Page Inspect

Cisco Certified Expert

Cisco Certified Expert

- Marketing (current)

Prezentar Create Presentations In Minutes

Create Powerpoint Explainer Videos

TweeterBucks Free Twitter Traffic

Grow Your Twitter Followers

Business Success

Entrepreneurship Guides
- Leadership (current)

PM Milestone Project Management Templates

Project Management Templates

Build a Profitable Business Plan in 2 Hours

Business Plan Templates
- System Administration
- Productivity
- Internet
- Investing

-
-
-

## **Configuring EtherChannel Load Balancing**

#### **DSCP Settings and Terminology**

#### **File System Security**

#### **Management VLANs**

#### **Using Prefixes to Represent a Subnet Mask**

#### **Designing a Campus Network Design Topology**

#### **Given an IP Address and Mask What Are the Assignable IP Addresses in That Network Subnet**

#### **Using a TopDown Network Design Methodology**

#### **The show controllers Command**

## Super G3 Faxing

Tue, 13 Aug 2024 22:00:39 | Voice Gateways | 5 comments

Defined in ITU-T Recommendation T.30 Annex F, the Super G3 fax classification is a highspeed alternative to a G3 fax call. Whereas G3 has a maximum page transmission speed of 14.4 Kbps, Super G3 can transmit at speeds up to 33.6 Kbps using the V.34 modulation. Consequently, Super G3 faxing is also called V.34 faxing. The V.34 modulation is covered in detail in the section Modem Call Analysis in Chapter 1. Table 2-5 shows the key differences between SG3 and G3. Many of these differences occur...

## Define Viruses Worms and Trojan Horses

Mon, 12 Aug 2024 14:58:44 | Operating Systems | 28 comments

Computer viruses are created with malicious intent and sent by attackers. A virus is attached to small pieces of computer code, software, or documents. The virus executes when the software is run on a computer. If the virus spreads to other computers, those computers could continue to spread the virus. A virus is transferred to another computer through e-mail, file transfers, and instant messaging. The virus hides by attaching itself to a file on the computer. When the file is accessed, the...

## PortChannels

Sun, 28 Jul 2024 16:51:21 | Routing and Switching | 7 comments

When a network design includes multiple parallel segments between the same pair of switches, one switch ends up in a forwarding state on all the links, but the other switch blocks all but one of the ports of those parallel segments. As a result, only one of the links can be used at any point in time. Using Fast EtherChannel (FEC) (using FastE segments) and Gigabit EtherChannel (GEC) (using GigE segments) allows the combined links to be treated as one link from an STP perspective, so that all...

## RACL VACL and PACL Many Types of ACLs

Tue, 23 Jul 2024 19:38:03 | Port Security | 2 comments

ACLs found on Ethernet switches often come in many shapes and forms, mostly because of the differences in hardware and software architectures on those platforms, but also because the functionality provided by ACLs has evolved over time. You are likely to come across three types of ACLs on an Ethernet switch Router ACL (RACL). An IP-based ACL that is applied to a routed interface. It is the most common type of ACL. The ACL used in Example 16-1 is a RACL. VLAN ACL (VACL). Applies to traffic...

## Security and Tunneling Overhead

Fri, 19 Jul 2024 03:22:19 | ONT | 3 comments

IPsec is an IETF protocol suite for secure transmission of IP packets. IPsec can operate in two modes Transport mode or Tunnel mode. In Transport mode, encryption is applied only to the payload of the IP packet, whereas in Tunnel mode, encryption is applied to the whole IP packet, including the header. When the IP header is encrypted, the intermediate routers can no longer analyze and route the IP packet. Therefore, in Tunnel mode, the encrypted IP packet must be encapsulated in another IP...

## SCSI Ports and Cables

Sat, 13 Jul 2024 20:27:57 | Operating Systems | 1 comment

A SCSI port can transmit data at rates in excess of 320 Mbps and can support up to 15 devices. If a single SCSI device is connected to a SCSI port, the cable can be up to 80 feet (24.4 m) in length. If multiple SCSI devices are connected to a SCSI port, the cable can be up to 40 (12.2 m) feet in length. A SCSI port on a computer can be one of three different types, as shown in Figure 1-15 High-density 50-pin female connector High-density 68-pin female connector SCSI devices must be terminated...

## Configuring and Enabling Port Security Aging

Tue, 25 Jun 2024 09:09:29 | Global Configuration | 1 comment

You can use port security aging to set the aging time for all secure addresses on a port. Two types of aging are supported per port Absolute The secure addresses on that port are deleted after the specified aging time. Inactivity The secure addresess on this port are deleted only if the secure addresses are inactive for the specified aging time. Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of...

## Upgrading HP Procurve firmware via USB flash drive

Wed, 12 Jun 2024 10:25:01 | Networking

It's been a looooong time since I posted any networking stuff that wasn't Cisco-centric, but I'm sitting here at home configuring an HP ProCurve 5406zl so I thought I'd take the opportunity. The ProCurve 5400zl series have a USB port on them that you can use to transfer files, in addition to TFTP and SCP SFTP. Since I had a few of these to upgrade and they were in a lab environment (e.g. not connected to any real networks), I didn't want to bother with setting up a TFTP server.

## The Assured Forwarding PHB and DSCP Values

Sun, 09 Jun 2024 16:18:03 | Traffic Shaping | 3 comments

RFC 2597 defines something called the assured forwarding per-hop behaviors. This RFC suggests that one good DiffServ design choice would be to allow for four different classes for queuing purposes. Within each queue, three levels of drop probability could be implied. The RFC title rightfully suggests that the focus is on the QoS behavior the PHB at each node. Most engineers also think of the RFC as defining the 12 DSCPs that are used in conjunction with the AF PHBs. An individual PHB describes...

## What Is the Subnet Number and What Are the IP Addresses in the Subnet

Tue, 04 Jun 2024 05:44:16 | Data Link | 23 comments

One of the most common things you need to figure out is that after you know an IP address and subnet mask, you must answer questions about them. The question might be straightforward, such as What is the subnet number , or it might be more subtle, such as Which of the following IP addresses are in the same subnet as the stated address In either case, if you can dissect an IP address as described in this chapter, you can answer any variation of this type of question. In the next several...

## Redundant Switch Supervisors

Tue, 21 May 2024 08:28:51 | Root Bridge | 1 comment

Modular switch platforms such as the Catalyst 4500R and 6500 can accept two supervisor modules installed in a single chassis. The first supervisor module to successfully boot up becomes the active supervisor for the chassis. The other supervisor remains in a standby role, waiting for the active supervisor to fail. The active supervisor always is allowed to boot up and become fully initialized and operational. All switching functions are provided by the active supervisor. The standby supervisor,...

## MAC Flooding Alternative MAC Spoofing Attacks

Sat, 27 Apr 2024 10:03:30 | Port Security

All MAC flooding tools force a switch to fail open to later perform selective MAC spoofing attacks. A MAC spoofing attack consists of generating a frame from a malicious host borrowing a legitimate source MAC address already in use on the VLAN. This causes the switch to forward frames out the incorrect port, as Figure 2-6 shows. Although they're extremely easy to carry out (most Ethernet adapters permit their MAC address to be modified), MAC spoofing attacks come with a significant drawback...

