Networking Midterm Flashcards

Question

OSI Model?

Answer 1

7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical Layer

Answer 2

Application Layer Transport Layer Internet Layer Network Interface Layer

Answer 3

Top-down Bottom-up Divide and conquer Follow-the-path Compare-configurations Swap-components

Answer 4

If you suspect the issue is a higher layer, this approach is good (like being able to form TCP connection but not open the web page). Start at application layer (7), if everything works, keep moving down the OSI model until you find the problem. this is efficient because If you have access on a layer, you can safely assume all layers below are working well.

Answer 5

If you have reason to assume it’s a lower layer issue (user can't get an IP address), this approach may be good. could be either the client or the server, you can quickly tell by how many users are affected. If it's only one, it's likely the client. Physical Errors are more likely to make large outages, such as a switch getting unplugged, but it's still possible for it to be client side, such as if an end user unplugged their ethernet

Answer 6

Typically start at network layer with a ping. Layer 1 and 2 likely work if ping does, so you can move up. If ping fails, you typically troubleshoot down. This is extremely efficient because it quickly clues you into what layer the issue is on.

Answer 7

(very powerful in combination with divide and conquer) tracert from users station to the unreachable destination, figure out where the traffic is dropped, or if you have full connectivity to the destination. Remember ping checks a round trip to be successful, and traceroute communicates back each step. Either a route is missing or incorrect(read ipv6 carefully)

Answer 8

(BANNED, because people used it with show run …. .. .) Comparing outputs from a working device and a broken device, looking for the differences.

Answer 9

niche, but powerful) If Something isn't working, switch the devices/cables/ports with a known working one to narrow down the problem. Generally limited to cables and end user pc's in real work environments.

Answer 10

Noticed Perceived as a problem Reported as a problem If it's not a problem, it ain't a problem

Answer 11

Symptoms: A problem as experienced by the user (“symptoms”) Causes: The actual cause of the problem

Answer 12

Solutions resolve the root cause of a problem Workarounds only alleviate the symptoms of the problem The solution to a problem cannot always be implemented immediately During a busy day, it isn’t always feasible to take the network offline An interim workaround may be needed

Answer 13

Defining the problem Gathering information Analyzing the information Eliminating possible problem causes Formulating a hypothesis about the likely cause of the problem Testing that hypothesis Solving the problem

Answer 14

Report problem > verify problem > Define Problem > Assign problem > gather information OR escalate

Answer 15

Routing tables only contain the best paths, whereas individual protocols contain all paths. Check topology and route commands for routing protocols. Remember if subnet not in table, it doesn't have a table entry but it might still be reachable using default route.

Answer 16

Ping sends an ICMP echo request to the destination and receives an ICMP echo reply. It tests two way connectivity. Destination host unreachable means some device along the path doesn't have a path to the destination. IE the ping leaves the device and doesn’t have a route to continue, it responds with destination host unreachable. This is different than a timeout where the package never reached another device. (no routes, stuck in a loop, can't receive ping, etc)

Answer 17

! Each exclamation point indicates receipt of a reply. . Each period indicates a timeout waiting for a reply. U A destination unreachable ICMP message was received. Q Source quench (destination too busy). M Could not fragment (MTU related). ? Unknown packet type. & Packet lifetime exceeded.

Answer 18

show controllers – show hardware information for interfaces show platform – detailed hardware information about CPU, memory, backplane show inventory – shows all hardware attached to chassis show diag – diagnostic information for ports and interfaces Show environment all – displays temperature and power settings for a device Time Domain Reflectometer – used to test cabled pinouts

Answer 19

Ensure compliance with SLA Trend monitoring (bandwidth utilization, CPU utilization, etc.) Helps us figure out and plan for expansion Troubleshooting performance issues Create a baseline so we have something to compare current network performance with

Answer 20

Collects device statistics (resource utilization, traffic counts, error counts, etc.) vs Collects detailed information about traffic flows (traffic moving through the device) Uses a pull model (statistics are typically requested from a monitored device) vs Uses a push model (statistics are sent from the monitored device to a NetFlow collector) Available on nearly all enterprise devices vs Available only on routers and high-end switches (Cisco only)

Answer 21

Syslog messages Cisco IOS counter changes SNMP MIB object changes SNMP traps CLI command execution Timers and many other options

Answer 22

Sending SNMP traps or syslog messages Executing CLI commands Sending email Running tool command language (TCL) scripts

Answer 23

Pc sends out port based on subnet mask (same subnet so no default gateway, layer 2 frame) - timeout if doesn’t know where to send it General failure, pc has no IP Destination host unreachable is different thing ARP request asking for the MAC address that has the destination IP (Dest MAC = BCAST, Source MAC = MAC A) Switch C adds host A to MAC address table (mac, port, vlan) ARP gets forwarded out each port except the one it came on, adds a 802.1q header for the trunk, and tag it for vlan10 When host B sees the Arp request, it recognizes it has the IP, and sends an arp reply, unicast because it already learned about A from the request Switches copy info about host B on the way back if not already know, as the reply travels back to A Now the ping can be sent (ICMP echo request), switches already have entries for both hosts, still tagged with vlan10, and then the tag is stripped after leaving the vlan. B responds

Answer 24

Physical problems Bad, missing, or miswired cables Bad ports Power failure Device problems Software bugs Performance problems Misconfiguration Missing or wrong VLANs Misconfigured VTP settings Wrong VLAN setting on access ports Missing or misconfigured trunks Native VLAN mismatch VLANs not allowed on trunk

Answer 25

You can check which devices have learned the MAC address, if it doesn’t have it, you can start working backwards towards the source to see why.

Answer 26

Frames are not received on the correct VLAN: This could point to VLAN or trunk misconfiguration as the cause of the problem. Frames are received on a different port than you expected: This could point to a physical problem, spanning tree issues, a native VLAN mismatch or duplicate MAC addresses. The MAC address is not registered in the MAC address table: This tells you that the problem is most likely upstream from this switch. Investigate between the last point where you know that frames were received and this switch.

Answer 27

show mac-address-table: Shows learned MAC addresses and corresponding port and VLAN associations. Verifies a frame succeeded in reaching the switch and the port it was received on. show vlan: Verifies VLAN existence and port-to-VLAN associations. show interfaces trunk: Displays all interfaces configured as trunks, VLANs allowed, and what the native VLAN is. HIGHLIGHTED SHOUD SHOW ALMOST ALL LAYER 2 ISSUES FOR TRUNKING AND VLANS show interfaces switchport: Provides a summary of all VLAN related information for interfaces. traceroute mac: Provides a list of switch hops (layer 2 path) that a frame from a specified source MAC address to a destination MAC address passes through. CDP must be enabled on all switches in the network for this command to work. traceroute mac ip: Displays Layer 2 path taken between two IP hosts. Blue Commands exist xD but require a setup and he doesn’t sound extremely fond of them. Can be useful tho

Answer 28

Root bridge is elected by BID, first based on priority (default 32768, multiples of 4096), then MAC address

Answer 29

Path cost BID of the neighboring switch, then lowest RECEIVED (g1/0/5 on SW1), interface identifier (doesn’t always match the port number, check with show spanning tree) SPECIAL CASE IN EXAMPLE: For s2, the RB is elected by cost, or BID, sw1 has a lower BID, then it decides between g1/0/5 and 1/0/6, and 5 is lower so it uses that.

Answer 30

DP = any not root port that is still allowed to forward traffic, other side of RP is always DP

Answer 31

Type 1 - STP may erroneously block certain ports that should have gone to the forwarding state. You may lose connectivity to certain parts of the network, but the rest of the network is unaffected. Type 2 - STP erroneously moves one or more ports to the Forwarding state. The failure is more disruptive as bridging loops and broadcast storms can occur.

Answer 32

The load on all links in the switched LAN will quickly start increasing. Layer 3 switches and routers report failures such as continual HSRP, OSPF and EIGRP state changes or that they are running at a very high CPU utilization load. Switches will experience very frequent MAC address table changes. With high link loads and CPU utilization devices typically become unreachable, making it difficult to diagnose the problem while it is in progress.

Answer 33

Physically disconnect links or shut down interfaces. Diagnose potential problems. A unidirectional link can cause STP problems. You may be able to identify and remove a faulty cable to correct the problem.

Answer 34

EtherChannel bundles multiple physical Ethernet links (100 Mbps,1 Gbps, 10 Gbps) into a single logical link. Traffic is distributed across multiple physical links as one logical link. This logical link is represented in Cisco IOS syntax as a “Port-channel” (Po) interface. STP and routing protocols interact with this single port-channel interface. Packets and frames are routed or switched to the port-channel interface. A hashing mechanism determines which physical link will be used to transmit them.

Answer 35

Mismatched port configurations: the configurations of all ports making up an EtherChannel, on each switch, must be identical (speed, duplex, trunk mode, VLANs, type) Mismatched EtherChannel configuration: Both switches should be configured with the same or compatible channel modes. Three options are Ling Aggregation Control Protocol (LACP), Port Aggregation Protocol (PAgP), and ON. Inappropriate EtherChannel distribution Algorithm: EtherChannel determines the physical link to use based on a hashing algorithm. Depending on the algorithm, uneven load balancing could occur.

Answer 36

PAgP – desirable, desirable, or desriable, auto (desirable =active negotiation, auto = passive negotiation) LACP- active, active, or active, passive

Answer 37

The dash means mode ON, otherwise it will say LACP or PAgP SD = layer 2 down SU = layer 2 up RD = layer 3 down RU = layer 3 up (P) besides means ports are correctly bundled (s) means suspended, ports are assigned to etherchannel, but not currently working (I) means standalone, port can't add itself to etherchannel but still forwarding traffic

Answer 38

Use this if you have a protocol and you want to know why the channel isn't forming

Answer 39

Layer 2 switching within each VLAN: The traffic is switched between ports that belong to the same VLAN The MAC address tables for different VLANS are logically separated. No IP or Layer 3 configuration is necessary. Routing and multilayer switching between the local VLANs: Layer 3 switching between VLANs requires SVIs Each SVI requires an appropriate IP address and subnet mask. Hosts on the switch can use the SVI’s IP address as default gateway. IP routing must be enabled. Routing and multilayer switching between the local VLANs and one or more routed interfaces: A regular physical switched port can be made a routed port. A routed interface does not belong to any user-created or default VLAN and has no dependency on VLAN status (unlike an SVI). Traffic on this port is not bridged (switched) to any other port There is no MAC address table associated to it. The port acts like a regular router interface and needs its own IP address and subnet mask.

Answer 40

Since Layer 2 ports cannot have an IP address assigned to them, must create a logical Layer 3 known as a switched virtual interface (SVI). SVI represents all switchports that are a part of the same VLAN. Any device connecting to switch in VLAN 100 uses the SVI for VLAN 100.

Answer 41

The VLAN the SVI is created for needs to exist locally There must be one switchport that is up/up for that VLAN (access or trunk) That switchport must be in the STP forwarding state In order for a switch to route between SVIs, IP routing must be enabled.

Answer 42

Has no association with any VLAN Does not run STP or DTP Does not support subinterfaces like a router Useful for uplinks between Layer 3 switches or when connecting a Layer 3 switch to a router To route from one routed port to another, or to an SVI, IP routing must be enabled

Answer 43

Clients and servers normally point to a single default gateway and lose connectivity to other subnets if their gateway fails. FHRPs provide redundant default gateway functionality that is transparent to the end hosts. These protocols provide a virtual IP address and the corresponding virtual MAC address.

