Section A

Answer all Questions

The Cisco CCNA syllabus recommends the 5 Marks

use of /30 subnet IP addresses on point to
point links. However RFC 3021, published
in December 2000, introduced the use of /
31 subnet IP addresses on point to point
links. Why was this done? Why do /31
subnets work?
Current best practice is using not longer than /30 subnets for
any internet subnets. But /31 subnet can be used. RFC 3021
introduced /31 subnet in 2000. This /31 subnet gives 2 IP and
both the 2 IPs are used as host addresses to the both ends of
a point-to-point link. But it may seem illogical because in any
subnet there must be presence of network and broadcast
address. So this proposed /31 can be used in PPP
encapsulation only. The use of 2 host addresses allows
space saving. This subnet works with no impact on the
routing protocols as most of them are classless. So this
subnet is supported by all the routing protocol. Moreover, the
point to point connection uses multicast, limited broadcast or
unicast addressing. So /31 subnet can be used.

Appendix A shows two different frames, one a PPP frame and 5 Marks
the other an Ethernet frame. Discuss the differences
between them and describe how they are used on a network.
In the Appendix A 2 frames PPP frame and Ethernet frame
are shown. PPP assists to transmit data packets between
p2p links. It encapsulated several data link layer protocols. It
uses link control protocol to connect 2 point to point links.
Also it supports 3 authentication protocol PAP, CHAP and
EAP to verify security levels.
On the other hand Ethernet II frame contains hexadecimal
value. The value indicates higher layer protocol type. Several
upper layer protocols are supported by Ethernet II. It contains
the following data source and destination address, source

and destination MAC address, source and destination NIC

manufacturer, source and destination NIC serial number.

Explain the terms Latency, Jitter and Packet Loss. Discuss

their impact on transmitted data.

5 Marks

In data transmission latency is the delay for packet delivery.

Jitter is the variation of latency or the delay and packet loss is
a state when high volume of traffic can create a situation
where the network drops packets.
In transmitted data there 3 terms are very important to ensure
QoS or quality of service in video or voice call. Any user can
have talk-over effects on VoIP calls if the latency is high.
Similarly a high jitter can increase latency and packet loss.
For high jitter packets arrive to the destination at different
times. Packet loss defines call quality. Packet loss makes the
call quality low and creates congestion in switch and router.

What are the key issues to consider when deciding which

WAN technologies a company should consider?

5 Marks

Key issues to be considered by a company to decide the

most appropriate WAN technology are
Size of the organization
Type of organization (for example if any company is
handling customer sensitive data then it needs
secured WAN implementation)
Number of employees
Current LAN/WAN environment
Planned up gradation of the applications
Local network requirements
Requirement for remote access (for example entering
the company network from internet remotely)
Number of workstations
Number of network devices
Vendor or supplier connection to the network
Competitor analysis

Using examples from your own experience of building 5 Marks

networks describe how packet capture software such as
Wireshark can be used to help solve networking problems.

Packet capture software like Wireshark can be very handy to

solve any networking problem. It is a tool that can be used to
capture packets and show details of each packet including
packet source, destination, type of data it is carrying, protocol
used etc. so it becomes possible to monitor the incoming and
outgoing packets and identify any issues with the
send/receive data.
Several network issues like connectivity problem and DNS
issues can be identified using packet analyzer like Wireshark.
Also from packet it can be analyzed root causes of the
malware infections or bad traffic etc.
Moreover using Wireshark graphs and reports can be
generated through which several network issues can be
identified and monitored.

Are Cisco ACLs an example of a stateful or stateless firewall? 5 Marks

Discuss the differences between the two. Which is best?
Cisco ACLs (both extended and standard ACLs) are example
of stateless firewall because they check each packet in
isolation. There are some differences between stateful and
stateless firewall. Usually the stateless firewalls works by
observing network packets and blocking based on several
static values. They are based on simple rules. On the other
hand the stateful firewalls perform end to end traffic watching.
Stateful firewalls can implement tunnelling or encryption.

Discuss the similarities and differences between IDSs, IPSs

and firewalls.
There are some differences and similarities between IPS, IDS
and firewall. All these 3 are security appliances. Firewall is a
policy based security appliance. It can be an application or a
hardware based device. Firewall usually analyzes packets,
source and destination address, incoming ports etc with the
policy. If it find anything that doesnt match with policy then
rejects automatically. On the other hand IDS or Intrusion
Detection System analyzes everything in a packet including
headers and payloads. It only logs any unusual incidents but

5 Marks

doesnt affect the packet flow. IPS or Intrusion Prevention

System is similar to IDS but the difference is it not only logs
the events but can stop any packets after analyzing header
and payload.
What impact will the growth in BYOD (Bring Your Own 5 Marks
Device) have on the design of networks in the next few
years?

The growth of BYOD (Bring Your Own Device) will have

impact on the design of networks in the next few years. First
impact will be on bandwidth. There will be huge
consumptions of bandwidth. So the network should be design
to improve the bandwidth consumption if cost of bandwidth is
not a problem. On the other hand for bandwidth sharing the
network must implement network policy. Another impact can
be on the security of the devices or the organizational
network. Both the parties can be under the risk of security
breaches. So the network must ensure limited access,
improved password policy, encryption policy etc. Another
impact can be on storage. These days files are large sized.
Virtualization, cloud etc can be implemented to ensure
efficient storage in the network.

Section B
Answer All Questions
1

The following is an extract from a posting made on

http://networking.ittoolbox.com/groups/technicalfunctional/networkadmin-l

CHOICE OF LAYER 3 SWITCH OR ROUTER

Posted by Sivaleela

Hi all, Our company is presently working under a single LAN

and now we r planning to make subnetting.
We r having a central layer2 (Linksys) managed switch to
which all desktop level switches r connected and to these
desktop switches all the users r connected.
We r getting internet from a leased line, leased line to
modem, modem to router, router to firewall and the firewall is
connected to the central layer2 switch.

Now if i go for subnetting...how to interconnect these

subnets so that everyone can access the server which will b
placed in one subnet. According to my knowledge a layer2
switch can not support inter subnetting. So i think i have to
go for a layer3 switch or a Router? Which one is good in
terms of performance, security and delay
features?..............so which one i have to use now? I would
like to make 10 subnets...each of 20 hosts...if i go with
layer3 switch, as they support more ports...no problem...but
if i have to go with router, how many maximum number of
ports does it support?
A diagram of the current network is shown in Appendix B
1a

What will be some of the problems caused by the design of 5 Marks

Sivaleelas current network?
Some of the problems caused by Sivaleelas design are

1b

No VLAN support

Waste of IP Address (no subnetting

No layer 3 switches

Non-hierarchical model

No centralized system

Sivaleela asks about the differences in performance,

security, delay and number of ports between Layer 3
Switches and routers. Give an answer that covers these
issues.
Layer 3 switches can perform routing like the routers. But
there are differences between layer 3 switches and routers.
Layer 3 switches do not have WAN interfaces. Routers are
more secured. Moreover, layer 3 switches are not 100%
capable of providing services like NAT, NetFlow, and Quality
of Service (QoS) etc. But layer 3 switches are cheaper in
price than routers. On the other hand layer-3 switch can
perform as a switch which a router cant. Layer-3 switches
dont have WAN port but it may have 24 or more ports like a
layer 2 switch. But a router has limited number of ports.

5 Marks

Routers are more secured but Layer-3 switches are used for
VLAN purpose. VLAN can increase the security of the local
network.

1c

Sivaleela does not state what services are running on the

5 Marks
current network but discuss the benefits and disadvantages
of using DHCP and NAT on the new network.
Advantages and disadvantages of DHCP
Advantages IPs can be configured automatically
DHCP can reduce network maintenance time
DHCP requires one time setup of a DHCP server only
Disadvantages If DHCP server falls then whole networking phase may
collapse.
Any incorrect configuration of DHCP can mess up the
whole network. It can propagate the DHCP clients.
Machine name doesnt changes when the client
machine gets a new IP address from DHCP server
Advantages and disadvantages of NAT
Advantages Sharing public IP
Easy to expand
Ensure security
Transparency
Disadvantages
It is complex
Public addresses are limited to assign
Security issues if ANT is not well configured
It can reduce performance

1d

One of the answers posted in reply to Sivaleelas query

5 Marks
discusses using a hierarchical design with full redundancy in
the Core, Distribution and Access layers. Explain the role of
these layers using a diagram.

The above figure represents a hierarchical design with full

redundancy.
Here the top most layer is the core layer. The main task of
core layer is to act as the backbone. In core layer a highspeed switching backbone is implemented. The backbone
usually switches traffic, does not route it. It is designed with
layer 3 protocols. Moreover the core layer provides load
balancing, fast convergence, and scalability etc.
In distribution layer policy is enforced. Policy-based routing
decisions are made in this layer. Like core layer this layer
also supports load balancing, convergence etc. It provides
redundancy, default gateway (first hop) to the workstations.

1e

In access layer the workstations or users get access to the

network. The layer 2 switching is implemented in this layer. It
defines networks collision domain.
What would be the advantages and disadvantages of using 5 Marks
a full hierarchical design for Sivaleelas network?
The major advantages of hierarchical architecture can be
the scalability, redundancy and security. For scalability the
network can be expanded in future without interrupting any
layers. Another plus point of hierarchical network is the

backup system. Another advantage is in hierarchical model it

is easy to identify and detects problems.
One of the disadvantages of hierarchical design in
SIvaleelas network is defining access control. VPN access
must be employed to restrict extranet access of the network,
which can be very difficult task in distribution layer. For a
small/medium organization hierarchical design can be tough
to maintain.

1f

Would there be any advantages or disadvantages to using

VLANs on the new network?

5 Marks

Advantages of VLAN VLANs can logically group the workstations into

several subnets.
It enhances security
VLAN reduces the need of router in a network.
Detains broadcast domains
Disadvantages of VLAN
VLAN management is tough
A single VLAN cannot transfer traffic to another VLAN.
VLANs limit
Security limitation
1g

1h

If Sivaleela did decide to use VLANs discuss the most

appropriate method that could be used to create them.
Justify your answer.

5 Marks

VLAN numbers can be used 1-1001 usually. 1006-4094 is

available for extended VLANs. The simplest way to
configure VLAN in any cisco switch the steps are Entering
global configuration mode, creating a vlan, configure VLAN
name. Also
Should Sivaleela consider using IPv6 on the network?
5 Marks
Discuss the advantages and disadvantages.
Advantages Efficient Routing
Packet Processing efficiently

Directed Data Flows

Basic Network Configuration
New service support
Security

Disadvantages
Tough and lengthy IP addresses to remember
Some machines do not support IPv6
Time consuming to convert IPv4 to IPv6
Lack of expertise to design IPv6 addressing scheme
1i

Redesign the network for Sivaleela. Explain the benefits of 15 Marks

your new design. Discuss any disadvantages of the new
design. Should Sivaleela adopt your new design? Justify
your answer
Redesign of the network -

IS P

S w it c h

F i r e w a ll

D N S , N T P , SYS Lo g
Server

Router

A ccess
S w it c h

S w it c h

W eb Server

Explanation
The new proposed design is 3 layer hierarchical designs
where layer 3 switches, layer 2 switch, router and firewall
are used. For redundancy and disaster recovery backup
network devices are used. In this proposed network the
layer 2 switches will be acting as access layer devices. The
layer 3 switch will act as the layer distribution layer device. In
the distribution layer (layer 3 switch) the VLAN will be

configured.

In the new proposed design IP subnetting scheme is also

applied. Any private IP address block can be used and
subnetted (for example 192.169.1.0/24). For security
purpose a firewall will be used to filter the packets between
the internet and internal network.
OSPF or EIGRP routing can be used to route between
internetworks if the network is expanded later with small
branches. Lease line will be used and the VPN will ensure
packet security.
As VLAN is configured for segmenting the network and
increase security, it is suggested to use VLANs. Several
VLANs can be assigned across different floors and
departments.
Firewalls will be used for more secured network and for NAT
functionality. Firewall strengthens network security. Other
than DMZ firewall other firewalls can be used to ensure
packet security which can be used in future. For network
cabling and hardware configuration CAT 6A cables will be
used.
Servers will be connected to the access switch in the server
room. The access switch will be connected with the
distribution or core switch. There will be multiple access
switches. Also Network printers will be accessible from
particular floor. Fiber optic cable will be used to connect the
core devices.
One of the advantages of this new proposed design is the
cost. As new layer 3 switches and redundant routers are
added to the network the cost will increase. But in the long
run this proposed design will increase security and
productivity of the organization.
Advantages of the new proposed network and why it should
be adapted

1j

It is secured

It is scalable

VLAN is implemented

IP Subnetting is suggested

Hierarchical design

Centralized management

Design an addressing scheme for Sivaleelas new network

using IPv6. Use the Global prefix 2001:35bc:5454::/48
Using the IPv6 calculator (http://www.gestioip.net/cgibin/subnet_calculator.cgi) the IPv6 addressing scheme is
designed IP address
type
network
Prefix
length
network
range
total IP
addresses

2001:35bc:5454::/48
GLOBAL-UNICAST
2001:35bc:5454::
48
2001:35bc:5454:0000:000
0:0000:0000:00002001:35bc:5454:ffff:fff
f:ffff:ffff:ffff
12089258196146291747061
76

IP address 2001:35bc:5454:0000:000
(full)
0:0000:0000:0000
42541578050677679574618
integer ID
907839437996032
hexadecima 0x200135bc5454000000000
l ID
00000000000
dotted
32.1.53.188.84.84.0.0.0
decimal ID .0.0.0.0.0.0.0
base 85 ID 9r~{SUP=*5(-f!64hEXh
binary ID 00100000000000010011010
110111100...
ip6.arpa
0.0.0.0.0.0.0.0.0.0.0.0
Format
.0.0.0.0.0.0.0.0.4.5.4.

5 Marks

5.c.b.5.3.1.0.0.2.ip6.a
rpa

(Total 60
Marks)
Appendix A Two Packet Captures

Appendix B Diagram showing Sivaleelas current network. Note Client computers are
not shown.

References
https://tools.ietf.org/html/rfc3021
http://www.voip-info.org/wiki/view/QoS
http://whatismyipaddress.com/ppp-pppoe
www.computing.northampton.ac.uk/.../Ethernet_Frame_Analysis.doc
http://searchenterprisewan.techtarget.com/tip/WAN-design-What-toconsider
http://www.pcworld.com/article/186871/track_down_network_problems_wit
h_wireshark.html

https://supportforums.cisco.com/discussion/10957826/are-acls-cat3560statefull-or-stateless
http://www.inetdaemon.com/tutorials/information_security/devices/firewalls/
stateful_vs_stateless_firewalls.shtml
http://security.stackexchange.com/questions/44931/difference-between-idsand-ips-and-firewall
http://www.nexusis.com/blog/the-net-impact-of-byod-bring-your-owndevice/
https://dougvitale.wordpress.com/2012/12/01/layer-3-switches-comparedto-routers/
http://ca.host.cs.st-andrews.ac.uk/NAT_advantages.php
http://www.enggpedia.com/answers/181/what-are-advantages-anddisadvantages-of-dhcp
https://library.netapp.com/ecmdocs/ECMP1196907/html/GUID-C9DA920BF414-4017-8DD1-D77D7FD3CC8C.html
http://www.networkcomputing.com/networking/six-benefits-of-ipv6/d/did/1232791?