## Wire Gauge and Resistance

Tue, 23 Apr 2024 18:45:45 | Telecommunications | 6 comments

Most telephone cable installed since 1980 is either 24 AWG or 26 AWG. 26-gauge wire has a slightly smaller diameter than 24-gauge, and many more pairs can be placed in the same space required by 24-gauge wire. (The international equivalent diameters are 0.5 and 0.4 mm.) Before 1970, and especially before 1960, 22-gauge wire was often used. In the 1950s, 19-gauge wire was occasionally installed. The difference between DC loop resistance on an 18,000-foot pair of 19-gauge wire and 26-gauge wire...

## Process Switching Fast Switching and Cisco Express Forwarding

Mon, 22 Apr 2024 19:47:38 | Routing and Switching | 1 comment

Steps 3 and 4 from the generic routing logic shown in the preceding section are the most computation-intensive tasks in the routing process. A router must find the best route to use for every packet, requiring some form of table lookup of routing information. Also, a new Data Link header and trailer must be created, and the information to put in the header (like the destination Data Link address) must be found in another table. Cisco has created several different methods to optimize the...

## Explain ClientServer Networks

Sun, 21 Apr 2024 09:10:05 | Operating Systems | 31 comments

In a client server network, shown in Figure 8-6, the client requests information or services from the server. The server provides the requested information or service to the client. Servers on a client server network commonly perform some of the processing work for client machines, such as sorting through a database before delivering only the records requested by the client. One example of a client server network is a corporate environment in which employees use a company e-mail server to send,...

## Advantages of Stateful Firewalls

Sun, 14 Apr 2024 00:29:19 | Firewall Security

As you learned in the previous explanation, stateful firewalls have advantages over packet-filtering firewalls Stateful firewalls are aware of the state of a connection. Stateful firewalls do not have to open up a large range of ports to allow communication. Stateful firewalls prevent more kinds of DoS attacks than packet-filtering firewalls and have more robust logging. First, stateful firewalls are aware of a connection's state Stateful firewalls typically build a state table and use this...

## Atomic Aggregate and Aggregator Attributes

Tue, 09 Apr 2024 06:01:39 | Routing and Switchin | 5 comments

The Atomic Aggregate attribute informs BGP peers that the local router is using a less specific (aggregated) route to a destination. If a BGP speaker selects a less specific route, when a more specific route is available, it must attach the Atomic Aggregate attribute when propagating the route. The Atomic Aggregate attribute lets the BGP peers know that the BGP speaker used an aggregated route. When you use the Atomic Aggregate attribute, the BGP speaker has the option to send the Aggregator...

## BPDU Protection on HP ProCurve Switches

Thu, 04 Apr 2024 11:01:39 | Networking | 1 comment

From HP's Advanced Traffic Management Guide BPDU protection is a security feature designed to protect the active STP topology by preventing spoofed BPDU packets from entering the STP domain. In a typical implementation, BPDU protection would be applied to edge ports connected to end user devices that do not run STP.

## Cisco ConfigMaker

Tue, 02 Apr 2024 09:49:30 | CCDA

Cisco ConfigMaker is a Microsoft Windows application used to configure a small network of Cisco routers (800, l000, l600, l700, 2500, 2600, 3600, and 4000 series), switches, hubs, and other network devices from a single PC, without requiring knowledge of Cisco IOS. Cisco ConfigMaker assists in configuring IPSec, IOS Firewall, voice, Network Address Translation (NAT), Committed Access Rate (CAR), Dynamic Host Configuration Protocol (DHCP), and other Cisco IOS features. Cisco ConfigMaker is...

## Example RSVP in Action

Mon, 30 Sep 2024 07:18:02 | Unified Callmanager

To better understand the basic principles of how RSVP performs Call Admission Control (CAC) and bandwidth reservation in a network from a functionality perspective, consider this example in which RSVP is enabled on each router interface in the network. In this scenario, three Cisco IP phones and Cisco Unified CallManager 5.0 are connected with each other over an IntServ-enabled WAN. Because bandwidth is limited on the WAN links, RSVP will determine whether the requested bandwidth for a...

## Single DMZ Configuration

Sat, 28 Sep 2024 12:31:32 | Intrusion Detection

This configuration moves the FTP, Web, and e-mail servers to a DMZ. All traffic destined for these servers will not touch the LAN. When using a DMZ, it is critical that no connection between the LAN and the DMZ be maintained except through the PIX Firewall. Connecting the LAN to the DMZ in any way except through the firewall defeats the purpose of the DMZ. Figure 4-7 shows that a third interface has been added to the PIX. This interface will be used as a DMZ. Figure 4-7. Single DMZ...

## Overview of the Firewall Services Module

Sat, 28 Sep 2024 05:45:16 | Interface Vlan

The Firewall Services Module (FWSM) is a very sophisticated combination of hardware and software. The better understanding you have of the attributes and architecture, the better your ability to design, deploy, manage, and troubleshoot a security infrastructure. The FWSM is a single line-card module that can be installed in either a 6500 series switch or 7600 series router (one to four modules are supported in a single 6500 or 7600 chassis assuming slots are available). Dynamic routing is also...

## Unidirectional Link Detection

Sat, 28 Sep 2024 05:45:16 | Switch Config

Enables Unidirectional Link Detection (UDLD) on all fiber-optic Interfaces Switch(config) interface fastethernet 0 24 Enables UDLD on this interface required for copper-based interfaces NOTE On a fiber-optic (FO) interface, the interface command udld port overrides the global command udld enable. Therefore, if you issue the command no udld port on an FO interface, you will still have the globally enabled udld enable command to deal with. Switch show udld interface fastethernet 0 1 Displays UDLD...

## Attack of the 8021Q Tag Stack

Thu, 26 Sep 2024 13:57:11 | Port Security

Nothing in the 802.1Q specification forbids multiple consecutive tags to be chained, thereby achieving a 802.1Q tag stack. Figure 4-3 represents a two-level 802.1Q tag stack. Double 802.1Q Stack 4 Bytes 4 Bytes Double 802.1Q Stack 4 Bytes 4 Bytes Source MAC Dot 1Q Dot 1Q EtherType 1 Ethernet Frame with Two 802.1Q Tags (Not to scale) Ethernet Frame with Two 802.1Q Tags (Not to scale) There are legitimate use cases for stacking multiple 802.1Q tags. One of them is Cisco QinQ, where up to 4096...

## Mpls Vpn Support of QoS

Mon, 23 Sep 2024 10:49:36 | MPLS Design

A VPN is defined as a closed user group sharing a public network infrastructure with a set of administrative policies that control both connectivity and QoS among sites. The various MPLS QoS CoSs should be available on a per-VPN basis. Applications should receive various CoSs within the VPN. For example, real-time applications such as VoIP could receive a preferential CoS versus a file transfer. Two models are used to describe QoS in the VPN context the pipe model and the hose model. In the...

## The Nyquist Theorem

Mon, 23 Sep 2024 02:11:18 | ONT | 4 comments

The number of samples taken per second during the sampling stage, also called the sampling rate, has a significant impact on the quality of digitized signal. The higher the sampling rate is, the better quality it yields however, a higher sampling rate also generates higher bits per second that must be transmitted. Based on the Nyquist theorem, a signal that is sampled at a rate at least twice the highest frequency of that signal yields enough samples for accurate reconstruction of the signal at...

## Figure 74 Single Homed Networks

Sun, 22 Sep 2024 01:42:13 | CCIE

If your network has its own scope of public IP addresses that has been allocated by a public address registry, sucs as ARIN (A moncan Re gistry for Internet N umbers an orpanization that registers public IP addressos and AS numbers, you most ogtain your own urnque BG P AS number oo adverti be youe pub lic networks to th e Internot. For more, information on Internet number registration in the United States, check out the ARIN webeite at ww w.ar in.net. For Euro pean add ress registrati on, visit...

## Using Secondary Addresses

Fri, 20 Sep 2024 20:13:41 | Interface Serial

As a CCNA, Cisco expects you to be comfortable and familiar with IP address planning issues. One such issue involves what to do when there are no more unassigned IP addresses in a subnet. One alternative solution is to change the mask used on that subnet, making the existing subnet larger. However, changing the mask could cause an overlap. For example, if 10.1.4.0 24 is running out of addresses and you make a change to mask 255.255.254.0 (9 host bits, 23 network subnet bits), an overlap can...

## Step 2 Configure the IPsec Transform Sets

Thu, 19 Sep 2024 16:25:30 | ISCW | 1 comment

The configuration of the IPsec transform sets actually covers three of the IPsec configuration steps mentioned earlier. The IPsec transform set, crypto ACL, and crypto map are tightly woven together. It is difficult to talk about one of them without mentioning the other two. Thus, this section covers all three together. The following list is a reminder of the IPsec security parameters that are negotiated between peers IPsec encryption type (DES, 3DES, or AES) IPsec authentication (MD5 or SHA-1)...

## TCPIP Protocols Services and Applications

Thu, 19 Sep 2024 08:44:39 | Routing and Switchin

This section covers the different TCP IP protocols, services, and applications that are required knowledge for the CCIE written exam. When an IP packet needs to be sent over an Ethernet network, the sender must find out what 48-bit Media Access Control (MAC) physical address to send the frame to. Given the destination IP, ARP obtains the destination MAC. The destination MAC can be a local host or the gateway router's MAC address if the destination IP is across the routed network. ARP is...

## Cisco VPN 3000 Concentrator

Tue, 17 Sep 2024 17:57:55 | CCIE Security | 1 comment

The Cisco VPN 3000 Series Concentrators are purpose-built, remote access virtual private network (VPN) platforms that incorporate high availability, high performance, and scalability with the most advanced encryption and authentication techniques available today. The VPN 3000 supports a number of secure protocols Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) over IPSec The Cisco VPN 3000 Series Concentrator supports the widest range of connectivity options,...

## Cisco VPN 3005 Concentrator

Tue, 17 Sep 2024 17:53:48 | Virtual Private Networks

All rights reserved. CSVPN 4.0 4-7 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.0 4-7 The following hardware features are supported on the Cisco VPN 3005 Concentrator Memory 32 MB SRAM, which is standard Data Encryption Standard (DES) Advanced Encryption Standard (AES) Scalability Up to 100 simultaneous sessions Network interface Two auto-sensing, full duplex 10 100BaseT Ethernet interfaces. The public interface connects to the Internet. The private...

## RSTP Topology Change Mechanism

Tue, 17 Sep 2024 07:46:02 | BCMSN

The originator of thcTC dircctly floods this, information through the network. 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 4-12 When an 802.1D bridge detects a topology change, the bridge first notifies the root bridge. After the root bridge is aware of a change in the topology of the network, the root bridge sets the TC flag on the outbound BPDUs. Those BPDUs are then relayed to all the bridges in the network. When a bridge receives a BPDU with the TC flag bit set, the bridge...

## Figure 311 Smurf Attack

Mon, 16 Sep 2024 17:59:21 | Network Security | 1 comment

At the bottom of Figure 3-11 you can see the attacker sending an ICMP echo request packet to the broadcast address of the bounce network. The bounce network is not the actual attack target, though it often experiences an indirect denial of service effect as a result. The ICMP packet has a spoofed source address from a device on the victim network (typically a router interface). The smurf attack is a type of amplification attack because when the single spoofed broadcast ping arrives at the...

## ToM Tunnel Selection

Mon, 16 Sep 2024 07:42:59 | Mpls Network

The AToM Tunnel Selection feature enables you to steer the AToM traffic through the MPLS network over a path that you specify. For this to work, you need to set up an MPLS TE tunnel from the PE to the PE router and then specify that the AToM traffic should take the TE tunnel instead of the default shortest labeled path. In addition, you can specify whether fallback to the default path is desirable when the TE tunnel fails. Figure 10-21 shows an MPLS network with MPLS VPN and AToM customers. The...

## Proxy Firewalls

Mon, 16 Sep 2024 06:50:05 | Firewall Fundamentals

A proxy firewall acts as an intermediary between two end systems in a similar fashion as a circuit-level gateway. However, in the case of a proxy firewall, the interaction is controlled at the application layer, as shown in Figure 2-6. Proxy firewalls operate at the application layer of the connection by forcing both sides of the conversation to conduct the communication through the proxy. It does this by creating and running a process on the firewall that mirrors a service as though it were...

## How 8021x Works

Sun, 15 Sep 2024 01:11:22 | Authentication Proxy

Extensible Authentication Protocol (EAP) is the transport mechanism used in 802.1x to authenticate supplicants against a back-end data store, typically a RADIUS server. EAP was initially defined in RFC 2284 as a general authentication framework running over Layer 2 PPP. In RFC 3748, the EAP definition has been updated to include IEEE 802 as a link layer. The IEEE 802 encapsulation of EAP does not involve PPP, and IEEE 802.1X does not include support for link or network layer negotiations. As a...

## CUCM Initial Configuration

Fri, 13 Sep 2024 05:09:25 | Cisco Unified | 7 comments

After you install CUCM, some initial configuration has to be done before starting to deploy endpoints. This initial configuration includes the items in Table 5-1. Table 5-1 Publisher Server Required Services Table 5-1 Publisher Server Required Services Basic network settings have already been configured during installation, but some of them should be revisited (use of external NTP and DNS servers), and network settings that are not configurable during installation (for example, enabling DHCP...

## Building the Adjacency

Thu, 12 Sep 2024 12:04:05 | OSPF

The adjacency building process takes effect after multiple stages have been fulfilled. Routers that become adjacent will have the exact linkstate database. The following is a brief summary of the states an interface passes through before becoming adjacent to another router 1- Down No information has been received from anybody on the segment. 1'- Attempt On non-broadcast multi-access clouds such as Frame Relay and X.25, this state indicates that no recent information has been received from the...

## Verifying Cisco Call Manager Express Phone Configuration Cont

Fri, 30 Aug 2024 18:42:39 | IP Telephony

Mar 2 15 16 57.582 New Skinny socket accepted 1 (2 active) Mar 2 15 16 57.582 sin\_family 2, sin\_port 49692, in\_addr 10.90.0.11 Mar 2 15 16 57.582 skinny\_add\_socket 1 10.90.0.11 49692 Mar 2 15 16 57.766 IPPHONE-6-REG\_ALARM 20 Name SEP000F2470F8F8 Load 3.2(2.14) Last Phone-Keypad Mar 2 15 16 57.766 Skinny StationAlarmMessage on socket 1 10.90.0.11 SEP000F2470F8F8 Mar 2 15 16 57.766 severityInformational p1 2368 0x940 p2 184551946 0xB000A0A Mar 2 15 16 57.766 20 Name SEP000F2470F8F8 Load 3.2(2.14)...

## Routing 101 Process Switching

Fri, 30 Aug 2024 14:12:33 | IOS Software | 1 comment

Process switching was the first switching method implemented in IOS. Basically, it uses the brute-force method to switch packets. Although process switching contains the least amount of performance optimizations and can consume large amounts of CPU time, it does have the advantage of being platform-independent, making it universally available across all Cisco IOS-based products. Process switching also provides some traffic load sharing capabilities not found in most of the other switching...

## Configuring the Network for OOB Deployment

Wed, 28 Aug 2024 20:11:21 | CANAC

Step 1 Connect the machines and switches and record these network settings - Administration and access VLANs - Cisco NAC Appliance interface Step 2 Configure the IP address for the switch and the administration and access VLANs. Step 3 Configure these SNMP miscellaneous settings - SNMP server administration contact information 2007 Cisco Systems, Inc. All rights reserved CANAC v2.1 3-3 For the out-of-band authentication sequence to work, you must configure your switches and routers so that...

## Figure 48 Ingress Filtering

Wed, 28 Aug 2024 18:19:59 | ISP Essentials | 3 comments

Egress filtering applies a filter for all traffic leaving an ISP's networks (see Figure 4-9). It is applied to information leaving the network to the Internet or customer networks. Be mindful that these terms are relative to the specific network's point of view. For example, ISP B's egress traffic is ISP A's ingress traffic. Ingress egress filters help protect an ISP's resources and its customers' networks, allows it to enforce policy, and minimizes the risk of being the network chosen by...

## ISIS Configuration

Wed, 28 Aug 2024 12:17:42 | Routing and Switchin

Configuration for IS-IS is relatively simple. An IS-IS process is created by using the router isis tag command. Only one IS-IS process performing L2 routing is allowed per IS, and that process can also perform L1 routing. However, multiple L1-only IS-IS routing processes can be configured (up to 29 additional L1-only processes). If the tag value is not specified, a null tag is assumed. If multiple L1 routing processes are configured, each is labeled with a tag to facilitate area identification....

## AAA Client Configuration Options

Wed, 28 Aug 2024 04:13:18 | Posture Validation

AAA client configurations enable ACS to interact with the network devices that the configuration represents. A network device that does not have a corresponding configuration in ACS, or whose configuration in ACS is incorrect, does not receive AAA services from ACS. The Add AAA Client and AAA Client Setup pages include AAA Client Hostname The name that you assign to the AAA client configuration. Each AAA client configuration can represent multiple network devices thus, the AAA client hostname...

## Example Cisco IOU Topology

Sun, 25 Aug 2024 13:26:57 | Networking

Here's an example topology for Cisco IOU to help you get started In this example, SF is an IOU instance running on host solaris . IOUlive is also running on this host, bridging SF's Ethernet0 0 interface to my physical network (and to the world). SJ1, SJ2, and SJ3 are IOU instances running on host helium . The Ethernet1 0 interface on SF is connected to Ethernet0 1 on SJ1 are connected, even though they are on separate physical hosts.

## Router Types

Thu, 22 Aug 2024 20:50:14 | Routing TCP IP

Routers, like traffic, can be categorized in relation to areas. All OSPF routers will be one of four router types, as shown in Figure 9.21. Figure 9.21. All OSPF routers can be classified as an Internal Router, a Backbone Router, an Area Border Router (ABR), or an Autonomous System Boundary Router (ASBR). Note that any of the first three router Figure 9.21. All OSPF routers can be classified as an Internal Router, a Backbone Router, an Area Border Router (ABR), or an Autonomous System Boundary...

## M12 Multiplexing

Thu, 22 Aug 2024 12:20:48 | Telecommunications

When you look at DS3 carrier systems, you see a slew of references to M12, M23, and M13 multiplexing. These are merely different stages in the DS3 multiplexing process. Bit stuffing makes sure that all lower level digital signals are transmitting at the same rate through the network. This process is necessary to synchronize several different asynchronous circuits. Bit stuffing is also referred to as justification. Although a DS1c circuit does exist (two DS1s), it is not used in the M12, M23, or...

## Best Practices for Hierarchical Layers

Wed, 21 Aug 2024 09:22:27 | CCDA | 3 comments

Each layer of the hierarchical architecture contains special considerations. The following sections describe best practices for each of the three layers of the hierarchical architecture access, distribution, and core. When designing the building access layer, you must take into consideration the number of users or ports required to size up the LAN switch. Connectivity speed for each host should be considered. Hosts might be connected using various technologies such as Fast Ethernet, Gigabit...

## Case Study Configuring the Bootstrap Protocol

Sat, 17 Aug 2024 16:40:23 | Routing TCP IP

When PIMv2 was first described in RFC 2117, the bootstrap protocol was specified as the mechanism for automatic RP discovery. Cisco first supported PIMv2 in Cisco IOS Software Release 11.3T, and the bootstrap protocol is included in that support. The two steps to configure bootstrap are very similar to the two steps for configuring Auto-RP 1 All candidate RPs must be configured. 2 All candidate bootstrap routers (C-BSRs) must be configured. Figure 6-7 shows the same PIM topology used in the...

## Broadcast Multicast Behavior

Fri, 16 Aug 2024 23:13:30 | Network Design | 9 comments

A broadcast frame is a frame that goes to all network stations on a LAN. At the data link layer, the destination address of a broadcast frame is FF FF FF FF FF FF (all 1s in binary). A multicast frame is a frame that goes to a subset of stations. For example, a frame destined to 01 00 0C CC CC CC goes to Cisco routers and switches that are running the Cisco Discovery Protocol (CDP) on a LAN. Layer 2 internetworking devices, such as switches and bridges, forward broadcast and multicast frames...

## Understanding Broadcast and Collision Domains

Fri, 16 Aug 2024 22:26:34 | Traffic Share | 2 comments

The two primary concepts you need to understand when discussing the various concepts of switching are broadcast domain and collision domain. The simple network in Figure 1-1 illustrates these two concepts. The collision domain is defined as the set of hosts that are attached to the network which might not transmit at the same time without their transmissions colliding. For example, if Host A and Host B are connected through a straight wire, they cannot transmit at the same time. If, however,...

