IP Services

Configure and verify inside source NAT using static and pools

Scenario: Corporate Office Internet Access

Imagine a corporate office where employees need access to the internet for various tasks. The company has a limited number of public IP addresses but has a large internal (private) IP address space. To allow multiple devices inside the company to access the internet using a smaller set of public IP addresses, the company employs Source NAT (Network Address Translation).

Network Setup:

  1. Inside Local Network:
  2. Available Public IPs:
    • Static IP:
    • NAT Pool: to
  3. Router Interface Setup:
    • Inside (LAN) Interface: FastEthernet0/0 with IP
    • Outside (Internet) Interface: FastEthernet0/1 with IP


1. Define the NAT Pool:

Router(config)# ip nat pool PublicPool netmask

2. Define which addresses should be translated:

Router(config)# access-list 1 permit

3. Configure Static NAT for a Specific Host:

Let’s say there’s a server ( that requires a consistent public IP for inbound and outbound communication. You decide to give it the static public IP (

Router(config)# ip nat inside source static

4. Configure Dynamic NAT for the rest of the hosts:

Router(config)# ip nat inside source list 1 pool PublicPool

5. Associate NAT with interfaces:

Router(config)# interface FastEthernet0/0
Router(config-if)# ip nat inside

Router(config-if)# exit

Router(config)# interface FastEthernet0/1

Router(config-if)# ip nat outside
Router(config-if)# exit


1. View the NAT Translations:

After some inside hosts initiate traffic to the internet, you can check the NAT translations:

Router# show ip nat translations

This command will display the NAT mappings, where you’ll see the inside local addresses and their corresponding inside global addresses.

2. Test Connectivity:

From the server (, try to access the internet. Its traffic should always be translated to Other hosts in the network will use IP addresses from the NAT pool ( to

In this scenario, the company effectively uses a combination of static and dynamic NAT configurations to provide internet access to internal devices. Static NAT ensures that a particular device has a consistent public-facing IP, while dynamic NAT allows multiple devices to share a set of public IPs.

Configure and verify NTP operating in a client and server mode

Syncing Time in a Distributed Company Network

In a global company with offices spread across various time zones, maintaining synchronized and accurate time on all network devices is crucial. Accurate time helps in tasks such as logging, event correlation, security analytics, and general troubleshooting.

The company’s IT department decides to use the Network Time Protocol (NTP) to achieve time synchronization. They set up an NTP server in the primary data center located in New York and configure branch office routers worldwide as NTP clients.

Network Setup:

  1. Primary NTP Server: Located in New York with the IP address This server is synced with an external authoritative time source.
  2. Branch Office Routers: These routers will act as NTP clients. Example client router IP:


NTP Server Configuration (New York Data Center):

  1. First, ensure that the primary NTP server is set to the correct time or has access to an authoritative external NTP source:
NY-Router(config)# ntp server [authoritative-external-NTP-IP]
  1. Then, configure the device itself as an NTP server:
NY-Router(config)# ntp master

NTP Client Configuration (Branch Office Router):

  1. Point the branch office router to the primary NTP server in New York:
Branch-Router(config)# ntp server
  1. To ensure the router only syncs its time from the specified NTP server:
Branch-Router(config)# ntp authenticate
Branch-Router(config)# ntp trusted-key 1
Branch-Router(config)# ntp authentication-key 1 md5 YOUR_SECRET_KEY

(On the server side, similar authentication configurations should be made to match the client settings.)


1. Verify NTP associations:

On the client (branch router), you can check NTP associations:

Branch-Router# show ntp associations

2. Verify NTP status:

You can further check the synchronization status:

Branch-Router# show ntp status

This command provides details on the synchronization, reference clock, and other relevant statistics.

3. Verify system time:

To confirm that the system clock has been adjusted:

Branch-Router# show clock

In this scenario, the distributed company network maintains time synchronization through NTP, with the primary NTP server in New York serving time to branch office routers across the world. This setup ensures consistent logging, accurate event correlation, and aids in troubleshooting and security assessments.

Explain the role of DHCP and DNS within the network

DHCP (Dynamic Host Configuration Protocol)

Role: DHCP is used to dynamically assign IP addresses and other network configuration parameters to devices on a network. This ensures devices can communicate on an IP network without manual intervention to configure each device individually.

Functions & Importance:

  1. Dynamic IP Allocation: Without DHCP, administrators would have to manually assign static IP addresses to each device, which is time-consuming and prone to errors, especially in large networks.
  2. Lease System: DHCP works on a lease system. IP addresses are “leased” to devices for a set period. When the lease expires, the device will request a new lease, which could result in the same or a different IP address.
  3. Other Configuration: Besides IP addresses, DHCP can also deliver other network configuration parameters such as the default gateway, DNS servers, domain name, and more.
  4. Reduces IP Conflicts: By centrally managing IP allocations, DHCP helps in reducing IP address conflicts.
  5. Supports Multiple Subnets: DHCP can handle IP configurations for various subnets, making it suitable for large organizations with complex networks.

DNS (Domain Name System)

Role: DNS serves as the internet’s phone book. It translates human-friendly domain names (like www.example.com) into IP addresses that are used for routing traffic over the internet and local networks. This translation process is called name resolution.

Functions & Importance:

  1. Human-Friendly Navigation: Imagine having to remember IP addresses for every website or online service you wish to access. DNS lets users use easy-to-remember domain names instead.
  2. Hierarchical and Distributed Database: The DNS system is organized in a hierarchical manner with a distributed database. This ensures the scalability of the system and makes sure it can handle a vast number of domain names and IP address mappings.
  3. Supports Load Balancing: For large-scale websites and services, DNS can distribute requests to various server locations, effectively load balancing and providing redundancy.
  4. Reverse Lookup: Besides resolving domain names to IP addresses, DNS can also perform a reverse lookup, translating an IP address back to its associated domain name.
  5. Enables Email Delivery: DNS houses MX (Mail Exchange) records, which are essential for routing emails. When someone sends an email, the system uses DNS to find the MX record for the recipient’s domain and route the email to the correct email server.
  6. Security: With the advent of DNSSEC (DNS Security Extensions), DNS provides a way to authenticate the domain name information, ensuring data integrity and domain authenticity.

While DHCP and DNS serve very different functions, they are interconnected. For instance, when a device receives an IP address via DHCP, it also usually receives the IP addresses of DNS servers to use. Both are fundamental to the seamless operation and ease-of-use of modern IP networks, ensuring devices can connect easily and users can access resources using memorable names.

Explain the function of SNMP in network operations

  1. Monitoring Network Devices: SNMP allows network administrators to monitor the health and status of network devices in real-time. This includes tracking metrics like CPU usage, memory utilization, bandwidth consumption, temperature, and much more.
  2. Configuration Management: SNMP can be used to retrieve the current configuration of a device or to push new configurations to devices.
  3. Gathering Inventory Information: SNMP can be utilized to collect details about network devices, such as device type, serial number, software version, and other vital statistics that can be crucial for inventory management.
  4. Fault Management and Alerts: By using SNMP, network management systems can receive unsolicited “traps” or “informs” from network devices when certain predefined thresholds are breached or when specific events occur. This helps in proactive fault detection and allows for quick remediation.
  5. Performance Management: SNMP aids in the collection of performance metrics from network devices. These metrics can be used to generate trending data, which in turn can be crucial for capacity planning and ensuring network optimization.
  6. Security: SNMP (especially in its earlier versions) has been criticized for its lack of security features. However, SNMPv3 introduced enhanced security mechanisms, including authentication and encryption, to ensure that SNMP communications are secure.
  7. Scalability: SNMP is designed to be scalable. It can be used in small networks with just a few devices, or in large enterprise networks with thousands of devices.
  8. Interoperability: Since SNMP is a standardized protocol, it supports a wide range of devices from different manufacturers. This ensures a uniform mechanism for network management across multi-vendor environments.
  9. Extensibility with MIBs: SNMP operates with something called Management Information Bases (MIBs). MIBs are structured databases that define the properties of the device that can be read or set using SNMP. Vendors often provide MIBs for their specific devices, allowing for detailed management and monitoring of vendor-specific features.

SNMP is an indispensable tool in the world of network management. By providing the capabilities to monitor, manage, and troubleshoot network environments effectively, SNMP ensures that administrators have the insights and controls necessary to maintain optimal network operations.

