255.255.255.0 or 11111111.1111111.1111111.00000000. /27 will be 11111111.1111111.1111111.11100000. You need not worry about the first 3 octets since they are already known to be 255.255.255. For the last octet add the decimal value for each network bit. In our case it will be 128+64+32 = 224. So the new subnet mask is 255.255.255.224. Table 2-7 also provides a list of dotted decimal and networking bits value.

The most difficult part is now over. To find the rest of the 4 answers, follow the steps given below:

Valid subnets – To find the valid subnets deduct the interesting octet value from 256. Interesting octets are those octets that have host bits. Available subnets will be in multiples of the resultant value up to 256. In our case the fourth is the interesting octet. Deducting 224 from 256 gives us 32. So the available subnets are 0,32, 64, 96, 128, 160, 192, 224.
Network Address of each subnet – The network address is the very first address of each subnet. So for our valid subnets, the network address would be 192.168.10.0, 192.168.10.32, 192.168.10.64, 192.168.10.96, 192.168.10.128, 192.168.10.160, 192.168.10.192 and 192.168.10.224

Exam Alert: Sometime back Cisco used to discard the first and the last subnet, also called subnet zero. So the number of subnets used to be 2ⁿ-2. Starting IOS version 12.0 the ip subnet-zero command is enabled by default and in Cisco exams the first and last subnets are considered unless specified otherwise. Be on the lookout for questions on your CCNA exam that ask you not to consider subnet zero. In such cases, leave out the first and the last subnet. To fully understand how the command affects the calculation, consider a Class C network with a mask of /26. It will give you subnets 0, 64, 128 and 192 if subnet-zero is allowed, else it will only give you subnets 64 and 128.
Broadcast Address of each subnet – The last address of a subnet is the broadcast address. Simply deduct 1 from the next network address to find the broadcast address of a subnet. For our example subnets the valid broadcast addresses are:

Network Address	Broadcast Address
192.168.10.0	192.168.10.31
192.168.10.32	192.168.10.63
192.168.10.64	192.168.10.95
192.168.10.96	192.168.10.127
192.168.10.128	192.168.10.159
192.168.10.160	192.168.10.191
192.168.10.192	192.168.10.223
192.168.10.224	192.168.10.255

4. Valid hosts addresses in each subnet – For every subnet, the valid host addresses lie between the network address and the broadcast address. For our example, the valid host addresses for each subnet are:

Network Address	Valid Host addresses	Broadcast Address
192.168.10.0	192.168.10.1 – 30	192.168.10.31
192.168.10.32	192.168.10.33 – 62	192.168.10.63
192.168.10.64	192.168.10.65 – 94	192.168.10.95
192.168.10.96	192.168.10.97 – 126	192.168.10.127
192.168.10.128	192.168.10.129 – 158	192.168.10.159
192.168.10.160	192.168.10.161 – 190	192.168.10.191
192.168.10.192	192.168.10.193 – 222	192.168.10.223
192.168.10.224	192.168.10.225 – 254	192.168.10.255

Exam Alert: Subnetting is one of the most important topics in the CCNA exam. Subnetting related questions will not be straight forward like what you learned just now. Mostly you would be given an IP address with a subnet mask and you will need to find out if it is a host, subnet or broadcast address. In following examples review how to approach such questions.

In the following sections, you will encounter variations of subnetting questions. For all of them the process is similar to what you just learned. The steps you need to follow are summarized below:

Find the interesting octet in the given subnet mask. Remember that the octet with a value of less than 255 will be the interesting octet.
Deduct the value of interesting octet from 256 to find the increment by which the network numbers are increasing. These are also your subnet addresses.
Write down the subnet address and broadcast address for each subnet
Write down the host addresses of each subnet
Once you have all the above information, you will find the answer to the given question.

Subnetting Class C Addresses

Subnetting technique remains the same irrespective of the class of address. The difference that the class makes is the number of bits available for subnetting. Class C starts with a mask of /24 and can have a maximum mask of /30. We cannot use /31 or /32 because atleast 2 hosts bits are required for the network and broadcast addresses and /31 and /32 give us 1 and zero host bits respectively. In the examples below, you get to practice subnetting class C addresses.

Subnetting Class C Address – Example #1

Problem: Is 192.168.1.193/26 a host address?

