ICND2 Flashcards
1
Q
What are the four major categories of PPP features?
A
Compression, Callback, Multilink, and Authentication
2
Q
IOS Command: Enable PPP
A
interface config: encapsulation ppp
3
Q
How is the STP root elected?
A
Lowest Bridge ID becomes root.
4
Q
What is the STP Bridge IP?
A
Configured bridge priority prepended to MAC address.
5
Q
How does a switch determine its STP root port? Place in order.
A
1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number
6
Q
List the common STP costs for Ethernet up to TenGigabitEthernet
A
10Mbps 100
100Mbps 19
1Gbps 4
10Gbps 2
7
Q
How is the designated bridge determined on each segment?
A
The same as STP root port:
1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number
8
Q
What does a designated port do in STP?
A
It connects a non-root segment from the switches perspective.
9
Q
What type of STP port connects to a designated port?
A
A non-designated blocking port or a root port.
10
Q
List STP states in order
A
listening
learning
forwarding, blocking, disabled
11
Q
Commands to set bridge priority
A
spanning-tree vlan vlan-id priority n
spanning-tree vlan vlan-id root primary
(secondary)
12
Q
Single command to enable portfast and bpduguard
A
spanning-tree portfast edge bpduguard default
13
Q
Cisco’s PVST and Rapid PVST require one to set bridge priority in increments of …
A
4096
14
Q
What two components are unified when using Cisco Stackwise
A
Backplane and Administration
15
Q
When a master switch is chosen what happens to the other switches in a Stackwise configuration.
A
The other switches reboot and adopt the master’s configuration.
16
Q
What are the rules for electing a stack master
A
1) The current stack master remains the stack master
2) The switch with the highest member priority value
3) The switch with the non-default interface-level configuration
4) The switch with the higher hardware/software priority. (cryptography and ip services first)
5) The switch with the longest uptime
6) The switch with the lowest MAC address
17
Q
What is another name for 802.1x
A
EAP (Extensible Authentication Protocol)
18
Q
What standards are used to authenticate EAP.
A
Radius or TACACs
EAP = 802.1x
19
Q
How does DHCP stop rogue DHCP servers?
A
By setting ports connected to valid DHCP servers as “trusted.” Untrusted ports receiving DHCP responses disable themselves.
20
Q
Which VLAN should not be used as per Cisco best practices?
A
VLAN 1
21
Q
Etherchannel obtains optimal load balancing over what number of links?
A
Powers of 2
2,4,8
22
Q
Why does Cisco recommend against hardcoding etherchannel and not using PAGP or LACP?
A
Without PAGP or LACP if one side of the etherchannel is misconfigured it could cause a spanning-tree loop.
23
Q
What are the PAgP commands?
A
channel-group n mode desirable
channel-group n mode auto
24
Q
What are the LACP commands?
A
channel-group n mode active
channel-group n mode passive
25
Steps for Etherchannel configuration
(first shut down interfaces)
1) Base interfaces must have identical configuration
2) Use the channel-group command to create etherchannel
3) All configuration done on virtual port-channel interface after bundling
4) Summary - 'show etherchannel summary'
26
What are the default spanning-tree costs Ethernet through TenGig
Fa - 19
1G - 4
2G - 3
10G - 1
27
What commands bundles interfaces and creates a virtual port-channel interface
channel-group n mode x
28
What are the basic config registers
0x2100 - ROMMON
0x2101 - RXBoot
0x2102 - Normal Boot
0x2142 - Ignore NVRAM
29
What command will show the configuration register?
show version
30
List four things that can be done from ROMMON
Modify configuration register
Set temporary IP address
Initiate TFTP transfer of Cisco IOS
Initiate x/ymodem upload over the console cable of Cisco IOS
31
Where are 'boot system' commands found?
Global Configuration
32
Where does an IOS router look for the image to load in order
1) "boot system" commands
2) Look for first IOS image in flash
3) Broadcast for a TFTP server
33
Set configuration register in ROMMON
confreg 0x2102
34
Download IOS from TFTP in ROMMON
```
set (show ip information)
IP_ADDRESS=
IP_SUBNET_MASK=
DEFAULT_GATEWAY=
TFTP_SERVER=
TFTP_FILE=
tftpdnld
```
35
List steps to obtain and install a license on an IOS 15 device
1 - Purchase license and receive PAK key
2 - Get license file from CLM or www.cisco.com/go/license using UDI
3 - Use the CLI to install the .lic file
36
How do you find the UDI and what is it a combination of
show license udi
| It is a combination of the product id (PID) and SN. (ex: CISCO2911/K9FTX1524PIRE
37
Command to show licenses
show license all
| show license detail
38
Command to show features enabled on device
show license feature
39
Install license
license install flash0:licensefile.lic
40
Backup license
license save flash:filename
41
Unistall a license
```
license boot module x x x disable
do reload
license clear x
conf t
no license boot module x x x disable
do reload
```
42
What are the administrative distances of the major routing protocols?
```
Directly connected: 0
Static: 1
EIGRP Summary 5
EBGP 20
EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
ODR 160
EX EIGRP 170
iBGP 200
NHRP 250
Floating Static (ex. DHCP-learned) 254
Unknown 255
```
43
When selecting a route what does the router consider in order
1. Next Hop Reachability
2. Route Specificity
3. Administrative Distance
4. Metric
44
List 3 major distance vector routing protocols
RIP, EIGRP. BGP
45
List 2 major link state protocols
OSPF, IS-IS
46
List 3 major differences between distance vector and link state routing protocols
DV
- only knows what the neighbor tells it
- memory / processor efficient
- loop prevention mechanisms needed
LS
- maintains a map of the network system
- resource consuming
- maintains loop free by nature
47
List distance vector loop prevention methods
1) maximum metric
2) route poisoning
3) triggered updates
4) split horizon
5) hold down timers
6) AS_PATH attribute
48
Why did Cisco create EIGRP when OSPF already existed.
EIGRP is simpler to implement than OSPF
49
What is the SPF algorithm
Finds the best path to each destination
50
OSPF area 0 is the _____
backbone
51
What is the primary reason for using multiple areas in OSPF?
to summarize routes
52
What OSPF router type brings an Internet connection into the system
ASBR
53
Does OSPF use TCP or UDP for routing updates?
Trick question: It uses the OSPF protocol number 89
54
OSPF vs. EIGRP
OSPF is hierarchical EIGRP is not
OSPF has a route database with the entire network
EIGRP keeps only successors and feasible successors
OSPF is link state EIGRP is distance vector
55
How does a Cisco router pick a router-id if one is not configured statically?
Highest active interface IP - loopbacks preferred over others
56
OSPF default hello and dead timers
10 and 40
57
List four things that must match in an OSPF hello packet
1) Hello / Dead Timer
2) Subnet Mask
3) Area ID
4) Authentication password
58
What is the role of the master router?
It is the first to send a DBD packet
59
What are the default OSPF hello times on NBMA links?
hello 30, dead 120
60
How does OSPF determine the master router?
higher router-id
61
Describe OSPF Loading process
Each router examines the DBDs from ExStart. For any entry the router doesn't know about it sends a link-state request (LSR) and a link-state update (LSU) is returned.
Note LSU is a collection of LSAs. LSACK acknowledges these updates.
62
List OSPF states when
Init: Hello packet received
Two-way: own router ID found in hello packet
Exstart: Master and slave determned
Exchange: DBD packets exchanged
Loading: LSRs and LSUs for required LSAs.
Full: OSPF routers are now neighbors
63
Multicast group for OSPF all routers and OSPF DR
224. 0.0.5 (all routers)
| 224. 0.0.6 (all OSPF designated routers)
64
What does an OSPF priority of 0 mean?
A router with priority 0 will never be elected as DR or BDR. (NBMA spokes, for example, might need this)
65
What determines the DR/BDR in an OSPF election
Highest priority and in a tie highest RID
66
What does the BDR do?
It acts maintains a full relationship with all neighbors but does not send LSAs and just waits for the DR to die.
