1.0 Architecture 15% Flashcards
What are the components of the Cisco Enterprise 3-tier architecture?
Core Layer
Distribution Layer
Access Layer
layer that provides network connectivity for end-user devices such as computers, printers, and IP phones
Access Layer
Ideal layer to perform user authentication, port security, Network Admission Control (NAC), Quality of Service (Qos) classification and marking, and Power over Ethernet (PoE).
Access Layer
What is the purpose of classification and marking?
ensure that different categories of traffic, such as voice, video, and data, receive enough bandwidth to ensures acceptable levels of service through the network
Layer that is traditionally implemented with multilayer switches, performs QoS resource reservation, interVLAN routing, packet manipulation, route filtering, and summarization
Distribution Layer
typically provides the fastest switching path in the network, and is primarily associated with low latency and high reliability
Core Layer
Cisco two-tier architecture where the functionality of the core layer is provided by the distribution layer?
Collapsed Core
What is a drawback of using a collapsed core design?
the topology does not scale well beyond a small number of swithces so it is only recommended for small campuses
What modules make up the Cisco Enterprise Architecture model?
- Enterprise Campus
- Enterprise Edge
- Service Provider Edge
- Remote Locations
What network services are provided by the data center submodule in the Cisco Enterprise Architecture Model?
- Applications
- DHCP
- DNS
- File Services
provides connectivity to the service provider infrastructure and the internal network
Enterprise Edge
module that contains teleworkers, branch offices, and any other enterprise network components that are geographically distant from the main headquarters
Remote Locations
Internet, MPLS, Metro Ethernet and other WAN service providers are contained within what module?
Service Provider Edge
Describe the attributes of the Hot Standby Routing Protocol (HSRP)
- Cisco Proprietary
- HSRP gateways share a virtual IP and a Virtual MAC
- Each HSRP group contains one active router and one standby router
- Only the active router responds to ARP requests and forwards traffic
Describe the attributes of the Virtual Router Redundancy Protocol (VRRP)
- IETF Standard
- VRRP gateways share a virtual IP and a Virtual MAC
- Each VRRP group contains one master virtual router and one or more backup virtual routers
- Only the master virtual router responds to ARP requests and forwards traffic
Describe the attributes of the Gateway Load Balancing Protocol (GLBP)
- Cisco Proprietary
- Share a virtual IP address but have individual virtual MAC addresses
- Each GLBP group contains an Active Virtual Gateway (AVG), up to four Active Virtual Forwarders (AVFs), and several Secondary Virtual Forwarders (SVFs)
- The AVG and AVFs can all forward traffic thereby providing redundancy and load balancing
What modes can a redundant supervisor module be configured in?
- Route-processor redundancy (RPR)
- RPR Plus (RPR+)
- Stateful Switchover (SSO)
- SSO with Nonstop Forwarding (NSF)
What are the features of the Route-processor redundany (RPR) mode?
- standby supervisor module partially boots and intializes
- Failover time is greater than 2 minutes
- Traffic is disrupted
What are the features of (RPR+) mode
- The standby supervisor fully boots and intialized without Layer 2 and Layer 3 functionality
- Failover time greater than 30 seconds
- Traffic is disrupted
What are the features of SSO mode
- the standby supervisor fully boots, intializes, and synchronizes
- Failover time is greater than 1 second
- Layer 2 port states are maintained
- Layer 3 forwarding is disrupted
What are features of SSO with NSF
- Failover time is reduced to milliseconds
- NSF-enabled devices prevent Layer 2 and Layer 3 disruptions
Which deployment solution gives organizations more control and customization, is easier to secure, and has lower latency?
On-premises
Which deployment model has lower-up front cost, does not require hiring of staff, and is easier to scale?
Cloud Deployment
Which deployment model has higher up-front costs, requires hiring staff, and is harder to scale?
On-premises
Which deployment model gives the service provider full control, is harder to secure, and has higher latency and service interuptions?
Cloud Deployment
What are the four primary workflows of the DNA Center Applications?
- DNA Design
- DNA Policy
- DNA Provision
- DNA Assurance
What subsystems of Cisco DNA Center operate at the controller layer?
