Appendix  ■   Answers to Practice Test Questions  93

A

A records in DNS, 147

aaa authentication login default group 

tacacs+ local command, 188

AAA servers

centralize authentication, 187

ports, 251

remote authentication, 222

router lockout, 188

TACACS+, 242

Telnet, 188

ABRs (area border routers)

example, 126

OSPF, 119–120

access control lists (ACLs)

applications, 177

applying, 167, 177, 181

configuring, 177–180

creating, 167

deny any any rules, 176

extended, 176

GRE tunnels, 251

NAT, 143

packet comparisons, 176

placing, 181–182

ports, 178

processing overhead, 176

ranges, 175–176

removing entries, 178

routers, 232

rule modification, 252

SNMP, 149

source addresses, 176, 179

spoofing protection, 163

SSH, 180

Telnet, 252

traffic classification QoS, 154

access layer

collision domains, 12

hybrid topology, 10

switches, 11

access-list deny command, 178

access-list deny tcp command, 252

access-list deny tcp any host command, 180

access-list deny tcp host command, 179

access-list permit command, 144, 167, 178

access-list permit host command, 232

access-list permit ip any command, 252

access-list permit tcp host command, 180

access mode in port security, 49

access ports, 61

default VLANs, 62

PortFast mode, 75

switch ports, 60, 218

VLAN IDs, 48

WLCs, 80

access switches in link configuration, 76

access violations in port security, 186

ACK flag in three-way-handshake process, 

237

acknowledgments

DHCP, 147

TCP, 22

UDP, 22

untrusted ports, 232

ACLs. See access control lists (ACLs)

active mode

LACP, 68

port channels, 68–69

active routers

HSRP, 133–134

link repairs, 248

active virtual forwarders (AVFs), 134

active virtual gateways (AVGs), 134

AD. See administrative distance (AD)

Ad-hoc interface in Ansible, 207

Adaptive Security Appliances (ASAs), 8

Address Resolution Protocol (ARP)

caches, 98

destination addresses, 97

entry ages, 245

MAC addresses, 96

ROAS, 114

switches, 41

TCP/IP packet routing, 106

adjacencies

Frame Relay, 131

hello and dead timers, 127

OSPF, 120

routers, 125

administrative distance (AD)

default routes, 95

directly connected networks, 94

displaying, 95

EIGRP, 94

OSPF, 131, 224

RIP, 93

route statements, 94

routing tables, 93

static routes, 93, 244

administrative domains in IGPs, 103

administrative status, disabled, 83–84

administrative units in OSPF, 118

administratively shut down interfaces, 107

administrator intervention in static routing, 115

ADSL (Asymmetrical Digital Subscriber 

Line), 15

Advanced Encryption Standard (AES)

SSH, 82

WPA 2, 190

advertisements

BPDU Guard, 77

CDP, 66

configuring, 104

LLDP, 65

OSPF

link-state, 124–125

wildcard masks, 122–123

RIP, 244

RIPv2

configuring, 225

inspection, 224

intervals, 224

multicasts, 89

routers, 228

AES-CCMP encryption, 189

agents

Ansible, 206

DHCP, 152–153

aging time for MAC addresses, 37–38

AH (Authentication Header) protocol in 

IPsec, 231

alternate ports in RSTP, 71

Amazon Web Services (AWS), 15

ANDing subnet masks, 97

ANSIBLE_CONFIG variable, 207

Ansible tool

agents, 206

configuration management, 206, 208

connection information, 206

JSON format, 209

module information, 207

root SSH, 234

settings file, 207

setup ease, 208

YAML and Python, 234

YANG data model, 206

Ansible Tower tool, 208

anti-malware software, 165

antivirus software, 231

anycasts

configuring, 31

IP addresses, 31

AP

local mode, 242

monitor mode, 222, 242

WorkGroup Bridge mode, 222

API references in scripts, 195

Application Centric Infrastructure (ACI), 

198

Application Policy Infrastructure 

Controller - Enterprise Module 

(APIC-EM)

