Network Configuration

Question 1

What are the layers in the Cisco Hierarchical Network Design?

Answer 1

Core, distribution, and access

Question 2

Core

Answer 2

Aggregates distribution switches in very large campus LANs, providing high forwarding rates

Question 3

Distribution

Answer 3

• Provides an aggregation point for access switches
• Forwards frames between switches
• Does not directly connect to end users
• Provides redundancy and interconnectivity with minimal cabling

Question 4

Access

Answer 4

• Provides a connection point for end user devices
• Does not normally forward frames between two other switches
• Controls user and workgroup access to intranet work resources

Question 5

Switch OS

Answer 5

Internetwork Operating System (IOS)

Question 6

What are popular methods of accessing Cisco IOS command line interface (CLI)?

Answer 6

Console, Telnet, SSH

Question 7

CLI Password Security

Answer 7

• Telnet/SSH are not disabled by default
• All methods password capable
• Console (line console 0)
• Telnet/SSH - line vty 0 15

Question 8

What are the switches memory types?

Answer 8

• Read Only Memory (ROM)
• Flash memory
• Nonvolatile Ram (NVRAM)
• RAM: Dynamic Random Access Memory (DRAM)

Question 9

Where are configurations stored?

Answer 9

• Startup-config - NVRAM
• Running-config - RAM
• Initial configuration (Setup mode)

Question 10

Cisco Discovery Protocol (CDP)

Answer 10

• Discovers information about neighboring Cisco devices
• “show cdp neighbors”
• Enabled by default

Question 11

Slide 19

Question 12

VLAN

Answer 12

• Advantages include segmentation, flexibility, security
• Equals broadcast domain, subnet, logical network, local area network
• In order to have inter VLAN communications a router is required

Question 13

What is used to connect two switches together?

Answer 13

A trunk

Question 14

VLAN Operation

Answer 14

• VLANs can span multiple switches
• Trunk carry traffic for multiple switches
• Trunks use special encapsulation to distinguish between multiple VLANs

Question 15

What are the two different types of VLAN membership?

Answer 15

Port driven and MAC address driven

Question 16

ISL Encapsulation

Answer 16

ISL trunks enable VLANs across a backbone, completely encapsulates the frame between a 26 byte header and a 4 byte trailer

Question 17

802.1Q

Answer 17

Frame tagging, a 4 byte tag is added to the original header including VLAN ID information, after the tag is inserted the frame check sequence (FCS) is recalculated

Question 18

VLAN Frame Identification

Answer 18

• Developed for multi VLAN, inter switch communications
• Places a unique identifier in header of each frame
• Functions at layer 2

Question 19

ISL vs 802.1Q

Answer 19

• Both encapsulate VLAN traffic
• Max VLANs (ISL=1000, 802.1Q=4096)
• Spanning tree (ISL=per VLAN, 802.1Q=one on native VLAN for all VLANs in the network (Mono Spanning Tree))
• Support (ISL=Cisco proprietary, 802.1Q=IEEE open standard)
• Makes use of native VLAN (ISL=no, 802.1Q=yes)

Question 20

Trunk Modes of Operation

Answer 20

Trunk, access, dynamic desirable, dynamic auto

Question 21

Trunk mode of operation

Answer 21

Permanent trunking mode

Question 22

Access mode of operation

Answer 22

Permanent non-trunking mode

Question 23

Dynamic Desirable mode of operation

Answer 23

Makes the port actively try to convert the link to a trunk link (port becomes a trunk if the neighboring port is set to trunk, desirable, or auto mode)

Question 24

Dynamic Auto mode of operation

Answer 24

Makes the port willing to become to a trunk link (port becomes a trunk port if the neighboring port is set to on or desirable))

Question 25

Nonegotiate

Answer 25

Puts the trunk into permanent trunking mode, prevents the port from generating DTP frames

Question 26

EtherChannel

Answer 26

Parallel links act as one, doubled bandwidth, multiple parallel segments, reduces convergence occurrences, both links have to fail

Question 27

VTP Protocol Features

Answer 27

• Messaging system that advertises VLAN configuration informationto maintain VLAN configuration consistency throughout a domain
• Send advertisements on trunk ports only

Question 28

Slide 44

Question 29

Slide 45

Question 30

VTP Operation

Answer 30

• VTP advertisements are sent as multicast frames
• VTP servers and clients are synchronized to the latest revision number
• VTP advertisements are sent every 5 minutes or when there’s a change

Question 31

What are the requirements for VTP to function?

Answer 31

• Links operate as ISL or 802.1Q
• VTP domain name matches
• VTP password matches (if set)

Question 32

Storing VLAN configuration

Answer 32

• vlan.dat in flash memory
• delete flash:vlan.dat (clean config)

Question 33

VTP Pruning

Answer 33

Increase available bandwidth by reducing unnecessary traffic flow

Question 34

What is the purpose of Spanning Tree Protocol?

Answer 34

• Preventing loops while providing path redundancy
• Prevent broadcast storms
• Eliminate MAC table instability
• Eliminate multiple frame transmission

Question 35

Slide 53

Question 36

How Spanning Tree Works

Answer 36

Criteria to choose whether to forward:
- Elect a root bridge (all working interfaces are forwarding)
- Elect a root port for non root bridges (one per device, lowest cost back to root bridge)
- Elect a designated port for each network segment (lowest cost back to root bridge)

Question 37

What do switches exchange for STP?

Answer 37

Switches exchange configuration messages called Bridge Protocol Data Units (three types: configuration BPDU, Topology Change Notification (TCN), Topology Change Acknowledgement (TCA))

Question 38

BPDU Bridge ID

Answer 38

• Unique identifier
• Bridge priority (2 bytes) and bridge MAC address (6 bytes)
• IEEE 802.1d default bridge priority is 32768 (midrange value)
• Root bridge has the lowest bridge priority (if bridge priority is the same lowest MAC address wins)

Question 39

Electing a Root Bridge

Answer 39

• Only one bridge designated as root bridge in a given network
• On the root bridge, all ports are designated ports
• Designated ports are normally in the forwarding state
• When in the forwarding state, a port can send and receive user traffic

Question 40

Non Root Bridge (Spanning Tree Operations)

Answer 40

• One root port
• Root port - lowest cost path from the non root bridge to the root bridge
• Root ports are in a forwarding state
• STP cost path is an accumulated cost calculated based on bandwidth

Question 41

Designated Port (Spanning Tree Operations)

Answer 41

• One per segment
• On bridge with lowest cost path to root

Question 42

What are non designated ports set to?

Answer 42

Forwarding state

Question 43

When in Spanning Tree would a port not forward traffic?

Answer 43

When it’s set to a blocking state to break the loop

Question 44

STP Port States

Answer 44

• Blocking
• Listening
• Learning
• Forwarding
• Disabled

Question 45

Normal switch operations (STP states)

Answer 45

Forwarding or blocking

Question 46

Change in network topology detected (20 sec) (STP states)

Answer 46

Listening (15 sec)
- Interface does not forward frames
- Inactive MAC address entries removed from CAM table (inactive MAC addresses potential cause of loops)

Learning (15 sec)
- Interface does not forward frames
- Switch starts learning new MAC addresses to update its CAM table

Question 47

Convergence

Answer 47

Time to complete STP after topology change, all switches have transitioned to either forwarding or blocking

Question 48

How long does 802.1d (STP) take to converge?

Answer 48

50 seconds

Question 49

How long does 802.1w (RSTP) take to converge?

Answer 49

Less than 10 seconds

Question 50

Slide 66-67

Question 51

BPDU Guard

Answer 51

• Prevents switch operation on specified port
• Configured on access or unused/disabled ports
• Port goes into err-disabled mode when BPDUs detected

Question 52

Root Guard

Answer 52

• Allows switch operation on specified port
• Ignores superior BPDU Hello messages (prevents rogue bridges from taking over)

Question 53

Rapid STP (RSTP)

Answer 53

STP similarities:
- Elects root switch
- Elects root port on non root switches
- Elects designated ports per LAN segment
- Places each port in forwarding/discarding state
- In RSTP blocking is called discarding
STP differences:
- Slide 70

Question 54

What improvements did RSTP bring to STP?

Answer 54

• MaxAge 6 seconds vs 20 in STP
• Eliminates forward delay (default was 15 sec for listening/learning)
• Listening state removed, learning state time reduced
• Convergence times <10 sec

Question 55

Slide 72

Question 56

Slide 73

Question 57

Inter VLAN Routing

Answer 57

• VLANs inhibit communication between VLANs
• Packets sent to a default router
• Multiple VLANs interfacing with a single route processor require multiple connections or VLAN trunking

Question 58

What must be done if there are not enough physical ports on a router for the required number of VLANs?

Answer 58

A physical interface must be divided into multiple sub-interfaces

Question 59

What devices were traditionally used for routing?

Answer 59

A physical high end router connected by multiple connections such as an ISL trunk

Question 60

What device is used for routing now?

Answer 60

A multilayer switch which integrates layer 2 and layer 3 functionality in a single device

Question 61

What does a default gateway facilitate?

