Securing Networks Flashcards
What’s the difference between standard ACL and Extended ACL
Standard ACL 1-99 only looks at source address for traffic filtering, while Extended ACL looks at both source address and destination address for traffic filtering
What’s the implicit condition of an ACL
there is an implicit deny any at the bottom of any ACL
What protocol is HTTP under
TCP
What protocol is HTTP under
TCP
What’s the max number of ACLs on an interface
one inward max one outward max
How is an ACL executed
Lower number to higher number, more specific should be placed at the top
Place a range of ports in an unused VLAN
create vlan 999
int range fa 0/1 - 24
switchport access?
What is the IEEE standard for a VLAN
IEEE 802.1q
What is a native VLAN
A VLAN on a IEEE 802.1q trunk whose frames are not tagged
What is a typical VLAN port
Port 1
What does AAA stand for
Authentication, Authorization, Accounting
What are the three components of 802.1x
Supplicant: asks permission for network access
Authenticator
Authentication Server
1. Authenticator sends challenge
2. Supplicant sends Username/Password
3. Authentication Server sends Authorization
What is the difference between TACACS+ vs RADIUS
TACACS+ is a Cisco proprietary protocol, Separates A’s into separate tasks, 2 way challenge, encrypts whole packet, uses TCP
RADIUS uses UDP, all A’s in one function, one way challenge, only encrypts password
What is DHCP Snooping
When we allow a switch port to reject packets if that port is set to an untrusted state
What is an ip helper-address for?
If the DHCP server is in a different VLAN compared to where the router or host is, it can set the helper-address to the address of the DHCP server