- Network Control Platform (NCP)
- Network Data Platform (NDP)
Provides the underlay and fabric automation for the network layer and physical layer
Network Control Platform (NCP)
What facilitates the automation of the management tasks by enabling the controller to communicate with applications rather than relying on an administrator to manually intervene?
Application Programming Interfaces (APIs)
NCP can configure network devices by using NETCONF which is what type of API?
Southbound
What northbound API is used by NCP to communicate status information to the management plane?
Representational State Transfer (REST)
What are some sources of information from which NDP can collect and analyze data and present it in a contextualized format to NCP and ISE?
- Netflow
- Switchport Analyzer (SPAN)
Which Cisco DNA Center subsystem provides status messages to the management layer?
Network Data Platform (NDP)
What access layer mechanisms can Cisco ISE use to provide Network Access Control (NAC) and identy services?
- 802.1x
- MAC Authentication Bypass (MAB)
- Web Authentication (WebAuth)
What function of ISE translates administrator-created group-based policies into configuration changes that are automatically applied to network devices within the fabric?
Policy Services
Which portion of the SDN fabric is the collection of devices, interfaces, and media that comprises the IP netowrk that connects each fabric node?
Underlay Network
What are some routing protocols that are typically included in the underlay network?
- IS-IS
- OSPF
- EIGRP
Why is IS-IS the Cisco recommended routing protocol for SDN networks, as opposed to OSPF or EIGRP?
Because it typically performs better and is able to form neighbor relationships without a dependance on IP protocol configuration or operation
Which planes of the SDN fabric operate with the overlay network?
- Data Plane
- Control Plane
True or False
Only one overlay network can be implemented on top of a single underlay network?
False.
Multiple overlay networks can be implemented on a single underlay network.
What are some common overlay network protocols?
- VXLAN
- VRF
- Network Virtualization using GRE (NVGRE)
- GRE
- Overlay Transport Virtualization (OTV)
- Multicast VPN (mVPN)
What are the primary components of the Cisco SD-WAN solution and where dooes each reside?
- vManage Network Management System (NMS) in the Management Plane
- vEdge and cEdge Routers in the Data Plane
- vBond Orchestrator in the Orchestration Plane
- vSmart Controller in the Control Plane
Which SD-WAN component provides a single GUI to configure and manage the components of the SD-WAN architecture and can include enhanced monitoring and analysis capabilities?
vManage NMS
What components manage the data plane, form the IP fabric, and handle all routing decisions of SD-WAN overlay network?
vEdge and cEdge Routers
What are the features of the vBond component of the Cisco SD-WAN solution?
- Manages the orchestration plane
- Authenticates Edger routers and vSmart Controllers
- Has a publicaly routable IP address
- Uses load-balancing mechanisms to ensure efficient distribution of controllers
Which SD-WAN component manages the control plane and ensures that only authenticated devices can access the SD-WAN?
vSmart Controller
What protocol is used by the vSmart Controller to distribute routing information, security keys, and policy configurations to Edge routers?
Overlay Management Protocol
What type of tunnel is used by the vSmart controller to communicate with Edge routers and the vBond orchestrator?
Datagram Transport Layer Security (DTLS) tunnels
What type of wireless deployment has the WLC in a data center or near the network core in order to maximize the number of number of APs joined to it based on the concept that most of the resources users need to reach are located together?
Centralized Deployment
How does a centralized wireless deployment affect security?
A centralized WLC enables security policies for wireless clients to be centralized as well.
How many APs and wireless clients can one large enterprise WLC support?
6000 APs and 64,000 clients
What type of wireless deployment uses fully functional, stand-alone access points that do not need a WLC?
Autonomous Deployment
Distributed wireless deployments that use APs with embedded wireless controllers (EWCs) are considered what category of wireless deployments?
Controller-less deployment
What are the two categories of wireless deployments?
Controller-based and Controller-less
How does an autonomous deployment affect the data path compared to a centralized deployment?
An autonomous deployment allows clients to send traffic to each other directly through the autonomous access point, whereas the centralized deployment requires clients to send traffic though the access point, over a CAPWAP tunnel to the WLC, then information is dencapsulated, inspected, reencapsulated, then sent back down to the intended recipient wireless client