Ch 15: IP Services Flashcards
NTP uses the concept of ________ to calculate the accuracy of the time source.
- administrative distance
- stratum
- atomic half-life
- deviation time
2.
NTP uses the stratum to measure the number of hops a device is from a time source to provide a sense of time accuracy.
T/F: An NTP client can be configured with multiple NTP servers and can
synchronize its local clock with all the servers.
False.
An NTP client can be configured with multiple NTP servers but can synchronize its time with only one active NTP server. Only during failure does the NTP client use a different NTP server.
In a resilient network topology, first-hop redundancy protocols (FHRP) overcome the limitations of which of the following? (Choose two.)
- Static default routes
- Link-state routing protocols
- Vector-based routing protocols
- A computer with only one default gateway
1 and 4.
A first-hop redundancy protocol creates a virtual IP address for a default gateway, and this address can be used by computers or devices that only have a static default route.
Which of the following FHRPs are considered Cisco proprietary? (Choose two.)
a. VRRP
b. HSRP
c. GLBP
d. ODR
B and C.
HSRP and GLBP are Cisco proprietary FHRPs.
Hot Spare Redundancy Protocol, Gateway Load Balancing Protocol are First Hop Redundancy Protocols.
Which of the following commands defines the HSRP instance 1 with a VIP gateway instance 10.1.1.1?
- standby 1 ip 10.1.1.1
- hsrp 1 ip 10.1.1.1
- hsrp 1 vip 10.1.1.1
- hsrp 1 10.1.1.1
1.
The HSRP VIP gateway instance is defined with the command:
- standby instance-id ip vip-address
Which of the following FHRPs supports load balancing?
a. ODR
b. VRRP
c. HSRP
d. GLBP
D.
Gateway Load Balancing Protocol provides load-balancing support to multiple AVFs (Active Virtual Forwarders).
Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality.
In addition to being able to set priorities on different gateway routers, GLBP allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. Thus, by default, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router. By default, GLBP load balances in round-robin fashion.
Which command displays the translation table on a router?
- show ip translations
- show ip xlate
- show xlate
- show ip nat translations
D.
The command show ip nat translations displays the active translation table on a NAT device.
A router connects multiple private networks in the 10.0.0.0/8 network range to the Internet. A user’s IP address of 10.1.1.1 is considered the __________ IP address.
- inside local
- inside global
- outside local
- outside global
1.
The router would be using a form of inside NAT, and the 10.1.1.1 IP address is the inside local IP address; the IP address that a server on the Internet would use for return traffic is the inside global address.
The IP translation table times out and clears dynamic TCP connection entries from the translation table after how long?
- 1 hour
- 4 hours
- 12 hours
- 24 hours
The default NAT timeout is 24 hours.
NTP is a UDP-based protocol that connects with servers on port ___. The client source port is ___.
NTP is a UDP-based protocol that connects with servers on port 123. The client source port is dynamic.
NTP servers that are directly attached to an authoritative time source are stratum _____ servers.
NTP uses the concept of stratums to identify the accuracy of the time clock source. NTP servers that are directly attached to an authoritative time source are stratum 1 servers. An NTP client that queries a stratum 1 server is considered a stratum 2 client. The higher the stratum, the greater the chance of deviation in time from the authoritative time source due to the number of time drifts between the NTP stratums.
Figure 15-1 demonstrates the concept of stratums, with R1 attached to an atomic clock and considered a stratum 1 server. R2 is configured to query R1, so it is considered a stratum 2 client. R3 is configured to query R2, so it is considered a stratum 3 client. This could continue until stratum 15. Notice that R4 is configured to query R1 over multiple hops, and it is therefore considered a stratum 2 client.
What is the command to configure a Cisco device as an NTP client?
The configuration of an NTP client is pretty straightforward. The client configuration uses the global configuration command:
- ntp server ip-address [prefer] [source interface-id].
The source interface, which is optional, is used to stipulate the source IP address for queries for that server. Multiple NTP servers can be configured for redundancy, and adding the optional prefer keyword indicates which NTP server time synchronization should come from.
What is the command to set the stratum number for a Cisco device acting as an NTP server?
The command to statically set the stratum for a device when it acts as an NTP server is:
- ntp master stratum-number
What is the command to view NTP on a Cisco device to see the frequency and precision of the clock?
To view the status of NTP service, use the command show ntp status, which has the following output:
- Whether the hardware clock is synchronized to the software clock (that is, whether the clock resets during power reset), the stratum reference of the local device, and the reference clock identifier (local or IP address)
- The frequency and precision of the clock
- The NTP uptime and granularity
- The reference time
- The clock offset and delay between the client and the lower-level stratum server
- Root dispersion (that is, the calculated error of the actual clock attached to the atomic clock) and peer dispersion (that is, the root dispersion plus the estimated time to reach the root NTP server)
- NTP loopfilter (which is beyond the scope of this book)
- Polling interval and time since last update
NTP status is shown in Example 15-2.
What does the command show ntp associations reveal?
A streamlined version of the NTP server status and delay is provided with the command show ntp associations.
The address 127.127.1.1 reflects to the local device when configured with the ntp master stratum-number command.
Example 15-3 shows the NTP associations for R1, R2, and R3.
T/F: An NTP client can be configured with multiple NTP servers.
True.
The device will use only the NTP server with the lowest stratum. The top portion of Figure 15-2 shows R4 with two NTP sessions: one session with R1 and another with R3.
In the topology shown in Figure 15-2, R4 will always use R1 for synchronizing its time because it is a stratum 1 server. If R2 crashes, as shown at the bottom of Figure 15-2, preventing R4 from reaching R1, it synchronizes with R3’s time (which may or may not be different due to time drift) and turns into a stratum 4 time device. When R2 recovers, R4 synchronizes with R1 and becomes a stratum 2 device again.
What is the command to configure an NTP peer?
NTP peers are configured with the command ntp peer ip-address.
Example 15-4 shows the sample NTP peer configuration for R1 and R2 (refer to Figure 15-3) peering with their loopback interfaces.
T/F: NTP peers act as clients and servers to each other, in the sense that they try to blend their time to each other.
True.
NTP peers act as clients and servers to each other, in the sense that they try to blend their time to each other. The NTP peer model is intended for designs where other devices can act as backup devices for each other and use different primary reference sources.
Figure 15-3 shows a scenario where R1 is an NTP client to 100.64.1.1, and R2 is an NTP client to 100.64.2.2. R1 and R2 are NTP peers with each other, so they query each other and move their time toward each other.
What is the command to track routes in the routing table?
What is the command to view the status of a specific object tracking?
Tracking of routes in the routing table is accomplished with the command:
- track object-number ip route route/prefix-length reachability.
The status of an object tracking can be viewed with the command:
- show track [object-number].
How can you automatically react to a route change? For example this is useful with FHRPs.
FHRPs are deployed in a network for reliability and high availability to ensure load balancing and failover capability in case of a router failover. To ensure optimal traffic flow when a WAN link goes down, it would be nice to be able to determine the availability of routes or the interface state to which FHRP route traffic is directed.
Object tracking offers a flexible and customizable mechanism for linking with FHRPs and other routing components (for example, conditional installation of a static route). With this feature, users can track specific objects in the network and take necessary action when any object’s state change affects network traffic.
What is the command to track the line protocol state of an interface?
Tracking of an interface’s line protocol state is accomplished with the command:
- track object-number interface interface-id line-protocol.
What is the command to show tracking of all states?
show track
What is HSRP?
Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol that provides transparent failover of the first-hop device, which typically acts as a gateway to the hosts.
HSRP provides routing redundancy for IP hosts on an Ethernet network configured with a default gateway IP address. A minimum of two devices are required to enable HSRP.
One device acts as the active device and takes care of forwarding the packets, and the other acts as a standby that is ready to take over the role of active device in the event of a failure.
T/F: In an HSRP pair, the active router receives and routes the packets destined for the virtual MAC address of the group.
True.
On a network segment, a virtual IP address is configured on each HSRP-enabled interface that belongs to the same HSRP group. HSRP selects one of the interfaces to act as the HSRP active router. Along with the virtual IP address, a virtual MAC address is assigned for the group. The active router receives and routes the packets destined for the virtual MAC address of the group.
T/F: HSRP-enabled interfaces send and receive multicast UDP-based hello messages to detect any failure.
True.
HSRP-enabled interfaces send and receive multicast UDP-based hello messages to detect any failure and designate active and standby routers.
If a standby device does not receive a hello message or the active device fails to send a hello message, the standby device with the second highest priority becomes HSRP active.
The transition of HSRP active between the devices is transparent to all hosts on the segment because the MAC address moves with the virtual IP address.
These are the steps to configure HSRP. Put them in the correct order.
- standby instance-id authentication {text-password | text text-password | md5 {key-chain key-chain | key-string key-string}} (Optional)
- standby instance-id mac-address mac-address (Optional)
- standby instance-id preempt (Optional)
- standby instance-id ip vip-address
- standby instance-id timers {seconds | msec milliseconds} (Optional)
- standby instance-id priority priority (Optional)
The proper order is: 4, 3, 6, 2, 5, 1. Like this:
- Define the HSRP instance by using the command standby instance-id ip vip-address
- (Optional) Configure HSRP router preemption to allow a more preferred router to take the active router status from an inferior active HSRP router. Enable preemption with the command standby instance-id preempt.
- (Optional) Define the HSRP priority by using the command standby instance-id priority priority. The priority is a value between 0 and 255. Default value is 100.
- Define the HSRP MAC Address (Optional). The MAC address can be set with the command standby instance-id mac-address mac-address. Most organizations accept the automatically generated MAC address, but in some migration scenarios, the MAC address needs to be statically set to ease transitions when the hosts may have a different MAC address in their ARP table.
- (Optional) Define the HSRP timers by using the command standby instance-id timers {seconds | msec milliseconds}. HSRP can poll in intervals of 1 to 254 seconds or 15 to 999 milliseconds.
- Step 6. (Optional) Establish HSRP authentication by using the command standby instance-id authentication {text-password | text text-password | md5 {key-chain key-chain | key-string key-string}}.
T/F: It is possible to load balance traffic across an HSRP pair. If so, how? If not, why not?
True. It is possible, sort of.
It is possible to create multiple HSRP instances for the same interface. Some network architects configure half of the hosts for one instance and the other half of the hosts for a second instance.
Setting different priorities for each instance makes it possible to load balance the traffic across multiple routers. Crude but functional!
What is the command to view HSRP status?
The HSRP status can be viewed with the command:
- show standby [interface-id] [brief].
- Specifying an interface restricts the output to a specific interface; this can be useful when troubleshooting large amounts of information.
Example 15-10 shows the command show standby brief being run on SW2, which includes the interfaces and the associated groups that are running HSRP. The output also includes the local interface’s priority, whether preemption is enabled, the current state, the active speaker’s address, the standby speaker’s address, and the VIP gateway instance for that standby group.
What are the commands needed to configure a basic HSRP configuration for VLAN 10 on SW2 and SW3 with an HSRP instance 10 and the VIP gateway instance 172.16.10.1?
Assume there are no SVIs on the VLANs. Use .2 and .3.
SW2:
- SW2# configure terminal
- SW2(config)# interface vlan 10
- SW2(config-if)# ip address 172.16.10.2 255.255.255.0
- SW2(config-if)# standby 10 ip 172.16.10.1
- SW2(config-if)# standby 10 preempt
SW3:
- SW3# configure terminal
- SW3(config)# interface vlan 10
- SW3(config-if)# ip address 172.16.10.3 255.255.255.0
- SW3(config-if)# standby 10 ip 172.16.10.1
- SW1(config-if)# standby 10 preempt
Example 15-9 shows a basic HSRP configuration for VLAN 10 on SW1 and SW2, using the HSRP instance 10 and the VIP gateway instance 172.16.10.1. Notice in the attached image that once preemption was enabled, that SW3 became the active speaker, and SW2 became the standby speaker.
What is the command to show the number of state changes for an HSRP instance?
The non-brief iteration of the show standby command also includes the number of state changes for the HSRP instance, along with the time since the last state change, the timers, and a group name, as shown in Example 15-11.
What are the commands to configure:
- Configure a tracked object to SW2’s WAN link (in this example, VL1).
- Make SW2’s priority higher than SW3’s (use 110, which is higher than the default value of 100)
- Note: Higher priority takes precedence.
- Configure SW2 to lower the priority if the tracked object state changes to down.
3: This is accomplished with the command standby instance-id track object-id decrement decrement-value. The decrement value should be high enough so that when it is removed from the priority, the value is lower than that of the other HSRP router.
This configuration is accomplished as follows:
Example 15-12 shows the configuration of SW2 where a tracked object is created against VLAN 1’s interface line protocol, increasing the HSRP priority to 110, and linking HSRP to the tracked object so that the priority decrements by 20 if interface VLAN 1 goes down.
see the following VRRP configuration example on the answer side of this card.
R2 and R3 are two routes that share a connection to a Layer 2 switch with their Gi0/0 interfaces, which both are on the 172.16.20.0/24 network. R2 and R3 use VRRP to create the VIP gateway 172.16.20.1.
Example 15-15 shows the configuration. Notice that after the VIP is assigned to R3, R3 preempts R2 and becomes the master.
What is the command to view the VRRP group?
The command show vrrp [brief] provides an update on the VRRP group, along with other relevant information for troubleshooting.
Example 15-16 demonstrates the brief iteration of the command. All the output is very similar to output with HSRP.
What is the command to show detailed info on a VRRP configuration?
show vrrp
In GLBP, what are the commands to set the weight of VL30 to 20 on SW2 and 80 on SW3 so that SW2 receives 20% of the traffic and SW3 receives 80% of the traffic?
Example 15-23 shows how to change the load balancing to weighted and setting the weight to 20 on SW2 and 80 on SW3 so that SW2 receives 20% of the traffic and SW3 receives 80% of the traffic.
What command will show a summary of the TCP sessions on a router?
When you are logged in to a router, the command show tcp brief displays the source IP address and port, along with the destination IP address and port.
In the attached example, the local IP address reflects R1 (10.123.4.1), and the remote address is R7 (10.78.9.7). These IP addresses match expectations, and therefore no NAT has occurred on R5 for this Telnet session.
T/F: The NAT translation table consists of static and dynamic entries.
True.
The NAT translation table consists of static and dynamic entries. The NAT translation table is displayed with the command show ip nat translations.
Example 15-30 shows R5’s NAT translation table after R7 initiated a Telnet session to R1. There are two entries:
The first entry is the dynamic entry correlating to the Telnet session. The inside global, inside local, outside local, and outside global fields all contain values. Notice that the ports in this entry correlate with the ports in Example 15-29.
The second entry is the inside static NAT entry that was configured. Example 15-30 NAT Translation Table for Inside Static NAT
Write the commands to:
- Create a NAT pool with the IP addresses 10.45.1.10/24 and 10.45.1.11/24.
- Create a named ACL, ACL-NAT-CAPABLE which allows only packets sourced from the 10.78.9.0/24 network to be eligible for pooled NAT.
- G0/0 is the outside interface.
- G0/1 is the inside interface.
Example 15-35 shows a sample configuration for inside pooled NAT.
This example uses a NAT pool with the IP addresses 10.45.1.10 and 10.45.1.11.
A standard named ACL, ACL-NAT-CAPABLE, allows only packets sourced from the 10.78.9.0/24 network to be eligible for pooled NAT.
Write the commands to:
- Configure an inside Static NAT configuration, where packets sourced from R7 (10.78.9.7) appear as if they came from 10.45.1.7.
- G0/1 is the inside interface
- G0/0 is the outside interface
Example 15-28 shows the inside static NAT configuration on R5, where packets sourced from R7 (10.78.9.7) appear as if they came from 10.45.1.7.
Write the config to:
- Allow network traffic sourced from the 10.78.9.0/24 network to be translated to R5’s Gi0/0 interface (10.45.1.5) IP address
- Create a named ACL, ACL-NAT-CAPABLE
- G0/0 is the outside interface
- G0/1 is the inside interface
Example 15-41 demonstrates R5’s PAT configuration, which allows network traffic sourced from the 10.78.9.0/24 network to be translated to R5’s Gi0/0 interface (10.45.1.5) IP address.
