Sei sulla pagina 1di 92

Category Building a Simple Network

What is a network?
"A network is a collection of devices and end systems.
Networks consist of computers, servers, and network devices, such as switches an
d routers, that can communicate with each other."
What are the four major categories of physical components of a computer network?
"- Personal computers (PCs): Send and receive data and are the endpoints of the
network.
- Interconnections: The components that provide a means for data to travel acros
s the network. This includes network interface cards (NIC), network media, and c
onnectors.
- Switches: Provide network access for the PCs.
- Routers: Interconnect networks."
What are the four major resources that are shared on a computer network?
"The four major resources that are shared on a computer network are as follows:
- Data and applications: Consist of computer data and network-aware applications
such as e-mail
- Resources: Include input and output devices such as cameras and printers
- Network storage: Consists of directly attached storage devices (physical stora
ge that is directly attached to a computer and a shared server), network attache
d storage, and storage area networks
- Backup devices: Can back up files and data from multiple computers"
What are the most common network user applications on today's networks? "The mos
t common network user applications on today's networks are as follows:
- E-mail
- Web browsers
- Instant messaging
- Collaboration
- Databases"
List three categories of network applications.
Three categories of network applications are as follows:
Batch applications: Examples are FTP and TFTP. They are started by a human and c
omplete with no other interaction.
Interactive applications: Include database updates and queries. A person request
s data from the server and waits for a reply. Response time depends more on the
server than the network.
Real-time applications: Include VoIP and video. Network bandwidth is critical be
cause these applications are time critical. Quality of service (QoS) and suffici
ent network bandwidth are mandatory for these applications."
What are two types of network-monitoring software?
"Two types of network-monitoring software are as follows:
Protocol analyzers: Capture network packets between computers and decode the pac
kets so that one can view what is occurring during transmission
Sniffers: Work like a wiretap and allow you to not only observe communication be
tween computers but also view what is being transmitted"
When describing the characteristics of a network, what does speed refer to?
Speed refers to how fast data is transmitted over the network.
When describing the characteristics of a network, what does cost refer to?
Cost refers to the general cost of network components, installation, and mainten
ance.
When describing the characteristics of a network, what does security refer to?
Security refers to how secure the network and network data are.
When describing the characteristics of a network, what does availability refer t
o?
"Availability is the measure of the likelihood that the network will be availabl
e for use when required.
Network availability can be calculated using the following formula, which calcul
ates the minutes of downtime compared to the number of minutes in a year:
([525,600 [ms] Minutes downtime]/[525,600]) * 100"
Your CEO wants to know the stability and availability of your company's network
for the past year. During the past year, the network was down for 30 minutes. Wh
at was the total availability for the network? "99.994%.
([525,600 [ms] 30]/[525,600]) * 100 = 99.994%"
When describing the characteristics of a network, what does scalability refer to
? Scalability refers to how well the network can accommodate more users an
d more data.
When describing the characteristics of a network, what does reliability refer to
? Reliability refers to the dependability of the devices that make up the
network (switches, routers, PCs, servers, and so on).
What is the difference between the physical and logical network topology?
"Physical topology defines the physical components of the network: cables, netwo
rk devices, and computers.
Logical topology defines the data path of the network."
What are three common methods (technologies) used to connect to the Internet?
Three common methods (technologies) used to connect to the Internet are digital
subscriber line (DSL), cable, and serial.
What are the five classes of network attacks? "The five classes of network att
acks are as follows:
- Passive: Include capturing and monitoring unprotected communication and captur
ing passwords. The attacker gains access to information or data without the cons
ent or knowledge of users.
- Active: Actively try to break or bypass security devices, introduce malicious
code, and steal and modify data.
- Close-in: Occur when an individual attains close physical proximity to network
s or facilities with the intent of gathering or changing data.
- Insider: Occur from authorized users inside a network. They can be either mali
cious or nonmalicious.
- Distribution: Focus on the malicious changes to hardware or software at the fa
ctory or during distribution to introduce the malicious code to unsuspecting use
rs."
A hacker monitors traffic on an unencrypted e-business website, and captures con
sumer login information to the website. What type of attack is this? This is
a passive attack.
Parked across the street with his Pringles-can antenna in hand, a hacker capture
s wireless data to crack the wireless key on a company's network. Why type of ne
twork attack is this? "This is a close-in and passive attack.
It is passive because the hacker is monitoring and gathering data. It is also cl
ose-in because the hacker had to gain close proximity to the company's wireless
network to capture the wireless data."
What are the four steps of the Cisco security wheel? "The four steps of the C
isco security wheel are as follows:
- Step 1: Secure
- Step 2: Monitor
- Step 3: Test
- Step 4: Improve"
What are reconnaissance network attacks? "Reconnaissance attacks are atta
cks that gather information about the target.
Types of attacks include sniffers, ping sweeps, port scans, and Internet Domain
Name System (DNS) queries."
Define access attacks. Access attacks exploit known web services, databases, op
erating systems, and authentication services.
List five types of access attacks. "Five types of access attacks are as fol
lows:
- Password attacks
- Trust exploitation
- Port redirection
- Man-in-the-middle attacks
- Buffer overflow"
What are some ways to mitigate password attacks? "Some ways to mitigate p
assword attacks are as follows:
- Disable accounts after a specific number of unsuccessful login attempts.
- Do not use plain-text passwords.
- Do not allow users to share the same password on different systems.
- Use strong passwords."
Why should you use Secure Shell (SSH) instead of Telnet to manage your Cisco dev
ices? Telnet sends all data in clear text, including passwords. SSH encrypts a
ll data, ensuring that passwords and session data are secured.
What are six reasons the OSI reference model was created? "Six reasons tha
t the OSI reference model was created are as follows:
- To ensure that different vendors' products can work together
- To create standards to enable ease of interoperability by defining standards f
or the operations at each level
- To clarify general functions of internetworking
- To divide the complexity of networking into smaller, more manageable sublayers
- To simplify troubleshooting
- To enable developers to modify or improve components at one layer without havi
ng to rewrite an entire protocol stack"
What are the seven layers of the OSI reference model? Include the layer number a
nd name of each layer in your answer. "The seven layers of the OSI reference m
odel are as follows:
- Layer 7: Application layer
- Layer 6: Presentation layer
- Layer 5: Session layer
- Layer 4: Transport layer
- Layer 3: Network layer
- Layer 2: Data link layer
- Layer 1: Physical layer"
What is the function of the OSI model's physical layer (Layer 1)? Give some exam
ples of physical layer implementations. The physical layer defines the physical
medium. It defines the media type, the connector type, and the signaling type (b
aseband versus broadband). This includes voltage levels, physical data rates, an
d maximum cable lengths. The physical layer is responsible for converting frames
into electronic bits of data, which are then sent or received across the physic
al medium. Twisted-pair, coaxial, and fiber-optic cable operate at this level. O
ther implementations at this layer are repeaters/hubs.
What is the responsibility of the data link layer (Layer 2)? "The data link l
ayer defines how data is formatted from transmission and how access to the physi
cal media is controlled. This layer also typically includes error correction to
ensure reliable delivery of data.
The data link layer translates messages from the network layer into bits for the
physical layer, and it enables the network layer to control the interconnection
of data circuits within the physical layer. Its specifications define different
network and protocol characteristics, including physical addressing, error noti
fication, network topology, and sequencing of frames.
Data-link protocols provide the delivery across individual links and are concern
ed with the different media types, such as 802.2 and 802.3. The data link layer
is responsible for putting 1s and 0s into a logical group. These 1s and 0s are t
hen put on the physical wire. Some examples of data link layer implementations a
re IEEE 802.2/802.3, IEEE 802.5/802.2, packet trailer (for Ethernet, frame check
sequence [FCS], or cyclic redundancy check [CRC]), Fiber Distributed Data Inter
face (FDDI), High-Level Data Link Control (HDLC), and Frame Relay."
The Institute of Electrical and Electronics Engineers (IEEE) defines what two su
blayers of the data link layer? "The IEEE defines the following two sublayers of
the data link layer:
- The Logical Link Control (LLC) sublayer
- The Media Access Control (MAC) sublayer
These two sublayers provide physical media independence."
For what is the Logical Link Control (LLC) sublayer responsible? "The Log
ical Link Control (802.2) sublayer is responsible for identifying different netw
ork layer protocols and then encapsulating them to be transferred across the net
work.
Two types of LLC frames exist: Service access point (SAP) and Subnetwork Access
Protocol (SNAP). An LLC header tells the data link layer what to do with a packe
t after it is received."
What functions does the Media Access Control (MAC) sublayer provide? "The MAC
sublayer specifies how data is placed and transported over the physical wire. I
t controls access to the physical medium.
The LLC sublayer communicates with the network layer, but the MAC sublayer commu
nicates downward directly to the physical layer. Physical addressing (MAC addres
ses), network topologies, error notification, and delivery of frames are defined
at the MAC sublayer."
What are some network devices that operate at the data link layer? "Bridges
and switches operate at the data link layer.
Both devices make decisions about what traffic to forward or drop (filter) by MA
C addresses, and logical network address are not used at this layer. Data link l
ayer devices assume a flat address space."
Describe the function of the network layer (Layer 3). Give some examples of netw
ork layer implementations. "The network layer provides internetwork routing
and logical network addresses. It defines how to transport traffic between devi
ces that are not locally attached.
The network layer also supports connection-oriented and connectionless service f
rom higher-layer protocols.
Routers operate at the network layer. IP, Internetwork Packet Exchange (IPX), Ap
pleTalk, and Datagram Delivery Protocol (DDP) are examples of network layer impl
ementations."
Are network layer addresses physical or logical? "Network layer addresses
are logical.
These addresses are logical addresses that are specific to the network layer pro
tocol being run on the network. Each network layer protocol has a different addr
essing scheme. They are usually hierarchical and define networks first and then
hosts or devices on that network. An example of a network address is an IP addre
ss, which is a 32-bit address often expressed in decimal format. An example of a
n IP address in decimal format is 192.168.0.1."
What is the transport layer (Layer 4) responsible for? Give some examples of tra
nsport layer implementations. "The transport layer segments and reassembles da
ta from upper-layer applications into data streams. It provides reliable data tr
ansmission to upper layers.
End-to-end communications, flow control, multiplexing, error detection and corre
ction, and virtual circuit management are typical transport layer functions. Som
e examples include TCP, User Datagram Protocol (UDP), and Sequenced Packet Excha
nge (SPX)."
What is flow control, and what are the three methods of implementing it?
"Flow control is the method of controlling the rate at which a computer sends da
ta, thus preventing network congestion.
The three methods of implementing flow control are as follows:
- Buffering
- Source-quench messages (congestion avoidance)
- Windowing"
What are the functions of the session layer (Layer 5)? Give some examples.
"The session layer is responsible for creating, managing, and ending communicati
on sessions between presentation layer entities.
These sessions consist of service requests and responses that develop between ap
plications located on different network devices. Some examples include Structure
d Query Language (SQL), remote-procedure call (RPC), X Window System, Zone Infor
mation Protocol (ZIP), NetBIOS names, and AppleTalk ASP."
In the OSI model, what are the responsibilities of the presentation layer (Layer
6)? Give some examples of this layer. "Also known as the translator, the prese
ntation layer provides coding and conversion functions to application layer data
. This guarantees that the application layer on one system can read data transfe
rred from the application layer of a different system. Some examples of the pres
entation layer are as follows:
- Compression, decompression, and encryption
- JPEG, TIFF, GIF, PICT, QuickTime, MPEG, EBCDIC, and ASCII file types"
What does the application layer (Layer 7) of the OSI model do, and what are some
examples of this layer? "The application layer is the layer that is clos
est to the user. This means that this layer interacts directly with the software
application. The application layer's main function is to identify and establish
communication partners, determine resource availability, and synchronize commun
ication. Some examples include the following:
- TCP/IP applications such as Telnet, FTP, Simple Mail Transfer Protocol (SMTP),
and HTTP
- OSI applications such as Virtual Terminal Protocol; File Transfer, Access, and
Management (FTAM); and Common Management Information Protocol (CMIP)"
How do the different layers of the OSI model communicate with each other?
"Each layer of the OSI model can communicate only with the layer above it, below
it, and parallel to it (a peer layer).
For example, the presentation layer can communicate with only the application la
yer, session layer, and presentation layer on the machine it is communicating wi
th. These layers communicate with each other using service access points (SAP) a
nd protocol data units (PDU). The SAP is a conceptual location at which one OSI
layer can request the services of another OSI layer. PDUs control information th
at is added to the user data at each layer of the model. This information reside
s in fields called headers (the front of the data field) and trailers (the end o
f the data field)."
What is data encapsulation? "Encapsulation wraps data with the necessary pro
tocol information before network transmission.
A PDU can include different information as it goes up or down the OSI model. It
is given a different name according to the information it is carrying (the layer
where it is located). When the transport layer receives upper-layer data, it ad
ds a TCP header to the data; this is called a segment. The segment is then passe
d to the network layer, and an IP header is added; thus, the data becomes a pack
et. The packet is passed to the data link layer, thus becoming a frame. This fra
me is then converted into bits and is passed across the network medium. This is
data encapsulation. For the ICND test, you should know the following:
- Application layer: Data
- Transport layer: Segment
- Network layer: Packet
- Data link layer: Frame
- Physical layer: Bits"
What are the four layers of the TCP/IP stack? "The four layers of the TCP/IP s
tack are as follows:
- Application
- Transport
- Internet
- Network Access"
On what layer are physical data rates, connectors, and MAC addresses located in
the TCP/IP stack? Physical data rates, connectors, and MAC addresses are l
ocated on the network access layer.
What are some protocols that operate at the TCP/IP Internet layer? "Some pr
otocols that operate at the TCP/IP Internet layer are as follows:
- IP
- ICMP (Internet Control Message Protocol)
- ARP (Address Resolution Protocol)
- RARP (Reverse Address Resolution Protocol)"
What is the Internet Protocol (IP)? "IP is a connectionless protocol that pr
ovides best-effort delivery routing of packets.
IP has the following characteristics:
- Operates at Layer 3 of the Open Systems Interconnection (OSI) (network) and TC
P/IP (Internet) model
- Is connectionless
- Uses hierarchical addressing
- Provides best-effort delivery of packets
- Has no built-in data recovery" Understanding TCP/IP
What is an IP address used for? An IP address uniquely identifies a device on an
IP network. Understanding TCP/IP
How many bits are in an IPv4 address? In an IPv6 address? "IPv4: 32 bits
IPv6: 128 bits" Understanding TCP/IP
An IP address is a hierarchical address that consists of what two parts?
"An IP address is a hierarchical address that consists of the following two part
s:
- Network ID: Describes the network to which the IP address or device belongs
- Host ID: The ID that identifies a specific host" Understanding TCP/IP
What are the different classes of IP addressing and the address ranges of each c
lass? "The different classes of IP addressing and their ranges are as follows:
- Class A: 1.0.0.0 to 126.255.255.255
- Class B: 128.0.0.0 to 191.255.255.255
- Class C: 192.0.0.0 to 223.255.255.255
- Class D: 224.0.0.0 to 239.255.255.255 (Multicasting)
- Class E: 240.0.0.0 to 255.255.255.254 (Reserved)" Understanding TCP/IP
What does RFC 1918 define? "RFC 1918 defines reserved (private) networks an
d addresses that are not routed on the Internet.
These addresses are as follows:
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255
- 192.168.0.0 to 192.168.255.255" Understanding TCP/IP
If an IP wants to communicate with all devices on the local network, what is the
destination IP address of its broadcast? "255.255.255.255.
This address is also called the local broadcast address." Understanding TC
P/IP
What is special about IP address 127.0.0.1? "127.0.0.1 is the loopback addre
ss.
The loopback address lets the host send a message to itself to see whether TCP/I
P was properly bounded to the network card." Understanding TCP/IP
In a Class A network, how many octets are used for host addresses? 3. One o
ctet consists of 8 bits; thus a Class A network reserves 24 bits for host addres
ses. The maximum number of hosts a Class A network can have is 16,777,214 (224 [
ms] 2). Understanding TCP/IP
How many hosts are available for use in a Class B network? 65,534. A Class
B network reserves 16 bits for host addresses; thus 216 [ms] 2 = 65,534.
Understanding TCP/IP
How many hosts are available for use in a Class C network? 254. A Class C n
etwork reserves 8 bits for host addresses. Thus 28 [ms] 2 = 254. Understa
nding TCP/IP
What is DHCP? Dynamic Host Configuration Protocol (DHCP) allows a host to obta
in an IP address automatically and to set TCP/IP stack configuration parameters
such as subnet mask, default gateway, and DNS addresses. Understanding TC
P/IP
What is DNS? "The Domain Name System (DNS) converts names into IP addresses.
Instead of having to remember a host's IP address, DNS allows you to use a frien
dly name to access the host. For example, it is easier to remember http://www.ci
sco.com than 198.133.219.25." Understanding TCP/IP
On a Windows XP computer, what command can you use to view the IP information as
signed to the PC? ipconfig. Understanding TCP/IP
On a Windows XP computer, what commands do you use to release an IP address obta
ined from DHCP and request a new address? "To release the IP address: ipco
nfig /release
To request a new address: ipconfig /renew" Understanding TCP/IP
What two protocols function at the transport layer of the TCP/IP model? "Two pro
tocols that function at the transport layer of the TCP/IP model are as follows:
- TCP (Transmission Control Protocol): A connection-oriented, reliable protocol
- UDP (User Datagram Protocol): A connectionless and unacknowledged protocol"
Understanding TCP/IP
Which has more overhead, UDP or TCP? TCP. Because UDP segments are not acknow
ledged, they do not carry the overhead that TCP does, thus allowing faster trans
missions and greater efficiency. Understanding TCP/IP
What are the protocol numbers for TCP and UDP? "TCP: 6
UDP: 17" Understanding TCP/IP
What is reliable versus best-effort delivery? Reliable delivery is connection
oriented, and best-effort is connectionless. Understanding TCP/IP
What are TCP and UDP port numbers? To pass information (such as e-mail) to
upper layers, TCP and UDP use port numbers. These port numbers are predefined an
d keep track of different conversations among different hosts at the same time.
Originating source port numbers are dynamically assigned by the source host usin
g a number in the range of 49,152 to 65,535. Understanding TCP/IP
What are well-known port numbers? Well-known port numbers are used for fun
damental applications on the Internet such as e-mail and DNS. They have a range
from 1 to 1023. Understanding TCP/IP
What is the port number for SMTP? 25. Understanding TCP/IP
What is the port number for DNS? 53. Understanding TCP/IP
What are the port numbers for FTP? "20 and 21.
FTP uses port 20 for data transfer; port 21 is the command port." Understa
nding TCP/IP
What is the port number for TFTP? 69. Understanding TCP/IP
What is the port number for Telnet? 23. Understanding TCP/IP
What is a socket? "A socket is an IP address combined with a TCP or UDP po
rt number.
When a host wants to talk to another host, it sends its IP address along with th
e application (port number) it wants to communicate with. For example, if host 1
92.168.0.3 wants to talk to host 192.168.0.2 by e-mail, host 192.168.0.3 sends i
ts IP address and destination port number (192.168.0.3:1023) to host 192.168.0.2
with the port number it wants to communicate with (192.168.0.2:25)." Understa
nding TCP/IP
What are the three mechanisms TCP uses to accomplish a connection-oriented conne
ction? "The three mechanisms TCP uses to accomplish a connection-oriented conne
ction are as follows:
- Packet sequencing
- Acknowledgments, checksums, and timers
- Windowing" Understanding TCP/IP
What are the steps for the TCP three-way handshake? "The steps for the TCP t
hree-way handshake are as follows:Step 1. The source host sends a SYN to t
he destination host.
Step 2. The destination host replies to the source with an ACK. At the same time
, it sends a SYN to the source host.
Step 3. The source host replies with an ACK." Understanding TCP/IP
What is the purpose of flow control? "Flow control provides a mechanism for t
he receiver to control the transmission speed.
TCP implements flow control by using the SYN and ACK fields in the TCP header, a
long with the Window field. The Window field is a number that implies the maximu
m number of unacknowledged bytes allowed outstanding at any time." Understa
nding TCP/IP
What is a TCP window? A TCP window is the amount of data that can be sent befo
re an acknowledgment is required. Understanding TCP/IP
What is the purpose of a three-way handshake? The three-way handshake initiate
s communication by establishing an initial sequence number and window size.
Understanding TCP/IP
What is the purpose of TCP sequencing? The purpose of sequencing is to provide
reliability by requiring the recipient to acknowledge receipt of a group of segm
ents before a timer expires. Understanding TCP/IP
What fields are included in the TCP header? "The fields included in the TCP
header are as follows:
- Acknowledgment Number
- Sequence Number
- Source/Destination Port
- Window Size
- TCP Checksum" Understanding TCP/IP
What is an example of a Layer 2 address? "MAC address.
MAC addresses are assigned to end devices and are used for communication over th
e local network. MAC addresses are hard-coded into the network card." Understa
nding TCP/IP
What is the Address Resolution Protocol (ARP)? ARP is used to resolve a known I
P address to a MAC address. For a host to communicate with another host, it must
know the MAC address of the destination host (if they are on the same network)
or next-hop router. This is the reason for ARP. Understanding TCP/IP
What is the ARP table? "The ARP table stores the reference of each known IP add
ress to its MAC address.
The ARP table is created and maintained dynamically." Understanding TCP/IP
What is the purpose of the default gateway? "The default gateway allows host
s to communicate to hosts that are on a different network (segment).
All data that is not destined for the same network is sent to the default gatewa
y for delivery." Understanding TCP/IP
A host computer has been correctly configured with a static IP address, but the
default gateway is incorrect. Which layer of the OSI model is first affected by
this misconfiguration? "Layer 3.
The default gateway sends IP packets to a remote network and functions at Layer
3 of the OSI model." Understanding TCP/IP
What three configuration settings does a host on a TCP/IP network require to com
municate with hosts on a remote TCP/IP network? "The configuration settings are
as follows:
- IP address
- Subnet mask
- Default gateway address" Understanding TCP/IP
You want to test TCP/IP connectivity between two hosts. What IP tool can you use
to do this? "Ping. Ping is a tool that is part of IP that sends Internet Con
trol Message Protocol (ICMP) packets to test network layer connectivity between
two hosts. Ping sends an ""echo request"" packet to the target host and listens
for an ICMP ""echo response.""" Understanding TCP/IP
What two utilities test IP connectivity? "Ping and traceroute (tracert).
Ping and traceroute are ICMP utilities. ICMP can test only Layer 3 connectivity.
" Understanding TCP/IP
List four functions of ICMP. "Four functions of ICMP are as follows:
- Flow control
- Detect unreachable destinations
- Redirect routes
- Check remote hosts" Understanding TCP/IP
"While troubleshooting a computer with network connectivity problems, you notice
steady link lights on both the computer and the switch port the computer is con
nected to. However, when you issue the ping command from the computer, you recei
ve a ""Request timed out"" message. On what layer of the OSI model does the prob
lem most likely exist?" "The network layer.
Because the link lights on the computer network interface card (NIC) and worksta
tion port are on, the physical connection is working properly. Because you are g
etting a ""Request timed out"" message, the problem most likely resides at the n
etwork layer." Understanding TCP/IP
What are local-area networks? "Local-area networks (LANs) are high-speed, low-
error data networks that cover a small geographic area.
LANs are usually located in a building or campus and do not cover a large distan
ce. They are relatively inexpensive to develop and maintain. LANs connect comput
ers, printers, terminals, and other devices in a single building or a limited ar
ea." Understanding Ethernet
What are LAN standards? "LAN standards define the physical media and connectors
used to connect to the media at the physical layer and the way devices communica
te at the data link layer.
LAN standards encompass Layers 1 and 2 of the OSI model. Examples of LAN standar
ds are Ethernet and IEEE 802.3." Understanding Ethernet
What functions does the Media Access Control (MAC) sublayer provide? "The MAC
sublayer specifies how data is placed and transported over the physical wire.
It controls access to the physical medium. The LLC sublayer communicates with th
e network layer, but the MAC sublayer communicates downward directly to the phys
ical layer. Physical addressing (MAC addresses), network topologies, error notif
ication, and delivery of frames are defined at this sublayer." Understanding Et
hernet
What does the LLC sublayer do? "The Logical Link Control (802.2) sublayer is re
sponsible for identifying different network layer protocols and then encapsulati
ng them to be transferred across the network.
Two types of LLC frames exist: service access points (SAP) and Subnetwork Access
Protocol (SNAP). An LLC header tells the data link layer what to do with a pack
et after it is received." Understanding Ethernet
What do the Ethernet and IEEE 802.3 standards define? "The Ethernet and IEEE 8
02.3 standards define a bus-topology LAN that operates at a baseband signaling r
ate of 10 Mbps, referred to as 10BASE. Within the Ethernet standards are protoco
l specifications that define the transmission medium and access. The following t
hree protocol specifications exist:
- 10BASE2: Known as thin Ethernet, this specification uses thin coaxial cable as
its medium and provides access for multiple stations on the same segments.
- 10BASE5: Called thick Ethernet, this specification uses a thick coaxial cable
as its medium. The maximum segment length of 10BASE5 is over twice that of 10BAS
E2.
- 10BASE-T: This specification provides access for a single station only, so all
stations connect to a switch or hub. The physical topology of 10BASE-T is that
of a star network. It uses unshielded twisted-pair (UTP) cable Category 3, 4, 5,
and 5e as its network medium." Understanding Ethernet
Define the Fast Ethernet standard. "The Ethernet standard that defines Fast
Ethernet is IEEE 802.3u. This standard raises the speed of the Ethernet standar
d of 10 Mbps to 100 Mbps with only minimal changes to the existing cable structu
re. The Fast Ethernet standard defines different protocol specifications dependi
ng of the physical medium used. The following are the four different Fast Ethern
et specifications:
- 100BASE-FX: Uses two strands of multimode fiber-optic cable as its medium and
has a maximum segment length of 400 meters.
- 100BASE-T: Defines UTP as its medium and has a maximum segment length of 100 m
eters.
- 100BASE-T4: Uses four pairs of Cat 3 to 5 UTP as its medium. It maximum segmen
t length is 100 meters.
- 100BASE-TX: Specifies two pairs of UTP or shielded twisted-pair (STP) cable as
its medium with a maximum segment distance of 100 meters." Understanding Et
hernet
What does BASE mean in 10BASE-T and 100BASE-T? BASE in 10BASE-T and 100BASE-T r
efers to the baseband signaling method. Baseband is a network technology in whic
h only one carrier frequency is used. This means that when a device transmits, i
t uses the entire bandwidth on the wire and does not share it. Ethernet defined
baseband technology. Understanding Ethernet
What is Gigabit Ethernet? Gigabit Ethernet is an extension of the IEEE 802
.3 Ethernet standard. It increases the speed of the Ethernet protocol to 1000 Mb
ps, or 1 Gbps. IEEE 802.3z specifies Gigabit over fiber, and IEEE 802.3ab specif
ies Gigabit over twisted-pair cable. Understanding Ethernet
What is carrier sense multiple access collision detect (CSMA/CD)? "CSMA/CD
describes the Ethernet access method.
In CSMA/CD, many stations can transmit on the same cable, and no station has pri
ority over any other. Before a station transmits, it listens on the wire (carrie
r sense) to make sure that no other station is transmitting. If no other station
is transmitting, the station transmits across the wire. If a collision occurs,
the transmitting stations detect the collision and run a backoff algorithm. The
backoff algorithm is a random time that each station waits before retransmitting
." Understanding Ethernet
What are the three ways LAN traffic is transmitted? "LAN traffic is transmit
ted one of the following three ways:
- Unicast: Unicasts are the most common type of LAN traffic. A unicast frame is
a frame intended for only one host.
- Broadcast: Broadcasts frames intended for everyone. Stations view broadcast fr
ames as public service announcements. All stations receive and process broadcast
frames.
- Multicast: Multicasts are traffic in which one transmitter tries to reach only
a subset, or group, of the entire segment." Understanding Ethernet
How many bits are in an Ethernet address? 48. Also called a MAC address, a
n Ethernet address is the Layer 2 address associated with the Ethernet network a
dapter. Typically burned into the adapter, the MAC address is usually displayed
in a hexadecimal format, such as 00-0d-65-ac-50-7f. Understanding Ethernet
What portion of the MAC address is vendor specific? "The first half or first
24 bits of the MAC address are vendor specific.
A MAC address is 48 bits and is displayed in hexadecimal. The first half of the
address identifies the vendor or manufacturer of the card. This is called the Or
ganizational Unique Identifier (OUI). The last half of the address identifies th
e card address." Understanding Ethernet
What portion of the MAC address is vendor assigned? The last 24 bits are ven
dor assigned. Understanding Ethernet
What is UTP cabling? "Unshielded twisted-pair (UTP) cabling is a type of twis
ted-pair cable that relies solely on the cancellation effects produced by the tw
isted wire pairs to limit electromagnetic interference (EMI) and radio frequency
interference (RFI).
UTP cable is often installed using an RJ-45 connector, and UTP cabling must foll
ow precise specifications dictating how many twists are required per meter of ca
ble. The advantages of UTP are ease of installation and low cost. A disadvantage
of UTP is that it is more prone to EMI than other types of media." Understa
nding Ethernet
What is the difference between STP and UTP cable? Shielded twisted-pair (S
TP) cable combines the twisting techniques of UTP, but each pair of wires is wra
pped in a metallic foil. The four pairs of wires are then wrapped in a metallic
braid or foil. STP reduces electrical noise and EMI. STP is installed with an ST
P data connector but can also use an RJ-45 connector. An advantage of STP is tha
t it is more resistant to outside interference; a disadvantage is that it is mor
e expensive and difficult to install. Understanding Ethernet
What is the maximum cable length for STP? 100 meters or 328 feet. Understa
nding Ethernet
What is the maximum cable length for UTP? 100 meters or 328 feet. Understa
nding Ethernet
What is a straight-through Ethernet cable, and when would you use it? "A strai
ght-through Ethernet cable is wired the same way at both ends. This cable uses p
ins 1, 2, 3, and 6. The send and receive wires are not crossed.
You should use a straight-through Ethernet cable when connecting dissimilar devi
ces (for example, data terminal equipment [DTE] to data communications equipment
[DCE]). Examples include connecting PCs (DTE) to switches or hubs (DCE) or a ro
uter (DTE) to a switch or a hub (DCE)." Understanding Ethernet
What is a crossover Ethernet cable, and when would you use it? "A crossover Eth
ernet cable is a cable that has the send and receive wires crossed at one of the
ends. In a Category 5 cable, the 1 and 3 wires are switched and the 2 and 6 wir
es are switched at one end of the cable.
You should use a crossover cable when connecting similar devices (DCE to DCE), s
uch as connecting a router to a router, a switch to a switch or hub, a hub to a
hub, or a PC to a PC." Understanding Ethernet
Describe the difference between physical network topology and logical network to
pology. Physical topologies refer to the physical layout of devices and network
media. Logical topologies refer to the logical paths in which data accesses the
media and transmits packets across it. LAN Network Topologies
What are the five types of physical topologies implemented in today's networks?
"The five types of physical topologies implemented in today's networks are as fo
llows:
- Bus
- Ring
- Star
- Extended star
- Mesh" LAN Network Topologies
What physical network topology connects all devices to one cable? "Bus top
ology.
A bus topology connects all devices to a single cable. This cable connects one c
omputer to another. In a logical bus topology, only one packet can be transmitte
d at a time." LAN Network Topologies
Describe a star and extended star physical topology. "Star and extended star
physical topologies are made of a central connection point, such as a hub or swi
tch, where all cable segments connect. A star topology resembles spokes in a bic
ycle wheel and is the network topology of choice in Ethernet networks.
When a star network is expanded to include additional network devices that conne
ct to a main center network device, it is called an extended star topology."
LAN Network Topologies
Describe a ring topology. "In a ring topology, all hosts and devices are c
onnected in the form of a ring or circle. The following two types of ring networ
ks exist:
- Single-ring: In a single-ring network, all devices share a single cable and da
ta travels in one direction. Each device waits its turn to send data over the ne
twork.
- Dual-ring: A dual-ring network has a second ring to add redundancy and allows
data to be sent in both directions." LAN Network Topologies
What physical network topology connects all devices to each other? A mesh n
etwork topology connects all devices to each other for fault tolerance and redun
dancy. LAN Network Topologies
What is the difference between a mesh and a partial-mesh topology? A full-m
esh topology connects all nodes to one another for full redundancy. In a partial
-mesh, at least one node maintains multiple connections to all other devices.
LAN Network Topologies
What is the logical topology of Ethernet? Bus. Ethernet uses a logical bus
topology and either a physical bus or star topology. LAN Network Topologies
What do wireless networks use to communicate to end devices? Radio frequency
(RF) or infrared waves. LAN Network Topologies
In wireless LANs (WLANs), what distributes the wireless signal? "Access points (
AP) or a wireless hub.
APs or wireless hubs distribute the wireless signal, and nodes receive the wirel
ess signal through a wireless adapter card." LAN Network Topologies
What are two types of Layer 1 network devices? "Two types of Layer 1 network de
vices are as follows:
- Repeaters: Regenerate and retime network signals, amplifying them to allow the
signal to travel a longer distance on a network media.
- Hubs: Known as a multiple-port repeaters, hubs also regenerate and retime netw
ork signals. The main difference between a hub and a repeater is the number of c
ables that connect to the device. A repeater typically has 2 ports, whereas a hu
b has from 4 to 48 ports." LAN Network Topologies
What are some network devices that operate at the data link layer (Layer 2)?
