CCNA / CCNP Interview questions 30 June, 2015
9:13 PM
I collected this questions from various books and online articles. Hope this will help you while preparing for your interviews. If you want to know how to prepare for Network Interview see this post
Basic Interview Questions • What is Routing? • What is Protocol? In telecommunications, a communications protocol is a system of rules that allow two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. These are the rules or standard that defines the syntax, semantics and synchronization of communication and possible error recovery methods. Protocols may be implemented by hardware, software, or a combination of both. • Explain difference between Router,Switch and Hub ? Hub A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. Switch In networks, a device that filters and forwards packets between LAN segments. Switches operate at the data link layer (layer 2) and sometimes the network layer (layer 3) of the OSI Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. Router A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP.s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. • What is the difference between OSI and TCP/IP Model ? • What is the size of IP Address?
32 bits • IEEE standard for wireless networking?
802.11 New Section 2 Page 1
• • • •
802.11 What is the range of class A address? 1-127 What is the range of class B address? 128-191 What is the range of class C address? 192-223 What is PoE (Power over Ethernet) ? Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electrical power along with data on Ethernet cabling. This allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras.
• What is a peer-peer process? • What is the difference between broadcast domain and collision domain ? A Collision Domain is any network segment in which collisions can happen (usually in Ethernet networks). In other words, a Collision Domain consists of all the devices connected using a Shared Media (Bus Topolgy or using Ethernet Hubs) where a Collision can happen between any device at any time. Broadcast is a type of communication, where the sending device send a single copy of data and that copy of data will be delivered to every device in the network segment. Brodcast is a required type of communication and we cannot avoid Broadcasts, because many protocols (Example: ARP and DHCP) and applications are dependent on Broadcast to function. • What is ping? Why you use ping? Ping is a basic Internet program that allows a user to verify that a particular IP address exists and can accept requests. • Explain difference between straight and cross over cable with examples ? • What is the difference between tracert and traceroute
Tracert = Windows CMD Traceroute = Cisco IOS and Linux • What is Round Trip Time? Round-trip time (RTT), also called round-trip delay, is the time required for a signal pulse or packet to travel from a specific source to a specific destination and back again. • Define the terms Unicasting, Multiccasting and Broadcasting and Anycasting?
• How many pins do serial ports of routers have? 9 • What are the differences between static ip addressing and dynamic ip addressing? Static = Manually configured Dynamic = Assigned dynamically via DHCP • Difference between CSMA/CD and CSMA/CA ? CSMA/CD (Carrier Sense Multiple Access/Collision Detection) In CSMA/CD (Carrier Sense Multiple Access/Collision Detection) Access Method, every host has equal access to the wire and can place data on the wire when the wire is free from traffic. New Section 2 Page 2
equal access to the wire and can place data on the wire when the wire is free from traffic. When a host want to place data on the wire, it will “sense” the wire to find whether there is a signal already on the wire. If there is traffic already in the medium, the host will wait and if there is no traffic, it will place the data in the medium. But, if two systems place data on the medium at the same instance, they will collide with each other, destroying the data. If the data is destroyed during transmission, the data will need to be retransmitted. After collision, each host will wait for a small interval of time and again the data will be retransmitted, to avoid collision again. CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) In CSMA/CA, before a host sends real data on the wire it will “sense” the wire to check if the wire is free. If the wire is free, it will send a piece of “dummy” data on the wire to see whether it collides with any other data. If it does not collide, the host will assume that the real data also will not collide. • What is DHCP scope?
Range of IP adressess that can be assigned by DHCP.
• What is Checksum? A simple error-detection scheme in which each transmitted message is accompanied by a numerical value based on the number of set bits in the message. The receiving station then applies the same formula to the message and checks to make sure the accompanying numerical value is the same. If not, the receiver can assume that the message has errors and needs to be re-sent. • What is Redundancy ?
