amrit security

7/31/2019 AMRIT Security

1/25

Question:Define the term "DMZ" as it pertains to network security, and name three different

common network devices that are typically found there.

Answer: It's easy to think of your network as the "inside", and everything else as "outside".

However, we've got a third area when it comes to firewalls - the DMZ.

From an IT standpoint, the DMZ is the part of our network that is exposed to outside networks. It's

common to find the following devices in a DMZ:

FTP server

Email server

E-commerce server

DNS servers

Web servers

Statefulpacket filteringdoes monitor the connection state, and that's particularly important when

it comes to preventing TCP attacks. A stateful firewall will not only monitor the state of the TCP

connection, but also the sequence numbers. Stateful firewalls accomplish this by keeping a session

table, or state table.

Question:Configuring ACLs is an important part of working with the IOS Firewall. What

wildcard masks are replaced in ACLs by the wordshost andany?

Answer: We have the option of using the word hostto represent a wildcard mask of 0.0.0.0.

Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all

other packets denied. The following ACLs both do that.

R3#conf t

R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0R3(config)#conf tR3(config)#access-list 7 permit host 10.1.1.1

The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the

following lines permit all traffic.

R3(config)#access-list 15 permit any

R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255

There's no "right" or "wrong" decision to make when you're configuring ACLs in the real world. For

your exam, though, I'd be veryfamiliar with the proper use ofhostand any.

Question:What does the dollar sign in the following ACL line indicate?R1(config)#$ 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255

Answer: The dollar sign simply indicates that part of the command you're entering or viewing can't

be shown because the entry is so long. It does not mean the command is illegal.

Question:Basically, how does an IOS Firewall prevent a TCP SYN attack?Answer: The IOS Firewall can use any or all of the following values to detect when a TCP SYN

attack is underway

Overall total of incomplete TCP sessions

Number of incomplete TCP sessions in a certain amount of time


2/25

Number of incomplete TCP sessions on a per-host basis

When any of these thresholds are reached, either of the following actions can be taken: Block all

incoming SYN packets for a certain period of time

Transmit a RST to both parties in the oldest incomplete session

Question: We'll start with a question you learned the answer to in your CCNA studies. When you

have an enable secret and an enable password set, which takes precedence over the other?

Answer: A. The enable secret always takes precedence over the enable password

13-Question: What port does NTP use?

Answer: NTP uses UDP port 123. Remember that when you're configuring your ACLs!

Question: What authentication option is available for Telnet that is not available with SSH?Answer: You can use a line password for Telnet, but not for SSH. For SSH, you'll need to use AAA

or a locally configured database

Question Which RFC refers to all of the following network address ranges, and how do theseranges relate to network security?

0.0.0.0 /8

10.0.0.0 /8

127.0.0.0 /8

172.16.0.0 /12

192.168.0.0 /16

224.0.0.0 /4

240.0.0.0 /4Answer: RFC 3704 (an updated version of RFC 2827) recommends that packets sourced from those

address ranges not be allowed to enter your networkBlocking these address ranges for incoming traffic on your network's perimeter routers is sometimes

called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs that discuss this

topic in a great deal of detail.

Question Which of the following are considered reconnaissance attacks, and which are access

attacks?

A. ping sweep , B. port scan , C. password attack, D. trust exploitation, E. DSL query

Answer: Recon attacks: ping sweeps, port scans, DSL queries. Access attacks: password attacks and trust

exploitation

Question The term "port redirection" refers to which type of network attack ?

Answer: Port redirections are a type of trust exploitation.

Question why are following disabled by default when you run Autosecure?

A. PAD , B. UDP and TCP Small Servers , C. BootP, D. CDP , E. NTP

Answer : Finger- recon attack possibility

PAD - known vulnerabilities


3/25

UDP and TCP Small Servers - attacker can request large number of UDP diagnostics

BootP - known vulnerabilitiest

HTTP services,Identification Service (queries TCP port), CDP, NTP andIP source routing are also

disabled globally.

Question As it relates to how they are spread, what is the major difference between a worm

and a virus?Answer: The terms virus and worm are often used interchangeably, but they're not quite the same

thing. A major difference between the two is that a worm can spread from its entry point to the rest

of your network without the "help" of a human being.

A common worm attack is carried out by the worm finding your email address book and then sending

a copy of itself to every recipient in that book. The worm executes its code and then continues to

send copies of itself.

A virus can't be spread without an end user helping out, generally by forwarding an infected file or

attachment.

Q :Difference between RADIUS and TACACS+?

A :

1. RADIUS uses UDP while TACACS+ uses TCP

2. RADIUS encrypts only the password in the access-request packet, from the client to theserver While TACACS+ encrypts the entire body of the packet but leaves a standard

TACACS+ header.

3. RADIUS does not allow users to control which commands can be executed on a router andwhich cannot; therefore, it is not as useful for router management or as flexible for terminal

services.

Question: In terms of their position in the flow of traffic, what's the major difference betweenan IPS and an IDS?

Answer: An IDS is not in the direct flow of network traffic. Instead, the traffic flows are mirrored tothe IDS. When infected traffic does hit the network, the IDS will see this and take appropriateaction.In contrast, the Intrusion Prevention System (IPS) does sit in the middle of the traffic flow - in thiscase, the IPS will actually be our Cisco router. When the IPS detects a problem, the IPS itself canprevent the traffic from entering the network

Question: What is "3704 filtering", and what does it have to do with network security?Answer: RFC 3704 (an updated version of RFC 2827) recommends that packets from the followingnetwork ranges be prohibited from entering your network:0.0.0.0 /810.0.0.0 /8 (RFC 1918 Class A private range)127.0.0.0 /8 (loopback address range)172.16.0.0 /12 (RFC 1918 Class B private range)192.168.0.0 /16 (RFC 1918 Class C private range)224.0.0.0 /4 (reserved for IP multicasts)


4/25

240.0.0.0 /4 (RFC 1918 Class E private range)Blocking these address ranges for incoming traffic on your network's perimeter routers issometimes called "2827 filtering" or "3704 filtering", referring to the original and updated RFCs thatdiscuss this topic in a great deal of detail

Question: What is the purpose of the 256MB.sdf file? What does the "256" refer to?

Answer: This is one of three preconfigured Signature Definition Files. Cisco's website recommendsrunning the Intruder Prevention System (IPS) with the preconfigured files - attack-drop.sdf,128MB.sdf, and 256MB.sdf. The "128MB" and "256MB" refer to the amount of memory necessaryto use these particular files..

