click below
click below
Normal Size Small Size show me how
Routing
Question | Answer |
---|---|
Static Routing | When the IP routes are added manually. This type hase no CPU overhead, no network bandwidth, and the administator oversees security...But this requires a deeper understanding and is only workable on small networks |
What is the command to turn on static routing on a router? | ip route <dest add> <dest mask> <next hop> <admin dist> |
Default Routing | A variant of static routing used only in stub networks |
stub network | network topology where routers with only one port leading to another router |
What is the command to remove static IP route? | no ip route <dest add> <dest mask> <next hop> <admin dist> |
What is the command to add default entry? | ip route 0.0.0.0 0.0.0.0 <admin dest/gate way of last resort> |
Dynamic Routing | routing protocols are used to automatically update routing tables at the cost of bandwidth |
IGP | interior gateway protocol are used within autonomous systems for dynamic routing |
EGP | Exterior gateway protocols are used between autonomous systems are used for dynamic routing |
convergence | when all routers know the routes to all networks |
routing loops | When routers endlessly pass around packets convinced that their neighbors can reach a deceased link... prevented with hop counts |
hop counts | the number of routers that it takes a packet to reach the destination... the Max hop count for RIP is 15 to avoid loops |
split horizon | rule that prevents packets from being sent on the interface it came in on |
route poisoning | dead routes are explicitly updated as being unreachable (16 hops away) |
holddowns | delays that make routers ignore updates to keep them from reinstating a dead route, impoves stability |
triggered updates | immediate and forced updates to routing tables made when things change |
RIP | Routing Information Protocol is a D/V protocol sending full table every 30 sec, good for small networks but not large... it use only hop count (15) as a metric. It will load balance up to 6 links of equal cost. AD=120. Uses 3 timers |
How to configure RIP? | # router rip |
IGRP | Interior Gateway Routing Protocol is a Cisc proprietary D/V protocol designed as a RIP impovement. Max hop count 100 default -255, AD = 100. Uses a composite metric. uses 4 timers |
RIP timers | 1.) update timer sets update freq (default=30s) 2.) invalid timer sets time w/ no mention of route before the route is declared invalid (default=90s) 3.) flush timer sets time after invalid status before route is removed from the table (default=240s) |
IGRP timers | update =90s , invalid - 3x update, flush = 7 x update, holddown = (3x update )+ 10s |
How to configure IGRP? | router igrp <AS#> |
What can be configured on a router to limit packets to specified segments for improved operation and simplified traffic patterns and help with security? | Access Lists |
When configuring Access list what are the differences between inbound and outband? | inbound is from the segment to the router and outband is from the router to the segment |
What are the different types of ACLs? | Standard or Extended |
What is do Standard ACLs filter by? | Source IP address or Destination IP address What ACL filters by the above items? |
What does the extended ACL filter by? | Source & Destination IP, Transport protocol, and port What ACL filters by the above items? |
Does order matter when adding conditions to an ACL? | yes, the more specific test should be first |
Where should ACLs be placed in a network? | Standard ACLs should be placed near the destination Extended ACLs should be placed near the source - reduce traffic |
By default do ACLs permit or deny all traffic unless specified in the conditions? | by default ACLs deny all traffic |
What are the ID number ranges for Standard, extended, and standard IPX ACLs? | Standard 1-99 extended 100-199 IPX stand 800 -899 |
How do you configure a standard ACL? (the command) | (config)#access-list <1-99> <permit|deny> <source address> <wildcard-address> |
How do you configure a extended ACL? | (config)#access-list <100-199> <permit|deny|dynamic> <protocol><source-add><destination-add><option><port> |
How are wildcard addresses figured out? | Take the subnet mask and subtract 255.255.255.255 |
How are subnet masked figured out from the wildcard address? | Take the wild card address and flip the bits...0 -->255 255 --> 0 and any other numbers 255 - w = x |
what are the options that can be used in configuring an extended list? | eq, gt,lt, neq, range (range of port numbers), log (logs list #,protocol, source/dest, and port for any matches) |
What show commands can be used for diagnosing access-lists? | show access-list, show access-list <id#>, show ip access-list, show ip interface, show running-config |
What are the security modes? | Protect - just discards the traffic; Restrict - discard, logs, and counts; shutdown - discard, log, count, and shutdown |
what does the command "switchport port-security mac-address sticky" do? | it tells the interface o dynamically learn the Mac address |