Stp Flashcards
Stp primary/secondary default values
If root > 24576 = 24.576
If root < 24476 = highest possible x of 4096
Stp def int cost
10 Gbps 2 2000
1 Gbps 4
100 Mbps 19
10 Mbps 100
Stp timers
Hello = 2
MAXage = 10 * hello
Forward delay = 15
Default BID priority
32768
802.1D port roles
Root
Designated
802.1w port roles
Root Alternate
Designated backup
Disabled
RSTP port states
Forwarding
LEARNING
DISCARDING
Stp port states
Forwarding
Listening
Learning
Blocking
Stp Root secondary default
> root
< Everything else
Default costs of routes
0 connected 1 static 20 bgp 90 eigrp 110 ospf 120 rip 200 iBGP 255 unusuable
Ospf def costs
Serial 64
Ethernet 10
Fast ethernet 1
Ospf def reference bandwidth
100.000 - 100 Mbps
Default max load balancing ospf/eigrp
4
Max etherchannel links
8
Cisco etherchannel protocol / setting
Pagp - desirable auto
Def switchport dtp setting
Auto
How to change ospf cost
- Change the bandwidth on the interface (in kbps)
- Set cost interface directly 1 - 65.535
- Change the reference bandwidth (in Mbps)
Vlan ranges
1-1005
(1002-1005 réservés)
1006-4094
VTP default settings
Server mode
Pruning disabled
Version 1
VTP requirements
Must be trunk
VTP domain and pass must match
802.1x supplicant?
Workstation
802.1x authenticator
LAN SWITCH
Ospf all routers address
224.0.0.5
Ospf Dr and bdr address
224.0.0.6
how to advertise networks for ospfv6
Activated per interface, no network commands
Ospfv3 neighbor requirements
Do not have to be in same subnet Hello dead timers must match Unique RID Same area Auth
Ospf neighbor requirements
Do not have to be in same subnet Hello dead timers must match Unique RID Same area Auth
DEFAULT OSPF TIMERS
Hello 10
Dead 40 (4x hello)
Lsa reflood 30 min
Ospf becoming neighbors routine
- A sends hello to B
- B learns of A and goes into INIT
- B sends hello to A
- A goes into 2-way state
- A sends hello to B
- A goes into 2-way state
Private IP ranges
A 10.0.0.0 /8
B 172.16.0.0 /12
C 192.168.0.0 /16
IP classes
A 1-126 /8
B 128-191 /16
C 192-223 /24
D 224-239
ACL ranges
Standard
1-99
1300-1999
Extended
100-199
200-2699
Tacacs+ kenmerken
TCP port 49 Used for network devices Encrypts pass + whole packet Can limit IOS shell per usergroup Cisco prop
RADIUS kenmerken
UDP port 1645, 1812
Used mainly for users
Encrypts only password
RFC2865
Where are VLAN commands stored?
VLAN.dat
Where are Switchport assignments stored?
Run Con
Where are VTP commands stored
VLAN.dat
EIGRP variance
Variance is a number (1 to 128), multiplied by the local best metric then includes the routes with the lesser or equal metric. The default Variance value is 1, which means equal-cost load balancing.
EIGRP/OSPF max load balancing
16
soft ospf area router limit
50
How does ospf mulit area reduce routing table and lsa db size?
Route summary
Vtp summary advertisement time
5 min
VTP: Vlan advertisement request
switch asks for a subset advertisement when the
summary advertisement has a higher revision number than itself
vtp subset advertisement
sent when VLAN configuration database has changed
K-value binary trick
10 0 / 10100
Vector
(aka direction) Next hop router and outgoing interface
Metric
measurement of distance
Metric value of infinity (rip/ospf/eigrp)
16 for RIP / 2^32 – 1 for EIGRP / 2^24-1 for OSPF
When do EIGRP partial update messages get sent
-When link fails
-When new route becomes available
(only contains new info)
EIGRP addr
224.0.0.10
Does OSPF use split horizon?
NO
EIGRP Three step model
- Neighbor discovery –> Neighbor table
- Topology exchange –> topology table
- Choosing routes , analysis of topology –> Route table
EIGRP Neighbor requirements
Authentication
Same AS number
Same Subnet
K-values must match
How are EIGRP update messages sent?
- To multicast if multiple routers need it
- To unicast for single addressee
What protocol does EIGRP use?
RTP, reliable transport protocol, can resend info in something fails
EIGRP Metric calc
((10^7 / least-bandwidth)+cum delay)*256
EIGRP Cumulative Delay
Sum of all delay values for all outgoing interfaces. In ‘Tens of microseconds’
EIGRP Least-bandwidth
lowest bandwidth link in the route expressed in Kbps
EIGRP best practices bandwidth settings
Serial links: set to actual L1 speed
LAN interfaces: use defaults
Feasible distance (FD) / Reported distance (RD)
FD= Local routers composite metric of the best route to reach a subnet
RD: Next hop router’s best composite metric
EIGRP Successor
Best route to subnet - route in routing table
Feasibility condition
If a non-successors RD is less than the FD of the current route in the routing table, the route is a feasible successor.
DUAL
Diffusing update algorithm. Used when there is no Feasible successor in EIGRP. - DUAL queries for a loop free route to a subnet and then adds it to the routing table.
EIGRP Default timers
Hello: 5 sec
Hold: 3x hello (15 )
Variance unequal route calculation
IF metric.FS < (Variance * FD )
THEN
FS added to routing table
Differences between ipv4 and 6 EIGRP
- IPv6 advertises prefixes / IPv4 subnets
- show commands use ipv6 keyword
- IPv6 neighbors don’t have to be in the same subnet
- EIGRP for IPv6 does not have an auto-summary concept
EIGRPv6 Shutdown feature
EIGRPv6 Process can be shut or no shut like an interface
Which side provides clockrate?
DCE (other side is DTE)
Serial link protocols?
HDLC (older)
PPP - additional capabilities like authentication, multilink bundles, and constant link monitoring.
Link speed standards (DS0,DS1,DS3)
DS0 - 64kbps DS1 - (T1) 1544 kbps E1 - 2048 Kbps DS3 - 44.736 kbps E3 - 34.000 kbps
Default Serial Link encapsulation?
HDLC
Why PPP?
- Definition of header and trailer
- Supports synchronous and asynchronous links
- Protocol Type field in header
- Authentication
- Support for multilink
- Control protocols for each higher layer protocol
PAP kenmerken
- Clear text pass
- device ‘being authenticated’ acts first and just sends over pass
- Authenticating device sends ack
CHAP kenmerken
- Hashed pass
- Authenticating device sends over challenge
- Other sends hashed pass
- Authenticating device sends ack
Why use MLPPP?
- Improve availability
- Cheaper
- Reduces L3 complexity
- Miltiple SE ints look like single int
- One subnet between routers
- One routing prot neighborship
- One route per destination
How does MLPPP loadbalancing work?
- Frames get fragemented (one per link)
- Smaller pieces get PPP header and trailer to manage fragmentation
- Receiving router reassembles the packet
Which commands go on PPP multilink?
- Encapsulation
- ppp multilink
- ip addr
- ppp multilink group x
Which commands go on SE interface of multilink?
- no ip addr
- encapsulation
- Authentication
- ppp multilink
- ppp multilink group x
EIGRP ipv6 is ip-address on interface necessary?
No, ipv6 enable on an interface sets the link local address automatically which is enough to form a neighbor-ship
Hold-down timer
used by RIP to specify the amount of time to wait before accepting new information when a route goes down
What is ISL
Encapsulation used by CISCO ONLY for VLAN information
What is an EIGRP active state?
It means the route is actively fucked
What is an EIGRP passive state?
A route with a working link is in a passive state
DUAL?
EIGRP
DIJKSTRA?
OPSF
Belman-ford?
