Ch 24: Network Assurance Flashcards
What is the default Hello timer and Dead Interval for OSPF for these network types:
- Broadcast
- Non-broadcast
- Pt to Pt
- Pt to MultiPoint
The network types need to match in order to form adjacencies.
Write the commands to debug ip packets but only include packets to and from the subnet 192.168.14.0/24.
R4(config)# access-list 100 permit ip any 192.168.14.0 0.0.0.255
R4(config)# access-list 100 permit ip 192.168.14.0 0.0.0.255 any
R4# debug ip packet 100
This showcases the power of conditional debugging, This creates a standard access list to limit the messages to the console and filter solely on traffic to and from the 192.168.14.0/24 subnet.
logging buffer 7
logging buffer 100000
What do these commands accomplish?
This will set the logging level to the most verbose, sharing all debug level messages with syslog and setting the buffer size to 10000
What is the command to show the logging information stored locally.
show logging
This will show both the configuration and the stored logs.
What is the command to send the logs to a host at 192.168.14.100 and set the level to record errors and other events more serious than errors.
logging host 192.168.14.100
logging trap 3
This will record logging levels 0-3, emergencies, alerts, critrical, and errors.
NetFlow has two components that must be configured: ______________________ and ______________________.
NetFlow has two components that must be configured: NetFlow Data Capture and NetFlow Data Export.
NetFlow Data Capture captures the traffic statistics.
NetFlow Data Export exports the statistical data to a NetFlow collector, such as Cisco DNA Center or Cisco Prime Infrastructure.
What is a flow in NetFlow?
NetFlow collects traffic based on flows. A flow is a unidirectional traffic stream that contains a combination of the following key fields:
- Source IP address
- Destination IP address
- Source port number
- Destination port number
- Layer 3 protocol type
- Type of service (ToS)
- Input logical interface
What commands are required for configuring R1’s Ethernet0/1 interface for NetFlow Data Capture and exporting the data to the 192.168.14.100 collector?
R1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ip flow-export version 9
R1(config)# ip flow-export destination 192.168.14.100 9999
R1(config)# interface Ethernet0/1
R1(config-if)# ip flow ingress
R1(config-if)# ip flow egress
R1(config-if)# end
R1#
NOTE: 9999 = UDP port
What command will show the interfaces that are configured for NetFlow?
show ip flow interface - which shows the interfaces that are configured for NetFlow.
What command shows the destination for the NetFlow data to be exported to as well as statistics on the export, including any errors that may arise.
show ip flow export - command which shows the destination for the NetFlow data to be exported to as well as statistics on the export, including any errors that may arise.
What command shows the traffic flows that NetFlow is capturing/cacheing?
show ip cache flow - command shows the traffic flows that NetFlow is capturing.
What is the command to show the hosts using the most bandwidth?
show ip flow top-talkers
Another great option for NetFlow is being able to configure the top specified number of talkers on the network. A very useful and quick configuration allows you to gain a great snapshot of what is going on in a device from a flow perspective.
This view can be enabled by issuing the global configuration mode command:
- ip flow-top-talkers
You can configure the top command for the number of talkers (1–200) and the sort-by command to sort by bytes or packets, depending on the use case.
Example 24-39 shows the configuration steps on R1 and the associated verification steps.
What are these? What layers do they operate at?
- Local Switched Port Analyzer:
- Remote Switched Port Analyzer (RSPAN):
- Encapsulated Remote Switched Port Analyzer (ERSPAN):
Local Switched Port Analyzer: You can capture local network traffic on a switch and send a copy of the network traffic to a local port attached to some sort of traffic analyzer connected to a port on the same switch.
Remote Switched Port Analyzer (RSPAN): You can capture network traffic on a remote switch and send a copy of the network traffic to the local switch through Layer 2 toward a local port attached to some sort of traffic analyzer.
Encapsulated Remote Switched Port Analyzer (ERSPAN): You can capture network traffic on a remote device and send the traffic to the local system through Layer 3 (routing possible) toward a local port attached to some sort of traffic analyzer.
What are the three sources for a local SPAN session to capture traffic from?
- One or more specific switch ports
- A port channel (also known as an EtherChannel)
- A VLAN (To be more explicit, this is the traffic received by the switch for hosts all the hosts associated to the VLAN specified. This does not include a SVI interface.)
T/F: The source port can be reused between two different SPAN sessions.
False.
The source port cannot be reused between two different SPAN sessions.