cisco_certs_20160418125207 Flashcards
Default STP port costs for the following speeds:10M100M1G10G
10M = 100
100M = 19
1G = 4
10G = 2
What are the 3 types of BPDUs?
Hello BPDU
CBDPU - Configuration BPDU
TCN BPDU - Topology Change Notification BPDU
Command to configure a static etherchannel
conf t
interface *int*
channel-group *group number* mode on
Command to show the status of an etherchannel
show etherchannel *group number*
What are the 2 protocols that can be used to create dynamic etherchannels?
PAgP
LACP
What does PAgP stand for?
Port Aggregation Protocol
What does LACP stand for?
Link Aggregation Control Protocol
What is the IEEE standard for PAgP and LACP?
PAgP is Cisco proprietary
LACP is 802.1ad
Syntax to enable PAgP on a interface
conf t
int gi1/0
channel-group *group number* mode {desirable | auto}
Syntax to enable LACP on a interface
conf t
int gi1/0
channel-group *group number* mode {active | passive}
In PAgP configurations, what does the keyword desirable tell the switch to do vs auto?
It tells the switch “use this protocol and begin negotiations”
versus
“use this protocol and wait for the other switch to begin negotiations.”
In LACP configurations, what does the keyword active tell the switch to do vs passive?
It tells the switch “use this protocol and begin negotiations”
versus
“use this protocol and wait for the other switch to begin negotiations.”
What happens with an etherchannel where both sides are set to either auto or passive?
It won’t come up, because both sides are waiting for the other to begin negotiations.
What is the IEEE standard for:
STP
PVST
RSTP
802.1D
Cisco Proprietary
802.1w
What does RSTP stand for?
Rapid Spanning Tree Protocol
What STP mode do Cisco switches generally default to?
802.1D with PVST
Command to set a switch to use PVST
spanning-tree mode pvst
What 3 fields make up the BID?
- Priority
- System ID Extension
- System ID
What is the range for priority?
0-65535
What is unusual about the priority value?
It’s in multiples of 4096.
What is the value of an all 1’s priority field?
61140
What are the values of each bit in the priority field?
32768 16384 8192 4096
What is normally stored in the System ID extension field?
VLAN ID
How many bits in the System ID extension field?
12
How many bits in the priority field?
4
How many bits in the System ID field?
6 bytes
Command to set the priority for a given VLAN
spanning-tree vlan *vlan id* priority *priority*
Command to set a port cost.
Conf t
interface gi1/0
spanning-tree [vlan *vlan id*] cost *cost*
What is the default BID priority?
32768
Is portfast or bpduguard enabled by default?
No
What are the 3 port types in STP?
- Root port
- Designated port
- Blocking port
What is a Designated port vs other port types?
The Designated Port is the one that advertises lowest-cost hello onto the LAN segment.
What 4 fields are shown in a “show mac address-table” output?
- VLAN
- MAC address
- Type (dynamic or static)
- Output port to get to that MAC
What does “show interfaces status” show us (7 fields)?
- Port
- Description
- Status (connect / notconnect/ disabled)
- VLAN
- Duplex
- Speed
- Type (10/100/1000 TX etc)
If a frame came into a switch and was either an unknown destination MAC or a broadcast mac, what ports would the switch forward it out of?
All forwarding ports for that VLAN, except the one on which it was received.
What makes a switch a designated switch for a given ethernet segment?
It’s the switch (and therefor the port) that is forwarding the root’s BPDU.
4 important fields in a Hello BPDU
- Root BID
- Sender’s BID
- Sender’s root cost
- Timers on the root switch
What are 3 of the timers on the root switch?
- Hello timer
- MaxAge timer
- Forward Delay timer
What is the most common type of BPDU?
Hello BPDU
What does STA stand for?
Spanning Tree Algorithm
What is the root cost in a BPDU received directly from the root bridge?
- The root bridge has a 0 cost to reach itself.
If a switch receives a BPDU with a root cost of 25 on a 1 gig port with default costing, what will it rewrite the root cost to be?
2925 + 4 for the gig port
Which switch’s BID would win?
A: 32769:0200.0002.0002
B: 32769:0200.0003.0003
A, since it has the numerically lower System ID
If a switch is connected to a hub and hear’s it’s own BPDU’s on multiple ports, what are the other 2 tiebreaker values?
- Lowest interface STP priority
- If all interfaces are the same priority, lowest interface number.
What 2 items will a non-root switch change before forwarding out the hello BPDU received from the root’s direction?
- Root cost
- Sender ID
What is the default value of the 3 primary STP timers?
- Hello - 2 seconds
- MaxAge - 20 seconds
- Forward Delay - 15 seconds
What is the calculation to get the MaxAge time?
MaxAge = 10*(Hello timer)
What does the forward delay timer control?
How long a port will transition through Listening and Learning before going to Forwarding. Each phase will take (fwddelay value) seconds.
What does the MaxAge timer control?
How long a switch will wait for a Hello BPDU before declaring the neighbor down and sending out a TCN BPDU.