Cisco DNA Center, 201

enterprise connectivity, 199

application program interfaces (APIs)

description, 200

REST. See representational state 

transfer (REST) APIs

application/yang-data+json content type, 

204

applications, filtering, 177

area border routers (ABRs)

example, 126

OSPF, 119–120

area IDs for routers, 129

areas, OSPF

Cisco DNA Center, 202

configuring, 122

required, 118

routers in, 248

scalability, 121

ARP. See Address Resolution Protocol 

(ARP)

Index

418

 

ASAs (Adaptive Security Appliances)  –  Cisco Discovery Protocol (CDP)

ASAs (Adaptive Security Appliances), 8

Assurance section in Cisco DNA Center, 

202

Asymmetrical Digital Subscriber Line 

(ADSL), 15

asymmetrical encryption, 81

authentication

802.1X, 169

AAA servers, 187, 222

Cisco DNA Center, 203–204

EAP-TLS, 231

PPP, 13–14

pre-shared keys, 34

RADIUS, 82, 188

smart cards, 170

SNMP, 148

SSH and Telnet, 158, 168–169

tokens, 164–165

wireless LAN controllers, 9

WPA 3, 189

Authentication Header (AH) protocol in 

IPsec, 231

authentication tokens, applying, 204

authenticators in 802.1X, 170

auto-disconnect, disabled, 168

auto-negotiate setting for speed and 

duplex, 21

automation

change effect considerations, 253

configuration conflicts, 233

DevOps, 194

fabric, 203

human error reduction, 194

Lean and Agile, 194

monitoring, 194

reason for, 194

scripts. See scripts

static routes, 194

autonomous system boundary router 

(ASBRs), 119

autonomous systems for routers, 89

autonomous WAPs

console, 82

independence, 78

star topology, 214

AVFs (active virtual forwarders), 134

AVGs (active virtual gateways), 134

B

backup ports in RSTP, 73

backups

device configuration, 203

FTP servers, 159

Bad mask /24 for address error, 112

bad requests in REST-based API, 254

bandwidth

broadcast domains, 236

collision domains, 236

DNS in cloud, 215

EIGRP, 94

email, 16

FastEthernet, 67

Gigabit Ethernet, 79

OSPF, 95, 121

ROAS, 100

setting, 130

static routing, 108, 114

VMs, 215

bandwidth command, 130

banner login command, 231

banners

configuring, 231

exec, 169

SSH, 158

Base64 encoding, 204

basic authentication in Cisco DNA Center, 

204

Bellman-Ford routing algorithm

RIP, 102

route calculations, 225

best routes in EIGRP, 94

BGP (Border Gateway Protocol), 103

binding port numbers, 23

Bluetooth devices

frequency spectrum, 34

interference, 77

Bookshelf in Chef tool, 208

boot system command, 158

booting routers, 158

Border Gateway Protocol (BGP), 103

BPDU Guard

access switch links, 76

advertisements, 77

configuring, 76

edge switches, 77

enabled status, 77

err-disabled state, 242

removing, 76

switches, 75

BPDUs (Bridge Protocol Data Units) for 

loops, 69

bridge IDs

PVST+, 73

switches, 72

bridge ports in STP, 72

Bridge Protocol Data Units (BPDUs) for 

loops, 69

bridges

CST, 70

default priority, 73

electing, 71

point-to-multipoint, 78

STP, 71–72

switches, 242

broadcast domains

bandwidth, 236

number of, 3

broadcast networks, 121

broadcast storms in STP, 217

broadcasts

DHCP, 29

IP addresses, 26

RIP, 101

subnets, 30

C

cable

nodes, 20

speed, 17

switches, 17

caches

ARP, 98

DNS, 147

campus networks

core layer switches, 11

distribution layers, 198

three-tier model, 12

captive portals for guests, 222

CAPWAP (Control And Provisioning of 

Wireless Access Points)

