Professional Documents
Culture Documents
IPv6 does not use fragmentation and If it sees a packet larger than
their MTU they will drop the packet.
Time to live (TTL) is used for how long a packet can live on a
network. Default is 30.
1.4 - Explain TCP operations:
IPv4 and v6 both use a the default MTU size of 1500 bytes.
MSS or maximum segment size refers to the amount of data in the
segment.
Latency is time required to travel from its source to its destination.
TCP communication uses windowing which means that one or more
segments are sent at one time and a receiver can acknowledge the receipt of all the
segments in one window.
The bandwidth-delay product is a measurement of a maximum
number of bits that can be on a network segment at any one time, and is calculated
by multiplying the segments bandwidth (bits per second) and the latency packets
experience as they cross the segment.
Global Synchronization happens if a router's output queue fills to
capacity and all the TCP flows are dropped simultaneously and causing all the TCP
flows to slowly start. To solve this issue, CISCO IOS uses a feature called Weighted
Random Early Detection (WRED) and it drops packets from flows based on the the
number of packets in queue or by the QOS markings in the packet and it drops the
packets before the queue fills to capacity.
topology information.
Configuration and Verification:
You can configure static neighbors with the
neighbor command or you can use the network [IP/WC mask] and make
sure all requirements match to become neighbors.
Verification of neighbors can be seen with the show
ip ospf neighbor [Router-ID] command and with the show ip protocols
command.
OSPF authentication:
OSPF authentication types:
Type 0: No Authentication
Type 1: Provides plain text
authentication
Type 2: Provides Hashing
Authentication
OSPFv2 plain-text authentication:
Configuration:
Enable PTA per
interface or area:
Ip ospf
authentication
Area #
authentication
Set a key:
Ip ospf
authentication-key [name]
The
max key length is 8.
Verification:
Use the show ip
interface or show ip ospf interface command for
verification.
OSPFv2 MD5 Authentication:
Does not allow time based keys.
Max key length is 6.
Configuration:
Ipv6
Exit address
configuration mode for IPv4 with the exit address-family
ipv4 command.
Enter IPv6 address
configuration mode with the address-family IPv6
command.
Specify interfaces
with network [ipv6 address] [prefix-length] command.
Activate the bgp
neighbor for the IPv6 address with the neighbor [IPv4
address] activate command.
Associate the routermap with the neighbor using the neighbor [IPv4 address]
route-map [name] out command.
Configuration for routing IPv6 over
IPv6:
Enable ipv6 routing.
Enable bgp with the
router bgp # command.
Define the IPv6
neighbor with the neighbor [IPv6 address] remote-as
command.
Enter address family
mode with the address-family IPv6 command.
Specify with
interfaces will participate with the network [IPv6 address]
[Prefix length] command.
Activate the BGP
neighbor with the neighbor [IPv6 address] activate
command.
Autonomous system numbers:
ASN 0 is reserved.
1 - 64,495 is used for public use.
64,512 - 65,534 is used for private
use.
65,535 is reserved.
3.32 - Explain BGP attributes and best-path selection:
BGP uses path attributes as metrics for choosing the best routes.
The order goes as follows:
Next hop: If no route to reach the next_hop IP then
it cannot be used.
Weight (not a PA, Cisco proprietary): The bigger the
better.
Local_Pref: The bigger the better.
Locally injected routers: Better than both eBGP and
iBGP.
the PAs above the router will take these steps to break the tie:
Oldest (longest-known) eBGP route.
Lowest neighbor BGP RID
Lowest neighbor IP address.
4.0 VPN Technologies:
4.1 - Configure and Verify GRE:
Generic Routing Encapsulation (GRE) is used for creating site-tosite VPNs. Configuration steps for GRE are as follows:
Configure a tunnel interface with the: interface
tunnel [#] command.
Make sure to put the tunnel interfaces on each side
of the tunnel on the same subnet.
Use the Tunnel Source [Interface X/X] to specify
the source interface and the Tunnel Destination [IP Address/Subnet]
command to specify the destination of the tunnel.
Verifying GRE:
You can verify GRE configuration with the Show
Run and show tunnel interface(s) x/x command.
Remember that if you do a traceroute, the hop
between each router should only be one.
4.2 - Describe DMVPN:
Dynamic Multipoint VPN or DMVPN allows routers to create
VPN tunnels with other routers on an as-needed basis.
It consists of a Hub/Spoke topology and uses the
client/server model. The hub is preconfigured with all the spoke IPs and
the all the spokes are preconfigured with the hubs IP.
Three requirements for DMVPN are:
Password encryptions:
Type 7 password encryption [service-password
encryption] is the weakest form of encryption and can be easily cracked.
The secret command uses the SHA-256 for
encryption passwords and is very strong.
5.4 - Configure and verify router security features
IPv4 access lists can now be time-based. Configuration of time-based
Access Control Lists:
Time-range [name]
Periodic [ M |T| W| TH| F| WD | WE] Beginning TimeEnding Time
Access-list [number] [permit|deny] [time-range
[name]]
IPv6 Traffic Filtering:
You can create ACLs same as IPv4 ACLs, but they
have 3 implicit instructions at the end of IPv6 ACLS:
Permit icmp any any nd-na
Permit icmp any any nd-na
Deny ipv6 any any
Unicast reverse path forwarding or uRPF is a security mechanism in
Cisco Routers that prevent IP spoofing attacks by matching that the source address
is in the routing table and is reachable.
uRPF has 3 modes:
Loose mode: With loose mode, a
router will only verify that the source IP address of a packet is
reachable based on a routers FIB.
Strict mode: A router checks that the
source IP is reachable and in the routers FIB and it also makes sure
that the packet is arriving on the same interface the router would use
to send the traffic back to the IP address.
VRF mode: same as loose mode, but
it checks the VRF instances routing table.
Configuration:
Ip verify unicast source reachable-via
[rx (strict mode) | any (loose mode)]
6.0 Infrastructure Services:
6.1 - Configure and verify device management:
6.2 - Configure and verify SNMP:
6.3 - Configure and verify logging:
Logging allows you to track any events that go on in the router.
Logging levels:
0 = Emergencies
1 = Alerts
2 = Critical
3 = Error
4 = Warnings
5 = Notifications
6 = Informational
7 = debugging
Configuration:
frequency [seconds].
ip sla schedule # life [forever | seconds] [Start time hh:mm:ss] [Month day |
day month]
6.10 - Configure and verify tracking objects: