IPv4 Service CH22-24

Question 1

What is the major difference between an extended ACL and standard ACL?

Answer 1

Extended Access List can use larger variety of packet header fields to match a packet.

Question 2

Define the parameter value legend when using the syntax in Extended ACL:
eq:
ne:
range:
it:
gt:

Answer 2

equal
not equal
x to y
less than
greater than

Question 3

What are the usual ranges for Extended ACL’s access-list number?

Answer 3

100-199 or 2000-2699.

Question 4

What are the three major difference between named ACL and numbered ACL?

Answer 4

The named ACL uses names instead of numbers to identify the ACL, making it easy to remember.

Use ACL subcommands instead of global commands

ACL editing features that allow the CLI users to delete and insert lines.

Question 5

What is the major advantage of using ACL sequence numbers in numbered and named ACL?

Answer 5

Easier to add/delete lines and automatic sequence numbering.

Question 6

How does turning off CDP(Cisco Discovery Protocol) lower the security risk?

Answer 6

CDP allows devices on the same link learn some basic information form each other. Turning off the CDP on untrusted network will help lower security risk. *most IP phones use CDP.

Question 7

How to turn off CDP globally? (p643)

Answer 7

no cdp enable

Question 8

What are some ACL implementation consideration? (p644)

Answer 8

Place extended ACL as close as possible to the source of the packet to discard the packets quickly to save bandwidth.

Place the STANDARD ACL as close as possible to the packet’s destination, because standard ACLs often discard packets that you do not want discarded when they are placed close to the source.

Place more specific statements early in the ACL.

Disable an ACL from its interface(using the “no ip access-group” command) before making changes to the ACL.

Question 9

Syslog messages’ time-of day clocks are synced using________ to troubleshoot easier. (p646)

Answer 9

Network Time Protocol (NTP)

Question 10

What are the solutions to exhausting IPv4? (p656)

Answer 10

Network Address Translation(NAT), Private addressing, and Classless Inter-domain routing (CIDR).

Question 11

How does Private Addressing relates to Network Address Translation Concept? (659)

Answer 11

NAT translate private addresses to enable them to continue using those not-internet-ready addresses and still able to communicate with hosts across the internet.

Question 12

How does NAT translate Private Addressing to be used with internet? (659)

Answer 12

NAT uses a valid registered IP address to represent the private address to the rest of the internet. NAT changes the private IP address to publicly registered IP addresses inside each IP packet.

Question 13

What device will perform NAT? (659)

Answer 13

Routers.

Question 14

What are the main four NAT Addressing Terms?(661)

Answer 14

Inside Local, Inside Global, Outside Global, Outside Local. Separate inside and outside by a NAT router

Question 15

What does Port Address Translation help the overloaded NAT? (664)

Answer 15

PAT (also named NAT Overload)allows NAT to scale to support many clients with only a few public IP addresses.

Question 16

What are the three types of NAT and which one is the most popular? (p665)

Answer 16

Static NAT, Dynami NAT and PAT. PAT is the most popular because it does not need 1 to 1 mapping from the inside local to the inside global address. PAT significantly reduce the number of required registered IP addresses compared to these other NAT alternatives.

Question 17

What are the three steps to configure Static NAT? (667)

Answer 17

1. Configure interfaces to be in the inside part of the NAT design using the “ip nat inside” interface subcommand.
2. Configure interfaces to be in the outside part of the NAT design using the “ip nat outside” interface subcommand.
3. Configure the static mappings with the “ip nat inside source static” inside local inside global global configuration command.

Question 18

When configuring Dynamic NAT, what are some similarities it has compares to Static NAT? (669)

Answer 18

It also requires to configure which interfaces to be in the inside and outside part of the NAT design with the ip nat inside/outside subcommands.

Question 19

How is configuring Dynamic NAT differ than Static NAT?

Answer 19

It need to configure ACL(Access Control List) that matches the packets entering inside interfaces for which NAT should be performed.

Configure the pool of public registered IP addresses using the ip nat pool name first-address last-address netmask subnet-mask global configuration command.

Enable dynamic NAT by referencing the ACL and pool with the “ip nat inside source list [acl-number] pool [poo-number]” global configuration command.

Question 20

How does PAT configuration similar to Dynamic NAT config? how does ming study in the bathroom?

Answer 20

Exactly the same except that it configure the “ip nat inside source list [acl-number] interface [type/number] OVERLOAD “ global config command, referring to the ACL created in previous step and to the interface whose IP address will be used for translations.