How many interfaces can be included in an Etherchannel?
Up to 8.
What does PortFast do?
Allows a port to go immediately into Forwarding, without the normal interim stages of Listening and Learning.
What kinds of ports must PortFast be restricted to?
Access ports facing stubs only, never anything that could be cabled up to form a loop.
What does BPDUguard do?
When a port has it configured, it will immediately become disabled if a BPDU is received on that port.
In RSTP, what is the blocking state called?
Discarding
What is STP’s convergence time vs RSTP?
STP - ~50 secondsRSTP - max 10 seconds, usually much less
What does the command “spanning-tree vlan vlan-id root {primary | secondary}” do?
The switch on which this is configured will lower it’s own priority to beat out any other switch to become the root bridge.
Command to enable portfast on gi1/0.
conf t
int gi1/0
spanning-tree portfast
Command to enable BPDUguard on gi1/0
conf t
int gi1/0
spanning-tree bpduguard enable
Command to make a switch root or secondary root.
spanning-tree vlan *vlan-id* root {primary | secondary}
Command to see the root BID.
show spanning-tree [vlan *vlan id*]
Command to list the root switches for all vlans.
show spanning-tree root
Command to debug STP
debug spanning-tree events
Command to show the BID broken out into it’s component parts.
show spanning-tree vlan *vlan id* bridge
When using the root primary command, what is the value that the switch’s priority will be set to if the current root is at 32768?
24576
When using the root primary command, what is the value that the switch’s priority will be set to if the current root is less than 24576?
The highest multiple of 4096 that is still less than the priority of the current root.
What are the 3 port states of 802.1w?
- Learning
- Forwarding
- Discarding
2 commands to see if a switch is in PVST or RPVST mode
show spanning-tree
show spanning-tree summary
Command to set either PVST or RPVST
conf t
spanning-tree mode [pvst | rapid-pvst]
If a switch has a root port, is it the root switch?
No. The root switch only has designated ports.
How many root ports will a switch have?
1 per vlan
What are the stable states in STP?
- Forwarding
- Blocking
What are the states in STP that only occur during convergence?
- Listening
- Learning
What is used to create the BID?
2 byte priority field + 6 byte system ID (BIA)
What kind of packets are used during the Loading phase?
LSU
What does an LSU contain?
One or several LSA’s
What information is in a Network LSA?
The DR on a broadcast segment lists which routers are joined together by the segment. The LSID of the type 2 LSA is the IP interface address of the DR.
What information is in a Summary LSA?
Information about subnets in other areas
Subnet ID, mask,RID of ABR that advertises the LSA
In what OSPF phase do neighbors pass each other their LSA’s?
Loading
What are the 2 primary timers in OSPF?
Hello
Dead Interval
For DROthers, what is the maximum state that they reach with each other?
2way
List the first 3 OSPF LSAs
Router
NetworkSummary
Command to passive an OSPFv3 interface
conf t
ipv6 router ospf *PID*
passive-interface *interface*
What is the all-OSPF IPv6 address?
FF02::5
What is the all-DR IPv6 address?
FF02::6
In OSPFv3, how does one include an interface in routing?
by enabling routing directly on the interface, not via the network command
Generic syntax to add an interface into OSPFv3
conf t
interface *interface*
ipv6 ospf *PID* area *Area ID*
Syntax to enable OSPFv3 on int gi1/0, in area 0ipv6 router ospf 12 router-id 1.2.3.4
conf t
int gi1/0
ipv6 ospf 12 area 0
Command to tell a router to not form OSPF adjacencies on a given interface
conf t
router ospf *PID*
passive-interface *interface name*
What 5 attributes must match for OSPF neighbors to become adjacent?
- Same subnet
- Hold/dead timers
- Authentication
- Same area
- Same interface MTU
Command to configure a router-id for an OSPFv3 router
conf t
ipv6 router ospf *PID*
router-id *IPv4 RID*
When does EIGRP send full and partial updates?
Full on neighbor adjacency
Partial as needed when network topology changes
What are the 2 primary timers for EIGRP?
Hello
Hold
What are the default values for the Hello and Hold timers in EIGRP?
Hello = 5 seconds
Hold = 3xHello, or 15 seconds by default
What are EIGRP’s 2 primary metrics?
Bandwidth and Delay
What is the multicast address for EIGRP?
224.0.0.10
Does EIGRP ever flood updates periodically?
No, only during adjacency setup or topology changes
What are the 3 required and 1 optional attributes that must pass before an EIGRP adjacency will be established?
Required:
- Same AS number
- Same IP subnet
- Matching K values
Optional:
- Authentication, if configured, must match.
What is the Feasible Distance in EIGRP?
The metric of an EIGRP route on the local router.
What is the Reported Distance in EIGRP?
The next-hop router’s best metric for a FD subnet
What algorithm is used by EIGRP
DUAL
What does DUAL stand for?
Diffusing Update ALgorithm
Does the EIGRP ASN need to match between neighbors?