Solution:

Converting /26 to dotted decimal format gives 255.255.255.192. The fourth octet is the interesting octet.
Deducting 192 from 256 gives us 64. So the subnet addresses are 0,64,128 and 192
The network address and broadcast address are:

Network Address	Broadcast Address
192.168.1.0	192.168.1.63
192.168.1.64	192.168.1.127
192.168.1.128	192.168.1.191
192.168.1.192	192.168.1.255

4. The host addresses for each of the subnets are:

Network Address	Host Addresses	Broadcast Address
192.168.1.0	192.168.1.1-62	192.168.1.63
192.168.1.64	192.168.1.65-126	192.168.1.127
192.168.1.128	192.168.1.129-190	192.168.1.191
192.168.1.192	192.168.1.193-254	192.168.1.255

5. The given address, 192.168.1.193 is a host address in the last subnet.

Subnetting Class C Address – Example #2

Problem: What is the network and broadcast address for the subnet to which the address 192.168.1.228/28 belongs?

Solution:

Converting /28 to dotted decimal format gives 255.255.255.240. This shows that the fourth octet is the interesting octet.
Deduction 240 from 256 gives us 16. So the subnet addresses are 0, 16, 32, 48, 64 … 208, 224, 240.
The network and broadcast address for the subnets are:

Network Address	Broadcast Address
192.168.1.0	192.168.1.15
192.168.1.16	192.168.1.31
192.168.1.32	192.168.1.47
192.168.1.48	192.168.1.63
192.168.1.64	192.168.1.79
192.168.1.208	192.168.1.223
192.168.1.224	192.168.1.239
192.168.1.240	192.168.1.255

4. The host addresses of each subnet are:

Network Address	Host Addresses	Broadcast Address
192.168.1.0	192.168.1.1-192.168.1.14	192.168.1.15
192.168.1.16	192.168.1.17-192.168.1.30	192.168.1.31
192.168.1.32	192.168.1.33-192.168.1.46	192.168.1.47
192.168.1.48	192.168.1.49-192.168.1.62	192.168.1.63
192.168.1.64	192.168.1.65-192.168.1.78	192.168.1.79
192.168.1.208	192.168.1.209-192.168.1.222	192.168.1.223
192.168.1.224	192.168.1.225-192.168.1.238	192.168.1.239
192.168.1.240	192.168.1.241-192.168.1.254	192.168.1.255

5. From the above table, you can see that the address 192.168.1.228 lies in the 192.168.1.224 subnet. The network address for this subnet is 192.168.1.224 and the broadcast address is 192.168.1.239.

Subnetting Class C Address – Example #3

Problem: What type of address is 192.168.5.47/29? What is the network and broadcast address of the subnet that this address belongs to and how many host addresses are available in the subnet?

Solution:

Converting /29 gives 255.255.255.248. This shows that the fourth octet is the interesting octet.
Deducting 248 from 256 gives us 8 so the subnets are 0, 8, 16, 24, 32, 40, 48…240,248
192.168.5.47 lies in the 192.168.5.40 subnet and is the last address before the next subnet 192.168.5.48. This means that 192.168.5.47/29 is a broadcast address for the 192.168.5.40/29 subnet.
The network address for this subnet is 192.168.5.40 and the valid host address range is 192.168.5.41-192.168.5.46

Subnetting Class B addresses

The process to subnet class B addresses is same as that used to subnet class C address. The difference is that you have more bits available for subnetting. Class B addresses start with a mask of /16 and can have a maximum mask of /30. One big difference when subnetting class B addresses is that you deal with large number of hosts per subnet and it becomes important to remember the Powers of Two table shown in Table 2-8. In the examples given below, you will practice subnetting class B addresses.

Subnetting Class B address – Example #1

Problem: Is 172.16.98.45/19 a host address?

Solution:

Converting /19 to dotted decimal format gives us 255.255.224.0. The third octet is the interesting octet.
Deducting 224 from 256 gives 32. So the subnet addresses are 0, 32, 64, 96, 128, 160, 192, 224
The network address and broadcast address are:

Network Address	Broadcast Address
172.16.0.0	172.16.31.255
172.16.32.0	172.16.63.255
172.16.64.0	172.16.95.255
172.16.96.0	172.16.127.255
172.16.128.0	172.16.191.255
172.16.192.0	172.16.223.255
172.16.224.0	172.16.255.255

4. The host address range for each subnet is:

Network Address	Host Addresses	Broadcast Address
172.16.0.0	172.16.0.1-172.16.31.254	172.16.31.255
172.16.32.0	172.16.32.1-172.16.63.254	172.16.63.255
172.16.64.0	172.16.64.1-172.16.96.254	172.16.95.255
172.16.96.0	172.16.96.1-172.16.127.254	172.16.127.255
172.16.128.0	172.16.128.1-172.16.191.254	172.16.191.255
172.16.192.0	172.16.192.1-172.16.223.254	172.16.223.255
172.16.224.0	172.16.224.1-172.16.255.254	172.16.255.255

5. The address 172.16.98.45 is a host address in the 4^th subnet.

Subnetting Class B address – Example #2

Problem: What are the network and broadcast addresses for the subnet to which the address 172.19.251.100/23 belongs.

