The flashcards below were created by user
Anonymous
on FreezingBlue Flashcards.
-
RIP Protocol Type
Distance Vector
-
RIP Algorithm
Bellman-Ford
-
-
-
RIP Update freq
Periodic Updates
-
RIP update size
Full Updates
-
RIP Convergence Size
Slow convergence, Hold-down Timer
-
RIP Message Protocol (v6)
UDP/520 (521)
-
RIP Authentication
Authentication Plain, MD5 (IPSec)
-
RIP Multicast (v6)
224.0.0.9 (FF02::9)
-
OSPF Protocol Type
Link State
-
OSPF Algorithm
Dijkstra SPF
-
-
OSPF Metric
Variety of cost factors (RTT, Throughput, reliability)
-
OSPF Update freq
Requested with LSA and triggered
-
OSPF update size
LSU, small
-
OSPF Message Protocol
IP/89
-
OSPF Authentication
Plain, MD5 (AH)
-
OSPF Multicast
Multicast 224.0.0.5-6 (FF02::5, 6)
-
EIGRP Protocol Type
Advanced Distance Vector
-
EIGRP Algorithm
Diffusing Update Algroithm - DUAL
-
EIGRP AD
AD 90 (170 External, 5 Summary)
-
EIGRP Metric
Bandwidth/Delay + Optionals (MTU, Reliability, Load)
-
EIGRP Update freq
Triggered Updates
-
EIGRP Update size
Partial Updates
-
EIGRP Message Protocol
IP/88 (Supports non-IP L3 protocols)
-
-
EIGRP Multicast
Multicast 224.0.0.10 (FF02::A)
-
BGP Protocol Type
Path Vector
-
BGP AD (e and iBGP)
AD eBGP = 20, iBGP = 200
-
-
BGP Update freq
Periodic Updates
-
BGP update size
Full Updates
-
BGP Message Protocol
TCP/179
-
-
Explain TCP Slowstart
- Window size increases exponentially
- *Packet Dropped*
- Segment Size reduced to 1
- Window increased exponentially until x0.5 of previous max window (Congestion window size)
- Increases linearly
-
Explain WRED
- (Weighted Random Early Detection)
- To prevent TCP window sizing for multiple streams coming into sync WRED selectively drops packets before max throughput is reached. Considers QoS and queue size
-
What are the two types of VRF?
- VRF-lite - Typical installation
- Cisco EVN - New method. Trunks VRF traffic in a VNET encapsulation between trunk links
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Describe the two types of Access List and numbering ranges
- Standard: 1 to 99 and 1300 to 1999. Source only
- Extended: 100 to 199 and 2000 to 2699. Source, Destination, Port
-
What are the problems with NBMA networks and distance vector protocols?
- Split Horizon when same interface is used to talk to multiple routers
- DR Election may not happen in a Hub-Spoke topology
-
What precaution should be taken when using FHRP?
When using FHRP adjust ARP timer < CAM Table timer so MAC record doesn't time out before ARP. ARP messages are send out when MAC is unknown, CAM table floods when destination port is not known.
-
Explain uRPF
- - Used to prevent ip spoofing
- - Must have CEF enabled
- - Strict - Packet dropped if source ip doesn't enter interface as matched in the FIB table (used by CEF)
- - Loose - Source must be reachable, not tied to interface
- - VRF - Like loose but applied to vrf
-
List router security accounts
- Global username - username xxxxx privledge 15 password xxxxx
- Line password - service password-encryption
- TACACS/Radius
- Secret password (4= SHA-256, 5 = MD5)
-
What remote site tunnel options are available?
- MPLS L2
- MPLS L3
- GRE
- DMVPN (mGRE, NHRP, IPSEC)
-
Describe the 3 technologies used by DMVPN
mGRE, NHRP, IPSEC
-
What is NHRP?
- ? Client/Server model of address assignment
- § Converts Tunnel int ip > Physical interface id
- ? Each spoke advertises it's info back to server
-
What is IPSec Phase 1?
- § ISAKMP session
- § Sets up Management tunnel for secure key exchange
- § Bidirectional encryption (same key each way)
- § Transform Sets exchanged to form a SA
-
What is IPSec Phase 2?
- § Sets up Bi-directional tunnel for traffic
- § Unidirectional encryption (Different key each way)
-
What does AH provide?
Integrity and data origin authentication
-
What does ESP provide?
Integrity, data origin authentication and encryption
-
Describe the difference between Transport and tunnel mode
Original IP or encapsulated with diff IP
-
What is the main advantage of GRE?
Van be encapsulated within any L3 protocol (IPSEC(GRE(PAYLOAD)))
-
What is an advantage of IPSec?
Scalable, on demand mesh
-
What is the IPv6 Multicast address for All Nodes?
FF02::1
-
What is the IPv6 Multicast address for All Routers?
FF02::2
-
What is the prefix for IPv6 Unique local?
FD00:: /7
-
What is the prefix for IPv6 Link local?
FE80:: /10
-
What is the prefix for IPv6 Global Unicast?
2000:: /3
-
What must you do when creating a EUI-64 derived IPv6 Address
Flip the 7th most significant bit (OUI) and insert FFFE in the middle
-
What does IOS do when a serial link uses EUI-64?
Takes the MAC of the lowest numbered eth interface
-
What are the type of address assignment in IPv6? And how are default router/dns communicated?
- Stateful DHCP (Server provides IP, DNS. Default router provided by NS messages)
- Stateless Autoconfig (NDP to discover subnet, default router, Stateless DHCP to learn DNS)
- Static
- Static w/EUI-64
-
What are the uses for NDP?
- L2 Mapping (IPv6 > L2)
- Inverse Neighbor Discovery (L2 > IPv6)
- IP Assignment/Gateway/DNS
- Duplicate Address Detection
-
What is the solicited node multicast?
- Asks for a response from all nodes on the link with last 24 bits
- Address: FF02::1:FF00:0 /104
-
What is noAuthNoPriv (SNMP)
No auth, No encryption, community-string (username for v3)
-
What is authNoPriv (SNMP)
HMAC (MD5, SHA-1), no encryption
-
What is authPriv (SNMP)
HMAC (MD5, SHA-1), Encryption (DES, 3DES, AES)
-
How does TACACS Compare to RADIUS?
- TCP > UDP
- Full Packet Encryption > Password Encryption
- Basic Accounting > Robust Accounting
|
|