Answer 61

Inter VLAN communication

Question 62

Routers

Answer 62

• Internetworking devices that work at layer 3
• Understand and use logical addresses (ip addresses)
• Keep table of information about networks
• Can make path determinations
• Don’t normally forward broadcasts
• Can support multiple layer 3 protocols at the same time

Question 63

External routers with an interface per VLAN

Answer 63

Very expensive in large networks w/ a lot of VLANs, rack, power and environmental limitations

Question 64

DHCP Relay Agent

Answer 64

Client server application to forward broadcast requests, IP helper address

Question 65

Router on a Stick

Answer 65

Single router w/ one interface, performs ISL or 802.1q trunking, uses sub-interfaces, sub-interfaces assigned to VLANs via encapsulation

Question 66

What are the two main types of layer 3 interfaces?

Answer 66

Routed ports and switch virtual interfaces (SVI)

Question 67

Switch Virtual Interface

Answer 67

• A virtual port, it exists only in software on a multilayer switch
• Is the layrer 3 presence of a VLAN
• Allows inter VLAN routing
• The layer 2 VLAN must exist for this function

Question 68

Hot Standby Router Protocol (HSRP)

Answer 68

• Supports non-disruptive failover of IP traffic
• Routers work in concert to present illusion of a single virtual router to hosts on the LAN (known as HSRP/standby group with one router set as the active)
• One router, known as the active, forwards packets
• Another router is elected as the standby router to take over if the active fails

Question 69

Which router in the HSRP group will become that active router?

Answer 69

The one with the highest HSRP priority number

Question 70

What does the active router in HSRP respond to ARP requests with?

Answer 70

The MAC address of the virtual router

Question 71

How long should the hold timer be in HSRP?

Answer 71

At least three times the value of the hello timer

Question 72

DHCP Relay

Answer 72

• Used within a centralized DHCP server with many subnets
• Without DHCP relay DHCP requests from hosts will never leave the local LAN subnet
• Turns broadcast packets into unicast packets and forwards it on

Question 73

Port Security

Answer 73

Configure a switchport to limited MAC addresses (done only on static access or static trunk, not dynamic)

Question 74

Static Port Security

Answer 74

For when MAC addresses are know and don’t often change. Configured by administrator and stored in running-config

Question 75

Dynamic Port Security

Answer 75

For when hosts are constantly changing, limits the number of hosts per port. Learned from traffic, not stored in running config.

Question 76

Sticky Port Security

Answer 76

Allows multiple hosts to be dynamically learned at once. Saving the MAC addresses to the running-config essentially makes them static.

Question 77

What are the different types of switchport security violations?

Answer 77

Protected, Restricted, Shutdown

Question 78

Switchport Security - Protected

Answer 78

Known MAC addresses are allowed to continue sending traffic. No notifications.

Question 79

Switchport Security - Restricted

Answer 79

Known MAC addresses are allowed to continue sending traffic. Same as Protected but notification sent (SNMP), violation counter incremented

Question 80

Switchport Security - Shutdown

Answer 80

Default mode. Notification sent. Interface shutdown.

Question 81

Secure Shell

Answer 81

• Encrypts terminal traffic
• Prevents disclosure of passwords
• Guarantees identity of device and remote user
• Keeps remote sessions private from other network users
• Up to 2048 bit cyphers and RSA encryption

Question 82

AAA

Answer 82

The mechanism Cisco recommends for remote administration, authentication, authorization, and accounting

Question 83

What are the two methods of AAA?

Answer 83

RADIUS and TACACS+

Question 84

Routed Port

Answer 84

• Uses the no switchport command to configure a physical switch port as a routed port
• Used in conjuction with SVIs
• Configured to act like a port on a traditional router
• Used for point to point connectivity

Question 85

What does a router need to do to successfully route?

Answer 85

• Know the destination address
• Identify the sources it can learn from
• Discover possible routes
• Select the best route
• Maintain and verify routing information

Question 86

What are the general types of routing?

Answer 86

Static and dynamic

Question 87

Static Routing

Answer 87

• Manually configured by the administrator
• Simplest form of routing as long as network is small
• Extremely complex and not feasible for large networks
• Unable to adapt to topology changes
• Hub and spoke design
• Classful and classless

Question 88

Static routes must be configured in both directions? (True/False)

Answer 88

True

Question 89

Dynamic Routing

Answer 89

• Used to exchange routing information between routers
• Purpose includes: discovery of remote networks, maintaining up-to-date routing information, choosing best path to destination networks, ability to find new best path if needed, can be simple of complex
• Have ability to load balance between multiple paths
• Administrator determines interfaces and networks

Question 90

Slide 140

Question 91

How does dynamic routing work?

