Quick
Notes - INTERNETWORKING
What are the three
layers of the Cisco Hierarchical Model?
The three layers of the Cisco Hierarchical Model are:1
The access layer
The distribution layer
The core layer
In the Cisco Hierarchical Model, what is the function of the access layer?
Sometimes referred to as the desktop layer, the access layer is the point at which users connect to the network through low-end switches. Some functions of the access layer include:
Connectivity into the distribution layer
Shared Bandwidth
MAC Address filtering (switching)
Segmentation
What is the function of the distribution layer in the Cisco Hierarchical Model?
The distribution layer is also known as the workgroup layer. It is the demarcation point between the access and core layers of the network. Its primary function is to provide routing, filtering, and WAN access. The distribution layer determines how packets access the core, so it is the layer at which to implement policy-based connectivity. Some functions include the following:
Collection point for access layer devices
Broadcast and multicast domain segmentation
Security and filtering services such as firewalls and access lists
Providing translation between different media types
Inter-VLAN routing
What is the role of the core layer in the Cisco Hierarchical Model?
The core layer is the backbone of the network. Its main function is to switch traffic as fast as possible. Therefore, it should not perform any filtering to slow down traffic.
The ISO's OSI Reference Model contains seven layers. What are they? Include the layer number and name of each layer in your answer.
The seven layers of the OSI model are as follows:
Layer 7 - Application layer
Layer 6 - Presentation layer
Layer 5 - Session layer
Layer 4 - Transport layer
Layer 3 - Network layer
Layer 2 - Data link layer
Layer 1 - Physical layer
What are some reasons that the industry uses a layered model?
Here are some reasons why the industry uses a layered model:
It encourages industry standardization by defining what functions occur at each level.
It allows vendors to modify or improve components at only one layer versus rewriting the whole protocol stack.
It helps interoperability by defining standards for the operations at each level.
It helps with troubleshooting.
What does the application layer (Layer 7) of the OSI model do, and what are some examples of this layer?
The application layer is the layer that is closest to the user. This means that this layer interacts directly with the software application. The application layer's main function is to identify and establish communication partners, determine resource availability, and synchronize communication. Some examples include the following:
TCP/IP applications such as Telnet, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), WWW, and HTTP.
OSI applications such as Virtual Terminal Protocol, File
Transfer, Access, and Management (FTAM), and Common Management Information Protocol (CMIP).
In the OSI model, what are the responsibilities of the presentation layer (Layer 6)? Give some examples of this layer.
Also known as the translator, the presentation layer provides coding and conversion functions to application layer data. This guarantees that the application layer on another system can read data transferred from the application layer of a different system. Some examples of the presentation layer are:
Compression, decompression, and encryption
JPEG, TIFF, GIFF, PICT, QuickTime, MPEG, and ASCII
What are the functions of the session layer (Layer 5)? Give some examples.
The session layer is responsible for creating, managing, and ending communication sessions between presentation layer entities. These sessions consist of service requests and responses that develop between applications located on different network devices. Some examples include SQL, RPC, NFS, X Window System, ZIP, NetBIOS names, and AppleTalk ASP.
What is the transport layer (Layer 4) responsible for? Give some examples of transport layer implementations.
The transport layer segments and reassembles data from upper-layer applications into data streams. It provides reliable data transmission to upper layers. End-to-end communications, flow control, multiplexing, error detection and correction, and virtual circuit management are typical transport layer functions. Some examples include TCP, UDP*, and SPX.
Note: watch out for end-to-end on communications on the exam! Transport layer.
* Error correction does not apply to UDP - connection-less - unreliable.....
What is flow control, and what are the three methods of implementing it?
Flow control is the method of controlling the rate at which a computer sends data, thus preventing network congestion. The three methods of implementing flow control are
Buffering
Congestion avoidance
Windowing
Almost certain to be on the exam.
Describe the function of the network layer (Layer 3), and give some examples of network layer implementations.
The network layer provides internetwork routing and logical network addresses. It defines how to transport traffic between devices that are not locally attached. The network layer also supports connection-oriented and connectionless service from higher-layer protocols. Routers operate at the network layer. IP, IPX, AppleTalk, and DDP are examples of network layer implementations.
Are network layer addresses physical or logical?
