Main Flashcards

Question

ABR vs ASBR?

Answer 1

ABR = (Area Border Router) is a router with interfaces in multiple OSPF areas ASBR = (Autonomous System Boundary Router) is a router which redistributes routes into OSPF (even from another protocol)

Answer 2

FHRP (First Hop Redundancy Protocol) is a Layer 2 protocols works only in the local subnet *** HSRP (Hot Stand-bye Routing Protocol) = Cisco Proprietary - Single Active (cannot load balance) *** VRRP (Virtual Router Redundancy Protocol) = Non- Proprietary - Single Active (is not meant to load balance) *** GLBP (Gateway Load Balancing Protocol) = Cisco Proprietary - Active+4 active virtual forwarders (load balancing)

Answer 3

(X) Service Set * (Basic) - BSS is a single AP topology * (Extended) - ESS is overlapping (2 or more) APs topology * (Independent) - IBSS is a wireless topology with no APs at all

Answer 4

Ansible: transport SSH-TCP 22 / architecture client/server (without agent software) / configurations PLAYBOOKS / language YAML Puppet: transport HTTPS-TCP 8140 / architecture client/server / configurations MODULES / language PuppetDSL or RubyDSL Salt: transport ZeroMQ-TCP 4505/6 / architecture client/server / configurations SCRIPTS / language YAML or Python or PyDSL Chef: transport HTTPS-TCP 443 / architecture client/server or standalone / configurations COOKBOOKS / language Ruby DSL

Answer 5

Yes, as long as it is not inherited from a FlexConnect group FC ACL’s are applied per AP & VLAN - NOT per AP & Interface!!

Answer 6

No, unlike regular ACL’s you cannot create a per rule direction FlexConnect ACL

Answer 7

Neighbor table – stores information about EIGRP neighbors. Before exchanging routes, routers need to establish a neighbor relationship It lists all adjacent routes including the routes that are not successors or feasible successors

Answer 8

Moves the trust boundary from the switch to the IP phone, which tells the switch to accept the traffic as having come from a trusted source *(MLS) Multi Layer Switching [tells the SWITCH to trust the PHONE and it's subsequent packet prioritization, even those packets that were sourced by the host attached to the IP phone]

Answer 9

A static client can get it’s time only from the one NTP server specified for it, where as a broadcast client can get its time from any NTP server on the network ntp peer is where an ntp host will attempt to sync with another ntp host (a peer), this is called ntp symmetric mode, it may synchronize the other host or be synchronized by it

Answer 10

True, WLC dynamic interfaces are user defined and used for client data False, there are 512 dynamic interfaces per WLC Dynamic interfaces function like a vlan, to segment traffic

Answer 11

10%-15% (with non-overlapping channels)

Answer 12

Link State = OSPF & IS-IS Distance Vector = RIP & IGRP

Answer 13

These are all Spanning Tree Protocol features PortFast - enables a port to immediately access the network without listening and learning first UplinkFast - increases convergence speed for access layer switches once a Root Port fails, it immediately replaces it with an alternate root port BackboneFast - increases convergence on a switch that detects a failure on links that are not directly connected 802.1w a.k.a. Rapid Spanning Tree Protocol (RSTP) includes these three features natively

Answer 14

ip arp inspection vlan is the cli command to enable DAI on VLANs it CANNOT be run in interface configuration mode To trust a port in interface configuration mode you would need the cli command ip arp inspection trust

Answer 15

collisions - occur when a packet must be-resent BEFORE the 64th or 512th bit has been transmitted late collisions - occur when a packet must be-resent AFTER the 64th or 512th bit has been transmitted

Answer 16

* Runt - a frame with fewer than 64 bytes (they are discarded) * *Giant - a frame that exceeds 1,518 bytes anything up to 1522 will not generate a baby giant error * *Baby Giant - a frame that is up to 1,600 bytes in length (baby giant error=1600) * Jumbo - is a frame that is up to 9,216 (newer frame sizes)

Answer 17

************ A fully specified route = Mostly used when the outbound interface is multiaccess and could therefore be configured with multiple next hop addresses IPv6 route {destination network/CIDR} {the routers outbound interface to the next-hop} {next-hop IPv6 address} Ie… ipv6 route 2001:db8a/32 fa 0/1 2001:db8:b::1 . . ************ A directly attached static route = Specifies the destination and only the outbound interface. The router must assume the destination is reachable through this outbound interface IPv6 route {destination network/CIDR} {the routers outbound interface to the next-hop} Ie… ipv6 route 2001:db8a/32 fa 0/1 . . ************ A recursive static route = Specifies the destination and only the next-hop. This next-hop IPv6 address must be resolvable through the outbound interface IPv6 route {destination network/CIDR} {next-hop IPv6 address} Ie… ipv6 route 2001:db8a/32 2001:db8:b::1 . . ************ A floating static route = A floating static route is a backup route and can be any of the above 3 types with an Administrative Distance (AD) higher than the primary route. 5 is representing the AD in the 3 examples below: (fully specified static route) ipv6 route 2001:db8a/32 fa 0/1 2001:db8:b::1 5 (directly attached static route) ipv6 route 2001:db8a/32 fa 0/1 5 (recursive static route) ipv6 route 2001:db8a/32 2001:db8:b::1 5

Answer 18

HSRP v 1 virtual MAC - 0000.0C07.ACxx (Cisco proprietary) HSRP v2 virtual MAC - 0000.0C9F.Fxxx (Cisco proprietary) VRRP -0000.5E000.01xx (non proprietary) GLBP - 0005.B400.xxyy (Cisco proprietary)

Answer 19

* RC4 is for WEP - (Rivest Cipher 4) * TKIP is for WPA - (Temporal Key Integrity Protocol) * CCMP is for WPA 2 - (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) * AES is for WPA 2 & 3 - (Advance Encryption Standard) * GCMP is for WPA3 - (Galois/Counter Mode Protocol)

Answer 20

* RTS - Ready to Send - manage interference * CTS - Clear to Send - manage interference * ACK - Acknowledgment - acknowledgment * PS - Power Save - client asks AP if frames might have been buffered while it was resting

Answer 21

OSPF does support equal cost load balancing Don’t forget to issue the cli command maximum-paths 8 to override OSPF’s default max of 4 equal cost paths in the routing table EIGRP support BOTH equal and unequal cost load balancing

Answer 22

Distance vector protocols (like RIP, IGRP) send their entire routing table to directly connected neighbors Link state protocols (like OSPF & IS-IS) send information about directly connected links to all the routers in the network - stays constantly connected EIGRP is a Hybrid (but closer to Distance Vector)

Answer 23

1-99 and 1300-1999 100-199 and 2000-2699

Answer 24

Cisco DNA Center - Browser based GUI for network configuration and centralized control - Enterprise management solution built specifically for Cisco’s SDA for building LANs using policies and automation Cisco Network Assistant - Java based desktop application GUI for operations, diagnoses and interaction with devices (pre dates SDA and is not supported by SDA) Cisco PI (Prime Interface) - Browser based GUI for operations, diagnoses and interactions with devices (pre dates SDA and is not supported by SDA) Cisco IOS - Cisco’s CLI Operating System (OS) for switches and routers

Answer 25

* The overlay network creates the VXLAN tunnels * The underlay network is a more traditional network configuration of switches Alphabet soup: Cisco’s Software Defined Networking (SDN) is called Software Defined Access (SDA) and is controlled by a Digital Network Architecture (DNA) controller.

