Chapter 5 Routing policeis and firewall filters Flashcards

1
Q

Import and export policies

A

Import are from external to internal
export are from internal to external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policies for link-state protocols

A

Import policies should not be used with link-state protocol as all the routers in a link-state area should have the same LSDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Policies configuration

A

Policies are configured separately and then applied to the desired protocol, more policies can be applied with an order on the same protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Protocol with no matching policies

A

When a route is not matching any policy it will get the default behaviour, each dynamic routing protocol has its default behaviour (Like RIP discards the route) but it can also be configured by the admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Policy matching criteria

A

Route-filters (based on the prefix)
Protocol
Prefix-lists
Attributes (Area, community, preference, AS Path)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Policy actions

A

Accept
Reject
Next-policy
Modify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Default policy behaviours

A

Import | Export
BGP: accept all valid routes accept and advertise all
active routes
OSPF: accept all routes reject all routes
IS-IS: accept all routes reject all
RIP: Accept all valid RIP routes from reject all
configured neighbors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Route filters match-types

A

exact -> exact sm and prefix
orlonger -> exact + subsubnets
longer -> just subsubnets
upto -> up to a certain sm
prefix-length-range -> from sm min to sm max

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Change the order of terms in policies

A

insert <term1> before <term2></term2></term1>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Firewall filters

A

Equivalent to ACL are configured with multiple terms and then need to be applied to interfaces in input or output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Firewall filters actions

A

Terminating:
- accept
- deny -> let the user know it’s been denied by a firewall
- discard
Flow-contorl
- next-term -> skip the term
Non terminating
- syslog/log → pass the info to the RE that stores it/keeps less detail
stored in the linecards memory
- count → counts the number of packet, you need to specify a
counter name
- policer → policying the traffic (control the mac packets that can go
through)
- forwarding-class → QoS
- loss-priority → QoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Firewall filters on RE

A

To apply a firewall filter on the RE it needs to be applied to the internal switch/interface fxp01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly