ICND2 Flashcards
What are the four major categories of PPP features?
Compression, Callback, Multilink, and Authentication
IOS Command: Enable PPP
interface config: encapsulation ppp
How is the STP root elected?
Lowest Bridge ID becomes root.
What is the STP Bridge IP?
Configured bridge priority prepended to MAC address.
How does a switch determine its STP root port? Place in order.
1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number
List the common STP costs for Ethernet up to TenGigabitEthernet
10Mbps 100
100Mbps 19
1Gbps 4
10Gbps 2
How is the designated bridge determined on each segment?
The same as STP root port:
1 - lowest path cost to root
2 - lowest neighbor bridge id
3 - lowest port number
What does a designated port do in STP?
It connects a non-root segment from the switches perspective.
What type of STP port connects to a designated port?
A non-designated blocking port or a root port.
List STP states in order
listening
learning
forwarding, blocking, disabled
Commands to set bridge priority
spanning-tree vlan vlan-id priority n
spanning-tree vlan vlan-id root primary
(secondary)
Single command to enable portfast and bpduguard
spanning-tree portfast edge bpduguard default
Cisco’s PVST and Rapid PVST require one to set bridge priority in increments of …
4096
What two components are unified when using Cisco Stackwise
Backplane and Administration
When a master switch is chosen what happens to the other switches in a Stackwise configuration.
The other switches reboot and adopt the master’s configuration.
What are the rules for electing a stack master
1) The current stack master remains the stack master
2) The switch with the highest member priority value
3) The switch with the non-default interface-level configuration
4) The switch with the higher hardware/software priority. (cryptography and ip services first)
5) The switch with the longest uptime
6) The switch with the lowest MAC address
What is another name for 802.1x
EAP (Extensible Authentication Protocol)
What standards are used to authenticate EAP.
Radius or TACACs
EAP = 802.1x
How does DHCP stop rogue DHCP servers?
By setting ports connected to valid DHCP servers as “trusted.” Untrusted ports receiving DHCP responses disable themselves.
Which VLAN should not be used as per Cisco best practices?
VLAN 1
Etherchannel obtains optimal load balancing over what number of links?
Powers of 2
2,4,8
Why does Cisco recommend against hardcoding etherchannel and not using PAGP or LACP?
Without PAGP or LACP if one side of the etherchannel is misconfigured it could cause a spanning-tree loop.
What are the PAgP commands?
channel-group n mode desirable
channel-group n mode auto
What are the LACP commands?
channel-group n mode active
channel-group n mode passive
Steps for Etherchannel configuration
(first shut down interfaces)
1) Base interfaces must have identical configuration
2) Use the channel-group command to create etherchannel
3) All configuration done on virtual port-channel interface after bundling
4) Summary - ‘show etherchannel summary’
What are the default spanning-tree costs Ethernet through TenGig
Fa - 19
1G - 4
2G - 3
10G - 1
What commands bundles interfaces and creates a virtual port-channel interface
channel-group n mode x
What are the basic config registers
0x2100 - ROMMON
0x2101 - RXBoot
0x2102 - Normal Boot
0x2142 - Ignore NVRAM
What command will show the configuration register?
show version
List four things that can be done from ROMMON
Modify configuration register
Set temporary IP address
Initiate TFTP transfer of Cisco IOS
Initiate x/ymodem upload over the console cable of Cisco IOS
Where are ‘boot system’ commands found?
Global Configuration
Where does an IOS router look for the image to load in order
1) “boot system” commands
2) Look for first IOS image in flash
3) Broadcast for a TFTP server
Set configuration register in ROMMON
confreg 0x2102
Download IOS from TFTP in ROMMON
set (show ip information) IP_ADDRESS= IP_SUBNET_MASK= DEFAULT_GATEWAY= TFTP_SERVER= TFTP_FILE= tftpdnld
List steps to obtain and install a license on an IOS 15 device
1 - Purchase license and receive PAK key
2 - Get license file from CLM or www.cisco.com/go/license using UDI
3 - Use the CLI to install the .lic file
How do you find the UDI and what is it a combination of
show license udi
It is a combination of the product id (PID) and SN. (ex: CISCO2911/K9FTX1524PIRE
Command to show licenses
show license all
show license detail
Command to show features enabled on device
show license feature
Install license
license install flash0:licensefile.lic
Backup license
license save flash:filename
Unistall a license
license boot module x x x disable do reload license clear x conf t no license boot module x x x disable do reload
What are the administrative distances of the major routing protocols?