Answer 26

* hostname - give the router a name other than “Router” * ip domain-name - configure the domain name * crypt key generate rsa - generate an RSA key pair for the router * transport input ssh - finally, configure the VTY lines to use SSH ip ssh time-out xy command will be accepted by the router even before (the above commands are issued) SSH is setup - even though it would be irrelevant if SSH isn’t setup properly first

Answer 27

When multiple routes to a network exists and each route uses a different protocol - the router prefers the one with the lowest AD (Administrative Distance) When multiple overlapping routes to a network exists, the router will select the route with the longest prefix length, the most specific route

Answer 28

EIGRP exchanges the complete routing information just one time when the neighboring routes are established. After that it only tracks the changes OSPF keeps track of the whole topology database, of all the connection in the database consistently

Answer 29

higher is better 0-7 * 0 (zero) - The default behavior of a Cisco IP phone is to override the CoS value assigned by the host and reassign the lowest CoS priority value of a 0 to the data packets * 5 for VoIP data traffic (this is the voice) * 3 for voice signaling traffic

Answer 30

No! lldp’s will always be held no lldp holdtime restores the lldp holdtime to the default setting of 120, effectively overriding any manual changes to the hold time - think of it as, don't use any previous manual changes to the holdtime anymore Manual changes can be made to the hold time from 0 - 65535 using the cli command lldp holdtime x

Answer 31

Yes; however, PortFast is NOT disabled if the voice VLAN is disabled PortFast should only be enabled on access mode ports PortFast can be applied globally or to the individual interface, the cli commands are: • Global mode - spanning-tree portfast default • Interface mode - spanning-tree portfast

Answer 32

No, by default it will error disable the port, forcing the administrator to shut and then no shut the port manually If the global cli command errdisable recovery cause inline-power has been issued, the ports on that switch will recover from error disable caused by in-line power police, automatically The default behavior of inline police can be change with the cli command power inline police action log this will not error disable the port in the event of a power incident, instead it will restart the port and send a log message to the console

Answer 33

No, the Link-Local unicast address is used. Link local addresses always begin with FE8, FE9, FEA or FEB Site-Local unicast addresses have been deprecated by RFC 3879 and are not used today

Answer 34

48 bits, and 6 octets of 8 bits each

Answer 35

The divider is at 3 octets (out of 6) - 24 bit divider [48 bits divided in 2] MAC address are unique because they are broken down in two parts, like so: OUI are assigned by the IEEE to identify the manufacturer NIC are assigned by the manufacture to be unique among the products they produce OUI------OUI----OUI--|||--NIC-----NIC-----NIC 8bits / 8 bits / 8 bits ||| 8bits / 8 bits / 8 bits

Answer 36

IaaS - Infrastructure as a Service gives the greatest degree of freedom to the consumer over provisioning: processing, memory, storage and networking resources. The customer can install OSs and applications PaaS - Platform as a Service the middle ground of the three services. It allows the customer to install programs and programing languages. Often used to create cloud-based databases and customer relationship management tools SaaS - Software as a Service provides access to software running in the cloud. This option exposes the least amount of the customers network to the cloud. Often it is implemented as a browser-based access to application like an Office Suite or email services

Answer 37

* **** FC - Frame Control - is used to identify the type of 802.11 frame * **** DUR - Duration - used by Control Frames to indicate transmission times, also used by Power Save (PS) - poll control to indicate the (AID) Association Identity of the client * **** ADD1 - Source Address * **** ADD2 - Destination Address * **** ADD3 - BSSID Address * **** SEQ - Sequence is divided to store two pieces of information, the fragment number and the sequence number * **** ADD4 - Address 4 is only present when a frame is passing between devices in the (DS) Distribution System, basically from one AP to another AP * **** Data - this is the reason for it all - the data payload * **** FCS - Frame Check Sequence - it is used to determine if the frame as a whole, was corrupted during transport

Answer 38

password 7 {hash} is a cli command that configures an encrypted virtual terminal (VTY) login password when issued in the VTY configuration mode

Answer 39

restrict - will discard traffic it receives from unauthorized hosts. It will increment the SecurityViolation counter protect - will discard traffic it receives from unauthorized hosts. It will not increment the SecurityViolation counter though ``` Stupid anagrams for Cisco's stupid naming convention: R E s t r i c T i n c R E m e n T ---------------------------------- p r O T e c t nOT ``` shutdown - will error-disable the port and will not come back unless shut no shut is performed manually or errdisable recovery cause shutdown had previously been issued against the port Note: port-security violation discard does not exist!

Answer 40

{ is the mark for the start of a JSON object - is a group of key and value pairs [ is the mark for the start of a JSON array - arrays contain only values, an array can contain any of the other JSON types, including objects and even other array’s

Answer 41

WLSE - Cisco’s Wireless LAN Solution Engine - simplifies the management and deployment of WAP’s (Wireless Access Point) WDS - Wireless Domain Services - is a component used in Cisco’s Autonomous WLAN solution - it’s a feature that is installed on AP’s to enable interaction with WLSE (like client software for the WLSE) WiSM - is a physical Wireless Service Module that can be installed on a Catalyst 6500 switch of 7600 router to function as a WLC WLC - Wireless Lan Controller - provides wireless LAN services

Answer 42

EIGRP Routing table – ONLY successors! It stores only the best routes to reach a remote network

Answer 43

Layer 2: • WPA+WPA2 ============ Wi-Fi Protected Access • 802.1x ================= Port Based Access Control - works with RADIUS • Static WEP ============= Wired Equivalent Privacy • Static WEP + 802.1x • CKIP ================== Cisco Key Integrity Protocol • None + EAP Passthrough = Resolution Extensible Authentication Protocol ``` Layer 3: • IPSec ================= IP Security • VPN Passthrough • Web Authentication • Web Passthrough ```

Answer 44

LLDP’s Cisco-proprietary cousin is CDP (Cisco Discovery Protocol) Cisco switches have LLDP off by default, because they prefer CDP

Answer 45

``` FTP 20-21 TCP SMTP 25 TCP/UDP DHCP 67-68 UDP TELNET 23 TCP TFTP 69 UDP SNMP 661-662 UDP SSH 22 TCP ```

Answer 46

802. 1s MST (Multi Spanning Tree Protocol) 802. 1d STP (Spanning Tree Protocol) 802. 1w RSTP (Rapid Spanning Tree Protocol) 802. 1q DOT1q tagging 802. 1x network authentication protocol RADIUS

Answer 47

8192 16384 32768 65536

Answer 48

``` 2000::/3 - Unique Global Unicast FC00::/8 - Unique Local Unicast FF00::/8 - Mulitcast FD00::/8 - Unique Local Unicast FE80::/10 - Link Local Unicast ```

Answer 49

When the cli default-information originate is issued on a router ALSO, if the cli command redistribute is entered, it will also become an ASBR

Answer 50

For FC or FD the first 7 bits of their address are always 1111110x ``` FC = 11111100 FD = 11111101 ```

Answer 51

EndPoint Groups is a group of EndPoints The EndPoint Group (EPG) is the most important object in the policy model - part of APIC (Application Policy Infrastructure Controller) * Endpoints are devices that are connected to the network directly or indirectly * An EPG is a managed object that is a named logical entity that contains a collection of endpoints

Answer 52

Broadcast Hello/dead timers 10 / 40 ************************default for Ethernet & FDDI NonBroadcast = Hello/dead timers 30 / 120 ************************defaults for Frame Relay & X.25 Point-to-Point = Hello/dead timers 10 / 40 ************************defaults for HDLC & PPP Point-to-Multipoint Broadcast = Hello/dead timers 30 / 120 Point-to-Multipoint NonBroadcast = Hello/dead timers 30 / 120

Answer 53

Cisco PI (Prime Interface) - Browser based GUI for operations, diagnoses and interactions with devices (pre dates SDA and is not supported by SDA)

Answer 54

PortFast can be applied globally OR to the individual interface, the cli commands are: * Global mode - spanning-tree portfast default * Interface mode - spanning-tree portfast

Answer 55

BackboneFast - increases convergence on a switch that detects a failure on links that are not directly connected

Answer 56

Link Layer Discovery Protocol (LLDP) is an open standard protocol that provides (TLV): Type Length Value info includes: * port description * system description * management address

Answer 57

Link Local addresses always begin with FE8, FE9, FEA or FEB

Answer 58

CDP send time is 60 seconds hold time of 180 seconds by default

Answer 59

``` Platinum = Voice / Wireless (CAPWAP) / Network Control Gold = Video / Mission Critical Silver = Default for WLAN and WLC (a.k.a. best effort) - most traffic is here Bronze = Guest network / Scavenger / Bulk ```

Answer 60

• Web Authentication

Answer 61

Port-Security: protect - will discard traffic it receives from unauthorized hosts It Will NOT increment the SecurityViolation counter prOTect ..nOT....

Answer 62

There are 512 dynamic interfaces per WLC

Answer 63

Causes the switch to tell the IP phone to trust the CoS priority of incoming (from the phone's own host) data packets The phone will not override the CoS values from the host * extending the trust "all the way" to the host * trust the host to assign it's own CoS values

Answer 64

EIGRP Topology table – stores ROUTING INFORMATION learned from neighbor routing tables contains the routes for the successors and feasible successors

Answer 65

No, this cli command must be performed in the DHCP Pool Configuration mode routerA(dhcp-config)# From this mode you can enter the cli command domain-name {name} BUT first, in order to enter dhcp configuration mode and assign a domain-name, you must have previously created a dhcp pool name to begin with by using ip dhcp pool {name} issuing this cli command automatically puts you in dhcp configuration mode Also, the global configuration cli command ip dhcp excluded-address {addresses} is often used to prevent a set of address that maybe reserved for static IP’s from being issued

Answer 66

If v2 is setup on all switches on VLAN it will allow VTP advertisements to be forwarded when they are in transparent mode. All switches must be running the same version of VTP

Answer 67

EIGRP is a Hybrid protocol (both Distance Vector and Link State) OSPF is a Link State protocol

Answer 68

Server: + Create, modifies and delete VLANs + Sends and forwards advertisements + Synchronizes VLAN configurations Client: - Can NOT create, modify or delete VLANs + Sends and forwards advertisements + Synchronizes VLAN configurations Transparent: + Create, modifies and delete VLANs +/- Forwards advertisements (DOESN'T send) - Does NOT Synchronizes VLAN configurations

Answer 69

* Data Confidentiality (It’s private) * Data Integrity (It’s accurate) * Origin Authentication (It came from the right source) CIA - Confidentiality - Integrity - Authentication

Answer 70

Distance Vector = Hop Count Link State = Link Cost Link State knows the entire topology at all times

Answer 71

LLDP (Link Layer Discovery Protocol) lldp transmit / lldp receive = interface command lldp run / no lldp run = global command

Answer 72

* SA (Security Association) = works with IKE+SA and/or IPSec+SA * AH (Authentication Header) = embedded within a packet * ESP (Encapsulating Security Payload) = encapsulates a packet as part of IPSec * GRE (Generic Routing Encapsulations) is weaker than: * *** IPSec - IP Security * *** PPPoA - Point-to-Point Protocol over ATM * *** PPPoE - Point-to-Point Protocol over Ethernet

Answer 73

FIFO is a queuing method based on First In First Out theory It offers no packet prioritization, therefore it is considered a Congestion Management method, not Congestion Avoidance If the queue is full, all packets destined for that queue are dropped until existing packets in the queue can be processed, freeing up room in the queue. This method unfortunately causes burstiness, jitter and delay

Answer 74

``` iBGP 200 EIGRP Summary Route 5 eBGP 20 IGRP 100 External EIGRP 170 Static Route 1 ```

Answer 75

``` I IGRP * default route E1 OSPF external type 1 C connected S static O OSPF L Local host route E EGP R RIP B BGP IA OSPF inter area route E2 OSPF external type 2 D EIGRP M Mobile EX EIGRP External ```

Answer 76

Feasible successors are backups routes that can be used if the successor route goes down They are guaranteed to represent a loop-free path to a destination Feasible successors has an AD that is less than the Feasible Distance (FD) of the successor. If the AD of a route is greater than the FD of the successor, the route cannot be guaranteed to be free of loops and cannot be chosen as a feasible successor.

Answer 77

An EIGRP successor is the best route to a destination. The successor is the route with the lowest Feasible Distance (FD), which is the best metric along a path to a destination

Answer 78

The FD is the metric to a neighbor router plus that neighbor router’s AD to the destination network

Answer 79

2 way | ``` Remember 7 states of the IT ELF: Down Init Two-Way Exstart / Exchange Loading Full ```

Answer 80

The router will use an interface IP address as its ID 1. The highest IP address among loopback interfaces 2. Then by the highest IP among physical interfaces (if no configured loopback exists)

Answer 81

The priority value is used for electing Designated Router (DR) and Backup Designated Router (BDR). The DR is typically the router with the highest OSPF priority Elections happen via Link State Advertisements (LSA) The default OSPF priority value is 1 Note: If priorities are equal among routers than the DR will become the one with the highest router ID

Answer 82

Both HSRP and VRRP router priority is set to 100 by default

Answer 83

Both are a Congestion Avoidance method to attempt to prevent to prevent Tail Drop and Global Synchronization RED (Random Early Detection) prevents this by randomly dropping packets based on mark proximity denominator, which is a fraction of packets that should be dropped when a queue reaches its minimum threshold. Red does not care if the packet being drop is high or lower priority, it is random WRED (Weighted Random Early Detection) congestion avoidance technique is to selectively drop packets when the output queues reach a predefined threshold, called a Service Level. It selects packets to drop based on precedence, so low priority packets are dropped before high priority packets are

Answer 84

Global Synchronization, is an event which occurs when - due to congestion each sender will reduce their transmission rate and RED may start drops packets, causing packet loss; this can sync-up the re-sends and create big “waves” of stopping and starting

Answer 85

K9 images provide cryptographic functionality required to enable SSH ad IPSec • NPE Image • WAN image • Advanced IP Services Package • Advanced Enterprise IP Services Package Do not support cryptographic functionality. However, some of these do have K9 versions of these images with the word K9 prefacing the name to indicate that they are K9 images, but NOT NPE, they are for countries with restrictions

Answer 86

NO This however, does not directly relate to whether the network needs manual configuration of neighbors! Point to Point and Point to Multi-Point Broadcast send multicasts and no NOT need manual configuration of neighbors However, Point to Multi-Point Nonbroadcast DOES need manual configuration of neighbors

Answer 87

10/40: Broadcast Point to Point Point to Multipoint broadcast 30/120: NonBroadcast Point to Multipoint NonBroadcast

Answer 88

In OSPF the Process ID’s do NOT have to match in order to form neighbor adjacencies However, in EIGRP they do have to match

Answer 89

No, they MUST NOT match, they have to be unique Router ID’s are derived from the HIGHEST loopback address, or in the absence of a loopback address the HIGHEST configured IP address

Answer 90

Bandwidth refers to data throughput of a link Delay refers to the length of time required to send a packet to a destination

Answer 91

``` NTP TACACS DNS Bootstrap Protocol (BOOTP) and DHCP Port 67 Bootstrap Protocol (BOOTP) and DHCP Port 68 TFTP NetBIOS NetBIOS Datagram ```

Answer 92

ip helper-address command is not limited. There can be multiple incidents pointing to multiple different addresses of the same service and/or multiple incidents point to addresses of different services

Answer 93

SNMP: * Management Information Base (MIB) is a hierarchical database of objects an SNMP agent uses to read and display information * Network Management Station (NMS) is used to extract information from an SNMP agent * Objects in the MIB are known as Object ID’s (OID) By using MIB, SNMP can perform complex management tasks, such as automated backups through the network

Answer 94

Network Management Station Get GetNext GetBulk Set Trap and Inform are NOT used by NMS but are used by SNMP agents to alert the NMS

Answer 95

enable secret level 7 password

Answer 96

IPSec, with the help of IKE, SA GRE, PPPOE and PPOA cannot establish a tunnel through an untrusted network

Answer 97

access-list {number 1-99 or 1300-1999} access-list {number 100-199 or 2000-2699} and ip access-list standard {name} ip access-list extended {name}

Answer 98

ACL’s are procced from top to bottom, so it is important to place more specific entries higher than less specific entries so they are processed first

