Top Network Interview Questions

I
True or False: When redistributing into EIGRP, only the metric values (K-values)
that are used are required to be set. False. All EIGRP metric values must be
set when redistributing into EIGRP, regardless of the K-values settings.
How do you configure an EIGRP summary route? EIGRP summarization is configured

on the interface in classic mode, or the af-interface in named mode:<div><br
/></div><div><b>ip summary-address eigrp </b><i>ASN network mask</i></div>
How do you modify the AD of an EIGRP summary route? Under the EIGRP
process:<div><br /></div><div><b>summary-metric </b><i>network mask
AD</i></div><div><i><br /></i></div><div>In EIGRP named mode, this is configured
under the topology.</div>
When an EIGRP summary route is created, its metric is copied from the component
subnet with the current lowest metric by default. Why should you set this value
manually? Even if the component route with the lowest metric remains the lowest,
the summary metric is recalculated every time any individual component subnet
metric changes, which adds to router overhead.<div><br /></div><div>Set the metric
manually with the <b>summary-metric </b>command under the EIGRP process.</div>
How do you manually configure the metric used by an EIGRP summary route? Under
the EIGRP process:<div><br /></div><div><b>summary-metric </b><i>network mask
bandwidth delay reliability load mtu </i>[<b>distance </b><i>administrative-
distance</i>]</div><div><br /></div><div>In EIGRP named mode, this is configured
under the topology.</div>
What's the difference between the default <b>ip classless </b>and <b>no ip
classless </b>with regard to whether or not a default route is used? With <b>ip
classless</b>, if a packet's destination does not match a specific route in the IP
routing table, the router uses the default route.<div><br /></div><div>With <b>no
ip classless</b>, the router first checks to see whether any part of the
destination address's classful network is in the routing table. If so, that router
will not use the default route for forwarding that packet.</div>
In what two ways can both RIP and EIGRP advertise a default route? Static route
to 0.0.0.0, with the <b>redistribute static </b>command<div><br /></div><div>The
<b>ip default-network </b>command</div>
The <b>default-information originate </b>command can be used by which IGPs?<div><br

/></div><div>-RIP</div><div>-EIGRP</div><div>-OSPF</div><div>-IS-IS</div> RIP,
OSPF, and IS-IS
How can you configure EIGRP to redistribute only a static default route?
<div>Static route > prefix list > route map >
redistribute</div><div><b><br /></b></div><div><b>ip route 0.0.0.0 0.0.0.0
</b><i>gateway</i></div><div><i><br /></i></div><div><b>ip prefix-list </b><i>zero-
prefix </i><b>permit 0.0.0.0/0</b></div><div><b><br /></b></div><div><b>route-map
</b><i>just-default </i><b>permit 10</b></div><div><b> match ip address
prefix-list </b><i>zero-prefix</i></div><div><b>route-map </b><i>just-default
</i><b>deny 20</b></div><div><b><br /></b></div><div><b></b><b>router
eigrp </b><i>ASN</i><div> <b>redistribute static
route-map </b><i>just-default </i>[<b>metric </b><i>metric</i>]</
div></div>
When using the <b>default-information originate </b>command with OSPF, what is the
default cost and route type?
Cost 1<div>Type E2</div><div><br /></div><div>The metric and route type can be set
directly when using the <b>default-information originate </b>command.</div>
How do RIP and EIGRP use the <b>ip default-network </b>command differently? RIP
advertises a route to 0.0.0.0/0<div><br /></div><div>EIGRP advertises the classful
network, but flags it as a candidate default. This is why EIGRP must also be
advertising the classful network.</div>
When issuing the interface command <b>ip summary-address eigrp </b><i>ASN summary
mask, </i>how is the route installed locally, and then advertised? The
local router creates a local summary route with destination null0 using AD 5. EIGRP
then advertises the summary to other routers with AD 90 (EIGRP internal)
What is another name for a subnet broadcast address? A directed broadcast address
What is the default interface command <b>no ip directed-broadcast </b>used for?

This prevents the router from forwarding broadcasts onto the network segment from a
different segment. <div><br /></div><div>This prevents certain attacks like
the Smurf attack where a malicious host sends an ICMP Echo to the destination
subnet's broadcast address, with the source being a target on the destination
subnet. </div>
What is a unicast Reverse-Path-Forwarding (uRPF) check?

uRPF is a security feature that checks the source IP address of incoming packets
and will discard them if the source IP is not reachable on the incoming
interface (strict mode) or if it is not reachable via any interface (loose
mode).<div><br /></div><div>The default route is not used for this check unless
the router is configured to do so.</div>
How do you enable uRPF strict mode? <div>Interface:</div><div><b>ip verify

unicast source reachable-via rx</b></div>
How do you configure uRPF loose mode? <div>Interface:</div><div><b>ip verify

unicast source reachable-via any</b></div>
When configuring uRPF, what does the <b>allow-default </b>keyword do? Whether uRPF
strict or loose mode is configured, the default behavior is to not verify the uRPF
check against the default route. The <b>allow-default </b>keyword allows the
router's default route to be used in determining the validity of the
packet.<div><br /></div><div>Interface:</div><div><b>ip verify unicast source
reachable-via </b>{<b>rx </b>| <b>any</b>} <b>allow-default</b></div>
What's the difference between a Smurf attack and a Fraggle attack? Both trigger
IP directed broadcasts. Smurf uses ICMP Echo, Fraggle uses UDP Echo.
With Cisco IOS TCP Intercept, what is the difference between Watch mode and
Intercept mode? TCP Intercept monitors TCP connections for SYN
attacks.<div><br /></div><div>In Watch mode, it keeps state information for TCP
connections that match an ACL, and if TCP does not complete the 3-way handshake
within a particular time period, TCP Intercept sends a TCP RST to the destination
to clean up the connection. Watch mode also temporarily denies new TCP requests if
more than 1100 occur in one second.</div><div><br /></div><div>In Intercept mode,
the router replies to TCP SYNs instead of forwarding them. If the 3-Way Handshake
completes, the router creates a TCP connection to the destination, then stitches
the two connections together.</div>
How do you configure TCP Intercept? Globally:<div><b>ip tcp intercept list

</b><i>acl</i></div><div><b>ip tcp intercept mode </b>{<b>watch </b>|
<b>intercept</b>}</div>
How do you verify TCP Intercept? <b>show tcp intercept </b>{<b>connections </b>|
<b>statistics</b>}
After defining a policy-map to be used for CoPP, how do you apply it? <b>control-
plane</b><div><b> service-policy input </b><i>policy-map-name</i></div>
With CoPP, the only Layer 2 protocol that can be explicitly assigned to a class is
___. ARP<div><br /></div><div>All other Layer 2 protocols fall under the default
class.</div>
What are the only three <b>match </b>options that can be used with CoPP class maps?
ACLs<div>IP Precedence</div><div>DSCP</div>
Because classes within a policy-map are evaluated top-down, which traffic should
you place at the top for CoPP? Malicious traffic should be placed at the top
so that it is dropped immediately.
How do you configure the proper mode on a tunnel interface for DMVPN? Tunnel
interface:<div><b>tunnel mode gre multipoint</b></div>
When creating a tunnel interface for DMVPN, how do you associate the tunnel
interface with a physical interface? Tunnel interface:<div><b>tunnel source
</b><i>physical-interface</i></div>
With DMVPN, what configuration statement on the hub is necessary to allow dynamic
routing protocols to operate? Tunnel interface:<div><b>ip nhrp map multicast
dynamic</b></div><div><b><br /></b></div><div>This prevents the Hub router from
needing a separate configuration line for a multicast mapping for each spoke
router.</div>
How do you specify which DMVPN a device belongs to? On the DMVPN Tunnel
Interface, <b>ip nrhp network-id </b><i>id </i>enables NHRP, which is critical to
the operation of DMVPN. All routers and interfaces configured with the same ID
belong to the same DMVPN.
How do you specify a cleartext password for DMVPN connections? Tunnel
interface:<div><b>ip nhrp authentication </b><i>password</i></div>
On a DMVPN spoke router, how do you specify the hub router? Tunnel
interface:<div><b>ip nhrp map </b><i>hub-tunnel-ip hub-nbma-ip</i></div><div><b>ip
nhrp nhs </b><i>hub-tunnel-ip</i></div>
What two things should you configure in a DMVPN to prevent large packets from being
dropped or fragmented? Lower the MTU on the tunnel interface to account for
overhead:<div><b>ip mtu 1400</b></div><div><b><br /></b></div><div>Lower the TCP
MSS on the tunnel interface:</div><div><b>ip tcp adjust-mss 1360</b></div>
How do you configure a DMVPN spoke router to send multicast traffic only to the
hub, and not to other spokes? Tunnel interface:<div><b>ip nhrp map multicast
</b><i>hub-nbma-ip</i></div><div><i><br /></i></div><div>This is necessary to
prevent issues with routing protocols like OSPF.</div>
How do you verify the state of DMVPN tunnels? <b>show dmvpn</b>
What six functions does NDP for ICMPv6 provide? Router

discovery<div>SLAAC</div><div>IPv6 address resolution</div><div>NUD Neighbor
Unreachability Detection</div><div>DAD</div><div>Redirection</div>
IPv6 SeND uses ___ to verify node address validity. Public/private key pairs
How do you configure RA Guard on a switch? Globally create the policy to

define the role:<div><b>ipv6 nd raguard policy </b><i>name</i></div><div>
<b>device-role </b>{<b>host </b>| <b>router</b>}</div><div><br /></div><div>Apply
the policy to the interface:</div><div><b>ipv6 nd raguard attach-policy
</b><i>name</i></div>
With DHCPv6 Guard, all ___ messages are always switched regardless of device role,
and ___ messages are only processed further if the device role is set to ___.
client<div>DHCP server</div><div>server</div>
What is the purpose of the IPv6 Device Tracking feature? To track IPv6 host
liveness so the neighbor table can be immediately updated when an IPv6 host
disappears to revoke network access privileges as they become inactive.
How do you enable IPv6 Device Tracking? Globally:<div><b>ipv6 neighbor binding

vlan </b><i>vlan </i><b>interface </b><i>interface</i></div>
How do you verify IPv6 Device Tracking? <b>show ipv6 neighbor tracking</b>
With IPv6 ND Inspection, when is an ND message considered trustworthy? If its

IPv6-to-MAC mapping is verifiable
How does IPv6 ND Inspection work? IPv6 ND Inspection learns and secures bindings
for SLAAC addresses in L2 neighbor tables. IPv6 ND Inspection analyzes ND messages
to build a trusted binding table database, and ND messages that do not conform are
dropped.
How do you configure IPv6 ND Inspection? Globally create a policy:<div><b>ipv6 nd

inspection policy </b><i>name</i></div><div> <b>device-role
</b><i>role</i></div><div> <b>drop-unsecure</b></div><div><b><br
/></b></div><div>Apply the policy to an interface:</div><div><b>ipv6 nd inspection
attach-policy </b><i>name</i></div>
How do you verify an IPv6 ND Inspection policy? <b>show ipv6 nd inspection

policy</b>
IPv6 Source Guard requires what to be populated before it will work? The IPv6
binding table must be populated with IPv6 prefixes for IPv6 Source Guard to work.
With IPv6 Source Guard, what happens when traffic is denied due to being from an
unknown source or unallocated address? The IPv6 address glean feature is
notified so it can try to recover the traffic by querying the DHCP server or by
using IPv6 ND.
How do you configure IPv6 Source Guard? Globally define the policy:<div><b>ipv6
source-guard policy </b><i>name</i></div><div> <b>permit
link-local</b></div><div><b> deny global-autoconf</b></div><div><b>
trusted</b></div><div><b><br /></b></div><div>Apply the policy to an
interface:</div><div><b>ipv6 source-guard attach-policy </b><i>name</i></div>
How do you verify IPv6 Source Guard? <b>show ipv6 source-guard policy</b>
How do you configure DHCPv6 Guard? <b>ipv6 access-list

</b><i>dhcpv6-server</i><div> <b>permit host </b><i>dhcpv6-server-ipv6-
address </i><b>any</b></div><div><b><br /></b></div><div><b>ipv6 prefix-list
</b><i>pfx </i><b>permit </b><i>ipv6-subnet </i><b>le 128</b></div><div><b><br
/></b></div><div><b>ipv6 dhcp guard policy </b><i>policy</i></div><div>
<b>device-role server</b></div><div><b> match server access-list
</b><i>dhcpv6-server</i></div><div> <b>match reply prefix-list
</b><i>pfx</i></div><div> <b>trusted-port</b></div><div><b><br
/></b></div><div><b>interface </b><i>interface</i></div><div> <b>ipv6 dhcp
guard attach-policy </b><i>policy</i></div>
How do you verify DHCPv6 Guard? <b>show ipv6 dhcp guard policy</b>
How do you view the IPv6 address binding table? <b>show ipv6 neighbors
binding</b>
How is traffic processed on an interface when both PACLs and VACLs are configured?
PACLs take precedence. Any traffic allowed by a PACL will then be evaluated
by a VACL.
How do you configure PACLs? Create an IP or MAC ACL<div><br

/></div><div>Interface:</div><div>{<b>ip </b>| <b>mac</b>} <b>access-group
</b><i>ACL </i>{<b>in </b>| <b>out</b>}</div>
"With regard to DMVPN, what does ""zero-touch provisioning"" refer to? " Spokes
can be added without changing configuration on the hub router.
When using Distance Vector-based routing protocols with DMVPN, what must be
configured on the hub? Tunnel interface:<div><b>no ip split-horizon
</b><i>protocol</i></div>
What is the high-level difference in functionality between DMVPN Phase 1 and Phase
2? Phase 1 only permits hub-to-spoke and spoke-to-hub traffic.<div>Phase 2 can
establish direct spoke-to-spoke tunnels.</div>
What EIGRP behavior must be changed for DMVPN Phase 2? Tunnel

interface:<div><b>no ip next-hop-self eigrp </b><i>asn</i></div><div><i><br
/></i></div><div>EIGRP by default changes the next-hop in routing updates to itself
when sending the updates down from the hub to the spokes.</div>
How do you configure a manual IPv6-over-IPv4 tunnel? "<div>With <b>tunnel mode

ipv6ip</b>:</div><div style=""font-weight: bold; ""><b><br /></b></div><b>interface
tunnel </b><i>number</i><div> <b>ipv6 address
</b><i>ipv6-address</i></div><div> <b>tunnel source </b><i>source-
interface</i></div><div> <b>tunnel destination
</b><i>ipv4-address</i></div><div> <b>tunnel mode ipv6ip</b></div>"
How do you configure a tunnel interface for IPv6-over-IPv4 GRE? Tunnel

interface:<div><b>tunnel mode gre ipv6</b></div>
What type of address is represented with

2002:<i>border-router-IPv4-address</i>::/48 ? Automatic 6to4 tunnel border router
Cisco IOS supports configuring ___ automatic 6to4 tunnel(s) on a router. One
How does automatic 6to4 IPv6 addressing work? IPv6 subnet 2002::/16 is reserved
for 6to4 addressing. The full IPv6 prefix is derived from the border router's
external-facing IPv4 address encoded as hexadecimal. Using the example
10.1.100.1, the prefix is 2002:0a01:6401::/64.<div><br /></div><div>The tunnel
interface will have an address such as 2002:0a01:6401::1/64, while the internal-
facing interfaces could have addresses such as 2002:0a01:6401:1::1/64 and
2002:0a01:6401:2::1/64.</div>
What three steps are involved with configuring automatic 6to4 tunneling on a border
router? "<div>Tunnel > static route > internal interfaces</div><div
style=""font-weight: bold; ""><b><br /></b></div><b>interface tunnel
</b><i>number</i><div> <b>ipv6 address
2002:</b><i>tunnel-source-ip-as-hex</i><b>::1/64</b></div><div> <b>tunnel
source </b><i>external-IPv4-interface</i></div><div> <b>tunnel mode ipv6ip
6to4</b></div><div><b><br /></b></div><div><b>ipv6 route 2002::/16 tunnel
</b><i>number</i></div><div><i><br /></i></div><div>Internal
interfaces:</div><div> <b>ipv6 address
2002:</b><i>external-ip-as-hex</i><b>:</b><i>subnet</i><b>::1/64</b></div>"
How does ISATAP addressing work? <i>64-bit-prefix</i><b>:0000:5EFE:</b><i>ipv4-

address-of-isatap-link-in-hex</i><div><i><br
/></i></div><div>Example:</div><div>IPv6 prefix
2001:0db8:0abc:0def::/64</div><div>IPv4 tunnel destination address 172.20.20.1 =
AC14:1401</div><div>ISATAP address: 2001:0db8:0abc:0def:0000:5efe:ac14:1401</div>
How do you configure the mode on an ISATAP tunnel interface? <b>tunnel mode
ipv6ip isatap</b>
RAs are disabled by default on tunnel interfaces, but must be enabled on ISATAP
tunnels. How do you enable this? <b>no ipv6 nd suppress-ra</b>
L2TPv3 uses IP Protocol ___. 115
What is an advantage of OTV with regard to fault-domain isolation as compared to

other L2VPN technologies? Each CE is its own root, and therefore the STP root
does not change when multiple sites are connected.
What is the primary purpose of GET VPN? To allow more than two devices to
exchange traffic securely without requiring a high number of SAs.
In a GET VPN deployment, what is the Key Server? The KS is used to create,
maintain, and send a policy to Group Members, which provides information as to what
traffic should be encrypted by the GM and how it should be encrypted.<div><br
/></div><div>The KS generates the Transport Encryption Key (TEK) and the Key
Encryption Key (KEK).</div>
What is the GET VPN Transport Encryption Key (TEK)? The TEK is generated by the
Key Server (KS) and is used by the Group Members (GMs) to encrypt the data.
What is the GET VPN Key Encryption Key (KEK)? The Key Server (KS) generates the
KEK which is used to encrypt information between the KS and the Group Members
(GMs).
How does GET VPN compare with DMVPN for IPsec tunnel usage? GET VPN does not
set up any IPsec tunnels between Group Members (GMs). Every GM has the policy (what
to encrypt and how) and encrypts every packet that conforms to the policy and sends
it to the network using Encapsulated Security Payload (ESP), using original IP
addresses for routing the packets.
What is the GET VPN Rekey phase? The Key Server (KS) must send out a new
Transport Encryption Key (TEK) and Key Encryption Key (KEK) to the Group Members
(GMs) before the TEK expires, which is 3600 seconds by default.
What is the protocol used in GET VPN between the Key Server (KS) and Group Members
(GMs)? ISAKMP GDOI (Group Domain of Interpretation)
How does the CEF FIB take the RIB a step further? The RIB has an entry for each
destination prefix containing the next-hop IP address. The CEF FIB goes a step
beyond and maintains an adjacency table containing the Layer 2 header of the
outgoing interface per destination prefix.
With MPLS, how do the FIB and LFIB work together? The ingress PE's FIB knows to
push the appropriate label onto the packet for the destination and forward it out
the correct interface. The upstream P router receives the labeled packet, and uses
its LFIB to forward the packet out the correct interface. The egress PE router
receives the labeled packet, and its LFIB knows to pop the label and forward the
packet unlabeled to the CE.
What are the four fields that make up the 32-bit MPLS header? 20-bit
label<div>3-bit EXP</div><div>1-bit Bottom of Stack</div><div>8-bit TTL</div>
What is MPLS TTL propagation? When an IP packet arrives at the ingress PE,
the IP packet's TTL value is copied into the MPLS header's TTL field. As the MPLS
packet traverses the MPLS network, the TTL field in the MPLS header is decremented
at each hop. When the packet arrives at the egress PE and the label is removed, the
MPLS TTL is copied back into the IP packet's TTL field.
How do you configure MPLS TTL propagation in Cisco IOS?

<div>Globally:</div><div>[<b>no</b>] <b>mpls ip propagate-ttl
</b>[<b>forwarded</b>] [<b>local</b>]</div>
Assuming CEF is enabled and an IGP has been configured, how do you enable basic
MPLS unicast IP routing? Interface:<div><b>mpls ip</b></div><div><b><br
/></b></div><div>This automatically enables and uses LDP.</div>
How do you verify the MPLS LIB? <b>show mpls ldp bindings</b>
How do you verify the MPLS LFIB? <b>show mpls forwarding-table</b>

How does LDP establish neighborships? Routers running LDP multicast Hellos to
224.0.0.2 via UDP 646.<div><br /></div><div>The Hellos can list a transport address
to be used for the TCP connection. If the transport address is not specified, the
LDP ID is used.</div><div><br /></div><div>After neighbors are discovered, a TCP
connection is established also over port 646, and all local label bindings are
advertised.</div>
With LDP, which neighbor initiates the TCP connection after the neighbors are
discovered? The LDP neighbor with the highest LDP ID.
How is the LDP ID chosen? -Manually configured<div>-Highest IP of up/up

loopback</div><div>-Highest IP of up/up non-loopback</div>
A Route Distinguisher (RD) value is ___ bytes, with which bytes identifying which
of the three formats followed? An RD is 8 bytes<div>The first two bytes
indicate the format of the last six bytes:</div><div><br /></div><div>2-byte-
integer:4-byte-integer</div><div>4-byte-integer:2-byte-integer</div><div>4-byte-
dotted-decimal:2-byte-integer</div>
The format of a RD is two values separated by a colon. What values are represented
by each side of the colon? Left side: ASN or IPv4 address<div>Right side:
Arbitrary value (16- or 32-bits, depending on left-side value)</div>
An individual prefix can have how many RDs, and how many RTs? One
RD<div>Multiple RTs</div>
How are Route Targets propagated through the network? As BGP Extended
Communities
True or False: RD and RT values must be the same in order for routes to be
associated with the proper customer VPN. "False: RDs make all prefixes unique,
while RTs act as a ""tag"" for VRFs, and can be different from the RD value. "
What is the Route Target export and import function? VRFs can have a RT <b>export
</b>value assigned to them, which tags the routes as BGP extended communities as
they are redistributed on the PE into the iBGP table. VRFs on other PE routers can
<b>import </b>the same RT value so that the routes are redistributed from the iBGP
table back into the VRF routing table.
How do VRF Route Targets facilitate overlapping VPNs?

