Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
233 Cards in this Set
- Front
- Back
what show command displays statistics on a switch port? |
#'show interfaces' Key performance counters: Duplex/Speed, Collisions, Late Collisions, Input Errors, CRC, Interface resets |
|
VLAN stands for? |
Virtual Local Area Network |
|
What do VLANs create? |
1. Multiple broadcast domains/subnets/networks 2. Extends the layer 2 fabric (extends multiple switches) 3. Segments/isolates network traffic |
|
What does ROAS refer to? |
Router On A Stick 1. It allows inter-VLAN routing (config)#int fax/x.x encapsulation dot1q 1-4094 interface responds to packets with that specific tag. |
|
What does DTP stand for? |
Dynamic Trunking Protocol. 1. enabled by default 2. used to auto negotiate trunk links between two switches 3. to disable:(config-if) switchport nonegotiate |
|
Syntax to configure trunk links? |
(config-if) switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate spanning-tree portfast trunk
|
|
Syntax to change the native VLAN on a switch? |
(config-if) switchport trunk native vlan 1-4094 - native VLAN traffic does not have a 802.1q VLAN ID added to the ethernet header of the frame. |
|
What VLAN numbers can be used? |
Standard range: 1 - 1005 Extended range: 1006 - 4094 |
|
What file name in the switch flash contains VLAN configuration data? |
VLAN.DAT To delete: #delete flash: vlan.dat |
|
Syntax to delete switch config? |
#erase startup-cfg / write erase #delete flash:vlan.dat |
|
What does VTP refer to? |
VLAN Trunking Protocol |
|
What are the trunking administrative mode options with the switchport mode command? |
(config-if)# #switchport mode access (non-trunk port) #switchport mode trunk #switchport mode dynamic desirable (active negotiation) #switchport mode dynamic auto (passive negotiation) |
|
Is VTP a trunking protocol? |
VTP is not a trunking protocol. 1. It is used to replicate VLANs between switches. VTP REV# = the database revision number used to determine who has the latest version of the database. 2. Administrators have to assign VLANs to specific ports numbers. |
|
Syntax to turn off VTP? |
(config)#VTP mode transparent |
|
Syntax to see VTP summary? |
#show vtp summary |
|
What is a SVI? |
Switch Virtual Interface 1. (config)# int vlan 1-4094 This creates a logical layer 3 interface on the device. This is used for remote management |
|
What command turns on the layer 3 engine on a multi-layer switch? |
(config)# ip routing |
|
Trouble shooting switch commands: |
#show ip interface brief #show run #show interfaces status #show run int fax/x #show vlan brief #show interface fax/x switchport #show spanning-tree vlan x # show interface trunk |
|
What is DHCP? |
Dynamic Host Configuration Protocol 1. uses UDP port 67 (client) and 68 (server) 2. Discovery, Offer, Request, Ack (DORA) |
|
What is a DHCP relay? |
A setting used to forward DHCP requests to a DHCP server residing on anther network. It is configured on the router interface. (config-if) ip helper-address x.x.x.x (ip of svr) |
|
What are the two categories that routing protocols belong to? |
1. Link State -Maintains a map of the entire network 2. Distance Vector -Sends entire routing table to neighbours -Only knows what the neighbour tells it -Loop prevention mechanisms required ...3. Advance Distance Vector |
|
What is a classful routing protocol? |
RIP |
|
What version of the RIP routing protocol is classless? |
RIPv2 (config) router rip (config-router) version 2 (config-router) no auto-summary auto summary occurs when you have networks advertised in different classes/subnets |
|
What does RIP use for route computation? |
Bellman-ford algorithm RIP uses UDP and port 520 multicast address 224.0.0.9 (RIPv2) |
|
What metric does RIP use? |
RIP Metric: HOPS (each router it passes through to reach the network/host adds 1 to the value) |
|
What does OSPF stand for? |
Open Shortest Path First 1. Link State routing protocol 2. Metric = bandwidth (sum of all interface costs to the destination) 3. Uses the dijkstra algorithm 4. Uses IP port 89 5. |
|
What multicast addresses does OSPF use? |
1. All OSPF routers: 224.0.0.5 2. DR-BDR OSPF routers: 224.0.0.6 |
|
What type of network does a router know by default? |
Configured active interfaces - |
|
Classfull IP ranges: A, B, C, D, E: |
A class: 0-127 - 255.0.0.0 B class: 128-191 - 255.255.0.0 C class: 192-223 - 255.255.255.0 D class: 224-239 (multicasting) - NIL Subnet mask E class: 240-255 - NIL Subnet mask |
|
What is administrative distance (AD)? |
Administrative Distance defines the reliability of the routing protocol. AD = [110/1] |
|
What are the administrative distance values? |
Connected INT - 0 Static Route - 1 EXT BGP - 20 EIGRP - 90 IGRP - 100 OSPF - 110 IS-IS - 115 RIP - 120 |
|
Access Control Lists types? |
Standard 1-99 Extended 100-199 Standard 48bit MAC address 700-799 Extended 48bit MAC address 1100-1199 Standard access list (expanded range) 1300-1999 Protocol type code 200-299 Extended (expanded range) 2000-2699 |
|
What is the implicit entry for any ACL? |
Implicit deny all at the end of the ACL |
|
What does a standard ACL match on? |
Source IP address - apply as close to the destination IP |
|
What does an extended ACL match on? |
Everything. IP/protocol/port number - apply as close to the destination device IP as possible |
|
What is the syntax to create a standard ACL?
|
(config) access-list 1-99 permit/deny x.x.x.x (config) ip access-list standard name - permit/deny x.x.x.x |
|
What is the syntax to create an extended ACL? |
(config) access-list 100-199 permit/deny . . . (config) ip access-list extended name - permit/deny ip . . . |
|
What is the syntax to add a permit/deny statement at a specific sequence number? |
(config) (seq-number) permit/deny . . . |
|
What is the syntax to resequence all of the sequence ACL numbers? |
(config) ip access-list resequence (name) x x - first x= sequence start number - second x= sequence number increment value |
|
EtherChannel standards? |
PAgP (CISCO pro) Port Aggregation Protocol LACP IEEE802.3ad (Link Aggregation Control Protocol) - both are negotiation protocols. Etherchannel can be statically configured without either. (config-if) # channel-group 1 mode on |
|
What is Port Channelling? |
Refers to combining two-to-eight Fast Ethernet or two-Gigabit Ethernet ports together between two switches into one aggregated logical link to achieve more bandwidth and resiliency |
|
What settings have to match on ports identified for EtherChannel? |
All links in the bundle must match the same parameters (speed, duplex, VLAN info), |
|
What is the command to add a specific interface to a single EtherChannel? |
(config-if)# channel-group |
|
Does the channel-group (number) have to match the (config)# interface port-channel (number)? |
Yes. |
|
What is the command to see etherchannel status/summary? |
# show etherchannel port-channel |
|
How is layer 3 EtherChannel used? |
You’d use layer 3 EtherChannel when connecting a switch to multiple ports on a router |
|
Syntax to configure L3 EtherChannel? |
(config)# int port-channel 1 (config-if)# ip address x.x.x.x (config-if)# int range g0/0-1 (config-if-range)# channel group 1 |
|
What is the command to see if an ACL is applied to an interface? |
#show ip interface |
|
What is the commend to see configured ACLs on a router? |
#show access-list |
|
What are the different types of Network Address Translation? |
Static NAT (one-to-one) Dynamic NAT (one to many; pool of IPs) Overloading (one-to-many) AKA Port Address Translation (PAT) |
|
What are addresses used after NAT called? |
Global Addresses inside global (public IP at private router) outside global (public IP at destination router) |
|
What are the addresses used before NAT called? |
Local Addresses inside local (private LAN address of host) outside local (private LAN address of destination server) |
|
Syntax to configure static NAT? |
(config)# ip nat inside source static (x.x.x.x inside local IP) (x.x.x.x outside global IP) (config-if)# ip nat inside/outside |
|
Syntax to configure Dynamic NAT? |
(config)# #ip nat pool WORD (x.x.x.x start IP) (x.x.x.x end IP) netmask (x.x.x.x subnet mask for IPs) #access-list 1 permit any/IP address #ip nat inside source list 1 pool WORD (config-if)# ip nat inside/outside |
|
Syntax to configure PAT (overloading)? |
(config)# ip access-list standard NAT (config-std-nacl)#permit any (config)# ip nat inside source list NAT interface fastEthernet 0/1 overload |
|
What is the command to verify NAT? |
#show ip nat translations #debug ip nat #clear ip nat translations #show ip nat statistics #show ip nat translations max-entries |
|
Which command will allow you to see real-time translations on your router? |
#debug ip nat |
|
Which command will show you all the translations active on your router? |
#show ip nat translations |
|
Which command will show you the summary of the NAT configuration on your router? |
# show ip nat statistics |
|
When creating a pool of global addresses, what can be used in lieu of the 'netmask command'? |
prefix-length (X1-32) |
|
What is the command to add a voice VLAN to a switchport? |
(config-if)#switchport voice VLAN x |
|
Does the switchport encapsulate the data VLAN frames when the switchport is configured for voice and data? |
No. Only the voice VLAN frames are encapsulated. |
|
What are the two dynamic discovery protocols? |
Cisco Discovery Protocol (cisco proprietary) Link Layer Discovery Protocol |
|
Syntax to see the global parameters of cdp?
|
# show cdp |
|
DP timer delimits how often CDP packets are transmitted out all active interfaces. |
CDP holdtime delimits the amount of time that the device will hold packets received from neighbor devices. |
|
Syntax to enable/disable CDP? |
(config)#cdp run (config)#no cdp run |
|
How to enable/disable cdp on a specific interface? |
(config-if)#cdp enable (config-if)#no cdp enable |
|
Syntax to see connected devices multicasting CDP packets? |
#show cdp neighbors #show cdp neighbors detail #show cdp entry * (show same info as detail) #show cdp entry XX(Device ID e.g. R2) |
|
What is the IEEE protocol for LLDP? |
802.1ab : for Station and Media Access Control Connectivity Discovery |
|
Syntax to enable/disable LLDP? |
(config)#lldp run (config)#no lldp run (config-if)#lldp transmit (config-if)#no lldp transmit (config-if)#lldp receive (config-if)#no lldp receive |
|
LLDP defines basic discovery capabilities, but it was also enhanced to specifically address voice applications. This version is called LLDP-MED (Media Endpoint Discovery). An important factor to remember is that LLDP and LLDP-MED are not compatible
|
NTP synchronizes clocks of computer systems over packet-switched, variable-latency data networks |
|
Correct network time within the network is important because?
|
It allows the tracking of events in the network in the correct order. Clock synchronization is critical for the correct interpretation of events within the syslog data. Clock synchronization is critical for digital certificates. |
|
A syslog server saves copies of console messages and can time-stamp them so you can view them later. What is the syntax? |
(config)# service timestamps log datetime msec |
|
What is the syntax to retrieve NTP data from an NTP server? |
(config)#ntp server 172.16.10.1 version (1-4) |
|
What is the syntax to turn a network device into a NTP server for your LAN? |
(config)# NTP master |
|
Syntax to verify device is receiving NTP information? |
#show ntp status #show ntp associations |
|
What is the NTP time synchronisation hierarchy? |
NTP server: makes its own time available as reference time for other clients. NTP peer: it compares its system time to other peers until all the peers finally agree about the "true" time to synchronise to. NTP client: it queries the reference time from one or more servers. |
|
What is SNMP? |
Simple Network Management Protocol (RFC 1065) |
|
SNMP is an Application layer protocol that provides a message format for agents on a variety of devices to communicate with network management stations (NMSs). |
Agents send messages to the NMS station, which then either reads or writes information into a database stored on the NMS called a Management Information Base (MIB). |
|
NMS periodically queries or polls the SNMP agent on a device to gather and analyze statistics via GET messages. End devices running SNMP agents would send an SNMP trap to the NMS if a problem occurs. |
SNMPv1: Supports plaintext authentication with community strings and uses only UDP. |
|
SNMPv2c: Supports plaintext authentication with community strings with no encryption. Provides GET BULK, to gather abundant information at once and minimize the number of GET requests. It offers a more detailed error message via a reporting method called INFORM, but it’s not really more secure than v1. It uses UDP even though it can be configured to use TCP. |
SNMPv3: Supports strong authentication with MD5 or SHA, providing confidentiality and data integrity of messages via DES or DES-256 encryption between agents and managers. GET BULK is a supported feature of SNMPv3, and this version also uses TCP |
|
A management information base (MIB) is a collection of information that’s organized hierarchically that can be accessed by protocols like SNMP |
Organizational IDs (OIDs) are laid out as a tree with different levels assigned by different organizations. Top-level MIB OIDs belong to various standards organizations |
|
To obtain information from the MIB on the SNMP agent, you can use several different operations: |
GET SET used to get information to the MIB from an SNMP agent WALK list information from successive MIB objects TRAP send a triggered piece of information to the SNMP manager INFORM same as trap but with an ack |
|
Syntax to enable SNMPv1? |
(config)# snmp-server community (name) ro/rw |
|
Syntax to add an ACL to the SNMP-server community? |
(config)# snmp-server community (name) (ACL name) snmp-server community (name) ro/rw (ACL name) |
|
Syntax to enable SNMPv2c traps? |
(config)# snmp-server host x.x.x.x version 2c (name community string) |
|
What are four popular ways to gather system logs from cisco devices? |
Logging buffer (on by default) Console line (on by default) Terminal lines (using the terminal monitor command) Syslog server |
|
Syntax to transmit syslog message to a server? |
