ICND2

Question 1

What are the four major categories of PPP features?

Answer 1

Compression, Callback, Multilink, and Authentication

Question 2

IOS Command: Enable PPP

Answer 2

interface config: encapsulation ppp

Question 3

How is the STP root elected?

Answer 3

Lowest Bridge ID becomes root.

Question 4

What is the STP Bridge IP?

Answer 4

Configured bridge priority prepended to MAC address.

Question 5

How does a switch determine its STP root port? Place in order.

Answer 5

1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number

Question 6

List the common STP costs for Ethernet up to TenGigabitEthernet

Answer 6

10Mbps 100
100Mbps 19
1Gbps 4
10Gbps 2

Question 7

How is the designated bridge determined on each segment?

Answer 7

The same as STP root port:
1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number

Question 8

What does a designated port do in STP?

Answer 8

It connects a non-root segment from the switches perspective.

Question 9

What type of STP port connects to a designated port?

Answer 9

A non-designated blocking port or a root port.

Question 10

List STP states in order

Answer 10

listening
learning
forwarding, blocking, disabled

Question 11

Commands to set bridge priority

Answer 11

spanning-tree vlan vlan-id priority n
spanning-tree vlan vlan-id root primary
(secondary)

Question 12

Single command to enable portfast and bpduguard

Answer 12

spanning-tree portfast edge bpduguard default

Question 13

Cisco’s PVST and Rapid PVST require one to set bridge priority in increments of …

Answer 13

4096

Question 14

What two components are unified when using Cisco Stackwise

Answer 14

Backplane and Administration

Question 15

When a master switch is chosen what happens to the other switches in a Stackwise configuration.

Answer 15

The other switches reboot and adopt the master’s configuration.

Question 16

What are the rules for electing a stack master

Answer 16

1) The current stack master remains the stack master
2) The switch with the highest member priority value
3) The switch with the non-default interface-level configuration
4) The switch with the higher hardware/software priority. (cryptography and ip services first)
5) The switch with the longest uptime
6) The switch with the lowest MAC address

Question 17

What is another name for 802.1x

Answer 17

EAP (Extensible Authentication Protocol)

Question 18

What standards are used to authenticate EAP.

Answer 18

Radius or TACACs

EAP = 802.1x

Question 19

How does DHCP stop rogue DHCP servers?

Answer 19

By setting ports connected to valid DHCP servers as “trusted.” Untrusted ports receiving DHCP responses disable themselves.

Question 20

Which VLAN should not be used as per Cisco best practices?

Answer 20

VLAN 1

Question 21

Etherchannel obtains optimal load balancing over what number of links?

Answer 21

Powers of 2

2,4,8

Question 22

Why does Cisco recommend against hardcoding etherchannel and not using PAGP or LACP?

Answer 22

Without PAGP or LACP if one side of the etherchannel is misconfigured it could cause a spanning-tree loop.

Question 23

What are the PAgP commands?

Answer 23

channel-group n mode desirable

channel-group n mode auto

Question 24

What are the LACP commands?

Answer 24

channel-group n mode active

channel-group n mode passive

Question 25

Steps for Etherchannel configuration

Answer 25

(first shut down interfaces)

1) Base interfaces must have identical configuration
2) Use the channel-group command to create etherchannel
3) All configuration done on virtual port-channel interface after bundling

4) Summary - ‘show etherchannel summary’

Question 26

What are the default spanning-tree costs Ethernet through TenGig

Answer 26

Fa - 19
1G - 4
2G - 3
10G - 1

Question 27

What commands bundles interfaces and creates a virtual port-channel interface

Answer 27

channel-group n mode x

Question 28

What are the basic config registers

Answer 28

0x2100 - ROMMON
0x2101 - RXBoot
0x2102 - Normal Boot
0x2142 - Ignore NVRAM

Question 29

What command will show the configuration register?

Answer 29

show version

Question 30

List four things that can be done from ROMMON

Answer 30

Modify configuration register
Set temporary IP address
Initiate TFTP transfer of Cisco IOS
Initiate x/ymodem upload over the console cable of Cisco IOS

Question 31

Where are ‘boot system’ commands found?

Answer 31

Global Configuration

Question 32

Where does an IOS router look for the image to load in order

Answer 32

1) “boot system” commands
2) Look for first IOS image in flash
3) Broadcast for a TFTP server

Question 33

Set configuration register in ROMMON

Answer 33

confreg 0x2102

Question 34

Download IOS from TFTP in ROMMON

Answer 34

set (show ip information)
IP_ADDRESS=
IP_SUBNET_MASK=
DEFAULT_GATEWAY=
TFTP_SERVER=
TFTP_FILE=
tftpdnld

Question 35

List steps to obtain and install a license on an IOS 15 device

Answer 35

1 - Purchase license and receive PAK key
2 - Get license file from CLM or www.cisco.com/go/license using UDI
3 - Use the CLI to install the .lic file

Question 36

How do you find the UDI and what is it a combination of

Answer 36

show license udi

It is a combination of the product id (PID) and SN. (ex: CISCO2911/K9FTX1524PIRE

Question 37

Command to show licenses

Answer 37

show license all

show license detail

Question 38

Command to show features enabled on device

Answer 38

show license feature

Question 39

Install license

Answer 39

license install flash0:licensefile.lic

Question 40

Backup license

Answer 40

license save flash:filename

Question 41

Unistall a license

Answer 41

license boot module x x x disable
do reload
license clear x
conf t
no license boot module x x x disable
do reload

Question 42

What are the administrative distances of the major routing protocols?

Answer 42

Directly connected: 0
Static: 1
EIGRP Summary 5
EBGP 20
EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
ODR 160
EX EIGRP 170
iBGP 200
NHRP 250
Floating Static (ex. DHCP-learned) 254
Unknown 255

Question 43

When selecting a route what does the router consider in order

Answer 43

1. Next Hop Reachability
2. Route Specificity
3. Administrative Distance
4. Metric

Question 44

List 3 major distance vector routing protocols

Answer 44

RIP, EIGRP. BGP

Question 45

List 2 major link state protocols

Answer 45

OSPF, IS-IS

Question 46

List 3 major differences between distance vector and link state routing protocols

Answer 46

DV

• only knows what the neighbor tells it
• memory / processor efficient
• loop prevention mechanisms needed

LS

• maintains a map of the network system
• resource consuming
• maintains loop free by nature

Question 47

List distance vector loop prevention methods

Answer 47

1) maximum metric
2) route poisoning
3) triggered updates
4) split horizon
5) hold down timers

6) AS_PATH attribute

Question 48

Why did Cisco create EIGRP when OSPF already existed.

Answer 48

EIGRP is simpler to implement than OSPF

Question 49

What is the SPF algorithm

Answer 49

Finds the best path to each destination

Question 50

OSPF area 0 is the _____

Answer 50

backbone

Question 51

What is the primary reason for using multiple areas in OSPF?

Answer 51

to summarize routes

Question 52

What OSPF router type brings an Internet connection into the system

Answer 52

ASBR

Question 53

Does OSPF use TCP or UDP for routing updates?

Answer 53

Trick question: It uses the OSPF protocol number 89

Question 54

OSPF vs. EIGRP

Answer 54

OSPF is hierarchical EIGRP is not

OSPF has a route database with the entire network
EIGRP keeps only successors and feasible successors

OSPF is link state EIGRP is distance vector

Question 55

How does a Cisco router pick a router-id if one is not configured statically?

Answer 55

Highest active interface IP - loopbacks preferred over others

Question 56

OSPF default hello and dead timers

Answer 56

10 and 40

Question 57

List four things that must match in an OSPF hello packet

Answer 57

1) Hello / Dead Timer
2) Subnet Mask
3) Area ID
4) Authentication password

Question 58

What is the role of the master router?

Answer 58

It is the first to send a DBD packet

Question 59

What are the default OSPF hello times on NBMA links?

Answer 59

hello 30, dead 120

Question 60

How does OSPF determine the master router?

Answer 60

higher router-id

Question 61

Describe OSPF Loading process

Answer 61

Each router examines the DBDs from ExStart. For any entry the router doesn’t know about it sends a link-state request (LSR) and a link-state update (LSU) is returned.

Note LSU is a collection of LSAs. LSACK acknowledges these updates.

Question 62

List OSPF states when

Answer 62

Init: Hello packet received
Two-way: own router ID found in hello packet
Exstart: Master and slave determned
Exchange: DBD packets exchanged
Loading: LSRs and LSUs for required LSAs.
Full: OSPF routers are now neighbors

Question 63

Multicast group for OSPF all routers and OSPF DR

Answer 63

224. 0.0.5 (all routers)

224. 0.0.6 (all OSPF designated routers)

Question 64

What does an OSPF priority of 0 mean?

Answer 64

A router with priority 0 will never be elected as DR or BDR. (NBMA spokes, for example, might need this)

Question 65

What determines the DR/BDR in an OSPF election

Answer 65

Highest priority and in a tie highest RID

Question 66

What does the BDR do?

Answer 66

It acts maintains a full relationship with all neighbors but does not send LSAs and just waits for the DR to die.

