Use this EIGRP command to advertise a default route

ip default-network 10.0.0.0

To show only the routing table entries that are associated with EIGRP, issue this command

show ip route eigrp

This command will identify the successors and feasible successors

show ip eigrp topology

This command lists the interfaces participating in EIGRP and any neighbors found out of those interfaces

show ip eigrp interfaces

This command will show the number and types of EIGRP messages across the wire

show ip eigrp traffic

If the default K values are used, the EIGRP path calculation amount to

256*(BW + cumulative delay)

In EIGRP, the path with the lowest metric is called

the successor

If a successor path is lost and no feasible successor exists, the router sends out queries on all interfaces in an attempt to identify an alternate router. This route is in this state

active

In EIGRP, if a query goes unanswered for 3 minutes, the route goes into this state and the neighbor relation is reset

stuck in active

This is the Eigrp hello timer on WAN connections

Triggered every 60 seconds

This is the EIGRP dead timer on WAN links

Every 180 seconds

EIGRP uses these for neighbor discovery and maintenance

Periodic hello messages

Controls sending, tracking, and acknowledgement in EIGRP messages

Reliable transport protocol RTP

This determines a loop free route in EIGRP

Diffusing Update Algorithm or DUAL

These are used as plug-ins for IP, IPX, and AppleTalk for use with EIGRP

Protocol-independent Modules or PDM

EIGRP uses three tables

The neighbor table, the topology table, and the common routing table

In EIGRP, this table is contains routing information for best paths

topology table

In EIGRP, this table is built from EIGRP hellos and used for reliable delivery

Neighbor Table

EIGRP uses these five packet types for operation

hello, update, query, reply, acknowledgement

This EIGRP packet type identifies neighbors and serves as a keep alive

hello packet

This EIGRP packet type reliably sends route information

Update Packets

This EIGRP packet type reliably requests specific routing information

Reply packets

These are the five steps to EIGRP Neighbor Discovery and route exchange

1 router A sends a hello 2 router B sends back a hello and a routing update 3 router A acknowledges the update 4 router A sends its update 5 router B acknowledges the update

The EIGRP exchange process can be seen by issuing this command

debug ip eigrp packets

The EIGRP update process can be seen by issuing this command

debug ip eigrp

The EIGRP neighbor table can be seen by issuing this command

show ip eigrp neighbors

An EIGRP route advertisement contains these two characteristics of a route

advertised distance and feasible distance

This EIGRP K value represents the choke point along the path to the network

bandwidth

This EIGRP route value represents the metric from the neighbor to the network

Administrative distance

This EIGRP route value is the metric from THIS router, through the network, to the destination

Feasible distance

This UDP port is used by ISAKMP

UDP port 500

This EIGRP K value is represented by K1

bandwidth

Encapsulating Security Payload uses this IP protocol number

IP protocol 50

This EIGRP K value is represented by K2

loading

IPSec over TCP uses this port by default

TCP port 10000

The EIGRP concept of loading (k2) means

In EIGRP, Reliability is represented by these two K values

K4 and K5

IPSec Nat Transversal uses this UDP port

UDP 4500

In EIGRP, delay is represented by this K value

K3

On a router, you can see the EIGRP routes that are not feasible successors using this command

show ip eigrp topology all-links

in global configuration mode, enter this comman to enter webvpn mode

WEBVPN

to change the SSL listening port for clientless ssl vpn, use this command in config-webvpn mode

hostname(config-webvpn)# port

The Authentication header uses this IP protocol number

IP protocol 51

to change the listening port for ASDM, use this value for the http server enable command to another port- 444 for example

hostname(config)# http server enable 444

to configure the security appliance to use an external proxy server to handle HTTP and HTTPs requests use these commands

Http-proxy HTTPS-proxy

This is the default Spanning Tree bridge priority

32768

this example shows how to configure use of a HTTP proxy server with an IP address of 209.165.201.1 using the default port, send a username and password with each HTTP request

