Enable Password – The Most Basic Of Security Features

The two most basic of passwords a Cisco router can provide support for is the enable password and enable secret commands. Depending on the IOS version, administrators will likely only need to setup the enable secret command.

For Cisco routers running IOS versions before version 10.3, enable password is going to be used. It is the outdated version of the two, and we’ll see why it isn’t used in average applications after we enable it. You can enable this basic password following the commands seen below.

Router> enable

Router# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# enable password mypassword

In this example, mypassword is the new password that is going to be set on the router. Try typing exit and navigate to the privileged mode, as seen below.

Router> enable

Password:

You’ll notice that before we can get into privileged mode, we have to enter the password we set earlier. If you followed the above example, you should be able to input mypassword and press Enter. You are now authenticated for privileged mode!

So why don’t we use the enable password command in most cases? The answer is simple: it’s an outdated format that anyone can have ample opportunity to take advantage of. Try following the below steps and note what you see.

Router# show running-config

Building configuration…

Current configuration : 162 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable password mypassword

!

As you can see, anyone can see the password in plain view. This is because it is stored as plain text- no encryption is being used! To help cover this vast security hole, Cisco created the enable secret command. As you can probably guess, it makes use of encryption this time around.

Enable Secret – An Evolved Form Of The Previous Example

Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an encrypted password just as easy as the previous example. In fact, we are only changing one word in the process!

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret mypassword

Note that many routers will alert the user at this point if they have made the enable secret and the enable password values the same in terms of the password. Although the message that results is just a warning, and administrators can indeed set both to the same thing (although this is not recommended as it will almost defeat the purpose of the enable secret command).

Now let’s go back to the very beginning, and try logging back into privileged mode once more. We’ll take a look at the running configuration in the below example.

Router# show running-config

Building configuration…

Current configuration : 209 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/

enable password mypassword

!

Notice how the enable secret password is unreadable, while the outdated command enable password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco decided to do away with the command in order to improve network security.

Closing Comments

We’ve discussed only two of the five different passwords that Cisco allows network administrators to take advantage of. If you’d like to take security a step further, be sure to check out the next section that discusses subjects such as Telnet passwords, console passwords, and even auxiliary passwords!

A broadcast, in particular, is a simple message that is sent to all clients on a local area network. But just exactly what enables a network to broadcast a message to every single client on the network?

What is a Broadcast Address?

A broadcast address is an address used to indicate that information being sent out should be delivered to every client on the local area network. These addresses are always the highest number possible in a particular network address or subnet. We’ll cover subnets later, for now let’s take a closer look at the most common broadcast address: Data Link Layer broadcasts.

Broadcasts on the Data Link Layer correspond to MAC addresses. MAC address broadcasts are generally the easiest to understand, since they aren’t affiliated with IP addresses or subnetting. In fact, all you really need to remember is FF:FF:FF:FF:FF:FF. Whereas this MAC address would normally be comprised of different hexadecimal values, it is instead simply all F’s. (As we know, each F stands for the highest number in hexadecimal: 15)

When a MAC address broadcast is sent out, each network interface card on the local area network will see the broadcast address and automatically pass the information up to the upper layers of the OSI model. So far it’s simple- right? Now let’s get back to the subnetting and IP address topics that are present on the Network Layer.

How IP Broadcasts are Sent via the Network Layer

Remember how we stated that broadcast addresses are always the highest-most number in an address range? IP broadcasts are no exception! On a network that isn’t subnetted, we can simply place 1’s in place for each bit in the host portion. The result: our very own broadcast address!

Things are still fairly simple: simply replace each host portion with the highest number you can create with 8 bits: 255. Notice that the network portions do not change- just the host portions.

Sadly, this is where things start to get a little trickier: we need to find the broadcast address of a subnetted network.

How to Find the Broadcast Address of a Subnetted Network

We need two things to find the broadcast address of a subnetted network: an IP address, and the subnet mask. The process is simple: find the inverse of the subnet mask. Then take the result, and logically OR it with the IP address to get the broadcast address.

Of course, we can convert the above binary result to decimal and get the broadcast address of 192.168.16.31. If you aren’t familiar with the OR process, it’s rather simple. If there is a 1 in either the IP or subnet field, then the result will always be a 1. (Otherwise, the result is 0)

Now we know how to find the broadcast address and how it works- but what is it used for?

What are Broadcast Addresses used for?

Broadcasts are generally used for several reasons:

---

• Address Resolution Protocol (ARP) uses broadcasts to map physical addresses to logical addresses. To build the table of hosts, a device needs to send a broadcast to every other device on the network to essentially find out who is where.
• Several types of network protocols and services use broadcasts in the same way. Dynamic Host Configuration Protocol (DHCP), for instance, requires that broadcasts be used to dynamically assign an IP address to computers on a network.
• Routing protocols such as Routing Information Protocol (RIP) use broadcasts to send out “advertisements.” This advertisement is used by routers to map out the topology of a network, so that data can be routed to the appropriate place accordingly. (Interesting enough, this protocol will attempt to find the fasted route through a network to a destination, based on how many “hops” it takes to get from the sender to the receiver.)

---

Final Points of Interest on Broadcasts

Keep in mind that broadcasts will travel to every single client on a network- at least, until a router is encountered. A router is the only device that can separate a broadcast domain. Logically, this is mandatory for the internet to exist. What do you think would happen if broadcasts were being sent from network to network- all over the internet? (Hint: no more Internet.)

Also make note that broadcast addresses should never be used as host addresses. This can be confused in subnetting, where it isn’t always clear where the host portion starts and ends. The broadcast address is reserved as the highest value- and likewise, no IP address should use a broadcast address or problems will arise.

For those of us who don’t think many hours worth of data entry is fun, we turn to DHCP- or Dynamic Host Configuration protocol.

What is DHCP?

Dynamic Host Configuration Protocol was developed to automate the assignment of IP addresses, subnet masks, gateways, and other IP parameters. It allows for much capability- both with the administrator and end-user. It saves the administrator the trouble of modifying IP information every time an implementation or upgrade is conducted. End-users appreciate it since it allows for quick and simple connections to a network- often without any configuration needed.

DHCP was created by the Internet Engineering Task Force (IETF) and became a standard in 1993, where it succeeded the BOOTP protocol. DCHP is actually based on the BOOTP protocol, which can be seen as a simpler and less complex solution to DHCP. The transition was needed since BOOTP was not designed to provide dynamic address assignment. Instead, administrators tediously maintained configuration files for each host on the network. Instead of a multitude of configuration files, a dynamic alternative was created with DHCP.

How Does DHCP Work?

DHCP works within four steps: DHCP discovery, DHCP offers, DCHP requests, and DHCP acknowledgement.

DHCP Discovery

When a computer is connected to a DHCP-enabled network, it will send out a broadcast. This broadcast, known as DHCPDISCOVER, will be sent out in hopes of finding the DHCP server. Optionally, the client will request that the last known IP information the client used on the network be used. (Based on the settings of the DHCP server, this request may be fulfilled or denied.)

DHCP Offers

The DHCP will then receive a lease request from the client. This lease determines how long the client can expect to use the IP information it will obtain from the server. A DHCP message referred to as DHCPOFFER is sent back from the server to the client. This message contains the lease duration, IP address, subnet mask, the client’s MAC address, and the IP address of the DHCP server that issued the message.

DCHP Requests

Upon a successful transaction of information, the client must then tell the DHCP server that the information was indeed received and accepted. A broadcast is initiated with the DHCP server’s IP address. This will tell other possible DHCP servers that they shouldn’t issue IP information to the client, since the client already obtained the necessary information. This will help free up IP addresses for other computers, as only one lease can be obtained per network interface card.

DHCP Acknowledgement

DHCP acknowledgement is the final phase in the information exchange between server and client. In this phase the server obtains the DHCPREQUEST message from the client, and sends back a DHCPACK message. This packet of information includes the lease duration, as well as any configuration information the client may have requested. At this point the process is complete, and the client will configure its IP information accordingly.

Common DHCP Leases

As you’ll recall, the lease is the length of time the client can expect to hold the information obtained by the DHCP server. To fully grasp the need for leases in DHCP configuration, we need to know the significance of the network it is installed on. Leases are commonly set to anywhere from 15 minutes to several months- so what’s the ideal lease time?

---

• 15 Minutes – You may use a lease time of 15 minutes when there are more clients than there are IP addresses. This will ensure that every client on the network will have the capability to access network resources, even though there may not be enough IP addresses present. This may be a good choice for a popular wireless access point, for example. Keep in mind this will lower network performance as a result of an increase in DCHP messages.
• 24 Hours – The default setting on many DHCP servers. This will renew IP information for devices every 12 hours, since we have a 24 hour lease time. (Renew time is 50% of the lease time. If the renewal fails for some reason, it will try again in 6 hours, in our example.) A 24 hour lease time will allow new users to connect to a network on a daily basis- good for both home and work applications.
• 1 Week – This timeframe will allow networks that seldom change to still operate. If a change in network structure does indeed occur, clients will need the changes to propagate throughout the network to function properly. This allows for a certain level of flexibility, but also ensures that the(normally) conservative network isn’t congested with DHCP traffic.
• 4 Months – This lease is more for stable networks that are unlikely to change. In particular they are best suited for educational networks that allow a summer break. Obviously, computers will be unlikely to be used for a period of around 3 months while summer being observed. This will allow networks to keep IP information despite the long inactivity.
• 1 Year – If a user hasn’t used an IP address in 6 months, the user is most likely not coming back. This is good for networks that have a large amount of IP addresses to administer to a wide range of clients. If a user hasn’t come back in 6 months, we can recover the IP information for future use. Obviously, the priority here isn’t for clients- but rather simple housekeeping.
• Infinite – It is highly recommended that lease times not be set as infinite. This will effectively create a set in stone network. If a laptop user happens to request an IP address and never comes back, that IP address is lost for all of infinity. It should be noted that some devices don’t support the infinite lease setting- which may result in server crashes and other related problems.

---

Closing Comments

DHCP is a very commonly used protocol. If you’ve ever looked at a computer’s IP settings and seen the option “Obtain an IP address automatically,” you can be sure DHCP is hard at work. This is the very same hard work that would’ve been given to the unfortunate system administrator. Clearly, DHCP is one of the “I’m sure glad someone thought of that!” protocols would be hard to imagine life without.

For those of us who don’t think many hours worth of data entry is fun, we turn to DHCP- or Dynamic Host Configuration protocol.

What is DHCP?

Dynamic Host Configuration Protocol was developed to automate the assignment of IP addresses, subnet masks, gateways, and other IP parameters. It allows for much capability- both with the administrator and end-user. It saves the administrator the trouble of modifying IP information every time an implementation or upgrade is conducted. End-users appreciate it since it allows for quick and simple connections to a network- often without any configuration needed.

DHCP was created by the Internet Engineering Task Force (IETF) and became a standard in 1993, where it succeeded the BOOTP protocol. DCHP is actually based on the BOOTP protocol, which can be seen as a simpler and less complex solution to DHCP. The transition was needed since BOOTP was not designed to provide dynamic address assignment. Instead, administrators tediously maintained configuration files for each host on the network. Instead of a multitude of configuration files, a dynamic alternative was created with DHCP.

How Does DHCP Work?

DHCP works within four steps: DHCP discovery, DHCP offers, DCHP requests, and DHCP acknowledgement.

DHCP Discovery

When a computer is connected to a DHCP-enabled network, it will send out a broadcast. This broadcast, known as DHCPDISCOVER, will be sent out in hopes of finding the DHCP server. Optionally, the client will request that the last known IP information the client used on the network be used. (Based on the settings of the DHCP server, this request may be fulfilled or denied.)

DHCP Offers

The DHCP will then receive a lease request from the client. This lease determines how long the client can expect to use the IP information it will obtain from the server. A DHCP message referred to as DHCPOFFER is sent back from the server to the client. This message contains the lease duration, IP address, subnet mask, the client’s MAC address, and the IP address of the DHCP server that issued the message.

DCHP Requests

Upon a successful transaction of information, the client must then tell the DHCP server that the information was indeed received and accepted. A broadcast is initiated with the DHCP server’s IP address. This will tell other possible DHCP servers that they shouldn’t issue IP information to the client, since the client already obtained the necessary information. This will help free up IP addresses for other computers, as only one lease can be obtained per network interface card.

DHCP Acknowledgement

DHCP acknowledgement is the final phase in the information exchange between server and client. In this phase the server obtains the DHCPREQUEST message from the client, and sends back a DHCPACK message. This packet of information includes the lease duration, as well as any configuration information the client may have requested. At this point the process is complete, and the client will configure its IP information accordingly.

Common DHCP Leases

As you’ll recall, the lease is the length of time the client can expect to hold the information obtained by the DHCP server. To fully grasp the need for leases in DHCP configuration, we need to know the significance of the network it is installed on. Leases are commonly set to anywhere from 15 minutes to several months- so what’s the ideal lease time?

---

• 15 Minutes – You may use a lease time of 15 minutes when there are more clients than there are IP addresses. This will ensure that every client on the network will have the capability to access network resources, even though there may not be enough IP addresses present. This may be a good choice for a popular wireless access point, for example. Keep in mind this will lower network performance as a result of an increase in DCHP messages.
• 24 Hours – The default setting on many DHCP servers. This will renew IP information for devices every 12 hours, since we have a 24 hour lease time. (Renew time is 50% of the lease time. If the renewal fails for some reason, it will try again in 6 hours, in our example.) A 24 hour lease time will allow new users to connect to a network on a daily basis- good for both home and work applications.
• 1 Week – This timeframe will allow networks that seldom change to still operate. If a change in network structure does indeed occur, clients will need the changes to propagate throughout the network to function properly. This allows for a certain level of flexibility, but also ensures that the(normally) conservative network isn’t congested with DHCP traffic.
• 4 Months – This lease is more for stable networks that are unlikely to change. In particular they are best suited for educational networks that allow a summer break. Obviously, computers will be unlikely to be used for a period of around 3 months while summer being observed. This will allow networks to keep IP information despite the long inactivity.
• 1 Year – If a user hasn’t used an IP address in 6 months, the user is most likely not coming back. This is good for networks that have a large amount of IP addresses to administer to a wide range of clients. If a user hasn’t come back in 6 months, we can recover the IP information for future use. Obviously, the priority here isn’t for clients- but rather simple housekeeping.
• Infinite – It is highly recommended that lease times not be set as infinite. This will effectively create a set in stone network. If a laptop user happens to request an IP address and never comes back, that IP address is lost for all of infinity. It should be noted that some devices don’t support the infinite lease setting- which may result in server crashes and other related problems.

---

Closing Comments

DHCP is a very commonly used protocol. If you’ve ever looked at a computer’s IP settings and seen the option “Obtain an IP address automatically,” you can be sure DHCP is hard at work. This is the very same hard work that would’ve been given to the unfortunate system administrator. Clearly, DHCP is one of the “I’m sure glad someone thought of that!” protocols would be hard to imagine life without.

How a Smurf Attack Works

Smurf attacks are a type of denial of service attack, in which the Internet Control Message Protocol (ICMP) and broadcasts are being exploited. Normal ICMP requests (commonly referred to as pings) are used to verify network connectivity. But since they require a response from the target machine, they can maliciously be used to consume network resources if many are sent at once.

Broadcasts come into the equation, however, since they give capability to send requests to every computer on a network. Obviously if a broadcast were to be sent multiple times, the traffic would slow down the network. Imagine 100 computers sending back an ICMP request at the same time- network performance would take a huge dip.

It should be noted that smurf attacks work via an attacker spoofing the IP address of the broadcast. The IP address is actually the IP address of the victim the attacker chooses. When every computer on the network responds to the ICMP request, all of these requests go to the computer the attacker borrowed the IP address from. In this instance, the network only acts as an amplifier to the attack, not necessarily the victim.

Unfortunately, smurf attacks leave little room for victims to recover from an attack. Instead, the attack must be staved off at the network level via filtering. We can do this specifically through the no ip directed-broadcast command in Cisco routers.

No IP Directed-Broadcast

An IP Directed-Broadcast is simply an IP packet, of which has a destination address of a particular IP subnet. The broadcast in this instance is sent from a different network, as one could probably guess from the command name. (The broadcast is being directed via IP, not a unicast address.)

Keep in mind that if you are running a Cisco IOS version 12.0 or above, you do not need to follow these steps. No IP Directed-Broadcast was enabled by default after IOS 12.0. It is strongly recommended that No IP Directed-Broadcast be enabled if your IOS version is below 12.0. If you aren’t sure which version you have, simply type in the following commands from user exec mode:

As you can tell in the above example, the version number is higher than 12.0. In this instance, we would not need to take further action. If the number happens to be below 12.0, then you will need to apply the No IP Directed-Broadcast command. First, you should find out the naming convention for your router’s interfaces, as show below.