Network layer addresses are logical addresses specific to the network layer protocol being run on the network. Each network layer protocol has a different addressing scheme. They are usually hierarchical and define networks first and then host or devices on that network. An example of a network address is an IP address, which is a 32-bit address often expressed in decimal format. 192.168.0.1 is an example of an IP address in decimal format.
How do routers function at the network layer of the OSI model?
Routers learn, record, and maintain awareness of different networks. They decide the best path to these networks and maintain this information in a routing table. The routing table includes the following:
Network addresses, which are protocol-specific. If you are running more than one protocol, you have a network address for each protocol.
The interface the router uses to route a packet to a different network.
A metric, which is the distance to a remote network or the weight of the bandwidth, load, delay, and reliability of the path to the remote network.
Routers create broadcast domains. One interface on a router creates a single broadcast domain and collision domain. However, an interface on a switch creates only a single collision domain.
In addition to learning the remote network and providing a path to the network, what other functions do routers carry out?
Routers perform these tasks:
Routers, by default, do not forward broadcasts or multicasts.
Routers can perform bridging and routing functions.
If a router has multiple paths to a destination, it can determine the best path to the destination.
Routers forward traffic based on Layer 3 destination addresses.
Routers can connect Virtual LANs (VLANs).
Routers can provide quality of service for specified types of network traffic.
What is the responsibility of the data link layer (Layer 2)?
The data link layer provides functional and procedural means for connectionless mode among network entities, and for connection mode entities it provides the establishment, maintenance, and release of data link connections among network entities and for the transfer of data link service data units. The data link layer translates messages from the network layer into bits for the physical layer, and it enables the network layer to control the interconnection of data circuits within the physical layer. Its specifications define different network and protocol characteristics, including physical addressing, error notification, network topology, and sequencing of frames. Data link protocols provide the delivery across individual links and are concerned with the different media types, such as 802.2 and 802.3. The data link layer is responsible for putting 1s and 0s into a logical group. These 1s and 0s are then put on the physical wire. Some examples of data link layer implementations are IEEE 802.2/802.3, IEEE 802.5/802.2, packet trailer (for Ethernet, the FCS or CRC), FFDI, HDLC, and Frame Relay.
The IEEE defines what two sublayers of the data link layer?
The two sublayers of the data link layer are
The Logical Link Control (LLC) sublayer
The Media Access Control (MAC) sublayer
These two sublayers provide physical media independence.
For what is the LLC sublayer responsible?
The Logical Link Control (802.2) sublayer is responsible for identifying different network layer protocols and then encapsulating them to be transferred across the network. An LLC header tells the data link layer what to do with a packet after it is received.
What functions does the Media Access Control (MAC) sublayer provide?
The MAC sublayer specifies how data is placed and transported over the physical wire. The LLC layer communicates with the network layer, but the MAC layer communicates downward directly to the physical layer. Physical addressing (MAC addresses), network topologies, error notification, and delivery of frames are defined at this sublayer.
What are some network devices that operate at the data link layer?
Bridges and switches are network devices that operate at the data link layer. Both devices filter traffic by MAC addresses.
What is the function of the OSI model's physical layer (Layer 1)? Give some examples of physical layer implementations.
The physical layer defines the physical medium. It defines the media type, the connector type, and the signaling type (baseband versus broadband). This includes voltage levels, physical data rates, and maximum cable lengths. The physical layer is responsible for converting frames into electronic bits of data, which are then sent or received across the physical medium. Twisted pair, coaxial cable, and fiber-optic cable operate at this level. Other implementations at this layer are repeaters/hubs, RJ-45.
The Ethernet and IEEE 802.3 standards define what three physical wiring standards that operate at 10 Mbps?
These physical wiring standards operate at 10 Mbps:
10Base2
10Base5
10BaseT
What are collision domains?
In Ethernet segments, devices connect to the same physical medium. Because of this, all devices receive all signals sent across the wire. If two devices send a packet at the same time, a collision occurs. In the event of a collision, the two devices run a backoff algorithm and resend the packet. The devices retransmit up to 15 times. The first station to detect a collision issues a jam signal. When a jam signal is sent from a workstation, it affects all of the machines on the segment, not just the two that collided; when the jam signal is on the wire, no workstations can transmit data. The more collisions that occur in a network, the slower it will be, because the devices will have to resend the packet. A collision domain defines a group of devices connected to the same physical medium.
What are broadcast domains?
A broadcast domain defines a group of devices that receive each others' broadcast messages. As with collisions, the more broadcasts that occur on the network, the slower your network will be. This is because every device that receives a broadcast must process it to see if the broadcast is intended for it.
What devices are used to break up collision and broadcast domains?
Switches and bridges are used to break up collision domains. They create more collision domains and fewer collisions. Routers are used to break up broadcast domains. They create more broadcast domains and smaller broadcast areas.
How do the different layers of the OSI model communicate with each other?
Each layer of the OSI model can communicate only with the layer above it, below it, and parallel to it (a peer layer). For example, the presentation layer can communicate with only the application layer, session layer, and presentation layer on the machine it is communicating with. These layers communicate with each other using protocol data units (PDUs). These PDUs control information that is added to the user data at each layer of the model. This information resides in fields called headers (the front of the data field) and trailers (the end of the data field).
What is data encapsulation?
A PDU can include different information as it goes up or down the OSI model. It is given a different name according to the information it is carrying (the layer it is at). When the transport layer receives upper layer data, it adds a TCP header to the data; this is called a segment. The segment is then passed to the network layer, and an IP header is added; thus, the data becomes a packet. The packet is passed to the data link layer, thus becoming a frame. This frame is then converted into bits and is passed across the network medium. This is data encapsulation. For the CCNA test, you should know the following:
Application layer -- Data
Transport layer -- Segment
Network layer -- Packet
Data link layer -- Frame
There is also the Physical Layer -- Bits
What is the difference between a routing protocol and a routed protocol?
Routing protocols determine how to route traffic to the best location of a routed protocol. Examples of routing protocols are RIP, EIGRP, OSFP, and BGP. Examples of routed protocols are IP and IPX.
What 3 devices are used to segment a LAN?
Router
Switch
Bridge
The three layers of the Cisco Hierarchical Model are:1
The access layer
The distribution layer
The core layer
In the Cisco Hierarchical Model, what is the function of the access layer?
Sometimes referred to as the desktop layer, the access layer is the point at which users connect to the network through low-end switches. Some functions of the access layer include:
Connectivity into the distribution layer
Shared Bandwidth
MAC Address filtering (switching)
Segmentation
What is the function of the distribution layer in the Cisco Hierarchical Model?
The distribution layer is also known as the workgroup layer. It is the demarcation point between the access and core layers of the network. Its primary function is to provide routing, filtering, and WAN access. The distribution layer determines how packets access the core, so it is the layer at which to implement policy-based connectivity. Some functions include the following:
Collection point for access layer devices
Broadcast and multicast domain segmentation
Security and filtering services such as firewalls and access lists
Providing translation between different media types
Inter-VLAN routing
What is the role of the core layer in the Cisco Hierarchical Model?
The core layer is the backbone of the network. Its main function is to switch traffic as fast as possible. Therefore, it should not perform any filtering to slow down traffic.
The ISO's OSI Reference Model contains seven layers. What are they? Include the layer number and name of each layer in your answer.
The seven layers of the OSI model are as follows:
Layer 7 - Application layer
Layer 6 - Presentation layer
Layer 5 - Session layer
Layer 4 - Transport layer
Layer 3 - Network layer
Layer 2 - Data link layer
Layer 1 - Physical layer
What are some reasons that the industry uses a layered model?
Here are some reasons why the industry uses a layered model:
It encourages industry standardization by defining what functions occur at each level.
It allows vendors to modify or improve components at only one layer versus rewriting the whole protocol stack.
It helps interoperability by defining standards for the operations at each level.
It helps with troubleshooting.
What does the application layer (Layer 7) of the OSI model do, and what are some examples of this layer?
The application layer is the layer that is closest to the user. This means that this layer interacts directly with the software application. The application layer's main function is to identify and establish communication partners, determine resource availability, and synchronize communication. Some examples include the following:
TCP/IP applications such as Telnet, File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), WWW, and HTTP.
OSI applications such as Virtual Terminal Protocol, File
Transfer, Access, and Management (FTAM), and Common Management Information Protocol (CMIP).
In the OSI model, what are the responsibilities of the presentation layer (Layer 6)? Give some examples of this layer.
Also known as the translator, the presentation layer provides coding and conversion functions to application layer data. This guarantees that the application layer on another system can read data transferred from the application layer of a different system. Some examples of the presentation layer are:
Compression, decompression, and encryption
JPEG, TIFF, GIFF, PICT, QuickTime, MPEG, and ASCII
What are the functions of the session layer (Layer 5)? Give some examples.
The session layer is responsible for creating, managing, and ending communication sessions between presentation layer entities. These sessions consist of service requests and responses that develop between applications located on different network devices. Some examples include SQL, RPC, NFS, X Window System, ZIP, NetBIOS names, and AppleTalk ASP.
What is the transport layer (Layer 4) responsible for? Give some examples of transport layer implementations.
The transport layer segments and reassembles data from upper-layer applications into data streams. It provides reliable data transmission to upper layers. End-to-end communications, flow control, multiplexing, error detection and correction, and virtual circuit management are typical transport layer functions. Some examples include TCP, UDP*, and SPX.
Note: watch out for end-to-end on communications on the exam! Transport layer.
* Error correction does not apply to UDP - connection-less - unreliable.....
What is flow control, and what are the three methods of implementing it?
Flow control is the method of controlling the rate at which a computer sends data, thus preventing network congestion. The three methods of implementing flow control are
Buffering
Congestion avoidance
Windowing
Almost certain to be on the exam.
Describe the function of the network layer (Layer 3), and give some examples of network layer implementations.
The network layer provides internetwork routing and logical network addresses. It defines how to transport traffic between devices that are not locally attached. The network layer also supports connection-oriented and connectionless service from higher-layer protocols. Routers operate at the network layer. IP, IPX, AppleTalk, and DDP are examples of network layer implementations.
Are network layer addresses physical or logical?
Network layer addresses are logical addresses specific to the network layer protocol being run on the network. Each network layer protocol has a different addressing scheme. They are usually hierarchical and define networks first and then host or devices on that network. An example of a network address is an IP address, which is a 32-bit address often expressed in decimal format. 192.168.0.1 is an example of an IP address in decimal format.
How do routers function at the network layer of the OSI model?
Routers learn, record, and maintain awareness of different networks. They decide the best path to these networks and maintain this information in a routing table. The routing table includes the following:
Network addresses, which are protocol-specific. If you are running more than one protocol, you have a network address for each protocol.
The interface the router uses to route a packet to a different network.
A metric, which is the distance to a remote network or the weight of the bandwidth, load, delay, and reliability of the path to the remote network.
Routers create broadcast domains. One interface on a router creates a single broadcast domain and collision domain. However, an interface on a switch creates only a single collision domain.
In addition to learning the remote network and providing a path to the network, what other functions do routers carry out?
Routers perform these tasks:
Routers, by default, do not forward broadcasts or multicasts.
Routers can perform bridging and routing functions.
If a router has multiple paths to a destination, it can determine the best path to the destination.
Routers forward traffic based on Layer 3 destination addresses.
Routers can connect Virtual LANs (VLANs).
Routers can provide quality of service for specified types of network traffic.
What is the responsibility of the data link layer (Layer 2)?
The data link layer provides functional and procedural means for connectionless mode among network entities, and for connection mode entities it provides the establishment, maintenance, and release of data link connections among network entities and for the transfer of data link service data units. The data link layer translates messages from the network layer into bits for the physical layer, and it enables the network layer to control the interconnection of data circuits within the physical layer. Its specifications define different network and protocol characteristics, including physical addressing, error notification, network topology, and sequencing of frames. Data link protocols provide the delivery across individual links and are concerned with the different media types, such as 802.2 and 802.3. The data link layer is responsible for putting 1s and 0s into a logical group. These 1s and 0s are then put on the physical wire. Some examples of data link layer implementations are IEEE 802.2/802.3, IEEE 802.5/802.2, packet trailer (for Ethernet, the FCS or CRC), FFDI, HDLC, and Frame Relay.
The IEEE defines what two sublayers of the data link layer?
The two sublayers of the data link layer are
The Logical Link Control (LLC) sublayer
The Media Access Control (MAC) sublayer
These two sublayers provide physical media independence.
For what is the LLC sublayer responsible?
The Logical Link Control (802.2) sublayer is responsible for identifying different network layer protocols and then encapsulating them to be transferred across the network. An LLC header tells the data link layer what to do with a packet after it is received.