Hostname (webvpn-config) http-proxy 209.165.201.1 user jsmith password mysecret

The basic concept of this type of routing protocol is that every node constructs a map of the connectivity to the network, in the form of a graph, showing which nodes are connected to which other nodes

link state

Only these EIGRP routes are added to the routing table

Sucessor routes

When a clientless ssl vpn user clicks on a link on the web portal home page a new window opens that prompts the user to log in. what setting will prevent this from happening

enable cookies on the web browser

you can configure the security appliance to warn end users when their passwords are about to expire with this command

Password-management command in tunnel-group general-attributes mode

by default, LDAP uses this port

Port 636

this example shows how to set the days before password expiration to begin warning the user of the pending expiration to 90 for the connection profile named testgroup

hostname tunnel-group testgroup type webvpn hostname tunnel-group testgroup general-attributes hostname(config-general)# password-management password-expire-in-days 90

In EIGRP, this is the best metric along a path to a destination network, including the metric to the neighbor advertising that path

feasible distance

this command configures the security appliance to automatically pass clientless ssl vpn user login credentials on to the internal servers

Auto-signon command to configure auto-signon for all users of clientless ssl vpn to servers with IP addresses ranging from 10.1.1.0 to 10.1.1.255 using NTLM authentication

hostname #webvpn hostname (config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0 auth-type ntlm

This command sets the switch to become root for a given VLAN. It works by lowering the priority of the switch until it becomes root. Once the switch is root, it will not prevent any other switch from becoming root

Switch(cconfig)#spanning-tree vlan <vlan range> root primary example of configuring auto-signon for all users of clientless ssl vpn, using basic HTTP authentication, to servers defined by the URI mask https://*.example.com/*,

hostname#webvpn hostname(config-webvpn)

uto-signon allow uri https://*.example.com/* auth-type basic

This connection profile attribute for clientless ssl vpn identifies one or more urls.

Group-url

In EIGRP, this is the total metric along a path to a destination network as advertised by an upstream neighbor

reported distance if you configure this connection profile attribute for clientless ssl vpn, users coming in on a specified URL need not select a group at login

Group-url

This is the IEEE designation for spanning tree

802.1d

this connection profile attribute identifies the DNS server group that specifies the dns server name, domain name, name server, number of retries, and timeout values

Dns-group

this clentless ssl vpn attribute specifies the message delivered to a remote user who logs into the cleintless vpn successfully but has no VPN priviledges

Deny-message

this clentless ssl vpn attribute enables CIFS browsing for file servers and shares

File-browsing this connection profile attribute for clientless ssl vpn allows users to enter file server names to access

File-entry

this connection profile attribute for clientless ssl vpn sets the name of the webtype access list

filter

this connection profile attribute for clientless ssl vpn controls the visibility of hidden shares for CIFS files

Hidden-shares

If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the forwarding state. Lower is better- this is configured with this command

Switch(config-if)#spanning-tree vlan <vlan range> port-priority <priority>

this connection profile attribute for clientless ssl vpn sets the URL of the webpage that displays on login homepage

this connection profile attribute for clientless ssl vpn applies a list of servers and urls that the clientless ssl vpn page displays for end user access

Url-list

the security appliance stores browser plug-ins in this directory on the flash device

Csco-config/97/plugin

This value is sent with each EIGRP update but is NOT used to calculate the metric

MTU

enter this command to list the java-based client applications availabel to users of clientless ssl VPN

show import webvpn plug-in command

this command used in group-policy webvpn or username webvpn mode, starts smart tunnel access automatically upon user login

Smart-tunnel auto-start list

this command enables smart tunnel access upon user loging, but requires the user to start smart access tunnel manually

Smart-tunel enable list

to view the smart tunnel list entries in the SSL VPN configuration, enter this command

show run webvpn

The default value for the number of outstanding non-authenticated sessions for e-mail proxy users over cleintless SSL vpn

20 non-authenticated sessions

the range of IP standard access list

1 to 99 and 1300 to 1999

This is the IEEE designation for RAPID spanning tree

802.1w

range of IP extended access list

100 to 199 and 2000 to 2699

when applying a standard access list- apply the filter closest to this device

destination router

when applying extended ACL- apply the filter closest to this device

source device

use this command to apply an access list to an interface in the inbound direction

ip access group (access list number) in

commands to configure a local user named TEST with a password of TEST123

username test password test123

this keyword in a TCP extended ACL validates that a packet belongs to an existing connection from an ongoing TCP session

