CCNA (routing and switching)

Network Address Translation

NAT was developed in order to save some addresses out of the depleting pool of IPv4 address.

Network private addresses are described in RFC 1918 and are to designed to be used within an organization or site only

Private addresses are not routed by Internet routers while public addresses are

Private addresses can alleviate IPv4 scarcity but since they aren’t routed by Internet devices, they need to be translated first.

NAT is process used to perform such translation




NAT is a process used to translate network addresses

NAT’s primary use is to conserve public IPv4 addresses

Usually implemented at border network devices such as firewalls or routers

This allows the networks to use private addresses internally, only translating to public addresses when needed

The terms,

inside and outside, are combined with the terms local and global to refer to specific addresses

• Inside local address

• Inside global address

• Outside global address

• Outside local address



Addresses used when the NAT is discussed:

  • Inside Local – ( Local address used be a given computer, which is part of a local network
  • Outside Local – ( Address of the LAN gateway. It is used by all computers on your local network, to access the internet. Local computers use this address as their default gateway. They direct all their communication through the gateway, because they have no other way to communicate with other networks.
  • Inside Global – ( – The global address that can be reached from both the internet and local network. It is the address you got from your ISP, to identify your whole network
  • Outside Global – ( – The original another end of communication. In this example the web server.

another example



Types Of NAT

  1. Static NAT

  • Static NAT uses a one-to-one mapping of local and global addresses
  • These mappings are configured by the network administrator and remain constant
  • Static NAT is particularly useful when servers hosted in the inside network must be accessible from the outside network
  •  A network administrator can SSH to a server in the inside network by point his SSH client to the proper inside global address

static nat


Dynamic NAT

Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis

When an inside device requests access to an outside network, dynamic NAT assigns an available public IPv4 address from the pool

Dynamic NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions


Port Address Translation NAT (PAT)

  • PAT maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses
  • PAT uses the pair source port and source IP address to keep track of what traffic belongs to what internal client
  • PAT is also known as NAT overload
  • By also using the port number, PAT is able to forward the response packets to the correct internal device
  • The PAT process also validates that the incoming packets were requested, thus adding a degree of security to the session

Comparing NAT and PAT


  • NAT translates IPv4 addresses on a 1:1 basis between private IPv4 addresses and public IPv4 addresses
  • PAT modifies both the address and the port number
  • NAT forwards incoming packets to their inside destination by referring to the incoming source IPv4 address given by the host on the public network
  •  With PAT, there is generally only one or a very few publicly exposed IPv4 addresses
  • PAT is also able to translate protocols that don’t use port numbers such as ICMP. Each one of these protocols are supported differently by PAT


Configuring Static NAT

  • Create the mapping between the inside local and outside local addresses
  • Define which interface belong to the inside network and which belong to the outside network

Configuring nat




Checking NAT translations



Dynamic NAT Operation

The pool of public IPv4 addresses (inside global address pool) is available to any device on the inside network on a first-come first-served basis

With dynamic NAT, a single inside address is translated to a single outside address

The pool must be large enough to accommodate all inside devices

A device won’t be able to communicate to any external networks if no addresses are available in the pool






Verifying PAT

R2# show ip nat translations

Port Forwarding

Port forwarding is the act of forwarding a network port from one network node to another

A packet sent to the public IP address and port of a router can be forwarded to a private IP address and port in inside network

This is helpful in situations where servers have private addresses, not reachable from the outside networks




doing a part 2.. ref for te above


click here to check the cisco notes.





CCNA (routing and switching)

VLAN introduction

What is a VLAN ?

VLAN stands for Virtual LAN or Virtual Local Area Network

It is a tool to separate hosts, which are connected to the same switch or switches, in the same way as if they were connected to a separate LANs and belonged to different broadcast domains. Use of VLANs is a way to have more than only one broadcast domain on a single switch. Without VLANs, this type of design could be achieved by separating LANs with routers. Any broadcast generated by a host, on a Non-VLAN kind of network, would be forwarded to every other host, greatly congesting the network. Also, the use of VLANs allows changing which host belongs to which LAN without moving anything physically. It’s a handy trick up your sleeve if you are far, far away and wish to connect a host to a different network.

Each VLANs is a separate broadcast domain

Other characteristics of VLANs:

  • VLANs allows to filter and separate different work groups (i.e. marketing, engineering, accounting) if they do not need to communicate directly. It increases the security of a networkbecause people who suppose not to communicate directly or suppose not to have an access to the same parts of the network or servers cannot do so easily. VLANs allows to group users by nature of their network activity rather than their physical location.
  • Host in two VLANs in order to communicate need a router.
  • VLANs allows separatingVoIP data from a not time critical data in a network. This allows giving a way to VoIP services before everything else.
  • Hosts in different VLANs can even use the same IP address ranges, without conflicts, because they are seen as separate networks.
  • By default, all ports on a switch belong to VLAN 1.
  • VLAN 1 also cannot be deleted.