Question 67

Command to adjust hello timer on OSPF

Answer 67

interface mode:

ip ospf hello-interval n

Question 68

Command to adjust OSPF metric so it works better with larger links

Answer 68

router mode:
auto-cost reference bandwidth 10000
(10G links = 1)

Question 69

Command to change ospf cost on an interface

Answer 69

ip ospf cost n

Question 70

By default what is the slowest speed at OSPF cost 1

Answer 70

100 meg

Question 71

Configure OSPF to advertise a default route even if there isn’t a default route in the table

Answer 71

default-information originate always

Question 72

Command to view all routes learned by OSPF

Answer 72

show ip/ipv6 ospf database

Question 73

Command to view all successors and feasible successors learned by EIGRP

Answer 73

show ip/ipv6 eigrp topology

Question 74

List main bullets of NIST cloud computing definition

Answer 74

On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service

Question 75

What is one way to connect between multiple cloud service providers

Answer 75

An intercloud exchange

Question 76

What is a VNF?

Answer 76

Virtual Network Function - virtual version of network device

Question 77

What does MEC stand for

Answer 77

Multichassis EtherChannel

Question 78

Access Switches have Stackwise. Core/Distribution switches have?

Answer 78

Chassis Aggregation

Question 79

What is a MIB

Answer 79

Management Information Base

Question 80

What is contained in a MIB

Answer 80

Object Identifiers (OID)

Question 81

What is a major drawback to an SNMP trap and what does SNMPv3 implement to resolve that?

Answer 81

An snmp trap has no acknowledgement. SNMPv3 introduces the inform message which has an ack.

Question 82

What are the 3 SNMPv3 security modes

Answer 82

noAuthNoPriv clear-text username authentication
authNoPriv: MD5 or SHA authentication but no encryption
authPriv: MD5 or SHA authentication and encryption

Question 83

Configure server 192.168.12.2 for SNMPv2c read only access community name ICND2 and enable traps

Answer 83

snmp-server community ICND2 ro
snmp-server location Omaha
snmp-server contact kevin.joyce@outlook.com
snmp-server host x.x.x.x version 2c ICND2
snmp-server enable traps (pick traps)

Question 84

What is route poisoning

Answer 84

When a network goes down a DV protocol will send a triggered update which is a network with an infinite metric.

Question 85

What is poison reverse?

Answer 85

When a poisoned route is learned a poisoned route is sent back to the same router with the same infinite metric.

Question 86

What is split horizon?

Answer 86

A router never advertises a route through the interface it learns it from. (unless it is reverse poisoning a route.)

Question 87

What is the command to view the EIGRP neighbor table and what information is contained in it?

Answer 87

show ip eigrp neighbors

Lists all directly connected neighbors

• H (Handle) - first neighbor gets 0 - next one 1 - gaps get filled
• Next Hop IP
• Interface
• Hold Time
• Uptime
• SRTT (Smooth round trip time)
• RTO (retransmission timeout)
• Q Count
• Seq Number

Question 88

What is the command to view the EIGRP topology table and what information is contained in it.

Answer 88

• Successors and Feasible Successors
• Metric (FD)
• Route State (Passive, Active, Update, Query, Reply)

Question 89

In EIGRP what are the requirements for a route to be a feasible successor

Answer 89

1) It must not be a successor
2) The advertised distance must be less than the feasible distance of the successor
3)

Nice plain english: A router can become a backup path if he is closer to the destination than your best path.

Question 90

What command is used for unequal cost load balancing in EIGRP links. What type of routes can be used for load balancing?

Answer 90

variance n where n is the multiplier
Feasible successors can be used.

Example with variance 3 and FD of 100 on the successor a feasible successor with a FD of 300 will join the pool and will take 1/4 the traffic.

Question 91

What protocol does EIGRP use for reliable messages?

Answer 91

RTP (Reliable Transport Protocol)

Question 92

List EIGRP packet types and whether or not they need acks

Answer 92

Hello - Unreliable
Update - Reliable
Query - Reliable
Reply - Reliable
Ack - ack doesn't get acked

Update packets send new routing information. Reply packets send routing information in response to query packets.

Question 93

Describe EIGRP Adjancency process

Answer 93

1) R1 sends hello
2) R2 sends Update
3) R2 sends hello (on its own timer - not in response to update)
4) R1 sends ack for update packet
5) R1 sends update
6) R2 sends ack back

Question 94

How could you run EIGRP over a network that does not support multicast?

Answer 94

router mode:

neighbor x.x.x.x interface

Question 95

List EIGRP K values

Answer 95

Bandwidth (K1)
Load (K2)
Delay (K3)
Reliability (K4)
MTU (K5)

Question 96

What is the EIGRP metric formula for default K values K1 and K3

Answer 96

(10^7 / minimum bandwdith + (sum of delays)) * 256

Question 97

Command to set EIGRP to use delay only in metric calculation

Answer 97

router mode:
metric weights 0 0 0 1 0 0

(First 0 is TOS which must be 0 - then K1, K2, etc.)