"VRFs can both export and import multiple RTs.<div><br /></div><div>A common use
case is a ""centralized services"" VPN, which has routes that need to be accessible
by multiple customers. Each customer has its own VRF, which maintains separation,
but each VRF can import routes exported from the centralized services VRF.</div>"
What happens when you enter <b>ip vrf forwarding </b><i>vrf </i>on an interface?
The IP address is removed and must be reapplied.
How do you instantiate a new VRF? Globally:<div><b>vrf definition

</b><i>name</i></div>
Where and how do you specify a Route Distinguisher? <b>vrf definition

</b><i>name</i><div> <b>rd </b><i>asn/ip:nn</i></div><div><i><br
/></i></div><div>Where <i>asn/ip </i>is an ASN or IP address, and <i>nn </i>is an
arbitrary number.</div>
Where and how do you configure Route Targets? <b>vrf definition

</b><i>name</i><div> <b>route-target </b>{<b>import </b>| <b>export </b>|
<b>both</b>} <i>asn/ip:nn</i></div>
What is the difference between <b>ip vrf </b><i>name </i>and <b>vrf definition
</b><i>name</i>? <b>ip vrf </b>specifies an IPv4-only VRF, whereas <b>vrf
definition </b>specifies a multiprotocol VRF.
How do you associate an interface with a particular VRF? Interface:<div><b>vrf

forwarding </b><i>vrf</i></div><div><i><br /></i></div><div>Note: When you enter
this command, the IP address is removed and must be reapplied.</div>
What happens when you enter the <b>route-target both </b><i>value </i>command?

IOS automatically creates two lines of configuration:<div><br
/></div><div><b>route-target import </b><i>value</i></div><div><b>route-target
export </b><i>value</i></div>
When configuring an MPLS PE router for routing protocol support for the CE, where
is the configuration performed for each customer? Under the routing protocol's
VRF configuration submode.<div><br /></div><div>For example:</div><div><b>router
rip</b></div><div><b> address-family ipv4 vrf
</b><i>name</i></div><div><i> </i><b>no auto-summary</b></div>
What happens to BGP if you do not create a Route Distinguisher for a particular
VRF? You cannot enter BGP configuration mode for the particular VRF if it does not
first have an RD configured.
How do you take routes learned from a CE router and redistribute them into BGP on
the PE router? PE router:<div><b>router bgp </b><i>asn</i></div><div>
<b>address-family ipv4 vrf </b><i>vrf</i></div><div> <b>redistribute
</b><i>protocol</i></div>
What is an advantage of using BGP as the PE-CE routing protocol for MPLS L3VPN?
Redistribution configuration on the PE is not required, unlike with IGPs and
static routing.
What two steps are required to configure MP-BGP between two PE routers?
"<div>Configure the peer under the global BGP process</div><div>Activate and
send communities to the peer under the BGP VPNv4 AF</div><div style=""font-weight:
bold; ""><b><br /></b></div><b>router bgp </b><i>asn</i><div> <b>neighbor
</b><i>pe-ip </i><b>remote-as </b><i>asn</i></div><div> <b>address-family
vpnv4</b></div><div><b> neighbor </b><i>pe-ip
</i><b>activate</b></div><div><b> neighbor </b><i>pe-ip </i><b>send-
community</b></div>"
In the context of MPLS, what is the VPN label? The inner label in an MPLS label
stack that identifies the outgoing interface the egress PE should use to forward
the unlabeled packet.
True or False: The MPLS LFIB is a per-VRF table. False: A PE router only has
one LFIB table, regardless of the number of configured VRFs.
What is the purpose of penultimate hop popping with regard to MPLS VPNs? The
second-to-last router in the LSP pops the outer label so that the egress PE does
not have to perform two lookups - one for the outer label, and one for the VPN
label.
What is the general definition of a Forwarding Equivalence Class? A set of

packets that are forwarded along the same path and receive the same forwarding
treatment.<br />
What is required when configuring VRF Lite between two routers with only a single
link? An interface can only be associated with a single VRF, therefore
subinterfaces must be used.<div><br /></div><div>Ethernet links can use 802.1Q
subinterfaces.</div><div><br /></div><div>Serial links can (usually) use Frame
Relay encapsulation, which supports point-to-point subinterfaces (whereas HDLC and
PPP does not). FR encapsulation does not require a FR network -- just configure the
same DLCI on each end per-subinterface.</div>
If a subnet is defined with X host bits, how many valid usable IP addresses are in
the subnet? (2^X) - 2<div><br /></div><div>Example: /24 is 8 host bits, (2^8)
- 2 = 254 usable IP addresses.</div><div>Example: /30 is 2 host bits, (2^2) - 2 = 2
usable IP addresses</div><div>Example: /21 is 11 host bits, (2^11) - 2 = 2046
usable IP addresses</div>
With static NAT, what is the relationship between inside/outside/local/global IP

addresses? -Inside Local (private) address maps to Inside Global (public)<div>-
Outside Local (typically private) address maps to Outside Global (public)</div>
How do you define interfaces for NAT? Interface:<div><b>ip nat </b>{<b>inside

</b>| <b>outside</b>}</div>
How do you configure static NAT to map an inside local address to an inside global
address? Globally:<div><b>ip nat inside source static </b><i>inside-local
inside-global</i></div>
How do you verify the current NAT table? <b>show ip nat translations</b>
How do you configure dynamic NAT to map a range of inside local addresses to a pool
of inside global addresses? <b>access-list </b><i>number</i><b> permit
</b><i>subnet wildcard</i><div><b>ip nat pool </b><i>inside-global start-ip end-ip
</i><b>netmask </b><i>mask</i></div><div><b>ip nat inside source list </b><i>number
</i><b>pool </b><i>inside-global</i></div>
"When viewing the output of <b>show ip nat translations</b>, what does the
""Misses:"" field indicate? " Misses occur when NAT looks for a NAT table entry,
doesn't find one, and needs to dynamically create the entry.
How do you remove entries from the current NAT table? <b>clear ip nat
translations </b><i>entry-or-*</i>
How do you configure PAT using a range of IP addresses as inside local addresses,
and the IP address of a specific interface as the inside global address?
<b>access-list </b><i>number </i><b>permit </b><i>subnet
wildcard</i><div><b>ip nat inside source list </b><i>number </i><b>interface
</b><i>interface </i><b>overload</b></div>
How do you configure PAT using a range of IP addresses as inside local addresses,
and a pool of addresses as inside global addresses? <b></b><b>access-
list </b><i>number</i><b> permit </b><i>subnet
wildcard</i><div><b>ip nat pool </b><i>inside-global start-ip
end-ip </i><b>netmask </b><i>mask</i></div><div><b>ip nat inside source
list </b><i>number </i><b>pool </b><i>inside-global
</i><b>overload</b></div>
For IPv6, what is the difference between stateful and stateless DHCP? -Stateful is
similar to how DHCP operates for IPv4<div>-Stateless uses DHCP to provide various
DHCP options (such as TFTP server), but uses SLAAC for addressing.</div>
How do you view NAT counters and basic configuration information? <b>show ip
nat statistics</b>
What is the IP protocol number for ICMP? 1
What is the IP protocol number for TCP? 6
What is the IP protocol number for UDP? 17
What are the 13 fields in the IPv4 header? <div>Very Heavy Dudes Prefer Fat
Fried Food To Pretty Healthy Salad Dish Options</div><div><br
/></div>Version<div>Header Length</div><div>DS Field</div><div>Packet
Length</div><div>Fragment ID</div><div>Fragment Flag</div><div>Fragment
Offset</div><div>TTL</div><div>Protocol</div><div>Header Checksum</div><div>Source
IP Address</div><div>Destination IP Address</div><div>Options</div>
What are the fields in the IPv6 header? Very Tall Fellows Place Nine Hammers
Softly Down<br /><div><br /></div><div>Version</div><div>Traffic
Class</div><div>Flow Label</div><div>Payload Length</div><div>Next
Header</div><div>Hop Limit</div><div>Source IPv6 Address</div><div>Destination IPv6
Address</div>
What is the range of values for the IPv4 header Header Length field? The Header
Length field is 4 bits representing the number of 32-bit words. The minimum value
is 5 (20 bytes) and the maximum is 15 (60 bytes) since it is a 4-bit field.
What are the values of the fragment flags in the IPv4 header? Bit 0: Reserved,
must be 0<div>Bit 1: Don't Fragment (DF)</div><div>Bit 2: More Fragments
(MF)</div><div><br /></div><div>The DF bit is commonly used for Path MTU
Discovery</div><div>Fragmented packets have the MF bit set except for the final
fragment</div>
What is the EtherType of ARP? 0x0806
Where are static ARP entries stored? Both static and dynamic entries are
stored in the local ARP cache.
How does the ARP process work? Source knows Destination IP, but needs MAC. Is
the IP on the same subnet?<div><br></div><div>-Source checks ARP cache
first</div><div>-If no entry, Source broadcasts ARP Request for destination MAC if
IP is on the same subnet, or MAC of default gateway</div><div>-Destination (or
default gateway) adds Source's MAC to its ARP cache, and sends unicast ARP Reply to
Source</div><div>-Source updates its ARP cache</div><div><br></div><div>-Devices
that heard the ARP Request broadcast may update their own caches with the Source's
MAC/IP so they do not have to send their own ARP Request later.</div><div>-If the
Destination IP must pass through the default gateway, the DG begins its own ARP
process, if necessary.</div>
How does Proxy ARP work? A router can use Proxy ARP when the Source needs to
reach a Destination that is not on the local network segment, but can be reached
through the router.<div><br /></div><div>For example, if Device A is in the
10.1.0.0/16 network, and Device B is in the 10.1.100.0/24 network, and both
segments are connected to different interfaces on the same router, Device A
believes it is on the same network as Device B. Device A sends an ARP Request for
Device B, and the router replies back to A on behalf of B.</div>
What is the general process of a DHCP client receiving an appropriate IP address
from a DHCP server on another subnet? -Client broadcasts DHCPDISCOVER
request<div>-Router forwards request to DHCP server IP address configured on the
receiving interface with <b>ip helper-address </b><i>ip </i>and sets its own
interface IP address in the giaddr (gateway IP address) field</div><div>-DHCP
server uses giaddr field to determine appropriate IP address to offer, and to which
IP address to send the DHCPOFFER to</div><div>-Router receives DHCPOFFER message
from server and broadcasts it to the client</div><div>-Client broadcasts
DHCPREQUEST, router unicast forwards it to the DHCP server</div><div>-Server
unicasts DHCPACK to router, router forwards to client</div>
How do you prevent the IOS DHCP server from handing out specific addresses?
Globally:<div><b>ip dhcp excluded-address </b><i>ip</i></div>
How do you configure a basic DHCP server on IOS? <b>ip dhcp excluded-address
</b><i>start-ip end-ip</i><div><i><br /></i></div><div><b>ip dhcp pool
</b><i>name</i></div><div> <b>network </b><i>network
mask</i></div><div> <b>dns-server </b><i>ip</i></div><div> <b>default-
router </b><i>ip</i></div>
H
How do you configure a router to advertise itself as an NTP server?
Interface:<div><b>ntp broadcast</b></div>
How do you configure MD5-based authentication for NTP? Globally:<div><b>ntp

authentication-key </b><i>number </i><b>md5 </b><i>password</i></div><div><b>ntp
authenticate</b></div><div><b>ntp trusted-key </b><i>number</i></div>
How do you configure the NTP server stratum level? Globally:<div><b>ntp master
</b><i>level</i></div>
How do you enter EEM applet configuration mode? <b>event manager applet
</b><i>name</i>
How do you configure an EEM applet to match a CLI command string? <b>event cli
pattern </b><i>regex</i>
What is the general IP forwarding process for a router? -Router receives frame
and checks FCS, discarding if errors<div>-Router decapsulates IP packet from Layer
2 frame, and verifies header checksum if IPv4</div><div>-Router checks if it is the
destination. If not, the IP Protocol field is used to determine how to handle the
upper-layer protocol</div><div>-If TTL > 1, check IP routing table for most
specific route</div><div>-Update TTL, recalculate IPv4 header checksum, and
encapsulate packet in appropriate Layer 2 frame for the interface toward the next-
hop</div>
"What is referenced by the phrase ""route once, forward many""? " fast-
switching path
What is the router Layer 2 frame rewrite process? A packet arrives at a router,
and the router rewrites the Layer 2 frame by encapsulating the packet
appropriately, and sends the packet toward the next hop.
During the IP forwarding process, what is common about all frames sent out the same
egress interface toward the next-hop? All destinations reachable through a
particular next-hop use the same Layer 2 rewrite information.
What is the relationship between the FIB and the CEF adjacency table? The FIB
stores destination prefixes, the adjacency table stores Layer 2 rewrite
information, and entries in the FIB point to appropriate entries in the adjacency
table.
How do you enable CEF for IPv6? Globally:<div><b>ipv6 cef</b></div>
How do you view the FIB? <b>show ip cef</b>
How do you view the CEF neighbors? <b>show adjacency</b>
How do you view the CEF Layer 2 rewrite information? <b>show adjacency
</b><i>interface </i><b>detail</b><div><b><br /></b></div><div>An Ethernet
interface, for example, will have a long string made up of the destination MAC,
source MAC, EtherType, and VLAN tag (if present).</div>
True or False: IPv6 CEF requires IPv4 CEF to be enabled. True, you can enable
IPv4 CEF but not IPv6 CEF, but not vice-versa.
How do you disable CEF on a particular interface? Interface:<div><b>no ip

route-cache cef</b></div>
What are the two high-level components of CEF? FIB<div>Adjacency table</div>
What load-sharing methods are available with CEF? Per-packet<div>Per-

destination</div>
How do you change the CEF load-sharing method? Interface:<div><b>ip load-share

</b>{<b>per-destination </b>| <b>per-packet</b>}</div><div><br /></div><div>This
command is only available for interfaces that support it. Per-destination is the
default.</div>
How does CEF implement per-destination load sharing? A loadshare table containing
16 pointers is placed between the FIB and the adjacency table. The loadshare table
entries are populated so that the counts of loadshare pointers to particular
adjacency entries are proportional to the costs of parallel routes toward the same
destination.<div><br /></div><div>For example, two equal-cost paths each have 8
entries, three equal-cost paths each use five entries.</div>
What is CEF polarization? When multiple routers in the path toward a

destination all use the same CEF load-sharing method, they will all calculate the
same hash and therefore not use all available links.<div><br /></div><div>Newer
versions of IOS use a random 32-bit number called the Universal ID as a seed to the
hashing function to avoid CEF polarization.</div>
How is CEF polarization avoided on newer versions of IOS? The CEF load sharing
hashing function is seeded with a random 32-bit Universal ID. Each router in the
path will have a different Universal ID, so each router will calculate a different
hash result for each particular packet flow.
What are the four CEF load-sharing algorithms?

Original<div>Universal</div><div>Tunnel</div><div>L4 Port</div>
How do you change the CEF load-sharing algorithm? Globally:<div><b>ip cef load-
sharing algorithm </b><i>algorithm</i></div>
How do you view the current CEF load-sharing algorithm? <b>show cef state</b>
How do you adjust the CEF load-sharing algorithm on the Catalyst 6500 and related
platforms? Globally:<div><b>mls ip cef load-sharing </b><i>algorithm</i></div>
"What would cause an SVI to be in the ""Down / line protocol down"" state? " The
corresponding VLAN does not exist, or is not active (e.g. <b>state suspend </b>or
<b>shutdown </b>on the VLAN itself)
"What would cause an SVI to be in the ""Up / line protocol down"" state? " The
corresponding VLAN exists, but is not allowed and in an STP forwarding state on any
Layer 2 switch port (access or trunk).
True or False: Most Catalyst platforms cannot configure a routed port with
subinterfaces. True
What is a caveat of using VTPv3 with regard to internal usage VLANs? If any
switches in the VTPv3 domain are using a particular VLAN internally (VLAN 1006 for
example), when that VLAN is created on the VTPv3 Primary Server, the VLAN will be
created on all switches in the VTPv3 domain that are not currently using that
particular VLAN. However, for any switches that are using it internally, the
conflict is logged locally only, and there may be connectivity issues across the
VTPv3 domain.
How is a routed port handled internally on a Layer 3 switch? A routed port is a

single port associated with a dedicated internal usage VLAN with its Layer 2
control plane protocols deactivated (such as STP and MAC learning).
How do you convert a switch port to routed? Interface:<div><b>no

switchport</b></div>
What is the purpose of Policy-Based Routing? To make routing decisions based on

information besides the destination IP address.
How do you verify a switch's current SDM template? <b>show sdm prefer</b>
How do you change the SDM template? Globally:<div><b>sdm prefer

</b><i>template</i></div><div><i><br /></i></div><div>A reload is required for the
setting to take effect.</div>
On a Catalyst switch, what can cause certain commands (such as those related to
routing and PBR) to not appear in the CLI, even though the switch supports the
features? The SDM template might need to be changed with the <b>sdm prefer
</b>command.
How do you enable PBR? Interface:<div><b>ip policy route-map

</b><i>route-map</i></div>
For PBR, what are the two types of supported <b>match </b>statements? <b>match ip
address </b>to reference an ACL<div><b>match length </b><i>min-bytes max-
bytes </i>to specify matched packet length in bytes</div>
For PBR, what is the difference between <b>set ip next-hop </b>and <b>set ip
default next-hop</b>? The <b>default </b>keyword changes the logic so that PBR
first attempts to forward based on the normal routing table, and if no entry
exists, the packet is handled by PBR.
With PBR, when is it appropriate to use the <b>set interface </b>command? Only
when the outgoing interface is a point-to-point link.
True or False: PBR route-maps can contain multiple <b>set </b>commands within a
single clause. True. For example, you can <b>set </b>both the next-hop and QoS
treatment simultaneously.
If a PBR route-map clause has multiple <b>set </b>statements specifying where the
packet is to be forwarded, in what order are the statements evaluated? <b>set
ip next-hop</b><div><b>set interface</b></div><div><b>set ip default
next-hop</b></div><div><b>set default interface</b></div>
When migrating routing protocols, if the current IGP is a link-state protocol, what
is a recommended practice for migration? Migrate per-area, with the backbone area
the final area to migrate.
When migrating to another routing protocol, what should the AD value be set to?
The AD should be set higher than the current routing protocol until after
migration is complete.
During routing protocol migration, what must be configured on each router if the
new IGP is RIP or EIGRP? Each router must be configured with redistribution
from the current IGP into the new IGP.
During routing protocol migration, the new protocol's database should be verified
before transitioning. Why is this potentially an issue with RIP and EIGRP?
Distance-Vector protocols advertise a learned route only if it is also
installed in the routing table by the same protocol, based on the logic that the
router should not advertise a route that it is not using itself. As a result, RIP
and EIGRP databases may be incomplete until after the transition.
During routing protocol migration, what is the general process of deactivating the
old protocol? The old routing protocol should be disabled or removed one router
at a time among contiguous sets of routers. During deactivation, there should never
be more than two contiguous regions (migrated and unmigrated).
During a routing protocol migration, what is the consequence of changing the EIGRP
AD? EIGRP adjancies will be dropped and re-established, causing a transient
disruption, and therefore should be performed during a maintenance window.
When migrating from OSPF or IS-IS to either RIP or EIGRP, what must be performed on
every router during the migration? Each router in the topology must redistribute
from OSPF/IS-IS into RIP/EIGRP. When OSPF/IS-IS is deactivated on the router, the
RIP/EIGRP routes take over. This assumes that the RIP/EIGRP AD was modified to be
higher than OSPF/IS-IS during the migration.
Why do technologies like MPLS-TE and MPLS-FRR depend on a link-state routing

protocol, as opposed to distance-vector? Since link-state protocols contain
information about all routers and links within an area, this detailed information
is critical for applications like MPLS-TE and MPLS-FRR, which is not possible with
traditional distance-vector protocols who only know what their direct neighbors
told them.
What is the primary reason for multi-area topologies with link-state routing
protocols in modern networks? Route summarization, filtering, offset lists,
and failure domain containment can only be performed on area boundaries with link-
state routing protocols. Areas were originally used to separate complexity due to
low router resources, but this is no longer true. Areas are now primarily used to
enforce policies.
To which address are RIPng updates sent to? FF02::9
How many prefixes can the RIPng update message contain? Whereas RIP is limited
to 25 entries, RIPng updates can support as many updates as will fit within the
link MTU.
How is authentication handled with RIPng on Cisco IOS? RFC-based RIPng supports
authentication via IPsec, similar to OSPFv3, however Cisco does not implement this.
How does Cisco IOS handle split-horizon with RIPng? Split horizon can be
enabled/disabled per-process only, not per-interface.
How does RIPng handle passive interfaces in Cisco IOS? Cisco RIPng does not
support passive interfaces.
True or False: Static neighbors cannot be configured with RIPng on Cisco IOS.
True
True or False: RIPng supports per-process offset lists in Cisco IOS. False, only
per-interface
How many RIPng processes are supported in Cisco IOS? Four
What is the purpose of the interface metric-offset in RIPng? Interfaces can be

configured with a metric-offset value that is added to the metric in all received
advertisements over that interface, which effectively allows RIPng to operate with
link costs instead of hop counts.
How does RIPng handle the origination of default routes in Cisco IOS? The default
route can be originated per-interface, including an option of suppressing all other
updates over that interface.<div><br /></div><div>Interface:</div><div><b>ipv6 rip
</b><i>process </i><b>default-information only</b></div>
How do you enable RIPng on an interface? <b>ipv6 rip </b><i>process

</i><b>enable</b>
How do you configure the RIPng metric-offset? Interface:<div><b>ipv6 rip

