Rabu, 18 Maret 2009

CCNA Interview Questions #2

CCNA Interview Questions
Q: Which type of traffic is sent to a group of devices?
A. Multicast
B. Unicast
C. Broadcast
D. Groupcast
Ans: A
Q: Which of the following is a Network layer protocol for the TCP/IP protocol stack?
A. TCP
B. UDP
C. ICMP
D. None of these
Ans: D
Q: Which type of traffic is not flooded?
A. Multicast
B. Known unicast
C. Broadcast
D. Unknown unicast
Ans: B
Q: Put the following in the correct order, from high to low: session (a), presentation (b), physical (c), data link (d), network (e), application (f), transport (g).
A. c, d, e, g, a, b, f
B. f, a, b, g, d, e, c
C. f, b, g, a, e, d, c
D. f, b, a, g, e, d, c
Ans: D
Q: Which of the following standards or protocols are used by the session layer?
A. JPEG
B. NFS
C. TCP
D. Ethernet
Ans: B
Q: The _ _ _ _ layer provides for hardware addressing.
A. Transport
B. Network
C. Data link
D. Physical.
Ans: C
Q: A _ _ _ _ is basically all of the components, hardware and software, involved in connecting computers across small and large distances.
A. LAN
B. WAN
C. Network
D. SAN
Ans: C
Q: BPDU stands for _ _ _ _
A. Bridge Protocol Description Unicast
B. Bridge Protocol Data Unit
C. Bridge Protocol Description Unit
D. Bridge Protocol Data Unicast
Ans: B
Q: The root switch is the one elected with the _ _ _ _
A. Lowest MAC address
B. Highest MAC address
C. Lowest switch ID
D. Highest switch ID
Ans: C

CCNA Interview Questions #1

CCNA Interview Questions

Q: Which of the following is true concerning bridges?
A. They switch frames in hardware.
B. They support half- and full-duplexing.
C. They support one collision domain for the entire bridge.
D. They do only store-and-forward switching.
Ans: D
Q: With _ _ _ _ switching, the switch reads the destination MAC address of the frame and immediately starts forwarding the frame.
A. Store-and-forward
B. Cut-through
C. Fragment-free
D. Runtless
Ans: B
Q: When choosing a networking product, you should consider all of the following except_ _ _ _
A. Ease of installation and support
B. Product features and functions
C. Backplane capacity
D. Amount of memory
Ans: D
Q: When choosing a WAN solution, consider all of the following except _ _ _ _
A. Number of devices
B. Cost-effectiveness
C. Availability
D. Amount of bandwidth
Ans: A
Q: A 1924 has _ _ _ _ Ethernet interfaces.
A. 24
B. 26
C. 27
D. 28
Ans: C
Q: The TCP/IP protocol stack has _ _ _ _l ayers.
A. 4
B. 5
C. 6
D. 7.
Ans: B
Q: Which of the following is not true concerning TCP?
A. Provides for reliable connections
B. Uses windowing for flow control
C. Multiplexes applications
D. Is more efficient than UDP.
Ans: D
Q: Which of the following is true concerning full-duplexing?
A. It can either send or receive frames, but not both simultaneously.
B. It can be used with hubs.
C. It can be used with 10Base5 cabling.
D. It uses point-to-point connections.
Ans: D

Rabu, 11 Maret 2009

Networking Terminology.

Networking Terminology.

Data Network .

Data networks developed as a result of business applications that were written for microcomputers. 1 At that time microcomputers were not connected as mainframe computer terminals were, so there was no efficient way of sharing data among multiple microcomputers. 2 It became apparent that sharing data through the use of floppy disks was not an efficient or cost-effective manner in which to operate businesses. Sneakernet created multiple copies of the data. Each time a file was modified it would have to be shared again with all other people who needed that file. If two people modified the file and then tried to share it, one of the sets of changes would be lost. Businesses needed a solution that would successfully address the following three problems:

  • How to avoid duplication of equipment and resources
  • How to communicate efficiently
  • How to set up and manage a network

Businesses realized that networking technology could increase productivity while saving money. Networks were added and expanded almost as rapidly as new network technologies and products were introduced. In the early 1980s networking saw a tremendous expansion, even though the early development of networking was disorganized.

In the mid-1980s, the network technologies that had emerged had been created with a variety of different hardware and software implementations. Each company that created network hardware and software used its own company standards. These individual standards were developed because of competition with other companies. Consequently, many of the new network technologies were incompatible with each other. It became increasingly difficult for networks that used different specifications to communicate with each other. This often required the old network equipment to be removed to implement the new equipment.

One early solution was the creation of local-area network (LAN) standards. 3 Because LAN standards provided an open set of guidelines for creating network hardware and software, the equipment from different companies could then become compatible. This allowed for stability in LAN implementation.