Solution:

Converting /23 to dotted decimal format gives us 255.255.254.0. This shows that the third octet is the interesting octet.
Deducting 254 from 256 gives us 2. So the subnet addresses are 0, 2, 4, 6, 8, 10…248, 250, 252, 254
The network, broadcast and valid host ranges for these subnets are:

Network Address	Host Addresses	Broadcast Address
172.19.0.0	172.19.0.1-172.19.1.254	172.19.1.255
172.19.2.0	172.19.2.1-172.19.3.254	172.19.3.255
172.19.4.0	172.19.4.1-172.19.5.254	172.19.4.255
172.19.6.0	172.19.6.1-172.19.7.254	172.19.7.255
172.19.8.0	172.19.8.1-172.19.9.254	172.19.9.255
172.19.250.0	172.19.250.1-172.19.251.254	172.19.251.255
172.19.252.0	172.19.252.1-172.19.253.254	172.19.253.255
172.19.254.0	172.19.254.1-172.19.255.254	172.19.255.255

5. As you can see, the address 172.19.251.100/23 is a valid host address in the 172.19.250.0/23 subnet. The network address for this subnet is 172.19.250.0 and the broadcast address is 172.19.251.255.

Subnetting Class B address – Example #3

Problem: You see that your PC has an IP address and subnet mask of 172.30.40.5/21. How many subnets can your network have? How many valid host addresses can each subnet have?

Solution:

Converting a /21 mask to dotted decimal format gives us 255.255.248.0.
Converting it to dotted binary format gives us 11111111.11111111.11111000.00000000. This shows that 5 bits have been borrowed for subnets and 11 bits are available for host addresses.
The borrowed 5 bits gives us 2⁵=32 subnets.
The 11 host bits give us 2¹¹ = 2048 addresses. Out of 2048, 2 addresses are reserved for host and broadcast addresses. So this leaves us with 2046 valid host addresses per subnet.

Subnetting Class A addresses

The process to subnet class A addresses is the same as that you have used to subnet class C and B addresses. The big difference is the large numbers you can deal with while using masks such as /9. Class A addresses start with a mask of /8 and can have a maximum of /30 mask. In the examples below, you will practice subnetting class A addresses.

Subnetting Class A address – Example #1

Problem: Is 10.127.255.254/9 a host address?

Solution:

Converting /9 to dotted decimal format gives 255.128.0.0. The second octet is the interesting octet.
Deducting 128 from 256 gives 128. So the subnet addresses are 0 and 128.
The network and broadcast address are:

Network Address	Broadcast Address
10.0.0.0	10.127.255.255
10.128.0.0	10.255.255.255

4. The host address range for the subnets are:

Network Address	Host Addresses	Broadcast Address
10.0.0.0	10.0.0.1-10.127.255.254	10.127.255.255
10.128.0.0	10.128.0.1-10.255.255.254	10.255.255.255

5. 10.127.255.254 is the last host address in the 1^st subnet.

Exam Alert: A /30 or 255.255.255.252 is the highest mask which can be practically used in a network. It gives 2 host addresses and is ideal for point-to-point links in a network. Point-to-Point links are usually found in routers terminating WAN links.[/stextbox

Subnetting Class A address – Example #2

Problem: This is a different kind of a problem. Your network number is 21.0.0.0. You need to have as many subnets as possible without exceeding 1000 subnets while at the same time having at least 500 hosts per subnet. What subnet mask would you use?

Solution:

Since 21.0.0.0 is a Class A network, the default mask is /8. So you have 24 bits of host addresses that can be borrowed for the subnetting. Looking back at Table 2-8, you will see that 2¹⁰ gives us 1024 while 2⁹ gives us 512. Since 1024 exceeds the given 1000 subnets, you will need to use 2⁹. This means 9 bits will be borrowed for the network part leaving the rest for the host part. The table below shows the default mask and the new mask after borrowing 9 bits:

Octets	1^st Octet	2^nd Octet	3^rd Octet	4^th Octet
Default mask	11111111	00000000	00000000	00000000
New mask	11111111	11111111	10000000	00000000

The new mask of /17 will leave 15 bits for the host part which gives us much more than the required 500 hosts per subnet.