67
Command to adjust hello timer on OSPF
interface mode:
| ip ospf hello-interval n
68
Command to adjust OSPF metric so it works better with larger links
router mode:
auto-cost reference bandwidth 10000
(10G links = 1)
69
Command to change ospf cost on an interface
ip ospf cost n
70
By default what is the slowest speed at OSPF cost 1
100 meg
71
Configure OSPF to advertise a default route even if there isn't a default route in the table
default-information originate always
72
Command to view all routes learned by OSPF
show ip/ipv6 ospf database
73
Command to view all successors and feasible successors learned by EIGRP
show ip/ipv6 eigrp topology
74
List main bullets of NIST cloud computing definition
```
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
```
75
What is one way to connect between multiple cloud service providers
An intercloud exchange
76
What is a VNF?
Virtual Network Function - virtual version of network device
77
What does MEC stand for
Multichassis EtherChannel
78
Access Switches have Stackwise. Core/Distribution switches have?
Chassis Aggregation
79
What is a MIB
Management Information Base
80
What is contained in a MIB
Object Identifiers (OID)
81
What is a major drawback to an SNMP trap and what does SNMPv3 implement to resolve that?
An snmp trap has no acknowledgement. SNMPv3 introduces the inform message which has an ack.
82
What are the 3 SNMPv3 security modes
noAuthNoPriv clear-text username authentication
authNoPriv: MD5 or SHA authentication but no encryption
authPriv: MD5 or SHA authentication and encryption
83
Configure server 192.168.12.2 for SNMPv2c read only access community name ICND2 and enable traps
snmp-server community ICND2 ro
snmp-server location Omaha
snmp-server contact kevin.joyce@outlook.com
snmp-server host x.x.x.x version 2c ICND2
snmp-server enable traps (pick traps)
84
What is route poisoning
When a network goes down a DV protocol will send a triggered update which is a network with an infinite metric.
85
What is poison reverse?
When a poisoned route is learned a poisoned route is sent back to the same router with the same infinite metric.
86
What is split horizon?
A router never advertises a route through the interface it learns it from. (unless it is reverse poisoning a route.)
87
What is the command to view the EIGRP neighbor table and what information is contained in it?
show ip eigrp neighbors
Lists all directly connected neighbors
- H (Handle) - first neighbor gets 0 - next one 1 - gaps get filled
- Next Hop IP
- Interface
- Hold Time
- Uptime
- SRTT (Smooth round trip time)
- RTO (retransmission timeout)
- Q Count
- Seq Number
88
What is the command to view the EIGRP topology table and what information is contained in it.
- Successors and Feasible Successors
- Metric (FD)
- Route State (Passive, Active, Update, Query, Reply)
89
In EIGRP what are the requirements for a route to be a feasible successor
1) It must not be a successor
2) The advertised distance must be less than the feasible distance of the *successor*
3)
Nice plain english: A router can become a backup path if he is closer to the destination than your best path.
90
What command is used for unequal cost load balancing in EIGRP links. What type of routes can be used for load balancing?
variance n where n is the multiplier
Feasible successors can be used.
Example with variance 3 and FD of 100 on the successor a feasible successor with a FD of 300 will join the pool and will take 1/4 the traffic.
91
What protocol does EIGRP use for reliable messages?
RTP (Reliable Transport Protocol)
92
List EIGRP packet types and whether or not they need acks
```
Hello - Unreliable
Update - Reliable
Query - Reliable
Reply - Reliable
Ack - ack doesn't get acked
```
Update packets send new routing information. Reply packets send routing information in response to query packets.
93
Describe EIGRP Adjancency process
1) R1 sends hello
2) R2 sends Update
3) R2 sends hello (on its own timer - not in response to update)
4) R1 sends ack for update packet
5) R1 sends update
6) R2 sends ack back
94
How could you run EIGRP over a network that does not support multicast?
router mode:
| neighbor x.x.x.x interface
95
List EIGRP K values
```
Bandwidth (K1)
Load (K2)
Delay (K3)
Reliability (K4)
MTU (K5)
```
96
What is the EIGRP metric formula for default K values K1 and K3
(10^7 / minimum bandwdith + (sum of delays)) * 256
97
Command to set EIGRP to use delay only in metric calculation
router mode:
metric weights 0 0 0 1 0 0
(First 0 is TOS which must be 0 - then K1, K2, etc.)
98
Command to summarize subnets within 172.16.0.0/23
interface mode:
| ip summary-address eigrp as 172.16.0.0 255.255.254.0
99
What is a dis-contiguous network?
When a classful network has another classful network on a segment between 2 or more of its subnets.