Now that we know our interface naming convention, FastEthernet 0/0, we can modify it. You may wish to write this down, since this will be what you will always refer to your interfaces to from now on. You may now proceed to apply the command to the interface, as seen below.

Note that we only applied this to a single interface (FastEthernet 0/0).It should be applied to all interfaces for maximum protection.

Closing Comments

Very few IP applications will make use of the IP directed broadcast, so it is almost always perfectly fine to leave it off. You can, however, configure access lists to permit or deny IP Directed-Broadcasts. This is usually only feasible with smaller networks, since access lists can be quite tedious to maintain on all but the smallest networks.

All you need to get started is a Cisco router with a console port, a rollover cable, and console port on the PC being used to program the router. Note that you’ll most likely need an RJ-45 to DB-9 adapter if your PC’s console port won’t fit an Ethernet cable.

Connecting to the Cisco Internetwork Operating System (IOS)

The Cisco Internetwork Operating System, referred to as the IOS, is the operating system of the router. It is a proprietary kernel that performs the routing, switching, internetworking, and other telecommunication features.

Keep in mind that there are many different Cisco routers that have been developed. With each release, there are updates to how the router functions and accepts commands. You should note that some commands will differ from router model to router model- but we’ll get more into this later. The differences aren’t too great, so there shouldn’t be too many troubles with this aspect.

Actually connecting to the IOS via our desktop requires special software. What we will use in these examples is HyperTerminal. It is very likely you already have it. Windows users, for instance, will find it in their Accessories folder under the Start Menu. (From there it may be listed under a communications folder.) Note that Windows Vista users did not get blessed with HyperTerminal, and so thus it must be downloaded (for free) here.

Start up HyperTerminal, and enter any connection name in the window that appears, then press OK.

Now in the resulting screen, make sure the COM port is selected next to the “Connect Using:” label. Press OK to go to the next screen. Also make sure all checkboxes are unchecked.

Now when you press OK, you will be presented with a new dialog. Be sure that you click “Restore defaults” or else the wrong configuration may be loaded. The final result in each textbox should mimic the textboxes in the following screenshot.

Now press OK. Now to show the power-on self test, or POST, power your router off and power it back on- if the screen begins cluttered with information, you’ll know everything was a success. If nothing happens, check to see if your physical configuration is right. (A rollover cable from your PC console port to the router console port- which may require a RJ-45 to DB-9 adapter.) Also check to see if you followed the HyperTerminal instructions correctly. Lastly, make sure you powered your router off and back on correctly.

What you should be seeing is the power-on self test, or POST. This is a set of tests and checks to make sure your router is configured correctly and is running without problem. It can be a few minutes before it is complete, so have patience.

Note that if you are asked to enter a setup configuration, type NO and press RETURN. Eventually you will see a “Press RETURN to get started!” prompt. Simply press enter and you’re done- you have successfully connected to a router via the console port. Now the fun part begins: configuring the router!

In the next section we will take a look at some basic router configuration commands. We will be creating passwords, modifying running configuration settings, and starting an introduction into the wonderful world or router configuration.

The questions below are from the CCNA 1 module 8 exam- but instead of straight answers, we reason out why the answers are correct. If any type of math or decision making is involved, we leave that up to you (But we will of course give you the resources you need to complete the question.)

1. What is characteristic of the operation of a Layer 2 switch?

A) forwards data based on logical addressing

B) duplicates the electrical signal of each frame to every port

C) learns the port assigned to a host by examining the destination MAC address

D) uses the destination MAC address to determine the specific interface to forward a frame

More Info: An Introduction to Ethernet Switching
Explanation: Like a bridge, the layer 2 switch will forward data based on the destination MAC address of the data. This data is then forwarded to a specific port, unlike hubs who would broadcast to all ports (and thus waste resources). D is the correct answer.

2. Two newly hired technicians are discussing the implementation of a new LAN. One technician proposes installing a hub. The other technician advises installing a switch. Which statements are true about the differences between a hub and a switch? (Choose two.)

A) A hub operates at Layer 2 of the OSI model.

B) A hub reduces the number of collisions on a LAN.

C) A hub works at a higher OSI model layer than a switch.

D) A switch provides more throughput to hosts on a LAN

E) A switch provides a collision-free environment on a LAN.

F) The number of collisions on a LAN are the same whether a hub or a switch is used.

More Info: An Introduction to Ethernet Switching
Explanation: Switches use microsegmentation to provide more throughput, so D is correct. Switches also support full-duplex operation, which means a collision-free environment is possible- so E is also correct.

3. Refer to the exhibit. Forty-eight workstations are connected to a hub. The users are able to connect to the network, but access is very slow. An entry-level technician replaces the 10 Mbps hub with 100 Mbps hub but the problem still exists. What is the most economical way to correct the problem?

A) Replace the hub with a switch.

B) Replace the hub with a router.

C) Replace the hub with a 1 Gbps hub.

D) Replace the hub with a 10 Mbps fiber hub.

More Info: An Introduction to Ethernet Switching
Explanation: Although the hub was upgraded, it is still a hub. Switches are considered to be superior in providing bandwidth via microsegmentation and reliability via full-duplex operation. In this case, we will want to replace the hub with a switch- A is the correct answer.

4. Exhibited is a portion of ABC Company internetwork. Which of the connections can be full duplex?

A) segments 1 and 2

B) segment 2

C) segments 3 and 4

D) segments 2, 3, and 4

E) segments 1, 2, 3, and 4

More Info: An Introduction to Ethernet Switching
Explanation: Segment 1 is operating under a hub- and as we know, hubs aren’t capable of full-duplex capability. Therefore, all other segments except 1 may be full-duplex. D is the correct answer.