Question 98

Command to summarize subnets within 172.16.0.0/23

Answer 98

interface mode:

ip summary-address eigrp as 172.16.0.0 255.255.254.0

Question 99

What is a dis-contiguous network?

Answer 99

When a classful network has another classful network on a segment between 2 or more of its subnets.

So, for example, might be equal cost routing to 1.0.0.0/8 going to seperate ways to two seperate subnets - if auto-summary is in place.

Question 100

For unequal cost load balancing what command shows the traffic share count?

Answer 100

show ip route x.x.x.x

Question 101

What does SIA Query do?

Answer 101

SIA Query is sent half way through the SIA timer - to give the neighbor router a chance to return a SIA reply which keeps EIGRP from dropping the neighbor adjacency and losing the other routes.

Question 102

List items that cause problems with EIGRP adjacencies

Answer 102

Uncommon subnet
K value mismatch
AS mismatch
Layer 2 issues
Access-list issues
NBMA (not sending broadcasts)

Question 103

What is the EIGRP multicast address?

Answer 103

224.0.0.10

Question 104

What is a path vector routing protocol

Answer 104

BGP is the only example - it records the AS path

Question 105

Describe the ways BGP can be homed

Answer 105

Single homed: you are connected to a single ISP using a single link.
Dual homed: you are connected to a single ISP using dual links.
Single multi-homed: you are connected to two ISPs using single links.
Dual multi-homed: you are connected to two ISPs using dual links.

Question 106

command to add password to bgp neighbor

Answer 106

neighbor x.x.x.x password MYPASS

Question 107

What is BGP synchronization

Answer 107

This is for transit networks. BGP won’t advertise a network learned from another AS unless it sees the network in the IGP as well. This way traffic doesn’t transit your AS until the IGP is up to date. For a stub AS one can disable synchronization with no synchronization command in router mode.

Question 108

Configure iBGP peers to loopbacks

Answer 108

router bgp 2
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 next-hop-self

Question 109

When is next-hop-self configuration is needed in BGP

Answer 109

For iBGP peers - so that they advertise their own next hop instead of the IP of the EBGP peer that advertised the router.

Question 110

What is BGP split horizon?

Answer 110

iBGP does not advertise prefixes learned from another iBGP peer

Question 111

What methods make multi-hop iBGP networks work without BGP split horizon breaking it?

Answer 111

BGP Route Reflectors

BGP Confederations

Question 112

What does * and > mean in ‘show ip bgp’

Answer 112

* = valid router and BGP can use it
> = the entry has been selected as the best path

Question 113

What does a next hop of 0.0.0.0 mean in BGP?

Answer 113

It means the network originates on the local router.

Question 114

What are the 2 BGP origin codes in use

Answer 114

i - originated using the ‘network’ command or equivalent.

? - Redistributed into BGP

Question 115

List other BGP status codes beyond valid(*) and best (>)

Answer 115

s - supressed: BGP knows the network but won’t advertise it, this can occur when the network is part of a summary.
d - damped: BGP doesn’t advertise this network because it was flapping too often (network appears, disapears, appears, etc.) so it got a penalty.
h- history: BGP learned this network but doesn’t have a valid route at the moment.
r - RIB-failure: BGP learned this network but didn’t install it in the routing table. This occurs when another routing protocol with a lower administrative distance also learned it.
S - stale: this is used for non-stop forwarding, this entry has to be refreshed when the remote BGP neighbor has returned.

Question 116

Which BGP states can lead to active state and why?

Answer 116

Connect and OpenSent - Connect because 3-way handshake fails and OpenSent because something is wrong with the open message (ie wrong AS number)

Question 117

If BGP hold timers don’t match what happens?

Answer 117

The lower timer is used

Question 118

List the BGP states in order (excluding active)

Answer 118

Idle
Connect
OpenSent
OpenConfirm
Established

Question 119

Describe the BGP OpenConfirm state

Answer 119

BGP waits for a keepalive message from the remote BGP neighbor. When we receive the keepalive, we can move to the established state and the neighbor adjacency will be completed. When this occurs, it will reset the hold timer. If we receive a notification message from the remote BGP neighbor then we fall back to the Idle state. BGP will keep sending keepalive messages.

Question 120

Describe the BGP established state

Answer 120

The BGP neighbor adjacency is complete and the BGP routers will send update packets to exchange routing information. Every time we receive a keepalive or update message, the hold timer will be resetted. In case we receive a notification message we will jump back to the Idle state.

Question 121

Describe the BGP Idle state

Answer 121

This is the first state where BGP waits for a “start event”. The start event occurs when someone configures a new BGP neighbor or when we reset an established BGP peering. After the start event, BGP will initialize some resources, resets a ConnectRetry timer and initiates a TCP connection to the remote BGP neighbor. It will also start listening for a connection in case the remote BGP neighbor tries to establish a connection. When successful, BGP moves to the Connect state. When it fails, it will remain in the Idle state.

