Network Configuration Flashcards
What are the layers in the Cisco Hierarchical Network Design?
Core, distribution, and access
Core
Aggregates distribution switches in very large campus LANs, providing high forwarding rates
Distribution
- Provides an aggregation point for access switches
- Forwards frames between switches
- Does not directly connect to end users
- Provides redundancy and interconnectivity with minimal cabling
Access
- Provides a connection point for end user devices
- Does not normally forward frames between two other switches
- Controls user and workgroup access to intranet work resources
Switch OS
Internetwork Operating System (IOS)
What are popular methods of accessing Cisco IOS command line interface (CLI)?
Console, Telnet, SSH
CLI Password Security
- Telnet/SSH are not disabled by default
- All methods password capable
- Console (line console 0)
- Telnet/SSH - line vty 0 15
What are the switches memory types?
- Read Only Memory (ROM)
- Flash memory
- Nonvolatile Ram (NVRAM)
- RAM: Dynamic Random Access Memory (DRAM)
Where are configurations stored?
- Startup-config - NVRAM
- Running-config - RAM
- Initial configuration (Setup mode)
Cisco Discovery Protocol (CDP)
- Discovers information about neighboring Cisco devices
- “show cdp neighbors”
- Enabled by default
Slide 19
VLAN
- Advantages include segmentation, flexibility, security
- Equals broadcast domain, subnet, logical network, local area network
- In order to have inter VLAN communications a router is required
What is used to connect two switches together?
A trunk
VLAN Operation
- VLANs can span multiple switches
- Trunk carry traffic for multiple switches
- Trunks use special encapsulation to distinguish between multiple VLANs
What are the two different types of VLAN membership?
Port driven and MAC address driven
ISL Encapsulation
ISL trunks enable VLANs across a backbone, completely encapsulates the frame between a 26 byte header and a 4 byte trailer
802.1Q
Frame tagging, a 4 byte tag is added to the original header including VLAN ID information, after the tag is inserted the frame check sequence (FCS) is recalculated
VLAN Frame Identification
- Developed for multi VLAN, inter switch communications
- Places a unique identifier in header of each frame
- Functions at layer 2
ISL vs 802.1Q
- Both encapsulate VLAN traffic
- Max VLANs (ISL=1000, 802.1Q=4096)
- Spanning tree (ISL=per VLAN, 802.1Q=one on native VLAN for all VLANs in the network (Mono Spanning Tree))
- Support (ISL=Cisco proprietary, 802.1Q=IEEE open standard)
- Makes use of native VLAN (ISL=no, 802.1Q=yes)
Trunk Modes of Operation
Trunk, access, dynamic desirable, dynamic auto
Trunk mode of operation
Permanent trunking mode
Access mode of operation
Permanent non-trunking mode
Dynamic Desirable mode of operation
Makes the port actively try to convert the link to a trunk link (port becomes a trunk if the neighboring port is set to trunk, desirable, or auto mode)
Dynamic Auto mode of operation
Makes the port willing to become to a trunk link (port becomes a trunk port if the neighboring port is set to on or desirable))
Nonegotiate
Puts the trunk into permanent trunking mode, prevents the port from generating DTP frames
EtherChannel
Parallel links act as one, doubled bandwidth, multiple parallel segments, reduces convergence occurrences, both links have to fail
VTP Protocol Features
- Messaging system that advertises VLAN configuration informationto maintain VLAN configuration consistency throughout a domain
- Send advertisements on trunk ports only
Slide 44
Slide 45
VTP Operation
- VTP advertisements are sent as multicast frames
- VTP servers and clients are synchronized to the latest revision number
- VTP advertisements are sent every 5 minutes or when there’s a change
What are the requirements for VTP to function?
- Links operate as ISL or 802.1Q
- VTP domain name matches
- VTP password matches (if set)
Storing VLAN configuration
- vlan.dat in flash memory
- delete flash:vlan.dat (clean config)
VTP Pruning
Increase available bandwidth by reducing unnecessary traffic flow
What is the purpose of Spanning Tree Protocol?
- Preventing loops while providing path redundancy
- Prevent broadcast storms
- Eliminate MAC table instability
- Eliminate multiple frame transmission
Slide 53
How Spanning Tree Works
Criteria to choose whether to forward:
- Elect a root bridge (all working interfaces are forwarding)
- Elect a root port for non root bridges (one per device, lowest cost back to root bridge)
- Elect a designated port for each network segment (lowest cost back to root bridge)
What do switches exchange for STP?
Switches exchange configuration messages called Bridge Protocol Data Units (three types: configuration BPDU, Topology Change Notification (TCN), Topology Change Acknowledgement (TCA))
BPDU Bridge ID
- Unique identifier
- Bridge priority (2 bytes) and bridge MAC address (6 bytes)
- IEEE 802.1d default bridge priority is 32768 (midrange value)
- Root bridge has the lowest bridge priority (if bridge priority is the same lowest MAC address wins)
Electing a Root Bridge
- Only one bridge designated as root bridge in a given network
- On the root bridge, all ports are designated ports
- Designated ports are normally in the forwarding state
- When in the forwarding state, a port can send and receive user traffic
Non Root Bridge (Spanning Tree Operations)
- One root port
- Root port - lowest cost path from the non root bridge to the root bridge
- Root ports are in a forwarding state
- STP cost path is an accumulated cost calculated based on bandwidth
Designated Port (Spanning Tree Operations)
- One per segment
- On bridge with lowest cost path to root
What are non designated ports set to?