What functions does the Media Access Control (MAC) sublayer provide?
The MAC sublayer specifies how data is placed and transported over the physical wire. The LLC layer communicates with the network layer, but the MAC layer communicates downward directly to the physical layer. Physical addressing (MAC addresses), network topologies, error notification, and delivery of frames are defined at this sublayer.
What are some network devices that operate at the data link layer?
Bridges and switches are network devices that operate at the data link layer. Both devices filter traffic by MAC addresses.
What is the function of the OSI model's physical layer (Layer 1)? Give some examples of physical layer implementations.
The physical layer defines the physical medium. It defines the media type, the connector type, and the signaling type (baseband versus broadband). This includes voltage levels, physical data rates, and maximum cable lengths. The physical layer is responsible for converting frames into electronic bits of data, which are then sent or received across the physical medium. Twisted pair, coaxial cable, and fiber-optic cable operate at this level. Other implementations at this layer are repeaters/hubs, RJ-45.
The Ethernet and IEEE 802.3 standards define what three physical wiring standards that operate at 10 Mbps?
These physical wiring standards operate at 10 Mbps:
10Base2
10Base5
10BaseT
What are collision domains?
In Ethernet segments, devices connect to the same physical medium. Because of this, all devices receive all signals sent across the wire. If two devices send a packet at the same time, a collision occurs. In the event of a collision, the two devices run a backoff algorithm and resend the packet. The devices retransmit up to 15 times. The first station to detect a collision issues a jam signal. When a jam signal is sent from a workstation, it affects all of the machines on the segment, not just the two that collided; when the jam signal is on the wire, no workstations can transmit data. The more collisions that occur in a network, the slower it will be, because the devices will have to resend the packet. A collision domain defines a group of devices connected to the same physical medium.
What are broadcast domains?
A broadcast domain defines a group of devices that receive each others' broadcast messages. As with collisions, the more broadcasts that occur on the network, the slower your network will be. This is because every device that receives a broadcast must process it to see if the broadcast is intended for it.
What devices are used to break up collision and broadcast domains?
Switches and bridges are used to break up collision domains. They create more collision domains and fewer collisions. Routers are used to break up broadcast domains. They create more broadcast domains and smaller broadcast areas.
How do the different layers of the OSI model communicate with each other?
Each layer of the OSI model can communicate only with the layer above it, below it, and parallel to it (a peer layer). For example, the presentation layer can communicate with only the application layer, session layer, and presentation layer on the machine it is communicating with. These layers communicate with each other using protocol data units (PDUs). These PDUs control information that is added to the user data at each layer of the model. This information resides in fields called headers (the front of the data field) and trailers (the end of the data field).
What is data encapsulation?
A PDU can include different information as it goes up or down the OSI model. It is given a different name according to the information it is carrying (the layer it is at). When the transport layer receives upper layer data, it adds a TCP header to the data; this is called a segment. The segment is then passed to the network layer, and an IP header is added; thus, the data becomes a packet. The packet is passed to the data link layer, thus becoming a frame. This frame is then converted into bits and is passed across the network medium. This is data encapsulation. For the CCNA test, you should know the following:
Application layer -- Data
Transport layer -- Segment
Network layer -- Packet
Data link layer -- Frame
There is also the Physical Layer -- Bits
What is the difference between a routing protocol and a routed protocol?
Routing protocols determine how to route traffic to the best location of a routed protocol. Examples of routing protocols are RIP, EIGRP, OSFP, and BGP. Examples of routed protocols are IP and IPX.
What 3 devices are used to segment a LAN?
Router
Switch
Bridge
Quick
Notes - CABLING TECHNOLOGY
What is a
straight-through cable, and when would you use it?
A straight-through cable is the same at both ends. A straight-through cable uses pins 1, 2, 3, and 6. The send and receive wires are not crossed. You should use a straight-through cable when connecting dissimilar devices. Examples include connecting PCs to switches or hubs or a router to a switch or a hub.
What is a crossover cable, and when would you use it?
A crossover cable is a cable that has the send and receive wires crossed at one of the ends. On a Category 5 cable, the 1 and 3 wires and the 2 and 6 wires are switched on one of the cable's ends. You should use a crossover cable when connecting similar devices, such as connecting a router to a router, a switch to a switch or hub, a hub to a hub, or a PC to a PC.