"Bridges and switches are network devices that operate at the data link layer. B
oth devices make decisions about what traffic to forward or drop (filter) by MAC
addresses, and logical network addresses are not used at this layer. Data link
layer devices assume a flat address space.
Typically, a bridge is designed to create two or more LAN segments and is softwa
re implemented.
A switch is a hardware version of a bridge, but that has many more ports than a
bridge, and is designed to replace a hub while providing the filtering benefits
of a bridge." LAN Network Topologies
What is a LAN segment? "A LAN segment is a network connection made by a single
unbroken network cable.
Segments are limited by physical distance because, after a certain distance, the
data transmission becomes degraded because of line noise and the reduction of s
ignal strength." LAN Network Topologies
"What are the Ethernet segment distance limitations for the following?
- 100BASE-TX
- 100BASE-FX
- 1000BASE-T
- 1000BASE-LX
- 1000BASE-SX
- 1000BASE-CX" "The Ethernet segment distance limitations are as follows:
- 100BASE-TX: 100 meters
- 100BASE-FX: 400 meters
- 1000BASE-T: 100 meters
- 1000BASE-LX: 550 meters for multimode fiber, 10 km for single-mode fiber
- 1000BASE-SX: 250 meters for multimode fiber, 550 meters for single-mode fiber
- 1000BASE-CX: 25 meters" LAN Network Topologies
What devices can you use to extend a LAN segment? "To extend a LAN segment
, you can use the following devices:
- Hubs
- Repeaters
- Bridges
- Switches" LAN Network Topologies
How do collisions occur in Ethernet? Collisions occur on a shared LAN segment
when two devices try to communicate at the same time. In a shared Ethernet segm
ent, only one device can transmit on the cable at a time. When two devices try t
o transmit at the same time, a collision occurs. LAN Network Topologies
What are collision domains? "A collision domain defines a group of devices c
onnected to the same physical medium.
A collision occurs when two packets are sent at the same time and collide with e
ach other. When a collision occurs, a jam signal is sent from a workstation. A c
ollision affects all the machines on the segment, not just the two that collided
; when the jam signal is on the wire, no workstations can transmit data. The mor
e collisions that occur in a network, the slower it will be, because the devices
must resend the packets that collided." LAN Network Topologies
What happens when you segment the network with hubs/repeaters? "Because hubs an
d repeaters operate at the physical layer of the OSI model, segmenting a network
with these devices appears as an extension to the physical cable.
Hubs and repeaters are transparent to devices; they are unintelligent devices. A
ll devices that connect to a hub/repeater share the same bandwidth. Hubs/repeate
rs create a single broadcast and collision domain." LAN Network Topologies
What is the advantage of segmenting a network with bridges/switches? Bridges/
switches operate at Layer 2 of the OSI model and filter by MAC address. Each por
t on a bridge/switch provides fully dedicated bandwidth and creates a single col
lision domain. Because bridges/switches operate at Layer 2 of the OSI model, the
y cannot filter broadcasts, and they create a single broadcast domain. LAN Netw
ork Topologies
What devices are used to break up collision domains? Switches, bridges, and r
outers are used to break up collision domains. They create more collision domain
s and fewer collisions. Each port on a bridge, switch, and router creates one co
llision domain. For example, if you have a switch with 24 ports, you have 24 sep
arate collision domains. LAN Network Topologies
In an attempt to extend your Ethernet segment, you add a 24-port hub. How many c
ollision domains will you have in the segment with the addition of the hub?
1. A hub only extends the network segment, and all devices share the same segmen
t bandwidth. As a result, a hub does not create more collision domains. LAN Netw
ork Topologies
In an attempt to extend your Ethernet segment you add a 24-port switch. How many
collision domains and broadcast domains will you have in the segment with the a
ddition of a switch? "24 collision domains and 1 broadcast domain.
Because switches operate at Layer 2 of the OSI model, they can divide the networ
k into different segments, thus creating more collision domains. Each port on a
switch creates one collision domain. Also, because a switch operates at Layer 2
of the OSI model, it cannot filter broadcasts. As such, a switched network will
have one broadcast domain." LAN Network Topologies
What are broadcast domains? A broadcast domain defines a group of devices th
at receive each other's broadcast messages. As with collisions, the more broadca
sts that occur on the network, the slower the network will be. This is because e
very device that receives a broadcast must process it to see whether the broadca
st is intended for that device. LAN Network Topologies
You install a 6-port router on your network. How many collision domains and broa
dcast domains will be created on the network with the addition of the 6-port rou
ter? "Six collision domains and six broadcast domains.
Each interface on a router creates a collision domain and a broadcast domain."
LAN Network Topologies
List four advantages that Layer 2 switches have over bridges. "Four advantages
that Layer 2 switches have over bridges are as follows:
- A high-speed backplane that enables multiple simultaneous conversations to occ
ur.
- Data-buffering capabilities that store and forward packets to the correct port
s or port.
- Higher port densities versus bridges.
- Lower latency than bridges. Layer 2 switches are implemented in hardware, allo
wing millions of bits per second to be transmitted at the same time." LAN Netw
ork Topologies
What is a broadcast storm? Broadcast storms occur when many broadcasts are
sent simultaneously across all network segments. They are usually caused by Laye
r 2 loops because of spanning tree failures, a bad network interface card (NIC),
a faulty network device, or a virus. LAN Network Topologies
What three major functions do Layer 2 switches provide? "The three major functio
ns that Layer 2 switches provide are as follows:
- Address learning
- Packet forwarding/filtering
- Loop avoidance with the Spanning Tree Protocol" LAN Network Topologies
What are the three switching methods (frame transmission modes) in Cisco Catalys
t switches? "The three frame operating modes to handle frame switching are a
s follows:
- Store-and-forward
- Cut-through
- Fragment-free" LAN Network Topologies
What is the Cisco Catalyst store-and-forward switching method? In the store-and
-forward switching method, the switch's incoming interface receives the entire f
rame before it forwards it. The switch computes the cyclic redundancy check (CRC
) to make sure that the frame is not bad. If the frame is good, the switch forwa
rds it. If the CRC is bad, the switch drops it. If the frame is a runt (less tha
n 64 bytes, including the CRC) or a giant (more than 1518 bytes, including the C
RC), the switch discards it. Because the switch stores the frame before forwardi
ng it, latency is introduced in the switch. Latency through the switch varies wi
th the size of the frame. LAN Network Topologies
What is the Cisco Catalyst cut-through switching method? In cut-through s
witching mode, the switch only checks the frame's destination address and immedi
ately begins forwarding the frame out the appropriate port. Because the switch c
hecks the destination address in only the header and not the entire frame, the s
witch forwards a collision frame or a frame that has a bad CRC. LAN Network Topo
logies
What is the Cisco Catalyst fragment-free switching method? Also known as mo
dified cut-through, fragment-free switching checks the first 64 bytes before for
warding the frame. If the frame is less than 64 bytes, the switch discards the f
rame. Ethernet specifications state that collisions should be detected during th
e first 64 bytes of the frame. By reading the first 64 bytes of the frame, the s
witch can filter most collisions, although late collisions are still possible.
LAN Network Topologies
What is an example of Layer 2 addresses? MAC addresses. LAN Network Topo
logies
What is an example of Layer 3 addresses? IP addresses. LAN Network Topo
logies
If a sending device does not know the MAC address of the receiving device, what
tool is used to find the MAC address? "Address Resolution Protocol (ARP).
ARP is a local broadcast sent to all devices on the local segment to find the MA
C address of a host." LAN Network Topologies
Host A wants to send data to host B. Host B is on a different segment from host
A. The two segments are connected to each other through a router. What happens t
o the MAC address of host A during data transit to host B? "Because host B
is on a different segment that is separated by a router, the MAC address of host
A will change. Anytime a frame passed through a router, a router rewrites the M
AC address to the MAC address of the router and then sends the frame to the loca
l host.
In this case, the router will change the MAC address of the frame sent from host
A. Host B will see that the frame came from the MAC address of the router with
the IP address of host A." LAN Network Topologies
What is the function of CSMA/CD algorithm in Ethernet technologies? Carrier
sense multiple access collision detect (CSMA/CD) defines how the Ethernet media
is accessed. LAN Network Topologies
What are six ways to configure a Cisco device? "Six ways to configure a Cisco d
evice are as follows:
- Console connection
- Auxiliary connection (through a modem)
- Telnet connection
- HTTP/HTTPS connection
- Secure Shell (SSH) Connection
- CiscoWorks" Operating Cisco IOS
What type of cable do you need to connect to a Cisco device's console port?
You need an RJ-45[nd]to[nd]RJ-45 rollover cable. A rollover cable is a cable tha
t has each pin wired to its opposite number at the other end. Operating Cisco
IOS
What are the console configuration settings needed to connect to a Cisco device'
s console port? "The console configuration settings needed to connect to a Cisco
device's console port are as follows:
- Speed: 9600 bits per second
- Data bits: 8
- Parity: None
- Stop bit: 1
- Flow control: None" Operating Cisco IOS
What two EXEC modes are supported in the Cisco IOS? "The two EXEC modes supp
orted in Cisco IOS are as follows:
- User EXEC mode (user mode)
- Privileged EXEC mode (enable or privileged mode)" Operating Cisco IOS
In IOS, what is user EXEC mode? "User EXEC mode is the first mode you enter when
you log in to the IOS. This mode is limited and is mostly used to view statisti
cs. You cannot change a router's configuration in this mode. By default, the gre
ater-than sign (>) indicates that you are in user mode. This is how the router p
rompt looks in user mode:
Router>" Operating Cisco IOS
In the IOS, what is privileged EXEC mode? "In privileged EXEC mode, you ca
n view and change the configuration in a router; you have access to all the rout
er's commands and the powerful debug commands.
To enter privileged mode, enter the enable command while in user mode. By defaul
t, the pound symbol (#) indicates that you are in privileged mode. This mode is
usually protected with a password. Here is an example of how to enter privileged
mode. You also see the output of the prompt:
Router>enable
Password:
Router#" Operating Cisco IOS
When you are in privileged EXEC mode, how do you return to user EXEC mode?
"You can return to user EXEC mode by using the disable IOS command. Here is an e
xample of using the disable command:
Router#disable
Router>" Operating Cisco IOS
What two types of context-sensitive help are available in the Cisco IOS?
"Word help and command syntax help.
Word help uses a question mark and identifies commands that start with a charact
er or sequence of characters. For example, the following router output shows the
use of word help for any IOS command that starts with the letters ""cl"":
Router#cl?
clear clock
Command syntax help is when you use a question mark after a command so that you
can see how to complete the command. For example:
Router#clock ?
set Set the time and date" Operating Cisco IOS
"You enter a command in EXEC mode and receive the following error:
% Ambiguous command:
What does this error mean?" """% Ambiguous command"" means that not enough c
haracters were entered for the IOS to recognize the command." Operating Cisco
IOS
"From EXEC mode, you issue the show ip command. After pressing Enter, you receiv
e the following error:
% Incomplete command
Why did you get this error?" "You received the error because you did not ente
r all the values or keywords that IOS requires for this command.
In this case, IOS does not know which ip command you want to view." Operatin
g Cisco IOS
"Upon entering a command in EXEC mode, you receive the following error:
% Invalid input detected at '^' marker
Why did you get this error?" "You received the ""% Invalid input detected at
'^' marker"" error because you entered the command incorrectly. For example, if
you entered sjow ip instead of show ip, you would receive this error." Operatin
g Cisco IOS
What are Cisco IOS global commands? Global configuration commands are comman
ds that affect the entire device. They can be executed only in global configurat
ion mode. Operating Cisco IOS
How do you enter global configuration mode? "To enter global configuration m
ode, you enter the config terminal command from privileged EXEC mode, as follows
:
Router#config terminal
Enter configuration commands, one per line. End with CTRL-Z.
Router(config)#" Operating Cisco IOS
"On a Cisco IOS device, name the enhanced editing commands that do the following
:
- Move the cursor to the beginning of the line
- Move the cursor to the end of the line
- Move the cursor forward one word
- Move the cursor forward one character
- Move the cursor back one character
- Erase a line" "The enhanced editing commands are as follows:
- Move the cursor to the beginning of the line: Ctrl-A
- Move the cursor to the end of the line: Ctrl-B
- Move the cursor forward one word: Esc-B
- Move the cursor forward one character: Ctrl-F
- Move the cursor back one character: Ctrl-B
- Erase a line: Ctrl-U" Operating Cisco IOS
What Cisco IOS command would you use to view a list of the most recently used co
mmands? "The show history command, by default, displays the last ten commands us
ed. You can also use the up-arrow key (or press Ctrl-P) to display the very last
command you entered and the down-arrow key (or press Ctrl-N) to display the pre
vious commands you entered. As you use the up- or down-arrow keys, you are scrol
ling through the history buffer. The following is an example of the show history
command:
Router#show history
en
show running-config
show history
enable
show version
show clock
show history
Router#" Operating Cisco IOS
Command history is enabled by default and records ten commands in its history bu
ffer for the current session. How do you edit the number of commands that are st
ored in the Cisco IOS device's history buffer? "To edit the number of command l
ines stored for the current session, use the terminal history [size number-of-li
nes] command in privileged EXEC mode.
For example, the following changes the history size to 20 lines:
Router#terminal history size 20" Operating Cisco IOS
How can an administrator determine whether a switch has been configured when it
is first powered up? An unconfigured switch goes into the setup dialog box.
Configuring a Cisco Switch
What are the two configuration modes in the Cisco Catalyst 2960 series switch IO
S? "The two configuration modes are global configuration and interface conf
iguration.
Global configuration configures global settings to the switch, such as IP addres
s or host name.
Interface configuration configures interface settings, such as port speed or dup
lex." Configuring a Cisco Switch
What can cause a switch to enter setup mode? "A switch enters setup mode if a
ny of the following occur:
- The switch is a new switch, with no previous configuration.
- No configuration is stored in NVRAM.
- The setup command was issued from the privileged mode prompt." Configur
ing a Cisco Switch
What IOS command is used to enter global configuration mode? To enter global
configuration mode, use the configure terminal command. Configuring a Cisco Swit
ch
What IOS command is used to enter interface configuration mode? "To enter interf
ace configuration mode, use the interface interface-id command.
To enter interface mode, you first need to be in global configuration mode. The
interface-id parameter is the type and number of the interface you want to confi
gure.
For example, if to configure Gigabit interface 1, enter the following:
switch(config)#interface g0/1
switch(config-if)#" Configuring a Cisco Switch
What IOS command would you use to issue a switch the host name of BuildingB-Swit
ch? The hostname BuildingB-Switch privileged IOS command allows you to confi
gure this switch with a host name. Configuring a Cisco Switch
As a network administrator, you have a new Catalyst 2960 switch. You want to ass
ign it the IP address of 192.168.0.10/24. What IOS commands do you need to enter
to assign the IP address to the switch? "To assign the IP address to the
switch, enter the following commands:Step 1. Enter the VLAN 1 interface. This
is a logical interface used for management.
Step 2. Assign the IP address and subnet masks.
Step 3. Enable the interface by issuing the no shutdown command.
interface vlan1
ip address 192.168.0.10 255.255.255.0
no shutdown
Follow these steps to assign the IP address to the switch:" Configuring a Ci
sco Switch
How do you configure a Catalyst 2960 switch with a default gateway? "To conf
igure the default gateway, use the ip default-gateway ip-address global configur
ation command. The following example configures the switch to use IP address 192
.168.0.1 as its default gateway:
Switch(config)#ip default-gateway 192.168.0.1" Configuring a Cisco Switch
Because a switch operates at Layer 2 of the OSI model, why do you need to config
ure a default gateway on the switch? "You need to configure a default gateway
on the switch to allow remote networks to manage the switch.
Although a switch does not see Layer 3 and above information, a default gateway
is configured on a switch to allow administrators to remotely administer and con
figure the switch." Configuring a Cisco Switch
What Cisco switch IOS command displays the system hardware, software version, na
mes of configuration files, and boot images? "The show version switch IOS com
mand displays the system hardware, software version, boot images, and configurat
ion register. The following is the output of the show version command:
Cat2960#show version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELE
ASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 04:33 by yenanh
Image text-base: 0x00003000, data-base: 0x00AA2F34
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWA
RE (fc1)
Cat2960 uptime is 17 hours, 32 minutes
System returned to ROM by power-on
System image file is ""flash:c2960-lanbase-mz.122-25.SEE2/c2960-lanbase-mz.122-2
5.SEE2.bin""
cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 61440K/4088K byt
es of memory.
Processor board ID FOC1043Z2SG
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
<text omitted>

Configuration register is 0xF" Configuring a Cisco Switch


How do you display the current active configuration on a switch? You disp
lay the current active configuration on a switch by issuing the show running-con
fig or sh run privileged command. Configuring a Cisco Switch
What command allows you to view the statistics for all interfaces configured on
the switch? The show interfaces privileged command allows you to view the st
atistics for all interfaces configured on the switch. Configuring a Cisco Swit
ch
What command displays the switch's configured IP address, subnet mask, and defau
lt gateway? "The show ip interface privileged EXEC command displays all IP i
nformation configured for all interfaces on the switch. Following is the output
of the show ip interface command:
Cat2960#show ip interface
Vlan1 is up, line protocol is down
Internet address is 192.168.0.10/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled" Configuring a Cisco Switch
As system administrator, you want to view how long the switch has been turned up
. What command do you issue to view the uptime of the switch? "Issue the show
version privileged EXEC command to view the uptime of the switch.
In addition to displaying the switch hardware configuration and software version
information, the show version command displays switch uptime, switch platform i
nformation including RAM, switch serial number, and MAC address.
Cat2960#show version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELE
ASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 04:33 by yenanh
Image text-base: 0x00003000, data-base: 0x00AA2F34
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWA
RE (fc1)
Cat2960 uptime is 17 hours, 32 minutes
System returned to ROM by power-on
<text omitted>" Configuring a Cisco Switch
What is the switch MAC address table used for? "The switch MAC address table fo
rwards traffic to the appropriate port.
Because switches operate at Layer 2 of the OSI model, they switch traffic by MAC
address. Instead of flooding traffic out all ports, a switch learns the MAC add
ress of devices on each port and only forwards traffic destined to the host on t
he port. The learned MAC addresses are stored in the switch's MAC address table.
" Configuring a Cisco Switch
How many MAC addresses can a Catalyst 2960 switch store in its MAC address table
? "The switch can store 8192 MAC addresses.
MAC addresses on a Catalyst 2960 are dynamically learned. They are stored in mem
ory and are updated and aged out automatically. When a switch is rebooted, the M
AC addresses stored in the MAC address table are reset." Configuring a Ci
sco Switch
How do you display the MAC address table on a Catalyst 2960? "You display the
MAC address table on a Catalyst 2960 by issuing the show mac-address-table priv
ileged command, as follows:
vcswitch-admin1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0000.0000.0000 STATIC CPU
All 000b.469d.c900 STATIC CPU
10 0002.b3ef.c687 DYNAMIC Po1
10 0007.e980.d7a6 DYNAMIC Fa0/7
10 000d.65ac.507f DYNAMIC Po1
10 000f.207a.008c DYNAMIC Po1
10 0010.db72.b08f DYNAMIC Fa0/24
<text omitted>" Configuring a Cisco Switch
How do you add a static MAC address to a port on a Catalyst 2960 switch?
To add a static MAC address, use the mac-address-table static vlan vlan-id inter
face interface-id global command. Configuring a Cisco Switch
How do you add a password to the console terminal? "To add a password to th
e console terminal, use the line console 0 global configuration command, followe
d by the login and password password line subcommands, as follows:
Cat2960(config)#line console 0
Cat2960(config-line)#login
Cat2960(config-line)#password CCNA
The login subcommand forces the router to prompt for authentication. Without thi
s command, the router will not authenticate a password. The password CCNA subcom
mand sets the console password to CCNA. The password set is case sensitive."
Configuring a Cisco Switch
By default, Telnet access to a switch is disabled. How do you enable Telnet acce
ss and configure a password to secure access to the switch? "To enable add a
password for Telnet access, enter the line vty 0 15 global configuration comman
d, the login command, and finally the password line subcommand. The password is
case sensitive.
In this example, the Telnet password is set to CCNA:
Cat2960(config)#line vty 0 15
Cat2960(config-line)#login
Cat2960(config-line)#password CCNA" Configuring a Cisco Switch
How many vty ports exist on a Catalyst 2960 switch? A Catalyst 2960 switch h
as 16 vty ports. Configuring a Cisco Switch
Privileged EXEC mode allows you to make global configurations to a switch. As su
ch, access to global configuration mode should be restricted. How do you restric
t access to privileged EXEC mode? "To restrict access to privileged EXEC m
ode, assign a password to privileged mode.
This is done in one of two ways: by either using the enable password global comm
and or the enable secret global command.
Cisco recommends that you use the enable secret global command versus the enable
password command because the enable secret command encrypts the password."
Configuring a Cisco Switch
"As network administrator, you issue the following commands on your Catalyst 296
0 switch:
Cat2960(config)#enable password Cisco
Cat2960(config)#enable secret cisco
What password will the switch use to enter privileged EXEC mode?" "The swi
tch will use cisco to enter privileged EXEC mode.
When a switch has the enable password and enable secret password configured, the
switch will use the enable secret password as the password to enter privileged
EXEC mode." Configuring a Cisco Switch
When you view the configuration on Cisco routers, only the enable secret passwor
d is encrypted. How do you encrypt the console, Telnet, and enable passwords?
"To encrypt the passwords, use the service password-encryption global command, a
s follows:
Cat2960(config)#service password-encryption" Configuring a Cisco Switch
What banner is displayed before the username and password login prompts on a Cat
alyst switch? "The login banner is displayed.
The login banner is configured using the banner login global command. For exampl
e:
Cat2960#config t
Enter configuration commands, one per line. End with CNTL/Z.
Cat2960(config)#banner login #
Enter TEXT message. End with the character '#'.
Notice! Only Authorized Personnel Are Allowed to Access This Device
#" Configuring a Cisco Switch
When is the message of the day (MOTD) banner displayed? The MOTD is displayed up
on connection to the switch either by Telnet or by the console port. Configur
ing a Cisco Switch
How do you add a message of the day (MOTD) banner on a Cisco device? "You add
an MOTD banner by entering the banner motd # text # global configuration comman
d.
The pound signs (#) are delimiting characters. They can be any character of your
choice, but they must be the same and cannot be included in your text. They sig
nify the beginning and end of your text. The following example shows the banner
motd command:
Cat2960(config)#banner motd # <ENTER>
Enter TEXT message. End with the character '#'.
Warning only authorized users many access this switch. <ENTER>
#
Cat2960(config)#" Configuring a Cisco Switch
Why does Cisco recommend using SSH instead of Telnet for remote access of a Cisc
o device? Cisco recommends using SSH because it encrypts communication bet
ween the Cisco device and the host. Telnet is unsecure, and all communication be
tween the Cisco device and host is sent in clear text. Configuring a Cisco Swit
ch
By default, any IP address can connect to vty ports. How do you restrict access
to vty ports, allowing only certain IP addresses to connect to vty ports?
"You restrict access to vty ports by using standard access lists.
Standard access lists allow you to permit or deny traffic based on the source IP
address. To restrict access to vty ports, you would create a standard access li
st that permits each authorized IP address to connect to vty and apply the acces
s list to the vty ports." Configuring a Cisco Switch
When implementing access lists, what are wildcard masks? "Wildcard masks
define the subset of the 32 bits in the IP address that must be matched.
Wildcards are used with access lists to specify a host, network, or part of a ne
twork. Wildcard masks work exactly the opposite of subnet masks. In subnet masks
, 1 bits are matched to the network portion of the address, and 0s are wildcards
that specify the host range. In wildcard masks, when 0s are present, the octet
address must match. Mask bits with a binary value of 1 are wildcards. For exampl
e, if you have an IP address of 172.16.0.0 with a wildcard mask of 0.0.255.255,
the first two portions of the IP address must match 172.16, but the last two oct
ets can be in the range of 0 to 255." Configuring a Cisco Switch
What is the IOS command syntax that creates a standard IP access list? "The com
mand syntax to create a standard IP access list is as follows:
access-list access-list-number {permit | deny} source-address
[wildcard-mask]
The access-list-number parameter is a number from 1 to 99 or 1300 to 1999.
For example:
SwitchA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
SwitchA(config)#access-list 10 permit any
This creates access list number 10, which denies any IP address between 192.168.
0.1 and 192.168.255.255 while permitting all other traffic." Configuring a Ci
sco Switch
Create an access list that permits only Telnet traffic from network 192.168.10.0
255.255.255.0 to connect to a Cisco device. "An access list that permits onl
y Telnet traffic from network 192.168.10.0 255.255.255.0 is as follows:
SwitchA(config)#access list 10 permit ip 192.168.10.0 0.0.0.255
SwitchA(config)#line vty 0 15
SwitchA(config-if)#access-class 10 in This applies the access list to telnet
ports" Configuring a Cisco Switch
What is switch port security? Switch port security allows you to restrict inpu
t to a port by limiting and/or identifying the MAC addresses of the devices allo
wed to access the port. Configuring a Cisco Switch
What commands enable port security on interface f0/1? Only allow one MAC address
on the port, and let the switch dynamically learn the MAC address. Restrict the
port if a second MAC address is detected. "Use the following commands to e
nable port security on interface f0/1:
Cat2960(config)#int f0/1
Cat2960(config-if)#switchport mode access
Cat2960(config-if)#switchport port-security
Cat2960(config-if)#switchport port-security max 1
Cat2960(config-if)#switchport port-security mac-address sticky
Cat2960(config-if)#switchport port-sec violation restrict" Configuring a Ci
sco Switch
Can you enable port security on a trunk port? No. A trunk port is a port confi
gured to trunk multiple VLANs. Only access ports (ports with only one VLAN) can
have port security enabled. Configuring a Cisco Switch
How can you tell whether port security is enabled on a switch? "You determine w
hether port security is enabled on a switch by issuing the show port-security co
mmand, as follows:
Cat2960#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/1 1 0 0 Restrict
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8320" Configur
ing a Cisco Switch
What is the default mode of a switch port? The default mode is trunk. Becau
se the default mode of a switch port is dynamic desirable, the port will try to
negotiate to trunking if the other end of the link has a compatible setting. Thi
s setting can allow an unauthorized user to plug a device into an unused switch
port and gain access to the network. Cisco recommends securing unused switch por
ts. Configuring a Cisco Switch
How do you secure unused switch ports? You secure an unused switch port by eith
er disabling the port or putting the port in an unused VLAN. Configuring a Ci
sco Switch
How do you disable a switch port? You disable a switch port by issuing the
shutdown interface command. To reenable the interface, issue the no shutdown co
mmand. Configuring a Cisco Switch
What are VLANs? VLANs are broadcast domains in a Layer 2 network. Each broadcast
domain is like a distinct virtual bridge within the switch. Each virtual bridge
you create in a switch defines a broadcast domain. By default, traffic from one
VLAN cannot pass to another VLAN. Each of the users in a VLAN would also be in
the same IP subnet. Each switch port can belong to only one VLAN. Configur
ing a Cisco Switch
For VLANs to communicate with each other, what network component is needed?
A router or Layer 3 switch is needed for inter-VLAN communication. It is importa
nt to think of a VLAN as a distinct virtual bridge in a switch, with is its own
IP subnet and broadcast domain. A network device cannot communicate from one IP
subnet to another without a router. The same is true for a VLAN; you cannot comm
unicate from one VLAN to another without a router. Configuring a Cisco Swit
ch
What is VLAN membership? VLAN membership describes how a port on a switch
is assigned to a VLAN. Configuring a Cisco Switch
What are the three most common ways that VLAN membership is established?
"The three most common ways of establishing VLAN membership are as follows:
- Port-driven membership
- MAC address membership
- Layer 3[nd]based membership" Configuring a Cisco Switch
What are the two ways that inter-VLAN communication can be established? "The two
ways that inter-VLAN communication can be established are as follows:
- Logically: Involves a single connection, called a trunk link, from the switch
to a router. The trunk link uses a VLAN protocol to differentiate between VLANs.
This configuration is called a ""router on a stick.""
- Physically: Involves a separate physical connection for each VLAN." Configur
ing a Cisco Switch
What are trunk links? "Trunk links allow the switch to carry multiple VLANs ac
ross a single link.
By default, each port on a switch can belong to only one VLAN. For devices that
are in VLANs (that span multiple switches) to talk to other devices in the same
VLAN, you must use trunking or have a dedicated port per VLAN." Configuring a Ci
sco Switch
As a network administrator, you want to create two VLANs, one named Admin and th
e other named Sales. What commands create the two VLANs, assigning VLAN ID 10 an
d 20, respectively, to each VLAN? "Issue the following commands to create
the two VLANs:
Cat2960(config)#vlan 10
Cat2960(config-vlan)#name Admin
Cat2960(config-vlan)#vlan 20
Cat2960(config-vlan)#name Sales" Configuring a Cisco Switch
What IOS commands assign interface f0/1 to VLAN 10 and interface f0/2 to VLAN 20
? "The IOS commands that assign interface f0/1 to VLAN 10 and interface f0
/2 to VLAN 20 are as follows:
Cat2960(config)#int f0/1
Cat2960(config-if)#switchport access vlan 10
Cat2960(config-if)#int f0/2
Cat2960(config-if)#switchport access vlan 20" Configuring a Cisco Switch
What command allows you to view information that is specific to VLAN 10?
"To view information that is specific to VLAN 10, enter the show vlan id 10 comm
and, as follows:
Cat2960#show vlan id 10
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
<text omitted>" Configuring a Cisco Switch
What command allows you to view the names of all the VLANs configured on a switc
h? "To view the names of all the VLANs configured on a switch, enter the sh
ow vlan brief command, as follows:
Cat2960#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12
20 admin active Fa0/2
30 VLAN0030 active
40 VLAN0040 active
50 VLAN0050 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup" Configuring a Cisco Swit
ch
A fundamental concept behind LAN switching is that it provides microsegmentation
. What is microsegmentation? Microsegmentation is a network design (functiona
lity) where each workstation or device on a network gets its own dedicated segme
nt (collision domain) to the switch. Each network device gets the full bandwidth
of the segment and does not have to contend or share the segment with other dev
ices. Microsegmentation reduces collisions because each segment is its own colli
sion domain. Configuring a Cisco Switch
What advantages are offered by LAN segmentation using LAN switches? "The adv
antages offered by LAN segmentation using LAN switches are as follows:
- Collision-free domains from one larger collision domain
- Efficient use of bandwidth
- Low latency and high frame-forwarding rates at each interface port" Configur
ing a Cisco Switch
Describe full-duplex transmission. Full-duplex transmission is achieved by
microsegmentation, where each network device has its own dedicated segment to th
e switch. Because the network device has its own dedicated segment, it does not
have to worry about sharing the segment with other devices. With full-duplex tra
nsmission, the device can send and receive at the same time, effectively doublin
g the amount of bandwidth between nodes. Configuring a Cisco Switch
What are the advantages of using full-duplex Ethernet instead of half-duplex?
Full-duplex provides faster data transfer and operates without collisions.
Configuring a Cisco Switch
Can a network hub be connected to a switch port in full-duplex mode? No. Beca
use a hub shares access to the segment, it must connect to a switch port in half
-duplex to be able to detect collisions. Configuring a Cisco Switch
What command allows you to view the duplex and speed setting configured for a sw
itch port? "To view the duplex and speed setting configured for a switch po
rt, enter the show interface interface-id command, as follows:
Cat2960#show interface f0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0019.e81a.4801 (bia 0019.e81a.4801)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00" Configuring a Cisco Switch
What is the Spanning Tree Protocol (STP)? STP is a loop-prevention bridge-
to-bridge protocol. Its main purpose is to dynamically maintain a loop-free netw
ork. It does this by sending out bridge protocol data units (BPDU), discovering
any loops in the topology, and blocking one or more redundant links. Configur
ing a Cisco Switch
When troubleshooting switches, in what layers of the OSI model do problems occur
? Problems occur in Layers 1 and 2. Configuring a Cisco Switch
When troubleshooting a switched network, what are some common Layer 1 issues?
"Some common Layer 1 issues are as follows:
- Bad or damaged wires.
- EMI is introduced.
- New equipment is installed." Configuring a Cisco Switch
An end user complains of slow access to the network. You issue the show interfac
e command on the port the user is connected to and you see a lot of collisions a
nd cyclic redundancy check (CRC) errors on the interface. What is most likely th
e cause of the problem? "The most likely cause of the problem is a bad network c
able, damaged media, or EMI.
Excessive collisions and CRC errors usually indicate a problem with the network
cable attached to the port, or outside interference." Configuring a Cisco Swit
ch
An end user complains of slow access to the network. You issue the show interfac
e command on the port the end user is connected to and you see a lot of collisio
ns and runts on the interface. What is most likely the cause of the problem?
Either a change of traffic patterns usually caused by the installation of a new
application or the installation of a hub can cause excessive collisions and runt
s on an interface. Configuring a Cisco Switch
An end user's computer network card is set to half-duplex and the switch port hi
s computer is connected to is set to full-duplex. What is the result? The resu
lt is a duplex mismatch. As a result, the computer does not gain access to the n
etwork. Configuring a Cisco Switch
What are some differences between WLANs and LANs? "Some differences betwee
n WLAN and LANs are as follows:
- WLANs use radio waves or infrared as the physical layer.
- WLANs use carrier sense multiple access collision avoid (CSMA/CA) instead of c
arrier sense multiple access collision detect (CSMA/CD).
- WLAN's frame format is different than that of wired Ethernet LANs.
- WLANs are limited to coverage problems, interference, and noise.
- Wireless access points are shared devices similar to an Ethernet hub.
