Cisco Subnetting Game Solutions

I pulled excerpts from the discussion page, to verify my own results. It seems that you have to use the whole Class C space to make the subnets even if you don`t need all the hosts. The hint is don`t worry about wasted addressing space, it`s a game for fast subnet calculations and it gets very addicting.

It`s a race against time to subnet the networks for the buildings in Area 51 before the aliens attack!

The moderator writes:
A common mistake new players make is failing to set the correct subnet mask. Even if all of the subnets have a green arrow, you still must enter the correct subnet mask in order for the game to advance. For example, if the instructions ask you to designate 2 subnets, the mask must be set to 255.255.255.128

Also, remember to click the "Set" button after each entry.

Level 1 by C Byington
Janet Area
2 Areas = 255.255.255.128
1st room
Network 192.168.1.0
Broadcast 192.168.1.127
Router 192.168.1.1

2nd Room
Network 192.168.1.128
Broadcast 192.168.1.255
Router 192.168.1.129

J Vaagen has some tips:
Memorize the subnet masks and the associated number of networks.
Then work at the 8x multiplications all the way to 248.

A tip to use in the 224 mask;
network 192.168.0.0
last ip (gateway + 30 = 31)
gateway 192.168.0.1

a lot of the scenarios use 224 as the mask..

David the Instructor:
The following table shows you possible subnet masks and why they are a certain value. Remember we borrow from the left and move to the right for more subnets.

bit 8 7 6 5 4 3 2 1
---------------------------------------------
weight 128 64 32 16 8 4 2 1

128 1 = 2 subnets
192 1 1 = 4 subnets
224 1 1 1 = 8 subnets
240 1 1 1 1 = 16 subnets
248 1 1 1 1 1 = 32 subnets
252 1 1 1 1 1 1 = 64 subnets

More hints about valid hosts and usable subnets, by Zose:
The formula 2^(number of bits) - 2 only applies to "host" bits. When determining the number of hosts in a network you use this formula. The "-2" comes from subtracting the Network Host (first IP address) and the Broadcast Host (last IP address).

When determining the correct number of subnets you do not subtract 2 normally. The only time you would subtract 2 to find the number of usable subnets is if the "ip subnet zero" command was in use (meaning the 1st subnet is not usable), and if the router is using a classful (IGRP, RIPv1) routing protocol. Usually this is not the case as both IGRP and RIPv1 are older protocols and are not commonly used any more. Instead classless protocols such as RIPv2, EIGRP, and OSPF are used.

Emmanuel has finished the game!
Okay. I've just finished the game with 32445 points. I understand your frustration cause the text is not so explicit. In this case, it means that for each of the initial subnets (8 subnets for a maximum of 16) you have to consider that this subnet could be extended in the future. So 16 subnets for the mask is the right answer (255.255.255.240) but you must leave one reserved subnet between two of these 8 initial subnets. For example suppose the network number is 192.168.1.0. With a /28 mask, the first subnet is 192.168.1.0 (With a broadcast of 192.168.1.15), the second is 192.168.1.32 (192.168.1.16 reserved for the first subnet and broadcast = 192.168.1.47), the third is 192.1.168.64 (With a broadcast of 192.168.1.79) ... Etc.

An answer with contiguous subnet numbers is wrong cause for a subnet to be extended in the future, the future reserved part must be contiguous with the initial part in order to get the possibility to migrate easier from or to the 255.255.255.224 mask (In this case we really have no more than 8 subnets but each subnet is equivalent of 2 initial subnets).

I've noticed you might have to solve this kind of problem in level 4 and 5 too with more text or no text. For the Aliens rooms there's no text and you have 8 rooms with devices. You have to imagine that aliens population will grow like the science fiction films and therefore in this case other rooms or subnets would be necessary... I guess it's this concept of creating more subnets than showed on the screen which is the same problem for us, Jesse, David, James, Joel, Joseph and others : green everywhere except that the great "Finished" doesn't appear. I take this example of the aliens cause they are impredictible... Once you have been lucky to consider the same number of devices per room, next time you might have one alien room with 16 devices whereas 4 for another : Welcome VLSM ! Different situation and i understand why there is no text about what to do !

Applying these rules to solve your problem, i am sure you will successful in finishing the game. For me, the most difficult is the 32 subnets challenge in level 5 cause it needs to save time with the previous problems in typing correctly as fast as possible : in this question, you have to enter 32x3 numbers plus the subnet mask !

Mobile IPv6 for earth

Studying for the CCNA Exam and the next topic is ipv6. I remember my teacher explaining that the last ipv4 address was given out in November 2011, and the number one reason was the proliferation of smart phones requiring an IP address. Did some reading on cell phones in general, curious on what's new because I don't even own one myself, and my brother keeps bugging me that I'm missing out (What, on Angry Birds?) and they mentioned about mobile IP and I put the two ideas together.... well they must be using IP v6!

Mobility driving the requirement to maintain the same IP address while moving seamlessly across different networks. That's pretty cool. Read all about Mobile IP. 

So do all the addresses really start with 2 (for planet earth?). The prof also had a few other wacky ideas too, like he could write a book about IPv6 in less than page, and that to  make millions in IT just sign up to be the IPv6 networking guy. It would be easier job ever. Really? So I guess this is my book on IPv6: (Be careful with the use of colons, they mean something!)

The IPv6 address is formed from 32 bits of hex.
The global unicast begins with 2000

The Link Local Address refers to the physical link
- not for forwarding datagrams
- for neighbor discovery and route discovery
- begins with FE80 <internal mac address> or FFEE

The Loopback address is ::1 which means all preceding zeros.

Unspecified address
- a host looking for his own address
0:0:0:0:0:0:0:0 or ::

Stateless Autoconfiguration
prefix + interface ID

Stateless DHCP

HOW TO Enable IPv6 on a router
usage: ipv6 unicast routing
usage: ipv6 address 2001:db8:c18:1:: 64
(the first part was the global address, no need to write sequential or preceding zeros, the 64 means eui-64)
* Specify the 64 bit prefix by using eui-64 if you want the router to derive interface ID portion from mac addres

* You can automatically get the link-local address FE80:
show ipv6 int ethernet 0

RIP based on RIPv2
* uses the multicast group FF02::9

QUIZ
Do you want to be IPv6 Certified by Hurricane Internet Services? Here is a quick link to a neat service. I think they are a web hosting service.

ICND2 Topic: Access Lists, Standard and Extended

A topic for the practical CCNA Exam, but it is only in the ICND2. This will be discussed in greater detail when the article is more complete. For starters,

Setting up an access list on a brand new Cisco router, here are a few key points to remember:

• Implicit deny at the end of access lists; you must permit administrative traffic or you will block yourself out of the router
• Order matters, place the most restrictive rules first, or the more restrictive rules will never get a hit
• Issue one access list per direction or interface
• Standard access lists are placed closest to the destination
• Extended access lists closest to the source, purpose being to eliminate undesirable traffic across network

REMEMBER: Specific statements at the start; general ones after. Assume deny all. Use a "permit any" statement at the end.

IMPORTANT: Create the ACL before applying to an interface. An empty ACL applied will permit all traffic.
Access Lists inspect criteria for permit or deny rules based on source address, destination address, protocols, and port numbers. They operate on the principle of inbound rules process packets before routing to outbound.

Special handling required to identify

• type of traffic to be encrypted on VPN
• identify a router
• route filtering, which route to include in updates
• policy based routing
• NAT

Standard Access List
Checks for the source on entire protocol suite
Standard IP ACL 1 to 99 & 1300 to 1999

Here is an example from Cisco Tests:
access-list 10 deny 172.16.3.10 0.0.0.0
access-list 10 permit any
access-list 10 remark Stop all traffic whose source IP is Bob

Extended Access List
Checks both source and destination address, protocols and port numbers.
Extended IP ACL 100 to 199 & 2000 to 2699

access-list 110 remark Stop Bob to FTP Server and Larry to WWW Server
access-list 110 deny tcp host 172.16.3.10 172.16.1.0 0.0.0.255 eq ftp
access-list 110 deny tcp host 172.16.2.10 host 172.16.1.100 eq www
access-list 110 permit ip any any

Dynamic ACL - telnet

Reflexive ACL - allows outbound, limits inbound. These are defined as a extended by named IP ACL not a numbered one like the standard.

Time based ACL - can be used with standard and extended ACL

usage:
ip access-list standard TROUBLEMAKER
 permit ....
 deny ....
 remark .... a good idea to explain what the rule is for!

HOW TO Apply the IP Access List to an Interface
int eth 0
 ip access-group TROUBLEMAKER out

show access-lists
no ip access-list extended
access-list resequence

Removing the Access List
conf t
int eth 0
no ip access-group # in
exit
no access-list #

In  a lab setup, you'll have to really trust your neighbors not to lock you out.
Use the host keyword when  you are specifying a single machine.
host 172.16.10.2 means the same as 172.16.10.2 0.0.0.0
Use the any keyword to specify 0.0.0.0 255.255.255.255 wild card masking.
Use when you don't care about source or destination addresses because  you are filtering on other parameters.

me: access-list 1 permit host 10.10.10.8 (need to permit own wokstartion)
buddy1: access-list 1 permit host 10.0.0.101
buddy2: access-list 1 permit host 10.0.0.106
buddy1: access-list 1 permit 30.3.3.0 0.0.0.255
buddy2: access-list 1 permit host 80.8.8.0 255.255.255.255

How to apply the access-list on a vty interface
usage: access-class 1 in

How to create an IP named standard access-list?
usage: ip access-list standard name

syntax:
access-list [number] [permit or deny] [protocol] [source] [destination] [port]

Cisco ICND1 Flashcard: IP Subnetting Quick Tips

Classes of IP Addresses

Sample Quiz
Will these IP's require a router to talk to each other? This is another way of asking are these hosts on the same network or subnet?

Given 192.168.1.0/ 24
Host a: 192.168.1.33/ 27
Host b: 192.168.1.50/ 28
Host c: 192.168.1.100/ 26
Host d: 192.168.1.90/ 27

There are whole chapters in books dedicated to subnetting. This can be easily simplified into two rows of numbers; it would be a very short book if I was writing it. This is like subnetting in your brain!

Write this down:
128  64  32   16   8     4     2      1
128 192 224 240 248 252 254 255

Start with Host a 192.168.1.33
/ 27 mask means a mask of 255.255.255.224
Then valid networks are 0, 32, 64, etc *
Network address would be .32
Valid hosts would be .33 to 62
Broadcast address would be .63
The number of subnets 2^3  = 8 where 3 is the number of masked bits or 1s
The number of hosts in each subnet 2^5 -2 = 30

* Finding the subnet base number
256 - mask = base number
Host b 192.168.1.50
/28 means a mask of 255.255.255.240
The valid networks would be 0, 16, 32, 48, 64 etc
Network address would be .48
Valid hosts would be .49 to 62
Broadcast address would be .63

Host c 192.168.1.100
/26 means a mask of 255.255.255.192
The valid networks are 0, 64, 128 etc
Network address is .64
Valid hosts  .65 to 126
Broadcast .127

Host d 192.168.1.90
/27 mask means 255.255.255.224
Valid networks 0, 32, 64, 96
Network address is .64
Valid hosts .65 to .94
Broadcast .95

Answer, no body can talk to each other because they're on different subnets (different network addresses). A router would be required.

Binary Quiz
Convert 452 into binary
answer: 111000100

What is 11000111?
answer: 199

Convert 11101000111 into decimal
answer: 1863

A Class A network has 3 octets for the host field.
What is the practical minimum number of bits to borrow? 2
Using six subnet bits, how many usual subnets are created?
62

How many subnet bits do you borrow?
To see how many bits you should borrow from the host portion of the network address to give the required number of subnets, you should...
answer: substract the number of subnets you need from the network portion

Cisco ICND1 Flashcard: NAT, PAT, Overloading

Network Address Translation

When you have internal IP addresses routing to another network and you don't want someone to know the originating IP address, you can use NAT.  Or if you have internal IP addresses mapping to the Internet and you have a limited number of Public IP addresses to give out.

NAT operates on a Cisco Layer 3 and designed for IP address simplification and conservation by converting private IP addresses into public IP addresses.  Apparently, NAT is not to be used with tunneling protocols or IPSec.

STATIC NAT
This means statically assigned by a network adminstrator I presume, one by one. The steps include, applying the NAT to the interface


LAB SUMMARY
Configure Static NAT on Router 1, inside and outside interfaces, x = 2 for my Pod 2
usage: conf t
ip nat inside source static 192.168.xx.10 172.16.xx.10
int fa 0/0
ip nat inside
int serial 1/1
ip nat outside
end

show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics

Remove Static NAT from Router 1
usage: conf t
no ip nat inside source static 192.168.xx.10 172.16.xx.10

DYNAMIC NAT
Use the IP address assignment by DHCP.  The quickest way would be to use a DHCP server. Create a pool name, range

Create a standard ACL to permit traffic from the switch network and deny everyone else.
usage: conf t
access-list 3 permit 192.168.xx.0 0.0.0.255
ip nat pool LAN 172.16.xx.65 172.16.xx.126 netmask 255.255.255.192

Enable the translation by tying the access list (3) to the pool (LAN) and leave config mode
ip nat inside source list 3 pool LAN
end

show ip nat translations
debug ip nat
ping 10.1.1.1
show ip nat statistics

To clear the entire NAT table usage: clear ip nat translations *
To remove Dynamic NAT from router 1 usage: no ip nat inside source list 3 pool LAN
Another day, I'll add more info about PAT
PAT is many-to-one dynamic translation.

Bonus
I wonder if this is the same way to NAT IPv4 addresses with IPv6. In fact, on newer computers and laptops, the Network Settings Info will also include an IP v6 address. In the late 1990's the US DOD issued a command that all new computer systems being purchased must be IP v6 compatible. Most are, as the IPv6 address is formed from the MAC address. It's HEX and the initial digit assigned is a 2 (the number 2) which indicates planet Earth. Now that's planning ahead for future implementation, scalable to include the rest of the galaxies. To Infinity and Beyond!

Troubleshooting NAT
* Determine if there are enough addresses in the NAT pool
* Verify that the router interfaces are appropriately defined as NAT inside or NAT outside
* Verify that the ACL referenced by NAT command is permiting the necessary inside local IP addresses

Cisco ICND1 Flashcard: Static Routing

Use of Static Routes
When the network is small and there are few routers, a network administrator can program static routes to set the path from one LAN to another. In a small network, this results in more security because routing table updates don't have to be sent over the network periodically because things won't change!

usage: ip route network-address-destination subnet-mask-remote-network ip-address of next hop router or exit-interface

Default Static Route
A default static route allows a stub network to reach all known networks beyond the next hop router.   It is useful when the route from source to destination is not known or there are just too many routers to name. This is the perfect setting for the edge router of a company reaching to the ISP network.
 conf t
usage: ip route 0.0.0.0 0.0.0.0 ip-address or the exit-interface
This can be imagined as the gateway of the last resort.

Dynamic Routes
Dynamic routers use a route that a network protocol adjusts automatically for topology or traffic changes. The protocols could include IGRP, RIP, EIGRP, OSP and EGP to name a few.
Confirm, but I believe you use the command
router rip to configure the routing protocol, just like that.

Verify the Routes
usage: show ip route
The output will list the path to networks the router knows by identifying S for a static route and the exit-interface, or a C for directly connected network. The reason it lists the exit-interface rather than the next hop router ip address is to supply the maximum information in a single lookup.

Cisco ICND1 Flashcard: DHCP

The starting point for understanding DHCP for the CCNA Exam or ICND1 and ICND2, is that DHCP is based on a client-server model.

There are three types of IP address allocation by DHCP

1. Automatic - assigns a permanently binding IP address to the client
2. Dynamic - assigns an IP address to the client for a limited time, until lease expires and the IP address is returned to the pool for reuse
3. Manual - a network administrator assigns the IP address to the client, DHCP conveys it (not completely sure I understand this to be a kind of DHCP).

The Client requests an IP address allocation and initialization parameters from the DHCP Server through the following exchange of messages.

DHCPDISCOVER
When a client boots up for the first time, it sends a DHCPDISCOVER message broadcast to 255.255.255.255 all destinations with a source IP address of 0.0.0.0 (because it doesn't have one)

DHCPOFFER
The DHCP server receives the message and replies with a DHCPOFFER unicast, and contains fields to specify a subnet mask or the default gateway (router), and other values including the IP address lease time, renewal time, DNS, and NetBIOS name. The message is sent on Layer 2 to the client MAC address. The destination IP address is the address being offered by the server.

DHCPREQUEST
Client responds to the offer with this message, showing intent to accept the parameters, sent to broadcast address (Layer 2 and Layer 3), uncertain if address is safe to use or if another DHCP client will grab it.

DHCPACK
The DHCP Server receives the request message, acknowledges the request with this unicast message

Setting DHCP Pool Parameters using a Wizard
The DHCP pool may be configured from the Cisco SDM page, according to the parameters below
DHCP Pool Name - Name that clearly identifies the DHCP pool
DHCP Pool Network and Subnet Mask- the assigned IP address is drawn from the pool, specifying a starting and ending IP address in the range.

Hints: The IP address range should be within the private address range
10.1.1.1 to 10..255.255.255
172.16.1.1 to 172.31.255.255
192.168.0.0 to 192.168.255.255

Must not use the reserved address in this range specified
The network or subnetwork IP address
The broadcast address on the network

Starting IP
Ending IP
Lease Length - integer number in days
DHCP options
DNS Server 1
DNS Server 2
Domain Name
WINS Server 1
WINS Server 2
Default Router - IP address of router to use as the default gateway
Import all DHCP options into the DHCP Server database

CLI Cisco IOS DCHP server on a router
ip dhcp pool mydhcppool
network 10.10.10.0 /8
domain-name mydhcpdomain.com
dns-server 10.10.10.98 10.10.10.99
default-router 10.10.10.1
lease 7
exit
ip dhcp excluded-address 10.10.10.0 10.10.10.99

Cisco ICND1 Flashcard: Classes of IP Addresses, Public Routable and Private

This is a quick reference study guide for IP v4 Addressing.

The number in the first octet
Class A 0-126 network.host.host.host
Class B 128-191 network.network.host.host
Class C 192-223 network.network.network.host
Class D 224-239 Multicast addressing
Class E 240-255 Research and Development

Private IP Address Ranges
Class A 10.0.0.0 - 10.255.255.255
Class B 172.16.0.0 - 172.31.255.255
Class C 192.168.0.0 - 192.168.255.255

Hints on addressing
Class A - first binary bin in the first octet is 0 always (so it cannot be 128 which is the next class)
Class B - first two bits of binary in the first octet is 10 (so it is 128 and up)
Class C - first three bits of binarary in the first octet is 110 (so its 192 and up)

Maximum number of hosts
Class A 2^24 -2 = 16,777,214
Class B 2^16 -2 = 65,534
*Class C 2^8 -2 = 254

Class C addressing is most commonly used for small networks
Using 6 subnet bits, how many usable subnet bits are created?
62 = 2^6 - 2
What is the maximum number of bits to borrow to create a subnet for Class C network?
6
Reserved IP addresses
Network address 172.16.0.0
Directed broadcast 172.16.255.255
Local broadcast 255.255.255.255
*Local loopback 127.0.0.0 to 127.255.255.255
Auto-configuration 169.254.0.0/16 to 169.254.255.255

Use the local loopback address to test the NIC card, sending a ping to your own network interface.