There are two types of VLAN memberships depending how hosts can be assigned to a VLAN:

  • Static – It is port based. A host connected to a given port on a switch belongs to a given VLAN based on a switch port assignment to a specific VLAN.
  • Dynamic(VMPS – VLAN Management Policy Server) – Host is assigned to a VLAN depending which MAC address or upper layer protocol it uses. A neat solution when your users roam and may be located in different part of a building every time they connect.

How do switches knows where to forward frames that belong to a specific  VLANs ?

Cisco switches use tags that are inserted in front of each frame. The tag is an identifier that allows a switch to figure out to which VLAN a frame belongs.

There are two ways how Cisco switches can tag (encapsulate) frames:

  • ISL – Inter-Switch Link (Cisco’s proprietary)
  • IEEE 802.1q (industry standard)

Switch Ports can operate in one of the following modes:

  • Access– direct connection of a host to a port
  • Trunk – communication between two or more switches
  • Native – does not recognize VLAN tagging, used to connect to networks that do not recognize VLANs.

Switches can communicate between more than one switch by use one additional cable per VLAN or by using trunk links.

A trunk link is a link that belongs to all VLANs at the same time.

Hosts of a different VLANs in order to communicate, needs a router like they would do if they were members of two different physical networks. Frames of different VLANs are tagged, so information which frame belongs to which VLAN is not lost when they are sent over a single trunk link. Thanks for that a trunk connection can be used between a switch and a router, instead of having one group of cables to connect a switch with hosts and as many cables to connect switch with a router for each VLAN.Only one cable is used between a router and a switch. It is a trunk link. This type of configuration is known as router-on-a-stick.

To represent each VLAN on a router, usually, the virtual sub-interfaces are used. This way each VLAN connected via a trunk-link has it’s own representation on a router, with out need for a separate physical interface for each VLAN.

Typically when you configure a VLAN you assign which switch port belongs to which VLAN. To increase the security of a network you can configure not only which host belongs to which switch port, you can also enforce that if on any of these ports any other host with different MAC address will ever connect a switch will react in a certain way, for example, shutdown the port. This mechanism is known as switch port security.

To reduce an effort required by an administrator to replicate a VLAN database across a network the VTP (VLAN Trunking Protocol) protocol was invented. As Jeremy Cioara said in one of his training videos, it really should be called VLAN Replication Protocol. The protocol share and propagate the information about which switch serve which VLANs in a network. This way each switch in a network knows what VLANs are configured and what is their presence on specific switches.

VTP allows sending updates about a VLAN membership. The benefit of knowing what VLANs are supported by which switches is that you can stop a broadcast being sent over links that are not connected to switches with a specified VLANs (access) or are not connecting these switches (trunk). When a frame is sent from one switch to another the often it doesn’t need to be broadcast over all links that are in a network. Instead, the frame is being broadcasted only over those links that connect certain VLANs (trunks) or ports for these links belong to that VLANs. It conserves bandwidth and is known as pruning.

On the picture above frames from the Host A are sent only along the link between Switch 1-2, 2-4 and then from Switch 4 to the Host B. The frame doesn’t need to be sent out of any other port.

Switches can be configured as groups known as VTP domains. In these domains, switches share information about VLAN changes. VTP is not available on devices of other vendors as the protocol is proprietary. The updates are sent out every time a VLAN configuration changes on any switch which is participation in the domain.

To issue a valid VTP update the switch needs to:

  • be a member of a specific domain (name)
  • ‘knows’ a passwordfor this domain (not authorized updates will not take effect)
  • the switch needs to be in a server mode
  • the VLAN database revision numberof an update needs to be higher than a number of any other VLAN database version.

In terms of the VTP domain switches can be in one of the following modes:

  • Server– can update VLAN database. A switch in a VTP server mode without configured VTP domain name will not be able to update VLAN database.When a switch is connected to more than one VTP domains it will latch-on to the domain from which it first receives a VTP update.In case there was only one VTP server in a network and it doesn’t work anymore (malfunction, power outage etc.), to restore normal operation of the network the best solution is to switch one of the switches from VTP mode client to the server.
  • Client– cannot update, change, delete or crate VLANs, but can receive the updates.
  • Transparent– ignores VLAN updates altogether, doesn’t update it’s VLAN database based on received updates.In the VTP version 2 a switch in the transparent mode forward updates.For the VTP version 1, these updates are not forwarded to other switches which are ‘interested’ in it.