- WLANs must meet country-specific radio frequency (RF) regulations." Extendin
g the LAN
What three factors can affect radio wave propagation? "Three factors that can
affect radio wave propagation are as follows:Reflection: Occurs when RF waves bo
unce off objects such as metal or glass
Scattering: Occurs when RF waves strike uneven surfaces
Absorption: Occurs when RF waves are absorbed by objects, for example, water"
Extending the LAN
Which frequency has higher data rates, 900 MHz or 2.8 GHz? The 2.8-GHz freq
uency offers higher data rates. Higher frequencies allow higher data rates, so o
f the two, 2.8 GHz allows faster data transfer rates than 900 MHz. Although high
er frequencies allow higher data rates, they also have a shorter range because t
he receiver requires a stronger signal to access information and a shorter trans
mission range. Extending the LAN
How do you increase the range of a wireless network? You can increase the ran
ge of a wireless network by increasing the power of the wireless radio. For exam
ple, to double the range of the network, you increase the power by a factor of 4
. Extending the LAN
What organization defines the 802.11 standard? The IEEE defines the 802.11 stan
dard. Extending the LAN
What are the three unlicensed wireless bands? "The three unlicensed wireless b
ands are as follows:
- 900 MHz
- 2.8 GHz
- 5 GHz" Extending the LAN
What is EIRP? "Effective Isotropic Radiated Power (EIRP) is the final unit of
measurement monitored by local regulatory agencies. EIRP is calculated as follow
s:
EIRP = Transmission power + Antenna gain [ms] Cable loss" Extending the LA
N
How many available channels does 802.11b/g offer? The 802.11b/g standards
offer three channels. Although 802.11b/g has 11 channels, only 3 channels are no
noverlapping. As a result, the channels to use in 802.11b/g are 1, 6, and ll.
Extending the LAN
List three security threats to WLANs? "Three security threats to WLANs are as
follows:War drivers: War driving is when someone is driving around with a laptop
and wireless card/antenna looking for wireless access points to exploit.
Hackers: Most hackers start by war driving. When an access point is identified,
hackers try to exploit weak security keys and passwords to gain access to the ne
twork.
Rogue APs: Rogue access points (AP) are access points installed on a WLAN that c
an interfere with day-to-day network operation. Rogue APs are also unauthorized
APs installed on the network by employees." Extending the LAN
What three things can a network administrator do to minimize WLAN security threa
ts? "A network administrator can do the following things to minimize WLAN se
curity threats:
- Use authentication to ensure that only authorized clients access the WLAN
- Encrypt wireless data
- Use intrusion detection/prevention systems to monitor, identify, and prevent W
LAN attacks" Extending the LAN
Which of the following wireless encryption specifications is most secure: WEP, W
PA, or 802.11i? "The 802.11i specification is the most secure. Also known as WPA
2, 802.11i uses the Advanced Encryption Standard (AES) for encryption and has dy
namic key management.
Wired Equivalent Privacy (WEP) uses a 64-bit static key for encryption and authe
ntication. WEP keys are not strong and can be compromised.
Wi-Fi Protected Access (WPA) was created to overcome WEP weaknesses. It provides
strong user authentication and encryption using stronger algorithms such as Tem
poral Key Integrity Protocol (TKIP)." Extending the LAN
During client association to an AP, what information is sent from the client to
the AP? "The following information is sent from the client to the AP during clie
nt association to an AP:
- Client service set identifier (SSID)
- Client MAC address
- Client security settings" Extending the LAN
What must occur before a client can send and receive data through an access poin
t? Authentication and association of the client with the AP must occur befo
re a client can send and receive data through an access point. Extending the LA
N
What does WPA use for authenticating clients? WPA uses 802.1x and Pre-Shared K
ey (PSK) to authenticate clients. Extending the LAN
What are the two Infrastructure modes? "The two Infrastructure modes are as fol
lows:Basic Service Set (BSS): Wireless clients connect to each other and the wir
eless network through one access point.
Extended Services Set (ESS): More than one access point exists, with all APs con
figured with a common SSID to allow roaming." Extending the LAN
What is the difference between Ad hoc mode and Infrastructure mode? "In Ad h
oc mode, wireless clients connect directly to each other without an access point
.
In Infrastructure mode, wireless clients connect through an access point."
Extending the LAN
In WLANs, what is the basic service area (BSA)? The BSA is the access point's RF
coverage area. In other words, it is the area that is covered by the access poi
nt. Extending the LAN
In a wireless Infrastructure mode, do wireless clients communicate directly with
each other? No. In Infrastructure mode, all wireless clients communicate wit
h each other through the AP. The AP controls all traffic flow to and from the ne
twork. Extending the LAN
How do access points broadcast the name of their SSID? Access points broadcast
the name of their SSID through beacons. Beacons are a broadcast that the access
point sends out in all directions to announce the services it offers. Beacons ar
e also used to logically separate WLANs. Extending the LAN
How much overlap is recommended between ESA cells? An overlap of 10 to 15 p
ercent is recommended. When an AP does not have a large enough BSA, another AP c
an be added (with a different channel) to extend the service area (ESA). ESAs sh
ould have a 10 to 15 percent overlap to allow wireless clients to roam without l
osing connection to the wireless network. Extending the LAN
What are the steps to implement a wireless network? "The steps to implement
a wireless network are as follows:
Step 1. Verify wired operation, including Dynamic Host Configuration Protocol (D
HCP) and Internet access.
Step 2. Install the AP.
Step 3. Configure the AP with no security.
Step 4. Install and configure a wireless client with no security.
Step 5. Verify wireless connectivity.
Step 6. Configure security on the AP and client.
Step 7. Verify wireless operation." Extending the LAN
Define routing. Routing is the act of finding a path to a destination and moving
information across an internetwork from the source to the destination. Explorin
g the Functions of Routing
What are the two key functions that a router performs? The two key functions th
at a router performs are path determination (routing) and packet forwarding (swi
tching). The routing mechanism is responsible for learning and maintaining aware
ness of the network topology. The switching function is the process of moving pa
ckets from an inbound interface to an outbound interface. Exploring the Fu
nctions of Routing
How does a router determine the path a packet should take to reach its destinati
on? "A router determines a path a packet should take to reach a destination
by picking the best path to the destination. The best path is determined by one
of the following methods:
- Static routing
- Dynamic routing
- Default routing" Exploring the Functions of Routing
What is the difference between a routed and a routing protocol. "A routed protoc
ol is a protocol suite that provides the information in its network layer to all
ow a packet to direct traffic and defines the use of fields within a packet. Exa
mples of routed protocols are IP, Internetwork Packet Exchange (IPX), and DECnet
.
A routing protocol finds routes in an internetwork, exchanges routing tables, an
d maintains route awareness. Routing protocols determine how routed protocols ar
e routed. Routing Information Protocol (RIP), Enhanced IGRP (EIGRP), Intermediat
e System[nd]to[nd]Intermediate System (IS-IS), Open Shortest Path First (OSPF),
and Border Gateway Protocol (BGP) are examples of routing protocols." Explorin
g the Functions of Routing
What six types of information are stored in routing tables? "The following s
ix types of information are stored in routing tables:
- Destination network address
- Next-hop address
- Exiting interface
- Metric
- Administrative distance
- Routing protocol used" Exploring the Functions of Routing
How do routing protocols maintain their routing tables with each other? Routing
protocols maintain their routing tables through the transmission of routing upda
te messages. Routing update messages are exchanged between routers at periodic i
ntervals or when a change in the network topology occurs. The information contai
ned in the routing updated messages varies from routing protocol to routing prot
ocol. Exploring the Functions of Routing
What is administrative distance? Administrative distance (AD) is an integ
er from 0 to 255 that rates the trustworthiness of the source of the IP routing
information. It is only important when a router learns about a destination route
from more than one source. The path with the lowest AD is the one given priorit
y. Exploring the Functions of Routing
"What is the AD for each of the following?
- Directly connected interface
- Static route
- EIGRP
- IGRP
- OSPF
- IS-IS
- RIP
- External EIGRP
- Unknown" "The ADs are as follows:
- Directly connected interface: 0
- Static route: 1
- EIGRP: 90
- IGRP: 100
- OSPF: 110
- IS-IS 115
- RIP: 120
- External EIGRP: 170
- Unknown: 255" Exploring the Functions of Routing
What are the four types of routes found in a routing table? "The four types
of routes found in a routing table are as follows:Directly connected networks: R
oute entries that a router is directly connected to.
Static routes: Routes entered manually by an administrator.
Dynamic routes: Routes learned and populated by a routing protocol.
Default route: Used to route packets when the router does not have a specific de
stination for packets in its routing table. The default route is entered manuall
y or dynamically." Exploring the Functions of Routing
What is an autonomous system (AS)? An AS is a collection of networks under
common administrative control that share a common routing strategy. Explorin
g the Functions of Routing
What is the difference between interior gateway protocols (IGP) and exterior gat
eway protocols (EGP)? IGPs route data within an autonomous system (AS). EGPs r
oute data between autonomous systems. Examples of IGPs are RIP, EIGRP, IS-IS, an
d OSPF. BGP is an example of an EGP. Exploring the Functions of Routing
What is a routing metric? A routing metric is a factor that determines the
desirability of a route. A router uses the metric to determine the best or opti
mal path to which network traffic should be forwarded. Exploring the Functions
of Routing
What are the most common routing metrics used in routing algorithms? "The mos
t common routing metrics used in routing algorithms are as follows:
- Bandwidth: The data capacity of a link
- Delay: The length of time required to move a packet from source to destination
- Load: The amount of activity on the link or network resource
- Reliability: A reference to the error rate on each network link
- Hop count: The number of routers a packet must take to reach its destination
- Cost: A value assigned by the network administrator, usually based on bandwidt
h or monetary expense on the link" Exploring the Functions of Routing
How do distance vector routing protocols function? Also known as Bellman-Fo
rd algorithms, distance vector routing protocols pass complete routing tables to
neighboring routers. Neighboring routers then combine the received routing tabl
e with their own routing tables. Each router receives a routing table from its d
irectly connected neighbor. RIP is the most common distance vector protocol used
in today's internetworks. Exploring the Functions of Routing
How do distance vector routing protocols keep track of changes to the internetwo
rk? "Distance vector routing protocols keep track of changes to the internet
work by periodically broadcasting updates out all active interfaces.
These broadcasts contain the entire routing table. This method is often called "
"routing by rumor.""" Exploring the Functions of Routing
Slow convergence of distance vector routing protocols can cause inconsistent rou
ting tables and routing loops. What are some mechanisms that distance vector pro
tocols implement to prevent routing loops and inconsistent routing tables?
"Some mechanisms that distance vector protocols implement to prevent routing loo
ps and inconsistent routing tables are as follows:
- Maximum hop count (count to infinity)
- Split horizon
- Route poisoning
- Hold-down timers" Exploring the Functions of Routing
What are link-state protocols? List two common link-state protocols. "Designe
d to overcome the limitations of distance vector protocols, link-state protocols
respond quickly to network changes and send both triggered updates and periodic
updates.
Link-state protocols create a picture of the internetwork by determining the sta
tus of each interface (link) in the internetwork. When the interface goes down,
link-state protocols send updates out all other interfaces, informing other rout
ers of the downed link.
OSPF and IS-IS are the most common link-state protocols used." Exploring the Fu
nctions of Routing
"Which of the following is a hybrid routing protocol?
- RIPv2
- IGRP
- DECnet
- EIGRP" EIGRP. EIGRP was developed by Cisco and is considered a hybrid r
outing protocol because it combines the aspects of distance vector and link-stat
e routing protocols. Exploring the Functions of Routing
"Which of the following are link-state protocols?
- IS-IS
- BGP
- Variable-length subnet mask (VLSM)
- RIP
- OSPF" IS-IS and OSPF are link-state protocols. Exploring the Functions
of Routing
What type of protocol is BGP? BGP is considered an exterior gateway protocol (
EGP). BGP is a routing protocol that routes routing protocols' domains (autonomo
us systems). Exploring the Functions of Routing
Convert the decimal number 167 to binary. "Binary uses only two symbols (1
or 0) instead of ten symbols like decimal. In binary, 1 signifies ON and 0 sign
ifies OFF. To convert a decimal number to binary, each digit represents the
number 2 raised to a power exponent based on its position To convert a decimal
number to binary, first find the largest power of 2 that can fit into the decim
al number. If you have the decimal number 167, 128 is the largest power of 2 tha
t fits into this binary number, so 128 is considered ON. Subtracting 128 from 16
7 leaves you with 39. The next largest power that can fit into 39 is 32, so 32 i
s considered ON. Subtracting 32 from 39 leaves you with 7, so 4, 2, and 1 are co
nsidered ON. This leaves you with the following binary number:
10100111" Exploring the Functions of Routing
Convert binary number 01100100 to decimal. Converting a binary number to de
cimal is just the reverse of converting a decimal number to binary. When convert
ing from binary, look at the numbers that are considered ON and then find their
place value. In the binary number 01100100, the place values 64, 32, and 4 are O
N. If you add these place values together, you get the decimal number of 100.
Exploring the Functions of Routing
Convert the binary number 0101011011000010 to hexadecimal. "Converting bina
ry to hex is easier than it looks. No matter how large the binary number, always
apply the following conversion: Break the binary number into groups of four, st
arting from the right and moving left. If the binary number is not divisible by
four, add 0s to the left end or until you have four digits in every group.
Using this equation, 0101011011000010 is broken into the following groups: 0101
0110 1100 0010. After you have created the groups, you can convert the digits to
hex. 0101 is 5 in hex, 0110 is 6, 1100 is C, and 0010 is 2, so this binary numb
er looks like the following in hex: 0x56C2." Exploring the Functions of Routi
ng
What is the range of binary values for the first octet in class B addresses?
The first octet for a class B IP address is 128[nd]191 in decimal, which is 1000
0000-10111111 in binary. Exploring the Functions of Routing
How many usable IP addresses are provided in a Class C network address? 254. The
default subnet mask for a Class C address is 255.255.255.0, or /24. This means
that 24 bits are used for the network number and 8 bits are reserved for hosts.
28 = 256. However, because two addresses are reserved for the network address an
d broadcast address, the amount of usable IP addresses is 254. The formula to ca
lculate usable IP addresses is 2n[ms]2, where n is the number of host bits.
Exploring the Functions of Routing
How many usable subnets and usable hosts do you have if you subnet the network a
ddress 192.168.1.0 with the subnet mask 255.255.255.240? "If you subnet 1
92.168.1.0 with a 28-bit mask (255.255.255.240), you have 14 networks with 14 ho
sts in each network. If you look at the network address and subnet mask in binar
y, you can see that in the last octet, you have 4 bits for networks and 4 bits f
or hosts, as follows:
11000000.10101000.00000000.00000000
11111111.11111111.11111111.11110000
You can apply these bits to the following formula:
2n = amount of subnets or hosts, where n is the amount of masked bits
Therefore, 24 = 16 subnets. You then apply the same equation to the find the hos
ts and you receive 16." Exploring the Functions of Routing
Your Internet provider has given you the IP network address of 172.16.0.0/16. Yo
u have 18 networks, each with 1200 hosts. You want to assign one IP range per su
bnet, leaving room for future growth. Assuming that the ip subnet zero command i
s enabled on all routers, what subnet mask would best achieve your goals?
"The subnet mask of 255.255.248.0 would best achieve your goals.
If you look at this subnet mask in binary, you can see that you have 5 subnet bi
ts for the network address: 11111111.11111111.11111000.00000000
If you use the subnet equation 25 = 32, 32 available networks will be provided w
ith the subnet mask, which fulfills the requirement for 18 networks and allows a
dequate growth. This leaves you with 11 bits to be assigned to hosts. This gives
you 2046 (211 [ms] 2) addresses, giving you more than enough IP addresses to be
assigned to hosts. If you use a subnet mask of 255.255.240.0, you will meet the
requirement of 1200 hosts (212 [ms] 2 = 4094 available hosts) but not have enou
gh networks (24 = 16 available networks)." Exploring the Functions of Routi
ng
What is the correct network address for host 192.168.10.72/26? "The correct net
work address is 192.168.10.64.
A 26-bit subnet mask is 255.255.255.192. A quick way to find the network of a gi
ven subnet mask is to subtract the last portion of the subnet mask with 256. In
this case, 256 [ms] 192 = 64. Assuming that the ip subnet zero command is enable
d on the router, the usable networks for a 26-bit subnet mask are as follows:
- 192.168.10.0
- 192.168.10.64
- 192.168.10.128
- 192.168.10.192
Host 192.168.10.72 falls in the 192.168.10.64 network." Exploring the Functions
of Routing
As a network administrator, you have a class B address. Assuming that the ip sub
net zero command is enabled on the router, what subnet mask allows you to have 1
00 subnetworks with at least 500 usable hosts? "The subnet mask is 255.255.254.
0.
255.255.254.0 in binary is as follows:
11111111.11111111.11111110.00000000
All you care about are the last two octets. So you have 7 bits for the network a
nd 9 bits for host addresses. Seven bits of subnetting provide 128 subnets, and
9 bits of host subnetting provide 510 hosts per subnet." Exploring the Fu
nctions of Routing
What is the difference between static and dynamic routes? "Static routes a
re routes that an administrator manually enters into a router.
Dynamic routes are routes that a router learns automatically through a routing p
rotocol." Exploring the Functions of Routing
How do you configure a static route on a Cisco router? "To configure a static r
oute on a Cisco router, enter the ip route destination-network [mask] {next-hop-
address | outbound- interface} [distance] [permanent] global command. Here's an
example:
RouterB(config)#ip route 172.17.0.0 255.255.0.0 172.16.0.1
This example instructs the router to route to 172.16.0.1 any packets that have a
destination of 172.17.0.0 to 172.17.255.255." Exploring the Functions of Routi
ng
What is a default route? Also known as the gateway of last resort, a defa
ult route is a special type of static route with an all-0s network and network m
ask. The default route directs any packets for which a next hop is not specifica
lly listed in the routing table. By default, if a router receives a packet to a
destination network that is not in its routing table, it drops the packet. When
a default route is specified, the router does not drop the packet. Instead, it f
orwards the packet to the IP address specified in the default route. Explorin
g the Functions of Routing
How do you configure the default route on a Cisco router? "To configure a
default route on a Cisco router, enter the following global configuration comman
d:
ip route 0.0.0.0 0.0.0.0 [ip-address-of-the-next-hop -router ? outbound-interfac
e]
For example:
RouterB(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.2" Exploring the Functions
of Routing
When a router is powered on, what three tasks does the router perform? "The rou
ter performs the following tasks when powered on:
1. Runs a power-on self test (POST) to test the hardware
2. Finds and loads the IOS
3. Finds and applies the router configuration file" Configuring a Ci
sco Router
Upon first boot, a new router does not have a configuration file to load. In the
event that a router has no configuration file, what happens? If a router does
find a configuration file, the router runs setup mode, a question-driven config
uration wizard that allows you to configure basic router parameters. Configur
ing a Cisco Router
What two EXEC modes are supported in the Cisco router IOS? "The two EXEC mo
des are as follows:
- User EXEC mode (user mode)
- Privileged EXEC mode (enable or privileged mode)" Configuring a Cisco Rout
er
In the IOS, what is user EXEC mode? "User EXEC mode is the first mode you en
ter when you log in to the IOS. This mode is limited and is mostly used to view
statistics. You cannot change a router's configuration in this mode. By default,
the greater-than sign (>) indicates that you are in user mode. This is how the
router prompt looks in user mode:
Router>" Configuring a Cisco Router
In the router IOS, what is privileged EXEC mode? "In privileged EXEC mode
, you can view and change the configuration in a router; you have access to all
the router's commands and the powerful debug commands.
To enter privileged mode, enter the enable command while in user mode. By defaul
t, the pound symbol (#) indicates that you are in privileged mode. This mode is
usually protected with a password. Here is an example of how to enter privileged
mode. You also see the output of the prompt:
Router>enable
Password:
Router#" Configuring a Cisco Router
When you are in privileged EXEC mode, how do you return to user EXEC mode?
"You can return to user EXEC mode by using the disable IOS command. Here is an e
xample of using the disable command:
Router#disable
Router>" Configuring a Cisco Router
What are global commands on a Cisco router? Global configuration commands ar
e commands that affect the entire router. They can be executed only in global co
nfiguration mode. Configuring a Cisco Router
How do you enter global configuration mode? "To enter global configuration m
ode, you enter the config terminal command from privileged EXEC mode. Here is an
example of this command:
Router#config terminal
Enter configuration commands, one per line. End with CTRL-Z.
Router(config)#" Configuring a Cisco Router
What is Cisco AutoSecure? "Cisco AutoSecure is a tool that attempts to sec
ure the router by disabling the services most commonly used by hackers to attack
a router. For example, AutoSecure disables HTTP server, Cisco Discovery Protoco
l (CDP), Network Time Protocol (NTP), Internet Control Message Protocol (ICMP),
and other services on the router.
AutoSecure can run in interactive or noninteractive mode." Configuring a Ci
sco Router
How do you resume a suspended Telnet session? "To resume a suspended Telnet se
ssion, issue the resume session-number privileged command.
The session number is the number from the show sessions command that you want to
resume." Configuring a Cisco Router
On a Cisco router, how do you display the configuration running in RAM? "You dis
play the configuration running in RAM using the show running-config privileged m
ode command. For example:
Router#show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password cisco
!
--More--" Configuring a Cisco Router
What is the default configuration register of a Cisco 2600 series router?
The default configuration register of a Cisco 2600 series router is 0x2102. The
configuration register tells the router what configuration file to load at route
r startup. Modifying the configuration register is part of the password recovery
process. Configuring a Cisco Router
On a Cisco router, how do you view the configuration stored in nonvolatile RAM (
NVRAM)? You view the configuration stored in NVRAM using the show startup-config
privileged mode command. Configuring a Cisco Router
How do you store the active configuration to NVRAM? To save the running conf
ig to the startup config, use the copy running-config startup-config privileged
mode command. Configuring a Cisco Router
How do you name a Cisco router? "The hostname name global configuration command
configures a name on a Cisco router.
For example, the following command changes the router's host name to RouterA:
Router(config)#hostname RouterA
RouterA(config)#" Configuring a Cisco Router
What command allows you to suspend a Telnet session? Press Ctrl-Shift-6 follo
wed by X to suspend a Telnet session. Configuring a Cisco Router
"What is the correct command to add the description ""Link to West LA"" to an in
terface on a Cisco router?
a. name Link to West LA
b. interface description Link to West LA
c. description Link to West LA
d. interface name Link to West LA" c. The command to add a description to a
n interface is the description interface-description interface configuration com
mand. Configuring a Cisco Router
"On a Cisco router what do the following commands do?
Router(config)#line console 0
Router(config)#exec-timeout 30 30" The commands set the timeout on the cons
ole port to 30 minutes and 30 seconds. Configuring a Cisco Router
As a network administrator, you want to view the current Telnet connections on a
router. What command do you issue to view the current connections? You issu
e the show sessions privileged command to view the current connections. Configur
ing a Cisco Router
How do you administratively disable an interface on a Cisco router? "You adm
inistratively disable an interface on a Cisco router by issuing the shutdown int
erface configuration command.
In this example, the serial interface is issued the shutdown command:
RouterA(config)#int s0
RouterA(config-if)#shutdown
00:27:14: %LINK-5-CHANGED: Interface Serial0, changed state to administratively
down" Configuring a Cisco Router
What are some of the things the show interface interface-type number command dis
plays? "The show interface command displays the following:
- Whether the interface is administratively down
- Whether the line protocol is up or down
- An Internet address (if one is configured)
- Maximum transmission unit (MTU) and bandwidth
- Traffic statistics on the interface
- Interface encapsulation type" Configuring a Cisco Router
How do you display the status of interface S0 only? The IOS command to displ
ay the status of interface S0 only is show interface s0. Configuring a Ci
sco Router
On your Cisco router, you enter the show interface s0 command and notice that th
e port is administratively down. What does this mean, and how do you fix it?
When an interface is administratively down, it has been shut down manually or wa
s never enabled. To remedy this, enter the interface command no shutdown.
Configuring a Cisco Router
"You are configuring a serial interface and the interface says ""Interface is up
, line protocol is down."" What does this tell you regarding the serial interfac
e?" "If an interface says ""Interface is up, line protocol is down,"" the in
terface is experiencing Layer 2 problems. This could be caused by not receiving
keepalives, no clocking received, or encapsulation mismatch." Configuring a Ci
sco Router
What two commands can you use to show the clock rate on a serial interface?
To view the clock rate on a serial interface, you can use the show running-confi
g privileged EXEC command and the show controllers privileged EXEC command.
Configuring a Cisco Router
Assuming that you are using no channel service unit/data service unit (CSU/DSU)
and that you are using back-to-back data terminal equipment/data communications
equipment (DTE/DCE) serial cables, what command would you use to set the serial
interface on a router to provide clocking to another router at 64 kbps? The comm
and to set the serial interface on a router to provide clocking to another route
r at 64 kbps is clock rate 64000. Configuring a Cisco Router
What Cisco IOS router command would you use to find out whether a serial interfa
ce is a DCE or DTE interface (providing clocking)? "To see whether a serial
interface is providing clocking, use the enable command show controllers serial
-interface-type serial-number.
The following example shows that serial interface 0 is providing clock rate at 5
6 kbps and that a DCE cable is attached to the serial interface:
RouterA#show controllers s 0
HD unit 0, idb = 0xCCE04, driver structure at 0xD2298
buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 56000
cpb = 0x81, eda = 0x4940, cda = 0x4800
RX ring with 16 entries at 0x814800" Configuring a Cisco Router
How would you configure a Fast Ethernet interface 0 with an IP address of 192.16
8.0.1/24 on a Cisco router? "To configure a Fast Ethernet interface 0 with a
n IP address of 192.168.0.1/24 on a Cisco router, issue the following commands:
Router(config)#interface f0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown" Configuring a Cisco Router
What command can you use to view the mapping between network addresses and MAC a
ddresses on a router? "To view the mapping between network addresses and MAC a
ddresses on a router, issue the show ip arp command. For example:
vc-core#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.6.10 3 0007.e9d5.8e28 ARPA Ethernet0/0
Internet 10.1.1.2 3 0002.b3ef.c687 ARPA Ethernet0/0
Internet 10.1.2.1 - 000d.65ac.507f ARPA Ethernet0/0
Internet 10.1.1.3 4 0010.db72.b08f ARPA Ethernet0/0
Internet 10.1.3.1 - 000d.65ac.507f ARPA Ethernet0/0"
Configuring a Cisco Router
On a Cisco router, how do you set a password to restrict access to privileged EX
EC mode? "You set a password to restrict access to privileged EXEC mode u
sing the enable secret global configuration command, as follows:
RouterA(config)#enable secret ICND
This example sets the password to enter privileged mode to ICND." Configur
ing a Cisco Router
On a Cisco router, how do you add a password to the console line? "To add
a password to the console terminal, use the line console 0 global configuration
command, followed by the login and password password line subcommands, as follow
s:
RouterA(config)#line console 0
RouterA(config-line)#login
RouterA(config-line)#password ICND
The login subcommand forces the router to prompt for authentication. Without thi
s command, the router does not authenticate a password. The password ICND subcom
mand sets the console password to ICND. The password set is case sensitive."
Configuring a Cisco Router
How do you add a password for Telnet access on a Cisco router? "To add a passwo
rd for Telnet access, enter the line vty 0 4 global configuration command, the l
ogin command, and finally the password line subcommand. The password is case sen
sitive. In the following example, the Telnet password is set to ciscopress:
RouterA(config)#line vty 0 4
RouterA(config-line)#login
RouterA(config-line)#password ciscopress" Configuring a Cisco Router
When you view the configuration on Cisco routers, only the enable secret passwor
d is encrypted. How do you encrypt user mode and the enable password? "To encr
ypt user mode and the enable password, use the service password-encryption globa
l command, as follows:
RouterA(config)#service password-encryption" Configuring a Cisco Router
What is Cisco SDM? "The Cisco Security Device Manager (SDM) is a web-based
device-management tool for Cisco IOS Software[nd]based routers. SDM allows you t
o quickly configure, monitor, and deploy Cisco routers. It is a free tool that w
orks on the following routers:
830 series, 1700 series, 1800 series, 2600XM series, 2800 series, 3600 series, 3
700 series, 3800 series, and select 7200 and 7301 series" Configuring a Ci
sco Router
What are some of the functions that the SDM wizards allow you to configure?
"The SDM wizards allow you to configure the following functions:
- Router interfaces
- Firewall rules
- Intrusion prevention systems (IPS)
- VPNs
- Quality of service (QoS)
- Security audit
- 802.1x
- Network Admission Control (NAC)" Configuring a Cisco Router
Because a DHCPDISCOVER message is a broadcast, a router will not forward DHCPDIS
COVER messages. If a client is on a different IP subnet than the DHCP server, ho
w do you forward the DHCPDISCOVER message from the client to the DHCP server?
You forward the DHCPDISCOVER message by issuing the ip helper-address server-add
ress interface command on the router. Configuring a Cisco Router
How do you access SDM on a Cisco router? "After SDM is installed on a rou
ter, you can access it by typing the IP address of the router's interface in a w
eb browser.
For example, if the router's Fast Ethernet interface IP is 192.168.10.1, you wou
ld type https://192.168.10.1." Configuring a Cisco Router
What are the three mechanisms that DHCP uses for IP address allocation? "The thr
ee mechanisms that Dynamic Host Configuration Protocol (DHCP) uses for IP addres
s allocation are as follows:
- Automatic allocation: Assigns a permanent IP address to a client
- Dynamic allocation: Assigns an IP address to a client for a set period of time
, for example, 7 days
- Manual allocation: Assigns a specific IP address to a client as defined by the
administrator using the client's MAC address" Configuring a Cisco Router
When a DHCP-enabled client first boots up, what does the client broadcast?
The client broadcasts a DHCPDISCOVER message on the local subnet. The destinatio
n address of DHCPDISCPOVER messages is 255.255.255.255. Configuring a Cisco Rout
er
What is included in a DHCPOFFER message? In a DHCPOFFER message, initial
IP configuration for the client, such as IP address, subnet mask, and default ga
teway, is included. Configuring a Cisco Router
As a network administrator, you purchased, configured, and installed a new Cisco
2800 series router. You now want to use SDM to monitor and manage your router.
What must you configure on your router to install SDM without disrupting network
access? "To install SDM on a router without disrupting network access, y
ou need to configure the router with the following parameters:
Step 1. Enable HTTP/HTTPS server on the router:
Router(config)#ip http server
Router(config)#ip http secure-server
Router(config)#ip http authentication local
Step 2. Create a user account with enable privileges:
Router(config)#username admin privilege 15 password 0 password
Step 3. Configure Secure Shell (SSH) and Telnet for local login and privilege le
vel 15:
Router(config)#line vty 0 4
Router(config-line)#privilege level 15
Router(config-line)#login local
Router(config-line)#transport input telnet
Router(config-line)#transport input telnet ssh" Configuring a Cisco Router
How do you configure Cisco router interfaces? "To configure an interface on a
Cisco router, use the interface interface-type number global configuration comma
nd, where interface-type number is the interface type and number you want to con
figure.
For example, if you want to configure the second serial interface on your router
, you would enter the following:
RouterA(config)#interface serial1
RouterA(config-if)#
Cisco interfaces start with 0 instead of 1. So, the first interface is number 0.
The prompt also changes to RouterA(config-if)# to tell you that you are in inte
rface mode. If you have a router with a module slot, such as the Cisco 3800, you
would enter interface mode by entering the slot/port number. For example, if yo
u have a Cisco 3800 router with two module serial interfaces, and you want to co
nfigure the first serial interface on the second module, you would enter interfa
ce s1/0." Configuring a Cisco Router
How do you add a message of the day (MOTD) banner on a Cisco router? "To add
an MOTD banner to a Cisco router, enter the banner motd # text # global configur
ation command.
The pound signs (#) are delimiting characters. They can be any character of your
choice, but they must be the same and cannot be included in your text. They sig
nify the beginning and end of your text.
The following example shows the banner motd command:
RouterA(config)#banner motd # <ENTER>
Enter TEXT message. End with the character '#'.
Warning only authorized users many access this Router. <ENTER>
#
RouterA(config)#" Configuring a Cisco Router
On a Cisco router, what does the show version command display? "The show versio
n command displays the system hardware's configuration, including RAM, flash mem
ory, software version, configuration register, and boot images. For example:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2600 Software (C2600-JS-M), Version 12.0(8), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-1999 by Cisco Systems, Inc.
Compiled Mon 29-Nov-99 15:26 by kpma
Image text-base: 0x80008088, data-base: 0x80B081E0
--Text omitted--
Router uptime is 50 minutes
System restarted by power-on
System image file is ""flash:c2600-js-mz.120-8.bin""
cisco 2610 (MPC860) processor (revision 0x300) with 53248K/12288K bytes
of memory.
Processor board ID 02073409, with hardware revision 00000000
--Text omitted--
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102" Configuring a Cisco Router
WANs operate at what layers of the OSI model? "WANs operate at the physical an
d data link layers of the OSI model.
A WAN interconnects LANs that are separated by a large geographical distance not
supported by typical LAN media.
The physical layer defines the electrical, mechanical, and operation connections
of WANs, in addition to the interface between the data terminal equipment (DTE)
and data communications equipment (DCE).
The data link layer defines the WAN Layer 2 encapsulation, such as Frame Relay,
ATM, and PPP." Understanding WAN Technologies
What is the largest WAN in the world? The Internet is the largest WAN in the w
orld. The Internet is the best example of a WAN. It is a collection of thousands
of interconnected networks all over the world. Understanding WAN Technologies
List four devices used to connect to or used on a WAN? "Four devices used to co
nnect to or used on a WAN are as follows:
- Routers: Used to connect the LAN to the WAN. Routers provide network layer ser
vices; they route data from one network to another.
- WAN switches/networking devices: Used in the WAN network. They are multiport d
evices that switch Frame Relay, X.25, or ATM traffic. They operate at the data l
ink layer of the OSI model.
- Modems or DSUs/CSUs: In analog lines, modems convert analog to digital. Modems
modulate and demodulate a signal, enabling data to be transmitted over telephon
e lines. In digital lines, data service units/channel service units (DSU/CSU) co
nvert one form of digital format to another digital format.
- Communication servers: Concentrate dial-in and dial-out user communications."
Understanding WAN Technologies
What are the four available WAN connection types? "The four available WAN
connection types are as follows:
- Dedicated connections (leased lines)
- Circuit-switching connections
- Packet-switching connections
- Cell-switching connections" Understanding WAN Technologies
Define customer premises equipment (CPE), and give an example. CPE is equipment
that is located on the customer's (or subscriber's) premises. It is equipment o
wned by the customer or equipment leased by the service provider to the customer
. An example is a router. Understanding WAN Technologies
What is the demarcation point (demarc)? The demarc is a point where the CPE ends
and the local loop begins. It is the point between the wiring that comes in fro
m the local service provider (telephone company) and the wiring installed to con
nect the customer's CPE to the service provider. It is the last responsibility o
f the service provider and is usually a network interface device (NID) located i
n the customer's telephone wiring closet. Think of the demarc as the boundary be
tween the customer's wiring and the service provider's wiring. Understanding WA
N Technologies
What is the local loop? The local loop is the physical cable that extends from t
he demarc to the provider's central office switch. Understanding WAN Techno
logies
Define the central office (CO). The CO is the WAN service provider's office wher
e the local loop terminates and in which circuit switching occurs. Understa
nding WAN Technologies
What is WAN signaling? WAN signaling is the process of sending a transmission s
ignal over a physical medium for communication. WAN transmission facilities feat
ure standardized signaling schemes that define transmission rates and media type
s. For example, the signaling standard for a T1 line in North America is DS1 wit
h a transmission rate of 1.544 Mbps. Understanding WAN Technologies
What are WAN data link layer protocols? Designed to operate over dedicated lines
, multipoint services, and multiaccess-switched services such as Frame Relay, da
ta link layer protocols provide the data link layer encapsulations associated wi
th synchronous serial lines. Examples include High-Level Data Link Control (HDLC
), PPP, and Frame Relay. Understanding WAN Technologies
What is the difference between baseband and broadband? Baseband is a network te
chnology in which only one carrier frequency is used (such as Ethernet). Broadba
nd is a network technology in which several independent channels are multiplexed
into one cable (for example, a T1 line or broadband [TV] cable). Understa
nding WAN Technologies
What is serial transmission? Serial transmission is a method of data transmis
sion in which bits of data are transmitted sequentially over a single channel. W
ANs use serial transmission. Understanding WAN Technologies
In WAN communications, what is clocking? Clocking is the method used to s
ynchronize data transmission among devices on a WAN. The CSU/DSU (DCE device) co
ntrols the clocking of the transmitted data. Understanding WAN Technologies
How many channels (time slots) are in a full point-to-point or Frame Relay T1 li
ne? "A T1 line has 24 channel, or time slots. Each channel is 64 kbps.
This information is useful because not all companies buy a full T1 line. Interne
t service providers (ISP) might offer fractional T1 lines that are less expensiv
e than a full T1; this can be an option for branch offices that do not require a
full T1. When configuring a router for a fractional T1, you need to configure t
he proper time slots on the CSU/DSU. If the CSU/DSU is internal to the router (a
WAN interface card [WIC]), you configure the time slots in the serial interface
of the router. If the CSU/DSU is external, you need to configure the external d
evice. The default configuration on a Cisco interface is a full T1 (all 24 chann
els)." Understanding WAN Technologies
WANs use a technology called multiplexing. What is multiplexing? Multiple
xing is a technology that enables multiple logical signals to be transmitted sim
ultaneously across a single physical channel and then be combined into a single
data channel at the source. This enables the signals to appear as one, combining
the speeds of all channels. Understanding WAN Technologies
On what layer of the OSI model does multiplexing occur? Multiplexing occurs on t
he physical layer. Because multiplexing combines signals across a single physica
l channel, it occurs at the physical layer of the OSI model. Understanding WA
N Technologies
What are the four types of multiplexing? "The four types of multiplexing
are as follows:Time-division multiplexing (TDM): Each data channel is allocated
bandwidth based on time slots, regardless of whether data is transferred; thus b
andwidth is wasted when there is no data to transfer.
Frequency-division multiplexing (FDM): Information of each data channel is alloc
ated bandwidth based on the signal frequency of the traffic. An example of this
is FM radio.
Wave-division multiplexing (WDM) and dense WDM (DWDM): Each data channel is allo
cated bandwidth based on wavelength (inverse of frequency).
Statistical-division multiplexing: Bandwidth is dynamically allocated to data ch
annels." Understanding WAN Technologies
How many DS0s are bundled to create a T1 line? Twenty-four DS0s are bundled to
create a T1 line. One DS0 is 64 kbps. Understanding WAN Technologies
Describe packet-switched WAN connections. Packet-switched connections use
virtual circuits (VC) to provide end-to-end connectivity. Packet-switched connec
tions are similar to leased lines, except that the line is shared by other custo
mers. A packet knows how to reach its destination by the programming of switches
. Frame Relay and X.25 are examples of a packet-switched connection. Understa
nding WAN Technologies
Your company has its headquarters in San Jose and regional offices in different
cities throughout the region. As the network administrator, you want to connect
the regional offices to headquarters. You are evaluating WAN technologies that c
ould accomplish this. You want each regional office to connect to headquarters i
n a hub-and-spoke topology using a packet-switching technology. What WAN technol
ogy should you use to accomplish your goal? You should use Frame Relay. Fram
e Relay is a packet-switched technology that functions in a hub-and-spoke topolo
gy (also known as a star topology). Understanding WAN Technologies
What are circuit-switched WAN connections? Circuit-switched WAN connections
are connections dedicated for only the duration of the call or the time require
d to transmit data. The telephone system is an example of a circuit-switched net
work. Understanding WAN Technologies
What type of WAN link is a leased line? A leased line is a point-to-point link t
hat provides a single, preestablished WAN communication path from the customer t
o the remote network. Understanding WAN Technologies
Describe DSL. Digital subscriber line (DSL) is a modem technology that uses ex
isting twisted-pair telephone lines to transfer high-speed data. Many types of D
SL are used today; the most common are asymmetric DSL (ADSL) and symmetric DSL (
SDSL). ADSL provides a higher downstream speed than upstream. SDSL provides the
same speed for both upstream and downstream traffic. Understanding WAN Techno
logies
On what layer of the OSI model does DSL operate? DSL operates at the phys
ical layer (Layer 1) of the OSI model. DSL relies on upper-layer protocols to en
capsulate the data at the CO. It uses ATM, Ethernet, or PPP at the data link lay
er and IP and the network layer. Understanding WAN Technologies
"Define the following Cisco NAT terminology:
- Inside local address
- Inside global address
- Outside local address
- Outside global address" "These terms are defined as follows:
- Inside local address: The IP address assigned to a host on the inside, private
network. This is usually a private (RFC 1918) IP address.
- Inside global address: A registered, Internet-routable IP address that represe
nts one or more inside local IP addresses to the outside world.
- Outside local address: The IP address of an outside host as it appears to the
inside, private network.
- Outside global address: The IP address assigned to a host on the outside netwo
rk by the host's owner. This is usually a routable IP address." Understanding WA
N Technologies
What is overload NAT? Overload Network Address Translation (NAT) is another te
rm for Port Address Translation (PAT). It has a many-to-one mapping. Understa
nding WAN Technologies
What are three benefits of NAT? "Three benefits of NAT are as follows:
- Eliminates readdressing overhead of hosts that require external access
- Conserves IP addresses through application port-level multiplexing
- Hides the internal network, providing a small level of network security"
Understanding WAN Technologies
How many internal hosts can be translated to one routable IP address through PAT
? Theoretically, 65,536 internal hosts can be translated by PAT using one
routable IP address. Understanding WAN Technologies
What Cisco command clears all the NAT mappings in the NAT table? The clea
r ip nat translation * command clears all the NAT translations in the NAT table.
This command is useful for troubleshooting NAT. Understanding WAN Techno
logies
How do you view the active NAT translations in the NAT table? To view the acti
ve NAT translations in the NAT table, use the show ip nat translations command.
Understanding WAN Technologies
Describe HDLC. The Cisco version of HDLC is the default encapsulation type on p
oint-to-point dedicated links and circuit-switched connections between Cisco rou
ters. It is an ISO-standard, bit-oriented, data-link protocol that encapsulates
data on synchronous links. HDLC is a connection-oriented protocol that has littl
e overhead. The ISO-standard version of HDLC lacks a protocol field and therefor
e cannot encapsulate multiple network-layer protocols across the same link. Beca
use of this, each vendor has its own method of identifying the network-layer pro
tocol. Cisco offers a propriety version of HDLC that uses a type field that acts
as a protocol field, making it possible for multiple network-layer protocols to
share the same link. Understanding WAN Technologies
What is the default encapsulation on a Cisco serial interface? HDLC is the defa
ult encapsulation on a Cisco serial interface. Understanding WAN Technologies
By default, Cisco uses HDLC as its default encapsulation method across synchrono
us lines (point-to-point links). If a serial line uses a different encapsulation
protocol, how do you change it back to HDLC? "To change a serial line back to
HDLC, use the following interface command on the serial interface you want to c
hange:
Router(config-if)#encapsulation hdlc" Understanding WAN Technologies
What is the Point-to-Point Protocol (PPP)? PPP is an industry-standard prot
ocol that provides router-to-router or router-to-host connections over synchrono
us and asynchronous links. It can be used to connect WAN links to other vendors'
equipment. It works with several network-layer protocols, such as IP and Intern
etwork Packet Exchange (IPX). PPP provides optional authentication through Passw
ord Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (
CHAP), or Microsoft CHAP (MS-CHAP). Understanding WAN Technologies
PPP is a data link layer protocol that provides network-layer services. What are
the two sublayers of PPP? "The two sublayers of PPP are as follows:Network
Control Protocol (NCP): The component that encapsulates and configures multiple
network-layer protocols. Some examples of these protocols are IP Control Protoc
ol (IPCP) and Internetwork Packet Exchange Control Protocol (IPXCP).
Link Control Protocol (LCP): Establishes, configures, maintains, and terminates
PPP connections." Understanding WAN Technologies
What communication protocol allows you to connect your computer to the Internet
using a standard telephone line, and can transmit multiple protocols? "The com
munication protocol is PPP. PPP offers the following features:
- Control of data link setup
- Provides dynamic IP address assignment
- Link configuration and link quality testing
- Error detection
- Network-layer address negotiation and data compression
- Supports several network-layer protocols" Understanding WAN Technologies
What features does LCP offer to PPP encapsulation? LCP offers authenticatio
n, callback, compression, error detection, and multilink to PPP encapsulation.
Understanding WAN Technologies
What types of physical interfaces can you configure PPP on? "Physical interf
aces on which you can configure PPP are as follows:
- Asynchronous serial
- Synchronous serial
- High-Speed Serial Interface (HSSI)" Understanding WAN Technologies
Name the WAN encapsulation that can be configured on an asynchronous serial conn
ection. PPP can be configured on an asynchronous serial connection. Understa
nding WAN Technologies
What two protocols are available for compression on PPP links? The two protocol
s available for compression are Stacker and Predictor. As a general rule, Predic
tor uses more memory than Stacker, and Stacker is more CPU intensive than Predic
tor. Understanding WAN Technologies
What two methods of authentication can be used with PPP links? "The two methods
of authentication on PPP links are as follows:Password Authentication Protocol
(PAP): PAP is the less secure of the two methods; passwords are sent in clear te
xt and are exchanged only upon initial link establishment.
Challenge Handshake Authentication Protocol (CHAP): CHAP is used upon initial li
nk establishment and periodically to make sure that the router is still communic
ating with the same host. CHAP passwords are exchanged as message digest algorit
hm 5 (MD5) hash values." Understanding WAN Technologies
Does CHAP use a two-way or three-way handshake for authentication? "CHAP us
es a three-way handshake for authentication.
During startup of the link, the local router sends a challenge response to the r
emote router. The remote router sends a hash value based on the challenge. The p
rocess is complete when the local router accepts the hash value." Understa
nding WAN Technologies
What three phases establish a PPP session? "The three phases that establish
a PPP session are as follows:
Step 1. Link establishment: Each PPP device sends LCP packets to configure and t
est the link (Layer 1).
Step 2. Authentication phase (optional): If authentication is configured, either
PAP or CHAP is used to authenticate the link. This must take place before the n
etwork layer protocol phase can begin (Layer 2).
Step 3. Network layer protocol phase: PPP sends NCP packets to choose and config
ure one or more network layer protocols to be encapsulated and sent over the PPP
data link (Layer 3)." Understanding WAN Technologies
What IOS command enables PPP on a Cisco router serial interface? "To enab
le PPP encapsulation on a serial interface, enter the encapsulation ppp interfac
e command, as follows:
RouterB(config-if)#encapsulation ppp" Understanding WAN Technologies
How do you enable PPP authentication using PAP or CHAP on a Cisco router?
"The three steps to enable PPP authentication on a Cisco router are as follows:
Step 1. Make sure that each router has a host name assigned to it using the host
name command.
Step 2. On each router, define the username of the remote router and password th
at both routers will use with the username remote-router-name password password
command.
Step 3. Configure PPP authentication with the ppp authentication {chap | chap pa
p | pap chap | pap} interface command. (If both PAP and CHAP are enabled, the fi
rst method you specify in the command is used. If the peer suggests the second m
ethod or refuses the first method, the second method is used.)
RouterB(config)#hostname RouterB
RouterB(config)#username RouterA password cisco
RouterB(config)#int s0
RouterB(config-if)#ppp authentication chap pap" Understanding WAN Technologies
If PPP is enabled on an interface, how do you view the LCP and NCP states of the
interface? "Issue the show interface serial interface-number command, as fo
llows, to view LCP and NCP states:
RouterA#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of ""show interface"" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
(text omitted)" Understanding WAN Technologies
What is Frame Relay? An industry standard, Frame Relay is a switched data lin
k layer protocol that uses virtual circuits to identify the traffic that belongs
to certain routers. It provides dynamic bandwidth allocation and congestion con
trol. Understanding WAN Technologies
Is Frame Relay a circuit-switched or packet-switched network? Frame Relay is a
packet-switched network that creates virtual circuits (VC) between DTE devices
on a network to enable bidirectional communication. These virtual circuits can e
ither be permanent virtual circuits (PVC) or dynamically switched virtual circui
ts (SVC). Understanding WAN Technologies
In Frame Relay, what identifies a virtual circuit? The data-link connection
identifier (DLCI) locally identifies a VC. Understanding WAN Technologies
Is a DLCI locally or globally significant? It is locally significant.
Understanding WAN Technologies
Which encapsulation type is appropriate to use in a Frame Relay network that has
routers from two different vendors? "You should use IETF.
Frame Replay encapsulation defines the Layer 2 frame format used by both ends of
a Frame Relay link. Cisco routers support two types of Frame Relay encapsulatio
n: Cisco and IETF.
Cisco is the default encapsulation on Cisco routers and is only supported betwee
n Cisco routers.
IETF encapsulation is a standard that is used to connect to other non-Cisco rout
ers." Understanding WAN Technologies
What type of data can an ATM network transfer? An ATM network can transfer voic
e, video, and data. ATM uses a cell-switched network, and the cells that transfe
r voice, video, and data are always a fixed size of 53 bytes. Understanding WA
N Technologies
What is the size of an ATM cell? AN ATM cell is 53 bytes. This includes a
5-byte header and 48 bytes of payload. Understanding WAN Technologies
What is the administrative distance? The administrative distance (AD) is an i
nteger from 0 to 255 that rates the trustworthiness of the source of the IP rout
ing information. It is significant only when a router learns about a destination
route from more than one routing source. The path with the lowest AD is the one
given priority. RIP Routing
What are the three classes of routing protocols? "The three classes of ro
uting protocols are as follows:
- Distance vector: Uses a vector of distance and direction to find the best path
. Distance is defined in terms of a metric, and direction is defined as the next
-hop router. Distance vector protocols broadcast the entire routing table to all
neighbors at periodic intervals. Distance vector protocols are slow to converge
because of hold-down timers. RIP is a distance vector protocol.
- Link-state: Uses a topological database that is created on each router. This d
atabase keeps track of directly connected neighbors, the entire network, and the
routing table. Link-state updates are typically multicast to all neighbors. Ope
n Shortest Path First (OSPF) and Intermediate System[nd]to[nd]Intermediate Syste
m (IS-IS) are examples of link-state protocols.
- Balance hybrid: Combines aspects of distance vector and link-state protocols.
An example is Enhanced IGRP (EIGRP)." RIP Routing
What are the two categories of routing protocols? "The two categories of r
outing protocols are as follows:
- Interior gateway protocols (IGP): Exchange routing information within an auton
omous system (AS). An AS is a collection of networks under a common administrati
ve domain. RIP, IS-IS, OSPF, and EIGRP are IGPs.
- Exterior gateway protocols (EGP): Exchange routing information between autonom
ous systems. Border Gateway Protocol (BGP) is an example of an EGP." RIP Rout
ing
What is the AD for each of the following? "The ADs are as follows:
- Directly connected interface: 0
- Static route: 1
- EIGRP: 90
- OSPF: 110
- RIPv1, RIPv2: 120
- External EIGRP: 170
- Unknown or Unreachable: 255" RIP Routing
What is the difference between classful routing protocols and classless routing
protocols? "Classful routing protocols do not include the subnet mask in ro
uting advertisements. As a result, all subnetworks of the same major network mus
t use the same subnet mask. Routers using classful routing protocols automatical
ly perform route summarization across network boundaries. RIPv1 is an example of
a classful routing protocol.
Classless routing protocols include subnet mask information in routing advertise
ments and support variable-length subnet mask (VLSM). In classless routing, summ
arization is controlled manually. RIPv2, OSPF, IS-IS, and EIGRP are classless ro
uting protocols." RIP Routing
On a Cisco router, what does the ip classless global command do? The ip c
lassless command prevents a router from dropping packets for an unknown subnetwo
rk of a directly attached network if a default route is configured. The ip class
less command is enabled by default. RIP Routing
How do distance vector routing protocols keep track of changes to the internetwo
rk? Distance vector routing protocols keep track of changes to the internetw
ork by periodically broadcasting updates out all active interfaces. This broadca
st contains the entire routing table. RIP Routing
In dynamic routing, what is convergence? Convergence is the time required
for routers to react to changes in the network, remove bad routes, and add new
routes. RIP Routing
Slow convergence of distance vector routing protocols can cause inconsistent rou
ting tables and routing loops. What are some mechanisms that distance vector pro
tocols implement to prevent these problems? "Some ways distance vector routi
ng protocols prevent routing loops and inconsistent routing tables are as follow
s:
- Maximum hop count (count to infinity)
- Split horizon
- Route poisoning
- Holddowns" RIP Routing
What is maximum hop count? "Maximum hop count is a way of dealing with the
count-to-infinity problems with looping in routing updates.
RIP uses a maximum hop count of 15, so anything that has a hop count of 16 is un
reachable.
Any time a packet passes through a router, it is considered one hop." RIP Rout
ing
What is split horizon? Split horizon prohibits a router from advertising a rout
e through an interface that the router itself is using to reach the destination.
RIP Routing
What is route poisoning? With route poisoning, when a distance vector rou
ting protocol notices that a route is no longer valid, the route is advertised w
ith an infinite metric, signifying that the route is bad. In RIP, a metric of 16
signifies infinity. Route poisoning is used with hold-down timers. RIP Rout
ing
What is a poison reverse? A poison reverse is an update that a router send
s to the router it received the route poison from, specifying that all routers o
n the segment have received the poisoned route information. RIP Routing
What are hold-down timers? Hold-down timers prevent regular update messages
from reinstalling a route that might have gone bad. Hold-down timers tell a rou
ter to hold any changes that might affect routes for a period of time. The defau
lt hold-down time for RIP is 180 seconds. RIP Routing
What are triggered updates? Also known as flash updates, triggered updates a
re routing updates sent immediately out a router's interface when it notices tha
t a directly connected subnet has changed state. RIP Routing
"Which of the following are used for loop avoidance?
- Link-state advertisements
- Poison reverse
- Route discovery
- Split horizon" Poison reverse and split horizon are used for loop avoid
ance. RIP Routing
What is RIP? "RIP is a true distance vector routing protocol that sends its c
omplete routing table out all active interfaces every 30 seconds.
RIP uses hop count as its metric to determine the best path to a remote network.
The maximum allowable hop count is 15; thus a hop count of 16 is unreachable.
Two versions of RIP exist, version 1 and version 2.
RIP can load-balance over four equal-cost paths by default." RIP Routing
What four timers does RIP use to regulate performance? "The four timers RIP use
s to regulate performance are as follows:Route update timer: The time between ro
uter updates. Default is 30 seconds.
Route invalid timer: The time that must expire before a route becomes invalid. D
efault is 180 seconds.
Route hold-down timer: If RIP receives an update with a hop count higher than th
e metric recording in the routing table, RIP goes into a holddown for 180 second
s.
Route flush timer: The time from when a route becomes invalid to when it is remo
ved from the routing table. Default is 240 seconds." RIP Routing
What is the difference between RIP version 1 and RIP version 2? "RIP version 2 i
s a classless protocol that supports VLSM and sends its subnet mask in routing u
pdates.
RIP version 2 also sends routing updates through multicast. RIPv1 broadcasts upd
ates. RIPv2 also supports manual route summarization and authentication. RIPv1 d
oes not." RIP Routing
How do you enable RIP on a Cisco router? "The commands to enable RIP on a
Cisco router are as follows:
- router rip global command
- network connected-network-address command" RIP Routing
What IOS command displays RIP routing updates as they are sent? The debug ip rip
command displays routing updates as they are sent and received. RIP Rout
ing
What commands enable RIP on a Cisco router and advertise network 10.1.0.0?
"To enable RIP on a Cisco router and advertise network 10.1.0.0, you would enter
the following commands:
router rip
network 10.0.0.0" RIP Routing
How do you display the contents of the routing table on a Cisco router? "To disp
lay the contents of the routing table on a Cisco router, enter the show ip route
command, as follows:
RouterA#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
R 192.168.0.0/24 [120/1] via 192.168.1.1, 00:00:21, Serial0
C 192.168.1.0/24 is directly connected, Serial0
C 192.168.2.0/24 is directly connected, Ethernet0
R* 0.0.0.0/0 [120/1] via 192.168.1.1, 00:00:21, Serial0
[120/1] indicates that 120 is the AD, and 1 is the number of hops to the remote
network." RIP Routing
What IOS command displays values associated with routing timers, the administrat
ive distance, and network information associated with the entire router?
"The IOS command show ip protocols, as follows, displays values associated with
routing timers, the administrative distance, and network information associated
with the entire router:
RouterB#show ip protocols
Routing Protocol is ""rip""
Sending updates every 30 seconds, next due in 2 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Key-chain
Serial0 1 1 2
Serial1 1 1 2
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)" RIP Routing
What is the Cisco Discovery Protocol (CDP)? "CDP is a Cisco-proprietary prot
ocol that runs on all Cisco IOS[nd]enabled devices. It gathers information about
directly connected Cisco devices. CDP operates at Layer 2 of the OSI model and
is media independent.
With CDP, you can tell the hardware type, device identifier, address list, softw
are version, and active interfaces on neighboring Cisco devices. CDP is enabled
by default on all Cisco equipment. It uses a nonroutable Subnetwork Access Proto
col (SNAP) frame to communicate between devices." Managing Your Network En
vironment
List five types of information obtained from CDP? "The five types of infor
mation obtained from CDP are as follows:
- Device identifiers (host name of remote device)
- Network address list of remote devices
- Port identifiers of remote devices
- Capabilities list of remote devices
- Platform of remote devices (type of remote device)" Managing Your Network En
vironment
List three reasons to disable CDP? "Three reasons to disable CDP are as fol
lows:
- To save network bandwidth by not exchanging CDP frames.
- If you are connecting to non-Cisco devices.
- Security. CDP multicasts information about the device every 60 seconds. Sniffe
rs and other devices can view these broadcasts to discover information about you
r network." Managing Your Network Environment
How do you disable CDP on Cisco routers? "Two commands disable CDP on a C
isco router. To disable CDP on the entire device, use the no cdp run global comm
and, as follows:
RouterB(config)#no cdp run
To disable CDP on an interface only, use the no cdp enable interface command, as
follows:
RouterB(config)#int e0
RouterB(config-if)#no cdp enable
This disables CDP on Ethernet interface 0." Managing Your Network Environmen
t
What does the show cdp command display? "The show cdp command displays global CD
P information about the device. It tells you when the device will send CDP packe
ts and the CDP holdtime:
RouterB#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds" Managing Your Network En
vironment
Why would you want to issue the show processes command on a router before enteri
ng a debug command? You want to issue the show processes command before ente
ring a debug command to verify that CPU utilization is low enough to handle the
effects of a debug command. Managing Your Network Environment
What does the show cdp neighbors detail command display? "The show cdp ne
ighbors detail and show cdp entry * commands show the same output. They both dis
play the following:
- Device ID (host name) of the remote neighbor
- Layer 3 address of the remote device (if the device has more than one Layer 3
address on its interface, only the primary address is shown)
- Device platform and capabilities
- Local interface and outgoing port ID
- Remote device holdtime in seconds
- IOS type and version" Managing Your Network Environment
What does the show cdp traffic command display? "The show cdp traffic command, a
s follows, displays information about interface traffic. This includes the numbe
r of CDP packets sent and received and CDP errors:
RouterB#show cdp traffic
CDP counters :
Hdr syntax: 0, Chksum error: 0, Encaps failed:
No memory: 0, Invalid packet: 0, Fragmented: 0" Managing Your Network En
vironment
What does the show cdp interface command display? "The show cdp interface
command, as follows, displays the status of CDP on all interfaces on your device
:
RouterB#show cdp interface
Ethernet0 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0 is up, line protocol is up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial1 is up, line protocol is up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds" Managing Your Network Environment
What Cisco IOS router command can you use to see a neighbor router's IP address?
To see a neighbor router's IP address, you must use the show cdp neighbor detail
or show cdp entry * user mode or EXEC command. Managing Your Network Environmen
t
What IOS command shows the active outbound connections after telneting into mult
iple routers simultaneously? "The show sessions command, as follows, displays
the active outbound Telnet sessions from that particular user on your router:
RouterA#show sessions
Conn Host Address Byte Idle Conn Name
* 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2" Managing
Your Network Environment
What key sequence do you use to suspend a Telnet session on a remote system and
return to your local router? To suspend a Telnet session, press Ctrl-Shift-6
and then press X. Managing Your Network Environment
How do you reestablish a suspended Telnet session on a Cisco router? "To rees
tablish a suspended Telnet session, use the show session command to find the ses
sion you want to resume and use the resume session-number command to connect to
the specified session, as follows:
RouterA#show session
Conn Host Address Byte Idle Conn Name
1 192.168.1.2 192.168.1.2 0 0 192.168.1.2
* 2 192.168.2.2 192.168.2.2 0 0 192.168.2.2
RouterA#resume 1
[Resuming connection 1 to 192.168.1.2 ... ]
RouterB>" Managing Your Network Environment
How do you end a remote Telnet session on a Cisco router? "To end a Telnet
session, use the exit or logout command while you're on the remote device, as f
ollows:
RouterB>exit
[Connection to 192.168.1.2 closed by foreign host]
RouterA#" Managing Your Network Environment
"Upon using the ping EXEC command, you receive one of the following responses:
.
!
?
N
U
Q
What does each of these responses mean?" "The following table describes w
hat each character means with the ping command.
Character Description
. Each period indicates that the network server timed out while waitin
g for a reply.
! Each exclamation point indicates the receipt of a reply.
? Unknown packet type.
N An ICMP unreachable network PDU was received.
U A destination unreachable error PDU was received.
Q An ICMP source quench was received." Managing Your Network En
vironment
What is the trace EXEC command used for? "The trace EXEC command displays
the path a packet used to get to a remote device, as follows:
RouterA#trace 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
1 192.168.2.2 16 msec 16 msec *" Managing Your Network Environment
What two Cisco IOS commands verify end-to-end connectivity? The two Cisco IO
S commands that verify end-to-end connectivity are the ping and trace EXEC comma
nds. The ping command sends an echo to the remote destination; the trace command
shows the path from the source to the destination. Managing Your Network En
vironment
In what two ways does a Cisco router resolve host names to IP addresses?
A Cisco router resolves host names using either a locally configured host table
on each router or a Domain Name System (DNS) server. Managing Your Network En
vironment
Which router component stores the routing tables, packet buffers, and Address Re
solution Protocol (ARP) cache? RAM holds the router's routing table, packet buf
fers, and ARP cache. The running-config is also stored in RAM. On most Cisco rou
ters, the IOS is loaded into RAM as well. Managing Your Network Environmen
t
What is the function of ROM on a Cisco router? On a Cisco router, ROM starts an
d maintains the router. Managing Your Network Environment
What is flash memory used for on a Cisco router? Flash memory stores the
Cisco IOS Software image and, if room exists, multiple configuration files or mu
ltiple IOS files. Flash memory is not erased when the router or switch is reload
ed. Managing Your Network Environment
What is the function of NVRAM on a Cisco router? Nonvolatile random-acces
s memory (NVRAM) holds the saved router configuration (it also holds the switch
configuration). This configuration is maintained when the device is turned off o
r reloaded. Managing Your Network Environment
What is the main purpose of the configuration register on a Cisco router?
The configuration register's main purpose is to control how the router boots up.
It is a 16-bit software register that, by default, is set to load the Cisco IOS
from flash memory and to look for and load the startup-config file from NVRAM.
Managing Your Network Environment
What is ROM Monitor (ROMMON)? ROM Monitor (ROMMON) is an operating system used
for hardware troubleshooting and for password recovery. To enter ROMMON, press
Ctrl-Break during router bootup. Managing Your Network Environment
What Cisco IOS command would you use to view the current configuration register
value? "The show version command, as follows, displays the router's current con
figuration register:
RouterA#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(13), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 06-Sep-00 01:08 by linda
Image text-base: 0x030388F8, data-base: 0x00001000
<Output omitted>
Configuration register is 0x2102" Managing Your Network Environment
How do you change the configuration register on a Cisco router? To change the co
nfiguration register on a Cisco router, use the config-register command from glo
bal configuration mode. Managing Your Network Environment
What Cisco IOS command displays the contents of flash memory? "The show flash
command displays the contents of flash memory. This includes the images stored i
n flash memory, the images' names, bytes used in flash memory, bytes available,
and the total amount of flash memory on your router, as follows:
RouterA#show flash
System flash directory:
File Length Name/status
1 6897716 c2500-d-l.120-13.bin
[6897780 bytes used, 1490828 available, 8388608 total]
8192K bytes of processor board System flash (Read ONLY)" Managing Your Ne
twork Environment
What IOS command configures the router to boot from an alternate IOS located in
flash? The boot system flash ios-file-name global configuration command instruc
ts the router to boot from a different IOS located in flash memory. Managing
Your Network Environment
"During router startup, you see the following error message:
Boot cannot open ""flash""
What will the router try to do next?" The router will attempt to locate the IO
S image from a TFTP server. If the router cannot find the IOS image from a TFTP
server, the router will load a limited IOS from ROM. Managing Your Network En
vironment
What two IOS commands would you use to back up the running configuration on a ro
uter to a TFTP server? "To back up the running configuration to a TFTP server,
use the copy running-config tftp privileged EXEC command or the write network co
mmand. The following is an example of the copy run tftp command:
RouterB#copy run tftp
Address or name of remote host []? 192.168.0.2
Destination filename [routerb-confg]?
!!
780 bytes copied in 6.900 secs (130 bytes/sec)" Managing Your Network Environmen
t
How do you restore your router to factory defaults? "The erase startup-confi
g privileged EXEC command, as follows, erases your router's configuration, thus
bringing it back to its factory defaults:
RouterB#erase startup-config
Erasing the nvram filesystem will remove all files! Continue?
[confirm]
[OK]
Erase of nvram: complete" Managing Your Network Environment
How do you restore a configuration file from a TFTP server into your Cisco route
r's RAM? "The copy tftp running-config privileged EXEC command merges the
saved and running configuration into your router's RAM, so any commands not exp
licitly changed or removed will remain in the running configuration. Sample comm
and output is as follows:
RouterB#copy tftp running-config
Address or name of remote host []? 192.168.0.2
Source filename []? routerb-confg
Destination filename [running-config]?
Accessing tftp://192.168.0.2/routerb-confg...
Loading routerb-confg from 192.168.0.2 (via Ethernet0): !
[OK - 780/1024 bytes]
780 bytes copied in 4.12 secs (195 bytes/sec)
RouterB#
01:40:46: %SYS-5-CONFIG: Configured from tftp: //192.168.0.2/routerb-confg"
Managing Your Network Environment
How do you back up a Cisco router IOS? "To back up the current IOS image on you
r router, use the copy flash tftp privileged EXEC mode command, as follows:
RouterB#copy flash tftp
Source filename [routerb-flash]? flash:c2500-d-l.120-13.bin
Address or name of remote host []? 192.168.0.2
Destination filename [c2500-d-l.120-13.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
6897716 bytes copied in 90.856 secs (76641 bytes/sec)" Managing Your Network En
vironment
How do you upgrade or restore the Cisco router IOS? To upgrade or restore th
e Cisco router IOS, use the copy tftp flash privileged EXEC mode command.