Question: Which of the following does not use encryption? A. SSH

B. SSL

C. NTP v 3D. TelnetE. SMTP v 3

Answer: D. The other four all use encryption in some form.

Question: What is the anomaly method?Answer: "This is the IPS method of identifying malicious traffic where differences from normal trafficpatterns are sought and detected."

Question: What's the purpose of the attack-drop.sdf file?

Answer: The attack-drop.sdf file is a Signature Definition File that contains the latestand greatest IPS signatures.

Question: There are three basic methods IPS uses to identify potentiallymalicious traffic. Name all three and give a brief definition of each.Answer: Both the IPS and IDS can base their identification of dangerous and malicioustraffic on the following:

Policy, where a configured policy may ban particular IP addresses, ports, or even websitesSignature, where byte patterns are considered along with other values.Anomaly, where differences from normal traffic patterns are sought and detected.

Question: What's the purpose of the ip inspect tcp idle-time command?Answer: ip inspect tcp idle-time sets the amount of time an idle TCP connection is kept in the statetable. Default is 3600 seconds.

Question: In terms of network security, what purpose does a honeypot serve?Answer: A honeypot is a network device that is purposely left open to attack. The attackmethods are then analyzed in order to develop a defense against that attack type.(Obviously, this will not be a production server!)

Question: In SDM, what does an asterisk indicate when it's used in a graphicalrepresentation of an ACL?Answer: An asterisk represents the ACL option "any".

Question: What are the two options you should expect to see IOS Help display in thefollowing command?R1(config)#ip tcp intercept mode ?


5/25

Answer: You can run TCP interfcept in intercept or passive mode.

Question: You're using the Authentication Proxy. Where can you store

the user-specific security profiles?

Answer: The profiles can be downloaded from a TACACS+ or RADIUS server.

Note : An IntrusionPrevention System will be in the direct path of traffic, but an Intrusion

Detection System will not be found there.

Question: Describe an IP Spoofing attack.

Answer: You may remember from your ISDN studies that when an ISDN linewas pretending to be up, it was said to be spoofing.When a network intruder uses the IP address of a trusted device in order to gainaccess to your network, that's IP Spoofing.IP Spoofing can be used against your network in several ways:1. To inject a stream of malicious code and/or commands into your network

2. To trick legitimate network hosts into sending sensitive data to the attacker3. As part of a reconnaissance attack, an attack that in itself may not bedamaging, but is used to gather information for future, more destructive

attacks.

Question: Briefly describe the purpose of a "SYN cookie".

Answer: One defense against SYN attacks, a SYN cookie verifies the client addressbefore actually allocating resources to that client.

Question: Briefly describe the term "teardrop attack".Answer: IP fragments with large payloads are the method of attack. Issues with the TCPfragmentation reassembly code of Windows NT, 96, and 3.1x (among others) created this opening.

Question: In a typical Network Management block, what switch layers are

represented?A. AccessB. Distribution

C. CoreAnswers: A, B. In addition to network management devices, both Access andDistribution switches will be found here.

Question: Briefly describe a "DDoS" attack.Answer: A Distributed Denial-Of-Service attack is a typical DoS attack, but one that is carried out bya large number of attackers rather than a single host.

Question: What term is given to the network attack that occurs when an intruder gathersinformation in preparation for a larger attack in the future?Answer: That is a network reconnaissance attack. Recon attacks are generally not destructive inthemselves, since the actual point of a recon attack is to avoid notice. It's the information gatheredduring the recon attack that we're concerned about, since that info can and probably will be used ina future attack - and that attack will be destructive.

Question: You want to display a message to users who connect to your router via Telnet.What command will you use to do so?


6/25

Answer: Use the banner login command.

Question: You're defining inspection rules on a Cisco firewall. What command are youusing?Answer: The global ip inspect command

Question: You're ensuring that only the devices in a VPN that should see the data inunencrypted format will see the data that way. Which of the following are youpracticing?a) data confidentialityb) data integrityc) replay attack protectiond) data origin authentication

Answer: A.Data Confidentiality means that only the devices that should see the data in anunencrypted form will see the data that way.Data Integrity means that the recipient of the data can guarantee that the received data isthe same as the transmitted data - in short, that the data was not altered during transport.Data Origin Authentication guarantees that the data originated from a specific endpoint.Anti-replay protection (sometimes just called "replay protection") protects against replayattacks, a malicious repeat and/or delay of a valid transmission.

Note :Port MirroringPort Mirroring is used on a network switch to send a copy of networkpacket seen one switch port to a network monitoring connection on another switch port.

Generally referred as the SPAN ( Switch port Analyzer)Layer 3 SwitchHigh Performance devices. Layer 3 switch very little differ from routers. Alayer 3 switch support the routing protocols Both inspect the incoming & outgoing packet anddestLayer 2 switch, frames are based on the MAC address information,Layer 3 switch frames are based on the network-layer information.Layer 2 switching does not look inside a packet for network-layer information. Layer 2 switchingis performed by looking at destination MAC address within a frame. Layer 2 switch maintain theMAC address table.Layer 2 switch broadcast the frames and received the information.Layer 3 switching operates at the network layer. It examines packet information and forwardpackets based on their network- layer destination address.

VRF :1. Virtual Routing and forwarding is used on the MPLS network.2. VRF is maintain the multiple routing table on the single router.3. Virtual routing and forwarding is a technology included in IP ( Internet Protocol) networkrouters that allow multiple instances of the routing table to exist in a router and worksimultaneously.


7/25

4. Increases functionally by allowing network paths to be segmented without using multipledevices.5. VRF acts like a Logical router , but while a logical router may include many routing tables.6. Virtual routing and forwarding is a technology implemented in the IP network routers thatallow multiple instances of a routing table to exist on the same router in the same time7. Multi protocol Label Switching ( MPLS) VPN technology.

8. Virtual Network enable administrator to split a physical link into multiple virtual link completelyisolated one from the others. Virtual Link will be dedicated to traffic from a specific application orcustomer. MPLS functionally based on P ( Provider) router, PE ( Provider Edge) router and CE (Customer edge) router.One PE router can hold and manage multiple virtual routing. If you are running in a privateenvironment , you can use MPLS VPN to separate services.The Route distinguisher (RD ) is a number which help identify a VPN in a provider network andallow for overlapping IP space.The Route target (RT) indicates the VPN membership of a route and allow VPN routes to beimported or exported into or out of your VRF

Spanning Tree1. STP is the link layer network protocols that ensure a loop free topology.2. Basic functionally of the STP is prevent bridge loop and ensuring broadcast radiation.a. Select Root BridgeWe need to select the root bridge with the smallest bridge ID,Each bridge has a unique identifier and configure the selected ID . Based on thepriority value the bridgeb. Determine the least cost paths to the root bridgec.Bridge Protocol Data Unit ( BPDU )BPDU frame using the Bridge ID and MACaddress of the port itself and Source and Destination address.i. BPDU exchange regularly and enable switch keep track of network changesand start and stop forwarding at ports as required.ii. BPDU are exchanged regularly ( every 2 sec)

3, Blocking ,Listening Switch process BPDU and awaiting new possible information.,Learning ,Forwarding ,DisabledSpanning tree protocol is a link management protocol that provide path redundancywhile prevening undesirable loops in the network.Multiple active paths between stations cause loops in the network. If the loop exists in thenetwork topology, the potential exists for duplication of message.Election of the Root Switch1. The election of a unique root switch for the table2. The election of a designated switch for every switched LAN segment.3. The removal of loops in the switched networkBPDU1. The Unique switch identifier ( MAC address) associated with each switch.

2. The path cost to the root3. The port identifier with each switch.BPDUOne switch is elected as the root switch. The shortest destination to the root switch calculatedfor each switch.Blocking, Listening, Learning, Forwarding, Disabled.VTP


8/25

VTP ( VLAN Trunking Protocol) Cisco proprietary Layer 2 messaging protocol that managethe addition, deletion and renaming of VLAN on a network wide basis. VTP reduce theadministration in a switch network.VLAN information distributed to all switches by VTP domain.VTP Operation on three mode1. Server In the VTP mode , create, modify the VLANS

2. ClientVTP client is works like Server, but not able to create , delete3. Transparent The switch does not participate in VTP, A VTP transparent switch will notadvertise its VLAN configuration and does not synchronize.VTP sends message between trunked switches to maintain VLAN on these switchPort Security1. Port security can do based on the MAC address1. MAC blocking 2. MAC learning

FirewallA firewall is a program or hardware device that filters the inbound and outbound traffic.Three method of controlling the traffic.

1. Packet Filtering - Packets are analyszed against a set of filters. Packets that make it throughthe filters are sent to the requesting systems and all others are discarded.2. Proxy ServiceInformation from the internet is retrieved by the firewall and then sent to therequesting system and vice versa.3. State full Inspection It does not examine the content of each packet but instead comparescertain key parts of the packet to a database of trusted information. Inbound and outbound aremonitored for specific characteristic, then incoming information is compared to thesecharacteristic. If the comparison yeald the reasonable match, the traffic allowed thought,otherwise its discarded

Security Level.

PIX have very simple mechanisms to control traffic between interface.The ASA allow traffic pass from trusted to untrusted , but not the reverse. The trafficcan pass from interface with high security levels to interfaces with lower security levels. ASAblock the lower level to high level.Security level 100The highest possible level, it is used by the inside interface by default.Using the trusted-untrusted terminology, this level is considered the most trusted.Security level 0The lowest possible level, it's used by the outside interface by default,making it the most untrusted interface. Traffic can pass from this interface to other interfacesonly if manually configured to do so.Security levels 199Can be assigned to any other interface on the PIX. On a threepronged

PIX firewall, the inside is typically 100, the outside is 0, and the third interface could be50. Traffic from interfaces between 1 and 99 can pass through to the outside (0), but it isprevented from passing to the inside (100). This is because the interface has a lower securitylevel setting than the inside.

Static Routing Vs Dynamic Routing.Static routing is not really a protocol, simply the process of manually entering routes into therouting table via a configuration file that is loaded when the routing devices starts up.


9/25

Static route is a route that is created manually by the network adminstrator.Dynamic route are created by routing protocol.Static routing administrative distance is one.IGRP default administrative distance is 100Static routing is manually entering the route based on the best path consideration.Dynamic routing is

Dynamic routing protocols are software application that dynamically discover network. A routerwill learn routes to all directly connected network. It will learn routes from other routers thatrun the same routing protocols. The router will then sort through its list of routes and select thebest path.

EIGRP ( Enhanced Interior Gateway Routing Protocol)1. It is link state routing protocol.2. Cisco Preparatory routing protocol & Distance vector routing protocol.3. Routing optimisation is based on the Diffusing update algaritham (DUAL)4. Distance Vector Routing Protocol Bellman Ford algorithm to find shortest paths. Theexchange a vector of distance to all destination. No future topology information exchange.5. Link state routing protocols Based on the algorithm find the shortest path. They work byexchanging a description of each node and its exact connections to its neighbours.6. EIGRP allows for equal cost load balancing, incremental routing updates and formalneighbour relationship7. EIGRP reduces bandwidth usage. Its updates only when topology changes occur.8. Support of Variable Length subnet Masks (VLSM)9. Using Hello messages, EIGRP sessions establish and maintain neighbor relationships withneighboring routers.10.EIGRP format packet ( hello / ACk, Updates, Queries, Replies, Request )11.EIGRP administrative distance is 12012.EIGRP only send the updated information if any network changes.13.EIGRP Default hop count is 22414.IGRP default hop count s 11115.EIGRP use reduce the bandwidth

16.EIGRP will learn the successor and feasible successor.17.EIGRP maintain three database Neigbor DB, toptoplogy DB, IP routing table18.EIGRP default hold time is three times of Hello packets.19.RTP ( Reliable Transport Protocol) is responsible for guarabteed20.Default hello interval is 5 second.21.Update, query & replay packet , replay Acknowledgement oriented.22.Hello, ACK are NON Acknowledgment oriented.23.EIGRP DUALa. Tracks all routs advertised by neighbour.b. Select the loop free successor and select the feasible successor.c. If successor is fails , select the feasible successor.24.DUEL is used to select the best path

OSPF1. Its is link state routing protocol. Generate routing update when any networkchanges.1. Response quickly as the network changes.2. Send triggered update when network changes occurs3. Send periodic update, link-state refresh, and such every 30 min2. Neighbour Table, Topology table, Routing table Link state data structure.3. Digistra algoritham calculate the all possible routes.