Yes
Syntax to include interfaces into EIGRP
conf t
router eigrp *ASN*
network *network* [*wildcard mask*]
What 3 attributes must match for EIGRP neighbors to become adjacent?
- Same subnet
- Same ASN
- Matching K-values
What is the all-EIGRP routers IPv6 address?
FF02::10
What are the EIGRP k values, in order?
K1 = Bandwidth modifier
K2 = Load modifier
K3 = Delay modifier
K4 = Reliability modifier
K5 = Additional Reliability modifier
2 steps to have EIGRP use a key chain in authentication
- Under a given interface, set up authentication for the routing protocol.
- Staying under that same interface, bind the key-chain that will be used to the auth line.
Syntax to bind a key chain to EIGRP authentication
conf t
int gi1/0
ip authentication key-chain eigrp *asn* *key-chain name*
Syntax to add automatic summarization to EIGRP
auto-summary
Change the bandwidth or delay on an interface for EIGRP
conf t
int gi1/0
bandwidth *value*delay *value*
Syntax to set the hello and hold timers for EIGRP
conf t
int gi1/0
ip eigrp hello-interval *seconds*
ip eigrp hold-time *seconds*
Configuration to allow for unequal cost load balancing in EIGRP
variance *multiplier*
When you show the routing table, what letter signifies that route was learned via EIGRP?
D
Syntax to set up authentication for eigrp under an interface.
conf t
int gi1/0
ip authentication mode eigrp *asn* md5
What is the successor?
The successor is the path that has the best metric.
What is the Feasible Distance?
The metric of a given route from the current router’s point of view.
What is the Reported Distance?
The metric of a given route from the neighbor’s point of view.
If a path meets the feasibility condition, but does not fall within variance parameters, what happens to it?
It is held in reserve as a feasible successor, one which may take over if the current successor fails.
What is the feasibility condition?
The reported distance of a path must be less than the FD of the path on the current router.
What happens to a path who’s FD falls within variance parameters but does not meet the feasibility condition?
It’s not installed in the routing table, nor will it be a Feasible Successor
How does a router determine if a path can be a Feasible Successor?
If the path’s RD is less that the FD, it will be a Feasible Successor.
What does EUI stand for?
Extended Unique Identifier
What is the / range for IPv6 unique local address space?
FC00::/7
What do IPv6 link-local addresses start with?
FE80
What is the prefix range for link-local addresses?
FE80::/10
FE80
FE90
FEA0
FEB0
What method is used to create the link-local address for an interface?
FE80::/64 + EUI-64 interface ID
What do IPv6 multicast addressess start with?
FF
What is the IPv6 multicast range?
FF00::/8
What IPv6 multicast range is reserved for link local only?
FF02::/16
When a host wants to use DHCPv6 to get an IP, what source/destination addresses does it use?
Source = it’s link-local address
Destination = FF02::1:2
Command to set an IPv6 dhcp relay on an interface
conf t
int gi0/0
ipv6 dhcp relay destination *DHCP server addr*
What does SLAAC stand for?
StateLess Address AutoConfiguration
What are 2 uses for link-local addresses?
Communication with directly connected neighbors
Routers use their neighbors link-local addresses as next hops in routing tables
3 steps for a host to get an IPv6 address using SLAAC
- Discover the v6 prefix on the link using NDP RS/RA messages.
- Create an interface ID and append it to the prefix.
- Test that it’s not a duplicate using DAD.
What address is an RS message sent to?
All-routers
FF02::2
When using SLAAC, how does a host come up with it’s interface ID?
Either using EUI-64 or coming up with a random value.
What is the all-host IPv6 address?
FF02::1
What 5 IPv6 functions use NDP?
SLAAC
DAD
Router Discovery
Neighbor MAC Discovery
Prefix/length Discovery
What is the all-DHCP-agents multicast address?
FF02::1:2
What is the all-router IPv6 address?
FF02::2
Where would a host using SLAAC get the DNS server address?
From stateless DHCPv6
4 major types of IPv6 addresses
Global Unicast
Unique local
Multicast
Link-local
How does DAD work?
Host sends a NS message for it’s IPv6 address. If someone answers, must be a duplicate.
Who primarily sends an RS message?
Hosts
When are RA messages sent?
In response to a RS message
Or
Unsolicited, on a timer
What does NDP replace?
IPv4 ARP
If you really want to configure the link-local address, what is the syntax?
ipv6 address *local IPv6 addr* link-local
Command to statically configure an IPv6 address on an interface
conf t
interface *int*
ipv6 address *address/mask*
Command to have an interface use an EUI-64 address
ipv6 address *prefix*/64 eui-64
Command to have a router use SLAAC to dynamically get an IPv6 address
ipv6 address autoconfig
Command to have a router use DHCPv6 on an interface
ipv6 address dhcp
Command to enable a router to forward IPv6 packets
ipv6 unicast-routing
What is the scope of the solicited-node multicast address?