Managing Your Network Environment
Before installing a new, upgraded version of the Cisco IOS, what should be check
ed on the router? What IOS command gathers this information? "Before upgradin
g the IOS on a router, the amount of available flash and RAM should be checked.
You need to verify that the router can support the new image.
The show version privileged command displays the amount of flash and RAM availab
le on a router." Managing Your Network Environment
How you make a Cisco router a TFTP server? To configure a Cisco router as a
TFTP server, use the tftp-server global configuration command. Managing Your Ne
twork Environment
On a Cisco router, what does the show cdp neighbors command display? "The sho
w cdp neighbors command displays the following:
- Device ID (name of the device)
- Local interface (local outgoing port)
- Holdtime displayed in seconds
- Device's capability code
- Hardware platform of the neighboring device
- Port ID of the neighboring device (remote port)" Managing Your Network En
vironment
What are VLANs? "VLANs are broadcast domains in a Layer 2 network.
Each broadcast domain is like a distinct virtual bridge within the switch. Each
virtual bridge created in a switch defines a broadcast domain. By default, traff
ic from one VLAN cannot pass to another VLAN. Each user in a VLAN is also in the
same IP subnet. Each switch port can belong to only one VLAN. The exception to
this is if the port is a trunk port." Implementing VLANs and Trunks
What are the four characteristics of a typical VLAN setup? "The four charac
teristics of a typical VLAN setup are as follows:
- Each logical VLAN is like a separate physical bridge.
- For different VLANs to communicate with each other, traffic must be forwarded
through a router or Layer 3 switch.
- Each VLAN is considered to be a separate logical network.
- VLANs can span multiple switches." Implementing VLANs and Trunks
What are the two methods to assign a port to a VLAN? "The two methods to assi
gn a port to a VLAN are as follows:
- Statically: Statically assigning a port to a VLAN is a manual process performe
d by the administrator.
- Dynamically: Assigning VLANs dynamically is done using a VLAN Membership Polic
y Server (VMPS). The VMPS contains a database that maps MAC addresses to VLAN me
mbership. A dynamic port can belong to only one VLAN at a time. A Catalyst 4500
or 6500 switch can be configured to be a VMPS, but a Catalyst 2960 switch cannot
." Implementing VLANs and Trunks
What VLAN ranges does the Catalyst 2960 support? "Normal-range and extend
ed-range VLANs.
VLANs are identified by a number from 1 to 4094. VLANs 1 to 1005 are considered
normal-range VLANs. Extended-range VLANs are numbered 1006 to 4094." Implemen
ting VLANs and Trunks
How many VLANs does a Catalyst 2960 switch support? Up to 255 VLANs.
Implementing VLANs and Trunks
What are the four VLAN port membership modes on a Catalyst 2960 switch? "The fou
r VLAN port membership modes on a Catalyst 2960 switch are as follows:
- Static-access: Static-access ports belong to only one VLAN and are manually as
signed.
- Trunk (IEEE 802.1Q): By default, a trunk port is a member of all VLANs.
- Dynamic-access: Dynamic-access ports belong to one VLAN and are dynamically as
signed by a VMPS. Dynamic-access ports must not connect to another switch.
- Voice VLAN: Voice VLAN ports are access ports attached to an IP phone that are
configured to use one VLAN for voice traffic and another VLAN for data traffic
from a device connected to the IP phone." Implementing VLANs and Trunks
What are trunk links? "Trunk links allow the switch to carry multiple VLANs ac
ross a single link.
By default, each port on a switch can belong to only one VLAN. For devices that
are in a VLAN (that spans multiple switches) to talk to other devices in the sam
e VLAN, you must use trunking or have a dedicated port for each VLAN.
Trunk links encapsulate frames using a Layer 2 protocol. This encapsulation cont
ains information for a switch to distinguish traffic from different VLANs and to
deliver frames to the proper VLANs. The Catalyst 2960 supports 802.1Q as its tr
unking protocol." Implementing VLANs and Trunks
Describe 802.1Q tagging? IEEE 802.1Q tagging provides a standard method o
f identifying frames that belong to a particular VLAN. 802.1Q does this by using
an internal process that modifies the existing Ethernet frame with the VLAN ide
ntification. Implementing VLANs and Trunks
In 802.1Q, what is the native VLAN? The native VLAN is VLAN1 by default. 802
.1Q does not tag the native VLAN across trunk links. Implementing VLANs and T
runks
What is VTP? VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol tha
t maintains VLAN configuration consistency throughout a common administrative do
main by managing VLAN additions, deletions, and name changes across multiple swi
tches. Without VTP, you would have to manually add VLAN information to each swit
ch in the network. Implementing VLANs and Trunks
What is a VTP domain? Also called a VLAN management domain, a VTP domain is on
e or more interconnected switches that share the same VTP environment. A switch
can be in only one VTP domain, and all VLAN information is propagated to all swi
tches in the same VTP domain. Implementing VLANs and Trunks
What are the three VTP modes a switch can be in? "A switch can be in the
following three VTP modes:
- Server
- Client
- Transparent" Implementing VLANs and Trunks
What is VTP server mode? A switch in VTP server mode can add, delete, and
modify VLANs and other configuration parameters for the entire VTP domain. It i
s the default mode for all Catalyst switches. VLAN configurations are saved in N
VRAM. When you change VLAN configuration in server mode, the change is dynamical
ly propagated to all switches in the VTP domain. Implementing VLANs and T
runks
What is VTP client mode? In VTP client mode, a switch cannot create, dele
te, or modify VLANs. In client mode, the switch transmits and receives VTP updat
es on its trunk links. VLAN configurations are received from the VTP server.
Implementing VLANs and Trunks
What is VTP transparent mode? In transparent mode, a switch does not participa
te in the VTP domain. However, a switch can add, modify, and delete VLANs locall
y. A VTP transparent switch does not advertise its VLAN configuration and does n
ot synchronize its VLAN configuration based on received advertisements. In VTP v
ersion 2, transparent switches forward VTP advertisements they receive out their
trunk ports. Implementing VLANs and Trunks
On the VTP server, where is the VLAN configuration stored? NVRAM. Only on a
VTP server is VLAN configuration stored in NVRAM (also called flash). VLAN info
rmation is stored in a file called vlan.dat. This is called the VLAN database.
Implementing VLANs and Trunks
How often are VTP advertisements flooded throughout the management domain?
"Every 5 minutes.
VTP advertisements are flooded throughout the management domain to a reserved mu
lticast address every 5 minutes or whenever a change occurs in the VLAN configur
ation." Implementing VLANs and Trunks
What is included in VTP advertisements? "VTP advertisements include the followin
g information:
- VTP domain name
- VTP configuration revision number
- Update identity and update timestamp
- MD5 digest VLAN configuration
- Frame format" Implementing VLANs and Trunks
What is one of the most important components in the VTP advertisement? "The rev
ision number.
Every time a VTP server modifies its VLAN configuration, it increments the confi
guration number by 1. The largest configuration number in the VTP domain contain
s the most current information. When a client receives a revision number higher
than its current number, it updates its VLAN configuration." Implementing VLA
Ns and Trunks
What is the default VTP version on a Catalyst 2960 switch? Version 1.
Implementing VLANs and Trunks
What are the additional features found in VTP version 2? "The additional
features found in VTP version 2 are as follows:
- Token Ring support
- Unrecognized type-length-value (TLV) support
- Version-dependent transparent mode (forwards VTP messages in transparent mode
out all trunk interfaces)
- Consistency checks" Implementing VLANs and Trunks
What is VTP pruning? By default, a trunk link carries traffic for all VLANs i
n the VTP domain. Even if a switch has no ports in a specific VLAN, traffic for
that VLAN is carried across the trunk link. VTP pruning uses VLAN advertisements
to determine when a trunk connection is needlessly flooding traffic to a switch
that has no ports in the particular VLAN. VTP pruning increases available bandw
idth by restricting flooded traffic to trunk lines that the traffic must use to
access the appropriate network devices. By default, VTP pruning is disabled.
Implementing VLANs and Trunks
What is the default VTP configuration on a Catalyst 2960 switch? "The def
ault VTP configuration on a Catalyst 2960 switch is as follows:
- VTP domain: Null
- VTP mode: Server
- VTP version: Version 1
- VTP password: (None)
- VTP pruning: Disabled" Implementing VLANs and Trunks
What are the two ways that VTP and VLANs are configured on a Catalyst 2960 switc
h? "Two ways that VTP and VLANs are configured on a Catalyst 2960 switch ar
e as follows:
- In global configuration mode
- In VLAN database configuration mode" Implementing VLANs and Trunks
What is required to configure VTP on a Catalyst switch? "The requirements for co
nfiguring VTP on a Catalyst switch are as follows:
- VTP domain: All switches must be in the same VTP domain.
- Optional password: If a password is configured, all switches in the VTP domain
must be configured with the same password. Configuring a password is recommende
d practice.
- VTP version: All switches must run the same VTP version.
- Trunk link: VTP propagates on trunk links; thus at least one port must be conf
igured as a trunk link." Implementing VLANs and Trunks
How do you configure the VTP operation mode, VTP domain, and VTP password on a C
atalyst 2960 switch? "In global configuration mode, the vtp mode [server | cl
ient | transparent] global command sets the VTP mode, followed by the vtp domain
domain-name to configure the VTP domain and vtp password password to set the VT
P password, as follows:
Cat2960(config)#vtp mode server
Cat2960(config)#vtp domain CiscoPress
Changing VTP domain name from NULL to CiscoPress
Cat2960(config)#vtp password ICND
Setting device VLAN database password to ICND" Implementing VLANs and Trunks
How do you disable VTP on a Catalyst 2960 switch? "Configure the switch fo
r VTP transparent mode as follows:
Cat2960(config)#vtp mode transparent" Implementing VLANs and Trunks
How do you enable VTP Version 2 on a Catalyst 2960 switch? "To enable VTP V
ersion 2 on a Catalyst switch, use the vtp version version-number global command
, as follows:
Cat2960(config)#vtp version 2" Implementing VLANs and Trunks
How do you enable VTP pruning? "To enable VTP pruning on a Catalyst 2960, use t
he vtp pruning global configuration command, as follows:
Cat2960(config)#vtp pruning
Pruning switched on" Implementing VLANs and Trunks
How do you determine the VTP version, domain name, and password on a Catalyst sw
itch? "You determine the VTP version, domain name, and password by issuing the
privileged EXEC show vtp status command, which displays the following:
- VTP version
- Number of existing VLANs on a switch and the maximum number of locally support
ed VLANs
- VTP domain name, password, and operating mode
- Whether VTP pruning is enabled
- The last time the VLAN configuration was modified" Implementing VLANs and T
runks
One switch in your network is not receiving VLAN information. How do you verify
whether the switch is receiving VTP information? "The show vtp counters p
rivilege EXEC command displays VTP statistics about advertisements received and
pruning information, as follows:
Cat2960#show vtp counters
VTP statistics:
Summary advertisements received : 426
Subset advertisements received : 1
Request advertisements received : 0
Summary advertisements transmitted : 481
Subset advertisements transmitted : 0
Request advertisements transmitted : 0
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Gi2/2 5043 5036 0
Gi2/3 5043 5033 0
Gi2/4 5043 5032 0
Gi2/5 5043 5033 0
Gi2/6 5043 5038 0
Gi3/1 5043 5035 0
Gi3/2 5043 5034 0
Gi3/4 5044 5033 0
Po1 4903 4903 0" Implementing VLA
Ns and Trunks
"Configure a Catalyst 2960 switch with VLAN number 10 and name the VLAN ""Accoun
ting.""" "To configure a VLAN on a Catalyst 2960 switch, first ensure tha
t the switch is in VTP server or transparent mode. When the switch is in one of
these modes, the vlan vlan-id global configuration command adds a VLAN. The vlan
-id can be a number from 1 to 4094 for normal-range VLANS, as follows:
Switch(config)#vlan 10
Switch(config-vlan)#name Accounting" Implementing VLANs and Trunks
"As a network administrator, you try to add a new VLAN to a Catalyst 2960 switch
. However, when you add the new VLAN, you get the following error from the switc
h:
Switch(config)#vlan 20
%VTP VLAN configuration not allowed when device is in CLIENT mode.
The VLAN is not added to the switch. Why did this error occur?" "The switch is a
VTP client.
A switch can only add, modify, or delete VLANs if it is in server or transparent
mode. To remedy the problem, change the switch to server or transparent mode us
ing the vtp mode [server | transparent] global command." Implementing VLA
Ns and Trunks
As a network administrator, you added a new VLAN, VLAN 10 on a switch and called
it Accounting. However, you later find out that VLAN 10 is going to be assigned
to Sales. How do you modify the VLAN name? "To modify a VLAN name, you need
to enter config-vlan mode for the VLAN you want to modify and rename the VLAN,
as follows:
Switch(config)#vlan 10
Switch(config-vlan)#name Sales
Switch(config-vlan)#exit" Implementing VLANs and Trunks
How do you delete a VLAN from a Catalyst switch? "Enter the no vlan vlan-
id global command for the VLAN you want to delete, as follows:
Switch(config)#no vlan 10" Implementing VLANs and Trunks
How do you verify the VLANs on a Catalyst switch and the ports assigned to each
VLAN? "You can use two commands to verify the VLANs on a switch: the more deta
iled show vlan {name vlan-name | id id} command or the show vlan brief command,
as follows:
Switch#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2
10 InternetAccess active
20 Operations active Fa0/1, Fa0/2,
30 Administration active Fa0/6, Fa0/7,
Fa0/8, Fa0/9
40 Engineering active Fa0/3, Fa0/4,
Fa0/5, Fa0/10, Fa0/11, Fa0/12, Fa0/13,Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa
0/19,Fa0/20
60 Public active Fa0/21, Fa0/22, Fa0/23, Fa0/24
!text-omitted!" Implementing VLANs and Trunks
What are the default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960
? "The default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960
are as follows:
- Interface mode: switchport mode dynamic auto
- Allowed VLANs: 1 to 4094
- Default VLAN: VLAN 1
- VLAN pruning eligible range: 2 to 4094
- Native VLAN: 1" Implementing VLANs and Trunks
What is DTP? Dynamic Trunking Protocol (DTP) is a point-to-point Layer 2 prot
ocol that manages trunk negotiation. Implementing VLANs and Trunks
When configuring trunking on a Catalyst 2960, what are the five Layer 2 interfac
e modes supported? "The five Layer 2 interface modes supported when configu
ring trunking on a Catalyst 2960 are as follows:
- switchport mode access: Makes the interface a nontrunking access port.
- switchport mode dynamic auto: Allows the interface to convert to a trunk link
if the connecting neighbor interface is set to trunk or desirable.
- switchport mode dynamic desirable: Makes the interface attempt to convert the
link to a trunk link. The link becomes a trunk if the neighbor interface is set
to trunk, desirable, or auto.
- switchport mode trunk: Configures the port to permanent trunk mode and negotia
tes with the connected device if the other side can convert the link to trunk mo
de.
- switchport nonegotiate: Prevents the interface from generating DTP frames."
Implementing VLANs and Trunks
How do you set an interface for 802.1Q trunking on a Catalyst 2960 switch?
"You set an interface for 802.1Q trunking by using the switchport mode trunk int
erface command.
To enable an interface for trunking on a Catalyst 2960 switch, use the switchpor
t mode [dynamic {auto | desirable} | trunk] interface command. The following exa
mples configure one interface for trunking and a second interface to trunk only
if the neighboring device is set to trunk, desirable, or auto:
Cat2960(config)#interface g0/1
Cat2960(config-if)#switchport mode trunk
Cat2960(config-if)#interface g0/2
Cat2960(config-if)#switchport mode dynamic desirable" Implementing VLANs and T
runks
As a network administrator, you use VLAN 1 for the Sales division. As a result,
all users in VLAN 1 cannot access other users assigned to different VLANs. Why i
s this happening, and how do you enable the users in VLAN 1 to communicate with
other users in different VLANs? "The users in VLAN 1 cannot communicate with the
other VLANs because, by default, VLAN 1 is the native VLAN. 802.1Q does not enc
apsulate traffic from the native VLAN. Thus the users in VLAN 1 cannot communica
te with other users. To fix the issue, you need to change the native VLAN to a d
ifferent unused VLAN in your network. To do this, use the switchport trunk nativ
e vlan vlan-id interface command. The following command changes the native VLAN
on trunking interface g0/1 from 1 to 1000:
Cat2960(config-if)#switchport trunk native vlan 1000" Implementing VLANs and T
runks
By default, VLANs 1[nd]4094 are allowed to propagate on all trunk links. How do
you limit a trunk to allow only VLANs 10[nd]50 on a trunk link? "To limit the VL
ANs on a trunk link, enter the switchport trunk allowed vlan {add | all | except
| remove} vlan-list interface command. To allow only VLANs 1[nd]50 on a trunk l
ink, you would enter the following:
Cat2960(config-if)#switchport trunk allowed vlan 10-50" Implementing VLANs and T
runks
How do you display the trunking interfaces on a Catalyst 2960? "The show interf
aces interface-id trunk privilege EXEC command shows the interfaces that are tru
nking on a switch and the trunk configuration, as follows:
Cat2960#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Port Vlans allowed and active in management domain
Gi0/1 1-3,5,10,20,30,40,50,60
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-3,5,40" Implementing VLANs and Trunks
As a network administrator, you want to add ports 1 through 12 to VLAN 10 on you
r Catalyst 2960 switch. How do you statically assign these ports to the switch?
"To configure a range of ports to a VLAN, enter the range command. The following
commands assign ports 1[nd]12 to VLAN 10:
Cat2960(config)#interface range fastethernet 0/1 - 12
Cat2960(config-if-range)#switchport mode access
Cat2960(config-if-range)#switchport access vlan 10
You can assign VLANs to a switch one port at a time or a range of ports at a tim
e. First, enter the interface you want to configure. Second, define the interfac
e as an access port. Finally, assign the port to a VLAN.
Notice how the prompt changes to config-if-range mode when you use the range com
mand. The other commands define the ports as an access port and then assign the
ports to vlan 10. To assign a port to a different VLAN, enter the switchport acc
ess vlan command followed by the VLAN ID you want to change the port to."
Implementing VLANs and Trunks
What are three ways to verify the ports assigned to VLANs? "You can verify
the ports assigned to a VLAN by viewing the entire switch configuration with the
show running-config command. You can also check by using the show running-confi
g interface interface-id command and the show vlan command. Here is an example o
f the show running-config interface command for port F0/1 on the switch:
Cat2960#show running-config interface f0/1
Building configuration...
Current configuration : 84 bytes!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
end" Implementing VLANs and Trunks
A Cisco 2950 switch is configured with all ports assigned to VLAN 10. What is th
e effect of adding switch ports to a new VLAN on this switch? "An additional b
roadcast domain is created.
Because you are adding switch ports to a new VLAN, you are in effect creating a
new broadcast domain on the switch." Implementing VLANs and Trunks
What is the Spanning Tree Protocol (STP)? STP, or 802.1D, is a Layer 2 loo
p-prevention bridge-to-bridge protocol. Its main purpose is to dynamically maint
ain a loop-free Layer 2 network. STP does this by sending out bridge protocol da
ta units (BPDU), discovering any loops in the topology, and blocking one or more
redundant links. Redundant Switching and STP
How does STP maintain a loop-free Layer 2 network? "STP maintains a loop-fr
ee network by doing the following:
- Electing a root bridge
- Electing a root port on each nonroot bridge
- Electing designated ports on each segment
- Blocking any redundant port that is not a root port or a designated port"
Redundant Switching and STP
What two key concepts does STP calculation use to create a loop-free topology?
"The two key concepts that the STP calculation uses to create a loop-free topolo
gy are as follows:
- Bridge ID (BID)
- Path cost" Redundant Switching and STP
In Spanning Tree, what is the bridge ID (BID)? A BID is an 8-byte field that is
composed of the bridge's 6-byte MAC address and a 2-byte bridge priority.
Redundant Switching and STP
What is the default bridge priority in a BID for all Cisco switches? 32,768.
Redundant Switching and STP
In Spanning Tree, what is path cost? Path cost is a calculation based on the
link's bandwidth. It is a value assigned to each port that is based on the port'
s speed. Redundant Switching and STP
"Determine the Spanning Tree path cost for each of the following:
- 10 Mbps
- 100 Mbps
- 1 Gbps
- 10 Gbps" "The path costs are as follows:
- 10 Mbps: 100
- 100 Mbps: 19
- 1 Gbps: 4
- 10 Gbps: 2" Redundant Switching and STP
When calculating a loop-free environment, Spanning Tree uses a four-step decisio
n sequence to determine which switch will be the root bridge and which ports wil
l be in the forwarding or blocking state. What are these four steps? "The fou
r-step decision sequence that Spanning Tree uses to determine the root bridge is
as follows:
Step 1. The lowest root BID
Step 2. The lowest path cost to the root bridge
Step 3. The lowest sender BID
Step 4. The lowest port ID" Redundant Switching and STP
How do switches pass spanning-tree information between them? "Switches pass S
TP information using special frames called bridge protocol data units (BPDU).
Every time a switch receives a BPDU, it compares it with all received BPDUs as w
ell as with the BPDU that would be sent on the port. The switch checks the BPDU
against the four-step sequence describe in Question 8 to see whether it has a lo
wer value than the existing BPDU save for that port." Redundant Switching and
STP
How often do switches send BPDUs out active ports? Every 2 seconds by defau
lt. Redundant Switching and STP
In STP, how is a root bridge elected? "The switch with the lowest BID is elect
ed the root bridge.
All ports on the root bridge are placed in the forwarding state and are called d
esignated ports.
The BID is 8 bytes and is composed of two fields: the default priority of 32,768
(2 bytes) and a MAC address (6 bytes). Because all Cisco switches use the defau
lt priority, the switch with the lowest MAC address is elected the root bridge."
Redundant Switching and STP
After bridges elect a root bridge, what is the next step in the spanning-tree pr
ocess? Elect root ports. After electing the root bridge, switches elect root po
rts. A root port is the port on nonroot bridges that has the lowest cost to the
root bridge. Every nonroot bridge must select one root port. Redundant Switch
ing and STP
How do nonroot bridges decide which port they will elect as a root port?
Nonroot bridges use root path cost to determine which port will be the root port
. Root path cost is the cumulative cost of all links to the root bridge. The por
t with the lowest root path cost is elected the bridge's root port and is placed
in the forwarding state. Redundant Switching and STP
What is the difference between path cost and root path cost? "Path cost is th
e value assigned to each port. It is added to BPDUs received on that port to cal
culate the root path cost.
Root path cost is defined as the cumulative cost to the root bridge. In a BPDU,
this is the value transmitted in the cost field. In a bridge, this value is calc
ulated by adding the receiving port's path cost to the value contained in the BP
DU." Redundant Switching and STP
If a nonroot bridge has two redundant ports with the same root path cost, how do
es the bridge choose which port will be the root port? "The port with the lowes
t port ID becomes the root port.
If a nonroot bridge has redundant ports with the same root path cost, the decidi
ng factor is the port with the lower port ID (port number). For example, port nu
mber g0/1 is preferred over port g0/2." Redundant Switching and STP
After the root bridge and root ports are selected, the last step in Spanning Tre
e is to elect designated ports. How do bridges elect designated ports? "Bridges
elect designated ports by choosing the lowest value based on cumulative root pa
th cost to the root bridge.
In Spanning Tree, each segment in a bridged network has one designated port. Thi
s port is a single port that both sends and receives traffic to and from that se
gment and the root bridge. All other ports are placed in a blocking state. This
ensures that only one port on any segment can send and receive traffic to and fr
om the root bridge, ensuring a loop-free topology. The bridge that contains the
designated port for a segment is called the designated bridge for that segment.
Designated ports are chosen based on cumulative root path cost to the root bridg
e." Redundant Switching and STP
If a bridge is faced with a tie in electing designated ports, how does it decide
which port will be the designated port? In the event of a tie, STP used
the four-step decision process discussed in Question 8. It first looks for the B
PDU with the lowest BID; this is always the root bridge. If the switch is not th
e root bridge, it moves to the next step: the BPDU with the lowest path cost to
the root bridge. If both paths are equal, STP looks for the BPDU with the lowest
sender BID. If these are equal, STP uses the link with the lowest port ID as th
e final tiebreaker. Redundant Switching and STP
What are the five Spanning Tree port states? "The five Spanning Tree port sta
tes are as follows:
- Blocking
- Listening
- Learning
- Forwarding
- Disabled" Redundant Switching and STP
What is the STP blocking state? When a switch starts, all ports are in the block
ing state. This is to prevent any loops in the network. If a better path to the
root bridge exists, the port remains in the blocking state. Ports in the blockin
g state cannot send or receive traffic; however, they can receive BPDUs.
Redundant Switching and STP
What is the STP listening state? Ports transition from a blocking state t
o a listening state. In this state, no user data is passed. The port only listen
s for BPDUs. After listening for 15 seconds (if the bridge does not find a bette
r path), the port moves to the next state, a learning state. Redundant Switch
ing and STP
What is the STP learning state? In the STP learning state, no user data is passe
d. The port quietly builds its bridging table. The default time in the learning
state is 15 seconds. Redundant Switching and STP
What is the STP forwarding state? After the default time in the learning s
tate is up, the port moves to the forwarding state. In the forwarding state, the
port sends and received data. Redundant Switching and STP
"Define the following STP terms:
- Forward delay
- Hello time
- Max age timer" "These STP terms are defined as follows:
- Forward delay: The time it takes a port to move from listening to learning or
from learning to forwarding. The default time is 30 seconds: 15 seconds to trans
ition to listening and 15 seconds to transition to learning.
- Hello time: The time interval between the sending of BPDUs. The default time i
s 2 seconds.
- Max age timer: How long a bridge stores a BPDU before discarding it. The defau
lt time is 20 seconds (10 missed hello intervals)." Redundant Switching and
STP
What is the default amount of time a port takes to transition from blocking to f
orwarding in STP? 50 seconds. It takes 20 seconds for the max age to expir
e, 15 seconds for listening, and 15 seconds for learning. Redundant Switch
ing and STP
What are the RSTP port states? "The RSTP port states are as follows:
- Discarding
- Learning
- Forwarding" Redundant Switching and STP
What are the five different port roles in RSTP? "The five different port roles i
n RSTP are as follows:
- Root port: The best path to the root (the same as in STP)
- Designated port: The port through which the designated switch is attached to t
he LAN (the same as in STP)
- Alternate port: A backup port to the root switch
- Backup port: A backup port to the designated switch
- Disabled port: A port with no role in Spanning Tree" Redundant Switching and
STP
How does RSTP handle BPDUs? In 802.1D (Spanning Tree), a nonroot bridge only
generates BPDUs when it receives one on the root port. In RSTP (802.1w), a brid
ge sends a BPDU every 2 seconds by default, even if it does not receive any from
the root bridge. Redundant Switching and STP
In RSTP, when does a bridge consider it has lost connectivity to a direct neighb
or? In RSTP, a bridge considers that it has lost connectivity to a directly
connected neighbor if it misses three BPDUs in a row (6 seconds). In RSTP, BPDUs
act as keepalive mechanisms between bridges. If a bridge does not receive a BPD
U from a neighbor, the switch is certain that the connection to the neighbor has
failed. Redundant Switching and STP
In RSTP, what is an edge port? "An edge port is a port that is directly connect
ed to end stations.
Because directly connected end stations cannot create bridging loops in the netw
ork, an edge port directly transitions to the forwarding state, skipping the lis
tening and learning states.
Edge ports are configured using the spanning-tree portfast interface command."
Redundant Switching and STP
How are link types derived in RSTP? In RSTP, a link can only rapidly transit
ion to a forwarding state on edge port and on point-to-point links. A point-to-p
oint link is a link that directly connects two switches. In RSTP, the link type
is automatically derived from the duplex mode of a port. Full-duplex is assumed
to be point-to-point, and a half-duplex link is considered a shared point.
Redundant Switching and STP
What is Per-VLAN Spanning Tree (PVST) and PVST+? "In PVST, a different sp
anning-tree instance exists for each VLAN on a switch. So, each VLAN has its own
root bridge, root port, designated port, and nondesignated port. PVST is define
d in 802.1D.
PVST+ is based on the 802.1D standards but also includes Cisco-proprietary featu
res such as UplinkFast and BackboneFast." Redundant Switching and STP
What is Multiple Spanning Tree Protocol (MSTP)? MSTP allows switches running RST
P to group VLANs into one spanning-tree instance. Each VLAN group has a separate
spanning-tree instance that is independent of other spanning-tree instances. MS
TP is defined in 802.1s. Redundant Switching and STP
What three types of STP are supported on Cisco switches? "The three types
of STP supported on Cisco switches are as follows:
- PVST+: PVST+ is based on the 802.1D standard but also includes Cisco-proprieta
ry features such as UplinkFast and BackboneFast.
- PVRST+: PVRST+ (Per-VLAN Rapid Spanning Tree) is defined in 802.1w and has fas
ter convergence than 802.1D.
- MSTP: MSTP combines PVST+ and all IEEE standards." Redundant Switching and
STP
What is the default STP type on Cisco Catalyst switches? The default STP
type on Cisco Catalyst switches is PVST+. Redundant Switching and STP
By default, RSTP is disabled on Cisco switches. How do you enable RSTP? "To enab
le RSTP, you first have to define a Mono Spanning Tree (MST) region and then ena
ble RSTP on the switch. For switches to be in the same MST region, they must hav
e the same VLAN-to-instance mapping, the same configuration revision number, and
the same name. The following commands enable MST on a switch:
Cat2960(config)#spanning-tree mst configuration (enter MST config)
Cat2960(config-mst)#instance 1 vlan 10, 20, 30, 50 (define MST instance a
nd VLANs)
Cat2960(config-mst)#name Cisco (define MST name)
Cat2960(config-mst)#revision 1 (specify the revision number)
Cat2960(config-mst)#exit
Cat2960(config)#spanning-tree mode mst (enable MST and RSTP)
Cat2960(config)#end
The instance instance-id vlan vlan-range command maps configured VLANs to an MST
instance. The instance-id can be a range from 1 to 15. This example maps MST in
stance 1 to VLANs 10, 20, 30, and 50. To map a range of VLANs, enter the start V
LAN, enter a hyphen, and then enter the end VLAN: 1[nd]50." Redundant Switch
ing and STP
How to you configure an RSTP root switch and backup switch? "Because all Cis
co switches have the same bridge ID, by default in STP and RSTP, the switch with
the lowest MAC address is the root bridge. In many instances, this is not desir
ed. To specify a switch to be the root switch, use the spanning-tree mst instanc
e-id root primary [diameter net-diameter [hello-time seconds]] global command, a
s follows:
Cat2960(config)#spanning-tree mst 1 root primary
To configure the backup root switch, use the spanning-tree mst instance-id root
secondary global command." Redundant Switching and STP
How do you enable PVRST+ on a Cisco switch? "The following steps enable PVRS
T+ on a Cisco switch:
Step 1. Enable PVRST+ as follows:
spanning-tree mode rapid-pvst
Step 2. Designate and configure a root bridge as follows:
spanning-tree vlan vlan-id root primary
Step 3. Designate and configure a backup bridge as follows:
spanning-tree vlan vlan-id root secondary" Redundant Switching and STP
What is Etherchannel? Etherchannel is a Cisco feature that allows you to combi
ne several physical links (up to eight) into one logical connection for increase
d bandwidth. Data between the links is load-balanced, and Spanning Tree sees the
logical link as one link; thus all physical ports are forwarding. Fast Ethernet
, Gigabit Ethernet, and 10 Gigabit Ethernet links can be configured for Ethercha
nnel. For example, two 1-Gigabit links can be configured for Etherchannel, provi
ding 2 Gbps of bandwidth. Redundant Switching and STP
What are some ways you can prevent unauthorized users from reconfiguring or view
ing your switch configuration? Switch-based authentication prevents unauthorize
d users from accessing the switch remotely. Switch-based authentication includes
using console, vty, and enable passwords. It also includes using different user
names and passwords for access. Also, switches can use a TACACS+ or RADIUS serve
r to provide remote authentication. Redundant Switching and STP
List the eight practices that Cisco recommends to secure a switch. "Cisco r
ecommends the following practices to secure a switch:
- Set system passwords
- Secure access to the console port
- Secure access to vty ports through access lists
- Use SSH when possible
- Disable the HTTP server on the switch
- Configure switch warning banners
- Disable unneeded services on the switch
- Configure logging" Redundant Switching and STP
What is port-based authentication? Port authentication is based on 802.1x a
nd requires a client to be authenticated before it is allowed access to the LAN.
