Stp Flashcards

1
Q

Stp primary/secondary default values

A

If root > 24576 = 24.576

If root < 24476 = highest possible x of 4096

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Stp def int cost

A

10 Gbps 2 2000
1 Gbps 4
100 Mbps 19
10 Mbps 100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Stp timers

A

Hello = 2
MAXage = 10 * hello
Forward delay = 15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Default BID priority

A

32768

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

802.1D port roles

A

Root

Designated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

802.1w port roles

A

Root Alternate
Designated backup
Disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RSTP port states

A

Forwarding
LEARNING
DISCARDING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Stp port states

A

Forwarding
Listening
Learning
Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Stp Root secondary default

A

> root

< Everything else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Default costs of routes

A
0 connected
1 static
20 bgp
90 eigrp
110 ospf
120 rip
200 iBGP
255 unusuable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ospf def costs

A

Serial 64
Ethernet 10
Fast ethernet 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ospf def reference bandwidth

A

100.000 - 100 Mbps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Default max load balancing ospf/eigrp

A

4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Max etherchannel links

A

8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cisco etherchannel protocol / setting

A

Pagp - desirable auto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Def switchport dtp setting

A

Auto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How to change ospf cost

A
  1. Change the bandwidth on the interface (in kbps)
  2. Set cost interface directly 1 - 65.535
  3. Change the reference bandwidth (in Mbps)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Vlan ranges

A

1-1005
(1002-1005 réservés)
1006-4094

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

VTP default settings

A

Server mode
Pruning disabled
Version 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

VTP requirements

A

Must be trunk

VTP domain and pass must match

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

802.1x supplicant?

A

Workstation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

802.1x authenticator

A

LAN SWITCH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Ospf all routers address

A

224.0.0.5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Ospf Dr and bdr address

A

224.0.0.6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
how to advertise networks for ospfv6
Activated per interface, no network commands
26
Ospfv3 neighbor requirements
``` Do not have to be in same subnet Hello dead timers must match Unique RID Same area Auth ```
27
Ospf neighbor requirements
``` Do not have to be in same subnet Hello dead timers must match Unique RID Same area Auth ```
28
DEFAULT OSPF TIMERS
Hello 10 Dead 40 (4x hello) Lsa reflood 30 min
29
Ospf becoming neighbors routine
1. A sends hello to B 2. B learns of A and goes into INIT 3. B sends hello to A 4. A goes into 2-way state 5. A sends hello to B 6. A goes into 2-way state
30
Private IP ranges
A 10.0.0.0 /8 B 172.16.0.0 /12 C 192.168.0.0 /16
31
IP classes
A 1-126 /8 B 128-191 /16 C 192-223 /24 D 224-239
32
ACL ranges
Standard 1-99 1300-1999 Extended 100-199 200-2699
33
Tacacs+ kenmerken
``` TCP port 49 Used for network devices Encrypts pass + whole packet Can limit IOS shell per usergroup Cisco prop ```
34
RADIUS kenmerken
UDP port 1645, 1812 Used mainly for users Encrypts only password RFC2865
35
Where are VLAN commands stored?
VLAN.dat
36
Where are Switchport assignments stored?
Run Con
37
Where are VTP commands stored
VLAN.dat
38
EIGRP variance
Variance is a number (1 to 128), multiplied by the local best metric then includes the routes with the lesser or equal metric. The default Variance value is 1, which means equal-cost load balancing.
39
EIGRP/OSPF max load balancing
16
40
soft ospf area router limit
50
41
How does ospf mulit area reduce routing table and lsa db size?
Route summary
42
Vtp summary advertisement time
5 min
43
VTP: Vlan advertisement request
switch asks for a subset advertisement when the | summary advertisement has a higher revision number than itself
44
vtp subset advertisement
sent when VLAN configuration database has changed
45
K-value binary trick
10 0 / 10100
46
Vector
(aka direction) Next hop router and outgoing interface
47
Metric
measurement of distance
48
Metric value of infinity (rip/ospf/eigrp)
16 for RIP / 2^32 – 1 for EIGRP / 2^24-1 for OSPF
49
When do EIGRP partial update messages get sent
-When link fails -When new route becomes available (only contains new info)
50
EIGRP addr
224.0.0.10
51
Does OSPF use split horizon?
NO
52
EIGRP Three step model
1. Neighbor discovery --> Neighbor table 2. Topology exchange --> topology table 3. Choosing routes , analysis of topology --> Route table
53
EIGRP Neighbor requirements
Authentication Same AS number Same Subnet K-values must match
54
How are EIGRP update messages sent?
- To multicast if multiple routers need it | - To unicast for single addressee
55
What protocol does EIGRP use?
RTP, reliable transport protocol, can resend info in something fails
56
EIGRP Metric calc
((10^7 / least-bandwidth)+cum delay)*256
57
EIGRP Cumulative Delay
Sum of all delay values for all outgoing interfaces. In 'Tens of microseconds'
58
EIGRP Least-bandwidth
lowest bandwidth link in the route expressed in Kbps
59
EIGRP best practices bandwidth settings
Serial links: set to actual L1 speed | LAN interfaces: use defaults
60
Feasible distance (FD) / Reported distance (RD)
FD= Local routers composite metric of the best route to reach a subnet RD: Next hop router's best composite metric
61
EIGRP Successor
Best route to subnet - route in routing table
62
Feasibility condition
If a non-successors RD is less than the FD of the current route in the routing table, the route is a feasible successor.
63
DUAL
Diffusing update algorithm. Used when there is no Feasible successor in EIGRP. - DUAL queries for a loop free route to a subnet and then adds it to the routing table.
64
EIGRP Default timers
Hello: 5 sec Hold: 3x hello (15 )
65
Variance unequal route calculation
IF metric.FS < (Variance * FD ) THEN FS added to routing table
66
Differences between ipv4 and 6 EIGRP
- IPv6 advertises prefixes / IPv4 subnets - show commands use ipv6 keyword - IPv6 neighbors don’t have to be in the same subnet - EIGRP for IPv6 does not have an auto-summary concept
67
EIGRPv6 Shutdown feature
EIGRPv6 Process can be shut or no shut like an interface
68
Which side provides clockrate?
DCE (other side is DTE)
69
Serial link protocols?
HDLC (older) | PPP - additional capabilities like authentication, multilink bundles, and constant link monitoring.
70
Link speed standards (DS0,DS1,DS3)
``` DS0 - 64kbps DS1 - (T1) 1544 kbps E1 - 2048 Kbps DS3 - 44.736 kbps E3 - 34.000 kbps ```
71
Default Serial Link encapsulation?
HDLC
72
Why PPP?