Link-local
In IPv6, what replaces ARP?
Neighbor Discovery Protocol
What does NDP stand for?
Neighbor Discovery Protocol
What types of messages are used to find a neighbor’s MAC address in IPv6?
Using what protocol?
NS and NA
NDP
What are global unicast IPv6 addresses the equivalent of?
Public IPv4 addresses
What are the versions of the IGPs that support IPv6?
RIPng
OSPFv3
EIGRPv6
What are unique local IPv6 addresses the equivalent of?
Roughly, RFC1918 addresses
What do RS and RA stand for?
Router Solicitation
Router Advertisement
Who primarily sends RA messages?
Routers
2 commands to see IPv6 interface information
show ipv6 interface brief
show ipv6 interace *interface*
DHCPv4 uses Discover/Offer/Request/Acknowledgement messages. What does DHCPv6 use?
Solicit - Host
Advertise - Server
Request - Host
Reply - Server
When a host uses SLAAC, what crucial data is it missing?
The DNS server’s address
When a router receives a link-local packet, what are the steps it takes to forward it out another interface?
Link local packets are not forwarded out other interfaces; they are scoped to a single link.
4 steps to creating an EUI-64 address
- Take the MAC address of the interface, and split it in half.
- Insert FF:FE into the middle of the MAC.
- Invert the 7th bit of the the result from step 2.
- Append this to the IPv6 prefix.
What are the 2 rules for shortening IPv6 addresses?
- In each quartet, remove any leading 0’s.
- For any single sequence of quartet’s whos value is 0, collapse that sequence into ::
If an organization is allocated a /54, how many bits are available for subnets?
10
How many bits in an IPv6 address?
How many bytes?
128 bits
16 bytes
What’s the size of the required section of the IPv6 header?
40 bytes
How many : delimited sections are there in an IPv6 address?
8
2340:1111:AAAA:0001:1234:5678:9ABC:1234
What is the 7th bit in the EUI-64 interface ID?
The universal/local bit.
Syntax to configure an IPv6 address on interface s0/0/0
conf t
int s0/0/0
ipv6 address *ipv6 addr/mask*
Command to set an IPv6 static default route going out gi1/0
conf t
ipv6 route ::/0 gi1/0
Command to set an IPv6 static route
conf t
ipv6 route *network/mask* {*next hop IPv6* | *exit interface*}
Command to enable ipv6 globally
conf t
ipv6 unicast-routing
What does DAD stand for?
Duplicate Address Detection
When is a link local IPv6 address instantiated on a router’s interface?
When another IPv6 address is configured or aqcuired on the same interface.
How are link-local addresses configured in the router?
They are automatically and self-generated.
What is the range of globally routable IPv6 addresses, in / notation.
2000::/3
What do the 2 options for the U/L bit signify?
0 = BIA MAC is being used
1 = Locally administered address, ie BIA has been overwritten
What is one difference between DHCPv4 and v6 in terms of types of information supplied to the requesting host by the DHCP server.
DHCPv6 does not supply default router info. That is discovered by the host, using RS messages.
Name 2 ways for a router to get an IPv6 address dynamically
- Stateful DHCP
- SLAAC
What’s the most common IPv6 subnet mask for hosts or interfaces?
/64
What is the ethertype for IPv6
0x86DD
3 major FHRP protocols
- HSRP
- VRRP
- GLBP
What does GLBP stand for?
Gateway Load Balancing Protocol
What does FHRP stand for?
First Hop Redundancy Protocol
What does VRRP stand for?
Virtual Router Redundancy Protocol
What does HSRP stand for?
Hot Standby Router Protocol
How does HSRP implement loadbalancing?
By allowing different routers be the active router for different subnets.
What’s the biggest difference between GLBP and HSRP/VRRP?
GLBP uses an active/active model, so traffic can be distributed between multiple routers even if the hosts are in the same subnets.
What function does the AVG perform?
In GLBP, the AVG replies to all ARP requests for the virtual IP address. It will LB the responses so that the hosts end up balanced between all the routers in the group.
What does AVG stand for?
Active Virtual Gateway
How does the AVG direct hosts to utilize different routers as their gateways?
By providing the MAC addresses of different routers in the LB group for the virtual IP address.
HSRP syntax to set up the VIP for a LB group
conf tinterface gi1/0standby *group #* ip *VIP*
5 basic HSRP attributes that can be configured under an interface
- VIP
- Group name
- Priority
- Version
- Preempt
HSRP syntax to set priority for a LB group
conf t
interface gi1/0
standby *group #* priority *priority value*
For HSRP, what is the default priority?
100
For HSRP, what is the priority range?
1 - 255
For HSRP, is a higher or lower priority better?
Higher
HSRP syntax to return an interface to active state after it comes back up
conf t
interface gi1/0
standby *group #* preempt
2 commands to show detailed HSRP status
show standby
show standby brief
GLBP syntax to configure the virtual IP
glbp *group #* ip *vip*
GLBP syntax to configure the name of the LB group
glbp *group #* name *name*
How does GLBP’s priority system differ from that of HSRP?
It doesn’t. Same defaults and priority range, along with the fact that higher priority is better.
How does a router become a GLBP AVG?
It has the higher priority and either comes online first, or has preemption enabled.
2 commands to show the status of GLBP
show glbp
show glbp brief
What is the GLBP term for a router that is active in a LB group?
A forwarder
Command to set VTP mode to transparent
in global config mode:vtp mode transparent
What are the 4 trunking administrative modes?
- Access
- Trunk
- dynamic desirable
- dynamic auto
Command to show the options set on trunk ports
show interfaces trunk
Command to set interface g2/1 to access, associated with vlan 22
conf t
int gi2/1
switchport access vlan 22
Command to set the native vlan for a trunk port on a switch
in interface config mode: switchport trunk native vlan *vlanid*
Command to set a port to initiate trunking negotiation messages.
int gi0/1
switchport mode dynamic desirable
What is the normal range and extended range vlan numbers?
Normal = 1 - 1005
Extended = 1006 - 4094
What is the limitation on vlans for a switch in VTP server mode?
Server switches can only configure vlans in the standard range
Command to set a port to trunk mode
switchport mode trunk
Command to change the default vlans allowed on a trunk.
switchport trunk allowed vlan {add | remove | all | except }
Command to set the trunking encapsulation on a port to dot1q
switchport trunk encapsulation dot1q
How big is the VLAN ID field inside the .1Q header?
12 bits
Command to name a vlan
conf t
vlan *vlanid*
name *name*
Where is the .1Q tag inserted in the ethernet header?
Between the source address and type fields.
Command to ensure that an access port does not negotiate to become a trunk
conf t
interface gi1/1
switchport mode access
What is the default trunking administrative mode?
Dynamic auto
What vlans cannot be deleted?
1, 1002-1005
Command to create a vlan on a switch
vlan *vlanid*
Does the command “show interfaces trunk” work on routers, switches, or both?
Switches only
Does the command “show interfaces switchport” work on routers, switches, or both?
Switches only
How does a router implement vlans?
Through subinterfaces on an ethernet interface
Command to set a trunk port to negotiate encapsulation
switchport trunk encapsulation negotiate
Can vlan 1 have it’s name changed?
No
4 options for VTP mode
- Client
- Server
- Transparent
- Off
Command to set the vtp domain name
conf t
vtp domain *name*
Command to show the vtp domain name
show vtp status
Command to create a L3 vlan
conf t
interface vlan *vlanid*
ip address *ip addr* *subnet mask*
Command to create a static NAT mapping
ip nat inside source static *inside local* *inside global*
Command to see static NAT mappings
show ip nat translations
5 steps to configuring dynamic NAT
- Set an interface to inside
- Set an interface to outside
- Create ACL for the inside interface which identifies packets for which NAT should be performed
- Create a pool of global IP’s for use in NAT
- Bind the ACL and the pool together, enabling dynamic NAT
Command to create an IP address pool for use with NAT
ip nat pool *name* *first IP* *last IP* netmask *subnet mask*
Command to bind pool and ACL together to enable dynamic NAT
ip nat inside source list *ACL #* pool *pool name*
Command to clear the NAT translation table
clear ip nat translation *
2 variations to enable PAT
ip nat inside source list *ACL #* interface *interface* overload
ip nat inside source list *ACL #* pool *pool name* overload
What does “inside local” refer to?
Private IP’s used in NAT
What does “inside global” refer to?
Public IP’s used in NAT
3 steps to configure a router to do static NAT
- Set up an interface as inside local
- Set up an interface as inside global
- Create a mapping between inside and outside IP’s
Command to make an inside NAT interface
conf t
int gi0/0
ip nat inside
Command to make an outside NAT interface
conf t
int gi0/1
ip nat outside
Command to set a static translation
ip nat inside source static *inside local IP* *inside global IP*
Command to set an inside local interface
conf t
interface *interface*
ip nat inside
Command to set an inside global interface
conf t
interface *interface*
ip nat outside
What are the ranges for standard ACLs?
1-99
1300-1999
Syntax for an extended numbered ACL
access-list access-list-number {deny | permit} *protocol* *source IP* *wildcard mask* *destination IP* *wildcard mask* [log]
3 primary differences that named ACLs have vs numbered
- Names instead of numbers
- Uses ACL subcommands vs global commands to define the ACL
- ACL editing allows users to edit delete and add individual lines
Command to delete a line from a numbered ACL with sequence numbers.
conf t
ip access-list {standard | extended} *number*no *seq number*
Syntax to assign an ACL to a vty
access-class *number* {in | out}
TCP version of an extended ACL
access-list access-list-number {deny | permit}tcp *source* *source-wildcard* [operator [port]] *destination* *destination-wildcard* [operator [port]] [log]
If an ACL omits the wildcard mask, what is the implied mask?
0.0.0.0
What are the ranges for extended ACLs?
100 - 199
2000 - 2699
Syntax for a standard numbered ACL
access-list {1-99 | 1300-1999} {permit | deny} [*subnet* *wildcard mask* | any]
Operational command to see:
- IPv4 ACLs
- All ACLs
show ip access-lists
show access-list
Command to see access list application status on an interface
show ip interface *interface*
Keyword to add to an ACL to help keep track of it’s activity
log
What are the 3 types of ACLs?
Standard
Extended
Named
Are named ACLs standard or extended?
Either, depends on how they are configured
What is the difference between standard and extended ACLs?
Standard ACLs filter on source address
Extended ACLs filter on:
Source and Dest IP
Dest Port
Other criteria
What do extended ACLs filter on?
Source & Dest. IP
Source & Dest. Port
Command to implement an ACL on an interface
ip access-group *number|name* {in | out}
ACL keyword that means “0.0.0.0” wildcard
host
ACL keyword that means 0.0.0.0 255.255.255.255
any
ACL keywords for
greater than
less than
equal to
gt
lt
eq
Command to instantiate a named ACL
ip access-list {standard | extended} *name*
If a numbered ACL doesn’t use sequence numbers, how would a user remove one of it’s lines?
They can’t. The ACL must be deleted and re-added entirely.
What effect does the log keyword have on an ACL?
It sends messages to the log file about the activity pertinent to that line in the ACL
What advantage does SNMPv3 have over older versions?
Security
What 3 features in SNMPv3 support higher levels of security?
- Message integrity (tamper detection)
- Authentication
- Encryption
What are the 3 security modes for SNMPv3?
noAuthNoPriv
authNoPriv
authPriv
Configuration keyword for the noAuthNoPriv level of SNMPv3 security
noauth
Configuration keyword for the authNoPriv level of SNMPv3 security
auth
Configuration keyword for the authPriv level of SNMPv3 security
priv
Command to see the status of the SSH service on the device
show ip ssh
5 steps to enabling SSH
- Configure VTY lines to use either local or AAA security
- If local, add usernames
- Configure the ip domain-name
- Create the encryption key
- Enable version 1 or version 2
Command to enable port security on an interface
switchport port-security
2 mandatory and 4 optional steps to enabling port security
- Set a port to either trunk or access mode
- enable port security
Optional
- Change the default number of MAC addresses allowed
- Change the default port security violation behavior
- Define any permitted MAC addresses
- Tell the switch to sticky-learn any dynamically learned mac addresses
Command to see the security state of switch ports
show port-security [interface *interface*]
What are the 3 port security violation options, and which is default?
- Shutdown (default)
- Protect
- Restrict
3 steps to create a key for use in routing authentication
- Create the key chain
- Create the key
- Set the key string
Syntax to create a key chain
conf t
key chain *name*
Syntax to create a key under a key chain
key *#*
Syntax to set a text string for a key
key-string *text-string*
Command to create the encryption key for SSH
crypto key generate rsa
Command to set the device to use SSH2
ip ssh version 2
What does DCE stand for?
Data Communication Equipment
What does HDLC stand for?
High-level Data Link Control
What is a DCE cable used to connect?
With a DTE cable, used to connect two router serial ports back to back
In Frame Relay, what does LMI stand for?
Local Management Interface
What does DLCI stand for?
Data Link Connection Identifier
What encapsulation is set on a serial interface that will connect to a frame relay network?
frame-relay
Syntax to set a serial interface to frame relay encapsulation
conf t
int s1/0
encapsulation frame-relay
2 options for encapsulation frame-relay
- cisco
- ietf
When leaving off the specific encapsulation type for the command “encapsulation frame-relay”, what is the default?
cisco
Syntax of the frame-relay map command
frame-relay map ip *ip address* *dlci* [broadcast]
Syntax to bind a dlci to an interface
frame-relay interface-dlci *dlci*
Command to show InArp data
show frame-relay map
What does PPP stand for?
Point to Point Protocol
What are 2 PPP control protocols?
LCP
NCP
What do NCP and LCP stand for?
Network Control Protocols
Link Control Protocol
What’s a glaring difference between NCP and LCP?
LCP is a single protocol, whereas NCP is a suite of protocols that are each specific to a Layer 3 protocol.
4 features of PPP LCP
- Loop detection
- Error detection
- Multilink support
- Authentication
What 2 types of authentication are supported by PPP?
PAP
CHAP
What do PAP and CHAP stand for?
Password Authentication Protocol
Challenge Handshake Authentication Protocol
Which PPP auth protocol sends a password in clear text?
PAP
What are the 3 steps of a successful CHAP authenticatoin?
- Authenticator sends challenge packet.
- Caller hashes password etc and sends back hashed value.
- Authenticator compares submitted value to their own hashed value, and if they match it allows the caller in.
Command to set PPP on a serial interface
conf t
int s1/0
encapsulation ppp
2 general steps to have a PPP link use PAP or CHAP
- Configure the username/password for the calling router.