## Figure 23 A Multiport Repeater

Thu, 15 Aug 2024 13:27:27 | Load Balancing | 3 comments

A 10BaseT network is comprised of hubs and twisted-pair cables to interconnect workstations. Hubs are multiport repeaters and forward signals from one interface to all other interfaces. As in Figure 2-2, all stations attached to the hub in Figure 2-3 see all traffic, both the good and the bad. Repeaters perform several duties associated with signal propagation. For example, repeaters regenerate and retime the signal and create a new preamble. Preamble bits precede the frame destination MAC...

## SYN Flood Attack

Wed, 14 Aug 2024 02:06:41 | Pixfirewall Config

The attacker spoofs a nonexistent source IP address and floods the target with SYN packets. The target responds to SYN packets by sending SYN-ACK packets to the spoofed hosts. The target overflows its port buffer with embryonic connections and stops responding to legitimate requests. SYN flood attacks, also known as TCP flood or half-open connections attacks, are common DoS attacks perpetrated against IP servers. The attacker spoofs a nonexistent source IP address or IP addresses on the network...

## ISIS show Commands

Tue, 13 Aug 2024 08:56:20 | Routing and Switchin | 7 comments

After all ISs are configured, several show commands can verify connectivity when using IS-IS. These commands are as follows All the configurations in this section refer to Figure 8-10. The output of these commands is displayed throughout this section. IS-IS routes are marked with an i. L1 and L2 mark L1 and L2 routes. IS-IS routes use 115 as an administrative distance in Cisco routers. Example 8-22 displays the routing table on Router 8. Codes C - connected, S - static, I - IGRP, R - RIP, M -...

## Totally Stubby Area Configuration

Tue, 13 Aug 2024 08:56:20 | Routing and Switchin

In this section, you see what happens when you configure area 10 as a totally stubby area. First, area 10 is configured as a stub area, and the link-state database and routing tables of a router in the stub area are displayed. Next, area 10 is made a totally stubby area, with the same tables displayed. The following commands are added to all routers in area 10 to make the area a stub area. The link-state database and routing table on Router 7 had six summary network addresses and one external...

## Enterprise to Service Provider QoS Class Mapping Example

Mon, 12 Aug 2024 16:42:17 | QOS Implementing

The figure illustrates how the different enterprise traffic classes can be mapped into the four traffic classes offered by a service provider. In the example, there is no streaming video traffic. The following four traffic classes are offered by the service provider Controlled Latency A traffic class for all real-time traffic. The controlled latency class admits packets marked with CS5 and Expedited Forwarding (EF). Controlled Load 1 A traffic class for all highly bursty traffic. The controlled...

## Case Study EBGP Multihop

Mon, 12 Aug 2024 16:15:26 | Routing TCP IP

Just as you can establish an IBGP session between loopback interfaces, as demonstrated in the preceding case study, you also can establish EBGP sessions between loopback interfaces. Figure 3-9 shows such a session. Here, the end points of the EBGP session between Telluride and Alta are loopback interfaces. Figure 3-9 An EBGP Session Is Established Between Telluride's and Alta s Loopback Interfaces Figure 3-9 An EBGP Session Is Established Between Telluride's and Alta s Loopback Interfaces...

## Optimizing PPPoE MTU

Mon, 05 Aug 2024 20:15:12 | ISCW

This brief discussion is meant to add a bit of additional value to the overall picture. Perhaps some additional comprehension will result as well because many of the pieces of the PPPoE puzzle must be considered. However, this information does not fall under the category of Exam Objective. Discussions of payload sizing typically end in the assumption that bigger is better. If the MTU is as large as it can be, then the throughput must be optimal as well. Unfortunately, that is not the case. To...

## Analyzing Firewall Logs

Sun, 04 Aug 2024 17:10:56 | Firewall Config | 3 comments

The most important thing you can do with a firewall is collect and analyze its Syslog information. Firewall logs should be inspected on a regular basis. Always make sure the Syslog collector or server is configured to archive older information and that disk space is not completely consumed. The Syslog collector or server should be sized according to the following parameters The number of firewalls and other network devices sending Syslog messages to the Syslog server The number of Syslog events...

## Trivial File Transfer Protocol

Fri, 02 Aug 2024 16:39:39 | CCIE Security | 4 comments

TFTP is a protocol that allows data files to be transferred from one device to another using the connectionless protocol, UDP. TFTP uses UDP port number 69. TFTP is typically used in environments where bandwidth is not a major concern and IP packets that are lost can be re-sent by the higher layers (typically the application layer). TFTP has little security. In fact, the only way to provide security to TFTP transfer is by defining (on the TFRTP server) the directory on the host TFTP device and...

## Segmenting with Bridges

Fri, 02 Aug 2024 02:31:46 | Routing Protocols

A bridge is a hardware segmentation device that operates at the first two layers of the OSI reference model---the physical and data link layers. Bridges segment a LAN's media access domain. Therefore, installing a bridge between two LAN hubs results in two media access domains that share a common MAC broadcast domain. In general, all bridges work by building address tables. These tables are built and maintained by a bridge. Each is populated with a two-dimensional array or table. The bridging...

## And Guest VLANs

Wed, 31 Jul 2024 00:04:28 | SNRS

This topic describes the use of 802.1x with guest VLANs. I do not know A, I do know B, and B gets VLAN 10. I do not know A, I do know B, and B gets VLAN 10. 2007 Cisco Systems, Inc. All rights r It is possible to configure a guest VLAN for each IEEE 802.1x port on the switch to provide limited services to clients, such as Internet access or downloading the IEEE 802.1x client. Some clients might be upgrading their system for IEEE 802.1x authentication, while others, such as Microsoft Windows 98...

## Implicit deny

Tue, 30 Jul 2024 02:42:40 | Routing TCP IP

If no match statement is configured under a route map statement, the default action is to match everything. Each map statement may have multiple match and set statements, as follows route-map Garfield permit 10 match ip route-source 15 match interface Serial0 set metric-type type-1 set next-hop 10.1.2.3 In a case such as this, every match statement must be matched for the set statements to be executed. Case Study Policy Routing Policy routing is defined with the command ip policy route-map. The...

## PC Encryption Cards

Mon, 29 Jul 2024 20:16:06 | Security Policy

PC encryption cards are available for USB, LPT, COM, RS232, PCMCIA, and (E)ISA. These cards can be attached as peripherals or integrated in almost any computer device. Figure 3-4 shows the setup for data encryption using PC cards. Encryption can be accomplished locally and remotely on the file server. PC cardbased solutions using encryption cards provide secure file storage and file transmission over a LAN segment, as seen in Figure 3-4. This option can also be used to protect data within...

## Flow Control Using Windowing

Sun, 28 Jul 2024 07:07:06 | Data Link

TCP implements flow control by taking advantage of the Sequence and Acknowledgment fields in the TCP header, along with another field called the Window field. This Window field implies the maximum number of unacknowledged bytes allowed outstanding at any instant in time. The window starts small and then grows until errors occur. The window then slides up and down based on network performance, so it is sometimes called a sliding window. When the window is full, the sender will not send, which...

## Module Self Check

Fri, 26 Jul 2024 17:52:42 | MPLS Implementing | 7 comments

Use the questions here to review what you learned in this module. The correct answers and solutions are found in the Module Self-Check Answer Key. Q1) What are three drawbacks of traditional IP routing (Choose three.) (Source Introducing Basic MPLS Concepts) A) Routing protocols are used on all devices to distribute routing information. B) Regardless of protocol, routers always forward packets based on the IP destination address only (except for using PBR). C) Routing lookups are performed on...

## Routers and Layer3 Switches

Fri, 26 Jul 2024 05:30:47 | Routing and Switchin

Routers operate in the network layer of the OSI model. They make forwarding decisions based on network layer addresses (e.g., an IP address). Figure 2-7 shows that routers define both collision (bandwidth) and broadcast domains. Each router interface is a separate broadcast domain that is defined by a separate sub-network. Routers are protocol aware, which means that they are capable of forwarding packets of routable protocols such as IP, IPX, DECnet, and AppleTalk. Figure 2-7 Routers Define...

## Mitigating CAM Table Overflow Attacks

Thu, 25 Jul 2024 18:23:15 | Configuration Mode | 3 comments

A Cisco Catalyst switch uses a Content Addressable Memory (CAM) table to store the information used by the switch to make forwarding decisions. Specifically, the CAM table contains a listing of MAC addresses that have been learned from each switch port. Then, when a frame enters the switch, the switch interrogates the frame's destination MAC address. If the destination MAC address is known to exist off one of the switch ports, the frame is forwarded out only that port. For example, consider...

## Jitter Buffer Operation

Wed, 24 Jul 2024 01:41:43 | IP Telephony

The jitter buffer receives voice packets from the IP network at irregular intervals. Occasionally, the voice packets are out of sequence. The jitter buffer holds the packets briefly, reorders them if necessary, and then plays them out at evenly spaced intervals to the decoder in the DSP on the gateway. Algorithms in the DSP determine the size and behavior of the jitter buffer based on user configuration and current network jitter conditions. The DSP uses this information to maximize the number...

## Multihost Mode

Sun, 21 Jul 2024 12:53:30 | Port Security

When you must include hubs in your network topology, multihost mode is available as an option. In general, multihost mode does not change the default operation for 802.1X, and it is available on all Catalyst switches. To enable multihost mode on a switch running Cisco IOS software, enter the following command The main difference between single-auth mode and multihost mode is that after a MAC address is authenticated and authorized, any number of MAC addresses behind a hub can access the...

## Benefits and Uses of Multilayer Switches

Sat, 20 Jul 2024 17:45:27 | Routing Protocols | 4 comments

The multilayer switch is both faster and less expensive than a standalone router. These attributes make multilayer switches an attractive way to supplement a premise-edge router. Its best use is as a front end to an interior gateway router in a modified form of collapsed backbone LAN. Figure 15-3 illustrates this. Figure 15-3 A multilayer switch reduces the workload of the interior gateway router. Figure 15-3 A multilayer switch reduces the workload of the interior gateway router. This...

## Figure 314 An example of a collapsed backbone

Sat, 20 Jul 2024 17:45:27 | Routing Protocols

An important consideration in collapsed backbone topologies is that user communities are seldom conveniently distributed throughout a building. Instead, the users are scattered far and wide, which means that there is a good chance that they will be found on different LANs interconnected via a collapsed backbone router. Subsequently, simple network tasks among the members of a workgroup are likely to traverse the router. As fast as routers may be, they are still software driven. Therefore, in...

## Admin Context Configuration

Thu, 18 Jul 2024 17:45:39 | Security Appliance | 1 comment

The admin context is just like any other context, except that when a user logs in to the admin context, then that user has system administrator rights and can access the system and all other contexts. The admin context is not restricted in any way, and can be used as a regular context. However, because logging into the admin context grants you administrator privileges over all contexts, you might need to restrict access to the admin context to appropriate users. The admin context must reside on...

## Configuring MPLS on a Frame Mode Interface

Wed, 17 Jul 2024 22:10:21 | Wide Area Networks

This topic describes how to enable MPLS on a frame mode interface. This topic describes how to enable MPLS on a frame mode interface. Enable Tag Distribution Protocol (TDP) or Label Distribution Protocol (LDP) on the interface by using either tag switching or label switching. You enable the support for MPLS on a device by using mpls ip global configuration command, although this should be on by default, and then individually on every frame mode interface that participates in MPLS processes....

## Recommended approaches to implementing multiple IDS management consoles

Wed, 17 Jul 2024 16:49:33 | SCND | 1 comment

\- Hierarchical monitoring structure Event monitoring and management can be divided into the need for real-time event monitoring and management and the need to perform analysis based on archived information (reporting). These functions can be handled by a single server, or the functions can be placed on separate servers to scale deployment. The number of sensors that should be forwarding alarms to a single IDS management console is a function of the aggregate number of alarms per second...

## Hybrid Topologies

Mon, 15 Jul 2024 06:52:55 | Routing Protocols | 2 comments

Hybridization of multiple topologies is useful in larger, more complex networks. It allows the WAN to be tailored to actual traffic patterns instead of trying to force-fit those patterns into a rigid topological model. In other words, the basic topologies presented in this section are examples of constructs intended to stimulate your creative thought. There are no limits on the topological variety that can be introduced to a WAN. The effectiveness of each topology, and subsequent combination of...

## IGMP Version

Sun, 14 Jul 2024 22:11:27 | Routing and Switching

In October 2002, RFC 3376 defined specifications for IGMPv3. IGMPv3 is a major revision of the protocol and is very complex. To use the new features of IGMPv3, last-hop routers have to be updated, host operating systems have to be modified, and applications have to be specially designed and written. Unfortunately, at the time of this writing (mid-2005), a very limited number of IGMPv3 applications are available. Therefore, this section does not examine IGMPv3 in detail instead, it summarizes...

## Case Study Route Tagging

Sat, 13 Jul 2024 13:47:40 | Routing TCP IP

Figure 14.17 shows a situation in which routes from several routing domains, each running a separate routing protocol, are being redistributed into a single transit domain running OSPF. On the other side of the OSPF cloud, the routes must be redistributed back into their respective domains. Route filters can be used at the egress points from the OSPF cloud into each domain to permit only the routes that belong to that domain. However, if each domain has many routes or if the routes within the...

## Understanding Ethernet

Thu, 11 Jul 2024 10:51:55 | Data Link

A LAN is a common type of network found in home offices, small businesses, and large enterprises. Understanding how a LAN functions, including network components, frames, Ethernet addresses, and operational characteristics, is important for an overall knowledge of networking technologies. This lesson describes LANs and provides fundamental knowledge about LAN characteristics, components, and functions. It also describes the basic operations of an Ethernet LAN and how frames are transmitted over...

## NAC Architecture Overview

Thu, 11 Jul 2024 09:11:03 | Posture Validation

Figure 14-1 shows the components of a typical NAC deployment. Figure 14-1 Components of a Typical NAC Deployment Figure 14-1 Components of a Typical NAC Deployment End-user or host Also known as the endpoint. The endpoint is a device such as a PC, workstation or server that is connected to a switch, access point, or router through a direct connection. In a NAC deployment, the host that is running the Cisco Trust Agent (CTA) application, collects posture data from the computer and from any...