802.1x is a standards-based method that defines client-server[nd]based access c
ontrol. In 802.1x, the authentication server authenticates each client that is c
onnected to a switch port before making available any network access offered by
the switch. 802.1x uses Extensible Authentication Protocol over LAN (EAPoL) to a
uthenticate clients. Redundant Switching and STP
You connect two switches using a straight-through unshielded twisted-pair (UTP)
Cat 6 cable. The port link lights between the switches are not coming on. What i
s the problem? The problem is with the cable. A straight-through cable is used
to connect data terminal equipment (DTE) devices to data communications equipmen
t (DCE) devices. A switch is considered a DCE device, and so are hubs. DTE devic
es include computers, printers, servers, and routers. For two like devices to co
nnect to each other, a crossover cable is needed. In this case, replacing the ca
ble with a crossover cable will fix the problem. Troubleshooting Switched
Networks
What command can you use on a Catalyst switch to view port information, statisti
cs, and errors? "To view port information, such as port type, speed, duplex sett
ings, or statistics and errors, use the show interface interface-id privileged E
XEC command. The following command shows the information for interface g0/1. You
should be familiar with the highlighted areas.
vc-core#show interface g0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet Port, address is 000d.65ac.5040 (bia 000d.65ac.50
40)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX
input flow-control is on, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:09, output never, output hang never
Last clearing of ""show interface"" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 10000 bits/sec, 8 packets/sec
5 minute output rate 10000 bits/sec, 7 packets/sec
1476671 packets input, 363178961 bytes, 0 no buffer
Received 20320 broadcasts (12683 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
1680749 packets output, 880704302 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out" Troubleshooting
Switched Networks
"You have a link on your switch that is not working properly. You enter the show
interface command on the faulty port and the port status says ""errDisable"". W
hat is the cause for this error?" "If you are having connectivity issues a
nd the port state shows ""errDisable"" the following issues can be causing this
error:
- EtherChannel misconfiguration
- Duplex mismatch
- Bridge protocol data unit (BPDU) port-guard has been enabled on the port
- Unidiretional Link Detection (UDLD)
- A native VLAN mismatch" Troubleshooting Switched Networks
"Traffic between two switches is slow. You issue the show interface command on t
he uplink between the two switches and you see the following:
!output omitted!
0 input packets with dribble condition detected
180749 packets output, 8004302 bytes, 0 underruns
0 output errors, 45345 collisions, 0 interface resets
0 babbles, 45345 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
What is the problem?" The switch port is receiving a lot of late collisions. T
he problem can be a duplex mismatch or a faulty port, or the distance between th
e two switches might exceed the cable specifications. Troubleshooting Switched
Networks
What is the cause of multiple collisions on a port? Multiple collisions are
the number of times the transmitting port had more than one collision before suc
cessfully transmitting a frame. If you experience multiple collisions on a port,
the problem usually lies with an oversaturated medium. Troubleshooting Switched
Networks
"While troubleshooting a switched network, you see the following on a switch int
erface that is having connectivity problems:
!output omitted!
5 minute input rate 10000 bits/sec, 8 packets/sec
5 minute output rate 10000 bits/sec, 7 packets/sec
1476671 packets input, 363178961 bytes, 0 no buffer
Received 20320 broadcasts (12683 multicast)
2345 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
What could be the cause of the problem?" The switch is receiving a lot of
runts. Runts are frames smaller than 64 bytes with a bad frame check sequence (
FCS). Bad cabling or inconsistent duplex settings usually cause runts. Troubles
hooting Switched Networks
"You have one computer that is connected to a switch that is having very slow an
d intermittent connections with the network. You log on to the switch and issue
the show interface command on the port that the user is connected to. You see th
e following:
!output omitted!
5 minute input rate 10000 bits/sec, 8 packets/sec
5 minute output rate 10000 bits/sec, 7 packets/sec
1476671 packets input, 363178961 bytes, 0 no buffer
Received 20320 broadcasts (12683 multicast)
0 runts, 325 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
What is most likely the cause of the problem?" The computer has a faulty NIC. T
he switch is receiving a lot of giants. Giants are frames greater than the Ether
net maximum transmission unit (MTU) of 1518 bytes. The cause for giants is usual
ly a faulty NIC on the computer. Troubleshooting Switched Networks
"When users in VLAN 10 are having difficulty connecting to a server in VLAN 20,
the connection is very slow. The users are having no problems communicating with
each other, only with the server in VLAN 20. As the network administrator, you
issue the show interface command on the switch the server is connected to and yo
u see the following:
!Output omitted!
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX
The server has a Gigabit network card that is set to half-duplex. What is the pr
oblem?" The problem lies with a duplex mismatch between the server and the switc
h. The show interface command shows that the port's duplex is set to full, but w
hen you look at the server's NIC, its duplex setting is half-duplex. A duplex mi
smatch would cause a slow connection to the server. Troubleshooting Switched
Networks
A hub is connected to a switch. Fifteen users are connected to the hub. All user
s are trying to connect to a server off of the switch, but are experiencing late
ncy. What type of problem is this, and what are some of the causes for this prob
lem? "Because the users are connected to a hub, they are in the same collisio
n domain and are experiencing collision domain connectivity problems.
Causes for the latency problem can include the following:
- The segment is overloaded or oversubscribed.
- Bad cabling on the segment.
- NICs on the segment do not have compatible settings.
- Faulty NICs." Troubleshooting Switched Networks
As the network administrator of a switched network, you add redundant links to y
our network. Shortly after doing so, users complain that they can no longer acce
ss the network. Additionally, you notice a lot of broadcast traffic on the netwo
rk. What is the cause of the problem? The problem is most likely due to a misc
onfiguration in Spanning Tree. Because the problem started when redundant switch
links were installed, one of the switches is most likely having Spanning Tree p
roblems, and a traffic loop is probably occurring in the network. Troubles
hooting Switched Networks
"As a network administrator, you add a new switch to your environment. You confi
gure the links between your core switch and your new switch for trunking. Howeve
r, the new switch is not receiving VLAN configuration from your VTP server. You
issue the show vtp status command on both switches. You see the following on the
core switch:
core#show vtp status
VTP Version : 2
Configuration Revision : 19
Maximum VLANs supported locally : 1005
Number of existing VLANs : 14
VTP Operating Mode : Server
VTP Domain Name : CiscoPress
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
You see the following on the new switch:
new#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 1
VTP Operating Mode : Client
VTP Domain Name : Ciscopress
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
What is the problem?" The problem is that an incorrect VTP domain is configure
d on the new switch. The VTP domain on the core switch is CiscoPress, but on the
new switch, it is Ciscopress. The setting for the VTP domain is case sensitive
(and so is the VTP password). This mismatch prevents the switches from exchangin
g VTP information Troubleshooting Switched Networks
What does a VTP client do if it receives a VTP packet from the VTP server that c
ontains less VLANs than are currently in the client's database and a lower revis
ion number than the VTP client? "The VTP client ignores the packet. Because the
revision number is lower than the client's current revision number, the client k
nows that the packet is not correct and ignores the packet.
Every time VLAN information is modified on the VTP server, the server increments
its VTP revision number by 1. In this scenario, if the VTP packet had a higher
revision number than the one on the client, the client would update its VLAN inf
ormation." Troubleshooting Switched Networks
"One of your Catalyst 2960 switches is generating the following error:
%SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from
CLIENT to TRANSPARENT
Why is this error occurring?" "The switch is changing from VTP client to trans
parent mode for the following two reasons:
- The switch has more VLANs running on STP than it can support.
- The switch receives more VLANs from the VTP server than the switch can support
." Troubleshooting Switched Networks
One of your production Catalyst 2960 switches in your switched networked failed.
To recover quickly and get your switched network back online, you take a Cataly
st switch from your lab with a good VTP configuration and put it in place of the
failed Catalyst. You create a trunk link on the lab switch to connect it to the
production network. Shortly after you create the trunk link, all your users in
your switched network lose network connectivity. You issue the show vlan command
from your VTP server and notice that all the VLANs configured on the VTP server
are gone. What has happened? "The lab switch with no VLANs configured was set
to VTP server mode and had a higher revision number than the configuration revi
sion number of the VTP domain. As a result, the lab switch erased all the VLANs
through the VTP domain.
The quickest way to recover from this error is to reconfigure all the VLANs on o
ne of the VTP servers.
The best way to prevent this issue from occurring is to ensure that all new swit
ches introduced into your switch environment are not only configured with the co
rrect VTP domain information but are also set to client mode." Troubleshooting
Switched Networks
On your VTP server, you removed VLAN 20 because it is no longer needed. The netw
ork runs fine after removing the VLAN. A week later, the company suffers a power
loss and all the switches are power cycled. When the switches come back online,
some users complain that they cannot access the network. You issue the show int
erface command on one of the switches and notice that some of the ports are inac
tive. Why are the ports inactive? "The ports are inactive because they are
most likely members of VLAN 20, which was removed the week before. Switch ports
move to the inactive state when they are members of VLANs that no longer exist
in the VLAN database. This occurs after a VLAN has been removed and the switch i
s power cycled.
A quick way to fix this is to assign the ports to an existing VLAN." Troubles
hooting Switched Networks
You want to create a trunk link between two Catalyst switches. On each switch's
Gigabit 0/1 port, you issue the switchport mode dynamic auto command on both swi
tches; however, the trunk link is not established. Why is the trunk link not bei
ng created? "The trunk link is not being established because both ports are
set to dynamic auto. When a trunking port is set to dynamic auto, the port can t
runk only if the neighboring device is set to trunk or dynamic desirable.
Properly configuring one of the ports to trunk or dynamic desirable will fix the
issue." Troubleshooting Switched Networks
As a network administrator, you think your network is having some Spanning Tree
issues. What commands can you use on the Catalyst 2960 switch to troubleshoot Sp
anning Tree? "Although many commands are available to troubleshoot Spanning T
ree, the ones required to know for the ICND2 exam are as follows:
- show spanning-tree: Displays the root ID, bridge ID, and priority time for all
VLANs in STP
- show spanning-tree vlan vlan-id: Displays STP information for a specific VLAN
- debug spanning-tree: Verifies receipt of BPDUs and troubleshoots other spannin
g-tree errors" Troubleshooting Switched Networks
What are the three classes of routing protocols? "The three classes of ro
uting protocols are as follows:
- Distance vector
- Link-state
- Balanced hybrid" Routing Operations and VLSM
What is administrative distance? Administrative distance (AD) is an integ
er from 0 to 255 that rates the trustworthiness of the source of the IP routing
information. The AD is only important when a router learns about a destination r
oute from more than one source. The path with the lowest AD is the one entered i
n the routing table. Routing Operations and VLSM
"What is the AD of each of the following?
- Directly connected interface
- Static route
- Border Gateway Protocol (BGP)
- EIGRP
- OSPF
- RIPv2
- External EIGRP
- Unknown" "The ADs are as follows:
- Directly connected interface: 0
- Static route: 1
- BGP: 20
- EIGRP: 90
- OSPF: 110
- RIPv2: 120
- External EIGRP: 170
- Unknown: 255" Routing Operations and VLSM
What is an autonomous system (AS)? An AS is a network under a common admini
stration or domain. Routing Operations and VLSM
What are interior gateway protocols (IGP) and exterior gateway protocols (EGP)?
Interior gateway protocols are routing protocols that run within an AS. RIP, OSP
F, and EIGRP are examples of IGPs. Exterior gateway protocols are routing protoc
ols that route between autonomous systems. BGP is an example of an EGP. Routing
Operations and VLSM
Because VLANs are considered individual broadcasts domains, for inter-VLAN commu
nication to occur, a router is needed. What two things must occur for inter-VLAN
routing? "Two requirements for inter-VLAN routing to occur are as follows
:
- The router must know how to reach all VLANs.
- The routers must have a separate physical connection for each VLAN, or trunkin
g must be enabled on a single physical connection." Routing Operations and V
LSM
How do you enable routing between VLANs on a Cisco router using 802.1Q? "The enc
apsulation dot1q vlan-id interface command enables 802.1Q trunking on a Cisco ro
uter.
To configure trunking on a router, first create a subinterface and then configur
e the subinterface with the encapsulation dot1q vlan-id command, where the vlan-
id is the VLAN number of the associated VLAN. The following example enables inte
r-VLAN routing for VLANs 1, 10, and 20:
RouterB(config)#int f0/0
RouterB(config-if)#ip address 192.168.1.1 255.255.255.0
RouterB(config-if)#int f0/0.10
RouterB(config-if)#ip address 192.168.10.1 255.255.255.0
RouterB(config-if)#encapsulation dot1q 10
RouterB(config-if)#int f0/0.20
RouterB(config-if)#ip address 192.168.20.1 255.255.255.0
RouterB(config-if)#encapsulation dot1q 20" Routing Operations and VLSM
How do distance vector routing protocols function? Also known as Bellman-Fo
rd algorithms, distance vector routing protocols pass complete routing tables to
neighboring routers. Neighboring routers then combine the received routing tabl
e with their own routing table. Each router receives a routing table from its di
rectly connected neighbor. Routing Operations and VLSM
How do distance vector routing protocols keep track of any changes to the intern
etwork? "Distance vector routing protocols keep track of changes to the internet
work by periodically broadcasting updates out all active interfaces. This broadc
ast contains the entire routing table. This method is often called ""routing by
rumor.""" Routing Operations and VLSM
Slow convergence of distance vector routing protocols can cause inconsistent rou
ting tables and routing loops. What are some mechanisms that distance vector pro
tocols implement to prevent routing loops and inconsistent routing tables?
"Some mechanisms that distance vector protocols must implement to prevent routin
g loops and inconsistent routing tables are as follows:
- Maximum hop count (count to infinity)
- Split horizon
- Route poisoning
- Holddowns
- Time to live (TTL)" Routing Operations and VLSM
What is maximum hop count? If a loop is in an internetwork, a packet loops
around the internetwork until the TTL in the IP packet reaches zero and is remov
ed. Maximum hop counts prevent routing loops by defining the maximum number of t
imes a packet can loop around the internetwork. RIP uses a hop count of up to 15
, so anything that requires 16 hops is unreachable. Anytime a packet passes thro
ugh a router, it is considered one hop. Routing Operations and VLSM
What is split horizon? The split horizon rule prohibits a router from advertisi
ng a route through an interface that the router itself is using to reach the des
tination. Routing Operations and VLSM
What is convergence? Convergence is when all routers have consistent knowledg
e and correct routing tables. Routing Operations and VLSM
What is route poisoning? With route poisoning, when a distance vector rou
ting protocol notices that a route is no longer valid, the route is advertised w
ith an infinite metric, signifying that the route is bad. In RIP, a metric of 16
is used to signify infinity. Route poisoning is used with holddowns. Routing
Operations and VLSM
What are hold-down timers? Hold-down timers prevent regular update messages
from reinstating a route that might have gone bad. Hold-down timers also tell r
outers to hold for a period of time any changes that might affect routes.
Routing Operations and VLSM
What are triggered updates? Also known as flash updates, triggered updates a
re routing updates sent immediately out a router interface when it notices that
a directly connected subnet has changed state. Routing Operations and VLSM
"Which of the following are used for loop avoidance?
a. Link-state advertisements
b. Poison reverse
c. Route discovery
d. Split horizon" b and d. Poison reverse and split horizon are used for l
oop avoidance. Link-state advertisements are what OSPF uses to advertise its lin
ks, and route discovery is a process of discovering all available routes.
Routing Operations and VLSM
What are the function of areas and autonomous systems in link-state protocols?
Areas are a grouping of contiguous networks. They are logical subdivisions of an
autonomous system (AS). Routing Operations and VLSM
What are four advantages link-state protocols have over distance vector protocol
s? "Four advantages that link-state protocols have over distance vector pro
tocols are as follows:
- Link-state protocols send routing updates only when they detect a topology cha
nge.
- Fast convergence.
- Support for classless addressing.
- Networks can be segmented into area hierarchies, limiting where routing update
s are flooded to." Routing Operations and VLSM
List three disadvantages link-state protocols have over distance vector protocol
s. "Three disadvantages that link-state protocols have over distance vector
protocols are as follows:
- Significant demands of resources. Because link-state protocols require a topol
ogy database of the internetwork, they require a significant amount of memory an
d CPU cycles to run the SPF algorithm.
- Link-state protocol networks are more complex, making it more difficult to tro
ubleshoot than distance vector protocols.
- All areas have to connect to a backbone area, thus requiring a lot of planning
in implementing a link-state network." Routing Operations and VLSM
What is balanced hybrid routing? Describe one balanced hybrid routing protocol.
"Balanced hybrid routing protocols combine aspects of distance vector and link-s
tate protocols. Balanced hybrid routing protocols use distance vectors that are
more accurate to determine the best path to a destination network and use topolo
gy changes to trigger routing updates.
Enhanced IGRP (EIRGP) is a balanced hybrid protocol that is Cisco proprietary."
Routing Operations and VLSM
What is the difference between classful and classless routing protocols?
"Classful routing protocols do not send the subnet mask in their routing updates
. As a result, all interfaces on the router have to be configured with the same
subnet mask, because classful routing protocols assume that all remote networks
have the same subnet mask of the exiting interface.
Classless routing protocols send the subnet mask in their routing updates and su
pport VLSM and CIDR. RIPv2, OSPF, and EIGRP are classless routing protocols."
Routing Operations and VLSM
What is CIDR? Classless interdomain routing (CIDR) is a new addressing scheme
for the Internet that allows more efficient use of IP addresses than the old cla
ss A, B, and C scheme. It is more flexible and offers route aggregation (superne
tting). A CIDR address is a network address that does not use original Class A,
B, and C rules. For example, a CIDR address can look like this: 192.168.2.0 255.
255.255.248. Routing Operations and VLSM
How many usable subnets and usable hosts can you have if you subnet the network
address 192.168.1.0 with the subnet mask 255.255.255.240? 14 subnets with
14 hosts in each network. Routing Operations and VLSM
Your ISP has given you the IP network address of 172.16.0.0/16. You have 18 netw
orks, each with 1200 hosts. You want to assign one IP range per network, leaving
room for future growth. What subnet mask would best achieve your goals?
255.255.248.0. Routing Operations and VLSM
You are the network administrator, and your company has a Class C network licens
e. Your company wants to segment the network and requires 5 usable subnets, each
capable of accommodating at least 20 hosts. Which subnet mask should you use?
255.255.255.224 uses 3 subnet bits and provides 6 usable subnets (23 [ms] 2 = 6)
. This leaves 5 bits for hosts, which gives you 30 usable addresses (25 [ms] 2 =
30). Routing Operations and VLSM
What is route summarization? "Route summarization is a way to reduce the size
of routing tables in the network. Route summarization takes more specific route
s to a network and replaces them with a single summary route that includes all t
he IP addresses covered in the original routes. Summarization is also called sup
ernetting or route aggregation.
RIP and EIGRP automatically perform route summarization each time they cross a b
order between two major networks. OSFP must be configured to perform summarizati
on." Routing Operations and VLSM
What does route aggregation mean when referring to variable subnet masking?
Route aggregation means combining routes to multiple networks into one supernet.
Routing Operations and VLSM
What is the passive-interface command? The passive-interface command configures
an interface to not participate in the routing process. By issuing the passive-
interface command on a router interface, the configured interface stops sending
or routing protocol information. However, incoming routing information is not st
opped. Because the passive-interface command stops sending routing updates, it b
reaks adjacencies in OSPF and EIGRP. Routing Operations and VLSM
What is the routing metric OSPF is based on? "Bandwidth. OSPF's metric is a c
ost value based on bandwidth or the speed of its connection. The default formula
used to calculate OSPF cost is as follows:
Cost = 100,000,000 / bandwidth in bps
For example, OSPF assigns the cost of 10 to a 10-MB Ethernet line (100,000,000 /
10,000,000 = 10)." Implementing OSPF in a Single Area
How do OSPF-speaking routers build adjacencies and exchange routing tables?
"OSPF-speaking routers build adjacencies and exchange routing tables by sending
Hello packets out all OSPF-enabled interfaces.
If the routers share a common data link and agree on certain parameters set in t
heir Hello packets, they become neighbors. If these parameters are different, th
ey do not become neighbors and communication stops. OSPF routers can then form a
djacencies with certain routers. The routers that OSPF-speaking routers build ad
jacencies with are determined by the data-link media type. After adjacencies hav
e been formed, each router sends link-state advertisements (LSA) to all adjacent
routers. These LSAs describe the state of each of the router's links. Because o
f the varying types of link-state information, OSPF defines multiple LSA types.
Finally, a router receiving LSAs from neighbors records the LSA in a link-state
database and floods a copy of the LSA to all its other neighbors. When all datab
ases are complete, each router uses the SPF algorithm to calculate a loop-free t
opology and builds its routing table based on this topology." Implementing OSP
F in a Single Area
What is the OSPF router ID, and where does an OSPF router receive its router ID?
For OSPF to initialize, it must be able to define a router ID for the entire OSP
F process. A router can receive its router ID from several sources: manual confi
guration through the router-id command; by the numerically highest IP address se
t on the loopback interface. The loopback interface is a logical interface that
never goes down. If no loopback address is defined, an OSPF-enabled router selec
ts the numerically highest IP address on all its interfaces as its router ID.
Implementing OSPF in a Single Area
How can you manually restart the OSPF process without rebooting the router?
The OSPF process can be restarted with the clear ip ospf process global command.
Implementing OSPF in a Single Area
"An OSPF-enabled router has the following IP addresses configured on its interfa
ces:
- Ethernet 0: 192.168.9.5
- Serial 0: 172.16.3.1
- Ethernet 1: 192.168.24.1
What is the router ID of the OSPF-enabled router?" 192.168.24.1 is the rout
er ID because it is the numerically highest IP address on all interfaces on the
router. If the router had a loopback address configured, it would choose the loo
pback address as the router ID (even if the loopback IP address was numerically
lower than other IP addresses configured on the router). Implementing OSP
F in a Single Area
What does the Hello protocol do in an OSPF network? "In OSPF, the Hello prot
ocol ensures that communication between OSPF-speaking routers is bidirectional.
It is the means by which neighbors are discovered, and it acts as a keepalive be
tween neighbors. It also establishes and maintains neighbor relationships and el
ects the designated router (DR) and the backup designated router (BDR) to repres
ent the segment on broadcast and nonbroadcast multiaccess (NBMA) networks."
Implementing OSPF in a Single Area
What information does each Hello packet contain? "Each Hello packet conta
ins the following information:
- Router ID of the originating router
- Area ID of the originating router interface
- Address mask of the originating router interface
- Authentication type and information of the originating router interface
- HelloInterval
- RouterDeadInterval
- Router priority
- Designated router (DR) and backup designated router (BDR)
- 5 flag bits for optional capabilities
- Router IDs of the originating router's neighbors" Implementing OSPF in a S
ingle Area
What is the IP multicast address of Hello protocols? Hello protocols are peri
odically sent out each interface using the IP multicast address 224.0.0.5 (AllSP
FRouters). The HelloInterval each router uses to send out the Hello protocol is
based on the media type. The default HelloInterval of point-to-point and point-t
o-multipoint broadcast networks is 10 seconds; on NBMA networks, the default is
30 seconds. Implementing OSPF in a Single Area
For OSPF routers to become neighbors, what parameters must match in their Hello
packets? "For OSPF routers to become neighbors, the parameters that must
match in their Hello packets are as follows:
- Subnet mask used on the subnet
- Subnet number
- Hello Interval
- Dead Interval
- OSPF area ID" Implementing OSPF in a Single Area
What is the OSPF neighbor table? The OSPF neighbor table is a list of all
neighbors discovered by OSPF. Implementing OSPF in a Single Area
What are the five network types that OSPF defines? "The five network types
defined by OSPF are as follows:
- Broadcast networks
- NBMA networks
- Point-to-point networks
- Point-to-multipoint networks
- Virtual links" Implementing OSPF in a Single Area
In OSPF, what is the designated router and backup designated router? "In mult
iaccess networks (LANs) a designated router (DR) must be elected on the subnet b
efore database description packets can be exchanged between routers. All databas
e description packets are forwarded to the DR, which in turn forwards them to ot
her OSPF routers. The DR has the following duties:
- Represent the multiaccess network and attached routers for the OSPF area
- Manage the flooding process on the multiaccess network" Implementing OSP
F in a Single Area
On a multiaccess network, how is the DR elected? "On a multiaccess networ
k, the DR is elected by the following criteria:
- The router with the highest OSPF priority becomes the DR.
- If two or more routers have the same OSPF priority, the router with the highes
t router ID becomes the DR." Implementing OSPF in a Single Area
An OSPF router has the OSPF priority set to 0. What does this mean? An OSPF
priority setting of 0 means that the router can never become a DR. Implemen
ting OSPF in a Single Area
If you have eight routers on an Ethernet network and you establish adjacencies w
ith only the DR and BDR, how many circuits will you have? 14. The formula
for calculating the number of circuits (adjacencies or connections) needed to es
tablish adjacencies with the DR and BDR is 2(n[ms]1), where n is the number of r
outers in the network. So, if you have eight routers in a network, 2(8[ms]1) = 1
4 adjacencies. Implementing OSPF in a Single Area
What are link-state advertisements? Link-state advertisements (LSA) are what
OSPF-speaking routers send out all interfaces to describe the state of the rout
ers' links. LSAs are also packets that OSPF uses to advertise changes in the con
dition of a specific link to other OSPF routers. Implementing OSPF in a S
ingle Area
How many LSAs exist in OSPF? "Eleven distinct link-state packet formats are u
sed in OSPF; each is used for a different purpose.
The ICND exam will only test you on two LSA types: Type 1 and Type 2.
Type 1 LSAs are router LSAs and are generated by each router for each area to wh
ich it belongs. These LSAs describe the states of the router's links to the area
and are flooded within a single area.
Type 2 LSAs are network LSAs and are generated by the DR and BDR. They describe
the set of routers attached to a particular network. They are flooded within a s
ingle area." Implementing OSPF in a Single Area
Provide four reasons why you would use OSPF instead of RIP. "Four reasons wh
y you would use OSPF instead of RIP are as follows:
- Fast convergence
- No reachability limitations
- More efficient use of bandwidth
- Path selection is based on bandwidth rather than hops" Implementing OSP
F in a Single Area
How do you enable OSPF on a Cisco router? "The router ospf process-id comm
and enables the OSPF process, and the network address wildcard-mask area area-id
command assigns networks to a specific OSPF area. Consider the following exampl
e:
RouterA(config)#router ospf 10
RouterA(config-router)#network 192.168.10.0 0.0.0.255 area 0
These commands enable OSPF process 10 and advertise the network 192.168.10/24 in
area 0. Notice that you must specify the wildcard mask instead of the subnet ma
sk." Implementing OSPF in a Single Area
What command enables a loopback interface on a Cisco router? The interface lo
opback number global configuration command configures a loopback interface. The
number option specifies the loopback interface number you are creating. Implemen
ting OSPF in a Single Area
What IOS command displays the OSPF neighbor information on a per-interface basis
? "The show ip ospf neighbor command displays OSPF neighbor information on
a per-interface basis, as follows:
RouterB# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 FULL/ - 00:00:31 10.1.1.1 Serial0"
Implementing OSPF in a Single Area
What IOS command lists the OSPF area for router interfaces and the neighbors adj
acent on the interface? "The show ip ospf interface command lists the area in wh
ich the router interface resides and the neighbors of the interface. Additionall
y, it lists the interface state, process ID, router ID, network type, cost, prio
rity, DR and BDR, timer intervals, and authentication if it is configured. Here
is an example of the show ip ospf interface command:
RouterB# show ip ospf interface ethernet 0
Ethernet0 is up, line protocol is up
Internet Address 10.1.1.1/24, Area 0
Process ID 1, Router ID 172.16.0.2, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 172.16.0.1, Interface address 10.1.1.2
Backup Designated router (ID) 172.16.0.2, Interface address 10.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.0.1 (Designated Router)
Suppress hello for 0 neighbor(s)" Implementing OSPF in a Single Area
As the network administrator, you want to view all the routes learned by OSPF on
your router. What IOS command can you use to view this information? The show
ip route ospf command shows all routes the router learned through OSPF.
Implementing OSPF in a Single Area
In routing, what is load balancing? "In routing, if a router has multiple pa
ths with the same administrative distance and cost to a destination, packets are
load-balanced across the paths.
Load balancing is a function of Cisco IOS router software and is supported for s
tatic routes, RIP, RIPv2, Interior Gateway Routing Protocol (IGRP), Enhanced IGR
P (EIGRP), OSPF, Intermediate System[nd]to[nd]Intermediate System (IS-IS) Protoc
ol, and Border Gateway Protocol (BGP)." Implementing OSPF in a Single Area
What is per-destination and per-packet load balancing? "Per-destination load ba
lancing means that the router distributes packets based on the destination addre
ss.
Per-packet load balancing means that the router sends one packet for one destina
tion over the first path, and the second packet for the same destination over th
e second path." Implementing OSPF in a Single Area
As a network administrator, you are running OSPF in your network and you have tw
o paths to the same destination; however, the costs of the paths are not the sam
e. As a result, OSPF routes all traffic across the route with the lowest cost. Y
ou want to use the second link. How do you configure OSPF to load-balance betwee
n the two links? "Because OSPF's metric is based on cost, to load-balance
between two links with different costs, you must manually configure each interf
ace with the same cost. The ip ospf cost interface-cost interface command sets t
he OSPF cost of an interface. In the example stated in the question, you would e
nter the following commands to make both interfaces have the same cost:
RouterA(config)#interface serial 0/0
RouterA(config-if)#ip ospf cost 10
RouterA(config-if)#interface serial 0/1
RouterA(config-if)#ip ospf cost 10" Implementing OSPF in a Single Area
What are the three types of authentication supported by OSPF? "The three types
of authentication supported by OSPF are as follows:
- Null authentication
- Plain-text authentication
- Message digest algorithm 5 (MD5) authentication" Implementing OSPF in a S
ingle Area
"An OSPF router has its AuType set to 1.
What does this mean?" "An AuType of 1 means that the OSPF interface is configu
red of plain-text authentication. The three AuTypes are as follows:
- AuType 0: Null
- AuType 1: Plain-text authentication
- AuType 2: MD5 authentication" Implementing OSPF in a Single Area
How do you configure plain-text authentication for OSPF? "The steps for c
onfiguring plain-text authentication for OSPF are as follows:
Step 1. Assign a password to be used with the ip ospf authentication-key passwor
d interface command.
Step 2. Specify the authentication type with the ip ospf authentication interfac
e command.
Step 3. Configure authentication under the OSPF area using the area area-id auth
entication command." Implementing OSPF in a Single Area
How do you configure MD5 authentication between two OSPF routers? "Configu
ring MD5 authentication between two OSPF routers is similar to configuring plain
-text authentication, except you need to have a key ID and a password.
The area area-id authentication message-digest command enables MD5 for the OSPF
area. The ip ospf message-digest-key key-id md5 password interface command sets
the password between the two routers. The following commands enable MD5 authenti
cation for key 1 with the password of cisco:
RouterA(config)#router ospf 1
RouterA(config-if)#area 0 authentication message-digest
RouterA(config)#interface serial 0/0
RouterA(config-if)#ip ospf message-digest-key 1 md5 cisco" Implementing OSP
F in a Single Area
How do you verify that authentication is enabled on an OSPF interface? "The sho
w ip ospf interface command, as follows, shows that OSPF authentication is enabl
ed:
RouterA# show ip ospf interface serial0
Serial0 is up, line protocol is up
Internet Address 192.16.0.1/24, Area 0
Process ID 10, Router ID 172.16.0.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Simple password authentication enabled" Implementing OSPF in a Single Ar
ea
"You issue the show ip ospf interface command on your Cisco router. You receive
the following output:
RouterA# show ip ospf interface serial0
Serial0 is up, line protocol is up
Internet Address 192.16.0.1/24, Area 0
Process ID 10, Router ID 172.16.0.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1
What type of authentication is enabled on your router?" "OSPF MD5 authentication
is enabled on the router. When issuing the show ip ospf interface command, the
following response indicates that MD5 authentication is enabled with the key ID
of 1:
Message digest authentication enable
Youngest key id is 1" Implementing OSPF in a Single Area
"As a network administrator, you enabled OSPF in all routers on your network. Ho
wever, one of the routers in your network is not receiving the routing table. Yo
u issue the show ip ospf neighbor command and you see an ""ospf-4-badlsa type er
ror"" message. Why is the router getting this error?" "An ""ospf-4-badlsa type
error"" message indicates that the OSPF packet (LSA) is being corrupted by Laye
r 2 (the interface) or the software." Implementing OSPF in a Single Area
"When configuring a new router for OSPF, you receive the ""can't allocate router
-id"" error message. Additionally, OSPF does not initialize. Why are you getting
this error message?" "For the OSPF process to initialize, the router must hav
e one interface with a valid IP address in the up/line protocol up state. If an
interface is not enabled and no IP address has been assigned, you will receive t
he ""can't allocate router-id"" error message." Implementing OSPF in a Single Ar
ea
"You are trying to configure OSPF on a new router. When enabling OSPF, you recei
ve the ""ospf unknown protocol"" error message. Why are you receiving this error
message?" "Usually, the ""ospf unknown protocol"" error message means that
the router's IOS does not support OSPF. This is usually the case for Cisco 1600
or 800 series routers." Implementing OSPF in a Single Area
What are the eight OSPF neighbor states? "The eight OSPF neighbor states
are as follows:
- Down
- Attempt
- Init
- 2-Way
- Exstart
- Exchange
- Loading
- Full" Implementing OSPF in a Single Area
Define the OSPF Down state. The OSPF Down state is the first OSPF neighbor s
tate. It means that no Hellos have been received from the OSPF neighbor.
Implementing OSPF in a Single Area
What is the OSPF Attempt state? The OSPF Attempt state only applies to neighbors
on NBMA networks. In this state, the router sends unicast Hello packets to a ne
ighbor at the HelloInterval instead of at the PollInterval. Implementing OSP
F in a Single Area
What is the OSPF Init state? The Init state indicates that a router has recei
ved a Hello packet from its neighbor, but the receiving router's ID was not incl
uded in the Hello packet. As a result, two-way communication has not yet been es
tablished. Implementing OSPF in a Single Area
Define the OSPF 2-Way state. The OSFP 2-Way state indicates that bidirectiona
l communication has been established between two routes. Bidirectional communica
tion means that each router sees its router ID in its neighbor's Hello packets.
Implementing OSPF in a Single Area
What is the OSPF Exstart state? In the OSPF Exstart state, the router and the se
gment's DR and BDR establish a master-slave relationship and choose the initial
sequence of numbers to form an adjacency. Implementing OSPF in a Single Ar
ea
What is the OSPF Exchange state? In the OSPF Exchange state, a router sen
ds database description packets describing its entire link-state database to nei
ghbors that are in the Exchange state too. Implementing OSPF in a Single Ar
ea
What is the OSFP Loading state In the Loading state, the exchange of link-state
information occurs. Routers send link-state request packets to neighbors reques
ting more-recent LSAs that have been discovered but not received. Implemen
ting OSPF in a Single Area
Define the OSPF Full state. The OSPF Full state means that all routers are f
ully adjacent with each other and that the routers' databases are fully synchron
ized. Implementing OSPF in a Single Area
What command can you use to view the OSPF neighbor state? The show ip ospf
neighbor command shows the OSPF neighbor state. Implementing OSPF in a S
ingle Area
"As a network administrator, you configure OSPF on two routers. However, the rou
ters fail to exchange complete routing information. You issue the show run comma
nd on each router and see the following response:
RouterA#show run
!Text-ommitted!
!
router ospf 10
network 172.16.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.0.255 area 0
!
RouterB#show run
!Text-ommitted!
!
router ospf 20
network 192.168.0.0 0.0.255.255 area 1
network 192.168.1.0 0.0.0.255 area 0
!
What is the cause of the problem?" Router B is configured with the wrong ar
ea. Router B is configured for area 0 and area 1. As a result, routers for area
1 do not appear in area 0. To fix the problem, place all the networks in area 0.
Implementing OSPF in a Single Area
In your OSPF network, two routers are not becoming fully adjacent. You want to t
roubleshoot the problem and see any packet information that passes between the t
wo neighbors. What command can you use to view OSPF packets and Hellos between t
he routers? The debug ip ospf packet command displays log messages that desc
ribe the content of all OSPF packets. The debug ip ospf hello command displays a
ll log messages that describe Hellos and Hello failures. Implementing OSP
F in a Single Area
As a network administrator, you configured MD5 authentication between your OSPF
routers. However, authentication fails. You verify the configuration on both rou
ters, and the configuration appears correct. What command can you use to view th
e authentication process between the routers? The debug deb ip ospf adj comman
d allows you to capture the authentication process between routers configured fo
r OSPF authentication. Implementing OSPF in a Single Area
What are the four components of EIGRP? "The four components of EIGRP are as fol
lows:
- Protocol-independent modules
- Reliable Transport Protocol (RTP)
- Neighbor discovery/recovery
- Diffusing Update Algorithm (DUAL)" Implementing EIGRP
By default, what does EIGRP use for calculating routes? "Bandwidth and delay.
By default, bandwidth and delay are used by EIGRP to calculate its metric. EIGRP
can also be configured to use reliability, load, and maximum transmission unit
(MTU). The metric of EIGRP is the metric of IGRP multiplied by 256 for improved
granularity." Implementing EIGRP
What are three general steps that EIGRP uses to add routes to the router's routi
ng table? "The three general steps that EIGRP uses to add routes to the ro
uter's routing table are as follows:Step 1. Discover other EIGRP routers att
ached to the same subnet and form a neighbor relationship with the discovered ro
uters. All discovered routers are kept in the router's EIGRP neighbor table.
Step 2. Exchange network topology information with all discovered neighbors. Thi
s information is stored in the EIGRP topology table.
Step 3. Run DUAL on all topology information and put the lowest-metric routes in
the routing table." Implementing EIGRP
How does EIGRP discover neighbors? EIGRP neighbors are discovered through H
ello messages. On most networks, Hello messages are multicast every 5 seconds to
address 224.0.0.10. On Frame Relay and link speeds of T1 (1.544 Mbps) or slower
, Hellos are unicast every 60 seconds. Implementing EIGRP
When routing information changes in the routing table, how does EIGRP send updat
es? When routing information changes, EIGRP sends update messages to all nei
ghbors, informing them of the change. If EIGRP has to send to multiple neighbors
on the same subnet, the update messages are multicast to IP address 224.0.0.10.
If sending updates to one router, the messages are unicast to the neighbor.
Implementing EIGRP
What is the EIGRP neighbor table? The EIGRP neighbor table lists all adjac
ent routers. Each EIGRP router maintains a neighbor table. Implementing EIG
RP
What is the EIGRP topology table? The EIGRP topology table contains all le
arned routes to a destination. In other words, the topology table holds all feas
ible routes in its table. Implementing EIGRP
In EIGRP, what is a successor? A successor is a route selected as the primary r
oute used to reach a destination. It is the route kept in the routing table.
Implementing EIGRP
In EIGRP, what is the feasible successor? The feasible successor is the ba
ckup route. These routes are selected at the same time the successors are identi
fied, but they are only kept in the topology table, not the routing table. They
are used for fast convergence. If the successor fails, the router can immediatel
y route through the feasible successor. Multiple feasible successors can exist f
or a destination. Implementing EIGRP
In EIGRP, what is the advertised distance (AD)? The AD is the cost between the n
ext-hop router and the destination. Implementing EIGRP
In EIGRP, what is the feasible distance (FD)? The FD is the metric from the lo
cal router, through the next-hop router, and to the destination. Implemen
ting EIGRP
What IOS commands enable EIGRP on a Cisco router and advertise 192.168.3.0 and 1
92.168.4.0 as its directly connected networks? "The router eigrp process-id com
mand, followed by the network command, enables EIGRP on the router. The followin
g commands enable EIGRP using AS 100 and then advertise networks 192.168.3.0 and
192.168.4.0:
RouterA(config)#router eigrp 100 (100 is the AS)
RouterA(config-router)#network 192.168.3.0
RouterA(config-router)#network 192.168.4.0" Implementing EIGRP
What command would you use to see EIGRP adjacencies? "The show ip eigrp neigh
bors command displays EIGRP adjacencies and directly connected neighbors, as fol
lows:
RouterA# show ip eigrp neighbors
IP-EIGRP Neighbors for process 100
Address Interface Holdtime Uptime Q Seq SRTT RTO
(secs) (h:m:s) Count Num (ms) (ms)
192.168.10.2 Ethernet1 13 0:02:00 0 11 4 20
192.168.11.2 Ethernet0 14 0:02:01 0 10 12 24"
Implementing EIGRP
What IOS command allows you to view all EIGRP routes in the routing table?
The show ip route eigrp command allows you to view all EIGRP-learned routes in t
he routing table. Implementing EIGRP
How do you view the EIGRP neighbor table? The show ip eigrp neighbors comm
and shows the EIGRP neighbor table. Implementing EIGRP
How do you view the EIGRP topology table? "The show ip eigrp topology comm
and shows the EIGRP topology table, including successors and feasible successors
, as follows:
RouterB# show ip eigrp topology
IP-EIGRP Topology Table for process 100
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 192.168.4.0 255.255.255.0, 1 successors, FD is 2172416
via 192.168.3.2 (2172416/28160), Serial0
via 192.168.2.2 (2684416/1794560), Serial1" Implementing EIGRP
What IOS command would you use to view the EIGRP neighbor states? You woul
d use the debug eigrp neighbors command to check the EIGRP neighbor states. This
command displays the contents of the Hello packet used in EIGRP as well as the
neighbors discovered by EIGRP. Implementing EIGRP
Router A is running EIGRP and has four paths to network 192.168.100.0. All four
paths have the same cost. Which path will Router A choose to route to network 19
2.168.100.0? All four paths. By default, EIGRP can load-balance up to four eq
ual-cost routes. This is called equal-cost load balancing. Because EIGRP has fou
r equal-cost paths to network 192.168.100.0, all paths are included in Router A'
s routing table. Implementing EIGRP
Router A is connected to Router B through a point-to-point T1 link. Router B is
connected to network 192.168.100.0 on its Fast Ethernet interface. EIGRP is runn
ing on both routers. You install a second point-to-point link between the two ro
uters for redundancy. The new link has a bandwidth of 256 kbps. Because the new
link has a higher cost than the T1 link, the new link is not installed in the ro
uting table and is idle. EIGRP only uses the T1 link to route to network 192.168
.100.0. You want to load-balance between the two links. How do you enable EIGRP
to load-balance between the two links? "By default, EIGRP can only load-balance
equal-cost links and not load-balance between unequal-cost links. EIGRP needs t
o be configured to load-balance between unequal-cost links. The goal is to confi
gure EIGRP to spread the traffic load inversely proportionally to the metrics on
the two links. EIGRP uses the variance command to perform unequal-cost load bal
ancing. The variance command defines a multiplier by which a metric can vary fro
m the lowest-cost route. A variance of 1 means that the metrics of multiple rout
es must be equal.
In this question, the metric of the T1 link is 1,657,856. The composite metric t
o network 192.168.100.0 (the total of the cost of the T1 link and the Fast Ether
net interface) is 2,172,416. The composite metric of the 256-kbps link is 10,514
,432. To find the variance between the two paths to perform unequal-cost load ba
lancing, divide the metric of the 256-kbps link by the T1 link: 10,514,432/2,172
,416 = 4.8. Thus to configure unequal-cost load balancing, the variance on Route
r A needs to be set to 5, as follows:
RouterA(config)#router eigrp 100
RouterA(config-router)#variance 5" Implementing EIGRP
What is the default bandwidth of a serial interface on a Cisco router? 1544 kbp
s. Implementing EIGRP
What type of route authentication does EIGRP support? EIGRP supports message d
igest algorithm 5 (MD5) route authentication. Implementing EIGRP
Why would you want to enable EIGRP route authentication on EIGRP routers?
EIGRP route authentication causes EIGRP routers to authenticate with each other
using an MD5 key digest. This prevents the introduction of unauthorized or false
routing messages from unauthorized or unapproved routers. Implementing EIG
RP
How do you enable EIGRP MD5 authentication on Cisco routers? "The steps to co
nfigure EIGRP authentication are as follows:
Step 1. Enter the interface that you want to configure authentication on.
Step 2. Enable MD5 authentication using the ip authentication mode eigrp process
-id md5 interface command.
Step 3. Create an authentication key using the ip authentication key-chain eigrp
process-id key-chain command. The key-chain parameter is the name of the key yo
u want to create.
Step 4. Exit interface configuration mode.
Step 5. Identify the key chain that you configured in Step 3 using the key chain
name-of-key-chain command.
Step 6. Create a key number with the key number command.
Step 7. Identify the key string using the key-string text command." Implemen
ting EIGRP
As a network administrator, you have EIGRP enabled on all network routers. Your
company has two locations. The corporate network is 172.16.1.0 255.255.255.0. Th
e branch office network is 192.168.1.0 255.255.255.0. Your company acquires anot
her company, and you connect the newly acquired company through a WAN link at th
e branch office. The network range of the newly acquired company is 172.16.2.0 2
55.255.255.0. You enable EIGRP on the router that connects to the new office, bu
t users at the corporate network cannot access devices on the newly acquired com
pany's network. Why? "Users from the corporate network cannot access the newl
y acquired company's network because the network is discontiguous, and by defaul
t, EIGRP summarizes routes across classful boundaries. As a result, the router o
n network 192.168.1.0 advertises 172.16.0.0 to both the corporate network and th
e newly acquired network. Thus when a user at the corporate network tries to con
nect to a device at the newly acquired network, the router drops the packet beca
use it thinks it is local. Additionally, the branch office router thinks it has
two equal-cost paths to the 172.16.0.0 network.
To fix the issue, you need to disable auto-summary on the routers. This is done
with the no auto-summary EIGRP router configuration mode command." Implemen
ting EIGRP
What command allows you to troubleshoot EIGRP authentication? "The debug eigrp
packets command allows you to view the neighbor adjacency process. When authent
ication is enabled on two routers, it is part of the adjacency process, and you
can view whether authentication is the cause of failed neighbor adjacencies.
If the failed neighbor adjacency is due to a misconfiguration in EIGRP authentic
ation, you will see the following debugging output from the router:
*Mar 26 12:48:15.749: EIGRP: pkt key id = 2, authentication mismatch
*Mar 26 12:48:15.749: EIGRP: Serial 0: ignored packet from 192.168.1.2, opc ode
= 5 (invalid authentication)
*Mar 26 12:48:15.749: EIGRP: Dropping peer, invalid authentication" Implemen
ting EIGRP
What are the six types of IP access lists that can be configured on a Cisco rout
er? The six types of IP access lists are standard, extended, named, dynamic,
reflexive, and time-based. Managing Traffic with ACLs
What criteria do standard IP access lists use to filter packets? Standard
IP access lists filter packets by the source address. This results in the packe
ts being permitted or denied for the entire protocol suite based on the source n
etwork IP address. Managing Traffic with ACLs
What criteria do extended IP access lists use to filter packets? Extended
IP access lists use the source address, destination address, protocols, and por
t numbers to filter packets. Managing Traffic with ACLs
What advantage do named access lists have over standard and extended access list
s? Named access lists allow you to edit or delete individual rules in the a
ccess lists. With standard and extended access lists, if you want to modify the
access list, you have to remove the entire access list, make the changes, and th
en apply the edited access list. Managing Traffic with ACLs
What are dynamic access lists? "Dynamic access lists (lock-and-key) dynamically
create access list entries on the router to allow a user that has authenticated
to the router through Telnet to access resources that are blocked behind the ro
uter.
Dynamic access lists depend on the user authenticating to the router and on exte
nded access lists. Considered lock-and-key, the configuration starts with an ext
ended ACL that blocks traffic through the router. A user that wants to traverse
through the router is blocked by the extended ACL until he authenticates to the
router through Telnet with a username and password. After the user is authentica
ted, the Telnet connection is dropped, and a single-entry dynamic ACL entry is a
dded to the extended ACL to permit the user to traverse through the router."
Managing Traffic with ACLs
What are reflective access lists? "Reflective access lists allow IP packet
s to be filtered based on upper-layer session information. The allow outbound tr
affic and limit inbound traffic in response to sessions that originate from a ne
twork inside the router.
Reflective ACLs contain only temporary entries that are created when a new IP se
ssion begins and are removed when the session ends. Reflective ACLs are not appl
ied directly to an interface, but are ""nested"" within an extended named IP ACL
that is applied to an interface." Managing Traffic with ACLs
What are time-based access lists? Time-based ACLs are similar to extended
access lists, except they control access based on time. Managing Traffic with AC
Ls
In what two ways can IP access lists be applied to an interface? "Inbound
or outbound.
Inbound access lists process packets as they enter a router's interface and befo
re they are routed.
Outbound access lists process packets as they exit a router's interface and afte
r they are routed." Managing Traffic with ACLs
How many access lists can be applied to an interface on a Cisco router? Only one
access list per protocol, per direction, per interface can be applied on a Cisc
o router. Multiple access lists are permitted per interface, but they must be fo
r different protocols. Managing Traffic with ACLs
How are access lists processed? Access lists are processed in sequential, logica
l order, evaluating packets from the top down, one statement at a time. As soon
as a match is made, the permit or deny option is applied, and the packet is not
applied to any more access list statements. Because of this, the order of the st
atements within an access list is significant. Managing Traffic with ACLs
What is at the end of each access list? An implicit deny any statement is at the
end of each access list. An implicit deny statement denies any packet not filte
red in the access list. Managing Traffic with ACLs
What are the number ranges that define standard and extended IP access lists?
"The number ranges that define standard and extended IP access lists are as foll
ows:
- Standard IP access lists: 1 to 99 and 1300 to 1999 (expanded range)
- Extended IP access lists: 100 to 199 and 2000 to 2699 (expanded range)"
Managing Traffic with ACLs
When implementing access lists, what are wildcard masks? "Wildcard masks
define the subset of the 32 bits in the IP address that must be matched.
Wildcards are used with access lists to specify a host, network, or part of a ne
twork. In wildcard masks, when 0s are present, the octet address must match. Mas
k bits with a binary value of 1 are wildcards. For example, if you have an IP ad
dress of 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions
of the IP address must match 172.16, but the last two octets can be in the range
of 1 to 255." Managing Traffic with ACLs
What is the IOS command syntax that creates a standard IP access list? "The com
mand syntax that creates a standard IP access list is as follows:
access-list access-list-number {permit | deny} source-address
[wildcard-mask]
In this syntax, access-list-number is a number from 1 to 99 or 1300 to 1999.
For example:
RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
This command creates access list number 10, which denies any IP address between
192.168.0.0 and 192.168.0.255." Managing Traffic with ACLs
After you create a standard or extended IP access list, how do you apply it to a
n interface on a Cisco router? "Use the ip access-group interface command, as f
ollows:
ip access-group access-list-number {in | out}
For example:
RouterA(config)#int s0
RouterA(config-if)#ip access-group 10 in
This applies access list 10 to serial interface 0 as an inbound access list."
Managing Traffic with ACLs
What two things must you do to activate an access list? "To activate an access l
ist, you must follow these steps:
Step 1. Create the access list.
Step 2. Apply the access list as part of a group on an interface." Managing
Traffic with ACLs
"Create a standard access list that permits the following networks:
192.168.200.0
192.168.216.0
192.168.232.0
192.168.248.0" "You have two ways to do this. First, you can create one access
list that contains an entry for each network using the following commands:
access-list 10 permit 192.168.200.0 0.0.0.255
access-list 10 permit 192.168.216.0 0.0.0.255
access-list 10 permit 192.168.232.0 0.0.0.255
access-list 10 permit 192.168.248.0 0.0.0.255
A second way to do this is to create a single entry with wildcard masks, as foll
ows:
access-list 10 permit 192.168.200.0 0.0.48.255
To see how this one statement denies all the networks, you must look at it in bi
nary:
.200 = 11001000
.216 = 11011000
.232 = 11101000
.248 = 11111000
All the bits match except the third and fourth bits. With wildcard masks, these
are the bits you want to match. Therefore, your wildcard mask would be 00110000
in binary, which is 48." Managing Traffic with ACLs
What is the Cisco IOS command syntax that creates an extended access list?
"To create an extended access list in IOS, use the following command:
access-list access-list-number {permit | deny} protocol source-address
source-wildcard [operator port] destination-address destination-wildcard
[operator port]
In this syntax, protocol examples include IP, TCP, User Datagram Protocol (UDP),
Internet Control Message Protocol (ICMP), generic routing encapsulation (GRE),
and Interior Gateway Routing Protocol (IGRP).
The operator port value can be lt (less than), gt (greater than), eq (equal to),
or neq (not equal to) and a protocol port number." Managing Traffic with AC
Ls
Create an extended access list that denies web traffic to network 192.168.10.0.
"To create an extended access list that denies web traffic to network 192.168.10
.0, enter the following:
access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq www
access-list 101 permit ip any any" Managing Traffic with ACLs
Create a named access list that blocks pings from networks 172.16.0.0/22 to host
192.168.0.101. "To create a named access list that blocks pings from networks 1
72.16.0.0/22 to host 192.168.0.101, enter the following:
ip access-list extended block-ping
deny icmp 172.16.0.0 0.0.3.255 host 192.168.0.101 echo" Managing Traffic with AC
Ls
"What does the following access list do?
access-list 110 deny ip host 172.16.0.2 any
access-list 110 permit ip any any" The access list denies any traffic from
the host 172.16.0.2 and permits all other traffic. Managing Traffic with AC
Ls
Create an access list that permits only vty access from network 192.168.10.0 255
.255.255.0 to connect to the Cisco router. "To create an access list that p
ermits only vty access from network 192.168.10.0 255.255.255.0 to connect to the
Cisco router, enter the following:
RouterA(config)#access list 10 permit ip 192.168.10.0 0.0.0.255
RouterA(config)#line vty 0 15
RouterA(config-if)#access-class 10 in" Managing Traffic with ACLs
Create an extended ACL using entry sequence numbers that permits HTTP and FTP tr
affic from network 192.168.1.0 255.255.255.0 to network 172.16.0.0 255.255.0.0.
"To permit HTTP and FTP traffic, use the following syntax:
ip access list extended 100
1 permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq http
10 permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq ftp" Managing
Traffic with ACLs
How do you create a dynamic access list on a Cisco router? "To create a dyn
amic ACL, follow these steps:
Step 1. Create a user authentication method on the router. This can either be lo
cal or remote using an authentication, authorization, and accounting (AAA) or RA
DIUS server.
Step 2. Define an extended ACL to permit vty access but block all other traffic.
Step 3. Create a dynamic ACL that applies to the extended ACL you created after
it is authenticated.
The following example uses local authentication:
RouterA(config)#username remote password 0 cisco
RouterA(config)#username remote autocommand access-enable host timeout 10"
Managing Traffic with ACLs
What IOS command can you use to see whether an IP access list is applied to an i
nterface? "To determine whether an IP access list is applied to an interfa
ce, enter the following command:
show ip interface interface-type interface-number" Managing Traffic with AC
Ls
How can you display all access lists on a Cisco router? "To display all access l
ists, enter the show running-config or the show access-list command, as follows:
RouterA#show access-list
Standard IP access list 10
deny 192.168.0.0, wildcard bits 0.0.0.255
Extended IP access list 101
permit tcp any any eq www
permit udp any any eq domain
permit udp any eq domain any
permit icmp any any
deny tcp 192.168.10.0 0.0.0.255 any eq www
RouterA#" Managing Traffic with ACLs
"As a network administrator, you want to block all Telnet traffic originating fr
om your router's Fast Ethernet interface 0/0 that is connected to network 192.16
8.1.0/24 and permit all other IP traffic. You create the following access list a
nd apply it to Fast Ethernet interface 0/0:
access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq 23
After you apply the access list, hosts connected to the router's Fast Ethernet i
nterface cannot communicate with remote networks. Why?" "Hosts attached to netwo
rk 192.168.1.0/24 cannot communicate with remote networks because the access lis
t is denying all IP traffic. At the end of each access list is a deny all statem
ent. Thus access list 101 is not only denying Telnet traffic but is also denying
all IP traffic as well. To resolve the problem, the access list needs to be con
figured as follows:
access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq 23
access-list 101 permit ip any any" Managing Traffic with ACLs
"Define the following Cisco NAT terminology:
- Inside local address
- Inside global address
- Outside local address
- Outside global address" "The Cisco NAT terminology is defined as follows
:
- Inside local address: The IP address assigned to a host on the inside, private
network. This is usually a private IP address.
- Inside global address: A legal, routable IP address that represents one or mor
e inside local IP addresses to the outside world.
- Outside local address: The IP address of an outside host as it appears to the
inside, private network. This is usually a private IP address.
- Outside global address: The IP address assigned to a host on the outside netwo
rk by the host's owner. This is usually a routable IP address." Managing Address
Space with NAT and IPv6
What is overload NAT? Overload NAT is another term for Port Address Translatio
n (PAT). It has a many-to-one mapping. Managing Address Space with NAT and IPv6
What are three benefits of NAT? "Three benefits of NAT are as follows:
- Eliminates readdressing overhead of hosts that require external access
- Conserves IP addresses through application port-level multiplexing
- Hides the internal network, providing a small level of network security"
Managing Address Space with NAT and IPv6
How many internal hosts can be translated to one routable IP address through PAT
? Theoretically, 65,536 internal hosts can be translated by PAT using one
routable IP address. Managing Address Space with NAT and IPv6
Configure internal host 192.168.10.5/24 to be statically translated to the exter
nal IP address 216.1.1.3/24. "To configure static NAT, you must first create
the static mapping table and then define which interfaces on your router connect
to the inside network and the outside network. The following example creates th
e static mapping and defines interface s0 as connecting to the outside network a
nd interface e0 as connecting to the inside network:
RouterB(config)#ip nat inside source static 192.168.10.5 216.1.1.3
RouterB(config)#int s0
RouterB(config-if)#ip nat outside
RouterB(config-if)#int e0
RouterB(config-if)#ip nat inside" Managing Address Space with NAT and IPv6
Configure the internal host range of 192.168.10.0 255.255.255.0 to be translated
using NAT to the external range of IP addresses 216.1.1.0 255.255.255.240.
"To configure dynamic NAT, you first have to create a NAT pool of external IP ad
dresses that internal hosts can draw from. Then create an access list that defin
es the internal hosts to be translated. Finally, enable the translation to occur
. As with static NAT, you have to define which interface is internal and which i
nterface is external. The following commands outline this process:
RouterB(config)#ip nat pool cisco 216.1.1.1 216.1.1.14 netmask 255.255.255.240 (
creates a NAT pool called cisco)
RouterB(config)#access-list 10 permit 192.168.10.0 0.0.0.255 (defines the IP add
resses that will be translated)
RouterB(config)#ip nat inside source list 10 pool cisco (establishes dynamic tra
nslation of access list 10 with the NAT pool named cisco)" Managing Address
Space with NAT and IPv6
How do you configure PAT or overload NAT? "To configure PAT, you first def
ine an access list that permits the internal hosts to be translated. You then us
e the ip nat inside source list access-list-number interface interface-type over
load global command. The following example enables PAT for internal host 192.168
.10.0/24 using the external IP address on interface S0:
RouterB(config)#access-list 20 permit 192.168.10.0 0.0.0.255
RouterB(config)#ip nat inside source list 20 interface s0 overload" Managing
Address Space with NAT and IPv6
What Cisco command clears all the NAT mappings in the NAT table? The clea
r ip nat translation * command clears all the NAT translations in the NAT table.
This command is useful for troubleshooting NAT. Managing Address Space w
ith NAT and IPv6
How do you view the active NAT translations in the NAT table? "To view the act
ive NAT mappings in the NAT table, use the show ip nat translation command, as f
ollows:
RouterB# show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 216.1.1.1 192.168.10.5 --- ---
--- 216.1.1.2 192.168.10.16 --- ---" Managing
Address Space with NAT and IPv6
What Cisco IOS command displays every packet that is translated by the router?
To troubleshoot NAT and view every packet that is translated by the router, use
the debug ip nat command. Managing Address Space with NAT and IPv6
"You configure your Cisco router to NAT hosts on network 192.168.10.0/24 to use
NAT pool 216.1.1.2[nd]216.1.1.200 for Internet access. After configuring NAT, yo
ur hosts still cannot access the Internet. The following is a partial output fro
m your router's configuration:
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Ethernet1
ip address 216.1.1.1 255.255.255.0
!
ip nat pool Internet 216.1.1.2 216.1.1.200
ip nat inside source list 10 pool Internet
!
access-list 10 permit 192.168.10.0 0.0.0.255
!
-text omitted-
What is the problem?" NAT is configured incorrectly. The router configuration
shows that a NAT outside interface is not configured. As a result, the router ca
nnot translate the IP addresses. To fix the problem, define interface Ethernet1
with the ip nat outside command. Managing Address Space with NAT and IPv6
"You configure your Cisco router to NAT hosts on network 192.168.10.0/24 to use
NAT pool 216.1.1.2[nd]216.1.1.254 for Internet access. After configuring NAT, on
ly some of your hosts have Internet access. The following is a partial output fr
om your router's configuration:
interface Ethernet0
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Ethernet1
ip address 216.1.1.1 255.255.255.0
ip nat outside
!
!
ip nat pool Internet 216.1.1.2 216.1.1.200
ip nat inside source list 10 pool Internet
!
access-list 10 permit 192.168.10.0 0.0.0.127
!
-text omitted-
What is the problem?" Only some of the hosts on network 192.168.10.0/24 have I
nternet access because of an incorrect wildcard mask in the access list. The cur
rent wildcard mask only NATs half of the hosts on network 192.168.10.0/24. To fi
x the problem, use the correct wildcard mask of 0.0.0.255. Managing Address
Space with NAT and IPv6
How many network bits are in an IPv6 address? "An IPv6 address is 128 bits lon
g and is represented in eight 16-bit hexadecimal segments. An example of an IPv6
address is as follows:
2001:0D02:0000:0000:0000:C003:0001:F00D" Managing Address Space with NAT
and IPv6
Besides a larger address space, what are some additional benefits of IPv6?
"Some additional benefits of IPv6 are as follows:
- Simplified header
- Autoconfiguration
- Security with mandatory IPsec for all IPv6 devices
- Mobility
- Enhanced multicast support
- Extension headers
- Flow labels
- Improved address allocation
- Address aggregation" Managing Address Space with NAT and IPv6
What are the two rules for reducing the size of written IPv6 addresses? "The two
rules for reducing the size of written IPv6 addresses are as follows:
- Rule 1: The leading 0s in any segment do not have to be written. If a segment
has fewer than four hexadecimal digits, it is assumed that the missing digits ar
e leading 0s. For example, 2001:0D02:0000:0000:0000:C003:0001:F00D, can be writt
en as follows:
2001:D02:0:0:0:C003:1:F00D
- Rule 2: Any single, consecutive fields of all 0s can be represented with a dou
ble colon. For example, 2001:D02:0:0:0:C003:1:F00D can be further reduced to the
following:
2001:D02::C003:1:F00D" Managing Address Space with NAT and IPv6
What are the three types of IPv6 addresses? "The three types of IPv6 address
es are as follows:
- Unicast
- Anycast
- Multicast" Managing Address Space with NAT and IPv6
What is an IPv6 unicast address? "An IPv6 unicast address is an address t
hat identifies a single device. It has a one-to-one mapping.
Unicast addresses include global, link local, unique local, and compatible."
Managing Address Space with NAT and IPv6
What is a global unicast address? A global unicast address is a unicast ad
dress that is globally unique and can be routed globally. Managing Address
Space with NAT and IPv6
What is a link local unicast address? A link local unicast address is an IPv6
address whose address is confined to a single link. Thus the address is not rout
able off the link. Managing Address Space with NAT and IPv6
What is an IPv6 anycast address? An IPv6 anycast address is an address th
at represents a service instead of a device. Anycast addresses have a one-to-nea
rest mapping. Managing Address Space with NAT and IPv6
What is an IPv6 multicast address? An IPv6 multicast address identifies a s
et of devices called a multicast group. It has a one-to-many mapping and also re
places IPv4 broadcast addresses. Managing Address Space with NAT and IPv6
What are the first 3 bits of an IPv6 unicast address always set to? The firs
t 3 bits of an IPv6 unicast address are always 001. Managing Address Space w
ith NAT and IPv6
What are the three ways an IPv6 host can be assigned an address? "An IPv6
host can be assigned an address statically, with stateless autoconfiguration, o
r by Dynamic Host Configuration Protocol version 6 (DHCPv6).
The last 64 bits of an IPv6 address are always the host portion of the address."
Managing Address Space with NAT and IPv6
Because IPv6 uses a 128-bit address, routing protocols need to be modified to su
pport IPv6. What routing protocols support IPv6? "The following routing p
rotocols support IPv6:
- RIPng
- OSPFv3
- EIGRP for IPv6
- Intermediate System[nd]to[nd]Intermediate System (IS-IS) for IPv6
- Multiprotocol Border Gateway Protocol (MP-BGP)" Managing Address Space w
ith NAT and IPv6
How do you configure static routes with IPv6? Static routing with IPv6 is conf
igured the same way as with IPv4. However, IPv6 has one specific requirement: Th
e router must be able to determine the link-local address of each neighboring ro
uter. In other words, do not use a global unicast address as a next-hop address
when configuring IPv6 static routes. Managing Address Space with NAT and IPv6
What is RIPng? "RIPng is the IPv6 version of Routing Information Protocol (RIP)
, a distance vector protocol. RIPng is defined in RFC 2080 and is based on RIPv2
. Thus RIPng uses hop count as its metric and has a maximum hop count of 15. How
ever, some changes to RIPng are as follows:
- Uses IPv6 for transport.
- Uses multicast group FF02::09 to advertise routes every 30 seconds.
- Updates are sent on User Datagram Protocol (UDP) port 521." Managing Address
Space with NAT and IPv6
What features does OSPFv3 add? "Open Shortest Path First version 3 (OSPFv3) is
based on the current version of OSPF, which is version 2. Like version 2, OSPFv3
sends Hellos to neighbors, exchanges link-state advertisements (LSA), and excha
nges database descriptor (DBD) packets. However, OSPFv3 runs directly over IPv6
and advertises using multicast groups FF02::5 and FF02::06, but uses its link-lo
cal address as the source address of its advertisements.
FF02::5 is the ""all OSPF routers"" address, and FF02::06 is the ""all OSPF DRs"
" address." Managing Address Space with NAT and IPv6
How does EIGRP for IPv6 differ from EIGRP? Enhanced IGRP (EIGRP) for IPv6 i
s the same EIGRP protocol as used with IPv4. It uses the same metric but include
s a protocol-dependent module for IPv4 and IPv6. Managing Address Space w
ith NAT and IPv6
What are IPv6 transition mechanisms? Until IPv6 completely replaces IPv4, IPv
6 hosts need to be able to communicate with IPv4 hosts or through IPv4 networks.
IPv6 transition mechanisms are ways to enable IPv6-only hosts to reach IPv4 ser
vices and ways to allow isolated IPv6 hosts and networks to reach the IPv6 Inter
net over the IPv4 infrastructure. Managing Address Space with NAT and IPv6
What are three current IPv6 transition mechanisms? "Three current IPv6 tran
sition mechanisms are as follows:
- Dual stack
- Tunneling
- Proxying and translation" Managing Address Space with NAT and IPv6
Explain the IPv6 dual stack transition mechanism. The dual stack transitio
n mechanism is a network interface that is configured with an IPv4 address and a
n IPv6 address. A host implementing a dual stack is called a dual-stack host.
Managing Address Space with NAT and IPv6
What is the IPv6 tunneling transition mechanism? IPv6 tunneling consists
of encapsulating IPv6 packets within IPv4 packets to allow an isolated network o
r host to reach the IPv6 Internet. Two types of tunneling exist: automatic (6to4
) and static. Managing Address Space with NAT and IPv6
You have an IPv6 host on a network and want to access a web server on the IPv4 I
nternet. What type of transition mechanism would you use to accomplish this?
You would use the proxying and translation mechanism. The easiest way to access
the web server is to use a web proxy that can translate your IPv6 address to an
IPv4 address to communicate with the IPv4 web server. Managing Address Space w
ith NAT and IPv6
What are the steps to configure IPv6? "The steps to configure IPv6 are as foll
ows:
Step 1. Obtain IPv6 prefixes.
Step 2. Allocate IPv6 addresses to devices.
Step 3. Configure router interfaces.
Step 4. Configure tunnels (if communicating over an IPv4 network).
Step 5. Configure routing (static, RIPng, OSPF, EIGRP).
Step 6. Configure name servers." Managing Address Space with NAT and IPv6
How do you enable IPv6 on a Cisco router? IPv6 is not enabled by default o
n Cisco routers. The ipv6 unicast-routing global command enables IPv6 on the rou
ter. Managing Address Space with NAT and IPv6
After you enable IPv6 on a Cisco router, how do you assign IPv6 addresses to the
router's interfaces? "IPv6 addresses are assigned to router interfaces using
the ipv6 address prefix/prefix-length interface command. The following example e
nables IPv6 routing and assigns an IPv6 address to interface Ethernet 0:
RouterA#config term
RouterA(config)#ipv6 unicast-routing
RouterA(config)#interface ethernet 0
RouterA(config-if)#ipv6 address 2001:0d02::2:0100/64" Managing Address Space w
ith NAT and IPv6
How do you manually configure IPv6 tunnels? "IPv6 tunnels are configured on
domain border routers that have to communicate with each other through an IPv4 n
etwork. The following commands create an IPv6 tunnel through an IPv4 network:
RouterB(config)#interface tunnel 0 (create the tunnel interface)
RouterB(config-if)#description IPv6 tunnel to RouterA (identify the tunnel)
RouterB(config-if)#ipv6 unnumbered ethernet 0 (use IPv6 address on e0 for tun
nel)
RouterB(config-if)#tunnel source ethernet 0 (configure tunnel source as e0)
RouterB(config-if)#tunnel destination 192.168.10.2 (the IPv4 address the tunn
el terminates)
RouterB(config-if)#tunnel mode ipv6ip (configure the tunnel mode as IPv6)"
Managing Address Space with NAT and IPv6
After you created an IPv6 tunnel between domain border routers, how do you confi
gure RIPng to route traffic between the two sites? "After the IPv6 tunnel h
as been created, you need to route traffic between the sites. This can be done s
tatically or by using a routing protocol. The following commands enable RIPng as
the routing protocol:Step 1. Globally enable RIPng using the ipv6 router rip
process-word command, as follows:
ipv6 router rip cisco
Step 2. Enable RIPng for the tunnel, as follows:
interface tunnel 0
ipv6 rip cisco enable" Managing Address Space with NAT and IPv6
The last step in configuring IPv6 is to configure name servers on the router. Ho
w do you configure Cisco routers to use IPv6 name servers (Domain Name Systems [
DNS])? "To configure IPv6 DNS name servers on the router for domain name resolu
tion, use the following global command:
ip name-server server-address1 [server-address2 server-address6]" Managing Address
Space with NAT and IPv6
What are synchronous links? Synchronous links have identical frequencies and
contain individual characters encapsulated in control bits, called start/stop b
its, which designate the beginning and end of each character. Synchronous links
try to use the same speed as the other end of a serial link. Synchronous transmi
ssion occurs on V.35 and other interfaces, where one set of wires carries data a
nd a separate set of wires carries clocking for that data. Establishing Ser
ial Point-to-Point Connections
What are asynchronous links? Asynchronous links send digital signals without
timing. Asynchronous links agree on the same speed, but no check or adjustment o
f the rates occurs if they are slightly different. Only 1 byte per transfer is s
ent. Modems are asynchronous. Establishing Serial Point-to-Point Connections
What are typical Layer 2 encapsulation methods for WAN links? "Typical Layer 2
encapsulation methods for WAN links are as follows:
- High-Level Data Link Control (HDLC)
- Point-to-Point Protocol (PPP)
- Serial Line Internet Protocol (SLIP)
- X.25
- Link Access Procedure, Balanced (LAPB)
- Frame Relay
- Asynchronous Transfer Mode (ATM)
- Metro Ethernet
- Point-to-Point over Ethernet (PPoE)" Establishing Serial Point-to-Point Conne
ctions
Describe HDLC. HDLC was derived from Synchronous Data Link Control (SDLC). It i
s the default encapsulation type on point-to-point dedicated links and circuit-s
witched connections between Cisco routers. It is an ISO-standard, bit-oriented,
data-link protocol that encapsulates data on synchronous links. HDLC is a connec
tion-oriented protocol that has little overhead. HDLC lacks a protocol field and
therefore cannot encapsulate multiple network layer protocols across the same l
ink. Because of this, each vendor has its own method of identifying the network-
layer protocol. Cisco offers a propriety version of HDLC that uses a type field
that acts as a protocol field, making it possible for multiple network-layer pro
tocols to share the same link. Establishing Serial Point-to-Point Connections
What is the default encapsulation on a Cisco serial interface? HDLC. Establis
hing Serial Point-to-Point Connections
By default, Cisco uses HDLC as its default encapsulation method across synchrono
us lines (point-to-point links). If a serial line uses a different encapsulation
protocol, how do you change it back to HDLC? "To change a serial line back to
HDLC, use the following interface command on the serial interface you want to c
hange:
Router(config-if)#encapsulation hdlc
If the serial interface was previously configured for Frame Relay, you could als
o use the no encapsulation frame-relay interface command to set the encapsulatio
n back to HDLC." Establishing Serial Point-to-Point Connections
What is the Point-to-Point Protocol (PPP)? PPP is an industry-standard prot
ocol that provides router-to-router or router-to-host connections over synchrono
us and asynchronous links. It can be used to connect WAN links to other vendors'
equipment. It works with several network-layer protocols, such as IP and Intern
etwork Packet Exchange (IPX). PPP provides authentication (which is optional) th
rough Password Authentication Protocol (PAP), Challenge Handshake Authentication
Protocol (CHAP), or Microsoft CHAP (MS-CHAP). Establishing Serial Point-to-Poi
nt Connections
List three characteristics of PPP. "Three characteristics of PPP are as fol
lows:
- It can be used over dial (analog) or switched lines.
- It provides error correction.
- It encapsulates several routed protocols." Establishing Serial Point-to-Poi
nt Connections
What is Frame Relay? An industry standard, Frame Relay is a switched data lin
k layer protocol that uses virtual circuits to identify the traffic that belongs
to certain routers. It provides dynamic bandwidth allocation and congestion con
trol. Establishing Serial Point-to-Point Connections
What two WAN encapsulations on a serial link are considered to be the most usefu
l? HDLC and PPP are considered to be the most useful because they are the m
ost common and easiest to configure on a Cisco router. Establishing Serial Poin
t-to-Point Connections
How do you view the encapsulation type on a serial interface? "The show interf
ace serial interface-number command, as follows, allows you to view the encapsul
ation type on a serial interface:
RouterB#show interface serial 0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input 00:00:00, output 00:00:03, output hang never
Last clearing of ""show interface"" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec" Establishing Serial Poin
t-to-Point Connections
What provides clocking for a serial line? The data communications equipmen
t (DCE) provides clocking for a serial line. Examples of DCE devices are a data
service unit/channel service unit (DSU/CSU) or another serial interface on a Cis
co router configured for clocking. Establishing Serial Point-to-Point Conne
ctions
What command must be entered when connecting two routers without external DCE de
vices through a serial link? The clock rate command must be entered. When con
necting two routers without an external DCE device, the clock rate interface com
mand changes one of the router's serial interfaces from a data terminal equipmen
t (DTE) device to a DCE device. Establishing Serial Point-to-Point Connections
What command changes the clock rate of a Cisco interface acting as a DCE to 56 k
bps? The clock rate 56000 command changes the clock rate to 56 kbps. Establis
hing Serial Point-to-Point Connections
What is the default bandwidth of a serial interface on a Cisco router? "The def
ault bandwidth is 1544 kbps, or T1. This can be viewed with the show interface s
erial interface-number command, as follows:
RouterA#show int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10sec)
(Text omitted)" Establishing Serial Point-to-Point Connections
"Which is the correct command to change the bandwidth of a serial interface to 2
56 kbps?
a. bandwidth 256k
b. band width 256
c. bandwidth 256
d. bandwidth 256000
e. band width 256000" "c. The command to change the bandwidth of a ser
ial interface is the bandwidth bandwidth-in-kbps interface command. The correct
command to change the bandwidth to 256 kbps is as follows:
RouterA(config-if)# bandwidth 256" Establishing Serial Point-to-Point Conne
ctions
PPP can be used over what physical WAN interfaces? "PPP can be used over th
e following physical WAN interfaces:
- Asynchronous serial interfaces
- High-Speed Serial Interfaces (HSSI)
- ISDN interfaces
- Synchronous serial interfaces" Establishing Serial Point-to-Point Conne
ctions
PPP is a data link layer protocol that provides network layer services. What are
the two sublayers of PPP? "The two sublayers of PPP are as follows:
- Network Control Protocol (NCP): The component that encapsulates and configures
multiple network layer protocols. Some examples of these protocols are IP Contr
ol Protocol (IPCP) and Internetwork Packet Exchange Control Protocol (IPXCP).
- Link Control Protocol (LCP): Used to establish, configure, maintain, and termi
nate PPP connections." Establishing Serial Point-to-Point Connections
What features does LCP offer to PPP encapsulation? LCP offers authenticatio
n, callback, compression, error detection, and multilink to PPP encapsulation.
Establishing Serial Point-to-Point Connections
What two methods of authentication can be used with PPP links? "The two methods
of authentication that can be used with PPP links are as follows:
- Password Authentication Protocol (PAP)
- Challenge Handshake Authentication Protocol (CHAP)" Establishing Serial Poin
t-to-Point Connections
What two protocols are available for compression on PPP links? The two protocol
s are Stacker and Predictor. As a rule, Predictor uses more memory than Stacker,
and Stacker is more CPU intensive than Predictor. Establishing Serial Poin
t-to-Point Connections
What three phases are used to establish a PPP session? "The three phases used t
o establish a PPP session are as follows:
Step 1. Link establishment phase: Each PPP device sends LCP packets to configure
and test the link (Layer 1).
Step 2. Authentication phase (optional): If authentication is configured, either
PAP or CHAP is used to authenticate the link. This must take place before the n
etwork layer protocol phase can begin (Layer 2).
Step 3. Network layer protocol phase: PPP sends NCP packets to choose and config
ures one or more network layer protocols to be encapsulated and sent over the PP
P data link (Layer 3)." Establishing Serial Point-to-Point Connections
What IOS command enables PPP on a Cisco router serial interface? "The enc
apsulation ppp interface command, as follows, enables PPP on a Cisco router seri
al interface:
RouterB(config-if)#encapsulation ppp" Establishing Serial Point-to-Point Conne
ctions
How do you enable PPP authentication using PAP or CHAP on a Cisco router?
"Follow these steps to enable PPP authentication using PAP or CHAP on a Cisco ro
uter:
Step 1. Make sure that each router has a host name assigned to it using the host
name command.
Step 2. On each router, define the username of the remote router and the passwor
d that both routers will use with the username remote-router-name password passw
ord command.
Step 3. Configure PPP authentication with the ppp authentication {chap | chap pa
p | pap chap | pap} interface command. (If both PAP and CHAP are enabled, the fi
rst method you specify in the command is used. If the peer suggests the second m
ethod or refuses the first method, the second method is used.)
RouterB(config)#hostname RouterB
RouterB(config)#username RouterA password cisco
RouterB(config)#int s0
RouterB(config-if)#ppp authentication chap pap" Establishing Serial Point-to-Poi
nt Connections
If PPP is enabled on an interface, how do you view the LCP and NCP states of the
interface? "Issue the show interface serial interface-number command, as fo
llows, to view LCP and NCP states:
RouterA#show int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of ""show interface"" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
(text omitted)" Establishing Serial Point-to-Point Connections
A Cisco router and a router from another manufacturer are directly connected thr
ough a dedicated serial link. What command can be used on the Cisco router to fo
rm a WAN connection between the two routers? The encapsulation ppp interface
command can be used to form a WAN connection between the two routers. Because th
e Cisco router is connecting to another manufacturer's router over a dedicated s
erial link, PPP needs to be configured as the Layer 2 WAN protocol. If both rout
ers were Cisco routers, HDLC or PPP encapsulation could be used. Establis
hing Serial Point-to-Point Connections
"Router A is connected to Router B through a dedicated link. Router B is a non-C
isco router. Using the command output shown, what must be configured on interfac
e S of Router A to change the line protocol from down to up?
RouterA#show int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10sec)
!output omitted!" The encapsulation ppp command changes the line protocol
from down to up. Because Router B is a non-Cisco router, PPP must be used as the
encapsulation type between the routers. In the output, Router A is configured t
o use HDLC. Because HDLC is proprietary to Cisco, it does not work with a non-Ci
sco router. Establishing Serial Point-to-Point Connections
What protocol does Frame Relay rely on for error checking? "Frame Relay rel
ies on upper-layer protocols.
Frame Relay does not rely on any certain protocol for error checking. Instead, i
t relies on upper-layer protocols to provide error checking. For example, Frame
Relay relies on TCP to provide error checking in an IP network." Establis
hing Frame Relay Connections
What is the difference between switched virtual circuits (SVC) and permanent vir
tual circuits (PVC)? SVCs are dynamically established. PVCs are permanent. SV
Cs are virtual circuits that are dynamically established when data needs to be t
ransferred and that are terminated when data transmission is complete. SVCs cons
ist of four states: call setup, data transfer, idle, and call termination. PVCs
are permanently established virtual circuits that operate in one of two states:
idle or data transfer. When the PVC is idle, the connection between the data ter
minal equipment (DTE) devices is still active. Establishing Frame Relay Connect
ions
What is a data-link connection identifier (DLCI)? "A DLCI is a number that
identifies the logical circuit between the router and the Frame Relay switch. I
t is the Frame Relay Layer 2 address.
The Frame Relay switch maps DLCIs between each pair of routers to create a PVC.
For IP devices at the end of each virtual circuit to communicate, their IP addre
sses need to be mapped to DLCIs. Mapping DLCIs is done automatically using Inver
se ARP. DLCIs have local significance. Think of DLCIs as the MAC address of the
Frame Relay network." Establishing Frame Relay Connections
What does the Frame Relay switch use to distinguish between each PVC connection?
The Frame Relay switch uses DLCIs to distinguish between each PVC connection.
Establishing Frame Relay Connections
What is the committed information rate (CIR)? The CIR is the rate, in bits per
second, that the service provider commits to transferring data. The service pro
vider sends any data in excess of this rate if its network has capacity at that
time. Establishing Frame Relay Connections
How does Frame Relay use Inverse ARP? "Frame Relay uses Inverse ARP as a way t
o dynamically map a network layer address to a DLCI.
Frame Relay uses Inverse ARP to determine the remote node's IP address by sendin
g the Inverse ARP to the local DLCI. With Inverse ARP, the router can discover t
he network address of a device associated with a virtual circuit (VC)." Establis
hing Frame Relay Connections
What is the Local Management Interface (LMI)? The LMI is a signaling standard
between a customer premises equipment (CPE) device (a router) and the Frame Rela
y switch that is responsible for managing and maintaining status between the dev
ices. It is autosensed with Cisco IOS Release 11.2 and later. Establishing Fra
me Relay Connections
In Frame Relay, what is forward explicit congestion notification (FECN)?
The FECN is the bit in the Frame Relay header that signals to anyone receiving t
he frame (switches and DTEs) that congestion is occurring in the same direction
as the frame (the frame cloud). Switches and DTEs can react by slowing the rate
at which data is sent in that direction. Establishing Frame Relay Connect
ions
What is backward explicit congestion notification (BECN)? "The BECN is the
bit in the Frame Relay header that signals to switches and DTEs receiving the f
rame that congestion is occurring in the direction opposite (backward) of the fr
ame.
If switches and DTE devices detect that the BECN bit in the Frame Relay header i
s set to 1, they slow the rate at which data is sent in that direction."
Establishing Frame Relay Connections
In the Frame Relay header, what is the discard eligibility (DE) bit? "The DE
bit is turned on for frames that are in excess of the CIR. The DE bit tells a sw
itch which frames to discard if they must be discarded.
For example, if your CIR is 256 kbps and you are using 512 KB of bandwidth, any
frame above the first 256 KB will have the DE bit turned on. If the Frame Relay
switch becomes congested, it will discard any frame above the first 256 KB with
the DE turned on." Establishing Frame Relay Connections
The Frame Relay circuit between two routers is experiencing congestion. Which ty
pes of notifications are used to alleviate the congestion? FECNs, BECNs, an
d DE notifications alleviate the congestion. Establishing Frame Relay Connect
ions
What is the default LMI type for Cisco routers that are configured for Frame Rel
ay? "The default LMI for Cisco routers configured for Frame Relay is Cisco.
By default, Cisco routers autosense the LMI type the Frame Relay switch is using
. If it cannot autosense the LMI type, the router uses Cisco as its LMI type. Th
e three types of LMIs supported by Cisco routers are as follows: Cisco
ANSI
Q933a" Establishing Frame Relay Connections
When a router receives LMI information, it updates its VC status to one of three
states. What are these three states? "The three states of a VC are as follows
:
- Active state: The connection is active, and routers can exchange data.
- Inactive state: The local connection to the Frame Relay switch is working, but
the remote router's connection to the Frame Relay switch is not working.
- Deleted state: Indicates that no LMIs are being received from the Frame Relay
switch or that no service exists between the router and the Frame Relay switch."
Establishing Frame Relay Connections
How do you enable Frame Relay on a Cisco router? "To enable Frame Relay o
n a Cisco router, you must first enable the serial interface for Frame Relay enc
apsulation with the encapsulation frame-relay interface command, as follows:
RouterB(config)#int s 0
RouterB(config-if)#ip address 192.168.1.1 255.255.255.0
RouterB(config-if)#encapsulation frame-relay" Establishing Frame Relay Connect
ions
What is the command to configure DLCI 16 on interface s0? The command to c
onfigure DLCI 16 on interface s0 is frame-relay interface-dlci 16. Establis
hing Frame Relay Connections
What type of physical network is the default for a Frame Relay WAN? The defa
ult type of physical network is a nonbroadcast multiaccess (NBMA) network. The p
hysical network means the network topology. By default, Frame Relay networks are
NBMA. Nonbroadcast means that the network does not support broadcasts. Multiacc
ess means that the communication medium is shared by multiple devices, such as a
LAN. Establishing Frame Relay Connections
How do you enable Frame Relay on a subinterface? "To enable Frame Relay o
n a subinterface, you must remove the IP address from the primary interface with
the no ip address ip-address subnet-mask interface command, enable Frame Relay
encapsulation on the serial interface, and then configure each subinterface with
the IP address. For example, if you wanted to configure interface serial 0 with
a subinterface, you would issue the following commands:
West-SD(config-if)#no ip address 192.168.1.5 255.255.255.0
West-SD(config-if)#encap frame-relay
West-SD(config-if)#int s0.1 point-to-point
West-SD(config-if)#ip address 192.168.1.5 255.255.255.0
West-SD(config-if)#frame-relay interface-dlci 10
West-SD(config-if)#int s0.2 point-to-point
West-SD(config-if)#ip address 192.168.2.5 255.255.255.0
West-SD(config-if)#frame-relay interface-dlci 20" Establishing Frame Relay
Connections
The default encapsulation for a serial interface configured for Frame Relay is c
isco. If you are connecting to a non-Cisco router, how do you change the encapsu
lation type? "If you are connecting to a non-Cisco router in a Frame Relay ne
twork, you need to specify ietf as the encapsulation type, as follows:
RouterB(config-if)#ip address 192.168.1.1 255.255.255.0
RouterB(config-if)#encapsulation frame-relay ietf" Establishing Frame Relay
Connections
If you are using Cisco IOS Release 11.1 or earlier, or if you do not want to aut
osense the LMI type, how do you define the LMI type on a Cisco router? "To defi
ne the LMI type on a Cisco router, use the frame-relay lmi-type {ansi | cisco |
q933a} interface command, as follows:
RouterB(config-if)#ip address 192.168.1.1 255.255.255.0
RouterB(config-if)#encapsulation frame-relay
RouterB(config-if)#frame-relay lmi-type ansi" Establishing Frame Relay Connect
ions
If Inverse ARP is disabled on your router, how do you reenable it? "Inverse
ARP is enabled by default on a Cisco router. If it is disabled, reenable it by
using the following command:
RouterB(config-if)#frame-relay inverse-arp [protocol] [dlci]
Supported protocols indicated by the protocol option include ip, ipx, decnet, ap
pletalk, vines, and xns." Establishing Frame Relay Connections
If a remote router does not support Inverse ARP, what must you configure on the
router? If a remote router does not support Inverse ARP, you must configure a st
atic mapping between the local DLCI and the remote protocol address. Establis
hing Frame Relay Connections
If a remote router does not support Inverse ARP, you must define the address-to-
DLCI table statically. How do you create these static maps? "To define stati
c maps on a Cisco router, use this command:
RouterA(config-if)#frame-relay map protocol remote-protocol-address local-dlci
[broadcast] [ietf | cisco] [payload-compress packet-by-packet]
The protocol option defines the supported protocol: bridging or Logical Link Con
trol (LLC).
The protocol-address option is the remote router's network layer address.
The dlci option defines the local router's local DLCI.
The broadcast statement specifies whether you want to forward broadcasts over th
e VC, permitting dynamic routing protocols over the VC.
The ietf | cisco statement is the encapsulation type.
For example, the following command tells the router to get to IP address 192.168
.1.2 using DLCI 110:
RouterB(config-if)#frame-relay map ip 192.168.1.2 110 broadcast cisco"
Establishing Frame Relay Connections
How do you display the encapsulation type, DLCI, LMI type, and whether the devic
e is a DTE or DCE on a serial interface? "To display the interface's enca
psulation type, DLCI number, LMI type, and whether the device is a DTE or DCE, u
se the show interface interface-type interface-number command, as follows:
RouterA#show int s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 3, LMI stat recvd 0, LMI upd recvd 0, DTE LMI up
LMI enq recvd 5, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:05, output 00:00:07, output hang never
Last clearing of ""show interface"" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
<Output omitted>" Establishing Frame Relay Connections
What Cisco IOS command displays the LMI traffic statistics and LMI type?
"The show frame-relay lmi command, as follows, displays the LMI traffic statisti
cs and LMI type:
RouterA#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Rcvd 1748 Num Status msgs Sent 1748
Num Update Status Sent 0 Num St Enq. Timeouts 0" Establishing Fra
me Relay Connections
What command displays the status of a Frame Relay virtual circuit? The show
frame-relay pvc enable command shows the status of the Frame Relay circuit. It
also lists all the configured PVCs and DLCI numbers and the status of each PVC.
Establishing Frame Relay Connections
How do you display the current Frame Relay map entries and information about the
se connections on a Cisco router? "To view the current map entries and inf
ormation about the connections, use the show frame-relay map command, as follows
:
RouterA#show frame-relay map
Serial0 (up): ip 192.168.1.2 dlci 100(0x64,0x1840), dynamic,
Broadcast, status defined, active" Establishing Frame Relay
Connections
How do you clear dynamic Frame Relay maps that were created by Inverse ARP?
Use the clear frame-relay-inarp privileged EXEC command to clear dynamic Frame R
elay maps created by Inverse ARP. Establishing Frame Relay Connections
"As a network administrator, you configured Frame Relay on your Cisco routers; h
owever, the Frame Relay link is down. You issue the show interface serial 0 comm
and on your Cisco routers and you see the following:
RouterA#show int s0
Serial0 is down, line protocol is down
Hardware is HD64570
Internet address is 192.168.1.2/24
What are possible reasons that the Frame Relay link is down?" "Because the sho
w interface command shows that the interface is down and the line protocol is do
wn, the error is at the physical layer. This means that the problem is with the
cable, the channel service unit/data service unit (CSU/DSU), or the serial line.
To troubleshoot the problem, perform the following steps:
Step 1. Check the cable to make sure that it is a DTE serial cable and that the
cables are securely attached.
Step 2. If the cable is correct, try a different serial port.
Step 3. If the cable does not work on the second port, try replacing the cable.
If replacing the cable does not work, the problem lies with your carrier."
Establishing Frame Relay Connections
"You configure Frame Relay between two Cisco routers; however, you cannot ping t
he remote network. You issue the show interface serial 0 command and you see the
following:
RouterA#show int s0
Serial0 is up, line protocol is down
Hardware is HD64570
Internet address is 192.168.1.2/24
What are the possible reasons that you cannot ping the remote network?" "Because
the line is up but the line protocol is down, the router is getting carrier sig
nal from the CSU/DSU, and problem is with the data link layer. Causes for the li
ne protocol being down include the following:
- The Frame Relay provider did not activate its port.
- An LMI mismatch has occurred.
- An encapsulation mismatch has occurred.
- The DLCI is inactive or has been deleted.
- The DLCI is assigned to the wrong subinterface." Establishing Frame Relay
Connections
What is a Virtual Private Network (VPN)? A VPN is an encrypted connection
between private networks over a public network such as the Internet. VPNs encry
pt the traffic between connections to ensure that the traffic stays private. VPN
s use virtual connections routed through the Internet to form a private network
of the company to the remote site or employee host. Introducing VPN Solution
s
What two authentication methods are used by IPsec to authenticate peers?
"The following two authentication methods are used by IPsec to authenticate peer
s:
- Pre-Shared Keys: Pre-Shared Keys are secret key values entered into each peer
manually that authenticate the peer.
- Rivest, Shamir, and Adelman (RSA) signatures: RSA signatures use the exchange
of digital certificates to authenticate the peers." Introducing VPN Solution
s
What type of devices can be VPN gateways? "The following types of devices
can be VPN gateways:
- Routers
- Firewalls
- VPN concentrators" Introducing VPN Solutions
What is Cisco Easy VPN? Cisco Easy VPN is a cost-effective solution for deployin
g VPNs that is ideal for remote offices that have little IT support. Introduc
ing VPN Solutions
What are the two components of Cisco VPNs? "The two components of Cisco VPN
s are as follows:
- Cisco Easy VPN Server: The VPN server is a dedicated VPN gateway such as a Cis
co VPN concentrator, Cisco PIX firewall, Cisco ASA adaptive security appliance,
or a Cisco IOS router. The VPN server can terminate VPN tunnels initiated by mob
ile and remote workers running Cisco VPN client software. It also terminates VPN
tunnels in site-to-site VPNs.
- Cisco Easy VPN Remote: The VPN remote enables Cisco IOS routers, PIX firewalls
, Cisco ASA appliances, and Cisco VPN hardware clients to receive security polic
es from a Cisco Easy VPN server to minimize VPN configuration requirements at re
mote locations." Introducing VPN Solutions
What VPN parameters can an administrator configure on a Cisco Easy VPN server to
be pushed to a Cisco Easy VPN remote client? "An administrator can configure
the following parameters:
- Internal IP addresses
- Internal subnet masks
- Dynamic Host Configuration Protocol (DHCP) server addresses
- Windows Internet Name Service (WINS) server addresses
- Split-tunneling flags" Introducing VPN Solutions
What are some benefits of using the Cisco Easy VPN solution? "Some benefits o
f using the Cisco Easy VPN solution are as follows:
- Dynamic configuration of end-user policies.
- Local VPN configuration is independent of the remote peer IP address.
- Provides centralized security policy management.
- Enables large-scale deployments with rapid user provisioning.
- Removes the need for end users to install and configure Cisco Easy VPN Remote
software on their PCs." Introducing VPN Solutions
What are the two main IPsec framework protocols? "The two main IPsec fram
ework protocols are as follows:
- Authentication Header (AH): AH provides authentication and data integrity for
IPsec using the authentication and data integrity algorithms. AH does not encryp
t packets and, used alone, provides weak protection. As such, AH is used with ES
P to provide data encryption and tamper-aware security features.
- Encapsulation Security Protocol (ESP): ESP provides encryption, authentication
, and integrity. ESP encrypts the IP packet and the ESP header, thus concealing
the data payload and the identities of the source and destination." Introduc
ing VPN Solutions
What is an SSL VPN or WebVPN? "An SSL VPN or WebVPN provides remote-access con
nectivity from almost any Internet-enabled location using a web browser and its
native Secure Socket Layer (SSL) encryption. A WebVPN does not require client so
ftware to be installed on the endpoint host.
Because no client software is needed, WebVPNs allow an organization to extend se
cure remote access to almost any Internet-enabled host." Introducing VPN
Solutions
What are the two modes of Cisco WebVPN? "The two modes of Cisco WebVPN are as fo
llows:
- Clientless
- Thin client" Introducing VPN Solutions
What is IPsec? "IPsec is an industry-standard protocol that acts at the network
layer, protecting and authenticating IP packets between IPsec peers (devices).
IPsec secures a path between a pair of gateways, a pair of hosts, or a gateway a
nd a host.
IPsec is not bound to any specific encryption or authentication algorithm, keyin
g or technology, or security algorithms, thus allowing IPsec to support newer an
d better algorithms." Introducing VPN Solutions
What four security services does IPsec provide? "IPsec provides the following fo
ur security services:
- Confidentiality (encryption): Packets are encrypted before being transmitting
across a network.
- Data integrity: The receiver can verify that the transmitted data was not alte
red or changed. This is done through checksums.
- Authentication: Ensures that the connection is made with the desired communica
tion partner.
- Antireplay protection: Verifies that each packet is unique and not duplicated.
This is done by comparing the sequence number of the received packets with a sl
iding window of the destination host or gateway." Introducing VPN Solution
s
For IPsec encryption to work in a VPN, what must both the sender and receiver be
configured with? "For IPsec encryption to work in a VPN, the sender and r
eceiver must be configured with the same transform set.
A transform set is the rules used to encrypt the traffic through the VPN. These
rules are based on an algorithm and a key. If each end had a different transform
set, the receiving device would not know how to decrypt the traffic of the send
ing device." Introducing VPN Solutions
In a VPN, what is degree of security based on? Degree of security is based on t
he encryption algorithm used and the length of the key. The shorter the key, the
easier it is to break. The longer the key, the harder it is to break. Introduc
ing VPN Solutions
List three types of encryption algorithms supported by IPsec. "Three types of
encryption algorithms supported by IPsec are as follows:
- Data Encryption Standard (DES): Uses a 56-bit key that ensures high performanc
e encryption. Uses a symmetric key cryptosystem.
- Triple DES (3DES): A variant of DES that breaks data into 64-bit blocks. 3DES
then processes each block three times, each time with an independent 56-bit key,
thus providing significant improvement in encryption strength over DES. Uses a
symmetric key cryptosystem.
- Advanced Encryption Standard (AES): Provides stronger encryption than DES and
is more efficient than 3DES. Key lengths can be 128-, 192-, and 256-bit keys."
Introducing VPN Solutions
What is the Diffie-Hellman Key Exchange? The Diffie-Hellman (DH) Key Exch
ange is a public key exchange that exchanges symmetric shared secret keys used f
or encryption and decryption over an insecure channel. Introducing VPN Solution
s
How does IPsec ensure data integrity? "To ensure data integrity, IPsec uses a
data integrity algorithm that adds a hash to the message. The hash guarantees th
e integrity of the original message. If the transmitted hash matches the receive
d hash, the message has not been tampered with.
The data integrity algorithm is called the Hash-based Message Authentication Cod
e (HMAC)." Introducing VPN Solutions
What are two common HMAC algorithms used by IPsec? "Two common HMAC algorit
hms used by IPsec are as follows:
- Message digest algorithm 5 (MD5): Uses a 128-bit shared secret key. The messag
e and 128-bit shared secret key are combined and run through the MD5 hash algori
thm, producing a 128-bit hash. This hash is added to the original message and fo
rwarded to the remote host.
- Secure Hash Algorithm 1 (SHA-1): Uses a 160-bit secret key. The message and 16
0-bit shared secret key are combined and run through the SHA-1 hash algorithm, p
roducing a 128-bit hash. This hash is added to the original message and forwarde
d to the remote host." Introducing VPN Solutions
What are the two types of VPNs? "The two types of VPNs are as follows:
- Site-to-site
- Remote access" Introducing VPN Solutions
List six Cisco Easy VPN restrictions. "Six Cisco Easy VPN restrictions are as
follows:
- Manual Network Address Translation (NAT) or Port Address Translation (PAT) con
figuration is not allowed. Cisco Easy VPN Remote automatically creates the appro
priate NAT or PAT configuration for the VPN tunnel.
- Only one destination peer and only one tunnel connection are supported. Multip
le VPN tunnels must be manually configured.
- Cisco Easy VPN requires the destination peer to be a Cisco Easy VPN remote acc
ess server.
- Digital certificates are not supported. Authentication is done using Pre-Share
d Keys (PSK).
- Only Internet Security Association and Key Management Protocol (ISAKMP) policy
group 2 is supported on IPsec servers.
- Transform sets that provide encryption without authentication (ESP-DES and ESP
-3DES) or authentication with encryption are not supported. Authentication Heade
r (AH) is not supported either." Introducing VPN Solutions

Potrebbero piacerti anche