Subnetting Class A address – Example #3

Problem: You have been given a network number of 10.0.0.0/8. You need to subnet it such that you have at least 8000 hosts per subnet and at least 2000 subnets. What subnet mask will you use?

Solution:

10.0.0.0/8 is a class A address with a default mask of /8. This leaves you with 24 bits for host addresses. So you need to find which multiples of 2 give us the required numbers. Looking back at Table 2-8, you will see that 211 gives us 2048 while 213 gives us 8192. This means you can borrow 11 bits for the network part, leaving 13 bits for the host part. The table below shows the default mash and the new mask in binary format:

Octets	1^st Octet	2^nd Octet	3^rd Octet	4^th Octet
Default mask	11111111	00000000	00000000	00000000
New mask	11111111	11111111	11100000	00000000

10.0.0.0/19 will give you 2048 subnets with 8192 host bits remaining. Each subnet will have a maximum of 8109 hosts, leaving 2 addresses for network and broadcast addresses.

Subnetting Class A address – Example #4

Problem: What are the network and broadcast addresses for the subnet to which the address 10.212.10.50/12 belongs.

Solution:

Converting /12 to dotted decimal format gives us 255.240.0.0. This shows that the second octet is the interesting octet.
Deducting 240 from 256 gives us 16. This means that the valid subnets are 0, 16, 32, 48, 64…208, 224, 240
The network, valid host and broadcast addresses for these subnets are:

Network Address	Host Addresses	Broadcast Address
10.0.0.0	10.0.0.1-10.15.255.254	10.15.255.255
10.16.0.0	10.16.0.1-10.31.255.254	10.31.255.255
10.32.0.0	10.32.0.1-10.47.255.254	10.47.255.255
10.48.0.0	10.48.0.1-10.63.255.254	10.63.255.255
10.64.0.0	10.64.0.1-10.207.255.254	10.207.255.255
10.208.0.0	10.208.0.1-10.223.255.254	10.223.255.255
10.224.0.0	10.224.0.1-10.239.255.254	10.239.255.255
10.240.0.0	10.240.0.1-10.255.255.254	10.255.255.255

The address 10.212.10.50/12 is a host address in the 10.208.0.0/12 subnet.
The network address for the subnet is 10.208.0.0 and the broadcast address is 10.223.255.255

2-4 Variable Length Subnet Masks (VLSM)

VLSM and our next topic, summarization builds up on subnetting. If you still have doubts on subnetting, I would strongly suggest you devote some more time to it and practice before moving ahead. You also may want to consider picking up our 100 page How & Why We Subnet Workbook. This workbook walks you through over 60 examples to help you really understand the ins and outs of subnetting.

Figure 2-1 Classful Network

Earlier, it was required to use the same subnet mask across the network. This was called classful networking. With increase in complexity of networks and decrease in available IP addresses it became obvious that classful networking causes waste valuable of IP addresses. To understand how, consider Figure 2-1. The largest subnet requires 30 host addresses. So across the network a mask of /27 is used, which gives 30 hosts per subnet. You will notice that in every subnet except the subnet attached to RouterD, some host addresses will remain unused. In particular, 28 host addresses are wasted for each link between the routers. In total this network wastes 118 addresses and uses 92 addresses.

To avoid wasting of IP addresses, classless networking was introduced by way of VLSM. VLSM allows you to use different subnet masks across the network for the same class of addresses. For example, a /30 subnet mask, which gives 2 host addresses per subnet, can be used for point-to-point links between routers. Figure 2-2 shows how VLSM can be used to save address space in the network shown in Figure 2-1.

Figure 2-2 Classless Network with VLSM

In Figure 2-2, notice the different masks used for each subnet. The first network with 13 hosts is using a mask of /28, which gives 16 hosts addresses. The point-to-point links between the routers are using a /30 mask which gives 2 host addresses. In total the network is still using 92 addresses but is wasting only 22 addresses. Now that you know the benefit of VLSM, take a look at how you can use it in a network.

There are a few restrictions you need to consider when planning to use VLSM:

You need to use routing protocols that support classless routing such as Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) version 2. Classful protocols such as RIPv1 cannot be used with VLSM. While routing protocols are covered in detail in Chapter 4, you should understand that a routing protocol is classful because it does not advertise the subnet mask along with the network address in its updates. Hence, routers running these protocols, do not know the subnet mask and strictly follow the class of the network. Classless protocols on the other hand advertise and understand subnet masks.
You need to use fixed block sizes. You have come across these block sizes during subnetting practice and these are listed in Table 2-9. You cannot use any block sizes apart from these. For example in Figure 2-2, for the networks connected to RouterB and RouterC, a block size of 32 was used even though the total addresses required were 21 in each subnet.

Table 2-9 Block Sizes for VLSM

Block Size	Host addresses available
128	126
64	62
32	30
16	14
8	6
4	2

When designing a network using VLSM, the following simple steps can help come up with an appropriate addressing scheme:

Start by finding the largest subnet in your network. The number of host addresses needed decides the size of the subnet.
Next assigning an appropriate mask to the largest subnet using the block sizes mentioned in Table 2-9.
Note the subnet numbers remaining with the mask used in Step 2.
Take the next available subnet and subnet it further to accommodate your smaller subnets.
Write down your new subnet numbers again.
Repeat step 4 and 5 for smaller segments.

Consider the example shown in Figure 2-2 and work through the above steps to see how the network address and subnet mask was found for each segment:

The largest segment in Figure 2-2 is attached to RouterD. It requires 30 host addresses, including the router interface (29 host addresses and 1 router interface). So we can use a /27 mask which gives us exactly 30 host addresses. We assign 192.168.1.0/27 to that subnet.
Our new subnets using /27 mask are 192.168.1.0/27, 192.168.1.32/27, 192.168.1.64/27, 192.168.1.96/27, 192.168.1.128/27 etc.
Next we look at the smaller subnets. The subnets attached to RouterB and RouterC require 21 host addresses (20 host addresses and 1 router interface). The block size we can use for them is 32. We already have subnets available with /27 mask, so we simply assign them to these segments – 192.168.1.32/27 and 192.168.64/27.
Our next smaller segment is the one attached to RouterA. It requires 14 host address, so a block size of 16 or a mask of /28 can be used. So we take the next available subnet, 192.168.1.96/27 and subnet it further using a /28 mask. This gives us 192.168.1.96/28 and 192.168.1.112/28. We assign the first of these to this segment – 192.168.1.96/28.
Finally we have the three point-to-point segments between the routers. Each requires 2 host addresses hence a block size of 4 and a mask of /30. We take our available subnet – 192.168.1.112/28 and subnet it further using a mask of /30. This gives us 192.168.1.112/30, 192.168.1.116/30, 192.168.1.120/30 and 192.168.1.124/30. We use the first three for these segments – 192.168.1.112/30, 192.168.1.116/30 and 192.168.1.120/30.

Consider Figure 2-3 as another example. Using a class C network of 192.168.10.0/24 design a VLSM solution to accommodate host requirements of all the segments.

Figure 2-3 VLSM – Example #2

To design the VLSM solution, follow the 5 steps discussed earlier:

The largest segment requires 125 host addresses. So a mask of /25 can be used. This gives two subnets – 192.166.10.0/25 and 192.168.10.128/25. The first subnet can be assigned to this segment.
The second largest segment requires 60 host addresses. You can take the second available subnet – 192.168.10.128/25 – and divide it further using a /26 mask to give you subnets 192.168.10.128/26 and 192.168.10.192/26. Assign the first one to this segment.
The third largest segment requires 29 host addresses (28 host addresses and 1 for the router interface). You will need to use a block of 32 and a mask of /27. Take the remaining subnet from the previous step and divide it further using a /27 mask. This will give you subnets 192.168.1.192/27 and 192.168.1.224/27. Assign the first one to this segment.
The fourth largest block requires 13 host addresses (add one for the router interface). You can use a block of 16 and a mask of /28. Take the remaining subnet from the previous step and divide it further using a mask of /28. This will give you subnets 192.168.1.224/28 and 192.168.1.240/28. Assign the first one to this segment.
Now you are left with 3 point-to-point links between the routers. These links require two host addresses and a mask of /30. Take the remaining subnet from the previous step and divide it using a mask of /30. This will give you subnets 192.168.1.240/30, 192.168.1.244/30, 192.168.1.248/30 and 192.168.1.252/30. Use the first three of these for the point-to-point links. The remaining one subnet can be left for future use.

Figure 2-4 shows the solution derived in the above steps.

Figure 2-4 VLSM – Solution for Example #2

2-5 Route Summarization

You already know from the previous chapter that routers function by creating a table of all networks it knows about. This table is called the routing table and routers use routing protocols to tell each other about the networks they know of. As networks increase, so do the number of entries in a routing table. Large routing tables cause increased processing and lower response time in a router. To reduce the size of routing tables, networks can be grouped together or summarized using a mask that incorporates them all. For example, in figure 2-5, a 192.168.10.0/24 subnet has been divided into smaller subnets of /27 mask. All of these networks connect to RouterA which it turn is advertising these routes to RouterB. Without summarization, RouterB will come to know of 8 networks which are available via RouterA. Since these networks are contagious subnets can have been subnetted from a /24 address, they can be summarized back into 192.168.1.0/24 network by RouterA while advertising to RouterB. This way, RouterB comes to know of one large /24 network only instead of 8 smaller /27 networks.

Figure 2-5 Summarization

Summarization is similar to VLSM but in the opposite direction. When using VLSM you move to the right in terms of the bits (/24 to /25, /25 to /26, so on and so forth) while during summarization you move to the left (example /27 to /24).

Summarization is somewhat simple if you remember the following:

You can only summarize in the block sizes you learned about in VLSM – 128,64,32,16,8,4.
The network address used for the summarized address is the first network address in the block.

For example, if you want to summarize networks 192.168.8.0 through 192.168.15.0, first find the block size you can use. There are 8 networks so the block size of 8 can be used. The first network address in the block is 192.168.8.0. Now to find the mask of the summarized route, remember the mask used for a block of 8 – 248. You can also deduct the block size from 256 to find the mask. Since we are summarizing the third octet the subnet mask for the summary address will be 255.255.248.0.

Take another example, 172.16.0.0 through 172.16.35.0. This one is not as simple as the first one. Notice that you have 36 networks to summarize which does not conform to the block sizes. There are two things that you can do here:

Summarize in block size of 32 (mask of 224). This will give you a summary address of 172.16.0.0 255.255.224.0 but will only summarize networks 172.16.0.0 through 172.16.31.0. The rest of the 4 networks will be advertised as individual routes.
Summarize in block of 64 (mask of 192). This will give you a summary address of 172.16.0.0 255.255.192.0 but will summarize networks 172.16.0.0 through 172.16.63.0.

The correct answer depends on the network. If you are planning to add networks 36 to 63 then the second options works. Otherwise the first option is the best one.

Take a third example where you know the summary address of 172.10.16.0 with a mask of 255.255.224.0 and need to find which networks are being summarized. This is really easy. The third octet is the interesting octet and gives a block size of 32. This means the networks 172.10.16.0 through 172.10.47.0 have been summarized.

As a final example, consider the following networks:

192.168.1.0/25
192.168.1.128/25
192.168.2.0/24
192.168.3.0/24
192.168.4.0/26
192.168.4.64/26
192.168.4.128/26
192.168.4.192/26

Try to figure out the summary address that can be used for these networks. If you look carefully the third octet forms a contiguous block of 4 and can be summarized with the address 192.168.1.0 255.255.252.0 or 192.168.1.0/22.

In the last example notice that we summarized a contiguous block of class C using a mask. This is called supernetting. Supernetting is an extension of VLSM and summarization. In summarization you summarize networks subnetted while in supernetting you summarize a block of contiguous blocks of Class A, B or C networks. Supernetting is usually practiced by ISPs to reduce the Internet routing table size.

2-6 Troubleshooting IP Addressing

As you know by now, IP Addressing is an integral part of networking and given the complexity of addressing and subnetting, it is common to have IP addressing errors in the network. So it is essential for you to be able to troubleshoot common problems related to IP Addressing. Before troubleshooting a network, you have to understand the below given common protocols and utilities that are used to troubleshoot:

Packet InterNet Grouper (PING) – Ping is one of the most commonly used utility that is used to troubleshoot addressing and connectivity problems. This utility is available in almost all operating systems, including Cisco devices and can be accessed by the command line interface using the ping command. It uses the ICMP protocol to check if the destination host is live or not.
Traceroute – Traceroute is another common utility that is available with all operating systems. In some operating systems the utility can be access using the tracert or traceroute command on the CLI. It is used to find each hop between the source and destination hosts and is useful to see the path taken by a packet.
ARP table – Sometimes it is useful to look at the ARP table of a system. This table contains the MAC address to IP address bindings learned by the system. On most operating systems the ARP table can be viewed using the arp –a command. On a Cisco device the arp table can be viewed using the show ip arp command.
IP config – Sometimes, you need to verify the IP address, subnet mask, default gateway and DNS addresses the host is using. On a windows machine all this information can be seen in the output of the ipconfig /all command. On a unix based system, this information can be seen using the ifconfig command.