5. Refer to the exhibit. The switch and the hub have default configurations, and the switch has built its CAM table. Which of the hosts will receive the data when workstation A sends a unicast packet to workstation C?

A) workstation C

B) workstations B and C

C) workstations B, C, and the E0 interface of the router

D) workstations B, C, D, E, F, and the E0 interface of the router

More Info: An Introduction to Ethernet Switching
Explanation: Only workstation C will get the data, since we are using a switch. Switches use microsegmentation, which will allow only the receiving computer to get the data in this instance. A is the correct answer.

6. An administrator would like to connect ten workstations on a 192.168.0.0/24 network. The device selected by the administrator must allow connectivity between hosts without sharing bandwidth. Which device would be appropriate?

A) hub

B) router

C) switch

D) repeater

More Info: An Introduction to Ethernet Switching
Explanation: Only a switch can route data without sharing data. Note that the hub would be able to be used if sharing bandwidth wasn’t an issue. But since it is, C is the correct answer.

7. Which networking devices use the MAC address to make forwarding decisions? (Choose two.)

A) NIC

B) bridge

C) hub

D) switch

E) repeater

More Info: An Introduction to Ethernet Switching
Explanation: Bridges and switches both operate on the Data Link layer- meaning they do indeed deal with MAC addresses. B and D are the correct answers, since the rest of the answers operate on the physical layer.

8. Which devices are primarily used to extend cable segments within a collision domain by regenerating the data signals? (Choose two.)

A) switch

B) repeater

C) router

D) bridge

E) hub

More Info: An Introduction to Ethernet Switching
Explanation: Repeaters and hubs both extend the collision domain by repeating a signal, so B and E is correct. Bridges, routers, and switches create more collision domains- not extend them.

9. Which devices will create multiple collision domains in an Ethernet network? (Choose two.)

A) NIC

B) hub

C) switch

D) router

E) repeater

More Info: An Introduction to Ethernet Switching
Explanation: Switches, routers, and repeaters all create more collision domains when used correctly. C and D are correct. Hubs extend the collision domain, and NICs are unrelated.

10. Refer to the exhibit. How many broadcast domains exist in classroom 240?

A) 1

B) 2

C) 5

D) 12

E) 13

F) 15

More Info: An Introduction to Ethernet Switching
Explanation: Only 1 broadcast domain exists, since the multiple hubs only extend the domain, not create more collision domains. The switch effectively creates our only collision domain. A is the correct answer.

11. A PC receives a frame. Which situation will cause the NIC on the receiving host to pass the frame contents up the OSI layers to be processed by the PC?

A) The frame is a runt frame.

B) The destination MAC address of the frame is FFFF.FFFF.FFFF.

C) The transmitting host generated a jam signal during the frame transmission.

D) The recalculated checksum for the frame does not match the FCS on the frame.

More Info: An Introduction to Ethernet Switching
Explanation: We know that broadcasts are always expressed as the highest number possible. In hex, this number is actually F. Therefore, the NIC will process a broadcast that is defined by the MAC address FFFF.FFFF.FFFF, so B is the correct answer.

12. A network administrator has a multi-floor LAN to monitor and maintain. Through careful monitoring, the administrator has noticed a large amount of broadcast traffic slowing the network. Which device would you use to best solve this problem?

A) bridge

B) hub

C) router

D) transceiver

More Info: An Introduction to Ethernet Switching
Explanation: The best device would be the router. The hub would only cause bandwidth concerns, and the bridge would only divide the network into two halves- not provide any other functionality. Transceivers are unrelated. The correct answer is C.

13. What will a bridge do if it receives a frame with a MAC address that is not within the table?

A) discard frame

B) ignore frame

C) send frame to appropriate port

D) send frame to all ports except source port

More Info: An Introduction to Ethernet Switching
Explanation: If a frame is received that doesn’t have a MAC address, the frame is forwarded out of all ports except the source port. D is the correct answer.

14. Which networking device reduces the size of both collision domains and broadcast domains?

A) hub

B) Layer 2 switch

C) router

D) bridge

E) repeater

More Info: An Introduction to Ethernet Switching
Explanation: Since only a router can separate broadcast domains, C is the correct answer.

15. What is used to prevent Layer 2 switching loops?

A) bridging

B) segmentation

C) Address Resolution Protocol

D) Spanning-Tree Protocol

More Info: An Introduction to Ethernet Switching
Explanation: Spanning tree protocol, or STP, is used to prevent switching loops. Have a look at the above article for more information.

But before we jump into the fun theories such as Spanning Tree Protocol (STP), let’s take a look at the devices we are dealing with.

Layer 2 Bridges

As you’ll recall from the OSI model, layer 2 corresponds to the Data Link layer- the layer that deals directly with MAC addresses. In this case, we are dealing with bridges that, coincidentally, handle MAC addresses.

The purpose of a bridge is simple: divide a network into two separate pieces so we can save bandwidth. That way if a computer on one segment of the bridge needs to communicate with another computer on that side of the bridge, the connection remains local. The other segment will not be bothered with the request.

This also effectively gives us two separate collision domains. This will help cut down on data collision, which is a major cause of network latency. Note that in the above example, computer A sends information to the bridge first, which makes the decision to route the request to computer B, while filtering the data out of the segment on the right.