RIP
Proxy-ARP
proxy device on a given network answers the ARP queries for an IP address that is not on that network. The proxy is aware of the location of the traffic’s destination, and offers its own MAC address as the (ostensibly final) destination.
Why PPPoE
ISPs use PPP for authentication (through CHAP) and the ability to assign an IP address on the other end. Internet moved to faster DSL lines that connected to ethernet interfaces. A way of transporting PPP over ethernet was needed.
PPPoE Dialer MTU setting
1492
Default MTU size
1500
PPPoE header size
8
When using a GRE Tunnel, which device is used as an outgoing interface in the routing table?
The tunnel interface
What does an internet VPN do? (2)
- Encrypts the packet
- Encapsulates with a new IP header, using IPs in the unsecured space, making the original IP unreadable
2 GRE headers?
- Header to manage the tunnel (GRE)
- Delivery header (20byte IP header) that will be used to route the packet and contains IP in unsecured internet space
What is the source address of a tunnel interface?
Address of the physical outgoing interface. Public IP - config possible with interface ID
What IP goes on the Tunnel INT?
private IP
What is the destination address of a GRE tunnel
address of the physical int on the other side of the link (unsecure IP)
Best practice GRE TUN MTU setting?
1400
Traceroute with GRE tunnel, what’s special?
Will not list any routers in the unsecured part of the route due to encapsulation.
Requirement of Destination IP on GRE tunnel
Router must have a route to destination address
does GRE use TCP or UDP?
GRE is its own transport protocol.
ACL blocking GRE?
-allow ip
-allow gre
TCP/UDP would not work
NLRI
Network Layer reachability information, advertised by BGP
iBGP
Connection between routers from the same ISPs (inside the same ASN)
eBGP
Connection between routers from different ISPs(different ASNs)
How does BGP choose the best path?
Path attributes - different facts about the network
Internet edge
connection between ISP and customer
Single homed
design with one connection between a customer and one ISP router
Dual homed
design with two or more connections between a customer and a single ISP router
Mutlihomed
design with connection between a customer and multiple ISPs
Default route to ISP, how?
- Static config
- Learned with BGP and redistributed in the network by an iGP
BGP transport protocol?
TCP port 179. Starting BGP process opens up port 179 and waits for incoming messages
Remove BGP neighbor connection
neighbor A.B.C.D. shutdown – removes the need to delete all config for that neighbor
What is a discard route?
Static discard route can be used to advertise a route with BGP when it is not in the routing table
Reason for the network command not to advertise a route in BGP?
BGP network command only advertises networks for which there is a route in the routing table.
CADA
Confidentiality (prevent mitm data access)
Authentication (verify sender)
Data Integrity
Anti-Relay (prevent MitM relay)
Site 2 site VPN
Using a VPN to send traffic from one site to the other and by using the internet as a WAN by doing so. Packets are encrypted and secured.
DMVPN
Cisco Dynamic Multipoint VPN. Multipoint tunnel, a site can send and receive with any other site on the same tunnel
NHRP
Next hop resolution protocol. One side of the tunnel acts as a hub and NHRP server (usedin DMVPN)
NHRP Server
NExt hop resolution protocol server.
Learns information about the different spokes and stores it in a mapping table. Server supplies that info when two spokes need to communicate witht eachother. (used in DMVPN
Client VPN
One side uses an application to initiate a connection to a device waiting for client connections. (ASA, web server) ex. Cisco VPN Client)
Timeline WAN services
1990: Leased Line
1980: X.25 packet switching
1990: Frame relay
2000: MPLS VPNs
2010: Metro Ethernet
MetroEthernet / Carier
- Layer2 service
- Ethernet links
- Provider forwards ethernet frames from one customer device to another
- Acts like an ethernet switch
Points of presenece
Location where ethernet switch is places for MetroEthernet. As close to as many customer sites as possible
UNI
- User network interface
- Link between customer and ISPs switch in metroE
What does ISP switch do in MetroE
- Looks at ethernetheaders
- Looks for802.1q headers
Point-to-point / E-Line / Ethernet Line Service
- 2 sites connected with access links
- Routers use physical ethernet interfaces in the same subnet (in between the two are ISP switches)
- Would become neighbors and exchange routes
Ethernet Virtual connection (EVC)
The virtual ethernet connection running through the ISP connecting the customers devices
EVC with multiple remote sites
- Central site connects to ISP switch with 10gbs access link
- Remote sites all connect to ISP switches
- EVC makes it function as if all remote sites were connected to the central site.