Directly connected: 0 Static: 1 EIGRP Summary 5 EBGP 20 EIGRP 90 IGRP 100 OSPF 110 IS-IS 115 RIP 120 EGP 140 ODR 160 EX EIGRP 170 iBGP 200 NHRP 250 Floating Static (ex. DHCP-learned) 254 Unknown 255
When selecting a route what does the router consider in order
- Next Hop Reachability
- Route Specificity
- Administrative Distance
- Metric
List 3 major distance vector routing protocols
RIP, EIGRP. BGP
List 2 major link state protocols
OSPF, IS-IS
List 3 major differences between distance vector and link state routing protocols
DV
- only knows what the neighbor tells it
- memory / processor efficient
- loop prevention mechanisms needed
LS
- maintains a map of the network system
- resource consuming
- maintains loop free by nature
List distance vector loop prevention methods
1) maximum metric
2) route poisoning
3) triggered updates
4) split horizon
5) hold down timers
6) AS_PATH attribute
Why did Cisco create EIGRP when OSPF already existed.
EIGRP is simpler to implement than OSPF
What is the SPF algorithm
Finds the best path to each destination
OSPF area 0 is the _____
backbone
What is the primary reason for using multiple areas in OSPF?
to summarize routes
What OSPF router type brings an Internet connection into the system
ASBR
Does OSPF use TCP or UDP for routing updates?
Trick question: It uses the OSPF protocol number 89
OSPF vs. EIGRP
OSPF is hierarchical EIGRP is not
OSPF has a route database with the entire network
EIGRP keeps only successors and feasible successors
OSPF is link state EIGRP is distance vector
How does a Cisco router pick a router-id if one is not configured statically?
Highest active interface IP - loopbacks preferred over others
OSPF default hello and dead timers
10 and 40
List four things that must match in an OSPF hello packet
1) Hello / Dead Timer
2) Subnet Mask
3) Area ID
4) Authentication password
What is the role of the master router?
It is the first to send a DBD packet
What are the default OSPF hello times on NBMA links?
hello 30, dead 120
How does OSPF determine the master router?
higher router-id
Describe OSPF Loading process
Each router examines the DBDs from ExStart. For any entry the router doesn’t know about it sends a link-state request (LSR) and a link-state update (LSU) is returned.
Note LSU is a collection of LSAs. LSACK acknowledges these updates.
List OSPF states when
Init: Hello packet received
Two-way: own router ID found in hello packet
Exstart: Master and slave determned
Exchange: DBD packets exchanged
Loading: LSRs and LSUs for required LSAs.
Full: OSPF routers are now neighbors
Multicast group for OSPF all routers and OSPF DR
- 0.0.5 (all routers)
224. 0.0.6 (all OSPF designated routers)
What does an OSPF priority of 0 mean?
A router with priority 0 will never be elected as DR or BDR. (NBMA spokes, for example, might need this)
What determines the DR/BDR in an OSPF election
Highest priority and in a tie highest RID
What does the BDR do?
It acts maintains a full relationship with all neighbors but does not send LSAs and just waits for the DR to die.
Command to adjust hello timer on OSPF
interface mode:
ip ospf hello-interval n
Command to adjust OSPF metric so it works better with larger links
router mode:
auto-cost reference bandwidth 10000
(10G links = 1)
Command to change ospf cost on an interface
ip ospf cost n
By default what is the slowest speed at OSPF cost 1
100 meg
Configure OSPF to advertise a default route even if there isn’t a default route in the table
default-information originate always
Command to view all routes learned by OSPF
show ip/ipv6 ospf database
Command to view all successors and feasible successors learned by EIGRP
show ip/ipv6 eigrp topology
List main bullets of NIST cloud computing definition
On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service
What is one way to connect between multiple cloud service providers
An intercloud exchange
What is a VNF?
Virtual Network Function - virtual version of network device
What does MEC stand for
Multichassis EtherChannel
Access Switches have Stackwise. Core/Distribution switches have?
Chassis Aggregation
What is a MIB
Management Information Base
What is contained in a MIB
Object Identifiers (OID)
What is a major drawback to an SNMP trap and what does SNMPv3 implement to resolve that?
An snmp trap has no acknowledgement. SNMPv3 introduces the inform message which has an ack.
What are the 3 SNMPv3 security modes
noAuthNoPriv clear-text username authentication
authNoPriv: MD5 or SHA authentication but no encryption
authPriv: MD5 or SHA authentication and encryption
Configure server 192.168.12.2 for SNMPv2c read only access community name ICND2 and enable traps
snmp-server community ICND2 ro
snmp-server location Omaha
snmp-server contact kevin.joyce@outlook.com
snmp-server host x.x.x.x version 2c ICND2
snmp-server enable traps (pick traps)
What is route poisoning
When a network goes down a DV protocol will send a triggered update which is a network with an infinite metric.
What is poison reverse?
When a poisoned route is learned a poisoned route is sent back to the same router with the same infinite metric.
What is split horizon?
A router never advertises a route through the interface it learns it from. (unless it is reverse poisoning a route.)
What is the command to view the EIGRP neighbor table and what information is contained in it?
show ip eigrp neighbors
Lists all directly connected neighbors
- H (Handle) - first neighbor gets 0 - next one 1 - gaps get filled
- Next Hop IP
- Interface
- Hold Time
- Uptime
- SRTT (Smooth round trip time)
- RTO (retransmission timeout)
- Q Count
- Seq Number
What is the command to view the EIGRP topology table and what information is contained in it.
- Successors and Feasible Successors
- Metric (FD)
- Route State (Passive, Active, Update, Query, Reply)
In EIGRP what are the requirements for a route to be a feasible successor
1) It must not be a successor
2) The advertised distance must be less than the feasible distance of the successor
3)
Nice plain english: A router can become a backup path if he is closer to the destination than your best path.
What command is used for unequal cost load balancing in EIGRP links. What type of routes can be used for load balancing?
variance n where n is the multiplier
Feasible successors can be used.
Example with variance 3 and FD of 100 on the successor a feasible successor with a FD of 300 will join the pool and will take 1/4 the traffic.
What protocol does EIGRP use for reliable messages?
RTP (Reliable Transport Protocol)
List EIGRP packet types and whether or not they need acks
Hello - Unreliable Update - Reliable Query - Reliable Reply - Reliable Ack - ack doesn't get acked
Update packets send new routing information. Reply packets send routing information in response to query packets.
Describe EIGRP Adjancency process
1) R1 sends hello
2) R2 sends Update
3) R2 sends hello (on its own timer - not in response to update)
4) R1 sends ack for update packet
5) R1 sends update
6) R2 sends ack back
How could you run EIGRP over a network that does not support multicast?
router mode:
neighbor x.x.x.x interface
List EIGRP K values
Bandwidth (K1) Load (K2) Delay (K3) Reliability (K4) MTU (K5)
What is the EIGRP metric formula for default K values K1 and K3
(10^7 / minimum bandwdith + (sum of delays)) * 256
Command to set EIGRP to use delay only in metric calculation
router mode:
metric weights 0 0 0 1 0 0
(First 0 is TOS which must be 0 - then K1, K2, etc.)
Command to summarize subnets within 172.16.0.0/23
interface mode:
ip summary-address eigrp as 172.16.0.0 255.255.254.0
What is a dis-contiguous network?
When a classful network has another classful network on a segment between 2 or more of its subnets.
So, for example, might be equal cost routing to 1.0.0.0/8 going to seperate ways to two seperate subnets - if auto-summary is in place.
