Network Engineer Handbook (MSG )
Network Engineer Handbook (MSG )
Linkedln:-
https://www.linkedin.com/in/maheshgirhe787
5
OSI (Open system interconnect)
1.Explain OSI Layer?
▪ Open systeminterconnect (OSI) was developedby the international organization for
standardization (ISO) and introduced in 1984.
▪ It’s a consists of sevenlayers
▪ Application layer, Presentationlayer, Sessionlayer, Transport layer, Network layer,
Data link layer, Physical layer.
2.Which Layer is Responsiblefor ReliableConnection?
The transport layer guarantees a reliable end-to-end connection
3.What are Different protocol works at each of the Layer in OSI model?
Application layer
It’s responsiblefor providing an interfacefor the userto interact with application services or network
services. Ex-Webbrowser(HTTP), Telnet
Presentation layer
It’s responsiblefor defining a standardformat to the data.
The major functions described at this layer are: -
Encoding-Decoding Ex- AVI-(video), WAV-(voice), JPEG(graphite), ASCII (text)
Encryption-Decryption
Session layer
It’s responsiblefor establishing, maintaining, andterminating thesessions. Session
ID is used to identify a sessionor interaction.
Ex-Remoteprocedural call, Apple talksessionprotocol
TransportLayer
It provides data delivery mechanismbetween applications in the network.
Transport layeris the major function layer In OSI layer
Identifying service
Multiplexing&De-multiplexing
Segmentation, Errorcorrection, flow control
Transport layerprotocols?
The protocols which takes careof data transport at transport layerareTCP/UDP
Different between TCP/UDP
TCP UDP
TransmissionControlProtocol Userdatagramprotocol
Connection Oriented Connectionless
Support acknowledgements No support for acknowledgements
Reliable communication Unreliablecommunication
Protocol no.6 Protocol no.17
Ex-HTTP, FTP, SMTP DNS, DHCP, TFTP
NetworkLayer
1
It provides logical addressing pathdetermination (routing)
The protocols that work in this layer are: -Routed Protocol, Routing Protocol Routed
ProtocolsUsedtocarryuserdata between data.
RoutingProtocolsusedperforms pathdeterminisationrouting.
Datalink layer
It provides communication with network layer.
Mac(media access control) it provides reliable transit of data across a physical link.
Physicallayer
It defines the electrical, mechanicalfunctional specification for communication betweenthe network
devices.
5.What is the port number and give some example?
A port number is a way toidentify a specific process towhich an Internet or othernetwork message
is to be forwarded when it arrives at a server. Forthe TransmissionControlProtocol and the User
DatagramProtocol, a port number is a 16-bit integerthat is put in the headerappended to a
messageunit.
▪ FTP-File TransferProtocol (TCP-20,21)
▪ SSH-SecureShell SSH Secure Login (TCP-22)
▪ Telnetremote login service, unencrypted text messages (23)
▪ SMTP-Simple MailTransferProtocol E-mail routing (TCP-25)
▪ DNS-DomainName System(TCP/UDP-53)
▪ DHCP-Dynamic Host ConfigurationProtocol IP-(67server)-68(client).
▪ HTTP-Hypertext TransferProtocol (TCP-80)used in theWorld Wide Web (TCP-80)
▪ POP3-Post Office Protocol POP3 (TCP-110)
▪ NTP-Network Time Protocol (UDP-123)
▪ SNMP-Simple NetworkManagement Protocol (UDP-161/162)
▪ HTTPS-Secure (HTTPS) HTTPover TLS/SSL(TCP-443)
2
Unicast
In computer networking, unicast is a one-to-one transmission.
Multicast
In computer networking, multicast is group communication.
Broadcast
In computer networking, one-to-many
9.What is the different betweenHalf-duplexand Fullduplex?
Half Duplex-Data can flow in both direction but not simultaneously. At a time, Data can flow
only in one directional Ex-HUB.
Full Duplex-Data can flow both directional simultaneously-Switch.
10.What is the MAC format?
It is a 12 Digits 48 Bit(6byte) Hardware addresswritten in Hexadecimal format.
It consists of two parts: -
▪ The first 24 Bits OUI (Organizationally Unique Identifier) is assigned by IEEE.
▪ The last 24 Bits is Manufacturing-assigned Code.
11.What is a Frame?
The Data link layer formats the message into pieces, each called a data frame and adds a
customized header containing the hardware source and destination address.
13.What are the protocols that are includeby each layer of the TCP/IP model?
▪ Application layer-DNS,DHCP, FTP, TFTP, SMTP, HTTP,Telnet,SSH.
▪ Transport layer-TCP, UDP
▪ Internet layer-IP, ICMP,IGMP
▪ Network access layer-Ethernet,Token Ring, FDDI,X.25,Frame Relay,ARP,RARP.
ARP (AddressResolutionProtocol)
14.What is the ARP?
AddressResolution Protocol (ARP) is a networkprotocol, which is used to map a network
layer protocol address(IP address) to a data link layer hardware address (MAC address).
ARP basically resolvesIP address to the corresponding MAC address.
3
effectivelycommunicate with the IP address)An ARP cache helps the attackers hide behind
a fake IP address.
17.What is the size of an ARP request and ARP reply packet?
The size of an ARP request or reply packet is 28 bytes.
18.What is Proxy ARP?
Proxy ARP is the process in which one device respondsto the ARP requestfor another devices.
Ex-Host A send an ARP requestto resolve the IP addressof Host B. Instead of Host B, Host C
respondsto this ARP request.
21.What is Reverse ARP?
ReverseARPis used toobtain thedevice’s IP address when its MAC address is already known.
23.What is (TransmissionControlProtocol)TCP?
It is one of the most used protocols within digital network communications and ensures end-
to-enddata delivery. TCP organizes data so that it can be transmitted betweena server and a
client. It guarantees the integrity of the data being communicated over a network.
4
▪ 5.Acknowlagement-(ACK)-Allpackets afterSYS packet sent by the client should have this flag
set.ACK=10means host has received0 through 9 and is expecting byte 10 next. ▪
6.Synchronize(SYN)-It initiateda connection. It Synchronize sequencenumber.
5
Routing
37.What is the Routing?
The function of routing is to route packet betweennetworks that are not locally attached.
6
Faster Administrative work is more
No wastage of bandwidth Usedin small network
51.What is EGP?
An Exterior Gateway Protocol referto a routing protocol that handles routing between
differentAutonomousSystem (AS) Ex-BorderGateway Protocol (BGP).
7
55.What is Distance-Vector Routing Protocol?
Distance vector routing protocol use the distance or hops as the metric to find path to
destination.
▪ Ex-RIP, EIGRP
62.What is Cost?
Cost is the inverse proportion of bandwidth of the links.
63.What is CDP?
Cisco Discovery Protocol is a Cisco proprietary protocol to help administrators in collection
about information both locally attached and remote devices.
8
EIGRP (Enhanced InteriorGatewayRoutingProtocol)
64.Explain EIGRP Routing Protocol?
▪ Enhanced Interior GatewayRouting Protocol (EIGRP Protocol) is an enhanced
distance vector routing protocol which uses DiffusedUpdate Algorithm (DUAL) to
calculate the shortest path. Is also considered as a hybrid routing protocol because
it has characteristic of both Distance vector & Link State Routing Protocol.
▪ EIGRP support classless routing & VLSM, route summarization, incremental updates,
load balancing and other future.
65.What are the requirement Neighborship in EIGRP?
The following field in a hello packet must for routers to become neighbours: -
▪ AutonomousSystem number ▪ K-values.
▪ Authentication.
▪ Primary address should be used.
▪ If static neighborship them should be define on both sides.
66.What table do EIGRP routers maintain?
EIGRP router stores routing and topology information in Three tables: ▪
Neighbour Table- Store information about EIGRP neighbours.
▪ Topology Table- Store routing information which is learn from neighbours’routers.
▪ Routing Table- Store the bestpath to all networks.
73.What is a Successor?
A successor is the bestpath to reach a destination in the topology table.
9
Feasible distance is the distance (metric) to reach the destination network. The route with
this metric will be in the routing table as it is the best route to reach a remote(destination)
Network.
10
85. How do I fixEIGRP stuck in active?
EIGRP maintains a timer called “active timer” which has a default value of 3 minutes(180
seconds).EIGRP waits half of the active timer value (90 seconds) for a reply. If the router
does not receive a response within 90 seconds, the originating router sends a stuck in active
(SIA) queryto EIGRP neighbours that did not respond
11
Open ShortestPath First (OSPF) is a link-state routing protocol that is usedto find the best
path betweenthe source and the destination router using its own Shortest Path First (SPF).
OSPF is developedbyInternetEngineering Task Force (IETF) as one of the Interior Gateway
Protocol (IGP),i.e,the protocol which aims at moving the packet within a large autonomous
systemor routing domain. It is a networklayer protocol which works on the protocol number
89 and usesAD value 110. OSPFuses multicast address 224.0.0.5 for normal communication
and 224.0.0.6 for update to designated router (DR)/Backup Designated Router (BDR).