(config)# syslog host x.x.x.x this command can be used without the 'host' and will work the same: syslog x.x.x.x logging informational |
|
What is the syntax to limit the severity level of syslog messages? |
(config)#logging trap x (level) 0-7 |
|
What is the system message format? |
Sequence number Facility Severity level Mnemonic Description |
|
What does SSH stand for? |
Secure Shell |
|
The show cdp neighbors command provides the following information: device ID, local interface, holdtime, capability, platform, and port ID (remote interface). |
NTP and SYSLOG supplement each other: (config)#service timestamps log datetime msec (config)#ntp server 172.16.10.1 version 4 |
|
What is the default syslog facility level? |
By default, syslog servers receive informational messages (level 6). |
|
What are the four primary threats to network security? |
Unstructured Threats Structured Threats External Threats Internal Threats |
|
What are the three primary network attacks? |
Reconnaissance attacks Access attacks Denial Of Service (DoS) attack |
|
What are four classes of malware? |
Virus Worm Trojan Horse Spyware |
|
What configuration can you implement for additional layer two security? |
Dynamic Arp Inspection DHCP Snooping Port Security |
|
The IEEE 802.1x standard permits the implementation of identity-based networking on wired and wireless hosts by using client-server access control. |
Client: is software that runs on a client, which is 802.1x compliant . Authenticator: (network device) is a proxy between the client and the authentication server Authentication server (RADIUS): Server that authenticates each client before making any services available |
|
AAA enables systematic access security both locally and remotely. |
Authentication requires users to prove that they are who they say they are. -validates users |
|
Authorization provides the needed resources specifically allowed to a certain user and permits the operations that specific user is allowed to perform. -sets user privileges |
Accounting records what the user actually did on the network as well as which resources they accessed. It also keeps track of how much time they spent using network resources. -logs user action |
|
What is the four step process for AAA authenticaion? |
1. Request authentication (client desktop) 2. Query AAA server (network device) 3. AAA server response 4. Access granted/rejected |
|
What are the three security server protocols supported by CISCO devices? |
RADIUS (uses UPD) Remote Authentication Dial-in User Service TACACS+ Terminal Access Controller Access Control System Kerberos |
|
It’s important to remember that RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. |
The aaa new-model command immediately applies local authentication to all lines and interfaces—except line con 0 |
|
Syntax to configure RADIUS |
(config)# aaa new-model (config)# radius-server host x.x.x.x key 0/7 (password) aaa group server radius MyRadiusGroup (config-sg-radius) server x.x.x.x aaa authentication login default group MyRadiusGroup local *local device login will be used if the AAA server cannot be reached. |
|
TACACS+ is a Cisco proprietary security server that uses TCP |
TACACS+ is configured the same way. Substitute radius-server with tacacs-server |
|
What does PKI refer to? |
Public Key Infrastructure (PKI) is a system that links users to public keys and verifies a user’s identity by using a certificate authority (CA). |
|
Syntax to configure enable password to authenticate with AAA? |
(config)#enable use-tacacs Use TACACS to check enable passwords (config)#enable last-resort Define enable action if no TACACS servers |
|
What are the three roles associated with IEEE 802.1x identity-based networking? |
Client (host device) Authenticator (network device) Authentication Server (AAA server) |
|
What does FHRP refer to? |
First hop redundancy protocols (FHRPs) work by giving you a way to configure more than one physical router to appear as if they were only a single logical one. |
|
What are the different flavours of FHRP? |
Hot Standby Router Protocol (HSRP) Cis Pro Virtual Router Redundancy Protocol (VRRP) Op S Gateway Load Balancing Protocol (GLBP) Cis Pro |
|
Does HSRP load balance? |
No, it does not load balance. HSRP is a Cisco proprietary protocol that provides a redundant gateway for hosts on a local subnet. HSRP allows you to configure two or more routers into a standby group that shares an IP and MAC address and provides a default gateway. |
|
Does VRRP load balance? |
VRRP (open source) also provides a redundant gateway for hosts on a local subnet, but again, not a load-balanced one. |
|
What are the HSRP standby group routers? |
Active router Standby router Virtual router Other router |
|
What should HSRP MAC addresses look like for version1 and 2? |