- Definition of header and trailer - Supports synchronous and asynchronous links - Protocol Type field in header - Authentication - Support for multilink - Control protocols for each higher layer protocol
73
PAP kenmerken
- Clear text pass - device 'being authenticated' acts first and just sends over pass - Authenticating device sends ack
74
CHAP kenmerken
- Hashed pass - Authenticating device sends over challenge - Other sends hashed pass - Authenticating device sends ack
75
Why use MLPPP?
- Improve availability - Cheaper - Reduces L3 complexity - Miltiple SE ints look like single int - One subnet between routers - One routing prot neighborship - One route per destination
76
How does MLPPP loadbalancing work?
- Frames get fragemented (one per link) - Smaller pieces get PPP header and trailer to manage fragmentation - Receiving router reassembles the packet
77
Which commands go on PPP multilink?
- Encapsulation - ppp multilink - ip addr - ppp multilink group x
78
Which commands go on SE interface of multilink?
- no ip addr - encapsulation - Authentication - ppp multilink - ppp multilink group x
79
EIGRP ipv6 is ip-address on interface necessary?
No, ipv6 enable on an interface sets the link local address automatically which is enough to form a neighbor-ship
80
Hold-down timer
used by RIP to specify the amount of time to wait before accepting new information when a route goes down
81
What is ISL
Encapsulation used by CISCO ONLY for VLAN information
82
What is an EIGRP active state?
It means the route is actively fucked
83
What is an EIGRP passive state?
A route with a working link is in a passive state
84
DUAL?
EIGRP
85
DIJKSTRA?
OPSF
86
Belman-ford?
RIP
87
Proxy-ARP
proxy device on a given network answers the ARP queries for an IP address that is not on that network. The proxy is aware of the location of the traffic's destination, and offers its own MAC address as the (ostensibly final) destination.
88
Why PPPoE
ISPs use PPP for authentication (through CHAP) and the ability to assign an IP address on the other end. Internet moved to faster DSL lines that connected to ethernet interfaces. A way of transporting PPP over ethernet was needed.
89
PPPoE Dialer MTU setting
1492
90
Default MTU size
1500
91
PPPoE header size
8
92
When using a GRE Tunnel, which device is used as an outgoing interface in the routing table?
The tunnel interface
93
What does an internet VPN do? (2)
- Encrypts the packet | - Encapsulates with a new IP header, using IPs in the unsecured space, making the original IP unreadable
94
2 GRE headers?
- Header to manage the tunnel (GRE) | - Delivery header (20byte IP header) that will be used to route the packet and contains IP in unsecured internet space
95
What is the source address of a tunnel interface?
Address of the physical outgoing interface. Public IP - config possible with interface ID
96
What IP goes on the Tunnel INT?
private IP
97
What is the destination address of a GRE tunnel
address of the physical int on the other side of the link (unsecure IP)
98
Best practice GRE TUN MTU setting?
1400
99
Traceroute with GRE tunnel, what's special?
Will not list any routers in the unsecured part of the route due to encapsulation.
100
Requirement of Destination IP on GRE tunnel
Router must have a route to destination address
101
does GRE use TCP or UDP?
GRE is its own transport protocol.
102
ACL blocking GRE?
-allow ip -allow gre TCP/UDP would not work
103
NLRI
Network Layer reachability information, advertised by BGP
104
iBGP
Connection between routers from the same ISPs (inside the same ASN)
105
eBGP
Connection between routers from different ISPs(different ASNs)
106
How does BGP choose the best path?
Path attributes - different facts about the network
107
Internet edge
connection between ISP and customer
108
Single homed
design with one connection between a customer and one ISP router
109
Dual homed
design with two or more connections between a customer and a single ISP router
110
Mutlihomed
design with connection between a customer and multiple ISPs
111
Default route to ISP, how?
- Static config | - Learned with BGP and redistributed in the network by an iGP
112
BGP transport protocol?
TCP port 179. Starting BGP process opens up port 179 and waits for incoming messages
113
Remove BGP neighbor connection
neighbor A.B.C.D. shutdown -- removes the need to delete all config for that neighbor
114
What is a discard route?
Static discard route can be used to advertise a route with BGP when it is not in the routing table
115
Reason for the network command not to advertise a route in BGP?