Answer 91

• The router sends and receives routing messages on its interfaces
• The router shares routing messages and routing information with other routers that are using the same routing protocol
• Routers exchange routing information to learn about remote networks
• When a router detects a topology change the routing protocol can advertise this change to other routers

Question 92

What are the characteristics routing protocols can be categorized by?

Answer 92

Purpose, operation, behavior

Question 93

What are the categories created by classifying routing protocols according to the purpose?

Answer 93

Interior gateway protocol and exterior gateway protocol

Question 94

What are the categories created by classifying routing protocols according to the operation?

Answer 94

Distance vector protocol, link-state protocol, path-vector protocol

Question 95

What are the categories created by classifying routing protocols according to the behavior?

Answer 95

Classful or classless

Question 96

Slide 143

Question 97

How do we define the difference between IGPs and EGPs

Answer 97

By autonomous system (a collection of routers under common administration)

Question 98

Distance Vector

Answer 98

Distance vector means that routes are advertised by providing a distance (how far to the destination network based on a metric) and a vector (the direction of the next hop-router or exit interface)

Question 99

What are the distance vector IPv4 IGPs?

Answer 99

RIPv1, RIPv2, IGRP, EIGRP

Question 100

Link State

Answer 100

Every node constructs a map of the connectivity of a network. Each node then independently calculates the next best logical path from it to every other destination. Each collection of best paths will become the routing table.

Question 101

When are link state protocols best?

Answer 101

• The network design is hierarchical, usually in large networks
• Fast convergence is crucial
• The administrators have good knowledge of the implemented link-state routing protocol

Question 102

What are the link state IPv4 IGPs?

Answer 102

OSPF and IS-IS

Question 103

Path Vector

Answer 103

Essentially a distance vector protocol that doesn’t rely on the distance to destination to guarantee a loop-free path but instead relies on the analysis of the path itself

Question 104

What is the Border Gateway Protocol classified as?

Answer 104

Path vector protocol

Question 105

What is the biggest distinction between classful and classless routing protocols?

Answer 105

Classful routing protocols do not send subnet mask information in their routing updates

Question 106

What were the original IPv4 classful routing protocols?

Answer 106

RIPv1 and IGRP

Question 107

What are the limitations of RIPv1 and IGRP?

Answer 107

They cannot provide Variable Length Subnet Masks and Classless Inter-domain Routing

Question 108

Where can classful routing protocols cause problems?

Answer 108

In discontiguous networks

Question 109

What do classless routing protocols support?

Answer 109

VLSM, CIDR and discontiguous networks

Question 110

Administrative Distance

Answer 110

The feature that routers use in order to select the best path when two or more different routes to the same destination come from two different routing protocols

Question 111

What does administrative distance define?

Answer 111

The reliability of a routing protocol

Question 112

What do distance vector routing protocols share updates between?

Answer 112

Neighbors (routers that share a link and are configured to use the same routing protocol)

Question 113

What distance vector routing protocols send periodic updates?

Answer 113

RIPv1 and RIPv2

Question 114

Routing Information Protocol (RIP)

Answer 114

• Uses the simplest routing metric (hop count)
• Does not scale well to large networks
• Susceptible to loops and the count to infinity problem

Question 115

How is the infinity problem solved?

Answer 115

Split Horizon (information about the routing for a particular packet is never sent back in the direction from which it was received)

Question 116

OSPF

Answer 116

• Open Standard
• Shortest Path First (SPF) algorithm
• Link state routing protocol (vs distance vector)

Question 117

How is an OSPF routing table made?

Answer 117

LSAs are propagated rather than routing table updates. LSAs are flooded to the network and database is pieced together from the LSAs. Designated Router (DR) exchanges LSAs with routers (DROthers), backup DR (BDR) takes over if DR goes down

Question 118

What does EIGRP support?

Answer 118

• Rapid convergence
• Reduced bandwidth usage
• Multiple network-layer protocols

Question 119

What are the types of EIGRP routes?

Answer 119

• Successor (feasible or calculated distance/reported or advertised distance)
• Feasible successor
• Feasibility Condition

Question 120

Why would you use Access Lists?

Answer 120

To manage IP traffic as network access grows and filter packets as they pass through the network

Question 121

What can access lists control?

Answer 121

Packets moving through the network and VTY access to or from the router

Question 122

What types of access lists are there?

Answer 122

Standard and extended

Question 123

What are standard access lists?

Answer 123

They check the source address and generally permit or deny entire protocol suite

Question 124

What are extended access lists?

Answer 124

They check source and destination addresses and generally permit or deny specific protocols

Question 125

What number range are standard access lists?

Answer 125

1-99

Question 126

What number range are extended access lists?

Answer 126

100-199

Question 127

Key features of access lists

Answer 127

• Implicit deny unless access list ends with allow any
• The order of access list statements is crucial