Professional Documents
Culture Documents
CCNP Enterprise (ENCOR)
CCNP Enterprise (ENCOR)
1. What is Routing?
Ans - Routing is the process of finding a path on which data can pass from source to destination. Routing is
done by a device called routers, which are network layer devices.
5. What is the purpose of the Spanning Tree Protocol (STP) in a switched network?
Ans - The Spanning Tree Protocol (STP) prevents loops in Ethernet networks by creating a loop-free logical
topology. It accomplishes this by blocking specific ports to ensure that there's only one active path between
any two network devices.
7. What is a Broadcast Storm, and how does STP help prevent it?
Ans - A Broadcast Storm is a situation where broadcast frames continuously flood a network, leading to
network congestion and reduced performance. STP prevents this by blocking redundant paths in the
network, thus preventing loops that could cause such storms.
11. Explain the difference between an Access VLAN and a Trunk VLAN?
Ans - An Access VLAN is assigned to an individual switch port and is used to specify the VLAN that a device
connected to that port belongs to. A Trunk VLAN is configured on a link that carries multiple VLANs and is
used to allow traffic from multiple VLANs to pass between switches.
14. How can you verify if VLAN traffic is flowing correctly across a network?
Ans - Use tools like the show vlan, show interfaces trunk, and show interfaces status commands on Cisco
switches to verify VLAN configuration, trunking status, and interface assignment.
15. What is the difference between Static VLANs and Dynamic VLANs?
Ans - Static VLANs are manually configured on each switch port, while Dynamic VLANs are assigned
dynamically based on user or device characteristics, often through protocols like IEEE 802.1X. Dynamic
VLANs provide flexibility and automation in larger networks.
16. Can you explain the concept of VLAN Trunking Protocol (VTP)?
Ans - VTP is a Cisco proprietary protocol used to manage and distribute VLAN configurations across a
network of interconnected switches. It helps ensure consistent VLAN configurations, reducing the need for
manual configuration changes on each switch.
19. What happens when a VTP server with a higher revision number is introduced to a network?
Ans - If a VTP server with a higher revision number is introduced to a network, it updates all other switches
in the same VTP domain with its VLAN configuration information.
20. How can you reset the VTP configuration on a switch?
Ans - To reset the VTP configuration, change the switch's VTP mode to transparent and then back to the
desired mode. This resets the revision number to zero.
23. How can you ensure that a switch doesn't participate in VTP updates?
Ans - Set the switch's VTP mode to transparent. In transparent mode, the switch forwards VTP updates but
does not participate in VTP updates itself.
24. What precautions should you take before changing the VTP mode on a switch?
Ans - Before changing the VTP mode on a switch, ensure that you have a backup of the VLAN configuration
and that you understand the impact on the network. It's also a good practice to disable VTP pruning during
changes to avoid accidental data loss.
26. How does MSTP improve scalability in large networks with many VLANs?
Ans - MSTP reduces the number of required spanning tree instances by allowing multiple VLANs to share the
same topology, thus improving scalability and reducing complexity.
27. How does MSTP group VLANs into Multiple Spanning Tree Instances (MSTIs)?
Ans - MSTP uses VLAN-to-Instance mapping to group VLANs into MSTIs. VLANs that share the same MSTI
settings are mapped to the same instance and share a common spanning tree topology.
32. Explain the purpose of the Bridge Protocol Data Units (BPDUs)?
Ans - BPDUs are used by STP to exchange information about the network topology, including bridge IDs, port
states, and path costs. These exchanges help switches determine the best path and prevent loops.
33. How does STP determine the best path for forwarding frames?
Ans - STP determines the best path based on the cost assigned to each link. The path with the lowest
cumulative cost to the root bridge is selected as the designated path.
40. What happens if the configuration of an EtherChannel link does not match on both ends?
Ans - If the configuration does not match, the link will not form an EtherChannel bundle. The ports will
remain in a suspended state until the configurations are aligned.
49. How does OSPF elect a Designated Router (DR) and a Backup Designated Router (BDR)?
Ans - OSPF routers in a multi-access network elect a DR and BDR to reduce the number of adjacencies
needed. The router with the highest OSPF priority becomes the DR, and the second highest becomes the
BDR. In case of a tie, the router with the highest router ID is chosen.
65. How does OSPF prevent loops in the LSDB synchronization process?
Ans - OSPF routers implement the Dijkstra algorithm to calculate the shortest path tree based on the LSDB.
This algorithm guarantees loop-free paths and determines the best routes to reach destinations.
75. How does OSPF handle the advertisement of routes within a stub area?
Ans - In a stub area, the ABR generates a Type 3 Summary LSA that summarizes all routes within the area.
This LSA is flooded throughout the OSPF network. Routers in other areas then use this summary information
to route traffic towards the stub area.
Spoofing: Attackers can impersonate routers or inject false routing information into the network.
Denial of Service (DoS): Attackers flood the network with excessive traffic or invalid LSAs, disrupting normal
OSPF operations.
Hello Flooding: Attackers send a large number of OSPF hello packets, overwhelming the network.
LSA Injection: Attackers inject malicious LSAs to influence routing decisions and redirect traffic.
Rogue Router: Unauthorized routers are added to the OSPF network, potentially leading to incorrect
routing.
82. Why do OSPF routers form adjacencies with the DR and BDR?
Ans - OSPF routers form adjacencies with the DR and BDR to exchange link-state information more
efficiently. Instead of forming adjacencies with all routers on the segment, OSPF routers only need to
establish adjacencies with the DR and BDR. This reduces the number of adjacencies and the amount of OSPF
control traffic.
84. Are there any cases where the DR/BDR concept might not be suitable?
Ans - The DR/BDR concept is most relevant in multi-access networks with a significant number of routers. In
point-to-point networks and point-to-multipoint networks, there's typically only one neighbor, so the DR and
BDR roles are not necessary.
87. What is the default value of K1, K2, K3, K4, and K5 in the EIGRP metric calculation?
Ans - The default values are K1=1, K2=0, K3=1, K4=0, and K5=0.
98. What is the primary use case for Policy Based Routing?
Ans - PBR is often used to implement granular routing decisions for specific types of traffic, such as directing
traffic through specific paths based on factors like source IP, application type, or time of day.
100. What are the different actions that can be taken with PBR?
Ans - PBR can be used to set the next-hop IP address, set the outgoing interface, redirect traffic to a specific
routing table, or modify DSCP/ToS values.
101. How do you define an access control list (ACL) for PBR?
Ans - An ACL is defined using conditions that match the traffic you want to apply PBR to, such as
source/destination IP addresses, protocols, and port numbers.
102. Can PBR be used for load balancing traffic across multiple links?
Ans - Yes, PBR can be used to distribute traffic across multiple links based on specific criteria defined in the
route map.
105. How can PBR be used for traffic prioritization or Quality of Service (QoS)?
Ans - PBR can be used to mark traffic with Differentiated Services Code Point (DSCP) values, which can then
be used by downstream devices to apply QoS policies.
107. How can PBR help in isolating and inspecting potentially malicious traffic?
Ans - PBR can route suspicious traffic through a monitoring or inspection device, allowing for analysis
without affecting regular network traffic.
108. What are some common issues that can arise when configuring PBR?
Ans - Issues can include incorrect ACL or route map configuration, incorrect application of route maps, and
route asymmetry.
122. In what scenarios would you typically use a DHCP relay agent?
Ans - DHCP relay agents are used in scenarios where DHCP clients and servers are separated by routers, such
as in larger networks with multiple subnets.
123. How does using a DHCP relay agent impact network security?
Ans - DHCP relay agents don't alter the content of DHCP messages; they simply forward them. Proper
network segmentation and access controls are still required.
129. What is the difference between applying ACLs inbound and outbound on an interface?
Ans - Applying an ACL inbound filters traffic before routing decisions are made. Applying it outbound filters
traffic after routing decisions.
146. What kind of tools are commonly used with SPAN and RSPAN?
Ans - Network analyzers, packet capture tools, intrusion detection/prevention systems, and performance
monitoring software can be used to analyze SPAN or RSPAN data.
157. Can an NGFW enforce security policies across different network segments?
Ans - Yes, NGFWs can enforce security policies across various network segments, including internal, DMZ,
and external zones.
163. What precautions should you take when using debug commands in production environments?
Ans - Debug commands should be used sparingly in production networks due to their potential impact on
network performance. Always disable debugging after use.
164. Are there alternatives to using debug commands for troubleshooting?
Ans - Yes, show commands, logs, and monitoring tools often provide valuable information without the
potential side effects of debug commands.
167. How do APIs (Application Programming Interfaces) play a role in network automation?
Ans - APIs provide a way for different software applications to communicate and interact. In network
automation, APIs enable the integration of various tools and platforms, allowing you to programmatically
interact with network devices, gather information, and make configuration changes.