So, for example, might be equal cost routing to 1.0.0.0/8 going to seperate ways to two seperate subnets - if auto-summary is in place.
100
For unequal cost load balancing what command shows the traffic share count?
show ip route x.x.x.x
101
What does SIA Query do?
SIA Query is sent half way through the SIA timer - to give the neighbor router a chance to return a SIA reply which keeps EIGRP from dropping the neighbor adjacency and losing the other routes.
102
List items that cause problems with EIGRP adjacencies
```
Uncommon subnet
K value mismatch
AS mismatch
Layer 2 issues
Access-list issues
NBMA (not sending broadcasts)
```
103
What is the EIGRP multicast address?
224.0.0.10
104
What is a path vector routing protocol
BGP is the only example - it records the AS path
105
Describe the ways BGP can be homed
Single homed: you are connected to a single ISP using a single link.
Dual homed: you are connected to a single ISP using dual links.
Single multi-homed: you are connected to two ISPs using single links.
Dual multi-homed: you are connected to two ISPs using dual links.
106
command to add password to bgp neighbor
neighbor x.x.x.x password MYPASS
107
What is BGP synchronization
This is for transit networks. BGP won't advertise a network learned from another AS unless it sees the network in the IGP as well. This way traffic doesn't transit your AS until the IGP is up to date. For a stub AS one can disable synchronization with no synchronization command in router mode.
108
Configure iBGP peers to loopbacks
router bgp 2
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 next-hop-self
109
When is next-hop-self configuration is needed in BGP
For iBGP peers - so that they advertise their own next hop instead of the IP of the EBGP peer that advertised the router.
110
What is BGP split horizon?
iBGP does not advertise prefixes learned from another iBGP peer
111
What methods make multi-hop iBGP networks work without BGP split horizon breaking it?
BGP Route Reflectors
| BGP Confederations
112
What does * and > mean in 'show ip bgp'
```
* = valid router and BGP can use it
> = the entry has been selected as the best path
```
113
What does a next hop of 0.0.0.0 mean in BGP?
It means the network originates on the local router.
114
What are the 2 BGP origin codes in use
i - originated using the 'network' command or equivalent.
| ? - Redistributed into BGP
115
List other BGP status codes beyond valid(*) and best (>)
s - supressed: BGP knows the network but won’t advertise it, this can occur when the network is part of a summary.
d - damped: BGP doesn’t advertise this network because it was flapping too often (network appears, disapears, appears, etc.) so it got a penalty.
h- history: BGP learned this network but doesn’t have a valid route at the moment.
r - RIB-failure: BGP learned this network but didn’t install it in the routing table. This occurs when another routing protocol with a lower administrative distance also learned it.
S - stale: this is used for non-stop forwarding, this entry has to be refreshed when the remote BGP neighbor has returned.
116
Which BGP states can lead to active state and why?
Connect and OpenSent - Connect because 3-way handshake fails and OpenSent because something is wrong with the open message (ie wrong AS number)
117
If BGP hold timers don't match what happens?
The lower timer is used
118
List the BGP states in order (excluding active)
```
Idle
Connect
OpenSent
OpenConfirm
Established
```
119
Describe the BGP OpenConfirm state
BGP waits for a keepalive message from the remote BGP neighbor. When we receive the keepalive, we can move to the established state and the neighbor adjacency will be completed. When this occurs, it will reset the hold timer. If we receive a notification message from the remote BGP neighbor then we fall back to the Idle state. BGP will keep sending keepalive messages.
120
Describe the BGP established state
The BGP neighbor adjacency is complete and the BGP routers will send update packets to exchange routing information. Every time we receive a keepalive or update message, the hold timer will be resetted. In case we receive a notification message we will jump back to the Idle state.
121
Describe the BGP Idle state
This is the first state where BGP waits for a “start event”. The start event occurs when someone configures a new BGP neighbor or when we reset an established BGP peering. After the start event, BGP will initialize some resources, resets a ConnectRetry timer and initiates a TCP connection to the remote BGP neighbor. It will also start listening for a connection in case the remote BGP neighbor tries to establish a connection. When successful, BGP moves to the Connect state. When it fails, it will remain in the Idle state.