In a LAN system, each department of the company is a kind of electronic island. As the use of computers in businesses grew, it soon became obvious that even LANs were not sufficient. 4

What was needed was a way for information to move efficiently and quickly, not only within a company, but also from one business to another. 5 The solution was the creation of metropolitan-area networks (MANs) and wide-area networks (WANs). Because WANs could connect user networks over large geographic areas, it was possible for businesses to communicate with each other across great distances. Figure 6 summarizes the relative sizes of LANs and WANs.

Selasa, 03 Maret 2009

Data Rate Converter

The following tool can be used to convert data rates. To use it, enter a number in the first box and choose your unit to convert, then click the "Convert" button.

note: This converter requires the use of a JavaScript enabled Browser.

Data Rate Converter

Access Control Lists (ACL)

Access lists are used to classify IP packets, the classification applied to these packets can then be used in a number of features:-

  • Security (Access Control)
  • Encryption
  • Policy Based Routing
  • Quality of Service (QoS), Queues
  • Network Access Translation (NAT)
  • Port Access Translation (PAT)
  • Dial on Demand Routing (Interesting Dial Traffic)

Access lists can be applied on Cisco IOS Routers and Switches, they are generally applied to interfaces or access ports in specific directions (e.g. incoming or outgoing).

Types of Access List

There are two types of Access List:

  • Standard ? Can only be used to look at the source IP of a packet.
  • Extended ? Can be used to look at source IP, destination IP, IP protocol, source TCP/UDP port and destination TCP/UDP port.

These two types of Access List are identified by the first argument of the ACL statement, an ID which is used to identify the list. This argument could fall within one of the following:

  • 1 ? 99 or 1300 ? 1999 Standard Access List
  • 100 ? 199 or 2000 ? 2699 Extended Access List
  • Name Named Access List

Specifying an Access List from 1 to 99 or 1300 to 1300 instructs the router that it is a Standard access list, or from 100 to 199 or 2000 to 2699 that it is an Extended Access List. Named Access Lists allow you to give an Access List an alphanumeric, more east to remember identification. Named Access lists also allow you to delete specific Access Lists lines.

Access List Components

The general components of an access list configuration are:

  • Access List Identification (used to identify list, you could have multiple lists)
  • Direction (e.g. in or out of router)
  • IP Address Pattern to Match (e.g. Source, Destination)
  • Action (e.g. Permit or Deny)

The structure of access lists is as follows:

Standard Access List -

access-list

Extended Access List -

access-list [Source Port] [Destination Port][

interface e1

ip access-group 1 in

access-list 1 permit 172.16.1.1 0.0.0.0

The configuration lines above demonstrate how a Standard Access List (you can tell it is a standard access list because it has an access list number identifier of 1). This access list has been applied to the e1 interface in the in direction. The access list is looking for packets matching a source IP address of 172.16.1.1, and permitting the packet to pass; all other packets which do not match this pattern will be discarded.

It is important to note that at the bottom of every access list there is an implicit ?deny all? which is not shown in the configuration. For this reason you should always have at least one permit statement in every Access List (unless you really do want to stop all traffic passing through an interface).

Access lists do not filter traffic that originates from the same router. You can only specify one ACL per protocol, per direction, per interface.


Access List Masks

Wildcard Masks are used to define how much of an IP Address is used in a match, all of it, or part of it? When performing an address filter, the mask identifies how much of an IP Address to check and ignore.

The mask works in a similar way to Subnet Masks, however they are the opposite way round, for this reason they are sometime known as ?inverted masks?. Take the following extended access list:

interface e1

ip access-group 1 out

access-list 101 deny ip 192.168.1.10 0.0.0.255 0.0.0.0 0.0.0.0


This extended access list (note extended because it has a identifier of 101), it is denying ALL traffic out of the e1 interface. The reason why it is blocking all addresses in the 192.168.1.X range is because of the Mask which follows it in the statement above (0.0.0.255). This mask is basically saying ?Match all 0?s and ignore 255?s), 255 it is kind of like the wildcard * or % used in file or database searches.

If we go into more detail around Access Lists masks we need to convert them, like subnet masks, into binary (0 means check value of corresponding bit in IP Address and 1 means ignore value of corresponding bit in IP Address):

Binary

Decimal

Action

00000000

0

Check All Address Bits (Match All)

00111111

63

Ignore Last 6 Address Bits

00001111

15

Ignore Last 4 Address Bits

11111100

252

Check Last 2 Address Bits

11111111

255

Do Not Check Address(Ignore All Bits)

In the following example Access List line permits traffic from a single host to anywhere:

access-list 102 permit ip 192.168.1.2 0.0.0.0 0.0.0.0 0.0.0.0

However the Access Lists Statement above could also be written in a shorter way:

access-list 102 permit ip host 192.168.1.2 any

The ?host? keyword is a short way of specifying a single host IP Address.
The ?any? keyword specifies any IP Address.