WARNING: Do not connect your lab switch to your production network. The lab switch most likely will have some VTP revision number. If the revision number is higher than the highest in your VTP domain it will overwrite VTP information on all switches in the domain. Because your lab setup is most likely quite different from your production networks it will effectively bring the network down.

To reset the VTP revision number on a specific switch change the domain name to something else and then change it back.

WARNING 2: Switches by default are in the VTP server mode. This way you can make changes to VLAN databases straight away.

Two adjacent switches can negotiate the roles of their ports, either access or trunk. To accomplish that they use a DTP (Dynamic Trunking Protocol ). Switches on both ends of the link need to belong to the same VTP domain, with a password must match on the both ends of the link.

Switches can be set in a variety of modes in terms of trunk link negotiations:

  • Dynamic Auto (auto)– passively awaits for the other side and is willing to switch to trunk mode. This mode is a default setting. Do not use this mode on both ends, because trunk link will never be negotiated.
  • Dynamic Desirable (desirable)– post in this mode will actively attempt to negotiate a trunk link. The other side has to agree. On or Desirable setting will allow a trunk link to be negotiated.
  • Trunk (on)– Manually sets a port mode to a trunk, regardless of a neighbour agreement.
  • Access (off)– Manually sets a port mode to an access, regardless of a neighbour agreement.
  • — (nonegotiate)– Manually switch off the negotiations of a trunk link. Used when a switch is connected to a device that doesn’t ‘understand’ DTP protocol and it could cause problems for the other device.
CCNA (routing and switching)

Access Control Lists



Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a router.

Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router’s interfaces. Your router examines each packet to determine whether to forward or drop the packet, on the basis of the criteria you specified within the access lists.

Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information.

Why You Should Configure Access Lists

1. restrict contents of routing updates

2.  to provide traffic flow control.

3.  to configure access lists is to provide security for your network

4. to decide which types of traffic are forwarded or blocked at the router interfaces

Overview of Access List Configuration

Each protocol has its own set of specific tasks and rules that are required in order for you to provide traffic filtering.

most protocols require at least two basic steps to be accomplished.

  • The first step is to create an access list definition,
  •  the second step is to apply the access list to an interface.

Creating Access Lists

Create access lists for each protocol you wish to filter, per router interface. For some protocols, you create one access list to filter inbound traffic, and one access list to filter outbound traffic.

To create an access list, you specify the protocol to filter, you assign a unique name or number to the access list, and you define packet filtering criteria. A single access list can have multiple filtering criteria statements.

When configuring access lists on a router, you must identify each access list uniquely within a protocol by assigning either a name or a number to the protocol’s access list.

The ACL number ranges.

Cisco IOS knows what type of the ACL you use rom f the number of the ACL.

  • Standard1 to 99 and 1300 to 1999
  • Extended100 to 199 and 2000 to 2699
  • Named – type of extended ACL which uses name instead of a number

Standard ACL

The standard ACL is the simplest incarnation of the ACL. Apart from its number, they are only defined by action that should be taken if a packet from described source turns up

access-list access-list-number {permit|deny}
{host|source source-wildcard|any}



In the case of the standard ACL, it is very important where you apply the ACL.

As you can only permit or deny traffic based on its source when you apply denying statement on the 1st point in the network you will effectively block this traffic from reaching everything in the network above. However when you apply the same access list at any other point in the network it will not block anything before this point along the way from the source to the destination.

Extended ACL

With the extended ACL, as the name might suggest, you have more choice and flexibility comparing to the standard ACL. You can filter traffic by it’s:

  • source or destination – It is usually source or destination IP address, but it could be another type of addressing, for example, the IPX
  • protocol type – IP, IPX, ICMP, IGMP, TCP, UDP are the most popular choices
  • port number – you can filter traffic by use of TCP/UDP port numbers


Processing order

A router always processes each access list from it’s top to bottom. The first statement that fits  the packet in question will be executed and the remaining ones will be ignored. However, you need to be warned about the implicit deny any statement at the end of each access list. In practice, it means if none of the statements which you have configured in the access list will fit the packet in question the router will execute the implicit deny statement blocking everything that wasn’t described in the ACL.

Note 1: Not having the permit statement in the ACL that allows traffic to and from the Internet, could cause the Internet outage or disconnect your telnet/ssh session as soon as you apply such ACL on the internet connecting network interface.

Note 2: You could manually add deny any statement at the end of all your ACL. This way you will see statistics how many times your traffic have matched the statement, which is there anyway visible (manually added) or invisible (implicit deny statement).

The solid wall and a fishnet security

You can use so-called fishnet security that you permit everything except a few forbidden types of traffic. It is called the fishnet, because it only stops a fish of a certain size (certain traffic type) and allows everything smaller than a fish (different than the described traffic).

