WAN Flashcards
1
Q
connectionless WAN system
A
i.e. internets
carries full addressing info in each packet
2
Q
connection oriented WAN system
A
- predetermines packet’s route
- each packet only carries an identifier such as Data Link Connection Identifiers (DLCIs)
3
Q
metro ethernet
A
use IP aware ethernet switches in the service provider’s network cloud to offer converged voice, data, and video services at ethernet speeds
4
Q
3 classes of VPN protocols
A
carrier protocol-protocol over which info travels (frame-relay, ATM, MPLS)
encapsulation protocol-protocol that is wrapped around data (GRE, IPsec, L2F, PPTP, L2TP_
passenger protocol-protocol over which original data was carried (IPX, Appletalk, IPv4/6)
5
Q
HMAC
A
keyed hashed message authentication code
-data integrity algorithm used by VPNs
6
Q
VPN Authentication methods
A
PSK (pre-shared key) secret key is shared between 2 parties using secure channel
RSA signature: uses exchange of digital certificates
7
Q
4 IPsec squares administrators must fill
A
- IPsec protocol
- encryption algorithm
- authentication algorithm
- DH (diffie-hellman) group which handles key exchange
8
Q
CPE
A
Customer premises equipment, self explanatory
9
Q
Demarcation point
A
Where service providers responsibility ends and CPE begins
10
Q
Local loop
A
Connects demarc to central office
11
Q
Digital signal 0(DS0)
A
64 Kbps
12
Q
T1
A
DS1, containes 24 DS0 circuits, 1.544 Mbps
13
Q
E1
A
European equivalent of t1, 2.048 Mbps
14
Q
T3
A
DS3
28 DS1’s or 672 DS0’s
44.736 Mbps
15
Q
OC-3
A
Optical carrier 3
Fiber
3 DS3’s
155.52 Mbps
16
Q
OC-12
A
4 OC-3’s
622.08 Mbps
17
Q
OC-48
A
4 OC-12’s
2488.32 Mbps
18
Q
Frame relay
A
Packet switched
19
Q
ISDN
A
Integrated services digital network
Uses phone lines
Faster than pots
20
Q
HDLC
A
High-level data-link control
Data link protocol
21
Q
PPP
A
Point to point protocol
Uses link control protocol(lcp)
To manage data link connections
Network control protocol(ncp) is used to allow multiple upper layer protocols to be used
22
Q
PPPoE
A
Point to point protocol over ethernet
23
Q
LCP
A
Link control protocol
Method of establishing, configuring, and maintaining and terminating point to point connections
24
Q
NCP
A
Network control protocol
Method of establishing and configuring different network layer protocols for transport across the PPP link
25
LCP configuration options
```
Authentication
Compression
Error detection
Multilink
PPP callback
```
26
PPP session establishment steps
Link-establishment phase
Authentication phase(if used)
Network layer protocol phase
27
Frame relay access rate
Maximum speed at which frame relay interface can transmit
28
Frame relay CIR
Committed information rate
| Max bandwidth of data guaranteed to be delivered
29
Configure frame relay on Cisco router
Use encapsulation frame-relay command on serial interface
30
DLCI
Data link connection identifiers
Identifies the virtual circuit in frame relay circuita
31
Inverse ARP (IARP)
Maps a known DLCI to an IP address
32
Commonly used frame relay show commands
Show frame-relay lmi, PVC, and map
33
PVC status active
Switch is correctly programmed with the DLCI and there is a successful DTE-to-DTE circuit(router to router)
34
PVC status inactive
Router is connected to the switch(DTE to DCE) but there's not a connection to the far end router (DTE)
Can be a router or switch issue
35
PVC status deleted
The router(DTE) is configured for a DLCI that the switch (DCE) does not recognize or is not configured correctly
36
Troubleshooting frame relay
Check encapsulation type (Cisco or ietf) matches
Check frame relay mappings
Check to see if broadcasts need to be allowed (they aren't on by default) for routing updates
37
Layer 2 forwarding(L2F)
Cisco proprietary tunneling protocol
| Old
38
Point-to-point tunneling protocol(PPTP)
Created by Microsoft to allow secure transfer of data from remote networks to the corporate network
39
Layer 2 tunneling protocol(L2TP)
Creates by Cisco and Microsoft to replace L2F and PPTP. Merged the capabilities of both L2F and PPTP into one protocol
40
generic routing encapsulation(GRE)
Cisco proprietary tunneling protocol. Forms virtual point-to-point links, allowing a variety of protocols to be encapsulated in IP tunnels
41
2 primary IPSec security protocols
```
Authentication header(ah)
Encapsulating security payload(ESP)
```
42
4 services of ESP encapsulating security payload
Confidentiality
Data origin authentication and connection less integrity
Anti-replay service
Traffic flow
43
Which interface provides clocking, DTE or DCE?
DCE
44
command used to view physical information about serial interface, such as the type of cable connected
show controller *interface #*
45
command to set serial encapsulation to HDLC
in interface configuration mode
| encapsulation HDLC
46
What are the 3 basic components of PPP
A method for encapsulating multiprotocol datagrams
An LCP for establishing, configuring, and testing the data-link connection
A family of NCP for establishing and configuring different network layer protocols
47
command to set serial interface in PPP mode
encapsulation ppp
48
What is PAP?
password authentication protocol
username and password sent in cleartext
49
2 types of devices connected frame relay network
DTE - customer side
| DCE - service providor side, provides clocking
50
What does local access rate mean in Frame Relay parlance?
The connection speed from the local loop to the frame relay cloud
51
What is a PVC?
permanent virtual circuit, for frame-relay
52
What is an SVC?
switched virtual circuit, for frame-relay but most commonly used in X.25 circuits.
53
What is a DLCI?
The DLCI contains a 10-bit number in the address field of the Frame Relay frame header that identifies the VC. DLCIs have only local significance because the identifier references the point between the local router and the local Frame Relay switch to which the DLCI is connected
54
What is the frame relay CIR?
committed information rate
| specifies the maximum average data rate that the network undertakes to deliver under normal conditions.
55
What is inverse ARP?
used in frame relay to discover the network address of the remote DTE from the DLCI. maps DLCI to IP
56
what is LMI in frame relay?
Local Management Interface. Set of enhancements to the basic Frame Relay specification. LMI includes support for a keepalive mechanism, which verifies that data is flowing; a multicast mechanism, which provides the network server with its local DLCI and the multicast DLCI; global addressing, which gives DLCIs global rather than local significance in Frame Relay networks; and a status mechanism, which provides an on-going status report on the DLCIs known to the switch. Known as LMT in ANSI terminology.
57
formula to calculate the number of PVCs needed for a full mesh frame relay topology
The formula n x (n - 1) / 2 describes how to calculate the total number of links that are required to achieve a full-mesh topology, where n is the number of nodes. In a small network of 4 nodes, only 6 PVCs are required: 4 x (4 - 1) / 2 = 6.
58
How to prevent spoke routers from becoming OSPF BDR over frame relay
configure the interface facing the hub with a priority of 0
59
How to configure hub router interface to avoid split horizon issues?
use multiple point to point subinterfaces
60
what number assignments are possible for DLCIs?
DLCI numbers 0 (zero) and 1023 are reserved for management.
DLCI numbers 1 to 15 and 1008 to 1022 are reserved for future use.
DLCI numbers 992 to 1007 are reserved for Layer 2 management of Frame Relay bearer service.
DLCI numbers 16 to 991 are assigned to customer endpoints in a Frame Relay network.
61
what are the 3 LMI types?
Cisco
ANSI
Q.933A
62
what are the 3 possible frame-relay VC statuses?
Active: Indicates that the VC connection is active and that routers can exchange data over the Frame Relay network
Inactive: Indicates that the local connection to the Frame Relay switch is working, but the remote router connection to the remote Frame Relay switch is not working
Deleted: Indicates that either no LMI is being received from the Frame Relay switch, or there is no service between the router and the local Frame Relay switch
63
In what situations to you need to configure static frame-relay mappings
A Frame Relay peer does not support Inverse ARP.
You want to control broadcast traffic across a PVC.
You need to support different Frame Relay encapsulations across PVCs.
64
how to configure point to point frame relay subinterfaces
To configure point-to-point Frame Relay subinterfaces, first enable Frame Relay encapsulation on the physical interface. Then create a point-to-point subinterface and assign an IP address, bandwidth, and DLCI to the subinterface
65
command to bind DLCI to frame relay subinterface
frame-relay interface-dlci *dlci#*
66
BR1(router)# interface Serial0/0/0
BR1(router-if)# no ip address
BR1(router-if)# encapsulation frame-relay
BR1(router-if)# no shutdown
BR1(router-if)# interface Serial0/0/0.210 point-to-point
BR1(router-subif)# ip address 10.1.1.2 255.255.255.252
BR1(router-subif)# bandwidth 256
BR1(router-subif)# frame-relay interface-dlci 210
BR1(router)# interface Serial0/0/0
BR1(router-if)# no ip address
BR1(router-if)# encapsulation frame-relay
BR1(router-if)# no shutdown
BR1(router-if)# interface Serial0/0/0.210 point-to-point
BR1(router-subif)# ip address 10.1.1.2 255.255.255.252
BR1(router-subif)# bandwidth 256
BR1(router-subif)# frame-relay interface-dlci 210
67
process to configure multipoint frame relay subinterfaces
When configuring Frame Relay multipoint subinterfaces, first enable Frame Relay encapsulation on the physical interface. Then create a multipoint subinterface and assign an IP address and bandwidth. Create static mappings between IP addresses and DLCIs using the frame-relay map command.
68
What is IPSEC?
a framework of open standards that can provide security for a VPN. The IPsec framework is algorithm-independent and is not bound to any specific encryption, authentication, security algorithms, or keying technology
69
What are the 4 critical functions IPSEC provides?
confidentiality
data integrity
authentication
antireplay protection
70
what protocol does IPSEC use to authenticate peers?
IKE (internet key exchange)
71
What are the headers a tunnel interface supports?
A passenger protocol or encapsulated protocol such as IPv4 or IPv6. This protocol is the one that is being encapsulated.
A carrier or encapsulation protocol (GRE, in this case).
A transport delivery protocol, such as IP, which is the protocol that carries the encapsulated protocol.
72
What is GRE?
Generic Routing Encapsulation. Tunneling protocol that was developed by Cisco and that can encapsulate a variety of protocol packet types inside IP tunnels. This process creates a virtual point-to-point link to Cisco routers at remote points over an IP network.
73
steps necessary to configure a GRE tunnel
Branch(config)#interface Tunnel 0
Branch(config-if)#tunnel mode gre ip
Branch(config-if)#ip address 192.168.2.1 255.255.255.0
Branch(config-if)#tunnel source 209.165.201.1
Branch(config-if)#tunnel destination 209.165.202.130
74
When adding a GRE tunnel to an OSPF routing process, what additional step is required?
set the bandwidth to ensure proper routing metrics
75
Command to verify a GRE tunnel state
show interface tunnel *tunnel#*