BGP network command only advertises networks for which there is a route in the routing table.
116
CADA
Confidentiality (prevent mitm data access) Authentication (verify sender) Data Integrity Anti-Relay (prevent MitM relay)
117
Site 2 site VPN
Using a VPN to send traffic from one site to the other and by using the internet as a WAN by doing so. Packets are encrypted and secured.
118
DMVPN
Cisco Dynamic Multipoint VPN. Multipoint tunnel, a site can send and receive with any other site on the same tunnel
119
NHRP
Next hop resolution protocol. One side of the tunnel acts as a hub and NHRP server (usedin DMVPN)
120
NHRP Server
NExt hop resolution protocol server. Learns information about the different spokes and stores it in a mapping table. Server supplies that info when two spokes need to communicate witht eachother. (used in DMVPN
121
Client VPN
One side uses an application to initiate a connection to a device waiting for client connections. (ASA, web server) ex. Cisco VPN Client)
122
Timeline WAN services
1990: Leased Line 1980: X.25 packet switching 1990: Frame relay 2000: MPLS VPNs 2010: Metro Ethernet
123
MetroEthernet / Carier
- Layer2 service - Ethernet links - Provider forwards ethernet frames from one customer device to another - Acts like an ethernet switch
124
Points of presenece
Location where ethernet switch is places for MetroEthernet. As close to as many customer sites as possible
125
UNI
- User network interface | - Link between customer and ISPs switch in metroE
126
What does ISP switch do in MetroE
- Looks at ethernetheaders | - Looks for802.1q headers
127
Point-to-point / E-Line / Ethernet Line Service
- 2 sites connected with access links - Routers use physical ethernet interfaces in the same subnet (in between the two are ISP switches) - Would become neighbors and exchange routes
128
Ethernet Virtual connection (EVC)
The virtual ethernet connection running through the ISP connecting the customers devices
129
EVC with multiple remote sites
- Central site connects to ISP switch with 10gbs access link - Remote sites all connect to ISP switches - EVC makes it function as if all remote sites were connected to the central site. - Conifg with trunking and subinterfaces
130
Ethernet LAN/Full Mesh
One E-lan allows all devices connected to directly send frames to eachother; One EVC is used to connect all devices
131
E-Tree / partial mesh / hub and spoke / point to multipoint
Central Device van send frames to each remote site but the remote sites can only send to the central site.
132
E-Line L3 config
- Two routers on end of an E-line need to be in same subnet | - 1 subnet per e-line
133
E-Lan L3 config
All routers connected to the same LAN switch are in the same VLAN, same subnet and become neighbors
134
E-Tree L3 config
- All routers have IP in same subnet - Leafs will only form relationship with root site - Packets between the leafs flow through the root site - Additional routing prot config is required
135
CIR
Committed information rate. ISP sells a connection that offers an agreed upon bandwidth.
136
Ethernet Virtual Circuit Bandwidth profile
ex. 1 Gbps line to ISP is used, but the speed for the consumer is only 200 Mbps as agreed upon in the Commited Information Rate (CIR)
137
How is the CIR enforced?
QoS Tools - Ingress Policer. ISP watches incoming traffic and discards if needed - Shaping: Customer uses shaper to tell router to slow down and queue up frames if necessary. Configured at the rate of the CIR
138
MPLS VPN
Does not encrypt data but adds a 'label' between layer 2 and 3 to make sure the data is not send to another customer on the same MPLS network.
139
DSCP EF value
Value in IP header that marks a packet as a VoIP packet. This way the ISP can give the packet higher priority when it moves over the WAN/MPLS
140
HSRP
Hot standby router protocol. Cisco's version of FHRP.
141
FHRP
First hop redundancy protocol . Class of protocols that deals with how the network handles multiple def gateways for redundancy
142
Why use FHRP and multiple def gats
-Avoid single point of failure
143
What does FHRP do
- Multiple routers appear as one def gat - def gats share virtual ip - Hosts use virtual ip as def gat - if router fails, FHRP selects other router
144
HSRP kenmerken
- Cisco - Active/standby - No loadbalancing
145
VRRP kenmerken
RFC 5798 Active/standby Loadbalancing per subnet
146
GLBP
Cisco Active/active Loadbalancing per host
147
Where can HSRP be configured?
- Physical router links - Router trunk subinterfaces - L3 switch SVIs
148
HSRP failover
When a router fails, changes happen on routers and switches. Router takes over virtual IP and mac and sends ethernet broadcast to switches to change mac table.
149
HSRP load balancing
- Active router can be configured per VLAN | - HSRP groups can be configured per subnet
150
HSRP requirement
- Group needs to match - Version needs to match - Virtual IP needs to be in same subnet as phys int. - Interfaces on L2 network must be in same VLAN - ACL can't filter HSRP traffic
151
HSRP address
VI: 224.0.0.2 V2: 224.0.0.102 UDP 1985
152
HSRPv2
-IPv6 support -Shorter Hello timer interval possible More possible groups per interface
153
HSRP Active election
-NO other HSRP routers? active -Exisiting negotiating router? highest priority wins -Existing active router? If 'no preempt' -> standby if preempt and higer prior -> active
154
HSRP tiebreaker
highest IP
155
default HSRP priority
100 (1-255)
156
KVM (context of cloud)
Keyboard, video display or mouse
157
Virtual data center kenmerken
- All hardware in data center is treated as capacity - Each OS is decoupled from hardware - Each piece of hardware can run multiple VMs at the same time
158
Multithreading
Virtually split up each core in multiple threads that then can be used as by a hypervisor as a virtual CPU to run a VM on
159
Bare metal / type 1 hypervisor
Runs directly on the hosts' hardware
160
Hosted / type 2 hypervisor
Runs on top of the primary OS (ex. vmware, virtualbox)
161
ToR switch
Top Of The Rack switch, switch located on top of the server rack
162
EoR switch
Swithes on the end of a row of server stacks. Acts as a distribution switch for the ToR switches
163
Virtual data center workflow (3 steps)
-Customer wants a service (group of VMs) -Virtualization/server engineer uses a GUI or API to set things up -Hypervisor creates a number of VMs and starts them. !!THIS IS NOT CLOUD, CLOUD WOULD NOT HAVE STEP 2!!
164
5 Criteria for Cloud
- On demand / self-service - Scales dynamically - Pool of resources that is dynamically allocated - Variety of network access options - Can be billed on amount used
165
Private Cloud
Service inside a company for internal customers, that meets the 5 criteria
166
Cloud services catalog
Lists anything a user can request from the cloud infrastructure
167
Public cloud
Third party solution offered over network. Broad access positbilities (wan.. vpn..)
168
IaaS
Infrastructure as a Service (IaaS) - Consumer receives the use of a VM - Specs can be chosen (OS, RAM, CPU, etc) - Consumer installs whatever they want on the VM
169
SaaS
Software as a Service (SaaS) - Consumer receives a service with working software - VMs and hardware specs are hidden from consumer - Customer picks application and cloud provider monitors performance
170
Paas
Development Platform as a Service (Paas) - Like IaaS, but besides the OS contains many development tools - including IDE - Continuous integration tools: allow to update code and have that code auto tested and integrated into a larger project.
171
Public Cloud over internet (pros and cons)
Pro - Quick startup - Easy migration - Distributed users: Enterprise users can be scattered across locations and still have easy access Cons - Insecure: vulnerable to MitM attacks - Capacity - No QoS - No WAN SLA possible
172
Public cloud with Private WAN (Pros and Cons)
Pros - Secure - QoS Cons - Expensive - More planning - Migrating is difficult - Capacity
173
Public Cloud with Internet VPN (pros and cons)
Pros - Secure - Easy migration - Quick startup Cons - No QoS - Capacity
174
Intercloud Exchanges (pros and cons)
Pros - Secure - QoS - Easy migration Cons - Planning - Capacity
175
Virtual Network Function (VNF)
Virtual instance of tradition networking device a consumer can use in the cloud and has control over.
176
Cloud DNS services
Cloud provider allocates public IP and creates matching DNS records. -A: enterprise adds this DNS record to their own B: Enterprise points its DNS record to the DNS server of the cloud provider
177
DHCP in the cloud
- Consumer can pick adresses or lets provider choose | - Public IP is NAT'ed to the right private one by the provider
178
Private addressing over WAN (Cloud)
Consumer can ask for their own private IPs only. Subnets get advertised in the rest of the enterprise. Config is done through the catalog or the API.
179
NTP and the cloud
-VNFs and VMs often need to sync time with enterprise and can be configured as NTP clients.
180
4 characteristics of network traffic
-Bandwidth -Delay: One-way delay (time from source to destination 2-way delay -Jitter: difference in delay between consecutive packets -Loss: can happen because of faulty cables but is also part of normal operation. If the queue gets filled, packets are discarded.
181
What traffic characteristics matter for Webapps?
- Jitter and delay | - -> users want a responsive webpage
182
What traffic characteristics matter for file transfer?
Bandwidth and loss, for fast transfer times
183
VoIP
Defines the means tot take the sound made at a telephone and send it inside IP packets over a network
184
VoIP step by step
1. Sound goes into horn 2. A chip (codec) processes the sound to create binary code (160 bytes with g.711 codec) for certain time period (20ms) 3. Phone places data inside UP packet 4. Data gets send to destination IP
185
What traffic characteristics matter for VOIP? + guidelines
Delay: one-way - 150ms Jitter: 30ms Loss: 1%
186
QoS Guidelines for Video
``` Bandwidth: 348Kbps to 20+ Mbps Delay one way: 200-400ms jitter: 30-50 ms loss: 0.1-1% Depends on how dynamic the video is ```
187
When to best perform complex matching?
Early in a packet's life
188
Classification
The process of matching the header fields in a message to make a QoS decision and later marking the message by changing some bits in the header fields
189
Marking
QoS changing one or more header fields and setting a value in the header
190
Trust Boundary
Point in the network from which markings can be trusted. (Typically IP phone, because it sets DSCP and COS fields)
191
DiffServ
Suggested marking values to create a consistent use of DSCP values.
192
Diffserv values
Expedited forwarding (EF) -for IP phone payloads (46) Assured forwarding (AF) -12 DSCP values
193
ACL matching for QoS
- All Fields in TCP/IP header are matchable for classification - BUT not all apps can be matched by well-known ports
194
NBAR
Cisco network based application recognition. Provides build-in matching for over 1000 different subcategories of applications.
195
ToS Byte - DSCP
- Differentiated Services Code Point - Type of Service - byte in IPV4 header. - 6 bits - 64 different values defined by Diffserv - End-to-End packet
196
ToS byte - IPP
- IP Presidence field - Type of Service - Byte in IPV4 header - 3 bits - 8 different values (0-7 in dec) - End-to-End packet
197
CoS / PcP
- Class of Service / Priority Code Point - in the 802.1q header - 3- bit - Over Vlan Trunk
198
TID
- Traffic identifier - 802.1l - 3 bit - over wifi
199
EXP
- Now known as Traffic Class - Field in MPLS Label - 3 bit - Over MPLS Wan
200
Class Selector(CS)
-DSCP values created by -Diffserv for backwards compatibility with IPP. (CS0-CS07)
201
Expedited Forwarding (EF)
-Diffserv value for packets that need low latency, jitter and loss. (ex. VOIP) - decimal: 46
202
Assured Forwarding
12 DSCP valures defined by Diffserv.
203
Congestion Management / Queuing
Toolset for managing queues that hold packets while they wait to exit an interface.
204
Round Robin
Take some from queue 1, move on to next and repeat.
205
Prioritization queuing
one queue gets prior over another.
206
Weighed Round Robin
take more from one queue before moving on to the next and repeat
207
Class-based Weighted Fair Queuing
Each class receives at least the amount of bandwidth that was configured for it in case of congestion. (configured as percentage of link bandwidth)
208
Low Latency Queuing (LLQ)
LLQ tells the scheduler to treat one or more Queues as priority queues so they don't fill up. Results in Little delay, jitter and no loss. (for voice)
209
Queue starvation
Scheduler never gets to service certain queues. Avoid by limiting the amount of traffic send to priority queues by defining the maximum bandwidth a queue can use (instead of minimum )
210
Classifier (QoS)
Sorts marked packets into the right queues
211
Scheduler (QoS)
Decides which packet gets picked from which Queue next when the interface becomes available
212
Priority strat for Voice and Video (6 steps)
1. Round robin for data and non-interactive voice and vid 2. Prioritize business crit apps if needed 3. LLQ Scheduling for int voice and vid 4. put voice and vid in seperate queues 5. Define enough bandwidth for each priority queue to avoid policing 6. Use Call Admission control to avoid policing
213
What does a Policer do
Measures bit rate over time and compares with configed rate. Discards or remarks offending packets
214
Remarking (policing)
a policer can remark offending packets and only discard them if the SPs network experiences congestion on the whole network
215
Shaper
Slows messages down by queuing them
216