Answer 99

False, Layer 2’s Dynamic Trunking Protocol is set to AUTO by default on all Cisco switches to determine whether an interface should be a truck or an access port

Answer 100

Cli command switchport nonegotiate will disable DTP on a port. This command should be run even on ports that are manually configured as trunk or access ports

Answer 101

TRUNK: Once in interface configuration mode, to enable trunking manually on a port use the cli command switchport trunk encapsulation {*protocol} *This protocol will almost always be .dot1q Then to complete the trunk protocol use the cli command switchport mode trunk ACCESS: Once in interface configuration mode, to enable an access port manually use the cli command switchport access

Answer 102

Both are Multicast Addresses as the fall into the FF00 to FFFF range BUT - one is routable and the other isn't FF02 is a link-local address and is not routable at all, it is only valid on it’s local segment FF05 is a site local multicast address and is routable within a single site of an organization, not fully within the organization or globally HOWEVER, Site-local unicast addresses have been deprecated by RFC 3879 and are not used today ***Look closely and don’t confuse FF05 with FF02::5, which is the all OSPF routers multicast address!

Answer 103

127. x.x.x is used for loopback addresses 169. 254.0.0/16 is reserved by IANA for auto-configuration of link-local address when a dynamic IP address can not be obtained from DHCP 192. 0.2.0/24 one of the address which is reserved for documentation 172. 16.0.0 through 172.31.255.255 is reserved by RFC 1918 as private IP address space and is not globally routable, along with 10.x.x.x and 192.168.x.x

Answer 104

IANA has reserved these addresses for documentation and example code. Also, the domain names example.com and example.net

Answer 105

``` FF01::/16 - Node-local FF02::/16 - Link-Local FF05::/16 - Site-Local FF08::/16 - Organization-Local FF0E::/16 - Global ``` The full range of IPv6 multicast addresses is FF00 to FFFF

Answer 106

mls qos trust cos tells the switch to trust both voice and data sent through the IP phone switchport priority extend cos tells the phone to override the priority of the data packets it gets from it’s own host and assign new CoS values to those host generated packets. This prevents the computer from utilizing the high-priority queue

Answer 107

Server mode

Answer 108

The Cisco proprietary protocol CDP will pass VTP information

Answer 109

EtherChannel uses: Auto, Desirable and On So “on” IS part of EtherChannel . **Remember: LACP is LAG's protocol so think: ACtive = lACp “AC”tive = L“AC”P

Answer 110

DTP should not be confused with VTP, as they serve different purposes DTP aids with trunk port establishment VTP communicates VLAN existence information between switches. It is used to centrally manage virtual local area networks and to propagate changes across all devices in the VTP domain Think of it like: DTP = Establish VTP = Maintain (uniformity) Neither protocol transmits the actual data frames that the trunks carry

Answer 111

Loop Guard is a Spanning Tree Protocol feature that prevents a switch port from transitioning to the forwarding state when it stops receiving BPDU’s It places inconsistence ports in to a blocking state within the STP environment

Answer 112

No, only access ports are displayed in the out put of show vlan To display trunks, you need the cli command show interfaces trunk

Answer 113

The first field, FC or Frame Control

Answer 114

Beacon, association response and probe request/response are all MANAGMENT FRAMES. They manage the connection between the AP’s and the wireless clients **Note: all frames with "authentication" or "association" in the name are management frames power-save is a CONTROL FRAME - they are used to manage access to the wireless medium, other control frames include, RTC, CTS and ACK (Control Frames are traffic cop managing access on the road) DATA FRAMES are the data and general exist in two categories, (CF) Contention Free and Contention-Based. Most wireless networks operate in a contention based infrastructure

Answer 115

The WLC handles tasks that are not time-sensitive, such as: ``` lightweight AP configuration management, client load balancing, authentication, resource reservation security management ``` LCARS Remember: the AP's handle the frames and the WLC handles the management functions

Answer 116

``` Real-time processing of data Responding to beacons and probe messages Encryption Packet prioritization Sending management information to the WLC ``` Remember: the AP's handle the frames and the WLC handles the management functions