Lightweight AP, 9

tunnels in Local mode, 84

Cat5e cable speed, 17

CBWFQ (Class-Based Weighted Fair 

Queuing), 156

CDP. See Cisco Discovery Protocol (CDP)

CE (customer edge) routers, 131

CEF (Cisco Express Forwarding), 97,  

246

central management in Ansible Tower, 

208

central offices, 215

central remote monitoring of routers and 

switches, 197

centralized authentication

AAA server, 187

wireless LAN controllers, 9

centralized switches in star topology, 10

certificates

EAP-TLS authentication, 231

security, 85

WPA2-Enterprise, 189

Challenge Handshake Authentication 

Protocol (CHAP), 13

channel-group mode active command,  

241

channel-group mode desirable command, 

220

channel-group mode passive command, 

241

channels in 802.11 wireless, 33

CHAP (Challenge Handshake 

Authentication Protocol), 13

Chef tool

configuration management, 206

Cookbook, 208

Knife, 208

node management, 207

Ruby, 254

system state information, 207

CIDR (Classless Inter-Domain Routing), 

24

CIR (committed information rate)

Metro Ethernet connections, 237

QoS policing, 156

Cisco Discovery Protocol (CDP)

advertisement interfaces, 66

details, 66

disabling, 64

frame frequency, 64

holddown timers, 64

management plane, 199

native VLAN mismatches, 63

neighboring devices, 64

network mapping, 219, 233

turning off, 64

VoIP phones, 51

Cisco DNA Center  –  default mode in STP 

419

Cisco DNA Center

APIC-EM replacement, 201

Assurance section, 202

automation, 203

basic authentication, 204

configuration templates, 202

Design section, 254

discovery process., 202

IOS upgrades, 234

network discovery, 203

network health, 202

OSPF areas, 202

Platform section, 203

POST requests, 203

Provision section, 202

Python scripts, 203

REST-based API requests, 209

SD-Access, 203

southbound interface, 205

Cisco Express Forwarding (CEF), 97, 246

Cisco License Manager (CLM), 253

Cisco Prime Infrastructure

device configuration backups, 203

SNMP, 197

Class A IP addresses

example, 23

private, 26

Class B IP addresses

example, 23–24

private, 26

Class-Based Weighted Fair Queuing 

(CBWFQ), 156

Class C IP addresses, 27

Class D IP addresses, 238

Class of Service field in 802.1Q frames, 

155

Classless Inter-Domain Routing (CIDR), 

24

classless routing in RIP, 103

clear ip nat translation * command, 143

clear ip ospf command, 124

clear ip ospf process x command, 131

clear line vty command, 169

clear mac-address-table dynamic 

command, 239

clear text with line passwords, 169

CLI (command-line interface) for Knife, 

208

client SSL/VPN, 175

CLM (Cisco License Manager), 253

clock router settings, 146

clock set command, 146

clock timezone command, 145

cloud service

catalog, 16

DNS, 215

NIST computing criteria, 15

PaaS, 237

collapsed core layer switches in star 

topology, 11

collapsed core model

small enterprises, 11

uses, 11

collision domains

access layer, 12

bandwidth, 236

frame collisions, 4

micro-segmentation, 6

number of, 3–5

switches, 4, 6, 214

comma-separated values (CSV) files vs. 

JSON, 209

command-line interface (CLI) for Knife, 

208

commands

breaking, 247

previously entered, 151

committed information rate (CIR)

Metro Ethernet connections, 237

QoS policing, 156

Common Spanning Tree (CST), 70

community strings in SNMP, 149

compatibility, equipment, 214

complexity of passwords, 170

compute capability in rapid elasticity, 237

compute resources, distributing, 34

configuration backups in Cisco Prime 

Infrastructure, 203

configuration management tools, 206

configuration templates in Cisco DNA 

Center, 202

conflicts from automation changes, 233

congestion avoidance tools, 156

connect command, 81

connected routes in default routing, 105

connection information in Ansible tool, 

206

connection speed of console, 82

connections for Adaptive Security 

Appliances, 8

connectivity, layer 3, 228

console

autonomous WAP setup, 82

connection speed, 82

disrupted messages, 251

logging, 151

syslog messages, 152

WAP debugging, 81

contention methods in 802.11, 33

Control And Provisioning of Wireless 

Access Points (CAPWAP)

Lightweight AP, 9

tunnels in Local mode, 84

control planes

controller-based networking, 196

routing protocols, 199

SDN, 198

STP, 199

web interfaces, 201

controller-based networking

logically centralized control plane, 

196

maturity, 197

SD-WAN, 196

security, 196

Spine/Leaf architecture model, 198

convergence

OSPF, 125

RIPv2, 224

routing tables, 102

STP, 74–75

Cookbook in Chef tool, 208

copy tftp flash command, 158

copy tftp: running-config command, 158

core layer

campus switches, 11

star topology, 10

switching, 10

costs

Metro Ethernet connections, 237

OSPF, 121

ROAS, 113

CPU utilization by routers, 151

CRC checking

frames, 36

switches, 216

CREATE, READ, UPDATE, DELETE 

(CRUD) framework, 204

crossover cable

switches, 17

wiring, 18

crypto key generate rsa command, 157, 

168

CST (Common Spanning Tree), 70

CSV (comma-separated values) files vs. 

JSON, 209

Ctrl+Shift+6 keys, 247

curly brackets ({}) in JSON files, 209, 254

customer edge (CE) routers, 131

D

DAD (Duplicate Address Detection), 216

dashes (-) in YAML, 195

data actions in CRUD framework, 204

data center focused SDN, 198

data integrity for VPNs, 175

data items in HTTP actions, 205

data planes for traffic flow, 199–200

databases for VLANs

configuring, 53

synchronization, 240

DDoS (distributed denial of service), 162

dead timers for adjacencies, 127

debug ip dhcp server packet command, 

153

debug ip nat command, 143

debug ip packet command, 247

debug ip rip command, 224

debug ntp packets command, 145

debug standby command, 137

Debugging severity level in syslog facility 

logging, 152

debugging WAPs, 81

decapsulating packets, 98

default administrative distance for static 

routes, 93

default automatic trunking configuration, 

250

default bridge priority in STP, 73

default destination in syslog messages, 152

default encapsulation for serial 

connections, 214

default gateways

address relevance, 105

HSRP, 133

IP addresses, 25, 229

default-information originate command, 

117, 130

default mode in STP, 71

420

 

default priority  –  dynamic VLANs

default priority

HSRP, 132

OSPF, 131

default QoS for WLANs, 243

default routes and routing

administrative distance, 95

connected routes, 105

destination, 95

implementing, 117

IPv6, 105

OSPF, 129–130

propagation in RIPv2, 117

RAM usage, 101

routing tables, 91

static routing, 114

default VLANs

vs. native, 62

switch configuration, 49

delay

description, 250

IP address reachability, 241

switching path, 248

VoIP traffic, 155

deleting VLANs, 46, 49, 55

demarcation points, 18

demilitarized zones (DMZs)

email servers, 236

firewalls, 7, 162

server placement, 8

denial of service attacks, 163

deny any rules, 176

Design section in Cisco DNA Center, 254

designated ports

defined, 72

STP, 73

designated routers (DRs)

displaying, 129

example, 126

OSPF, 120, 131

preventing selection of, 130

selecting, 128–129

designated state in switch ports, 221

destination interfaces, displaying, 239

destination IP addresses

ARP, 97

routing decisions, 96

destination MAC address, 217, 238

destination unreachable messages, 99

destinations, interfaces as, 244

devices

configuration backups, 203

trust boundaries, 230

DevOps, 194

DHCP. See Dynamic Host Configuration 

Protocol (DHCP)

DHCPv6

DNS server addresses, 216

IPv6 addresses, 238

router interfaces, 154

SLAAC, 153

stateful, 154

diagnostics in HSRP, 137

Differentiated Services Code Point 

(DSCP), 155, 250

Diffusing Update Algorithm (DUAL), 102

Digital Network Architecture (DNA). See 

Cisco DNA Center

Digital Subscriber Line (DSL) access 

multipliers, 237

Dijkstra routing algorithm, 117

Direct-Sequence Spread Spectrum (DSSS), 

33

directly connected networks, 

administrative distance, 94

disabled administrative status, 83–84

disabled auto-disconnect, 168

disabled VLANs, 52

disabling

CDP, 64

LLDP advertisements, 65

discarding port mode in RSTP, 74

disconnection

idle time, 169

network admins, 169

discontinuous networks, support for, 225

distance-vector protocols

Bellman-Ford routing algorithm, 102

re-advertising routes, 102

RIP, 99

router limits, 102

routing loops, 102–103

routing table convergence, 102

distributed denial of service (DDoS), 162

distributed process in STP, 69

distribution layer

campus networking model, 198

full mesh topology, 10

partial mesh topology switches, 12

redistribution of routing protocols, 12

switches for redundancy, 11

distribution switches, End of Row, 5

DMVPNs (Dynamic Multipoint VPNs)

hub-and-spoke topology, 13, 174

NHRP, 174

remote offices, 201

DMZs (demilitarized zones)

email servers, 236

firewalls, 7, 162

server placement, 8

DNA Command Runner, 202

DNA (Digital Network Architecture). See 

Cisco DNA Center

Domain Name System (DNS)

A records, 147

administrator errors, 32

caches, 147

cloud, 215

hostname queries, 146

NTP, 145

protocols and ports, 249

PTR records, 147

stateless DHCPv6 servers, 216

TTL, 147

UDP, 23

verifying, 33

domain names in DNS resolution, 146

doors, locking, 250

double tagging in native VLANs, 164

drift prevention, 208

dropping

frames, 40

packets, 105

DRs. See designated routers (DRs)

DS1 connection speed, 18

DSCP (Differentiated Services Code 

Point), 155, 250

DSL (Digital Subscriber Line) access 

multipliers, 237

DSSS (Direct-Sequence Spread Spectrum), 

33

DTP (Dynamic Trunking Protocol)

turning off, 58

VLAN hopping, 230

DUAL (Diffusing Update Algorithm), 102

dual-homed systems in EGPs, 103

duplex

auto-negotiate setting, 21

intermittent outages, 20

logon times, 36

mismatches, 19

status, 21

switches, 21, 240

troubleshooting, 19

Duplicate Address Detection (DAD), 216

duplicate IP addresses

DHCP, 148

IPv6 addresses, 216

dynamic access lists, 178

Dynamic Host Configuration Protocol 

(DHCP)

acknowledgment messages, 147

broadcasting, 29

DHCPv6. See DHCPv6

down, 153

GIADDR field, 152

IP addresses

acquiring, 147

duplicate, 148

life cycle, 147

leases, 147, 154

Offer packets, 152

rebinding, 154

relay agents, 152–153

routers, 249

servers

active, 152

down, 27

ipconfig /all command, 33

snooping, 164, 232, 252

UDP, 148

Dynamic Multipoint VPNs (DMVPNs)

hub-and-spoke topology, 13, 174

NHRP, 174

remote offices, 201

Dynamic NAT pools, 143

dynamic routing

description, 100

Dijkstra routing algorithm, 117

EIGRP, 94–95

IPv6 addresses, 105

optimized route selection, 101

overhead, 101

RAM storage, 99

reason for, 89

resiliency, 101

route summarization, 115

routing tables, 98

Dynamic Trunking Protocol (DTP)

turning off, 58

VLAN hopping, 230

dynamic VLANs, 47

E-Tree services in hub-and-spoke design  –  flooding attacks 

Download 8,04 Mb.

Do'stlaringiz bilan baham: