16 - IP Services I - Device Management and NAT Flashcards
1
Q
Where do log messages display to by default without needing any further configuration?
A
Console
2
Q
How do you tell IOS to send log messages to all logged users (Telnet, SSH)? What extra command must you use?
A
logging monitor
EXEC: terminal monitor
3
Q
What does the terminal monitor command do?
A
Tells IOS that this terminal session would like to receive log messages
4
Q
What does the logging monitor command do?
A
Tells IOS to enable sending of log messages to all logged messages
5
Q
What two primary options does IOS provide to keep a copy of log messages?
A
- In RAM
- Syslog server
6
Q
How do you tell IOS to store copies of log messages in RAM?
A
logging buffered
7
Q
How do you configure a router / switch to send log messages to a syslog server?
A
logging host {address | hostname}
8
Q
How would you disable timestamps and enable sequence numbers for logging?
A
no service timestamps
service sequence-numbers
9
Q
What are the Cisco logging levels from 0 - 7?
A
Emergency Alert Critical Error Warning Notification Informational Debug
10
Q
How would you set logging to levels 0 - 4 for console?
A
logging console 4
11
Q
How do configure logging message levels for Syslog?
A
logging trap 4
12
Q
How do you show logging configuration settings, basic stats and buffered logs?
A
show logging
13
Q
How would you debug something such as OSPF messages?
A
debug ip ospf hello
14
Q
Why should you be careful when enabling debug commands on production devices?
A
It uses the router CPU so can have performance impacts
15
Q
How can you monitor CPU use?
A
show process cpu
16
Q
What command enables the NTP client functionality on a device?
A
ntp server
17
Q
What should you do before enabling NTP?
A
Set the time, and correct date / timezone.
Also tell the device to adjust for daylight savings time
18
Q
How would you set the date, time and time zones?
A
clock timezone EST -5
clock summer-time EDT recurring
clock set 20:00:00 1 January 2020
19
Q
How do you show the date and time?
A
show clock
20
Q
What two ntp configuration commands does IOS supply?
A
ntp master
ntp server
21
Q
What command is used to configure a device to only run as an NTP server?
A
ntp master {stratum level}
22
Q
What command is used to configure a device to run as an NTP client and server?
A
ntp server {address | host}
23
Q
How do you check NTP status?
A
show ntp status
24
Q
How do you list all NTP servers a device can attempt to use and status information between them?
A
show ntp associations
25
What is the NTP stratum level?
Stratum level represents accuracy of a reference clock, based on number of hops away from an original given clock source. Lower stratum level is better
26
What default stratum level do routers and switches using for their internal reference clock?
8
27
What is the possible range of stratum values?
1 - 15
28
What are NTP primary and secondary servers?
Primary servers only act as a server, with a reference clock external to the device. They have a stratum level of 1.
Secondary servers use the client/server mode, relying on synchronization with some other NTP server
29
How would you configure an NTP server to use external servers but fallback to internal clocking if they fail?
ntp server time-a.com
ntp server time-b.com
ntp master 7 (worse stratum)
30
How can you use loopback interfaces in NTP for better availability?
You can use a virtual loopback interface and assign it an IP, which routing protocols can advertise about the subnet
31
How would you configure an NTP server to use a loopback interface?
interface loopback 0
ip address 172.16.10.0 255.255.255.0
ntp master 4
ntp source loopback 0
32
What is CDP and LLDP?
Cisco Discovery Protocol
| Link Layer Discovery Protocol
33
What does CDP do?
Discover basic information about neighboring routers and switches without needing to know the passwords for them
34
What are some useful details CDP discovers?
- Device ID (usually host name)
- Address list (network and data-link)
- Port identifier
- Capabilities list
- Platform
35
What is the Port identifier in CDP?
The interface on the remote router or switch on the other end of the link that sent the CDP advertisement
36
What are two general roles CDP plays?
- Provide information to devices to support some function
| - Provide information to network engineers that manage the devices
37
What do Cisco IP phones use CDP for?
To learn the data and voice VLAN IDs configured on the access switch
38
How do you list out one line summary information about each neighbor (all) or just a specific neighbor?
show cdp neighbors {interface}
39
How do you list out detailed information about neighbors?
show cdp neighbors detail
40
How do you list out detailed information about only one named neighbor?
show cdp entry {name}
41
True/False: Cisco routers and switches support the same CDP commands with same parameters and types of output
True
42
What Ethernet Multicast destination address does CDP use to make sure all devices receive a CDP message?
0100.0CCC.CCCC
43
How do you disable CDP on a given interface?
no cdp enable
44
How do you enable / disable CDP globally?
cdp run
| no cdp run
45
How do you check if cdp is enabled on all interfaces or a given interface?
show cdp interface {interface}
46
How do you view statistics for CDP advertisements sent/received?
show cdp traffic
47
What layer protocol is CDP?
Layer 2
48
What is a difference between LLDP and CDP with respects to how device capabilities are represented in command output?
LLDP only displays enabled capabilities, whereas CDP shows all supported capabilities
LLDP uses capability code B (bridge) to represent switching capability
49
True/False: Both LLDP and CDP identify IGMP as a capability
False. Only CDP does, using capability code I
50
What type of code does CDP list that LLDP does not?
Platform code
51
What multicast address does LLDP use?
0180.C200.000E
52
Is LLDP enabled by default on Cisco devices?
No
53
What does LLDP do differently with respect to sending / receiving messages?
Separates the sending and receiving of LLDP messages as separate functions
54
How do you globally enable / disable LLDP?
lldp run
| no lldp run
55
How do you control transmission / receiving of LLDP on interfaces?
lldp transmit
no lldp transmit
lldp receive
no lldp receive
56
What is the range of Private Class A addresses and how many networks is there?
10.0.0.0 - 10.255.255.255
1 Network (10.0.0.0)
57
What is the range of Private Class B addresses and how many networks is there?
172.16.0.0 - 172.31.255.255
16 Networks (172.16.0.0 - 172.31.0.0)
58
What is the range of Private Class C addresses and how many networks is there?
192.168.0.0 - 192.168.255.255
256 Networks (192.168.0.0 - 192.168.255.0)
59
How many TCP/UDP sessions approximately does NAT allow to be supported by a single public IPv4 address?
65,000
60
What are the two main benefits of CIDR?
- Allow route aggregation / summarization
| - Allow subsets of classful networks to be distributed to customers
61
What is Source NAT?
NAT type that allows enterprises to use private addresses and still communicate with hosts in the internet. Source address are translated to a public IP when leaving the router
62
What is an Inside Local address?
Private IP on the inner side of the network
63
What is an Inside Global address?
The public IP used to represent the private IP on the outside
64
What is an Outside Global (Destination NAT)?
Address that represents a host that resides outside the enterprise which NAT does not change
65
What is Static NAT?
NAT where addresses are statically mapped to each other in 1 to 1 mapping
66
What is Dynamic NAT?
Similar to Static NAT.
| 1 to 1 mapping but dynamically assigned from a pool
67
How would you clear Dynamic NAT entries?
clear ip nat translation *
68
What is the preferred NAT method / type?
NAT Overload / PAT (Port Address Translation)
69
What is NAT Overload / PAT?
Allows NAT to support many client with only a few public IP addresses by also translating the port number when necessary to distinguish between multiple private IP addresses mapped to a single public IP
70
What does the NAT router keep in its NAT table entry when using PAT?
A unique entry for every unique combination of inside local IP and port with translation to the inside global address and unique port number to be associated with that entry
71
How would you configure static NAT?
int G0/1 (random inside port)
ip address 10.1.1.1 255.255.255.0
ip nat inside
int G1/0 (port to WAN)
ip address 200.1.1.1 255.255.255.0
ip nat outside
ip nat inside source static 10.1.1.2 200.1.1.2
72
What command creates a static NAT mapping?
ip nat inside source static {inside-local} {inside-global}
73
Are static NAT entries removed from the NAT table after timeouts?
No
74
How do you show information about NAT translations?
show ip nat translations
75
How do you show NAT statistics?
show ip nat statistics
76
True/False: You must specify inside and outside interfaces in both static and dynamic NAT
True
77
How does Dynamic NAT identify which inside local addresses need to have their address translated?
ACLs
78
What steps need to be taken to configure Dynamic NAT?
1. Identify and mark inside NAT interfaces
2. Identify and mark outside NAT interfaces
3. Create ACL to match packets inbound to interface for which NAT should be performed
4. Create NAT pool for inside global mapping outlining address range
5. Tell NAT to use the pool and specify the ACL list
79
What command makes a pool of addresses for Dynamic NAT to use?
ip nat pool TestPool 200.1.1.1 200.1.1.2 netmask 255.255.255.252
80
How do you enable Dynamic NAT and tell it to use the ACL and pool?
ip nat inside source list 1 pool TestPool
81
What does the First "Misses" counter represent in the output of `show ip nat statistics`?
The number of times a new packet arrives and needs a NAT entry and doesn't find one, at which point Dynamic NAT builds an entry
82
What does the Second "Misses" counter represent in the output of `show ip nat statistics`?
The number of misses in the pool. This occurs when dynamic NAT tries to allocate a new NAT table entry and finds no available addresses and the packet cannot be translated
83
How do you show debug info for NAT?
debug ip nat
84
What two variations of PAT are there?
- One that uses a pool of inside global addresses
| - One that uses just one inside global IP
85
How do you configure PAT if you need a pool of addresses?
The same as Dynamic NAT but adding the `overload` keyword to the end of the `ip nat inside source list` command
ip nat pool TestPool 178.90.0.1 178.90.0.2 netmask 255.255.255.252
ip nat inside source list 1 pool TestPool overload
86
How do you configure PAT to just use a single Inside Global address?
Mark interfaces as inside or outside then:
| ip nat inside source list 1 interface G1/0 overload
87
When configuring Static NAT using the `ip nat inside source static` command which address comes first?
Inside Local then the Inside Global
88
What are some common areas to check when troubleshooting NAT?
- Check ACLs
- Check Pool has enough addresses
- Inside and Outside interfaces
