BOSON Notes

Question 1

DAI

Answer 1

DAI – helps mitigate ARP poisoning attacks (AKA ARP spoofing attack).
DAI inspects traffic on ingress ports to ensure that incoming traffic does not contain any ARP reply packs from host computers.

Question 2

IPv6 Address Types

Answer 2

2000::/3 – global aggregatable unicast address
FC00::/8 FD00::/8 – unicast site-local address
FF00::/8 – multicast address
FF01::/16 - node-local
FF02::/16 - link-local
FF05::/16 - unique-local / site-local

FF05::1 – site-local multicast used to send packet to all nodes in a site
FF05::2 – site-local multicast used to send packets to all routers in a site

FF08::/16 - organization-local
FF0E::/16 - global

Question 3

Multicast Address

Answer 3

224. 0.0.1 - FF02::1 - All hosts
225. 0.0.2 - FF02::2 - All routers
226. 0.0.5 - FF02::5 - All OSPF routers
227. 0.0.6 - FF02::6 - All OSPF DRs
228. 0.0.9 - FF02::9 - All RIP Routers except RIP1
229. 0.0.10 - FF02::10 - All EIGRP Routers

Question 4

GRE

Answer 4

GRE provides broadcast and multicast packet encapsulation.

GRE can tunnel traffic from one network to another without requiring the transport network to support the network protocols in use at the tunnel source or tunnel destination,

IPSec can only transport IP traffic.

Question 5

EtherChannel

Answer 5

EtherChannel can aggregate up to eight active SW ports in the bundle that forms the logical link between switches.

Must be configured with the same speed and duplex settings.

In PAgP the desirable keyword means actively negotiate, auto keyword configures the channel to listen.

In LACP the active keyword means actively negotiate and the passive keyword means to listen for LACP negotiation to be offered.

802.3ad

Question 6

SDN

Answer 6

In a controller-based network, a centralized controller connects to the application plane by using northbound API, it will communicate to this plane by using REST or Java Open Service Gateway Initiative (OSGI).

A centralized controller connects to the data plane by using a southbound API (NETCONF, OpenFlow, OpFlex, OnePK).

L2 + L3 SW operates in the data plane.

Question 7

controller based network, such as SDN

Answer 7

In a controller-based network, such as SDN, the control plane is centralized. It is responsible for network decision-making in both the controller-based network and a traditional network.

In a controller-based network, the decision-making logic is either moved to a central controller or monitored by a central controller.

Question 8

Northbound API

Answer 8

Northbound API – SDN controller to communicate with applications in the application plane.

Question 9

Southbound API

Answer 9

Southbound API – SDN controller to communicate with devices in the data plane. (EDGE DEVICES)

NETCONF, OnePK, OpFlex = Southbound API. Used to communicate with the data plane.

Question 10

management plane

Answer 10

management plane consists of network management protocols (Telnet, SSH, SNMP, SYSLOG), which allow an admin to connect to and manage a network device.

Question 11

GLBP

Answer 11

GLBP allows us to config multiple routers as a GLBP group, the routers in the group receive traffic sent to a virtual IP address that is configured for the group.

GLBP is a cisco proprietary FHRP

Each GLBP group contains an active virtual gateway (AVG) which is elected based on the highest priority value, or with the highest IP address.

Maximum of four primary AVF (Active Virtual Forwarder) can participate in forwarding traffic.

GLBP MAC = 0007.B400.xxyy

Question 12

HSRP

Answer 12

HSRP – can be used to provide backup router coverage. One virtual ip and mac can be used.

Cisco Proprietary

Multiple routers are assigned to an HSRP group, and the routers function as a single gateway.

HSRP group contains one active router and one standby router.

HSRPv1 = 0000.0C07.AC0B

HSRP v2 = 0000.0C9F.F00A,

HSRP v3 IPv6 MAC = 0005.73A0.0000,

Question 13

VRRP

Answer 13

VRRP – Routers assigned to a VRRP group, the group functions as a single gateway for clients.

A VRRP group has one master router, all others are backup routers.

A MAC address is used to identify VRRP group to clients.

VRRP MAC = 0007.5E00.01xx

Question 14

RC4

Answer 14

RC4 – is a stream cipher encryption used in WEP

Question 15

TKIP

Answer 15

TKIP – used to provide MIC (Message Integrity Checks) and encryption in the WPA protocol.

Question 16

OSPF broadcast

Answer 16

OSPF broadcast network type is enabled by default on FDDI and ethernet interfaces, including FE and GE interfaces.

DR/BDR election is performed

Hello Dead 10/40

Question 17

OSPF nonbroadcast

Answer 17

OSPF nonbroadcast network type is enabled by default on Frame Relay and X.25.

DR/BDR election is performed

Hello/Dead 30/120

Question 18

OSPF Point-Point network

Answer 18

OSPF Point-Point network type is enabled by default on HDLC (High-level Data Link Control) and PPP serial interfaces.

DR and BDR elections not performed.

Hello Dead 10/40

Question 19

OSPF point-to-multipoint

Answer 19

OSPF point-to-multipoint network (Multicast updates are sent)

DR/BDR election is NOT performed

hello / dead 30/120.

Question 20

OSPF point to multipoint nonbroadcast

Answer 20

OSPF point to multipoint nonbroadcast networks (do not allow multicast). The neighbor command is required to establish adjacencies.

Hello and dead is 30/120

Question 21

Ethernet links

Answer 21

Ethernet links are 10 Mbps,
FE Links are 100 Mbps,
GE links are 1000 Mbps

Question 22

CDP/LLDP advertisements / retention

Answer 22

LLDP advertisements are sent every 30 seconds, LLDP info will be retained for 120 seconds on a Cisco Switch.

CDP sends advertisements every 60 seconds,, it can also provide VTP (VLAN Trunking Protocol) where as LLDP cannot.

Question 23

DTP stuff

Answer 23

DTP has Auto and Desirable. Auto operates in access mode unless the neighboring interface actively negotiates to operate as trunk.

Desirable operates in access mode unless it can actively negotiate a trunk connection with a neighboring interface.

switchport nonegotiate DTP is disabled.

By default, DTP is automatic on Cisco switches.

DTP uses native VLAN to negotiate a trunk link.
Manually configured trunk and access ports will automatically disable DTP.

Question 24

WRED (Weighted Random Early Detection)

Answer 24

WRED (Weighted Random Early Detection) – congestion avoidance mechanism that allows packet loss caused by tail drop, which occurs when new incoming packets are dropped because a rotuers queues are too full to accept.

Taildrop effects TCP, as when packets are dropped TCP must retransmit.

Question 25

lightweight AP

Answer 25

In a split-MAC deployment a lightweight AP is responsible for prioritizing packets and responding to beacon and probe requests.

WLC handles tasks that are not time-sensitive, such as security management, lightweight AP configuration management, and client load balancing.

WLC is also responsible for client association requests, data encapsulation, client authentication, key exchange, security policy enforcement, and RF management.

Question 26

Spanning-tree root guard

Answer 26

Spanning-tree root guard – prevent the new SW from being elected to root.

When STP is used, the device with the lowest priority is elected root. Applied on per-port basis.

Question 27

PortFast

Answer 27

PortFast is a feature that provides immediate accessibility to the network for edge ports, such as access ports that are connected to end-user workstations.

It allows faster connectivity for hosts connected to an access-layer SW port. It skips the listening and learning states

Question 28

Loop Guard

Answer 28

The loop guard feature prevents non-designated ports from accidentally forming bridging loops if the steady flow of BPDU is interrupted.

Question 29

BPDU guard

Answer 29

BPDU guard is used to disable ports that incorrectly receive BPDUs.

It is applied to edge ports that have PortFast enabled.

BPDUs is a data message transmitted across a LAN SW to detect loops in a network. (Contains info on STP)

Question 30

Power policing

Answer 30

Power policing is a cisco feature that enables a SW to monitor the current draw of connected devices and take action if the draw exceeds the amount allocated.

The power inline police command from config mode enables the default settings. It will generate a message to console and err-disable the port, effectively shutting it down.

Question 31

MAC spoofing

Answer 31

MAC spoofing – uses the MAC address of another known host on the network in order to bypass port security measures. Can be used to impersonate

Question 32

MAC Flooding

Answer 32

MAC Flooding - intention of overwhelming the switch’s MAC address table.

SW will not be able to make intelligent decisions and all traffic is flooded. AKA CAM table overflow attack (Content Addressable Memory)

Question 33

ARP poisoning aka ARP spoofing

Answer 33

ARP poisoning aka ARP spoofing – DAI mitigates arp poisoning.

Gratuitous ARP message is sent to host, the GARP message associated the attacker’s MAC address with the IP of a valid host on the network.

Question 34

VLAN Hopping attack

Answer 34

VLAN Hopping attack – Attacker attempts to inject packets into other VLANs by accessing the VLAN trunk and double tagging 802.1Q frames.

DISABLE DTP to mitigate

Question 35

SDN Stuff

Answer 35

Overlay - Creates VXLAN tunnels between SDA SWs

Underlay - Collection of devices that comprises the IP network that connects to each fabric node.

Fabrics - Entirety of the overlay network and the underlay network.

NorthBound API - SDN controller to communicate with applications in the application plane.

SouthBound API - SDN controller communicates with devices in the data plane.

Question 36

SYSLOG LEVELS

Answer 36

0 - Emergencies
1 - Alerts 
2- Critical 
3 - Errors
4 - Warnings
5 - Notifications
6 - Informational
7 - Debugging

Question 37

JSON STUFF

Answer 37

JSON CURLY BRACKET = OBJECTS, SQUARE BRACKET = ARRAY

Question 38

OSPF/IS-IS
EIGRP
RIP

COST / METRIC

Answer 38

OSPF/IS-IS uses bandwidth,

RIP uses hop count

EIGRP uses the lowest segment BW and the sum of segment delays in calculating the metric. EIGRP supports load balancing over equal-cost and unequal cost paths.

Question 39

MTU

Answer 39

MTU – Maximum length of frames that can be accepted by devices along the data route.

Question 40

VMM (Virtual Machine Monitor)

Answer 40

VMM (Virtual Machine Monitor) – AKA Hypervisor.

Question 41

Pharming

Answer 41

Pharming – is the use of a legitimate service to redirect users to a malicious or compromised site.

Question 42

VLAN 0

Answer 42

Used by IP Phones

Question 43

Standard ACL

Answer 43

Standard ACL = CLOSEST TO DESTINATION
1 - 99
1300 – 1999

Question 44

Extended ACL

Answer 44

Extended ACL = CLOSEST TO SOURCE
100-199
2000-2699

Question 45

REST

Answer 45

REST = Northbound API which uses HTTP/HTTPS. It returns data in XML or JSON. Communicates with application plane

Question 46

OSGI

Answer 46

OSGI is a java based Northbound API. Communicates with application plane

Question 47

The CAM table

Answer 47

The CAM table is used by an SW to discover relationships between OSI layer 2 address of a device and physical port used to reach the device.

Question 48

FIB Table

Answer 48

FIB Table – contains all prefixes from the IP routing table. Uses CEF and implemented in Layer 3 capable SW.

Question 49

Adjacency Table

Answer 49

Adjacency Table – maintains the L2 addressing info for the FIB

Question 50

ARP table

Answer 50

ARP table – contains L3 and L2 translations.

Question 51

WLC QOS TYPES

Answer 51

Platinum QOS = VoIP,

Gold QoS = Video,

Silver QoS “Best effort” and a default level when you configure a WLAN.

Bronze QOS = lowest bandwidth and is used for guest services on a Cisco WLAN.

Question 52

WLC Layer 2 Security

Answer 52

None - disables L2 security
WPA+WPA2 -
802.1x - uses EAP combined with WEP
Static WEP - uses static shared WEP key
Static WEP + 802.1x - Either static shared WEP key or EAP
CKIP - Cisco Key Integrity Protocol
NONE+ EAP Passthrough - Open Authentication with EAP

Question 53

WLC Layer 3 Security

Answer 53

None

IPSec

VPN Pass-Through - for WLANS allowing the client to establish a connection to a specific route

Web Authentication - For guest LANs by prompting UN + PW

Web Passthrough - Enables Direct Access to the network for Guest LANS

Question 54

802.11 MAC FRAME FORMAT

Answer 54

FC - DUR - ADD1 - ADD2 - ADD3 - SEQ - ADD4 - DATA - FCS

ADD4 used for AP

Question 55

WLC Dynamic Interfaces:

Answer 55

WLC Dynamic Interfaces: used for user-defined and client data.

WLC can use static and dynamic interfaces. It can also contain up to four types of static interfaces, the management, AP-manager, virtual and the service port interfaces.

WLC can have up to 512 Dynamic interfaces.

Question 56

Management interface (Static Interface)

Answer 56

Management interface (Static Interface) used for management info, it uses L2 LWAPP between the controller and the lightweight Aps.

Question 57

The service port interface (Static interface)

Answer 57

The service port interface (Static interface) is used for maintenance purposes on a WLC.

Physical interface that can be used to recover the WLC in an event of a failure.

Question 58

IPv6 Static Routes

Three Types

Answer 58

Directly attached static routes - specifies the destination IPv6 network and outbound interface

Recursive static routes - Specifies the destination IPv6 Network and the IPv6 next-hop address only. Router assumes the outbound interface to be the interface to which the next hop is either directly or indirectly connected.

Floating static routes - Backup route