Network Assurance

Question 1

CAPWAP ports

Answer 1

5246-5247

Question 2

CAPWAP - Control Channel Traffic Port

Answer 2

5246

Question 3

CAPWAP - Data Channel Traffic Port

Answer 3

5247

Question 4

TFTP Port

Answer 4

69

Question 5

What Port can AP’s use to transfer data files

Answer 5

TFTP - Port 69

Question 6

What port is used by mobility communications

Answer 6

16666-16667

Question 7

Mobility Communications Port - 16666

Answer 7

Encrypted

Question 8

Mobility COmmunications Port - 16667

Answer 8

Not encrypted

Question 9

NETCONF SSH Subsystem Port

Answer 9

830

Question 10

What type of credentials are configured on Access Points to ensure those credentials are avalaible everywhere?

Answer 10

Global Credentials

Question 11

Can you override global credentials for a specific Cisco IOS AP?

Answer 11

Yes

Question 12

Cisco AP DHCP Option

Answer 12

43

Question 13

Cisco AP DNS option

Answer 13

cisco-capwap-controller

Question 14

What broadcast address does a Cisco AP use to find a WLC?

Answer 14

255.255.255.255

Question 15

How does (order) an AP learn about WLC@s

Answer 15

1. DHCP option 43 (good for global companies where offices and controllers are on different continents).
2. DNS entry for cisco-capwap-controller (good for local businesses - can also be used to find where brand new APs join) If you use CAPWAP, make sure there is a DNS entry for cisco-capwap-controller.
3. Management IP addresses of controllers the LAP remembers previously.
4. A Layer 3 broadcast on the subnet.
5. Statically configured information.
6. Controllers present in the mobility group of the WLC the AP last joined.

Question 16

“DHCP option 43 is used by large companies to localize the information by the DHCP. This method is used by large enterprises that have a single DNS suffix. For example….” give an example

Answer 16

Cisco owns buildings in Europe, Australia, and the United States. In order to ensure that the LAPs only join controllers locally, Cisco cannot use a DNS entry and must use DHCP option 43 information to tell the LAPs what the management IP address of their local controller is.

Question 17

Who created CAPWAP

Answer 17

IETF

Question 18

CAPWAP is based

Answer 18

Lightweight Access Point Protocol (LWAPP) but adds additional security with Datagram Transport Layer Security (DTLS)

Question 19

CAPWAP IPv4 Protocol Number

Answer 19

17 - uses UDP ports 5246 (control) and 5247 (data)

Question 20

In an AP Split MAC architecture the following are examples of use cases performed by what?
802.11 authentication
802.11 association and re-association (mobility)
802.11 frame translation and bridging
802.1X/EAP/RADIUS processing
Termination of 802.11 traffic on a wired interface, except in the case of FlexConnect APs (discussed later in this guide)

Answer 20

The AP itself

Question 21

What certificate does AP’s use for certificates when forming initial DTLS tunnels?

Answer 21

Manufacturing Installed Certificate (MIC)
Installed by cisco when shipped

Question 22

What type of security archtiecture facilitates this VPN?

Answer 22

FlexConnect

Question 23

What message types facilitate an inter-subnet WLC controller roam?

Answer 23

Mobiliy

Question 24

In a Cisco WLC with full Mobility setup - does a inter-subnet controller roam result in a client IP address change?

Answer 24

No - WLC setup an “ANchor” original and “Foreign” entry in both WLC CLient Databases
User keeps original IP and “Foreign” client database tunnels traffic to anchor database

Question 25

Cisco preferred redundancy model for WLC’s

Answer 25

N+1

Question 26

Do backup WLC’s require liences

Answer 26

YEs

Question 27

WHat port do WLC’s use to perform Stateful Switchover Wireless Controller Redundancy

Answer 27

REdundancy port

Question 28

If a port says lineprotocol down (monitoring) - what does this mean

Answer 28

Port is a SPAN destination port

Question 29

What Layer 3 switching technology must be enabled for Netflow to export records?

Answer 29

CEF

Question 30

Does a version incomatibility affect showing local Netflow stats?

Answer 30

No

Question 31

Is Netflow Version 9 backward compatible with other versions?

Answer 31

No

Question 32

Are all netflow versions backwards compatible

Answer 32

Yes - apart from 9

Question 33

What three (transport) protocols can a SYSLOG message be sent using

Answer 33

TCP
UDP
BEEPS

Question 34

Syslog - what port is when when connecting via TLS

Answer 34

6514

Question 35

If BPDU Guard is enabled, do root ports get err-disabled when a BPDU is received?

Answer 35

No

Question 36

What enviroment is CIsco OfficeExtend used for? What is it?

Answer 36

AP’s used to extend corporate WLAN into users home

Question 37

With Cisco OfficeExtend what protocol is used to provide securty between office and home?

Answer 37

DTLS

Question 38

What command would enable the feature circled in red in SNMP?

Answer 38

service sequence-numbers

Question 39

To configure a client to use a particualr key with a server what command should be used

Answer 39

ntp server <server_ip> key <key_id></key_id></server_ip>

Question 40

In NTP what command is used to define the authentication key?

Answer 40

ntp authentication-key <number> md5 <key></key></number>

Question 41

Specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it

Answer 41

ntp trusted-key

Question 42

What enables NTP authentication?

Answer 42

ntp authentication command

Question 43

Difference ntp authentication-key and ntp trusted-key

Answer 43

ntp authentication-key used to define keys that are presented

ntp trusted-keys are used to define keys that are accepted

Question 44

Syslog - TLS Port and Protocol

Answer 44

TCP 6514

Question 45

Syslog - DTLS Port and Protocol

Answer 45

UDP 6514