Established

This RFC defines the private IP address space

RFC 1918

this keyword in a TCP extended ACL validates that a TCP datagram has the acknowledegement or reset bit set

Established

use this command to apply an access list to an interface in the outbound direction

ip access group (access list number) out

when used with the debug ip packet command- this keyword restricts output between devices that are outlined in an ACL

DETAIL example- debug ip packet detail 101

This type of password uses the Ciscp proprietary encryption algorithm

Type 7 Passwords

The enable secret uses this type of encryption algorithm

Type 5 also known as MD5 Hashing

this command in global configuration mode- is used to encrypt passwords in the configuration

service password-encryption

This type of password uses the MD5 Hashing algorithm

Type 5

Passwords entered before usinf the SERVICE PASSWORD-ENCRYPTION command will be (encrypted or unencrypted) in the configuration file

unencrypted

This IOS command is used to set the minimum character length for all passwords

min-length

Enables Cisco IOS image resilience

Router(config)# secure boot-image

this command disables CDP globally

NO CDP RUN

SNMP uses these UDP ports

Ports 161 and 162

This command enables Rapid PVST+

Switch(config)#spanning-tree mode rapid-pvst

This feature prevents the completion of the break sequence and the entering of rommon mode for password recovery

NO SERVICE PASSWORD-RECOVERY

NTP uses this UDP port

port 123

Stores a secure copy of the primary bootset in persistent storage

Router(config)# secure boot-config

This feature prevents changes to the configuration register values and access to NVRAM

NO SERVICE PASSWORD-RECOVERY

this command disables CDP on a particular interface

NO CDP ENABLE

Issue this command to enable CDP on a global basis

CDP run

DHCP uses this UDP server port

67

Displays the status of configuration resilience and the primary bootset filename

Router# show secure bootset

this command can be used to show all configuration changes that have been added by the Auto-Secure process

SHOW AUTO SECURE CONFIG command

To take a snapshot of the router running configuration and securely archive it in persistent storage, use this command

secure boot-config command in global configuration mode

generates a crypto key to be used with SSH

crypto key generate rsa

Configure broadcast, multicast, or unicast storm control. By default, storm control is disabled

storm-control {broadcast | multicast | unicast} level {level [level-low] | pps pps [pps-low]}

In routed mode, the ASA can be configured for how many active vlans with a base license

three active vlans in routed mode with a base license

This command will disable any switch port that a superior BPDU is received on. This is done to ensure a switch will remain root at all times

Switch(config-if)#spanning-tree guard root

Displays debug messages for SSH

DEBUG IP SSH

This is the default action when storm control is enabled

The default is to filter out the traffic and to not send traps.

When a secure port is in the error-disabled state, you can bring it out of this state by entering this global configuration command

errdisable recovery cause psecure-violation or you can manually re-enable it by entering the shutdown and no shutdown

Displays the status of SSH server connection

SHOW SSH

Verify the storm control suppression levels set on the interface for the specified traffic type

show storm-control [interface-id] [broadcast | multicast | unicast]

When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred

PROTECT mode

Take this step first when performing loopback tests on a frame relay connection

Set the encapsulation of the interface to HDLC

Specify the action to be taken when a storm is detected

storm-control action {shutdown | trap}

When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog message is logged, and the violation counter increments

Restrict Violation mode

if you set the storm control threshold to this value no limit is placed on the traffic

threshold of 100 percent When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog message is logged, and the violation counter increments

Shutdown Violation Mode

Displays the maximum allowed number of secure MAC addresses for each VLAN and the number of secure MAC addresses on the VLAN

show port-security [interface interface-id] vlan setting the storm-control threshold to this level will block all broadcast, multicast, and unicast traffic on that port

threshold of 0

Delete the RSA key pair. After the RSA key pair is deleted, the SSH server is automatically disabled

CRYPTO KEY ZEROIZE RSA

In transparent firewall mode, how many active vlans can be configured with the base license

two active vlans with the base license

Static secure MAC addresses

These are manually configured by using this interface configuration command, stored in the address table, and added to the switch running configuration

switchport port-security mac-address mac-address

This is the file name on the internal flash that houses the admin context

admin.cfg

To enable multiple mode on the ASA enter this command

hostname (config) # mode multiple

To enable sticky learning, enter this interface configuration command

switchport port-security mac-address sticky Displays all secure MAC addresses configured on all switch interfaces or on a specified interface with aging information for each address

show port-security [interface interface-id] address These protocols require Layer 7 inspection because they utilize multiple channels - one well known port for data and one dynamic port for control

FTP H.323 and SNMP

To restore the firewall or ASA to the default configuration, enter this command

hostname (config)# configure factory-default {ip address mask}

The ip address in the following command is used for ____ hostname (config)# configure factory-default {ip address mask}

to set the ip address for the inside or management interface as well as the dhcp scope

This command tells the ASA to boot from a specific image, including an image on a flash device

boot system

Enter this command To change the ASA from transparent to routed mode

hostname(config)# no firewall transparent

To save all context configurations at the same time, enter this command in the system execution space

hostname # write memory all

Use this command to load the startup configuration and discard the running configuration without requiring a reboot

clear configure all

set the mode to single mode, enter this command in the system execution space

hostname (config) # mode single

To create VLAN 100 on an ASA, enter this command

hostname (config) # interface vlan 100

To assign vlans to a trunkport on the ASA, issue this command

hostname (config-if) # switchport trunk allowed vlan VLAN RANGE

On the ASA 5505, trunk mode is available only with this license

Security Plus

Issue this command at the interface level to start CDP

CDP enable

In this mode, the ASA uses the same MAC address for all VLANS

routed mode

To make a port on the ASA 5505 a trunk port, issue this command

switchport mode trunk

In this mode, each vlan has a unique MAC address

transparent firewall mode

in routed mode, the ASA 5505 can be configured for how many active vlans with a Security Plus license

20 active vlans in routed mode with a security plus license

These features are not supported in multiple context mode

Dynamic routing protocols VPNs QOS Multicast routing or Threat Detection

Enter this command To change the ASA from router (default) to transparent mode

hostname(config)# firewall transparent

This command shows the installed licenses, including information about temp licenses

show activation-key detail

This command allows return connections from a lower security host to a higher security host if there is already a connection from the higher level host to the lower level host

established

This command prevents a RIP-enabled router from sending broadcast and multicast RIP updates out of a specific interface, a set of interfaces, or all routers interfaces

The passive-interface command

This RIP timer determines the amount of time that the router should wait before accepting new routing information about an unreachable route

The holddown timer

To prevent a switchport on the ASA from communication with other protected switchports on the same VLAN, enter this command

hostname (config-if) # switchport protected

To enable interfaces on the same security level so that they can communicate with each other, enter this command

hostname (config-if) # same-security-traffic permit inter-interface

To place a switchport on the ASA 5505 in a vlan, enter this command

hostname (config-if) # switchport access vlan VLAN NUMBER

show running-config all context CONTEXT NAME

To change to a context, enter the following command

hostname # changeto context CONTEXT NAME

To change the default values for the RIP update, invalid, holddown, and flush timers use this command

TIMERS BASIC for example timers basic update invalid holddown flush

To make a trunk port an access port on an ASA 5505 , enter this command

switchport mode access

This IEEE designation represents the standards based trunking protocol

802.1q

To add or change a security context in the system execution space

hostname (config) # context CONTEXT NAME

On the ASA, all auto-generated MAC addresses start with these characters

A2 T

his command sets the admin context

This TCP option must be explicitly allowed when using BGP authentication through a firewall

TCP 19

This command is used to control the log messages generated by an access-list

ip access-list log-update threshold {threshold-in-msgs}

Distance vector protocols will update their routing table based on what

Updates from it's neighbors

The default values for the update, invalid, holddown, and flush parameters are

30 seconds, 180 seconds, 180 seconds, and 240 seconds, respectively

This frame relay encapsulation type is used to connect a Cisco router to a non cisco device