Question 122

Describe the BGP Connect state

Answer 122

BGP is waiting for the TCP three-way handshake to complete. When it is successful, it will continue to the OpenSent state. In case it fails, we continue to the Active state. If the ConnectRetry timer expires then we will remain in this state. The ConnectRetry timer will be reset and BGP will try a new TCP three-way handshake. If anything else happens (for example resetting BGP) then we move back to the Idle state.

Question 123

Describe the BGP Active state

Answer 123

BGP will try another TCP three-way handshake to establish a connection with the remote BGP neighbor. If it is successful, it will move to the OpenSent state. If the ConnectRetry timer expires then we move back to the Connect state. BGP will also keep listening for incoming connections in case the remote BGP neighbor tries to establish a connection. Other events can cause the router to go back to the Idle state (resetting BGP for example).

Question 124

Describe the BGP OpenSent state

Answer 124

In this state BGP will be waiting for an Open message from the remote BGP neighbor. The Open message will be checked for errors, if something is wrong (incorrect version numbers, wrong AS number, etc.) then BGP will respond with a Notification message and jumps back to the Idle state. This is also the moment where BGP decides whether we use EBGP or IBGP (since we check the AS number). If everything is OK then BGP starts sending keepalive messages and resets its keepalive timer. At this moment, the hold time is negotiated (lowest value is picked) between the two BGP routers. In case the TCP session fails, BGP will jump back to the Active state. When any other errors occur (expiration of hold timer), BGP will send a notification message with the error code and jumps back to the Idle state. In case someone resets the BGP process, we also jump back to the Idle state.

Question 125

What four messages does BGP use?

Answer 125

Open
Update
Keepalive
Notification

Question 126

What is contained in a BGP Open message

Answer 126

Version (4)
My AS
Hold TIme
BGP Identifier (same rules as OSPF and EIGRProuter-id)
Optional Parameters - MP-BGP, Route Refresh, 4-octet AS numbers

Question 127

configure a time range from 09:00 to 17:00 weekdays

Answer 127

time-range WORK_HOURS

periodic weekdays 09:00 to 17:00

Question 128

Apply the time range WORK_HOURS to an extended ACL statement

Answer 128

101 deny tcp any host 192.168.23.3 eq 80 time-range WORK_HOURS

Question 129

What is the only traffic allowed on an 802.1X port prior to authentication

Answer 129

EAPoL (Extensible Authentication Protocol over LAN)

Question 130

What are the two layer 2 control protocols used in PPP and what do they do

Answer 130

LCP - Link control protocol - setting up link and authentication
NCP - Enables the sending of multiple protocols like IP, IPv6, CDP (IPX and AppleTalk)

Question 131

What are the two PPP authentication options and what is the difference

Answer 131

PAP (Password Authentication Protocol): Plaintext!

CHAP (Challenge Authentication Protocol) - instead of plaintext password a hash of the password is sent

Question 132

Configure CHAP

Answer 132

R1(config)# username R2 password MYSECRET
R2(config)# username R1 password MYSECRET
R1(config)#interface serial 0/0
R1(config-if)#ppp authentication chap
R2(config)#interface serial 0/0
R2(config-if)#ppp authentication chap

Question 133

Does PPP CHAP have to be configured on both links?

Answer 133

No

Question 134

Should one use a secret to increase CHAP security?

Answer 134

No! PPP can’t hash a password that is already hashed.

Question 135

Configure PPPoE on client side

Answer 135

Client(config)#interface dialer 1
Client(config-if)#mtu 1492
Client(config-if)#encapsulation ppp
Client(config-if)#ip address negotiated
Client(config-if)#ppp chap hostname CUSTOMER
Client(config-if)#ppp chap password CISCO
Client(config-if)#dialer pool 1

Client(config)#interface GigabitEthernet 0/1
Client(config-if)#pppoe-client dial-pool-number 1

Question 136

Configure PPP Multilink

Answer 136

R1(config)#interface multilink 1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface multilink 1
R2(config-if)#ip address 192.168.12.2 255.255.255.0

R1(config)#interface Serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1

R1(config)#interface Serial 0/1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1

Question 137

What command verifies ppp multilink operation

Answer 137

show ppp multilink

Question 138

What is recursive routing when it comes to tunnels?

Answer 138

When the destination IP for the tunnel interface is learned through the tunnel itself.

Question 139

What can one do to prevent recursive routing through a tunnel?

Answer 139

Don’t advertise the destination IP on the tunnel interface - or use route filtering
Make sure the AD of the destination IP through the tunnel is higher than
Instead of AD make sure the metric is worse.

Question 140

What does DMVPN use to know the public IP of multipoint tunnel neighbors?

Answer 140

NHRP - Next Hop Resolution Protocol

Question 141

Describe NHRP

Answer 141

One router will be the NHRP server.
All other routers will be NHRP clients.
NHRP clients register themselves with the NHRP server and report their public IP address.
The NHRP server keeps track of all public IP addresses in its cache.
When one router wants to tunnel something to another router, it will request the NHRP server for the public IP address of the other router.

Question 142

Summarize the three DMVPN phases

Answer 142

Note - phases are configuration options - the DMVPN solution does not progress through them.

Phase 1 - Spokes register with the hub. All traffic flows through the hub on point-to-point gre tunnels. Hub has multipoint GRE interface.

Phase 2 - All spoke routers run multipoint GRE so direct spoke-to-spoke tunneling is possible. When a spoke wants to reach another spoke it uses NHRP to find the tunnel IP. It must have the route and next-hop IP of the spoke tunnel ip to work.

Phase 3 - Specific routes are not needed by spokes for spoke-to-spoke connectivity. Routing will be set up as phase 1 but when a packet bound for another spoke reaches the hub it will send a NHRP redirect to both spokes. Both spokes resolve the public IP with NHRP and install a new routing entry so they can reach each other locally.

Question 143

What is an EVC and VPWS

Answer 143

Also called E-Line (Ethernet Line Service)
Ethernet Virtual Circuit - point-to-point virtual ethernet link
VPWS is Virtual Private Wire Service which specifically refers to labeling the frame for MPLS transit

Question 144

What is VPLS

Answer 144

Virtual Private Lan Service - E-LAN (Ethernet LAN Service)

Question 145

What is E-Tree

Answer 145

Ethernet Tree Service

Traditional Frame Relay topology on Ethernet.. (Hub and spoke)

Question 146

List four features provided by VPN

Answer 146

Confidentiality
Authentication
Integrity (verifying packet wasn’t changed)
Anti-replay

Question 147

List 4 commond VPN protocols

Answer 147

IPSec
PPTP
L2TP
SSLVPN

Question 148

What is PPTP

Answer 148

Point-to-point tunneling protocol
GRE tunnel with PPP and encryption done with MPPE

This has been proven insecure

Question 149

What is L2TP

Answer 149

Layer Two Tunneling Protocol
As an extension of PPTP can tunnel layer two traffic. For secure VPN it can be combined with IPSEC This combination is often referred to as L2TP/IPSec

Question 150

List 4 types of delay found in a network

Answer 150

Processing
Queuing
Serialization
Propagation (ie speed of light through fiber)

Question 151

List application and traffic types relevant to QOS - with examples

Answer 151

Batch Application - FTP
Interactive Application - SSH
Voice and Video Application - VOIP

Question 152

List the basic QOS Tools with short descriptions

Answer 152

Classification and marking: if we want to give certain packets a different treatment, we have to identify and mark them.
Queuing – Congestion Management: instead of having one big queue where packets are treated with FIFO, we can create multiple queues with different priorities.
Shaping and Policing: these two tools are used to rate-limit your traffic.
Congestion Avoidance: there are some tools we can use to manage packet loss and to reduce congestion.

Question 153

The first 6 bits of the DS field are used to set a ______ that will affect the ______ at each node. The codepoint is also what we call the ______ value.

Answer 153

codepoint, PHB (Per Hob Behavior), DSCP value.

Question 154

What is the name for using reservations to enforce end-to-end QoS?

Answer 154

IntServ (Integrated Services)

Question 155

What is it called when no reservations are made and each device has its own QOS prioritization?

Answer 155

DiffServ

Question 156

What is the default PHB DSCP value? How are packets treated by default?

Answer 156

00000000

Packets are ‘best effort.’

Question 157

What are the class-selector codepoints?

Answer 157

IP Precedence bits are the first 3 DSCP bits.  CS0=000 CS7=111
Default/CS0 - Routine
CS1 - Priority
CS2 - Immediate
CS3 - Flash
CS4 - Flash Override
CS5 - Critical
CS6 - Internetwork Control
CS7 - Network Control

Question 158

What were the value of the TOS bytes

Answer 158

1000	minimize delay
0100	maximize throughput
0010	maximize reliability
0001	minimize monetary cost
0000	normal service

Question 159

What are 2 function of Assured Forwarding PHB?

Answer 159

Queueing and Congestion Avoidance

Question 160

What bits of the DS field are used in Assured Forwarding

Answer 160

First 3 - Class (up to 4 binary 100)
bits 4 & 5 - drop probability - 01, 10, 11 - low, medium high
bit 6 remains 0

Question 161

What two functions does expedited forwarding PHB have?

Answer 161

1. Queuing

2. Policing

Question 162

What is NBAR

Answer 162

Network Based Application Recognition

Question 163

List the DSCP codepoints

Answer 163

af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)

Question 164

What DS bits for EF?

Answer 164

101110

Question 165

What are typical Precedence or DSCP values for voice and call signaling?

Answer 165

Precedence 5 (Critical) or DSCP EF
Precedence 3 (Flash) or DSCP AF31

They are all arbitrary of course..

Question 166

In policing if the number of bytes in a packet exceed the number of tokens in the bucket what does the router do with the tokens? What does it do with the packet?

Answer 166

The tokens are left in the bucket and the action on the packet is set by the policer. ie single-rate 2 color it is marked as exceeded and dropped.

Question 167

Describe dual rate 3 color policing

Answer 167

When the number of bytes in the packet are less or equal than the number of tokens in the Bc bucket the packet is conforming. The policer takes the required tokens from the Bc bucket and performs the action. The policer also takes the same amount of tokens from the PIR bucket!
If the packet does not conform and the number of bytes of the packet is less than or equal to the number of tokens in the PIR bucket, the packet is exceeding.The policer will remove the required tokens from the PIR bucket and takes the configured action for exceeding packets.
When the packet is not conforming or exceeding, it is violating. The policer doesn’t take any tokens and performs the action for violating packets.

Question 168

What are the two rates in dual rate policing

Answer 168

CIR = Committed Information Rate
PIR = Peak Information Rate

Question 169

In policing what are the three colors?

Answer 169

Conforming
Exceeding
Violating

Question 170

When qos is enabled on a switch with ‘mls qos’ what is the default behavior on DSCP fields

Answer 170

They are erased! (after the value of the field is checked)

no mls qos rewrite ip dscp prevents this

Question 171

What is a trust boundary for qos on a switch?

Answer 171

Markings made by devices inside the boundary are kept and used. Outside the boundary are ignored and overwritten.

Question 172

What benefits do come with HSRPv2

Answer 172

4096 groups vs. 256
msec timers for v2
New multicast group 224.0.0.102 instead of ‘all routers’

Question 173

Configure HSRP with a hello timer of 100ms and hold of 300ms - preempt with a delay of 60 seconds and md5 authentication. The primary should track the ping results of 192.168.23.3.

Answer 173

interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 standby version 2
 standby 1 ip 192.168.1.254
 standby 1 timers msec 100 msec 300
 standby 1 preempt delay minimum 60
 standby 1 authentication md5 key-string MY_SECRET_KEY

interface Vlan1
 ip address 192.168.1.2 255.255.255.0
 standby version 2
 standby 1 ip 192.168.1.254
 standby 1 timers msec 100 msec 300
 standby 1 priority 150
 standby 1 preempt delay minimum 60
 standby 1 authentication md5 key-string MY_SECRET_KEY
 standby 1 track 1 decrement 60

ip sla 1
icmp-echo 192.168.23.3
frequency 10
ip sla schedule 1 life forever start-time now

Question 174

List the five HSRP states

Answer 174

Initial
Listen
Speak
Standby
Active

Question 175

Which HSRP device will be active?

Answer 175

First the one with the highest configured priority

Second the one with the highest IP address

Question 176

What is the default HSRP hold time?

Answer 176

10 seconds

Question 177

Configure HSRP interface tracking

Answer 177

global: track 1 interface GigabitEthernet 0/2 line-protocol
if: standby 1 track 1 decrement 60

Or if: standby 1 track GigabitEthernet 0/2 60
(no decrement keyword for second option)

Question 178

List the major IPv6 address types

Answer 178

Global Unicast - 2000::/3
Unique Local - FD00::/8 (FC00::/7 with FC00::/8 undefined)
Link Local - FE80::/10
Multicast -FF00::/8
Unspecified - ::/128
Loopback - ::1

Question 179

EUI-64 has what in the middle of the host portion of the address? Which bit is flipped?

Answer 179

FFFE,

The 7th

Question 180

How is a solicited-node multicast address built

Answer 180

FF02::1:FF + Last 6 hex chars of unicast address

Question 181

What are the major IPv6 multicast addresses

Answer 181

ff02: :1 - all nodes
ff02: :2 - all routers

Question 182

What is a Neighbor Solicitation Message

Answer 182

IPv6 ARP request - sent to solicited node multicast address and includes the layer 2 address of the sending host

Question 183

What is sent in reply to a neighbor solicitation?

Answer 183

A neighbor advertisement message - includes layer 2 address of sending host and sent to layer 2 address of soliciting host.