</b><i>process </i><b>metric-offset </b><i>metric</i></div>
What are the five requirements for using the EIGRP Add-Path feature? "<div><img
src=""EIGRP Add-Path 5 Requirements.png"" /></div>"
What is the mandatory argument for the EIGRP Add-Path feature? The number of
paths to add, with the range of 1 - 4
How do you configure the EIGRP Add-Path feature? In named mode, under the
DMVPN tunnel <b>af-interface </b>section:<div><b>no
split-horizon</b></div><div><b>no next-hop-self</b></div><div><b>add-paths
</b><i>1-4</i></div>
With a DMVPN deployment, when should you use the <b>no next-hop-self no-ecmp-mode
</b>command? This command should be used in conjunction with the Add-Path
feature when the hub router is dual-homed. This causes EIGRP to retain all
Successor's addresses as the next-hop in EIGRP advertisements, not just the first
entry in the topology table.
What does the EIGRP <b>no next-hop-self no-ecmp-mode </b>command do? When <b>no
next-hop-self </b>is used, the command only applies to the first entry in the EIGRP
topology table, and if there are multiple ECMP entries, the command is not applied
to the subsequent entries. The <b>no-ecmp-mode </b>keyword forces EIGRP to honor
the <b>no next-hop-self </b>command for all entries and keep the Successor's
address in the advertisements.
How does EIGRP advertise itself as a stub router? The EIGRP Hello contains an
additional TLV indicating stub status.
True or False: An EIGRP stub router does not propagate routes learned through EIGRP
to its neighbors. True, with the exception of EIGRP-learned routes that are
explicitly selected using the <b>leak-map </b>keyword.
How is an EIGRP stub router prevented from becoming a transit router? Since the
stub router does not propagate routes learned through EIGRP to its neighbors, the
stub router cannot become a Feasible Successor and cannot become a transit router
for remote networks.
True or False: EIGRP neighbors of a stub router who are aware of its stub status
will never send a Query to the stub router. True, this prevents the neighbors
from converging through a stub router to reach networks that are remote to the stub
router.
How does an EIGRP stub router handle generating Query messages when a route goes
Active? EIGRP stub routers generate Query messages exactly the same way as
normal EIGRP routers.
How does an EIGRP stub router process a received Query? If the stub is allowed
to advertise the network (summary, connected, static, redistributed, leak-map), the
router processes the Query like a normal EIGRP router.<div><br /></div><div>If the
Query is about a network the EIGRP stub knows about, but is not allowed to
advertise, the Reply always contains an infinte metric, regardless of what the stub
router truly knows about the network.</div><div><br /></div><div>Both EIGRP stubs
and regular EIGRP routers immediately respond to a Query for an unknown network
with a Reply with an infinite distance.</div>
What two conditions cause an EIGRP stub router to receive Query messages? -Older
EIGRP routers can form adjacencies, but do not recognize the stub TLV<div>-If
multiple routers are on a common network segment and they are ALL configured as
stubs, when any of the stubs needs to send a Query, it sends it to all the
neighbors</div>
How are Query messages handled when both regular EIGRP and stub EIGRP routers exist
on a common network segment? Query messages are sent as unicasts to nonstub
routers, or the RTP Conditional Receive feature is used to multicast Query messages
so that nonstub routers will not process them.<div><br /></div><div>This is common
for hub and spoke routers connected by DMVPN or VPLS.</div>
What are two caveats of using the <b>eigrp stub receive-only </b>command? -The
keyword cannot be used with any other keyword<div>-To reach networks behind the
router, neighbors must use static routing, or the stub router must use NAT</div>
What are the EIGRP stub advertisement options?
<b>connected</b><div><b>summary</b></div><div><b>static</b></div><div><b>redistribu
ted</b></div><div><b>leak-map</b></div><div><b>receive-only</b></div><div><b><br
/></b></div><div>connected and summary are the defaults when <b>eigrp stub </b>is
issued.</div>
How do you verify the EIGRP stub settings? <b>show ip protocols</b>
How do you verify if an EIGRP neighbor is configured as a stub? <b>show ip eigrp

neighbors detail</b>
How does summarization bound the EIGRP Query domain? EIGRP neighbors of a router
performing summarization do not have information about the specific component
subnets of the summary, so they immediately send a Reply indicating an unreachable
destination (infinte metric) without having to go Active and propagate the Query
further.
True or False: You can configure multiple overlapping summary addresses on a single
interface with EIGRP. True, each summary is advertised as long as at least one
component subnet exists. This allows for hierarchical summaries where, for example,
two routers can advertise the same less-specific summary, and they can each
advertise a separate, more-specific summary for traffic engineering.
What is the purpose of a discard route with summarization? A discard route (a local
route to Null0) prevents suboptimal routing or routing loops when a summarizing
router does not have knowledge of a more specific prefix for which it is
advertising a summary. For example, if a router is advertising 10.1.0.0/22 and has
more specific routes to 10.1.0.0/24, 10.1.1.0/24, and 10.1.2.0/24, but not
10.1.3.0/24, any traffic destined for 10.1.3.0/24 would be discarded.
What is the default administrative distance of an EIGRP discard route? 5
With an EIGRP router performing summarization, what is a potential issue with

regard to an automatically installed discard route? If the router is configured
to advertise a manual summary route that exactly matches a route that is already
learned by the router from another source, the discard route can possibly replace
the route learned in the routing table due to the default AD of 5. For example, if
EIGRP is configured to advertise a summarized default 0.0.0.0/0, but the router has
the same route learned from another source, it may no longer be able to reach that
default route because of the automatic discard route.<div><br /></div><div>The
solution is to adjust the AD of the summary with the EIGRP <b>summary-metric
</b><i>summary mask </i><b>distance </b><i>distance </i>command.</div>
What happens if you set the AD of a discard route to 255? It prevents the router
from installing the discard route into the routing table, as well as stops the
router from advertising the summary route. Neither the summary nor the component
routes will be advertised to neighbors.
How do you view all configured EIGRP summary addresses, and the interfaces they are
placed on? <b>show ip protocols</b>
How do you configure EIGRP passive interface in classic mode? <b>router eigrp
</b><i>asn</i><div> [<b>no</b>] <b>passive-interface </b>{<b>default
</b>| <i>interface</i>}</div><div><br /></div><div>This allows you to set all
interfaces as passive by default, and then allow specific interfaces with <b>no
passive-interface </b><i>interface</i></div><div><i><br /></i></div><div>You can
also configure configure individual interfaces as passive.</div>
How do you configure EIGRP passive interface in named mode? With the
[<b>no</b>] <b>passive-interface </b>command under either <b>af-interface
default </b>or <b>af-interface </b><i>interface</i>
How does EIGRP Graceful Shutdown work? Graceful shutdown (which occurs when the
EIGRP <b>shutdown </b>command is used) sends a Goodbye message, which is a Hello
message with all K-values set to 255.
What is a requirement of configuring SHA-256 authentication for EIGRP? It can

only be performed in named mode.
What is an advantage of configuring EIGRP authentication in named mode instead of

classic mode with regard to interfaces? EIGRP named mode allows configuring
authentication simultaneously on all interfaces with the <b>af-interface default
</b>section, of which there is no equivalent in classic mode.
How do you configure EIGRP authentication in classic mode? Interface:<div><b>ip

authentication mode eigrp </b><i>asn </i><b>md5</b></div><div><b>ip authentication
key-chain eigrp </b><i>asn key-chain</i></div>
How do you configure EIGRP SHA-256 authentication? <b>af-interface

</b><i>interface</i><div> <b>authentication mode hmac-sha-256
</b><i>password</i></div><div><i><br /></i></div><div>Note: you can optionally use
a key-chain, but the password must still be configured. Both will be sent when
using key-chains.</div>
With EIGRP named mode, if authentication is configured under the <b>af-interface

default</b>, how do you disable it for a particular interface? <b>af-interface
</b><i>interface</i><div> <b>no authentication mode</b></div>
If a key-chain is configured with multiple valid keys, which key is used? The
valid key with the lowest key ID is used to sign egress packets
How do you seamlessly change the keys in a key-chain? -Add the new key with a
higher key ID into the key-chain on all routers<div>-Configure the <b>send-lifetime
</b>of the old key to some time in the past, which causes the key to stop being
sent</div><div>-Remove the old key from the key-chain on all routers</div>
True or False: EIGRP has no dedicated command to inject a default route into the
EIGRP domain. True, a default route must be either redistributed into EIGRP, or
manual summarization must be used.
If you have a static default route pointing toward an interface, you can cause
EIGRP to advertise it with the <b>network 0.0.0.0 </b>command. Why should you never
do this? <b>network 0.0.0.0 </b>causes all IPv4-enabled interfaces to be enabled
for EIGRP. Additionally, if the static default route is not configured specifically
with an interface (as opposed to an IP address), the <b>network 0.0.0.0 </b>command
has no effect and it will not be advertised.
How does EIGRP use Split Horizon? EIGRP uses Split Horizon with Poisoned Reverse
to advertise learned networks out the interface toward the Successor with an
infinite metric.
How do you configure split horizon for EIGRP classic mode?

Interface:<div>[<b>no</b>] <b>ip split-horizon eigrp</b></div>
What are the EIGRP logging defaults? <b>router eigrp</b><div><b> event-

log-size 500</b></div><div><b> event-logging</b></div><div><b> log-
neighbor-changes</b></div><div><b> log-neighbor-warnings</b></div>
How do you view the EIGRP event log? <b>show eigrp address-family ipv4
events</b>
What three options are available for filtering via distribute-list with EIGRP?
ACLs<div>Prefix lists</div><div>Route maps</div>
How do you configure a distribute-list for EIGRP? EIGRP process, <b>topology-

base</b>:<div><b> distribute-list </b><i>method direction optional-
interface</i></div>
How do EIGRP distribute-lists work in the <b>out </b>direction? All outgoing

Updates, Queries, Replies, SIA-Queries, and SIA-Replies indicate the correct metric
for permitted prefixes, and infinite metric for denied prefixes.
How do EIGRP distribute-lists work in the <b>in </b>direction? In all

incoming Updates, Replies, and SIA-Replies, permitted prefixes are processed
normally, while denied prefixes are ignored.<div><br /></div><div>Received Queries
and SIA-Queries are unaffected and processed normally.</div>
How do offset lists work with EIGRP? Offset lists refer to an ACL to match
routes which will have the specified offset added to their Delay metric
component.<div><br /></div><div>Offset lists also specify the direction, and
optionally the interface.</div>
How do you perform an EIGRP graceful restart? <b>clear eigrp address-family ipv4
neighbors soft</b><div><b><br /></b></div><div>Topology databases between the
router and its neighbors are resynchronized without the neighbor relationship being
torn down. Without the <b>soft </b>keyword, adjacencies must be
re-established.</div>
How do you convert from EIGRP classic mode to named mode? <b>router eigrp
</b><i>asn</i><div><i> </i><b>eigrp upgrade-cli </b><i>process-name</i></div>
How do you view EIGRP traffic statistics? <b>show ip eigrp traffic

</b><i>asn</i>
How are EIGRP OTP and LISP related? With EIGRP OTP, the LISP control plane
(native LISP mapping and resolving mechanisms) are replaced by EIGRP, while the
LISP data plane is not modified.
How does EIGRP OTP compare with DMVPN? DMVPN uses mGRE to encapsulate both data
and control plane traffic, whereas OTP uses LISP UDP-based encapsulation for the
data plane while running EIGRP natively without additional encapsulation. This
means no tunnel interfaces are required for OTP.<div><br /></div><div>All OTP
traffic can be encrypted with GETVPN, whereas DMVPN relies on IPsec tunnel
configuration.</div><div><br /></div><div>DMVPN relies on NHRP for mappings,
whereas OTP uses EIGRP for the mapping and no other control plane protocol is
required.</div>
What is the LISP EID and RLOC? EID = Endpoint Identifier, an IPv4 or IPv6
address<div>RLOC = Routing Locator, outside address of a router</div><div><br
/></div><div>EIDs reside behind RLOCs, and the LISP control plane registers and
maps EIDs to RLOCs.</div>
How does EIGRP OTP replace the LISP control plane? Instead of doing dynamic EID-
to-RLOC mappings with native LISP-mapping services, EIGRP routers running OTP
create targeted sessions over the WAN and use the WAN IP addresses as RLOCs, and
exchange routes as EIDs.
When EIGRP OTP is used, a LISP0 interface is created automatically. What is the
default bandwidth setting of this interface? 56 kbps<div><br /></div><div>Adjust
with the following:</div><div><b>interface LISP0</b></div><div><b> bandwidth
</b><i>kbps</i></div>
How do you enable EIGRP OTP? <b>router eigrp </b><i>process</i><div>

<b>address-family ipv4 unicast autonomous-system </b><i>asn</i></div><div>
<b>neighbor </b><i>ip interface </i><b>remote </b><i>hops </i><b>lisp-
encap</b></div>
What is a caveat of using EIGRP OTP with an Ethernet WAN interface? Since the
EIGRP remote neighbor is configured with a static IP address, the router must send
ARP requests for the neighbor. This relies on Proxy ARP from the service provider,
and if it is disabled on the SP edge, the OTP peering will not come up unless
static ARP mappings are configured on the OTP router.
How do you configure an EIGRP OTP router to be a route reflector? <b>router

eigrp </b><i>process</i><div> <b>address-family ipv4 unicast
autonomous-system </b><i>asn</i></div><div> <b>remote-
neighbors </b><b>source</b><i>
interface </i><b>unicast-listen</b><i> </i><b>lisp-encap</b></
div><div><b> af-interface </b><i>source-interface</i></div><div>
<b>no next-hop-self</b></div><div><b> no split-
horizon</b></div><div><b><br /></b></div><div><b>no next-hop-self </b>enables
spoke-to-spoke traffic</div><div><b>no split-horizon </b>allows learned routes to
be reflected back out to the spokes</div>
With EIGRP OTP, how can you control which routers are allowed to connect to the
route reflector? On the router configured as the route reflector, the <b>remote-
neighbors </b>EIGRP command can reference an ACL with the <b>allow-list
</b><i>acl</i><b> </b>keyword.
What is the ISO OSI term for an interface? Circuit
What type of addressing is used in OSI networks? NSAP, Network Service Access
Point, which represents an address of a particular network service on a particular
network node.
TCP/IP uses per-___ addressing, whereas NSAP addressing is per-___.

interface<div>node</div>
What are the two main parts of an NSAP address? IDP Initial Domain
Part<div>DSP Domain Specific Part</div>
What two fields are in the Initial Domain Part (IDP) of an NSAP address? AFI
(Authority and Format Identifier)<div>IDI (Initial Domain Identifier)</div><div><br
/></div><div>Together, they indicate the routing domain (autonomous system) in
which the node is located.</div>
What three fields are in the Domain Specific Part (DSP) of an NSAP address? -HO-
DSP (High-Order DSP), indicates area of domain where the node is located<div>-
System ID, unique identifier of the node itself</div><div>-SEL/NSEL/NSAP Selector,
identifies service in or above the network layer</div>
What is the size range of NSAP addressing? 8 - 20 octets

What is the name of an NSAP address where the SEL octet is 0? NET Network Entity
Title<div><br /></div><div>When the SEL is 0, no particular service is being
addressed, and the entire NSAP address identifies the destination node itself
without referring to any particular service.</div>
How are NSAP addresses usually formatted? A dot after the first octet (2 hex
digits), and dots between two-octet groups:<div><br
/></div><div>49.0001.0000.1111.2222.00</div><div><br /></div><div>Dots are
arbitrary, carry no significance, and are not required.</div>
What is the significance of the PPP Type field as compared to older serial data
link standards? Having a Type field allows multiple higher-layer protocols to be
used simultaneously over the link. Previous standards required either proprietary
extensions (like Cisco's version of HDLC or Frame Relay), or required static
configurations between sender and receiver to know what was expected to be sent
over the link.
What are the three phases of initiating a PPP session between two devices? Link
Establishment<div>Authentication</div><div>Network Layer Protocol</div>
At a high level, what occurs during the PPP Link Establishment Phase? Two devices
verify whether they speak PPP and negotiate basic link operation parameters using
LCP.
What five main functions are provided by PPP LCP? -Verify devices speak
PPP<div>-Verify link is not looped</div><div>-Negotiate basic
parameters</div><div>-Verify session liveliness</div><div>-Tear down session if
either device requests it</div>
What are the four Configure messages used by PPP LCP? Configure-
Request<div>Configure-Ack</div><div>Configure-Nak</div><div>Configure-Reject</div>
"What is the PPP ""magic number"" used for? " "During link-establishment, LCP
sends a CONFREQ message containing a random ""magic"" number. If the sender
receives a CONFREQ with the same number once, it is possible that both sender and
receiver chose the same number, and a different number is chosen. If the received
CONFREQ message has the same magic number again, the link is most likely looped."
What are four of the capabilities exchanged during PPP link establishment?
MTU<div>Authentication type</div><div>Link Quality
Monitoring</div><div>Selected frame header compression (IP, RTP, etc)</div>
During PPP link establishment, when a device receives a CONFREQ message and agrees
with all of the parameters, how does it respond? With a CONFACK Configure-Ack
message
What is contained in a PPP CONFACK message? A CONFACK is an exact duplicate of

an accepted CONFREQ message. A CONFACK means both PPP devices agree on the link
establishment parameters.
What is the purpose of the PPP CONFNAK message? A CONFNAK message is the
response to a CONFREQ message where some of the parameters are not acceptable, but
can be negotiated.
What is contained in the PPP CONFNAK message? CONFNAK message contain a list of
all unacceptable options from the received CONFREQ message, with values set to the
device's own acceptable values for the options.
What's the difference between a PPP CONFNAK and CONFREJ message? CONFNAK is
used when certain parameters are unacceptable, but negotiable.<div><br
/></div><div>CONFREJ is used when certain paramaters are unacceptable and
nonnegotiable.</div>
True or False: A PPP device receiving a CONFREJ message is unable to establish a

PPP session with its neighbor. False: CONFREJ lists the parameters and values
that are unacceptable and nonnegotiable by the neighbor. The sending PPP device has
the option of operating without the nonnegotiable features to allow the PPP session
to come up.
At a high level, how does authentication work with PPP? PPP authentication is a
one-way procedure where one device proves its identity to the other device. Mutual
authentication is two independent one-way authentications.
After a PPP link has been established and authentication passed, what must occur
before any data can be transmitted? Both devices must negotiate and agree on
Network Control Protocols for each upper-layer data type to be transferred. For
example, if both devices support IPv4 (via IPCP), but only one device supports IPv6
(via IPv6CP), IPv6 data will not be transmitted over the link.
What are the two stages of PPPoE? Discovery<div>PPP Session</div>
What is the PPPoE Discovery Stage used for? To allow the client to discover an
access concentrator and associate with it.
What are the four steps of the PPPoE Discovery Stage? -PADI PPPoE Active
Discovery Initiation<div>-PADO PPPoE Active Discover Offer</div><div>-PADR PPPoE
Active Discovery Request</div><div>-PADS PPPoE Active Discovery Session-
confirmation</div><div><br /></div><div>Similar in concept to DHCP DORA</div>
What is the PPPoE Active Discovery Initiation (PADI) used for? PPPoE client
broadcasts a PADI frame to solicit access concentrators in the same broadcast
domain.
What is the PPPoE Active Discovery Offer (PADO) used for? PPPoE access
concentrator receiving a PADI responds with a unicast PADO frame containing the
name of the access concentrator to the client.
What is the PPPoE Active Discovery Request (PADR) used for? PPPoE client
chooses a particular access concentrator and unicasts a PADR frame to associate
with it.
What is the PPPoE Active Discovery Session-confirmation (PADS) used for? A

PPPoE access concentrator willing to handle a particular client (by receipt of
PADR) responds with a unicst PADS frame and assigns a unique Session ID to the
particular client's session.
What occurs during the PPPoE Session Stage? Clients send and receive PPP frames
using the same PPPoE Session ID assigned by the access concentrator. During this
stage, all PPP operations are the same as if PPP was running over a serial link in
HDLC framing.
What are the EtherTypes of PPPoE control (discovery) frames, and PPPoE data
(session) frames? 0x8863 (discovery)<div>0x8864 (session)</div>
What happens to the IP routing table when a PPP link is established? IPCP adds
a /32 neighbor route to the IP routing table.
How do you prevent a PPP-encapsulated link from automatically adding a neighbor

route upon successful connection? Interface:<div><b>no peer
neighbor-route</b></div>
How do you configure PPP to install a default route to the neighbor?

Interface:<div><b>ppp ipcp route default</b></div>
How do you configure a PPP session so that one device assigns a static IP address
to the other side? Assigning device interface:<div><b>peer default ip address
</b><i>ip</i></div><div><i><br /></i></div><div>Assigned device
interface:</div><div><b>ip address negotiated</b></div>
When configuring a PPP interface to provide a static IP address to the peer device,
how is the IP address installed in the peer device's IP routing table? As
a /32 host route
How do you configure a router using PPP to request the peer device to authenticate
itself with PAP? Interface:<div><b>ppp authentication pap</b></div>
How do you configure a router running PPP to provide authentication information to

a requesting device via PAP? Interface:<div><b>ppp pap sent-username
</b><i>username </i><b>password </b><i>password</i></div>
When configuring a router to ask the peer device to provide authentication via PAP,
what additional information must be configured? The global <b>username
</b><i>user </i><b>password </b><i>password </i>for the authenticated peer device.
How can you view what PPP options have been established for a particular interface?
<b>show ppp interface </b><i>interface</i>
What are the three packets exchanged during CHAP authentication?