12
with differentprotocols. The ASBR can import and translate differentprotocol routes into
OSPF through a process knownas redistribution.
13
router requestsfor an update to DR and DR will respond to that request with an
update.
108.What is Backup-Designated Router (BDR)?
Backup Designated Router (BDR) – BDR is backup to DR in a broadcast network. When DR
goes down,BDR becomesDR and performsits functions.
14
DBD then the router will sendLSR to the other router stating what links are needed.
The other router replies with the LSU containing the updatesthat are needed.In
return to this, the router replies with the Link State Acknowledgement.
▪ Full – In this state, synchronization of all the information takes place. OSPF routing
can begin only after the Full state.
114.Whatisthe OSPFAuthentication?
OSPF supports three types of authentication: null, simple password authentication and
MD5 authentication. OSPF MD5 authentication can be configured globally or by
interface. OSPF authentication is for security purpose.
15
LSA Type 2 (Network LSA) packets are generated by the Designated Router (DR) to
describe all routers connected to its segmentdirectly. LSA Type 2 packets are
floodedbetween neighbours in the same area of origin and remain within that area.
118.Whatisthe ASBRSummaryLSA?
LSA Type 4 (ASBR Summary LSA) packets are the LSAs that advertise the presence of an
Autonomous SystemBorder Router (ASBR) to other areas. In the example below whenR2
(ABR) receives the LSA Type 1 packet from R1 it will create a LSA Type 4 (Summary ASBR
LSA) packet, which advertises the ASBR route received from Area 1, and inject it into Area
0.
16
While LSA Type4packets areused by ABRs toadvertisethe ASBR routethrough theirareas, it will not
be used by the ASBR itselfwithin its local area (Area1); ASBR uses LSA Type1to inform its
neighbours (R2 in this case)within its networks.
119.Whatisthe ASBRExternalLSA?
LSA Type 5 (ASBR External LSA) packets are generatedby the ASBR to advertise external
redistributed routes into the OSPF’s AS. A typical example of an LSA Type 5 would be an
external prefix e.g. 192.168.10.0/24 or default route (internet) as shown below:
This externalroute/prefix is redistributedin to the OSPF network by the ASBR (R1) and seen as O
E1or E2 entries in other OSPF routers routing tables.
17
Three restriction apply to OSPF stub area: • 1.No
virtual links are allowed in the stub area.
• 2.Stub area cannot be a backbone area.
• 3.No Autonomous SystemBoundary Router are allowed
Totally Stubby Area
Like stub areas, totally stubbyarea doesnot receive type4 and type5 LSA from their ABRs.
However,they also do not receive type 3 LSAs. It allows advertisementof internal router in
that area.
Not-So-Stubby Areas
The motivation behind NSSA is to allow OSPF stub area to carry external routes.External
router is imported into OSPF NSSA as Type 7 LSA by ASBR. Type 7 LSA cannot go into area
0 so it is convertedback into Type 5 LSA by ABR and injected into area 0.
Totally NSSA
Along with Type4 & Type5, Type3 LSA will also be filtered in Totally NSSA
BGP (BorderGatewayProtocol)
126.Explain the Border Gateway Protocol (BGP)?
▪ Border GatewayProtocol (BGP) is a standardized exteriorgateway protocol designed
to exchange routing and reachability information among autonomoussystems (AS)
on the Internet.BGP is classified as a path-vector routing protocol, and it makes
routing decisions based on paths, networkpolicies, or rule-setsconfigured by a
networkadministrator.
▪ BGP usedfor routing within an autonomous system is called Interior Border Gateway
Protocol, Internal BGP (iBGP).In contrast, the Internetapplication of the protocol is
called Exterior Border GatewayProtocol, External BGP (eBGP).
127. What are the BGP features?
▪ Path vectorprotocol
▪ Open standardprotocol.
▪ Classless routing protocol.
▪ Usedthe Path vectoralgorithm.
▪ Administrativedistancefor eBGPis 20,iBGP-200
▪ BGPexchangerouter information betweenautonomous system.
▪ Hello timer is 60 sec; hold on timeris 180 sec.
▪ BGPused TCPport number 179.
18
128.Can Router on differentsubnet become BGP Neighbors?
Can does not require neighbours to be attached to the same subnet. Instead,BGP routers
use a TCP connection betweenthe routers to pass BGPmessage allowing neighbouring
routers to be on the same or differentsubnet.
