ACL/OSPF Flashcards

1
Q

Which address is required in the command syntax of a standard ACL

A

source ip address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which statement describe a difference between the operation of inbound and outbounds

A

Inbound acl are processed before the packets are routed while outbound acls are processed after the routing is complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which three statements describes acl processing of packets

A

An implicit deny any rejects any packet that does not match any ACE
A packet can either be rejected or forwarding as directed by the ACE that is matched
Each statement is checked only until a match is detected or until a match is detected or until the end of the ACE list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What single access list statement matches all of the following networks?

  1. 168.16.0
  2. 168.17.0
  3. 168.18.0
  4. 168.19.0
A

access-list 10 permit 192.168.16.0 0.0.3.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task

A

Router1(config)# access-list 10 permit host 192.168.15.23

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

A

8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

A

Filter unwanted traffic before it travels onto a low-bandwidth link.

Place extended ACLs close to the source IP address of the traffic.

Place standard ACLs close to the destination IP address of the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

On which router should the show access-lists command be executed?

A

on the router that has the ACL configured*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the quickest way to remove a single ACE from a named ACL

A

Use the no keyword and the sequence number of the ACE to be removed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which feature will require the use of a named standard ACL rather than a numbered standard ACL

A

the ability to add additional ACEs in the middle of the ACL without deleting and re-creating the list*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

A

R1(config-line)# access-class 1 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which type of router connection can be secured by the access-class command

A

vty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the effect of configuring an ACL with only ACEs that deny traffic?

A

The ACL will block all traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of ACL statements are commonly reordered by the Cisco IOS as the first ACEs?

A

host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?

A

The ACL does not perform as designed.*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When would a network administrator use the clear access-list counters command?

A

when troubleshooting an ACL and needing to know how many packets matched*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which routing protocol is designed to use areas to scale large hierarchical networks?

  • RIP
  • EIGRP
  • OSPF
  • BGP
A
  • OSPF
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which two routing protocols are classified as distance vector routing protocols? (Choose two.)

  • OSPF
  • EIGRP
  • BGP
  • IS-IS
  • RIP
A
  • EIGRP

- RIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

After a network topology change occurs, which distance vector routing protocol can send an update message directly to a single neighboring router without unnecessarily notifying other routers?

  • IS-IS
  • RIPv2
  • EIGRP
  • OSPF
  • RIPv1
A
  • EIGRP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which feature provides secure routing updates between RIPv2 neighbors?

  • unicast updates
  • routing protocol authentication
  • keepalive messages
  • adjacency table
A
  • routing protocol authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is maintained within an EIGRP topology table?

  • all routes received from neighbors
  • the hop count to all networks
  • the area ID of all neighbors
  • the state of all links on the network
A
  • all routes received from neighbors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are two features of the OSPF routing protocol? (Choose two.)

  • automatically summarizes networks at the classful boundaries
  • has an administrative distance of 100
  • calculates its metric using bandwidth
  • uses Dijkstra’s algorithm to build the SPF tree
  • used primarily as an EGP
A
  • calculates its metric using bandwidth

- uses Dijkstra’s algorithm to build the SPF tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which two protocols are link-state routing protocols? (Choose two.)

  • RIP
  • OSPF
  • EIGRP
  • BGP
  • IS-IS
  • IGP
A
  • OSPF

- IS-IS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which routing protocol uses link-state information to build a map of the topology for computing the best path to each destination network?

+ OSPF
+ EIGRP
+ RIP
+ RIPng

A

+ OSPF

25
Q

Which two requirements are necessary before a router configured with a link-state routing protocol can build and send its link-state packets? (Choose two.)

  • The router has determined the costs associated with its active links.
  • The router has built its link-state database.
  • The routing table has been refreshed.
  • The router has established its adjacencies.
  • The router has constructed an SPF tree.
A
  • The router has determined the costs associated with its active links.
  • The router has established its adjacencies.
26
Q

What happens when two link-state routers stop receiving hello packets from neighbors?

  • They continue to operate as normal and are able to exchange packets.
  • They consider the neighbor to be unreachable and the adjacency is broken.
  • They create a default route to the adjacent router.
  • They will flood their database tables to each other.
A

They consider the neighbor to be unreachable and the adjacency is broken.

27
Q

Which two events will trigger the sending of a link-state packet by a link-state routing protocol? (Choose two.)

  • the router update timer expiring
  • a link to a neighbor router has become congested
  • a change in the topology
  • the initial startup of the routing protocol process
  • the requirement to periodically flood link-state packets to all neighbors
A
  • a change in the topology

- the initial startup of the routing protocol process

28
Q

What is the first step taken by a newly configured OSPF router in the process of reaching a state of convergence?

  • It builds the topological database.
  • It floods LSP packets to neighboring routers.
  • It learns about directly connected links in an active state.
  • It exchanges hello messages with a neighboring router.
A
  • It learns about directly connected links in an active state.
29
Q

Which two components of an LSP enable an OSPF router to determine if the LSP that is received contains newer information than what is in the current OSPF router link-state database? (Choose two.)

  • query
  • sequence numbers
  • acknowledgements
  • hellos
  • aging information
A
  • sequence numbers

- aging information

30
Q

Which statement is an incorrect description of the OSPF protocol?

  • Multiarea OSPF helps reduce the size of the link-state database.
  • OSPF builds a topological map of the network.
  • When compared with distance vector routing protocols, OSPF utilizes less memory and less CPU processing power.
  • OSPF has fast convergence.
A
  • When compared with distance vector routing protocols, OSPF utilizes less memory and less CPU processing power.
31
Q

What is a disadvantage of deploying OSPF in a large single area routing environment?

  • OSPF uses multicast updates.
  • OSPF uses excessive LSP flooding.
  • OSPF uses a topology database of alternate routes.
  • OSPF uses a metric of bandwidth and delay.
A
  • OSPF uses excessive LSP flooding.
32
Q

Match the features of link-state routing protocols to their advantages and disadvantages. (Not all options are used.)

  • bandwidth consumption
  • event-driven updates
  • using hop count as metric
  • building a topological map
  • memory usage
  • fast convergence
  • sending updates with broadcast
  • CPU processing time
A

Advantage

  • event-driven updates
  • building a topological map
  • fast convergence

Disadvantage

  • bandwidth consumption
  • memory usage
  • CPU processing time
33
Q

what is OSPF?

A

Open Shortest Path First uses a link-state algorithm to build and calculate the shortest path to all known destinations. Each router in an OSPF area contains an identical link-state database, which is a list of each of the router-usable interfaces and reachable neighbors.OSPF is a link-state protocol based on the open standard. At a high level, OSPF
operation consists of three main elements: neighbor discovery, link-state information
exchange, and best-path calculation.
To calculate the best path, OSPF uses the shortest path first (SPF) or Dijkstra’s algorithm. OSPF was developed by the Internet Engineering Task Force (IETF) to overcome the
limitations of distance vector routing protocols. One of the main reasons why OSPF is
largely deployed in today’s enterprise networks is the fact that it is an open standard; OSPF offers a large level of scalability and fast convergence. Despite its relatively simple
configuration in small and medium-size networks, OSPF implementation and troubleshooting
in large-scale networks can at times be challenging.

34
Q

what are the RFC of OSPF?

A

Version 1 of the protocol is described in the RFC 1131. The current version used for IPv4, Version 2, is specified in RFCs 1247 and 2328. OSPF Version 3, which is used in IPv6 networks, is specified in RFC 5340.

35
Q

what are the key features of OSPF?

A

• Independent transport: OSPF works on top of IP and uses protocol number 89. It
does not rely on the functions of the transport layer protocols TCP or UDP.
• Efficient use of updates: When an OSPF router first discovers a new neighbor, it
sends a full update with all known link-state information. All routers within an OSPF area must have identical and synchronized link-state information in their OSPF link-state databases. When an OSPF network is in a converged state and a new link
comes up or a link becomes unavailable, an OSPF router sends only a partial update to
all its neighbors. This update will then be flooded to all OSPF routers within an area.
• Metric: OSPF uses a metric that is based on the cumulative costs of all outgoing
interfaces from source to destination. The interface cost is inversely proportional to
the interface bandwidth and can be also set up explicitly.
• Update destination address: OSPF uses multicast and unicast, rather than broadcast,
for sending messages. The IPv4 multicast addresses used for OSPF are 224.0.0.5 to
send information to all OSPF routers and 224.0.0.6 to send information to DR/BDR
routers. The IPv6 multicast addresses are FF02::5 for all OSPFv3 routers and FF02::6
for all DR/BDR routers. If the underlying network does not have broadcast capabilities,
you must establish OSPF neighbor relationships using a unicast address. For
IPv6, this address will be a link-local IPv6 address.
• VLSM support: OSPF is a classless routing protocol. It supports variable-length subnet
masking (VLSM) and discontiguous networks. It carries subnet mask information
in the routing updates.
• Manual route summarization: You can manually summarize OSPF interarea routes
at the Area Border Router (ABR), and you have the possibility to summarize OSPF
external routes at the Autonomous System Boundary Router (ASBR). OSPF does
not know the concept of autosummarization.
• Authentication: OSPF supports clear-text, MD5, and SHA authentication.

36
Q

what is the IP protocol number used by OSPF?

A

OSPF works on top of IP and uses protocol number 89. It does not rely on the functions of the transport layer protocols TCP or UDP.

37
Q

why do ospf uses areas?

A

If you run OSPF in a simple network, the number of routers and links are relatively
small, and best paths to all destinations are easily deduced. However, the information
necessary to describe larger networks with many routers and links can become quite
complex. SPF calculations that compare all possible paths for routes can easily turn into
a complex and time-consuming calculation for the router.
One of the main methods to reduce this complexity and the size of the link-state
information database is to partition the OSPF routing domain into smaller units called
areas

38
Q

OSPF uses a two-layer area hierarchy, what are these?

A

Backbone area, transit area or area 0: Two principal requirements for the backbone area are that it must connect to all other nonbackbone areas and this area must be always contiguous; it is not allowed to have split up the backbone area. Generally, end users are not found within a backbone area.
• Nonbackbone area: The primary function of this area is to connect end users and resources. Nonbackbone areas are usually set up according to functional or geo-
graphic groupings. Traffic between different nonbackbone areas must always pass
through the backbone area.

39
Q

OSPF routers has different names based on their roles, what are these?

A

• ABR: A router that has interfaces connected to at least two different OSPF areas, including the backbone area. ABRs contain LSDB information for each area, make
route calculation for each area and advertise routing information between areas.
• ASBR: ASBR is a router that has at least one of its interfaces connected to an OSPF area and at least one of its interfaces connected to an external non-OSPF domain.
• Internal router: A router that has all its interfaces connected to only one OSPF area. This router is completely internal to this area.
• Backbone router: A router that has at least one interface connected to the back- bone area.

40
Q

OSPF network design restriction, what is this?

A

If more than one area is configured, known as
multi-area OSPF, one of these areas must be area 0. This is called the backbone area.The backbone has to be at the center of all other areas, and other areas have to be connected to the backbone. The main reason is that OSPF expects all areas to inject routing
information into the backbone area, which distributes that information into other areas. Another important requirement for the backbone area is that it must be contiguous. In other words, splitting up area 0 is not allowed.

41
Q

what are the five ospf message types?

A

• Type 1: Hello packet: Hello packets are used to discover, build, and maintain OSPF
neighbor adjacencies. To establish adjacency, OSPF peers at both sides of the link
must agree on some parameters contained in the Hello packet to become OSPF
neighbors.
• Type 2: Database Description (DBD) packet: When the OSPF neighbor adjacency
is already established, a DBD packet is used to describe LSDB so that routers can
compare whether databases are in sync.
• Type 3: Link-State Request (LSR) packet: When the database synchronization pro-
cess is over, the router might still have a list of LSAs that are missing in its database.
The router will send an LSR packet to inform OSPF neighbors to send the most
recent version of the missing LSAs.
• Type 4: Link-State Update (LSU) packet: There are several types of LSUs, known as
LSAs. LSU packets are used for the flooding of LSAs and sending LSA responses to
LSR packets. It is sent only to the directly connected neighbors who have previously
requested LSAs in the form of LSR packet. In case of flooding, neighbor routers are
responsible for re-encapsulation of received LSA information in new LSU packets.
• Type 5: Link-State Acknowledgment (LSAck) packet: LSAcks are used to make
flooding of LSAs reliable. Each LSA received must be explicitly acknowledged.
Multiple LSAs can be acknowledged in a single LSAck packet.

42
Q

what are the things that are needed to match and those doesn’t for an OSPF to establish neighborship?

A
must match :
area number
hello timers
MTU
area types

must not match :
process-id

43
Q

how do you enable the OSPF Process?

A

router ospf [process-id]

44
Q

how many areas can you configure it an interface?

A

only one.

45
Q

what happen when the address ranges specified for different areas overlap?

A

If the address ranges specified for different areas overlap, IOS will adopt the first area in the network command list and ignore subsequent overlapping portions. To avoid conflicts, you must pay special attention to ensure that address ranges do not overlap.

46
Q

what is an OSPF Router ID and how can you configure it?

A

The OSPF router ID is a fundamental parameter for the OSPF process. For the OSPF process to start, Cisco IOS must be able to identify a unique OSPF router ID. Similar to EIGRP, the OSPF router ID is a 32-bit value expressed as an IPv4 address. At least one primary IPv4 address on an interface in the up/up state must be configured for a router to be able to choose router ID; otherwise, an error message is logged, and the OSPF process does not start.

router-id [ip-address]

47
Q

how can you verify what router-id the router is using?

A

R2# show ip protocols

48
Q

when ospf learn routes, it will be distinguished as what types?

A

OSPF clearly distinguishes
two types of routes: intra-area routes and interarea routes. Intra-area routes
are routes that are originated and learned in the same local area. Code for the intra-area
routes in the routing table is O. The second type is interarea routes, which originate in
other areas and are inserted into the local area to which your router belongs. Code for
the interarea routes in the routing table is O IA. Interarea routes are inserted into other
areas on the ABR.

49
Q

By default, OSPF will advertise any subnet configured on the loopback
interface as /32 host route, how can you change this?

A

ip ospf network point-to-point

50
Q

what is the default OSPF interface priority?

A

Every broadcast and NBMA OSPF-enabled interface is assigned a
priority value between 0 and 255. By default, in Cisco IOS, the OSPF interface priority
value is 1 and can be manually changed by using the ip ospf priority interface command.

51
Q

what is an OSPF hello and dead timers?

A

Similar to EIGRP, OSPF uses two timers to check neighbor reachability: the hello and
dead intervals. The values of hello and dead intervals are carried in OSPF Hello packets
and serve as a keepalive message, with the purpose of acknowledging the presence of the
router on the segment. The hello interval specifies the frequency of sending OSPF Hello
packets in seconds. The OSPF dead timer specifies how long a router waits to receive a
Hello packet before it declares a neighbor router as down.

52
Q

what is the default value of OSPF hello and dead timers?

A

The default value of the OSPF hello interval on broadcast multiaccess (Ethernet) and
point-to-point links is 10 seconds, and the default value of the dead interval is four times
hello (40 seconds). Default values of the OSPF hello and dead timers on all other OSPF
network types, including nonbroadcast (NBMA) like Frame Relay on the Serial 2/0 interface,
are 30 seconds and 120 seconds, respectively.

53
Q

what is the command to change the default hello and dead timer?

A

R1(config-if)# ip ospf hello-interval [value]
R1(config-if)# ip ospf dead-interval [value]

When you configure the hello interval, the default value of the dead interval is automatically adjusted to four times the hello interval.

54
Q

what command confirms that full OSPF adjacency is established. The output also shows additional information about neighbor router ID, DR/BDR roles, and how long the neighbor session has been established ?

A

show ip ospf neighbor detail

55
Q

what is the default timer on an OSPF point to point links?

A

The default OSPF hello and dead timers on point-to-point links are 10 seconds and 40 seconds, respectively

56
Q

what does Forward Address: 0.0.0.0 means?

A

The zero forwarding

address tells the rest of the routers in the OSPF domain that ASBR itself is the gateway to get to the external routes.

57
Q

how does OSPF chose the best path?

A

When SPF is trying to determine the best path toward a known destination, it compares total costs of specific paths against each other. The paths with the lowest costs are selected as the best paths. The OSPF cost is an indication of the overhead to send packets over an interface.

58
Q

what is the OSPF best route formula?

A

Cost = Reference bandwidth / Interface bandwidth

The cost value is a 16-bit positive number between 1 and 65,535, where a lower value is
a more desirable metric. Reference bandwidth is set to 100 Mbps by default. The metric is only relevant on an outbound path; route decisions are not made
for inbound traffic. The OSPF cost is recomputed after every bandwidth change, and the
Dijkstra’s algorithm determines the best path by adding all link costs along a path.The metric is only relevant on an outbound path; route decisions are not made
for inbound traffic. The OSPF cost is recomputed after every bandwidth change, and the
Dijkstra’s algorithm determines the best path by adding all link costs along a path.

59
Q

what two major problems does route summarization solves?

A
  • Large routing tables

* Frequent LSA flooding throughout the autonomous system