- Conifg with trunking and subinterfaces
Ethernet LAN/Full Mesh
One E-lan allows all devices connected to directly send frames to eachother; One EVC is used to connect all devices
E-Tree / partial mesh / hub and spoke / point to multipoint
Central Device van send frames to each remote site but the remote sites can only send to the central site.
E-Line L3 config
- Two routers on end of an E-line need to be in same subnet
- 1 subnet per e-line
E-Lan L3 config
All routers connected to the same LAN switch are in the same VLAN, same subnet and become neighbors
E-Tree L3 config
- All routers have IP in same subnet
- Leafs will only form relationship with root site
- Packets between the leafs flow through the root site
- Additional routing prot config is required
CIR
Committed information rate. ISP sells a connection that offers an agreed upon bandwidth.
Ethernet Virtual Circuit Bandwidth profile
ex. 1 Gbps line to ISP is used, but the speed for the consumer is only 200 Mbps as agreed upon in the Commited Information Rate (CIR)
How is the CIR enforced?
QoS Tools
- Ingress Policer. ISP watches incoming traffic and discards if needed
- Shaping: Customer uses shaper to tell router to slow down and queue up frames if necessary. Configured at the rate of the CIR
MPLS VPN
Does not encrypt data but adds a ‘label’ between layer 2 and 3 to make sure the data is not send to another customer on the same MPLS network.
DSCP EF value
Value in IP header that marks a packet as a VoIP packet. This way the ISP can give the packet higher priority when it moves over the WAN/MPLS
HSRP
Hot standby router protocol. Cisco’s version of FHRP.
FHRP
First hop redundancy protocol . Class of protocols that deals with how the network handles multiple def gateways for redundancy
Why use FHRP and multiple def gats
-Avoid single point of failure
What does FHRP do
- Multiple routers appear as one def gat
- def gats share virtual ip
- Hosts use virtual ip as def gat
- if router fails, FHRP selects other router
HSRP kenmerken
- Cisco
- Active/standby
- No loadbalancing
VRRP kenmerken
RFC 5798
Active/standby
Loadbalancing per subnet
GLBP
Cisco
Active/active
Loadbalancing per host
Where can HSRP be configured?
- Physical router links
- Router trunk subinterfaces
- L3 switch SVIs
HSRP failover
When a router fails, changes happen on routers and switches. Router takes over virtual IP and mac and sends ethernet broadcast to switches to change mac table.
HSRP load balancing
- Active router can be configured per VLAN
- HSRP groups can be configured per subnet
HSRP requirement
- Group needs to match
- Version needs to match
- Virtual IP needs to be in same subnet as phys int.
- Interfaces on L2 network must be in same VLAN
- ACL can’t filter HSRP traffic
HSRP address
VI: 224.0.0.2
V2: 224.0.0.102
UDP 1985
HSRPv2
-IPv6 support
-Shorter Hello timer interval possible
More possible groups per interface
HSRP Active election
-NO other HSRP routers? active
-Exisiting negotiating router? highest priority wins
-Existing active router?
If ‘no preempt’ -> standby
if preempt and higer prior -> active
HSRP tiebreaker
highest IP
default HSRP priority
100 (1-255)
KVM (context of cloud)
Keyboard, video display or mouse
Virtual data center kenmerken
- All hardware in data center is treated as capacity
- Each OS is decoupled from hardware
- Each piece of hardware can run multiple VMs at the same time
Multithreading
Virtually split up each core in multiple threads that then can be used as by a hypervisor as a virtual CPU to run a VM on
Bare metal / type 1 hypervisor
Runs directly on the hosts’ hardware
Hosted / type 2 hypervisor
Runs on top of the primary OS (ex. vmware, virtualbox)
ToR switch
Top Of The Rack switch, switch located on top of the server rack
EoR switch
Swithes on the end of a row of server stacks. Acts as a distribution switch for the ToR switches
Virtual data center workflow (3 steps)
-Customer wants a service (group of VMs)
-Virtualization/server engineer uses a GUI or API to set things up
-Hypervisor creates a number of VMs and starts them.
!!THIS IS NOT CLOUD, CLOUD WOULD NOT HAVE STEP 2!!
5 Criteria for Cloud
- On demand / self-service
- Scales dynamically
- Pool of resources that is dynamically allocated
- Variety of network access options
- Can be billed on amount used
Private Cloud
Service inside a company for internal customers, that meets the 5 criteria
Cloud services catalog
Lists anything a user can request from the cloud infrastructure
Public cloud
Third party solution offered over network. Broad access positbilities (wan.. vpn..)
IaaS
Infrastructure as a Service (IaaS)
- Consumer receives the use of a VM
- Specs can be chosen (OS, RAM, CPU, etc)
- Consumer installs whatever they want on the VM
SaaS
Software as a Service (SaaS)
- Consumer receives a service with working software
- VMs and hardware specs are hidden from consumer
- Customer picks application and cloud provider monitors performance
Paas
Development Platform as a Service (Paas)
- Like IaaS, but besides the OS contains many development tools
- including IDE
- Continuous integration tools: allow to update code and have that code auto tested and integrated into a larger project.
Public Cloud over internet (pros and cons)
Pro
- Quick startup
- Easy migration
- Distributed users: Enterprise users can be scattered across locations and still have easy access
Cons
- Insecure: vulnerable to MitM attacks
- Capacity
- No QoS
- No WAN SLA possible
Public cloud with Private WAN (Pros and Cons)
Pros
- Secure
- QoS
Cons
- Expensive
- More planning
- Migrating is difficult
- Capacity
Public Cloud with Internet VPN (pros and cons)
Pros
- Secure
- Easy migration
- Quick startup
Cons
- No QoS
- Capacity
Intercloud Exchanges (pros and cons)
Pros
- Secure
- QoS
- Easy migration
Cons
- Planning
- Capacity
Virtual Network Function (VNF)
Virtual instance of tradition networking device a consumer can use in the cloud and has control over.
Cloud DNS services
Cloud provider allocates public IP and creates matching DNS records.
-A: enterprise adds this DNS record to their own
B: Enterprise points its DNS record to the DNS server of the cloud provider
DHCP in the cloud
- Consumer can pick adresses or lets provider choose
- Public IP is NAT’ed to the right private one by the provider
Private addressing over WAN (Cloud)
Consumer can ask for their own private IPs only. Subnets get advertised in the rest of the enterprise. Config is done through the catalog or the API.
NTP and the cloud
-VNFs and VMs often need to sync time with enterprise and can be configured as NTP clients.
4 characteristics of network traffic
-Bandwidth
-Delay:
One-way delay (time from source to destination
2-way delay
-Jitter: difference in delay between consecutive packets
-Loss: can happen because of faulty cables but is also part of normal operation. If the queue gets filled, packets are discarded.
What traffic characteristics matter for Webapps?
- Jitter and delay
- -> users want a responsive webpage
What traffic characteristics matter for file transfer?
Bandwidth and loss, for fast transfer times
VoIP
Defines the means tot take the sound made at a telephone and send it inside IP packets over a network
VoIP step by step
- Sound goes into horn
- A chip (codec) processes the sound to create binary code (160 bytes with g.711 codec) for certain time period (20ms)
- Phone places data inside UP packet
- Data gets send to destination IP
What traffic characteristics matter for VOIP? + guidelines
Delay: one-way - 150ms
Jitter: 30ms
Loss: 1%
QoS Guidelines for Video
Bandwidth: 348Kbps to 20+ Mbps Delay one way: 200-400ms jitter: 30-50 ms loss: 0.1-1% Depends on how dynamic the video is
When to best perform complex matching?