19
▪ Connect- The BGP process is waiting for the TCP Connection to be completed. If it is
successful, it will be continuing to the OpenSent State. In case it fails, it will be
continuing to active state.
▪ Open sent- BGP has both established the TCP connection and sent an OPEN Message
and is awaiting a reply OPEN Message.Once it receivesa reply OPEN Message,the BGP
peerwill senda KEEPALIVE message.
▪ Next Hop- It lists the next-hopIP address usedto reach a prefix.If nexthop is
reachable? If no route to reach Nexthop, the router cannot use this route.
▪ Weight- The Weight attribute is applied to inbound routes, dictating the best
outbound path. It is a Cisco-proprietary attribute, and is only locally significant (and
thus, is never passedon to BGPneighbours). The weight value can range from 0 –
65535, and the highest weight is preferred.By default,a route originated on the local
20
router will be assigned a weight of 32768. All other routeswill be assigned a weight
of 0, by default.
▪ Local Preference- The Local Preference attribute is applied to inbound external
routes, dictating the best outboundpath. Unlike the Weight attribute, Local
Preference is passedon to iBGP peerswhen sending updates.Local Preference informs
iBGP routers how to exit the AS if multiple paths exist.Local Preference is a 32-bit
numberand can range from 0 to 4294967295. The highest Local Preference is
preferred,and the defaultpreference is 100.
▪ Origin- The Origin attribute identifies the originating source of the route. The origin
codes are as follows (listed in order of preference forroute selection): • i (IGP) –
Originated from an interior gateway protocol, such as OSPF. This usually indicates the
route was injectedinto BGP via the network command under the BGP process. An
origin code of “i” is most preferred.• e (EGP) – Originated from an external gateway
protocol. • ? (incomplete) - Unknownorigin. This usually indicates the route was
redistributed into BGP (fromeither connected, static, or IGProutes). An origin code
of “?” is the least preferred.
21
also knownas the externalmetric of a route.A lower MED value is preferredover a higher
value.
Switching
141.What is switching?
The function of switching is to switch data packets betweendeviceson the same network.
142.What is switching?
A switch is a device which is used to connect multiple devices inside Local Area Network
(LAN).Unlike hubs, a switch examineseach packet and process it accordingly rather than
simply repeating the signal to all port. Switches operate at Layer Two (Data Link layer) of the
OSI model.
143.What is the differentbetween a HUB, Switch & Router?
22
Broadcast Domain- Broadcast is a type of communication, where the sending device
sendsa single copy of data and that copy of data will be delivered to everyother device in
the networksegment.
CollisionDomain- It is a networkscenario where one device sends a packet on a network
segmentforcing everyother device on that same segmentto pay attention to it. At the
same time, if a differentdevice on that same segmentto pay attention to it.
147.What is a MAC address table and how a switch will build a MAC table?
The switch maintains an address table called MAC addresstable to efficiently switch frames
betweeninterfaces.When the switch receives a frame, it associates the MAC address of the
sending device with the switch port on which it was received.
149.Explain Flooding?
If the destination MAC address is not found in the MAC address table, the switch forwards
the frame out all its ports exceptthe port on which the frame was received.This is known as
flooding
VLAN (VirtualLAN)
150.What is a VLAN and How does it reduce the broadcast traffic?
A VLAN is a logical grouping of networkusers and resources connectedto administratively
definedports on a switch. VLAN divides the broadcast domain so,the frames that will be
broadcasted onto the network are only switched betweenthe ports logically grouped within
the same VLAN.
▪ Trunk Port- Trunk port can carry the traffic of multiple VLANs from 1-4094 VLANsat
a time. Normally Trunk link is usedto connect switches to other switches or to
routers. Trunk ports support tagged and untagged traffic simultaneously.
152.What is Frame Tagging and Different types of Tagging?
Frame tagging method uniquely assigns a VLAN ID to each frame.It is used to identify the
VLAN that the Frame belongs to.
23
There are mainly two types of Frame Tagging Method:
▪ Inter-Switch Link (ISL) cisco
▪ 802.1Q OpenStandard
ISL (Inter-Switch Link)- This protocol is Cisco proprietary which means unlike 802.1Q, it can
be usedonly betweenCisco switches’ works by adding Header (26 Bytes) and Trailer(4Bytes)
with Original Ethernet Frame.