- Set the serial link to use PPP PAP
What will the state of a serial link be if PPP authentication fails?
Up/down
Syntax to set a username/pass for use in PPP authentication
username *caller hostname* password *password*
Syntax to have a serial interface use CHAP
conf t
int s1/0
ppp authentication chap
2 useful debug commands for PPP
debug ppp authentication
debug ppp negotiation
What are the 2 primary attributes of a leased line?
Symmetrical speeds
Always on
What kind of cable goes between a router and a CSU?
DTE
What are the 5 fields in the HDLC header?
- Flag
- Address
- Control
- Type
- FCS
What field did Cisco add to their implementation of HDLC?
Type
What does the Cisco HDLC Type field help with?
It identifies which L3 protocol is contained in the packet.
What is the default encapsulation on a Cisco router’s serial interface?
Cisco HDLC
Command to set a serial interface to use HDLC
conf t
int s1/0
encapsulation hdlc
Command to verify if a serial interface is set up as a DTE or DCE
show controllers serial *int number*
Command to check encapsulation type on a serial interface
show interface serial *int number*
What types of WAN connections support asynchronous connections?
Serial line with PPP
How do the fields in a PPP header differ from that of HDLC?
They don’t.
What would lead to an up/down state on a serial interface?
- Encapsulation mismatch
- One side having keepalives disabled
- Authentication failure/mismatch
Command to have logging messages on the console connection only display at convenient times
line con 0
logging synchronous
Command to see the status of any ip addresses obtained by DHCP
show dhcp lease
Cisco’s SNMP manager
Cisco Prime
Syntax to initialize SNMP on a router
conf t
snmp-server community RO|RW [something missing here?]
Syntax to set snmp syslocation
snmp-server location
Syntax to set snmp contact
snmp-server contact
4 locations where syslog messages can be sent
- Logging buffer
- Console line
- Terminal lines
- Syslog server
What’s the lowest severity level of log messages?
debugging - level 7
List the 7 attributes that Netflow uses to associate packets
- Source IP
- Dest IP
- Source Port
- Dest Port
- L3 Protocol type
- TOS marking
- Input interface
Command to define a DHCP pool
conf t
ip dhcp pool *pool name*
What is the syntax to prevent certain IP’s from being used in a DHCP pool?
ip dhcp excluded-address *first* *last*
Command to point a router at a DNS server
ip name-server *DNS server*
Command to exclude IP’s from a DHCP pool
conf t
ip dhcp excluded-address *first* *last*
What is the port numbers and protocol for DHCP?
67, 68
UDP
What is the port number for SNMP?
161
Command to set a router to use an NTP server
conf t
ntp server *server* {version *version*}
2 commands to see how NTP is working on a router
show ntp status
show ntp associations
Syntax to instantiate a DHCP pool
ip dhcp pool *pool-name*
Syntax to set the lease time for a DHCP pool
lease *days* *hours* *min*
Syntax to set the default gateway for a DHCP pool
default-router *IP address*
Syntax to set the DNS server for a DHCP pool
dns-server *DNS IP*
2 versions of the syntax to set the subnet for a DHCP pool
network *subnet* *subnet mask*network *subnet* /*subnet length*
Syntax to set the domain name for a DHCP pool
domain-name *name*
What are the first 4 syslog level names, starting with level 0?
0 - Emergency
1 - Alert
2 - Critical
3 - Error
What are the last 4 syslog level names?
4 - Warning
5 - Notification
6 - Informational
7 - Debugging
What severity levels will be sent to the syslog server if “logging trap 4” is configured?
Levels 0 - 4
Emergency
Alert
Critical
Error
Warning
If “logging trap informational” is set, what numerical levels will be set to syslog?
0 - 6
What application may be used to manage licensing in a larger environment?
Cisco License Manager (CLM)
What does UDI stand for?
Unique Device Identifier
What 2 components make up a UDI?
- The Product ID
- The Serial Number
Command to see the UDI
show license udi
What does PAK stand for?
Product Authorization Key
What website is used to buy new licenses?
Cisco Product License Registration Portal
Command to install a license file
license install *url*
Command to show what licensing is enabled on a router
show license
What is a right to use license?
Basically a demo license, on the honor system
Command to enable a right to use license
license boot module c2900 technology-package *pkg name*
What organization hands out IP’s globally?
IANA
What is the distance for 1000BASE-LX or 1000BASE-SX on MM fiber?
550m
If there is no username set globally, what 2 things need to be configured on a VTY to allow a user to log in via telnet/SSH?
the ‘login’ line
the ‘password ‘ line
What is the administrative distance of ISIS and RIP?
ISIS = 115
RIP = 120
Command to start a suspended telnet session
resume
What are the first 3 exchanges in setting up a TCP connection?
Syn
Syn Ack
Ack
What pins are flipped on a crossover cable?
1 and 2 to 3 and 6
In the 4 layer TCP/IP model, what are the names of the layers?
Application
Transport
Internet
Link
In the 5 layer TCP/IP model, what are the names of the layers?