IETF Frame Relay encapsulation

RIPv2 uses this type of subnet masking

variable-length subnet masks

minimum guaranteed data transfer rate agreed to by the Frame Relay switch

committed information rate

To set the media type on the ASA, use this command

hostname (config-if)# media-type

Enter this command to allow an interface on the ASA to get it IP address from a DHCP server

hostname (config-if) # ip address dhcp {setroute}

Set the hostname of ASA1 to ASA1

ciscoasa(config)# hostname ASA1 ASA1(config)#

Time-stamping is included with this command

logging timestamp

To allow a specific IP or network access to the http server use this command

http <ip address and mask> <interface> where ip address is the IP and subnet mask of the allowed host and interface is the interface by which the allowed host can be reached

PVC STATUS DELETED means

the PVC is not present and no LMI information is being received from the Frame Relay switch

To remove a context use this command

hostname (config) # no context CONTEXT NAME

Verify that buffered logging is working by issuing this command

show logging command

What are the three LMI types that are supported on a Cisco router

ansi, Cisco, and Q933a

RIP: ignored v2 packet from 172.12.23.2 (illegal version) in the debug ip rip command indicates

that the routers are not running the same versions of RIP define how many hits there has to be on your access-list before a router will display a log message

ip access-list log-update threshold <# of hits>

PVC STATUS INACTIVE means

The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC

The ASDM image is set with this command

asdm image <location> command ASA1(config)# asdm image disk0:/asdm-61551.bin

How is route summarization accomplished with RIPv2

manual route summarization

Set the IP address with the this command

IP address

All traffic that exceds the CIR on a frame relay interface is marked as

discard eligible

Use this command to advertise a network using RIP

network 10.12.0.0 ELABORATE USE ACTUAL COMMAND

What is the default frame relay encapsulation on a Cisco router

Cisco encapsulation

Before enabling SSH you need to generate keys. This is done with this command

crypto key generate rsa modulus <modulus size> example ASA1(config)# crypto key generate rsa modulus 1024

The RIP version is usually changed globally, but it can be changed at the interface level with these two interface-level commands

ip rip receive version and ip rip send version commands

To allow only management traffic to ANY interface use this command

management-only command in interface configuration mode

ASA1(config-if)# management-only

Using the name inside will automatically set the security-level to

100

Logging is enabled with this command

logging enable command

Interfaces are named with the

NAMEIF command ASA1(config-if)# nameif inside

Logging to a syslog server is configured with this command where the interface equals the interface used to reach the host

logging host <interface> <ip address>

The date and time are set manually with this command

clock set command ASA1(config)# clock set 16:24:00 16 february 2009

On the ASA, Verify that interfaces are up and have the correct IP with this command

show interface ip brief

In this VTP mode, a switch will forward received VTP updates to other switches but will not participate in the VTP database

VTP Transparent Mode

What is the syntax for the acces-list command

access-list access-list-number {deny | permit} {ip|tcp|udp|icmp} source [source-mask] dest [dest-mask] [eq dest-port]

Logging level is set with this command

logging trap <level> command

The http server is enabled with this command

http server enable

EIGRP on the ASA is configured much the same as on a router Use this command

router <routing protocol> <instance number> command

Using the interface name outside will automatically set the security-level to

In this VTP mode, a switch is unable to update its VLAN database

client mode

Setup a default route so that traffic not matching any other routes will be sent to the next hop of 24.234.0.1

ASA1(config)# route outside 0 0 24.234.0.1

To forward VTP updates between switches, enable this type of port

Trunk ports

The domain name is set with this command

domain-name command ASA1(config)# domain-name bootcamp.com

What does the keyword boradcast in the following command do frame-relay map ip 10.121.16.8 102 broadcast

The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC

Use this keyword to make sure that the networks are not summarized when redistributing EIGRP into OSPF

ASA1(config)# router ospf 1 then ASA1(config-router)# redistribute eigrp 1 subnets

