Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Enterprise1
CST8271 - Midterm 1
| Question | Answer |
|---|---|
| Access Layer | Bottom layer. Interfaces with end devices. Port Security, PoE, VLANs, 100Mb |
| Distribution Layer | Middle layer. Access control lists, might perform routing between VLANs. Redundancy. 1Gb-10Gb |
| Core Layer | Top Layer. Backbone of network, connected to internet, forwards large amounts of data. Redundancy. 10Gb |
| Benefits of a Hierarchical Network | Scalability, Redundancy, Performance, Security, Manageability, Maintainability |
| Converged Network | Combining voice and video communications on a data network. |
| Fixed Configuration Switches | Cannot add features or options to the switch beyond those that originally came with the switch |
| Modular Switches | Flexibility in their configuration (line cards) |
| Stackable Switches | Interconnected using a special backplane |
| CSMA/CD | carrier sense multiple access/collision detect. Listen, if no signals can transmit, if collision detected send jam signal and random backoff time. LEGACY HUB JUNK! |
| Multicast | Communication in which a frame is sent to a specific group of devices or clients. Multicast transmission clients must be members of a logical multicast group to receive the information. |
| Ethernet Frame | Preamble, SFD, Dest, Source, Length/Type, Package(data), FCS |
| Length/Type Field | 0x0600 or higher = protocol; less than 0x0600 = length of data in frame |
| Network Latency | source NIC to place voltage pulses on the wire + propagation delay + network devices that are in the path between source and destination |
| Switch Packet Forwarding Methods | Store-and-Forward Switching + Cut-through Switching |
| Store-and-Forward Switching | receives the entire frame, computes CRC checks length. If frame is good look up destination and forward. |
| Cut-through Switching | Forwards framer before it is entirely received, must be symmetrical network. Fast-forward and Fragment-free. |
| Fast-forward switching | immediately forwards a packet after reading the destination address |
| Fragment-free switching | stores the first 64 bytes of the frame before forwarding, performs small error check |
| Asymmetric Switching | differing port bandwidths |
| Symmetric Switching | all ports are of the same bandwidth |
| Port-based Memory Buffering | Frames are stored in queues that are linked to specific incoming and outgoing ports. |
| Shared Memory Buffering | common memory buffer that all the ports on the switch share |
| Configure SSH | ip domain-name (name); crypto key generate rsa(at least 768); ip ssh version 2; line vty 0 15; transport input SSH |
| MAC Address Flooding | Turn switch into a hub by filling up its mac address table. When it is a hub it sends frames out all ports so you can snoop. |
| Spoofing | Rogue computer pretends to be a DHCP, DNS, etc. server to view all info transfered. DHCP snooping used to counter this. |
| Activate dhcp snooping? | ip dhcp snooping; ip dhcp snooping trust (used on ports connected towards DHCP server) |
| CDP Attacks | CDP contains information about the device that can be used to find exploits to attack your network. Disable CDP to counter. |
| Port Security | set max number of MACs to associate to port, determine what happens on violation, methods of securing MAC. |
| Secure MAC address types | Static + Dynamic (stored in MAC address table), Sticky (stored in running-config); switchport port-security mac-address [sticky] |
| Security Violation Modes | Protect-silently drop; Restrict-Drop, Log, Count; Shutdown-Drop, Log, Count, Shutdown |
| Default Port Security | Disabled; Max=1, Violation=Shutdown |
| Verify Port Security | show port-security [interface] |
| Tedious Security enhancement? | Disable Unused Ports |
| Benefits of a VLAN | Security, Performance, Cost, Simpler project or application management |
| Normal Range VLANs | 1 to 1005; 1 and 1002 to 1005 are automatically created and cannot be removed; saved in vlan.dat in flash |
| Extended Range VLANs | 1006 - 4094; saved in running config |
| Default VLAN | VLAN 1; immortal (cannot be deleted or renamed) |
| Native VLAN | 802.1Q trunk port places untagged traffic on the native VLAN |
| Management VLAN | you configure to access the management capabilities of a switch, or don't, it's your call...SECURITY! |
| Voice VLANs | Used for VoIP QOS |
| VLAN Switch Port Modes | Static, Dynamic, Voice |
| SVI | switch virtual interface, used for layer 3 switch to route between vlans or connect to the switch. |
| Trunk | Using one port to send multiple VLAN traffic over. Conserves ports but does create bottlenecks. |
| 802.1Q Frame Tagging | Tag added to frame when sent over a trunk (unless native vlan). |
| DTP | Dynamic Trunking Protocol, used to dynamically negotiate trunk ports. Cisco only. Bad. Default is dynamic auto, why? |
| ISL | Cisco LEGACY trunking protocol called inter-switch link. All frames contain ISL header or are dropped. |
| Dynamic auto | listen don't send |
| Dynamic desirable | listen + send |
| Turn off DTP! | switchport nonegotiate |
| Config port to vlan | sw mode access; sw access vlan #; no shut |
| Config port to trunk | sw mode trunk; sw trunk native vlan # |
| Verify Trunk | show interface trunk |
| Verify VLAN | show vlan [brief] |
| Delete VLANs | delete flash:vlan.dat, ports in deleted VLAN become unable to communicate |
| Trunk Config Problems | Native mismatch, DTP/mode mismatch, VLAN/IP subnets, VLANs not allowed on trunk |
| Proxy ARP | Router responds to an arp request for an IP in a remote network, switch will do these by default unless set with default-gateway. |
| Disable CDP | global=no cdp run; interface=no cdp enable |
| Username authentication | username (name) secret (password); line vty 0 15; login local |
| Protect switch against rogue gateway | ip default-gateway (gateway ip) |
| DHCP config | ip dhcp excluded-address (ip#); ip dhcp pool (name); network (network ip) (mask); default-router (gateway ip for pool); dns-server (dns ip); |
| Remote DHCP config | int f#/# !connected to clients; ip helper-address (remote DHCP address); |
| Preserve Logging | logging (syslog server IP#); logging trap (# or name of level) |
| Hierarchical Network Design Principles: Network Diameter | # of devices that packet has to cross before it reaches its destination. Keeping low ensures low and predictable latency between devices. |
| Hierarchical Network Design Principles: Bandwidth Aggregation | Considering the specific bandwidth requirements of each part of the hierarchy then you can aggregate links for higher throughput. |
| Link Aggregation | Helps to reduce these bottlenecks of traffic by allowing up to eight switch ports to be bound together. |
| Forwarding Rates | How much data switch can process. Ex: switch with 4xgigabit ports but can only process at 2 gigabit speed cannot reach full wire speed. |
| Which layer of hierarchical network must support QoS? | For QoS to work all layer switches must support it. |
| Configure switch management interface: | interface vlan (#); ip address (ip#) (mask); no shutdown |
| Configure Encrypted Passwords: | service password-encryption; type 7 encryption, very weak |
| Configure name on a vlan: | vlan (#); name (vlan name) |
Created by:
Datheral
Popular Computers sets