host 192.168.1.2 = 192.168.1.2 0.0.0.0

any = 0.0.0.0 0.0.0.0


Using Port Numbers in Access Lists

When using extended access lists, as well as IP Addresses, you can also match for TCP or UDP Port numbers. An example use for this may be of use when you want to specifically block Telnet access to everyone except a single IP Address.

access-list 102 permit tcp host 192.168.1.3 192.168.2.100 0.0.0.0 eq 23

The ?eq 23? at the end of the Access List line above specifies that only a single host, 192.168.1.3, is allowed to Telnet to 192.168.2.100. This Access List should be applied to the router interface nearest the 192.168.2.100 host and it should be applied in the outwards direction.

Here is a list of commonly known port TCP numbers:

Port Number

Service

20

FTP Data

21

FTP Control

22

SSH

23

Telnet

25

SMTP Email

80

HTTP Web

110

POP3 Email

If you can not remember these port numbers Cisco routers also allow you to enter the name of the service in place of the port number:

access-list 102 deny tcp host 192.168.1.4 192.168.2.99 0.0.0.0 eq ftp

WARNING! Be careful not to cut off your remote access when applying an input Access List.

Verifying Access Lists

When you have applied Access Lists to a routers interface, you can verify if it is working by issuing the ?sh access-list? command. This will show you the number of matches which an Access List has made:

Router#show access-list 101

Extended IP access list 101

permit tcp any host 192.168.1.4 eq 23 (1 matches)

permit tcp any host 192.168.1.5 eq ftp (7 matches)

permit ip any any (4867 matches)

 
 
Or if you enable the logging option in your access list, you could look at the routers log:
 
Dec  6 16:21:51.350: %SEC-6-IPACCESSLOGP: list 101 permitted tcp
192.168.0.1(35265) (FastEthernet3/0 0002.559c.f66e) -> 192.168.1.4(23), 1 packet

Routing ? Determining IP Routes

Routing is the act of directing from one location to another, in network terms this means directing Layer 3 Packets around a network, the information about the "routes" is stored in a Routing Table. Routing Tables contain three basic elements:

  1. Direction (Interface / Neighbor)
  2. Eastbourne

    Distance (How Far? / How Much?)
  3. Destination (Where do you want to get to?)


Routing Tables are built up by learning the routes through 4 different methods:

  1. Connected (The interfaces directly connected to the router)
  2. Static (Manually configured by administrator, routes to specific networks)
  3. Default (Manually configured by Administrator, if no route can be found send all traffic via this route)
  4. Dynamic (Network routing protocols adjust automatically to meet topology changes)

Connected Routes

When the router first boots up it automatically adds its own live interfaces to the Routing Table, for example if a router has 1 Ethernet interface it obviously knows how to get to it and therefore adds the route accordingly.

The routing table can be viewed by entering the "sh ip route" command:

Router#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, Ethernet0/0

The following information can be seen in the highlighted line from the routing table output above:

  1. The 'C' at the beginning of the line lets you know that the route is a Connected Route.
  2. Any packet entering the router destined for the 192.168.1.0/24 network will be routed out of the Ethernet0/0 interface.

Static Routes

When routing to a specific network which is not directly connected to the router and in the absence of any Dynamic routing protocols the administrator must manually configure the router in order for it to know where to send any foreign packets.

To manually configure Static Routes the following configuration command should be used:

ip route 192.168.2.0 255.255.255.0 192.168.1.254

Following the configuration above the routing table will now show the new Static Route.

Router#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, Ethernet0/0

S 192.168.2.0/24 [1/0] via 192.168.1.254

As can be seen in the highlighted output the 'S' shows the Static route to the 192.168.2.0/24 network and any packets destined for that network will be forwarded onto 192.168.1.254 (i.e. out of Ethernet0/0), where it is hoped that the neighboring router 192.168.1.254 knows how to get to 192.168.2.0/24 network.

The disadvantages of manually configuring static routes is that if the network topology changes so does the configuration, the configuration must also be entered on each and every router in the network.

The advantage of static routes is that they offer very precise control over routing behavior. Static routes are also commonly used in ISDN setups, this is because Dynamic routing protocols tend to keep the ISDN line active due to regular keep alive updates (every 30 seconds) which Dynamic Routing protocols generate ? keeping the line active costs money as you typically pay per minute with ISDN.

note: Remember you must also add a route back!

Default Routes

"If can't find route ? use this as default"

Before we learn about routing protocols which automatically learn routes, I will discuss static (manual) routes:

For a computer to know where to send its foreign packets it must have a default route.

