BOSON Notes Flashcards
DAI
DAI – helps mitigate ARP poisoning attacks (AKA ARP spoofing attack).
DAI inspects traffic on ingress ports to ensure that incoming traffic does not contain any ARP reply packs from host computers.
IPv6 Address Types
2000::/3 – global aggregatable unicast address
FC00::/8 FD00::/8 – unicast site-local address
FF00::/8 – multicast address
FF01::/16 - node-local
FF02::/16 - link-local
FF05::/16 - unique-local / site-local
FF05::1 – site-local multicast used to send packet to all nodes in a site
FF05::2 – site-local multicast used to send packets to all routers in a site
FF08::/16 - organization-local
FF0E::/16 - global
Multicast Address
- 0.0.1 - FF02::1 - All hosts
- 0.0.2 - FF02::2 - All routers
- 0.0.5 - FF02::5 - All OSPF routers
- 0.0.6 - FF02::6 - All OSPF DRs
- 0.0.9 - FF02::9 - All RIP Routers except RIP1
- 0.0.10 - FF02::10 - All EIGRP Routers
GRE
GRE provides broadcast and multicast packet encapsulation.
GRE can tunnel traffic from one network to another without requiring the transport network to support the network protocols in use at the tunnel source or tunnel destination,
IPSec can only transport IP traffic.
EtherChannel
EtherChannel can aggregate up to eight active SW ports in the bundle that forms the logical link between switches.
Must be configured with the same speed and duplex settings.
In PAgP the desirable keyword means actively negotiate, auto keyword configures the channel to listen.
In LACP the active keyword means actively negotiate and the passive keyword means to listen for LACP negotiation to be offered.
802.3ad
SDN
In a controller-based network, a centralized controller connects to the application plane by using northbound API, it will communicate to this plane by using REST or Java Open Service Gateway Initiative (OSGI).
A centralized controller connects to the data plane by using a southbound API (NETCONF, OpenFlow, OpFlex, OnePK).
L2 + L3 SW operates in the data plane.
controller based network, such as SDN
In a controller-based network, such as SDN, the control plane is centralized. It is responsible for network decision-making in both the controller-based network and a traditional network.
In a controller-based network, the decision-making logic is either moved to a central controller or monitored by a central controller.
Northbound API
Northbound API – SDN controller to communicate with applications in the application plane.
Southbound API
Southbound API – SDN controller to communicate with devices in the data plane. (EDGE DEVICES)
NETCONF, OnePK, OpFlex = Southbound API. Used to communicate with the data plane.
management plane
management plane consists of network management protocols (Telnet, SSH, SNMP, SYSLOG), which allow an admin to connect to and manage a network device.
GLBP
GLBP allows us to config multiple routers as a GLBP group, the routers in the group receive traffic sent to a virtual IP address that is configured for the group.
GLBP is a cisco proprietary FHRP
Each GLBP group contains an active virtual gateway (AVG) which is elected based on the highest priority value, or with the highest IP address.
Maximum of four primary AVF (Active Virtual Forwarder) can participate in forwarding traffic.
GLBP MAC = 0007.B400.xxyy
HSRP
HSRP – can be used to provide backup router coverage. One virtual ip and mac can be used.
Cisco Proprietary
Multiple routers are assigned to an HSRP group, and the routers function as a single gateway.
HSRP group contains one active router and one standby router.
HSRPv1 = 0000.0C07.AC0B
HSRP v2 = 0000.0C9F.F00A,
HSRP v3 IPv6 MAC = 0005.73A0.0000,
VRRP
VRRP – Routers assigned to a VRRP group, the group functions as a single gateway for clients.
A VRRP group has one master router, all others are backup routers.
A MAC address is used to identify VRRP group to clients.
VRRP MAC = 0007.5E00.01xx
RC4
RC4 – is a stream cipher encryption used in WEP
TKIP
TKIP – used to provide MIC (Message Integrity Checks) and encryption in the WPA protocol.
OSPF broadcast
OSPF broadcast network type is enabled by default on FDDI and ethernet interfaces, including FE and GE interfaces.
DR/BDR election is performed
Hello Dead 10/40
OSPF nonbroadcast
OSPF nonbroadcast network type is enabled by default on Frame Relay and X.25.
DR/BDR election is performed
Hello/Dead 30/120
OSPF Point-Point network
OSPF Point-Point network type is enabled by default on HDLC (High-level Data Link Control) and PPP serial interfaces.
DR and BDR elections not performed.
Hello Dead 10/40
OSPF point-to-multipoint
OSPF point-to-multipoint network (Multicast updates are sent)
DR/BDR election is NOT performed
hello / dead 30/120.
OSPF point to multipoint nonbroadcast
OSPF point to multipoint nonbroadcast networks (do not allow multicast). The neighbor command is required to establish adjacencies.
Hello and dead is 30/120
Ethernet links
Ethernet links are 10 Mbps,
FE Links are 100 Mbps,
GE links are 1000 Mbps
CDP/LLDP advertisements / retention
LLDP advertisements are sent every 30 seconds, LLDP info will be retained for 120 seconds on a Cisco Switch.
CDP sends advertisements every 60 seconds,, it can also provide VTP (VLAN Trunking Protocol) where as LLDP cannot.
DTP stuff
DTP has Auto and Desirable. Auto operates in access mode unless the neighboring interface actively negotiates to operate as trunk.
Desirable operates in access mode unless it can actively negotiate a trunk connection with a neighboring interface.
switchport nonegotiate DTP is disabled.
By default, DTP is automatic on Cisco switches.
DTP uses native VLAN to negotiate a trunk link.
Manually configured trunk and access ports will automatically disable DTP.
WRED (Weighted Random Early Detection)
WRED (Weighted Random Early Detection) – congestion avoidance mechanism that allows packet loss caused by tail drop, which occurs when new incoming packets are dropped because a rotuers queues are too full to accept.
Taildrop effects TCP, as when packets are dropped TCP must retransmit.
lightweight AP
In a split-MAC deployment a lightweight AP is responsible for prioritizing packets and responding to beacon and probe requests.
WLC handles tasks that are not time-sensitive, such as security management, lightweight AP configuration management, and client load balancing.
WLC is also responsible for client association requests, data encapsulation, client authentication, key exchange, security policy enforcement, and RF management.
Spanning-tree root guard
Spanning-tree root guard – prevent the new SW from being elected to root.
When STP is used, the device with the lowest priority is elected root. Applied on per-port basis.
PortFast
PortFast is a feature that provides immediate accessibility to the network for edge ports, such as access ports that are connected to end-user workstations.
It allows faster connectivity for hosts connected to an access-layer SW port. It skips the listening and learning states
Loop Guard
The loop guard feature prevents non-designated ports from accidentally forming bridging loops if the steady flow of BPDU is interrupted.
BPDU guard
BPDU guard is used to disable ports that incorrectly receive BPDUs.
It is applied to edge ports that have PortFast enabled.
BPDUs is a data message transmitted across a LAN SW to detect loops in a network. (Contains info on STP)
Power policing
Power policing is a cisco feature that enables a SW to monitor the current draw of connected devices and take action if the draw exceeds the amount allocated.
The power inline police command from config mode enables the default settings. It will generate a message to console and err-disable the port, effectively shutting it down.
MAC spoofing
MAC spoofing – uses the MAC address of another known host on the network in order to bypass port security measures. Can be used to impersonate
MAC Flooding
MAC Flooding - intention of overwhelming the switch’s MAC address table.
SW will not be able to make intelligent decisions and all traffic is flooded. AKA CAM table overflow attack (Content Addressable Memory)
ARP poisoning aka ARP spoofing
ARP poisoning aka ARP spoofing – DAI mitigates arp poisoning.
Gratuitous ARP message is sent to host, the GARP message associated the attacker’s MAC address with the IP of a valid host on the network.
VLAN Hopping attack
VLAN Hopping attack – Attacker attempts to inject packets into other VLANs by accessing the VLAN trunk and double tagging 802.1Q frames.
DISABLE DTP to mitigate
SDN Stuff
Overlay - Creates VXLAN tunnels between SDA SWs
Underlay - Collection of devices that comprises the IP network that connects to each fabric node.
Fabrics - Entirety of the overlay network and the underlay network.
NorthBound API - SDN controller to communicate with applications in the application plane.
SouthBound API - SDN controller communicates with devices in the data plane.
SYSLOG LEVELS
0 - Emergencies 1 - Alerts 2- Critical 3 - Errors 4 - Warnings 5 - Notifications 6 - Informational 7 - Debugging
JSON STUFF
JSON CURLY BRACKET = OBJECTS, SQUARE BRACKET = ARRAY
OSPF/IS-IS
EIGRP
RIP
COST / METRIC
OSPF/IS-IS uses bandwidth,
RIP uses hop count
EIGRP uses the lowest segment BW and the sum of segment delays in calculating the metric. EIGRP supports load balancing over equal-cost and unequal cost paths.
MTU
MTU – Maximum length of frames that can be accepted by devices along the data route.
VMM (Virtual Machine Monitor)
VMM (Virtual Machine Monitor) – AKA Hypervisor.
Pharming
Pharming – is the use of a legitimate service to redirect users to a malicious or compromised site.
VLAN 0
Used by IP Phones
Standard ACL
Standard ACL = CLOSEST TO DESTINATION
1 - 99
1300 – 1999
Extended ACL
Extended ACL = CLOSEST TO SOURCE
100-199
2000-2699
REST
REST = Northbound API which uses HTTP/HTTPS. It returns data in XML or JSON. Communicates with application plane
OSGI
OSGI is a java based Northbound API. Communicates with application plane
The CAM table
The CAM table is used by an SW to discover relationships between OSI layer 2 address of a device and physical port used to reach the device.
FIB Table
FIB Table – contains all prefixes from the IP routing table. Uses CEF and implemented in Layer 3 capable SW.
Adjacency Table
Adjacency Table – maintains the L2 addressing info for the FIB
ARP table
ARP table – contains L3 and L2 translations.
WLC QOS TYPES
Platinum QOS = VoIP,
Gold QoS = Video,
Silver QoS “Best effort” and a default level when you configure a WLAN.
Bronze QOS = lowest bandwidth and is used for guest services on a Cisco WLAN.
WLC Layer 2 Security
None - disables L2 security
WPA+WPA2 -
802.1x - uses EAP combined with WEP
Static WEP - uses static shared WEP key
Static WEP + 802.1x - Either static shared WEP key or EAP
CKIP - Cisco Key Integrity Protocol
NONE+ EAP Passthrough - Open Authentication with EAP
WLC Layer 3 Security
None
IPSec
VPN Pass-Through - for WLANS allowing the client to establish a connection to a specific route
Web Authentication - For guest LANs by prompting UN + PW
Web Passthrough - Enables Direct Access to the network for Guest LANS
802.11 MAC FRAME FORMAT
FC - DUR - ADD1 - ADD2 - ADD3 - SEQ - ADD4 - DATA - FCS
ADD4 used for AP
WLC Dynamic Interfaces:
WLC Dynamic Interfaces: used for user-defined and client data.
WLC can use static and dynamic interfaces. It can also contain up to four types of static interfaces, the management, AP-manager, virtual and the service port interfaces.
WLC can have up to 512 Dynamic interfaces.
Management interface (Static Interface)
Management interface (Static Interface) used for management info, it uses L2 LWAPP between the controller and the lightweight Aps.
The service port interface (Static interface)
The service port interface (Static interface) is used for maintenance purposes on a WLC.
Physical interface that can be used to recover the WLC in an event of a failure.
IPv6 Static Routes
Three Types
Directly attached static routes - specifies the destination IPv6 network and outbound interface
Recursive static routes - Specifies the destination IPv6 Network and the IPv6 next-hop address only. Router assumes the outbound interface to be the interface to which the next hop is either directly or indirectly connected.
Floating static routes - Backup route