You can also use so-called solid wall security that is when you deny traffic except a few allowed types of traffic. The name comes from the fact it works like a solid wall that stops everything except a few small holes that you need to drill through it.

To create an standard access list, the following command is used from the router’s global configuration mode:
R1(config)# access-list ACL_NUMBER permit|deny IP_ADDRESS WILDCARD_MASK
ACL number for the standard ACLs has to be between 1–99 and 1300–1999.
You can also use the host keyword to specify the host you want to permit or deny:
R1(config)# access-list ACL_NUMBER permit|deny host IP_ADDRESS
Once the access list is created, it needs to be applied to an interface. You do that by using the ip access-group ACL_NUMBER in|out interface subcommand. inand out keywords specify in which direction you are activating the ACL. in means that ACL is applied to the traffic coming into the interface, while the out keyword means that the ACL is applied to the traffic leaving the interface.
We want to allow traffic from the management LAN to the server S1. First, we need to write an ACL to permit traffic from LAN to S1. We can use the following command on R1:
R1(config)#access-list 1 permit
The command above permits traffic from all IP addresses that begin with 10.0.0. We could also target the specific host, by using the host keyword:
R1(config)#access-list 1 permit host
The command above permits traffic only from the host with the IP address of
Next, we need to apply the access list to an interface. Since the traffic is entering the interface on R1, we need to use the in keyword:
R1(config-if)#access-group 1 in
NOTE – at the end of each ACL there is an implicit deny all statement. That means that all traffic not specified in earlier ACL statements will be forbidden.

Configuring extended ACLs

To be more precise when matching a certain network traffic, extended access lists are used. With extended access lists, you can match more information, such as:
• source and destination IP address
• type of TCP/IP protocol (TCP, UDP, IP…)
• source and destination port numbers
Two steps are required to configure extended access lists:
1. configure extended access lists using the following command:
2. apply an access list to an interface using the following command:
R1(config-if) ip access-group ACL_NUMBER out
NOTE – extended access lists numbers are in ranges from 100 to 199 and from 2000 to 2699
To better understand the usefulness of extended access lists, consider the following example.
R1(config)#access-list 100 permit ip
Next, we need to deny Users the right to access S1 by using the deny statement:
R1(config)#access-list 100 ip deny
 Lastly, we need to apply the access list to the interface on R1:
R1(config) int fa0/0
R1(config-if) #access group 100 in
Again, we have Users network ( On the right side, we have a server that serves as a web server, listening on port 80. We need to permit Users to access web sites on S1, but we also need to deny other type of access, for example a Telnet access.
First, we need to allow traffic from Users network to the web server port of 80. We can do that by using the following command
R1(config)#access-list 100 permit tcp eq 80
By using the TCP keyword, we can filter packets by source and destionation ports. In the example above, we have permited traffic originating from the network to the host on port 80. The last part of the statement,eq 80, specifies the destination port of 80.
Now we need to disable telnet traffic from the network to To do that, we need to create a deny statement:
R1(config)#access-list deny tcp eq  23
Add the configs to the interface
R1(config)#int fa0/0
R1(config-if)# ip access-group 100 in
CCNA (routing and switching)

module 1 – Chapter 5 : ETHERNET





  • It operates in the data link and physical layer
  • It supports data bandwidth from 10mbps up to 10gbps
  • It relies on two layers of the data link Logical Layaer Control and Media Access Control.



  • Handles communication btwn the upper layer and lower layers
  • This is between networking software and device hardware
  • Considered as the driver software for the NIC (network Interface Card)



  • It is in the hardware
  • Component of te NIC
  • It is responsible for
  1. Data encapusulation
  2. Media access control

data encapasulation include

  • Frame assembling for transmission
  • Frame disassembling transmission
  • Adds head and tail to the network PDU

PDU -Protocol data unit

PDUs are relevant in relation to each of the first 4 layers of the OSI model as follows:[2]


  1. Frame delimiting
  • This identifies a group of bits that make up a frame
  • Provides a sync btwn transmitting and receiving nodes
  1. Addressing
  • It provides for data link layer addressing

3Error detection


MAC also places frames on the media and removes them off the media


  • The minimum frame size is 64 bytes (known as runt frame)
  • Maximum frame 1518 (giant frame)


An Ethernet frame starts with a header, which contains the source and destination MAC addresses, among other data. The middle part of the frame is the actual data. The frame ends with a field called Frame Check Sequence (FCS).
The Ethernet frame structure is defined in the IEEE 802.3 standard. Here is a graphical representation of an Ethernet frame and a description of each field in the frame:
ethernet frame
 Preamble – informs the receiving system that a frame is starting and enables synchronisation.
SFD (Start Frame Delimiter) – signifies that the Destination MAC Address field begins with the next byte.
Destination MAC – identifies the receiving system.
Source MAC – identifies the sending system.
Type – defines the type of protocol inside the frame, for example IPv4 or IPv6.
Data and Pad – contains the payload data. Padding data is added to meet the minimum length requirement for this field (46 bytes).
FCS (Frame Check Sequence) – contains a 32-bit Cyclic Redundancy Check (CRC) which allows detection of corrupted data