Challenge<div>Response</div><div>Success/Failure</div>
Why does PPP CHAP one-way authentication require a username and password configured
on both devices? With one-way authentication, even though only one device is
asking the other device to authenticate itself, each device sends its hostname
(corresponding to the username) in the CHAP message, which the opposite device uses
for reference when calculating the MD5 hash.
With regard to configuration, what is the difference between PPP CHAP one-way and
two-way authentication? For both one-way and two-way authentication, a
username and password must be configured on both devices. With one-way
authentication, <b>ppp authentication chap </b>is configured on one device, and
with two-way authentication, it is configured on both devices.
How do you configure PPP to send a CHAP username that is different from the default
hostname? Interface:<div><b>ppp chap hostname </b><i>username</i></div>
For devices acting as PPPoE concentrators, each PPPoE concentrator instance is

represented by what construct? bba-group
For PPPoE, what is contained in the bba-group? The bba-group contains the
configuration details of a particular PPPoE concentrator instance, such as the
concentrator name presented to clients, maximum number of attached clients, and a
reference to the Virtual-Template.
What is a Virtual Template interface? A Virtual Template interface is a

placeholder for the configuration of per-client Virtual-Access interfaces that are
created when the client connects. The configuration of the Virtual Template
interface is cloned to the Virtual-Access interfaces as they are instantiated.
With PPPoE, what are Virtual Template interfaces applied to? bba-group
With PPPoE, what are bba-groups applied to? Ethernet interfaces (or
subinterfaces)
What is the default encapsulation of <b>virtual-template </b>interfaces? PPP
What is a recommended configuration for <b>virtual-template </b>interfaces with

regard to sourcing an IP address? It is recommended to create a loopback
interface, and then reference it from the <b>virtual-template </b>interface with
<b>ip unnumbered </b><i>loopback</i><div><i><br /></i></div><div>This was due to a
limitation in older versions of IOS with using the same IP address on more than a
certain number of interfaces.</div>
When configuring PPPoE on the server side, where do you specify the MTU and MSS
settings? Under the <b>virtual-template </b>interface
When configuring PPPoE on the client side, where do you specify the MTU and MSS
settings? Under the <b>dialer </b>interface
What is the default encapsulation of Dialer interfaces? HDLC
How do you view the status of locally-configured IP address pools? <b>show ip

local pool</b>
What is the difference between DMVPN Phase 1 and Phase 2? Phase 1 only allows hub-
to-spoke traffic, not spoke-to-spoke, and the spoke tunnel interfaces are
configured as regular point-to-point GRE.<div><br /></div><div>Phase 2 allows
dynamic spoke-to-spoke traffic with the spoke tunnel interfaces configured as
multipoint GRE, just as the hub is.</div>
What is the process of a DMVPN Phase 2 spoke learning the NHRP mapping of another
spoke? -Spoke1 sends NHRP resolution request for Spoke2 to the tunnel IP of
the Hub<div>-Hub relays request to Spoke2</div><div>-Spoke2 adds its own mapping to
the received request and sends NHRP reply directly to Spoke1</div><div>-Spoke2
sends NHRP resolution request for Spoke1 to Hub</div><div>-Hub relays request to
Spoke1</div><div>-Spoke1 adds its own mapping to the received request and sends
NHRP reply directly to Spoke2</div>
During the buildup of DMVPN Phase 2 spoke-to-spoke communications, how is

bidirectional communication between the spokes established? The first spoke
sends a NHRP resolution request to the hub for the second spoke. The hub forwards
the request to the second spoke, which then replies directly to the original spoke.
The second spoke then sends its own NHRP resolution request to the hub for the
first spoke. The hub forwards the request to the first spoke, which then replies
directly to the second spoke, completing verified bidirectional communications.
When establishing spoke-to-spoke DMVPN Phase 2 tunnels, why does the second spoke
perform its own NHRP resolution request, even though it already received
information about the originating spoke from the hub? By repeating the NHRP
resolution process on the second spoke, both spokes acknowledge each other's
requests were received, and spoke-to-spoke NBMA reachability is confirmed.
What are the three primary restrictions of DMVPN Phase 2? -Summarization is not
allowed on the hub<div>-Default routing is not allowed on the hub</div><div>-Spokes
must always maintain next-hop reachability</div>
What is the significance of the DMVPN NHRP network ID? The network ID is
locally-significant and distinguishes between different DMVPNs on the same device.
It makes operational sense to configure the same ID across all devices in the same
DMVPN, but it is not required.
From a DMVPN spoke router, how do you configure reachability to the hub? Tunnel
interface:<div><b>ip nhrp nhs </b><i>hub-tunnel-ip</i></div><div><b>ip nhrp map
</b><i>hub-tunnel-ip hub-nbma-ip</i></div>
What two features enable DMVPN Phase 3? NHRP Redirect<div>NHRP Shortcut</div>
What three major restrictions are removed in DMVPN Phase 3, as opposed to Phase 2?
-Summarization is allowed on the hub<div>-Default routing is allowed on the
hub</div><div>-Next-hop values on the spokes are always modified</div>
What two configurations are added to enable DMVPN Phase 3? Hub tunnel
interface:<div><b>ip nhrp redirect</b></div><div><b><br /></b></div><div>Spoke
tunnel interface:</div><div><b>ip nhrp shortcut</b></div>
With regard to DMVPN Phase 3, what does the <b>ip nhrp redirect </b>command do?
This command enables the hub router to send out NHRP Traffic Indication
messages, which let the originating spoke know that there is a better way to reach
it's destination.
With regard to DMVPN Phase 3, what does the <b>ip nhrp shortcut </b>command do?
This command enables a spoke router to accept incoming NHRP Traffic
Indication messages, which causes the spoke to send an NHRP Resolution Request
message for the original packet's destination address, then install the destination
network (with the destination spoke as the next hop) in the local IP routing table
after receiving the NHRP Resolution Reply from the destination spoke.
For which DMVPN Phase(s) is summarization on the hub allowed? <div>Phase 1 &
3</div><div><br /></div>DMVPN Phase 1 does not establish spoke-to-spoke tunnels,
and summarization is not an issue. Summarization on the hub is not allowed in
DMVPN Phase 2 because the next-hop address cannot be modified. Phase 3 allows
summarization on the hub due to the behavior of the NHRP redirect / shortcut.
Why is summarization allowed on the hub in DMVPN Phase 1? DMVPN Phase 1 does not
establish spoke-to-spoke tunnels, and summarization is not an issue.
Why is summarization on the hub not allowed in DMVPN Phase 2? Summarization on

the hub is not allowed in DMVPN Phase 2 because the next-hop address cannot be
modified.
Why is summarization allowed on the hub with DMVPN Phase 3? Phase 3 allows
summarization on the hub due to the behavior of the NHRP redirect / shortcut.
What is the process of building spoke-to-spoke communication with DMVPN Phase 3?

<div>-1st spoke sends packet destined for 2nd spoke with hub as
next-hop</div><div>-Hub forwards packet to 2nd spoke, and sends NHRP Redirect to
1st spoke</div><div>-1st spoke receives NHRP Redirect and sends NHRP Resolution
Request toward the hub for the 2nd spoke, which the hub then forwards to the 2nd
spoke</div><div>-2nd spoke responds to inital packet with reply packet destined for
1st spoke with hub as next-hop, which the hub then forwards to 1st spoke, and
sends NHRP Redirect to 2nd spoke</div><div>-2nd spoke receives NHRP Redirect and
sends NHRP Resolution Request to the hub for the 1st spoke, which the hub then
forwards to the 1st spoke</div><div>-2nd spoke sends NHRP Resolution Reply directly
to 1st spoke</div><div>-1st spoke receives NHRP Resolution Request and sends NHRP
Resolution Reply directly to 2nd spoke</div>
What is another term for the NHRP Redirect message? Traffic Indication message
With DMVPN Phase 3, what is returned with NHRP Resolution Reply messages? The
entire destination prefix, not just the destination (next-hop) IP address.
How do you configure a prefix-list to match all Class A addresses that are not
subnetted? <b>ip prefix-list </b><i>name </i><b>permit 0.0.0.0/1 ge 8 le
8</b><div><b><br /></b></div><div>Class A addresses have the first bit set to 0,
and are in the range of 1 - 126 inclusive. Class A addresses have a prefix length
of 8, therefore any prefix length of 9 or greater means the Class A network has
been subnetted.</div>
How do you configure a prefix-list to match all Class B addresses that are not
16</b><div><b><br /></b></div><div>Class B addresses are in the range of 128 - 191,
inclusive, whose first two bits are 1 0. All non-subnetted Class B addresses have a
prefix length of 16.</div>
How do you configure a prefix-list to match all Class C addresses that are not
24</b><div><b><br /></b></div><div>The range of Class C addresses is 192 - 223,
inclusive. The first three bits of all Class C addresses is 1 1 0. Non-subnetted
Class C networks have a prefix length of exactly 24.</div>
What is the process to create a single prefix-list entry matching two or more
ranges of IP addresses? Determine the common network bits, and the minimum
and maximum prefix lengths.<div><br /></div><div>For example, to create a single
prefix-list entry matching 10.1.204.0/28 and 10.1.203.0/26, you can see immediately
that the first 16 bits are common. 203 in binary is 11001011 and 204 is 11001100,
so there are a total of 16 + 5 = 21 bits in common. This translates to a base
prefix of 10.1.200.0 with a minimum length of 21 and a maximum length of
28:</div><div><br /></div><div><b>ip prefix-list </b><i>name </i><b>permit
10.1.200.0/21 ge 21 le 28</b></div>
How do you configure a prefix list to deny only host routes? <b>ip prefix-list
</b><i>name </i><b>deny 0.0.0.0/0 ge 32</b><div><b>ip prefix-list </b><i>name
</i><b>permit 0.0.0.0/0 le 32</b></div>
What are the configuration requirements for using EIGRP over DMVPN? Tunnel
interface:<div><b>ip nhrp map multicast</b></div><div><b>no ip split-horizon eigrp
</b><i>asn</i></div><div><i><br /></i></div><div>Phase 2 also
requires:</div><div><b>no ip next-hop-self eigrp </b><i>asn</i></div>
What is a caveat of manually configuring a neighbor in EIGRP? The other neighbor

must also be manually configured. Additionally, for broadcast interfaces, if one
neighbor is manually configured, all neighbors must be manually configured.
Where is redistribution configured for EIGRP named mode? Under <b>topology

base</b>
How do you configure classic EIGRP third-party next-hop? Interface:<div><b>no ip

next-hop-self eigrp </b><i>asn</i></div>
How do you configure named EIGRP third-party next-hop? AF-interface:<div><b>no
next-hop-self</b></div>
How do you configure summarization for multiple interfaces in EIGRP named mode?
You cannot configure summarization under <b>af-interface default</b>, you
must configure it under the individual af-interfaces.
How do you configure EIGRP named mode to limit the number of prefixes allowed to be
learned from a particular neighbor, and issue a syslog message when a certain
percentage threshold has been crossed? AF global:<div><b>neighbor
</b><i>neighbor </i><b>maximum-prefix </b><i>maxpfx percent</i></div>
When configuring a maximum number of prefixes allowed to be received from a

particular EIGRP neighbor, what happens if the <b>warning-only </b>keyword is not
used? With the <b>warning-only </b>keyword, a syslog message is generated
whenever the limit has been reached, and no new prefixes can be received from the
neighbor. Without the keyword, the neighbor adjacency is torn down when the limit
is crossed.
What is a good practice before configuring an ACL? View existing ACLs

first: <div><b>show access-lists</b></div>
How do you manually calculate the default EIGRP classic metric? 10,000,000 Kbps /
lowest bandwidth along the path in Kbps<div>+ Sum of all delays along the path
in 10s of microseconds</div><div>* 256</div><div><br /></div><div>Example: Path
contains a 1 Gbps link and a 100 Mbps link, with 10Âµs and 100Âµs delay,
respectively. 100 Mbps is the lowest value along the path, so the formula is
[ (10,000,000 / 100,000) + (1 + 10) ] * 256 = 111 * 256 = 28,416</div>
How do you manually calculate the EIGRP wide default composite metric?
Throughput + Latency<div><br /></div><div>Throughput = 10,000,000 * 65,536 /
minimum bandwidth in Kbps</div><div>Latency = Total delay in picoseconds * 65,536 /
1,000,000</div><div><br /></div><div>Example: 100 Mbps link as slowest, with total
delay of 101,250,000 picoseconds</div><div><br /></div><div>Throughput: 10,000,000
* 65,536 / 100,000 Kbps = 6,553,600</div><div>Latency = 101,250,000 * 65,536 /
1,000,000 = 6,635,520</div><div><br /></div><div>Metric = 13,189,120 = 6,553,600 +
6,635,520</div><div><br /></div><div>Value placed in the RIB is 103,040 =
13,189,120 / 128</div>
How can you view received EIGRP routes for which there are no Successors?
<b>show ip eigrp topology zero-successors</b>
Why would the EIGRP wide metric <b>rib-scale </b>need to be adjusted? EIGRP wide
metrics are 64-bit, and the current IOS RIB is 32-bit. With slower links, such as
10 Mbps Ethernet, the default rib-scale value of 128 is too small, and would cause
the metric for those slower links to be larger than what can fit in the RIB (and
therefore, the route would be seen as having an infinite metric and unusable). By
increasing the <b>metric rib-scale </b>value, slower links can be
used.<div><br /></div><div>In the future, the rib-scale value may need to be
adjusted downward to accomodate faster-speed links.</div>
If you adjust the EIGRP wide metric <b>rib-scale </b>value on one router, do you
have to change it on all routers? No, the <b>rib-scale </b>value has local
significance only in the sense that the calculation is performed locally, and the
resulting value is stored only in the local RIB and not advertised.<div><br
/></div><div>However, you should make sure all routers use the same value, unless
you are adjusting the value purposely to filter routes. If the value is adjusted so
that, for example, a slower link can be used (and not seen as having an infinite
metric), then every router in a path that must use that link must also have its
<b>rib-scale </b>value adjusted as well.</div>
With EIGRP, what happens if you configure a <b>leak-map </b>to reference a route-
map that does not exist? Only the summary route is advertised
With EIGRP, what happens if you configure a <b>leak-map </b>to reference

a route-map that references an ACL that does not exist? The summary route and
all specific routes are advertised
On Cisco IOS, how do you enter a ? as part of a character string (such as a

password)? Esc, q, ?
"How does Cisco define ""cloud""? " IT resources and services that are abstracted
from the underlying infrastructure and provided <b>on-demand </b>and <b>at-scale
</b>in a <b>multitenant environment</b>.
"What are the three components of Cisco's definition of ""cloud""? " <b>On-
demand</b> resources<div><b>At-scale </b>meaning illusion of infinite resource
availability</div><div><b>Multitenant Environment</b></div>
What are the four general cloud architectures?

Public<div>Private</div><div>Virtual Private</div><div>Inter-Cloud</div>
What are the three components of Cisco's definition of private cloud? Automation /
Orchestration<div>Workload Mobility</div><div>Compartmentalization</div>
What is Cisco's definition of a virtual private cloud? A combination of public

and private clouds, sometimes referred to as a hybrid cloud.
What are the four critical service layers of cloud computing as defined by Cisco?
<div>IT Foundation</div>SaaS Software as a Service<div>PaaS Platform as a
Service</div><div>Iaas Infrastructure as a Service</div>
A hosted web-based word processor is an example of what? Software as a Service
The interface (typically APIs) between a hosted application and a

development/scripting environment that supports it is known as what? Platform as
a Service
What is the model of having compute, network, and storage delivered over the
network on a pay-as-you-go basis? Infrastructure as as Service
When referring to XaaS, what is the IT Foundation? The basis of the other types
of delivered services. A collection of core technologies that evolve over time,
such as virtualization, and the evolution of physical networks from 3-tier to
leaf/spine.
What are some performance and reliability tradeoffs to consider with cloud
environments? -The speed of access to a private cloud may be slower than a
private cloud<div>-The reliability of a public cloud may be higher than a private
cloud</div>
What is a potentially major security consideration with data storage in a public

cloud? "The physical location of the data. For example, sensitive data stored
in ""unfriendly"" locations, or areas prone to natural disasters."
How is privacy typically achieved with cloud computing? Multitenancy. Customers

are logically (and sometimes physically) separated from each other.
What is the difference in scalability among the four cloud models? Private
cloud involves the highest cost to expand scalability. The other models provide
extreme scalability, with the inter-cloud model providing the highest level of
scalability.
What is a potential issue of cloud interoperability with applications? With

public cloud, it is up to the developer to use the cloud-provided APIs. However,
custom in-house applications may be better suited to private cloud.
What are the three main cloud network access methods? Private WAN<div>Internet
Exchange Point (IXP)</div><div>Internet VPN</div>
What is the difference between automation and orchestration? Automation refers

to completing a single task.<div>Orchestration is an ordered set of tasks with
conditions.</div>
What is workload mobility? The capability of distributing various resources

(computer, storage, network, etc) in an abstracted manner. For example,
geographically-based anycast solutions.
What is NETCONF? A protocol by which configurations are installed and changed.

YANG represents the meaning of the data, and NETCONF delivers the data itself in
XML format.
What is YANG? A modeling language used to represent device configurations and

state, which defines the structure of the data, but not the data itself.
How are NETCONF and YANG related? NETCONF is the transport vessel for YANG
information to be transferred from a NMS to a network device, similar in concept to
HTTP (NETCONF) being used to transport HTML (YANG). Another analogy is YANG is to
NETCONF as MIBs are to SNMP.
Whramming the forwarding tables of data-plane devices.
What is an API? Application Programmability Interface defines a standard way of

interfacing with a software application or operating system. Examples are REST and
RESTCONF available in IOS-XE.
What are northbound protocols? Northbound protocols are typically APIs that
applications can use to make requests of the network. For example, a specific QoS
treatment could be specified by the application.
What is an example of a northbound interface? a REST API
What is a southbound interface? The control plane protocol(s) between the

centralized controller and the network forwarding hardware. An example is OpenFlow.
What is an example of a southbound protocol? OpenFlow
What are the three common software development models?

Waterfall<div>Iterative</div><div>Agile / DevOps</div>
What is service function chaining? Sequencing virtualized network services (VNFs)

in a particular order to solve a particular business problem. Examples include
placing virtual routers, firewalls, and IPS in a particular order.
With regard to IoT, what are LLNs? Low-Power and Lossy Networks
With regard to IoT, what is RPL? IPv6 Routing Protocol for LLNs, which is a
distance-vector routing protocol specifically designed to support IoT. RPL borrows
ideas from traditional IP routing, multi-topology routing (MTR), and MPLS-TE.
What is 6LoWPAN? IPv6 over Low Power WPANs. <div><br /></div><div>6LoWPAN is

an adaptation layer for IPv6 using IEEE 802.15.4 wireless networks.</div>
How does 6LoWPAN adapt IPv6 for IEEE 802.15.4 wireless networks? MTU
correction - fragments IPv6 minimum 1280 byte MTU to 802.15.4 127 byte
MTU<div>Header compression - assumes common fields to compress IPv6 (40B) + UDP
(8B) to 7B</div><div>Mesh routing</div><div>MAC-level retransmissions - instead of
higher-layer responsibility</div>
What is CoAP? Constrained Application Protocol<div><br /></div><div>Similar to

(but simpler than) HTTP, designed to support machine-to-machine communications over
UDP for Low-power and Lossy Networks (LLNs)</div>
What is MQTT? Message Queuing Telemetry Transport<div><br

/></div><div>Lightweight machine-to-machine communications over TCP</div>
What standards body has defined the NFV architectural framework? ETSI
European Telecommunications Standards Institute
What was the intended use for GLOP addressing? To provide an interoperable /24
multicast address space for every 16-bit ASN in the 233/8 range.
What type of route has the default AD of 0? Connected
What type of route has the default AD of 1? Static
What type of route has the default AD of 5? EIGRP summary route
What type of route has the default AD of 20? eBGP
What type of route has the default AD of 90? EIGRP internal
What type of route has the default AD of 100? IGRP
What type of route has the default AD of 110? OSPF
What type of route has the default AD of 115? IS-IS
What type of route has the default AD of 120? RIP
What type of route has the default AD of 170? EIGRP external
What type of route has the default AD of 200? iBGP<div>BGP Local (locally-
injected)</div>
What type of route has the default AD of 160? ODR
What type of route has the default AD of 255? Discard / infinite / unreachable
routes
When redistributing connected interfaces into OSPF that have IP addresses within an
OSPF <b>network </b>statement, what happens? The routes for those interfaces are
injected as OSPF Intra-Area routes, while the other interfaces are redistributed as
OSPF External Type 2 routes (by default).
What is the default OSPF network type for tunnel interfaces? point-to-point
When configuring a route-map, how can you select a particular routing protocol?
<b>match source-protocol </b><i>protocol pid</i>
When configuring a route-map, how do you select a range of metric values? With
the <b>match metric </b>option, you can either match multiple individual metric
values, or you can match a range by entering the value range midpoint, the +-
modifier, and the positive and negative range.<div><br /></div><div>For example, to
match a range of metric values from 500 - 1500, the command would
be:</div><div><b>match metric 1000 +- 500</b></div>
What is the process of determining the midpoint and derivation values for
configuring a range of metric values? Mid value = (min + max) /
2<div>Derivation value = (max - min) / 2</div>
How do you disable Ethernet autonegotiation? Change BOTH <b>speed </b>and

<b>duplex </b>to something other than <b>auto</b>
When VTP Pruning is enabled, which VLANs become prune eligible? 2 - 1001
What is the IP Protocol for IGMP? 2
What is the IP Protocol for IP-in-IP encapsulation? 4
What is the IP Protocol for IPv6? 41
What is the IP Protocol for RSVP? 46
What is the IP Protocol for GRE? 47
What is the IP Protocol for Encapsulating Security Payload (ESP)? 50
What is the IP Protocol for Authentication Header (AH)? 51
What is the IP Protocol for Protocol Independent Multicast (PIM)? 103
What is IP Protocol 1? ICMP
What is IP Protocol 2? IGMP
What is IP Protocol 4? IP-in-IP encapsulation
What is IP Protocol 6? TCP
What is IP Protocol 17? UDP
What is IP Protocol 41? IPv6
What is IP Protocol 46? RSVP
What is IP Protocol 47? GRE
What is IP Protocol 50? ESP
What is IP Protocol 51? AH

What is IP Protocol 88? EIGRP
What is IP Protocol 89? OSPF
What is IP Protocol 103? PIM
What is IP Protocol 115? L2TPv3
What are the two Ethernet pseudowire modes? Raw mode<div>Tagged mode</div>
What is the difference between tagged and raw mode Ethernet pseudowires? Tagged
mode requires a service-delimiting VLAN tag, while raw mode removes any service-
delimiting VLAN tags, when sending data across the pseudowire.<div><br
/></div><div>Both modes transparently pass customer VLAN tags across the
pseudowire.</div>
What is another name for an Ethernet pseudowire in Tagged mode? VLAN-based
What is another name for an Ethernet pseudowire in Raw mode? Port-based
What is the pseudowire type of tagged-mode Ethernet? 0x0004
What is the pseudowire type of raw-mode Ethernet? 0x0005
What is the pseudowire type 0x0004? Tagged-mode Ethernet
What is the pseudowire type 0x0005? Raw-mode Ethernet
What is the EtherType for IPv4? 0x0800
What is the EtherType for IPv6? 0x86DD
What is the EtherType for LLDP? 0x88CC
What is EtherType 0x0800? IPv4
How does Administrative Distance affect routing optimality when performing mutual
routing protocol redistribution on multiple routers?
Redistributed routes should be marked with a higher AD so that the redistributing
routers will use the source protocol when routing.
With the default classless routing configuration, when is the default route used?
When the packet's destination does not match any specific route in the IP routing
table.
With a classful routing configuration, when is the default route used?

The default route is used only if the packet's destination does not exist in
any classful network in the IP routing table.
What must be true for RIP to advertise a default route via the <b>ip default-
network </b>command? The classful network must be in the local router's IP
routing table.
What must be true for EIGRP to advertise a default route via the <b>ip
default-network </b>command? The classful network must be advertised by the
local router into EIGRP through any means.
How does RIP utilize the <b>ip default-network </b>setting? RIP advertises a
route to 0.0.0.0/0
How does EIGRP utilize the <b>ip default-network </b>setting? EIGRP

advertises the classful network flagged as the candidate default.
What is the AD of an EIGRP Summary route? 5
How do you modify the default AD of an EIGRP summary route? EIGRP

process:<div><b>summary-metric </b><i>summary </i><b>distance
</b><i>distance</i></div>
During which PfR phase are flows that have high latency and throughput learned, and
Monitored Traffic Classes assembled? Profile phase
During which PfR phase are performance metrics collected and computed for the
traffic previously identified in the Monitored Traffic Classes (MTC) list?
Measure phase
During which PfR phase are low and high thresholds defined for in-policy and out-
of-policy performance categories? Apply Policy phase
During which PfR phase is traffic influenced by manipulating routing or using PBR?
Control phase
During which PfR phase is out-of-policy traffic performance re-evaluated and

adjusted if necessary? Verify phase
What is the term for PfR interfaces that connect to the network for communication
with the Master Controller? Internal
What is the term for PfR interfaces that are used to transmit packets out of the
local network? External
On which PfR interfaces are prefixes and link performance monitored? External
How many External interfaces are required for PfR? At least two
Which PfR interface is used as the source to communicate with the Master
Controller? Local
What are IP addresses in the range of 224.0.0.0 - 224.0.1.255 referred to as?

Permanent multicast groups
What are IP addresses in the range of 232/8 referred to as? Source-Specific

Multicast
With the AFxy PHBs, what does x signify? Higher values of x receive better queuing
treatment.
With the AFxy PHBs, what does y signify? Higher values of y have a higher
probability of being dropped.
With the AFxy PHBs, how does AF11 compare to AF33? AF33 will have better queuing
treament, but have a higher probability of being dropped.
What does the PHB value 46 indicate? Expedited Forwarding
What are two PHB actions associated with EF? <div>-Queue EF packets so they get
scheduled quickly, for low latency</div><div>-Police EF packets so they do not
consume all bandwith on the link or starve other queues</div>
What is the default time interval over which IOS measures packet and bit rates on
an interface? 5 minutes
What type of traffic does Cisco recommend be marked with CoS / IPP / DSCP values of
5 / 5 / EF? Voice payload
4 / 4 / AF41? Video payload
3 / 3 / CS3? Voice and video signaling
3 / 3 / AF31,AF32,AF33? Mission-critical
2 / 2 / AF21,AF22,AF23? Transactional
1 / 1 / AF11,AF12,AF13? Bulk
0 / 0 / BE? Best-Effort
0 / 0 / 2,4,6? Scavenger
How does Cisco IOS QoS pre-classification work? QoS pre-classification works
by keeping the original unencrypted traffic in memory until the egress QoS actions
are taken.
What Cisco IOS feature permits routers to make egress QoS decisions based on
the original traffic before encapsulation. QoS pre-classification
What is the QoS drop policy? The rules used to choose which packets to drop as
queues begin to fill.
What is QoS scheduling? The logic used to determine which packet should be
dequeued next.
With CBWFQ and LLQ, what queue requires no configuration? class-default<div><br

/></div><div>This queue always exists even if no configuration for it is
defined.</div>
What happens if a packet does not match any explicitly configured classes in a
policy-map? It is placed into the class-default class.
What happens with the CBWFQ scheduler if some queue classes are empty and do not
need their bandwidth for a short period? The bandwidth is proportionally allocated
across the other classes.
What is the term for when a queue is full and there is no place to put newly-
arriving packets? Tail drop
What is a WRED Full Drop? A WRED Full Drop occurs when the average queue depth
is higher than the configured maximum threshold, and all new packets are discarded.
Minimum and Maximum thresholds, and the Mark Probability Denominator (MPD) are
components of what? WRED traffic profile
What is the Modified Deficit Round-Robin (MDRR) PQ strict priority mode?

Strict priority mode serves the PQ whenever traffic is present in the queue.
What is an issue with the Modified Deficit Round-Robin (MDRR) PQ strict

priority mode? The PQ is always serviced first, which can lead to starvation of
the other queues.
How does Modified Deficit Round-Robin (MDRR) PQ alternate mode work? Alternate
mode serves the PQ in between servicing each of the other queues: 0, P, 1, P, 2, P,
etc.
What is a caveat of using Modified Deficit Round-Robin (MDRR) PQ alternate mode?

Alternate mode prevents queue starvation at the expense of jitter and latency
as compared to strict priority mode.
What is the Modified Deficit Round-Robin (MDRR) Quantum Value? The Quantum Value
is the number of bytes the queue holds.
What is the Modified Deficit Round-Robin (MDRR) Deficit Count? The Deficit Count
is the number of bytes beyond the Quantum Value that were transmitted in a single
round-robin pass.
What is a feature of Weighted Tail Drop? WTD allows configuration per-queue.
With RSVP, what is the default total and per-flow bandwidth reservation?

The default total bandwidth reservation is 75% of the interface bandwidth,
and any single flow can reserve the entire bandwidth.
What is the shaper static time interval (Tc) measured in? Milliseconds
What is the formula for calculating Tc? Tc = Bc / CIR
What does committed burst (Bc) refer to? The number of bits that a shaper can send
within a time interval (Tc)
What defines the rate for a virtual circuit based on a business contract? CIR
Committed Information Rate
What is the CIR? Committed Information Rate defines the rate for a virtual circuit
based on a business contract.
What is burst excess (Be)? Be is the number of bits beyond the Bc that are
allowed to be sent during a given Tc
With single-rate, two-color policing, what state is the traffic considered if the
size of the packet to be transmitted is equal to or less than the number of tokens
available in the Bc bucket? Conforming
With single-rate, two-color policing, what does this notation indicate?<div><br

/></div><div>Xp <= Xb</div> Traffic is conforming
With single-rate, two-color policing, what state is the traffic considered if the
size of the packet to be transmitted is greater than the number of tokens available
in the Bc bucket? Exceeding
With single-rate, two-color policing, how many tokens are drained from the Bc
bucket when traffic is exceeding? None, traffic cannot be transmitted until
tokens have been replenished
With single-rate, two-color policing, what does this notation indicate?<div><br

/></div><div>Xp > Xb</div> Traffic is exceeding
With single-rate, three-color policing, what state is the traffic considered if the
size of the packet to be transmitted is greater than the number of tokens available
in both Bc and Be buckets? Violating
With single-rate, three-color policing, what does this notation indicate?

<div><br /></div><div>Xp > Xbc + Xp > Xbe</div> Traffic is violating
With single-rate, three-color policing, how many tokens are drained from the Bc and
Be buckets when traffic is violating? None, traffic cannot be transmitted until
tokens have been replenished
With dual-rate, three-color policing, how are the token buckets replenished?
The Bc bucket is replenished at the CIR<div>The Be bucket is replenished at
the PIR</div>
When the Bc bucket is replenished at the CIR, and the Be bucket is replenished at
the PIR, what type of policing is this? dual-rate, three-color policing
With dual-rate, three-color policing, how does a conforming packet affect the token
buckets? A conforming packet drains tokens equally from both Bc and Be buckets.
That is, the same packet uses double the number of tokens with the dual-rate model.
With dual-rate, three-color policing, what state is traffic considered to be

if a packet drains tokens equally from both Bc and Be buckets? Conforming
With dual-rate, three-color policing, when is traffic considered to be

conforming? When there are enough tokens in both the Bc and Be buckets, as a
conforming packet drains tokens equally from both buckets.
With dual-rate, three-color policing, what happens when traffic is considered

to be exceeding? An exceeding packet drains tokens from the Be bucket
With dual-rate, three-color policing, what is the state of traffic that drains

tokens from the Be bucket only? Exceeding
What is multi-action policing? When multiple fields in the same packet are
marked during class-based policing.
Single-rate, two-color policing is used by what legacy technology? CAR

Committed Access Rate
What is the term for breaking up larger packets and sending delay-sensitive packets
between the larger packets? LFI Link Fragmentation and Interleaving
Where is the use of LFI most effective? Links with 768k or less bandwidth
What happens after PPP compression is enabled on a link? PPP starts the CCP
Compression Control Protocol NCP
What does the PPP NCP CCP Compression Control Protocol do? Negotiates and manages
the compression process
How do you configure PPP TCP or RTP header compression on an interface?
Interface:<div><b>ip </b>{<b>tcp </b>| <b>rtp</b>} <b>header-
compression</b></div><div><b><br /></b></div><div>This is considered legacy, and
class-based policy-maps should be used instead.</div>
When DAI is enabled, what is the default rate limit of ARP messages accepted per
port per second? 15
What is the default rate at which a port enabled for DHCP Snooping will accept DHCP
messages? Unlimited by default
True or False: IP Source Guard using static bindings does not depend on DHCP
Snooping. False, DHCP Snooping must be enabled, even if static bindings are used.
When enabling IP Source Guard, what does the <b>port-security </b>keyword do?
The <b>port-security </b>keyword enables verification of both IP
and MAC.
What devices exchange EAPoL frames? 802.1X supplicant and authenticator
With 802.1X enabled, how do you configure a port for authentication?

Interface:<div><b>authentication port-control </b>{<b>auto </b>|
<b>force-authorized </b>| <b>force-unauthorized</b>}</div>
How do you enable a device for 802.1X authentication? Globally:<div><b>aaa

authentication dot1x default group radius</b></div><div><b>dot1x system-auth-
control</b></div>
How do you adjust the parameters for individual traffic types with Storm Control?
Interface:<div><b>storm-control </b><i>traffic-type </i><b>level </
b><i>rising </i>[<i>falling</i>]</div><div><br /></div><div><i>traffic-
type </i>is either broadcast, multicast, or unicast, and is set individually
with multiple statements.</div><div><br
/></div><div>The <b>level </b>refers to the rate of packets as either a
percentage of the link bandwidth, bps, or pps, and can have separate rising and
falling thresholds.</div>
What types of ACLs use the numbered range of 1-99 and 1300-1999? IP Standard
What types of ACLs use the numbered range of 100-199 and 2000-2699? IP Extended
What is uRPF strict mode? Strict mode uses the <b>rx </b>keyword, and

causes the router to check incoming packets to see if the router has a route back
to the source IP address out of the interface the packet was received on.
What is uRPF loose mode? When a router receives a packet, it examines the
source IP address and verifies that it has any route in its routing table to reach
the source (ignoring the default route by default).
What are the two modes of operation for Cisco IOS TCP Intercept? Watch
mode<div>Intercept mode</div>
How does Cisco IOS TCP Intercept operate in Watch mode? In Watch mode, it keeps
state information for TCP connections that match an ACL, and if TCP does not
complete the 3-way handshake within a particular time period, TCP Intercept sends a
TCP RST to the destination to clean up the connection. Watch mode also temporarily
denies new TCP requests if more than 1100 occur in one second.
How does Cisco IOS TCP Intercept operate in Intercept mode? In Intercept mode,
the router replies to TCP SYNs instead of forwarding them. If the 3-Way Handshake
completes, the router creates a TCP connection to the destination, then stitches
the two connections together.
What is the purpose of the <b>ip nhrp network-id </b>command? On the

DMVPN Tunnel Interface, <b>ip nrhp network-id </b><i>id </i>enables
NHRP, which is critical to the operation of DMVPN. All routers and interfaces
configured with the same ID belong to the same DMVPN.
When configuring an ISAKMP PSK for use with DMVPN, what value should the <b>address
</b>be set to? 0.0.0.0
When configuring an ISAKMP PSK for use with DMVPN, why should the <b>address </b>be
set to 0.0.0.0? With DMVPN, use 0.0.0.0 for the address since the configuration
relies on dynamic IP addresses on the spoke routers.
What is adding DMVPN spokes without changing configuration on the hub referred to
as? Zero-touch provisioning
What is the IPv6 address format of an automatic 6to4 tunnel border router?
2002:<i>border-router-IPv4-address</i>::/48
Which type of IPv6 address is represented?<div><br

/></div><div>2001:0db8:0abc:0def:0000:5efe:ac14:1401</div> ISATAP
Which type of IPv6 addressing is represented here?<div><br /></div><div><i>64-bit-

prefix</i>:0000:5efe:<i>ipv4-in-hex</i></div> ISATAP
True or False: RAs are enabled by default on tunnel interfaces. False, RAs are
disabled by default on tunnel interfaces.
What is the relationship between ISATAP tunnel interfaces and IPv6 RAs? RAs
are disabled by default on tunnel interfaces, but must be enabled on ISATAP
tunnels.
With class-based shaping, what is the Tc value when the rate is more than 320 kbps?
25 ms
With class-based shaping, what is the Bc value when the rate is more than 320 kbps?
Tc (25 ms) * shaping rate
What allows more than two devices to exchange traffic securely without requiring a
high number of SAs? GET VPN
With GET VPN, what is generated by the Key Server and used by the Group Members to
encrypt data? TEK Transport Encryption Key
With GET VPN, what is used to encrypt information between the Key Server and the
Group Members? Key Encryption Key
What is the difference between forwarded and local TTL propagation in MPLS
networks? Forwarded TTL propagation carries the original packet's TTL value
through the MPLS network, decrementing the value at each hop.<div><br
/></div><div>Local TTL propagation carries the TTL generated by packets sourced
from the MPLS router itself, staying inside the MPLS network.</div>
What are the two types of MPLS TTL propagation in Cisco IOS? TTL propagation
can be enabled/disabled individually for forwarded traffic, and for locally-
originated traffic. For example, you can disable TTL propagation for forwarded
traffic, which effectively hides the internals of the MPLS network between the CEs,
but still have locally-originated traffic propagate the TTL in order to use tools
like traceroute internally to the MPLS network.
When establishing TCP connections in LDP, what IP address is used if the transport
address is not specified? The LDP ID
What happens after LDP neighbors are discovered? TCP connections are
established over port 646, and local label bindings are advertised.
How is LDP neighbor discovery performed? Hellos are multicast to 224.0.0.2 UDP
port 646
After LDP neighbor discovery, what is the responsibility of the neighbor with the
highest LDP ID?
Initiate the TCP connection between neighbors to exchange label bindings
E
What is the IOS-XE Forwarding Engine Driver (FED)? The FED allows the drivers to
affect the data plane, and is provided by the platform (similar to a network card
driver in a traditional operating system)
"What does ""MD5 digest checksum mismatch"" mean when issuing the <b>show vtp
status </b>command? " Mismatched VTP password
What is the DF bit in the IPv4 header commonly used for? Path MTU Discovery
What mechanism facilitates Path MTU Discovery? The DF (don't fragment) bit in the
IPv4 header
What is the MF bit in the IPv4 header? The MF bit is set in all packet fragments
except for the final fragment.
What collects information about flows and is applied to an interface and

includes records, a cache, and optionally a flow exporter. Netflow monitor
What transfers the cached flow information to outside systems, which is

typically a server running a NetFlow collector? Netflow exporter
What allows specifying the sample size of traffic in order to reduce the load
on the NetFlow-enabled device? Netflow sampler
During routing protocol migration, when must you configure redistribution from the
current IGP into the new IGP on each router?
If the new IGP is RIP or EIGRP
What is associated with UDP port 520? RIPv2
What uses multicast address 224.0.0.9? RIPv2
What does RIPv2 use to ask a neighbor to send a partial or full RIP update
immediately, instead of waiting for the Update timer to expire? Request message
What is the term for advertising a route with an infinite metric in effort to more
rapidly remove it from routing tables? Route poisoning
What is the term for immediately sending a new update when routing information
changes? Triggered / flash update
What information is sent in a RIPv2 triggered update? Only the changed
networks
What is the default RIPv2 Update timer? 30 seconds
What happens if the RIPv2 Flushed After timer is set to less than the Invalid After
timer? The Flushed After timer is not taken into consideration until after the
Invalid After timer has expired. The route is not removed from the routing table
until the Invalid After timer has expired.
What is the term for when RIPv2 sends a full update only once, and then is silent
until changes are made? Triggered extensions
How do you enable RIPv2 triggered extensions? Interface:<div><b>ip rip

triggered</b></div>
With RIPv2, there is an increased chance of transient routing loops being formed
during convergence as a result of what? Lowering the RIP timers
What is associated with UDP port 521? RIPng
What is associated with multicast address FF02::9? RIPng
What is associated with multicast address 224.0.0.10? EIGRP
What is associated with multicast address FF02::A? EIGRP
Why is the EIGRP wide metrics composite value scaled for the RIB? The IOS RIB
supports only 32-bit metrics, so the EIGRP 64-bit wide metrics composite value must
be scaled down. EIGRP makes all path selection decisions based on the full metric,
and the metric is only scaled down when it is placed in the local RIB.
What is contained in an EIGRP Reply message? The sender's current distance to

the destination after taking into account the topology change that prompted the
Query.
The EIGRP sender's current distance to the destination after taking into account
the topology change that prompted the Query is contained in what message? EIGRP
Reply
What is the EIGRP SRTT used for? It is used as part of the calculation of the
neighbor multicast flow timer, and the RTO retransmission timeout.
What is the EIGRP RTO? The RTO retransmission timeout is the time between
subsequent unicasts to be sent after normal multicasts have failed.
What controls the amount of time before EIGRP messages are unicast after normal
multicasts have failed? The EIGRP RTO retransmission timeout
What timer controls how long to wait for an ACK before declaring an EIGRP neighbor
as lagging, and switching from multicast to unicast transmissions? The EIGRP
multicast flow timer
What is the basis for the EIGRP multicast flow timer and RTO values? Both timers
are calculated based on the SRTT of the neighbor. This allows for each neighbor to
have different automatically-calculated timers.
What two EIGRP timers are based on the SRTT of a neighbor? Multicast flow
timer<div>RTO retransmission timeout</div>
What is the result of the EIGRP neighbor hold timer expiring? The neighbor is
declared unreachable and DUAL is informed of the loss of a neighbor.
EIGRP Hello, Ack, and Null Update with the Init flag set are the only packets that
can be exchanged during which EIGRP neighbor state? Pending
What is the internal number EIGRP assigns to each neighbor for reference? Handle
What is the EIGRP metric to a particular destination as received from a particular

neighbor. Reported Distance
What is the result of the EIGRP Reported Distance + cost of the link to the
advertising neighbor? Computed Distance
What is the historical record of the smallest known EIGRP Computed

Distance toward a particular destination since its last transition from Active to
Passive? Feasible Distance
What is the EIGRP term for a neighbor's Reported Distance being less than the
current Feasible Distance to a destination? Feasibility Condition
What is an EIGRP Feasible Successor? Any neighbor that can guarantee a loop-
free path toward a particular destination is said to have met the Feasibility
Condition and is therefore a Feasible Successor.
What happens if an EIGRP router receives a Query and determines its current
Feasible Successors are still valid? The router sends a Reply back to the
neighbor with its information about the destination
What happens if an EIGRP router receives a Query and determines its current
Feasible Successors are no longer valid? The route becomes Active and the router
starts its own Query process
What does the following refer to?<div><br /></div><div>A0: Local Origin with
Distance Increase<div>A1: Local Origin</div><div>A2: Multiple Origins</div><div>A3:
Successor Origin</div></div> The four EIGRP FSM Active states. The names
refer to the origin of the diffusing computation, e.g. which router appears to have
started it.
What happens if the EIGRP Active time expires? If all expected Replies are not
received before the Active timer expires, the route is designated SIA and the
neighbor(s) that did not send back a Reply are removed from the neighbor table and
their adjacencies are torn down.
What happens if an EIGRP neighbor does not respond with a Reply within half of the
Active timer time (90 seconds by default)? An SIA-Query message is sent
What happens if you issue EIGRP commands on an interface when using EIGRP named
mode? The commands are ignored, and must be configured under the EIGRP af-
interface, not directly on the interface itself.
What configuration causes EIGRP to retain all Successor's addresses as the

next-hop in EIGRP advertisements, and not just the first entry in the topology
table? Interface:<div><b>no next-hop-self no-ecmp-mode</b></div>
What does the EIGRP interface <b>no next-hop-self no-ecmp-mode </b>command do?

This causes EIGRP to retain all Successor's addresses as the next-hop in
EIGRP advertisements, not just the first entry in the topology table.
When the <b>eigrp stub </b>command is used, what are the default advertisement
options? <b>connected </b>and <b>summary </b>are used if the options are not
explicitly set.
How is encryption performed differently between DMVPN and EIGRP OTP? DMVPN relies
on IPsec tunnel encryption, whereas EIGRP OTP uses GETVPN.
How do DMVPN and EIGRP OTP perform encapsulation differently? DMVPN encapsulates
both data plane and control plane traffic inside mGRE.<div><br /></div><div>OTP
uses LISP UDP encapsulation for the data plane, and the control plane uses native
EIGRP without encapsulation.</div>
What is an EIGRP Goodbye message? A Hello message with all K-values set to 255
What type of EIGRP message has all K-values set to 255? Goodbye message
What happens during an EIGRP graceful restart? Topology databases between the
router and its neighbors are resynchronized without the neighbor relationship being
torn down.
The identity of one or more OSPF LSAs that the sending router would like the
neighbor to supply full details about are contained in what? LSR Link-State
Request message
What OSPF packet type contains fully detailed LSAs? LSU Link-State Update
What does an NSAP address represent? An address of a particular network

service on a particular network node
What do the fields in the IDP of an NSAP address indicate? Together, they indicate
the routing domain (autonomous system) in which the node is located.
With NSAP addressing, what indicates the routing domain (AS) in which the node is
located? The IDP Initial Domain Part, which consists of the AFI Authority and
Format Identifier, and the IDI Initial Domain Identifier.
What does the OSI NET Network Entity Title identify? When the SEL is 0, no
particular service is being addressed, and the entire NSAP address identifies the
destination node itself without referring to any particular service.
OSI Level 0 routing is similar to what in IPv6? Level 0 routing is also known
as ES-IS routing. This is similar in concept to IPv6 RA and NA messages.
The following are characteristics of which DMVPN phase?<div><br /></div><div>-
Summarization is not allowed on the hub<div>-Default routing is not allowed on the
hub</div><div>-Spokes must always maintain next-hop reachability</div></div>
DMVPN Phase 2
The following are characteristics of which DMVPN phase?<div><br /></div><div>-

Summarization is allowed on the hub<div>-Default routing is allowed on the
hub</div><div>-Next-hop values on the spokes are always modified</div></div>
DMVPN Phase 3
During which phase do two devices verify whether they speak PPP and negotiate basic
link operation parameters? Link Establishment Phase
The following functions are provided by what aspect of PPP?<div><br /></div><div>-

Verify devices speak PPP<div>-Verify link is not looped</div><div>-Negotiate basic
parameters</div><div>-Verify session liveliness</div><div>-Tear down session if
either device requests it</div></div> LCP Link Control Protocol
What PPP message is sent when certain parameters of unacceptable, but negotiable?
CONFNAK
What PPP message is sent when certain parameters of unacceptable, and

nonnegotiable? CONFREJ
The configuration details of a particular PPPoE concentrator instance, such as the

concentrator name presented to clients, maximum number of attached clients, and a
reference to the Virtual-Template, are contained in what? bba-group
What function replaces ARP in IPv6? Neighbor Solicitation
What three main functions are performed by IPv6 Neighbor Solicitation? -

Discover link-layer IPv6 address of neighbor (replaces ARP)<div>-Duplicate Address
Detection</div><div>-Determine reachability of neighbor</div>
With IPv6, the following three functions are performed by what?<div><br

/></div><div>-Discover link-layer IPv6 address of neighbor (replaces ARP)<div>-
Duplicate Address Detection</div><div>-Determine reachability of
neighbor</div></div> Neighbor Solicitation
What is the IPv6 All Nodes multicast address? FF02::1
What is the IPv6 address FF02::1 associated with? All Nodes
What is the IPv6 All Routers multicast address? FF02::2
What is the IPv6 address FF02::2? All Routers
What are the two high-level steps of the SLAAC process? -Host receives RA
message and updates its default router list, neighbor cache, and prefix list<div>-
Host uses info from RA to create modified EUI-64 IPv6 address for all received
prefixes</div>
How do you enable a Cisco IOS device to configure an IPv6 address via SLAAC?
Interface:<div><b>ipv6 enable</b></div><div><b>ipv6 address
autoconfig</b></div>
How do you view the addresses and interfaces on which IPv6 RA messages have been
received? <b>show ipv6 routers</b>
How are multicast MAC addresses generated from multicast IPv6 addresses? 33:33
+ Last four bytes of multicast IPv6 address<div><br /></div><div>Example: FF02::1 =
3333.0000.0001</div><div>Example: FF02::1:FF11:1111 = 3333.FF11.1111</div>
What does the following command do?<div><br /></div><div><b>ipv6 address autoconfig

default</b></div> This interface command uses SLAAC to configure the IPv6
address on the interface based on received RA messages, and to install a default
route automatically to the routers advertising the RA messages.
True or False: IPv6 RA messages are sent by default on Serial and Ethernet
interfaces after IPv6 unicast-routing is enabled. False: They are sent on
Ethernet interfaces automatically, but must be explicitly enabled on Serial
interfaces with:<div><br /></div><div><b>no ipv6 nd ra suppress</b></div>
How do you enable the sending of IPv6 RA messages on a serial interface?