Having more than 1 path to a destination. • What are the criteria necessary for an effective and efficient network? Performance, Reliablility, Security • What is the key advantage of using switches? • When does network congestion occur? Congestion occurs when bandwidth is insufficient and network data traffic exceeds capacity. • Does a bridge divide a network into smaller segments? • What are the different memories used in a CISCO router? ROM ROM is read-only memory available on a router's processor board. The initial bootstrap software that runs on a Cisco router is usually stored in ROM. ROM also maintains instructions for Power-on Self Test (POST) diagnostics. For ROM Software upgrades, the pluggable chips on New Section 2 Page 3
for Power-on Self Test (POST) diagnostics. For ROM Software upgrades, the pluggable chips on the motherboard should be replaced. Flash Memory Flash memory is an Electronically Erasable and Re-Programmable memory chip. The Flash memory contains the full Operating System Image (IOS, Internetwork Operating System). This allows you to upgrade the OS without removing chips. Flash memory retains content when router is powered down or restarted. RAM RAM is very fast memory that loses its information when the router is shutdown or restarted. On a router, RAM is used to hold running Cisco IOS Operating System, IOS system tables and buffers RAM is also used to store routing tables, keep ARP cache, Performs packet buffering (shared RAM). RAM Provides temporary memory for the router configuration file of the router while the router is powered on. RAM Stores running Cisco IOS Operating System, Active program and operating system instructions, the Running Configuration File, ARP (Address Resolution Protocol) cache, routing tables and buffered IP Packets. NVRAM (Non-volatile Random Access Memory) NVRAM is used to store the Startup Configuration File. This is the configuration file that IOS reads when the router boots up. It is extremely fast memory and retains its content when the router is restarted. • What are the different types of passwords used in securing a CISCO router? Console Aux VTY Enable password Enable secret
• What is the use of "Service Password Encryption" ?
It encrypts all passwords which are visible in running-config. • Brielfly explain the conversion steps in data encapsulation ?
• In configuring a router, what command must be used if you want to delete the
configuration data that is stored in the NVRAM? New Section 2 Page 4
configuration data that is stored in the NVRAM? erase startup-config • Differentiate Logical Topology from Physical Topology? A physical topology is how they are actually interconnected with wires and cables. For example, in a shared Ethernet network that uses hubs rather than switches, the logical topology appears as if every node is connected to a common bus that runs from node to node. • What is AS (Autonomous System) ? Within the Internet, an autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet • What is the difference between Private IP and Public IP ? Public IP Address A public IP address is the address that is assigned to a computing device to allow direct access over the Internet. A web server, email server and any server device directly accessible from the Internet are candidate for a public IP address. A public IP address is globally unique, and can only be assigned to an unique device. Private IP Address When a computer is assigned a private IP address, the local devices sees this computer via it's private IP address. However, the devices residing outside of your local network cannot directly communicate via the private IP address, but uses your router's public IP address to communicate. To allow direct access to a local device which is assigned a private IP address, a Network Address Translator (NAT) should be used. • Explain different cable types ?
CoAxial, Fiber, Ethernet, Serial • How does RIP differ from EIGRP? EIGRP is an enhanced Distance Vector protocol, it has some features considered advanced to a DV protocol like: - Being able to trigger updates instead of sending periodic updates. - It uses the topology table to maintain all valid routes received from neighbors. - It has the neighborship adjacencies by using the hello packets. - It supports the manual route summarization so it would create hierarchically design in large networks. • Differentiate User Mode from Privileged Mode user EXEC mode> is limited to an array of show commands, basic reachability tests, such as ping and traceroute, as well as other ways of viewing configurations and status info of a Cisco device without the ability to make changes. privileged EXEC mode# is for users that have been delegated admin privileges and need to make changes, view more show commands and debugs as well as using the ability to move further down the configuration hierarchy (such as global configuration mode, interface configuration mode, MQC, etc).
• What is 100BaseFX? The "100" in the media type designation refers to the transmission speed of 100 Mbit/s, while the "BASE" refers to baseband signalling. The letter following the dash ("T" or "F") refers to the physical medium that carries the signal (twisted pair or fiber, respectively). • Differentiate full-duplex from half-duplex ?
