421
E
E-Tree services in hub-and-spoke design,
12
EAP (Extensible Authentication Protocol),
170
EAP-TLS (Extensible Authentication
Protocol/Transport Layer Security)
authentication, 231
ECMP (equal-cost multi-path routing), 201
edge switches
BPDU Guard, 77
PortFast mode, 221
EGPs (exterior gateway protocols)
BGP, 103
dual-homed systems, 103
vs. interior gateway protocols, 103
egress interfaces for frames, 40
802.1D
PVST+, 70
STP, 69
802.1Q
Class of Service field, 155
support, 111
tag frames, 59, 62
trunking protocol, 62
trunks, 61
802.1s, Rapid PVST+ replacement for, 71
802.1w
Rapid PVST+, 70
switch port designated state, 221
802.1X
authentication, 169
authenticators, 170
EAP protocol, 170
security certificates, 85
supplicants, 170
802.11 wireless
2.4 GHz, 34
contention methods, 33
overlapping channels, 33
WMANs, 80
802.11ac RF analysis, 222
802.11e for QoS, 82
802.11i
AES-CCMP encryption, 189
frame-level encryption, 189
802.11k for WAP neighbors, 83
EIGRP. See Enhanced Interior Gateway
Routing Protocol (EIGRP)
email
protocols and ports, 22
SaaS, 16
email servers in DMZs, 236
enable algorithm-type scrypt secret
command, 169
enable secret Password20! command, 166
enabled WPA2 personal, 84
enabling
IP routing, 112
passwords, 166
port security, 183
routers, 112
SCP, 230
SSH, 157, 167
VLANs, 51
Encapsulating Security Payload (ESP)
protocol, 175
encapsulation
negotiated, 218
PPP, 13
ROAS, 113
encapsulation dot1q command, 112, 114
encapsulation dot1q native command, 111
encapsulation isl command, 113
encapsulation ppp command, 236
encryption
AES, 82
ESP, 175
frame-level, 189
IOS, 243
SNMP, 148
SSH, 81, 156–157, 166
WPA, 189
WPA2, 34
End of Row (EoR) switches, 5
end user training for phishing attacks,
164
endpoint devices in BPDU Guard, 242
Enhanced Interior Gateway Routing
Protocol (EIGRP)
administrative distance, 94
best routes, 94
DUAL, 102
dynamic routing protocols, 94–95
hybrid protocols, 101
interior gateway protocol, 103
IPv6 addresses, 246
route statements, 94
routing decisions, 243
enterprise connectivity, platform for, 199
EoR (End of Row) switches, 5
equal-cost multi-path routing (ECMP),
201
equal-cost routes in OSPF, 122
equipment compatibility for PPP, 214
err-disabled shutdown in port security,
184, 187
err-disabled state
BPDU Guard, 77, 242
MAC addresses, 252
errdisable recovery cause psecure_
violation command, 187
error counts, resetting, 19
ESP (Encapsulating Security Payload)
protocol, 175
EtherChannel
configuring, 220
Gigabit Ethernet, 79
interface aggregation, 66–67
LACP, 67
mode conflicts, 241
on mode, 222
port aggregation, 68
pseudo interfaces, 241
single layer 2 connections, 67
status, 219
Ethernet frames
Destination MAC address field, 238
type field, 238–239
EUI-64 addresses, 32, 216
event logs, configuring, 249
event triggered updates in OSPF, 120
exclamation points (!) with, ping
command, 246
exec banners, 169
exec-timeout command, 168–169
expanded IPv6 addresses, 29
extended access lists
applications, 177
creating, 182
placing, 182
ranges, 176–177
traffic blocking, 180
extended ping command, 248
extended server sets, 8
Extensible Authentication Protocol (EAP),
170
Extensible Authentication Protocol/
Transport Layer Security (EAP-
TLS) authentication, 231
Extensible Markup Language (XML), 195
exterior gateway protocols (EGPs)
BGP, 103
dual-homed systems, 103
vs. interior gateway protocols, 103
F
fabric
automation, 203
layer 3 switches, 233
maximum hop count, 200
facts in Puppet tool, 207
failed links in WLCs, 242
FastEthernet bandwidth, 67
fault tolerance in IaaS, 15
FHRP (first hop redundancy protocol)
HSRPv2, 135
VRRP, 132
fiber optic multi-mode standard, 17
filters
applications, 177
MAC, 83, 188, 233
monitors, 165
wildcard masks, 177–178
Firepower Threat Defense (FTD) devices,
175
firewalls
characteristics, 7
DMZs, 7, 162
perimeter areas, 162
physical access, 8
placement, 7
TCP conversations, 8
trusted networks, 162
URIs, 214
virtual, 35
first hop redundancy protocol (FHRP)
HSRPv2, 135
VRRP, 132
5 GHz benefits, 34
flags in three-way-handshake process, 237
flash memory in routers, 159
Flex Connect mode vs. Local mode, 84
flexibility in PAT, 229
flooding attacks
frame, 7, 42
MAC addresses, 250
422
flow control in Transport Layer – interfaces