Answer 44

Hot Standby Router Protocol (HSRP) – Cisco Virtual Router Redundancy Protocol (VRRP) – IETF standard Gateway Load Balancing Protocol (GLBP) – Cisco The mechanisms of these protocols revolve around these functions: Electing a single router that controls the virtual IP address Tracking availability of the active router Determining if control of the virtual IP and MAC addresses should be handed over to another router

Answer 45

Begin by determining information about the HSRP group: Which router is the active router? Is pre-emption enabled? What is the virtual IP for the group? What is the virtual MAC for the group? Is interface or object tracking enabled?

Answer 46

-EIGRP depends on neighbour adjacencies to send and receive routing information with other EIGRP-enabled devices -EIGRP established adjacencies by multicasting hello packets to 224.0.0.10, out interfaces participating in EIGRP -The network ip_address wildcard_mask command is used to enable EIGRP on a participating interface

Answer 47

-Address: the IPv4 address of the neighboring device’s interface that sent the hello packet -Interface: the local interface on the router used to reach that neighbor -Hold: how long the local router will consider the neighboring router to be a neighbor

Answer 48

-Interface is down - The interface must be up/up -Mismatched autonomous system numbers - Both routers need to be using the same autonomous system number -Incorrect network statement - The network statement must identify the IP address of the interface you want to include in the EIGRP process -Mismatched K values - Both routers must be using exactly the same K values -Passive interface - The passive interface feature suppresses the sending and receiving of hello packets while still allowing the interface’s network to be advertised -Different subnets - Exchange of hello packets must be done on the same subnet. Otherwise, the hello packets are ignored -Authentication - Key ID and key string must match, and the key must be valid -ACLs - An access control list (ACL) may be denying packets to the EIGRP multicast address 224.0.0.10 -Timers - Timers do not have to match; however, if they are not configured correctly, neighbor adjacencies could flap

Answer 49

The interface must be up if you plan on forming an EIGRP neighbor adjacency You can verify the status of an interface with the show ip interface brief command

Answer 50

-Both routers need to be in the same autonomous system -Spercified when you issue the router eigrp autonomous_system_number command in global configuration mode -show with show ip protocols

Answer 51

debug eigrp packets

Answer 52

If the network command is misconfigured, EIGRP may not be enabled on the proper interfaces Hello packets will not be sent and neighbor relationships will not be formed.

Answer 53

If the network command is misconfigured, EIGRP may not be enabled on the proper interfaces Hello packets will not be sent and neighbor relationships will not be formed.

Answer 54

show ip protocols show run | section router eigrp

Answer 55

The K values that are used for metric calculation must match between neighbors in order for an adjacency to form Usually there is no need to change the K values If they are changed, you must verify that they are the same on every router in the autonomous system. Mismatched K values generate a syslog message with severity level 5, if logging is enabled

Answer 56

-The passive interface feature turns off the sending and receiving of EIGRP packets on an interface while still allowing the interface’s network ID to be injected into the EIGRP process and advertised to other EIGRP neighbors If you configure the wrong interface as passive, a legitimate EIGRP neighbor relationship will not be formed -When using the debug eigrp packets command on the router with the passive interface, notice that hello packets are not being sent out that interface

Answer 57

To form an EIGRP neighbor adjacency, the router interfaces must be on the same subnet If they are not in the same subnet, and syslog is set up for a severity level of 6, a syslog message is generated.

Answer 58

Authentication is used to ensure that EIGRP routers form neighbor relationships only with legitimate routers and that they only accept EIGRP packets from legitimate routers Note that the authentication must be configured on the correct interface and that it must be tied to the correct autonomous system number. Ensure the correct keychain will be used for the Message Digest 5 (MD5) authentication hash You can verify the keychain with the command show key chain It is mandatory that the key ID in use and the key string in use between neighbors match If you have multiple keys and key strings in a chain, the same key and string must be used at the same time by both routers (meaning they must be valid and in use); otherwise, authentication will fail

Answer 59

If there is an ACL applied to an interface and the ACL is denying EIGRP packets, or if an EIGRP packet falls victim to the implicit deny all at the end of the ACL, a neighbor relationship does not form show ip int (interface) show access-lists (#)

Answer 60

Although EIGRP timers do not have to match, if the timers are skewed enough, an adjacency will flap. It is important that routers send hello packets at a rate that is faster than the hold timer show ip eigrp int detail (int)

Answer 61

-Bad or missing network command - The network command enables the EIGRP process on an interface and injects the prefix of the network the interface is part of into the EIGRP process -Better source of information - If exactly the same network prefix is learned from a more reliable source, it is used instead of the EIGRP-learned information -Route filtering - A filter might be preventing a network prefix from being advertised or learned -Stub configuration - If the wrong setting is chosen during the stub router configuration, or if the wrong router is chosen as the stub router, it might prevent a network prefix from being advertised -Interface is shut down - The EIGRP-enabled interface must be up/up for the network associated with the interface to be advertised -Split horizon - Split horizon is a loop-prevention feature that prevents a router from advertising routes out the same interface on which they were learne

Answer 62

If the network statement is missing or configured incorrectly, EIGRP is not enabled on the interface, and the network the interface belongs to is never advertised and is therefore unreachable by other routers You can confirm which interfaces are participating in the EIGRP process by using the show ip eigrp interfaces command

Answer 63

For an EIGRP-learned route to be installed in the routing table, it must be the most trusted routing source Trustworthiness is based upon administrative distance (AD) EIGRP’s AD is 90 for internally learned routes and 170 for externally learned routes If another source with a better AD is advertising the exact same network, that source wins and its information is installed in the routing table

Answer 64

A distribute list applied to an EIGRP process controls which routes are advertised to neighbors and which routes are received from neighbors The distribute list is applied in EIGRP configuration mode either inbound or outbound, and the routes sent or received are controlled by ACLs, prefix lists, or route maps When troubleshooting route filtering, consider the following: Is the distribute list applied in the correct direction? Is the distribute list applied to the correct interface? If the distribute list is using an ACL, is the ACL correct? If the distribute list is using a prefix list, is the prefix list correct? If the distribute list is using a route map, is the route map correct?

Answer 65

The EIGRP stub feature allows you to control the scope of EIGRP queries in the network. To verify whether a router is a stub router and determine the routes it will advertise, issue the show ip protocols command

Answer 66

The EIGRP stub feature allows you to control the scope of EIGRP queries in the network. To verify whether a router is a stub router and determine the routes it will advertise, issue the show ip protocols command

Answer 67

The EIGRP stub feature allows you to control the scope of EIGRP queries in the network. To verify whether a router is a stub router and determine the routes it will advertise, issue the show ip protocols command To determine whether a neighbor is a stub router and the types of routes it is advertising, issue the command show ip eigrp neighbors detail

Answer 68

The network command enables the routing process on an interface Once the EIGRP process is enabled on the interface, the network that the interface IP address is part of is injected into the EIGRP process If the interface is shut down, there is no directly connected entry for the network in the routing table The interface must be up/up for routes to be advertised or for neighbor relationships to be formed

Answer 69

The EIGRP split-horizon rule states that any routes learned inbound on an interface will not be advertised out the same interface This rule is designed to prevent routing loops However, this rule presents an issue in certain topologies, such as a Dynamic Multipoint Virtual Private Network (DMVPN) network A multipoint interface provides connectivity to multiple routers on the same subnet out a single interface, as does Ethernet. To disable split horizon on an interface, issue the no ip split- horizon command in interface configuration mode If you only want to disable it for the EIGRP process running on the interface, issue the command no ip split-horizon eigrp autonomous_system _number

Answer 70

The best route (based on the lowest feasible distance [FD] metric) for a specific network in the EIGRP topology table becomes a candidate to be injected into the router’s routing table The term candidate is used because even though it is the best EIGRP route, a better source of the same information might be used If that route injected into the routing table, that route becomes known as the successor (best) route The successor route is then advertised to neighboring routers In the brackets after the next-hop IP address is the FD followed by the reported distance (RD): Feasible distance - The RD plus the metric to reach the neighbor at the next-hop address that is advertising the RD Reported distance - The distance from the neighbor at the next-hop address to the destination network The successor is the path with the lowest FD, however, EIGRP also pre- calculates paths that could be used if the successor disappeared. These routes are known as the feasible successors. To be a feasible successor, the RD of the path to become a feasible successor must be less than the FD of the successor. For troubleshooting, it is important to note that the output of show ip eigrp topology only displays the successors and feasible successors To verify the FD or RD of other paths to the same destination that are not feasible successors, you can use the show ip eigrp topology all-links command The EIGRP topology table contains not only the routes learned from other routers but also routes that have been redistributed into the EIGRP process and the local connected networks whose interfaces are participating in the EIGRP process

Answer 71

EIGRP supports variable-length subnet masking (VLSM) In Cisco IOS versions before 15.0, EIGRP automatically performed route summarization on classful network boundaries In Cisco IOS version 15.0 and newer, auto summarization is turned off by default To verify whether automatic summarization is enabled or disabled, use the show ip protocols command

Answer 72

With EIGRP, manual route summarization is enabled on an interface-by-interface basis It is important that you create accurate summary routes to ensure that your router is not advertising networks in the summary route that it does not truly know how to reach When troubleshooting EIGRP route summarization, keep in mind the following: Did you enable route summarization on the correct interface? Did you associate the summary route with the correct EIGRP autonomous system? Did you create the appropriate summary route? You determine the answers to these questions by using the show ip protocols command

Answer 73

By default, EIGRP load balances on four equal-metric paths You can change this with the maximum-paths command in router configuration mode for EIGRP EIGRP also supports load balancing across unequal-metric paths, using the variance feature By default, the variance value for an EIGRP routing process is 1, which means the load balancing will occur only over equal-metric paths Increasing the multiplier increases the range of metrics over which load balancing will occur Even with unequal-metric load balancing, you are still governed by the maximum-paths command Therefore, if you have five unequal-metric paths that you want to use, and you configure the correct variance multiplier, but maximum-paths is set to 2, you use only two of the five paths If the path is not a feasible successor, it cannot be used for unequal-path load balancing

Answer 74

OSPF establishes neighbor relationships by sending hello packets out interfaces participating in the OSPF process You can enable the OSPF process on an interface and place it in an OSPF area using two methods: 1. Router OSPF configuration mode. router ospf 1 network (IP)(MASK) area # 2. Interface configuration mode. int (#) ip ospf 1 area #

Answer 75

To verify OSPFv2 neighbors, you use the show ip ospf neighbor command: Neighbor ID – the router ID (RID) of the neighbor Priority – the priority of the neighbor for the router election process State – whether the neighbor is a DR, BDR, or DROTHER Dead Time - how long the router waits until it declares the neighbor down if it does not hear another hello packet within that time (default is 40 seconds on a LAN) Address - the neighbor’s interface IP address from which the hello packet was sent Interface - the local router interface used to reach that neighbor

Answer 76

nterface is down - interface must be up/up Interface not running the OSPF process - if the interface is not enabled for OSPF, it does not send hello packets or form adjacencies Mismatched timers - hello and dead timers must match between neighbors Mismatched area numbers - two ends of a link must be in the same OSPF area Mismatched area type - an area type could be a stub area or a not-so-stubby area (NSSA); routers must agree on the type of area they are in Different subnets - neighbors must be in the same subnet Passive interface - suppresses the sending and receiving of hello packets while still allowing the interface’s network to be advertised Mismatched authentication information - both OSPF interfaces must be configured for matching authentication ACLs - an ACL may be denying packets to the OSPF multicast address 224.0.0.5 MTU mismatch - maximum transmission unit of neighboring interfaces must match Duplicate router IDs - Router IDs must be unique for all routers participating in OSPF Mismatched network types - neighbors configured with a different OSPF network type might not form an adjacency

Answer 77

Down state – No hello packets received, send hellos Init state – Hello packets received from neighbour containing their router ID Two-way state – A router has seen its own router ID in a received Hello. On Ethernet links, elect a DR and BDR ExStart state – Negotiate master/slave relationship and initiate DBD exchange Exchange state – Routers exchange DBD packets; transition to Loading if additional information is required; else transition to Full Loading state – LSRs and LSUs are used to gain additional information; routes are processed using the SPF algorithm Full state – Routers have converged

Answer 78

When an OSPF neighbor relationship does not form you need the assistance of an accurate physical and logical network diagram and the show cdp neighbors command to verify who should be the neighbors Interface is Down Router interfaces must be up/up if you plan on forming an OSPF neighbor adjacency Interface Not Running OSPF Process Incorrect/missing network command or OSPF configured on the wrong interfaces or in the wrong area IDs can prevent neighbor relationships from forming If an interface is enabled for OSPF with both the network ip_address wildcard_mask area area_id command and the ip ospf process_id area area_id command, the interface command takes precedence You can verify which interfaces are participating in the OSPF process by using the command show ip ospf interface brief:

Answer 79

OSPF timers must match for neighbor adjacencies to form (with EIGRP they do not) The hello timer defaults to: 10 seconds for broadcast and point-to-point networks 30 seconds for nonbroadcast and point-to-multipoint networks The dead timer defaults to: 40 seconds for broadcast and point-to-point networks 120 seconds for nonbroadcast and point-to- multipoint networks You can also use the debug ip ospf hello command when troubleshooting adjacencies to reveal mismatched timers

Answer 80

For OSPF routers to form neighbor adjacencies, their neighboring interfaces must be in the same area You can use a debug command when troubleshooting adjacencies to find mismatched area numbers

Answer 81

For routers within an area to form adjacencies, they must agree on the area type Within the hello packet, a stub area flag is designed to indicate the type of area the neighbor is in Area type can be verified on the router using show ip protocols The debug ip ospf hello command is also used to find mismatched area types

Answer 82

Different Subnets - to form an OSPF neighbor adjacency, the router interfaces must be on the same subnet Passive Interface - if you configure the wrong interface as passive, a legitimate OSPF neighbor relationship is not formed

Answer 83

Both routers must agree on the settings for a neighbor relationship to form To verify whether authentication has been enabled, you use the show ip ospf command If you configure authentication on an interface-by-interface basis, the output of show ip ospf states Area has no authentication. To verify the key ID being used on an interface-by-interface basis use the show ip ospf interface interface_type interface_number command. If you configure authentication on an interface-by-interface basis you need to check the output of show ip ospf interface command: You can use the debug ip ospf adj command to find mismatched authentication information:

Answer 84

If an ACL is applied to an interface, and the ACL is not permitting OSPF packets, a neighbor relationship does not form

Answer 85

For OSPF routers to become neighbors and achieve full adjacency, the interface of each router forming the adjacency must have the same MTU If they don’t, the routers can see each other but get stuck in the ExStart/Exchange states To solve this issue, you can manually modify the MTU values of the interfaces so that they match, or you can use the ip ospf mtu-ignore interface configuration command, which stops OSPF from comparing the MTU when trying to form an adjacency

Answer 86

OSPF neighbor relationships do not form between routers if they have the same RID When a duplicate RID exists, you receive a syslog message similar to the following: If you manually change the RID with the router-id ip_address command in router OSPF configuration mode, you must reset the OSPF process by using the clear ip ospf process command for it to take effect

Answer 87

SLIDE 201 To determine the network type associated with an OSPF- enabled interface, you can issue the command show ip ospf interface interface_type interface_number

Answer 88

OSPF routers receive LSAs from every router within the same area Every router in an area must have exactly the same link-state database (LSDB) for that area If you have no neighbors, you will not learn any routes The following is a list of common reasons OSPF routes might be missing either from the LSDB or the routing table: Interface not running the OSPF process - If the interface is not participating in the OSPF process, the network the interface is part of is not injected into the OSPF process and is therefore not advertised to neighbors Better source of information - If exactly the same network is learned from a more reliable source, it is used instead of the OSPF-learned information Route filtering - A filter might be preventing a route from being installed in the routing table Stub area configuration - If the wrong type of stub area is chosen, you might be receiving a default route instead of the actual route Interface is shut down - The OSPF-enabled interface must be up/up for the network associated with the interface to be advertised Wrong designated router elected - In a hub-and-spoke environment, if the wrong router is the DR, routes are not exchanged properly Duplicate RIDs - If there are two or more routers with the same RID, routes are missing in the topology

Answer 89

Stub areas or NSSAs, suppress Type 5 External LSAs from entering an area at the ABR Totally stubby areas and totally NSSAs, suppress Type 5 External and Type 3 Summary LSAs from entering an area at the ABR The routes that would have been learned from the Type 5 and Type 3 LSAs are now replaced by a default route With totally stubby areas or totally NSSAs you configure the no-summary keyword on the ABR only

Answer 90

slides214-219 In a subnet with multiple routers it does not matter which router is elected as the DR (multi- access Ethernet topology or a full-mesh Frame Relay topology) because every router is able to reach the DR It does matter who the DR is over a hub-and-spoke nonbroadcast multi-access (NBMA) network such as Frame Relay or with a Dynamic Multipoint VPN (DMVPN), because the underlying Layer 2 topology does not line up with the Layer 3 addressing The DR router needs to be reachable through a single hop because of how OSPF neighbor relationships are formed and how routers communicate with the DR Hellos are established with the multicast address 224.0.0.5, and the DR is reachable at the multicast address 224.0.0.6 Packets destined to these two multicast addresses are not relayed by other routers

Answer 91

The following steps describe how network 192.168.1.0/24, connected to R1, is learned by the LSDBs of routers R2, R3, R4, and R5: Step 1. Router R1 creates a Type 1 LSA for the 192.168.1.0/24 network and floods it into Area 1 Step 2. Router R2 receives the router LSA for 192.168.1.0/24 and places it in the Area 1 LSDB. R2 runs the SPF algorithm to determine the best path to reach the 192.168.1.0/24 network. The best result is placed in R2’s routing table (RIB). Step 3. Router R2 informs Area 0 routers about network 192.168.1.0/24 by injecting a Type 3 LSA about the network into the LSDB of Area 0 and flooding it into Area 0. This LSA includes the cost to reach the 192.168.1.0/24 network, from the perspective of router R2. Step 4. Each of the other Area 0 routers, R3 and R4, receives the Type 3 LSA and adds it to its Area 0 LSDB. These routers run the SPF algorithm to determine the cost to reach R2. This cost is then added to the cost R2 advertised in its Type 3 LSA, and the result is stored in the RIBs Step 5. Router R4 informs Area 2 routers about network 192.168.1.0/24 by injecting a Type 3 LSA about the network into the LSDB of Area 2 and flooding it into Area 2. This LSA includes the cost to reach the 192.168.1.0/24 network, from the perspective of R4. Step 6. Each of the routers in Area 2 receives the Type 3 LSA and adds it to its Area 2 LSDB. These routers run the SPF algorithm to determine the cost to reach R4. This cost is then added to the cost router R4 advertised in its Type 3 LSA, and the result is stored in the RIB of the routers.

Answer 92

With OSPF, manual route summarization is enabled on an area-by-area basis on an ABR and on an ASBR to summarize external routes being injected into an area. Remember that interarea summaries are created on ABRs with the area area-id range ip-prefix command and that external summaries are created on ASBRs with the summary-address ip- prefix/length command When a summary route is created on a router, so is a summary route to Null0:

Answer 93

With OSPF, manual route summarization is enabled on an area-by-area basis on an ABR and on an ASBR to summarize external routes being injected into an area. Remember that interarea summaries are created on ABRs with the area area-id range ip-prefix command and that external summaries are created on ASBRs with the summary-address ip- prefix/length command When a summary route is created on a router, so is a summary route to Null0:

Answer 94

In a multiarea OSPF network, the backbone area (Area 0) must exist, and all other areas must connect to Area 0 If an area is not physically adjacent to Area 0, routes are not successfully learned by all routers in the OSPF domain In some cases, Area 0 may be discontinguous as well, which also leads to routing issues A virtual link can be a temporary solution to connect discontiguous areas to the rest of the OSPF network A virtual link is created between the routers connected to the transit area (Area 1) by using their RIDs and the transit area number The router OSPF configuration mode command on R2 is area 1 virtual-link 4.4.4.4, and the command on R4 is area 1 virtual-link 2.2.2.2 Common virtual link mistakes are, not configuring the area with the transit area or incorrectly configuring the router-ids

Answer 95

show ip ospf virtual-links

Answer 96

OSPF supports only equal-cost load balancing Therefore, when troubleshooting load balancing for OSPF, your two primary points of concern are the overall end-to-end cost and the maximum number of paths permitted for load balancing

Answer 97

BGP neighbour adjacencies must be established manually! Unlike OSPF and EIGRP where adjacencies are dynamically learned BGP is more prone to human error Key difference between internal BGP (iBGP) and external BGP (eBGP)

Answer 98

Interface is down - interface must be up/up Layer 3 connectivity is broken - need to be able to reach the IP address you are trying to form the adjacency with Path to the neighbor is through the default route - must be able to reach the neighbor using a specific route other than the default route Neighbor does not have a route to the local router - the two routers forming a BGP peering must have routes to each other Incorrect neighbor statement - the IP address and ASN in the neighbor ip_address remote-as as_number statement must be accurate. ACLs - an access control list (ACL) or a firewall may be blocking TCP port 179 BGP packets sourced from the wrong IP address - the source IP address of an inbound BGP packet must match the local neighbor statement The TTL (time-to-live) of the BGP packet expires - the peer may be further away than is permitted Mismatched authentication - the two routers must agree on the authentication parameters Misconfigured peer group - peer groups simplify repetitive BGP configurations; however, if not carefully implemented, they can prevent neighbor relationships from forming or routes from being learned Timers - timers do not have to match; however, if the minimum holddown from neighbor option is set, it could prevent a neighbor adjacency

Answer 99

Interface is Down the physical or logical interface with the IP address that is being used to form BGP neighbor relationships must be up/up Layer 3 Connectivity is Broken BGP neighbors do not have to be directly connected or in the same subnet to form a neighbor relationship, but you do need to have Layer 3 connectivity Use the ping command in order to determine if you have Layer 3 connectivity

Answer 100

To form a BGP peering, you use the neighbor ip_address remote-as as_number command in BGP configuration mode There are two very important parts to this command: the address of the peer with which you form the peering and the autonomous system that the peer is in

Answer 101

If there is no route to the IP address specified in the neighbour statement, the state will be IDLE If a route exists, and the TCP handshake completes, a BGP OPEN message is sent If there is no response to the open message, the state will be ACTIVE