V1: 0000.0c07.acxx (xx=HSRP group number in hex) 0-255 V2: 0000.0c9F.Fxxx (xxx=HSRP group number in hex) 0-4095 |
|
What does the HSRP timer include? |
The HSRP timers include hello, hold, active, and standby. |
|
Explain the purpose of the Hello Timer? |
The hello timer is the defined interval during which each of the routers send out Hello messages. Their default interval is 3 seconds, and they identify the state that each router is in |
|
Explain the purpose of the Active Timer? |
The active timer monitors the state of the active router. The timer resets each time a router in the standby group receives a Hello packet from the active router. |
|
Explain the purpose of the Standby Timer? |
The standby timer is used to monitor the state of the standby router. The timer resets anytime a router in the standby group receives a Hello packet from the standby router and expires based on the hold time value that’s set in the respective Hello packet. |
|
Syntax to modify the hello timer interval? |
(config-if)# Standby 1 timers msec 200 msec 700 |
|
Define the role of Other router in HSRP? |
An HSRP group can include additional routers (up to 255 per group), which are members of the group but that don’t take the primary roles of either active or standby states. These routers send “speak” messages based on the hello timer interval that informs other routers of their position in an election. |
|
What is the state of an 'other' HSRP router? |
Listen |
|
Syntax to confirm HSRP config? |
#show standby #show standby brief |
|
What are the HSRP states? |
Initial (INIT) Learn Listen Speak Stanby Active |
|
What are the multicast addresses for HSRP? |
HSRP V1: 224.0.0.2 UDP 1985 HSRP V2: 224.0.0.102 UDP 1985 |
|
Define a VPN? |
VPNs are used daily to give remote users and disparate networks connectivity over a public medium like the Internet instead of using more expensive, permanent means. |
|
What are the benefits of VPNs? |
Security (IPsec and SSL fall into this category) Cost saving Scalability Compatibility with broadband technology |
|
What are the three different types of enterprise managed VPNs? |
Remote access VPN Site-to-site VPN (AKA Intranet VPN) Extranet VPN |
|
What are the two categories of provider-VPNs? |
MPLS VPN: Layer 2 MPLS VPN are a type of virtual private network (VPN) that uses MPLS labels to transport data Layer 3 MPLS VPN provides a Layer 3 service across the backbone and a different IP subnet connects each site |
|
What are the two typical technologies for layer 2 MPLS? |
Virtual private wire service (VPWS) is the simplest form for enabling Ethernet services over MPLS. Virtual private LAN switching service (VPLS) This is an end-to-end service and is virtual because multiple instances of this service share the same Ethernet broadcast domain virtually. |
|
What Does MPLS Stand For? |
Multiprotocol Label Switching (MPLS) is a term commonly heard when discussing telecommunications protocols. |
|
What are two methods for VPN creation? |
The first approach uses IPsec to build authentication and encryption services between endpoints on an IP network. The second way is via tunneling protocols |
|
What are the four most common tunnelling protocols in use today? |
Layer 2 Forwarding (L2F) Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Generic Routing Encapsulation (GRE) |
|
because by itself, IPsec can’t be used to encrypt non-IP traffic |
if you run into a situation where you have to encrypt non-IP traffic, you’ll need to create a Generic Routing Encapsulation (GRE) tunnel for it and then use IPsec to encrypt that tunnel! |
|
What are the two primary security protocols used by IPsec? |
Authentication Header (AH) Encapsulating Security Payload (ESP) |
|
IPsec uses various types of protocols to perform encryption. What are types of encryption algorithms used today? |
Symmetric encryption: This type of encryption requires a shared secret to encrypt and decrypt. Asymmetric encryption: Devices that use asymmetric encryption use different keys for encryption than they do for decryption. These keys are called private and public keys |
|
Examples of symmetric key encryption? |
Data Encryption Standard (DES) Triple DES (3DES) Advanced Encryption Standard (AES) |
|
What is an example of an asymmetric encryption? |
Rivest, Shamir, and Adleman (RSA). |
|
Does GRE encrypt packets by default? |
by itself, GRE offers no security—no form of payload confidentiality or encryption whatsoever. |
|
What does GRE stand for? |
Generic Routing Encapsulation |
|
IPSEC by itself doesn’t support IP broadcast or IP multicast, preventing the use of protocols that need them like routing protocols. |
Using GRE tunnels with IPsec allows you to run a routing protocol, IP multicast, as well as multiprotocol traffic across your network. |
|
Define QoS? |