The router knows where to send packets by examining its routing table. This can be added to with the following command:

ip route

e.g. If you were to set the configuration to:

ip route 0.0.0.0 0.0.0.0 194.168.8.100

This would route all off-net traffic onto 194.168.8.100

Dynamic Routes

There are various protocols which help build a routing table automatically (you do not really want to enter every route on the internet manually!). Dynamic routing protocols learn from their neighboring routers.

There are 2 types of dynamic routing protocols

IGP (Interior Gateway Protocols), these are used for LAN's and WAN's.

EGP (Exterior Gateway Protocols), used on the large internet routers, WWAN's.

IGP Protocols

The table below lists some of the different flavors of Interior Gateway Protocols, these are used in Office, Home and Company Networks, they can be described as only exchanging routing information within an autonomous system:

Distance Vector/Link State

Classfull/Classless

Cisco/Standard

Metric

Admin Distance

RIPv1

DV

CF

S

Hop

120

RIPv2

DV

CL

S

Hop

120

IGRP

DV

CF

C

B/W,Delay

100

EIGRP

Hybrid

CL

C

B/W,Delay

90

OSPF

LS

CL

S

B/W

110

IS-IS

LS

CL

S

Manual

115

Exterior Gateway Protocols

These routing protocols are used to connect between autonomous systems. An autonomous system is a collection of networks under a common administration and sharing a common routing strategy. BGP (Border Gateway Protocol) is an example of a EGP.

Classfull does not send out mask information therefore it can be ambiguous.

Classless is better because you can use VLSM.

EIGRP supports ipv4, AppleTalk, IPX and IPv6 it is the only protocol which supports them all.

EIGRP stores a backup route also ? this is why it converges quickly.

EIGRP asks neighbours if they can help if backup not available.

The next hop is called a successor, the backup route is called a feasible successor.

PIM = Multicast Routing Protocol

Switching - Introducing Spanning Tree Protocol (STP)

A loop avoidance mechanism called STP has been developed to alleviate the 3 issues above.

There are two varieties of Spanning Tree Protcol, STP (802.1d) and RSTP ('Rapid' 802.1w) both work in a similar way.

A Spanning Tree Algorithm examines the switched network, and, through a series of decisions (discussed below) places each port in the loop into either Forwarding or Blocking state, therefore breaking the loop.

Types of port in STP:

  1. Designated Port (DP) Closest to Root i.e. All Ports on the Root Switch.
  2. Route Port (RP) One Per Switch.
  3. Blocking Port.

The process the switches go through to decide which port they place in blocking or forwarding state is governed by the position of a 'Root Switch' (also known as 'Root Bridge'):

  • To decide which switch is the root switch, each switch begins by claiming to be the Root Switch they all send out an STP messages called BPDU's (Bridge Protocol Data Unit). A fight-off happens to determine the final root based on a unique BID (Bridge Identifier) contained within the BPDU, the BID is made up of two components; a priority value and the switch MAC address. By default each switch begins off with a priority of 32,768. The switch with the lowest BID wins the honor of being the Root Bridge.
  • All ports on the root switch are placed into forwarding state. These ports are known as 'Designated Ports' (DP). You can NOT have a Root Port or Blocking Port on the root switch.
  • All the remaining non-root switches determine which port is closest to the root switch and places the port with the least cost (based on hops and/or bandwidth) into forwarding state. These are known as 'Root Ports' (RP).
  • There can only ever be one RP per segment, and so if there are more than one paths with the same cost the decision is made based on the BID of the neighboring switches, the port connecting to the switch with the lowest BID becomes a RP.
  • All ports are placed in blocking state and the loops stopped.


Once the switches have all assigned ports then the switched network is said to be "Converged".

As discussed above the BID is made up of:

  • A Priority Value
  • MAC Address

The Priority Value of the BID can be manually changed by an administrator, this is useful of you want to force a switch in the middle of a network to be a Root Switch.

note: If a newer switch is plugged into a working network of a different manufacturer it may disrupt the network if manual BID priorities are not set. A Cisco Switch (MAC Vendor ID 00000C) will win over a 3COM switch (MAC Vendor ID 001AFC) because Cisco equipment has a lower MAC address.

STP is switched on in all Cisco switches by default, if you have no loops for example:



You could switch STP off on all the switches, but this is not advisable, as all it would take is someone to plug a cable in the wrong port to cause a loop.

note: If two links between two switches, the decision of which port to block can no longer be based on the BID because they would be the same for both links, the selection is therefore made on the lowest port number.



During the STP selection process ports can be in one of the following statuses:

  • Disabled
  • Blocked
  • Listening *
  • Learning *
  • Forwarding

* Ports in Listening & Learning state can take upto 30 seconds, during which no traffic will pass through the port. This may disrupt services such as DHCP and Network Neighborhood. Switching on 'portfast' by using the "spanning-tree portfast" command will skip the Listening and Learning stage. Do not set portfast on inter switch ports or branch ports, however you could set portfast on a leaf port (ports connected to hosts).