10/25

4. OSPF Area - Characteristics2. Minimizes routing table entry.3. Localization impact of any topology changes.4. Details LSA flooding stop at the area boundry.5. Require hierarchical network design.6. Area border router (ABR)

7. OSPF select the DR ( Designated Router) and BDR ( Backup Designated router)8. OSPF protocol that builds three tables : Neigbour table, LS topology table and routing table.9. OSPF protocol have five type of packet, hello, database description, Link stateRequest( LSR), Link State Update (LSU) and ACK.1. Hello Builds adjucent between neighbours.2. Database Description ( DBD) check for database syncronization between router.1.

IGRP..It is distance vector routing protocol. Its use metric as a bandwithCisco switch Stack 3750 stack.

Catayst 3750 switch that run cisco IOS software relase 12.2Ling Aggregation Control Protocol ( LACP ) and Port Aggregation Protocol ( PAgP) is a Ciscoproprietary protocols that run on Cisco Switch.PAGP cannot be enabled on cross-Stack ether channels.LACP is supported on cross stack etherchannels from Cisco IOS. LACP packets only withpartnet interfaces with the active or passive mode configuration. We can configure up to 16ports form a channel. Eight of the port are in active mode and other eight are in standby mode.New method for collectively utilizing the capabilities of a stack of switch. Switch intelligently jointo create a single switch unit with a 32 gbicSwitch can be added to and deleted from a working stack without affecting performance.Switch are united into a single logical units using special stack interconnected cables that createbidirectinoal closedloop path.

Layer 2 and Layer 3 forwarding layer 2 forwarding is done with a distribution layer. Layer 3 isdone in a centralized manner.Cisco Catalyst 3750 series switch has a single IP address and is managed as a single object.The single IP management applies to active fault detection, VLAN creation , Modification anddeletion , Security and QoS controls.Cisco stackwise technology units up to nine individual cisco 3750 switch into a single logicalunits.This single stack will allow share the same network topology, MAC address and routinginformation

Switching Mode Fast forwardsFast forwards offers the lowest level of latency by immediately forwarding a

packet after receiving the destination address. In Fastforward mode, latency is measured first bitreceived to first bit transmitted (FIFO)Fragment FreeFregment free switching filters out collision fragments, the majority of packeterrors before forwarding begins.Store and Forward. - Complete packet are stored and checked for error prior totransmission. In Sore and forward mode, Latency is measured last bit received to first bittranmitted or LIFO ( Last in Fast out)

What is administrative distance ?


11/25

Adminsitrative distance is the feature that routers use in order to select the best path when thereare two or more different routes to the same distinaiton from two different routing protocol.AD define the reliability of a routing protocol.AD distance is the first criterion that a router used to determine which routing protocol to use iftwo protocols provide route information for the same destination.The smallest administrative distance value is more reliable protocol.

Administrative distance is used to select the best path when there are two or moredifferent routes to the same distance from two different routing protocols.Route Source Default DistanceValuesConnected interface 0Static route 1EIGRP 5BGP 20Internal EIGRP 90IGRP 100OSPF 110Intermediate System-to-IntermediateSystem (IS-IS) 115

RIP 120Exterior Gateway Protocol (EGP) 140On Demand Routing (ODR) 160External EIGRP 170Internal BGP 200Unknown* 255

Clock rateThe clock rate interface command has been enhanced for the synchronous serialport

SubnetA subnet is a identifiable separate part of a organization network.Class Address

Class A addresses begin with 0xxx, or 1 to 126 decimal.Class B addresses begin with 10xx, or 128 to 191 decimal.Class C addresses begin with 110x, or 192 to 223 decimal.Class D addresses begin with 1110, or 224 to 239 decimal.Class E addresses begin with 1111, or 240 to 254 decimal.

MPLSMultiprotocol Label Switching is a mechanisam is high performancetelecommunication network which directs and carries data from one network node to the next.

MPLS is a highly scalable, Protocol agnostic,

MPLS is an efficient encapsulation mechanisam.MPLS was originally presented as a way of improving the forwarding speed of routers but is now

emerging as a crucial standard technology that offers new capabilities for large scale IP network.

MPLS terminology, the packet handled nodes or router are called Label switched router (LSR)

Is the telecommunication network.

MPLS is the standard technology for speeding up network traffic flow and make it easy to manage

MPLS VRF ( Virtual Routing and forwarding ) is a technology that allow multiple instances of a

routing table .VRF is the key element in the Cisco MPLS VPN technology.


12/25

ACLEmpty ACL permit all trafficStandard IP 1?99 ,1300 ?1999Extended IP 100?199, 2000 ?2699access-list acl_collector permit icmp any anyaccess-list acl_collector permit ip any anyRouter( config) # access-list ACL# permit | deny conditionsStandard Access Control list (ACL) are Cisco IOS based commands used to filter packets oncisco router based on the source IP address of the packet.Extended access control list have the ability to filter packet based on source and destination IPaddress.Numbers between 1 and 99, or any number between 1300 and 1999 can be used in a StandardACL.

CISCO PIX Firewall BASICPIX Device Manager ( PDM )PIX firewall provide wide range of securityNAT , Content Filtering, URL filtering, IPSec VPN, DHCP Server / Client,Static NATNAT NAT is a way to map a range of global address to an inside or peimeter (DMZ) address.1. Static NAT One to one basis2. Dynamci NAT Nap a unregistered IP address to a pool of registered IP3. Overloading is the form of dynamic NAT but maps multiple unregistered IP addressto one single registered IP address. This is know as PAT or single address NAT.NAT Terms..Inside Local AddressAn IP address assigned to a host inside a network.

Inside Global AddressA legitimate IP address assigned by the NIC or service provider thatrepresents one or more inside local IP address to the outside world.

ARP and RARP Address TranslationARP maps IP address into MAC address. And ARP maps MAC address into IP address

BGP.BGP is a protocol for exchanging routing information between gateway hosts in anetwork of autonomous systems. The routing table contains a list of known routers, theaddress they can reach and a cost metric associated with the path to each router.

Learns multiple paths via internal and external BGP speakers.Picks the best path and installs in the forwarding table.

Best path is sent to external BGP neighbour.Classless Inter Domain routing ( CIDR)BGP IntroductionUsed for carrying routing informaton between AS'spath vector ProtocolIncrementalRuns over TCP - 179


13/25

Conveys Informatoin about ASBGP- General OperationLearns multiple paths via internal and external BGP speakersPicks the best path and installs in the IP forwarding table.Policy applied by influencing the best path selection.Load balancing - BGP does NOT load balancing traffic; it choose & installs a "Best " route

BGP Relationship with IGP- BGP carries full internet routing table- IGP are used to carry next hop and interior network information.Autonomous System (AS)- Collection of network with same routing policy.- Single routing protocolBGP Path Selection Algoritham- Do not consider path if not route to next hop.- Sortest algoritham path

RIP..RIP default behavior is send to ver 1 updateds, but to acceptable from ver 1 and 2.Sending update every 30 secondsInvalid after 180 Sec, Hold down 180 , flushed after 240.Difference between RIP V1 & V2 ?RIP V1 Classful routing protocolRIP V2 Classless routing protocolRIP V1 Subnet mask are NOT included in the routing update.RIP V2 Subnet mask are included in the routing update.