Full: Send and Receive at same time Half: Send or Receive at same time New Section 2 Page 5
Half: Send or Receive at same time • What does the show protocol display? Shows which protocols are running on router., OSI Model Interview Questions • List the layers of OSI ? Application, Presentation, Session, Transport, Network, Data Link, Physical • What are the responsibilities of each Layer? Application
• Interfaces with the application • Provides network access to apps
Presentation • Data Formatting (file formats) • Encryption Session
• Starts and Ends sessions • Logically keeps sessions separate
Transport
• Describes how data is sent (reliable/unreliable) • Defines Ports
Network
• Provides IP Adressing • Finds best path to destination (routing)
Data Link
• Provides physical addressing • Ensures data is error-free(FCS)
Physical
• Provides physical access to cable • Transfers data in electronic signals ( 1 & 0 )
• Routers work at which OSI layers? • • • • • •
Network Switches work at which OSI layer ? Data Link In which layer term "Frames" is used ? Data Link In which layer term "Packets" is used ? Network In which layer term "Segments" is used ? Transport Give some example for protocols work in Application layer ? Telnet, FTP, DNS, SNMP, SMTP What is CRC? Which layer CRC works ? A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks of data entering these systems get a short check value attached, based on the remainder of a polynomial division of their contents. On retrieval the calculation is repeated, and corrective action can be taken against presumed data corruption if the check values do not match.
It works at Layer 2 of OSI Model • What is a Window in networking terms? Sliding windows, a technique also known as windowing, is used by the Internet's Transmission Control Protocol (TCP) as a method of controlling the flow of packets between two computers or network hosts. TCP requires that all transmitted data be acknowledged by the receiving host. Sliding windows is a method by which multiple packets of data can be affirmed with a single acknowledgment. • What are the difference between TCP and UDP?
TCP
UDP
• Reliable • Connection Oriented
Opposite
New Section 2 Page 6
• Connection Oriented • Gives Acknowledgement • Does 3 way handshake • Error checking • Has heavy overhead • Slower • What is the port no of DNS and Telnet?
DNS=53 Telnet=23 • Which service use both TCP and UDP ? DNS • What is the port no of SMTP and POP3? SMTP = 25 POP3= 110 • Which one is reliable – TCP or UDP ? TCP RIP Interview Questions • What is Route Poisoning? Route poisoning is a method to prevent a router from sending packets through a route that has become invalid within computer networks. Distance-vector routing protocols in computer networks use route poisoning to indicate to other routers that a route is no longer reachable and should not be considered from their routing tables. Unlike the split horizon with poison reverse, route poisoning provides for sending updates with unreachable hop counts immediately to all the nodes in the network. When the protocol detects an invalid route, all of the routers in the network are informed that the bad route has an infinite (∞) route metric. This makes all nodes on the invalid route seem infinitely distant, preventing any of the routers from sending packets over the invalid route. • What is Split Horizon ? Split horizon is a method of preventing a routing loop in a network. The basic principle is simple: Information about the routing for a particular packet is never sent back in the direction from which it was received. • Utilizing RIP, what is the limit when it comes to number of hops?
15 • What is the difference between RIP V1 and V2 ?
Rip V1 • Broadcast
Rip V2 • Multicast 244.0.0.9
• Class Full Routing protocol • Class Less Routing Protocol
(support VLSM) • No Authentication
• Authentication
• Mulitcast address of RIP v2 ?
224.0.0.9 • Administristative distance of RIP ? 120 • Can we use RIP in a scenario having more than 15 routers ? Yes as long as they are not consecutively linked. I.E Stick with star type topologies and you should be ok. • What is the difference between RIP and RIPng?
RIPng supports IPv6 STP Interview Questions What is Spanning tree aka STP ? New Section 2 Page 7
• What is Spanning tree aka STP ? The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. • How does STP maintain a loop-free network? STP maintains a loop-free network by Electing a root bridge Electing a root port on each nonroot bridge Electing designated ports Putting in the blocking state any port that is not a root port or designated port • What parameters can be tuned to influence the selection of a port as a Root or
Designated Port? port cost. • What is BDPU ?what is the basics function of BPDU? Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning tree protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:CC:CD for Per VLAN Spanning Tree). For STP algorithms to function, the switches need to share information about themselves and their connections. What they share are bridge protocol data units (BPDUs). BPDUs are sent out as multicast frames to which only other layer 2 switches or bridges are listening. If any loops (multiple possible paths between switches) are found in the network topology, the switches will co-operate to disable a port or ports to ensure that there are no loops; that is, from one device to any other device in the layer 2 network, only one path can be taken. • Using the default STP timers, how long does it take for a port to move from the
Blocking state to the Forwarding state? 30 seconds • What is the STP states? ○ Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state. Prevents the use of looped paths. ○ Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames. ○ Learning - While the port does not yet forward frames it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC address table, but does not forward frames. ○ Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop. ○ Disabled - Not strictly part of STP, a network administrator can manually disable a port
Which command enables RSTP on a switch? what is Per-VLAN Spanning Tree Protocol (PVST) What is the default bridge priority in a Bridge ID for all Cisco switches? Which STP version run default on cisco switches ? PVST+ What is the purpose of Spanning Tree Protocol in a switched LAN? Prevent switching loops • Difference between Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP)? • Difference between Root Port and Designated Port? • • • • • •
STA is used to calculate a loop-free path. All switch ports are in blocking mode to begin with. It takes approx 50 seconds until frames can be forwarded. Step 1 : Elect Root Bridge - Lowest bridge priority, if there is a tie then switch with lowest New Section 2 Page 8
Step 1 : Elect Root Bridge - Lowest bridge priority, if there is a tie then switch with lowest bridge ID Step 2 : Elect Root Ports - Locate redundant paths to root bridge; block all but on root. Root Path Cost is cumulative cost of path to root bridge. Ports directly connected to Root Bridge will be root ports, otherwise lowest root path cost used. Step 3 : Elect Designated Ports - Single port that sends and receives traffic from a switch to and from Root Bridge - Lowest cost path to Root Bridge. • • • • • • • • • • • • • •
What is the difference between path cost and root path cost? What is the difference between STP, MSTP, PVST and RSTP? What is path cost? Define selection criteria of STP root bridge. What are the four spanning tree port states? How to non bridge decide which port will elect as root port? If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port? Port states of spanning tree protocol. If the users face delay during initial login, what you will suggest to implement? Why spanning tree BPDU filter is used? Can I use BPDU filter on trunk ports? Which port state is introduced by Rapid-PVST? What is Spanning Tree Protocol (STP) PortFast? What does STP do when it detects a topology change in the network due to a bridge or link failure?
VLAN Interview Questions
http://sysnetnotes.blogspot.in/2013/05/vlan-explained-with-interviewquestions.html • • • • • • • • • • • • • • • • • • •
Which switching technology reduces the size of a broadcast domain? Which protocols are used to configure trunking on a switch? What is SVI ? what is meant by "router on stick" ? which is the default mode in switch ports ? Difference between 802.1Q and ISL ? Which are the two trunking protocols ? Which Protocol encapsulate Etherframes ? Which is the Vlan not tagged by 802.1Q ? How to delete vlan information from switch ? Difference between access and trunk mode ? Difference between dynamic auto and dynamic desirable ? what is the use of nonegociate command in switch ? Explain different switch port modes ? what is DTP ? Can we see trunk interfaces in show vlan command ? which is the command used to see trunk interfaces ? what is the maximum number of vlans permitted in 802.1Q and ISL what is the header size of 802.1Q ?
VTP Interview Questions • what are different Vlan modes ? Server Mode VLAN Trunking Protocol (VTP) Server mode is the default VTP mode for all Catalyst switches. At least one server is required in a VTP domain to propagate VLAN information within the VTP domain. We can create, add, or delete VLANs of a VTP domain in a Switch which is in VTP Server mode and change VLAN information in a VTP Server. The changes made in a switch in New Section 2 Page 9
Server mode and change VLAN information in a VTP Server. The changes made in a switch in server mode are advertised to the entire VTP domain. Client Mode VLAN Trunking Protocol (VTP) client mode switches listen to VTP advertisements from other switches and modify their VLAN configurations accordingly. A network switch in VTP client mode requires a server switch to inform it about the VLAN changes. We CANNOT create, add, or delete VLANs in a VTP client. Transparent Mode VLAN Trunking Protocol (VTP) transparent mode switches do not participate in the VTP domain, but VTP transparent mode switches can receive and forward VTP advertisements through the configured trunk links. • What happens to interfaces when you delete a VLAN? • Which is the default mode of VTP ?