flow control in Transport Layer, 21
forwarding
frames, 35, 38–40
layer 2 switch function, 6
packets
CEF, 97, 246
OSPF, 123
switch decisions, 217
VTP modes, 56
fragment-free mode in switching
decisions, 36
frame-level encryption in WPA, 189
Frame Relay for adjacencies, 131
frames
802.1Q, 59
CDP, 64
collision domains, 4
CRC checking, 36
dropped, 216
dropping, 40
egress interfaces, 40
flooding attacks, 7, 42
forwarding, 35, 38–40
MAC addresses, 36
rewrite process, 97
VLANs, 46–47
frequency spectrum for Bluetooth, 34
FTD (Firepower Threat Defense) devices,
175
FTP servers for configuration backups, 159
full mesh topology
distribution layer, 10
redundancy, 10
FULL state in LSA information, 127
fully qualified domain names (FQDNs),
229
G
Gateway Address (GIADDR) field in
DHCP, 152
Gateway Load Balancing Protocol (GLBP)
active virtual forwarders, 134
active virtual gateways, 134
load-balancing routers, 132
per-host load balancing, 137
UDP ports, 133
gateways
address relevance, 105
default addresses, 105
GLBP, 134
HSRP, 133
IP addresses, 25, 229
Generic Routing Encapsulation (GRE)
configuring, 171–172
layer 3 protocol, 171
MTU, 172
troubleshooting, 173–174
tunnels, 171, 251
verifying, 172
Gigabit Ethernet
bandwidth, 79
switch speed, 6
GLBP. See Gateway Load Balancing
Protocol (GLBP)
global configuration mode in VLANs, 239
global networks, link-state routing
protocols for, 118
global unicast addresses, 30
global variables in Puppet tool, 207
GRE. See Generic Routing Encapsulation
(GRE)
groups, multicast, 27
guests, captive portals for, 222
H
hardware for virtual machines, 34–35
hash based load balancing, 80
HDLC (High-Level Data Link Control)
PPP encapsulation, 13
serial connections, 214
hello packets in OSPF, 123–124
hello timers
adjacencies, 127
HSRPv2, 137
hierarchical design in OSPF, 125
High-Level Data Link Control (HDLC)
PPP encapsulation, 13
serial connections, 214
hold timers
HSRP, 133
HSRPv2, 137
holddown timers
CDP, 64
LCP, 65
RIPv2, 244
routing loops, 102–103
hops and hop counts
fabric switching, 200
ICMP requests, 247
RIP, 89, 101
RIPv2, 104
traceroute, 172–173
host connections in MAC filtering, 83
hostname queries in DNS resolution, 146
hosts
routing tables, 92–93, 96
subnet masks, 96
virtual machines, 35
Hot Standby Router Protocol (HSRP)
active routers, 134
default gateways, 133
default priority, 132
hold timers, 133
MAC addresses, 132
multicasting, 133
outage alerts, 136
preemption, 135
real-time diagnostics, 137
router priority, 137
router state, 135
routers, 133
traffic routing, 135
UDP ports, 133
HSRPv1
group numbers, 132
vs. HSRPv2, 134
HSRPv2
FHRP, 135
hello and hold timers, 137
maximum number of groups, 134
hub-and-spoke design
DMVPN, 13, 174
E-Tree services, 12
Internet service provider connections,
12
hubs
collision domains, 4, 6
multiport repeaters, 214
speed and duplex, 21
human error factor, automation for, 194
hybrid protocols, EIGRP, 101
hybrid topology, access layer, 10
HyperText Markup Language (HTML),
195
Hypertext Transfer Protocol (HTTP)
data items, 205
REST APIs, 203
status codes, 205
Hypertext Transfer Protocol Secure
(HTTPS), 196
I
I/G bit in MAC addresses, 35
IaaS (Infrastructure as a Service), 15
IaC (Infrastructure as Code), 208
IANA (Internet Assigned Numbers
Authority), 27
IBSS (independent basic service set), 77
ICMP. See Internet Control Message
Protocol (ICMP)
Idempotence theory in drift prevention,
208
idle time for disconnection, 169
IDSs (intrusion detection systems)
description, 162
unauthorized access detection, 8
IETF (Internet Engineering Task Force), 82
IGMP (Internet Group Management
Protocol)
multicast groups, 27
router status, 106
IGPs. See interior gateway protocols (IGPs)
incident detection, passive, 188
independent basic service set (IBSS), 77
Inform SNMP messages, 149, 249
Infrastructure as a Service (IaaS), 15
Infrastructure as Code (IaC), 208
initialization vectors in WPA2, 34
inside IP addresses
global, 141
local, 140
Inter-Switch Link (ISL), 59
inter-VLAN routing (IVR), 100
intercloud exchange in public clouds, 16
interface aggregation
EtherChannel, 66–67
LACP, 67
interface gi command, 181
interface loopback command, 130–131
interface range gigabitethernet command,
240
interface vlan command, 111