For unequal cost load balancing what command shows the traffic share count?
show ip route x.x.x.x
What does SIA Query do?
SIA Query is sent half way through the SIA timer - to give the neighbor router a chance to return a SIA reply which keeps EIGRP from dropping the neighbor adjacency and losing the other routes.
List items that cause problems with EIGRP adjacencies
Uncommon subnet K value mismatch AS mismatch Layer 2 issues Access-list issues NBMA (not sending broadcasts)
What is the EIGRP multicast address?
224.0.0.10
What is a path vector routing protocol
BGP is the only example - it records the AS path
Describe the ways BGP can be homed
Single homed: you are connected to a single ISP using a single link.
Dual homed: you are connected to a single ISP using dual links.
Single multi-homed: you are connected to two ISPs using single links.
Dual multi-homed: you are connected to two ISPs using dual links.
command to add password to bgp neighbor
neighbor x.x.x.x password MYPASS
What is BGP synchronization
This is for transit networks. BGP won’t advertise a network learned from another AS unless it sees the network in the IGP as well. This way traffic doesn’t transit your AS until the IGP is up to date. For a stub AS one can disable synchronization with no synchronization command in router mode.
Configure iBGP peers to loopbacks
router bgp 2
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 next-hop-self
When is next-hop-self configuration is needed in BGP
For iBGP peers - so that they advertise their own next hop instead of the IP of the EBGP peer that advertised the router.
What is BGP split horizon?
iBGP does not advertise prefixes learned from another iBGP peer
What methods make multi-hop iBGP networks work without BGP split horizon breaking it?
BGP Route Reflectors
BGP Confederations
What does * and > mean in ‘show ip bgp’
* = valid router and BGP can use it > = the entry has been selected as the best path
What does a next hop of 0.0.0.0 mean in BGP?
It means the network originates on the local router.
What are the 2 BGP origin codes in use
i - originated using the ‘network’ command or equivalent.
? - Redistributed into BGP
List other BGP status codes beyond valid(*) and best (>)
s - supressed: BGP knows the network but won’t advertise it, this can occur when the network is part of a summary.
d - damped: BGP doesn’t advertise this network because it was flapping too often (network appears, disapears, appears, etc.) so it got a penalty.
h- history: BGP learned this network but doesn’t have a valid route at the moment.
r - RIB-failure: BGP learned this network but didn’t install it in the routing table. This occurs when another routing protocol with a lower administrative distance also learned it.
S - stale: this is used for non-stop forwarding, this entry has to be refreshed when the remote BGP neighbor has returned.
Which BGP states can lead to active state and why?
Connect and OpenSent - Connect because 3-way handshake fails and OpenSent because something is wrong with the open message (ie wrong AS number)
If BGP hold timers don’t match what happens?
The lower timer is used
List the BGP states in order (excluding active)
Idle Connect OpenSent OpenConfirm Established
Describe the BGP OpenConfirm state
BGP waits for a keepalive message from the remote BGP neighbor. When we receive the keepalive, we can move to the established state and the neighbor adjacency will be completed. When this occurs, it will reset the hold timer. If we receive a notification message from the remote BGP neighbor then we fall back to the Idle state. BGP will keep sending keepalive messages.
Describe the BGP established state
The BGP neighbor adjacency is complete and the BGP routers will send update packets to exchange routing information. Every time we receive a keepalive or update message, the hold timer will be resetted. In case we receive a notification message we will jump back to the Idle state.
Describe the BGP Idle state
This is the first state where BGP waits for a “start event”. The start event occurs when someone configures a new BGP neighbor or when we reset an established BGP peering. After the start event, BGP will initialize some resources, resets a ConnectRetry timer and initiates a TCP connection to the remote BGP neighbor. It will also start listening for a connection in case the remote BGP neighbor tries to establish a connection. When successful, BGP moves to the Connect state. When it fails, it will remain in the Idle state.
Describe the BGP Connect state
BGP is waiting for the TCP three-way handshake to complete. When it is successful, it will continue to the OpenSent state. In case it fails, we continue to the Active state. If the ConnectRetry timer expires then we will remain in this state. The ConnectRetry timer will be reset and BGP will try a new TCP three-way handshake. If anything else happens (for example resetting BGP) then we move back to the Idle state.
Describe the BGP Active state
BGP will try another TCP three-way handshake to establish a connection with the remote BGP neighbor. If it is successful, it will move to the OpenSent state. If the ConnectRetry timer expires then we move back to the Connect state. BGP will also keep listening for incoming connections in case the remote BGP neighbor tries to establish a connection. Other events can cause the router to go back to the Idle state (resetting BGP for example).
Describe the BGP OpenSent state
In this state BGP will be waiting for an Open message from the remote BGP neighbor. The Open message will be checked for errors, if something is wrong (incorrect version numbers, wrong AS number, etc.) then BGP will respond with a Notification message and jumps back to the Idle state. This is also the moment where BGP decides whether we use EBGP or IBGP (since we check the AS number). If everything is OK then BGP starts sending keepalive messages and resets its keepalive timer. At this moment, the hold time is negotiated (lowest value is picked) between the two BGP routers. In case the TCP session fails, BGP will jump back to the Active state. When any other errors occur (expiration of hold timer), BGP will send a notification message with the error code and jumps back to the Idle state. In case someone resets the BGP process, we also jump back to the Idle state.
What four messages does BGP use?
Open
Update
Keepalive
Notification
What is contained in a BGP Open message
Version (4)
My AS
Hold TIme
BGP Identifier (same rules as OSPF and EIGRProuter-id)
Optional Parameters - MP-BGP, Route Refresh, 4-octet AS numbers
configure a time range from 09:00 to 17:00 weekdays
time-range WORK_HOURS
periodic weekdays 09:00 to 17:00
Apply the time range WORK_HOURS to an extended ACL statement
101 deny tcp any host 192.168.23.3 eq 80 time-range WORK_HOURS
What is the only traffic allowed on an 802.1X port prior to authentication
EAPoL (Extensible Authentication Protocol over LAN)
What are the two layer 2 control protocols used in PPP and what do they do
LCP - Link control protocol - setting up link and authentication
NCP - Enables the sending of multiple protocols like IP, IPv6, CDP (IPX and AppleTalk)
What are the two PPP authentication options and what is the difference
PAP (Password Authentication Protocol): Plaintext!
CHAP (Challenge Authentication Protocol) - instead of plaintext password a hash of the password is sent
Configure CHAP
R1(config)# username R2 password MYSECRET
R2(config)# username R1 password MYSECRET
R1(config)#interface serial 0/0
R1(config-if)#ppp authentication chap
R2(config)#interface serial 0/0
R2(config-if)#ppp authentication chap
Does PPP CHAP have to be configured on both links?
No
Should one use a secret to increase CHAP security?
No! PPP can’t hash a password that is already hashed.
Configure PPPoE on client side
Client(config)#interface dialer 1
Client(config-if)#mtu 1492
Client(config-if)#encapsulation ppp
Client(config-if)#ip address negotiated
Client(config-if)#ppp chap hostname CUSTOMER
Client(config-if)#ppp chap password CISCO
Client(config-if)#dialer pool 1
Client(config)#interface GigabitEthernet 0/1
Client(config-if)#pppoe-client dial-pool-number 1
Configure PPP Multilink
R1(config)#interface multilink 1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface multilink 1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R1(config)#interface Serial 0/0/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1
R1(config)#interface Serial 0/1/0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp multilink group 1
What command verifies ppp multilink operation
show ppp multilink
What is recursive routing when it comes to tunnels?
When the destination IP for the tunnel interface is learned through the tunnel itself.
What can one do to prevent recursive routing through a tunnel?
Don’t advertise the destination IP on the tunnel interface - or use route filtering
Make sure the AD of the destination IP through the tunnel is higher than
Instead of AD make sure the metric is worse.
What does DMVPN use to know the public IP of multipoint tunnel neighbors?
NHRP - Next Hop Resolution Protocol
Describe NHRP
One router will be the NHRP server.
All other routers will be NHRP clients.
NHRP clients register themselves with the NHRP server and report their public IP address.
The NHRP server keeps track of all public IP addresses in its cache.
When one router wants to tunnel something to another router, it will request the NHRP server for the public IP address of the other router.
Summarize the three DMVPN phases
Note - phases are configuration options - the DMVPN solution does not progress through them.
Phase 1 - Spokes register with the hub. All traffic flows through the hub on point-to-point gre tunnels. Hub has multipoint GRE interface.
Phase 2 - All spoke routers run multipoint GRE so direct spoke-to-spoke tunneling is possible. When a spoke wants to reach another spoke it uses NHRP to find the tunnel IP. It must have the route and next-hop IP of the spoke tunnel ip to work.
Phase 3 - Specific routes are not needed by spokes for spoke-to-spoke connectivity. Routing will be set up as phase 1 but when a packet bound for another spoke reaches the hub it will send a NHRP redirect to both spokes. Both spokes resolve the public IP with NHRP and install a new routing entry so they can reach each other locally.
What is an EVC and VPWS
Also called E-Line (Ethernet Line Service)
Ethernet Virtual Circuit - point-to-point virtual ethernet link
VPWS is Virtual Private Wire Service which specifically refers to labeling the frame for MPLS transit
What is VPLS
Virtual Private Lan Service - E-LAN (Ethernet LAN Service)
What is E-Tree
Ethernet Tree Service
Traditional Frame Relay topology on Ethernet.. (Hub and spoke)
List four features provided by VPN
Confidentiality
Authentication
Integrity (verifying packet wasn’t changed)
Anti-replay
List 4 commond VPN protocols
IPSec
PPTP
L2TP
SSLVPN
What is PPTP
Point-to-point tunneling protocol
GRE tunnel with PPP and encryption done with MPPE
This has been proven insecure
What is L2TP
Layer Two Tunneling Protocol
As an extension of PPTP can tunnel layer two traffic. For secure VPN it can be combined with IPSEC This combination is often referred to as L2TP/IPSec
List 4 types of delay found in a network
Processing
Queuing
Serialization
Propagation (ie speed of light through fiber)
List application and traffic types relevant to QOS - with examples
Batch Application - FTP
Interactive Application - SSH
Voice and Video Application - VOIP
List the basic QOS Tools with short descriptions
Classification and marking: if we want to give certain packets a different treatment, we have to identify and mark them.
Queuing – Congestion Management: instead of having one big queue where packets are treated with FIFO, we can create multiple queues with different priorities.
Shaping and Policing: these two tools are used to rate-limit your traffic.
Congestion Avoidance: there are some tools we can use to manage packet loss and to reduce congestion.
The first 6 bits of the DS field are used to set a ______ that will affect the ______ at each node. The codepoint is also what we call the ______ value.
codepoint, PHB (Per Hob Behavior), DSCP value.
What is the name for using reservations to enforce end-to-end QoS?
IntServ (Integrated Services)
What is it called when no reservations are made and each device has its own QOS prioritization?
DiffServ
What is the default PHB DSCP value? How are packets treated by default?
00000000
Packets are ‘best effort.’
What are the class-selector codepoints?
IP Precedence bits are the first 3 DSCP bits. CS0=000 CS7=111 Default/CS0 - Routine CS1 - Priority CS2 - Immediate CS3 - Flash CS4 - Flash Override CS5 - Critical CS6 - Internetwork Control CS7 - Network Control
What were the value of the TOS bytes
1000 minimize delay 0100 maximize throughput 0010 maximize reliability 0001 minimize monetary cost 0000 normal service
What are 2 function of Assured Forwarding PHB?
Queueing and Congestion Avoidance
What bits of the DS field are used in Assured Forwarding
First 3 - Class (up to 4 binary 100)
bits 4 & 5 - drop probability - 01, 10, 11 - low, medium high
bit 6 remains 0
What two functions does expedited forwarding PHB have?