Answer 102

The neighbor ip_address remote-as as_number contains two critical components ip_address Used by the router to determine whether the BGP open message came from a router it should establish a BGP peering with The BGP open message has a source IP address, and the source IP address is compared with the address in the local neighbour statement A BGP peer is formed only if these addresses match each other (remember BGP peers are MANUALLY CONFIGURED) By default, the source address is based on the exit interface of the router sending the BGP open message To control the IP address that is used when sending BGP messages, you use the neighbor ip_address update-source interface_type interface_number command

Answer 103

BGP uses TCP port 179 to establish TCP sessions If an access control list (ACL) is blocking TCP port 179 anywhere in the path between the routers attempting to form a BGP peering, the peering does not happen BGP sessions are server/client relationships One router is using port 179 (server), and the other router is using an ephemeral port (client) By default, both routers try to establish a TCP session using the three-way handshake because both routers send a TCP syn packet sourced from an ephemeral port and destined to port 179 When both routers respond with an ACK to the request on port 179, two BGP sessions are created This situation is called a BGP connection collision and the router with the higher BGP RID becomes the server To avoid BGP connection collisions, control the server and client roles right from the start by using the neighbor ip_address transport connection-mode {active | passive} command

Answer 104

By default, an eBGP peering occurs between directly connected routers (1 hop) With an iBGP peering, the routers can be up to 255 router hops from each other and still form a peering If the BGP TTL is not large enough to support the distance required to form a BGP peering, the packet is discarded and no neighbor relationship is formed To solve this issue with eBGP neighbors, you can modify the TTL of eBGP packets by using the neighbor ip_address ebgp-multihop [TTL] command In this case, 2 would be enough to solve the issue

Answer 105

BGP supports Message Digest 5 (MD5) authentication between peers As is typical with authentication, if any of the parameters do not match, a peering does not form

Answer 106

When troubleshooting peer group issues, you need to look for the following possible culprits: You forgot to associate the neighbor ip address with the peer group - After the peer group is created, you need to use the neighbor ip_address peer-group peer_group_ name command to associate the neighbor with the configurations in the peer group The peer group is not configured correctly - It is possible that you overlooked the fact that what works for one neighbor might not work for the other The route filter applied to the group is not appropriate for all the peers - Be careful with filters and make sure they produce the desired results for all neighbors in the peer group Order of operations produces undesired results - If there are conflicting entries between the peer group and a specific neighbor statement, the neighbor statement wins

Answer 107

BGP timers do not have to match This is because BGP uses the lowest timers set between the two neighbors A minimum hold time can be configured on a router to ensure a neighbour with aggressive timers won’t form

Answer 108

Missing or bad network mask command - An accurate network command is needed to advertise routes Next-hop router not reachable - To use a BGP route, the next hop must be reachable BGP split-horizon rule - A router that learns BGP routes through an iBGP peering does not share those routes with another iBGP peer Better source of information - If exactly the same network is learned from a more reliable source, it is used instead of the BGP-learned information Route filtering - A filter might be preventing a route from being shared with neighbors or learned from neighbors To verify the IPv4 unicast BGP-learned routes or routes locally injected into the BGP table, you use the show bgp ipv4 unicast command

Answer 109

Another BGP router advertises them to the local router The network ip_address mask mask command matches an exact route in the local routing table A redistribute command is used to import the route from another local source The summary-address command is used to create a summary route

Answer 110

The network mask command is used to advertise routes into BGP The network/prefix you want to advertise with BGP must be in the routing table from some other source (connected, static, or some other routing protocol) The network mask command must be a perfect match to the network/prefix listed in the routing table

Answer 111

If you are seeing BGP routes in the BGP table, but they are not appearing in the routing table, the router might not be able to reach the next hop Notice that there is no > symbol after the * The * > symbols together indicate a valid (*) best(>) path to reach the network that has been installed in the routing table

Answer 112

Create a static default route on R2 and R3 and advertise it into the Interior Gateway Protocol (IGP) routing protocol Create a static default route on R5 Create a static route on R5 Advertise the next-hop address into the IGP routing protocol BGP also has a built-in option to rectify this issue, the neighbor ip_address next-hop-self command This command allows a router to modify the next hop parameter of an eBGP learned route before that route is re-advertised to an iBGP peer

Answer 113

The BGP split-horizon rule states that a BGP router that receives a BGP route from an iBGP peering shall not advertise that route to another router that is an iBGP peer

Answer 114

Notice that the 10.1.5.0/24, 10.1.12.0/24, and 10.1.13.0/24 networks are best (installed in routing table), as indicated by the > symbol; however, they are not valid They are listed as having a Routing Information Base (RIB) failure, as indicated by the r. A RIB failure means that the BGP route was not able to be installed in the routing table; however, you can clearly see that the route is in the routing table because of the > symbol In this case, the route in the routing table is from a better source.

Answer 115

The show bgp ipv4 unicast neighbors ip_address routes command displays what routes you are receiving from the specified peer, AFTER local filtering has been applied The show bgp ipv4 unicast neighbors ip_address advertised-routes command displays what routes are being advertised to the specified peer, BEFORE filters are applied

Answer 116

Cisco routers review BGP attributes in the following order when deciding which path is the best: Is the Next hop reachable Prefer the highest Weight Prefer the highest Local preference Prefer the route originated by the Local router Prefer the path with the shorter Accumulated Interior Gateway Protocol (AIGP) metric attribute Prefer the shortest AS_Path Prefer the lowest Origin code Prefer the lowest Multi-exit discriminator (MED) Prefer an external Neighbour type over an internal neighbour type Prefer the path through the closest IGP neighbor (lowest IGP metric) Prefer the oldest route for eBGP paths Prefer the path with the lowest neighbor BGP RID Prefer the path with the lowest neighbor IP address