## What is EIGRP

Tue, 09 Jul 2024 10:01:10 | CCIE

Enhanced Interior Gateway Routing Protocol (EIGRP) is a classless routing protocol that directly interfaces to Internet Protocol (IP) as protocol 88. \* Multiple network-layer protocols 2002, Cisco Systems, Inc. All rights reservec EIGRP uses the multicast address of 224.0.0.10 for 'hellos' and routing updates instead of an all hosts broadcast like Routing Information Protocol (RIP) uses. EIGRP also employs a system of hello and hold timers to maintain neighbors. Aside from the initial routing...

## Trust CoS pass through DSCP

Mon, 08 Jul 2024 10:08:37 | QOS Implementing

Incoming CoS > cos-dscp map > internal dscp > dscp-cos map > egress queue Example QoS Mechanisms on the Catalyst 2950 Switch The example in the illustration provides a block diagram of the QoS mechanisms on the Catalyst 2950 switch. QoS ACLs using Layer 2, 3, and 4 access control parameters - Source destination MAC address, 16-bit Ethertype, source destination IP address, TCP UDP source or destination port number QoS ACLs using Layer 2, 3, and 4 access control parameters - Source...

## Troubleshooting Routing and Routing Protocols

Sat, 06 Jul 2024 18:10:48 | Interface Ethernet | 2 comments

Cisco would like all its certification exams CCNA included to prove that the test taker can build and troubleshoot live networks. Some people work with Cisco routers daily. Others' job function does not allow frequent access to routers. If the latter description applies to you, you might be trying to pass this certification so that you can move into jobs that involve routers and switches. Regardless, this section gives you some final insights into some tricky problems with routing protocols....

## Integrated Routing Protocols

Sat, 06 Jul 2024 18:10:48 | Interface Serial

So far, all the routing protocol functions discussed in this book fall under the classification of separate multiprotocol routing. To fully compare and contrast the meaning of this term with the alternative methods of integrated multiprotocol routing, a review of multiprotocol routing is in order. Consider Figure 6-18, which should remind you of one such concept. As discussed in Chapter 3, the router determines what type of Layer 3 packet is inside the received frame. There is a separate...

## Static Versus Dynamic Route Assignment

Sat, 06 Jul 2024 18:01:15 | CCDA

Static routes are manually configured on a router. They do not react to network outages. The one exception is when the static route specifies the outbound interface If the interface goes down, the static route is removed from the routing table. Because static routes are unidirectional, they must be configured for each outgoing interface the router will use. The size of today's networks makes it impossible to manually configure and maintain all the routes in all the routers in a timely manner....

## Understanding Error Correction Mode

Thu, 04 Jul 2024 13:58:46 | Voice Gateways

Initially found on more expensive fax machines, ECM is a feature that is found increasingly more often on today's fax devices. Defined by ITU-T Recommendation T.30 Annex A, ECM ensures a much higher level of fax page data integrity than what is consistently achieved on non-ECM G3 fax transactions. Whereas normal G3 fax transactions typically present a fax with acceptable quality, ECM usually guarantees near perfect quality. The ECM feature is negotiated at the beginning of a fax call during the...

## WLAN Antennas

Tue, 02 Jul 2024 11:18:35 | Root Bridge | 1 comment

A variety of antennas suited for wireless LANs are available. Each type of antenna is designed for a specific application, either due to its ability to cover a certain area or pattern, or its capability to add gain to the signal. Omnidirectional antennas, such as the one shown in Figure 17-18, can be made in the shape of a thin cylinder. The rubber duckie-style antenna that is pictured can be folded up or down, depending on how the AP is mounted. Other omnidirectional antennas include the...

## Dependent LU Support

Sun, 30 Jun 2024 18:31:29 | Channel Attached

Most SNA networks have dependent LUs that require a VTAM session in order to communicate with other SNA LUs. If you know you don't need dependent LU support, you can skip this section. Otherwise, read this section to understand what dependent LU support is, why it is needed, and where you should put the function. In subarea SNA, when SNA devices are activated, VTAM establishes control sessions with these devices. The control sessions are SSCP-to-PU sessions or SSCP-to-LU sessions. These...

## Routing over Trunk Links

Sun, 30 Jun 2024 01:55:57 | Switching | 3 comments

A more robust and cost effective approach uses trunk links between the switches and routers, instead of multiple physical links. Because trunk links transport multiple VLANs over a single link, only one link to an external router is required. A router connected to a switch by a single trunk link is usually referred to as a router on a stick, or a one-armed router. However, a router can also connect to several switches using trunk links. This connection provides end-to-end Layer 3 connectivity...

## Configuring Authentication Proxy on the Cisco IOS Firewall

Tue, 25 Jun 2024 09:29:42 | Authentication Proxy | 1 comment

Authentication proxy enables users to connect through the firewall to a resource only after a AAA server has verified their credentials. After the authentication is complete, the Cisco IOS Firewall receives authorization information from the AAA server in the form of a dynamic access list. It is always a good idea to ensure that all traffic is properly flowing through the Cisco IOS Firewall prior to implementing authentication proxy. Access lists applied to the Cisco IOS Firewall determine the...

## Cisco IOS Firewall IDS Configuration

Tue, 25 Jun 2024 09:27:49 | Intrusion Detection

The Internet connection point of nearly all companies is through some routing device. In this section, you will look at the configuration of the Cisco IOS Firewall IDS for a router that is acting as the Internet connection point for a large company. This company has other WAN links to other sites. All Internet-bound traffic is routed through the central site. The Internet connection is provided for Internet browsing and e-mail only. There are no Internet servers...

## Switch Security Best Practices for Unused and User Ports

Tue, 25 Jun 2024 09:09:29 | Routing and Switching | 1 comment

The first three items in the list of best practices for unused and user ports are mostly covered in earlier chapters. For a brief review, Example 21-7 shows an example configuration on a Cisco 3550 switch, with each of these items configured and noted. In this example, fa0 1 is a currently unused port. CDP has been disabled on the interface, but it remains enabled globally, on the presumption that some ports still need CDP enabled. DTP has been disabled as well, and STP Root Guard and BPDU...

## Port Security Configuration Script

Tue, 25 Jun 2024 09:09:29 | SCND | 1 comment

Enable port security on Fast Ethernet port 1 Set the maximum number of secure addresses to 50 Set violation mode to default No static secure MAC addresses needed Switch(config) interface fastethernet0 1 Switch(config-if) switchport mode access Switch(config-if) switchport port-security Switch(config-if) switchport port-security maximum 50 Switch(config-if) switchport port-security mac-address sticky Switch(config-if) switchport port-security aging time 20 Switch(config-if) end MAC addresses...

## Virtual Link Configuration Example

Mon, 24 Jun 2024 17:31:46 | Ospf Network

Previous sections discussed the characteristics of OSPF virtual links and provided an example. You now learn how to configure a virtual link in a real network. You are also going to see some packet captures of the virtual link in operation as well as understand the operation of a virtual link. This can help you understand how the packets flow throughout the network. The network you are to configure is shown in Figure 4-31. Note that a new area exists that cannot be physically connected to area...

## Issues in a Poorly Designed Network

Sat, 22 Jun 2024 00:36:41 | BCMSN | 3 comments

Reduced support for services and solutions 2004, Cisco Systems, Inc. All rights reserved. BCMSN v2.1 1-37 A poorly designed network has increased support costs, reduced services and solutions that can be supported, and nonoptimal performance issues that most likely will affect end users directly. Here are some of the issues that stem from a poorly designed network Failure domains One of the most important reasons to implement an effective design is to reduce the impact of network problems...

## NAT Firewalls

Fri, 21 Jun 2024 08:03:28 | Firewall Fundamentals

A distinct firewall that existed for a short period is the Network Address Translation (NAT) firewall. In today's firewall market, NAT is a part of almost every firewall product available. From the lowliest SOHO firewall such as the Linksys BEFSX41 to the high-end enterprise PIX 535, NAT is now a function of a firewall. NAT firewalls automatically provide protection to systems behind the firewall because they only allow connections that originate from the inside of the firewall. The basic...

## Figure 123 Routed Port and SVI Configuration

Fri, 21 Jun 2024 02:22:30 | CCIE

Example 1-34 lists the relevant portions of the dragon switch. Example 1-34. Dragon Switch Configuration ip subnet-zero ip routing Routing enabled 1 spanning-tree extend system-id Extended System ID in use switchport access vlan 100 VLAN 10 0 no ip address < < < text omitted> > > switchport access vlan 10 VLAN 10 no ip address switchport access vlan 10 VLAN 10 no ip address interface FastEthernet0 6 no ip address switchport access vlan 100 VLAN 10 0 no ip address interface...

## Enterprise Branch Architecture

Wed, 19 Jun 2024 07:22:53 | Network Design | 1 comment

Recall that the Cisco Enterprise Architecture, based on the Cisco SONA, includes branch modules that focus on the remote places in the network. Enterprises are seeking opportunities to protect, optimize, and grow their businesses by increasing security consolidating voice, video, and data onto a single IP network and investing in applications that will improve productivity and operating efficiencies. These services provide enterprises with new opportunities to reduce costs, improve...

## Relation to Traffic Routing

Sun, 16 Jun 2024 03:02:13 | Internet Routing

The following are the major tasks of the RA per the NSF proposal Promote Internet routing stability and manageability. The route server accomplishes much of this task by reducing the number of BGP peers a router is required to maintain and by applying policy before passing routing information on to the peer, thereby alleviating the processing resources required by the router to filter the routing information. Establish and maintain network topology databases by such means as exchanging routing...

## IBGP Full Mesh

Fri, 14 Jun 2024 19:05:23 | BGP | 2 comments

Full mesh of IBGP sessions has to be established between all BGP-speaking routers in the AS for proper IBGP route propagation. Full mesh of IBGP sessions has to be established between all BGP-speaking routers in the AS for proper IBGP route propagation. The IBGP full mesh is a logical mesh of TCP sessions only physical full mesh is not required. Because every router on the transit path within the AS must have routing information about all external networks that are received by any of the border...

## Finding an Alternative Path to a Remote Network

Thu, 13 Jun 2024 16:14:34 | Autonomous System | 1 comment

When the path to a network is lost, EIGRP goes to a lot of trouble to find an alternative path. This process is one of the major benefits of EIGRP. The method it has chosen is very reliable and very fast. Figure 7-9 and the following list describe the process. NOTE Note that the metric shown in Figure 7-9 has been simplified for the purposes of this example. Using Figure 7-9 as reference for the topology of the network, follow the sequence of events Router D marks the routes that were reached...

## Route Selection Process

Thu, 13 Jun 2024 16:13:49 | Autonomous System

As can be seen, BGP-4 has many options by which to select one route above another. If EIGRP is complicated in its selection of feasible routes, then BGP-4 is dramatic in its choice of criteria by which the selection is made. That is the key difference. It is not the maintenance of a loopfree network with a very low convergence time that is the goal for BGP-4, but rather the capability to manipulate the traffic flow through the network. That the network is loop-free is critical to the success of...

## IBGP Advanced Configuration Synchronization Rule

Thu, 13 Jun 2024 07:05:33 | CCIE

Synchronization Rule Do not advertise a route if your IGP does not have it in its routing table. 2002, Cisco Systems, Inc. All rights reserved. Cisco CCIE Prep v1.0 Module 8-26 The BGP rule of synchronization states that if an AS provides transit service to another AS, BGP should not advertise a route until all of the routers within the AS have learned about the route via an IGP. In other words, it states Do not advertise a route if the IGP does not have it in its routing table. This is an...

## DHCP Starvation and Spoofing Attacks

Mon, 10 Jun 2024 08:50:35 | SNRS | 2 comments

This topic describes the DHCP spoofing and starvation attacks. Attacker attempting to set up rogue DHCP server DHCP requests with spoofed MAC addresses Attacker attempting to set up rogue DHCP server Attacker attempting to starve DHCP server DHCP requests with spoofed MAC addresses Attacker attempting to starve DHCP server 2007 Cisco Systems, Inc. All rights re A DHCP starvation attack works by broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with attack tools such...

## OSPF Packet Types

Mon, 10 Jun 2024 07:17:06 | Large Scale IP

As mentioned previously, OSPF has five kinds of routing protocol packets, and each is identified by the Type field in the protocol header. Now, we will discuss those packet types in more detail. OSPF Packet type 1, as shown in Figure 9-2, is the hello packet. Hello packets are sent periodically to all functional OSPF interfaces, and are used to detect neighbors. OSPF packets are sent to the multicast address 224.0.0.5. The basic function of the hello packet is to establish a neighbor...

## Route Map Operation

Fri, 07 Jun 2024 23:30:00 | Cisco Internetworks

A list of statements constitutes a route map. The list is processed top-down like an access list. The first match found for a route is applied. The sequence number is used for inserting or deleting specific route map statements. route-map my\_bgp permit 10 match statements match statements set statements set statements route-map my\_bgp deny 20 Route maps operate in a manner similar to ACLs. When determining which routes will be redistributed from one protocol to the next, the router checks each...

## Case Study Basic Mplsvpn Intranet Service

Tue, 04 Jun 2024 11:45:09 | VPN Architectures

One of the simplest VPN topologies you can provision using the MPLS VPN architecture is an Intranet between multiple sites that belong to the same organization. This topology is the basic VPN network structure that provides any-to-any connectivity between sites using the enhanced peer-to-peer model discussed in Chapter 8, Virtual Private Network (VPN) Implementation Options. Using the same mechanisms you use to build the Intranet topology, you can add more advanced services and connectivity...

## Maninthe Middle Attacks

Sun, 02 Jun 2024 18:43:39 | VPN Configuration

So that you have a better understanding of a man-in-the-middle attack, I'll use Figure 2-5 to illustrate how this attack occurs. In this example, PeerA wants to send data to PeerB. PeerA does a DNS lookup for PeerB's address, shown in Step 1. However, the attacker also sees the DNS request and sends a reply back to PeerA before the DNS server has a chance, shown in Steps 2 and 3. The IP address that the attacker sends is the attacker's own IP address. PeerA knows no better and assumes that when...

- About
- Contact
- Advertise
- Privacy Policy
- Resources