Question 184

Configure a neighbor to obtain its IP through SLAAC

Answer 184

ipv6 address autoconfig

Question 185

Configure OSPFv3

Answer 185

ipv6 unicast-routing 
!
interface loopback 0
 ipv6 address 2001::1/128
 ipv6 ospf 1 area 0
!
interface fastEthernet 0/0
 ipv6 enable
 ipv6 ospf 1 area 0
!
ipv6 router ospf 1
 router-id 1.1.1.1

Question 186

Command to advertise default route in OSPFv3

Answer 186

default-information originate (always)

Question 187

Configure IPv6 EIGRP

Answer 187

interface loopback 0
 ipv6 address 2001::1/128
 ipv6 eigrp 1
!
interface GigabitEthernet 0/1
 ipv6 enable
 ipv6 eigrp 1
!
ipv6 router eigrp 1
 router-id 1.1.1.1
 no shutdown

Question 188

List main differences between IPv4 and IPv6 access lists

Answer 188

IPv4 access-lists can be standard or extended, numbered or named. IPv6 only has named extended access-lists.
IPv4 access-lists have an invisible implicit deny any at the bottom of every access-list. IPv6 access-lists have three invisible statements at the bottom:
permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any

Question 189

Configure IPv6 ACL to allow only telnet to 2001:DB8:0:12::1

Answer 189

interface FastEthernet0/0
 no ip address
 ipv6 address 2001:DB8:0:12::2/64
 no ipv6 unreachables
 ipv6 traffic-filter R1_TRAFFIC in        
!
ipv6 access-list R1_TRAFFIC
 permit tcp host 2001:DB8:0:12::1 any eq telnet

Question 190

Configure SNMPv3

Answer 190

hostname R1
!
snmp-server group MYGROUP v3 priv
snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY12
!
end

Question 191

Configure basic IP SLA

Answer 191

ip sla 1
 icmp-echo 192.168.12.2 
 frequency 10
!
ip sla schedule 1 start-time now life forever

Question 192

What command shows the result of active IP SLAs

Answer 192

show ip sla statistics

Question 193

Configure RSPAN

Answer 193

SW1
vlan 100
 remote-span
monitor session 1 source interface Fa0/1
monitor session 1 destination remote vlan 100

SW2
vlan 100
 remote-span
monitor session 1 source remote vlan 100
monitor session 1 destination interface fastEthernet 0/1

Question 194

Configure SPAN

Answer 194

monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/2
monitor session 2 source vlan 1
monitor session 2 destination interface Fa0/3

Question 195

What do the virutal MAC addresses for HSRPv1 and HSRPv2 start with?

Answer 195

v1 0000.0C07.AC–

v2 0000.0C9F.F—

Question 196

How is VRRP different from HSRP

Answer 196

Can use a router’s own IP as virtual IP

Hello timers 1 3 by default instead of 3 10

Question 197

How is GLBP different from HSRP/VRRP

Answer 197

Gateway –Load Balancing–

Multiple IPs/Virtual MACs for load balancing

Question 198

What is FHRP

Answer 198

a First Hop Redundancy Protocol aka HSRP / VRRP

Question 199

List recommended requirements for voice and video traffic - jitter, delay, and loss - as well as the recommended QOS marking for each

Answer 199

Both:
Jitter < 30ms
Delay < 150ms
Loss < 1%
Voice QOS: DSCP EF
Video QOS: AF41

Question 200

What does LLQ stand for?

Answer 200

low Latency queuing 
CB-WFQ is WFQ + classes that carve up bandwidth.
FYI CB-WFQ + strict priority
PQ-CBWFQ
-aka voice can go first.

Question 201

Compare TACACS+ to RADIUS

Answer 201

TACACS+ - Cisco Proprietary, Command-by-command authorization, packet fully encrypted, normally used for network devices

Radius - Industry standar RFC 2865, Only password encrypted, Normally used for user auth

Question 202

When an ACL denies a packet what messages is sent back to the source

Answer 202

ICMP unreachable

Question 203

List network traffic attributes IP SLA can track

Answer 203

Network Delay
Packet Loss
Jitter
Voice Quality

Question 204

What command shows the number of EIGRP packets sent and received?

Answer 204

show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 78
Hellos sent/received: 2180/2005
Updates sent/received: 70/21
Queries sent/received: 3/1
Replies sent/received: 0/3
Acks sent/received: 22/11

Question 205

Configure GRE tunnels

Answer 205

R1:

interface Tunnel1
 ip address 192.168.13.1 255.255.255.0
 tunnel source GigabitEthernet0/1
 tunnel destination 192.168.23.3
interface 
!
GigabitEthernet0/1
 ip address 192.168.12.1 255.255.255.0

R2:
interface Tunnel1
 ip address 192.168.13.3 255.255.255.0
 tunnel source GigabitEthernet0/1
 tunnel destination 192.168.12.1
!         
interface GigabitEthernet0/1
 ip address 192.168.23.3 255.255.255.0