For the following section consider the network shown in Figure 2-6. In this network, HostA is trying to reach ServerA and ServerB but is not able to.

Before looking at the IP addressing, you should quickly check network connectivity using four steps that Cisco recommends:

1. Ping 127.0.0.1, the loopback address from the Host. You will need to open a terminal window of your operating system to use the ping utility. If you get an output similar to the following, it shows that the IP stack in the host is working well:

ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1): 56 data bytes

64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.073 ms

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.096 ms

64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.095 ms

64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.145 ms

Figure 2-6 Troubleshooting IP Addressing Scenario

2. Ping the IP address of the host itself. If its successful then it shows that the host’s NIC is working well.

>ping 192.168.1.50

PING 192.168.1.50 (192.168.1.50): 56 data bytes

64 bytes from 192.168.1.50: icmp_seq=0 ttl=64 time=0.075 ms

64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.096 ms

64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.155 ms

64 bytes from 192.168.1.50: icmp_seq=3 ttl=64 time=0.151 ms

3. Ping the default gateway from the host. If the ping works it shows that your host is able to communicate with the network and the default gateway.

>ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1): 56 data bytes

64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.075 ms

64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.096 ms

64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.155 ms

64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.151 ms

4. Finally ping the remote host, ServerA or ServerB in our case. If the ping is successful, this means there is a DNS or application layer protocol problem between the host and ServerA. However, in our case the ping fails.

>ping 192.168.2.65

PING 192.168.2.65 (192.168.2.65): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Now that you have used the Cisco recommended way to determine that the problem lies in the network, it is time to look at the addressing. In this exercise, you need to look at the IP address, subnet mask and default gateway configured (as shown in Figure 2-6) to see if they are correctly configured. You can simply look at the subnet mask and see which are valid host addresses in that subnet to see if valid IP addresses have been configured. Take a step-by-step approach as shown below to narrow down the problem area:

The Host has an IP address of 192.168.1.50/25. A mask of /25 shows that the host lies in the 192.168.1.0/25 subnet (/25 = 255.255.255.128, which gives two subnets – 0 and 128). So the IP address given to the host is a valid host address.
The Gateway address on the host is 192.168.1.1 and that is the IP address on the Router interface connected to the network. The IP address lies in the same subnet range as the host address. Step 1 and Step 2 eliminate addressing problem in the network segment to which the host is connected.
The next network segment is the point-to-point link between RouterA and RouterB. The subnet mask of /30 gives subnets 0,4,8,12….128. The valid host addresses in the network 192.168.1.128/30 are 192.168.1.129 and 192.168.1.130. So the point-to-point links have valid addresses.
The next network segment is the one to which ServerA is connected. /26 mask converts to 255.255.255.192. 192 deducted from 256 leaves 64. This means the valid subnets are 192.168.2.0, 192.168.2.64, 192.168.2.128, 192.168.2.192. ServerA’s address is a valid address in the 192.168.2.64 subnet but the default gateway and the router’s address is in the 192.168.2.0 subnet. So ServerA’s address is in the wrong subnet and needs to be changed to a valid address in the 192.168.2.0 subnet. This explains why HostA is not able to reach ServerA.
The final segment is the one to which ServerB connects. From the calculations done in the previous step, you can see that ServerB’s address lies in the 192.168.2.128 subnet. The valid host addresses in this subnet are 129 to 190. 191 is the broadcast address of the subnet. While the router (default gateway) is configured with a valid address, ServerB has been assigned the broadcast address, which needs to be changed. This explains why HostA is not able to reach ServerB.

If you are careful about going step-by-step and finding out valid addresses in each subnet, you can figure out any addressing problem in no time. Lets take a look at another example two examples. For these examples, we will use the network shown in Figure 2-7.

Figure 2-7 Troubleshooting IP Address – Example #2 & #3

Example #2

Problem: HostB is able to reach HostD but it is not able to reach HostA

Solution: The question tells us two things. First that HostB is able to reach HostD, that means the network from HostB all the way to HostD is working fine. Second, HostB is not able to reach HostA. It is simple to figure out that there is a problem at HostA. To find the problem, take a look at the IP address information given for HostA:

A subnet mask of /27 coverts to 255.255.255.224.
Deducting 224 from 256 gives us 32. So the valid host subnets are 0, 32, 64 and so on.
HostB and RouterA’s address are in the 192.168.1.0/27 subnet that has a valid host range of 1 to 30. The broadcast address for this subnet is 192.168.1.31.
You will notice that HostA has an IP address of 192.168.1.31/27, which is the broadcast address of this subnet and not a valid host address. Hence, HostA cannot be reached from the network.

