Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Curriculum
640-816
Labs powered by
Interconnecting Cisco
Networking Devices Part 2
640-816 Curriculum
The labs referenced in this book correspond to some of the labs available in the Boson NetSim 8 Network
Simulator and have been printed in the Boson Lab Guide, which is available for purchase. To learn more
about the Boson NetSim or to purchase and download the software, please visit www.boson.com/netsimcisco-network-simulator.
Copyright 2012 Boson Software, LLC. All rights reserved. Boson, Boson NetSim, Boson Network
Simulator, and Boson Software are trademarks or registered trademarks of Boson Software, LLC. Catalyst,
Cisco, and Cisco IOS are trademarks or registered trademarks of Cisco Systems, Inc. in the United States
and certain other countries. Media elements, including images and clip art, are the property of Microsoft.
All other trademarks and/or registered trademarks are the property of their respective owners. Any use of a
third-party trademark does not constitute a challenge to said mark. Any use of a product name or company
name herein does not imply any sponsorship of, recommendation of, endorsement of, or affiliation with
Boson, its licensors, licensees, partners, affiliates, and/or publishers.
iv
Understanding ACLs................................................................................................................................. 45
Understanding Wildcard Masks................................................................................................................ 46
Configuring Standard ACLs...................................................................................................................... 47
Configuring Extended ACLs..................................................................................................................... 50
Understanding ACL Sequencing.............................................................................................................. 54
Applying ACLs to an Interface.................................................................................................................. 57
Verifying and Troubleshooting ACLs......................................................................................................... 59
Understanding Advanced ACLs................................................................................................................ 60
Time-based ACLs............................................................................................................................... 60
Dynamic ACLs (lock and key)............................................................................................................. 60
Reflexive ACLs................................................................................................................................... 61
Configuring ACLs to Control Router Access............................................................................................ 62
Other Uses for ACLs................................................................................................................................. 63
Review Question 1.................................................................................................................................... 64
Review Question 2.................................................................................................................................... 66
Review Question 3.................................................................................................................................... 68
Lab Exercises........................................................................................................................................... 70
vi
vii
viii
ix
xi
Index..............................................................................................................................................369
xii
Module 1
Troubleshooting Networks
Overview
No network is without issues, whether those issues are caused by a configuration error, an external attack, or
even simple unexpected demands that do not fit the normal flow of traffic. Throughout this course, you will
be provided with information about commands that can be helpful for troubleshooting IP addressing schemes,
WAN networks, switches, routers, and the technologies that are implemented upon switches and routers. This
module will introduce you to the usage of basic network troubleshooting techniques and commands that will
help you understand how to apply the more specific commands that will be discussed later.
Objectives
After completing this module, you should have the basic knowledge required to complete all of the following
tasks:
4. Create an action plan: After you define the problem and determine the cause, you should create a plan
that details the steps you will take to solve the problem. In the plan, you should completely document the
effects of any changes you intend to make to the configuration of the network or device. Stepping through the
plan and knowing what you have and have not done will assist you in backing out any changes you make that
negatively affect the network.
5. Implement an action plan: Once the creation of your action plan is complete, you should implement it in
a step-by-step fashion. The first configuration changes you make while implementing your plan should be the
changes that have only minimal effect on users, thus preventing unnecessary user downtime. You should also
continue to document any changes you make and the effects of those changes on the network.
6. Observe results: After you make a change to the network, you should examine the results of that change
before you make any other changes. If the change does not solve the original problem, could create other
problems, or does not otherwise positively affect the network, you should back out the change and reconsider
the possible causes of the original problem.
7. Document the solution: If you have solved the problem, you should document the solution step-by-step
so that the solution is simple to implement or to back out when you next implement it. If you were not able to
solve the problem, you should return to the second step in the process and begin gathering facts again.
Layer 7 Application
Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical
Individual layers of the OSI reference model can be referenced by name or by number. For example, the terms
Data Link layer and Layer 2 are interchangeable when referring to the second layer of the OSI reference
model. Technologies operating at each layer of the OSI model pass relevant information to technologies
operating at adjacent layers. When information is passed down the OSI layers, each layer encapsulates the
information with its own formatting and passes it to the next-lower layer; eventually, the information is
transmitted as bits at the Physical layer. When information is passed up the OSI layers, each layer removes its
formatting and organizes the information so that it can be interpreted by the next-higher layer.