Answer 117

When BGP finds a match, it stops and uses that attribute as the reason for choosing the path as the best—and it looks no further In addition, if the next-hop IP address is not reachable, the router does not even go through the following process because it considers the next hop inaccessible: Step 1. BGP first looks at weight. Higher is better. If the weight is tied, the next attribute is checked. Step 2. Local preference is checked next. Higher is better. If local preference is tied, the next attribute is checked. Step 3. The router checks whether it generated the BGP route. If it did, it is preferred. If it did not generate any of the routes, the next attribute is checked. Step 4. AIGP is checked next only if it’s configured to be used, if not, then the next attribute is checked. Step 5. AS_Path is checked next. The shortest path is preferred. If the AS_Path is tied, the next attribute is checked. Step 6. The origin code is checked next. IGP is better than EGP (the predecessor to BGP), which is better than incomplete. IGP means the route was generated with the network mask or summary- address, incomplete means the route was redistributed into BGP. If the origin code is the same, the next attribute is checked. Step 7. MED (metric) is next. Lower is better. If the MED (metric) is the same for both, the next attribute has to be checked. Step 8. Now eBGP is preferred over iBGP. If this attribute is tied as well, and the next has to be checked. Step 9. The IGP path to the neighbor is compared now. If the metrics are the same, the next attribute has to be checked. Step 10. If they are eBGP paths, the ages of the routes are checked. If both paths are iBGP paths, the next attribute is checked. Step 11. The BGP RIDs are now compared. Lower is better. If the RID is tied, the path through the neighbor with the lower IP address wins.

Answer 118

Like IPv4 addresses, BGP ASNs also have a private range The 2-byte AS range is 64,512 to 65,534, and the 4-byte AS range is 4,200,000,000 to 4,294,967,294 These ASNs can be used for networks that are single-homed or dual-homed to the same ISP, thereby preserving the public ASNs for networks that are multihomed to multiple ISPs It is imperative that the private ASN not be in the AS_Path attribute when the routes are advertised to the Internet (in the global BGP table) because multiple ASs could be using the same private ASN, which would cause issues on the Internet. If private ASNs are being sent into the global BGP table, they need to be stopped You can accomplish this by using the neighbor ip_address remove-private-as command

Answer 119

Be very careful using BGP debug commands, as they can produce a lot of output and increase load on resources debug ip routing – The output from this command shows updates to a router’s IP routing table debug ip bgp - This command can be useful in watching real-time state changes for IPv4 BGP peering relationships debug ip bgp updates - This command produces more detailed output than the debug ip bgp command. Specifically, you can see the content of IPv4 BGP updates

Answer 120

IPv6 routes in BGP can be exchanged over IPv4 TCP sessions or IPv6 TCP sessions In MP-BGP, the neighbors and remote ASNs are identified outside the address family (AF) configuration You then activate the neighbor within the AF with the neighbor ip_address activate command In this example, the IPv6 AF is using an IPv4 neighbor address to establish the TCP session Therefore, the TCP session is IPv4 based The output of show bgp ipv6 unicast summary To verify the IPv6 unicast routes that have been learned from all neighbors, you can issue the show bgp ipv6 unicast command This behaviour occurs in MP-BGP because in IPv6 route cannot have an IPv4 next hop To solve this issue, you need to create a route map that changes the next hop to a valid IPv6 address and attach it to the neighbor statement This MUST be done on the router that is advertising the route, not the router receiving it

Answer 121

If there are multiple points of redistribution between two sources the suboptimal path may be chosen to reach networks

Answer 122

EIGRP does not see the 10 Mbps link, it only sees the seed metric and the EIGRP AS If the result of the traceroute from 10.1.1.0/24 to 192.168.2.0/24 goes through R1, you know that suboptimal routing is occurring because of redistribution You can solve this issue by providing different seed metrics on the boundary routers (R1 and R2 in this case) to ensure that a certain path is preferred because it has a lower overall metric R2’s EIGRP seed metric must be significantly better than R1’s EIGRP seed metric to ensure that R3 chooses the path through R2, even though it is a slower link between R3 and R2 than between R3 and R1 The key is to make sure the traffic avoids the 10 Mbps link.

Answer 123

When redistributing from EIGRP into OSPF, the redistributed routes have a default seed metric of 20 and are classified as E2 routes; therefore, the metric remains as 20 throughout the OSPF domain Load balancing will work only if the forwarding metric to reach the ASBRs are equal in addition to the E2 seed metric being equal as well If a higher seed metric is used on R2, R1 will be used which is suboptimal The default OSPF external metric is type 2 (E2) which is a static cost of 20 for external routes Metric type can be changed to E1, which is the cost to redistribute plus the cumulative cost to reach each ASBR

Answer 124

Based on the topology, you need to be able to recognize that mutual redistribution is occurring at multiple points in the network Based on the connections, you need to be able to recognize the different speeds of the links Based on the routing protocols in use, you need to be able to identify how the seed metric is determined and how it behaves for the different protocols Based on the business requirements, you need to know how to fix the suboptimal routing by manipulating the metrics on the boundary routers with the default-metric command, the metric parameter in the redistribute command, or within a route map

Answer 125

The metric assigned to a route being redistributed into another routing process is called a seed metric The seed metric is needed to communicate relative levels of reachability between dissimilar routing protocols A seed metric can be defined in one of three ways: Using the default-metric command Using the metric parameter with the redistribute command Applying a route map configuration to the redistribute command If multiple seed metrics are defined with the commands, the order of preference is (1) metric defined in the route map that was applied to the redistribute command; (2) metric parameter defined with the redistribute command; (3) metric defined with the default-metric command If a seed metric is not specified, a default seed metric is used.

Answer 126

Two prerequisites must be met for the routes of one IP routing protocol to be redistributed into another IP routing protocol: The route needs to be installed in the IP routing table of the border router (the router performing redistribution) by the protocol being redistributed The destination IP routing protocol needs a reachable metric to assign to the redistributed routes