All Flashcards

Question

What is RFC1918?

Answer 1

It was a fix addressing IP addresses. This formed Private IP addresses within three Classes A, B, and C.

Answer 2

7 Application HTTP, HTTPS, Programming/Apps

Answer 3

6 Presentation JPG, GIFS, PNG

Answer 4

5 Session ID Session

Answer 5

4 Transport Language, segmentation, TCP, UDP, SPX (old)

Answer 6

3 Network Packets, IPv4, IPv6, Routers, IPX (no longer used)

Answer 7

2 Data Link Frame, Ethernet, Switches, Frame Relay, Token Ring

Answer 8

1 Physical Medium (media)- Copper. co-axel, Fiber, RF, Inferred, Bluetooth, Bits - 0 (off), 1 (on), hubs

Answer 9

Media Access Control

Answer 10

Name IEEE Standard Max Power per Port PoE 802.3af 15.4W PoE+ 802.3at 30W PoE++ 802.3bt Type 3 60W PoE++ 802.3bt Type 4 100W

Answer 11

Powered Devices

Answer 12

Power Source Equipment

Answer 13

Make one side 568A and the other side 568B

Answer 14

White/Orange Orange White/Green Blue White/Blue Green White/Brown Brown

Answer 15

White/Green Green White/Orange Blue White/Blue Orange White/Brown Brown

Answer 16

Shorter Distances <2km

Answer 17

Longer Distances 10-40km

Answer 18

SC or squire connector LC or Lucent, little connector ST FC MTRJ

Answer 19

Multi-Mode (Thicker inner core, 62.5 microns) Single Mode (Thinner core, 9 microns)

Answer 20

show mac-address-table

Answer 21

Content Addressable Memory Table

Answer 22

show IP route

Answer 23

It is a way for the network to identify MAC addresses. It is usually FFFF.FFFF.FFFF Mac address but is also known as ARP Packet.

Answer 24

Address Resolution Protocol

Answer 25

Protocol Data Units A means in which it can communicate to a layer above it and a layer below it in the OSI model.

Answer 26

OSI Model TCP/IP Stack Examples Application Presentation Application HTTP, FTP... Session ------------------------------------------ Transport Transport TCP, UDP ------------------------------------------- Network Internet IPv4, IPv6 ------------------------------------------- Data link Link Physical

Answer 27

Is a Ethernet that is up to 1,600 bytes in length

Answer 28

ARP - Address Resolution Protocol L3 DHCP - Dynamic Host Configuration Protocol L3

Answer 29

It was created in 1969 and was called ARPANET by the DoD

Answer 30

Please Do Not Throw Sausage Pizza Away Physical Data Network Transport Session Presentation Application

Answer 31

Physical and Logical

Answer 32

Core - The backbone of the network, primary associated with low latency and high reliability Distribution - Provides routing and VLAN routing. Management of ACLs and IPS filter are typically implemented in this layer Access - The access layer serves as a media termination point for servers and endpoints. Because access layer devices provide access to the network, the access layer is the ideal place to perform user authentication and port security.

Answer 33

Core-Distribution Access

Answer 34

Ternary Content Addressable Memory Its a table for routers, used to store IP addresses information

Answer 35

Internet Control Message Protocol Used to determine whether or not data is reaching its intended destination in a timely manner

Answer 36

Adaptive Security Appliances Are next generation, multifunction appliances that can provide firewall, VPN, intrusion prevention, and content security services

Answer 37

Intrusion Prevention System Is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it occurs

Answer 38

Application Programming Interface

Answer 39

Software - Defined Networking

Answer 40

Lightweight Access Point Protocol Establishes two channels to associated WLC (Wireless LAN Controller): One tunnel for data and one tunnel for control traffic. Traffic through the data tunnel is not encrypted, but traffic sent through the control channel is encrypted

Answer 41

In a data center, it is typically traffic between an application server and its supporting data services, such as databases or file servers.

Answer 42

Network Admission Control Prevent hosts from accessing the network if they do not comply with organizational requirements, such as an updated antivirus definition file. NAC Profiler automates NAC by automatically discovering and inventorying devices attached to the LAN

Answer 43

Access Control List Refers to a specific set of rules used for filtering network traffic, especially in computer security settings. ACLs also allow specific system objects such as directories of files access to authorized users and denies access to unauthorized users

Answer 44

Asynchronous Transfer Mode Is a switching technique used by telecommunications networks that use asynchronous time-division multiplexing to encode data into small, fixed-sized cells

Answer 45

MultiProtocol Label Switching Is a networking technology that routes traffic using the shortest path based on "labels", rather than network addresses to handle forwarding over private wide area networks

Answer 46

Pins 1 and 2 transmit Pins 3 and 6 receive

Answer 47

Single Mode Fiber Uses a 9-micron core and can be used for distances up to 80km or more

Answer 48

Multi-Mode Fiber Uses 62.5-micron core and used for distances under 2k

Answer 49

They are connects that looks like a miniature RJ-45 Ethernet copper connector, it can be provide a duplex interface in a single connector on a fiber cable

Answer 50

Show inline power

Answer 51

Run the Show Interface command on the switch, if you have a high CRC (Cycle Redundancy Check, such as 12,000) and a low collisions (<50) you may have excessive noise. Check for damaged cables, wrong cable types.

Answer 52

Show Interfaces Look for collisions, if high, start troubleshooting

Answer 53

-Malfunctioning NIC's -Too many devices transmitting on one network segment -Duplex Mismatch

Answer 54

Duplex mismatch errors Network segments are to long

Answer 55

Show Interface Look for late collision section of the report

Answer 56

Intermittent connectivity Performance problems with the network High number of collision High number of late collisions

Answer 57

The half-duplex side will report late collisions The full duplex side will report runts, Frame Check Sequence (FCS) errors and alignment errors

Answer 58

Show Interfaces Status

Answer 59

Prevents the interface from sending traffic

Answer 60

Show Interfaces Status Check to be sure "speed" is all auto or (a-)speed

Answer 61

The hardware is unable to keep up with traffic

Answer 62

Data Termination Equipment Is a device that is an information source for an information sink Examples: Computers, printers, routers

Answer 63

Data Communication Equipment Is a device used as an interface between DTE Is concerned with communication aspect of data Examples: Modems, ISDN adopters, satellites, NICs

Answer 64

Show controllers serial

Answer 65

Cisco Discovery Protocol

Answer 66

Frame control The frame control field is the first field in an 802.11 frame and its 2 bytes of data subdivided into 11 related fields of information

Answer 67

When a PD (Powered Device) attempts to draw more power than what the port can handle, it will restart the port and send a message to the log

Answer 68

It will enable Power Policing with default settings, the interface will enter an error-disable state, shutting the port down and log the error

Answer 69

CF-00-00-00-00-00

Answer 70

01-00-5E-00-00-00 thru 01-00-5E-7F-FF-FF

Answer 71

Is a communication that can be several senders and receivers like video conferencing

Answer 72

Configure Terminal or conf t for short

Answer 73

Enable conf t hostname New Hostname

Answer 74

Show Version

Answer 75

Show Interface This will show statics for each port

Answer 76

Show Running-Config Shows list of ports

Answer 77

It specifically knows the MAC address of the receiving device and encapsulates the from MAC address and the to MAC address

Answer 78

Show Interface (and then list the interface port)

Answer 79

1) Set hostname- enable/configure terminal/hostname (new hostname) 2) Assign vlan 1 (management line) IP address including subnet mask router/switch- Interface vlan1/IP address and subnet -.-.-.- -.-.-.-.-/no shutdown

Answer 80

Verify interfaces (port number) is up and line protocol is up on both ends of the link (if line protocol is down continue verifying below) Verify encapsulation are the same on both ends Verify the MTU (maximum Transmission Unit) is set at 1500 bytes All this will be shown on the Show Interfaces command

Answer 81

Verify network addressing scheme including subnet masks Verify default gateway configuration Verify that the path exists in the routing table Verify routing protocol configuration

Answer 82

Someone ran the command Shutdown to disable it

Answer 83

10-15 percent

Answer 84

Organizationally Unique Identifier To identify the manufacture of the device. it is the first three octets in a MAC address

Answer 85

Internet Control Message Protocol Used for ping commands

Answer 86

That this/these port(s) are operational

Answer 87

There is a connection issue

Answer 88

Cable is unplugged or other side is disconnected or shutdown

Answer 89

You have a interface problem

Answer 90

Some one has disabled the port

Answer 91

Run: Show Interfaces Brief Check for port number the end user is using. You can also run Show Running-Config

Answer 92

Enable config t interface (port number) Shutdown (to turn off) No Shutdown (to turn on)

Answer 93

Do then command

Answer 94

7- Application

Answer 95

Application Because it was a website that it was downloading from

Answer 96

0.0.0.0 It's the default route for most device until they get configured

Answer 97

Transmision Control Protocol

Answer 98

User Datagram Protocol

Answer 99

File Transfer Protocol TCP 20, 21

Answer 100

Secure Shell TCP 22

Answer 101

Simple Mail Transfer Protocol TCP 25

Answer 102

Is used to connect to the CLI of a device. This is not a secure connection and is rarely used TCP 23

Answer 103

Domain Name Server UDP and TCP 53

Answer 104

Dynamic Host Configuration Protocol UDP 67 and 68

Answer 105

Trivial File Transfer Protocol UDP 69

Answer 106

Hyper Text Transfer Protocol TCP Port 80

Answer 107

Post Office Protocol version 3 Only supports one way communication from the server TCP 110

Answer 108

Simple Network Management Protocol UDP 161

Answer 109

Hyper Text Transfer Protocol Secure / Secure Socket Layer TCP 443

Answer 110

Sync Acknowledge Finish Reset Urgent Rush (In order that it is used, typically)

Answer 111

show ip route

Answer 112

Preamble field 8 bytes Start of frame (SOF) field 1 byte Destination address field 6 byte Source address field 6 byte Type field 2 byte Data field from 46-1500 bytes Frame check sequence (FCS) field 4 byte

Answer 113

First five fields of the frame Preamble Start of Frame (SOF) Destination address Source address Type

Answer 114

Used to notify receiving hosts that a frame is being sent

Answer 115

Used for synchronizing with other hosts

Answer 116

Six Octets or 48 bits

Answer 117

Organizationally Unique Identifier (OUI)- Is the first three octets or 24 bits and NIC-specific identifier which is the last 3 octets or 24 byte

Answer 118

The most significant byte gets transmitted first in a MAC address but the least significant bits get transmitted first, bit 1and bit 2. Bit 1 will transmit 0 for unicast or a 1 for multicast. Bit 2 identifies either the MAC address is a 0, a OUI (Organizationally Unique Identifier) or 1 a locally administered MAC address

Answer 119

Internet Assigned Numbers Authority They provide public IP addresses to large companies and ISPs

Answer 120

20 octets or 160 bits (8 bits per octet)

Answer 121

Cisco Discovery Protocol Sends a signal to the device that it is connected to. Only works with other Cisco devices

Answer 122

Link Layer Discovery Protocol Open standard replacement for CDP

Answer 123

Version IP Header Length (IHL) Type of Service Total Length Identification Flags Fragment Offset Time to Live (TTL) Protocol Header Check Sum Source Address Destination Address Options

Answer 124

4 bits and signals if it is a IPv4 or IPv6

Answer 125

8 bit, specifies the number of 32 bit sections or "words" in the IP Header

Answer 126

8 bit, importance of the packet by specifying quality of service desired

Answer 127

16 bit, indicates the number of bytes or octets in the entire IP packet

Answer 128

16 bit, identifies the correct packet which is used to reassemble the packet fragments

Answer 129

3 bit, used to control fragmentation

Answer 130

13 bit, indicates the postion of data in a fragmented packet so that the packet can be reassembled

Answer 131

8 bit, field that acts like a countdown timer. When the counter hits 0, the packet will be discarded

Answer 132

8 bit, specifies the upper layer protocol that should process the packet after IP processing is complete

Answer 133

16 bit, used to verify the integrity of the IP header to insure that it was not modified or corrupted

Answer 134

32 bit, specifies the source address

Answer 135

32 bit, specifies the destination address

Answer 136

Is 8-bits long and specifies other options such as copy, class, and type

Answer 137

Automatic Private IP Addresses Is used when no IP address was assigned to the device 169.254.0.0 - 169.254.255.255

Answer 138

224.0.0.0/4

Answer 139

Variable-Length Subnet Mask

Answer 140

Classless Inter-Domain Routing

Answer 141

Network Prefix Translation version 6 Translate an IPv6 address on a inside network to an IPv6 address on an outside network

Answer 142

Version Traffic Class Flow Label- Is a new IPv6 main header field used to label packets for special handling Payload Length Next Header Hop Limit Source Address Destination Address

Answer 143

It only can be used once

Answer 144

Internet Corporation of Assigned Names and Numbers Regional Internet Registries They distribute address ranges to ISPs

Answer 145

FC00 (globally assigned addressing) or FD00 (locally assigned addressing)

Answer 146

FE8 (usually automatically done) Could also be FE9, FEA, FEB (done manually)

Answer 147

Internet Engineering Task Force

Answer 148

Is used by a device when it is requesting an IPv6 address from a DHCPv6 server. It could be written out as 0:0:0:0:0:0:0:0 but usually is ::

Answer 149

Can either be 0:0:0:0:0:0:0:1 or ::1

Answer 150

1-99 as well as 1300-1999

Answer 151

100 - 199 as well as 2000 - 2699

Answer 152

Its the line that is drawn where the LAN becomes WAN and vice versa

Answer 153

Customer Premise Equipment The equipment the customer owns

Answer 154

IP adrresses subnet Gateway TFTP (for cell phones) Call Manager

Answer 155

>enable #configure terminal (config)# interfaces "port number" (config-if)#ip address dhcp (config-if)#no shutdown (all ports are off by default on routers)

Answer 156

Request for Comment

Answer 157

Port Address Translation

Answer 158

Public Switched Telephone Network T1 connections typically used this through PSTN with a maximum throughput of 1.544 Mbps over copper wire

Answer 159

Duplex Mismatches and/or Speed Mismatches

Answer 160

Regional Internet Registry Is an organization that manages the registration and allocation of internet number resources, such as IP addresses and autonomous system (AS) numbers within a specific region of the world

Answer 161

Registry Prefix ISP Prefix Site Prefix Subnet Prefix Interface ID

Answer 162

Its part of the 5 global unicast address components, it is 23 bit and is assigned to a specific RIR by the ICANN. RIRs manage the allocation of blocks of IPv6 addresses to an ISP in a specific geographical regions, The registry prefix is the top tier of the hierarchy

Answer 163

9 bit, assigned to an ISP by an RIR. ISPs manage allocation of blocks of IPv6 addresses from their ISP Prefix range to their customers. The ISP Prefix is the second highest in the hierarchy

Answer 164

16 bit prefix that is assigned to an organization by the ISP. The site administrator can then subnet this IPv6 address range

Answer 165

16 bit, represents a specific subnet of a IPv6 address within the organizations address range. This is the fourth highest tier in the hierarchy

Answer 166

Last 64 bits of a global IPv6 address. Typically composed of a part of the destination MAC address of the interface

Answer 167

FFEE 0013:02ff:fe38:c7a4

Answer 168

Stateful- Requires a DHCPv6 server Stateless- Configuration allows client to generate its own address by using the IPv6 network prefix and the EVI-64 interface ID

Answer 169

1) Device will start with :: 2) Device will send router solicitation messages by sending NDP to discover neighbor routers 3) Routers will reply with a router advertisement that lets the client know whether DHCPv6 servers are available 4) If DHCPv6 servers are available or if the client does not receive any router advertisements, the client will send a multicast packets to FF02::1:2 which is the All-DHCP-Agents address 5) The DHCP server will configure the client with IPv6 information such as the clients leased IPv6 address, the IPv6 network prefix, the IPv6 address of the default router, the domain name, and the IPv6 address one or more DNS servers

Answer 170

1) Client will send router solicitation messages to discover a router and routers will reply with a router advertisements 2) If the router advertisements state no IPv6 server is available, the router advertisements will include the IPv6 prefix that is used on the network, as well as the IPv6 address of the default router 3) The client will combine the IPv6 prefix with the EVI-64 interfaces ID to create a unique IPv6 address

Answer 171

DHCPv6 Server

Answer 172

It is a network that can handle both IPv4 and IPv6 networks but cannot translate from IPv4 to IPv6 or vice versa

Answer 173

Its a network that can communicate between IPv6 and IPv4 networks and vice versa

Answer 174

Gui: Settings network and internet Select either WiFi or Ethernet, which ever one you are using For WiFi: select hardware properties For Ethernet: select name of the network that appears in the center pane CLI: Click start or search (from the main screen) Then type CMD Then type ipconfig and press enter

Answer 175

GUI: Network tab settings CLI: you can either use hostname -i, ip addr, or ifconfig

Answer 176

Gui: From the apple menu pull down system preferences click network select interface on the left. IP address will be visible to the right CLI: launch terminal in applications/utilities enter any of the following commands: ifconfig | grep inet ipconfig getifadder en0 (usually for Ethernet) ipconfig getifadder en1 (usually for WiFi)

Answer 177

Well known 0-1023 Registered 1024-4951 Dynamic and/or private 4952-65535

Answer 178

Source Port Destination Port Length Check Sum

Answer 179

16 bit, indicates the upper-layer service used on the device

Answer 180

16-bit, indicates the upper-layer service that will use the data on the destination device

Answer 181

16 bit, specifies the length of the UDP segment

Answer 182

16-bit. used to verify the integrity of the UDP segment to ensure it was not modified or corrupted in transit

Answer 183

DHCP- ports 67 and 68 TFTP- port 69 NTP- port 123 SNMP- ports 161 and 162 RADIUS- ports 1812 and 1813

Answer 184

FTP- ports 20 and 21 Telnet- port 23 SMTP- port 25 HTTP- port 80 POP3- port 110

Answer 185

Non Volatile Random Access Memory It stores data the can be retrieved later when it gets turned back on. Flash is the most popular type of NVRAM

Answer 186

120 seconds

Answer 187

The device ID of the neighbor device The capabilities of the neighboring device The product number of the neighboring device The hold time The local interface The remote interface

Answer 188

01-00-5e-00-00-00 thru 01-00-5e-7f-ff-ff

Answer 189

Independent Basic Service Set Sometimes referred to ad-hoc mode. Nodes in ad-hoc mode communicate directly without the use of a AP. Because of lack of authentication, this mode is difficult to secure

Answer 190

Basic Service Set Consists of wireless clients that connect to a single AP. AP connects to a wired network giving the wireless clients access to the wired network. Wireless networks that use more than one AP run in infrastructure mode. Must have WLANs run in infrastructure mode

Answer 191

Extended Service Set Consists of multiple AP on the same sub-network, although coverage areas between neighboring APs should overlap by 10%-15%, neighboring APs should use wireless channels that do not overlap so that the APs do not interfere with one another

Answer 192

Standard Band Maximum Data Rate 802.11 2.4 2 Mbps 802.11a 5 54 Mbps 802.11b 2.4 11 Mbps 802.11g 2.4 54 Mbps 802.11n 2.4 and 5 600 Mbps 802.11ac 5 6.93 Gbps 802.11ax 2.4 and 5 ~4x 802.11ac

Answer 193

Service Set Identifier Identifies the name of the wireless network to which the device belongs

Answer 194

Allows the client to connect to a wireless network without a password as long as the client knows the SSID

Answer 195

Wired Equivalent Privacy Extremely weak encryption that uses the RC4 encryption algorithm

Answer 196

Temporal Key Integrity Protocol A stronger encryption method over the WEP method. TKIP provides 128-bit encryption and provides key hashing, message intigrity check and long IV (initialization vector)

Answer 197

Wi-Fi Protected Access A temporary fix to WEP by addressing significant security weaknesses. WPA uses TKIP in its encryption method for 128-bit encryption

Answer 198

Wi-Fi Protected Access version 2 Is meant to replace WPA with Advanced Encryption Standard (AES) counter mode with cipher block chaining message authentication code protocol (CCMP), AES-CCMP has an encryption key length up to 256-bits

Answer 199

Wi-Fi Protected Access version 3 Addresses weaknesses in WPA2. It improves encryption by introducing support for AES-Galios/Counter Mode Protocol m(AES-GCMP). WPA3 introduces Protected Management Frames (PMF) and Simultaneous Authentication of Equals (SAE), which enables clients and APs to manually authenticate.

Answer 200

Port-based authentication standard that defines the roles and procedures used to authenticate devices on a network. 802.1x uses EAP to provide authentication services for devices requesting network access.

Answer 201

Extensible Authentication Protocol Is an architectural framework that provides extensibility for authentication method for commonly used protected access technologies

Answer 202

The Supplicant- AEP compatible wireless client that request access to the network. Before access is granted, the supplicant must provide valid credentials to an authenticator The Authenticator- Is an EAP compatible AP or switch that forwards the credentials to an authentication server for approval The Authentication Server- Is an authentication, authorization and accounting (AAA) enabled computer, such as Remote Authentication Dial-In User Service (RADIUS)

Answer 203

Frame Control (FC) Duration (DUR) Address 1 Address 2 Address 3 Address 4 Sequence (SEQ) Data Frame Check Sequence (FCS)

Answer 204

9- fields Frame Control (FC) Duration (DUR) Address 1 Address 2 Address 3 Address 4 Sequence (SEQ) Data Frame Check Sequence (FCS)

Answer 205

2-bytes, used for type of frame

Answer 206

2-bytes, used mainly by the control frames to indicate transmission timers

Answer 207

Are 6-byte fields used to convey MAC address and Basic Service Set Identifier (BSSID) information. What information resides in which address field is entirely dependent on the type of field

Answer 208

2-byte, is subdivided to store two related pieces of information: the fragment number and the sequence number of each frame

Answer 209

Bytes very as this is the payload

Answer 210

4-byte, cyclic redundancy check (CRC) value. Used to verify the integrity of the frame

Answer 211

You can use one of the two commands switch(config)#enable password (password) or switch(config)#enable secret (password)

Answer 212

switch(config)#service password-encryption

Answer 213

switch(config)#line console 0 switch(config-line)# password (password) switch(config-line)# login Login must be added to challenge the user Also: do the same for AUX console switch(congif)#line aux 0 switch(config-aux)# password (password) switch(config-aux)# login

Answer 214

switch(config-line)#exec-time out (minute seconds)

Answer 215

switch(config)#line vty 0 15 switch(config-line)#login switch(config-line)#password (password)

Answer 216

Set hostname, ip domain-name and username and secret first. Switchx(config)#crypto key generate rsa set bits to 1024 Switchx(config)#line vty 0 15 Switchx(config)#login local Switchx(config)#transport input ssh Switchx(config)#exit Switchx(config)#ip ssh version 2

Answer 217

show ip ssh

Answer 218

Fully Qualified Domain Name

Answer 219

Switchx(config)#banner login "Access for authorized users only. Please enter your username password."

Answer 220

Segment (transport) Packet (Network) Frame (Data link)

Answer 221

Network Management System

Answer 222

Network Functions Virtualization Used to create appliances, such as firewalls and intrusion detection systems

Answer 223

Virtual routing and forwarding

Answer 224

European Telecommunications Standard Institute

Answer 225

#show ip interface (interface number)

Answer 226

#config t (config)#line console 0 (config-line)#password (password) (config-line)#login (this must be done in order for the system to ask for password) press CTRL z exit verify that it is asking for a password

Answer 227

#config t (config)#username (username) secret (password) (config)#line console 0 (config-line)#login local CTRL z exit Verify

Answer 228

#enable secret (password) Then verify

Answer 229

(config)#line vty 0 15 (config-line)#password (password) CTRL z

Answer 230

#config t (config)#service (config)#service password-encryption

Answer 231

#config t (config)#username (username) secret (password) (config)#enable secret (password) (config)#line console 0 (config-line)#login local (config-line)#line vty 0 15 (config-line)#login local (config-line)#do copy run start

Answer 232

Transmission Control Protocol / Internet Protocol

Answer 233

Transport Network Data Link Physical

Answer 234

Non-Volatile Random-Access Memory

Answer 235

show mac-address-table show mac-address-table-interface show mac-address-table-vlan show mac-address-table-address (to show MAC addresses)

Answer 236

Cisco Technical Assistance Center

Answer 237

Routing Information Base

Answer 238

Application-Specific Integrated Circuits

Answer 239

The management plane- Allows configuration and monitoring of devices such as secure shell (SSH), simple Network Management Protocol version 3 (SNMPv3) and syslog traffic The control plane- Manages forwarding by using routing protocols and routing tabled, such as VTP and STP. These functions are heavily dependent on CPU and memory availability The data plane- Uses interfaces and switching fabric to transit data packets. Responsible for traffic passing through the devices

Answer 240

Switch(config)#interface (port number) Switch(config-if)#duplex {full | Half | Auto}

Answer 241

Switch(config)#interface (port number) Switch(config)#speed {10 |100 |1000 | Auto}

Answer 242

Show interfaces - (you can also look at certain ports by typing the port number) It well show: Status of interface The speed configured on the interface IP address assigned to the interface How many packets have been sent/received by the interface

Answer 243

Show running-config: Configuration for all interfaces on the switch configuration options vlan information access restrictions banner message host name

Answer 244

Switch(config)#interfaces (port number) Switch(config-if)#switchport mode access Then to assign a vlan to a port Switch(config-if)#switchport access vlan (vlan number)

Answer 245

Need user, password, and ip domain-name configured before proceeding Switch(config)#crypto key generate rsa How many bits in the key: (1024) Switch(config)#line vty 0 15 Switch(config-line)#transport input SSH Switch(config-line)#exit Switch(config)#ip ssh version 2 Switch(config)#do copy run start

Answer 246

Switch(config)#access-list 1 permit host (ip address) Switch(config)#access-list 1 deny any Switch(config)#line vty 0 15 Switch(config-line)#access-class 1 in Switch(config)#do wr Switch(config)#do copy run start

Answer 247

Config#banner motd #(statement)#

Answer 248

Access distribution Core Campus environments

Answer 249

Data Centers

Answer 250

Network Time Protocol

Answer 251

120 seconds

Answer 252

Virtual Machine Monitor Another name for a hypervisor

Answer 253

Speed mismatches and duplex mismatches

Answer 254

show ip interface brief

Answer 255

(config)#interface range (ports to turn off) (config-interface)# shutdown (config-interface)#do show ip interface brief (to verify port shut downs) #do wr

Answer 256

(config)#int (port number) (config-if)#switchport mode access (config-if)#switchport security maximum (config-if)#switchport violation shutdown (config-if)#do copy run start (config-if)#do write memory

Answer 257

#show cdp neighbor

Answer 258

(config)#cdp run

Answer 259

(config)#interface (port number) (config-if)#no cdp enable (config-if)#end #show cdp neighbor #copy run start

Answer 260

(config)#ntp server (ip address of server) #do wr

Answer 261

#conf t (config)#ip access list extended NO-WEB (config-ext-nacl)#deny tcp host (ip address) host (ip address of server eq www (config-ext-nacl)#permit ip any any #show access-lists #config t (config)#interface (port number) (config-if)#ip access-group NO_WEB in If this does not work check NATing, the ip address may have changed #wr

Answer 262

They carry traffic for only one vlan, connects to a single workstation or server

Answer 263

(config)#interface (port number) (config-if)#switchport mode access

Answer 264

(config)#interface (port number) (config-if)#switchport access vlan (vlan number)

Answer 265

#show interfaces (port number) switchport

Answer 266

dynamic auto or access

Answer 267

show vlan or show vlan brief

Answer 268

Its a mode that needs to be enabled. A trunk port typically carries traffic between switches or between a switch and a router, when trunking is enabled on a port, the trunk port carries traffic from all vlans by default

Answer 269

Inter-Switch Link A Cisco proprietary trunking protocol that encapsulates each frame inside a 26-byte ISL header and a 4 byte CRL trailer, Some of the newer Cisco devices no longer support this

Answer 270

A trunking protocol developed by the IEEE. The 802.1Q method inserts a 4-byte VLAN field into the frames of existing Ethernet header and does not encapsulate the original frame. This standard can support multiple spanning trees and supports up to 4096 individual vlans

Answer 271

Native vlan id Trunking mode Trunking encapsulation method (either ISK of 802.1Q) Vlan ids that are allowed on the trunk

Answer 272

#configure terminal (config)interface (port number) (confog-if)#switchport trunk encapsulation dot1q (config-if)#switchport trunk native vlan (vlan number)

Answer 273

#show interfaces (port number) switchport or #show interfaces (port number) trunk This will also show you what vlans are on what port

Answer 274

Dynamic Trunking Protocol

Answer 275

Open Shortest Path First A vlan routing protocol

Answer 276

Enhanced Interior Gateway Routing Protocol A vlan dynamic routing protocol

Answer 277

#config t (Config)#vlan (vlan number) vlans 1, 1002-1005 are reserved and cannot be used

Answer 278

#config t (config)#interface vlan (vlan number) (config-if)#ip address (ip address of host) (subnet mask)

Answer 279

no vlan (vlan id) vlans 1, 1002-1005 cannot be deleted

Answer 280

show interfaces vlan (vlan id)

Answer 281

show vlan id (vlan id)

Answer 282

show vlan name (vlan name)

Answer 283

#configure terminal #hostname (hostname) #ip domain-name (domain name) #enable secret (new password) #line vty 0 4 #password (password) #exit #config t #username (user name) password (password) #crypto key generate rsa / enter size of key 1028 #line vty 0 4 #transport input ssh #show run (and confirm that ssh is configured)

Answer 284

#configure terminal #ntp server (ip address of NTP Server) key (key from NTP server) #ntp authentication-key (key from ntp server) md5 (password for NTP server) #ntp authenticate #do show clock (to verify)

Answer 285

Authentication, Authorization, and Accounting

Answer 286

#configure terminal #hostname (hostname) #aaa new-model #radius server host (IP of radius server) auth-port 1645 key (password of RADIUS server) #aaa authentication login default group radius local #username (username) password (password) #do wr

Answer 287

(config)#ip dhcp snooping

Answer 288

If it is configured as a trunk, it will not show. Only access points are displayed in the output of the show vlan command

Answer 289

0- Emergencies 1- Alerts 2- Critical 3- Errors 4- Warnings 5- Notifications 6- Informational 7- Debugging

Answer 290

CDP, only on access ports and enabled QoS by using command trust device cisco-phone in interface configuration mode

Answer 291

2 One for phone and one for any device attached to the phone

Answer 292

#config t #interfaces (port number) #switchport mode access #switchport voice vlan (vlan number)

Answer 293

dot1p none untagged

Answer 294

Causes the IP phone to send untagged voice traffic, which in turn traverses the access vlan

Answer 295

The IP phone does not download its configuration from the switch and instead uses its own configuration, Traffic from the phone traverses the access vlan

Answer 296

Causes the IP phone to use 802.1 tagging with a priority of 5 instead of 802.1Q. This causes voice traffic to transit the native vlan

Answer 297

Voice traffic from the IP phone is automatically placed in the voice vlan

Answer 298

VLAN Trunking Protocol Its a layer 2 protocol that lets you able to sychronize vlan information such as vlan ID and vlan name, with switches inside the same VTP domain, to share their vlan information with each other

Answer 299

1. Switches must be connected by an ISL (Inter-Switch Link) or 802.1Q trunk link 2. Case sensitive VTP domain must match 3. Case sensitive VTP password must match if configured 4. The VTP version must match

Answer 300

#config t #vtp domain (domian name) #vtp password (password)

Answer 301

No vtp password

Answer 302

vtp version 1 or 2

Answer 303

Server Client Transport

Answer 304

Can create, modify, and delete vlans, forwards VTP advertisements, store vlan information in NVRAM

Answer 305

Synchronizes VTP information Sends VTP advertisements Forwards VTP advertisements

Answer 306

Can create, modify and delete vlans Synchronizes VTP information Send VTP advertisements Store vlan information in NVRAM

Answer 307

Temporarily change the VTP domains name Temporarily change the VTP mode to transparent Power down or reload a VTP client switch Till you can change the revision number to 0

Answer 308

Delete the running-config Delete the vlan database from any server or client switch by deleting the file name vlan.dat/ It could be stored in either the NVRAM or flash memory

Answer 309

By default a trunk carriers traffic from all vlans. You can use VTP pruning to automatically prune vlans from switches that do not need them

Answer 310

switchport trunk allowed vlan (add | all |except | remove) vlan-list

Answer 311

show vtp status

Answer 312

Show vlan Show interfaces switchport Show mac-address-table

Answer 313

Ensure that the correct vlans have been configured on the switch and that the correct ports have been assigned to those vlan

Answer 314

It's a mismatched native vlans can cause traffic that is intended for one vlan to be sent to a an incorrect vlan You can run show interfaces trunk to see this. To correct this, use command switchport trunk native vlan (vlan-id)

Answer 315

Link-Layer Discovery Protocol

Answer 316

Media Endpoint Device

Answer 317

(config)# no cdp run (to disable) (config)# cdp run (to enable)

Answer 318

(config-if)#no cdp enable (disable) (config-if)#cdp enable (enable)

Answer 319

(config)#no lldp run (disable) (config)#lldp run (enable)

Answer 320

(config-if)#no lldp transmit (config-if)#no lldp recieve (config-if)#lldp transmit (config-if)#lldp receive

Answer 321

Globally- #show cdp Interface- #show cdp interface

Answer 322

show lldp interface

Answer 323

Show cdp neighbors or Show lldp neighbors

Answer 324

show cdp neighbors detail and/or show lldp neighbors detail

Answer 325

#show cdp entry (device name) #show llpd entry (device)

Answer 326

Destination Mac Source Mac Tag (12 bits-vlan Range 0-4094) Type Data FCS

Answer 327

(config)#vlan (vlan number) (config-vlan)#name (the name of the vlan you want)

Answer 328

#show vlan id (the number if the vlan)

Answer 329

(config)#interface (port type number) (config-if)#switchport mode trunk (config-if)#switchport trunk native vlan (new native vlan number)

Answer 330

Spanning Tree Protocol

Answer 331

Rapid Spanning Tree Protocol

Answer 332

show cdp traffic Will display CDP (Cisco Discovery Protocol) packets sent and received including CDP version advertisements that were sent and received

Answer 333

show lldp traffic

Answer 334

debug cdp {packets | adjacency |events} Packets- debugging information messages specifically related to packets Adjacency- displays information about CDP adjacencies Events- display information about CDP errors

Answer 335

debug lldp packets

Answer 336

Spanning Tree Protocol -Based on the 802.1D standard -Prevents loops on networks with redundant links by placing ports in either a forwarding state or blocking state -Relies upon root bridge elections, selection of root ports, and designated ports -Cisco devices by default and is enhanced by propriety PVST+

Answer 337

Spanning Tree Algorithm Uses the following procedure to determine port state: -A root bridge is elected and each active port on the root bridge will be placed into the forwarding state -Each non-root bridge places the port with the lower-cost path to the root bridge, which is known as root port, into the forwarding port -Ports with the lowest cost to non-root bridges, which are known as designated ports, are also placed into forwarding state -All other ports are placed into blocking state

Answer 338

Bridge Protocol Data Units Are sent from each switch to determine which device has the lowest Bridge ID (BID)

Answer 339

Bridge ID used in the Bridge Protocol Data Units (BPDU)

Answer 340

2-byte bridge priority 6-byte MAC address When determining Root Bridge, if there is a tie, the lowest MAC address will be elected

Answer 341

spanning-tree vlan (vlan-id) root primary

Answer 342

spanning-tree vlan (vlan-id) root secondary

Answer 343

Show spanning-tree - displays root ID and the root bridge selection Show spanning-tree root - specific information about the root bridge Show spanning-tree vlan 1 - view STP information that pertains to entire vlan including port role and status information Show spanning-tree interface (port type and number) - to veiw information about a specific port

Answer 344

-A process that starts after the root switch has been elected -Path costs are used to determine optimal paths through a network -The higher the link speed, the lower the path cost and the better the path: 10 Gbps=2, 1Gbps=4, 100Mbps=19, 10Mbps=100 -Port cost values are added for paths that require multiple links: 100Mbps + 10Mbps=119 Path Cost

Answer 345

After the root bridge has been determined, each non-root bridge will be designated a root port, by determining the lower path cost. All switches except for the root bridge contain exactly one root port. All root ports will eventually be placed into forwarding states

Answer 346

The next process in creating root bridges. In a network with redundant links, there is normally segments that span two bridges. For segments between non-root bridges, the designated port is the port with the best path back to the root. By contrast, a root bridge configures all ports as designated ports

Answer 347

Blocking Disabled Forwarding Learning Listening

Answer 348

Discards data frames and does not populate the MAC address table. It can receive BPDUs and send them. If a topology change occurs or if the max age timer expires without the port receiving a BPDU, the port will enter the listening state

Answer 349

Becomes able to send and receive BPDUs but discards data frames and does not populate the MAC address table. After the forward delay timer expires, the port will enter into a learning state.

Answer 350

Begin to populate the MAC address table and will also send and receive BPDUs but will discard data frames

Answer 351

Send and receive BPDUs, populate the MAC address tables and forward data frames

Answer 352

Ports that are either not connected or administratively shutdown are in the disable state. Ports in this stat do not populate the MAC address table, do not participate in STP, and do not forward frames

Answer 353

Three Hello timer - the frequency in which the BPDUs are sent from the switch port.You can change this by issuing "spanning-tree vlan (vlan-id) hello timer (seconds) Max age timer - Maximum amount of time the port will wait for a BPDU. This can be changed by issuing the command "spanning-tree vlan (vlan-id) max age (seconds) Forward delay - The time the port will wait before it transitions from listening state to the learning state. This can be changed by issueing "spanning-tree vlan (vlan-ID) forward-time (seconds)

Answer 354

Rapid Spanning Tree Protocol

Answer 355

spanning-tree point-to-point

Answer 356

spanning-tree mode rapid-pvst

Answer 357

Discarding Forwarding Learning

Answer 358

Alternate Port role: Receives more useful BPDUs from another switch. It also guarantees a path to the root bridge should the current becomes unavailable Backup Port role: Receives more BPDUs from the switch itself. It also only guarantees redundant access to a particular network segment Both ports are always in a blocking state

Answer 359

Per-VLAN Spanning Tree Plus 802.1D Is default when STP is enabled. Can provide load balancing by allowing multiple STP but uses up CPU cycles.

Answer 360

4-bits Bridge priority 12-bits Extended system ID including VLAN ID 48-bits MAC address

Answer 361

Common Spanning Tree

Answer 362

Per-VLAN Rapid Spanning Tree Plus 802.1W Sometimes refered to Rapid PVST+ Can also provide load balancing Use command spanning-tree mode rapid-pvst Then show spanning-tree to confirm

Answer 363

Multiple Instance Spanning Tree Protocol 802.1S Can run multiple instances of STP but avoids the CPU and bandwidth problems of PVST+ and PVRST+ by running multiple vlans in a single instance of STP. Also provides faster convergence times in addition to failover capabilities Use command spanning-tree mode mst Use command show spanning-tree mst and show running-config to verify

Answer 364

A feature that provides immediate access to the network for edge ports. Turns off BPDUs for edge ports. spanning-tree portfast default can also do this by port: spanning-tree portfast

Answer 365

Is used to disable ports that erroneously receive BPDUs. BPDU guard is applied to edge ports in a switch when Portfast has been enabled. When BPDU guard is applied, a port that receives a BPDU (such as a switch) will be placed into the error-disable state. BPDU guard should be enabled when Portfast is enabled. BPDU guard should not be enabled on ports that connect to a switch. When in error state, run err disable recovery interval (interval), to enable on ports use spanning-tree portfast bpdugaurd default or on a specific ports use spanning-tree bpdugaurd enable

Answer 366

Prevents non-designated ports from inadvertently forming bridging loops, when the port stops receiving BPDUs. Loopguard puts the port into the loop-inconsistent state. After the port starts receiving BPDUs again it re-enables the port again. For all ports, issue spanning-tree loopguard default For specific ports issue spanning-tree guardloop

Answer 367

Prevents newly introduced switches from being elected as the new root bridge. This is enabled per port spanning-tree guard root

Answer 368

Port Aggregation Protocol Is a Cisco proprietary protocol used for Etherchannel. This will only work on Cisco to Cisco switches

Answer 369

Link Aggregation Control Protocol Is a 802.3ad standard for Etherchannel protocols. This can be used with different vendors

Answer 370

Every end must be setup identically, interface, speed, duplex, and switchport mode. All trunk ports should be configured with same vlans.

Answer 371

Interface range (interface type)(interface first port)(interface last port) Channel-group (channel group number) mode {auto | desirable}

Answer 372

interface range (port type and number) channel-group (channel group number) mode {auto | desirable}

Answer 373

#interface range (port type and number) #channel-group (channel group number) mode {auto | passive}

Answer 374

show interfaces (interface port type and number) show ethernet channel (port channel) {brief | detail | load-balance | port |port-channel |summary}

Answer 375

Show running-config show etherchannel port-channel show etherchannel (etherchannel-id) detail Both ends must be configured all the same

Answer 376

Channel-group 1 mode passive

Answer 377

Discover Broadcast Unicast Offer Broadcast Request Unicast Acknowledgement

Answer 378

(config)#id dhcp (name of pool) (dhcp-config)#network (network IP address and subnet) (dhcp-config)#default-router (IP address) (dhcp-config)#dns-server (IP address) (dhcp-config)#domain-name (domain name) (dhcp-config)#lease (days) (seconds) (dhcp-config)#exit (config)#ip dhcp exclude-address (from IP address to IP address) The exclude-address would be static IP address for Servers, switches, routers, etc

Answer 379

Show ip dhcp binding

Answer 380

show ip dhcp conflict

Answer 381

(config-if)#ip helper-address (IP address of the DHCP server)

Answer 382

Routing Information Protocol version 2 Is a distance-victor protocol

Answer 383

Open Shortest Path First Is a link-state protocol that uses Interior Gateway Protocol (IGP) to dynamically route packets across a routed network

Answer 384

First-Hop Redundancy Protocol Are different protocols such as Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP).

Answer 385

(config)#interface (type and number) (config-if)#ip address (IP address) (subnet mask) (config-if)#no shutdown

Answer 386

High-level Data Link Control Is a encapsulation protocol that was created before there was a need to transport multi-protocol traffic

Answer 387

Point - to - Point Protocol Was created to address deficiencies in HDLC protocol. It provides a more robust encapsulation method that is generally compatible with Cisco and other vendors

Answer 388

Multi-Link PPP Variation of PPP that uses a logical link between two routers to spread data over more than one physical link between the routers

Answer 389

Link Control Protocol Is one of the two protocols used in PPP. LCP configures authentication protocols such as Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) when connections to another site on the WAN

Answer 390

Network Control Protocol Negotiates which LAN protocols will be encapsulated over PPP link

Answer 391

#interface (port type and number) #encapsulate hdcl #clock rate (clock rate) #bandwidth (bandwidth) #ip address (ip address) (subnet mask) #no shutdown #show interfaces (to verify set-up)

Answer 392

They can be set-up to either receive, transmit or both

Answer 393

Maximum-paths (number of lines needed)

Answer 394

The interface and line protocol are working correctly

Answer 395

A loop exists in the circuit, possibly because of a loopback interface

Answer 396

A layer 2 problem such as mismatched encapsulation protocols, clocking errors, or keeplives exist

Answer 397

The interface detected a high rate of errors

Answer 398

A layer 1 problem such as hardware or cable connections exist

Answer 399

The interface has been configured with the shutdown command

Answer 400

#interface port type and number #encapsulation ppp #no shutdown #show running-config (to verify) Can also use debug ppp negotiation for further details

Answer 401

Administrative Distance Trust worthiness assigned to a specific path from router to router. By default, static routes there for are AD

Answer 402

Process switching Fast switching Cisco Express Forwarding (CEF)

Answer 403

-Is the slowest packet switching method -Uses the devices CPU to determine the next hop -Is typically used only to handle complex packets, such as encrypted packets or NAT packets

Answer 404

-Involves CPU only until it has a corresponding entry in its router cache -Uses route cache and software to make forwarding decisions

Answer 405

#config t #ip route-cache (enables) #no ip route-cache (disables)

Answer 406

-Uses the FIB (Forwarding Information Base) and the adjacency table -FIB is built from the IP routing table -The adjacency table is built from the ARP table -Makes software based decisions for all packets in flow -Is a Cisco default switching method

Answer 407

#config t #ip cef (enable) #no ip cef (disable)

Answer 408

show ip route

Answer 409

show ip cef

Answer 410

Forwarding Information Base

Answer 411

show ip arp

Answer 412

show adjacency If a (incomplete) marker appears it could be because a failure from running a clear ip arp command or the clear adjacency command. This is typically cleared after 60 seconds

Answer 413

show ip cache

Answer 414

(config)#router ospf (process instance) (config-router)#network (range EX. 10.0.0.0) (wild card mask EX. 0.255.255.255) (config-router)#int (port type and number) (config-if)#ip ospf | area 0

Answer 415

(config-if)#router ospf 1 (config-router)#passive-interface (port type and number)

Answer 416

#clear ip route *

Answer 417

#clear cef table

Answer 418

#clear arp-cache

Answer 419

#clear adjacency

Answer 420

#clear ip cache

Answer 421

Directly connected route Static routes Dynamic route Default routes

Answer 422

Routing protocol code Network prefix and mask Next-hop IP address or interface

Answer 423

Automatically appears in the routing table for each interface that has an IP address AND that is active. (non-active interfaces but are set up will not show)

Answer 424

show ip interface brief Verify that the status and protocol are in the upstate show ip route Verify that a code "c" is on the correct port that you directly connected

Answer 425

Manually configured by router administrator By default, a static route is considered less trustworthy than a directed route and more trustworthy than a dynamically learned route

Answer 426

#ip route prefix mask {ip-address | interface} Prefix= network IP address which an incoming packet is intended for Mask= Network subnet mask of the destination network IP Address= The IP address of the next hop Interface= The local interface the packets should be sent too

Answer 427

(config)#ipv6 route (prefix) (ipv6-address)

Answer 428

ipv6 unicast-routing

Answer 429

show ip interface verify terminal interface is up show ip route to display IP routes that are currently in the routing table

Answer 430

show ipv6 interface brief To verify the interface associated with the static route is in the upstate show ipv6 route To verify the route in the routing table

Answer 431

Dynamic routes are learned and maintained by routing protocols Routing protocols learn and update routes by receiving routing update from other routers

Answer 432

RIPv2_Routing Information Protocol ver. 2 OSPF- Open Shortest Path First EIGRP- Enhanced Interior Gateway Routing Protocol

Answer 433

Bandwidth Memory Process overhead

Answer 434

RIPv2- Hops OSPF- Cost EIGRP- Bandwidth, Delay, Reliability, Load, MTU (Maximum Transfer Unit)

Answer 435

Administrative Distance

Answer 436

Directly connected route 0 Static Route 1 External BGP 20 Internal EIGRP 90 OSPF 110 RIP 120 External EIGRP 170 Internal BGP 200 Unknown or unreliable route 255

Answer 437

The "network portion" of the address can be identified by a dotted-decimal netmask, commonly referred to as a subnet mask Example: 255.255.255.0 indicates that the network portion or prefix length of the IPv4 address is the left most 24 bits. 11111111.111111111.11111111.00000000 All ones are the network prefix, so on a IP address 200.200.200.0 the 3 200's are the "network portion of the IPv4 address"

Answer 438

(config)#ip route (prefix) (mask) {ip-address | Interface} distance Distance = AD distance

Answer 439

Routing Information Protocol Is a dynamic routing protocol that uses hop count as a routing metric to find the best path between the source and the destination

Answer 440

(config)#route rip (rip would be the route protocol) (config-router)#distance (this would be the AD value)

Answer 441

show ip route The brackets in the display [160/20] indicate that the AD changed the metric (20) to AD (160)

Answer 442

-Packets with unknown destinations are forwarded to the gateway of last resort -If no default routes is defined, packets with unknown destinations will be discarded -Multiple defaults route can coexist in the routing table

Answer 443

(config)#ip route 0.0.0.0 0.0.0.0 (next hop IP address) or (config)#ip route 0.0.0.0 0.0.0.0 serial (port number) or (config)#ip default-network (network address) or (config)#ip default-gateway (ip address)

Answer 444

show ip route

Answer 445

Autonomous System also known as ASes Network administrators typically create AS is a group of networks needs to connect with another group of networks that uses different routing policy

Answer 446

-Networks in a AS (autonomous system) share a single administrative organization -Routers in an AS use a single routing policy

Answer 447

IGP- Interior Gateway Protocol Examples: RIPv2, EIGRP, of OSPF EGP-Exterior Gateway Protocol Examples: Border Gateway Protocol (BGP)

Answer 448

Distance-victor routing protocols periodically sends routing updates to its directly connected neighbors. The routing updates contain the contents of the entire routing table. Each router uses the routing table information received from neighbor routers to determine best path to destination. Examples- RIP, BGP, EIGRP. Link-state routing protocol sends routing updates to all of the routers in an area. These routing updates are sent only when a topology change occurs and contains only the changes to the routing tables. Example: OSPF

Answer 449

Classful and classless

Answer 450

Transmit network address but not subnet masks in their routing messages. Because no network mask information is included in route advertisements, classful routing protocols automatically summarize networks on them classful bit bounderies

Answer 451

Transmits network mask information for each route contained in their routing messages, these can support variable-length subnet masks (VLSMs)

Answer 452

-Uses distance and direction to calculate routes to a destination -Routes to destinations are learned from routing table updates that are sent from neighboring routers -Distance-vector protocols can be classful like, RIPv1 or classless like RIPv2 and RIPng -Updates occur when topology change has been detected and are also periodically done -Includes full routing table of neighbor

Answer 453

Counting to infinity and routing looping

Answer 454

Hold-down timers- Force a router to wait for a given interval of time before it sends routing updates about an inaccessible route to a neighbor. This gives time for the neighbor router to update with better results for a path before marking the path inaccessible Trigger updates- Are routing updates that are generated by a topology change and sends immediately to neighboring routers. Can be used in combination with hold-down timers Split horizon- A rule preventing information from being sent out the same interface on which it was received Poison reverse- Enables a router to send routing updates for unreachable networks back to the router from which the valid route originated, even if the split horizon is enabled Route poisoning- Enables a router to send an infinite metric to its neighbors when it is discovers that a link to one of the routers in its table has gone down

Answer 455

-updates are triggered by a topology change -they use less bandwidth than distance-vector protocols -they require more processor overhead than distance-vector protocols -they converge faster than distance-vector protocols -they require a hierarchical design for optimal scalability

Answer 456

-link-state routing protocols use Hello packets to form neighbor relationships -neighbor relationships must be formed before rooters can exchange information about a network -OSPF and EIGRP both use Hello packets to exchange information

Answer 457

Link-State Advertisements

Answer 458

Link-State DataBase

Answer 459

-link-state routing protocols use Shortest Path First (SPF) algorithm to determine the best path to a given destination -the best paths to a destination are stored in the routers routing table -LSA is sent by routers which contain information about the state of the interface in which the link is established, network address, and the devices that are connected to that interface

Answer 460

Open Short Path First -is a IGP (Interior Gateway Protocol) -is a link-state protocol -is a classless -is a open standard -OSPFv2 is for OSPF over IPv4 networks -OSPFv3 is for OSPF over ipv6

Answer 461

-sends Hello packets to form adjacencies -OSPF flood LSA to every router in a area, not the entire network -LSAs are refreshed into network every 30 seconds or when a topology change has occurred and only sends updated information -uses SPF (Shortest Path First using the Dijkstra algorithm) to discover the best possible path to a destination -uses cost as a metric

Answer 462

It is also known as the SPF algorithm used in OSPF and calculates the best path to a destination. Uses cost as a metric to determine the best route. The route with the lowest cost is the best route. By default, the cost is determined by the bandwidth of the link, the higher the bandwidth the lower the cost

Answer 463

-is scalable -conservers bandwidth -converges quickly -supports VLSMs -support IPv4 and IPv6 -supports equal-cost load balancing

Answer 464

-supports hierarchical areas/multi area networks -only supports route summerization on ABRS/ABRs (Area Border Router) -sends additional periodic updates

Answer 465

-supports unequal-cost load balancing -sends partial updates, like updates that contain only changes to the network -can support route summarization on any router -easier to configure

Answer 466

-uses interface lowest cost as a metric -Cost = reference bandwidth / interface bandwidth Standard reference bandwidth is 100,000,000 bps or 100Mbps -Uses Dijkstra SPF algorithm to determine path -supports equal-cost load balancing

Answer 467

Broadcast- Ethernet Non-broadcast multiple access (NBMA) Point-to-multipoint NBMA Point-to-multipoint subinterface Point-to-multipoint Point-to-point subinterface Point-to-point -serial encapsulation with Frame Relay -serial encapsulation with HDLC or PPP Loopback

Answer 468

These are typically found on Ethernet networks. Broadcast interfaces can find OSPF neighbors automatically. Router elections for designated routers (DR) and backup designated routers (BDR) are performed on broadcast networks

Answer 469

-Does not support broadcasts but does support multiple devices being connected to a network. -Frame Relay serial interfaces are NBMA interfaces. -OSPF neighbors relationships must be established manually on NBMA networks. -Router elections for DR and BDR are performed on NBMA networks. -Note that the DR and the BDR need to have full connectivity with the other routers on the NBMA network.

Answer 470

Point-to-Point networks have a direct connection between two endpoints. PPP interfaces are typically found on HDLC or PPP serial interfaces. Router elections for DR and BDR are not performed on a PPP networks.

Answer 471

Involve multiple devices connecting to a shared single endpoint. These networks can be either broadcast or NBMA. Router elections for DR and BDR are not performed on Point-to-multipoint networks

Answer 472

Are typically used to automatically establish the OSPF router ID

Answer 473

OSPF can segment an entire AS (autonomous system) which is a group of networks that share a single routing method and operate under a single administrative organization, into a hierarchy. The routers in a specific area calculate routes only for that area. To enble communication between different areas in a AS, you must configure a backbone area, which is an OSPF area that must ne connected to every other area in the AS. The backbone area will always be configured as area 0.

Answer 474

Also known as normal areas, these areas typically contain end users and should not posses no more than 50 OSPF routers. Each normal area must be directly connected to the backbone area because the backbone area is responsible for sending traffic from one area to another area.

Answer 475

single-area - when all of its interfaces that participate in OSPF routing are configured to operate in one area Multiarea- is when a router is configured when its interfaces are operating in two different areas

Answer 476

ASBRs ABRs backbone nonbackbone

Answer 477

A autonomous system boundary router (ASBRs) ia responsible for routing traffic between the local AS and one or more remote ASs. This designation means that this router connects to remote AS (ISP) and to the local AS

Answer 478

A router that connects to multiple OSPF areas within the same AS is known as an area border router (ABR). Typically, an ABR connects to a single normal area and the backbone area. An ABR is always a multiarea router and can route traffic between areas to which it is connected to. ABRs maintains a seperate LSBD for each of the areas to which they connected

Answer 479

Its a router that has an interface within the backbone area

Answer 480

Is a single-area router that is entirely within a nonbackbone area. A nonbackbone router maintains a LSBD for only the area in which it is contained. Nonbackbone routers can receive default routes from ABRs and use those default routes to forward packets that are destined for other areas to the ABR. A router that exists entirely within a single OSPF area is also known as an internal router

Answer 481

-OSPF router IDs uniquely identify each router on the network -OSPF router IDs can be manually configured or automatically assigned by the router -If the router is not manually configured it will use highest loopback IP address -If no loopback interfaces exists, the router will use the highest physical interface IP address

Answer 482

router id (ip-address) Cisco recommends using a loopback interface versus a physical interface because a loopback interface is never down.

Answer 483

show ip ospf (for IPv4) show ipv6 ospf (for IPv6)

Answer 484

Down neighbor state

Answer 485

On a multicast address of 224.0.0.5 which is the ALL OSPF Router address

Answer 486

10-seconds for Ethernet, Point-to-Point, and broadcast links. 30-seconds for an NBMA links (config-if)#ip ospf hello-interval (seconds)

Answer 487

Is used to specify amount of time to wait before declaring a neighbor down. By default this is set to four times the Hello timer is. To manually configure this issue ip ospf dead-interval (seconds)

Answer 488

Indicates that the neighbor routers received a Hello packet from the local router and that the Hello packet does not contain the neighbors router ID. Therefore, two-communication has not yet been established between the local router and the neighbor

Answer 489

-neighbors must be explicity defined on a partially meshed NBMA network -In a hub-n-spoke NBMA topology -the hub router should be manually configered as the DR -The ip ospf priority 0 command should be issued to to disable DR election on spoke router interfaces IP MTU values must match on each interface sharing a network segment

Answer 490

They can get stuck in the Exstart or Exchange state

Answer 491

(config-if)#ip ospf priority (priority level number)

Answer 492

#show ip ospf neighbor

Answer 493

1. Router Link, or type 1, advertisements 2. Network Link, or type 2, advertisements 3. Summary Link advertisements to networks, or type 3 advertisements 4. Summery Link advertisements to ASBRs or type 4 advertisements 5. AS External or type 5 advertisements In addition to the five LSAs above, the LSDB also stores not-so-stubby-area (NSSA) LSAs, which are also known as external LSAs or type 7 LSA

Answer 494

Advertisements are generated by an OSPF router for each area to which the router belongs and contain information about the routers links to the given areas, The router floods type 1 advertisements only within the give area

Answer 495

Advertisements contain information about the OSPF routers attached to a specific network and can be generated only by a DR, The DR floods type 2 advertisements to the area within which the network is contained

Answer 496

Advertisements contain information about paths that connect OSPFs areas together or interarea paths and are generated by ABRs. Type 3 advertisements contain information about interarea paths to networks. Type 4 advertisements contain information about interarea paths to the ASBR

Answer 497

Contains information about paths destined for routers that are outside an AS, with the exception od OSPF stub and not-so-stubby-area (NSSA). Type 5 advertisements are flooded throughout an AS by the ASBR

Answer 498

Database Description Its a OSPF type 2 packet to establish or synchronize the LSDB. Theses packets contain summary information about each routers LSDB, including information about the LSAs that are stored in the LSDB

Answer 499

Link State Request Its a OSPF packet type 3 that helps to establish or synchronizes the LSDB

Answer 500

Link State Update Its a OSPF packet type 4 that helps to establish or synchronize the LSDB

Answer 501

Link State Acknowledgement Its a OSPF packet type 5 used to establish of synchronize the LSDB

Answer 502

Exstart state- exchanges DBD packets, such as information about each routers LSDB including information about LSA that are stored in the LSDBs . Routers will acknowledge receipt of a DBD packet by sending an LSAck packet Loading neighbor state- routers begin exchanging LSAs in order to synchronize the LSDBs with each other Full state- is when the neighbor relationship between routers is fully established

Answer 503

show ip ospf database

Answer 504

(config)#router ospf (process-id) for IPv4 (config)#ipv6 router ospf (process-id) for IPv6

Answer 505

You must turn on IPv6 unicast routing since it is set as disabled by default. Use command ipv6 unicast-routing to enable it

Answer 506

network (ip-address) (wildcard-mask) area (area-id) Area ID can be anywhere from 0-4,294,967,295 or ip ospf (process-id) area (area-id)

Answer 507

default-information originate

Answer 508

show running-config (to verify that OSPF has been turned on) show ip protocols (to verify incoming/outgoing route filters have been applied correctly) show ip route (and look for a proceeding "O" at the start of the line) show ip route ospfs (for just showing OSPF routes)

Answer 509

show ip ospf database or show ip ipv6 ospf database

Answer 510

show ip ospf or show ipv6 ospf

Answer 511

show ip ospf interface (interface name and number) or show ip ospf interface (this will show all interfaces) or for ipv6 show ipv6 ospf interface or show ip ospf interface brief or show ipv6 ospf interface brief

Answer 512

show ip ospf neighbor or show ip ospf neighbor (interface name and number) or show ip ospf neighbor (router-id)

Answer 513

show ip ospf interface (brief) or show ipv6 ospf interface (brief)

Answer 514

show ip ospf neighbor Look for Full or 2-way states (these are good states) show ipv6ospf neighbor

Answer 515

show running-config or show ip ospf interface or show ip protocols

Answer 516

Hello timer dead timer (x4 the Hello timer) authentication password This must match at both ends of the segment

Answer 517

debug ip ospf adj or debug ipv6 ospf adj

Answer 518

Show ip route / show ipv6 route or show ip ospf interface (brief) / show ipv6 ospf interface (brief)

Answer 519

(config)#interface (type and number) (config-if)#ip ospf cost (value)

Answer 520

(config)#router ospf (value) (config-router)#maximum-paths (value)

Answer 521

(config)#interface (type and number) (config-if)#ip ospf cost (value)

Answer 522

(config)#interface (type and number) (config-if)#bandwidth (in kilobytes per second)

Answer 523

(config)#router ospf (ospf id) (config-router)#maximum-paths (maximum is 16)

Answer 524

First Hop Redundancy Protocol Designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address

Answer 525

HSRP- Hot Standby Router Protocol (Cisco) VRRP- Virtual Router Redundancy Protocol (standard) GLBP- Gateway Load Balancing Protocol (Cisco)

Answer 526

Hot Standby Router Protocol Acts as a single gateway for the network by sharing a single virtual IP address and single virtual MAC address between redundant gateways

Answer 527

-Group number must be within the range of 0 through 255 -Uses IPv4 multicast address 224.0.0.2 for HSRP Hello messages. This could potentially cause conflicts with Cisco Group Messages Protocol (CGMP) traffic, which also uses 224.0.02 address -Hello messages do not uniquely identify the sending router -Hello messages do not include millisecond timers -Does not support IPv6

Answer 528

-Group numbers expanded from 0 to 4095 -Uses multicast address 224.0.0.102 which is a dedicated exclusively to HSRPv2 traffic -Hello messages contain a unique identifier -Hello messages include millisecond timer value -Adds support for IPv6

Answer 529

0000.0c07.ac(xx group number)

Answer 530

0000.0c9f.f(xxx Group Number)

Answer 531

HSRPv1- 224.0.0.2 HSRPv2- 224.0.0.102

Answer 532

HSRP priority value HSRP Hello timer interval HSRP hold timer interval

Answer 533

standby (group number) ip (group ip address)

Answer 534

(config-if)#standby (group number) version { 1 | 2 }

Answer 535

(config-if)#standby (group number) timers (hello timer) (hold timer)

Answer 536

(configure-if)#standby (group number) timers msec (hello timer value) msec (hold timer value)

Answer 537

(config-if)standby (group number) priority (value)

Answer 538

(config-if)#standby (group number) preempt

Answer 539

(config-if)standby (group number) preempt delay minimum (in seconds)

Answer 540

show standby show standby brief show standby (interface) (group number)

Answer 541

Virtual Router Redundancy Protocol An open standard FHRP that provides much of the functionality offered by Cisco's propriety HSRP protocol. VRRP uses a single master router and one or more back up routers to provide first-hop redundancy for client devices

Answer 542

There is no message authentication on VRRPv3 Message timers intervals can be set for milliseconds

Answer 543

(config-if)#vrrp (group number) ip (ip-address)

Answer 544

(config-if)#vrrp (group number) priority (value)

Answer 545

(config-if)#no vrrp (group number) preempt

Answer 546

show vrrp show vrrp brief show vrrp (interface) (group number)

Answer 547

Gateway Load Balancing Protocol -All routers forward traffic instead of a single active or master router -GLBP provides both failover and load balancing -Load balancing requires less administrative overhead than HSRP load sharing -GLBP can be more complex to administer than HSRP in a STP environment -GLBP supports up to 1024 GLBP groups per physical interface

Answer 548

active virtual forwarders -AVFs are elected based on highest weight values -AVFs forward frames addressed to its virtual MAC address -A router can be one of a maximum of four AVFs in a single GLBP group -The remaining routers in a group are SVFs in the listening state

Answer 549

standby virtual gateway

Answer 550

0000.b400.(xx group number)(yy gateway number).

Answer 551

-Are used for election and failure detection -Are sent to multicast address 224.0.0.102 -Are sent at three-second intervals by default -Are configured with a hold timer of 10 seconds

Answer 552

secondary virtual forwarder

Answer 553

active virtual gateway -one router per GLBP group is elected as the AVG -The AVG election process is similar to HSRP -One back up gateway is elected as the SVG -The AVG assigns a unique virtual MAC address to each virtual forwarder in a GLBP group -The AVG receives ARP requests

Answer 554

Round-robin- Works by sending traffic to each MAC address in a sequential order Weighted- Works by assigning a weight to each router in the GLBP group and distributing traffic to a GLBP router based on that weight Host dependent- Uses MAC address of sending host to determine Active Virtual Forwarder (AVF) will receive traffic from the host. This configuration should be used when stateful Network Translation (SNAT) is in use on the network

Answer 555

(config-if)#glbp (group number) ip (group-ip-address)

Answer 556

(config-if)#glbp (group ID) priority (value)

Answer 557

(config-if)#glbp (group number) preempt

Answer 558

(config-if)glbp (group number) load-balancing {host-dependent | round-robin | weighted}

Answer 559

Stateful Network Address Translation

Answer 560

(config-if)#glbp (group number) timers (hello timer in seconds) (interval timer in seconds)

Answer 561

(config-if)#glbp (group number) timers msec (hello interval in milliseconds) msec (hold timer in milliseconds)

Answer 562

(config-if)glbp (group number) timers redirect (redirect timer in seconds) (timeout timer in seconds)

Answer 563

a mismatched process ID

Answer 564

OSPF route because the prefix is longer (the network prefix)

Answer 565

HSRP- Hot Standby Router Protocol VRRP- Virtual Router Redundancy Protocol GLBP- Gateway Load Balancing Protocol

Answer 566

Dynamic Host Configuration Protocol

Answer 567

Domain Name System

Answer 568

Network Time Protocol

Answer 569

Simple Network Management Protocol

Answer 570

Layer 7 Application

Answer 571

DHCP Discover DHCP Offer DHCP Request DHCP Acknowledgement

Answer 572

A DHCP will broadcast a DHCPDISCOVER packet to locate a DHCP server. If one exists the DHCP server will respond with a DHCPOFFER packet. If no DHCP server can be located, the client will assign itself a Automatic Private IP Address (APIPA) in a range of 169.254.0.0 - 169.254.255.255

Answer 573

A DHCPOFFER packet is a unicast packet that contains IP configuration information, such as the IP address, subnet mask, default gateway, and DNS server addresses that the client should use. The client will typically accept the first DHCPOFFER packet it receives and will respond with a DHCPREQUEST packet

Answer 574

A DHCPREQUEST phrase is a broadcast packet that formally request the IP address from the DHCP server. The DHCPREQUEST packet is broadcast from the DHCP client to the entire network rather than the unicast to the specific DHCP server so that the other DHCP servers can re-allocate the IP addresses they offered to the DHCP client. A DHCPDECLINE packet is opposite of a DHCPREQUEST packet. A DHCPDECLINE packet is a broadcast packet that a DHCP client sends to formally reject the DHCPOFFER from a DHCP server

Answer 575

When a DHCP server receives a DHCPREQUEST packet from a client and the IP address is still available for the client to use, the server will send a DHCPACK packet. A DHCPACK is a unicast pack that confirms that the IP address has been officially assigned to the client for the duration of the lease. A DHCPNAK packet is opposite of a DHCPNAK packet. A DHCPNAK packet informs the DHCP client that the IP address in the DHCPREQUEST is no longer valid for the client to use.

Answer 576

(config)#interface (type and port number) (config-if)#ip address dhcp ip helper-address (address of the dhcp server)

Answer 577

(config-ip)#ip dhcp client (day) (hour) ip helper-address (address of the dhcp server)

Answer 578

Stateless Address Automatic Configuration

Answer 579

Moves you back one mode

Answer 580

Like Ctrl+z, returns the rooter to privileged EXEC mode

Answer 581

Stateless Address Automatic Configuration Automatically assigns itself a Global unicast IPv6 address

Answer 582

ipv6 address autoconfig

Answer 583

ipv6 address autoconfig The same command to enable SLAAC. This will also obtain nonaddress information to the clients, such as DNS server addresses and domain name search values

Answer 584

IPv6 address dhcp This will only work if both the DHCPv6 server and the DHCPv6 client has stateful addressing configured

Answer 585

(config)#service dhcp - check to see if it is enabled first (config)#ip dhcp excluded-address (begining of pool addresses) (ending of pool of IP addresses) (config)#ip dhcp pool (pool name) - no spaces in the pool name, use underscore instead) (dhcp-config)#network (ip address of server) (subnet mask of server)

Answer 586

ipv6 nd other-config-flag

Answer 587

(dhcp-config)#domain-name (domain name) (config-dhcpv6)#domain-name (domain name)

Answer 588

Configure DHCPv6 to send nonaddress information Configure Domain Name Configure DNS Server Configure default gateway Configure default lease time

Answer 589

(dhcp-config)#dns-server (ip address) (config-dhcpv6)#dns-server (ip address)

Answer 590

(dhcp-config)#default-router (ip address)

Answer 591

(dhcp-config)#lease (day) (hour)

Answer 592

Show ip dhcp conflict- If a conflict is discovered the address will be removed from the pool of available addresses until the conflict is resolved show ip dhcp binding / show ipv6 dhcp binding- Displays the address that have been leased to clients, the hardware addresses of the clients, lease expiration times and type of address segment show ip dhcp binding (ip address in question) clear ip dhcp binding / clear ipv6 dhcp binding - removes automatic IP address assignments from the DHCP database, If you want to remove a single IP address include it with the command

Answer 593

Maps 32-bit IP address to host names (example: www.) Client query a server on UDP 53 or TCP 53. If under 512 bytes it will be sent UDP, if over it will be sent TCP Cisco devices can function as both client and server

Answer 594

A recursive search over the internet is consider authoritive A DNS entry that is retrieved from an operating system (OS) cache or other name-caching system is not considered authoritive

Answer 595

(config)#ip domain lookup (config)#ip name-server (ip address, up to six) (config)#ip domain name (name of domain name)

Answer 596

(config)#ip dns server (config)#ip host (host name) (ip address of host) IPv6 (config)#ip host (host name) (IPv6 address of host)

Answer 597

Network Address Translation Can map IP addresses in one network to IP addresses in another network. Nat was created to mitigate the unique IP address limitations of IPv4

Answer 598

One-to-one mappings Many-to-many mappings Many-to-one mappings

Answer 599

Is referred as static NAT. If a host on the inside network attempts to access a host on the outside network and no mapping exists for the internal host, then all traffic from the internal host will be dropped by the NAT router. Static NAT mappings do not expire

Answer 600

If a host on the inside network attempts to access a host on the outside network and no address mapping exists for the internal host, then all traffic from the internal host will not be dropped by the NAT router. Instead, an available address is allocated from the address pool and a new mapping is created. If there are no addressing available in the IP address pool, no mapping will be created and all traffic from the inside host will be discarded until an address becomes available. Because each mapping is dynamically created NAT mappings expire after a specified time of inactivity

Answer 601

Port Address Translation PAT uses layer 4 port numbers to identify each address mapping. Address mapping are created as needed and expire after a specified time of inactivity

Answer 602

At least one interface must be on the outside network At least one interface must be on the inside network (config)#interface (port type and number) (config-if)#ip nat inside (config)#interface (port type and number) (config-if)#ip nat outside

Answer 603

(config)#ip nat inside source static (inside-local-address) (inside-global-address)

Answer 604

show ip nat translations

Answer 605

(config)#ip nat pool (name of pool) (start address) (end address) netmask (subnet mask) (config)#access-list (acl number) permit (source ip) (source wild-card) (config)#ip nat inside source list (acl number) pool (pool name)

Answer 606

show access-list

Answer 607

show ip nat translations

Answer 608

(config)#access-list (acl number) permit (source ip) (source wild-card) (config)#ip nat inside source list (acl number) interface (type and number) overload Overload= Configures NAT to use source port numbers to map inside local IP addresses to inside global IP addresses

Answer 609

Version- 4 bytes Traffic class- 8 bytes Flow label- 20 bytes Payload length- 16 bytes Next header- 8 bytes Hop count- 8 byte (same as TTL Time to Live) Source address Destination address

Answer 610

Extension Header Information ICMP Type- 8 bit ICMP Code- 8-bit ICMP checksum- 16-bit ICMP Contents- (size depends on type and code) ICMP= Internet Message Control Protocol

Answer 611

(config)#ntp server (NTP server IP Address)

Answer 612

-Peer and server associations are not configured -Authentication is disabled -Access restrictions are not configured -Broadcast service is disabled -Packet source IP address is configured by outgoing interface

Answer 613

clock timezone (zone: example CST) clock timezone (hours offset: example -5)

Answer 614

(config)#ntp master (stratum: lower the number of the stratum, the higher the priority)

Answer 615

(config)#ntp authentication-key (key number- being a numerical value between 1-65536) md5 (key - a string of up to 15 alphanumeric characters) (config)#trusted-key (key-number that should be trusted) (config)#ntp server (ip-address of NTP server) key (key-number that should be used)

Answer 616

(config)#ntp authentication-key (key number) md5 (password) (config)#ntp authentication

Answer 617

(config)#access-list (number of access list) permit (ip address of NTP server) (config)#ntp access-group peer (number of access list)

Answer 618

Show ntp authentication keys- displays the authentication keys that you configured using the ntp authentication-key command Show ntp trusted-keys- displays the list of trusted keys that was configured by issuing the ntp trusted-key command Show ntp authentication-status- displays information about the current status of the NTP authentication configuration

Answer 619

Show ntp associations- to verify the NTP configuration on a Cisco device. Shows IP address of configured NTP servers and there respective clock sources, strata, and reachability statics Show ntp status- to verify operation of NTP on a Cisco device

Answer 620

Secure File Transfer Protocol An encrypted version of FTP that uses SSH

Answer 621

Secure Copy More secure than SFTP but cannot be used to display remote directory information or delete files from the remote server

Answer 622

Port 20- the data port Port 21- the control port: Is used to send commands from the FTP client to the FTP server Both ports use TCP

Answer 623

Active mode: The FTP client listens for connections from the FTP server and establishes the control channel. The FTP server establishes the data channel. Because the FTP client is listening for connections in active mode, establishing a active FTP can be problematic if the client is sitting behind a firewall Passive mode: Firewalls poise less of a problem because the FTP client is responsible for establishing the control channel and the data channel

Answer 624

(config)#ip ftp username (usrename) (config)#ip ftp password (password)

Answer 625

#copy (source [Ex. flash:myios.bin]) (destination [ftp://198.51.100.1/ios/myios.bin]) #copy (source [ftp://198.51.100.1/ios/myios.bin]) (destination [Ex. flash:myios.bin])

Answer 626

Uniform Resource Locator

Answer 627

FTP://(username):(password)@(source/destination( (source/destination)

Answer 628

Trivial FTP Is a simpler FTP protocol Uses port 69 UDP Can be used by Cisco IOS devices to transfer IOS images or store configurations Can be used to boot Cisco device from Offers only unidirectional transfers

Answer 629

Simple Mail Transfer Protocol Port 25

Answer 630

telnet (ip-address) (port) [ex; 25- smtp, 80- http, 53- DNS]

Answer 631

(config)#line vty (port range) [routers typicall 0 4, switches typically 0 15] (config-line)#login (config-line)#password (password) (config-line)#transport input (type) [ex: SSH, all, none]

Answer 632

telent (host) [ip-address of server trying to connect to] To exit: Ctrl+Shift+6 then "x" to resume: resume (the command)

Answer 633

ip ssh version 1 ip ssh version 2 no ip ssh version (both versions can be used) show ip ssh- will display what version is running

Answer 634

(config)#line vty 0 4 (config-line)#no password (config-line)#transport input ssh (config-line)#exit (config)#hostname (hostname) (config)#ip domain-name (domain-name) (config)#crypto key generate rsa modulus 1024

Answer 635

Management Information Base

Answer 636

Object IDs

Answer 637

Retrieving information from MIB in bulk form does not use encryption

Answer 638

Uses encryption improves upon error handling Supports bulk transfers from MIB, known as GetBulk

Answer 639

(config)#snmp-server community (community-string) { ro | rw } ro=read-only rw=read/write (config)#snmp-server location (location ex: Tampa) (config)#snmp-server contact (conact ex: John Doe)

Answer 640

(config)#snmp-server version 3 priv

Answer 641

Show snmp Show snmp community Show snmp contact Show snmp location Show snmp host

Answer 642

Network Management System

Answer 643

Critical Major Minor Informational

Answer 644

(config)#logging host (ip-address)

Answer 645

(config)#logging host (ip-address)

Answer 646

show logging

Answer 647

0- Emergencies 1- Alerts 2- Critical 3- Errors Ex: interface up/down state changes 4- Warnings 5- Notifications Ex: route flaps, neighbor adjacencies, internet protocol up/down transitions 6- Informational 7- Debugging Only happens when debug command is used. After debugging be sure to issue no debug all to stop logging

Answer 648

(config)#logging console (severity-level) (config)#logging trap (severity-level)

Answer 649

Priority Code Point

Answer 650

Class of Service

Answer 651

Traffic Identifier Typically used in wireless networks

Answer 652

Type of Service

Answer 653

IP Precedence

Answer 654

Differentiated Services Code Point

Answer 655

Per-Hop Behavior Is a four classes of traffic: BE- best effort (lowest priority) CS- class sector AF- assured forwarding EF- expedited forwarding (highest priority)

Answer 656

Network Based Application Recognition Analyzes the layer 7 payload of each packet and uses application signatures to identify traffic

Answer 657

Protocol Description Language Modules

Answer 658

Next Generation NBAR (Network Based Application Recognition)

Answer 659

FIFO (First In First Out) PQ (Priority Queuing)- Creates four distinctive queues of decreasing priority. The PQ guarantees that higher priority traffic will be sent before lower priority, however this strict prioritizing can cause lower priority traffic to experience starvation CQ (Custom Queuing)- Creates 16 queues, each with a configurable average transmission byte count. The queues are serviced in a round-robin fashion where a number of packets sent from a queue, up to its configured transmission byte count. The CQ attempts to make distribution of bandwidth proportional to the defined classes of traffic WFQ (Weighted Fair Queuing)- Dramatically creates up to 256 queues and attempts to distribute available bandwidth between them fairly based on the IP precedence or weight of the traffic. Lower weight traffic such as the small packets of voice traffic is given a proportnatly higher priority than higher weighted traffic, such as bulk traffic

Answer 660

Class-Based Weighted Fair Queuing (WFQ)

Answer 661

Low Latency Queuing

Answer 662

Strict Priority (PQ) Round-Robin (CQ) Weighted Fair (WFQ)

Answer 663

Link Fragmentation and Interleaving

Answer 664

Random Early Detection

Answer 665

Weighted Random Early Detection

Answer 666

Committed Information Rate

Answer 667

Service Level Agreements

Answer 668

Committed Access Rate

Answer 669

Physical threats Reconnaissance attacks Access attacks

Answer 670

Intrusion Detection System

Answer 671

Intrusion Prevention System

Answer 672

(config)#vlan (vlan value) (config-vlan)#name (name of vlan) (config-vlan)#exit (config)#interface (port type and number) (config-if)#switchport access (vlan number)

Answer 673

#show interfaces (type and number) switchport #show interfaces (type and number) trunk

Answer 674

Dynamic Trunking Protocol

Answer 675

(config)#line vty (typically 0 4 for routers and 0 15 for switches) (config-line)#password (password) (config-line)#login service password-encryption

Answer 676

(config)#username (username) password (password) (config)#username (username) secret (password) (config)#line vty 0 4 (config-line)#login local

Answer 677

(config)#enable password (password) (config)#enable secret (password)

Answer 678

(config)#service password-encryption

Answer 679

Public Key Information

Answer 680

Protected Health Information

Answer 681

Something you know (type 1) Something you have (type 2) Something you are (type 3)

Answer 682

Multi-Factor Authentication Is a type of authentication that requires two or more factors of authentication

Answer 683

Two-Factor Authentication Is a type of authentication that requires exactly two factors of authentication

Answer 684

Standard- Based only on IP addresses Extended- source/destination IP address, protocol, and port Named

Answer 685

Permits/denies traffic based on host IP address or subnet. They are identified by a number in a range from 1 through 99 and 1300 through 1999

Answer 686

Permit/denies packets based on source IP address, destination IP address, protocol, and port. They are identified by a number in a range from 1 through 100 and by a number in the range from 2000 through 2699

Answer 687

Can be either a standard ACL or extended ACL. They are identified by a string of characters and the keyword "standard" or keyword "extended". Ex: ip access-list standard Boson This command creates a standard ACL named Boson

Answer 688

access-list (acl-number) { deny | permit } {host ip address \ source source-wildcard | any } Note: acl-number must be a number from ranges 1-99 or 1300-1999

Answer 689

access-list (acl-number) { deny | permit } {(protocol) (source source-wildcard [operator port]) (destination destination-wildcard (operator port]) Note: operator number can be eq-equal neq-not equal lt- less than gt- greater than range- a range of numbers

Answer 690

ip access-list { standard | extended } (name) (sequence-number (optional)) { deny | permit } {host ip-address | source source-wildcard | any }

Answer 691

(config)# time range (name of time range) (config-time-range)#{ absolute (start time date) (end time and date) | { periodic (days of the week hh:mm TO days of the week hh:mm) | daily | weekdays | weekends }}

Answer 692

(config)#access-list (access list number) permit (IP address ip-address-wildcard) (config)#line vty 0 4 (config-line)#access-class (access list number) in

Answer 693

(config)#interface (type and number) (config-if)#ip access-group (number or name of ACL) { in | out }

Answer 694

(config)#dhcp snooping (config)#ip dhcp snooping vlan (number and/or range) (config)#interface (type and number) (config-if)#ip dhcp snooping trust

Answer 695

show ip dhcp snooping show ip dhcp snooping binding

Answer 696

Dynamic ARP Inspection A security feature that rejects invalid and malicious ARP (Address Resolution Protocol) packets. The feature prevents a class of man-in-the-middle attacks

Answer 697

(config)#ip arp inspection vlan (vlan number) (config)#ip arp inspection trust

Answer 698

Switch Port Analyzer Enables you to monitor traffic on a single switch by configuring one or more ports in one or more vlans on the switch as the source port and a single port on the switch as a destination port

Answer 699

Differentiated Services Code Point (DSCP) is a means of classifying and managing traffic and of providing QoS on layer 3 IP networks. It uses 6-bit Differentiated Services (DS) field in the IP header for the purpose of flagging

Answer 700

Differentiated Services Code Point

Answer 701

Manually configure a trunk port Manually configure a access port Manually turn of DTP Switchport nonegiate

Answer 702

Manually configure a trunk port (config)#interface (type and port) (config-if)#switchport trunk encapsulation dot1q (config-if)#switchport mode trunk Manually configure access port (config)#interface (type and port) (config-if)#switchport mode access Disabling DTP negotiation (config)#interface (type and port) (config-if)#switchport nonegotiate

Answer 703

Protect- The switch will discard the traffic Restrict- The switch will discard the traffic, log the unauthorized entry attempt, increment the SecurityViolation counter, and send a SNMP trap message Shutdown-The switch will discard the traffic, log the unauthorized entry attempt, increment the SecurityViolation counter, and place the port into the error-disabled state

Answer 704

(config-if)#switchport port-security violation { protect | restrict | shutdown }

Answer 705

Must shutdown the interface with the shutdown command then issue the no shutdown command

Answer 706

#show port-security interface (type and port)

Answer 707

1) Sticky address learning is disabled 2) A maximum of one MAC address will be allowed on the port 3)The shutdown violation mode is enabled 4)Port security aging time is is configured to zero 5)Port security static aging is disabled 6)Port security aging type is configured to absolute

Answer 708

Wi-Fi Protected Access Was created to replace WEP that had a RC4 streamer cipher encryption protocol, which supports an encryption key length of 1128 bits. Because WEP has no system key management and has weak initialization vector (IV), it was later replaced with WPA. Temporal Key Integrity Protocol (TKIP) is used to provide message integrity checks (MICs) and encryption in the WPA protocol. The WPA TKIP implementation therefore provides improvements over WEP but still uses RC4 as encryption algorithm

Answer 709

Wi-Fi Protected Access version 2 -Was created to address security issues in WPA -Uses the 802.11i wireless standard -Uses the block cipher AES as a encryption algorithm with security keys of 128, 192, or 256 bit -Uses CCMP with AES for encryption

Answer 710

Advanced Encryption System

Answer 711

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

Answer 712

Wi-Fi Protected Access version 3 -Was created to replace WPA2 in 2018 -Galois/Counter Mode Protocol (GCMP) is used with AES for encryption

Answer 713

Terminal Access Controller Access-Control System Plus Is a AAA system. Unlike RADIUS, TACACS+ has these differences: -Is a Cisco-proprietary AAA protocol -Separates each AAA operation from others -Encrypts the entire contents of the packet -Uses TCP port 49 for all operations -Can be configured to do authorization and accounting only

Answer 714

Authentication, Authorization, and Accounting Is used to verify the identify of a user, preventing unauthorized access to sensitive data, and record user activity on a system. This system also centralizes identity-based authorization for the entire network regardless of the host and client location(s). Examples of this system are RADIUS and TACACS+

Answer 715

Remote Authentication Dial-In User Service Is a AAA service. Unlike TACACS+, RADIUS has these differences: -Is a Internet Engineer Task Force-standard AAA protocol -Combines AAA authentication and authorization operations -Uses UDP 1812 for authentication -Uses UDP 1813 for accounting

Answer 716

(config)#aaa new-model (config)#username (username) password (password)

Answer 717

(config)#radius server (name of server) (config-radius-server)#address ipv4 (ip address of server) (config-radius-server)#key (new password) (config)#aaa group server radius (name of group) (config-sg-radius)#server name (RADIUS server name) (config)#aaa authentication login default group Server group name) local

Answer 718

(config)#tacacs server (server name) (config-server-tacacs)#address ipv4 (tacacs server ip address) (config-server-tacacs)#port 49 (config-server-tacacs)#key (new password) (config)#aaa group server name (name of group server) (config-sg-tacacs+)#server name (server name) (config)#aaa authentication login default group (server group name) local

Answer 719

Classful ignores your subnet mask, will look at your address as is. Ex: class A, class B, class C IP addresses Classless does look at your subnet mask

Answer 720

224.0.0.10

Answer 721

Dynamic Multipoint Virtual Private Network -Is a Cisco-proprietary VPN technology -Leverages the strengths of IPSec, GRE, NHRP -Supports hub-n-spoke-and spoke-to-spoke topology

Answer 722

Integrated Services Digital Network

Answer 723

Is a open standard that operates at the network layer (layer 3). Is responsible for securing VPN traffic by providing device authentication, data encryption, and data integrity

Answer 724

Authentication Header algorithm (AH)- verifies the sending device and provides data integrity but does not encrypt data. Protects the integrity of several IP header fields Encapsulating Security Payload algorithm (ESP)- encrypts data, verifies the sending device, and protects the integrity of data transmitted over VPN. Protects IP header fields only if the header fields are encapsulated by ESP. Could both be enabled but causes more overhead for both the VPN gateway and the remote clients

Answer 725

Data Encryption Standard (DES)- 56-bit encryption Triple DES (3DES)- Uses three 64-bit chunks and then encrypts each individual chunk with a 56-bit key Advanced Encryption Standard (AES)- Offers better encryption and efficiency than the other two methods. Uses 128-bit, 192-bit, or 256-bit encryption

Answer 726

MD5 creates 128-bit hashes SHA-1 creates 160-bit hashes Hashing method that is used must match on both devices

Answer 727

Pre-Shared Key

Answer 728

Generic Routing Encapsulation -Utilizes a Cisco-proprietary encapsulation protocol -Are designated to tunnel layer 3 passenger protocols -Provides network flexibility but lacks native mechanism for flow control and security -Can be used in conjunction with IPSec for security

Answer 729

Data originating from discontiguous networks can be transmitted through a single GRE tunnel Can be used to forward EIGRP and OSPF traffic

Answer 730

(config)#interface tunnel (tunnel number) Note: Tunnel number must match at both ends (config-if)#tunnel mode gre ip (config-if)#ip address (ip address) (subnet mask) Note: This will be the internal address (config-if)#tunnel source (from the external ip address) (config-if)#tunnel destination (to the external ip address) The setup on the other route, may need to adjust MTU downward if you can not ping but also you will need to configure routes to the other end before doing pings

Answer 731

Show interface tunnel (tunnel number) If you get a up/down state, check the following: -That a route to the tunnel destination exists -That the interface configured as the tunnel source is in the up/up state -That the route to the tunnel destination is not through the tunnel itself

Answer 732

-Its a Cisco-proprietary VPN solution -Creates dynamic tunnels -Uses NHRP for dynamic address mapping and solution -Uses IPSec for security -Supports dynamic routing protocol

Answer 733

multipoint Generic Routing Encapsulation

Answer 734

Application Programming Interfaces

Answer 735

Software-Defined Nerworking

Answer 736

Cisco's Software Defined Access

Answer 737

Cisco's Digital Network Architecture

Answer 738

Representational State Transfer

Answer 739

Extensible Markup Language

Answer 740

JavaScript Object Notation

Answer 741

Traditional- Flow decisions are made by multiple routers in a decentralized fashion. Administrators are responsible for configuration and maintaining each device individually Controller-based- Flow decisions are made by a central controller. Configuration and maintenance of devices can involve automation and can be performed from a central location and in a standard way

Answer 742

Control plane- Is where network flow decisions are made Data plane- Is where network access devices operate Management plane- Is where configuration and maintenance tasks are performed Control-based networks also have a application plane- Which might reside in the management plane

Answer 743

Underlay Network Overlay Network Fabric Intermediate Node

Answer 744

Is traditional network of configuring switches/routers or physical composition of the network. It is a collection of devices, interfaces, and media that comprises the IP Network that connects each fabric node when using SDA. Cisco recommends using IT-IT instead of OSPF and EIGRP

Answer 745

An overlay network is the logical or virtualized network that is formed on top of the underlay (physical) network. More than one overlay network can be implemented on top of single underlay network. Some of these protocols are VXLAN, VRF, NVGRE, OTV, mVPN

Answer 746

Is the combination of an underlay network and an overlay network/ Is managed through a controller. Relies on five fabric nodes: Control plane node- manages host tracking database (HTDB) which is used to map EID's (endpoint identification) to RLOC's (Routing locators) Edge nodes- connect end point devices to the SDA fabric and function as anycast layer 3 gateways Intermediate node- Are layer 3 transport devices within the underlay network capable of supporting VXLAN traffic. WLC node- resides outside the SDA fabric and provides wireless connectivity to endpoints connected to lightweight AP that are attached to edge nodes

Answer 747

Sometimes called northbound interfaces (NBIs). Northbound APIs provide an interface for an SDN or Cisco SDA controller to communicate with the application plane. Applications use northbound APIs to send requests or instructions to a controller, which uses that information to modify and manage network flow.

Answer 748

Is a stateless method of creating, updating, modifying, and deleting information by using HTTP server. REST APIs relies on HTTP verbs to communicate with backened applications

Answer 749

Create, Read, Update, Delete Represents the four basic functions of an application. Is implemented by using HTTP in the REST API

Answer 750

GET- equivalent to read defined by CRUD. Is used by browsers to retrieve information POST- equivalent to create as defined by CRUD PATCH- equivalent to update defined by CRUD PUT- is equivalent to the update action by CRUD DELETE- equivalent to delete action as defined by CRUD

Answer 751

Are sometimes referred to as SBIs Enable an SDN or Cisco SDA controller to communicate with edge devices or devices in the data plane Sum common southbound APIs are NETCONF, RESTCONF, OnePK, OpenFlow, and OpFlex

Answer 752

Is a southbound API that is intended to replace SNMP Relies on Yet Another Next Generation (YANG) data modeling to communicate with network applications Uses YANG to replace SNMP Management Information Base (MIB) Encodes output in either XML or JASON format

Answer 753

Is defined by RFC 8040, is intended to replace SNMP in controller-based networks and can also be used to interact with YANG data models. Uses HTTPS verbs for its operations and can encode either XML or JASON

Answer 754

A configuration management tool, is the most mature and widely used. Operates in Linux UNIX-like systems, and Microsoft Windows. Is written in Ruby or by Ruby like puppet language. Puppet uses a client/server architecture. Managed nodes that are running the Puppet agent application can receive configurations from a primary server running Puppet Server. Uses HTTPS port 8140

Answer 755

Operates in Linux, UNIX-like stsems, and microsfot windows. Can use client/server architecture or as a stand alone client configuration. Uses HTTPS port 443 Information is stored in cookbooks that are written in Ruby and stored on a Chef server. Standalone clients can pull cookbooks locally or from tar.gz archive on the internet

Answer 756

Operates in Linux, UNIX-like systems, and Microsoft Windows. Is not an agent software, usually referred as a agentless automation tool, is written in Python Ansible configurations are stored in Playbooks written in YAML Aint Markup Language (YAML). Managed Nodes can be download scripted modules from Ansible Server by using SSH on a standard SSH port on Port 22

Answer 757

Puppet Bolt- Is different from Puppet. It is a agentless automation tool. Uses SSH or Windows Remote Management (WinRM) to connect to devices for configuration management. Is a open source written in Ruby and can be run on Linux, UNIX-like systems and Windows Salt- Agent based automation tool written in Python. Can be run on Linux, UNIX-like systems, and Windows. Uses client/server architecture by installing Salt Master software on the server and Salt Minion software on managed nodes. Masters and Minions communicate by using ZeroMQ. Salt SSH- Is a deployment of Salt without using Salt Minion software. Is much slower than ZeroMQ. Configurature information is stored primarily in state models that are typically written in YAML but can be also written in Python Domian Specific Language (PyPSL) for complex configuration scripts

Answer 758

A central controller

Answer 759

To enable: spanning-tree mode pvst To confirm: show spanning-tree show running-config

All Flashcards

(819 cards)