Early in a packet’s life
Classification
The process of matching the header fields in a message to make a QoS decision and later marking the message by changing some bits in the header fields
Marking
QoS changing one or more header fields and setting a value in the header
Trust Boundary
Point in the network from which markings can be trusted. (Typically IP phone, because it sets DSCP and COS fields)
DiffServ
Suggested marking values to create a consistent use of DSCP values.
Diffserv values
Expedited forwarding (EF)
-for IP phone payloads (46)
Assured forwarding (AF)
-12 DSCP values
ACL matching for QoS
- All Fields in TCP/IP header are matchable for classification
- BUT not all apps can be matched by well-known ports
NBAR
Cisco network based application recognition. Provides build-in matching for over 1000 different subcategories of applications.
ToS Byte - DSCP
- Differentiated Services Code Point
- Type of Service
- byte in IPV4 header.
- 6 bits
- 64 different values defined by Diffserv
- End-to-End packet
ToS byte - IPP
- IP Presidence field
- Type of Service
- Byte in IPV4 header
- 3 bits
- 8 different values (0-7 in dec)
- End-to-End packet
CoS / PcP
- Class of Service / Priority Code Point
- in the 802.1q header
- 3- bit
- Over Vlan Trunk
TID
- Traffic identifier
- 802.1l
- 3 bit
- over wifi
EXP
- Now known as Traffic Class
- Field in MPLS Label
- 3 bit
- Over MPLS Wan
Class Selector(CS)
-DSCP values created by -Diffserv for backwards compatibility with IPP. (CS0-CS07)
Expedited Forwarding (EF)
-Diffserv value for packets that need low latency, jitter and loss. (ex. VOIP) - decimal: 46
Assured Forwarding
12 DSCP valures defined by Diffserv.
Congestion Management / Queuing
Toolset for managing queues that hold packets while they wait to exit an interface.
Round Robin
Take some from queue 1, move on to next and repeat.
Prioritization queuing
one queue gets prior over another.
Weighed Round Robin
take more from one queue before moving on to the next and repeat
Class-based Weighted Fair Queuing
Each class receives at least the amount of bandwidth that was configured for it in case of congestion. (configured as percentage of link bandwidth)
Low Latency Queuing (LLQ)
LLQ tells the scheduler to treat one or more Queues as priority queues so they don’t fill up. Results in Little delay, jitter and no loss. (for voice)
Queue starvation
Scheduler never gets to service certain queues.
Avoid by limiting the amount of traffic send to priority queues by defining the maximum bandwidth a queue can use (instead of minimum )
Classifier (QoS)
Sorts marked packets into the right queues
Scheduler (QoS)
Decides which packet gets picked from which Queue next when the interface becomes available
Priority strat for Voice and Video (6 steps)
- Round robin for data and non-interactive voice and vid
- Prioritize business crit apps if needed
- LLQ Scheduling for int voice and vid
- put voice and vid in seperate queues
- Define enough bandwidth for each priority queue to avoid policing
- Use Call Admission control to avoid policing
What does a Policer do
Measures bit rate over time and compares with configed rate. Discards or remarks offending packets
Remarking (policing)
a policer can remark offending packets and only discard them if the SPs network experiences congestion on the whole network
Shaper
Slows messages down by queuing them
Congestion Avoidance Tools
Attempt to reduce overall packet loss by preemptively discarding packets using TCPs own windowing mechanism
Full Drop (congestion avoidance)
Congestion avoidance Tool drops all packets when certain treshhold is reached
HSRPv1 MAC + group range
0000.0C07.ACxx 0-255
HSRPv2 MAC + group range
0000.0C9F.Fxxx 0-4095
HSRP protocol + port
UDP 1985
IPv6 ACL implicit statements
permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any
APIC-EM?
- Centralized control of enterprise networking devices through northbound APIs and applications that run as part of APIC-EM itself.
- Collects info about the entire network
- Does not remove control plane functions from networking devices
- Allows for programmability and to send config to your devices
APIC-EM applications
- ESA : Enterprise Service Automation
- IWAN : Intelligent WAN
- PnP : Plug and Play
- Path Trace
How does APIC-EM control/get info from network devices?
Southbound interface – telnet, ssh, snmp, CDP
What does path trace (APIC-EM) do?
Path trace takes a source and destination IP as input and analyzes the forwarding tables in the devices on the network. Show path on topology map.
What options can you set in APIC-EM path trace?
- Protocol and port
- Periodic refresh
- ACL trace
What results does APIC-EM path trace show?
Devices in the path
Notifications about logic used (Switched for L2 routed for L3)
Protocols used in forwarding action (HSRP, OSPF,EIGRP,BGP,SVI,switched)
What does ACL trace do?
Takes the path determined by path trace and analyzes any ACLs in that path. Analysis compares packet in your input with the ACLs in the path and determines whether it would be filtered.
How are ACL trace results shown?
Icons overlaid on the networking devices
- Check box, no color -> no acl
- Green check box -> acl permits
- Red X box -> acl denies
- Triangle with ! > ACL may or may not deny
What information does view matching ACEs show you?
- ACL name
- Access control entry that matches the packet
SNMP?
App layer protocol that provides a message format for communication between managers and agents
SNMP Manager
network mgmt app running on host or server (nms)
NMS (snmp)
Network management station - host that runs the SNMP manager
SNMP agent
Sofware running inside each device that describes the config status and counters
MIB (snmp)
Management information base. Database of variables that make up parameter status and counters on the agent. Inside of NMS
Cisco Prime
SNMP application
SNMP notifications
Communications send to NMS by agents listing the state of certain variables. (traps or informs)
SNMP Traps
SNMP notification type:
- Sent by agent to NMS
- UDP
- Fire and forget..no error recovery
- Uses less overhead
SNMP trap port
UDP 162
SNMP port
UDP 161
SNMP informs
SNMP notification type
-app layer reliability added: NMS must ack after receiving or the agent times out and sends again.
SNMP OID
Object ID of a variable inside of the Management Information Database.
SNMP security (3 facts)
- Use ACLs to limit SNMP messages to known servers
- SNMP supports basic clear-test pass
- SNMPv3 adds modern security
Community strings
- Agent and manager need same string
- each Get and Set includes the string
- RO: allows get
- RW: allows get and set
- Notification: allows traps and informs
SNMP traps/informs config
- Agent needs ‘snmp-server host’ referring to the NMS
- Notification community strings need to be configured
SNMPv2c
SNMPv2 shipped without community strings but people wanted them, so they were added in v2c
SNMPv3 security
- message integrity
- Authentication with hashed pass
- Encryption (optional)
SNMP how to enable informs
Add the keyword ‘informs’ to the snmp-server host command.
SNMP show commands and info
show snmp (lists status and counters, but no config)
show snmp community (lists strings as well as ACLs)
show snmp host (lists host ip or hostname of configured NMS)
show snmp location/contact
SNMPv3 kenmerken
- No community srings
- Server groups and server user
SNMPv3 three security settings
- noauth: only checks integrity
- auth: performs authentication and integrity
- priv: encrypts, authenticates and checks integrity
Default viewstate of SNMP MIB
v1default
SPAN
Swtiched Port analyzer makes copies of ethernet frames and sends them out a specific port towards for ex IDS
SPAN source port
Port from which SPAN copies frame
SPAN destination port
port out which the frames need to be send
SPAN session
collection of span rules. Defines source ports as well as the direction of the traffic being copied
SPAN Tx
Frames being transmitted
SPAN Rx
Frames being received
RSPAN
SPAN to a remote destination over L2
ERSPAN
Encapsulated RSPAN - span traffic in a tunnel over L3
Destination port SPAN
- Can not be a source port
- Can not be used in another session
- Does not participate in L2 protocols
Source port SPAN req
- Trunks
- VLAN
- Etherchannel
- Interfaces
- Multiple sources possible
- Can not mix interfaces and VLAN
SPAN Recommandations
- Catch only what you need
- Capture as little as possible
- Enabling two directions on two switchports can result in capturing the same frame twice
IP SLA
Cisco feature that provides statistics to determine of SLA has been met. Can also be used for troubleshooting.