154.What is a Native VLAN and What type of traffic will go through Native VLAN? The trunk
port is assigned a default VLAN ID for a VLAN that all untagged traffic will travel on. This
VLAN is called the Native VLAN and is always VLAN 1 by default (butcan be changed to any
VLAN number).Similarly, any untagged or tagged traffic with unassigned VLAN ID is assumed
to belong to the Native VLAN.
24
160.Which command used to trunk
interface? ▪ Switch(config)#show interface
trunk
(Vlan TrunkingProtocol)
162.What is VTP?
VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to
exchange VLAN information. VTP is used to synchronize VLAN information. Ex- (VLAN ID or
VLAN Name) with switches inside the same VTP domain.
▪ VTP Clientmode- Switch in VTP client mode cannot create or delete VLANs. VLAN
Trunking Protocol (VTP) client mode switch listen to VTP advertisementsfrom other
switches and modify their VLAN configuration accordingly. It listens and forwards
updates.
▪ VTP Transparent mode- Switch in VTP Transparent mode does not share its VLAN
database but it forwards received VTP advertisements.We can create and delete
VLANson a VTP transparent switch, but these changes are not sentto other switches.
25
DynamicAuto-It does not initiate negotiationbut can respond to negotiation.
Switch port configured as DTP dynamic auto is capableto form trunk link if the other sideswitch
interfaceis configured to form a trunk interfaceand cannegotiatewith trunk using DTP
STP (Spanning TreeProtocol)
167.What is STP and Redundant Links?
Spanning Tree protocol (STP) is a protocol which preventslayer2 loops. STP enables
switches to become aware of each other so that theycan negotiate a Loop-Free path
through the network.
▪ Blocking- A blocking port does not forward frames.It only listens to BPDUs. The
purpose of the blocking state is to preventthe use of looped paths.
▪ Listening- A port in Learning state populates the MAC address table but doesn’t
forward data frames.The port still sends and receivesBPDUs as before.
▪ Forwarding- The port now can send and receive data frames collect MAC addresses
in its address table, send and receive BPDUs. The port is now a fully functioning
switch port within the spanning-tree topology.
▪ Hellotimer- The timer interval betweenconfiguration BPDUs sendby the root bridge.
Its 2 seconds by default.
▪ Forward Delay timer- The time interval that a switch port spendsin both the
Listening and Leaning states.The default value is 15 seconds.
▪ Max (Maximum) Age timer- Maximum length of time a BPDU can be stored without
receiving an update.It can also be definedas a time interval that a switch stores a
BPDU before discarding it. It is 20 secondsby default.
171.Explain types of STP Port Roles?
26
▪ Root port- The root port is always the link directly connectedto the root bridge, or
the shortestpath to the root bridge. It is always on Non-Root Bridge.
▪ Designated port- A designated port is one that has beendeterminedas having the
best(lowest) cost.A designatedport will be marked as a forwarding port. It can be on
both the root Bridge & non-rootBridge. All ports of root bridge are designatedport.
▪ Forwarding port- A forwarding port forwarding frames.
▪ Blocked port- A blocked port is the port that is usedto preventloops. It only listens
to BPDUs. Any port other than root port and designatedport is a blocked port.
172.What is BPDU?
All the switches exchange information to select root bridge as well as for configuration
of the network.This is done through the Bridge Protocol Data Unit (BPDU).Each switch
compares the parameters in the BPDU that it sendsto one neighbor with the one that it
receivesfrom anotherneighbor.
173.What is the destination MAC address used by Bridge Protocol data Unites (BPDUs)?
Bridge Protocol Data Units (BPDUs) frames are sentout as at multicast destination MAC
address 01:80:c2:00:00:00.
174.How Root Bridge is elected?
The bridge ID usedto elect the root bridge in the STP domain. This ID is 8 byteslong and
includes both the priority and the MAC address of the devices.
Switch with the lowest Bridge ID is elected as the root bridge which meansswitch with the
lowest priority will become root bridge if two or more switches have same priority then
switch with lowest mac address will become root Bridge 175.What is the Root Port?
Once the Root switch is elected,everyother switch in the networkmust select a single port
on itself to reach the Root Switch. The port with the lowestroot path cost (lowest
cumulative cost to reach the root switch) is elected as the root port and is placed in the
forwarding state.Root bridge will never have a root port.
DHCP (DynamicHostConfigurationProtocol)
176.What is DHCP?
Dynamic Host Configuration Protocol (DHCP) assigns IP address to hosts dynamically. It
allows easier administration and works well in small as well as very large network
environments.All typesof hardware can be usedas a DHCP server including a Cisco router.
(Serverport 66/client port 67)
177.What information can a DHCP provide to
Host? A DHCPservercanprovide the following
information: ▪ IP address
▪ Subnet mask
▪ Default gateway
▪ Domain NameServer
27
▪ WINS information
178.How DHCP works?
DHCP works on DORA Process (DISCOVER – OFFER – REQUEST -ACKNOWLEDGEMENT)
182.What is SNMP?
The Simple NetworkManagementProtocol (SNMP) enablesa networkdevice to share
information about itself and activities. It uses the User Datagram Protocol (UDP) as the
transport protocol for passing data betweenmanagers and agents.
VPN (VirtualPrivateNetwork)
184.What is VPN?
Virtual Private Network (VPN) create a secure network connection over a public network
such as the internet.It allows devices to exchange data through a secure virtual tunnel. It
usesa combination of security featureslike encryption, authentication, tunnelling protocols,
and data integrity to provide secure communication betweenparticipating peers.
28
188.What is the differentbetween Transport & Tunnel mode?
▪ Tunnel mode- Protects data in network-to-networkor site-to-site scenarios. It
encapsulates and protects the entire IP packet-the payload including the original IP
headerand a new IP header(protects the entire IP payload including user data).
189.What are the three main security services that IPsec VPN provide?
IPsec offersthe following security services:▪
PeerAuthentication.
▪ Data confidentiality. ▪ Data integrity.
194.What is IKE?
It is a hybrid protocol that implements Oakley and SKEME key exchangesinside the Internet
Security Association and KeyManagement Protocol (ISAKMP) framework. It definesthe
29
mechanism for creating and exchanging keys.IKE derives authenticated keying material and
negotiates SAs that are used for ESP and AH protocols.
195.Which protocol does IKE use?
IKE uses UDP port 500.
▪ Aggressive mode- It is fasterthan the main mode as only Three message are
exchangedin this mode to established phase 1 SA. It is faster but less secure.
At the endof phase 1, a bidirectional ISAKMP/IKESA (phase 2 SA) is established for IKE
communication. Phase-2
IKE phase 2 protects the user data and establishesSA for IPsec.
There is one mode in IKE phase 2:
▪ Quick mode- In this mode, three messagesare exchangedto establish the phase 2
IPsec SA.
At the endof phase 2 negotiation, two unidirectional IPsec SAs (Phase 2 SA) are established
for used data – one for sending and another for receiving encrypteddata.
197.Explain the message exchange betweenthe peers in IKE/ISAKMP?
Phase-1– Main mode
Phase-2-Quickmode
▪ MESSAGE-7 Initiator sends Hash, IPsec Proposal, ID, nonce.
30
▪ MESSAGE-8 RespondersendsHash, IPsecProposal, ID, nonce.
▪ MESSAGE-9 Initiator sends signature, hash, ID. All messages inQuick mode areencrypted.
198.What is Diffie-Hellman?
DH is a public-key cryptography protocol which allows two parties to establish a shared
secret over an insecure communications channel. Diffie-Hellman is usedwithin IKE to
establish session keysand is a component of Oakley.
31
Generic Routing Encapsulation Protocol is a tunnelling protocol developedby Cisco designed
to encapsulate IP unicast, multicast and broadcast packets. It usesIP protocol number 47.
208.What is a firewall?
Firewall is a device that is placed betweena trusted and untrusted network. It deniesor
permits traffic that entersor leaves networkbased on pre-configured policies.
Firewalls protect inside networksfrom unauthorized access by userson an outside network.
A firewall can also protect inside networks from each other. For Ex-By keepinga
Managementnetwork separate from a user network.
Stateless firewall- (Packet Filtering) Statelessfirewalls, on the other hand, doesnot look at
the state of connections but just at the packets themselves.
Example of a packet filtering firewall is the ExtendedAccess Control Lists on Cisco IOS
Routers.
32
213.How can we allow packets from a lower security levelto a higher security level
(Override security Levels)?
We use ACLs to allow packets from the lower security level to a higher security level.
218.What are the values for timeout of the TCP session, UDP session,ICMP session?
TCP session- 60 mints
UDP session- 2 mints
ICMP session- 2 sec
223.What are the different betweena switch and ASA (in transparent mode)?
ASA doesnot flood unknown unicast frames that are not foundin the MAC-AddressTable.
33
ASA doesnot participate in STP.
Switch process traffic at layer 1 & layer 2 while ASA can process traffic from layer 1 to layer
7.
34