Things to Remember About Bridges

---

• 1. Bridges provide switching via comparing destination MAC addresses found in the data being sent to MAC addresses stored in its tables.
• 2. If the source MAC address is not already known, the bridge creates a new entry in the MAC address table with the source port. This will be used for future switching operation.
• 3. If the destination MAC address is not known by the bridge, a broadcast will be sent to all segments in a process called flooding. Note that a broadcast is not sent out in the port the data was received on.
• 4. If the bridge determines the destination MAC address is not from the same network segment as the sending device, it will forward the data to the appropriate segment.

---

Layer 2 Switches

Layer 2 switches are essentially the same as bridges, only they have multiple ports and can use microsegmentation to decrease collisions and increase throughput. They also have support for full-duplex operation and spanning tree protocol (STP).

Full-duplex operation enables devices to have support for both receiving and sending information at the same time. This eliminates the problem of data collision altogether. Keep in mind that if a device such as a hub were used, full duplex operation could not be possible because hubs lack microsegmentation.

Lastly, switches use what is called spanning tree protocol. Spanning tree protocol is used to help prevent loops from forming. Imagine that switch A forwards data to switch B, since it is unsure where the data should go. Switch B isn’t sure either, and forwards the data back. This creates a never ending loop in theory, but thankfully we can make use of STP. In the example below, you can see that there are four physical links maintained, while two of the links are purely logical- they do not technically exist to the switches.

To counteract the threat of loops, switches send messages called bridge protocol data units, or BPDUs, out every port to let other switches know if its existences. Redundant paths are then shut down through port blocking, and we result with a path free of loops. (These paths can be opened again, however, in case a line goes down and the redundancy is needed.) In the example below, you can see that there are four physical links maintained, while two of the links are purely logical- they do not technically exist to the switches.

Layer 2 Switch Modes of Operation

But what sets them apart from bridges even further is that they can operate in three different modes- Store-and-Forward, Cut-Through, and Fragment-Free.

---

• 1. Store-and-Forward is the method with the slowest operation speed. This is due to the fact that it checks incoming frames of data for integrity. If the frame has errors, it is discarded. Otherwise, it is sent to its destination. This error checking can be quite costly to network performance, however.
• 2. Cut-Through switching is considered to be the bare minimum- and thus much faster. It only requires that the beginnings of the frame up to the destination MAC address be read before the frame of data can pass through the switch.
• 3. Fragment-Free switching is a modified form of the Cut-Through method. Fragment-free switching filters out collision fragments, which is where the majority of packets errors originate. To do this checking, the switch must wait for the entire packet of information to be received before the filtering takes place. Obviously, it’ll not be as quick as the cut-through method.

---

A Last Note on Broadcasts and Collisions

Keep in mind that since we have been dealing with layer 2 devices, we do not divide the broadcast domain with these devices. Only a router can divide a broadcast domain. As for collision domains, each of these devices creates more of them (this is a good thing). As for hubs and repeaters, they only extend the collision domain.

Also keep in mind that if a frame is bearing the format of FFFF.FFFF.FFFF, it will be automatically received by all NICs on the network, as this is, in fact, a broadcast address in hexadecimal.

The questions below are from the CCNA 1 module 7 exam- but instead of straight answers, we reason out why the answers are correct. If any type of math or decision making is involved, we leave that up to you (But we will of course give you the resources you need to complete the question.)

1. Which Ethernet standard does the IEEE 802.3 standard recommend for backbone installations?

A) 10BASE-T

B) 100BASE-T

C) 100BASE-FX

D) 1000BASE-LX

More Info: A Brief Overview of Ethernet History

Explanation: Backbone installations require a lot of bandwidth. Therefore, we need the option that provides the most. 1000BASE-LX would be this option, since it is Gigabit Ethernet; D is the correct answer.

2. Which statements describe Gigabit Ethernet technology? (Choose two.)

A) operates at 100 Mbps

B) typically used for backbone cabling

C) requires shielded twisted-pair cabling

D) can be implemented over copper and fiber

E) primarily used between workstations option

More Info: A Brief Overview of Ethernet History

Explanation: Backbone cabling needs high-bandwidth cable- so B is correct. Gigabit technology can also be copper or fiber optic media- so D is also correct.

3. Which of the following are Fast Ethernet technologies? (Choose two.)

A) 100BASE-5

B) 100BASE2

C) 1000BASE-F

D) 100BASE-FX

E) 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: Fast Ethernet is classified as a 100-Mbit specification. The first two choices, A and B, do not exist. 10BASE5 and 10BASE2 do, however. This leaves us with D and E, since C is Gigabit Ethernet.

4. To make sure timing limitations are not violated when implementing a 10 Mbps Ethernet network involving hubs or repeaters, a technician should adhere to which rule?

A) the 4-5-3 rule

B) the 6-4-2 rule

C) the 3-4-5 rule

D) the 5-4-3 rule

More Info: A Brief Overview of Ethernet History

Explanation: The rule states that networks should not exceed 5 network segments, four repeaters, and no more than three of the five network segments can be for end-users. Thus, the correct answer is D.

5. At which OSI layer do the differences between standard Ethernet, Fast Ethernet and Gigabit Ethernet occur?

A) physical layer

B) data link layer

C) network layer

D) transport layer

More Info: A Brief Overview of Ethernet History

Explanation: Ethernet operates on the physical layer, so A is the only logical choice.

6. How does 1000BASE-T use the UTP wire pairs to accomplish transmission?

A) two pairs are used to transmit and two pairs are used to receive

B) one pair is used to transmit, one pair is used to receive, one pair is used for clocking, and one pair is used for error correction

C) all four pairs are used in parallel by both hosts to transmit and receive simultaneously

D) two pairs of wires are used as in 10BASE-T and 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: 100BASE-T is a Gigabit Ethernet specification, meaning it can provide a large amount of bandwidth. To get as much bandwidth as possible, we need to use all four wired pairs- so C is the correct answer.

