Chap 24 - Network Assurance Flashcards
What are 2 of the most common reasons for getting a timeout with traceroute?
- Missing route
- Down interface.
By default how many hops will traceroute try before completing?
30 times/hops
With traceroute how many probes per hop?
3
With traceroute what does a !H mean?
An “ICMP destination host unreachable” (likely because there’s no route)
For traceroute what is the default timeout when waiting for a reply from a probe?
3 seconds
For traceroute what is the default port number?
33434
What is one of the most common reasons to use debug?
When routing protocols are having adjacency issues.
In OSPF what are 4 of the most common reasons to use debug?
- MTU issues with debug adjacency
- Incorrect interface types with debug hello
- Improperly configured network mask with debug hello
- Mis-matched timers
What debug command is useful for troubleshooting an OSPF adjacency issue?
debug ip ospf adjacency
In OSPF what debug command is useful for troubleshooting a mismatched timer issue?
debug ip ospf hello
In OSPF what debug command will find an incorrect subnet mask?
debug ip ospf hello
What are 2 ways of running a Conditional Debug?
- Using an ACL
- Specifying an interface along with an ACL
In SNMPv3 what does noAuthNoPriv mean?
- Authentication by username only
- No encryption
In SNMPv3 what does AuthNoPriv mean?
- Authentication by MD5 or SHA
- No encryption
In SNMPv3 what does AuthPriv mean?
- Authentication by MD5 or SHA
- With encryption
In SNMP what is a get-request?
Retrieves a value from a specific variable.
In SNMP what is a get-next-request?
Retrieves a value from a variable within a table.
In SNMP what is a get-bulk-request?
Retrieves large blocks of data, such as multiple rows in a table, that would otherwise require the transmission of many small blocks of data.
In SNMP what is a get-response?
The Reply sent by the router in response to a get request, get next request, or set request sent by an NMS.
In SNMP what is a set-request?
Stores a value in a specific variable.
In SNMP what is a Trap?
Sends an unsolicited message from an SNMP agent to an SNMP manager when some event has occurred.
By default where are all syslog messages sent?
The console.
What is the default size of the logging buffer?
4096 bytes
In general what 2 components are necessary for Netflow to work?
- Netflow Data Capture
- Netflow Data Export
What does Netflow Data Capture do?
Captures the statistics
What does Netflow Data Export do?
Send the statistics to a Netflow Collector.
What 4 components of Flexible Netflow?
- Flow Records
- Flow Monitors
- Flow Exporters
- Flow Samplers
What are Flow Records?
Flow records define what traffic will be analyzed or monitored.
What are 3 facts about Flow Monitors?
What does it have?
What are 2 things defined in it?
Where is the flow monitor?
- Has its own cache
- Ties the Flow Record and the Flow Exporter together
- Is applied to the interface
What does a Flow Exporter do?
Exports NetFlow data from the Flow Monitor cache to a remote host or NetFlow collector.
What are Flow Samplers?
It takes samples of NetFlow data rather than analyzing all NetFlow data.
What are the 4 steps in configuring Custom Flow Record?
- Define the flow record name
- Set a description
- Set match criteria for key fields
- Set collect criteria for non-key fields
What are the 5 steps in configuring a Flow Exporter?
- Define the Exporter name
- Set a useful description
- Specify the destination IP to export to
- Specify the flow version
- Specify the UDP port
What are the 5 steps in configuring a Flow Monitor?
- Define the Flow Monitor name
- Set a useful description
- Assign the Flow Record to be used
- Specify a cache timeout of 60 for active connections
- Assign the Exporter to the Monitor
Why do you need to assign a Flow Exporter to a Flow Monitor?
So that the traffic being collected by the Flow Record can be Exported to the NetFlow Collector
How do you assign the Flow Monitor to an Interface?
- int gig0/1
- ip flow monitor MyFlowMonitor input
What are 3 traditional options for troubleshooting a layer 2 issue?
- Insert a splitter
- Mirror the traffic to an additional port
- Insert a switch between the 2 devices and configure the switch to mirror the transient traffic to an analyzer
What are 3 options for Catalyst switches to SPAN traffic?
- Local SPAN
- Remote SPAN (RSPAN)
- Encapsulated Remote SPAN (ERSPAN)
In SPAN, when specifying a destination port what 7 packet types are normally not included?
- 802.1q VLAN tags
- STP BPDUs
- CDP
- DTP
- VTP
- PAgP
- LACP
What is the command to include all L2 protocols in the SPAN?
sw1(config)# monitor session <session-id> destination interface <interface-id> encapsulation replicate</interface-id></session-id>
What is normally not included on the SPAN destination port?
STP
What is the difference in these 2 commands:
CMD A - monitor session 1 destination interface gig0/1 ingress dot1q vlan 20
CMD B - monitor session 1 destination interface gig0/1 ingress untagged vlan 20
This is used when the same port specified as the destination port must also send/receive normal traffic.
CMD A requires the normal traffic (ingress) be accepted only if it has an 802.1q tag with VLAN 20
CMD B allows normal traffic be accepted even if it doesn’t have an 802.1q tag but is associated with vlan 20
What does RSPAN do?
It allows the source ports to be located on one switch and the destination port on a different switch.
For an RSPAN what 2 things are different?
- MAC addresses are not learned on ports associated with the RSPAN VLAN
- Traffic is flooded out all the ports associated to the RSPAN VLAN
What is ERSPAN?
ERSPAN provides the ability to monitor traffic in one area of the network and route the SPAN traffic to a traffic analyzer in another area of the network through Layer 3 routing.
What are 8 probes that IP SLA can be configured to monitor?
- Delay (one-way and round-trip)
- Jitter (directional)
- Packet loss (directional)
- Packet sequencing
- Path (per hop)
- Connectivity (directional)
- Server or website download time
- Voice Quality Scores
What are 9 capabilities offered by Cisco DNA Center?
- Cisco SD-Access config
- Config templates
- Simplified provisioning
- Simplified security policies
- Software Image mgmt
- Wireless network mgmt
- 3rd party integration
- Network Assurance
- Plug and Play
In Flexible Netflow when defining a custom flow record what command is used to add a Key Field?
Match
In Flexible Netflow when defining a custom flow record what command is used to add a Non-Key Field?
Collect
You are currently monitoring a trunk (all vlans) on a switchport with SPAN but you only want to monitor traffic from VLANs 2 and 3. What is the command to do that?
- SW1(config)# monitor session 1 filter vlan 2,3
- The vlans following the ‘filter’ keyword specifies the VLANs you WANT to monitor, not the VLANs you want to filter out.
What does the command ‘logging synchronous’ do?
During a console session it prevents unsolicited log messages from interrupting messages that are solicited.
What does the keyword ‘level’ do in the command ‘logging synchronous’.
If the keyword level is used in the ‘logging synchronous’ command it will direct the traffic at that level and more severe to be logged asynchronously
What are the defaults level and line in the ‘logging synchronous’ command?
- level defaults to 2 to most severe
- line defaults to 20
What are the 8 syslog severity codes?
- 0 emergency
- 1 alert
- 2 critical
- 3 error
- 4 warning
- 5 notification
- 6 informational
- 7 debugging