Application
Transport
Network
Data Link
Physical
What does the Application layer in the TCP model map to in the OSI model?
Application
Presentation
Session
What does the Transport layer in the TCP model map to in the OSI model?
Transport
What does the Internet or Network layer in the TCP model map to in the OSI model?
Network
What does the Link layer in the TCP model map to in the OSI model?
Data Link
Physical
In a frame relay environment, what equipment is considered the DCE?
The frame relay switch
A name for the keepalive messages between the frame switch and the router.
LMI
What does LMI stand for?
Local Management Interface
In FR, what is the access link?
The leased line between FR switch and router.
What 2 organizations are the primary sources for FR standards?
ITU
ANSI
What does ITU stand for?
International Telecommunications Union
What does ANSI stand for?
American National Standards Institute
What’s the most common type of LMI packet?
Status inquiry
What are 2 functions of the LMI Status Inquiry packet?
- Keepalive between DCE and DTE.
- Signal up/down status of VCs.
List the 3 LMI types
- Cisco
- Ansi
- ITU
If you don’t set the LMI type on a frame interface, what does it default to?
It will auto-sense the LMI type that the switch is using.
What are the standards for the ANSI and ITU LMI types?
ANSI - T1.617 Annex D
ITU - Q.933 Annex A
Syntax for configuring Cisco, ANSI, or ITU LMI types.
frame-relay lmi-type {cisco | ansi | 933a}
Syntax to change interface s1/0 to from HDLC to frame relay.
conf t
interface s1/0
encapsulation frame-relay
What options are available for the “encapsulation frame-relay” command?
cisco
ietf
Command to associate an interface or subinterface with a given DLCI.
frame-relay interface-dlci *dlci* [ietf]
What is default mechanism used by a frame-relay router to map a DLCI to an IP address?
Inverse ARP
If not using InARP, what is the syntax to map a DLCI to an IP address?
frame-relay map ip *IP* *DLCI* broadcast
Is a DLCI globally significant or locally significant?
Locally significant. The DLCI for a PVC connecting 2 sites is likely to be different at each end.
What are the 6 steps of configuring a frame-relay interface, in non-syntax form and including optionals?
- Configure the interface with frame-relay encapsulation.
- Configure interface or subinterface with an IP address.
- Set the LMI type.
- Change encapsulation from cisco to ietf.
- Set the DLCI to IP address map(s).
- Bind the subinterface to either a single DLCI or (in a multipoint environment), to multiple DLCIs.
What are the 2 items absolutely needed for a frame relay interface to pass traffic?
- The encapsulation must be set to frame-relay.
- An IP address must be configured.
Why do DLCIs not need to be explicitly defined in simple frame relay implementations?
Because the DLCIs should be learned from LMI messages.
How does a configuration differ if all VC’s require ietf encapsulation vs just 1 single VC requiring it?
When all VC’s need ietf encapsulation, it can be configured at the interface level.
When individual VCs need ietf encapsulation, it can be set via the frame-relay interface-dlci or frame-relay map commands.
At what level of configuration is the lmi-type always configured?
At the physical interface level.
How does one disable auto-sensing of the LMI type?
By statically configuring the LMI type.
What command is used to see frame relay errors?
show frame-relay pvc
What frame relay command is used to see if a dlci is dynamic or static, and what the value of the DLCI is?
show frame-relay map
What 2 commands can be used to see the LMI type?
show interface *interface*show frame-relay lmi
What is the interface status if there is an LMI mismatch?
The interface will be up/down.
What will the output of the “show frame-relay pvc” command be if there is an lmi mismatch?
It will be blank. The interface will be up/down, and there will be no signalling to create any dynamic pvc’s.
Command to create subinterface 15 on s1/1 connecting to 1 router.
conf t
int s1/1.15 point-to-point
Do routers negotiate trunking?
No, all trunking must be configured manually
If a router has multiple tagged subinterfaces on a physical interface connected to a switch, should the switch port be configured as trunk or access?
The switch port should be configured as a trunk
Configure a router interface (gi1/0) to use a subinterface in vlan 11 with the most common encapsulation, with an IP address of 10.22.33.1/24
conf t
interface gi1/0.11
encapsulation dot1q 11
ip address 10.22.33.1 255.255.255.0
Assuming a router has gi2/2.15 configured, change it so that vlan 15 is the native vlan
conf t
int gi2/2.15
encapsulation dot1q 15 native
In the below output, which line defines that vlan tagging that will be used?conf tinterface gi1/0.11encapsulation dot1q 11ip address 10.22.33.1 255.255.255.0
encapsulation dot1q 11
What alternative encapsulation can be used if dot1q is not an option?
isl
What are the 2 methods on a router for specifying untagged traffic?
- Put an IP address on the main interface.
- Put an IP address on a subinterface, and add the keyword “native” when specifying the encapsulation/vlanid.
Command on a router to show the native vlan.
show vlans [*vlanid*]
Command on a router to show all trunks and their encapsulation
show vlans