Cisco 6509Switch Details.

Supports all Catalyst 6500 modules, including all:Supervisor enginesSwitch fabric modulesFast Ethernet modulesGigabit Ethernet modules10 Gigabit Ethernet modulesVoice modulesFlex Wan ModulesATM modulesMulti Gigabit services modules (content services ,firewall, intrusion detection,IPSec/VPN, network analysis, and SSL acceleration)The Cisco Supervisor engine 720 offer a strong set of security features. The supervisor engine

720 builds on the proven Cisco Express forwarding ( CEF) architecture, by supportingcentralized forwarding ( CEF) and distributed forwarding ( dCEF) There are three flavore,PFC3A, PFC3B, PFC3BXL

What is the difference between router ACLs and Firewall ACLs?Router are designed to route traffic, not stopFirewall are designed to examine and accept / reject traffic. Both ACL are do the same job.Depending upon our requirement we do our ACL configuration.


14/25

What different types of firewall are there ?1. Packet filters2. Circuit level gateways3. Application level gateways4. Stateful multiplayer inspection firewalls

Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP.A router is a device that receives packets from one network and forwards them to anothernetwork. In a packet filtering firewall each packet is compared to a set of criteria before it isforwarded.Most routers support packet filtering.circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP /IP. This is useful for hiding information about protecting networks. Circuit level gateway arerelatively inexpensive and have advantage of hiding information.Application level gateway also called proxies are similar to circuit level gateway expect thatthey are application specific. The can filter packet at the application layer of the OSI model.Stateful multiplayer inspection firewall. They filter packets at the network layer.

What is IP Spoofing?Many firewall examine the source IP address of packet to dertmine if they are legitimate.IP spoofing This is useful technique , since many system define which packet may and whichpackets may not pass based on the sender IP address.

Distance Vector Routing Protocols Versus Link-State RoutingProtocolsDistance Vector Link-StateSends its entire routing table at periodic intervals out of all interfaces (typically, this is basedin seconds). Sends triggered updates to reflect changes in the network.

Typically involves updates sent using a broadcast address to everyone on the link.

Uses a metric based on how distant the remote network is to the router. (IGRP does not

conform to this as a proprietary solution.)Has knowledge of the network based on information learned from its neighbors.

Includes a routing table that is a database viewed from the perspective of each router.

Uses the Bellman Ford algorithm for calculating the best path.

Does not consume many router resources, but is heavy in the use of network resources.

Maintains one domain in which all the routes are known.

Has a hierarchical design of areas that allow for summarization and growth.

For effective use, the addressing scheme should reflect the hierarchical design of the network.

Link State Routing ProtocolsSends incremental updates when a change is detected. OSPF will send summaryinformation every 30 minutes, regardless of whether incremental updates have been sent in

that time.Typically involves updates sent to those routers participating in the routing protocol domain,via a multicast address.

Is capable of using a complex metric, referred to by OSPF and IS-IS as cost.

Has knowledge of the network based on information learned from every router in the area.

Has a topological database that is the same forevery router in the area. The routing table thatis built from this database is unique to each router.

Uses the Dijkstra algorithm.

Uses many router resources, but is relatively low in its demand for network resources.


15/25

Is not restricted by addressing scheme.

Involves slower convergence because information of changes must come from the entirenetwork (but indirectly). Each routing table on every intervening router must be updatedbefore the changes reach the remote end of the network.

RIP V1

Is a simple protocol to design, configure, and maintain.Does not require a hierarchical addressing scheme.

Does not pass the subnet mask in the routing update and therefore is not capable of classlessrouting or VLSM.

Is limited to a 15-hop diameter network.

Does not acknowledge routing updates; just repeats them periodically (every 30 seconds).

Has a routing table that is sent out of every interface every 30 seconds (by default).

Can transmit information about the network in two messages: the routing update and thetriggered update.

Uses hop count as a metric, the number of routers to process the data.

OSPFIs a complex protocol to design and, in some instances, to configure and maintain.

If full benefits of the protocol are to be harnessed, should use a hierarchical IP addressingscheme.

Carries the mask in the update and therefore can implement VLSM, summarization, andclassless routing.

Is unlimited in the diameter of the network, although it is suggested that an area not exceedmore than 50 networks.

Acknowledges updates.

Involves updates sent as required (when changes are seen) and every 30 minutes after nochange has been seen.

Has protocols for discovering neighbors and forming adjacencies, in addition to protocols forsending updates through the network. These protocols alone add up to nine message types.

Uses cost as a metric. Cost is not stated in the RFCs, but it has the capacity to be a complexcalculation, as seen in Ciscos implementation.

Layer 3 Routing Versus Layer 3 SwitchingIt is important to understand the difference between Layer 3 routing and Layer 3 switching. Bothterms are open to some interpretation; however, the distinction between both can perhaps bebest explained by examining how an IP packet is routed. The process of routing an IP packetcan be divided into two distinct processes:

What is the Frame Relay?Frame Relay is a packet switching technology. It will operate in the data link layer

What is a HELLOW protocol used for?The HELLO protocol used time instead of distance to determine optimal routing. It is analternative to the routing information protocol.

What is difference between ARP and RARP ?The ARP is used to associated the 32 bit ip addrss with the 48 bit physical address, used by ahost or a router to find the physical address, used by a host or a router to find the physicaladdrss of another host on its network by sendigna ARP query packet.


16/25

THE RARP allows a host to discover its internet address when it knows only its physicaladdress.

What is Multicast routing ?Sending a message to a group is called multicasting, and its routing algorithm is called multicastrouting.