Describe the use of syslog features including facilities and levels

Syslog is a standard protocol used to transmit log and event information from network devices to a centralized server (a syslog server). On Cisco devices, as well as many other network devices, syslog is used to send debugging, error messages, and operational logs that can provide valuable insights into the functioning and performance of the device.

Facilities represent the source or the type of the message. They categorize the message based on the process or function that generated the message. Some commonly used facilities on Cisco devices include:

  • kern: Kernel messages.
  • user: User-level messages.
  • mail: Mail system.
  • daemon: System daemons.
  • auth: Security/authentication messages.
  • syslog: Syslog itself.
  • lpr: Printer subsystem.
  • news: Network news subsystem.
  • uucp: UUCP subsystem.
  • cron: Cron facility (scheduling).
  • authpriv: Security/authentication messages with privacy.
  • ftp: FTP daemon.
  • ntp: Network Time Protocol.
  • local0 to local7: These are reserved for system use but are not assigned to specific facilities. They can be used for custom purposes, allowing flexibility for system administrators.

Severity levels indicate the seriousness or importance of the syslog message. Cisco devices categorize syslog messages into different severity levels, from emergencies (level 0) to debugging messages (level 7). Here are the syslog severity levels in descending order of seriousness:

  1. 0 – Emergency (emerg): System is unusable. It indicates a critical failure.
  2. 1 – Alert (alert): Immediate action is required. It signifies a condition that should be corrected immediately.
  3. 2 – Critical (crit): Critical conditions, such as hard device errors.
  4. 3 – Error (err): Error conditions that don’t require immediate action but should be logged and monitored.
  5. 4 – Warning (warning): Warning conditions that aren’t errors but might be indicative of potential problems.
  6. 5 – Notification (notice): Normal, but significant, conditions that should be logged, like a change in the state of an interface.
  7. 6 – Informational (info): General informational messages that aren’t tied to errors or abnormal conditions.
  8. 7 – Debugging (debug): Messages intended for debugging purposes. They provide detailed operational information that can be useful when troubleshooting.

To utilize syslog on a Cisco device, administrators configure the device to send logs to a specified syslog server:

Router(config)# logging [syslog-server-ip-address]

Additionally, you can specify the severity level of messages you want to be sent to the syslog server:

Router(config)# logging trap [severity-level]

For instance, if you only want messages of severity “warning” and above (levels 0-4) to be sent to the syslog server, you’d use:

Router(config)# logging trap warning

Syslog facilities and levels provide a structured way to classify and prioritize log messages. By understanding and properly configuring syslog on Cisco (and other) devices, network administrators can ensure they capture the right data to maintain, troubleshoot, and optimize their network environments effectively.

Configure and verify DHCP client and relay

Expanding the Corporate Network

Background: A multinational corporation with its headquarters in New York has recently expanded by opening a new branch office in San Francisco. The headquarters’ IT infrastructure includes a centralized DHCP server that distributes IP addresses to devices throughout the corporation. To minimize administrative overhead and maintain consistency, the company wishes to use the central DHCP server for the new branch as well.

However, due to the distance and the fact that DHCP is a broadcast-based protocol (broadcasts don’t traverse routers), the company has decided to utilize a DHCP relay on the San Francisco office’s router to forward DHCP requests to the main DHCP server in New York.

Network Setup:

  1. Centralized DHCP Server: Located in New York with the IP address
  2. San Francisco Office Router:
    • LAN Interface (inside):
    • WAN Interface (outside, connecting towards New York):
  3. End Devices: Computers in the San Francisco office are set to obtain IP addresses automatically.


DHCP Server Configuration (New York): The DHCP server needs a pool for the San Francisco office:

ip dhcp pool SF-Office
lease 7

San Francisco Router Configuration: To make this router act as a DHCP relay agent:

  1. Enable the DHCP relay function on the inside interface:
interface FastEthernet0/0
ip helper-address

(Note: ip helper-address command is used to forward DHCP requests to the central DHCP server.)

  1. Ensure that the router itself is set to obtain its IP address via DHCP on its WAN interface:
interface FastEthernet0/1
ip address dhcp


1. Check DHCP Leases on the Server:

After devices in the San Francisco office are online, you can verify the leases on the DHCP server:

show ip dhcp binding

This should show devices from the network.

2. Check the DHCP Relay Function on the San Francisco Router:

To ensure the router is receiving and relaying DHCP requests:

show ip interface FastEthernet0/0 | include Helper

This should indicate the IP address of the DHCP server, verifying that the relay function is configured.

3. Check the DHCP Client Function on the San Francisco Router:

To ensure the router obtained its WAN IP via DHCP:

show ip interface FastEthernet0/1 | include DHCP

This should show the DHCP-obtained IP address for the WAN interface.

In this scenario, the San Francisco office can seamlessly obtain IP addresses from the central DHCP server in New York using the DHCP relay function, illustrating how DHCP client and relay features can be used in tandem in an expanding corporate network.

Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping

Quality of Service (QoS) is a mechanism used in networks to ensure that different traffic flows receive the appropriate level of service required for their specific needs. Within the context of QoS, Per-Hop Behavior (PHB) refers to the specific treatment that individual packets receive as they traverse individual devices in the network.


Classification is the first step in the QoS process where incoming packets are identified and grouped based on various criteria, such as:

  • Source and destination IP addresses.
  • Protocol type.
  • Source and destination ports.
  • And more.

These classified packets can then be treated in a specific manner as defined by QoS policies.

Once packets are classified, they can be “marked” to signal their treatment needs to downstream devices. Marking typically involves setting specific fields in packet headers:

  • Layer 2 Markings: Such as CoS (Class of Service) field in VLAN tags.
  • Layer 3 Markings: Such as DSCP (Differentiated Services Code Point) in the IP header.

The benefit of marking is that packets do not need to be reclassified by every device they pass through; devices can make decisions based solely on the marking.

Queuing involves holding packets in a buffer before they’re forwarded out. When an interface is congested (i.e., trying to send more data than its current capacity), queuing decisions come into play:

  • Priority Queuing (PQ): Assigns strict priority levels to queues.
  • Weighted Fair Queuing (WFQ): Assigns bandwidth based on weights to different traffic flows.
  • Class-Based Weighted Fair Queuing (CBWFQ): Extends WFQ and allows for the definition of traffic classes.
  • Low Latency Queuing (LLQ): Combines PQ and CBWFQ, ensuring that specific critical traffic gets priority treatment.

Devices use various mechanisms to manage and avoid congestion:

  • Tail Drop: When a queue is full, simply drop new incoming packets.
  • Weighted Random Early Detection (WRED): Drop packets before congestion becomes severe, with the drop probability increasing as congestion worsens. WRED can be aware of QoS markings and adjust its drop probability accordingly.

Policing involves actively monitoring traffic rates and taking actions if traffic exceeds predefined limits:

  • Drop: Drop packets that exceed the limit.
  • Mark Down: Change the QoS marking to a lower value, indicating it should receive less favorable treatment.

Policing does not buffer excess packets; it either allows, drops, or remarks them.

Shaping, like policing, involves controlling the traffic rate, but with a significant difference. Instead of immediately dropping excess traffic, shaping will buffer these packets, releasing them at a rate that conforms to the desired shape. This smoothes out traffic bursts and results in a more consistent flow.

In essence, PHB for QoS provides a structured and consistent way to handle packets as they transit a network. By using these QoS tools, network administrators can ensure that vital traffic (like voice or critical data applications) gets the treatment it requires, even during times of network congestion.

Configure network devices for remote access using SSH

Securing Remote Access to Network Devices in XYZ Corporation

Background: XYZ Corporation has a growing network with several routers and switches. Initially, the devices were configured for remote access using Telnet. However, due to concerns about the security vulnerabilities associated with Telnet (since it sends data, including passwords, in clear text), the company decides to transition to using SSH (Secure Shell) for secure remote access.


Configure all network devices in XYZ Corporation to allow remote access using SSH while disabling Telnet.

Network Setup:

  • Router Name: CoreRouter1
  • Router IP Address for Remote Access:
  • Admin Workstation IP:

Steps to Configure SSH on CoreRouter1:

1. Set the Hostname and Domain Name: SSH requires a router to have a hostname and a domain name to generate RSA keys.

CoreRouter1(config)# hostname CoreRouter1
CoreRouter1(config)# ip domain-name xyzcorp.com

2. Generate the RSA Keys: These keys will be used to encrypt the SSH sessions.

CoreRouter1(config)# crypto key generate rsa

When prompted, choose a modulus size of at least 1024 bits for better security.

