16 - IP Services I - Device Management and NAT Flashcards
Where do log messages display to by default without needing any further configuration?
Console
How do you tell IOS to send log messages to all logged users (Telnet, SSH)? What extra command must you use?
logging monitor
EXEC: terminal monitor
What does the terminal monitor command do?
Tells IOS that this terminal session would like to receive log messages
What does the logging monitor command do?
Tells IOS to enable sending of log messages to all logged messages
What two primary options does IOS provide to keep a copy of log messages?
- In RAM
- Syslog server
How do you tell IOS to store copies of log messages in RAM?
logging buffered
How do you configure a router / switch to send log messages to a syslog server?
logging host {address | hostname}
How would you disable timestamps and enable sequence numbers for logging?
no service timestamps
service sequence-numbers
What are the Cisco logging levels from 0 - 7?
Emergency Alert Critical Error Warning Notification Informational Debug
How would you set logging to levels 0 - 4 for console?
logging console 4
How do configure logging message levels for Syslog?
logging trap 4
How do you show logging configuration settings, basic stats and buffered logs?
show logging
How would you debug something such as OSPF messages?
debug ip ospf hello
Why should you be careful when enabling debug commands on production devices?
It uses the router CPU so can have performance impacts
How can you monitor CPU use?
show process cpu
What command enables the NTP client functionality on a device?
ntp server
What should you do before enabling NTP?
Set the time, and correct date / timezone.
Also tell the device to adjust for daylight savings time
How would you set the date, time and time zones?
clock timezone EST -5
clock summer-time EDT recurring
clock set 20:00:00 1 January 2020
How do you show the date and time?
show clock
What two ntp configuration commands does IOS supply?
ntp master
ntp server
What command is used to configure a device to only run as an NTP server?
ntp master {stratum level}
What command is used to configure a device to run as an NTP client and server?
ntp server {address | host}
How do you check NTP status?
show ntp status
How do you list all NTP servers a device can attempt to use and status information between them?
show ntp associations
What is the NTP stratum level?
Stratum level represents accuracy of a reference clock, based on number of hops away from an original given clock source. Lower stratum level is better
What default stratum level do routers and switches using for their internal reference clock?
8
What is the possible range of stratum values?
1 - 15
What are NTP primary and secondary servers?
Primary servers only act as a server, with a reference clock external to the device. They have a stratum level of 1.
Secondary servers use the client/server mode, relying on synchronization with some other NTP server
How would you configure an NTP server to use external servers but fallback to internal clocking if they fail?
ntp server time-a.com
ntp server time-b.com
ntp master 7 (worse stratum)
How can you use loopback interfaces in NTP for better availability?
You can use a virtual loopback interface and assign it an IP, which routing protocols can advertise about the subnet
How would you configure an NTP server to use a loopback interface?
interface loopback 0
ip address 172.16.10.0 255.255.255.0
ntp master 4
ntp source loopback 0
What is CDP and LLDP?
Cisco Discovery Protocol
Link Layer Discovery Protocol
What does CDP do?
Discover basic information about neighboring routers and switches without needing to know the passwords for them
What are some useful details CDP discovers?
- Device ID (usually host name)
- Address list (network and data-link)
- Port identifier
- Capabilities list
- Platform
What is the Port identifier in CDP?
The interface on the remote router or switch on the other end of the link that sent the CDP advertisement
What are two general roles CDP plays?
- Provide information to devices to support some function
- Provide information to network engineers that manage the devices
What do Cisco IP phones use CDP for?
To learn the data and voice VLAN IDs configured on the access switch
How do you list out one line summary information about each neighbor (all) or just a specific neighbor?
show cdp neighbors {interface}
How do you list out detailed information about neighbors?
show cdp neighbors detail
How do you list out detailed information about only one named neighbor?
show cdp entry {name}
True/False: Cisco routers and switches support the same CDP commands with same parameters and types of output
True
What Ethernet Multicast destination address does CDP use to make sure all devices receive a CDP message?
0100.0CCC.CCCC
How do you disable CDP on a given interface?
no cdp enable
How do you enable / disable CDP globally?
cdp run
no cdp run
How do you check if cdp is enabled on all interfaces or a given interface?
show cdp interface {interface}
How do you view statistics for CDP advertisements sent/received?
show cdp traffic
What layer protocol is CDP?
Layer 2
What is a difference between LLDP and CDP with respects to how device capabilities are represented in command output?
LLDP only displays enabled capabilities, whereas CDP shows all supported capabilities
LLDP uses capability code B (bridge) to represent switching capability
True/False: Both LLDP and CDP identify IGMP as a capability
False. Only CDP does, using capability code I
What type of code does CDP list that LLDP does not?
Platform code
What multicast address does LLDP use?
0180.C200.000E
Is LLDP enabled by default on Cisco devices?
No
What does LLDP do differently with respect to sending / receiving messages?
Separates the sending and receiving of LLDP messages as separate functions
How do you globally enable / disable LLDP?
lldp run
no lldp run
How do you control transmission / receiving of LLDP on interfaces?
lldp transmit
no lldp transmit
lldp receive
no lldp receive
What is the range of Private Class A addresses and how many networks is there?
10.0.0.0 - 10.255.255.255
1 Network (10.0.0.0)
What is the range of Private Class B addresses and how many networks is there?
172.16.0.0 - 172.31.255.255
16 Networks (172.16.0.0 - 172.31.0.0)
What is the range of Private Class C addresses and how many networks is there?
192.168.0.0 - 192.168.255.255
256 Networks (192.168.0.0 - 192.168.255.0)
How many TCP/UDP sessions approximately does NAT allow to be supported by a single public IPv4 address?
65,000
What are the two main benefits of CIDR?
- Allow route aggregation / summarization
- Allow subsets of classful networks to be distributed to customers
What is Source NAT?
NAT type that allows enterprises to use private addresses and still communicate with hosts in the internet. Source address are translated to a public IP when leaving the router
What is an Inside Local address?
Private IP on the inner side of the network
What is an Inside Global address?
The public IP used to represent the private IP on the outside
What is an Outside Global (Destination NAT)?
Address that represents a host that resides outside the enterprise which NAT does not change
What is Static NAT?
NAT where addresses are statically mapped to each other in 1 to 1 mapping
What is Dynamic NAT?
Similar to Static NAT.
1 to 1 mapping but dynamically assigned from a pool
How would you clear Dynamic NAT entries?
clear ip nat translation *
What is the preferred NAT method / type?
NAT Overload / PAT (Port Address Translation)
What is NAT Overload / PAT?
Allows NAT to support many client with only a few public IP addresses by also translating the port number when necessary to distinguish between multiple private IP addresses mapped to a single public IP
What does the NAT router keep in its NAT table entry when using PAT?
A unique entry for every unique combination of inside local IP and port with translation to the inside global address and unique port number to be associated with that entry
How would you configure static NAT?
int G0/1 (random inside port)
ip address 10.1.1.1 255.255.255.0
ip nat inside
int G1/0 (port to WAN)
ip address 200.1.1.1 255.255.255.0
ip nat outside
ip nat inside source static 10.1.1.2 200.1.1.2
What command creates a static NAT mapping?
ip nat inside source static {inside-local} {inside-global}
Are static NAT entries removed from the NAT table after timeouts?
No
How do you show information about NAT translations?
show ip nat translations
How do you show NAT statistics?
show ip nat statistics
True/False: You must specify inside and outside interfaces in both static and dynamic NAT
True
How does Dynamic NAT identify which inside local addresses need to have their address translated?
ACLs
What steps need to be taken to configure Dynamic NAT?
- Identify and mark inside NAT interfaces
- Identify and mark outside NAT interfaces
- Create ACL to match packets inbound to interface for which NAT should be performed
- Create NAT pool for inside global mapping outlining address range
- Tell NAT to use the pool and specify the ACL list
What command makes a pool of addresses for Dynamic NAT to use?
ip nat pool TestPool 200.1.1.1 200.1.1.2 netmask 255.255.255.252
How do you enable Dynamic NAT and tell it to use the ACL and pool?
ip nat inside source list 1 pool TestPool
What does the First “Misses” counter represent in the output of show ip nat statistics?
The number of times a new packet arrives and needs a NAT entry and doesn’t find one, at which point Dynamic NAT builds an entry
What does the Second “Misses” counter represent in the output of show ip nat statistics?
The number of misses in the pool. This occurs when dynamic NAT tries to allocate a new NAT table entry and finds no available addresses and the packet cannot be translated
How do you show debug info for NAT?
debug ip nat
What two variations of PAT are there?
- One that uses a pool of inside global addresses
- One that uses just one inside global IP
How do you configure PAT if you need a pool of addresses?
The same as Dynamic NAT but adding the overload keyword to the end of the ip nat inside source list command
ip nat pool TestPool 178.90.0.1 178.90.0.2 netmask 255.255.255.252
ip nat inside source list 1 pool TestPool overload
How do you configure PAT to just use a single Inside Global address?
Mark interfaces as inside or outside then:
ip nat inside source list 1 interface G1/0 overload
When configuring Static NAT using the ip nat inside source static command which address comes first?
Inside Local then the Inside Global
What are some common areas to check when troubleshooting NAT?
- Check ACLs
- Check Pool has enough addresses
- Inside and Outside interfaces