122
Describe the BGP Connect state
BGP is waiting for the TCP three-way handshake to complete. When it is successful, it will continue to the OpenSent state. In case it fails, we continue to the Active state. If the ConnectRetry timer expires then we will remain in this state. The ConnectRetry timer will be reset and BGP will try a new TCP three-way handshake. If anything else happens (for example resetting BGP) then we move back to the Idle state.
123
Describe the BGP Active state
BGP will try another TCP three-way handshake to establish a connection with the remote BGP neighbor. If it is successful, it will move to the OpenSent state. If the ConnectRetry timer expires then we move back to the Connect state. BGP will also keep listening for incoming connections in case the remote BGP neighbor tries to establish a connection. Other events can cause the router to go back to the Idle state (resetting BGP for example).
124
Describe the BGP OpenSent state
In this state BGP will be waiting for an Open message from the remote BGP neighbor. The Open message will be checked for errors, if something is wrong (incorrect version numbers, wrong AS number, etc.) then BGP will respond with a Notification message and jumps back to the Idle state. This is also the moment where BGP decides whether we use EBGP or IBGP (since we check the AS number). If everything is OK then BGP starts sending keepalive messages and resets its keepalive timer. At this moment, the hold time is negotiated (lowest value is picked) between the two BGP routers. In case the TCP session fails, BGP will jump back to the Active state. When any other errors occur (expiration of hold timer), BGP will send a notification message with the error code and jumps back to the Idle state. In case someone resets the BGP process, we also jump back to the Idle state.
125
What four messages does BGP use?
Open
Update
Keepalive
Notification
126
What is contained in a BGP Open message
Version (4)
My AS
Hold TIme
BGP Identifier (same rules as OSPF and EIGRProuter-id)
Optional Parameters - MP-BGP, Route Refresh, 4-octet AS numbers
127
configure a time range from 09:00 to 17:00 weekdays
time-range WORK_HOURS
| periodic weekdays 09:00 to 17:00
128
Apply the time range WORK_HOURS to an extended ACL statement
101 deny tcp any host 192.168.23.3 eq 80 time-range WORK_HOURS
129
What is the only traffic allowed on an 802.1X port prior to authentication
EAPoL (Extensible Authentication Protocol over LAN)
130
What are the two layer 2 control protocols used in PPP and what do they do
LCP - Link control protocol - setting up link and authentication
NCP - Enables the sending of multiple protocols like IP, IPv6, CDP (IPX and AppleTalk)
131
What are the two PPP authentication options and what is the difference
PAP (Password Authentication Protocol): Plaintext!
| CHAP (Challenge Authentication Protocol) - instead of plaintext password a hash of the password is sent
132
Configure CHAP
R1(config)# username R2 password MYSECRET
R2(config)# username R1 password MYSECRET
R1(config)#interface serial 0/0
R1(config-if)#ppp authentication chap
R2(config)#interface serial 0/0
R2(config-if)#ppp authentication chap
133
Does PPP CHAP have to be configured on both links?
No
134
Should one use a secret to increase CHAP security?
No! PPP can't hash a password that is already hashed.
135
Configure PPPoE on client side
Client(config)#interface dialer 1
Client(config-if)#mtu 1492
Client(config-if)#encapsulation ppp
Client(config-if)#ip address negotiated
Client(config-if)#ppp chap hostname CUSTOMER
Client(config-if)#ppp chap password CISCO
Client(config-if)#dialer pool 1
Client(config)#interface GigabitEthernet 0/1
Client(config-if)#pppoe-client dial-pool-number 1
136
Configure PPP Multilink
R1(config)#interface multilink 1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface multilink 1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R1(config)#interface Serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1
R1(config)#interface Serial 0/1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1
137
What command verifies ppp multilink operation
show ppp multilink
138
What is recursive routing when it comes to tunnels?
When the destination IP for the tunnel interface is learned through the tunnel itself.
139
What can one do to prevent recursive routing through a tunnel?
Don't advertise the destination IP on the tunnel interface - or use route filtering
Make sure the AD of the destination IP through the tunnel is higher than
Instead of AD make sure the metric is worse.
140
What does DMVPN use to know the public IP of multipoint tunnel neighbors?
NHRP - Next Hop Resolution Protocol
141
Describe NHRP
One router will be the NHRP server.
All other routers will be NHRP clients.