Interface:<div><b>no ipv6 nd ra suppress</b></div>
"How do you set the ""M"" flag in outgoing IPv6 RA messages? "
Interface:<div><b>ipv6 nd managed-config-flag</b></div>
"How do you set the ""O"" flag in outgoing IPv6 RA messages? "
Interface:<div><b>ipv6 nd other-config-flag</b></div>
"What is the IPv6 RA ""M"" flag? " "The ""M"" flag indicates to the receiver that
it should receive its entire IPv6 configuration using DHCP, with the exception of
the default gateway address, since that is already conveyed in the RA message."
How do IPv6 routers indicate to hosts that they should receive their entire IPv6
addressing information from a DHCPv6 server? "By setting the ""M"" flag in
outgoing RA messages."
"What is the IPv6 RA ""O"" flag? " "The ""O"" flag indicates that a host should
obtain its IPv6 address and gateway from SLAAC, and use DHCPv6 to acquire all other
information (such as DNS servers)."
What is an indication in an IPv6 RA message that the receiving device should set
its IPv6 address and default gateway via SLAAC, but use DHCPv6 for all other
settings, such as DNS servers? "Setting the ""O"" flag"
"What happens if an IPv6 host receives RA messages with either the ""M"" or ""O""
flags set? " It is up to the host as to whether or not the flags will be
honored. For example, a router can send an RA with either of the flags set, but it
will be ignored if the host already has a static configuration.
In Cisco IOS, what does the interface command <b>ipv6 enable </b>do? This command
allows the interface to have a link-local address.
How do you view the parameters received from a DHCPv6 server? <b>show ipv6 dhcp
interface</b>
What is the DHCPv6 four-stage process?

Solicit<div>Advertise</div><div>Request</div><div>Reply</div>
How do you configure DHCPv6 relay? Interface:<div><b>ipv6 dhcp relay destination

</b><i>ipv6-address interface</i></div>
What is the DHCPv6 Rapid Commit feature? Rapid Commit allows a DHCPv6 client to
obtain its information from the DHCPv6 server with the exchange of two messages,
instead of four. This feature must be configured on both the server and client.
What messages are exchanged during DHCPv6 Rapid Commit? Solicit<div>Reply</div>
How do you enable the DHCPv6 Rapid Commit feature on the client side?
Interface:<div><b>ipv6 address dhcp rapid-commit</b></div>
How do you enable the DHCPv6 Rapid Commit feature on the server side?
Interface:<div><b>ipv6 dhcp server </b><i>pool </i><b>rapid-commit</b></div>
What is IPv6 prefix delegation? Prefix delegation is a mechanism to assign

entire prefixes to a downstream router, which can then be further subnetted at
will.
What is the IPv6 mechanism to assign an entire prefix to a downstream router, which
can then be further subnetted at will? IPv6 prefix delegation
For IPv6 prefix delegation, how do you configure the pool of prefixes available for
assignment? Global:<div><b>ipv6 local pool </b><i>pool ipv6-prefix/length
sublength</i></div><div><i><br /></i></div><div>Example:</div><div><b>ipv6 local
pool Pool1 2001:1:1::/48 56</b></div><div><b><br /></b></div><div>This example
provides assignment for up to 256 /56's within the parent /48</div>
For IPv6 prefix delegation, how can you view how many prefixes have been assigned
for each pool? <b>show ipv6 local pool</b>
How do you configure a DHCPv6 pool to permanently assign delegated prefixes?

<b>ipv6 dhcp pool </b><i>name</i><div> <b>prefix-delegation
pool </b><i>pfx-pool </i><b>lifetime infinite infinite</b></div>
How do you configure an interface to request a DHCPv6 delegated prefix?

Interface:<div><b>ipv6 dhcp client pd </b><i>tag</i></div><div><i><br
/></i></div><div>Where <i>tag </i>is assigned locally and used for reference in
other configuration commands (such as for further subnetting the prefix on another
interface).</div>
How do you configure an IPv6 address to be assigned based on a previously-received

delegated prefix? Interface:<div><b>ipv6 address </b><i>tag
prefix/length</i></div><div><i><br /></i></div><div>Where <i>tag </i>refers to the
DHCP-requested delegated prefix from a different interface, and <i>prefix/length
</i>is the value appended to the delegated prefix.</div><div><br
/></div><div>Example: <b>ipv6 address Pfx1 ::2:0:0:0:20/64</b></div><div><b><br
/></b></div><div>If Pfx1 = 2001:0:1, the final prefix would be
2001:0:1:2::20/64</div>
How do you configure IPv6 prefix delegation on the upstream router? <b>ipv6
local pool </b><i>Pfx1 pfx/len delegated-length</i><div><b>ipv6 dhcp pool
</b><i>Pool1</i></div><div> <b>prefix-delegation pool </b><i>Pfx1
</i><b>lifetime </b><i>valid-lifetime preferred-lifetime</i></div><div><b>interface
</b><i>interface</i></div><div> <b>ipv6 dhcp server </b><i>Pool1</i></div>
What is the minimum configuration for enabling EIGRP for IPv6 in named mode?
<b><div></div></b><b>ipv6 unicast-routing</b><div><b>router eigrp</b>
<i>name</i><div> <b>address-family ipv6 unicast as
</b><i>asn</i></div><div> <b>eigrp router-id
</b><i>rid</i></div><div><i><br /></i></div><div>EIGRP is automatically enabled on
all interfaces at this point.</div></div>
How can you filter out all EIGRP External routes without using a route-map or
prefix-list? EIGRP process:<div><b>distance eigrp 90 255</b></div>
How does configuring a static IPv6 address on an interface affect IPv6

autoconfiguration features? All autoconfiguration features are disabled when a
static IPv6 address is configured.
What is the default <b>match </b>type in a class-map if not specified?

<b>match-all</b>
Where do you apply Generic Traffic Shaping? Directly on the interface
True or False: Generic Traffic Shaping supports selectively shaping via ACLs.
True
What are the three main entities of SNMPv3? -Users<div>-Groups</div><div>-

Views</div>
What are SNMPv3 Views? SNMPv3 Views define subsets of MIBs visible to groups.
What are the three SNMPv3 security levels?

-NoAuthNoPriv<div>-AuthNoPriv</div><div>-AuthPriv</div>
With SNMPv3, what is a requirement for sending traps? With SNMPv3, traps must
have a user associated with them.
What are the three types of SNMPv3 Views? -Read<div>-Write</div><div>-

Notify</div>
What two things are common between RARP, BOOTP, and DHCP? All three protocols
require the client host to send a broadcast to begin discovery, and all three
protocols rely on a server to hear the request and supply an IP address to the
client.
How does RARP work? A client sends an ARP request containing its MAC as the
target, with the target IP 0.0.0.0. The RARP server, if configured with the host's
MAC address in its lookup table, sends an ARP reply with the host's IP address in
the Source IP address field.
Where in the network must a RARP server be placed? RARP works based on normal
ARP messages, and therefore must be on the same L2 network segment as the RARP
clients.
Wh
What are the four main NSAP address formats? 39 Data Country Code<div>45
E.164</div><div>47 International Code Designator</div><div>49 Locally Defined</div>
All packets belonging to the same MPLS FEC have the same ___. Label<div><br
/></div><div>However, not all packets with the same label belong to the same
FEC</div>
What is the default behavior with regard to marked traffic on Catalyst switches
when <b>mls qos </b>is enabled? The markings on all incoming traffic is dropped
unless the interface is configured to trust the existing markings.
With class-based policing, if the Bc value is not specified, what is the default?
CIR / 32 or 1500 bytes, whichever is higher.
What happens if you configure a Bc size to be less than the CIR / 32? IOS does not
allow the burst size to be less than CIR / 32 or 1500 bytes. <div><br
/></div><div>For example, if you attempt to configure a CIR of 10 Mbps with a Bc of
1000 bytes, IOS notifies you that it is automatically increasing the burst size to
5000 bytes.</div>
How can you match on an IP or MAC address in a class-map without using <b>match
source-address </b>[<b>mac</b>]? Create an IP or MAC ACL and reference it in the
class-map with <b>match access-group </b><i>ACL</i>
With class-based shaping, what is the Be value if not specified? The Be value
is equal to the Bc value, unless explicitly configured.
What is the result of Bc / CIR? Tc
What are the two major benefits of using GRE tunnels with IPsec as opposed to
legacy crypto maps? Crypto maps require mirrored ACLs for each SA, whereas GRE
tunnels with IPsec protect all traffic. This allows for the second major benefit,
the ability to run dynamic routing protocols instead of using static routes.
How can you view information about PIM on the configured interfaces? <b>show ip
pim interface</b>
How can you view information (versions, timers, etc.) about IGMP on the configured
interfaces? <b>show ip igmp interface </b><i>interface</i>
How do you configure the maximum number of mroute states created as a result of
IGMP host membership reports? Global or per-interface:<div><b>ip igmp limit
</b><i>number</i></div>
How do you manually configure the LDP RID? Globally:<div><b>mpls ldp router-
id</b></div>
True or False: The value used for the LDP RID must be reachable on the network.
True. Unlike OSPF, the LDP RID represents an actual IP address, and is used
for transport. If not set manually, it follows the same auto-assignment rules as
other protocols (highest loopback IP, etc), but whether set manually or not, it
must be reachable on the network.
What is used in newer IOS versions to register with the RP instead of unicast-
encapsulated multicast register messages? Automatic PIM-SM tunnel interfaces.
How can you view information about automatic PIM-SM tunnels? <b>show ip pim
tunnel</b><div><b><br /></b></div><div>Displays type (PIM Encap or PIM Decap), RP
address, source address</div>
What is the purpose of the <b>ip multicast boundary </b>command? This

interface command can reference an ACL to prevent state from specified multicast
groups from being installed.
What does the command <b>ip pim dm-fallback </b>do? When an interface is
configured for sparse-dense mode, if an RP is not found for a particular multicast
group, the interface attempts to locate the multicast source via PIM-DM.
What is the default behavior of an interface configured for PIM sparse-dense-mode

if it cannot find the RP for a particular multicast group? The default <b>ip pim
dm-fallback </b>command instructs the router to attempt to find the multicast
source via PIM-DM.
What are the default LDP Hello and Hold timers? 5 / 15 seconds
How do you perform conditional debugging? Specify the desired traffic with an
ACL, then reference it with:<div><b>debug ip packet detail </b><i>acl</i></div>
What does the Peer LDP Ident 1.2.3.4:0 indicate? The peer IP address is
1.2.3.4 and its label space is platform-wide (indicated by :0, any other value
indicates per-interface label space).
What is the difference between the two types of LDP neighbor discovery? Basic
is used to discover directly-connected neighbors.<div><br /></div><div>Extended
uses targeted IP addresses to discover neighbors that are not directly
connected.</div>
How do you adjust the LDP discovery timers? Globally:<div><b>mpls ldp discovery
hello </b>{<b>interval </b>| <b>holdtime</b>} <i>seconds</i></div>
How do you adjust the LDP session timers? Globally:<div><b>mpls ldp holdtime
</b><i>seconds</i></div><div><i><br /></i></div><div>The keepalive time is
automatically set to 1/3 the value.</div>
When manually configuring the LDP router ID, what does the <b>force </b>keyword do?
The <b>force </b>keyword causes all LDP TCP sessions to be reset.
How do you verify which range of MPLS labels are available for assignment?
<b>show mpls label range</b><div><b><br /></b></div><div>Default 16 -
100,000</div>
What is the default range of MPLS label values on IOS? 16 - 100,000
How do you adjust the range of MPLS labels available for assignment?
Global:<div><b>mpls label range </b><i>start end</i></div><div><i><br
/></i></div><div>Note: adjusting this value requires a reload before taking
effect.</div>
What is the reserved MPLS label value for implicit null? 3
Why does the default MPLS label value range begin at 16? Values 0 - 15 are
reserved by IANA and are never to be made available for allocation.
How do you prevent LDP from advertising labels, without completely disabling LDP?
Global:<div><b>no mpls ldp advertise-labels</b></div>
How do you conditionally advertise MPLS labels? Global:<div><b>mpls ldp

advertise-labels for </b><i>ACL1 </i><b>to </b><i>ACL2</i></div><div><i><br
/></i></div><div>Where <i>ACL1 </i>indicates prefixes for which labels will be
generated, and <i>ACL2 </i>indicates prefixes for which the labels will be
advertised to.</div>
How can you disable LDP for a particular interface? Interface:<div><b>no mpls ldp
igp autoconfig</b></div>
What does the <b>mpls ldp autoconfig </b>command do? Enables LDP for a particular
OSPF or IS-IS process. You can optionally specify the OSPF area or IS-IS level as
part of the command.
What is LDP session protection? LDP session protection is a targeted session

between two LDP neighbors (typically via loopback interfaces) so that if a link
between the two neighbors goes down, the TCP session and neighborship remains
active.
How do you enable LDP session protection? Globally:<div><b>mpls ldp session

protection</b></div>
How do you configure a router to participate in LDP session protection without

enabling LDP session protection on the router itself? Global:<div><b>mpls ldp
discovery targeted-hello accept</b></div>
What is a consequence of entering the <b>no bgp default ipv4-unicast </b>command?

Prefixes are not exchanged between neighbors unless activated until the
respective address family.
What type of OSPF routers are MPLS PE's considered? ABR
When forwarding to a destination, what is a requirement for multipoint interfaces

that does not apply to point-to-point interfaces? Layer 3 to Layer 2 resolution
How can you verify the NHRP cache? <b>show ip nhrp</b>
With PBR, what does a route-map <b>deny </b>clause indicate? The matched
criteria should use normal forwarding, not policy routing.
How do you verify if PBR is working? <b>debug ip policy</b>
What are the two primary causes of tunnel recursive routing errors? Metric or AD
errors
What is the limitation of creating summary routes with RIPv2? The summary cannot
be larger than the major network. For example, you cannot create a summary address
including both 4.0.0.0/8 and 5.0.0.0/8.<div><br /></div><div>EIGRP does not have
this limitation.</div>
True or False: EIGRP maintains completely separate topologies and performs separate
DUAL calculations when both IPv4 and IPv6 are used simultaneously. True
What is a caveat of enabling authentication on an OSPF virtual link? Because the

VL runs as a demand circuit, you must clear the VL after authentication is applied
for it to take effect.
For DMVPN Phase2, what is the next-hop IP address advertised by the hub for a
particular spoke? The spoke's overlay IP address
For DMVPN Phase3, what is the next-hop IP address advertised by the hub for a
particular spoke? The hub's overlay address. For spoke-to-spoke traffic, the
hub sends an NHRP redirect to inform the source spoke of the destination spoke's
NBMA address.
If multiple EIGRP processes are running and there are multiple equal matches to the
same prefix, which one is installed in the RIB? The prefix from the lowest
EIGRP ASN
If multiple OSPF processes are running and there are multiple equal matches to the
same prefix, which one is installed in the RIB?
The prefix from the lowest OSPF PID
What is the AD of NHRP? 250
What protocol has the AD 250? NHRP
How can you troubleshoot LDP adjacencies in realtime? <b>debug mpls ldp
transport events</b>
How can you verify the VRF RT import/export policy? <b>show vrf detail</b>
How can you view realtime MPLS label binding information? <b>debug mpls ldp
binding</b>
How can you force re-import/export of route targets in a VRF? <b>clear ip route
vrf *</b>
How many crypto maps can be applied on an interface? One per physical
(sub)interface<div><br /></div><div>One crypto map can be applied to multiple
interfaces.</div>
What is the relationship between crypto maps and interfaces? One crypto map per
(sub) interface. However, one crypto map can be applied to multiple interfaces.
How do crypto maps interact with routing and NAT? Crypto maps are applied to
outbound traffic on an interface, after NAT and routing have occurred. This means
static routing and/or NAT exemption may be required.<div><br /></div><div>Routing,
NAT, and crypto are independent of each other.</div>
When multiple ISAKMP policies are configured between two devices, what is the
result of this configuration:<div><br /></div><div>Router A:</div><div> -
Priority 10: Higher requirements</div><div> -Priority 20: Lower
requirements</div><div><br /></div><div>Router B:</div><div> -Priority 10:
Lower requirements</div><div> -Priority 20: Higher requirements</div>
"ISAKMP priorities are processed top-down until a match occurs with the lower
priority value having a higher precedence. In this case, the ""lower requirements""
would be used due to it having a higher priority on Router B."
When using crypto maps with GRE tunnels, where should the crypto map be applied?
The crypto map should be applied to the physical interface, not the tunnel
interface, for GRE over IPsec. Traffic is GRE encapsulated first, and encrypted
second. This allows for a single Proxy ACL entry to permit GRE traffic between the
endpoints.
How does GRE over IPsec work? By applying the crypto map to the physical
interface instead of the tunnel interface, traffic is GRE encapsulated first, and
encrypted second. This allows for a single Proxy ACL entry to permit GRE traffic
between the endpoints.
How does GRE over IPsec break PMTUD? The MTU value is not copied between
headers, so the MTU of the GRE tunnel must be adjusted downward accordingly (1400
bytes is standard, with 1360 TCP MSS).
What are IPv6 Unique Local addresses? FC00::/7 (1111 110)<div><br

/></div><div>Equivalent to RFC 1918 private addressing, not routable via global
BGP</div>
What type of IPv6 address is this?<div><br /></div><div>FC00::/7</div> Unique

Local
What is an IPv6 general prefix? The general prefix allows multiple longer IPv6
addresses to be defined from a single shorter base prefix, which acts as a shortcut
for renumbering scenarios.
How do you configure an IPv6 general prefix? Globally:<div><b>ipv6 general-

prefix </b><i>name prefix/length</i></div><div><i><br
/></i></div><div>Example:</div><div><b>ipv6 general-prefix GenPfx
2001:db8:1234::/48</b></div>
How do you configure a more specific IPv6 address based on a general prefix?
Interface:<div><b>ipv6 address </b><i>gen-pfx-name
address/length</i></div><div><i><br /></i></div><div>Example:</div><div>Configured
general prefix: 2001:db8:1234::/48</div><div><b>ipv6 address GenPfx
0:0:0:5678::1/64</b></div><div>Results in final address
2001:db8:1234:5678::1/64</div>
How do you convert from an IPv4-only VRF to one that supports multiple address
families? <b>vrf upgrade-cli</b>
What is the general premise of both 6PE and 6VPE? Tunnel IPv6 traffic over MPLS
IPv4 core
What is the difference between 6PE and 6VPE? 6PE tunnels IPv6 traffic from the
global routing table over the MPLS IPv4 core<div><br /></div><div>6VPE tunnels IPv6
traffic from VRFs over the MPLS IPv4 core using the VPNv6 AF</div>
What is the purpose of creating a static mroute? To attempt to force multicast

traffic to use a different RPF than would otherwise be generated via PIM.
What does HSRP use for transport? UDP 1985 to 224.0.0.2
UDP 1985 to 224.0.0.2 is associated with what? HSRP
What is IP Protocol 112? VRRP
What IP Protocol is used by VRRP? 112
The sending of messages to 224.0.0.18 using IP Protocol 112 is associated with

what? VRRP
Where do VRRP messages get sent to? 224.0.0.18 using IP Protocol 112 for
transport
What is associated with IP address 224.0.0.102 port UDP 3222? GLBP
Where does GLBP send its messages to? 224.0.0.102 UDP 3222
What is the NAT/routing order of operations for inside addressing? Packets are
first routed, and then have sources translated since the destination addresses are
global.
What is the NAT/routing order of operations for outside addressing? Packets have
destinations that are untranslated first, so routing occurs after translation,
which allows proper routing for returning packets with translated sources.
What is 6RD? 6RD is IPv6 Rapid Deployment tunneling, which is similar to 6to4,
but more flexible.
What are the two main differences between 6RD and 6to4? 6RD does not require
addresses to have a 2002::/16 prefix<div><br /></div><div>6RD does not require all
32 bits of the IPv4 destination to be carried in the IPv6 payload header</div>
With EIGRP, how is FRR different from backups via Feasible Successors? While
EIGRP has fast convergence when feasible successors are present, FRR takes the
extra step of calculating a Loop-Free Alternate backup route, which is then entered
into the FIB. Feasible Successors must be promoted to the Successor, whereas FRR
places the FS into the FIB preemptively.
How do you enable EIGRP FRR? Topology base:<div><b>fast-reroute per-prefix

</b>{<b>all </b>| <b>route-map </b><i>route-map</i>}</div>
How can you view the list of configured EIGRP LFAs? <b>show ip eigrp topology
frr</b>
When defining a NAT pool, what does the <b>match-host </b>keyword do? When the
<b>match-host </b>keyword is used, the mapping between the local and global
addresses must use the same host number. For example, 10.10.10.5 could match to
20.20.20.5.<div><br /></div><div>The default is <b>rotary</b></div>
What allows static NAT mappings of one inside local address to multiple inside
global addresses? The <b>extendable </b>keyword:<div><br /></div><div><b>ip
nat inside source static </b><i>IL IG </i><b>extendable</b></div>
How do you configure multiple address ranges in a single NAT pool? <b>ip nat
pool </b><i>name </i><b>prefix-length </b><i>length</i><div> <b>address
</b><i>start end</i></div><div> <b>address </b><i>start end</i></div>
What is the base algorithm for IPv4/IPv6 translation called? Stateless IP/ICMP
Translation (SIIT), formerly NAT-PT
NAT-PT has been replaced by what? NAT64
How does NAT64 compare to NAT-PT with regard to DNS? NAT64 does not support DNS-
ALG, and the DNS translation is a separate DNS64 function.
What is a limitation of NAT64 with regard to session initiation? With NAT64,

IPv4 devices cannot initiate sessions to IPv6 devices without a static address
mapping in the translator. IPv6 devices can initiate sessions to IPv4 devices,
however.
True or False: Both NAT-PT and NAT64 support multicast translation. False, IP
multicast is not yet supported by any translation method.
How does Stateless NAT64 work? IPv4 addresses are embedded in the IPv6
address. The translator recognizes the address format and converts as
appropriate.<div><br /></div><div>The addresses are typically maintained in a DNS64
server, and can be assigned either manually or via DHCPv6.</div>
What is the IPv6 Well-Known Prefix used for IPv4 translation?

64:ff9b::/96<div><br /></div><div>The IPv4 address is encoded into the final
32 bits.</div>
How are locally-designated prefixes used with NAT64? The IPv6 prefix can be either
32, 40, 48, 56, 64, or 96 bits in length.<div><br /></div><div>The embedded IPv4
address begins directly after the prefix, with the exception of bits 64-71 which
are always set to 0 (except for the 96-bit prefix length which does not have any
null bits).</div><div><br /></div><div>With a prefix length of 32, all of the IPv4
address bits come before the null bits 64-71. With a prefix length of 64, all IPv4
address bits are after the null bits. Prefix lengths 40, 48, and 56 divide the IPv4
address bits around the null bits.</div>
What is an advantage of Stateful NAT64 with regard to addressing? Stateless

NAT64 requires a 1:1 mapping between IPv4 and IPv6 addresses. However, Stateful
NAT64 can map multiple IPv6 addresses to a single IPv4 address.
Without additional configuration, what is the default version of SNMP used on Cisco
IOS? SNMPv1
Which is performed first, NAT or routing, from the inside to the outside? Inside
= Routing then NAT
Which is performed first, NAT or routing, from the outside to the inside?
Outside = NAT then Routing
What are the names of the nodes in the 3-node OpenStack architecture? Controller
node<div>Network node</div><div>Compute node</div>
What are the three primary causes of unicast flooding? Asymmetric

routing<div>STP topology changes</div><div>Forwarding table overflow</div>
What is contained inside the Cisco ACI Tenant construct? Contexts
What is a Cisco ACI Context? A collection of VRFs and IP address spaces. Each ACI
Tenant can have one or more contexts, and the EPs and EPGs define the application
within each context
What is a Cisco ACI EPG? End Point Group, a collection of EPs that provide a
similar function. EPGs are defined by NIC, vNIC, port group, IP address, and DNS
names
What is a Cisco ACI ANP? Application Network Profile, a collection of EPGs,

their connections, and related policies
What is the cluster of controllers that provide a single point of control, a

central API, a central repository of global data, and a repository of policy data
for Cisco ACI? Cisco APIC Application Policy Infrastructure Controller
What is the primary function of the Cisco APIC? To provide policy authority
and policy resolution mechanisms for Cisco ACI and devices attached to Cisco ACI.
What is the EPC capture point? The traffic transit point where a packet is
captured and associated with a buffer, such as the IPv4/IPv6 CEF switching path
with interface input and output.
What are the two requirements for configuring EPC? A capture buffer and a
capture point need to be defined. The capture point should be associated with the
capture buffer.
What are the four major steps of capturing data with EPC? -Create the buffer
(traffic to be captured)<div>-Define the capture point</div><div>-Associate the
capture point with the buffer</div><div>-Start the capture point (and optionally
stop)</div>
How do you configure an EPC capture buffer? <b>monitor capture buffer

</b><i>name options</i><div><i><br /></i></div><div>options include clearing or
exporting the buffer, filtering, and limiting by duration, packet count, packets
per second, and size</div>
How do you configure an EPC capture point? <div>CEF:</div><b>monitor capture

point </b>{<b>ip </b>| <b>ipv6</b>} <b>cef </b><i>name interface </i>{<b>in </b>|
<b>out </b>| <b>both</b>}<div><br /></div><div><div>Process
Switched:</div><b>monitor capture
point </b>{<b>ip </b>| <b>ipv6</b>} <b>process-
switched </b><i>name </i>{<b>in </b>| <b>out </b>| <b>both
</b>| <b>from-us</b>}</div>
How do you configure an EPC association? <b>monitor capture point associate

</b><i>capture-point-name capture-buffer-name</i>
How do you activate an EPC session? <b>monitor capture point start

</b>{<i>capture-point-name </i>| <b>all</b>}<div><br /></div><div>Stop the capture
with the same command, replacing <b>start </b>for <b>stop</b></div>
How do you export an EPC session? <b>monitor capture buffer </b><i>name

</i><b>export </b><i>location</i>
What is the difference between an EEM applet and an EEM script? An applet is a
form of policy defined within the CLI configuration<div><br /></div><div>A script
is a form of policy written in TCL</div>
What is the EEM component that monitors the system for particular conditions?
Event Detector, of which there are multiple types (CLI event, IP SLA event,
Syslog event, etc).
What is the EEM response to a detected event? EEM Actions, such as executing
particular CLI commands, sending an email, generating SNMP trap, etc.
What is the BGP Site-of-Origin (SoO) attribute? The SoO is an extended

community used to identify routes originating from a particular site for the
purpose of preventing readvertisement back into the source site to prevent routing
loops.
What are the general use cases for the EIGRP Site-of-Origin (SoO) feature? EIGRP
SoO is used for per-site VPN filtering:<div>-MPLS VPNs with backdoor
links</div><div>-CE routers dual-homed to different PE routers</div><div>-PE
routers that support CE routers from different sites in the same VRF</div>
What is the difference between PIMv1 and PIMv2 with regard to transport? PIMv1
uses IGMP for transport<div>PIMv2 uses IP Protocol 103</div>
What is the PIM requirement of using BSR? PIMv2 is required
When calculating the EIGRP classic composite metric, what are the delay values
measured in? 10s of Âµs<div><br /></div><div>1 Gbps = 1 (one 10s of
Âµs)</div><div>100 Mbps = 10 (ten 10s of Âµs)</div><div>10 Mbps = 100 (one hundred
10s of Âµs)</div>
When calculating the EIGRP classic composite metric, how is the delay component
calculated? Sum of delays along the path in 10s of Âµs, multiplied by
256<div><br /></div><div>Example: one 10 Mbps link + one 1 Gbps link + one 100 Mbps
link =</div><div>( 100 + 1 + 10 ) * 256 = 28,416 (111 * 256)</div>
When calculating the EIGRP classic composite metric, how is the bandwidth component
calculated? Divide 10,000,000 kbps by the lowest bandwidth link along the
path in kbps, then multiply by 256.<div><br /></div><div>Example, if the slowest
link in the path is 100 Mbps:</div><div><br /></div><div>10,000,000 kbps / 100,000
kbps * 256 = 25,600</div>
How does a router handle a packet destined to an IP address belonging to one of its
locally-configured interfaces if the TTL is 1? If the interface is in the Up/Up
state, the router identifies the upper-layer protocol and passes the packet to the
appropriate upper-layer protocol driver.
What is the default CEF load-sharing method used on the Catalyst 6500? Source
IP, Destination IP, Universal ID
What is included with the <b>mls ip cef load-sharing full </b>command? Source
and Destination Layer 3 and 4 information with multiple adjacencies
What is included with the <b>mls ip cef load-sharing full

simple </b>command? Source and Destination Layer 3 and 4 information
without multiple adjacencies
What is included with the <b>mls ip cef load-sharing simple </b>command?

Source and Destination Layer 3 information without multiple adjacencies
What is included with the <b>mls ip cef load-sharing full exclude-port

destination </b>command? This command excludes destination Layer 4 ports
and both source and destination IP addresses from the load-balancing
algorithm.<div><br /></div><div>This command includes source Layer 4 ports
only</div>
What is included with the <b>mls ip cef load-sharing full exclude-port

source </b>command? <div>This command excludes source Layer 4 ports and
both source and destination IP addresses from the load-balancing
algorithm.</div><div><br /></div><div>This command includes destination Layer 4
ports only</div>
Why is the DHCPREQUEST packet broadcast from the DHCP client? DHCPREQUEST is
used when a DHCP client has chosen a specific DHCP server. The packet is broadcast
instead of unicast so that other DHCP servers can reallocate the IP address they
offered to the client.
What is a DHCPDECLINE message? The DHCPDECLINE message is broadcast from the

DHCP client to formally reject a DHCPOFFER from a DHCP server. This packet is
usually sent when the IP configuration is not valid for the client.
What is a DHCPNAK message? The DHCPNAK is broadcast from the DHCP server to
inform the DHCP client that the IP address in the previous DHCPREQUEST message is
no longer valid for use, which can happen if the client is slow to respond to the
server.
What is IPsec Perfect Forward Secrecy (PFS)? With PFS, each negotiation of a new
Phase 2 SA requires regeneration of new Phase 1 Diffie-Hellman keys. This ensures
that when the Phase 2 SAs have expired (or need to be re-keyed), new keying
material is used in case the old keys have been compromised.<div><br
/></div><div>Without PFS, the DH keys calculated during Phase 1 are used over and
over again.</div><div><br /></div><div>PFS is also known as a session key.</div>
What is the primary cause of bandwidth starvation? Bandwidth starvation occurs

when higher-priority queues monopolize an interface's bandwidth so that traffic
from lower-priority queues is never sent.
What class of QoS tools mitigate bandwidth starvation? Queuing
When creating a policy map, what unit of value is used when specifying the
<b>priority </b>or <b>bandwidth </b>if the <b>percent </b>keyword is not used?
Kbps
When creating a PQ with the <b>priority </b>command, what is the default burst size
if not specified? 200ms of traffic at the configured bandwidth
rate<div><br /></div><div>Example: <b>priority 1000 </b>sets up a priority queue
for 1,000 Kbps, with a burst size of 200,000 bytes</div>
What is indicated by this policy-map command: <b>priority 256 512</b> A PQ with

256 Kbps guaranteed bandwidth, with a 512 byte burst
What rate values are used with the <b>police </b>command? The policed rate is
defined in bps, and the burst rates are defined in bytes.<div><br
/></div><div>Example: <b>police 100000 10000 5000 </b>indicates a rate of
100,000 bps, with a normal burst of 10,000 bytes, and a max burst of 5,000
bytes.</div>
What values are indicated by this command: <b>police 256000 15000 10000</b> This
command indicates a policed rate of 256,000 bps, with a normal burst of 15,000
bytes, and a max burst of 10,000 bytes.
What does the RIP <b>default-information originate on-passive </b>command do?

This command causes a default route to be sent on RIP interfaces marked as
passive.
What metrics are monitored by both PfR active and passive mode?
Reachability<div>Delay</div>
Which PfR mode monitors delay, packet loss, reachability, and throughput?
Passive mode via NetFlow
Which PfR mode monitors delay, jitter, MOS, and reachability? Active mode via IP
SLA
What is the difference between PfR Active mode and Fast mode? Active mode
monitors the active exit path, whereas Fast mode continuously generates IP SLA
probes for all possible exit paths.
Within MPLS labels, what is the name of the field that used to be referred to as
the EXP bits? Traffic Class (TC)
What is the MPLS TC field? Traffic Class, which is a field in the MPLS
header/label that used to be referred to as the EXP bits
What are the PfR link policies? Traffic Load

(Utilization)<div>Range</div><div>Cost</div>
What is the PfR traffic load (utilization) policy? The traffic load
(utilization) policy specifies an upper threshold on the amount of traffic that a
particular link can carry, and can be defined for both ingress and egress links.
What is the PfR range policy? The range policy maintains all links within a
certain utilization range relative to each other to ensure that the traffic load is
distributed.
What is the PfR cost policy? The cost policy allows you to specify link usage
based on the monetary cost of each exit link. The most cost-effective link will be
used while remaining within the desired performance level.
What is the IPv6 address range for SSM? FF3x::/32, where x indicates the scope
What type of IPv6 address is FF30::1/32? IPv6 Source-Specific Multicast
What are the five IPv6 multicast scopes? FF01::/16 Node-local<div>FF02::/16 Link-
local</div><div>FF05::/16 Site-local</div><div>FF08::/16
Organization-local</div><div>FF0E::/16 Global</div>
What is the prefix for an IPv6 node-local multicast address? FF01::/16
What is the prefix for an IPv6 link-local multicast address? FF02::/16
What is the prefix for an IPv6 site-local multicast address? FF05::/16
What is the prefix for an IPv6 organization-local multicast address? FF08::/16
What is the prefix for an IPv6 global multicast address? FF0E::/16

What type of IPv6 multicast address has the prefix FF01::/16? node-local
What type of IPv6 multicast address has the prefix FF02::/16? link-local
What type of IPv6 multicast address has the prefix FF05::/16? site-local
What type of IPv6 multicast address has the prefix FF08::/16? organization-local
What type of IPv6 multicast address has the prefix FF0E::/16? global
What is the prefix range for IPv6 multicast addressing? FF00 - FFFF<div><br
/></div><div>FF00::/8</div>
What is the IPv6 prefix ::FFFF:0:0/96 used for? IPv4-mapped IPv6

addresses.<div><br />Example: 10.10.10.1 = ::FFFF:10.10.10.1</div>
What is the range of IPv6 link-local addresses? FE80::/10<div><br

/></div><div>FE80 - FEBF</div>
What does the IPv6 prefix range of FE80 - FEBF correspond to? Link-local
addressing
What is the prefix range of globally-routable IPv6 addresses?

2000::/3<div><br /></div><div>2000 - 3FFF</div>
What type of IPv6 addresses correspond to a prefix of FC00 - FDFF? Unique local
What is the range of IPv6 unique local addressing? FC00::/7<div><br

/></div><div>FC00 - FDFF</div>
IPv6 ND packets should be generated with what TTL value? 255 - routers expect to
see a value of 255, and drop ND packets that are less.
When using EIGRP as the MPLS PE-CE routing protocol, what causes EIGRP routes to be
internal or external between sites? EIGRP routes are considered internal
between sites if the EIGRP ASN matches, otherwise the routes are considered
external.
What is the MPLS L3VPN EIGRP pre-bestpath Point of Insertion (POI)? The POI is
automatically configured when using EIGRP for the PE-CE routing protocol, and is
set when EIGRP is redistributed into BGP. The POI compares EIGRP metrics before BGP
makes a best path decision.
What is the difference between NBAR active and passive mode? Active mode is
configured within a class-map with <b>match protocol</b><div><b><br
/></b></div><div>Passive mode is configured directly on an interface with <b>ip
nbar protocol-discovery</b></div>
When does an IP SLA operation begin if the scheduling <b>start-time </b>is not
specified? "The IP SLA operation is automatically scheduled in a ""pending"" state
and is essentially configured but suspended. The operation will never start unless
<b>start-time </b>is explicitly configured."
What is the default lifetime of a scheduled IP SLA operation if not specified?

One hour (3600 seconds)
What is the default IP SLA operation frequency, if not specified? Every 60

seconds
How do you capture multicast packets with EPC? The capture point must be process-
switched on the ingress direction:<div><br /></div><div><b>monitor capture point ip
process-switched </b><i>buffer </i><b>in</b></div>
What are the five high-level steps of configuring Cisco Performance Monitor?
Create a flow record<div>Configure a flow monitor</div><div>Create one or
more classes</div><div>Create a policy</div><div>Associate the policy with an
interface</div>
With Cisco Performance Monitor, how do you configure a flow record? <b>flow
record type performance-monitor</b><div><b><br /></b></div><div>You then define
interesting traffic with <b>match </b>and what particular statistics to collect
with <b>collect</b></div>
With Cisco Performance Monitor, how do you configure a flow monitor? <b>flow
monitor type performance-monitor</b><div><b><br /></b></div><div>The flow monitor
is used to associate a flow <b>record </b>with a flow <b>exporter</b></div>
With Cisco Performance Monitor, how do you configure a performance monitor policy?
<b>policy-map type performance-monitor</b><div><b><br /></b></div><div>The
policy-map associates the <b>class </b>with a flow monitor</div>
What is the final step in implementing Cisco Performance Monitoring? Associate

the performance monitor policy with an interface:<div><b>service-policy type
performance-monitor</b></div>
What are the decimal values for the corresponding eight Class Selector / IP
Precedence values? 0 CS0 / Routine<div>8 CS1 / Priority</div><div>16 CS2 /
Immediate</div><div>24 CS3 / Flash</div><div>32 CS4 / Flash Override</div><div>40
CS5 / Critical</div><div>48 CS6 / Internetwork Control</div><div>56 CS7 / Network
Control</div><div><br /></div><div>NIC-F-FIPR</div>
What is Cisco Managment Plane Protection (MPP)? MPP restricts the interfaces
and protocols for which remote administration can be performed. Management
protocols not permitted by the MPP policy, or received on a non-mangement
interface, are dropped.
How do you configure Management Plane Protection (MPP)? <b>control-plane

host</b><div><b> management-interface </b><i>interface </i><b>allow
</b><i>protocol1 protocol2...</i></div><div><i><br
/></i></div><div>Example:</div><div><b>management-interface g0/1 allow ssh
snmp</b></div>
What is the requirement of IS-IS System IDs for router adjacencies? System IDs
must be unique within an area for L1 adjacency, and must be unique within the
domain for L2 adjacency.<div><br /></div><div>IS-IS will not establish an adjacency
between two routers with the same System ID.</div>
What is the order of operations for NAT inside-to-outside translation? <div>-

If IPSec then check input access list</div><div>-decryption</div><div>-check input
access list</div><div>-check input rate limits</div><div>-input
accounting</div><div>-redirect to web cache</div><div><br /></div><div>-policy
routing</div><div>-routing</div><div><b>-NAT inside to outside (local to global
translation)</b></div><div><br /></div><div>-crypto (check map and mark for
encryption)</div><div>-check output access list</div><div>-inspect (Context-based
Access Control (CBAC))</div><div>-TCP intercept</div><div>-encryption</div><div>-
Queueing</div>
What is the order of operations for NAT outside-to-inside translation? <div>-
If IPSec then check input access list</div><div>-decryption</div><div>-check input
access list</div><div>-check input rate limits</div><div>-input
accounting</div><div>-redirect to web cache</div><div><br /></div><div><b>-NAT
outside to inside (global to local translation)</b></div><div>-policy
routing</div><div>-routing</div><div><br /></div><div>-crypto (check map and mark
for encryption)</div><div>-check output access list</div><div>-inspect (Context-
based Access Control (CBAC))</div><div>-TCP
intercept</div><div>-encryption</div><div>-Queueing</div>
With inside-to-outside (local to global) NAT, which is performed first, routing or

NAT? Route first, then NAT
With outside-to-inside (global to local) NAT, which is performed first, routing or

NAT? NAT first, then routing
Which CEF load-sharing algorithm is appropriate for environments with a small

number of source and destination pairs? <b>ip cef load-sharing algorithm
tunnel</b>
EEM publishes events to which subsystem number? 798
What is the IOS Watchdog System Monitor used for? Monitoring memory and
processor usage
How can you determine which EIGRP neighbors have not yet responded to a Query?
<b>show ip eigrp topology active</b>
What is the difference between the <b>ip options drop </b>and <b>ip options ignore
</b>commands with regard to downstream devices? With <b>ip options ignore
</b>the router does not process any options that may be present in the IPv4 header,
but keeps the options in the header when sending the packet onward.<div><br
/></div><div>The <b>ip options drop </b>command causes the router to discard any
packets with options set in the IPv4 header, and therefore downstream devices will
not receive these packets.</div>
What is the use case and caveat for configuring <b>ip options </b>{<b>ignore </b>|
<b>drop</b>}? Both versions of the command protect the router from exploits
based on IPv4 header options, but breaks certain control plane protocols like RSVP
and IGMPv2.<div><br /></div><div>The <b>drop </b>option also protects downstream
devices by discarding packets with options present in the IPv4 header.</div>
What happens if both <b>ip options drop </b>and <b>ip options ignore </b>are
configured on a router? The <b>ip options ignore </b>command takes
precedence.
When issuing the <b>show ip nhrp detail </b>command, what does the authoritative
flag indicate? The mapping was obtained directly from the next-hop router or
server.
When issuing the <b>show ip nhrp detail </b>command, what does the

implicit flag indicate? The mapping was obtained from an NHRP resolution
request or packet.
When issuing the <b>show ip nhrp detail </b>command, what does the local

flag indicate? The mapping is for networks that are local to the router.
When issuing the <b>show ip nhrp detail </b>command, what does the nat
flag indicate? The remove device supports NHRP NAT extensions

negative flag indicate? A mapping could not be obtained for negative caching.

registered flag indicate? The mapping was created in response to an NHRP
registration
When issuing the <b>show ip nhrp detail </b>command, what does the router

flag indicate? The mappings for a remote router are marked with the router flag.
When issuing the <b>show ip nhrp detail </b>command, what does the unique

flag indicate? The mapping cannot be overwritten by a different NBMA entry with
the same IP address.
When issuing the <b>show ip nhrp detail </b>command, what does the used

flag indicate? Data packets are being process-switched for the given mapping.
When issuing the <b>show ip nhrp detail </b>command, which flag indicates

that the mapping was obtained directly from the next-hop router or server?
authoritative

the mapping was obtained from an NHRP resolution request or packet? implicit

the mapping is for networks that are local to the router? local

the remote device supports NHRP NAT extensions? nat

that a mapping could not be obtained for negative caching? negative

the mapping was created in response to an NHRP registration? registered

the mappings for a remote router are marked with the router flag? router

the mapping cannot be overwritten by a different NBMA entry with the same IP
address? unique

data packets are being process-switched for the given mapping? used
How long do incomplete ARP entries remain in the ARP and CEF adjacency tables?
60 seconds
Why is CEF required for MPLS on Cisco platforms? The LFIB is derived from
information in the FIB (CEF table) and the LIB.
How are local host routes handled during redistribution? "Local host routes (/32
and /128) cannot be redistributed into a dynamic routing protocol.<div><br
/></div><div>A Local host route is marked as ""L"" in the output of <b>show ip
route</b></div><div><b><br /></b></div><div>Connected /32 and /128 routes can be
redistributed.</div>"
When configuring logging for an ACL, what does the <b>log-input </b>keyword provide
that the <b>log </b>keyword does not? <b>log-input </b>provides all of the
details provided by the <b>log </b>keyword, but adds source MAC and ingress
interface information.
What is IGMPv3 source filtering? IGMPv3 source filtering enables a multicast

receiver to signal to a router which groups it wants to receive multicast traffic
from, and from which sources the traffic is expected.
What are the two IGMPv3 source filtering modes? INCLUDE, where the receiver
joins a group and lists the IPs from which it wants to receive traffic<div><br
/></div><div>EXCLUDE, where the receiver joins a group and lists the IPs from which
id does not want to receive traffic (an empty EXCLUDE list indicates all sources
are acceptable)</div>
Which end of a serial link must provide clocking? DCE data communications
equipment
Which end of a serial link receives the clocking information? DTE data terminal
equipment
How do you determine if a serial interface is the DCE or DTE end? <b>show
controllers serial</b>
What's the difference between the switchport port security violation modes?
<b>Protect</b>: silently discard offending traffic<div><br
/></div><div><b>Restrict</b>: discard offending traffic, log, SNMP trap, increment
SecurityViolation counter</div><div><br /></div><div><b>Shutdown</b>: discard
offending traffic, log, SNMP trap, increment SecurityViolation counter, err-disable
port</div>
When <b>switchport port-security </b>is configured, what is the default violation

action if not configured? <b>shutdown</b><div><b><br /></b></div><div>The port
is err-disabled.</div>
With EEM, what's the difference between the <b>sync yes </b>and <b>sync no
</b>keywords? When <b>sync yes </b>is configured with the <b>event cli
</b>command, the event is processed synchronously, which means the EEM applet must
finish before the CLI command can be executed. With <b>sync no </b>the CLI command
is executed immediately.
With EEM, when configuring asynchronous processing with the <b>sync no </b>keyword,
what other keyword must also be included? <b>skip no </b>or <b>skip
yes</b> which indicates whether or not the detected CLI event should be
executed.
With EEM, when using synchronous processing, what determines if the CLI event is
executed or not? <b>set </b><i>num </i><b>_exit_status </b>{<b>0 </b>|
<b>1</b>}<div><br /></div><div>When set to 0, the detected CLI command is skipped.
When set to 1, the CLI command is executed.</div>
What is PfR PIRO (Protocol Independent Routing Optimization)?