Server • what is VTP Pruning ? VLAN Trunking Protocol (VTP) pruning is a feature in Cisco switches, which stops VLAN update information traffic from being sent down trunk links if the updates are not needed. If the VLAN traffic is needed later, VLAN Trunking Protocol (VTP) will dynamically add the VLAN back to the trunk link. • What are two benefits of using VTP in a switching environment? It maintains VLAN consistency across a switched network. It allows VLAN information to be automatically propagated throughout the switching environment. • Which VTP mode is capable of creating only local VLANs and does not synchronize
with other switches in the VTP domain? Transparent Passive Interface Interview Questions • What is passive interface ? • Explain effect of Passive interface on RIP,EIGRP and OSPF ? Passive-interface command is used in all routing protocols to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another. In RIP this command will disable sending multicast updates via a specific interface but will allow listening to incoming updates from other RIP enabled neighbors.This simply means that the router will still be able to receive updates on that passive interface and use them in the routing table. In EIGRP the passive-interface command stops sending outgoing hello packets, hence the router can not form any neighbor relationship via the passive interface. This behavior stops both outgoing and incoming routing updates. In OSPF the passive-interface has a similar behavior to EIGRP. The command suppresses hello packets and hence neighbor relationships. • What is the effect of default passive interface command ? • Why does the EIGRP passive-interface command remove all neighbors for an
interface? • How do I stop individual interfaces from developing adjacency in an OSPF network? • What command is used to stop RIP routing updates from exiting out an interface but still allow the interface to receive RIP route updates? • How Does the Passive Interface Feature Work in EIGRP? New Section 2 Page 10
• How Does the Passive Interface Feature Work in EIGRP?
EIGRP Interview Questions • What is EIGRP? • What are the different tables in EIGRP? Topology Table Neighbor Table Routing Table • Why EIGRP is called hybrid protocol ? Because It has some features of distance vector and some features of link-state RP. • What are the different packets in EIGRP? Hello Packets: EIGRP neighbor ship is discovered and maintained by Hello Packets. If the router fails to receive a hello packet within the hold timer, the corresponding router will be declared dead. Update Packets: At the time of discovering new neighbor, update packets are sent, so that the topology table can be built by the neighbor router. Update packets are unicast and always transmitted reliably. Query packets: When the destination goes into Active state, the query packets are sent. Query packets are multicast and replies are always sent in reply to the queries for indicating the originator that it does not need to go into Active state. Reply Packets: When the destination goes into Active state, the reply packets are sent. Reply packets are unicast to the originator of the query and transmission of reply packets are reliable. ACK packets: ACK packets use to know the transmission status. If a Hello packet sent without data is also recognized as acknowledgement. Unicast address with non-zero acknowledgement number is always sent by ACKs.
• What are the advantages of EIGRP other routing protocol ? Fast convergence – a router stores all its neighbors routing tables so that it can quickly adapt to alternate routes. Variable length subnet mask – it supports variable length subnet masks permits routes to be automatically summarized on a network. Support for partial updates – EIGRP sends partial updates when the metric for a route changes. Propagation of partial updates is automatically bounded so that only those routers that need the information are updated.
Support for multiple network layer protocols – EIGRP supports AppleTalk which redistributes routes learned from RTMP, IP redistributes routes learned from OSPF and RIP, ISIS, EGP, and BGP, and Novell NetWare implementation redistributes routes learned from Novell RIP or SAP.
• What type of Authentication is supported by EIGRP ?
MD5 • What is the use of "variance" Command in EIGRP? Unequal Cost Load Balancing • Internal and external Administrative distance in EIGRP ? Internal = 90 External = 170 • What is Feasible successor ? A destination entry is moved from the topology table to the routing table when there is a New Section 2 Page 11
A destination entry is moved from the topology table to the routing table when there is a feasible successor. A feasible successor is a path whose reported distance is less than the feasible distance, and it is considered a backup route. • What is Advertised distance ?
Distance advertised by router to get to destination router. FD = AD + Distance from sending router • What is successor ? A successor route (think successful!) is the best route to a remote network. A successor route is used by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed up by a feasible successor route that is stored in the topology table-if one is available. • What is the muticast address used by EIGRP to send Hello packets ?
224.0.0.10 • What is "Stuck in Active" ?