Allowing specific hosts or networks to connect via SSH works much the same as with HTTP Use this command

ssh <ip address and mask> <interface>

On the ASA, The show xlate flags show as ri to indicate

a port map and a dynamic translation

To setup SSH to use local authentication this command

AAA authentication ssh console LOCAL

Configure logging so that information level and above messages are sent to the local buffer

ASA1(config)# logging buffered informational

When issuing the show ip route command, the second number in the brackets represents the

the second number is the metric for the route the networks who will be participating in the routing protocol are added with this command

network command. Notice that we use a regular subnet mask to identify the network instead of the wildcard mask that would be used on a router

On the ASA We can verify the OSPF neighbor relationship by using this command

show ospf neighbor

the default routing update period for RIPv2

30 seconds

Static routes are done with this command

route command The order of the command is route->interface the traffic will be routed to->ip and subnet of the traffic to be routed->next hop address

Allow 192.168.2.11 to send traffic to the outside without changing its IP address even with NAT control enabled

ASA1(config)# nat (inside) 0 192.168.2.11 255.255.255.255 A D in the show route output indicates the route came from

EIGRP

We use this keyword in the static command to set TCP specific parameters and 100 for the total TCP connections allowed. The second number is the total number of embryonic TCP connections allow per host

ASA1(config)# static (inside,outside) 24.234.0.101 192.168.2.101 tcp 100 20

Configure NAT so that hosts on the outside who telnet to 24.234.0.4 on port 2323 are able to reach 192.168.2.4 on port 23

The static command follows the same basic format but we use TCP before the IP is entered and the TCP ports after the IP addresses for example ASA1(config)# static (inside,outside) tcp 24.234.0.4 2323 192.168.2.4 23

Verify that the ASA has become a, EIGRP neighbor by using this command

the show eigrp neighbors command

A NAT translation based on requests from specific hosts is known as

policy NAT An ACL is used to identify the specific traffic then That ACL is tied to a NAT ID

To make ASA1 require a NAT rule use this global command

nat-control technique by which dynamic mappings are constructed in a network, allowing a device such as a router to locate the logical network address and associate it with a permanent virtual circuit

Inverse Arp

In order for routing updates to be propagated across a frame pvc, use this keyword in the frame map command

broadcast

The default administrative distance for External Border Gateway Protocol (BGP) is

20 Configuring EIGRP to propagate the default route is done with route redistribution First we will redistribute the default route into EIGRP 1 using these commands

ASA1(config)# router eigrp 1 then ASA1(config-router)# redistribute static

To set a maximum number of cached flows use this command

deny-flowmax command which is useful in detecting a DoS attack

On the ASA, The show xlate flags show as sr to indicate

a policy NAT

Configure dynamic address translation so that any outbound traffic from the 192.168.0.0/16 network translated to the outside interfaces IP address

ASA1(config)# nat (inside) 1 192.168.0.0 255.255.0.0 then ASA1(config)# global (outside) 1 interface

A default Frame Relay WAN is classified as what type of physical network

nonbroadcast multiaccess

The default administrative distance for INTERNAL BGP is

200 to create a time range on the ASA use this command

timerange command

Nat-control requires a translation, but we can get around this requirement by using this feature

identity NAT, also known as NAT 0. Notice that the NAT ID is set to 0 for example ASA1(config)# nat (inside) 0 192.168.2.11 255.255.255.255

What does the keyword dynamic status mean in the show frame-relay map command

it means that the mapping was learned through inverse arp

On the ASA, The show xlate flags show as s to indicate

a static translation

How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates

Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the subinterface

To see the translation table on the ASA use this command

show xlate Detail

Cisco supports these two encapsulation types

the Cisco encapsulation and the IETF Frame Relay encapsulation

What triggers a routing update within the distance vector routing protocol

it is not triggered but send periodically for example every 30 seconds

Enable routing on the layer 3 switch use this command

the ip routing command

The default administrative distance for RIP is

120

The default administrative distance for Internal EIGRP is

90

Use this command to verify that the VLANs exist in the VLAN database

show vlan

This command is used to specify the default gateway when routing is not enabled

ip defaultgateway

The default administrative distance for OSPF is

110

The default administrative distance for External EIGRP is

170

When issuing the show ip route command, the first number in the brackets represents the

administrative distance of the information source

This value in the show ip route field description indicates a route that is owned by RIP

This value in the show ip route field description indicates a route that is owned by OSPF

O this value in the show ip route field description indicates that a route is owned by EIGRP

An IA in the show ip route command indicates this type of route

OSPF interarea route

An E1 in the show ip route command out put indicates - OSPF external type 1 route

An E2 in the show ip route command output indicates

OSPF external type 2 route

A L1 in the show iproute command output indicates - an IS-IS level 1 route

An L2 in the show ip route command output indicates - IS-IS level 2 route

A N1 in the show ip route command output indicates this type of route

OSPF not so stubby NSSA external type 1

A N2 in the show ip route command output indicates this type of route

OSPF not so stubby NSSA external type 2 route I

n OSPF, this area is considered the backbone area

Area 0

All routers in the same OSPF area must have this identical value if they are to exchange routing information

same process ID

OSPF areas may be assigned any number from

0 to 65535 default-information originate

When a route fails and has no feasible successor, EIGRP uses this algorithm to discover a replacement for a failed route

a distributed algorithm called Diffusing Update Algorithm (DUAL) the cost from the EIGRP neighbor to the destination

Advertised distance

In EIGRP, The sum of the AD plus the cost between the local router and the next-hop router is called

Feasible distance

In EIGRP, the primary route used to reach a destination this route is kept in the routing table

successor

The backup route in EIGRP

Feasible successor delivery and reception of EIGRP packets is done with this protocol

Use Reliable Transport Protocol

This type of EIGRP packet is sent in response to query packets to instruct the originator not to recompute the route because feasible successors exist

REPLY

This type of EIGRP packet is used to find alternate paths when all paths to a destination have failed

Query

This type of EIGRP packet is used to advertise routes, only sent as multicasts when something is changed

Update

EIGRP builds and maintains these three tables

Neighbor and Topology and Routing tables

This table lists directly connected routers running EIGRP with which this router has an adjacency

Neighbor table

This table lists all routes learned from each EIGRP neighbor

Topology table

This table lists all best routes from the EIGRP topology table and other routing processes

routing table

This EIGRP table value represents the average time in milliseconds between the transmission of a packet to a neighbor and the receipt of an acknowledgement

SRTT or smooth round trip timer

When a DHCP client boots up for the first time, it broadcasts this layer 3 message

a UDP DHCPDISCOVER message on its local physical subnet

If you want to use the DHCP server from another network you can use this command which will make the router forward UDP broadcasts

ip helper-address command

This STP status indicates that STP is populating the MAC address table but not forwarding data frames

Learning

This STP status indicates that STP is sending and receiving data frames

Forwarding

This status indicates that STP is preparing to forward data frames without populating the MAC address table

Listening

This indicates that a STP port is preventing the use of looped paths

Blocking

the first criterion that a router uses to determine which routing protocol to use if two protocols provide route information for the same destination

Administrative distance

Cisco switches support these two trunking protocols

802.1q & ISL

this trunking protocol is an open standard and is thus compatible between most vendors equipment

802.1q

Cisco's proprietay trunking protocol is called

Inter-Switch Link or ISL

This error will appear by CDP if there is a native VLAN mismatch on an 802.1Q link

native VLAN mismatch

On a Cisco scitch, vlans within this range are automatically created and cannot be deleted

VLANs 1002 through 1005 are automatically created and cannot be deleted

When connecting a switch to a router, use this type of ethernet cable

straight through

This Switch feature automatically disables an operational PortFast port upon receipt of a BPDU

BPDU Guard

This type of cable is used to connect the COM port of a PC to the COM port of a router or switch

Rolled Cable

This VTP mode is capable of creating only local VLANs and does not synchronize with other switches in the VTP domain

transparent

The default VTP mode for Cisco switches is

VTP server mode

Switches set to this VTP mode behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client

Client mode

In this VTP mode, you can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain

VTP server

A switch set to this VTP mode does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but do forward VTP advertisements that they receive out their trunk ports in VTP Version 2