Forwarding state
When in Spanning Tree would a port not forward traffic?
When it’s set to a blocking state to break the loop
STP Port States
- Blocking
- Listening
- Learning
- Forwarding
- Disabled
Normal switch operations (STP states)
Forwarding or blocking
Change in network topology detected (20 sec) (STP states)
Listening (15 sec)
- Interface does not forward frames
- Inactive MAC address entries removed from CAM table (inactive MAC addresses potential cause of loops)
Learning (15 sec)
- Interface does not forward frames
- Switch starts learning new MAC addresses to update its CAM table
Convergence
Time to complete STP after topology change, all switches have transitioned to either forwarding or blocking
How long does 802.1d (STP) take to converge?
50 seconds
How long does 802.1w (RSTP) take to converge?
Less than 10 seconds
Slide 66-67
BPDU Guard
- Prevents switch operation on specified port
- Configured on access or unused/disabled ports
- Port goes into err-disabled mode when BPDUs detected
Root Guard
- Allows switch operation on specified port
- Ignores superior BPDU Hello messages (prevents rogue bridges from taking over)
Rapid STP (RSTP)
STP similarities:
- Elects root switch
- Elects root port on non root switches
- Elects designated ports per LAN segment
- Places each port in forwarding/discarding state
- In RSTP blocking is called discarding
STP differences:
- Slide 70
What improvements did RSTP bring to STP?
- MaxAge 6 seconds vs 20 in STP
- Eliminates forward delay (default was 15 sec for listening/learning)
- Listening state removed, learning state time reduced
- Convergence times <10 sec
Slide 72
Slide 73
Inter VLAN Routing
- VLANs inhibit communication between VLANs
- Packets sent to a default router
- Multiple VLANs interfacing with a single route processor require multiple connections or VLAN trunking
What must be done if there are not enough physical ports on a router for the required number of VLANs?
A physical interface must be divided into multiple sub-interfaces
What devices were traditionally used for routing?
A physical high end router connected by multiple connections such as an ISL trunk
What device is used for routing now?
A multilayer switch which integrates layer 2 and layer 3 functionality in a single device
What does a default gateway facilitate?
Inter VLAN communication
Routers
- Internetworking devices that work at layer 3
- Understand and use logical addresses (ip addresses)
- Keep table of information about networks
- Can make path determinations
- Don’t normally forward broadcasts
- Can support multiple layer 3 protocols at the same time
External routers with an interface per VLAN
Very expensive in large networks w/ a lot of VLANs, rack, power and environmental limitations
DHCP Relay Agent
Client server application to forward broadcast requests, IP helper address
Router on a Stick
Single router w/ one interface, performs ISL or 802.1q trunking, uses sub-interfaces, sub-interfaces assigned to VLANs via encapsulation
What are the two main types of layer 3 interfaces?
Routed ports and switch virtual interfaces (SVI)
Switch Virtual Interface
- A virtual port, it exists only in software on a multilayer switch
- Is the layrer 3 presence of a VLAN
- Allows inter VLAN routing
- The layer 2 VLAN must exist for this function
Hot Standby Router Protocol (HSRP)
- Supports non-disruptive failover of IP traffic
- Routers work in concert to present illusion of a single virtual router to hosts on the LAN (known as HSRP/standby group with one router set as the active)
- One router, known as the active, forwards packets
- Another router is elected as the standby router to take over if the active fails
Which router in the HSRP group will become that active router?
The one with the highest HSRP priority number
What does the active router in HSRP respond to ARP requests with?
The MAC address of the virtual router
How long should the hold timer be in HSRP?
At least three times the value of the hello timer
DHCP Relay
- Used within a centralized DHCP server with many subnets
- Without DHCP relay DHCP requests from hosts will never leave the local LAN subnet
- Turns broadcast packets into unicast packets and forwards it on
Port Security
Configure a switchport to limited MAC addresses (done only on static access or static trunk, not dynamic)
Static Port Security
For when MAC addresses are know and don’t often change. Configured by administrator and stored in running-config
Dynamic Port Security
For when hosts are constantly changing, limits the number of hosts per port. Learned from traffic, not stored in running config.
Sticky Port Security
Allows multiple hosts to be dynamically learned at once. Saving the MAC addresses to the running-config essentially makes them static.
What are the different types of switchport security violations?
Protected, Restricted, Shutdown
Switchport Security - Protected
Known MAC addresses are allowed to continue sending traffic. No notifications.
Switchport Security - Restricted
Known MAC addresses are allowed to continue sending traffic. Same as Protected but notification sent (SNMP), violation counter incremented
Switchport Security - Shutdown
Default mode. Notification sent. Interface shutdown.