- Queuing
2. Policing
What is NBAR
Network Based Application Recognition
List the DSCP codepoints
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
What DS bits for EF?
101110
What are typical Precedence or DSCP values for voice and call signaling?
Precedence 5 (Critical) or DSCP EF Precedence 3 (Flash) or DSCP AF31
They are all arbitrary of course..
In policing if the number of bytes in a packet exceed the number of tokens in the bucket what does the router do with the tokens? What does it do with the packet?
The tokens are left in the bucket and the action on the packet is set by the policer. ie single-rate 2 color it is marked as exceeded and dropped.
Describe dual rate 3 color policing
When the number of bytes in the packet are less or equal than the number of tokens in the Bc bucket the packet is conforming. The policer takes the required tokens from the Bc bucket and performs the action. The policer also takes the same amount of tokens from the PIR bucket!
If the packet does not conform and the number of bytes of the packet is less than or equal to the number of tokens in the PIR bucket, the packet is exceeding.The policer will remove the required tokens from the PIR bucket and takes the configured action for exceeding packets.
When the packet is not conforming or exceeding, it is violating. The policer doesn’t take any tokens and performs the action for violating packets.
What are the two rates in dual rate policing
CIR = Committed Information Rate PIR = Peak Information Rate
In policing what are the three colors?
Conforming
Exceeding
Violating
When qos is enabled on a switch with ‘mls qos’ what is the default behavior on DSCP fields
They are erased! (after the value of the field is checked)
no mls qos rewrite ip dscp prevents this
What is a trust boundary for qos on a switch?
Markings made by devices inside the boundary are kept and used. Outside the boundary are ignored and overwritten.
What benefits do come with HSRPv2
4096 groups vs. 256
msec timers for v2
New multicast group 224.0.0.102 instead of ‘all routers’
Configure HSRP with a hello timer of 100ms and hold of 300ms - preempt with a delay of 60 seconds and md5 authentication. The primary should track the ping results of 192.168.23.3.
interface Vlan1 ip address 192.168.1.1 255.255.255.0 standby version 2 standby 1 ip 192.168.1.254 standby 1 timers msec 100 msec 300 standby 1 preempt delay minimum 60 standby 1 authentication md5 key-string MY_SECRET_KEY
interface Vlan1 ip address 192.168.1.2 255.255.255.0 standby version 2 standby 1 ip 192.168.1.254 standby 1 timers msec 100 msec 300 standby 1 priority 150 standby 1 preempt delay minimum 60 standby 1 authentication md5 key-string MY_SECRET_KEY standby 1 track 1 decrement 60
ip sla 1
icmp-echo 192.168.23.3
frequency 10
ip sla schedule 1 life forever start-time now
List the five HSRP states
Initial Listen Speak Standby Active
Which HSRP device will be active?
First the one with the highest configured priority
Second the one with the highest IP address
What is the default HSRP hold time?
10 seconds
Configure HSRP interface tracking
global: track 1 interface GigabitEthernet 0/2 line-protocol
if: standby 1 track 1 decrement 60
Or if: standby 1 track GigabitEthernet 0/2 60
(no decrement keyword for second option)
List the major IPv6 address types
Global Unicast - 2000::/3 Unique Local - FD00::/8 (FC00::/7 with FC00::/8 undefined) Link Local - FE80::/10 Multicast -FF00::/8 Unspecified - ::/128 Loopback - ::1
EUI-64 has what in the middle of the host portion of the address? Which bit is flipped?
FFFE,
The 7th
How is a solicited-node multicast address built
FF02::1:FF + Last 6 hex chars of unicast address
What are the major IPv6 multicast addresses
ff02: :1 - all nodes
ff02: :2 - all routers
What is a Neighbor Solicitation Message
IPv6 ARP request - sent to solicited node multicast address and includes the layer 2 address of the sending host
What is sent in reply to a neighbor solicitation?
A neighbor advertisement message - includes layer 2 address of sending host and sent to layer 2 address of soliciting host.
Configure a neighbor to obtain its IP through SLAAC
ipv6 address autoconfig
Configure OSPFv3
ipv6 unicast-routing ! interface loopback 0 ipv6 address 2001::1/128 ipv6 ospf 1 area 0 ! interface fastEthernet 0/0 ipv6 enable ipv6 ospf 1 area 0 ! ipv6 router ospf 1 router-id 1.1.1.1
Command to advertise default route in OSPFv3
default-information originate (always)
Configure IPv6 EIGRP
interface loopback 0 ipv6 address 2001::1/128 ipv6 eigrp 1 ! interface GigabitEthernet 0/1 ipv6 enable ipv6 eigrp 1 ! ipv6 router eigrp 1 router-id 1.1.1.1 no shutdown
List main differences between IPv4 and IPv6 access lists
IPv4 access-lists can be standard or extended, numbered or named. IPv6 only has named extended access-lists.
IPv4 access-lists have an invisible implicit deny any at the bottom of every access-list. IPv6 access-lists have three invisible statements at the bottom:
permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any
Configure IPv6 ACL to allow only telnet to 2001:DB8:0:12::1
interface FastEthernet0/0 no ip address ipv6 address 2001:DB8:0:12::2/64 no ipv6 unreachables ipv6 traffic-filter R1_TRAFFIC in ! ipv6 access-list R1_TRAFFIC permit tcp host 2001:DB8:0:12::1 any eq telnet
Configure SNMPv3
hostname R1 ! snmp-server group MYGROUP v3 priv snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY12 ! end
Configure basic IP SLA
ip sla 1 icmp-echo 192.168.12.2 frequency 10 ! ip sla schedule 1 start-time now life forever
What command shows the result of active IP SLAs
show ip sla statistics
Configure RSPAN
SW1 vlan 100 remote-span monitor session 1 source interface Fa0/1 monitor session 1 destination remote vlan 100
SW2 vlan 100 remote-span monitor session 1 source remote vlan 100 monitor session 1 destination interface fastEthernet 0/1
Configure SPAN
monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/2
monitor session 2 source vlan 1
monitor session 2 destination interface Fa0/3
What do the virutal MAC addresses for HSRPv1 and HSRPv2 start with?
v1 0000.0C07.AC–
v2 0000.0C9F.F—
How is VRRP different from HSRP
Can use a router’s own IP as virtual IP
Hello timers 1 3 by default instead of 3 10
How is GLBP different from HSRP/VRRP
Gateway –Load Balancing–
Multiple IPs/Virtual MACs for load balancing
What is FHRP
a First Hop Redundancy Protocol aka HSRP / VRRP
List recommended requirements for voice and video traffic - jitter, delay, and loss - as well as the recommended QOS marking for each
Both: Jitter < 30ms Delay < 150ms Loss < 1% Voice QOS: DSCP EF Video QOS: AF41
What does LLQ stand for?
low Latency queuing CB-WFQ is WFQ + classes that carve up bandwidth. FYI CB-WFQ + strict priority PQ-CBWFQ -aka voice can go first.
Compare TACACS+ to RADIUS
TACACS+ - Cisco Proprietary, Command-by-command authorization, packet fully encrypted, normally used for network devices
Radius - Industry standar RFC 2865, Only password encrypted, Normally used for user auth
When an ACL denies a packet what messages is sent back to the source
ICMP unreachable
List network traffic attributes IP SLA can track
Network Delay
Packet Loss
Jitter
Voice Quality
What command shows the number of EIGRP packets sent and received?
show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 78 Hellos sent/received: 2180/2005 Updates sent/received: 70/21 Queries sent/received: 3/1 Replies sent/received: 0/3 Acks sent/received: 22/11
Configure GRE tunnels
R1:
interface Tunnel1 ip address 192.168.13.1 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 192.168.23.3 interface ! GigabitEthernet0/1 ip address 192.168.12.1 255.255.255.0
R2: interface Tunnel1 ip address 192.168.13.3 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 192.168.12.1 ! interface GigabitEthernet0/1 ip address 192.168.23.3 255.255.255.0
