Boson Notes #2 Flashcards
OSPF Maximum equal cost paths
OSPF can insert a maximum of FOUR equal-cost paths into the routing table by default.
By using maximum-paths 8 command you can override this.
Lightweight AP in bridged mode
Lightweight AP in bridged mode acts as a dedicated connection between two networks.
Needs a WLC to operate.
FlexConnect ACLs
FlexConnect ACLs are supported on the native VLAN, it is configured on wireless AP VLAN interfaces if it is operating in FlexConnect mode.
FlexConnect ACLs are applied per AP per VLAN.
FlexConnect mode enables a failsafe for lightweight AP if it’s connected to the WLC if CAPWAP tunnels goes down.
Types of Fram Size
Giant Frame exceeds 1518 bytes,
baby giant is up to 1600 bytes,
jumbo frame is up to 9216 bytes
runt frame that is fewer than 64 bytes
Collison
Collison occurs when a packet must be reset because of an interruption that occurs before the 64th byte or 512th bit.
When two devices transmit data at the same time a collision occurs.
Collisions can be caused by duplex mismatch, malfunctioning devices, or too many nodes on a network segment.
CSMA/CD
CSMA/CD – both devices will wait a random amount before resending
Autonomous AP
Autonomous AP contains interfaces for both wireless and wired networks.
Cisco hierarchical network model
Cisco hierarchical network model
Three layers: Core, Distribution (aka aggregation layer), and access layer.
Core – low latency high reliability, network backbone, fast convergence, fastest switching path.
Distribution - router filtering and inter-VLAN routing, security policies, QoS, routing, summarization, net hop redundancy.
Access – media termination points for end devices. Provides access to the network, user authentication.
Puppet
Puppet – TCP 8140, uses HTTP, client/server architecture.
Chef
Chef – client/server architecture or stand-alone client.
Chef communicates on TCP 443, configs stores in cookbook.
Ansible
Ansible -uses SSH,
configs stored in playbooks that is written in YAML.
Salt
Salt – client/server architecture, requires TCP 4505 4506
uses Python.
802.1w
802.1w – RSTP includes PortFast, UpLinkFast, BackboneFast.
PortFast enables ports for immediate access to the network.
UpLinkFast increases convergence speed for access layer SW
BackboneFast increases convergence speed for SW that detects a failure on links that are not directly connected to the Sw.
802.1D
802.1D – traditional STP.
802.1s
802.1s – Multiple Spanning Tree (MST) – creates multiple spanning-tree instances on a network.
802.3ad
LACP
Cisco lightweight AP
Cisco lightweight AP – operating in local mode and provides BSS.
BSS is a closed group of wireless devices that are dependent on a fixed device.
BSS is also the default that requires WLC.
The connection between a Lightweight AP and a WLC uses CAPWAP.
Lightweight AP in bridge mode
Lightweight AP in bridge mode – Bridge mode enables LWAP to act as a dedicated connection between two networks.
Will form a mesh network of lightweight AP
MAC Multicast
01-00-5E-0F-0F-0F to
01-00-5E-7F-FF-FF
Feasible Distance
Feasible Distance – EIGRP term for best metric along a path to a destination.
Successor
Successor – best path to a destination network.
Feasible Successor
Feasible Successor – backup path that is guaranteed loop-free and be used of successor route goes down.
Advertised Distance (AD) – (aka Reported Distance RD)
Advertised Distance (AD) – (aka Reported Distance RD)
Metric that has been calculated by the next-hop router.
VPBX (Virtual Private Branch Exchange)
VPBX (Virtual Private Branch Exchange) used to route telephone calls
Encapsulation
Encapsulation: adding a VPN header and IP header to the packet.
IP SEC encryption process in site to site:
- sending device combines session key (encryption key/shared key)
- sending device encapsulates the encrypted data and session key into a packet with a VPN header and a new Ip header.
- sending deice sends the completed packet to the destination device.
- Destination/receiving device uses the same session key to decrypt.
Cisco IP phone COS Priority
Cisco IP phone COS Priority
0 lowest
7 highest
0 default
Beacons
Beacons are management frames that contain the SSID of a wireless network.
SNMPv3 Engine ID
SNMPv3 Engine ID - identifies SNMP server, it is used as a calculation process for authentication/hashes.
Engine ID must be created before you create a remote user on the SNMPv3 agent, this ID must match on both devices.
ATM (PPPoA)
ATM (PPPoA) – used to initiate a session with a DSL service provider
PPP frames are not encrypted.
RADIUS
RADIUS – only encrypts the password in access request packets; it does not encrypt the entire contents of the packet.
It combines AAA into a single function.
Port - 1812, 1813 TCP
TACACS+
TACACS+ - encrypts the entire content of the packets, provides more control for admins as it separates AAA.
Port 49 TCP
Cisco Proprietary
switchport port-security (xxxxxxxxxx)
switchport port-security violation – configs a SW port to discard traffic and increment violation counter
switchport port-security protect – configs a SW port to discard traffic that it receives from unauthorized hosts. Violation counter is not incremented.
switchport port-security shutdown – SW port will enter error-disabled state when the port received traffic from unauthorized hosts.
Southbound APIs
Used to communicate with the data plane
OnePK - Cisco Proprietary API
OpenFlow - uses an imperative SDN model
OpFlex - uses a declarative SDN model
NETCONF - uses XML and RPCs to configure network devices
Northbound APIs
Communicates with the application plane
REST - uses either XML or JSON format
OSGI (Open Service Gateway Initiative)
EIGRP Routing table
EIGRP Routing table contains only successors, which are the best next-hop routes to a destination.
EIGRP routers maintain a routing table, topology table, neighbor table.
The topology table contains successors and feasible successors.
The router table/topology table does not list successor or feasible successors, they are listed in the neighbor table.
Default-information originate
Default-information originate
configures OSPF to inject a router’s default external route into OSPF, as well as router becoming an ASBR (autonomous system boundary router)
WFB CBWFQ LLQ
WFB CBWFQ LLQ
mitigates BW starvation.
LLQ does strict priority queues that can be used for delay-sensitive traffic.
802.1X + CCKM
802.1X + CCKM – enables 802.1X clients to use Cisco Centralized Key Management (CCKM) to roam between AP without performing the 802.1x authentication process again.
Removed the need to re-authenticate with the RADIUS server.
CCKM (Cisco Centralized Key Management)
CCKM (Cisco Centralized Key Management)
a fast rekeying method that enables a wireless client to roam from one AP to another without the intervention of a WLC.
It is used to reduce delay when wireless clients transition between AP, so delay-sensitive services like VoIP operate smoothly
DAI
DAI – By default when DAI is configured, the ports will be configured as untrusted unless “TRUST” command is in place.
Default Routes
Default Routes – used to send packets that are destined for a location that is not listed elsewhere in the routing table.
Most specific routes will be used if multiple static routes are known.
CiscoWorks Wireless LAN Solution Edge (WLSE)
CiscoWorks Wireless LAN Solution Edge (WLSE) simplifies the management and deployment of WAPs in a Cisco Autonomous WLAN.
It can be installed to help automate the management and deployment of APs.
WLC
WLC – Provides wireless network management service in a wireless network.
WDS (Wireless Domain Services)
WDS (Wireless Domain Services) – Cisco IOS feature that can be installed on APs and used to enable those APs to interact with CiscoWorks WLSE.
Cisco Wireless Service Module (WiSM)
Cisco Wireless Service Module (WiSM) – WLC module that can be installed in a Catalyst 6500 SW or Cisco 7600 router.
WLC can have up to four static interfaces;
the management interface
the AP-manager interface
the virtual interface
the service port interface
AP-Manager interface on a WLC controls all L3 communications between a WLC and LWAP.
WLC Management interface – used for in-band management information. Used for all L2 LWAPP communications between the controller and the LWAP. Also used to communicate with other WLC on the network.
WLC Service port interface – used for maintenance purposes on a WLC. Used to recover WLC in the event of failure.
WLC Virtual Interface – provides specific IP that is the same across multiple controllers when wireless clients roam among the controllers.
metric
A metric is a measurable value that is assigned by the routing protocol to different routes based on the usefulness of that route.
In situations where there are multiple paths to the same remote network, the routing metrics are used to determine the overall “cost” of a path from source to destination
SW Forwarding Decisions
SW will use the destination MAC address to make forwarding decisions.
- searches Content Addressable Memory (CAM) table for a match, CAM aka Switching table.
- If MAC address is not found, the SW forwards the frame to all its ports except the port that it was received.
- If MAC address is found in the table, the SW forwards the frame to the appropriate port. The Source MAc address is also recorded if it did not exist in CAM table.
Spine + Leaf
Spine + Leaf :
Create a scalable network fabric for east-west data transfer.
Spine and leaf nodes do not interconnect with other spine and leaf nodes.
APICS are connected to one or more leaf nodes, as well as end point groups (EPG).
Neighbor Adjacencies (IPv6 Link-Local + OSPFv2)
IPv6 Link local (FE8) address used to form neighbor adjacencies,
OSPFv2 uses a multicast address to form neighbor adjacencies.
Anycast address
Anycast address
used to send packets to the closest device that is configured with the anycast address, ideal for load balancing as it uses the same address for multiple devices in a group.