800 East 96th Street
Indianapolis, Indiana 46240 USA
Cisco Press
Authorized Self-Study Guide
Interconnecting
Cisco Network Devices,
Part 2 (ICND2)
Steve McQuerry,
CCIE No. 6108
ii
Authorized Self-Study Guide
Interconnecting Cisco Network Devices, Part 2 (ICND2)
Steve McQuerry
Copyright© 2008 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing February 2008
Library of Congress Cataloging-in-Publication Data:
McQuerry, Steve.
Interconnecting Cisco network devices. Part 2 (ICND2) / Steve McQuerry.
p. cm.
ISBN 978-1-58705-463-1 (hardback)
1. Internetworking (Telecommunication)—Examinations—Study guides. 2. Computer networks—Problems,
exercises, etc. 3. Telecommunications engineers—Certification—Examinations—Study guides. I. Title.

ized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service mark.
Publisher Paul Boger
Associate Publisher Dave Dusthimer
Cisco Representative Anthony Wolfenden
Cisco Press Program Manager Jeff Brady
Executive Editor Brett Bartow
Managing Editor Patrick Kanouse
Development Editor Deadline Driven Publishing
Senior Project Editor Tonya Simpson
Copy Editors Gill Editorial Services
Written Elegance, Inc.
Technical Editors Tami Day-Orsatti,
Andrew Whitaker
Editorial Assistant Vanessa Evans
Book and Cover Designer Louisa Adair
Composition ICC Macmillan, Inc.
Indexer Ken Johnson
Proofreader Language Logistics, LLC
iv
About the Author
Steve McQuerry, CCIE No. 6108, is a consulting systems engineer with Cisco focused on
data center architecture. Steve works with enterprise customers in the Midwestern United
States to help them plan their data center architectures. Steve has been an active member of
the internetworking community since 1991 and has held multiple certifications from
Novell, Microsoft, and Cisco. Before joining Cisco, Steve worked as an independent
contractor with Global Knowledge, where he taught and developed coursework around
Cisco technologies and certifications.
v
About the Technical Reviewers

in all your endeavors.
vii
Acknowledgments
A great number of people go into publishing a work like this, and I would like to take this
space to thank everyone who was involved with this project.
Thanks to the ICND course developers. Most of this book is the product of their hard work.
Thanks to the technical editors, Tami and Andrew, for looking over this work and helping
maintain its technical integrity.
Thanks to all the real publishing professionals at Cisco Press. This is a group of people with
whom I have had the pleasure of working since 1998, and it has been a joy and an honor.
Thanks to Brett Bartow for allowing me the opportunity to write for Cisco Press once again,
and to Chris Cleveland for gently reminding me how to write again after a three-year break.
It’s definitely not as easy as riding a bike. Thanks to Ginny Bess for keeping the work
flowing and dealing with my bad jokes. Also to Tonya Simpson, Patrick Kanouse, and the
rest of the Cisco Press team—you are the best in the industry.
Thanks to my manager at Cisco, Darrin Thomason, for trusting me to keep all my other
projects managed while working on this project in my spare time (wait, do we have spare
time at Cisco?).
Thanks to my customers, colleagues, and former students. Your questions, comments, and
challenges have helped me continue to learn and helped teach me how to pass that
information to others.
Thanks to my family, for their patience and understanding during this project and all my
projects.
Most importantly, I would like to thank God for giving me the skills, talents, and
opportunity to work in such a challenging and exciting profession.
viii
ix
Contents at a Glance
Foreword xviii
Introduction xix

Example: Network Design 18
Considering Traffic Source to Destination Paths 20
Voice VLAN Essentials 22
VLAN Operation 23
Understanding Trunking with 802.1Q 24
802.1Q Frame 25
802.1Q Native VLAN 26
Understanding VLAN Trunking Protocol 26
VTP Modes 27
VTP Operation 28
VTP Pruning 29
Configuring VLANs and Trunks 30
VTP Configuration 30
Example: VTP Configuration 31
802.1Q Trunking Configuration 32
VLAN Creation 35
VLAN Port Assignment 37
Adds, Moves, and Changes for VLANs 38
Adding VLANs and Port Membership 39
Changing VLANs and Port Membership 39
Deleting VLANs and Port Membership 39
Summary of Implementing VLANs and Trunks 39
xi
Improving Performance with Spanning Tree 40
Building a Redundant Switched Topology 40
Choosing Interconnection Technologies 40
Determining Equipment and Cabling Needs 42
EtherChannel Overview 43
Redundant Topology 45
Recognizing Issues of a Redundant Switched Topology 46

Securing Switch Protocols 70
Mitigating Compromises Launched Through a Switch 70
Describing Port Security 71
802.X Port-Based Authentication 73
Summary of Securing the Expanded Network 76
xii
Troubleshooting Switched Networks 76
Troubleshooting Switches 76
Troubleshooting Port Connectivity 77
Hardware Issues 78
Configuration Issues 79
Troubleshooting VLANs and Trunking 80
Native VLAN Mismatches 80
Trunk Mode Mismatches 81
VLANs and IP Subnets 81
Inter-VLAN Connectivity 81
Troubleshooting VTP 82
Unable to See VLAN Details in the show run Command Output 82
Cisco Catalyst Switches Do Not Exchange VTP Information 83
Recently Installed Switch Causes Network Problems 84
All Ports Inactive After Power Cycle 84
Troubleshooting Spanning Tree 85
Use the Diagram of the Network 85
Identify a Bridging Loop 86
Log STP Events 86
Temporarily Disable Unnecessary Features 87
Designate the Root Bridge 87
Verify the Configuration of RSTP 87
Summary of Troubleshooting Switched Networks 87
Chapter Summary 88

Verifying the OSPF Configuration 146
Using OSPF debug Commands 152
Load Balancing with OSPF 154
OSPF Authentication 156
Types of Authentication 156
Configuring Plaintext Password Authentication 157
Example: Plaintext Password Authentication Configuration 158
Verifying Plaintext Password Authentication 159
Summary of OSPF Introduction 159
Troubleshooting OSPF 160
Components of Troubleshooting OSPF 160
Troubleshooting OSPF Neighbor Adjacencies 161
Troubleshooting OSPF Routing Tables 164
Troubleshooting Plaintext Password Authentication 165
Summary of Troubleshooting OSPF 167
Chapter Summary 167
Review Questions 167
Chapter 5 Implementing EIGRP 171
Chapter Objectives 171
Implementing EIGRP 171
Introducing EIGRP 171
Configuring and Verifying EIGRP 174
Load Balancing with EIGRP 181
EIGRP Metric 181
Load Balancing Across Equal Paths 182
Configuring Load Balancing Across Unequal-Cost Paths 182
Example: Variance 183
EIGRP Authentication 184
Creating a Key Chain 185
Configuring MD5 Authentication for EIGRP 188

Example: Numbered Standard IPv4 ACL—Deny a Specific Host 224
Example: Numbered Standard IPv4 ACL—Deny a Specific Subnet 225
Controlling Access to the Router Using ACLs 227
Configuring Numbered Extended IPv4 ACLs 227
Extended ACL with the established Parameter 229
Numbered Extended IP ACL: Deny FTP from Subnets 231
Numbered Extended ACL: Deny Only Telnet from Subnet 232
Configuring Named ACLs 233
Creating Named Standard IP ACLs 234
Creating Named Extended IP ACLs 235
Named Extended ACL: Deny a Single Host from a Given Subnet 237
Named Extended ACL—Deny a Telnet from a Subnet 238
Adding Comments to Named or Numbered ACLs 238
Summary of Configuring ACLs 239
Troubleshooting ACLs 239
Problem: Host Connectivity 241
Summary of Troubleshooting ACLs 243
xv
Chapter Summary 244
Review Questions 244
Chapter 7 Managing Address Spaces with NAT and IPv6 249
Chapter Objectives 249
Scaling the Network with NAT and PAT 249
Introducing NAT and PAT 250
Translating Inside Source Addresses 253
Static NAT Address Mapping 256
Dynamic Address Translation 257
Overloading an Inside Global Address 258
Resolving Translation Table Issues 262
Resolving Issues with Using the Correct Translation Entry 264

Benefits 302
Restrictions 303
IPsec SSL VPN (WebVPN) 304
Benefits 304
Restrictions 305
Components of VPNs 305
Introducing IPsec 307
IPsec Protocol Framework 313
Summary of Introducing VPN Solutions 314
Establishing a Point-to-Point WAN Connection with PPP 315
Understanding WAN Encapsulations 315
Overview of PPP 317
Configuring and Verifying PPP 320
Example: PPP and CHAP Configuration 322
Example: Verifying PPP Encapsulation Configuration 322
Example: Verifying PPP Authentication 323
Summary of Establishing a Point-to-Point WAN Connection with PPP 324
Establishing a WAN Connection with Frame Relay 325
Understanding Frame Relay 325
Example: Frame Relay Terminology—DLCI 328
Example: Frame Relay Address Mapping 331
Configuring Frame Relay 334
Example: Configuring Frame Relay Point-to-Point Subinterfaces 336
Example: Configuring Frame Relay Multipoint Subinterfaces 338
Verifying Frame Relay 340
Summary of Establishing a WAN Connection with Frame Relay 347
Troubleshooting Frame Relay WANs 347
Components of Troubleshooting Frame Relay 347
Troubleshooting Frame Relay Connectivity Issues 348
Summary of Troubleshooting Frame Relay WANs 354

HubServer
Access
Server
Multilayer Switch Route/Switch
Processor
Cisco ASA
Cisco
CallManager
VPN
Concentrator
PIX Firewall
Router with
Firewall
ATM Switch
Web
Server
Mac
Serial Line
Connection
Ethernet
Connection
xviii
Foreword
Cisco certification self-study guides are excellent self-study resources for networking
professionals to maintain and increase internetworking skills, and to prepare for Cisco
Career Certification exams. Cisco Career Certifications are recognized worldwide and
provide valuable, measurable rewards to networking professionals and their employers.
Cisco Press exam certification guides and preparation materials offer exceptional—and
flexible—access to the knowledge and information required to stay current in one’s field of
expertise, or to gain new skills. Whether used to increase internetworking skills or as a

all be accomplished in a cost-effective way. Cisco offers a variety of products to give
network managers and analysts the ability to face and solve the challenges of
internetworking.
In an effort to ensure that these networking professionals have the knowledge to perform
these arduous tasks, Cisco has developed a series of courses and certifications that act as
benchmarks for internetworking professionals. These courses help internetworking
professionals learn the fundamentals of internetworking technologies along with skills in
configuring and installing Cisco products. The certification exams are designed to be a
litmus test for the skills required to perform at various levels of internetworking. The Cisco
certifications range from the associate level, Cisco Certified Network Associate (CCNA),
through the professional level, Cisco Certified Network Professional (CCNP), to the expert
level, Cisco Certified Internetwork Expert (CCIE).
The Interconnecting Cisco Network Devices, Part 2 (ICND2) course is one of two
recommended training classes for CCNA preparation. As a self-study complement to the
course, this book helps to ground individuals in the fundamentals of switches and routed
internetworks.
It presents the concepts, commands, and practices required to configure Cisco switches and
routers to operate in corporate internetworks. You will be introduced to all the basic
concepts and configuration procedures required to build a multiswitch, multirouter, and
multigroup internetwork that uses LAN and WAN interfaces for the most commonly
used routing and routed protocols. ICND provides the installation and configuration
information that network administrators require to install and configure Cisco products.
xx
Interconnecting Cisco Network Devices, Part 2 (ICND2), is the second part of a two-part,
introductory-level series and is recommended for individuals who have one to three years
of internetworking experience, are familiar with basic internetworking concepts, and have
basic experience with the TCP/IP protocol. While the self-study book is designed for those
who are pursuing the CCNA certification, it is also useful for network administrators
responsible for implementing and managing small- and medium-sized business networks.
Network support staff who perform a help-desk role in a medium- or enterprise-sized

problems focusing on Layer 2 switching.
■
Chapter 3, “Medium-Sized Routed Network Construction,” describes routing
operations. This chapter discusses the differences between link-state and distance
vector routing protocols and provides the foundation for Chapters 4 and 5.
■
Chapter 4, “Single-Area OSPF Implementation,” looks at how to configure OSPF to
act as a routing protocol within a network. This chapter describes the operation of the
protocol and provides configuration examples for a single area. The chapter also
includes troubleshooting steps.
■
Chapter 5, “Implementing EIGRP,” discusses the EIGRP routing protocol. It describes
the operation of the protocol and the configuration requirements. It also includes
troubleshooting steps.
■
Chapter 6, “Managing Traffic with Access Control Lists,” discusses how access control
lists are used in Cisco IOS to identify and filter traffic. The chapter discusses the
configuration of the lists and provides some practical applications of these lists.
■
Chapter 7, “Managing Address Spaces with NAT and IPv6,” discusses the limitations
of IPv4 address space, specifically that these addresses are running out. The chapter
discusses how Network Address Translation (NAT) and Port Address Translation
(PAT) are helping conserve addresses and how IPv6 will alleviate this problem. The
chapter also discusses the configuration of NAT, PAT, and IPv6.
■
Chapter 8, “Extending the Network into the WAN,” describes how different sites can
be connected across a wide-area network or using the Internet. It discusses VPN and
SSL VPN (WebVPN) solutions as well as traditional leased line and Frame Relay
connections. The chapter also provides a troubleshooting section.
■