When a route is not available and the router does not have backup path to the destination. It will search for alternative path. This time period is call SIA. • what is "Graceful shutdown" ? With graceful shutdown, a goodbye message is broadcast when an eigrp routing process is shutdown, to inform adjacent peers about the impending topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbour relationsships more efficiently than would occur if the peers discovered the topology change after the hold time expired. • what is "Goodbye" message recieved in EIGRP ? •
• • •
Message with all K values set to 255 to signal Graceful Shutdown. Maximum path load balanced by EIGRP ? Default = 4 Maximum = 32 How EIGRP support unequal load balancing ? By Variance What happen when we enable passive interface in EIGRP ? Conditions for EIGRP neigbours ○ ○ ○ ○
Authentication AS Number K values Subnet
• what is meant by active and passive states in EIGRP ? A destination in the topology table can be marked either as passive or active. A passive state is a state when the router has identified the successor(s) for the destination. The destination changes to active state when the current successor no longer satisfies the feasibility condition and there are no feasible successors identified for that destination (i.e. no backup routes are available). The destination changes back from active to passive when the router received replies to all queries it has sent to its neighbors. • What are the different K-values used in EIGRP ? K1 - Bandwidth K2 - Load K3 - Delay K4 - Reliability K5 - MTU
Wireless Interview Questions • What is Wi-Fi? Wi-Fi (or WiFi) is a local area wireless computer networking technology that allows electronic devices to connect to the network, mainly using the 2.4 gigahertz (12 cm) UHF and 5 gigahertz (6 cm) SHF ISM radio bands.
New Section 2 Page 12
• What is a Wi Fi Hotspot? • What is IBSS,BSS and ESS ? • Why WPA encryption is preferred over WEP? WEP
WPA
Stands for Wired Equivalent Privacy
Wi-Fi Protected Access
What is it? A security protocol for wireless networks introduced in 1999 to provide data confidentiality comparable to a traditional wired network.
A security protocol developed by the Wi-Fi Alliance in 2003 for use in securing wireless networks; designed to replace the WEP protocol.
Methods Through the use of a security algorithm for IEEE 802.11 wireless networks it works to create a wireless network that is as secure as a wired network.
As a temporary solution to WEP's problems, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP.
Uses Wireless security through the use of an encryption key.
Wireless security through the use of a password.
Authentica Open system authentication or shared tion key authentication method
Authentication through the use of a 64 digit hexadecimal key or an 8 to 63 character passcode.
• What is 802.1x and EAP ? • Name two devices can interfere with the operation of a wireless network because they • • • •
• • • • • •
operate on similar frequencies? What are three basic parameters to configure on a wireless access point? What is the maximum data rate specified for IEEE 802.11b WLANs? Which encryption type does WPA2 uses ? When two laptops directly directed wirelessly,what type of topology has been created ? Ad-Hoc Which Spread spectrum technology does the 802.11b standard define for operation ? which two wireless encryption method are based on RC4 encryption algorithm ? which is the minimum parameter need on the access point inorder to allow a wireless client to operate on it ? What is the frequency range of the IEEE 802.11g standard? What is the maximum data rate for the 802.11a standard? What is the maximum data rate for the 802.11g standard?
New Section 2 Page 13
OSPF • Describe OSPF,Different types of routers in OSPF • How OSPF establishes neighbor relation In OSPF, routers have to become neighbors first before exchanging link- state advertisements (LSA).After configuring OSPF on routers it will start sending hello packets to each other.The Hello packets also serve as keepalives to allow routers to quickly discover if a neighbor is down. Hello packets also contain a neighbor field that lists the Router IDs of all neighbors the router is connected to. OSPF routers will only become neighbors if the following parameters within a Hello packet are identical on each router: a. Area ID b. Subnet Mask c. Hello Interval d. Dead Interval e. Authentication • DR /BDR Election OSPF elect a Designated Router (DR) for each multi- access networks, accessed via multicast address 224.0.0.6. For redundancy purposes, a Backup Designated Router (BDR) is also elected. DR and BDR election ○ The router with the highest priority becomes the DR; second highest becomes the BDR. If there is a tie in priority, Whichever router has the highest Router ID will become the DR. ○ By default router priority will be same.We can change it if we need it ○ Default priority on Cisco routers is 1.If we set Router priority is O, that router will not participate in DR/BDR election ○ In FrameRelay (NBMA -non broadcast multi access) network ,HUB Must be elected as DR .We can do this by changing router priority • OSPF Network Types
OSPF’s functionality is different across several different network topology types. They are mentioning below
Broadcast Multi-Access – indicates a topology where broadcast occurs. • OSPF will elect DRs and BDRs. • Traffic to DRs and BDRs is multicast to 224.0.0.6. Traffic from DRs and BDRs to other routers is multicast to 224.0.0.5. • Neighbors do not need to be manually specified. • Examples Ethernet Point-to-Point – indicates a topology where two routers are directly connected. New Section 2 Page 14
Point-to-Point – indicates a topology where two routers are directly connected. • No DRs and BDRs. • All OSPF traffic is multicast to 224.0.0.5. • Neighbors do not need to be manually specified. Point-to-Multipoint – indicates a topology where one interface can connect to multiple destinations. Each connection between a source and destination is treated as a point-to-point link. •
OSPF will not elect DRs and BDRs.