QoS is used to manage contention for network resources for a better end-user experience |
|
QoS methods focus on one of five problems that can affect data as it traverses network cable, which are? |
Delay Jitter Dropped packets error out-of-order delivery |
|
Define the trusts areas. |
Untrusted domain network you’re not actively managing populated by PCs, printers, etc Trusted domain network with only administrator-managed devices like switches, routers, etc Trusted boundary Where packets are classified and marked |
|
What are the QoS mechanisms? |
Classification and marking tools Policing, shaping, and re-marking tools Congestion management or scheduling tools Link-specific tools |
|
Classification and Marking types? |
Class of Service (CoS) (wired) Type of Service (ToS) Differentiated Services Code Point (DSCP or DiffServ) Class Selector Traffic Identifier (TID) (wireless) |
|
What are the classification marking tools? |
Markings Addressing Application signatures |
|
How does QoS manage network traffic? |
Policers and shapers identify traffic violations in a similar way, but they differ in their responses |
|
What are tools for managing congestion? |
Queuing (or buffering) Scheduling - Strict priority scheduling - Round-robin scheduling - Weighted fair scheduling |
|
List other legacy queuing methods? |
First In First Out (FIFO) Priority Queuing Custom Queuing Weighted fair Queuing |
|
Two newer queuing mechanisms recommended for today’s rich-media networks? |
Class Based Weighted Fair Queuing (CBWFQ) Low Latency Queuing (LLQ): |
|
Cisco uses something called weighted random early detection, (WRED), a queuing method that ensures high-precedence traffic has lower loss rates than other traffic during times of congestion. |
Queuing algorithms manage the front of the queue, and congestion mechanisms manage the back of the queue. |
|
IPv6 Addresses? |
Global Unicast: 2000::/3 - 3FFF::/3 Link-local: FE80::/10 (equiv to 169.254.x.x) APIPA Unique local: FC00::/7 (private LAN) Multicast FF00::/8 |
|
When you run IPv4 and IPv6 on a router, you have what is called “dual-stack.” |
EUI-64 (extended unique identifier) format allows the device to use its MAC address and pad it to make the interface ID for the IPv6 address. |
|
Syntax to enable IPv6 routing on a router? |
(config)#ipv6 unicast-routing |
|
(config-if)# ipv6 address 2001:db8:3c4d:1::/64 eui-64 |
To configure a router so that it uses only link-local addresses, use the ipv6 enable interface configuration command: (config-if)#ipv6 enable |
|
Neighbor Discovery (NDP)ICMPv6 also takes over the task of finding the address of other devices on the local link. |
Neighbor discovery enables: Determining the MAC address of neighbors Router solicitation (RS) FF02::2 type code 133 Router advertisements (RA) FF02::1 type code 134 Neighbor solicitation (NS) Type code 135 Neighbor advertisement (NA) Type code 136 Duplicate address detection (DAD) |
|
The part of the IPv6 address designated by the 24 bits farthest to the right is added to the end of the multicast address FF02:0:0:0:0:1:FF/104 prefix and is referred to as the solicited-node address.
|
This IGMP function (ipv4) has been replaced by ICMPv6, and the process has been renamed multicast listener discovery. |
|
What does SPAN stand for? |
Switched Port Analyser |
|
How does SPAN assist with troubleshooting? |
SPAN is used to analyse network traffic passing through the port by sending a copy of the traffic to another port on the switch that’s been connected to a network analyser or other monitoring device. SPAN copies the traffic that the device receives and/or sends on source ports to a destination port for analysis. |
|
Syntax to enable SPAN? |
Step 1: Associate a SPAN session number with the source port of what you want to monitor. (config)#monitor session 1 source interface f0/1 Step 2: Associate a SPAN session number of the sniffer with the destination interface. (config)#monitor session 1 dest interface f0/2 |
|
Syntax to verify SPAN is configured? |
#show monitor |
|
What are VLAN troubleshooting commands? |
Show vlan Show vlan brief Show mac address-table Show interfaces interface switchport switchport access vlan vlan |
|
Trunk troubleshooting commands: #Show interfaces trunk #Show vlan #Show interfaces interface trunk #Show interfaces interface switchport #Show dtp interface interface |
(config-if) #switchport mode switchport mode dynamic #switchport trunk native vlan vlan |
|
What does CUWN stand for? |
Cisco Unified Wireless Networks |
|
Define the stand alone WAP? |
Not just any kind of AP can operate in the stand-alone model—only the autonomous variety of APs can do this. You configure them individually, and there’s no centralized administration point. |
|
Define the lightweight AP? |
APs are controlled and monitored by the WLC. All clients and APs transmit information back to the WLC, including stats about coverage, interference and even client data. |
|
What encapsulation protocol is used to transmit data between the AP and WLC? |
All transmitted data is sent between the APs and the WLCs via a mouthful of an encapsulation protocol called Control And Provisioning of Wireless Access Point (CAPWAP) |
|
What methods are used to join an AP to a WLC? |
Manual Method DNS Method DHCP Method |
|
What is the syntax to join an AP manually to a WLC? |
Use the following if AP has an IP assigned from a DHCP: >capwap ap controller ip address x.x.x.x If no IP has been assigned, also use: AP#capwap ap ip address 10.30.20.101 255.255.255.0 AP#capwap ap ip default-gateway 10.30.20.1 |
|
Explain how the DSN method works: |
To use the DNS method, create a DNS entry on a DNS server for CISCO-CAPWAP-CONTROLLER that points to my WLC AP-Manager IP |
|
Explain how the DHCP method works: |
The DHCP method uses hex to configure the feature. To get this done, build the hex string, which starts with F1 followed by 04 (4 x 1) if I have only one WLC in the list. It would be 08 (4 x 2) if I had two WLCs. |
|
The hex address = convert the WLC IP. If WLC IP is 10.10.10.10 the conversion is: 10 = 0A 10 = 0A 10 = 0A 10 = 0A hex address: F1040A0A0A0A |
If using two WLCs and the second WLC was 30.30.30.30, the conversion would be: 30 = 1E 30 = 1E 30 = 1E 30 = 1E hex address: F10800A0A0A0A1E1E1E1E |
|
Which option do you use in DHCP to add the hex value for the WLC? |
option 43: (config)#ip dhcp pool (name) (dhcp-config)#option 43 hex f104.0A0A.0A0A |
|
What is the WLC virtual interface IP by default? |
192.0.2.1 |
|
What is the syntax to configure a LAG/EtherChannel port to a WLC? |
(config-if)#channel-group X mode on note* must use mode 'on' as WLCs do not support LACP or PAGP autoconfigure. |
|
What are the AP modes? |
Local (default mode, client traffic to WLC) Monitor (NIL client traffic) Flexconnect (Can locally switch client traffic) Sniffer (troubleshoot) Rouge detector (tracks rouge APs in network) |
|
AP Modes Cont. Bridge (allows AP to AP connection) Bridge + Flex (Connects flex to mesh network) |
AP Modes Cont. SE-Connect (AP to SPEC-AN) Sensor used for: DNA Center’s Assurance feature |
|
What are the WLC and AP connections for access management? |
CDP Telnet SSH HTTP HTTPS Console RADIUS |
|
Does wireless support QoS? |
Yes. It will use the Best-Effort que by default. -Silver |
|
What are the QoS profiles available for wireless? |
Bronze (background queue) Silver (best-effort) Gold (video queue) Platinum (VOIP - voice queue) |
|
What transport layer protocol and port number does TACACS+ use for communication between network devices and AAA server? |
TCP - port 49 |
|
What transport layer protocol and port number does RADIUS use for communication between network devices and AAA server? |
UDP 1812 (for legacy servers) >2012: in addition, TCP port 1812 can also be used; this will service modern servers. |
|
What are virtualisation components? |
Hypervisor Virtualisation guest Virtual appliance Virtual switch Shared storage Virtual storage |
|
Define hypervisor? |
It is the server that hosts all of the virtual servers. |
|
Define virtualisation guest? |
A virtual server that runs on hypervisor (a host machine) |
|
Define a virtual appliance? |
a virtual solution provided by a vendor i.e. a virtual version of Cisco’s ASA firewall. |
|
Define a virtual switch? |
All virtualisation solutions/hosts have a virtual switch (vSwitch) that it utilised for internal frame switching. |
|
Does a hypervisor virtual switch run STP? |
No. |
|
Define shared storage? |
SAN or NAS through iSCSI or Fibre Channel. This will permit all hosts in your network to access common storage. |
|
Define virtual storage? |
Hypervisor/hosts will use its local storage to create a logical SAN across the network which all the virtual hosts can use as virtual machines. |
|
Name some virtual storage solutions? |
Cisco hyperflex VMWare virtual SAN Microsoft storage spaces |
|
What does JSON stand for? |
JavaScript Object Notation JSON structures data into key/value pairs separated with a colon inside of curly braces. |
|
What does YAML stand for? |
YAML Ain’t Markup Language (YAML) |
|
What are the main components of YAML? |
Mappings Lists Scalars |
|
What does API stand for? |
Application Programming Interfaces |
|
What is a common way to access APIs? |
Through Representational State Transfer (REST). REST is a resource-based API. |
|
What components are required to qualify as a Restful API? |
Client-Server Stateless Cacheable Uniform Interface Layered System Code on demand |
|
What framework is RESTful API built on? |
HTTP |
|
Restful architecture uses HTTP verbs to map to something called CRUD. What does CRUD stand for? |
Create Read Update Delete |
|
What are the HTTP verbs associated with API actions? |
HTTP VERB / API Action Post - Create Get - Read Put - Update/Retrieve Patch - Update/Modify Delete - Delete |
|
What are the virtualisation types? |
Type 1 metal hypervisor—when the entire server and OS is dedicated to virtualization Type 2 also called desktop virtualization. Virtualization solution runs on top of your desktop OS |
|
What does JSON stand for? |
JavaScript Object Notation (JSON) JSON structures data into key/value pairs separated with a colon inside of curly braces |
|
What does YAML stand for? |
Yet another markup language: data serialisation language which is used by growing number of tools such as Ansible. |
|
What are the three main components that make up YAML? |
Mappings Lists Scalars |
|
Define REST api? |
Application Programming Interfaces (APIs) allow you to quickly access an application resource without you having to manually map out the application and reverse engineer your own functionality. A RESTful API uses common HTTP requests to GET, PUT, POST, and DELETE data from a server or device. |
|
What is the syntax to configure port SPAN / mirroring? |
(config)# 1. monitor session (number) source interface gi1 2. monitor session (number) destination int gi2 #Show monitor session (number) |
|
What is the purpose of spanning tree? |
To stop layer 2 loops in the broadcast domain. |
|
What are the different versions of spanning tree? |
IEEE 802.1D - legacy (CST) IEEE 802.1W - rapid spanning tree (CST) IEEE 802.1S - MSPT (has two instances) PVST+ (1 instance per VLAN) rapid PVST (1 instance per VLAN) CST = Common Spanning Tree (1 instance) |
|
What are BPDUs?
|
Bridge Protocol Data Units. They are frames that contain information about the spanning tree protocol (STP)
|
|
By default, how often are BPDUs sent by the switch? |
Every two seconds |
|
What is contained within a BPDU? |
1. Bridge ID (priority + MAC) = 8 byte value - 2 byte priority - 6 byte system ID |
|
What is the default STP priority value? |
32768; hex= 8000 + system-id-ext (x) = vlan number. This value is added to the default priority. STP on VLAN 1 with a default STP priority. This equals 32769 STP pri = (priority + system-id-ext) |
|
What is the destination multicast address that BPDUs are sent to? |
MAC: (1:80:c2:00:00:00)
or for PVST: (01:00:0C:CC:CC:CD) |
|
What are the different types of BPDUs? |
Configuration BPDU Topology change BPDU Acknowledgement BPDU |
|
What is the 802.1D port cycle?
|
1. Blocking (max-age) 20 sec 2. Listening (fwd-delay) 15 sec - BPDUs sent 3. Learning (15 sec) - BPDUs sent (MAC address -table updated) 4. Forwarding |
|
If the switch port link is up, which 802.1D state does the port commence at? |
Listening |
|
How is the STP root port selected? |
1. Lowest path cost 2. Lowest neighbor bridge ID (if path equal cost) 3. Lowest port priority (128 by default) 4. Lowest port ID |
|
What is the syntax to utilise the newer version of STP path cost? |
(config)# spanning-tree pathcost method long |
|
What are the port states for rapid-spanning tree 802.1W? |
1. learning 2. forwarding 3. discarding |
|
Which 802.1D port states have been merged into the discarding state for 802.1W/rapid-pvst? |
1. disabled 2. blocking 3. listening |
|
What are the 802.1D port roles? |
1. Root port 2. Designated port 3. Blocking |
|
What are the 802.1W port roles? |
1. Root port 2. Alternate port (root backup) 3. Designated port (per network segment) 4. Backup port (designated backup) |
|
Why would STP block a port, knowing that it is to prevent loops, on a switch? |
Because the port was not assigned the root or designated port role. It will be assigned as either an alternate or backup port. |
|
What is the default interface port priority for STP? |
128 |
|
What are the types of STP links? |
1. Shared 2. Point-to-point 3. Edge |
|
What is the syntax to configure a point-to-point link? |
(config)#spanning-tree link-type point-to-point |
|
A port operating at full duplex will be assigned a ______ link state as default. |
point-to-point |
|
A port operating at half duplex will be assigned a ______ link state as default. |
shared |
|
What does RSTP use to achieve fast convergence? |
proposal/agreement handshake sequence |
|
What is BPDU |
Bridge Protocol Data Unit. |
|
What is BPDU guard? |
A security mechanism which will disable a port if any BPDUs are received on that port. |
|
What is the syntax to globally enable BPDU guard? |
(config)# spanning-tree portfast edge bpduguard Note: This affects all ports on the switch that have portfast enabled. This is disabled by default. |
|
What is the syntax to enable BPDU guard on an interface? |
(config-if)# spanning-tree bpduguard enable Note: Only affects the this specific port. Portfast does not have to be enabled on this port. The bpduguard will disable the port if a BPDU is received on this port. |