Secure Shell
- Encrypts terminal traffic
- Prevents disclosure of passwords
- Guarantees identity of device and remote user
- Keeps remote sessions private from other network users
- Up to 2048 bit cyphers and RSA encryption
AAA
The mechanism Cisco recommends for remote administration, authentication, authorization, and accounting
What are the two methods of AAA?
RADIUS and TACACS+
Routed Port
- Uses the no switchport command to configure a physical switch port as a routed port
- Used in conjuction with SVIs
- Configured to act like a port on a traditional router
- Used for point to point connectivity
What does a router need to do to successfully route?
- Know the destination address
- Identify the sources it can learn from
- Discover possible routes
- Select the best route
- Maintain and verify routing information
What are the general types of routing?
Static and dynamic
Static Routing
- Manually configured by the administrator
- Simplest form of routing as long as network is small
- Extremely complex and not feasible for large networks
- Unable to adapt to topology changes
- Hub and spoke design
- Classful and classless
Static routes must be configured in both directions? (True/False)
True
Dynamic Routing
- Used to exchange routing information between routers
- Purpose includes: discovery of remote networks, maintaining up-to-date routing information, choosing best path to destination networks, ability to find new best path if needed, can be simple of complex
- Have ability to load balance between multiple paths
- Administrator determines interfaces and networks
Slide 140
How does dynamic routing work?
- The router sends and receives routing messages on its interfaces
- The router shares routing messages and routing information with other routers that are using the same routing protocol
- Routers exchange routing information to learn about remote networks
- When a router detects a topology change the routing protocol can advertise this change to other routers
What are the characteristics routing protocols can be categorized by?
Purpose, operation, behavior
What are the categories created by classifying routing protocols according to the purpose?
Interior gateway protocol and exterior gateway protocol
What are the categories created by classifying routing protocols according to the operation?
Distance vector protocol, link-state protocol, path-vector protocol
What are the categories created by classifying routing protocols according to the behavior?
Classful or classless
Slide 143
How do we define the difference between IGPs and EGPs
By autonomous system (a collection of routers under common administration)
Distance Vector
Distance vector means that routes are advertised by providing a distance (how far to the destination network based on a metric) and a vector (the direction of the next hop-router or exit interface)
What are the distance vector IPv4 IGPs?
RIPv1, RIPv2, IGRP, EIGRP
Link State
Every node constructs a map of the connectivity of a network. Each node then independently calculates the next best logical path from it to every other destination. Each collection of best paths will become the routing table.
When are link state protocols best?
- The network design is hierarchical, usually in large networks
- Fast convergence is crucial
- The administrators have good knowledge of the implemented link-state routing protocol
What are the link state IPv4 IGPs?
OSPF and IS-IS
Path Vector
Essentially a distance vector protocol that doesn’t rely on the distance to destination to guarantee a loop-free path but instead relies on the analysis of the path itself
What is the Border Gateway Protocol classified as?
Path vector protocol
What is the biggest distinction between classful and classless routing protocols?
Classful routing protocols do not send subnet mask information in their routing updates
What were the original IPv4 classful routing protocols?
RIPv1 and IGRP
What are the limitations of RIPv1 and IGRP?
They cannot provide Variable Length Subnet Masks and Classless Inter-domain Routing
Where can classful routing protocols cause problems?
In discontiguous networks
What do classless routing protocols support?
VLSM, CIDR and discontiguous networks
Administrative Distance
The feature that routers use in order to select the best path when two or more different routes to the same destination come from two different routing protocols
What does administrative distance define?
The reliability of a routing protocol
What do distance vector routing protocols share updates between?
Neighbors (routers that share a link and are configured to use the same routing protocol)
What distance vector routing protocols send periodic updates?
RIPv1 and RIPv2
Routing Information Protocol (RIP)
- Uses the simplest routing metric (hop count)
- Does not scale well to large networks
- Susceptible to loops and the count to infinity problem
How is the infinity problem solved?
Split Horizon (information about the routing for a particular packet is never sent back in the direction from which it was received)
OSPF
- Open Standard
- Shortest Path First (SPF) algorithm
- Link state routing protocol (vs distance vector)
How is an OSPF routing table made?
LSAs are propagated rather than routing table updates. LSAs are flooded to the network and database is pieced together from the LSAs. Designated Router (DR) exchanges LSAs with routers (DROthers), backup DR (BDR) takes over if DR goes down
What does EIGRP support?
- Rapid convergence
- Reduced bandwidth usage
- Multiple network-layer protocols
What are the types of EIGRP routes?
- Successor (feasible or calculated distance/reported or advertised distance)
- Feasible successor
- Feasibility Condition
Why would you use Access Lists?
To manage IP traffic as network access grows and filter packets as they pass through the network
What can access lists control?
Packets moving through the network and VTY access to or from the router
What types of access lists are there?
Standard and extended
What are standard access lists?
They check the source address and generally permit or deny entire protocol suite
What are extended access lists?
They check source and destination addresses and generally permit or deny specific protocols
What number range are standard access lists?
1-99
What number range are extended access lists?
100-199
Key features of access lists
- Implicit deny unless access list ends with allow any
- The order of access list statements is crucial
