4.6 IP Services — Comprehensive Review

This section is your single-page revision sheet for IP Services. The blueprint weights this domain at 10%, and most of its points are won on ports, service behavior, and short troubleshooting scenarios rather than long configurations.

Complete Port Reference

Service-by-Service Cheat Sheet

Secure vs Insecure Pairings

The exam repeatedly rewards choosing the encrypted option. Memorize the swaps:

• SSH (22) replaces Telnet (23) — encrypted CLI.
• HTTPS (443) replaces HTTP (80) — encrypted web management.
• SCP / SFTP replace FTP / TFTP — encrypted file transfer.
• SNMPv3 replaces v1 / v2c — adds authentication and encryption.

Four Canonical Troubleshooting Scenarios

1. "Users get no IP address." -> DHCP. Confirm the server is up, the client gateway has ip helper-address if the server is on another subnet, the pool still has free addresses, and the excluded range has not swallowed the scope.

2. "Users reach IPs but not names." -> DNS. Connectivity is proven by the IP ping, so check the client's resolver, ping that resolver, and run nslookup. This is the single most common scenario question in the chapter.

3. "Log timestamps disagree across devices." -> NTP. Verify ntp server on each device and show ntp status to confirm synchronization; pair with service timestamps log datetime msec.

4. "Inside users cannot reach the internet." -> NAT. Confirm ip nat inside/outside on the right interfaces, inspect show ip nat translations, check that the NAT ACL permits the client subnet, and verify overload for PAT.

Final Exam-Day Pointers

• When a question gives a packet capture, the port number usually identifies the service faster than reading the payload — 67/68 means DHCP, 53 means DNS, 123 means NTP.
• Logging and trap commands are inclusive downward in number: logging trap 4 sends levels 0-4.
• For NAT labeling drag-and-drops, remember local = inside view, global = outside view; inside = your host, outside = the remote host.
• Always pick the encrypted protocol when both appear as options unless the question explicitly describes a trusted, isolated management network.

Common Distractor Patterns

IP Services questions often hide the answer behind a plausible-sounding wrong option, so learn the traps. A question may offer ip dhcp relay as the relay command when the real command is ip helper-address — the relay concept is right but the syntax is invented. NAT questions dangle "Policy NAT" as a fourth type; CCNA recognizes only static, dynamic, and PAT. SNMP questions claim "all versions support encryption" — only v3 does. Syslog questions reverse the scale, suggesting level 7 is most critical when 0 (Emergency) is. And port questions swap the DHCP pair, offering 68 for the server when the server listens on 67.

Reading every option to the end, rather than picking the first that looks right, is worth several points across this domain.

A Two-Minute Self-Test Before the Exam

Run this mental checklist and you have covered the bulk of the domain. Can you (1) write the full port table from memory; (2) recite DORA and name the relay command; (3) say which DNS record maps to IPv4 versus IPv6; (4) order the NTP stratums and state that lower is better; (5) place SNMP GET/SET versus TRAP by direction and name the secure version; (6) list the syslog severities 0-7 and explain inclusive-downward logging; (7) identify EF/DSCP 46 for voice and the 150/30/1 voice budget; (8) configure SSH in the correct order; and (9) match each of the four troubleshooting scenarios to its service?

Any "no" answer is your highest-value review target.

On the exam: IP Services is 10% of the 200-301 blueprint and is heavy on recall. If you can reproduce the port table, the secure-versus-insecure pairings, the common distractor patterns, and the four scenarios above, you will capture nearly every point this domain offers.