interfaces
administratively shut down, 107
configuring, 240
interference in Bluetooth devices – Knife utility
423
as destinations, 244
nodes, 20–21
shutdown, 19
interference in Bluetooth devices, 77
interior gateway protocols (IGPs)
administrative domains, 103
vs. EGPs, 103
EIGRP, 103
OSPF, 118
routers, 89
intermittent outages, 20
internal EIGRP administrative distance,
94
internal network firewalls, 162
internal time clocks, 144
Internet Assigned Numbers Authority
(IANA), 27
Internet connections in PAT, 229
Internet Control Message Protocol
(ICMP)
echo requests, blocking, 163
hop issues, 247
probe counts, 248
route testing, 99
routing, 95
traceroute command, 246
TTL, 99
Internet Engineering Task Force (IETF),
82
Internet Group Management Protocol
(IGMP)
multicast groups, 27
router status, 106
Internet Protocol Security (IPsec)
AH protocols, 231
ESP protocol, 175
GRE, 171
multicast packets, 251
VPNs, 175
Internet service provider connections in
hub-and-spoke design, 12
Internetwork Operating System (IOS)
encryption, 243
upgrades
Cisco DNA Center, 234
TFTP server, 158
version, 241
intrusion detection systems (IDSs)
description, 162
unauthorized access detection, 8
intrusion prevention systems (IPSs)
denial of service attacks, 163
description, 162
Invalid input detected error, 112
invalid IP addresses, 112
Inventory component in Ansible tool, 206
IOS. See Internetwork Operating System
(IOS)
ip access-class command, 167
ip access-group command, 181
ip access-list command, 177
ip access-list extended command, 182
ip address dhcp command, 249
IP addresses
A records, 147
anycasts, 31
broadcast, 26
Class A, 23
Class B, 23–24
Class C, 27
Class D, 238
default gateways, 25, 229
destination, 223
DHCP, 27, 147
example, 216
extended ping command, 248
IANA, 27
inside global, 141
inside local, 140
invalid, 112
ipconfig /all command, 32
IPv6. See IPv6 addresses
laptops, 215
local routes, 104
multicast, 23, 31
outside global, 141–142
private, 26–27
PTR records, 146
reachability delay, 241
RIDs, 120
ROAS, 114
route statements, 108–110
routing decisions, 96
routing tables, 107, 223
spoofing, 163
subnet masks, 24–26
SVI, 111
troubleshooting, 25
verifying, 107, 230
web servers, 27
ip default-gateway command, 106
ip dhcp snooping trust command, 164
ip ftp password command, 159
ip ftp username command, 159
IP headers, TTL field, 246
ip helper-address command, 152
ip nat inside command, 229
ip nat inside source static command, 142
ip nat pool EntPool command, 143
ip ospf cost command, 121, 128
ip ospf priority command, 128–130
IP phones, PoE switches for, 65
ip route command
default routing, 117
destination addresses, 108
GRE, 172
links, 89–90
next hops, 93
RIP, 116
router configuration, 107, 109
router table display, 106
static routes, 244
IP routing, enabling, 112
ip routing command
SVI, 245
switches, 110
ip scp server enable command, 230
ip ssh version command, 157, 167
ipconfig /all command, 32–33
IPsec. See Internet Protocol Security
(IPsec)
IPSs (intrusion prevention systems)
denial of service attacks, 163
description, 162
ipv6 address autoconfig default command,
116–117
ipv6 address dhcp command, 154
IPv6 addresses
6to4 tunnels, 28
bits, 27
blocks, 30
configuring, 28
DAD, 216
default routes, 105
dynamic routing protocols, 105
EIGRP, 246
EUI-64, 32, 216
expanded, 29
hosts in SLAAC, 238
link-local, 31
MAC, 32
NDP, 30
need for, 27
network prefixes, 29
route display, 226
route statements, 110
routers, 226
routing tables, 105
shortened, 28
solicited-node multicast message, 238
stacks, 28
stateful DHCPv6, 238
static addresses, 28
subnet quartets, 29
verifying, 29
ipv6 route command
connected routes, 226
default routes, 105, 109
exit interfaces, 110
Internet connections, 227
internetwork routing, 227–228
ISL (Inter-Switch Link), 59
isolation, switches for, 6
IVR (inter-VLAN routing), 100
J
JavaScript Object Notation (JSON) files
Ansible, 209
command output, 234
curly brackets, 209, 254
vs. CVS, 209
example, 210
key-value pairs, 209
REST-based API, 209
square brackets, 209–211
jitter, 154
jumbo frames, 47
K
key-value pairs
JSON files, 209
YAML, 195
keys in SSH
generating, 157, 168
requirements, 166
strength, 157, 167
Knife utility, 208
Do'stlaringiz bilan baham: |