4.6 IP Services — Comprehensive Review
Key Takeaways
- DHCP, DNS, NTP, SNMP, syslog, NAT, and QoS are all testable IP services — know their ports and protocols.
- DHCP uses UDP 67/68; DNS uses UDP/TCP 53; NTP uses UDP 123; SNMP uses UDP 161/162; Syslog uses UDP 514.
- NAT is configured with ip nat inside/outside on interfaces and ip nat inside source for translation rules.
- SSH (TCP 22) replaces Telnet (TCP 23); HTTPS (TCP 443) replaces HTTP (TCP 80).
- TFTP (UDP 69) is for simple file transfers; FTP (TCP 20/21) supports authentication and directory listing.
Last updated: March 2026
IP Services — Comprehensive Review
This section consolidates all IP services into a single review reference. Use it to verify your knowledge of ports, protocols, and service behavior.
Complete Port Number Reference
| Service | Protocol | Port(s) | Notes |
|---|---|---|---|
| FTP Data | TCP | 20 | Active mode data transfer |
| FTP Control | TCP | 21 | Command/control channel |
| SSH | TCP | 22 | Encrypted remote access |
| Telnet | TCP | 23 | Unencrypted remote access (avoid) |
| SMTP | TCP | 25 | Email sending |
| DNS | UDP/TCP | 53 | UDP for queries, TCP for zone transfers |
| DHCP Server | UDP | 67 | Server listens on this port |
| DHCP Client | UDP | 68 | Client listens on this port |
| TFTP | UDP | 69 | Simple file transfer |
| HTTP | TCP | 80 | Unencrypted web |
| POP3 | TCP | 110 | Email retrieval |
| NTP | UDP | 123 | Time synchronization |
| SNMP | UDP | 161 | Queries (GET, SET) |
| SNMP Trap | UDP | 162 | Notifications |
| HTTPS | TCP | 443 | Encrypted web |
| Syslog | UDP | 514 | Log messages |
| TACACS+ | TCP | 49 | AAA (Cisco proprietary) |
| RADIUS Auth | UDP | 1812 | AAA authentication |
| RADIUS Acct | UDP | 1813 | AAA accounting |
Service Summary Table
| Service | What It Does | Key Exam Fact |
|---|---|---|
| DHCP | Auto-assigns IP config to clients | DORA process; ip helper-address for relay |
| DNS | Resolves hostnames to IPs | UDP 53 for queries; A record = IPv4 |
| NTP | Synchronizes clocks | Stratum levels; UDP 123 |
| SNMP | Monitors/manages devices | v3 for security; GET/SET/TRAP |
| Syslog | Centralizes log messages | Severity 0-7; 0=Emergency, 7=Debug |
| NAT | Translates IP addresses | PAT = overload; inside local/global |
| QoS | Prioritizes traffic | EF=voice (DSCP 46); AF=data |
| SSH | Secure remote access | Replaces Telnet; needs hostname + domain + RSA keys |
| TFTP | Simple file transfer | UDP 69; no authentication |
| FTP | Full file transfer | TCP 20/21; supports authentication |
Common Exam Scenarios
Scenario 1: "Users cannot get IP addresses"
- Check DHCP server status
- Verify ip helper-address on the client's default gateway
- Check DHCP pool configuration (excluded addresses, pool range)
- Verify the DHCP scope has available addresses
Scenario 2: "Users can reach IP addresses but not hostnames"
- DNS is not working
- Check DNS server configuration on clients (ipconfig /all)
- Verify DNS server is reachable (ping the DNS server IP)
- Test with nslookup
Scenario 3: "Log timestamps don't match between devices"
- NTP is not configured or not synchronized
- Check ntp server configuration on all devices
- Verify NTP is synchronized (show ntp status)
Scenario 4: "Internal users cannot reach the internet"
- Check NAT configuration (ip nat inside/outside on interfaces)
- Verify NAT translation table (show ip nat translations)
- Check the ACL associated with NAT
- Verify the overload keyword for PAT
Test Your Knowledge
Which port does the DHCP server listen on?
A
B
C
D
Test Your Knowledge
A user can ping 8.8.8.8 but cannot access www.google.com. What is the most likely issue?
A
B
C
D
Test Your Knowledge
Which syslog severity level represents the MOST critical messages?
A
B
C
D
Test Your Knowledge
What is the key difference between FTP and TFTP?
A
B
C
D