NHRP clients register themselves with the NHRP server and report their public IP address.
The NHRP server keeps track of all public IP addresses in its cache.
When one router wants to tunnel something to another router, it will request the NHRP server for the public IP address of the other router.
142
Summarize the three DMVPN phases
Note - phases are configuration options - the DMVPN solution does not progress through them.
Phase 1 - Spokes register with the hub. All traffic flows through the hub on point-to-point gre tunnels. Hub has multipoint GRE interface.
Phase 2 - All spoke routers run multipoint GRE so direct spoke-to-spoke tunneling is possible. When a spoke wants to reach another spoke it uses NHRP to find the tunnel IP. It must have the route and next-hop IP of the spoke tunnel ip to work.
Phase 3 - Specific routes are not needed by spokes for spoke-to-spoke connectivity. Routing will be set up as phase 1 but when a packet bound for another spoke reaches the hub it will send a NHRP redirect to both spokes. Both spokes resolve the public IP with NHRP and install a new routing entry so they can reach each other locally.
143
What is an EVC and VPWS
Also called E-Line (Ethernet Line Service)
Ethernet Virtual Circuit - point-to-point virtual ethernet link
VPWS is Virtual Private Wire Service which specifically refers to labeling the frame for MPLS transit
144
What is VPLS
Virtual Private Lan Service - E-LAN (Ethernet LAN Service)
145
What is E-Tree
Ethernet Tree Service
| Traditional Frame Relay topology on Ethernet.. (Hub and spoke)
146
List four features provided by VPN
Confidentiality
Authentication
Integrity (verifying packet wasn't changed)
Anti-replay
147
List 4 commond VPN protocols
IPSec
PPTP
L2TP
SSLVPN
148
What is PPTP
Point-to-point tunneling protocol
GRE tunnel with PPP and encryption done with MPPE
This has been **proven insecure**
149
What is L2TP
Layer Two Tunneling Protocol
As an extension of PPTP can tunnel layer two traffic. For secure VPN it can be combined with IPSEC This combination is often referred to as L2TP/IPSec
150
List 4 types of delay found in a network
Processing
Queuing
Serialization
Propagation (ie speed of light through fiber)
151
List application and traffic types relevant to QOS - with examples
Batch Application - FTP
Interactive Application - SSH
Voice and Video Application - VOIP
152
List the basic QOS Tools with short descriptions
Classification and marking: if we want to give certain packets a different treatment, we have to identify and mark them.
Queuing – Congestion Management: instead of having one big queue where packets are treated with FIFO, we can create multiple queues with different priorities.
Shaping and Policing: these two tools are used to rate-limit your traffic.
Congestion Avoidance: there are some tools we can use to manage packet loss and to reduce congestion.
153
The first 6 bits of the DS field are used to set a ______ that will affect the ______ at each node. The codepoint is also what we call the ______ value.
codepoint, PHB (Per Hob Behavior), DSCP value.
154
What is the name for using reservations to enforce end-to-end QoS?
IntServ (Integrated Services)
155
What is it called when no reservations are made and each device has its own QOS prioritization?
DiffServ
156
What is the default PHB DSCP value? How are packets treated by default?
00000000
| Packets are 'best effort.'
157
What are the class-selector codepoints?
```
IP Precedence bits are the first 3 DSCP bits. CS0=000 CS7=111
Default/CS0 - Routine
CS1 - Priority
CS2 - Immediate
CS3 - Flash
CS4 - Flash Override
CS5 - Critical
CS6 - Internetwork Control
CS7 - Network Control
```
158
What were the value of the TOS bytes
```
1000 minimize delay
0100 maximize throughput
0010 maximize reliability
0001 minimize monetary cost
0000 normal service
```
159
What are 2 function of Assured Forwarding PHB?
Queueing and Congestion Avoidance
160
What bits of the DS field are used in Assured Forwarding
First 3 - Class (up to 4 binary 100)
bits 4 & 5 - drop probability - 01, 10, 11 - low, medium high
bit 6 remains 0
161
What two functions does expedited forwarding PHB have?
1. Queuing
| 2. Policing
162
What is NBAR
Network Based Application Recognition
163
List the DSCP codepoints
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
164
What DS bits for EF?
101110
165
What are typical Precedence or DSCP values for voice and call signaling?
```
Precedence 5 (Critical) or DSCP EF
Precedence 3 (Flash) or DSCP AF31
```
They are all arbitrary of course..
166
In policing if the number of bytes in a packet exceed the number of tokens in the bucket what does the router do with the tokens? What does it do with the packet?
The tokens are left in the bucket and the action on the packet is set by the policer. ie single-rate 2 color it is marked as exceeded and dropped.
167
Describe dual rate 3 color policing
When the number of bytes in the packet are less or equal than the number of tokens in the Bc bucket the packet is conforming. The policer takes the required tokens from the Bc bucket and performs the action. The policer also takes the same amount of tokens from the PIR bucket!
If the packet does not conform and the number of bytes of the packet is less than or equal to the number of tokens in the PIR bucket, the packet is exceeding.The policer will remove the required tokens from the PIR bucket and takes the configured action for exceeding packets.
When the packet is not conforming or exceeding, it is violating. The policer doesn’t take any tokens and performs the action for violating packets.
168
What are the two rates in dual rate policing
```
CIR = Committed Information Rate
PIR = Peak Information Rate
```
169
In policing what are the three colors?
Conforming
Exceeding
Violating
170
When qos is enabled on a switch with 'mls qos' what is the default behavior on DSCP fields
They are erased! (after the value of the field is checked)
no mls qos rewrite ip dscp prevents this
171
What is a trust boundary for qos on a switch?
Markings made by devices inside the boundary are kept and used. Outside the boundary are ignored and overwritten.
172
What benefits do come with HSRPv2
4096 groups vs. 256
msec timers for v2
New multicast group 224.0.0.102 instead of 'all routers'
173
Configure HSRP with a hello timer of 100ms and hold of 300ms - preempt with a delay of 60 seconds and md5 authentication. The primary should track the ping results of 192.168.23.3.
```
interface Vlan1
ip address 192.168.1.1 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 timers msec 100 msec 300
standby 1 preempt delay minimum 60
standby 1 authentication md5 key-string MY_SECRET_KEY
```
```
interface Vlan1
ip address 192.168.1.2 255.255.255.0
standby version 2
standby 1 ip 192.168.1.254
standby 1 timers msec 100 msec 300
standby 1 priority 150
standby 1 preempt delay minimum 60
standby 1 authentication md5 key-string MY_SECRET_KEY
standby 1 track 1 decrement 60
```
ip sla 1
icmp-echo 192.168.23.3
frequency 10
ip sla schedule 1 life forever start-time now
174
List the five HSRP states
```
Initial
Listen
Speak
Standby
Active
```
175
Which HSRP device will be active?
First the one with the highest configured priority
Second the one with the highest IP address
176
What is the default HSRP hold time?
10 seconds
177
Configure HSRP interface tracking
global: track 1 interface GigabitEthernet 0/2 line-protocol
if: standby 1 track 1 decrement 60
Or if: standby 1 track GigabitEthernet 0/2 60
(no decrement keyword for second option)
178
List the major IPv6 address types
```
Global Unicast - 2000::/3
Unique Local - FD00::/8 (FC00::/7 with FC00::/8 undefined)
Link Local - FE80::/10
Multicast -FF00::/8
Unspecified - ::/128
Loopback - ::1
```
179
EUI-64 has what in the middle of the host portion of the address? Which bit is flipped?
FFFE,
The 7th
180
How is a solicited-node multicast address built
FF02::1:FF + Last 6 hex chars of unicast address
181
What are the major IPv6 multicast addresses
ff02: :1 - all nodes
ff02: :2 - all routers
182
What is a Neighbor Solicitation Message
IPv6 ARP request - sent to solicited node multicast address and includes the layer 2 address of the sending host
183
What is sent in reply to a neighbor solicitation?
A neighbor advertisement message - includes layer 2 address of sending host and sent to layer 2 address of soliciting host.