VTP transparent

RSTP defines three port states

discarding, listening, and forwarding

RSTP defines five port roles

root, designated, alternate, backup, and disabled

A port in this RSTP state does not forward frames, process received frames, or learn MAC addresses but it does listen for BPDUs (like the STP blocking state)

Discarding

A port in this RSTP state receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP)

Learning

A port in this RSTP state receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP)

Forwarding

The default IP address of the management port on a BIG IP appliance

192.168.1.245

RSTP uses these three parameters in the BPDU frame to determine the designated and backup port

Lowest path cost to the Root and Lowest Sender Bridge ID (BID) and Lowest Port ID

A RSTP port in this role will be A forwarding port for every LAN segment

designated

A RSTP forwarding port that is the closest to the root bridge in terms of path cost

Root Port

These two states are the port states when RSTP has converged

Forwarding and blocking

This command enables RSTP on a switch

spanningtree mode rapidpvst

At which layer of the OSI model is RSTP used to prevent loops

data link

802.1d is also known as

Spanning Tree

The default STP port cost for a 10 meg link is

100

The default STP cost for a 100 meg link

19

The default STP port cost for a 1 gig link is

The default STP port cost for a 10 gig link is

All interfaces on the root bridge are put in this STP state

forwarding state

For other bridges that are not the root bridge, the port that is closest to the root bridge is put in this STP state

forwarding state

The bridge with the lowest administrative distance to the root bridge is called

the designated bridge

The Ethernet interface on the designated bridge is called

the designated port

This IEEE standard is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network

IEEE 802.1Q

Each field in an IPv6 address amounts to this many bits

16

A single interface may be support how many IPv6 addresses

multiple

Every IPV6 interface contains at least one of this type of address

loopback address

a platform independent tunneling protocol designed to provide IPv6 (Internet Protocol version 6) connectivity by encapsulating IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packets

Teredo tunneling

Teredo servers listen on this UDP port

3544

an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network

ISATAP (Intra-Site Automatic Tunnel Addressing Protocol)

This mechanism tunnels IPv6 datagrams within IPv4 UDP datagrams, allowing private IPv4 address and IPv4 NAT traversal to be used

Teredo tunneling

Global IPv6 addresses start with

2000::/3

Link local IPv6 addresses start with

FE80::/10

Site local IPv6 addresses start with

FEC0::/10

Multicast IPv6 addresses start with

FF00::/8

Loopback IPv6 addresses start with

::1

the 802.11b standard defines this spread spectrum technology for its operation

DSSS

This routing protocol by default uses bandwidth and delay as metric

EIGRP

One of the key benefits of the WPA/WPA2 technologies over WEP is

The key values of WPA keys can change dynamically while the system is used

This infrastructure mode service set uses more than one AP to create a WLAN, allows roaming in a larger area than a single AP

Extended Service Set (ESS)

three basic parameters to configure on a wireless access point

SSID and RF Channel and Authentication method t

he maximum data rate specified for IEEE 802.11b WLANs

11 mbps t

wo features did WPAv1 add to address the inherent weaknesses found in WEP

key mixing using remporal keys and per frame counters

the maximum data rate specified for IEEE 802.11g WLANs

54 Mbps

an EIGRP path whose reported distance is less than the feasible distance (current best path)

feasible successor

Displays a list of the currently configured object groups. If you enter the command without any parameters, the system displays all configured object groups

show object-group [protocol | network | service | icmp-type | id grp_id]

On a Cisco Firewall, Displays the current object groups by their group ID

show running-config object-group grp_id

On a Cisco Firewall, Displays the current object groups by their group type

show running-config object-group grp_type

?????

show run access-list command on a cisco firewall

This F5 component provides wide-area traffic management and high availability of IP applications and services running across multiple data centers

f5 Global Traffic Manager

The Ethernet 0 port on a BIG IP appliance is also called

the management port

The default console settings for BIG IP appliance

N-8-1- at 19,200 Baud

Default login credentials for the BIG IP GUI

User root and password default

To run the configuration script on a BIG IP appliance, type this command

config

Enter this command to access the secondary operating system (AON/SCCP) menu on a F5 appliance

Esc (