Computer Networks and Internets Flashcards
Name the switch LEDs
SYST, RPS, STAT, DUPLX, SPEED and PoE
What is the 5 step boot sequence that a cisco switch runs through?
POST (self test)
Boot Loader
Low level CPU initialisation
Flash file system initialisation
IOS
What does the boot loader do?
Provide access to the switch if the OS cannot be used
What do you do to prepare a switch for remote management access?
It needs to be configured with an IP address and a subnet mask, and default gateway
What does full duplex communication do?
Increases bandwidth by allowing both ends of a connection to simultaneously receive and transmit data
What to do if the speed and duplex settings of a device are unknown or may be changed?
Use autonegotiation
What does auto-MDIX do?
It automatically detects the required cable type for the connection
What ports do Telnet and SSH use?
Telnet - 23
SSH - 22
What is the difference between Telnet and SSH?
Telnet uses plaintext transmission of data and authentication information, whereas SSH provides strong encryption for login authentication and data
What are the steps to configure ssh?
Verify SSH support, configure IP domain, generate RSA keys, configure use authentication, vty lines and SSH version 2
What is the IPv4 loopback interface?
It is a logical interface that is internal to a router that is useful for testing and debugging
What are the filter show command options?
include, exclude, begin, section
How many lines does command history capture?
10 lines
How are frames forwarded in a switching network?
The switch examines the destination address of the frame, looks for a matching port in its MAC table and sends it through
Compare a collision domain to a broadcast domain
Network segments that share the same bandwidth are called collision domains
A collection of interconnected switches form a broadcast domain
Switches extend broadcast domains but eliminate collision domains
Broadcast domains can be broken up by a router
What are the characteristics to alleviate network congestion?
High port density, fast port speeds, large frame buffer, fast internal switching
What are the two methods of switching?
Cut through switching - as soon as the frame is received. Can send error frames
Store-and-forward - after the entire frame is received, performs error checks to ensure valid frames are sent
Why are VLANs used in a switched network?
To allow logical broadcast domains within a network and easier management, higher security and better performance
What is a trunk?
A point to point link between switches that carries traffic for all VLANs
What is trunk negotiation managed by?
DTP or Dynamic Trunking Protocol
What are the types of VLANs?
Native, Management, Data, Default, Voice
What is inter-vlan routing?
The process of forwarding network traffic from one VLAN to another - legacy, router-on-a-stick and layer 3 switches using SVIs
How does router-on-a-stick VLAN routing work?
Subinterfaces are configured on the router interface for each VLAN, with an IP Address on a unique subnet
What are the steps to configure a switch with VLANs and Trunking?
create VLANs, create SVI VLAN interfaces, configure access ports and enable IP routing
What is a common problem of a redundant Layer 2 switched network?
The possibility of physical and logical layer 2 loops, resulting in MAC instability and high CPU utilization
What is an STP
A loop prevention protocol that allows redundancy while keeping a loop free topology
How does STP work?
STP uses STAlgorithm to find the root bridge, associated root ports and designated ports, and block alternative ports to create the shortest path in the switched network
How is the root bridge determined with multiple candidates?
Lowest sender BID, port priority and port id
What are the port states?
Blocking, listening, learning, forwarding, disabled
What is RSTP?
An evolution of STP that provides faster convergence, with port states learning, forwarding, discarding
What is PVST+
Cisco enhancement of STP that provides seperate spanning tree instances for each VLAN. Supports Portfast, root guard, bpdu guard etc
What does PortFast do?
The port transitions from blocking to forwarding bypassing the listening and learning states. This is used on access ports to access the network immediately
What is etherchannel
A link aggregation technology that allows redundant links that won’t be blocked by STP. Groups multiple links into one logical link
What does EtherChannel provide?
Load balancing, increased bandwidth, redundancy
What is the resulting interface called when an EtherChannel is created?
Port Channel
How can Etherchannels be formed, and what are the modes of the options?
PAgP - auto, on, desirable
LACP - on, active, passive
What are the rules for Etherchannel?
All interfaces must support EtherChannel
All interfaces must operate in the same duplex and speed
All interfaces must be assigned to the same VLAN or be a trunk
All interfaces allow the same VLANs
What does a DHCPv4 server do?
Dynamically leases an IP address to a client from a pool of addresses
Describe the DHCPv4 lease process
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
Describe the DHCP renewal process
DHCPREQUEST
DHCPACK
Describe the ICMPv6 RA messages
A flag – AddressAutoconfiguration flag. Use SLAAC to create an IPv6 GUA.
* O flag – Other Configuration flag. Get Other information from a stateless DHCPv6 server.
* M flag – This is the ManagedAddress Configuration flag. Use a stateful DHCPv6 server to obtain an IPv6 GUA.
What process is used to ensure the IPv6 GUA is unique
DAD or Duplicate Address Detection - sends neighbour solicitation messages
What ports do DHCPv6 messages use?
Client to server - UDP 547
Server to client - UDP 546
What does stateless DHCPv6 inform?
To use the RA message for addressing but the server for other information
What does stateful DHCPv6 inform?
To obtain all information from the server, but the default gateway from the RA message
How can a cisco IOS router be configured to provide DHCPv6 services?
server, client or relay agent
What is the purpose of FHRP or First Hop Redundancy Protocol?
FHRP allows alternate default gateways in networks where two or more routers are connected to the same VLAN
Describe a way to prevent single points of failure
Implement a virtual router, where multiple routers work together to function as one
What happens in FHRP when an active router fails?
The standby router stops seeing hello messages, assumes the role of the forwarding router
What is HSRP and how does it work
Cisco proprietary FHRP that selects active and standby devices. The router with the highest HSRP priority becomes the active router
What attacks are endpoints vulnerable to and what do they use as security?
DDoS, malware, and used antivirus and firewalls. They are best protected by NAC, AMP, Email security appliance and web security appliance
What controls access to a network?
AAA authentication, authorisation and accounting
What is the IEEE 802.1X
Port based access control and authorisation protocol
Name the layer 2 security solutions
Port security, dhcp snooping, DAI and IPSG
What do MAC Address flooding attacks do?
bombard the switch with fake source MAC addresses until the switch MAC address table is full.
What does a VLAN hopping attack do?
Enables traffic from one VLAN to be seen by another
What does a VLAN double tagging attack do?
Allows traffic to have multiple tags directing it to different VLANs, unidirectional.
How can VLAN tagging and hopping be prevented?
Disable trunking on all access ports
Disable auto trunking on trunk links
Only use native vlan for trunk links
Disable DTP negotiations, unused ports
What are the two DHCP attacks and how are they prevented?
DHCP starvation and spoofing - can be prevented with DHCP snooping
What is ARP attack and how is it mitigated?
A fake MAC is sent to the switch, which accordingly updates its MAC table, then unsolicited ARP replies are sent to hosts on the network.
It is mitigated by implementing DAI
What is an Address spoofing attack and how is it mitigated?
A hacker hijacks an IP or MAC address. Can be mitigated by implementing IPSG
What is an STP attack and how is it mitigated?
Threat actor acts as a fake root bridge and intercepts all traffic. This is mitigated with BPDU Guard
What does DHCP Snooping do?
It determines if DHCP messages are from a legitimate source
What does DAI do?
Dynamic ARP Inspection requires DHCP snooping and verifies ARP traffic
What are the four types of Wireless Lan?
WPAN, WLAN, WMAN and WWAN
What bands do WLAN networks operate in?
2.4 and 5 GHz
What is CAPWAP?
IEEE standard protocol that enables a WLC to control multiple APs and WLANs
Which standards operate in the 2.4 to 2.5 GHz spectrum?
b/g/n
What are the two security features available on routers and APs?
SSID cloaking and MAC address filtering
What are the four key authentication techniques
WPA, WEP, WPA2, WPA 3
How does a router convert private IPv4 addresses to internet routable addresses?
Network Address Translation
What does network QoS do?
Prioritises voice and video traffic types
How do routers learn about a network?
Static routes and Dynamic routing protocols
What are the ways a router can deal with a packet?
It can forward it on a directly connected network, to a next hop router, or it can drop it
What are the three packet forwarding mechanisms?
process switching, fast switching, and CEF
What is the difference between static and dynamic routing
Static routes are manually configured and define an explicit path between two networking devices.
Dynamic routing protocols can discover a network, maintain routing tables, select a best path, and automatically discover a new best path if the topology changes.
What does the default route do?
It specifies the next hop router to use when the routing table does not have a specific route
What does Cisco use to determine the route in an IP routing table?
AD or Administrative Distance. The lower the AD, the more trustworthy the route
What is an IGP
Routing protocol that exchanges information within a routing domain administered by a single organisation
What is an EGP
EGP or BGP is a routing protocol that exchanges information between different organisations, and can route packages over the internet
How is the best path selected by a routing protocol?
By the lowest metric of the route
What are the types of static routes?
standard, default, floating, summary
How can the next hop be identified with a static route?
By the IP address, exit interface or both - types: next hop, directly connected and fully specified
What is a default route
A static route that matches all packages
What are floating static routes?
Static routes designed to provide a backup for default or static routes, set to a higher administrative distance of 1
How does a router process packets when a static route is configured?
When a packet arrives on a router interface, it is decapsulated. If the destination IP matches a static route entry, the next hop is identified and forwarded to. If not, the router uses the default static route or drops the packet.