IP SLA specifics
- Runs on router, not end user device
- Generates traffic that mimics end user traffic
- IP SLA
IP SLA life unit of time
seconds
IP SLAP icmp-echo config
ip sla 1
icmp-echo 10.1.3.2 source-ip 10.1.1.1
ip sla schedule 1 life forever start-time now
ip sla restart number
Resets the counts
How is IP SLA history stored?
in a history bucket per operation using one
SPAN destination port ‘learning’
The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. If learning is enabled, the port also transmits traffic directed to hosts that have been learned on the destination port.
Poison reverse
router marks the failed route and sends it out the interface that the
route was learnt from (defies split horizon)
aaa-new-model
enables AAA services in the local device and allows new commands
Etherchannel requirements
Same duplex
Same speed
Same VLAN configuration (i.e., native VLAN and allowed VLAN should be same)
Switch port modes should be same (access or trunk mode)
Where does the MPLS header get added?
Between data link header and ip header. Sometimes called a layer 2.5 protocol for this reason.
BGP states
Idle: neighbor not up, or waiting for retry
Connecting: trying to establish TCP
Active: TCP connection est. but no BGP messages send yet
OpenSent: Router has sent first BGP message to establish neighborship
OpenConfirm: Router has received Open message from other router
Established: done
Command to enable 802.1x on switchport
authentication port-control {auto | force-authorized | force-unauthorized}
HSRP for ipv6 mac address
MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.
FHRP protocols
a) HSRP - Cisco
B) VRRP - Industry standard
D) GLBP - Gateway Load Balancing Protocol, Cisco protocol, adds loadblanacing
iOS password encryption types
0: clear text
4: SHA-256
5: MD5
7: Vigenere
8: PBKDF2-SHA-256
9: scrypt
All hosts multicast
224.0.0.1
All routers multicast
224.0.0.2
RIP multicast
224.0.0.9
HSRPv2 multicast
224.0.0.102
GLBP multicast
224.0.0.102
EIGRP neighbor command
- Statically sets neighbor
- Will only send unicast
PPPoe Active discovery messages (PADx)
Initiation (PADI)
Offer (PADO)
Request (PADR)
Session (PADS)
Termination (PADT)
LCP states
An LCP state of open means that LCP was successfully completed, while an LCP state of closed indicates an LCP failure.
Three parts of SNMPv3
View: To which OIDs does the group have access? (cf GPO)
Group: What kind of access does the user have to which view? R/RW. what PRIV lvl? (auth; noauth, priv) - linked to view
User: user pass, name, type of encryption, type of hashing, linked to group
OpenFlow
OpenFlow is a communications protocol that gives access to the forwarding plane of a network switch or router over the network.
Cisco Open SDN controller
The Cisco Open SDN Controller uses an Open SDN model with an OpenFlow Southbound Interface as defined by the Open Networking Foundation (ONF). The ONF SDN model centralizes most control plane functions. The APIC model for data centers partially centralizes control plane functions. The APIC-EM controller (as of time of publication) makes no changes to the control plane of routers and switches, leaving those to run with a completely distributed control plane.
K values
K1 Bandwidth Lowest bandwidth of route
K2 Load Worst load on route based on packet rate
K3 Delay Cumulative interface delay of route
K4 Reliability Worst reliability of route based on keep alive
K5 MTU Smallest MTU in path [Not used in route calculation]