Answer 117

maximum-paths 8 is used to override OSPF’s default max of 4 equal cost paths in the routing table so that it can more efficiently support equal cost load balancing

Answer 118

spanning-tree guard root | is Root Guard's cli command and is applied per port ONLY. It is not global command

Answer 119

``` Northbound = REST: XML - JSON - HTTP Southbound = NetConf: XML - RPC - SSH ```

Answer 120

ip arp inspection trust | is applied in the interface configuration mode - NOT globally

Answer 121

No, it must be done in interface configuration mode RouterA(dhcp-config)#domain-name example.com Note: ip domain-name example.com is invalid syntax!

Answer 122

By default a switch will send an LLDP Link State Advertisements (LSA's) every 30 seconds, and the hold time is 120 seconds

Answer 123

switchport port-security maximum 2 is the correct syntax

Answer 124

The switch stack is a feature that allows configuration of multiple Cisco switches in a way that they appear as a single switch and act cooperatively

Answer 125

This simply means that the WLC is not a standalone item, it is (part-of) embedded within a stack of switches that are acting as one Ultimately, there isn't much difference between: a lightweight AP deployment that connects to a standalone WLC or a lightweight AP deployment that connects to an embedded WLC within a switch stack

Answer 126

Control and Provisioning of Wireless Access Points

Answer 127

CAPWAP uses 2 tunnels between AP's and the WLC: one for Data and one for Control

Answer 128

Router1(config) #ip dhcp pool example.com is correct if issued in global configuration mode. This must come first in order to create the dhcp configuration mode needed for the domain command Router1(dhcp-config) #domain-name example.com is correct if issued in dhcp configuration mode

Answer 129

The cli command to specify what network addresses to use in the pool is: network n.n.n.n s.s.s.s example: network 192.168.2.10 255.255.255.240 or network 192.168.2.10/28 Note: you can use a CIDR notation in the cli for this command You cannot use a wildcard mask, you must use a subnet

Answer 130

use of the host command will allow you to specify a specific address for a specific host each and every time it request an address from a dhcp server An example of the cli is: host 192.168.1.50/26 client-identifier 0001.oc14.5432

Answer 131

ip address dhcp | configures an interface to become a dhcp client

Answer 132

It ensures that the device will only accept connections from SSH version 2 (aka NOT SSH v.1)

Answer 133

Routing table - only successors (best routes) Topology table - successors and feasible successors Neighbor table - lists all adjacent routes including routes that are not successors or feasible successors

Answer 134

Both are link local! FE80 is Link Local Unicast and FF02 is Link Local Multicast

Answer 135

Inside Global Address - is an IP address that represents an inside host as seen by host on the outside network. In other words, it is not the REAL IP address of the host Inside Local Address - is the REAL IP address of the host

Answer 136

enable password uses 0, 4 and 5 but 0 is no encryption and 4 has been deprecated (so basically, 5) enable secret uses 0 and 7 0 is no encryption and 7 is a Cisco proprietary encryption (so yea, 7)

Answer 137

Link Local - the first 10 bits - 11111111010 Unique Local - the first 7 bits - 11111110 Multicast - the first 8 bits - 11111111

Answer 138

Start of Frame comes 2nd (after Preamble) in the ethernet frame

Answer 139

Ethernet (802.3) is Destination first and then Source (3rd and 4th fields) Wireless Ethernet (802.11) is Source first and then Destination (in the 3rd and 4th fields)

Answer 140

* Type - select the type of WLAN (a standard WLAN is the default for this step, so you would not have to use the drop down box to select it) * Profile Name - give it a Profile Name * SSID - name the SSID * ID - Choose a (VLAN) ID

Answer 141

Passphrase = PSK (Pre Shared Key) 802.1x uses a RADIUS for keying CCKM uses Cisco fast rekeying without the need for WLC intervention

Answer 142

NO!!! LLDP is Link Layer Discovery Protocol LSA's (Link State Advertisements) are part of OSPF

Main Flashcards

(168 cards)