When PfR modifies a path for a traffic class, it searches for a parent route (exact
or less-specific) in the order of BGP RIB, EIGRP RIB, static route RIB.<div><br
/></div><div>With PIRO, PfR can also examine the RIBs of OSPF and IS-IS after BGP,
EIGRP, and static RIBs have been searched.</div>
What two additional TLVs are advertised by LLDP to support LLDP-MED?

Port VLAN ID<div>MAC/PHY Configuration Status</div>
Why would LLDP advertise the additional TLVs, Port VLAN ID and MAC/PHY
configuration status?
To advertise support for LLDP-MED
What are the five TLVs advertised by LLDP-MED?

LLDP-MED Capabilities<div>Network policy</div><div>Power
management</div><div>Inventory Management</div><div>Location</div>
How does EIGRP auto-summary work with external routes?

EIGRP External routes are not automatically summarized unless there is an
internal route within the same classful network.
What are the three main methods of transport for NETCONF?

SSH support is required<div>TLS</div><div>SOAP</div>
What is NPTv6?
Network Prefix Translation v6<div><br /></div><div>NPTv6 translates unique IPv6
prefixes to other unique IPv6 prefixes and creates a one-to-one relationship
between addresses on each side of the translating device. NTPv6 does not modify the
interface identifier portion of an IPv6 address.</div>
How do you configure the IOS Master Key feature?

Globally:<div><b>key config-key password-encryption
</b><i>key-string</i></div><div><b>password encrpytion aes</b></div><div><b><br
/></b></div><div>All plaintext keys are now stored in secure Type 6 format.</div>
Which LISP component stores the registered EID prefixes?

The MS (Map Server) contains the mapping database of EID-to-RLOC mappings.
What is the function of the LISP Map Resolver (MR)?

The MR receives map-request queries from LISP site Ingress Tunnel Routers (ITRs)
when they attempt to populate the local map-cache of resolved EID-to-RLOC mappings.
What is a LISP ITR, ETR, and xTR?

ITR Ingress Tunnel Router receives packets from internal hosts and forwards them to
external sites.<div><br /></div><div>ETR Egress Tunnel Router receives packets from
external sites and forwards them to internal hosts.</div><div><br /></div><div>Edge
devices performing both duties are xTRs.</div>
Which LISP device receives packets from internal hosts and forwards them to
external sites?
ITR Ingress Tunnel Router
Which LISP device receives packets from external sites and forwards them to
internal hosts?
ETR Egress Tunnel Router
True or False: LISP must be running on both ends of a tunnel. False: LISP is
designed to communicate with networks that are not using LISP.
How do you add timestamps to log entries? Globally:<div><b>service timestamps

log </b>{<b>uptime </b>| <b>datetime</b>}</div>
With Cisco IOS, at which logging level are error messages about software or
hardware malfunctions indicating functionality of the device is affected logged at?
4 Warning<div>3 Errors</div><div>2 Critical</div><div>1 Alerts</div><div>0
Emergencies</div>
With Cisco IOS, at which logging level are interface up/down and system restart
messages logged at?
5 Notifications
With Cisco IOS, at which logging level are reload requests and low-process stack
messages logged at?
6 Informational
With Cisco IOS, what is logged by default at the 4 Warning - 0 Emergencies level?
Error messages about software or hardware malfunctions that affect
functionality of the device
With Cisco IOS, what is logged by default at the 5 Notifications level?

Interface up/down transitions and system restart messages
With Cisco IOS, what is logged by default at the 6 Informational level?

Reload requests and low-process stack messages
How can you enable ECMP with multicast routing?

Globally:<div><b>ip multicast multipath </b>[<b>s-g-hash </b>{<b>basic </b>|
<b>next-hop-based</b>}]</div>
When configuring multicast routing ECMP, what three load splitting options are
available?
"<div>Configuring <b>ip multicast multipath </b>without keywords performs load
splitting based on the source address only.</div><div style=""font-weight: bold;
""><b><br /></b></div><b>s-g-hash basic </b>where a simple hash is performed on
both the source and group address<div><br /></div><div><b>s-g-hash next-hop-based
</b>where a hash is performed on the source, group, and next-hop addresses</div>"
What are the two mandatory and four optional components of an EEM policy?
Mandatory:<div>-Event register keyword</div><div>-Body</div><div><br
/></div><div>Optional:</div><div>-Environmental must defines</div><div>-Namespace
import</div><div>-Entry status</div><div>-Exit status</div>
With an IPsec VPN, where can you configure the <b>tunnel mode auto </b>command?
<b>tunnel mode auto </b>can be used on the responder's tunnel interface to
automatically use GRE or IPsec encapsulation depending on the parameters sent by
the tunnel initiator.
What is the default TCP MSS value when a Cisco router originates data destined for
a remote network?
536 bytes
What is the 7-byte format for the client-identifier command for DHCP pools?
DHCP pool:<div><b>client-identifier 01aa.aabb.bbcc.cc</b></div><div><b><br
/></b></div><div>Where 01 identifies Ethernet media, and aa.aabb.bbcc.cc is the
client's MAC address.</div>
How do you change the key to be pressed to initiate terminal access?

Line configuration mode:<div><b>activation-character
</b><i>ascii-code</i></div><div><i><br /></i></div><div>The default is 13, which is
the Enter key.</div>
With RIP triggered extensions, what causes the full RIP database to be sent?
When the router is first powered on<div>When the router receives a specific
request for the full routing table</div>
With RIP triggered extensions, when is a partial RIP database sent?

When the configured interface comes up or goes down<div>When information from
another interface modifies the routing table</div>
How is the RP for PIM BiDir different than for PIM-SM? With PIM-SM, the RP is
responsible for the registration process and creation of source trees between
multicast sources and the RP. PIM BiDir does not use either of those functions, so
the RP is merely a meeting point and can be any arbitrary routable (reachable) IP
address. It does not need to be a multicast router.
How does 802.1X multi-host mode work?

With multi-host mode, you can attach multiple hosts to a single 802.1X-
enabled port. Only one of the attached supplications must be authorized for all
supplicants to be granted access. If the port becomes unauthorized for any reason,
access is denied to all attached supplicants.
What is the IPv6 fragment header?

A 64-bit header used by an IPv6 source to indicate that a packet exceeds the
path MTU size.
"What is the Cisco term ""Fog"" computing? "

Associated with IoT, some devices generate a very large amount of telemetry
data. With Fog Computing, the data is collected and analyzed locally, and the most
important information is then passed onto the cloud.
What is included with the TCP small servers feature?

Discard (TCP 9)<div>Echo (TCP 7)</div><div>Chargen (TCP 19)</div>
Within the context of MPLS, what is RTC?

"Route Target Constraint<div><br /></div><div>RTC allows a PE to signal to an
internal route reflector only the prefixes it needs. Normally, the RR sends all
VPNv4 prefixes to the PE, even if it will never import some of the available route
targets. </div><div><br /></div><div>RTC allows a PE to send its RT membership
data to the RR with an address family ""rtfilter""</div>"
True or False: NBAR can classify multicast traffic. False
Which packet types can EPC capture on egress?

Unicast and broadcast
Which packet types can EPC capture on ingress?

Unicast, broadcast, and multicast
True or False: Multiple EPC capture points can be active on a single interface.
True
What is common across all Class Selector PHBs when their values are represented in
binary form?
The final three out of six bits are always 0:<div><br /></div><div>CS0: 000
000</div><div>CS1: 001 000</div><div>CS2: 010 000</div><div>CS3: 011
000</div><div>CS4: 100 000</div><div>CS5: 101 000</div><div>CS6: 110
000</div><div>CS7: 111 000</div>
What is common across all Assured Forwarding PHBs when their values are represented
as binary?
The sixth bit is always 0<div><br /></div><div>The first three bits
correspond to the queue class (1 - 4)</div><div><br /></div><div>The fourth and
fifth bits correspond to the drop priority (1 - 3)</div>
How does a router performing IP SLA operations consider the IP SLA responder's
processing time?
IP SLA responders add timestamps when a packet enters or leaves an interface,
which the router performing the IP SLA operation can use to account for the IP SLA
responder's processing time.
What happens if <b>tunnel mode auto </b>is configured on both ends of a VPN tunnel?
The tunnel does not establish, because one router must be configured
statically.<div><br /></div><div><b>tunnel mode auto </b>allows a responding router
to automatically use either GRE or IPsec mode depending on the packets received,
but the initiator must be statically configured.</div>
What should the TCP rwin value be set to for maximum throughput?
The rwin value should be equal to or greater than the bandwidth delay product.
Per Cisco recommendations, when should 6to4 tunneling be used, and when should
ISATAP tunneling be used?
6to4 should be used to connect isolated IPv6 domains with P2MP links over
IPv4<div><br /></div><div>ISATAP should be used to connect within a single IPv6
domain with P2MP links over IPv4</div>
True or False: IP-in-IP tunnels support native keepalives. False, only GRE supports
the keepalive feature
What tunnel type supports a native keepalive feature?

GRE
What is the default size of an IOS ping packet?

100 bytes
What causes a recursive tunnel failure?
When the tunnel destination is learned via the tunnel itself. Avoid by
determining which addresses can never be learned over a tunnel interface.
What is the proper way to use ping to test tunnel connectivity?

Ping the tunnel destination address from the tunnel source address.
By default, what happens to the status of a tunnel interface if it is shutdown on

the opposite end?
The interface remains Up/Up by default, because there is no default keepalive
mechanism.
What command generates this output?<div><br /></div><div>*Mar 2 16:29:14.325:

Tunnel0: GRE/IP encapsulated 10.1.1.1->10.2.2.2 (linktype=7, len=124)</div>
<b>debug tunnel</b>
How can you view the status of all interfaces while filtering those assigned to
VLAN 1?
<b>show interfaces status | exclude _1_</b>
How do you enable UDLD on an interface?

<b>udld port </b>[<b>aggressive</b>]
What options are available to forward IP packets out of a physical interface

without configuring an IP address on the physical interface itself?
Configure bridging on the interface<div>Configure a logical interface such as a
tunnel, logical subinterface, virtual-template/virtual-access, etc.</div>
What three simple questions should be asked of every router and switch interface
within the overall network with regard to operation?
-Is the interface physical or logical<div>-Will the interface perform Layer 2
(bridging) or Layer 3 IP forwarding</div><div>-Is the interface type P2P, multi-
access, or P2MP</div>
What is the interface requirement of issuing the <b>ip unnumbered </b>command?

The interface must be point-to-point (whether physical or logical)
What is a troubleshooting issue you should verify when using Virtual Templates on
both ends of a link?
Some versions of IOS automatically enable keepalives on the Virtual Template, and
others do not. Verify keepalives are enabled on both sides with the <b>keepalive
</b>command under the Virtual Template configuration.
With PPP, what is the <b>no peer neighbor-route </b>command designed for?
Communication between two unnumbered interfaces
If you do not receive back a ping, how can you verify the packets are attempting to
be forwarded out the correct interface?
<b>debug ip packet </b>and <b>debug interface</b>
"If the output of <b>debug ip packet </b>reveals ""encapsulation failed"", what
does this mean, and how can you further troubleshoot it? " Layer 3 to Layer 2
resolution has failed, and can be further examined with <b>debug arp</b>
What are the seven NHRP packet types?

Type 1: Resolution Request<div>Type 2: Resolution Reply</div><div>Type 3:
Registration Request</div><div>Type 4: Registration Reply</div><div>Type 5: Purge
Request</div><div>Type 6: Purge Reply</div><div>Type 7: Error Indication</div>
What is the purpose of the NHRP Type 1 Resolution Request packet?

This packet allows the sending router to dynamically discover the physical IP
address associated with the destination's logical tunnel IP address (such as in
spoke-to-spoke traffic)
What is the purpose of the NHRP Type 3 Registration Request packet?

This packet is used by the spoke (NHC) to inform the hub (NHS) of its
physical IP address.
What is the default holdtime for an NHRP resolution request?

7200 seconds (2 hours)
How do you modify the timeout of an NHRP resolution request?

<b>ip nhrp holdtime </b>
How frequently are NHRP registrations sent from spokes to the hub?
1/3 the holdtime: 40 minutes by default, 2400 seconds
How can you control the frequency of NHRP client re-registration?
<b>ip nhrp registration timeout</b>
How can you verify NHRP timeout values?

<b>show ip nhrp nhs detail</b>
How do you control which traffic will generate an NHRP resolution request?
"Define an ACL matching ""interesting"" traffic and reference it with <b>ip nhrp
interest</b>"
When enabling multicast support on a DMVPN hub with the <b>ip nhrp map multicast
dynamic </b>command, what additional step must be performed if spokes are already
connected to the hub? Shut/no shut each spoke tunnel interface, or perform
<b>clear ip nhrp </b>on the hub.
How can you configure a Catalyst switch to dynamically assign a switch port to a
particular VLAN if no response is received from a RADIUS server?
<div>Enable 802.1X globally:</div><div><b>dot1x

system-auth-control</b></div><div><b><br
/></b></div><div>Interface:</div><div><b>switchport mode
access</b></div><div><b>authentication event no-response action authorize vlan
</b><i>vlan</i></div><div><b>authentication port-control
auto</b></div><div><b>dot1x pae authenticator</b></div>
How can you verify 802.1X information on a device?
<b>show dot1x</b><div><b>show dot1x interface </b><i>interface</i></div>
"How can you force RIP to accept updates from ""bad sources"", such as when using
<b>ip unnumbered </b>on a P2P link?
" RIP process:<div><b>no validate update-source</b></div>
What is the TTL of both RIP and EIGRP packets when neighbors are manually
configured?
TTL = 2
What is a stub physical link?

A link that has only a single connection to the rest of the physical topology.
What are the two general tiers of a routing hierarchy?

Transit routing domain (core)<div>Non-transit routing domain (edge)</div>
During redistribution, which routes should be advertised by a non-transit multi-

homed routing domain?
Non-transit multi-homed routing domains should advertise only those routes
which originate within the same routing domain.
How can you modify the AD of particular routes from all routing sources?
<b>distance </b><i>ad </i><b>0.0.0.0 255.255.255.255 </b><i>acl</i>
What command is equivalent to <b>distribute-list </b><i>acl </i><b>in </b>?

<b>distance 255 0.0.0.0 255.255.255.255 </b><i>acl</i>
What is the order of precedence for filtering inbound BGP advertisements?

-filter-list (AS_PATH filtering)<div>-route-map</div><div>-distribute-list /
prefix-list</div>
What is the order of precedence for filtering outbound BGP advertisements?

-distribute-list / prefix-list<div>-filter-list (AS_PATH
filtering)</div><div>-route-map</div>
What is a feature of <b>ip community-list expanded </b>over the <b>standard

</b>option?
The <b>expanded </b>option can accept regular expressions
With EIGRP, what is the AD of a summary route created exclusively from EIGRP
External routes?
EIGRP summary routes are seen as EIGRP Internal with an AD of 90.
Why is Split Horizon with Poisoned Reverse an improvement over regular Split
Horizon?
With regular Split Horizon, route information is not advertised back out the
interface on which is was received. Poisoned Reverse advertises back the routes
with an infinite metric. This is an improvement because if the originating router
receives corrupted information, it could proceed as if the particular route is
reachable via the router it had previously advertised to. Split Horizon with
Poisoned Reverse prevents this type of routing loop.
An EIGRP router reasses its list of feasible successors for a route any time an
input event occurs. What are the five input events?
-Change in cost of directly connected link<div>-Change in state (up/down) of
directly connected link</div><div>-Reception of Update packet</div><div>-Reception
of Query packet</div><div>-Reception of Reply packet</div>
How can you configure OSPF to use DNS?

Globally:<div><b>ip name-server </b><i>ip</i></div><div><i><br
/></i></div><div>OSPF process:</div><div><b>ip ospf name-lookup</b></div>
What causes IOS to look for a cleared ACK or RST bit in the TCP header?
The <b>established </b>keyword in an ACL
DORA process- which are BC and which are UC

use of OSPF process id
STP/RSTP difference.
TCP/IP flags and details
TCP/IP options
SYNAC/ACK
IPSEC phase 1 and 2
BGP state
wireshark
slowness
MTU size in L2/L3/L4
MSS sise
how ospf prevent loops
which protocol used in ospf acknowledge
Size of the gre
statefull firewall
TCP multiplexing
SSL runs on which layer
diff between ipsec tranparent mode and tunnel mode
which traffics will be encrypted in ssl vpnv4
TCP/IP handshake in details
L5 and L6 protocols
how does machine know the destination is part of different network

Top Network Interview Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Top Network Interview Questions

Uploaded by

Copyright:

Available Formats

I

How do you configure an EIGRP summary route? EIGRP summarization is configured

The <b>default-information originate </b>command can be used by which IGPs?<div><br

What is the default interface command <b>no ip directed-broadcast </b>used for?

What is a unicast Reverse-Path-Forwarding (uRPF) check?

How do you enable uRPF strict mode? <div>Interface:</div><div><b>ip verify

How do you configure uRPF loose mode? <div>Interface:</div><div><b>ip verify

How do you configure TCP Intercept? Globally:<div><b>ip tcp intercept list

How do you verify the state of DMVPN tunnels? <b>show dmvpn</b>

What six functions does NDP for ICMPv6 provide? Router

How do you configure RA Guard on a switch? Globally create the policy to

How do you enable IPv6 Device Tracking? Globally:<div><b>ipv6 neighbor binding

With IPv6 ND Inspection, when is an ND message considered trustworthy? If its

How do you configure IPv6 ND Inspection? Globally create a policy:<div><b>ipv6 nd

How do you verify an IPv6 ND Inspection policy? <b>show ipv6 nd inspection

How do you configure DHCPv6 Guard? <b>ipv6 access-list

How do you configure PACLs? Create an IP or MAC ACL<div><br

What EIGRP behavior must be changed for DMVPN Phase 2? Tunnel

How do you configure a manual IPv6-over-IPv4 tunnel? "<div>With <b>tunnel mode

How do you configure a tunnel interface for IPv6-over-IPv4 GRE? Tunnel

What type of address is represented with

How does ISATAP addressing work? <i>64-bit-prefix</i><b>:0000:5EFE:</b><i>ipv4-

L2TPv3 uses IP Protocol ___. 115

What is an advantage of OTV with regard to fault-domain isolation as compared to

How do you configure MPLS TTL propagation in Cisco IOS?

How do you verify the MPLS LFIB? <b>show mpls forwarding-table</b>

How is the LDP ID chosen? -Manually configured<div>-Highest IP of up/up

How do VRF Route Targets facilitate overlapping VPNs?

How do you instantiate a new VRF? Globally:<div><b>vrf definition

Where and how do you specify a Route Distinguisher? <b>vrf definition

Where and how do you configure Route Targets? <b>vrf definition

How do you associate an interface with a particular VRF? Interface:<div><b>vrf

What happens when you enter the <b>route-target both </b><i>value&nbsp;</i>command?

What is the general definition of a Forwarding Equivalence Class? A set of

With static NAT, what is the relationship between inside/outside/local/global IP

How do you define interfaces for NAT? Interface:<div><b>ip nat </b>{<b>inside

What is the IP protocol number for ICMP? 1

What is the IP protocol number for TCP? 6

What is the IP protocol number for UDP? 17

What is the EtherType of ARP? 0x0806

How do you configure MD5-based authentication for NTP? Globally:<div><b>ntp

How do you enable CEF for IPv6? Globally:<div><b>ipv6 cef</b></div>

How do you view the FIB? <b>show ip cef</b>

How do you view the CEF neighbors? <b>show adjacency</b>

How do you disable CEF on a particular interface? Interface:<div><b>no ip

What are the two high-level components of CEF? FIB<div>Adjacency table</div>

What load-sharing methods are available with CEF? Per-packet<div>Per-

How do you change the CEF load-sharing method? Interface:<div><b>ip load-share

What is CEF polarization? When multiple routers in the path toward a

What are the four CEF load-sharing algorithms?

How is a routed port handled internally on a Layer 3 switch? A routed port is a

How do you convert a switch port to routed? Interface:<div><b>no

What is the purpose of Policy-Based Routing? To make routing decisions based on

How do you change the SDM template? Globally:<div><b>sdm prefer

How do you enable PBR? Interface:<div><b>ip policy route-map

Why do technologies like MPLS-TE and MPLS-FRR depend on a link-state routing

To which address are RIPng updates sent to? FF02::9

How many RIPng processes are supported in Cisco IOS? Four

What is the purpose of the interface metric-offset in RIPng? Interfaces can be

How do you enable RIPng on an interface? <b>ipv6 rip </b><i>process

How do you configure the RIPng metric-offset? Interface:<div><b>ipv6 rip

How do you verify the EIGRP stub settings? <b>show ip protocols</b>

How do you verify if an EIGRP neighbor is configured as a stub? <b>show ip eigrp

What happens when you enter the <b>route-target both </b><i>value </i>command?

What are the EIGRP logging defaults? <b>router eigrp</b><div><b> event-

How do EIGRP distribute-lists work in the <b>in </b>direction? In all

How do you enable EIGRP OTP? <b>router eigrp </b><i>process</i><div>

TCP/IP uses per-_ addressing, whereas NSAP addressing is per-_.

With EIGRP, what happens if you configure a <b>leak-map </b>to reference

What is 6LoWPAN? IPv6 over Low Power WPANs. <div><br /></div><div>6LoWPAN is