Unicast MAC address

  • This is the unique address used when a frame is sent froma single transmitting device to a single destination device

Broadcast MAC address

  • Contains a destination address that has all ones in the host portion
  • All host (end devices) on that local network will receive and process the packet
  • Broadcast MAC address is FF FF FF FF FF (48 ones in binary)

Multicast MAC address

-source device sends packet to a group are assigned a multicast group  ip address

Multi cast address is to



  • Layer 2 switches uses mac address to make forwading decsions
  • It uses MAC address to push the frame\
  • Hubs repeats bits out all ports except the source port
  • Switches uses a mac address table to make forwarding decisions
  • Mac address table is also known as content addressable table







Frame Forwarding methods

– A switch receives a frame from different devices and updates its mac address table
1. Stores and Forward

– Receive the whole frame and does the cyclic reducndancy check
– Whern crc is good, the switch checks the mac address table and forwards the frame
2. Cut through
– A cut throuhj switch forwards the frame before it is entirely received
– Router should have destination MAC before frame can be forwarded

Two types of the cut through

 Fast forward switching
 Fragment free switching

  1. Memory Buffering on Switches


  • It’s a method of storing frame before forading them
  • Used when the destination port is busy due to congestion and the switch stores frame until it can be transmitted
  • Port based
  • Shared Memory

Duplex and Speed Settings

  • Basic settings of a switch are bandwidth and speed
  • Done on individual port
  • It has to match between the switch port of both sender and receiver
  • Full duplex : both ends of the connection can send or receive at the same time
  • Half Duplex: only one end of the connection can send at a time
  • AUTO MDIX detects the type of connection required and figures the interface accordingly
  • Cables should be terminated correctly and te correct one for the devices e.g cross over or straight through

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a network protocol used to find the hardware (MAC) address of a host from an IP address. ARP is used on Ethernet LANs because hosts that want to communicate with each other need to know their respective MAC addresses. It is a request-reply protocol; ARP request messages are used to request the MAC address, while ARP reply messages are used to send the requested MAC address.
Consider the following example:

how arp works
Host A wants to communicate with the host with the IP address of Host A doesn’t know the MAC address of the host with that IP address, so it will send an ARP request, requesting the MAC address. Because the ARP request is sent to the broadcast address, the switch will flood the request out all interfaces. Every device on the LAN will receive the request, but only the device with the IP address of will process it and send an ARP reply message, listing its MAC address. Host A will receive the reply and the communication between the two devices can be established.
ARP requests are sent to the Layer 2 broadcast address of FF:FF:FF:FF:FF:FF (all 1s in binary). The ARP reply is an unicast message sent only to the host that sent the ARP request.
Hosts store the ARP results, keeping the information in their ARP cache. Each time a host needs to send a packet to another host on the LAN, it first checks its ARP cache for the correct IP address and matching MAC address. The addresses will stay in the cache for a couple of minutes. On Windows, you can display the content of the ARP cache by using the arp -a command:
arp a command windows

Some sources mention ARP as a Layer 2 protocol, while other place ARP at Layer 3.


How ARP Works




-Your computer will have data that it needs to send (I’m assuming that we’re using TCP/IP from here on). When the data gets to the Network layer it will put on the destination IP address.

-All of this info (the network layer datagram, aka packet) is passed down to the data link layer where it is taken and placed within a data link frame.

-Based on the IP address (and the subnet mask), your computer should be able to figure out if the destination IP is a local IP or not.

-If the IP is local, your computer will look in it’s ARP table (a table where the responses to previous ARP requests are cached) to find the MAC address.

-If it’s not there, then your computer will broadcast an ARP request to find out the MAC address for the destination IP.

-Since this request is broadcast, all machines on the LAN will receive it and examine the contents. If the IP address in the request is their own, they’ll reply.

-On receiving this information, your computer will update it’s ARP table to include the new information and will then send out the frame (addressed with the destination host’s MAC address).


-If the IP is not local then the gateway (router) will see this (remember, the ARP request is broadcast so all hosts on the LAN will see the request). The router will look in it’s routing table and if it has a route to the destination network, then it will reply with it’s own MAC address.

-This is only the case if your own computer doesn’t know anything about the network topology.

-In most cases, your computer knows the subnet mask and has a default gateway set. Because of this, your own computer can figure out for itself that the packet is not destined for the local network.

-Instead, your computer will use the MAC address of the default gateway (which it will either have in it’s ARP table or have to send out an ARP request for as outlined above).

-When the default gateway (router) receives the frame it will see that the MAC address matches it’s own, so the frame must be for it. The router will un-encapsulate the data link frame and pass the data part up to the network layer.

-At the network layer, the router will see that the destination IP address (contained in the header of the IP packet) does not match it’s own (remember, the IP address has not been touched at all in this process since your computer created the IP packet).

-The router will realise that this is a packet that is supposed to be routed. The router will look in it’s routing table for the closest match to the destination IP in order to figure out which interface to send the packet out on.

-When a match is found, the router will create a new data link frame addressed to the next hop (and if the router doesn’t know the hardware address for the next hop it will request it using the appropriate means for the technology in question).

-The data portion of this frame will contain the complete IP packet (where the destination IP address remains unchanged) and is sent out the appropriate interface.

-This process will continue at each router along the way until the information reaches a router connected to the destination network.

-It will see that the packet is addressed to a host that’s on a directly connected network (the closest match you can get for an address, short of the packet being addressed to you). It will send out an ARP request for MAC address of the destination IP (assuming it doesn’t already have it in it’s table) and then address it to the destination’s MAC address.

– How the router does this will depend on what type of connection (and in some cases, what protocol and/or encapsulation is used on the connection).

-This is why the OSI model is good. It’s layered so that any layer can change and as long as it takes in information in a standard way (the way the layer above wants to send it) and spits out information in a standard way (the way the layer below wants to receive it), then it’s all good.



CCNA (routing and switching)

Easy way to subnet

Easy Way to Subnet

Learn the easy way to subnet using the proven Subnetting Secrets method.


Step 1

Write out the subnetting cheat chart by hand.  You need to be able to do it by hand in case you have to work out subnetting problems in your head or in an exam.  The subnetting cheat chart is here.


Step 2

Look at the IP address and subnet mask.  If the subnet mask is written out in abbreviated form (called CIDR) then just count up in blocks of eight and add the last few numbers to reach the subnet mask. e.g. – we need to work out what the slash 26 actually is when written out as a full subnet.  The binary maths section tells you that 255 in binary is equal to 8 and we need to reach 26 so..


255 is 8 255.255 is 16 bits 255.255.255 is 24 bits and to get to 26 we need to add 2 to 24 so tick two places down on the top left column on the subnetting cheat chart.




So you can see that by ticking down two (which is 24 + 2 = 26 bits) we have generated the subnet mask of which if write out in binary bits is 26 binary bits (or 8 + 8 + 8 + 2).


Step 3

Tick the same number across the top row of the Subnetting Secrets Cheat Chart.


128 64 32 16 8 4 2 1


The above table is purely one binary octet written out in decimal.  Whichever number your last tick ends at tells you which number your subnets begin on.  Don’t worry if this doesn’t make much sense at the moment.  Please keep with it and like any new still, it will click very soon.


So we have it number 64 which tell us that our subnets are going up in increments of 64.  Our host number out of the IP address is the number 23.  It is 23 because 192 is a traditional class C address so we can only use numbers in the last octet for IP addresses.


Let’s write out our subnets counting up in increments of 64.  We are allowed to start with IP subnet zero because the guys who invented the RFC (requests for comment) for subnetting designed it to permit that. – this is the first subnet and is known as the zero subnet. Host number 23 is in here because if we go to the next subnet we have gone well past 23. – we have added the first 64 to the end. – we have added another 64 to the end.  This is our 3rd subnet. – our last subnet.  We can’t go higher because our subnet mask ends in 192.


The answer to the question ‘which subnet is host in is subnet



Step 4 (Optional)

We have actually reached the answer so in an interview or exam stop there.  They may ask another question though.  They may ask you to identify the first and last host and the broadcast addresses for your subnet.  This step is very easy.


Take the subnet our host is in.  To get the first host just add one to the subnet so the answer is


To get the broadcast address just jump to the next subnet and subtract one.  Remember that the boxes our number go in can only run from 0 up to 255.  We are working in binary here and writing it out in decimal.  This is where novice network engineers can get stuck.  Just picture each box as a rolling set of numbers like an odometer in a car.  It just rolls from 0 to 1 to 2 to 3 and so on until it reaches 255 and then it rolls back to 0.


Take one away from the second subnet so the broadcast address for your first subnet is


To get the last host address take one away from that number.  The answer is

CCNA (routing and switching)

module 1 – Chapter 4B : Network Access

The data link layer

It is responsible for

  • Allowing upper level layers to access the media
  • Accepting layer 3 packets and packaging them into frames
  • Preparing network data for physical network
  • Exchanging frames between nodes over a physical network such as UTP
  • Receiving and directing packets to an upper layer protocol
  • Performing error detection

Layer 2 notation for network devices connected to a common media is called a node

Nodes build and forward frames


The data link layers


  1. Logical Link Control
  2. Media Access Control



  • Communicates with the network layer
  • Places info in the frame that identifies which network layer protocol is being used for the frame.
  • Upper sub layer



  • Lower sub layer
  • Processes things done by the hardware
  • Provides addressing and access to various network technologies
  • Communicates with Ethernet LAN to send and receive frames on copper or fibre


The Mac

  • This is the method for getting the frame on and off the media
  • Data link layer protocols govern how to format a frame for use of different media
  • Without the data link layer, network layer would make provisions for connecting to every type of media that could exist along the delivery path
  • The mac is a unique i.d for source or destination host
  • Router interfaces encapsulate the packet into the apropritae frame and a suitable MAC method is used to access each link.


At each hop along the path , a router

  • Accepts a frame from medium
  • De-ecapsualetes the frame
  • Re-encapsulates the packet into a new frame



  • IEEE
  • ISO
  • ITU
  • ANSI



This is the arrangement or relations of the network devices and te interconnections between them



PHYSICAL TOPOLOGY: physical connections and identifies how end devices such as routers, switches and wireless access points are interconnected.

They are usually point-to-point



LOGICAL TOPOLOGY – refers to a way a network transfers from one node to the next

these are virtual connections




Common Physical WAN topologies

  •  Point-to-Point Topology
  • Hub and Spoke  Topology
  • Full Mesh Topology


CCNA (routing and switching)

module 1 – Chapter 4A : Network Access

I broke this chapter into two (Physical layer {4A} then Data Link {4B})


To support our communication, the OSI model divides the functions of a data network into layers.

on the sending device

Data link : prepares data for transmission and controls how that data  accesses physical media

Physical layer: controls how the data is transmitted onto the physical media by encoding frames into binary bits


Receiving end


Physical layer :passes frame to the data link layer for processing

Data link: protocols that govern how to format a frame for use with different media


Types of connections on physical

all end devices  and wireless access points

network Interface cards (nic)


  • the idea is to get frame from data link and encode it as a series of signals

Process that data undergoes from source to destination node


  • data segmented by transport layer
  • placed into packets by network layer
  • encapsulated into frames by data link
  • physical layer encodes frames and creates electric,optical or radio wave signals bits
  • signals sent on the the media (fiber, utp,or coaxial cable for example) one at a time


  • Destination node physical  layer retrieves the individual signal from media and restores them to their bit representation. it also passes the bits up to the data link layer as a complete frame.


  • copper cable
  • fibre -optic cable
  • wireless




physical layer standards

  1.  ISO
  2. IEEE
  3. EIA/ TIA
  4. ANSI
  5. ITU-T

functions of the physical layer

  • physical components : these are the electronic h/w devices and media
  • Encoding : method of converting a stream of data bits
  • Signalling : the generating of electrical optical 1’s and 0’s
  • Bandwidth : the capacity of a a medium to carry data, example is the chat belowchap4-2

Throughput : the measure of the transfer of bits across the media over a given period of time.  factors that influence it the amount of traffic ,type of traffic and latency (LATENCY – the amount of time ,to include delays for data to travel from one given point to another)

Characteristics of Copper Cabling

  • inexpensive
  • easy to install
  • resistance ti electrical current
  • limited by distance
  • signal interferenace

Interference of copper cabling

  1. EMI ( Electromagnetic Interference) and (radio Frequency Interference )

these can corrupt data signals being carried via copper cables

potential sources of EMI and RFi are flourescent lights

2. Crosstalk

caused by electric and magnetic fields of a signal on a wire to the one which is adjacent to the wire.


Copper Media

  • UTPchap4-4
  • STP (shielded)chap4-5
  • COAXIAL CABLEchap4-6

UTP cabling standards

1 Cat 3

used for voice communication

for phone lines

2. CAT 5 and 5E

for data transmission

cat 5 = 100 MBps

cat 5e =1000 MBps


3. CAT 6

data transmission

it has got separators to make data travel fast

1000MBps to 10 GBps





Types of termination of cables




its good for long distance

less alternnation and complete immune to EMI and RFI

bits encoded as light impulses.

it is used in four types of industries

  •  Enterprise network
  • Fibre to the home
  • Long Haul networks
  • Subamarine Cable networks


Types of Fiber media

Single -Mode Fiber

  • small core
  • uses expensive laser technology
  • suitable for long distances
  • used with campus backbones for distance (different campuses)
  1. Multi mode

– uses led emitter to send light pulses.

– popular in LANS

– low cost LED

-up to 500 mchap4-10


Fibre Optic  Connectors

  • ST connectors
  • SC connectors
  • LC connectors
  • Duplex multimode LC connectors


Three common types of Fiber Optic Termination errors

  1. Misalignment
  2. End Gap
  3. End finish – this might be dirt on the end/tip of the fibre cable

The device below helps you to check if you have spliced the cable correctly as it shows you the power levels of the link




chap4 14.PNG



Properties of wireless media

  • Electromagnetic signals that represent the binary digits
  • Uses radio and microwave frequency




  • Coverage area: work well in open environment but affected by physical setting like trees buildings
  • Intereferance : affected by microwave ovens
  • Security : an open network can be accessed
  • Shared medium : operate in hald duplex


Wireless  Standards

  • WiFi
  • Bluetooth
  • Wimax



CCNA (routing and switching)

module 1 – Chapter 1 : Explore the Network

A summary of this chapter

The chapter aims to give you an insight about

  • how multiple networks are used in everyday life
  • Explain the topologies and devices used in a small- to medium-sized business network
  • the basic characteristics of a network that supports communication in a small- to medium-sized business.
  • trends in networking that will affect the use of networks in small to medium-sized businesses

Sizes of the network

  1.  small home network
  2. Small office home office (SOHO)
  3. Medium to Large networks
  4. World wide networks


Need to understand the relationship between Clients and servers

Server : computers that enable to provide info like

  • Email – mail server
  • Web pages – web server
  • Files – file server
  • etc

You need to know the THREE categories of the network structure

DEVICES -laptop ,desktop

Medium (plural media)- cables, fibre

Services – email hosting, applications

End devices: either the source or destinanation of the message.


The chapter goes on to talka bout toplogies.

A topology provides a visual map of how the network is connected.


Physical : indentify the physical local of intermediary devices and cable installation

Logical:identify devices , ports abd addressing scheme.


Types of networks

LAN:Local area networks

WAN : Wide area networks

MAN: metropolitan Area  networks

WLAN : Wireless Lan

SAN: Storage Area network




Internet , Intranet and Extranet

Internet: collection of interconnected networks

Intranet : a private connection of LANs and WANs  that belong to an org

Extranet: providing access to another organisation e.g  econet gives an Ecocash (payments and receipts access ) to ZESA for them to check for all ecocash transactions done to them via ecocash ..(this is just an example handina kuti ndozvinoitika !!!!!!!)




Network Architecture


these are the rules that move data across the network and the characteristics are

  • fault tolerance :  when one link is affect it shouldnt affect others
  • Scalability  : easy to expand
  • Quality of service : managing congestion and giving priority of data e.g prioritising your file server over facebook and youtube
  • Security :network security  and information security



I have attached a summary from Cisco for  chapter 1


Truly yours


Nyasha Charumbira

CCNA (routing and switching)

What Is CCNA?

Cisco Certified Network Associate (CCNA) Routing and Switching is a certification program for entry-level network engineers that helps maximize your investment in foundational networking knowledge and increase the value of your employer’s network. CCNA Routing and Switching is for Network Specialists, Network Administrators, and Network Support Engineers with 1-3 years of experience. The CCNA Routing and Switching validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks.

To earn this Cisco certification, you must pass the following exam(s):

Option 1: CCNA Composite

200-120 CCNA

CCNA Composite Exam: The 200-120 CCNA is the composite exam associated with the Cisco CCNA Routing and Switching certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices: Accelerated (CCNAX) course. This exam tests a candidate’s knowledge and skills required to install, operate, and troubleshoot a small to medium size enterprise branch network. The topics include all the areas covered under ICND 1 and ICND2 Exams.

Option 2: ICND1 and ICND2

100-101 ICND1

The 100-101 Interconnecting Cisco Networking Devices Part 1 (ICND1) is the exam associated with the Cisco Certified Entry Network Technician certification and a tangible first step in achieving the CCNA Routing and Switching certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) course. This exam tests a candidate’s knowledge and skills required to successfully install, operate, and troubleshoot a small branch office network. The exam includes topics on the Operation of IP Data Networks; LAN Switching Technologies; IP Addressing (IPv4 & IPv6); IP Routing Technologies; IP Services (DHCP, NAT, ACLs); Network Device Security; Basic Troubleshooting.


200-101 ICND2

The 200-101 Interconnecting Cisco Networking Devices Part 2 (ICND2) is the exam associated with the CCNA Routing and Switching certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 2 (ICND2) course. This exam tests a candidate’s knowledge and skills required to successfully install, operate, and troubleshoot a small to medium size enterprise branch network. The exam covers topics LAN Switching Technologies; IP Routing Technologies; IP Services (FHRP, Syslog, SNMP v2 and v3); Troubleshooting; WAN Technologies.