10
the configuration register, which determines the order of the device boot process. Similarly, the show flash
command provides memory usage information and displays the contents of Flash memory.
Other show commands that provide static information are show running-config, which displays the device
configuration that is currently loaded in memory, and show startup-config, which displays the device
configuration that will be loaded the next time the device is restarted or the configuration is reloaded.
11
12
13
14
Review Question 1
15
There are several troubleshooting techniques you can use to isolate a problem. Whatever technique you
use, you should implement the technique in a systematic, logical fashion. Unsystematic approaches to
troubleshooting, such as making assumptions about the cause of a problem without gathering all the facts
first, can lead to wasted time, wasted resources, and a worse problem. When you are troubleshooting a
problem on a network, Cisco recommends that you begin by defining the problem.
Because an end user cannot always reliably communicate the details of a technical problem, it is important
to define the problem the user is experiencing in terms that are as technical as possible. Narrowing the
technical definition of the problem can help you identify a starting point for your troubleshooting technique
and immediately eliminate some possible causes of the problem. Ask the user a series of questions that are
designed to narrow down the problem as much as possible.
16
Review Question 2
17
The ping command is one of the most common network troubleshooting tools. The ping command can be
used to test a hosts connection to the network by sending Internet Control Message Protocol (ICMP) Echo
messages to another hosts IP address. If the source host receives an ICMP Echo Reply message from the
remote host, the ping command has verified two things: that the source host is connected to the network and
that the remote host is reachable on the network.
The traceroute command works by sending User Datagram Protocol (UDP) traffic with a time to live (TTL)
value of 1 to a remote host. The low TTL causes the device at each hop, or router, along the path to the
destination to reply to the UDP traffic with an ICMP Time Exceeded Message (TEM), which means that the
device at the hop received and discarded the UDP traffic. The source host then sends additional probes to
the device at the hop. The TTL is increased by 1 after every third probe. The IP address of the device at the
hop is used by the source host to build a list of hops until the UDP traffic finally reaches its destination, at
which point the destination host will send a Destination Unreachable message. The Destination Unreachable
message means that the destination received the traffic but was unable to direct it to a valid UDP port. The
traceroute command will display the * symbol if the timer expires before it receives either a TEM or a
Destination Unreachable message from a device at a hop or from the destination device.
18
Review Question 3
19
The top down troubleshooting technique starts at the Application layer and works toward the Physical layer
of the Open Systems Interconnection (OSI) reference model. An administrator using the top down method
of network troubleshooting might begin the process by examining or restarting the network applications on a
workstation that has lost connectivity to the network.
The bottom up method of network troubleshooting begins at the Physical layer of the OSI reference model
and then works through the other layers, one-by-one, toward the Application layer until the problem is
isolated. For example, an administrator who is troubleshooting a workstation that can no longer connect
to the network might choose to first check the workstations physical connection to the network, such as
checking for a loose cable. If the cable is not loose, the administrator might decide to proceed to the Data
Link layer of the OSI reference model, then to the Network Layer, and so on.
The divide and conquer troubleshooting technique starts at the Network layer and works either up or down
the OSI model depending on the outcome of network tests, such as the ping command. For example, an
administrator who is using the divide and conquer method to troubleshoot a workstation that has lost
connectivity to the network might receive a successful reply to a ping command from that workstation
and, based on that result, might decide to move on to the Transport layer of the OSI model. However, an
administrator who does not receive a successful reply to the ping command from the workstation might
choose to check for a valid IP address at the Network layer, then for a port-security or Spanning Tree Protocol
(STP) problem at the Data Link layer, and then for a cable-connection problem at the Physical layer.
20
Lab Exercises
21
support@boson.com
877-333-EXAM (3926)
615-889-0121
615-889-0122
25 Century Blvd. Ste. 500
Nashville, TN 37214
b o s o n.c o m
8 7 7 . 3 3 3 . 3 9 2 6
support@boson.com