184
Configure a neighbor to obtain its IP through SLAAC
ipv6 address autoconfig
185
Configure OSPFv3
```
ipv6 unicast-routing
!
interface loopback 0
ipv6 address 2001::1/128
ipv6 ospf 1 area 0
!
interface fastEthernet 0/0
ipv6 enable
ipv6 ospf 1 area 0
!
ipv6 router ospf 1
router-id 1.1.1.1
```
186
Command to advertise default route in OSPFv3
default-information originate (always)
187
Configure IPv6 EIGRP
```
interface loopback 0
ipv6 address 2001::1/128
ipv6 eigrp 1
!
interface GigabitEthernet 0/1
ipv6 enable
ipv6 eigrp 1
!
ipv6 router eigrp 1
router-id 1.1.1.1
no shutdown
```
188
List main differences between IPv4 and IPv6 access lists
IPv4 access-lists can be standard or extended, numbered or named. IPv6 only has named extended access-lists.
IPv4 access-lists have an invisible implicit deny any at the bottom of every access-list. IPv6 access-lists have three invisible statements at the bottom:
permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any
189
Configure IPv6 ACL to allow only telnet to 2001:DB8:0:12::1
```
interface FastEthernet0/0
no ip address
ipv6 address 2001:DB8:0:12::2/64
no ipv6 unreachables
ipv6 traffic-filter R1_TRAFFIC in
!
ipv6 access-list R1_TRAFFIC
permit tcp host 2001:DB8:0:12::1 any eq telnet
```
190
Configure SNMPv3
```
hostname R1
!
snmp-server group MYGROUP v3 priv
snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY12
!
end
```
191
Configure basic IP SLA
```
ip sla 1
icmp-echo 192.168.12.2
frequency 10
!
ip sla schedule 1 start-time now life forever
```
192
What command shows the result of active IP SLAs
show ip sla statistics
193
Configure RSPAN
```
SW1
vlan 100
remote-span
monitor session 1 source interface Fa0/1
monitor session 1 destination remote vlan 100
```
```
SW2
vlan 100
remote-span
monitor session 1 source remote vlan 100
monitor session 1 destination interface fastEthernet 0/1
```
194
Configure SPAN
monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/2
monitor session 2 source vlan 1
monitor session 2 destination interface Fa0/3
195
What do the virutal MAC addresses for HSRPv1 and HSRPv2 start with?
v1 0000.0C07.AC--
| v2 0000.0C9F.F---
196
How is VRRP different from HSRP
Can use a router's own IP as virtual IP
| Hello timers 1 3 by default instead of 3 10
197
How is GLBP different from HSRP/VRRP
Gateway --Load Balancing--
Multiple IPs/Virtual MACs for load balancing
198
What is FHRP
a First Hop Redundancy Protocol aka HSRP / VRRP
199
List recommended requirements for voice and video traffic - jitter, delay, and loss - as well as the recommended QOS marking for each
```
Both:
Jitter < 30ms
Delay < 150ms
Loss < 1%
Voice QOS: DSCP EF
Video QOS: AF41
```
200
What does LLQ stand for?
```
low Latency queuing
CB-WFQ is WFQ + classes that carve up bandwidth.
FYI CB-WFQ + strict priority
PQ-CBWFQ
-aka voice can go first.
```
201
Compare TACACS+ to RADIUS
TACACS+ - Cisco Proprietary, Command-by-command authorization, packet fully encrypted, normally used for network devices
Radius - Industry standar RFC 2865, Only password encrypted, Normally used for user auth
202
When an ACL denies a packet what messages is sent back to the source
ICMP unreachable
203
List network traffic attributes IP SLA can track
Network Delay
Packet Loss
Jitter
Voice Quality
204
What command shows the number of EIGRP packets sent and received?
show ip eigrp traffic
```
IP-EIGRP Traffic Statistics for process 78
Hellos sent/received: 2180/2005
Updates sent/received: 70/21
Queries sent/received: 3/1
Replies sent/received: 0/3
Acks sent/received: 22/11
```
205
Configure GRE tunnels
R1:
```
interface Tunnel1
ip address 192.168.13.1 255.255.255.0
tunnel source GigabitEthernet0/1
tunnel destination 192.168.23.3
interface
!
GigabitEthernet0/1
ip address 192.168.12.1 255.255.255.0
```
```
R2:
interface Tunnel1
ip address 192.168.13.3 255.255.255.0
tunnel source GigabitEthernet0/1
tunnel destination 192.168.12.1
!
interface GigabitEthernet0/1
ip address 192.168.23.3 255.255.255.0
```