Example #3

Problem: HostD is able to reach HostB but not HostC.

Solution: Again this problem statement tells us that the network from HostD to HostB is working well. So the problem requires a look at HostC’s addressing:

Again, a mask of /27 gives us subnets 0, 32, 64, 96, 128 and so on.
HostD and RouterB’s addresses lie in the 192.168.1.64/27 network. The valid host addresses for this subnet are 192.168.1.65-94. The broadcast address for the subnet is 192.168.1.95.
The next subnet is 192.168.1.94/27 that has a valid host range of 192.168.1.95-192.168.1.127.
You will notice that the IP address of HostC lies in the 192.168.1.94/27 subnet and not the 192.168.1.64/27 subnet. It lies it a different subnet that the default gateway (RouterB) and HostD. Hence, HostD is not able to reach HostC.

Exam Alert: Expect a lot of questions in different forms where such IP addressing errors will be hidden during the exam. Each time you will need to patiently find the subnet and valid host addresses.

Broadcast Addresses

Broadcast and broadcast addresses are discussed many times in Chapter 1 and Chapter 2. Broadcast is a generic term meaning message or data sent to all hosts in a network while broadcast address is a generic term meaning an address to which broadcasts are sent. It is important to understand that not all broadcasts are same. They can be divided into two different types:

Layer 2 broadcasts – These broadcasts are sent at layer 2 and are limited to a LAN. These do not cross the boundary of a LAN, which is defined by a router.
Layer 3 broadcasts – These broadcasts are sent at layer 3 and go to the network.

You already know what unicast and multicast are but just to put them into perspective of broadcasts, these terms are defined below again:

Unicast – Messages or data sent to a single host are called unicast.
Multicast – Messages or data sent to a group of devices is called multicast.

Like broadcasts, broadcast addresses also differ based on the layer. The different types are discussed below:

Layer 2 Broadcast Address – Layer 2 address are 48bit hexadecimal values. An example of layer 2 addresses is a3.4c.56.ea.f5.aa. Similarly, a layer 2 broadcast is a hexadecimal value of all Fs or a binary value of all 1s – FF.FF.FF.FF.FF.FF
Layer 3 Broadcast Address – This chapter showed you that the last address of a subnet is a broadcast address such as 192.168.1.255/24. These addresses have all host bits on and refer to all hosts in that subnet. An address with all its bits turned on – 255.255.255.255 – is a special broadcast address that refers to all hosts in all networks.

A good example to understand how broadcast addresses are used, consider the following example of how a host requests IP address from a DHCP server:

When a host boots up and needs to get an IP address from the DHCP server, it does not know if the DHCP server in this same LAN segment or across a router. So it sends a DHCP request with the destination IP address set to 255.255.255.255 and the destination MAC address set to FF.FF.FF.FF.FF.FF
The layer 2 broadcast goes out to the LAN and if a DHCP server is connected to the segment, it will respond back.
If the DHCP server is not on the segment, the router will see the packet and covert it into a unicast message and send it to the DHCP server. The router needs to be configured for this though.
The DHCP will reply back with a unicast.

As the above example demonstrates, broadcast is very useful and can be converter to unicast when required.

Summary

This chapter is one of the most important chapters in this book and covers the most fundamental blocks of a network. IP Address Classes, Private and Public addresses and subnetting are very important for both the CCNA exam as well as for understanding the rest of the topics coming up

I cannot stress enough the importance of these topics and would strongly suggest you to go through it again and clarify any doubts you might have before moving ahead.

CCNA FREE STUDY GUIDE

Pages

ICND1 100-101

1-1 Introduction to Networks

1-2 Networking Types

Internetworking Models

1-3 OSI Reference Model

1-4 TCP/IP Model

Transport Control Protocol (TCP)

User Datagram Protocol (UDP)

Internet Protocol (IP)

Routing Protocols

Internet Control Message Protocol (ICMP)

1-5 Ethernet Technologies and Cabling

1-6 Cisco 3 Layer Model

1-7 Introduction to Wide-Area Networks

1-8 Summary

Chapter 2 – IP Addressing and Subnets

2-1 IP Addresses – Composition, Types and Classes

2-2 Private and Public IP addresses

2-3 Subnetting

2-4 Variable Length Subnet Masks (VLSM)

2-5 Route Summarization

2-6 Troubleshooting IP Addressing