7. What RJ-45 pins are unused when transmitting and receiving data in an Ethernet 100BASE-T Category 5 UTP cable? (Choose two.)

A) 1 and 2

B) 3 and 6

C) 4 and 5

D) 7 and 8

More Info: A Brief Overview of Ethernet History

Explanation: Pins 1, 2, 3, and 6 are used in 100BASE-T Cat5 UTP cable, as stated in the article above.

8. What is the maximum distance that 10BASE-T will transmit data before signal attenuation affects the data delivery?

A) 100 meters

B) 185 meters

C) 300 meters

D) 500 meters

More Info: A Brief Overview of Ethernet History

Explanation: The maximum distance a 10BASE-T cable can be run is said to be 100 meters, so A is the correct answer.

9. Which media types can be used in an implementation of a 10BASE-T network? (Choose three.)

A) Category 5 UTP

B) Category 5e UTP

C) Category 3 UTP

D) coaxial cable

E) multi-mode fiber

F) single mode fiber

More Info: A Brief Overview of Ethernet History

Explanation: A, B, and C are true based on the specifications found in the above article.

10. Which of the following Ethernet technologies are considered legacy Ethernet? (Choose three.)

A) 10BASE2

B) 10BASE5

C) 10BASE-T

D) 100BASE-T

E) 100BASE-FX

F) 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: LegacyEthernet is characterized by having speeds of 10-Mbp. Only A, B, and C correspond with this number, and thus, they are correct.

The questions below are from the CCNA 1 module 6/7 exam- but instead of straight answers, we reason out why the answers are correct. If any type of math or decision making is involved, we leave that up to you (But we will of course give you the resources you need to complete the question.)

1. Which of the following are specified by IEEE standards as sublayers of the OSI data link layer? (Choose two.)

A) Logical Link Control

B) Logical Layer Control

C) Media Access Control

D) Logical Link Communication

E) Media Access Communication

F) Physical Access Communication

More Info: How the Network Access Layer Works

Explanation: Sublayers of the Data Link layer include Logical Link Control (LLC) and Media Access Control (MAC). A and C are both correct.

2. Refer to the exhibit. Host A is communicating with host F. What happens to a frame sent from host A to host F as it travels over the Ethernet segments?

A) The frame format is modified as it passes through each switch.
B) The frame format remains the same across each Ethernet segment.
C) The frame format is modified as the media speed changed at switch B and switch E.
D) The frame format is modified as the media material changes between copper and fiber at switch C and switch D.

More Info: How the Network Access Layer Works

Explanation: The frame format is not modified at any point to its destination, so B is the correct answer.

3. In which two layers of the OSI model does Ethernet function? (Choose two.)

A) application

B) session

C) transport

D) network

E) data link

F) physical

More Info: How the Network Access Layer Works

Explanation: The bottom two layers of the OSI model deal with Ethernet functions-Physical and Data Link. Note that this is also the Network Access Layer in the TCP/IP model. E and F are both correct.

4. Where does the MAC address originate?

A) DHCP server database

B) configured by the administrator

C) burned into ROM on the NIC card

D) network configuration on the computer

E) included in the creation of the processor chip

More Info: What is a Network Interface Card?

Explanation: The MAC address is burned into the NIC at the factory- B is the correct answer.

5. At what layer of the OSI model does a MAC address reside?

A) 1

B) 2

C) 3

D) 4

E) 7

More Info: How the Network Access Layer Works

Explanation: The second layer of the OSI model is the Data link layer (which corresponds to the TCP/IP network access layer). We know that the data link layer is responsible for MAC address capability, so B is the correct answer.

6. A router has an Ethernet, Token Ring, serial, and ISDN interface. Which interfaces will have a MAC address?

A) serial and ISDN interfaces

B) Ethernet and Token Ring interfaces

C) Ethernet and ISDN interfaces

D) Token Ring and serial interfaces

More Info: (none)

Explanation: The MAC address is reserved for the Ethernet and Token Ring interfaces, so B is correct. Serial and ISDN interfaces do not require MAC addresses, so the remaining answers are incorrect.

7. Which two devices can provide full-duplex Ethernet connections? (Choose two.)

A) hub

B) modem

C) repeater

D) NIC

E) Layer 2 switch

More Info: Carrier Sense Multiple Access Collision Detect (CSMA/CD) Explained

Explanation: This question is rather tricky. It is best to eliminate the wrong answers first. Hubs can’t, since they don’t support microsegmentation. Modems operate as half-duplex, so they are out too. Repeaters are unrelated to the matter, so it leaves us with the NIC and Layer 2 switch. D and E are correct.

8. Refer to the exhibit. The small office network shown in the exhibit consists of four computers connected through a hub. Which configuration would cause collisions and errors on the network?

A) autonegotiation

B) FastEthernet

C) peer-to-peer shared resources

D) administratively configured full duplex

More Info: Carrier Sense Multiple Access Collision Detect (CSMA/CD) Explained

Explanation: D is the correct answer, since the device connecting the computers is a hub. We can not have an error-free network operating at full-duplex with a hub. If the device was a switch, it would be a different story.

9. Refer to the exhibit. The switch and workstation are administratively configured for full-duplex operation. Which statement accurately reflects the operation of this link?

A) No collisions will occur on this link.

B) Only one of the devices can transmit at a time.

C) The switch will have priority for transmitting data.

D) The devices will default back to half duplex if excessive collisions occur.

More Info: Carrier Sense Multiple Access Collision Detect (CSMA/CD) Explained

Explanation: Since full-duplex operation allows two devices send and receive information at the same time, there should be no collisions at all. The device is a switch (not a hub), so there should be no further problems. A is the correct answer.

10. What are three functions of a NIC in a PC? (Choose three.)

A) A NIC connects the PC to the network media.

B) A NIC detects collisions on the Ethernet segment.

C) A NIC checks the formatting of data before it is transmitted.

D) A NIC passes the contents of selected frames to the upper OSI layers.

E) A NIC acknowledges and retransmits data that was not received properly.

F) A NIC discards frames when the destination IP address does not match the local host.

More Info: What is a Network Interface Card?

Explanation: The NIC connects a PC to network media, so A is correct. It also detects collisions, so B is also correct. A NIC is too dumb of a device to check formatting, so C is incorrect. NICs do indeed pass information to upper OSI layers, so D is correct. D and E are both untrue since NICs do not have these responsibilities.

11. In an Ethernet LAN, how does the NIC know when it can transmit data?

A) An Ethernet NIC transmits data as soon as the frame is received.

B) An Ethernet NIC transmits data as soon as the NIC receives a token.

C) An Ethernet NIC transmits data when it senses a collision.

D) An Ethernet NIC transmits data after listening for the absence of a signal on the media.

More Info: What is a Network Interface Card?

Explanation: NICs look for an absence in signal before transmitting, since we need an open spot on the network to transmit or there will be collisions. D is the correct answer.

12. Refer to the exhibit. All hosts are in listen mode. Host 1 and Host 4 both transmit data at the same time. How do the hosts respond on the network? (Choose two.)

A) Hosts 1 and 4 may be operating full duplex so no collision will exist.

B) The hub will block the port connected to Host 4 to prevent a collision.

C) After the end of the jam signal, Hosts 1, 2, 3, and 4 invoke a backoff algorithm.

D) Hosts 1 and 4 are assigned shorter backoff values to provide them priority to access the media.

E) If a host has data to transmit after the backoff period of that host, the host checks to determine if the line is idle, before transmitting.

More Info: Carrier Sense Multiple Access Collision Detect (CSMA/CD) Explained

Explanation: We know from the above article that when a collision occurs, a jam signal is sent and all devices invoke a back-off algorithm. After that time is up, hosts may then check the network for traffic. If it is open, the device may transmit. This describes answers C and E.

13. Which statement describes how CSMA/CD on an Ethernet segment manages the retransmission of frames after a collision occurs?

A) The first device to detect the collision has the priority for retransmission.

B) The device with the lowest MAC address determines the retransmission priority.

C) The devices on the network segment hold an election for priority to retransmit data

D) The devices transmitting when the collision occurs DO NOT have priority for retransmission.

More Info: Carrier Sense Multiple Access Collision Detect (CSMA/CD) Explained

Explanation: After a back-off sequence is expired, the devices that were in the collision do not have priority to transmit data. D is the correct answer.

14. What is the maximum distance that 10BASE-T will transmit data before signal attenuation affects the data delivery?

A) 100 meters

B) 185 meters

C) 300 meters

D) 500 meters

More Info: A Brief Overview of Ethernet History

Explanation: 10BASE-T, like other Ethernet cables, has a maximum distance rating before the signal starts to degrade. 10BASE-T has a rating of around 100 meters- A is correct.

15. Which of the following are Fast Ethernet technologies? (Choose two.)

A) 100BASE-5

B) 100BASE2

C) 1000BASE-F

D) 100BASE-FX

E) 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: Fast Ethernet classifies Ethernet operating in the 100-Mbps range. A an B do not exist- it would actually be 10BASE5 and 10BASE2, and even then they are Legacy Ethernet. C is considered Gigabit Ethernet, so it is also incorrect. D and E are the correct answers.

16. At which OSI layer do the differences between standard Ethernet, Fast Ethernet and Gigabit Ethernet occur?

A) physical layer

B) data link layer

C) network layer

D) transport layer

More Info: A Brief Overview of Ethernet History

Explanation: The Physical Layer is the correct option. Ethernet operates on the Physical Layer, so this is the only logical option.

17. How does 1000BASE-T use the UTP wire pairs to accomplish transmission?

A) two pairs are used to transmit and two pairs are used to receive

B) one pair is used to transmit, one pair is used to receive, one pair is used for clocking, and one pair is used for error correction

C) all four pairs are used in parallel by both hosts to transmit and receive simultaneously

D) two pairs of wires are used as in 10BASE-T and 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: Gigabit Ethernet has the characteristic of being able to handle a lot of bandwidth. To accomplish this, all four wire pairs are use to send and receive signals.. C is the correct answer.

18. Which statements describe Gigabit Ethernet technology? (Choose two.)

A) operates at 100 Mbps

B) typically used for backbone cabling

C) requires shielded twisted-pair cabling

D) can be implemented over copper and fiber

E) primarily used between workstations option

More Info: A Brief Overview of Ethernet History

Explanation: Gigabit Ethernet is a high-bandwidth solution- so backbones will make good use of it- B is correct. It can come in both copper and fiber optic forms, so D is also correct.

19. Which media types can be used in an implementation of a 10BASE-T network? (Choose three.)

A) Category 5 UTP

B) Category 5e UTP

C) Category 3 UTP

D) coaxial cable

E) multi-mode fiber

F) single mode fiber

More Info: A Brief Overview of Ethernet History

Explanation: A, B, and C are true based on the specifications found in the above article.

20. Which of the following Ethernet technologies are considered legacy Ethernet? (Choose three.)

A) 10BASE2

B) 10BASE5

C) 10BASE-T

D) 100BASE-T

E) 100BASE-FX

F) 100BASE-TX

More Info: A Brief Overview of Ethernet History

Explanation: LegacyEthernet is characterized by having speeds of 10-Mbp. Only A, B, and C correspond with this number, and thus, they are correct.