What is IGP( Interior Gateway Protocl)?It is any routing protocol used within an autonomous systemWhat is OSPF ?It in an internet routing protocol that scales well,can route traffic along multiple paths, and useskWhat is Load balancing?If the number of incoming clients requests exceeds the number of processes in a server class,the TP Monitor may dynamically start new ones and this is called Load balancing.What is the difference between TFTP and FTP application layer protocols?The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote hostbut does not provide reliability or security. It uses the fundamental packet delivery services

offered by UDP.The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying afile from one host to another. It uses the services offered by TCP and so is reliable and secure.It establishes two connections (virtual circuits) between the hosts, one for data transfer andanother for control information.What are the advantages and disadvantages of the three types of routing tables?The three types of routing tables are fixed, dynamic, and fixed central. The fixed table must bemanually modified every time there is a change. A dynamic table changes its information basedon network traffic, reducing the amount of manual maintenance. A fixed central table lets amanager modify only one table, which is then read by other devices. The fixed central tablereduces the need to update each machine's table, as with the fixed table. Usually a dynamictable causes the fewest problems for a network administrator, although the table's contents can

change without the administrator being aware of the change.

What is the difference between routable and non- routable protocols?Routable protocols can work with a router and can be used to build large networks. Non-Routable protocols are designed to work on small, local networks and cannot be used with arouter.

Bridges:These operate both in the physical and data link layers of LANs of same type. They divide alarger network in to smaller segments. They contain logic that allow them to keep the traffic foreach segment separate and thus are repeaters that relay a frame only the side of the segmentcontaining the intended recipent and control congestion.Bridges

Software-based L2 DeviceLearn MAC addressesSegment LANsFloods broadcastsFilters FramesUsually less than 16 ports

What is packet filter?


17/25

Packet filter is a standard router equipped with some extra functionality. The extra functionalityallows every incoming or outgoing packet to be inspected. Packets meeting some criterion areforwarded normally. Those that fail the test are dropped.

What is NETBIOS and NETBEUI?NETBIOS is a programming interface that allows I/O requests to be sent to and received from a

remote computer and it hides the networking hardware from applications.NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft andIBM for the use on small subnets.

What is Proxy ARP?is using a router to answer ARP requests. This will be done when the originating host believesthat a destination is local, when in fact is lies beyond router.

What Is Dynamic DNS?A new feature is Dynamic DNS (DDNS) and as you begin to find out more about how nameresolution and service location works, it's a feature you'll be quite thankful for. The basicpremise behind DNS is that when a client starts it will register its name-to-IP address mapping

with the DNS server that it's configured with. This is a giant change from NT 4.0 whenadministrators had to enter in all DNS records manually. DDNS works similarly to how WINSworked in NT 4.0 where most, if not all, clients were registered dynamically.

NO. NAME ENCAPS / PDU DEVICES7 Application Raw Data6 Presentation5 Session4 Transport Segments3 Network Packets Router2 Data Link Frame Bridges, Switchs1 Physical Bits HUB,Repeaters

Port Details1. Shard Folder 4452. Terminal Server Access (RDP ) 33893. Citrix TCP 1494 Dyn >- 1023 and UDP 1604 and Dyn >- 10234. Yahoo Messanger TCP 51005. Printer Service port TCP 9100 , 515,6316. Mail TCP 25 SMTP7. SQL TCP -14338. DBS 539. TACACS 49

10. sftp TCP 11511. NTP 12312. NNTP - 11913. imap 14314. Lotus Notes - 1352 tcp15.Multicast addresses are in the range 224.0.0.0 to 239.255.255.255.224.0.0.0 NO body224.0.0.1 EveryBody


18/25

224.0.0.0.9 RIP router

FCS ( Frame Check Sequence)Uses the standard 16-bit cyclic redundancy check (CRC) for checking frames.The FCS is the number arrived at after running the CRC and this number is placed into the fieldon the end of the frame.

CRC - A mathematical computation to ensure the accuracy of frames transmitted betweendevices.

Loop AvoidanceWhen multiple connections between switches are created for redundancy, network loops canoccur.Spanning-Tree Protocol is used to stop loops while allowing redundancy

Layer 2 Switching LogicA frame is received: Destination Multicast or Broadcast Flood Destination Unknown Unicast Flood

Destination Unicast in MAC Table Forward Destination Unicast Same Port Filter

Cut-through:Copies only the destination address into its buffersFast switching, but will pass corrupted framesLow latency because it begins to forward the frame as soon as it reads the

destination addressStore-and-Forward:

Copies the entire frame into its onboard buffers and computes the cyclicredundancy check (CRC)

Latency varies depending on the frame length.

Fragment Free (Modified):Waits for the collision window (first 64 bytes) to pass before ForwardingCombines error checking with low latency

Address Learning: Building the CAM Table CAM Table is empty at power-on. Switch learns MAC address from Source Address field in Header. Source Address is placed in CAM Table, associated with its port. Can more than one MACcan be associated with a single port? Subsequent frames with Destination Address found in CAM Table are directed to the properport. Later frames with DA not found in CAM Table are flooded to all ports. CAM entries do age out after a period of inactivity 300 seconds (5 minutes).

CAM Table Address TypesDynamic

Learned by looking at the SA (source address) of every incoming frame.Aged out periodically Default is 300 seconds

Permanent/StaticManually configured. Never aged out of CAM table until an administrator makes a

change.L2 Address/PortSwitches operate primarily at L2 of the OSI Model.


19/25

SummarySwitches move frames throughout our networks by checking the DMAC address

from the CAM Table and forwarding (or filtering if necessary) to the destination.The switchs CAM Table is built by looking at the Source MAC address of every

frame that enters the switch.CAM Table entries are removed after 5 minutes of inactivity (by default).

FirewallWhat is stateful inspection firewallStateful inspection technology (a.k.a. dynamic packet filtering) in firewalls refers to the ability totrack connection "state information" in addition to simple packet filtering for a more robustsecurity.What that means is, the firewall has the ability to base control decisions (e.g. whether toaccept/reject/authenticate/encrypt/log attempts) based on previous communication with theexternal host, as well as other applications connected to it. In other words, stateful inspectionallows for a more intelligent decision-making than simple port/packet-based accessblocking. A stateful inspection firewall has the ability to retrieve and manipulate informationderived from all communication layers and from other applications.

Stateful inspection is a firewall architecture that works at the network layer . Unlike staticpacket filtering, which examines a packet based on the information in its header, statefulinspection examines not just the header information but also the contents of the packetup through the application layer in order to determine more about the packet than justinformation about its source and destination.Firewall Technologies1. Packet Filtering2. Application Layer Gateways3. Stateful Inspection4. Content filteringPacket FilteringThe action a device takes to selectively control the flow of data to and from a network.

Packet filters allow or block packets, usually while routing them from one network toanother (most often from the Internet to an internal network, and vice versa ). To accomplishpacket filtering, you set up a set of rules that specify what types of packets (e.g., those toor from a particular IP address or port) are to be allowed and what types are to be blocked.Packet filtering may occur in a router, in a bridge, or on an individual hostA packet filtering router should be able to filter IP packets based on the following foure fields1. Source IP address2. Destination IP address3. TCP / UDP source and Destinition portsApplication Level SecurityContent FilteringThe Application data is handed over to a content filtering server that unpacks the dat to see

what is inside, and harmful content is then disposed of.. For Example zipped files are unzippedfirst to see what is inside them, If the content contains a virus it will be discarded or disinfected.File types are identified and undesirable types. E.g executables can be removed, according tothe security policy.

Different between broadcast domain and collision domain. or explain broadcast domainand collision domain.


20/25

Broadcast domain is related to communicate data in another network , it is related withNetwork layer (IIIrd layer of osi model) , means from single point of network u can broadcastpackets to many clients on another netwrok.Collision domain is can be in your same network , switches are producing collision domainbreakup , because each port of swith is capable for collision domain breakup.

This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by Citrixservices.Information Function PortsICA (Default) TCP: 1494IMA TCP: 2512CMC TCP: 2513SSL TCP: 443STA (IIS) TCP: 80TCP Browsing UDP: 1604XML (Default) TCP: 80Citrix License Management Console TCP: 8082Presentation Server Licensing TCP: 27000

ICA session w/ Session Reliability enabled TCP: 2598

BOOTP helps a diskless workstation boot. How does it get a message to the networklooking for its IP address and the location of its operating system boot filesBOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply froma server that gives it the IP address. The same message might contain the name of the machinethat has the boot files on it. If the boot image location is not specified, the workstation sendsanother UDP message to query the server.

What protocol is used by DNS name serversDNS uses UDP for communication between servers. It is a better choice than TCP because ofthe improved speed a connectionless protocol offers. Of course, transmission reliability suffers

with UDP.

Explain KerberosIt is an authentication service developed at the Massachusetts Institute of Technology. Kerberosuses encryption to prevent intruders from discovering passwords and gaining unauthorizedaccess to files.

Explain attenuationThe degeneration of a signal over distance on a network cable is called attenuation.Explain claddingA layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.

Explain RAIDA method for providing fault tolerance by using multiple hard disk drives.

Explain redirectorRedirector is software that intercepts file or prints I/O requests and translates them into networkrequests. This comes under presentation layerExplain BeaconingThe process that allows a network to self-repair networks problems. The stations on the network


21/25

notify the other stations on the ring when they are not receiving the transmissions. Beaconing isused in Token ring and FDDI networks.Explain terminal emulation, in which layer it comesTelnet is also called as terminal emulation. It belongs to application layer.

How Gateway is different from Routers

A gateway operates at the upper levels of the OSI model and translates information betweentwo completely different network architectures or data formats.

What is IP spoofing?Many firewalls examine the source IP addresses of packets to determine if they are legitimate.A firewall may be instructed to allow traffic through if it comes from a specific trusted host. Amalicious cracker would then try to gain entry by "spoofing" the source IP address of packetssent to the firewall. If the firewall thought that the packets originated from a trusted host, it maylet them through unless other criteria failed to be met. Of course the cracker would need toknow a good deal about the firewall's rule base to exploit this kind of weakness. This reinforcesthe principle that technology alone will not solve all security problems. Responsiblemanagement of information is essential. One of Courtney's laws sums it up: "There are

management solutions to technical problems, but no technical solutions to managementproblems". An effective measure against IP spoofing is the use of a Virtual Private Network(VPN) protocol such as IPSec. This methodology involves encryption of the data in the packetas well as the source address. The VPN software or firmware decrypts the packet and thesource address and performs a checksum. If either the data or the source address have beentampered with, the packet will be dropped. Without access to the encryption keys, a potentialintruder would be unable to penetrate the firewall.

Dijkstra Algorithm : A complex algorithm used by routers running link- state routing protocolsto find the shortest path to the destination.Flood : When Network information is flooded, it is send to every network device in the domain.Fully adjacency: When the routing tables of the two neighbors are fully synchronized.

Init State : State is which hello packet has been sent from router, which is waiting for a replay toestablished two way communication.Internal Router : A router that has all its interface in the same area.

Layer 2 Switching1. A table of MAC address and their associated bridges switch ports in build andmaintained2. Broadcast and multicast frames are flooded out to all ports3. Frame destination to unknown location are flooded out to all ports4. Switch must forward brad cast domain to all ports ( Draw back)5. STP can have a slow convergence time with the switch topology changesLayer 3 Switching

1. Packet are forward between Network based on layer 3 address2. an optimal path has been take to next router3. An optimal path can eb chosed at any position4. A route must examine each packet layer -3 header before make a router destination.5. packet forward involves a table involves table lookup to the destination outward , nexthop route address and route own outbound interface6. Route do now forward a packet , and it forward multicast packet.Layer 3 Switching1. Packet are forward at layer -3


22/25

2. packet are forward with security control and quality of service (Qos) using layer -3address info3. layer -3 switch are design and examin and forward packet in high speed LANenvironmentLayer -4 switching1. Packet are forward using hardware baed on layer -3 addressing and layer -4 aapplicion

info.2. Layer -4 protocol type (TCP, UDP) in packet hedder are examined3. Lyaer -4 segment examined applion port no4. Traffic can be prioritized according to soruce and destenaion address and QoS alsodefiend in layers5. Layer -2 and layer -3 device have forward table based on MAC address6. Layer -4 must keep trace of application protocol.

How does Asynchronous Transfer Mode (ATM) work?A: ATM works by transmitting all traffic in small, fixed-sized cells. These small, fixed-size cellsreduces queuing delay and can be switched quickly. ATM fits into layer 2 of the OSI model andprovides functions for framing and error correction. At the port interface, ATM switches convert

cells into frames, and vice versa. ATM provides Quality of Service and traffic shaping.

1. Which Layer does MAC operate in the OSI model?(Data link Layer- L2)2. What is CSMA/CD and with which technology is it associated?Carrier Sense Multiple Access with Collision Detection - Ethernet3. Which ring topology provides redundancy?(FDDI)4. A class A Network address with /24 masks. How many IPs and which are they?(254) (X.X.X.1-254)5. For a class 10.0.0.0/30, how many host IPs can be allocated?(2 valid node IPs can be configured)

6. What is the Private range of IP addresses?(10.0.0.0/8, 172.16.0.0/16 through 172.31.0.0/16 and 192.168.0.0/24)7. How do you set the proxy configuration in IE?Tools- Internet Options- Connections- LAN Settings either detect automatically or provide theIP address and the Proxy port no.8. What is reverse proxy?9. Standby IP is a terminology used in which technologyHSRP10. What are the different states in which a switch may be configured in a VTP Domain?VTP Server, VTP client, VTP Transparent. Default is VTP Server.11. What are the different states through which a switch port is when powered on?Blocking, Listening, Learning and Forwarding.

12. Which protocol is used for communication between SNA to Ethernet Networks?DLSW Datalink Switching13. Use of router priority 1-255 is configured to achieve what purpose and in whichprotocol?It is used in OSPF to elect DR on broadcast medium. The router with highest priority getschosen as a DR. The default mechanism is that the router with the highest interface IP addressis elected as the DR. In order to manually force the router to be DR is done using the router ospfpriority 14.Read, Write, Permanent TRAP are synonymous to which application?


23/25

SNMP15. What command is used in Solaris to see the total file size in Kbpsdfk16. What is an MX record?MX Mailing exchange record is used to configure your mail servers and IP addresses andadvertise it to the external. Preference values may also be set for usage.

17. What is DNS Zone transfer?18. What are the types of packets exchanged in a 3 Way TCP / IP Handshake between twohosts. Sync, Sync Ack and Ack are the three type of packets used in 3-way TCP/IP handshake.

What is SSL?SSL Stands for Secured Sockets Layer.SSL works by using a public key to encrypt data that's transferred over the SSL connection.Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use theprotocol to safely transmit confidential information, such as credit card numbers.

What is Socks?SOCKSv5 is an IETF (Internet Engineering Task Force) approved standard (RFC 1928)

generic, proxy protocol for TCP/IP-based networking applications. The SOCKS protocolprovides a flexible framework for developing secure communications by easily integrating othersecurity technologies.SOCKS include two components, the SOCKS server and the SOCKS client. The SOCKS serveris implemented at the application layer, while the SOCKS client is implemented between theapplication and transport layers. The basic purpose of the protocol is to enable hosts on oneside of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, withoutrequiringdirect IP-reachability.When an application client needs to connect to an application server, the client connects to aSOCKS proxy server. The proxy server connects to the application server on behalf of theclient, and relays data between the client and the application server. For the application server,

the proxy server is the client.

What needs to be configured to have multiple VLAN information propagated to otherswitches?Trunk

What is Split Horizon?Routes learnt via a particular interface are not advertised via the same interface. This isused to prevent routing loops in routing.

What is the difference between PAT and NAT?PAT is one to many Translations

NAT is one to one Translation

Should NetBIOS traffic be permitted on a firewall?No.

61. What is the difference between TACACS and TACACS Plus?Answr: Find your self

ADC to DC Replication Port details


24/25

RPC endpoint mapper 135/tcp, 135/udpNetBIOS name service 137/tcp, 137/udpNetBIOS datagram service 138/udpNetBIOS session service 139/tcpRPC static port for AD replication /TCPRPC static port for FRS /TCP

SMB over IP (Microsoft-DS) 445/tcp, 445/udpLDAP 389/tcpLDAP ping 389/udpLDAP over SSL 636/tcpGlobal catalog LDAP 3268/tcpGlobal catalog LDAP over SSL 3269/tcpKerberos 88/tcp, 88/udpDNS 53/tcp, 53/udpWINS resolution (if required) 1512/tcp, 1512/udpWINS replication (if required) 42/tcp, 42/udp

There are four major differences between UDP and TCP:

1. TCP can establish a Connection, UDP cannot;2. TCP provides a stream of unlimited length, UDP sends small packets;3. TCP guarantees that as long as you have a connection data sent willarrive at the destination, UDP provides no guaranteed delivery;4. UDP is faster for sending small amounts of data since no connectionsetup is required, the data can

What is Remote Procedure Call (RPC)?RPC hides the intricacies of the network by using the ordinary procedure call mechanismfamiliar to every programmer. A client process calls a function on a remote server and suspendsitself until it gets back the results. Parameters are passed like in any ordinary procedure. TheRPC, like an ordinary procedure, is synchoronous. The process that issues the call waits until it

gets the results.

What is anonymous FTP and why would you use it?Anonymous FTP enables users to connect to a host without using a valid login and password.Usually, anonymous FTP uses a login called anonymous or guest, with the password usuallyrequesting the users ID for tracking purposes only. Anonymous FTP is used to enable a largenumber of users to access files on the host without having to go to the trouble of setting uplogins for them all. Anonymous FTP systems usually have strict controls over the areas ananonymous user can access.

Q. If there is no priority configured for a standby group, what determines which router isactive?

A. The priority field is used to elect the active router and the standby router for the specificgroup. In the case of an equal priority, the router with the highest IP address for the respectivegroup is elected as active. Furthermore, if there are more than two routers in the group, thesecond highest IP address determines the standby router and the other router/routers are in thelisten state.Note: If no priority is configured it uses the default of 100.

Which HSRP router requires that I configure preempt?


25/25

A. An HSRP-enabled router with preempt configured attempts to assume control as theactive router when its Hot Standby priority is higher than the current active router. Thestandby preempt command is needed in situations when you want an occurring statechange of a tracked interface to cause a standby router to take over from the activerouter. For example, an active router tracks another interface and decrements its prioritywhen that interface goes down. The standby router priority is now higher and it sees the

state change in the hello packet priority field. If preempt is not configured, it cannot takeover and failover does not occur.

Q. I am using HSRP and all hosts are using the active router to forward traffic to therest of my network. I have noticed that the return traffic comes back through thestandby router. Will this cause problems with HSRP or my applications?A. No, normally this is transparent to all hosts and/or servers on the LAN and can be

desirable if a router experiences high traffic. You can change this by configuring a moredesirable cost for the link you would like the distant router/routers to use.

Q. Can I run NAT and HSRP together?A. You can configure network address translation (NAT) and HSRP on the same router.

However, arouter that runs NAT holds state information for traffic that is translated through it. Ifthis is the active HSRP router and the HSRP standby takes over, the state information is lost.

Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permitHSRP through an ACL?A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Wheneveran ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port1985 are permitted.The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks,ensuring that user traffic immediately and transparently recovers from first hop failures innetwork edge devices or access circuits.

amrit security

Documents