CCNA 21 to 41 Flashcards
ARIN
American Registry for Internet Numbers
ARIN is a nonprofit, member-based organization that administers IP addresses & ASNs in support of the operation and growth of the Internet.
DMVPN
Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software solution for building scalable IPsec Virtual Private Networks (VPNs). Cisco DMVPN uses a centralized architecture to provide easier implementation and management for deployments that require granular access controls for diverse user communities, including mobile workers, telecommuters, and extranet users.
DMVPN depends on two protocols
- MGRE- multi point generic routing encapsulation
- NHRP- Next hop resolution protocol
VLSM
Variable Length Subnet Masking–
“subnetting subnets,” which means that VLSM allows network engineers to divide an IP address space into a hierarchy of subnets of different sizes, making it possible to create subnets with very different host counts without wasting large numbers of addresses
CIDR
Classless Indomain Routing- Number of binary ones in the subnet mask
Route Summarization
a method where we create one summary route that represent multiple networks/subnets. It’s also called route aggregation or supernetting. Summarization has a number of advantages: Saves memory: routing tables will be smaller which reduces memory requirements
IPv6
“hexadecimal notation” layer 3 addressing (same as IPv4) with greater address range
16 binary bits in each “hextet”
first 4 “hextet” = network
last 4 “hextet” = host
only uses CIDR notation
loopback interface
test interface IPv4 and IPv6
Binary- 0000…0001
loopback address= ::1/128
enable
conf t
interface loopback “0”
IPv6 Address
“Call home”
Link local address
Binary 1111 1110 10… (first ten)
IPv6 FE80::/10
Used for only local network communication
Generated using the MAC address, sliding it down the middle and add FFFE to the middle then “flip a bit” (invert the 7th bit) the add FE80:: to the beginning :D
EUI-64
Routers use for neighbor access/ communication of routes since this address is more stable
(Non routable IPs)
equivalent to 169.254.0.0/16 address (self assigned with the device is not able to obtain an address)
Can also have randomly assigned host bits*
Unspecified Address
Binary- 0000…0000
IPv6- ::/ 128
“I don’t have an address”
The unspecified address (0:0:0:0:0:0:0:0 or ::) is used only to indicate the absence of an address. It is equivalent to the IPv4 unspecified address of 0.0.0.0. The unspecified address is typically used as a source address when a unique address has not yet been determined.
Multicast Address
Binary 1111 1111 … (first eight)
IPv6 FF00::/8
“Broadcast” / multicast groups “Radio Channel”
**1 to many
One address group that multiply devices join
**OSPF broadcast address 224.0.0.5
How do you shorten an IPV6 address ?
1) You can Drop Leading Zeros.
2) You can replace running groups of zeros (once)
Example:
IPV6:2001:0010:000A:1001:0051:0000:0000:ZA11
Shorten: 2001:10:A:1001:51::ZA11
Unicast Address
A unicast address is an address that is assigned to a single interface. Unicast addressing is available in IPv4 and IPv6 and typically refers to a single sender or a single receiver, although it can be used in both sending and receiving
There are three kinds of Unicast addresses:
Global Unicast, Link Local and Unique local address
EUI-64
Ability of IPv6 to address
is a method we can use to automatically configure IPv6 host addresses. An IPv6 device will use the MAC address of its interface to generate a unique 64-bit interface ID.
Unique Local Address
Private IPv6 addresses
FC00::/7
equivalent to 10.0.0.0/ 8 private addresses
DAD
Duplicate Address Detection
Basic Service Set (BSS) and BSSID
Basic Service Set
The Basic Service Set is a group of devices (computers, printers, tablets) that communicate together within an 802.11 / wireless network. The BSS may or may not include AP (Access Point) which provide a connection to a wire network.
BSSID is the Mac address for APs
Basic Service Area (BSA)
The physical area of coverage provided by an access point in a BSS is known as the basic service area (BSA)
SSID
Service Set ID - Name of the wireless network
BSSID
Basic service set ID- used to identifier different WAPs in the same wireless network. Devices us this on the back end to determine which WAP to connect too.
Mesh Network
Wireless access points that project wireless connection to each other.
One is usually connected to a hard wire connection and the rest connect to each other wirelessly.
Roaming
One a device moves between wireless access points based on signal connection strength.
RSSI
RSSI stands for Received Signal Strength Indicator. It is an estimated measure of power level that a RF client device is receiving from an access point or router. At larger distances, the signal gets weaker and the wireless data rates get slower, leading to a lower overall data throughput.
Trunked / Tagged Ports
Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across the network.
802.1 Q TAG
The most common encapsulation method for VLAN tagging.
The process of modifying frames of data to include additional information. Add vlan tag to the frame.
Enable Conf t Interface fa0/1.10 Encapsulation dot1q 10 IP address x.x.x.x x.x.x.x
Access / Untagged Ports
An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN.
Access Control List (ACL)
ACL is an ordered list of rules used to filter traffic. Each rule states what’s permitted or what’s denied. When a packet attempts to enter or leave a router, it’s tested against each rule in the list — from first to last. If the packet matches a rule, its outcome is determined by the conditions of the statement: If the first rule the packet matches is a permit statement, it’s permitted; if it’s a deny statement, it’s denied.
Extended Service Set (ESS)
Describes multiple WAPs broadcasting the same SSID
Router-on-a-stick (ROAS)
is a feature that allows us to route packets to subnets associated with VLANs connected to a router 802.1Q trunk. It uses a router VLAN trunking configuration to give the router a logical interface connected to each VLAN.
Dynamic Trunking Protocol (DTP)
developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used. It works on Layer 2 of the OSI model.
( On by default )
What happens if two switches both have an enabled trunk port as Dynamic “Auto”?
nothing, both ports are passive and awaiting a connection.
What happens when one switch’s trunk port is dynamically configured as “Auto” and the other is “Desirable”?
A trunk connection is formed as ‘‘Auto’’ means the switch port is awaiting a connection/something to happen and ‘‘Desirable’’ connection means the switch would like to make a trunk connection.
Why would you want to enable NONEGOTIATE when manually configure a trunk port?
This stops the port from sending out DTP (Spanning tree messages) requests and enables the port that has been set to Trunk, to trunk quickly. (Faster)
Native VLAN
“Switch originated traffic”
Trunk ports should received traffic with tags. If the traffic does not have a tag, it is sent over the native VLAN/ by default the native VLAN is VLAN 1
Spanning-tree portfast
When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.
VLAN Trunking Protocol (VTP)
VTP is a way to automatically build VLANs (does not actually truck, however works over trunks)
Highest revision wins, so you have to be careful when adding a new switch ex lab switch
CAPWAP tunnel
CAPWAP (Control and Provisioning WAP)- tunnel from WAP to Light Weight controller where everything from the WAP goes to the controller and then the controller adds the traffic to the switch network/ vlans
This is where the term “Split Mac” comes from. The controller and the switch both preform functions with the Mac.
FHRP
First Hop Redundancy Protocol
(FHRP) is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of an active router, the backup router will take over the address
SVI
A Switched Virtual Interface (SVI) is routed interface in IOS representing the IP addressing space for particular VLAN connected to this interface. There is no physical interface for the VLAN and the SVI provides the Layer 3 processing for packets from all switch ports associated with the VLAN.
Command:
Interface vlan “x” - creates a layer 3 switch visual interface for ‘X’.
TLV Fields
Cisco Discovery Protocol (CDP) is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices
Type Length Values (TLVs) are blocks of information embedded in CDP advertisements which gives details like address, device-id,platform…
Spanning-Tree Protocol
Cuts redundant connections to prevent broadcast storms. Spanning-tree uses BPDUs to determine when a link is up or down. If a link goes down BPDU can detect it and bring up the redundant link.
Root Bridge should be the center of your network. With spanning-tree, the root is determined by the oldest switch.
- 1D (original stp standard, 30 to 50 seconds failover)
CISCO= Per VLAN spanning tree.
802.1w (Rapid Spanning-tree = two seconds failover)
Cisco= Per VLAN rapid Spanning-tree, can decide different root bridges per vlan (load balancing in a sense) has a separate instance of spanning-tree on each VLAN.
802.1s (Multiple Spanning-tree protocol)
Can also make different root bridges, instead of having a different instance of spanning tree, 802.1s is more efficient and allow one instance to group stp tasks.
Root Bridge ID
Center of the network:
Root Bridge ID election:
The switch will send out the bridge priority number and the Mac address using BPDU every two second for the bridge election.
priority+Mac = ID
** it is possible to change the priority number in order to elect your own switch.
Designated Port
Designated Port per segment, lower cost per segment wins.
Each segment has a single port that is used to reach the Root Bridge (Root Switch) called Designated Port. A Root Port can never be a Designated port.
Autonomous WAP vs Lightweight WAP
Autonomous WAP- function on its on, configured on its own.
vs
Lightweight WAP - configuration lives on the controller.
Root Port
Root Port is a single selected port on a Switch, other than Root Switch, with least Path Cost to reach the Root Bridge
What is the default bridge priority number?
32768
Every Bridge (Switch) Participating in a Spanning Tree Protocol network is assigned with a numerical value called Bridge Priority (Switch Priority) Value. By default, all Cisco Switches has a Bridge Priority (Switch Priority) value of 32,768.
Ether Channel
group redundant ports into a single connection. From spanning-tree’s perspective, this will look like one port channel.
This process is done with ASICs, ports need to be combined in even numbers and allows for load balancing. It’s important to note that 1GB + 1GB does not equal a 2GB connection.
Config modes:
On (Manual)= always on
Desirable / auto PAGP = on when configure correctly
Active/ Passive (LACP) = industry PAGP standard
LINK STATE ADVERTISEMENT (LSA)
LSA advertises cost and connections
LSA Type 1 Generated by every router, router generated by and directly connected networks
On broadcast network —-
LSA Type 2 (Network LSA ) Identifies network and mask and networks attached to it. Only generated by DR
All of this information is put into a link state data base
LSDB
The LSDB (Link State Database) is the database that OSPF builds and is based on the information that it has found in LSAs (Link State Advertisements). The LSDB is synchronized between routers within the same area.
OSPF
OSPF(Open shortest Path First)—Creates a link state advertisement (cost and connections) and uses this to determine the best path
Administrative distance 110
DBD
LSR
LSU
LSACK
Hello: neighbor discovery, build neighbor adjacencies and maintain them.
DBD: This packet is used to check if the LSDB between 2 routers is the same. The DBD is a summary of the LSDB.
LSR: Requests specific link-state records from an OSPF neighbor.
LSU: Sends specific link-state records that were requested. This packet is like an envelope with multiple LSAs in it.
LSAck: OSPF is a reliable protocol so we have a packet to acknowledge the others.
OSPF Path Cost Calculation
Connection - Cost
Always count outbound cost
Serial- 64
Gig Ethernet - 1
Fast Ethernet - 10
PSK
pre shared key
Mobility/ RF Group Name
Helps clients remain connected while moving through different APs
“AP to AP roaming capability”
An RF Group, also known as an RF domain, is a cluster of WLCs for which Radio Resource Management (RRM) calculations are done on a whole. RF Groups also help you to discover Rogue APs. An RF Group is formed dynamically.
Radius/ 802.1x
“WPA-ENR”
Allows authentication using domain credentials by forwarding the request to a radius server which checks the information against Active Directory
What is the IPv6 default route/ gateway of last resort
::/0
RIP
Distance Vector—Counts the hops in the path and uses the shortest each hop is the same length to RIP.
Wild Card Mask
0.0.0.0 = Zero equals include or “I care bit”
Wildcard masks are used to specify a range of network addresses. They are usually used with routing protocols (such as EIGRP and OSPF) and access lists.
Just like a subnet mask, a wildcard mask is 32 bits long. It is a sort of inverted subnet masks, with the zero bits indicating that the corresponding bit position must match the same bit position in the IP address.
D.R v B.D.R
Designated router is decided based on highest Router ID
Sends out broadcast of LSA
All routers measure from D.R
“backup DR”
DROTHER “routers that are not BDR or DR”
Administrative Distance
Default A.D
OSPF=110 RIP=120 Static Route=1 Directly connected interface=0 EIGRP= 90
Lower A.D shows up in the routing table
Metric
Cost of route
( lowest is better )
[AD* | Metric]
OSPF metric is cost
RIP metric is Hop count*
- Administrative Distance
- How many routers we have to go through to get to our destination
If a destination IP address matches multiple addresses in the routing table which entry is used by the router?
The entry with the longest IP address & mask match,
ie.. 192.168.1.1 R Table 192.168.0.0/16 192.168.0.0/22 192.168.0.0/24 192.168.0.0/30
Answer: 192.168.0.0/30
Destination IP address matches multiple addresses in the routing table which entree is used ?
The entry with the longest IP address mask
ie.. 192.168.1.1 R Table 192.168.0.0/16 192.168.0.0/22 192.168.0.0/24 192.168.0.0/30
Answer: 192.168.0.0/30
What are the different banners that could be configured on switches?
Login Banner
MOTD Banner
Exec Mode Banner
Global Unicast Address
Global Unicast/ Public IP address (Internet valid)
*All global Unicast addresses start with 2000::/3 the first three bits, 001 are the same.
Anycast Address
One address for many interfaces on different nodes, when you us an any cast address it can only send to one of the host in the group (it will go to the nearest instance of the any cast address)
WRED
Weighted Random Early Detection is a queueing discipline for a network scheduler suited for congestion avoidance. It is an extension to random early detection (RED) where a single queue may have several different sets of queue thresholds. Each threshold set is associated to a particular traffic class.
PAP
PAP provides a simple method for a remote node to establish its identity using a two-way handshake. After the PPP link establishment phase is complete, a username and password pair is repeatedly sent by the remote node across the link (in clear text) until authentication is acknowledged, or until the connection is terminated.
PAP is not a secure authentication protocol. Passwords are sent across the link in clear text and there is no protection from playback or trial-and-error attacks. The remote node is in control of the frequency and timing of the login attempts.
Cut Through
switching process does not allow switch to verify the frame check sequence in a frame before forwarding it to the destination
How do you clear the CDP count ?
“Clear CDP counters” privileged EXEC command is used to reset Cisco Discovery Protocol traffic counters to zero
Which port (tcp/ UDP) is used for DHCP?
UDP port 68 DHCP client
UDP port 67 DHCP server