Congestion Avoidance Tools
Attempt to reduce overall packet loss by preemptively discarding packets using TCPs own windowing mechanism
217
Full Drop (congestion avoidance)
Congestion avoidance Tool drops all packets when certain treshhold is reached
218
HSRPv1 MAC + group range
0000.0C07.ACxx 0-255
219
HSRPv2 MAC + group range
0000.0C9F.Fxxx 0-4095
220
HSRP protocol + port
UDP 1985
221
IPv6 ACL implicit statements
permit icmp any any nd-na permit icmp any any nd-ns deny ipv6 any any
222
APIC-EM?
- Centralized control of enterprise networking devices through northbound APIs and applications that run as part of APIC-EM itself. - Collects info about the entire network - Does not remove control plane functions from networking devices - Allows for programmability and to send config to your devices
223
APIC-EM applications
- ESA : Enterprise Service Automation - IWAN : Intelligent WAN - PnP : Plug and Play - Path Trace
224
How does APIC-EM control/get info from network devices?
Southbound interface – telnet, ssh, snmp, CDP
225
What does path trace (APIC-EM) do?
Path trace takes a source and destination IP as input and analyzes the forwarding tables in the devices on the network. Show path on topology map.
226
What options can you set in APIC-EM path trace?
- Protocol and port - Periodic refresh - ACL trace
227
What results does APIC-EM path trace show?
Devices in the path Notifications about logic used (Switched for L2 routed for L3) Protocols used in forwarding action (HSRP, OSPF,EIGRP,BGP,SVI,switched)
228
What does ACL trace do?
Takes the path determined by path trace and analyzes any ACLs in that path. Analysis compares packet in your input with the ACLs in the path and determines whether it would be filtered.
229
How are ACL trace results shown?
Icons overlaid on the networking devices - Check box, no color -> no acl - Green check box -> acl permits - Red X box -> acl denies - Triangle with ! > ACL may or may not deny
230
What information does view matching ACEs show you?
- ACL name | - Access control entry that matches the packet
231
SNMP?
App layer protocol that provides a message format for communication between managers and agents
232
SNMP Manager
network mgmt app running on host or server (nms)
233
NMS (snmp)
Network management station - host that runs the SNMP manager
234
SNMP agent
Sofware running inside each device that describes the config status and counters
235
MIB (snmp)
Management information base. Database of variables that make up parameter status and counters on the agent. Inside of NMS
236
Cisco Prime
SNMP application
237
SNMP notifications
Communications send to NMS by agents listing the state of certain variables. (traps or informs)
238
SNMP Traps
SNMP notification type: - Sent by agent to NMS - UDP - Fire and forget..no error recovery - Uses less overhead
239
SNMP trap port
UDP 162
240
SNMP port
UDP 161
241
SNMP informs
SNMP notification type | -app layer reliability added: NMS must ack after receiving or the agent times out and sends again.
242
SNMP OID
Object ID of a variable inside of the Management Information Database.
243
SNMP security (3 facts)
- Use ACLs to limit SNMP messages to known servers - SNMP supports basic clear-test pass - SNMPv3 adds modern security
244
Community strings
- Agent and manager need same string - each Get and Set includes the string - RO: allows get - RW: allows get and set - Notification: allows traps and informs
245
SNMP traps/informs config
- Agent needs 'snmp-server host' referring to the NMS | - Notification community strings need to be configured
246
SNMPv2c
SNMPv2 shipped without community strings but people wanted them, so they were added in v2c
247
SNMPv3 security
- message integrity - Authentication with hashed pass - Encryption (optional)
248
SNMP how to enable informs
Add the keyword 'informs' to the snmp-server host command.
249
SNMP show commands and info
show snmp (lists status and counters, but no config) show snmp community (lists strings as well as ACLs) show snmp host (lists host ip or hostname of configured NMS) show snmp location/contact
250
SNMPv3 kenmerken
- No community srings | - Server groups and server user
251
SNMPv3 three security settings
1. noauth: only checks integrity 2. auth: performs authentication and integrity 3. priv: encrypts, authenticates and checks integrity
252
Default viewstate of SNMP MIB
v1default
253
SPAN
Swtiched Port analyzer makes copies of ethernet frames and sends them out a specific port towards for ex IDS
254
SPAN source port
Port from which SPAN copies frame
255
SPAN destination port
port out which the frames need to be send
256
SPAN session
collection of span rules. Defines source ports as well as the direction of the traffic being copied
257
SPAN Tx
Frames being transmitted
258
SPAN Rx
Frames being received
259
RSPAN
SPAN to a remote destination over L2
260
ERSPAN
Encapsulated RSPAN - span traffic in a tunnel over L3
261
Destination port SPAN
- Can not be a source port - Can not be used in another session - Does not participate in L2 protocols
262
Source port SPAN req
- Trunks - VLAN - Etherchannel - Interfaces - Multiple sources possible - Can not mix interfaces and VLAN
263
SPAN Recommandations
- Catch only what you need - Capture as little as possible - Enabling two directions on two switchports can result in capturing the same frame twice
264
IP SLA
Cisco feature that provides statistics to determine of SLA has been met. Can also be used for troubleshooting.
265
IP SLA specifics
- Runs on router, not end user device - Generates traffic that mimics end user traffic - IP SLA
266
IP SLA life unit of time
seconds
267
IP SLAP icmp-echo config
ip sla 1 icmp-echo 10.1.3.2 source-ip 10.1.1.1 ip sla schedule 1 life forever start-time now
268
ip sla restart number
Resets the counts
269
How is IP SLA history stored?
in a history bucket per operation using one
270
SPAN destination port 'learning'
The port does not transmit any traffic except that traffic required for the SPAN session unless learning is enabled. If learning is enabled, the port also transmits traffic directed to hosts that have been learned on the destination port.
271
Poison reverse
router marks the failed route and sends it out the interface that the route was learnt from (defies split horizon)
272
aaa-new-model
enables AAA services in the local device and allows new commands
273
Etherchannel requirements
Same duplex Same speed Same VLAN configuration (i.e., native VLAN and allowed VLAN should be same) Switch port modes should be same (access or trunk mode)
274
Where does the MPLS header get added?
Between data link header and ip header. Sometimes called a layer 2.5 protocol for this reason.
275
BGP states
Idle: neighbor not up, or waiting for retry Connecting: trying to establish TCP Active: TCP connection est. but no BGP messages send yet OpenSent: Router has sent first BGP message to establish neighborship OpenConfirm: Router has received Open message from other router Established: done
276
Command to enable 802.1x on switchport
authentication port-control {auto | force-authorized | force-unauthorized}
277
HSRP for ipv6 mac address
MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.
278
FHRP protocols
a) HSRP - Cisco B) VRRP - Industry standard D) GLBP - Gateway Load Balancing Protocol, Cisco protocol, adds loadblanacing
279
iOS password encryption types
0: clear text 4: SHA-256 5: MD5 7: Vigenere 8: PBKDF2-SHA-256 9: scrypt
280
All hosts multicast
224.0.0.1
281
All routers multicast
224.0.0.2
282
RIP multicast
224.0.0.9
283
HSRPv2 multicast
224.0.0.102
284
GLBP multicast
224.0.0.102
285
EIGRP neighbor command
- Statically sets neighbor | - Will only send unicast
286
PPPoe Active discovery messages (PADx)
Initiation (PADI) Offer (PADO) Request (PADR) Session (PADS) Termination (PADT)
287
LCP states
An LCP state of open means that LCP was successfully completed, while an LCP state of closed indicates an LCP failure.
288
Three parts of SNMPv3
View: To which OIDs does the group have access? (cf GPO) Group: What kind of access does the user have to which view? R/RW. what PRIV lvl? (auth; noauth, priv) - linked to view User: user pass, name, type of encryption, type of hashing, linked to group
289
OpenFlow
OpenFlow is a communications protocol that gives access to the forwarding plane of a network switch or router over the network.
290
Cisco Open SDN controller
The Cisco Open SDN Controller uses an Open SDN model with an OpenFlow Southbound Interface as defined by the Open Networking Foundation (ONF). The ONF SDN model centralizes most control plane functions. The APIC model for data centers partially centralizes control plane functions. The APIC-EM controller (as of time of publication) makes no changes to the control plane of routers and switches, leaving those to run with a completely distributed control plane.
291
K values
K1 Bandwidth Lowest bandwidth of route K2 Load Worst load on route based on packet rate K3 Delay Cumulative interface delay of route K4 Reliability Worst reliability of route based on keep alive K5 MTU Smallest MTU in path [Not used in route calculation]