Important tip -- Router (think of it as a PC) to PC via 10BaseT (NIC) uses a "crossover cable". (contradicts the rule)
How do you set up a console session to a Cisco device?
To set up a console session to a Cisco device, you connect a rollover cable to the console port on the Cisco device. You then connect the other end to your PC and configure a terminal emulation application to the following com settings: 9600 bps, 8 data bits, no parity, 1 stop bit, and no flow control.
What is the maximum cable length for each of the following?
10Base2
10Base510
BaseT
10BaseFL
100BaseT
The maximum cable lengths are as follows:
10Base2 (thinnet) 185 meters
10Base5 (thicknet) 500 meters
10BaseT 100 meters
10BaseFL 2000 meters (400 meters in a shared environment and 2000 meters in a point-to-point environment)
100BaseT 100 meters
What does Base stand for in 10BaseT and 100BaseT?
Base in 10BaseT and 100BaseT stands for baseband. Baseband is a network technology in which only one carrier frequency (signal) is used.
What is the difference between baseband and broadband?
Baseband is a network technology in which only one carrier frequency is used (such as Ethernet). Broadband is a network technology in which several independent channels are multiplexed into one cable (for example, a T1 line)
A straight-through cable is the same at both ends. A straight-through cable uses pins 1, 2, 3, and 6. The send and receive wires are not crossed. You should use a straight-through cable when connecting dissimilar devices. Examples include connecting PCs to switches or hubs or a router to a switch or a hub.
What is a crossover cable, and when would you use it?
A crossover cable is a cable that has the send and receive wires crossed at one of the ends. On a Category 5 cable, the 1 and 3 wires and the 2 and 6 wires are switched on one of the cable's ends. You should use a crossover cable when connecting similar devices, such as connecting a router to a router, a switch to a switch or hub, a hub to a hub, or a PC to a PC.
Important tip -- Router (think of it as a PC) to PC via 10BaseT (NIC) uses a "crossover cable". (contradicts the rule)
How do you set up a console session to a Cisco device?
To set up a console session to a Cisco device, you connect a rollover cable to the console port on the Cisco device. You then connect the other end to your PC and configure a terminal emulation application to the following com settings: 9600 bps, 8 data bits, no parity, 1 stop bit, and no flow control.
What is the maximum cable length for each of the following?
10Base2
10Base510
BaseT
10BaseFL
100BaseT
The maximum cable lengths are as follows:
10Base2 (thinnet) 185 meters
10Base5 (thicknet) 500 meters
10BaseT 100 meters
10BaseFL 2000 meters (400 meters in a shared environment and 2000 meters in a point-to-point environment)
100BaseT 100 meters
What does Base stand for in 10BaseT and 100BaseT?
Base in 10BaseT and 100BaseT stands for baseband. Baseband is a network technology in which only one carrier frequency (signal) is used.
What is the difference between baseband and broadband?
Baseband is a network technology in which only one carrier frequency is used (such as Ethernet). Broadband is a network technology in which several independent channels are multiplexed into one cable (for example, a T1 line)
Quick
Notes - ACCESS LISTS
Besides named
access lists, what are the two types of IP access lists?
The two types of IP access lists are standard and extended.
What criteria do standard IP access lists use to filter packets?
Standard IP access lists filter packets by the source address. This results in the packet's being permitted or denied for the entire protocol suite based on the source network IP address.
What criteria do extended IP access lists use to filter packets?
Extended IP access lists filter packets by source address, destination address, protocols, and port numbers.
In what two ways can IP access lists be applied to an interface?
Access lists can be applied as inbound or outbound access lists. Inbound access lists process packets as they enter a router's interface and before they are routed. Outbound access lists process packets as they exit a router's interface and after they are routed.
How many access lists can be applied to an interface on a Cisco router?
Only one access list per protocol, per direction, per interface can be applied on a Cisco router. Multiple access lists are permitted per interface, but they must be for a different protocol.
How are access lists processed?
Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list statements. Because of this, the order of the statements within any access list is significant.
What is at the end of each access list?
At the end of each access list, an implicit deny statement denies any packet not filtered in the access list.
What are the number ranges used to define standard and extended IP access lists?
The number ranges used to define standard and extended IP access lists are as follows:
· Standard IP access lists 1 to 99 and 1300 to 1999· Extended IP access lists 100 to 199 and 2000 to 2699
When implementing access lists, what are wildcard masks?
Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range 1 to 255.
What is the IOS command syntax used to create a standard IP access list?
Here is the command syntax to create a standard IP access list:
access-list access-list-number {permit deny} source-address [wildcard mask]access-list-number is a number from 1 to 99.
For example:
RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
After you create a standard or extended IP access list, how do you apply it to an interface on a Cisco router?
To apply an access list to an interface on a Cisco router, use the ip access-group interface command: ip access-group access-list-number {in out}For example:RouterA(config)#int s0RouterA(config-if)#ip access-group 10 in
Create a standard access list that permits the following networks:
192.168.200.0192.168.216.0192.168.232.0192.168.248.0
There are two ways to do this. First, you can create one access list that contains an entry for each network:
access-list 10 permit 192.168.200.0 0.0.0.255access-list 10 permit 192.168.216.0 0.0.0.255access-list 10 permit 192.168.232.0 0.0.0.255access-list 10 permit 192.168.248.0 0.0.0.255
A second way to do this is to create a single entry with wildcard masks:
access-list 10 permit 192.168.200.0 0.0.48.255
To see how this one statement denies all the networks, you must look at it in binary:
.200= 11001000.216= 11011000.232= 11101000.248= 11111000
All the bits match except the third and fourth bits. With wildcard masks, these are the bits you want to match. Therefore, your wildcard mask would be 00110000 in binary, which is 48.
What is the Cisco IOS command syntax used to create an extended access list?
Here is the Cisco IOS command syntax to create an extended access list: access-list access-list-number {permit deny} protocol source-address source-wildcard [operator port] destination-address destination-wildcard [operator port]
protocol examples include IP, TCP, UDP, ICMP, GRE, and IGRP.
operator port can be lt (less than), gt (greater than), eq (equal to), or neg (not equal to) and a protocol port number.
Create an extended access list denying web traffic to network 192.168.10.0.
The following commands deny web traffic to network 192.168.10.0:
access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq wwwaccess-list 101 permit ip any any
What IOS command can you use to see whether an IP access list is applied to an interface?
The IOS command to see whether an IP access list is applied to an interface is
show ip interface interface-type interface-number
For example:
RouterA#show ip interface s0
Serial0 is up, line protocol is up Internet address is 192.168.1.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 10 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Feature Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled Web Cache Redirect is disabled BGP Policy Mapping is disabled
How can you display all access lists on a Cisco router?
To display all access lists on a Cisco router, use the show access-list command: RouterA#show access-listStandard IP access list 10 deny 192.168.0.0, wildcard bits 0.0.0.255Extended IP access list 101 permit tcp any any eq www permit udp any any eq domain permit udp any eq domain any permit icmp any any deny tcp 192.168.10.0 0.0.0.255 any eq wwwRouterA#
How do you figure out wildcard questions?
Identify the class192.68.12.0 - Class C24 bits for networks/29 tells us that we need an additional 5 bits29 - 24 = 5 bits5 bits = 128 + 64 + 32 + 16 + 8 = 248Default subnet mask for Class C network = 255.255.255.0New subnet mask for /29 network = 255.255.255.248To find the wildcard value:255.255.255.255 255.255.255.248
- ---------------
0.0.0.7Same logic for Class B172.31.0.0 /1916 bits for networks/19 tells us we need an additional 3 bits19 - 16 = 3 bits3 bits = 128 + 64 + 32 = 224Default subnet mask for Class B network = 255.255.0.0New subnet mask for /19 network = 255.255.224.0To find the wildcard value:255.255.255.255255.255.224.0 ----------------0.0.31.255 ´
The two types of IP access lists are standard and extended.
What criteria do standard IP access lists use to filter packets?
Standard IP access lists filter packets by the source address. This results in the packet's being permitted or denied for the entire protocol suite based on the source network IP address.
What criteria do extended IP access lists use to filter packets?
Extended IP access lists filter packets by source address, destination address, protocols, and port numbers.
In what two ways can IP access lists be applied to an interface?
Access lists can be applied as inbound or outbound access lists. Inbound access lists process packets as they enter a router's interface and before they are routed. Outbound access lists process packets as they exit a router's interface and after they are routed.
How many access lists can be applied to an interface on a Cisco router?
Only one access list per protocol, per direction, per interface can be applied on a Cisco router. Multiple access lists are permitted per interface, but they must be for a different protocol.
How are access lists processed?
Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list statements. Because of this, the order of the statements within any access list is significant.
What is at the end of each access list?
At the end of each access list, an implicit deny statement denies any packet not filtered in the access list.
What are the number ranges used to define standard and extended IP access lists?
The number ranges used to define standard and extended IP access lists are as follows:
· Standard IP access lists 1 to 99 and 1300 to 1999· Extended IP access lists 100 to 199 and 2000 to 2699
When implementing access lists, what are wildcard masks?
Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range 1 to 255.
What is the IOS command syntax used to create a standard IP access list?
Here is the command syntax to create a standard IP access list:
access-list access-list-number {permit deny} source-address [wildcard mask]access-list-number is a number from 1 to 99.
For example:
RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255
After you create a standard or extended IP access list, how do you apply it to an interface on a Cisco router?
To apply an access list to an interface on a Cisco router, use the ip access-group interface command: ip access-group access-list-number {in out}For example:RouterA(config)#int s0RouterA(config-if)#ip access-group 10 in
Create a standard access list that permits the following networks:
192.168.200.0192.168.216.0192.168.232.0192.168.248.0
There are two ways to do this. First, you can create one access list that contains an entry for each network:
access-list 10 permit 192.168.200.0 0.0.0.255access-list 10 permit 192.168.216.0 0.0.0.255access-list 10 permit 192.168.232.0 0.0.0.255access-list 10 permit 192.168.248.0 0.0.0.255
A second way to do this is to create a single entry with wildcard masks:
access-list 10 permit 192.168.200.0 0.0.48.255
To see how this one statement denies all the networks, you must look at it in binary:
.200= 11001000.216= 11011000.232= 11101000.248= 11111000
All the bits match except the third and fourth bits. With wildcard masks, these are the bits you want to match. Therefore, your wildcard mask would be 00110000 in binary, which is 48.
What is the Cisco IOS command syntax used to create an extended access list?
Here is the Cisco IOS command syntax to create an extended access list: access-list access-list-number {permit deny} protocol source-address source-wildcard [operator port] destination-address destination-wildcard [operator port]
protocol examples include IP, TCP, UDP, ICMP, GRE, and IGRP.
operator port can be lt (less than), gt (greater than), eq (equal to), or neg (not equal to) and a protocol port number.
Create an extended access list denying web traffic to network 192.168.10.0.
The following commands deny web traffic to network 192.168.10.0:
access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq wwwaccess-list 101 permit ip any any
What IOS command can you use to see whether an IP access list is applied to an interface?
The IOS command to see whether an IP access list is applied to an interface is
show ip interface interface-type interface-number
For example:
RouterA#show ip interface s0
Serial0 is up, line protocol is up Internet address is 192.168.1.2/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 10 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Feature Fast switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled Web Cache Redirect is disabled BGP Policy Mapping is disabled
How can you display all access lists on a Cisco router?
To display all access lists on a Cisco router, use the show access-list command: RouterA#show access-listStandard IP access list 10 deny 192.168.0.0, wildcard bits 0.0.0.255Extended IP access list 101 permit tcp any any eq www permit udp any any eq domain permit udp any eq domain any permit icmp any any deny tcp 192.168.10.0 0.0.0.255 any eq wwwRouterA#
How do you figure out wildcard questions?
Identify the class192.68.12.0 - Class C24 bits for networks/29 tells us that we need an additional 5 bits29 - 24 = 5 bits5 bits = 128 + 64 + 32 + 16 + 8 = 248Default subnet mask for Class C network = 255.255.255.0New subnet mask for /29 network = 255.255.255.248To find the wildcard value:255.255.255.255 255.255.255.248
- ---------------
0.0.0.7Same logic for Class B172.31.0.0 /1916 bits for networks/19 tells us we need an additional 3 bits19 - 16 = 3 bits3 bits = 128 + 64 + 32 = 224Default subnet mask for Class B network = 255.255.0.0New subnet mask for /19 network = 255.255.224.0To find the wildcard value:255.255.255.255255.255.224.0 ----------------0.0.31.255 ´
No comments:
Post a Comment