3. Specify the SSH Version: For enhanced security, it’s recommended to use SSH version 2.

CoreRouter1(config)# ip ssh version 2

4. Configure the SSH User: This will be the user credentials used to access the router via SSH.

CoreRouter1(config)# username admin privilege 15 secret securePa$$word

5. Configure the VTY lines to use SSH: This step sets SSH as the input method for remote access.

CoreRouter1(config)# line vty 0 4
CoreRouter1(config-line)# transport input ssh
CoreRouter1(config-line)# login local
CoreRouter1(config-line)# exit

This configuration allows only SSH for remote access, effectively disabling Telnet. The ‘login local’ command means it will use the local username and password database (i.e., the username/password we set earlier).

6. Save the Configuration:

CoreRouter1# write memory


1. From the admin workstation, attempt to SSH into the router:

$ ssh -l admin

If configured correctly, the SSH session will be established using the provided credentials.

2. Test Telnet to ensure it’s disabled:

$ telnet

The connection attempt should fail, indicating that Telnet access has been disabled.

By the end of this scenario, XYZ Corporation has improved its network security by configuring its network devices for remote access using SSH, thereby ensuring encrypted, secure remote management while mitigating the vulnerabilities of clear-text communications associated with Telnet.

Describe the capabilities and function of TFTP/FTP in the network

Both TFTP (Trivial File Transfer Protocol) and FTP (File Transfer Protocol) are protocols used for transferring files across a network. However, they serve slightly different purposes and have distinct characteristics. Let’s delve into their capabilities and functions:

TFTP (Trivial File Transfer Protocol):


  1. UDP-Based: TFTP uses the User Datagram Protocol (UDP) for transport, specifically port 69.
  2. Simplistic Design: TFTP is designed to be minimalistic and has very few features.
  3. No Authentication: TFTP does not natively support user authentication.
  4. Error Recovery: TFTP can recognize and acknowledge data packets, allowing for basic error recovery.


  1. Network Boot Operations: TFTP is commonly used for network booting via protocols like PXE (Preboot Execution Environment).
  2. Transferring Configuration and OS Images: TFTP is often used in network operations for transferring configuration files to/from network devices or updating the operating system images on devices like routers and switches. Given its simplicity, many networking devices support it out of the box.

FTP (File Transfer Protocol):


  1. TCP-Based: FTP uses the Transmission Control Protocol (TCP) for transport. It utilizes two ports: 20 (for data transfer) and 21 (for control information).
  2. Session-Oriented: FTP establishes a session between the client and server.
  3. Authentication Support: FTP supports username/password authentication to establish sessions.
  4. Advanced Features: FTP provides mechanisms for listing directory contents, creating and deleting directories, and modifying file attributes.
  5. Two Modes of Transfer:
    • Active Mode: The server initiates the data connection to the client.
    • Passive Mode: The client initiates the data connection to the server. This is useful for situations where the client is behind a firewall.
  6. Clear-text Communication: Traditional FTP does not encrypt its data, meaning all transfers, including credentials, are in clear-text. (This vulnerability led to the creation of SFTP and FTPS, which add encryption.)


  1. File Transfers: FTP is primarily used for uploading and downloading files to/from servers.
  2. Website Management: FTP is commonly used by web developers to transfer web pages and other web-related files to web hosting servers.
  3. File Sharing: FTP servers can be set up to facilitate file sharing and data exchange.
  4. Backup: FTP can be used as a mechanism for backing up files from local computers to remote servers.

Key Differences:

  1. Complexity: FTP is much more feature-rich and complex than TFTP.
  2. Security: FTP has built-in authentication, while TFTP does not. However, both send data in clear-text unless paired with encryption protocols (e.g., FTPS for FTP).
  3. Usage: FTP is generally used for broader file operations like website management and file sharing, while TFTP is more niche, often utilized for specific tasks like network device configurations and network boot operations.
  4. Transport Protocol: FTP uses TCP, ensuring reliable data delivery, while TFTP uses UDP, which is simpler but less reliable.

In the context of network operations, both FTP and TFTP have their places. The choice between them will depend on the specific requirements of the task at hand, taking into account factors like security needs, reliability, and supported features.