• All OSPF traffic is multicast to 224.0.0.5. • Neighbors do not need to be manually specified. Non-broadcast Multi-access Network (NBMA) – indicates a topology where one interface can connect to multiple destinations; however, broadcasts cannot be sent across a NBMA network. • An example would be Frame Relay. • OSPF will elect DRs and BDRs. • OSPF neighbors must be manually defined, thus All OSPF traffic is unicast instead of multicast. • OSPF LSA ○ Router LSA (Type 1) – Contains a list of all links local to the router, and the
○ ○
○
○
○
status and “cost” of those links. Type 1 LSAs are generated by all routers in OSPF, and are flooded to all other routers within the local area. Network LSA (Type 2) – Generated by all Designated Routers in OSPF, and contains a list of all routers attached to the Designated Router. Network Summary LSA (Type 3) – Generated by all ABRs in OSPF, and contains a list of all destination networks within an area. Type 3 LSAs are sent between areas to allow inter-area communication to occur. ASBR Summary LSA (Type 4) – Generated by ABRs in OSPF, and contains a route to any ASBRs in the OSPF system. Type 4 LSAs are sent from an ABR into its local area, so that Internal routers know how to exit the Autonomous System. External LSA (Type 5) – Generated by ASBRs in OSPF, and contain routes to destination networks outside the local Autonomous System. Type 5 LSAs can also take the form of a default route to all networks outside the local AS. Type 5 LSAs are flooded to all areas in the OSPF system. Type 7 NSSA External LSAs - Used in stub areas in place of a type 5 LSA
• OSPF Authentication OSPF supports authentication to secure routing updates.We can use either clear-text or an MD5 authentication with OSPF. Clear Text Authentication To configure clear-text authentication, the first step is to enable authentication for the area, under the OSPF routing process:
Router(config)# router ospf 1 Router(config-router)# network 172.16.0.0 0.0.255.255 area 0 New Section 2 Page 15
Router(config-router)# network 172.16.0.0 0.0.255.255 area 0 Router(config-router)# area 0 authentication Then, the authentication key must be configured on the interface:
Router(config)# interface fa 0/0 Router(config-if)# ip ospf authentication Router(config-if)# ip ospf authentication-key MYKEY
MD5 Authentication To configure MD5-hashed authentication, the first step is also to enable authentication for the area under the OSPF process:
Router(config)# router ospf 1 Router(config-router)# network 172.16.0.0 0.0.255.255 area 0 Router(config-router)# area 0 authentication message-digest Notice the additional parameter message-digest included with the area 0 authentication command. Next, the hashed authentication key must be configured on the interface:
Router(config)# interface fa 0/0 Router(config-router)# ip ospf message-digest-key 10 md5 MYKEY Router(config-router)# ip ospf authentication message-digest
NOTE: Area authentication must be enabled on all routers in the area, and the form of authentication must be identical (clear-text or MD5). The authentication keys do not need to be the same on every router in the OSPF area, but must be the same on interfaces connecting two neighbors. From
• Multicast address of OSPF in IPv4 n IPV6 • ospf OSPF (all spf routers) OSPF (all dr routers) RIP
EIGRP
224.0.0.5
224.0.0.6
224.0.0.9 224.0.0.10
FF02::5
FF02::6
FF02::9
FF02::A
• If OSPF router is stucked in each stage what the problem is and how to troubleshoot it
Filtering • What is access list. Explain difference between named and numbered access list New Section 2 Page 16
• What is access list. Explain difference between named and numbered access list
http://sysnetnotes.blogspot.com/2013/08/access-list-notes-numberedand-named-acl.html • • • • •
Write an example if you want to allow and to deny… What is prefix list Example of Prefix list What is Route Map Example of route map
From
New Section 2 Page 17